Closes: #2090
- Create a new page for distribution upgrade.
- If distribution upgrade is running show its status here without any other UI.
- Show various conditions for not allowing distribution upgrades.
- Automatic updates disabled
- Distribution updates disabled
- Not enough free space.
- Unknown or mixed distribution in sources.list.
- If distribution upgrade was interrupted, show that information here and allow
triggering distribution upgrade again. This is detected by noticing that
codename in base-files is higher than one detected in sources.list.
- If the user is not testing/unstable, show a message and don't allow
triggering.
- If next stable has not been released, don't auto-upgrade but allow manual
upgrade. Show special warnings.
- If next stable has been released but only recently, don't auto-upgrade but
allow manual upgrade.
- If next stable has been released and it has been 30 days, allow auto-upgrade
and manual upgrade.
- Seek confirmation before triggering manual upgrade. Provide appropriate
advice.
- Rely on hard-coded list of releases and their release dates instead of
querying the server.
Tests:
- When automatic updates or distribution updates are disabled, an alert message
is shown distribution upgrade page. If both are disabled, both messages show up
in the alert. The start distribution upgrade button is disabled. Clicking on the
button does not work.
- Reducing the available free disk space will cause alert message to show up and
start upgrade button to be disabled.
- When the distribution in /etc/apt/sources.list is mixed or unknown, an alert
message is shown. the start distribution upgrade button is disabled.
- When the distribution in /etc/apt/sources.list is testing or unstable, an
alert message is shown "You are on a rolling release distribution...". the start
distribution upgrade button is disabled. The current distribution is
'None (testing)' or 'None (unstable)'. Next stable distribution is Unknown.
- If get_current_release is hard-coded to return (None, 'trixie'). Then a
message is show in the distribution update page 'A previous run of distribution
update may have been interrupted. Please re-run the distribution update.' A
'Continue Distribution Update' button is shown in warning color. The button
takes to confirm page where the confirm button is shown in blue and is enabled.
- On a bookworm VM, visiting the page shows the message "You are on the latest
stable distribution...". Upgrade button shows in red. Clicking it takes to
confirmation page. The page shows a warning alert and red confirmation button.
- Setting the clock to '2025-08-21' shows the message "A new stable distribution
is available. Your FreedomBox will be update automatically in 4 weeks...".
Upgrade button shows in blue. Clicking it takes to confirmation page. The page
does show warning. The button is in blue.
- Setting the clock to '2025-09-30' shows the message "A new status distribution
is available. Your FreedomBox will be updated automatically soon...". Upgrade
button shows in blue. Clicking it takes to confirmation page. The page does show
warning. The button is in blue.
- Clicking the confirmation button starts the distribution upgrade process. This
distribution upgrade page is shown. The page shows spinner with a message and no
other UI. Page is refreshed every 3 seconds. When the distribution upgrade
process is completed, the page shows the current status.
- Killing the apt-get process during distribution upgrade stop the page refresh.
The page shows that process was interrupted and also continuation. Clicking on
the confirmation button resumes the distribution upgrade process.
- After distribution upgrade, the page shows the current distribution and next
distribution properly. There is not release date for the next distribution. A
message shows: "Next stable distribution is not available yet."
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- 12 hours might genuinely not enough with SD cards, slow download speeds, and
large number of packages (due to apps such as GNOME).
Tests:
- None
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2501
Tests:
- Install radicale app.
- Install a sample package using apt. Trigger will be run and but will
not result in radicale setup rerun.
- Make newer radicale available. This can be done by enabling testing
distribution but setting its priority low. radicale priority from testing will
be set to high. When unattened-upgrades is run, it will trigger the FreedomBox
mechanism and will result in database upgrade.
- After this install a sample package using apt. Trigger will be run but will
not result in radicale setup rerun.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2119
Tests:
- Install mediawiki app.
- Install a sample package using apt. Trigger will be run and but will
not result in Mediawiki setup rerun.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #1447
Find and rerun setup for apps after a dpkg operation is completed.
This is needed in a couple of situations:
1) Some Debian packages don't manage the database used by the package. When
these packages are updated, their database schema is left at an older version
and service might become unavailable. FreedomBox can perform the database schema
upgrade. However, FreedomBox needs to know when a package has been updated so
that database schema can be upgraded.
2) A package is installed but FreedomBox has not modified its configuration.
Newer version of package becomes available with a new configuration file. Since
the original configuration file has not changed at all, the new configuration
file overwrites the old one and unattended-upgrades deals with this case. Now,
say, the configuration file modifies some defaults that FreedomBox expects
things might break. In this case, FreedomBox can apply the require configuration
changes but it needs to notified as soon as the package has been updated.
When apt runs dpkg, after the operation is completed it triggers commands listed
under the configuration 'Dpkg::Post-Invoke'. This in turn calls this class via a
DBus notification. Here, we iterate through all the apps. If an app is currently
installed and interested in rerunning setup after dpkg operations, then its
setup is rerun. Interest is expressed using the 'rerun_setup_on_upgrade' flag on
the Package() component. If all packages of the app have not be upgraded since
the last check, we skip the operation.
Tests:
- When an app is installed from FreedomBox, the trigger is not run.
- When a package is installed from command line with apt, the trigger is run. It
does nothing.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- We have a hook that triggers when 'apt update' is successfully run. This hook
handles the force upgrading mechanism. It's intended purpose is to handle
packages with configuration file prompts that unattended-upgrades does not
touch. 'apt update' is run on behalf of unattended-upgrades every day on a
schedule. This is the primary time the hook is intended to run. However, the
hook also run every time FreedomBox runs 'apt update' before installing an app.
Also no operations are performed, there is a race to see of apt is available for
the operation.
- Avoid these unnecessary runs by setting an environmental variable and by
checking it before running the trigger.
- There is one place where we want to genuinely run the trigger. That is after a
distribution upgrade. Handle this case.
Tests:
- When apt update is run on the command line, the hook is triggered.
- When installing an app, however, the hook is not triggered.
- During a dist-upgrade, the hook is triggered at the end.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Although there are no issues with kiwix like for calibre, it is the right way to
do this.
Tests:
- Without patch, restore the app on testing from a backup on stable machine and
notice that the data folder is owned by nobody:nogroup but files inside are
owned by a kiwix-server-freedombox user and group. This is not ideal.
- With patch, restore again notice that the library is accessible and all the
files are owned by nobody:nogroup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2500.
systemd 257 has introduced in which DynamicUser= services will use id-mapped
mounts[1] instead of performing chown on the entire data directory. On Debian
stable release, calibre service will contain data folders with a dynamic user
ownership while on testing release, calibre service will contain data folders
with nobody:nogroup ownership.
When a backup from stable release is restored on testing release, the two
directories are merged. The top level directory will be still owned by
nobody:nogroup while the files instead will be owned by dynamic user and group.
In this case, systemd will not recursively update the ownership. Calibre will
fail to access the library files.
The fix is to completely wipe the existing data folder before a restore. When
systemd notices that the directory ownership is not properly it will recursively
change the ownership before starting the service.
Links:
1) https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#RuntimeDirectory=
Tests:
- Without patch, restore the app on testing from a backup on stable machine and
notice that the data folder is owned by nobody:nogroup but files inside are
owned by a calibre-server-freedombox user and group. This leads to failure when
accessing the library.
- With patch, restore again notice that the library is accessible and all the
files are owned by nobody:nogroup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Many times, merging old and new data folders is not ideal and could lead to
unexpected outcomes. Perhaps removing all the backup folders and files before
restore is ideal. However, this patch tries to introduce that approach slowly on
an experimental basis.
Tests:
- Unit tests work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2503
- FreedomBox is a server that is typically always running. If applications such
as GNOME desktop environment are installed, they could, by default, cause system
to sleep or hibernate after a period of idleness (based on peripheral activity).
To ensure that services are always available over the network, prevent all such
applications from sending the system to sleep/hibernate.
- Other types of sleep such as hybrid sleep and suspend and hibernate are also
automatically disabled by systemd if either suspend or hibernate are disabled.
Tests:
- Without the changes, install GNOME. In gdm login screen or in desktop
environment, after 20 minutes (default) the system goes to sleep.
- Create the file in the patch with the appropriate directory in a production
FreedomBox machine. Run 'systemctl daemon-reload'. After this, running
'systemctl suspend' or 'systemctl hibernate' will return an error that the
operation is not supported. In GDM, the suspend button does not appear. In GNOME
desktop environment after login, the suspend button does not appear. Even after
the 15-20 minute period, the system does not go to sleep.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Helps: #2501
Helps: Debian #1100995
- With radicale's Debian packaging for version 3.5 (trixie) the auth/type
configuration value is no longer set to remote_user by default[1]. FreedomBox's
setup depends on this. So, set this value explicitly including for bookworm.
Links:
1) https://tracker.debian.org/media/packages/r/radicale/changelog-3.5.0-1
Tests:
- Install on bookworm and testing VMs and run functional tests. Web UI works.
- On bookworm VM, install radicale and perform dist-upgrade. Upgrade succeeds.
Radicale is at version 3.5.0-1. The file /etc/radicale/config *does not*
contains auth/type as 'remote_user'. This is because unattended-upgrades has
unexpectedly upgraded radicale and overwrote the configuration file. This is
being investigated separately.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- We are using a private data structure that lead to failure. psutil 7.0 removed
two fields from the partition class. Just update the code to work with 7.0
instead of emulating psutil completely as that is a better test.
- The primary code is unaffected in is_partition_read_only() and
get_filesystem_type() due to not having any changes in the fields we use.
Tests:
- Run unit tests on testing and unstable VMs.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
There are configuration items that users of syncthing can accidentally
set, resulting in the UI becoming unavailable. Previously, if such a
thing happened, the FreedomBox admin would have to ssh into the server and
edit the xml manually or reinstall/restore the app. With this patch, it
is enough to re-run the setup to make the UI accesible again.
- Remove http basic authentication from the settings (gui/user and
gui/password. This is unnecessary as FreedomBox already provides
authentication.
- Make sure these options are properly set:
- 'Use HTTPS for GUI' is off
- 'GUI Listen Address' is 127.0.0.1:8384
- GUI is enabled
There is a forum discussion that inspired these changes:
https://discuss.freedombox.org/t/solved-cant-access-syncthing-administration-panel/2137
Tests done:
- Fresh install: after the setup, confirm the UI is working properly and
the xml is configured with the expected values.
- Make the changes to break the Syncthing UI, then re-run setup. Confirm
the UI is back online.
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
[sunil: Initialize conf_changed variable to prevent failures accessing it]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2499
[sunil]
- Add a comment about the dependency.
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
As reported in discussion forum[1], when clients connected via 'shared' network
connection try to resolve the a static domain name configured in FreedomBox,
they resolve to 127.0.1.1. Since this refers to client's own IP address, they
fail to connect.
In the previous version, this was not a problem because the entry was stored as
<hostname>.<domainname>. To resolve this, store domain names in kvstore instead
of /etc/hosts.
Links:
1)
https://discuss.freedombox.org/t/freedombox-resolves-its-own-external-name-as-127-0-1-1/3660
Tests:
- Adding/removing static domains from Names app works. The order of added
domains is preserved in the stored configuration. When adding a existing domain,
a proper error message is shown.
- Without the patch, configure multiple domains. They show up in /etc/hosts.
Apply the patches and restart the service. Names app setup will run. Entries
from /etc/hosts are removed and will be added to kvstore. The list of domains
shows properly in Names app. After restarting the services, domains are show
properly.
- Without the patch on a version of FreedomBox without support for multiple
static domains, configure a static domain. Switch to latest version FreedomBox
with the patches. Restart the service. Names app setup will run. Entry from
/etc/hosts will be removed and will be added to kvstore. The list of domains
shows properly in Names app. After restarting the services, domains are show
properly.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2490
Tests:
- Unit tests works.
- On a fresh stable container, enable auto updates. Run 'apt install
mumble-server' and kill the apt process when it is unpacking. After this any apt
install command will ask for running dpkg --configure -a. At this time, run the
Testing dist upgrade. Dist upgrade starts successfully and then shows the
message 'Fixing any broken apt/dpkg states...'. It also shows that packages that
were not setup have been setup. Dist upgrades proceeds after that.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Save changes to /etc/apt/sources.list as a different file.
- When launching the dist upgrade process via systemd-run, use bind mounting to
ensure that the newly created sources file is treated as the original
/etc/apt/sources.list.
- If the process completes successfully, rename the new file to the original
sources.list. If the process terminates abruptly or machine reboots,
sources.list will remain unchanged. This will also the dist upgrade process to
be restarted (and hopefully continued).
Tests:
- On a fresh stable container, running dist-upgrade succeeds.
- While dist-upgrade is running, /etc/apt/sources.list is unmodified. After the
operation is successfully completed, /etc/apt/sources.list has been updates
successfully. If the operation fails, /etc/apt/sources.list remains unmodified.
- During the run the following are run:
- apt update
- package holds
- debconf selections
- full-upgrade
- autoremove
- unattended-upgrades
- restarting freedombox service
- waiting 10 minutes
- apt update
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When an action is invoked, it configured to handle console and journal
handlers. Console logger (StreamHandler) flushes after each event. Journal event
is sent immediately after the event. So, we are not losing the immediate flush
advantage by switching to logging framework.
- Since console logging is present (and the output is not captured away), using
journal handler also will double log each event. Remove the journal handler.
Console is where the output of various commands is logged. So, keep that.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- A service with the same name can't be started again.
- Transient service goes away as soon as the process ends. This is like
automatically removing the flag. This ensures that stale file does not cause an
issue.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2493.
Tests:
- For each of the packages in the list, download the Bookworm version and Trixie
version of the packages. See if the files in /etc/ that were modified were also
files we also modify. If so, keep it in the list. Otherwise, remove it from the
list.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Helps: #2493.
- searx will not be part of Trixie.
- This special upgrade code is not required for Bookworm -> Trixie upgrade.
- This code is not be invoked for Bullseye -> Bookworm upgrade as this removal
will not reach Bullseye.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Adding a new domain works. Adding a new domain with old name results in error
message.
- Editing a old domain works. Updating the domain name works. Updating
configuration parameters without domain name change works.
- Adding a domain with capital letters results in domain with lower cased
letters.
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Adding an new unique domain works.
- Adding an existing domain results in an error.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
unattended-upgrade will take a very long time to run, and won't be able
to upgrade most of the packages. There is not much benefit to running it
here.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Start a dist-upgrade from stable to testing. Dist upgrade is completed
as expected. "The system will reboot" message appears only after
freedombox-dist-upgrade.service has completed.
Helps: #2090
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- The get_domain_name() has some problem. It returns only static domain names
but not a dynamic domain name. It may not always return the same domain when
multiple static domains are configured. It may return return an empty string.
Tests:
- JSXC page shows the alphabetically first static domain. If no static domain is
configured, first dynamic domain is shown, next pagekite domain, next pagekite
domain, next tor onion domain, and finally .local domain.
- Downloading profile from OpenVPN will set the first domain in it.
- When ejabberd is installed, the first domain is configured by default.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- First of the list is the most important one and may be used as "primary"
domain in apps.
- Change the return type of DomainName.list() from set to list so that order can
be preserved. Update all users of the API accordingly. Add type hints to all the
methods using this API to catch any errors.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This can be used to ensure that apps that can deal with only a single domain
auto-configure the best domain by default.
Tests:
- Unit tests run.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Instead of just configure button, show edit/delete. And configure separately.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Change the mechanism for storing domain names in /etc/hosts. Don't write
hostname to /etc/hosts. Don't prepend hostname to domain name. This means that
when hostname changes, set_domain_name need not be called.
- This means that domain names such as example.fbx.one were not resolvable using
/etc/hosts but these will now resolve to 127.0.1.1. This is a minor concern to
becoming a breaking change.
- Don't use socket.getfqdn() for finding the domain name of the machine. Instead
read from /etc/hosts. There does not seem to a glibc/python API for querying
domain names from /etc/hosts with all variations it allows. Forward resolution
properly works no matter the library.
- Drop a pre-Python 3 conversion from unicode to ascii string for hostname. This
is no longer relevant.
- Domain name form is now domain add form. Passing domain name is mandatory.
Domain delete form and view have been introduced.
- Use augeas to edit hosts file. Add privileged methods to add/delete/get
domains. Add method to migration from old format to new. Support reading old
format too in get_domains.
Tests:
- Without hostname written in /etc/hosts, 'resolvectl query <hostname>' and
'ping <hostname>' work.
- With old /etc/hosts format apply patches and restart service. It will be
converted to new format.
- Adding a domain adds a new line to /etc/hosts file. The domain is shown in
domains list in Names app. Applications get reconfigured with the new domain
name.
- Deleting a domain adds a new line to /etc/hosts file. The domain is shown in
domains list in Names app. Applications get reconfigured with the new domain
name.
- Restarting app triggers domain added signal for all domains and all the
domains are shown in the Names app.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- In the main domains list, only show currently configured domains. Allow
operations such as edit/delete/configure on them. Actions are determined by the
domain type.
- Show domain types that can be added in a separate table. If an domain is
present and only of that type can exist, it will not be shown in this table.
Show add/configure action based on whether multiple domains can exist.
Tests:
- Configuring a singleton domain type puts it in the domains tables and removes
it from the add domains table. De-configuring it or disabling it does the
opposite.
- For domain types with multiple domains (static/dynamic), entries are shown in
domains if such domains exist. Entry in add domains tables always shows up.
- All action buttons for all five domain types work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- To be used to present better interface for domain types that have multiple
domains.
Tests:
- Unit tests pass.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This can happen if a domain is added while the app is disabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
