Fixes: #2433.
Tests:
- Without the patches, as described in the bug, create an installation that is
facing the problem. Ensure that 'podman exec --user www-data
nextcloud-freedombox /var/www/html/occ config:system:get overwrite.cli.url'
shows an empty value.
- Apply patches, nextcloud app is updated and configuration value is set to
'http://localhost/nextlcoud' by running 'podman exec --user www-data
nextcloud-freedombox /var/www/html/occ config:system:get overwrite.cli.url'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When freedombox is installed on a Debian system as a package, the folder
/var/lib/freedombox does not exist. When the service is run and systemd-resolved
is attempted to be installed, we try to hold the freedombox package. We also set
a flag to indicate this in /var/lib/freedombox. Since the folder does not exist,
it fails. Presumably this will also fail when installing any package. Fix this
by creating the parent directory.
Tests:
- On a fresh Debian system, install the freedombox package with these changes.
Wait for setup to run on names app. Install operation fails without this fix and
succeed with the fix (this only happens when names app is setup before backups
app as backups app creates /var/lib/freedombox directory).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Fixes: #2453
- It will be installed later.
Tests:
- Build the Debian package with all the changes and notice that it neither has
dependency on resolvconf nor on systemd-resolved.
- Version 24.18 can upgrade to this package using unattended-upgrade. For this
place the package in a folder repository and add this repository to apt
sources.list and tweak unattened-upgrades settings to accept the new repository.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Don't schedule if the package is already installed.
Tests:
- With systemd-resolved installed and without internet connectivity start a
fresh instance (without first setup). Setup succeeds but systemd-resolved is not
installed.
- Wait in develop mode for 180 seconds. Setup for names app is re-run. Ensure
that internet connectivity is not available and systemd-package is not
installed. Setup still succeeds.
- On next run, ensure that internet connectivity is available, systemd-resolved
is installed. Setup succeeds.
- On next run, setup is not re-run for names app.
- When service is restarted, the task is not even scheduled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- If installing systemd-resolved for the first time, set fallback DNS setting to
True irrespective of the app version.
Tests:
- Ensure that systemd-resolved is not installed. On a fresh systemd without
first setup done, run service.
- Names app setup is run and systemd-resolved is installed if internet
connection is available. Setup succeeds. Fallback DNS setting is true in privacy
app. systemd-resolved has been restarted and current DNS known to Network
Manager has been populated in it. Name resolution works.
- If Internet connection is not available, setup still succeeds but
systemd-resolved package is not installed.
- Rerun setup without internet connectivity. Setup succeeds without installing
systemd-resolved.
- Rerun setup with internet connectivity. Setup succeeds and installs
systemd-resolved. Fallback DNS setting is true in privacy app. systemd-resolved
has been restarted and current DNS known to Network Manager has been populated
in it. Name resolution works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Ensure that systemd-resolved is not installed.
- There is no warning showing that systemd-resolved daemon is not running.
- When re-running setup, systemd-resolved is not enabled.
- Diagnostic shows a warning that systemd-resolved is not installed.
- Ensure that systemd-resolved is installed.
- If daemon is not running, warning shown that it is not running.
- If daemon is running, warning is not shown.
- When re-running setup, systemd-resolved is enabled.
- Diagnostic shows that the daemon is running when running and not running when
it is not.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Ensure that systemd-resolved package is not installed.
- Resolver status table is now shown.
- Instead a message is shown with button to re-run setup. Clicking the button
re-runs setup of the names app.
- Configuration form is also now shown.
- If systemd-resolved package is installed during re-run of setup, then status
table is shown.
- Message to install systemd-resolved is not shown.
- Configuration form is shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Ensure that systemd-resolved is not installed. Run diagnostics on names app.
There should be no diagnostic related to resolving address for deb.debian.org.
- Ensure that systemd-resolved is installed. Run diagnostics on names app. There
should be diagnostic related to resolving address for deb.debian.org.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Ensure that systemd-resolved is not installed. The privacy section is entirely
hidden in the connection information page.
- Ensure that systemd-resolved is installed. The privacy section is shown in the
connection information page.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Ensure that systemd-resolved package is not installed. DNS-over-TLS field is
disabled.
- Submitting the form works with and without changes.
- Value of global DNS-over-TLS setting shows as 'unknown'.
- Current value of DNS-over-TLS for this connection is show in the form.
- Ensure that systemd-resolved package is installed. DNS-over-TLS field is
enabled.
- Submitting the form works with and without changes.
- Value of the global DNS-over-TLS setting shows the current value set in names
app.
- Current value of DNS-over-TLS for this connection is show in the form.
- Introduce an exception in get_resolved_configuration privileged action and
notice that value shows up as 'unknown' in the form.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Ensure that systemd-resolved is not installed.
- Notice that form field for Fallback DNS servers is disabled. Form value is
unchecked (default value when initial value is not provided).
- Submitting the form works with and without changes.
- Ensure that systemd-resolved is installed.
- Notice that form field for Fallback DNS servers is not disabled. Form value
reflects the current state of fallback dns as shown in names app.
- Submitting the form works with and without changes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests performed in stable and testing containers:
- Run all the transmission tests twice - all pass.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- When subprocess.call() fails and one of the arguments is a Path-like object,
the exception also contains a Path-like object. The default JSON encoder can't
handle this and will lead to failure when encoding the exception altogether
resulting in a generic exception.
Tests:
- Add an invalid .zim file to kiwix. It fails and shows a default error
exception. Without this patch, it fails.
- Functional tests for kiwix pass.
- Backups app can list archives. This is a result returned from a privileged
method.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Without patch, upload an invalid zim file, 'Failed to add content'... message
is shown. The library's content directory contains that invalid file. Try to add
the file again and the message shown is 'File already exists'.
- With patch, upload an invalid zim file, 'Failed to add content'... message is
shown. The library's content directory does not contain that file. Try to add
the file again and the same message is shown.
- Functional tests for kiwix pass. Repeating just the test
test_add_invalid_zim_file works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Raise an error by editing code in create, upload, rename and delete
operations. Notice that the details error messages are shown with a drop-down.
- Upload a wiki and it works. The name is as expected.
- Upload the wiki again notice that the duplicate wiki error is shown.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Use new utility for uploading]
[sunil: Better error message display in the UI]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Raise an error by editing code in create, upload, rename and delete
operations. Notice that the details error messages are shown with a drop-down.
- Upload a wiki and it works. The name is as expected.
- Upload the wiki again notice that the duplicate wiki error is shown.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Use new utility for uploading]
[sunil: Better error message display in the UI]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Earlier, the uploaded ZIM file was being written to disk twice.
Manual Test
-----------
Without the changes in this commit, the English MediaWiki archive of
6.83 GB cannot be uploaded to the dev container of size 12 GB, since two
temporary files are created.
With the changes in this commit, the same file can be uploaded
successfully and accessed using Kiwix reader.
- Uploaded file has expected ownership and permissions.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Handle error for uploading duplicate content.]
[sunil: Set root:root ownership on the uploaded file.]
[sunil: Use the action utility for checking that the upload file and moving it.]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
1. Set temporary directory to /var/tmp
2. Drop MemoryFileUploadHandler
Tests:
- During upload notice that file are in /var/tmp/system-private... folder
instead of /var/tmp.
- Upload a file but rename with another extension instead of moving to
destination through changes in code. Notice that the file is available in
/var/tmp/systemd-private... directory after the upload operation is completed.
Stop the service and notice that the file has been deleted. Folder is empty
after the service starts again.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Add PrivateTmp=yes in plinth.service file]
[sunil: Update comments]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Fixes an error in testing container where installing dependencies for
functional tests wants to uninstall system installed urllib3.
Also minor quotes fixes.
Note that dependencies are upgraded only in new dev environments where
geckodriver is not yet installed.
Tests performed, in both stable and testing containers:
- Run all tests, no upgrade related failures found. There were some
seemingly unrelated test failures in apps: calibre, ejabberd, deluged,
minetest, users, transmission , wordpress, zoph.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Insider a container, it is not possible to use loopback devices without
additional permissions. Skips tests that need loopback devices. This will
results in fewer errors when running './container run-tests'.
Tests:
- Run './container run-tests --pytest-args
plinth/modules/stroage/test_storage.py'. Notice that all tests are either
skipped or succeed.
- Run the tests on host machine and they all run without skipping.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Reasons:
- Privileged action security: restoring Samba configuration from a backup file
could expose any folder in OS and allows to run any commmand as a root user.
- Samba backups aren't so useful as only app configuration is included.
Configured shares are trivial to enable without backups. Also, providing
backups could be misleading as stored user files aren't actually backupped.
Tests performed:
- All Samba functional tests pass.
- Restoring from an old backup that also includes Samba is not failing,
restoring Samba is skipped.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- This was supposed to removed in MR #2309 in the commit
253540fb3d12254c920b632cc484be6a79d27229. It was overlooked.
- Version number of users app has not been incremented as it has already been
incremented in this release.
Tests:
- There is no directory /etc/security/access.conf.d.
- There are not directives in /etc/security/access.conf that are not commented
out.
- After applying the patch (assuming previously setup version is 24.20) and
manually removing the destination file, app setup for users app runs. It
succeeds. /etc/pam.d/common-account no longer contains the line 'account
required pam_access.so'.
- After the upgrade, users who are root and non-root are able to login via SSH
and Cockpit. After a reboot, users are able to login via SSH and Cockpit.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Since previous release 24.20 already has a increment to version 6, users app
version must be incremented in order for the changes related to inactive users
to take effect.
Tests:
- On applying the patches and running the service, upgrade to new app version
runs and succeeds. If there are inactive users presets, then before the setup()
privileged method is run, setup_and_sync_user_states() is run.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Disable and mask the nmb service, which is alias to the already
disabled nmbd service.
Tests performed:
- Upgrading Samba app works.
- Systemd doesn't show nmb.service in erroneous state after upgrade.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This restriction is also used by systemd:
0992a823a4
This is another attempt to fix#2450.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Some trivial refactoring.
Tests:
- The default password policy works. Inactive users are unable to login via
console, SSH and cockpit.
- After the app is setup freshly and after it is upgraded from previous version,
the namedobject.schema has been ingested into the OpenLDAP configuration.
- Rerunning setup for users app works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Previously, users were inactivated only in plinth users database. This change
adds ability to inactivate users in LDAP database.
Changes:
- Inactive users in plinth users database are also inactivated in LDAP
during app upgrade.
- Inactivated users can't login using LDAP password.
- Apache2 single-sign-on module now requires LDAP connection. SSO
sessions are now invalidated when users are inactivated.
- PAM/nslcd now performs authorization checks against LDAP, which means
inactivated users can't do passwordless ssh logins and running their
crontabs are blocked.
- When inactivating a user, all user's processes are killed.
Also, update LDAP diagnostics:
- Fix LDAP checks returned always passed results.
- Fix `ou=people` entry doesn't exist in LDAP.
- Add diagnostics checks for `ou=policies` and `cn=DefaultPPolicy`.
Tests performed:
- App upgrade works.
- App upgrade with previously disabled user works, user is inactivated
also in LDAP.
- App upgrade with disabled user that doesn't exists in LDAP database works.
- Increment app version again, to 7, app upgrade works second time.
- Inactivate user and test logins:
- can't login using direct LDAP (nextcloud, ejabberd, matrixsynapse)
- can't login using Apache2 LDAP module (gitweb, ikiwiki, rssbridge,
transmission)
- can't login using apache sso module (featherwiki, gitweb, rssbridge,
sharing, syncthing, tiddlywiki, transmission, wordpress).
- can't login using ssh with password or passwordless
- Inactivate user and test exsisting sessions:
- ssh, cockpit and samba sessions are killed.
- Configure crontab, configured crontab is failing to run after user
is inactivated.
- All the users app tests pass.
Notes:
- Only Apache2 SSO sessions are disabled. Apps that create their own
sessions keep working, like nextcloud, ejabberd, matrix-synapse,
ikiwiki. In the future, we could add a feature that apps can implement
their own users locking functions.
- When testing inactivated users, users and IP-s can be banned by the system,
banned IP-s/users can be viewed with commands `fail2ban-client banned` and
`pam_abl`.
- Existing sessions keep working when deleting a user or removing
a user from an access group.
- I didn't test e-mail app.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
I introduced this code quality issue when handling a merge conflict in
711c19b511f969d0dce5c36221428e8caa0e7473.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
The latest version of miniflux can't connect to the database after a fresh
installation. This is due to incorrect ownership of /etc/miniflux/database file
which is owned by root (and correctly having the permissions 0600). After
changes in bug #1078416, miniflux no longer runs as root user and instead runs
as miniflux user. This user can't read the database file. The daemon silently
falls back to using built in defaults and fails to connect to PostgreSQL
database. This is originally caught by functional tests in FreedomBox's miniflux
integration.
Links:
1) https://bugs.debian.org/1081562
2) https://salsa.debian.org/go-team/packages/miniflux/-/merge_requests/2
Tests:
- Freshly install miniflux with the patch and the daemon is running. Ownership
for the file /etc/miniflux/database is as expected.
- Install miniflux without the patch. Daemon is not running. Apply patch and
restart service. miniflux app is updated. Daemon is running. Ownership for the
file /etc/miniflux/database is as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
nscd daemon caches queries made to NSS via glibc. In our case queries to passwd
and group databases are cached. But this leads to many problems.
See: https://salsa.debian.org/freedombox-team/freedombox/-/merge_requests/2520
The bug that this MR fixes, that is, the inaccuracy of the authentication data,
is horrible and only acceptable if the caching provides very important
functionality. Already, having to purge nscd caches after modifying user
accounts is not nice.
I believe that we have encountered this bug before and blamed libpam-abl due to
the time sensitive nature of the problem.
nscd itself recommends that it should be used if NSS lookup are expensive (such
as in case of NIS, NIS+ queries according to /etc/init.d/nscd). In case of
FreedomBox, LDAP queries are unlikely to be made using network. LDAP server is
likely always local. I believe we can safely remove nscd by masking and stopping
nscd.service and unscd.service.
Tests:
- After applying the patches, users app setup is re-run. Service nscd is stopped
and masked. unscd is also masked.
- Running 'id tester' shows expected value 'uid=10001(tester) gid=100(users)
groups=100(users),10002(admin)'.
- Adding, removing, renaming a user immediately reflects in 'id <user>'.
- Adding and removing a user from groups immediately reflects in 'id <user>'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
