Tests:
- In non-development mode, button does not appear.
- On testing system, button does not appear.
- On stable system in development mode, the button appears.
- Pressing the button starts a dist-upgrade.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Join strings that fit in the same line]
[sunil: Fix indentation in template]
[sunil: Change 'dist-upgrade' to 'distribution upgrade' in UI strings]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
The test uses freedombox.local as the domain. This requires that Avahi
is enabled, and the hostname is set to freedombox.
Fixes#2232.
Test:
- ejabberd functional tests pass even after running tests for config
and avahi.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Add a new server and delete it.
- Add a new client and delete it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- With the new setup mechanism automatic setup of app is no longer possible.
- Enabling/disabling is desirable by the user.
- During initial setup, ensure that Apache configuration file exists. Upgrade
for existing users to create the file.
- Enabling/disabling the app enables/disables the web server configuration file.
- Diagnostics are not available, disable them explicitly as auto-detect does not
work.
- Use the regular app base template instead of custom one.
- Use framework base classes for view and functional tests.
Tests:
- Run functional tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Django template language does not support overriding blocks that are from
included pages. The status messages were shown as part of the description and
when app header was introduced, these messages were no longer being shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Django template language does not support overriding blocks that are from
included pages. The status messages were shown as part of the description and
when app header was introduced, these messages were no longer being shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Task of managing an operation's progress is now performed by the new Operation
class. Drop them from setup helper.
- Task of providing install() method is now moved to package module. Instead of
storing operation specific data in setup_helper like objects, store them in
thread specific storage that can retrieved anywhere during the operation without
holding references.
- Progress of an operation show as a progress bar is currently missing. This
will be regression until fixed later.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
module.app property usage is greatly reduced because setup() and force_upgrade()
method are now part of App class instead of at the module level. Remove the
remaining minor cases of usage and drop the property altogether.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When an app does not implement module setup() method, trying to get setup
version automatically results in App being updated to latest version. This
optimization seems hardly used and does not work when setup() is moved to App
from module level. Remove it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is needed for the apps to get enabled soon after installation. In case of
'sharing' app, a shortcut will appear on the apps page. This also brings
uniformity to help later refactoring.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Primary purpose is to complete the App API and allow for multiple apps to be
present in a module without a single clashing setup() method. Secondary
objective is to get rid of SetupHelper instance simple use App instance instead.
- This brings us closer to not needing to implement setup() method for some of
the typical apps.
- Remove default value None for old_version parameter.
- A valid integer value is always passed to this call.
- The value of None is undefined.
- Simplifies the App API slightly.
- Drop setting 'pre', 'post' values to indicate the stage of setup for the App.
- Simplifies the setup methods significantly. Eliminates a class of
bugs (some of them seen earlier).
- The UI can show a simple 'installing...' or progress spinner instead of
individual stages.
- There are currently many inconsistencies where many operations are not
wrapped in helper.call() calls.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Important information such as id of the notification should be available when
rendering the body template.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Clicking on the link in the coturn app description takes us to ejabberd app
page.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes an issue where accessing Storage and Samba app pages throws a
HTTP error 500 when there are disk partitions without mount points.
Fixes#1904#2245
Tested when an USB stick with Debian installer image is attached to
Freedombox board - both Storage and Samba apps work.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
- test.dnssec-or-not.net is no longer working.
- If the test fails, it is not clear to the user what to do about it.
Closes#1607, helps #1706.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Verify that issue data is sent in context properly.
- Ensure that an external request is not made during testing.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
This doesn't use the how-can-i-help package, but it is a similar
implementation that fetches the same data from udd.debian.org.
There are sections for the following issues:
- Packages that will be removed from Debian testing
- Packages that are not in Debian testing
- Good first issues for beginners
- Issues for which the package maintainer has requested help
The overall "How can I help?" section is collapsed by default.
Test:
- View the page in stable and testing container.
- Run help functional tests.
Closes: #536
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Minor indentation fix]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Additional plugin and theme installation is done with the 'direct filesystem
method' as opposed to ssh, so this package is not needed.
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Functional tests pass
- Same tests as previous patch for setting logging to syslog.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Default backend for fail2ban is systemd journal. Roundcube will be configured in
FreedomBox to log to journal (via syslog).
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- On a fresh container, install roundcube. log_driver is set to syslog in
freedombox-config.conf.
- Install roundcube without the changes. Enable local only. Apply the changes
and restart service. roundcube setup is run. log_driver is set to syslog in
freedombox-config.conf. Setting is still local-only.
- Install roundcube without the changes. Disable local only. Apply the changes
and restart service. roundcube setup is run. log_driver is set to syslog in
freedombox-config.conf. Setting is still not local-only.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This reduces the number of writes to the disk improving disk longevity and IO
performance. Note that systemd-journald is already very reasonable with how
often it writes to the disk. It's flush interval is 5 minutes.
Most users of FreedomBox are not expected to see logs. Those that see the logs
do so for debugging purposes. Debugging can still be done if reboot does not
occur. Users can change the logging mode to 'persistent' before debugging issues
that require reboot. This makes debugging harder for non-reproducible bugs, but
is, at present, considered an acceptable compromise.
Tests:
- On a fresh container, with the patch applied, config page shows 'volatile' as
the logging mode.
- On an container with changes not applied, start freedombox service. Then apply
the patch and restart service. config app setup will be run. Config page shows
'volatile' as the logging mode.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- None disables logging altogether. This is useful when we want to prevent
FreedomBox from collecting IP addresses of visitors and other sensitive
information.
- Volatile logs are kept in RAM until the system is rebooted. Only 5% of RAM
will be used at most and only 2 days worth of logs are kept.
- Permanent will store logs into /var/log/journal. systemd-journald defaults
will apply. 10% of disk capacity is used at most, capped at 4GiB. Also logging
will stop if free space is below 15%. Maximum of 100 files are kept. No time
based cleanup is done.
Tests:
- Set the logging mode to disabled. Observe that `journalctl -f` does not show
any logs (say when performing plinth actions).
- Set the logging mode to volatile. Observe that `journalctl` shows that logging
is set to /run/log/journal/ and 5% of available memory is set as maximum.
- Set the logging mode to persistent. Observe that `journalctl` shows that
logging is set to /var/log/journal/ and 10% of disk space is set as maximum.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- It is simpler to keep all the configuration in a single file. Any overrides
are expected to be done by writing additional configuration files with higher
priority.
- /etc/apache2/site-available/ is typically reserved for virtual host
configurations. Redirections and proxying for all virtual hosts rather belongs
in /etc/apache2/conf-available/.
- This looses the option of disabling plinth-ssl.conf when needed. In the
initial days of enabling TLS, there was a need felt to keep the option of easily
disabling redirection to TLS in case there is a need for it. However, TLS
certificate setup is mature and the limitations are well understood. There is no
longer a need for it. It still may be possible to avoid the redirection with an
additional configuration.
Tests:
- In a fresh container, setup succeeds. Redirecting to https:// for /plinth
works. FreedomBox web interface is available.
- Without the patch applied created a container. Run setup and access Plinth
interface. Apply the patches. Apache setup is run. a2query -s plinth and a2query
-s plinth-ssl show that sites are not enabled. Redirecting to https:// for
/plinth works. FreedomBox web interface is available.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This makes it clearer why one would wish to install and use this app.
Closes#2236.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
[sunil: Update description for simplicity, group info]
[sunil: Indentation fixes]
[sunil: End all URLs with a slash]
[sunil: Update frontpage shortcut to be a simple one]
[sunil: Enable single-sign-on for main interface only]
[sunil: In copyright file, merge with public-domain section]
[sunil: Simplify and vectorify the icon]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
I tested additionally that if the root user has already configured
default branch other than main, it is not changed by the gitweb app
setup process.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Login to Cockpit on a freshly setup container.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When Cockpit is not configured any origins, it uses the host and protocol of the
incoming request to set the allowed origin for WebSocket connections. By
ensuring that the original host/protocol is passed on to Cockpit from the
browser, we can eliminate the need for configuring a pre-determined list of
origins. Passing the host and protocol from the browser is done by setting
ProxyPreserveHost and using https:// for proxying.
For a cross-site request, Origin: and Host: entries won't match and '403
Forbidden' is thrown. So, this approach is still safe.
Tests:
- Without the patch, access Cockpit using IP address and it fails. Apply the
patch. Cockpit setup should run. Origins= directive in the configuration file
/etc/cockpit/cockpit.conf should get removed. Accessing with IP address and
logging in succeeds.
- Freshly setup a container with the patch and access Cockpit using IP address.
This works and login succeeds.
- Test on stable and testing containers.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- App installation works. Proxying works when configured with Firefox.
listen-address and permit-access directives are set as expected in the
configuration file.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Make sure a user might not run Privoxy as an open proxy, potentially giving
unwanted access to local resources. Only private IP classes are allowed to
connect.
Tests:
- Freshly install privoxy app. permit-access directives are set in the
configuration. Proxy works when tested with a private IP address with Firefox.
- Install privoxy app without the changes. Apply the changes, privoxy setup
should run. permit-access directives are set in the configuration. Proxy works
when tested with a private IP address with Firefox.
- Privoxy works when accessed with IPv4 address (such as 10.42.0.x) and IPv6
address (such as fe80:❌y:z%ve-fbx-testing).
[sunil: Use Spacevars augeus lens to edit the configuration file]
[sunil: Update IP ranges with auto-configuration, IPv6 addresses, etc.]
[sunil: Update description to mention that only local IPs are allowed]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2089.
Tests:
- Regular startup works without errors. Cockpit is ordered after Apache.
- After creating a fresh container, Cockpit works as expected. Cockpit setup
runs after Apache setup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This was required in Python 2 but useless in Python 3.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is recommended by PEP-0597: https://peps.python.org/pep-0597/
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Make the umount code specific to SSH repositories]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Test I made: Created a few users, then appied the changes
and rebooted FreedomBox. After reboot I created another user
whose home directory could now be listed.
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
