This MR enables FreedomBox to connect as a "client" to a WireGuard
"server" using IPv6.
- Validate IPv4/6 with ip_interface
- Created helper functions to build NM settings for IPv4/6
- Modify get_settings to include settings for either IP version 4 or 6
- Created helper function to get NM address info
- Modify get_nm_info to work with IPv4 and IPv6
- Modified tests to use validate_ip_address_with_network
- Added IPv6 valid and invalid patterns to tests
Tested:
- IPv4 works unchanged
- IPv6 parsing + NM settings generation works
- IPv6 display in Show Server UI
Not tested:
- Needs IPv6 WireGuard server for full connectivity test
Closes: #1762
Signed-off-by: Frederico Gomes <fredericojfgomes@gmail.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
sysusers.d/tmpfiles.d config files allow a package to use
declarative configuration instead of manually written maintainer
scripts. This also allows image-based systems to be created
with /usr/ only, and also allows for factory resetting a system
and recreating /etc/ on boot.
https://www.freedesktop.org/software/systemd/man/latest/sysusers.d.htmlhttps://www.freedesktop.org/software/systemd/man/latest/tmpfiles.d.html
Tests:
- /var/lib/plinth and /var/lib/plinth/sessions/ are created on package install.
Ownership is plinth:plinth. 0755 is permissions.
- /var/lib/plinth/firstboot-wizard-secret file is created on package install.
Ownership is plinth:plinth. 0400 is permissions. During first wizard,
providing the secret works.
- /var/lib/plinth/backups-data is owned by root:root.
- When upgrading from old package to new the permissions don't change.
- When reinstalling the new package, the permissions do not change.
- User is created same as before.
plinth❌987:987:FreedomBox service:/var/lib/plinth:/usr/sbin/nologin
- Group is created same as before.
plinth❌987:
- id plinth
uid=987(plinth) gid=987(plinth) groups=987(plinth)
- Upgrading from old package to new does not change user and group records.
- Reinstalling new version does not change user and group records.
[sunil: Don't recursively change ownership for /var/lib/plinth/]
[sunil: Change ownership specifically for /var/lib/plinth/firstboot-wizard-secret]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
This is widely considered bad practice, as the kernel recycles
UIDs/GIDs. So any potential leftover file/directory can then
become owned by the next user/group that gets added, with
unpredictable consequences.
As removing a system user and group is considered a bad practice. Old unused
system accounts are mostly harmless.
Tests:
- Bepasty functional tests pass.
- Installing bepasty and uploading a file works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Drop dependency on 'adduser' package.
Tests:
- Functional tests for infinoted work.
- Installing infinoted app works. The system user and group are created with
proper UID/GID, shell, gecos, and home directory.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Drop dependency on 'adduser' package.
Tests:
- Functional tests for syncthing work.
- Installing syncthing app works. The system user and group are created with
proper UID/GID, shell, gecos, and home directory.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
This was meant to be used by the mobile client. But it is in unmaintained and
unusable state. We can re-introduce the API when mobile client is back in
action.
See: https://github.com/freedombox/FreedomBox/pull/1215
[Joseph]
This API is not called by the mobile client, so it is safe to remove.
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- When SOGO app is enabled, radicale functional tests fail.
Tests:
- Enable SOGO app and run radicale functional tests. They fail without patch and
pass with the patch.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The latest version of radicale calendar server's configuration file does not
parse with augeas. This is because it contains the following entry in [headers]
section:
Content-Security-Policy = default-src 'self'; object-src 'none'
The semicolon is treated as comment by the lens which is not correct. Fix this
by overriding comment_re in the lens.
Tests:
- Updated test case works when using augparse.
- With the patch, latest upstream configuration file parses without errors.
- Functional tests work for radicale in testing distribution. Without patch
radicale fails to install.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
