- In addition to the OperationalError, also handle all generic exceptions during
page submit and page load. Redirect to the same page or parent using
breadcrumbs.
- Log exceptions handled by common error middleware so that they are also part
of the system logs.
- Update kiwix test as needed.
- Refactor some test code that is setting up the menu items.
Tests:
- When an error occurs during form POST, the same page is show but with an error
message.
- When an error occurs in an app page during GET, the browser is redirected to
the parent section.
- When an error occurs in apps page during GET, the browser is redirected to the
home page.
- When an error occurs in home page during GET, the error is not handled and
default 500 handle is triggered.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Instead of showing traceback details only for action exceptions, show them for
normal exceptions also.
- Also adjust the gap between the error message and the preformatted text to
make it appear better.
Tests:
- Alter code to raise an exception with the utility. See that details are as
expected.
- Raise an exception in a privileged action, ensure that the details shown as
before.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Fixes an issue where the nslcd configuration option pam_authz_search is not
in effect after the users module setup.
Tests:
- Remove the pam_authz_search configuration option from /etc/nslcd.conf,
restart nslcd service, delete plinth.sqlite database to run first setup
after plinth start, start plinth. Do it twice:
1) before applying patch, users::test_user_states functional test fails.
2) after applying patch, users::test_user_states functional test pass.
- After applying patch, the nslcd service is restarted during module
upgrade.
- All the users module tests pass.
Relates to
https://salsa.debian.org/freedombox-team/freedombox/-/merge_requests/2594#note_565614.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- It was never intended that breadcrumbs be shown in these pages.
Tests:
- When running first wizard, the busy page, the welcome page, user account
create page, and the next steps page are all shown without breadcrumbs. Same for
login page.
- Other pages which had breadcrumbs earlier continue to show them, that is, app
pages, system pages, help pages, and pages under those.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- All users tests pass.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Update to reflect the new utility function name]
[sunil: Update some more cases to use the utility]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Also, add a click_link_by_href helper function.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Update some more cases to use the utility function]
[sunil: Keep click() and rename new behavior to click_and_wait()]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This was needed temporarily when migrating from Tor to Tor Proxy
app. But now we should preserve the user's existing configuration
during app upgrade.
Tests:
- Install Tor Proxy version 1. "Download software packages over Tor"
is enabled. Upgrade to Tor Proxy version 2. "Download software
packages over Tor" is still enabled.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Mask disabled Tor systemd services to prevent services starting by the Tor
master service after system reboot.
Also:
- Fix torproxy app always enabled after setup.
- Minor privileged code cleanup - removed unused functions.
Tests performed on Debian stable and testing:
- Installed and disabled the apps, rebooted the system, then applied the patch.
Ensured that apps are upgraded successfully and apps are disabled after
upgrade. Ensured that tor@default, tor@plinth and tor@fbxlocal services are
masked and not running.
- After 1)enabling and 2)disabling both apps and 3)rebooting the system:
- Ensured that the tor@default service is not running and is masked.
- Ensured that tor@plinth or tor@fbxproxy service states match the states
of the app.
- Uninstalled the apps, ensured that only the tor@default service masked
state remains in the systemd.
- All the tor and torproxy tests pass.
Closes#2369, #2454.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Since Minetest 5.8.0, there is no longer a "default" game, so the
--gameid argument must be used to select a game (from the list at
https://content.luanti.org/packages/?type=game).
Set minetest_game as the default game for FreedomBox. In the future,
we can consider providing a list of popular game IDs, or allow a
custom game ID.
Work around for Debian bug #1090067.
Closes: #2445.
Tests:
- Install Minetest on Debian testing. The service is running. Able to
connect a client to the server.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Don't show them on section pages: home, apps, system and help pages.
- Tweak the appearance so that home icon is bigger, spacing between crumbs is
larger and to use '>' as separator.
- Change the name of the help menu item to show the value in breadcrumbs.
- Change the URLs for anchors in the help page so that they don't appear as part
of the breadcrumbs.
Tests:
- Section pages: home, apps, system and help pages don't have breadcrumbs.
- Visit various pages. Breadcrumbs are shown and all the links in the
breadcrumbs work as expected.
- Mobile view looks good.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- We were using hacky logic of assuming that if a page using the URL
/plinth/sys/..., then it belongs to 'system' section based on the URL match.
This won't work when the URL does not follow this pattern for any reason.
- Instead use the breadcrumbs mechanism which uses menu items and URL names to
determine the section a page belongs to.
Tests:
- Visit page, apps page, system page, help pages, an app page in apps sections,
an app page in system section, backups -> create backup page and notice that the
correct section is highlighted.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Use virsh command line tool to create and control VMs.
- Use virtiofs for shared folder between host and guest.
Tests:
- Create a testing container and run unit tests on it.
- Create a testing VM.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- When fsid of the btrfs filesystem is updated, grub needs to updated too.
Otherwise, the image can't be booted into using a virtual machine.
- When fsid of the btrfs filesystem is updated, /etc/fstab needs to updated too.
Otherwise, the root file system can't be remounted as read-write.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- In anticipation of adding support to launch VMs using the same script.
- Assume image operations will be common other backends, even when they use
systemd-nspawn.
- Drop support for systemd-nspawn (<247). Bullseye ships with systemd-container
package 247.3. Remove version specific code that is no longer needed.
- Fix issue with checking if an image has been provisioned or not.
- Attempt to setup network manager connection every time container is launched
instead only once when image is setup. This ensures that if the connection is
removed after image setup, it will re-created when container is launched.
Tests:
- Run all the basic commands of the container and ensure they are working.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
[vexch: Removed unused argument in _setup_image() and fixed one typo]
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Run 'make build install' and notice that the file
/usr/share/freedombox/modules-enabled/i2p has been removed from the system if
present.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- If for some reason, first setup is not completed yet, wait for it to complete.
- Update eventually() method to wait for page load errors to go away.
- If first wizard is already completed, don't try to run it again.
- We can eventually remove waiting for 'setup thread finished' in container
script. But not there yet.
Tests:
- Run transmission tests on a freshly created container.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Closes: #1528.
Closes: #2041.
Closes: #2438.
- In Bullseye and Bookworm the app is not available.
- i2pd (written is C++) is available in Debian, but it is not a drop-in
replacement for i2p. First, it is only a client. Then has a differently
philosophy of not integrating apps inside it and let outside apps connect to it.
If i2pd is ever added to FreedomBox, it has to be added as a new app with no
possibility of migration from an unlikely old setups.
- Updated wiki pages to remove references to I2P.
Tests:
- Looked for all string references to 'i2p'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- These tools are not strictly needed for FreedomBox operation in anyway.
- Slightly Reduce the size of the built images.
- Some of these tools are outdated or not typically used on a modern GNU/Linux
system and make FreedomBox seem less shiny.
- Originally thought of splitting them into a separate metapackage but it does
not seem worth it.
- killall from psmisc is used in the Makefile, it is kept for now.
- FreedomBox already has many dependency and so it is now important to start
paying attention to unnecessary ones.
Tests:
- For each binary executable provided in each of the packages, verify that it
not being used in our code anywhere.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This is needed to run code quality check in the GitLab CI pipeline. Not sure
how it work before this.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- We don't support Debian Bullseye or older in latest versions of FreedomBox. We
can drop any minimum version specifications that are only relevant on those
release.
Tests:
- Potential issues with tomli/coverage will be caught during autopkgtests.
- For version specifications, it has been verified that for each of the
packages, version available in Bookworm is newer than the minimum version
specification.
- freedombox-setup and plinth packages don't exist on Bookworm or newer. We
don't support upgrade from older version with the latest code.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: Debian bug #1088760.
- OpenSSL.crypto.sign has been deprecated and in the current version of
python3-openssl in Debian testing, it has been dropped. The recommended
alternative is cryptography.hazmat.primitives. So, use this instead.
- The entire OpenSSL.crypto module is planned to be deprecated in the future.
So, stop using it entirely by using cryptography.hazmat.primitives.
- sso app does not use openssl anymore, so drop dependency on it. Other apps
such as Let's Encrypt do depend on it and but they have their own dependency
declared. The freedombox package on the overall retains on 'openssl' package.
- We are not using the python OpenSSL module anywhere else, so drop dependency
on it.
- Use pathlib to simplify some code.
- Ensure proper permissions on private and public keys as they are being written
to.
Tests:
- Freshly setup container and ensure that first run succeeds. Permission on the
public/private key files and the parent directly are correct. Users are able
login to FreedomBox. SSO works when accessing apps such as transmission.
- Without patches, setup freedombox container. Apply patches. Permission for
keys directory is updated but keys are not overwritten. Login to FreedomBox
works. SSO works when accessing apps such as transmission.
- Run code to perform signatures using old code and ensure that newer code
generates bit-identical signatures.
- Running ./run --list-dependencies show 'openssl' and python3-cryptography.
- Running unit tests works.
- Building debian package works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- OpenVPN app uses openssl command line. Even though easy-rsa has dependency on
openssl, declare this explicitly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Let Encrypt app uses openssl to determine the expiry date of a certificate.
So, declare and explicit dependency on it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Use various action utilities to simplify daemon management.
- Instead of writing systemd service file to /etc ship an override file in
/usr/lib/systemd/system/*.d/. deluged and deluge-web both have systemd unit file
shipped. They are very close to what we want from them. Drop the old service file.
- Don't write /etc/default/deluged, it is not used in the systemd unit file.
- App's setup version has not been incremented as it has already been
incremented for the next release.
Tests:
- Fresh install of the app works in testing container. Functional tests work as
expected.
- /var/lib/deluged/config/web.conf is created when deluge-web is started
confirming that the correct configuration path is being used. Also app works on
/deluge web path.
- Old systemd unit file is removed when the setup is run when it is present to
due to deluge installation attempt previously.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This could be used when the daemon can't be running while configuration is
being updated.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Drop unnecessary code. Bootstrap does not style a:hover or table roes like
before.
- Use default table color variables from Bootstrap to work well with dark mode.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
