Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Minor refactor to reuse list of packages with prompts]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Check apt sources list regardless of whether we are upgrading to
stable or testing.
- Replace stable code name with new stable code name.
- When testing, also replace "stable" with code name to be tested.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Setting is stored in kvstore.
- Enable for new installs, and once when upgrading from version
without flag.
- Split action subcommands for activating backports and for performing
dist upgrade.
Tests:
- Dist upgrade is enabled by default in stable container.
- Dist upgrade is disabled by default in testing container.
- Enable dist upgrade. Dist upgrade is attempted periodically.
- Disable dist upgrade. Dist upgrade is no longer attempted.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: kvstore need to be locally imported anymore, import as usual]
[sunil: Minor changes to comments for PEP compliance]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Process can be tested by upgrading to testing:
$ sudo ./actions/upgrades --develop --test-upgrade
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: cosmetic: isort fixes]
[sunil: Restore BACKPORTS_REQUESTED_KEY that was accidentally removed]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Run with new code. Setup is run for upgrades modules.
/etc/apt/preferences.d/51-freedombox-apps.pref contains the changes for
python3-attr.
- On stable. apt policy python3-attr shows version 19.3.0-3~bpo10+1 is the
preferred version.
- On stable, installing matrix-synapse leads to installation of python3-attr
=19.3.0-3~bpo10+1.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- On unstable and testing:
- Ran functional tests for upgrades.
- Ran actions "upgrades setup" and "upgrades setup-repositories".
- On testing:
- In develop mode, activated backports.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- 50freedombox4.pref handles freedombox package from current
backports. Whenever upgrading to a new Debian release, backports can
be activated for the new release, and will always include the
freedombox package at the start.
- 51freedombox-apps.pref handles apps, and each entry is particular to
a Debian release. For example, after bullseye release, entries from
bullseye-backports can be added, and entries from buster-backports
can be removed.
Tests:
- In testing container, run setup in development mode. Apt preferences
files have the expected content.
- In stable vagrant box, install deb with these changes. Apt
preferences files have the expected content.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- If backports is for older release, then it can be activated again to
upgrade to latest release. (Plan is to make this automatic, but
leave the manual option as a fallback.)
- Security notice still shown if older backports are enabled.
Tests:
- On Buster system, change distribution in
/etc/apt/sources.list.d/freedombox2.list to
stretch-backports. Updates page shows button to activate backports
again. Activate and check the source list to confirm that it has
buster-backports again.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Build deb and install in buster image. Manually remove backports
sources file. Security page does not show backports notice. Updates
page shows button to activate backports.
- Activate backports from updates page. Success message is shown and
button to activate backports is removed. Security page shows
backports notice.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Uses lsb-release which is a dependency of unattended-upgrades.
Closes: #1844.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Minor change to the printed message]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Run `apt-get --fix-broken install` before installing package or manual
update. This will attempt to correct broken dependencies.
Tests:
- Install a package without its dependencies using `dpkg -i`.
- Both app install and manual update successfully recover from this
situation.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Do not enable/start service during package install/upgrade
- Configure needrestart to skip restarting service
Closes: #1638.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Provide proper regex string in needrestart configuration with qr()]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Avoid introducing dependency on dpkg-vendor.
Tested:
- Install a base-files package from Ubuntu. Change
/etc/dpkg/origins/default to point to it. Running the
setup-repositories action does not create the backports list in apt
sources.
Closes: #1654.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Don't ship the file preferences file as this is a violation of the Debian
policy. Lintian throws a hard error that can't be overridden. Remove the lintian
override. Remove this file using maintainer scripts when upgrading from all
version below 20.5.
- The preferences file is now renamed to 50freedombox4.pref.
- Instead write the file when the app is getting setup (on each new version).
- Don't run the setup code on daily timer, instead run the code when the app
upgrades. This ensures that as soon as freedombox package is upgraded and run,
the new preferences file is created instead of waiting for the daily timer to
run.
- From now on when the preferences change, we will increment the version number
of the upgrades app. Change the setup() for the app so that it does not
re-enable automatic upgrades every time setup() is run.
Closes: #1673.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- matrix-synapse 1.2 is already unavailable in buster-backports, testing and
unstable. It is replaced by matrix-synapse 1.3. Allow matrix-synapse 1.3 to
become available for Buster users.
- Allow upgrades to all future versions of matrix-synapse from buster-backports.
Since buster-backports does not have security updates except that provided
by the maintainer, it is best to let users be on the latest version provided
by the maintainer in buster-backports.
- We don't pick and choose among the versions uploaded to backports. Once we
allow a package to upgrade to backports version, we should continue to do that
without any further restriction. Update descriptions accordingly.
- Simplify updating the apt preferences file by providing a simple configuration
instead of creating the file on the fly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Used version pinning instead of release pinning to avoid unexpected upgrades for
users running FreedomBox stable.
Explanation for backports:
This fixes incompatibility issues with newly created rooms on Matrix Synapse
versions 0.99.5 and above. Users on stable using 0.99.2 might not be able to
join those rooms, especially direct chats.
Fixes#1600
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
It is incorrect to check for backports availability, FreedomBox systems got
added buster-backports sources prematurely. This will lead to apt update
failures resulting in FreedomBox becoming unable to install new apps.
Fix this by removing old sources and adding new sources only after
performing (this time correct) backports URL check.
Closes: #1496.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
If we release version 50 into testing and version 49 into buster-backports and
assuming version 45 is in stable, then for stable users, version 49 is selected
properly and upgraded due non-availability of 50 for them and high
prioritization of buster-backports over buster/stable. This is as expected.
For the case of testing user, this does not work as expected, however.
buster-backports will be given 800 priority, testing will be given 500
priority (default) and version 49 will be picked instead of the expected 50.
Setting priority to 500 fixes the problem. It will equate the buster-backports
to all other repositories and will let the system pick the highest version
available.
Closes: #1498.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Merge backports functionality into upgrades module.
- No need to enable systemd timer as dh_installsystemd automatically enables
this during package installation and upgrade.
- Use https:// and deb.debian.org for repository checking. When using Tor for
package installations request the URL via Tor.
- Make daily checking service more generic for all kind of future apt repository
updates.
- Force removal of repository file during purge to avoid failures.
- Don't add contrib/non-free as backports is intended to be enabled for just the
freedombox package and it is free. When the need arises, we can introduce
contrib/non-free. This also eliminates an issue that adding these components
doesn't work without the usage of tor.
- Allow generate apt preferences file to avoid lintian complaining about its
presence. Remove on purge.
- Add unattended upgrades origin pattern to allow it to upgrade from backports
repositories.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
unattended-upgrades installs upgrades from ${distro_codename},
label=Debian by default.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Show a warning message that a package manager is running. This prevents users
from getting an installation error just because another installation/upgrade is
running.
Closes: #625.
Current check whether the package manager is busy and getting the
unattended upgrades log requires root. This will not allow Plinth to
run as non-root. Fix this by moving the operations to actions script.
- Closes#366 and closes#304 (all sub-tasks).
- Start new process group with setsid() by sending
start_new_session=True
- Detach from parent process fds by closing all FDs and attaching stdin,
stdou and stderr to /dev/null.
- Don't wait for the process to complete.
- This allows for upgrading Plinth while upgrades are trigged from
Plinth itself.
- Show log of upgrade exection instead of output and error log of the
process which can no longer be collected. This has the advantage of
showing automatic executions also.
- Rewrite the mechanism to detect whether upgrades can be run. It is
now based on whether the package manager is busy. This has the
advantage of working properly if other apt processes are running,
automatic upgrades are running, etc.
- Busy status works even if Plinth is restarted while upgrades are in
progress.
- More descriptive messages showing that upgrades don't have to be
triggered manually.
- Warn that other packages can't be installed while upgrades are
running, which may take a long time.
- Warn the users of potential temporary unavailability of
Plinth/Apache2.
- We must assume that apart from Plinth there will be user or user-agent
changes to the configuration files. In this case the value may be set
something other than '1' day.
- Remove emacs mode line as emacs automatically detect Python files
based on the #! line.
- End comments with a '.'.
- Use single quotes instead of double quotes for string for consistensy.
- Update message to say that it take more than a minute to finish
upgrades. Some times it takes a lot more than that.
