- Convert the information into code comments.
- This argument seems to be unused. Passing the argument has been deprecated. On
Django 3.2 it throws a warning that it will be removed from Django 4.0.
Tests:
- Run unit tests on Django 3.2 and Django 2.2. With Django 3.2, warning related
to provider_args are no longer show.
- On Django 3.2 and Django 2.2, change the hostname to trigger a signal.
Tests:
- Install ebabberd. Goto system -> config and change the hostname and domain
name. This triggers pre_hostname_change, post_hostname_change, domain_removed
and domain_added signals. There should be no errors during the process. Console
shows no errors.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- In Django 2.2 django.conf.urls.url() is an alias to django.urls.re_path().
- In Django 4.0, url() function will be removed. On Django 3.2, it throws a
warning that this function will be removed in future.
Tests:
- Run unit tests with Django 3.2 and Django 2.2.
- With Django 3.2 there are no warnings when running unit tests and when running
FreedomBox Service.
- Visit a few affected apps with both Django versions.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Done automatically by running isort . in top level directory.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
In some cases, isort is not treating "plinth" module as a "first party" module.
It is then treated as a "third party" module and groups with non-standard python
libraries that we use. This behavior seems to dependent on from where isort is
run.
To eliminate this uncertainty, explicitly mark "plinth" module without depending
on automatic detection of isort. The two preferred ways to provide the
configuration are using .isort.cfg and pyproject.toml. The former introduces yet
another file in the project directory while the latter, a new python PEP,
promises to unify several other such configuration files.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- ugettext functions will be removed in Django 4.0. Each use emits a warning
when running with Django 3.2. Since we have warnings enabled in developer mode,
we see quite a few messages because of this.
- ugettext is already a simple alias of gettext. So, no regressions are
expected.
Tests:
- Accessing an affected app in UI with Django 3.2 and Django 2.2 works fine.
- Using Django 3.2 there are no warnings related to removal of ugettext
functions.
- Ran regular unit tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Also, fix an issue where share writability tests were performed always as an admin user.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2109.
We moved from Nginx to Apache on ftp.freedombox.org. This changed the datetime
format in the index pages we were relying on to find the difference with local
image. Update this datetime format.
Tests:
- Run ./container update with an old image already in the .container directory.
New image will be downloaded and verified.
- Run ./container update immediately after downloading the latest image. No new
download is done.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- TLS configuration as recommended by Mozilla's SSL Configuration Generator with
'Intermediate' configuration. See:
https://wiki.mozilla.org/Security/Server_Side_TLS
- Disable ciphers that are weak or without forward secrecy.
- Allow client to choose ciphers as they will know best if they have support for
hardware-accelerated AES.
- TLS session tickets (RFC 5077) require restarting web server with an
appropriate frequency. See:
https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslsessiontickets
- Send OCSP responses to the client and reduce their round trips.
- No need to increment apache app version number as it has already been
incremented in this release cycle for enabling HTTP/2 module.
Tests:
- FreedomBox interface is reachable with the changes.
- ssllabs.com gives an A+ rating on a server with these changes.
- All ciphers are shown as secure.
- Forward Secrecy rating is ROBUST.
- OCSP stapling shows as enabled.
- Client support seems to match the expected after dropping <= TLS1.1.
- Session resumption with tickets shows as disabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
