- Janus is currently not installable in Trixie because Janus was temporarily
removed during the release process of Trixie.
- Installing it from unstable, despite the instability is better than keeping
the app unavailable. Users have reported using the app.
Tests:
- Restarting the service after applying the patch leads to setup for upgrades
app to run. Apt preferences for janus packages are set. App is shown as
available. It can be installed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Now that we have a mechanism for properly collecting, transmitting, and display
the stdout and stderr. There is no reason not to collect all of the stdin and
stderr.
- Also, the stdin/stderr=subprocess.PIPE is redundant and prevents the output
from getting collected for debugging. So, remove it.
Tests:
- Ran functional tests on backups, calibre, ejabberd, email, gitweb, ikiwiki,
infinoted, kiwix, mediawiki, mumble, nextcloud,, openvpn, samba, wireguard,
zoph. 2-3 issues were found but did not seem like new errors.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This is to capture stdout and stderr and transmit that from privileged daemon
back to the service to be displayed in HTML.
Tests:
- Unit tests and code checks pass.
- Some of the modified actions work as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This is to capture stdout and stderr and transmit that from privileged daemon
back to the service to be displayed in HTML.
Tests:
- Unit tests and code checks pass.
- Some of the modified actions work as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- On stable, testing distributions applying the patches and restarting the
services causes two files to be created on the system.
/etc/apt/sources.list.d/freedombox-unstable.list and
/etc/apt/preferences.d/50freedombox-dist.pref. In unstable distributions the
files are not created.
- Installing Matrix Synapse on all three distributions works. Initial domain
configuration works. All diagnostic tests pass.
- On stable and testing distributions, running 'apt policy matrix-synapse' shows
that priority for package from unstable is 200 higher than installed package
priority of 100. Same for the package python3-pympler. Running 'apt policy
freedombox' shows that package from -backports has a priority of 500 that is
same as the priority of non-backports package.
Tests:
- During re-run of setup, unstable sources are setup.
- Matrix synapse app shows updated description.
- Upgrades app shows updated description about frequent feature updates.
- On oldstable, stable, and testing distributions unstable sources are setup.
But not on unstable.
- On stable, testing distributions applying the patches and restarting the
services causes two files to be created on the system.
/etc/apt/sources.list.d/freedombox-unstable.list and
/etc/apt/preferences.d/50freedombox-unstable.pref. In unstable distributions the
files are not created.
- Installing Matrix Synapse on all four distributions works. Initial domain
configuration works. All diagnostic tests pass.
- On oldstable, stable, and testing distributions, running 'apt policy
python3-pympler matrix-synapse python3-python-multipart' shows that priority for
package from unstable is 200 higher than installed package priority of 100.
Running 'apt policy freedombox' shows that package from -backports has a
priority of 500 that is same as the priority of non-backports package.
- When frequent feature updates is not enabled, the app can't be installed.
"This application is currently not available in your distribution." message is
shown. After enabling frequent feature updates, the apps can be installed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Move some utilities to utils.py from distupgrade.py and __init__.py.
- This fixes issues with apt preferences being set on unstable
distribution (despite code that tries to prevent it).
- There is no way to distinguish between 'testing' and 'unstable' distributions
in Debian using commands like lsb_release (powered by /etc/os-release). See:
https://lwn.net/Articles/984635/ . So, use the value set in
/etc/apt/sources.list.
Tests: (tested entire patchset)
- Deluge can be installed in trixie.
- Auto-distribution upgrade button is checked during setup on stable and
oldstable but not on testing and unstable.
- Auto-distribution upgrade button is enabled in the form on stable and
oldstable but not on testing and unstable.
- Backports wizard step is skipped on unstable (non-develop mode), but not on
oldstable, stable, testing, and unstable (develop mode).
- If backports are not activated during first wizard, then backports can be
activated on upgrades app page if distribution is oldstable, stable, testing, or
unstable (non-develop mode) but not unstable (develop mode).
- During re-run of setup, setting up backport sources is skipped if already
setup.
- Backports sources files are not added in testing (non-develop) and
unstable (non-develop) distributions. Backports sources are added to oldstable,
stable, testing (develop) and unstable (develop). Unstable sources sources are
not added to unstable but added to oldstable, stable, and testing.
- Backports sources file is added with correct code name bookworm/trixie for
oldstable, stable, and testing distributions.
- When backports sources is set to 'bookworm-backports' on Trixie distribution,
re-running setup updates them to 'trixie-backports'.
- Preferences files are added in oldstable, stable, and testing distributions
but not unstable.
- If unstable and another distro is present in apt sources, then it is treated
as unstable as shown in the distribution upgrade page.
- Current codename is shown properly from sources.list in oldstable, stable,
testing, and unstable in distribution upgrade page.
- NOT TESTED: If distribution upgrade is interrupted, then continue page is
shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
samba-ad-dc package depends on winbind, which breaks FreedomBox LDAP PAM
configuration. In Debian Trixie, AD server package is required by samba
package, but is not required to run Samba file server. See also Debian
bug report 1099755.
Relates to #2498.
Tests performed:
- In Debian Bookworm, install samba, do dist-upgrade, check that
samba-ad-dc and winbind packages are not insalled and adding new user
works.
- In Debian Trixie, uninstalling and installing samba app works and
after this, adding new user works.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Closes: #2090
- Create a new page for distribution upgrade.
- If distribution upgrade is running show its status here without any other UI.
- Show various conditions for not allowing distribution upgrades.
- Automatic updates disabled
- Distribution updates disabled
- Not enough free space.
- Unknown or mixed distribution in sources.list.
- If distribution upgrade was interrupted, show that information here and allow
triggering distribution upgrade again. This is detected by noticing that
codename in base-files is higher than one detected in sources.list.
- If the user is not testing/unstable, show a message and don't allow
triggering.
- If next stable has not been released, don't auto-upgrade but allow manual
upgrade. Show special warnings.
- If next stable has been released but only recently, don't auto-upgrade but
allow manual upgrade.
- If next stable has been released and it has been 30 days, allow auto-upgrade
and manual upgrade.
- Seek confirmation before triggering manual upgrade. Provide appropriate
advice.
- Rely on hard-coded list of releases and their release dates instead of
querying the server.
Tests:
- When automatic updates or distribution updates are disabled, an alert message
is shown distribution upgrade page. If both are disabled, both messages show up
in the alert. The start distribution upgrade button is disabled. Clicking on the
button does not work.
- Reducing the available free disk space will cause alert message to show up and
start upgrade button to be disabled.
- When the distribution in /etc/apt/sources.list is mixed or unknown, an alert
message is shown. the start distribution upgrade button is disabled.
- When the distribution in /etc/apt/sources.list is testing or unstable, an
alert message is shown "You are on a rolling release distribution...". the start
distribution upgrade button is disabled. The current distribution is
'None (testing)' or 'None (unstable)'. Next stable distribution is Unknown.
- If get_current_release is hard-coded to return (None, 'trixie'). Then a
message is show in the distribution update page 'A previous run of distribution
update may have been interrupted. Please re-run the distribution update.' A
'Continue Distribution Update' button is shown in warning color. The button
takes to confirm page where the confirm button is shown in blue and is enabled.
- On a bookworm VM, visiting the page shows the message "You are on the latest
stable distribution...". Upgrade button shows in red. Clicking it takes to
confirmation page. The page shows a warning alert and red confirmation button.
- Setting the clock to '2025-08-21' shows the message "A new stable distribution
is available. Your FreedomBox will be update automatically in 4 weeks...".
Upgrade button shows in blue. Clicking it takes to confirmation page. The page
does show warning. The button is in blue.
- Setting the clock to '2025-09-30' shows the message "A new status distribution
is available. Your FreedomBox will be updated automatically soon...". Upgrade
button shows in blue. Clicking it takes to confirmation page. The page does show
warning. The button is in blue.
- Clicking the confirmation button starts the distribution upgrade process. This
distribution upgrade page is shown. The page shows spinner with a message and no
other UI. Page is refreshed every 3 seconds. When the distribution upgrade
process is completed, the page shows the current status.
- Killing the apt-get process during distribution upgrade stop the page refresh.
The page shows that process was interrupted and also continuation. Clicking on
the confirmation button resumes the distribution upgrade process.
- After distribution upgrade, the page shows the current distribution and next
distribution properly. There is not release date for the next distribution. A
message shows: "Next stable distribution is not available yet."
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Save changes to /etc/apt/sources.list as a different file.
- When launching the dist upgrade process via systemd-run, use bind mounting to
ensure that the newly created sources file is treated as the original
/etc/apt/sources.list.
- If the process completes successfully, rename the new file to the original
sources.list. If the process terminates abruptly or machine reboots,
sources.list will remain unchanged. This will also the dist upgrade process to
be restarted (and hopefully continued).
Tests:
- On a fresh stable container, running dist-upgrade succeeds.
- While dist-upgrade is running, /etc/apt/sources.list is unmodified. After the
operation is successfully completed, /etc/apt/sources.list has been updates
successfully. If the operation fails, /etc/apt/sources.list remains unmodified.
- During the run the following are run:
- apt update
- package holds
- debconf selections
- full-upgrade
- autoremove
- unattended-upgrades
- restarting freedombox service
- waiting 10 minutes
- apt update
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
unattended-upgrade will take a very long time to run, and won't be able
to upgrade most of the packages. There is not much benefit to running it
here.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Start a dist-upgrade from stable to testing. Dist upgrade is completed
as expected. "The system will reboot" message appears only after
freedombox-dist-upgrade.service has completed.
Helps: #2090
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes#2092
On testing and unstable systems, /etc/os-release does not contain
VERSION_ID. In this case, lsb_release will report the release as
"n/a".
For unstable, this means that backports can be enabled in development
mode. When this happens, trixie-backports will be added as an apt
repository. The repository already exists, so it does not cause any
problem.
Tests:
- In stable container, backports can be enabled.
- In stable container, dist-upgrade can be disable and enabled.
- In stable container, in development mode, dist-upgrade can be
started.
- In testing container, backports cannot be enabled.
- In testing container, dist-upgrade cannot be enabled or started.
- In testing container, in development mode, backports can be enabled.
- In testing container, in development mode, dist-upgrade cannot be
started.
- In unstable container, in development mode, backports can be enabled
(as trixie-backports).
- In unstable container, in development mode, dist-upgrade cannot be
started.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Merge the case of outdated unstable distributions that return 'unstable'
as release and newer unstable distributions that return 'n/a']
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Package holds are only expected when apps are being installed or
uninstalled, or during distribution upgrade process. At any other
time, package holds are not expected and should be released.
Tests:
- Place a hold on one package. Run the upgrades diagnostics, which
will have a failure. Try to repair the failure, and confirm that the
package is no longer held.
- Repeat with two or three packages being held.
[sunil]
- When the package 'needsrestart' is outdated and another package is held,
running repair unholds the package as well as runs setup() on the upgrades app
leading to 'needsrestart' package getting upgrade.
- When only failed diagnostic is for package holds. Running repair unholds the
packages but does not rung setup().
Helps: #2347
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Previously, when dist-upgrading from bullseye to bookworm, there was an issue
where unattended-upgrade gets stuck. See #2266. However, it does not get stuck
when dist-upgrading from bookworm to trixie.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Update the outdated apt preferences file that still refers to
bullseye-backports instead of bookworm-backports.
- Perform matching using n= instead of a= for matching distribution codename.
- Drop preferences for libraries that were only required in bullseye-backports
and not in bookworm-backports.
Tests:
- Install matrix-synapse app in testing container and stable container.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Ensure that each diagnostic test category can be identified by easy prefix
matching on the test ID.
- Give a different unique IDs each different kind of test. More specific tests
of a type get a different kind of ID.
- Make comparison of diagnostic test results in test cases more comprehensive.
- Simplify code that shows the number if issues identified.
- In many languages, there is complex logic to write plural forms. Plurals
can't be handled by assuming singular = 1 item and plural is > 1. Translation of
messages in Notification does not support plurals properly. Avoid this for now
by using sometimes incorrect plural form.
- For i18n we should avoid joining phrases/words. Words don't always maintain
order after translation.
- Notify about the total number of issues in diagnostics and not just the most
severe category. This is likely to draw more attention and avoid i18n
complexity.
- Dismiss the diagnostic notification if the latest run succeeded completely.
Tests:
- Unit tests pass.
- Diagnostics for following apps works: networks (drop-in config),
apache (daemon, listen address, internal firewall, external firewall),
tor (netcat), torproxy (internal only firewall, torproxy url, torproxy using
tor), privoxy (privoxy url, package available, package latest),
- Untested: Is release file available method in upgrades app.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- mypy does not show any errors.
- Installing ejabberd app works. Privileged actions run fine.
- Unit tests work.
- No additional testing was done as type annotations don't have any effect at
runtime.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This was missed during the split of tor/torproxy apps.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
In the Debian bookworm-backports repository, the Suite has changed to
"stable-backports". The Codename is the more specific "bookworm-backports".
Bump upgrades app version to rewrite the apt preferences file.
Helps: #2368.
Tests:
- `apt policy freedombox` shows priority 500 for package in bookworm-backports.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
In case apt full-upgrade fails for any reason, do not
continue. Otherwise, may get stuck unattended-upgrade later (#2266).
Since the dist-upgrade flag remains set, Plinth should retry the
dist-upgrade later.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes: #2098.
Tests:
- Install quassel in bullseye system.
- Start dist upgrade. Check that quassel service is stopped during the
dist upgrade.
- Finish dist upgrade. Quassel service is running again.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This change was only needed for upgrade to bullseye.
Closes: #2302.
Tests:
- Run a dist upgrade in a bullseye vagrant box. Apt sources has
expected content and apt-get does not produce an error.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Add bind9, minetest-server, minidlna.
This matches the set of apps that implement force_upgrade.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Skip running unattended-upgrade due to it getting stuck in endless
loop. See #2266.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes: #2294.
Tests:
- In stable container, when frequent feature updates option is
enabled, /etc/apt/sources.list.d/freedombox2.list exists as expected.
- Matrix Synapse can be installed.
- Shaarli can be installed.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- DONE: Functional tests work
- DONE: Initial setup works
- DONE: Automatic upgrades are enable by default
- DONE: apt preferences have been updated
- DONE: Enabling backports works
- DONE: Configuration file is created
- DONE: Correct status is shown in the app page
- DONE: Enabling/disabling automatic upgrades works
- DONE: Configuration file is updated
- DONE: Correct status is shown in the app page
- DONE: Manual triggering of updates work
- DONE: Log is shown properly in the app page
- DONE: Checking for distribution upgrade works
- DONE: Distribution upgrade from stable to testing works
- DONE: When running on btrfs distribution, snapshot is created before.
- DONE: Snapshots will be disable before upgrade and re-enabled later.
- DONE: When searx is enabled before upgrade, it's uwsgi will be disabled and
re-enabled later.
- Failures due to freedombox package not being the latest version (with the
changes).
- DONE: Development Vagrant box
- DONE: Automatic updates are disabled during development setup
- DONE: Development Container
- DONE: Automatic updates are disabled during development setup
- DONE: On stable, backports are enabled when running tests
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
