- Do stricter matches when editing configuration file. Earlier
mechanism would match comments etc.
- Move action methods to module core from views.
- During first boot, notify users that console login is restricted and
that they can changed that from security settings.
- Recommend enabling conosle login restrictions. Add message about why
console restrictions are important.
- Show title in security module.
- Show free space of currently mounted partitions. Should help with
people running out of free space and ending up with non-working
system. In future, this module could emit more visible messages.
- Show and allow expanding root partition to help people who have
written FreedomBox images to higher capacity SD cards. Very selective
and restrictive checks to minimize problems.
- Automated tests to ensure expansion works in non-trivial senarious.
Closes#496. If no update is done because no update needs to be done,
the success status needs to be written. Because maybe the DNS record is
up to date when the action script is executed for the first time. In
this case no success message was written and it looks like DynDNS is not
executed.
- Use action helper so that Plinth can run unprivilaged and action
script can run as root.
- Use Status-Fd feature of apt-get to report progress. Don't report
much detail.
- Capture all stderr of the apt-get process and present it only in case
of failure.
- Remove package installation using PackageKit. Remove dependency on
PackageKit.
- Merge --setup package installation with regular package installation.
This should fix the following problems:
- PackageKit throws errors when APT encounters an error and later
corrects them and proceeds well. This is reported upstream but not
fixed.
- PackageKit does not install recommends by default and there is no easy
way to tell it to do so.
- In some rare cases, PackageKit could get stuck for interactive input
even though interactive flag is set to false.
- PackageKit does not work without network manager connections. (Could
have been mitigated by altering packagekit configuration).
- PackageKit glib library leaks file descriptors after each operation.
This leads to running out of fds during long running refresh
operations such as OpenVPN setup. (This should have subsided by not
checking package install with the new setup mechanism.)]
Known issues:
- In development mode, inside action scripts the python modules are
always loaded from system path and not development directory.
- With PackageKit it is possible to run multiple operations
simultaneously. Others would wait while the first is being
installed. With new implementation, the others error out unable to
obtain lock.
- Break down setup process into methods.
- Make sure that LDAP entity setup is idempotent.
- Peform all entry updates while slapd is running instead of using
slapadd.
- Start slapd only when necessary. Shutdown (only) if we have started
slapd.
- adapted all modules to not use views.ConfigurationView anymore
- removed templates that are not needed anymore
- no more implicit 'enabled' and 'get_status' functions in __init__.py files
- (more coherent/explicit use of Django functionality)
The Service object now offers handling services on a system level,
and gathering information whether it's enabled or running.
New methods: enable, disable, is_enabled, is_running;
For this it needs the correct (system-level) service name.
All of the methods can be overridden/customized.
This changes all modules to the new Service object and deletes
action scripts that are not required anymore.
- API: start, stop, enable, disable, reload, is-running, is-enabled, list
- only allows access to a service if the service name is listed in a
'managed_services' variable of any plinth module.
- Installing dbcommon-pgsql and not install dbcommon-mysql does not
ensure that PostgreSQL is selected as the database for the
application. Set a debconf value to force selection of PostgreSQL.
- Minor styling fixes.
- Read Apache configuration to find the list of all available
certificates and their associated domains. Use this for setting UIDs
properly.
- Solve the issue of re-importing renewed certficiate. Use the SSH
fingerprints as unique keys instead of domain names. Compute SSH
fingerprints for SSH keys and HTTPS certficates inorder accurately
identify if they are currently imported into monkeysphere.
- Allow having more than one domains for a certficiate. Add action to
import new domains to an existing monkeysphere OpenPGP key.
- Import only once for a given certficiate and keep adding UIDs when
domains get added.
- Merge services SSH and HTTPS giving us the ability to deals with many
more services. Remove special handling for different kinds of
certificate sources.
- Supress monkeysphere prompts in case of reusing UIDs.
- Since we are trusting the remote user header, it is much safer not
listen on external addresses. We don't that since Apache connects on
internal address.
- When writing the configuration file for no NAT case, append then last
part of the file instead of overwriting.
- Also 'echo' statements are missing leading to attempt to execute the
config options instead of writing them to a file.
Currenly uptime is being taken as measure to decide whether update must
run. Uptime is the number of seconds since machine has booted. If a
machine has run for 30 hours, and rebooted, then update will not be done
until the machine has run for 30 hours + desinated time. Using seconds
since epoch fixes this.
- The current code to parse the configuration file does not work proper
if there is an '=' in the password. Fix it.
- Also if predesignated keyword like 'server' occurs in the password,
configuration can't be read properly. Fix it.
* Add an option to pass the password via cmdline (optional, not used by
plinth) if called manually.
* Fix: If -p option was not the last given option, everything after -p
was lost. Closes#310.
- Add note about resetarting firewalld.
- Refactor checking for running configuration process.
- Fix error message being show as info message.
- Minor indentation fixes.
- Allow setting multiple SSH keys one per line (which is already
allowed, but advertise it better).
- Use mkhomedir_helper to create the user's home directory. Avoid
security and accuracy complexities of creating a home directory.
- Allow homes that don't exist in /home.
