Tests:
- Running 'make build install' remove the module loading include file for ttrss.
- TT-RSS is no longer available in apps page.
- Installing Tor works. Onion header is set correctly. Re-running app setup
works.
- RSS Bridge's description is updated as expected. Links work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The following message is shown when Matrix Synapse server is started.
"""
This server is configured to use 'matrix.org' as its trusted key server via the
'trusted_key_servers' config option. 'matrix.org' is a good choice for a key
server since it is long-lived, stable and trusted. However, some admins may
wish to use another server for this purpose.
To suppress this warning and continue using 'matrix.org', admins should set
'suppress_key_server_warning' to 'true' in homeserver.yaml.
"""
Explicitly configure the server to use matrix.org as the trusted key server to
avoid the warning. The value can be set to empty list of servers, however, our
users are served best by this default.
Tests:
- On a testing container, when patch is applied after Matrix app installation,
the configuration file is updated.
- After the configuration is updated the warning is removed during Matrix
Synapse startup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Create a separate section for federation as it is so important.
Tests:
- Federation description and TLS warning are shown in a separate section on the
app's post-setup page.
- Clicking on the testing tool link takes the user to the testing tool and the
current server's domain is automatically tested.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This has already been update in the pre-setup page.
Tests:
- View the post-setup page and notice that the message was updated.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Images are shown in the pages /plinth/help/manual/en/bepasty and
/plinth/help/manual/en/. Before the patch, images are not shown and 404 errors
are raised.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- This shows status of each language rather than just a single number for all
the languages. This hopefully highlights languages needing more work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This means that systemd sandbox will be in effect even during development. We
won't miss out on bugs in sandbox configuration.
- We won't have disable systemd sandbox features just because we can test
properly on development setup. Such as JoinsNamespaceOf=.
- This also leads to significant reduction in hacky code for setting up for
development and functional tests.
- One disadvantage is that first setup is run before user gets a chance to
interact with the started container/VM. However, this is okay since first setup
can be re-run easily by removing the /var/lib/plinth/plinth.sqlite3 file and
also the need for doing this is rare.
Tests:
- Start a fresh container and run functional tests with './container run-tests'
on it. The tests run as expected (succeed or fail).
- While first setup is in progress, running the command 'make
wait-while-first-setup' waits while printing dots. After the first setup is
done, it exists.
- Running the command freedombox-logs shows FreedomBox logs for both the web and
privileged services.
- Changing a source code file in the /freedombox directory (or on the host)
leads to a restart of the Plinth web service.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Similar to freedombox-privileged daemon. It makes it easy to turn on
development mode from a systemd service override (without having to override the
entire command line).
Tests:
- With the changes to systemd service file in this patch series, changing source
code file leads to plinth getting restarted.
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This can have may uses such as:
- Waiting properly on the reboot page until the system has been restarted
while showing the status.
- Or, waiting for first setup to complete before running functional tests.
- Or, monitoring for the health status of FreedomBox in general.
- The page is public as all the information conveyed there is also already
public. Should we introduce any sensitive information there such as
'operations_in_progress', we can provide that information only to
administrators.
Tests:
- Visiting /plinth/status/ shows the status in JSON. Using curl to retrieve the
information is also possible.
- During the first setup 'is_first_setup_running' is 'true'. After it has
completed, it is 'false'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Earlier PrivateTmp=no is set freedombox-privileged.service in
4140d3b4444d2fd55ac682d066fd859cb2f034b5 and the fix was not properly tested.
Similar change was needed in plinth.service and it was not done.
- Complete the fix but this time enable private tmp and join namespaces for the
two daemons.
- This will cause issues with file uploading when plinth is run from command
line (for development purposes). This will be addressed separately.
Tests:
- Apply the change and reload systemd and restart service. Don't run plinth on
command line and run it as service.
- Uploading libraries to kiwix works
- Uploading backup tarballs works.
- Uploading TiddlyWiki and Feature Wiki wiki files works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2536.
Multiple fixes:
- When miniflux and postgresql are install simultaneously, miniflux setup may be
installed before postgresql is started.
- When postgresql is already installed and disabled (due to a previous
uninstall), then postgresql may not be running during miniflux package
installation (and fail initial DB setup).
- When app is being installed while it is disabled, the database may not running
and may lead to failure in removing the app database.
Tests:
- Run functional tests on stable/testing twice in a row.
- Install the app without postgresql or miniflux installed.
- Disable the app and uninstall it. DB is purged.
- Uninstall and re-install (with postgresql is disabled during installed).
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Uninstall miniflux and postgresql. Install freshly with all the patches in
this series. When installing miniflux freshly, postgresql is not disabled soon
after miniflux package is installed. Without this patch, postgresql is disabled
after packages are installed leading to a setup failure.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This prevents logging usernames and passwords to the journal logs and to the
Git repo configuration. Also, avoids usernames and passwords appear in the
process list when cloning a repository.
Tests performed:
- Create a new repository by cloning an existing repository URL with basic
auth credentials. Check that:
- Cloning succeeds.
- Journal logs don't contain URLs with credential info.
- The configuration of the cloned repository doesn't contain credential info.
- Try to clone a non-existing repository URL that contains credential
info. Cloning fails and there are no credential info in the journal logs.
- Cloning a public git repository without credential info succeeds.
- All the gitweb module tests pass.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Add/fix some more type hints]
[sunil: Add tests for URL parsing]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- The privileged service will stop by itself if left idle for 5 minutes.
However, if someone is viewing a reloading page such as during manual software
update, the privileged service is never idle.
- When freedombox package is updated to a newer version, the old version of
privileged daemon could run for a long time but newer version of freedombox
service might be running by then. This would cause protocol mismatch
problems (unless backwards compatibility is provided which is unnecessarily
hard).
- Adding PartOf=.socket in .service file means that if .socket unit is stopped
or restarted, the .service unit will be stopped or restarted too. We still don't
want the dh_installsystemd script to be starting the .service unit, so this is
ideal.
Tests:
- During fresh install of freedombox package, freedombox-privilged.socket is
started but freedombox-privileged.service is not. It is started due to socket
activation (as seen in journal logs of privileged daemon).
- During removal of freedombox package, .service is stopped when .socket unit is
stopped.
- During reinstall of freedombox package, .service is restarted when .socket
unit is restarted.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- These situation occur when server encounters an error when trying to formulate
a response. All exceptions during execution of actions are caught and reported
properly. However, server may encounter errors during processing of exception
raised in an action. Or may die abruptly. This special error will make
identifying such situations easier.
Tests:
- Add a 'return' after _read_request() in
privileged_daemon.py:RequestHandler:handle(). This will trigger this error.
Starting FreedomBox service will show these errors as 'ConnectionError: Server
returned empty response'. Similarly running 'freedombox-cmd --no-args plinth
is_package_manager_busy' will show the same error.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Now that we have a mechanism for properly collecting, transmitting, and display
the stdout and stderr. There is no reason not to collect all of the stdin and
stderr.
- Also, the stdin/stderr=subprocess.PIPE is redundant and prevents the output
from getting collected for debugging. So, remove it.
Tests:
- Ran functional tests on backups, calibre, ejabberd, email, gitweb, ikiwiki,
infinoted, kiwix, mediawiki, mumble, nextcloud,, openvpn, samba, wireguard,
zoph. 2-3 issues were found but did not seem like new errors.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This is to capture stdout and stderr and transmit that from privileged daemon
back to the service to be displayed in HTML.
Tests:
- Unit tests and code checks pass.
- Some of the modified actions work as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This is to capture stdout and stderr and transmit that from privileged daemon
back to the service to be displayed in HTML.
Tests:
- Unit tests and code checks pass.
- Some of the modified actions work as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
