- Closes#366 and closes#304 (all sub-tasks).
- Start new process group with setsid() by sending
start_new_session=True
- Detach from parent process fds by closing all FDs and attaching stdin,
stdou and stderr to /dev/null.
- Don't wait for the process to complete.
- This allows for upgrading Plinth while upgrades are trigged from
Plinth itself.
- Show log of upgrade exection instead of output and error log of the
process which can no longer be collected. This has the advantage of
showing automatic executions also.
- Rewrite the mechanism to detect whether upgrades can be run. It is
now based on whether the package manager is busy. This has the
advantage of working properly if other apt processes are running,
automatic upgrades are running, etc.
- Busy status works even if Plinth is restarted while upgrades are in
progress.
- More descriptive messages showing that upgrades don't have to be
triggered manually.
- Warn that other packages can't be installed while upgrades are
running, which may take a long time.
- Warn the users of potential temporary unavailability of
Plinth/Apache2.
This is the first implementation for obtaining certificates from Let's
Encrypt. Following the features and limitations.
- Requires manual operation.
- Registrations are done anonymously.
- Supports revoking and re-obtaining certificates. Does not have a way
to show if a certficate is already renewed.
- Automatic renewal is not available.
- Details messages in case of errors.
- Has ability to switch to testing mode by using LE's staging servers.
- Sets up Apache configuration for the domain and enables/disables it.
When certificates are not available for a domain, default website
configuration is used. When certificates are available, separate
SSL website configuration for each domain is used.
- Many domain will work with a single IP address with the help of Server
Name Indication (SNI) which is supported by all modern browsers.
- Supports diagnostics on websites.
Action:
- Don't use const for HOST_TOOL, it is unlikely to be ever changed.
- Don't pass multiple key ids as single string to monkeysphere-host.
- Use JSON for data transfer with action instead of custom format and
parsing.
- Minor styling fixes.
Template:
- More consistent indentation.
- Improve the description.
- Add headers to the table.
- List domains instead of domain types.
URLs:
- Take domain as argument for key generation.
- Narrow down fingerprint matching regex.
Views:
- Take domain as argument for key generation. Verify that domain is
valid.
- Minor grammer fix to cancel message.
- Use JSON format for getting key status.
- List domains instead of domain types.
monkeysphere: Run publish as background task, allow user to cancel.
Small fixes to names module:
- Remove unused ugettext import.
- Change SERVICES to tuple.
- If a domain is not available for a service type, return None instead
of (translated) "Not Available".
- Rename get_services -> get_enabled_services.
- Change term 'reboot' to 'restart' as it is less techinical and more
consistent with popular interaces on desktop/mobiles.
- Updated description for power module.
- Simplify the module title to just 'Power'.
- Update the use of elipses and angular quotes as angular quotes and
elipses are both used to indicate that further user interface will be
available after pressing the button.
- Remove suprious '\' in power_reboot.html.
- Notify to the user that web interface will not be available after
reboot/shutdown.
- Redirect the user to application page after restart/shutdown. If the
page serve succeeds, they will have simply refresh/access it after
restart/shutdown after waiting or powering on.
- Authentication using client certificates. Extra password based
authentication for later.
- Auto setup of CA, server and client certificates.
- Provides a .ovpn profile for each user for easy setup.
- Use 4096 bit Diffie-Hellman parameters for better security. If this
takes to much time, reduce it to 2048 or 1024, at least during
debugging.
- When the current configuration does not contain a port and we try to
set the port for the frontend server, it fails. This patch fixes
that.
- Minor styling and spelling fixes.
- Make sure that if port is not set for frontend, it will be set on
saving the form.
- PEP8 fixes.
- Don't need to disable .socket and .service. Disabling .service will
take care of disabling both.
- Update the introduction message.
- Add prefix to form so that it can potentially be mixed with other
forms.
- When Deb822 formatted source files are present, error out and don't
show as enabled.
- When /etc/apt/sources.list.d/*.sources files are present, error out
and don't show as enabled.
- Handle files /etc/apt/sources.list.d/*.list.
- Workaround Augeas lens not understanding '[options]' in sources.list.
- Enable/disable ntpd from this module. Since ntpd has implications on
anonymity.
- Implement NTP diagonstics from freedombox-setup.
- Eventually provide ability to set date & time of the system.
- Eventually move timezone configuration to this module.
- Move diagnostics into main module instead of action script.
- Ability run diagnostics as non-root user (because it runs in Plinth
instead of action).
- Diagnose whether LDAP server is listening.
- Diagnose directory entities created during setup.
- Run diagnostics on each module separately.
- Run diagnostics in a separate thread.
- Show progressive update while running diagnostics.
- Store and show old diagnostics.
- Prevent CSRF on the expensive operation of running diagnostics.
- It does not work on all the modules available.
- It does not reload Plinth after changes.
- As of now, there is not strong case for disabling modules in Plinth
making it unnecessary UI complication.
- Split into multiple small Debian packages is not yet implemented for
Plinth. The module expects to work on the Debian modules. When
smaller Debian packages are available perhaps we should consider using
packages.py library instead.
- Merge all ldap actions into one action.
- Setup ldapscripts using augeas.
- Use the default mechanisms used by ldapscripts.
- Remove adding admin users to 'sudo' group. Mixing LDAP groups and
local groups is not a good practice. 'admin' LDAP group will be added
to sudoers in another patch to freedombox-setup.
- Make all users posixAccount and all groups posixGroup for simplicity.
Shell access can be restricted in other ways.
- Work around ldapscripts not able to set password using SASL auth.
- Work around ldapscripts having issues with current locale.
