- Allow setting registration verification to token based registration
verification.
- Configure the server with registration secret. Use the registration secret to
register an admin account for FreedomBox's use. Store the access token provided
during registration for future use.
- Use Admin API and the access token to create a registration verification
token. Show list of all registration tokens on app page.
Tests:
- On a fresh installation, setup succeeds, public registration is disabled.
Enabling public registration sets verification to be disabled by default.
Registration tokens are not shown in status.
- Without the patch, install the app and enable public registration. Apply the
patches. After update registration verification will show as disabled.
- Setting verification method to registration token works.
freedombox-registration-secret.yaml file is created. This file has 0o600
permissions and is owned by matrix-synapse:nogroup.
freedombox-admin-access-token.txt file is created. This file has 0o600
permissions and is owned by root:root. List of registration tokens are shown in
status section. Registration with Element app works with the token listed.
- Disabling registration verification works. Registration tokens are not shown
in status section. Registration with Element app works without verification.
- Disable app. Try to update the verification configuration to use tokens. An
error should be thrown that configuration can't be updated when app is disabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tested that all samba tests pass in testing container. Also checked that
connection type texts are not translated, thus safe to use in xpath search.
Fixes#2333.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is for arm64 boards like Raspberry Pi and cross-arch VMs.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2324.
The arm64 image contains two partitions in a GPT partition table. First is the
EFI partition and the second is the root partition. The container script
currently assumes that there will only be one partition in the image file. Fix
this by picking up the partition number of the last partition and resizing that.
GPT partition table also requires relocating the second copy of the partition
table to the end before partition resize can succeed.
Tests:
- Create testing containers in arm64 and amd64 architectures.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Without the change, pip refuses to install into system environment due to
changes outlined in PEP 668. The following error is thrown: 'error:
externally-managed-environment'.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2326.
There are plans to remove /etc/timezone from Debian (Debian bug: #822733). It
has been removed temporarily and that caused failures in FreedomBox. Since we
use systemd-timesyncd and timedatectl, use timedatectl to retrieve the currently
set timezone value. This eliminates the need to read timezone at a lower level.
Tests:
- Getting and setting the timezone works.
- Removing /etc/timezone and /etc/localtime then visiting the Date & Time app
works. After setting the timezone, /etc/localtime file is created as symlink.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2206
Use pg_dumpall instead of pg_dump.
Test I did:
1. Install tt-rss and add a feed
2. Create a backup
3. On a fresh installation restore the backup from file
Signed-off-by: nbenedek <contact@nbenedek.me>
[jvalleroy: Add a comment about the limitation of this approach]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The reason for this patch is explained in issue #789 .
See also: !2250
Signed-off-by: nbenedek <contact@nbenedek.me>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[jvalleroy: Don't enable app when upgrading]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2325.
We have recently started allowing all the users to login to FreedomBox console
instead of just the administrators accounts. Remove the message that only
administrators can login.
Tests:
- Run ./setup.py install and then notice that login message got updated in a
vagrant machine.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Without the change, pip refuses to install into system environment due to
changes outlined in PEP 668. The following error is thrown: 'error:
externally-managed-environment'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This was changed by mistake in
89a404fb7d32af1667110480dcaf142c4868fd86.
Tests:
- MediaWiki app page is shown without error.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2323.
- Monal is BSD 2-Clause licensed.
- Siskin IM is GPLv3 licensed.
Tests:
- In app install page, clicking on clients shows the two new clients and old
client removed. Clicking on the buttons takes us to correct pages on the iOS app
store.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2321.
- Without verification configuration being set, if public registrations are
enabled, matrix-synapse server does not start. Fix this by disabling
registration verification.
Tests:
- Without the patch, install matrix and enable public registrations. Matrix
daemon will no longer be running. Apply patches and restart. Matrix app will be
updated. 'enable_registration_without_verification: true' will appear in
/etc/matrix-synapse/conf.d/freedombox-registration.yaml. Server will be running.
- Enabling/disabling the public registration option works. The option will be
added and removed. enable_public_registration is set to true/false.
- Functional tests for matrix-synapse work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Consistency with rest of the apps, more robustness and extensibility.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- test_uninstall is skipped for dynamicdns.
- test_uninstall is passed for bepasty.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- It is just a support script and not part of the main source.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
We no longer store sqlite3 file the current directory when running --develop
mode. We always store it in /var/lib/plinth/plinth.sqlite3.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
For uniformity with the more often used ./container script. Developers may have
to destroy and recreate their vagrant machines for this to take effect.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2316.
Tests:
- Go to to power app. There is no menu.
- Go to firewall app. There is a menu item but no backup and restore items present.
- Go to bepasty app. There are backup and restore menu items in menu. Clicking
backup items takes us to create backup page with only Bepasty app selected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
[jvalleroy: Fix CSS classes for new menu items]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Take app_id in a URL fragment and fill that as the default selected app in
create backup form. This URL can be used in apps to create a backup link.
Tests:
- Visit /plinth/sys/backups/create/bepasty/. Only bepasty app will be selected.
- Visit /plinth/sys/backups/create/foo/. No apps are selected.
- Visit /plinth/sys/backups/create/. All apps are selected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2293.
When running in develop mode, the title already contains 'Page not found'.
Commit 0881dae66583304494e052dfaddb9e3a784d2994 already ensured that functional
tests see this page title and treat it as 404 page. This change ensures that 404
is detected even when not running in develop mode.
Tests:
- Run freedombox as 'sudo --user=plinth ./run' without the --develop option.
Install and disable JSXC. Visit the page /plinth/apps/jsxc/jsxc/. Notice that
the page title is 'Page not found - FreedomBox'.
- Functional tests for JSXC work even when service is running without --develop
option.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2313.
systemd-journald does not (never did) accept size values given in percent of
file system size. Only the defaults work with percent values. Hence our addition
of RuntimeMaxUse= as percent value in configuration file did not work.
systemd-journald outputs a warning to dmesg and ignores the value.
We could change the value to fixed size. We would have to choose a value that
works for systems with less memory (such as 1GiB) and that value would serve
poorly for systems with more memory. Instead, leaving the default value of 10%
for RuntimeMaxUse= might be better. Additional configuration of MaxFileSec=6h
and MaxRetentionSec=2day would also ease the burden in most cases for the low
memory devices. Considering that people did not report issues with status
quo (where the value we have set did not work and default size was used) also
suggests that default value will work. Further, /run filesystem itself seems to
be allocated only 10% of available memory.
Tests:
- Without the patch, start a vagrant machine. Notice that dmesg shows the error
mentioned in the issue #2313. Apply patch and restart the service. Setup is run
for config app. The file /etc/systemd/journald.conf.d/50-freedombox.conf will no
longer have the RuntimeMaxUse= directive.
- After reboot, dmesg will no longer show the error. systemctl status
systemd-journald shows that 10% of the size of /run is the max for journal file.
- In config app page, setting various values of log persistence works.
- On a fresh container with the patch, initial setup succeeds and
journald.conf.d file is setup without the RuntimeMaxUse= directive.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2085.
- Read the list of snapshots and properly determine the full subvolume name to
be used for mounting the .snapshots subvolume.
- Use systemd .mount units instead of editing fstab. Fstab editing is dangerous
and could result in system not booting properly. systemd units are better suited
for tool based editing while /etc/fstab is recommended for humans.
- Use automount feature provided by systemd using autofs to perform mounting. This
means that the backing filesystem is only accessed and mounted when the mount
point is accessed by a program. Parse errors in the mount/automount file and
incorrect mount parameters are also tolerated well with failure to boot.
Tests:
- On a fresh Debian Bullseye install with btrfs. Install FreedomBox with the
changes, create and delete manual snapshots. Rollback to a snapshot should also
work. /.snapshots should contain all the files inside each of the snapshots.
- After rebooting into a rolled back snapshot, create/delete and restore to a
snapshot should work. /.snapshots should contain all the files inside each of
the snapshots.
- Introduce an error in .mount file such the mount operation will fail. Reboot
the machine. Reboot is successful. /.snapshots is still mounted as autofs.
Trying to access /.snapshots will result in error during mount operation.
- On a vagrant box without changes. Install freedombox and ensure snapshot app
setup has been run. This creates the /etc/fstab entry. Apply the patches.
snapshot app will run and remove the mount line in /etc/fstab and create the
.mount entry. /.snapshots is still mounted but not because of .automount. After
reboot, /.snapshots is mounted with autofs and also with btrfs. Unmounting
/.snapshots and then trying to run 'ls /.snapshots' will perform the mount again.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2144.
- '--ambit' seems to a required argument if there is no default subvolume set on
the filesystem. Add it to prevent error during rollback.
- Description is not a required option for rollback (anymore?) and default
descriptions for the two snapshots are more descriptive.
Tests:
- On a fresh vagrant machine, run snapshot rollback with the patch. It fails.
With the patch, rollback succeeds.
- The description created for the rollback is the default one 'rollback backup'
and 'writable copy of #x'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
