This MR enables FreedomBox to connect as a "client" to a WireGuard
"server" using IPv6.
- Validate IPv4/6 with ip_interface
- Created helper functions to build NM settings for IPv4/6
- Modify get_settings to include settings for either IP version 4 or 6
- Created helper function to get NM address info
- Modify get_nm_info to work with IPv4 and IPv6
- Modified tests to use validate_ip_address_with_network
- Added IPv6 valid and invalid patterns to tests
Tested:
- IPv4 works unchanged
- IPv6 parsing + NM settings generation works
- IPv6 display in Show Server UI
Not tested:
- Needs IPv6 WireGuard server for full connectivity test
Closes: #1762
Signed-off-by: Frederico Gomes <fredericojfgomes@gmail.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
sysusers.d/tmpfiles.d config files allow a package to use
declarative configuration instead of manually written maintainer
scripts. This also allows image-based systems to be created
with /usr/ only, and also allows for factory resetting a system
and recreating /etc/ on boot.
https://www.freedesktop.org/software/systemd/man/latest/sysusers.d.htmlhttps://www.freedesktop.org/software/systemd/man/latest/tmpfiles.d.html
Tests:
- /var/lib/plinth and /var/lib/plinth/sessions/ are created on package install.
Ownership is plinth:plinth. 0755 is permissions.
- /var/lib/plinth/firstboot-wizard-secret file is created on package install.
Ownership is plinth:plinth. 0400 is permissions. During first wizard,
providing the secret works.
- /var/lib/plinth/backups-data is owned by root:root.
- When upgrading from old package to new the permissions don't change.
- When reinstalling the new package, the permissions do not change.
- User is created same as before.
plinth❌987:987:FreedomBox service:/var/lib/plinth:/usr/sbin/nologin
- Group is created same as before.
plinth❌987:
- id plinth
uid=987(plinth) gid=987(plinth) groups=987(plinth)
- Upgrading from old package to new does not change user and group records.
- Reinstalling new version does not change user and group records.
[sunil: Don't recursively change ownership for /var/lib/plinth/]
[sunil: Change ownership specifically for /var/lib/plinth/firstboot-wizard-secret]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
This is widely considered bad practice, as the kernel recycles
UIDs/GIDs. So any potential leftover file/directory can then
become owned by the next user/group that gets added, with
unpredictable consequences.
As removing a system user and group is considered a bad practice. Old unused
system accounts are mostly harmless.
Tests:
- Bepasty functional tests pass.
- Installing bepasty and uploading a file works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Drop dependency on 'adduser' package.
Tests:
- Functional tests for infinoted work.
- Installing infinoted app works. The system user and group are created with
proper UID/GID, shell, gecos, and home directory.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Drop dependency on 'adduser' package.
Tests:
- Functional tests for syncthing work.
- Installing syncthing app works. The system user and group are created with
proper UID/GID, shell, gecos, and home directory.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
This was meant to be used by the mobile client. But it is in unmaintained and
unusable state. We can re-introduce the API when mobile client is back in
action.
See: https://github.com/freedombox/FreedomBox/pull/1215
[Joseph]
This API is not called by the mobile client, so it is safe to remove.
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- When SOGO app is enabled, radicale functional tests fail.
Tests:
- Enable SOGO app and run radicale functional tests. They fail without patch and
pass with the patch.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The latest version of radicale calendar server's configuration file does not
parse with augeas. This is because it contains the following entry in [headers]
section:
Content-Security-Policy = default-src 'self'; object-src 'none'
The semicolon is treated as comment by the lens which is not correct. Fix this
by overriding comment_re in the lens.
Tests:
- Updated test case works when using augparse.
- With the patch, latest upstream configuration file parses without errors.
- Functional tests work for radicale in testing distribution. Without patch
radicale fails to install.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2571.
- During backup, a service related to backup is stopped and then started back
again after the backup. In case of .socket unit, the .service unit is not being
stopped and it continues to listen on the socket path. When the .socket unit is
started back again, it tries to listen on the socket path and fails.
- To fix the issue, when running stop, restart, etc. operations on a .socket
file, try to perform that operations that we actually intend.
Tests:
- Unit tests pass
- Functional tests for bepasty and radicale work.
- After taking a radicale backup uwsgi-app@radicale.socket does not become
inactive (works when service is running or stopped). uwsgi-app@radicale.service
stops if it is running, backup doesn't fail if service is not running.
- After taking a radicale backup uwsgi-app@bepasty-freedombox.socket does not
become inactive (works when service is running or stopped).
uwsgi-app@bepasty-freedombox.service stops if it is running, backup doesn't fail
if service is not running.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
