- Regression: downloading does not work with sudo based action anymore. However,
sudo based actions are to be removed in later patches.
Tests:
- Downloading tar backup archive works. Untar works. Downloading gives upto
10MiB/s speed.
- If API is not called with _raw_output=True, then special exception is raised.
- Downloading tar file from command line using nc also works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Used after migration gitweb and storage calls to using
action_utils.run_as_user.
Tests:
- Gitweb operations and directory validations works when privileged daemon is
running or not running.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Instead implement running specific commands inside the privileged action as a
specific user.
Tests:
- In transmission, setting the download directory is valid if
- A parent level directory is writable by transmission daemon and child does
not exist.
- A leaf level directory is writable by transmission daemon when leaf exists.
- A leaf level exists and is not a directory.
- In MiniDLNA, setting the directory works only if it exists and is readable.
Work when write permission is not available.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Instead implement running specific commands inside the privileged action as a
specific user.
Tests:
- Gitweb functional tests and unit tests work.
- Running various operations such as clone, create, set branch, rename, etc. all
result in repositories (and all their contents) owned by www-data:www-data.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Tests:
- Existing gitweb repos are listed properly. Newly created repos are reported
properly.
- Directories without .git extension or starting with . are not shown.
- Private repos are shown as private and public ones as public.
- Cloning progress is shown properly in the list of repos.
- Cloning starts with 0%.
- Cloning file is removed after completion of cloning process.
- Cloning is done into .temp directory.
- After cloning repo can be checked out as expected.
- Getting/setting of default branch/description/owner/private works.
- Getting the list of branches work when selecting the default branch.
- Creating new blank repo works.
- Deleting a repo works
- Uninstalling the app works. All repos are removed.
- Retrieving non-existent repo shows error as expected
- Backup/restore of repos works as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- To be used to run specific command as another user.
Tests:
- Unit tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- When there is no URL name provided, the view fails to render when computing
breadcrumbs from middleware. Provide a name so that the URL does not lead to a
500 HTTP error.
Tests:
- Accessing the URL on development machine does not lead to an error page.
- On a production machine, when trying to use Thunderbird account setup wizard,
without the patch, Thunderbird says that it found configuration by enumerating
common names for the domain. A 500 error can be seen in the journal. After the
change in patch, Thunderbird says that it found the configuration from the
provider. A 200 success code can be seen from journal.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Files from web service are uploaded to /var/tmp/ directory. They need to
accessible to privileged daemon to that it can move them to a target location.
So, if /var/tmp is isolated for privileged daemon, it can't see those files as a
separate tmpfs filesystem is mounted on that folder.
- Ideally, we should have PrivateTmp=yes and
JoinsNameSpacesOf=freedombox-privileged.service set on plinth.service. However,
this requires further changes to the way developer execution is done command
line. This is done in future.
Tests:
- Uploading a backup works.
- Uploading a kiwix archive works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Removed android apps that have been discontinued and added SambaLite
app.
Tested that SambaLite works with Samba app.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Fixes: #2534.
- Otherwise, if python standard library is updated, needs-restart will determine
that the freedombox-privileged.service needs to be restarted. The service may
have triggered the 'apt-get install' operation that triggered needs-restart in
the first place. That causes the install operation to fail.
Tests:
- Installing Calibre app which also brings in python standard library update
succeeds and freedombox-privileged.service is not restarted during 'apt-get
install' operation.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Helps: #2534.
- When a module change is detected. Don't restart. Restart only when FreedomBox
source code is changed. This prevents unwanted restarts when Python standard
library is updated during an app's installation.
- This will make functional tests more robust as during functional tests,
freedombox service run in development mode.
- This may lead to annoyances during development when we have to restart the
service manually. This is unlikely but if it happens we can tweak the setting by
maintaining the allow list of modules instead of deny list of modules.
Tests:
- Calibre installation which brings in new version of python standard library
works without causing CherryPy to detect python module changes during 'apt-get
install'.
- Changing a source code file under the plinth/ directory leads to the service
getting automatically restarted.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Defined two settings for ignoring laptop lid close action. They handle
the two cases - running on battery power and running on external power.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
- As reported on IRC, links to source code files in Weblate are broken. This is
due to incorrect paths to files inside the POT file. Instead of plinth/views.py
it contains views.py. This might be a regression introduced when switching to
Makefile for all build tasks.
- To fix, we need to run 'django-admin makemessages' command at the topic level
directory in the source code repository. However, running at the top-level has
problems:
- Various unnecessary directories are considered. This was remedied using
--ignore aruments.
- The default locales directory was not being detected. This was remedied
using LOCALE_PATHS in Django settings.
- Django settings file was not being picked up. This was remedied using
--settings option.
- Django settings were being picked up from system's module path. This was
remedied using --pythonpath . option.
Tests:
- Running 'make update-translations' updates all the files. Newly generated POT
file contains plinth/ in the file paths. All locales were updated. There are no
other major changes POT or language files (other than what seemed to be pending
updates).
- Running freedombox-develop, locale can be changed to Spanish. The changed
locale is visible in UI. Changes to .po file are reflected in the UI after
running 'django-admin compilemessages'.
- After running freedombox using plinth.service systemd unit, locale can be
changed to Spanish. The changed locale is visible in UI. Changes to .po file are
reflected in the UI after running 'make build install'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Closes: #2533.
See https://salsa.debian.org/freedombox-team/freedombox/-/issues/2533 for
rationale.
Tests:
- Build Debian package with changes and incremented version number. Install it
in the development container and run unattended-upgrade -d. libpam-abl package
is removed by unattended-upgrades.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Keep Bookworm as oldstable.
- Introduce delay before resize the filesystem as mount operation may start a
balancing operation that conflicts with resize.
- Change the VM configuration to enable UEFI for all but bookworm images.
- Add --nvram when destroying the VM so that VMs with UEFI booting and NVRAM
storage enabled can be deleted.
- Add UEFI parameters to grub-install after changing FSID. Mount the EFI
partition to allow grub-install to work.
Tests:
- On a clean setup (rm -rf .container), bring up all four containers using
machine-type=vm with on host machine arch amd64. Run first wizard successfully.
- On all but oldstable, run mokutil --sb-state and ensure that secure boot is
enabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes: #2531.
- Currently, when a diagnostics test is skipped, the notification shows up with
'error' severity. Instead of this, treat 'skipped' and 'not done' tests as
passed for the purpose of the notification.
Tests:
- Change code in package.py to set the result of diagnostic test to be 'SKIPPED'
and 'NOT_DONE', in both cases, the notification is not shown after running full
diagnostic runs.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Fixes: #2529.
Tests:
- Run functional tests on bepasty. Without the patch, many tests are skipped.
With the patch, all tests are executed. Introducing a sleep delay in
Package.is_available() method also works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Mostly for styling and just to fix the linter.
Tests:
- After package availability check in bepasty page, 'Install' button is enabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Since we have important fixes deployed that we would like to get effected
immediately.
Tests:
- Not tested.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Dovecot is upgraded from 2.3 to 2.4, users are unable to see the old mails
from before the upgrade. New mails can be received but old mails can't be
accessed. Old mails are still present in
/var/mail/{usernmame}/mail/mailboxes/... New mails are being stored in
/var/mail/{username}/u.*. Other mailboxes such as 'Sent' are not affected.
Tests:
- Mails received in the inbox before the upgrade to dovecot 2.4 are now visible.
Without the patch, pre-upgrade mails are not visible and newly received mails
are stored in /var/mail/{username} instead of /var/mail/{username}/mailboxes/...
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Users were able to login using email address during dovecot 2.3 on Bookworm.
It was incorrectly assumed that there were not able to do that. Hence the
feature was not ported to 2.4. Early upgraders have reported this issue.
Tests:
- Login using full email address in the User Name field in Thunderbird. Without
the patch, the login fails and with the patch, it succeeds.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
