Tests:
- Add a comment and /etc/apt/sources.list file. Distribution upgrade page does
not load and fails with an error.
- With the patch, page loads properly. Distribution upgrade can be triggered.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
[jvalleroy: Fix test for release date]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Add Full Text Search capability to Dovecot.
- Add 'dovecot-fts-xapian' to the list of packages for the email app.
- Add relevant configs for both dovecot 2.3 and 2.4
- Add a systemd timer to periodically clean search indexes
Configurations taken from plugin's upstream documentation:
https://github.com/grosjo/fts-xapian
Sunil:
- Tweak the dovecot 2.4 configuration. Remove explicit configuration same as or
close to default values.
- Drop the timer service for cleaning up the index. Dovecot documentation that
FTS plugins do it themselves.
- Drop the re-indexing command on setup. This could not be properly tested. On
first search, indexes will be created for mailboxes that don't have them.
Tests done:
- Perform a fresh install, on both Bookworm and Trixie, confirm the install is
successful, confirm the systemd service runs with exit 0.
- On Bookworm, apply the patches on an existing setup, confirm the patches apply
as expected.
- On a production like setup, set dovecot 2.4 to debug mode and check the
journal logs while receiving an email: The logs confirm that the fts module is
loaded and that it automatically creates a db for the indexes. I also opened the
newly created db file with less and confirmed that the human readable parts
contain my recent email.
- Using Sogo, perform a full search (including headers and body). Search works
and indexes are freshly created on all the folders.
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- This helps during distribution upgrade from dovecot 2.3 to 2.4. Dovecot will
stop running due to dovecot server 2.4 not understanding version 2.3
configuration files. When setup is re-run, starting the daemons again is the
right thing to do.
Tests:
- With email app installed, upgrade from bookworm to trixie. Dovecot is stopped
during distribution upgrade but after freedombox service runs, it recovers and
starts running again.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Sunil:
- When dovecot package is upgrade from 2.3 to 2.4 during distribution upgrade,
automatically re-run setup.
- Upgrade existing setups to new scheme by re-running setup with incremented app
version.
- Don't query dovecot version during app initialization. Instead overwrite the
DropinConfigs component to query dovecot version during setup and enable
operations.
- Use apt.Cache() to retrieve the installed version of dovecot package. Use
plinth.utils.Version to parse the version and perform a comparison.
- Split even configuration files that have not changed for simplicity.
- Add/update links in Dovecot configuration files.
Tests:
- Install email app on a testing container. Ensure that all files in
/etc/dovecot/conf.d/ are linked properly to 2.4 versions. TLS configuration is
accurate. Use Sogo to test login and sending mails.
- User with LDAP account and correct password is able to login.
- User without LDAP account or incorrect password is unable to login.
- Send mail with Sogo to another account on the server. Notice that mails are
stored in /var/mail/{user}/mail/ with mail:mail ownership in mbox format.
- Logging in with email such as user@example.com works. Capital letters are
allowed.
- "Archive", "Drafts", "Sent", "Junk", "Trash" folders are automatically
created and are marked with special flags. Creating additional folders such
as "Sent Items" also results in them having special flags.
- Thunderbird is able to connect via SSL with a self-signed certificate
exception.
- When an example spam message is sent, it is automatically moved to "Junk"
folder after getting marked by rspamd.
- When a message is moved to Junk folder, it is learned as spam by rspamd as
seen in its admin console.
- When a message is moved out of Junk folder (to other than "Trash" folder),
it is learned as not-spam by rspamd as seen in its admin console.
- Install email app on a stable container with patches. Ensure that all files in
/etc/dovecot/conf.d/ are linked properly to 2.3 versions. TLS configuration is
accurate. Use Sogo to test login and sending mails.
- Install email app on a stable container without patches. Apply patches. Ensure
that all files in /etc/dovecot/conf.d/ are linked properly to 2.3 versions. TLS
configuration is accurate for dovecot 2.3. Use Sogo to test login and sending
mails. Perform distribution upgrade to testing. Ensure that all files in
/etc/dovecot/conf.d/ are linked properly to 2.3 versions. TLS configuration is
accurate for dovecot 2.4. Use Sogo to test login and sending mails.
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Uses Bootstrap accordion class to do collapsible sections without adding any
custom CSS or JavaScript.
Closes#2479
Sunil:
- Create one accordion instead of many. Automatically collapsing previously
expanded item works.
- Fix dangling </section> close tag.
- Embrace accordion styling instead of header-like styling for headers. The
tables with results are distinguished from the header due to header
highlighting and margins around tables.
- Fix issue with multiple 'passed' badges show for single app. 'regroup'
template tag expects the dict to be already sorted by the selected property.
- Internationalize badge text in headers.
- Right align badges. Move repair button into the accordion header for better
appearance.
- Wrap the header on small screen sizes.
- Add additional necessary HTML attributes.
- Change 'Loading...' to 'Running...' more accurately specify the status.
- Show Running and Exception statuses in header.
- Use 'text-bg-' classes instead of 'bg-' for allow automatic selection of text
color.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Synchronize the Apache server configuration with TiddlyWiki.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Drop no-cache and must-revalidate directives as they are redundant]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Apache sends an instruction to the browser to not cache the TiddlyWiki file at
all. This forces the browser to fetch the new version after each write avoiding
the case "file changed on server".
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Drop no-cache and must-revalidate directives as they are redundant]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Creating/renaming/uploading wikis with names index[.html] does not work. Doing
so with other names work.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Use validators= property instead of clean_name()]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Creating/renaming/uploading wikis with names index[.html] does not work. Doing
so with other names work.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Use validators= property instead of clean_name()]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
In trixie, cockpit-pcp is replaced by cockpit-bridge. However, our
packages module does not properly handle virtual packages.
- Specify cockpit-bridge and pcp as dependencies. In bookworm, they were
dependencies of cockpit-pcp.
- Allow cockpit-bridge as a substitute for cockpit-pcp.
Tests:
- In stable container, install Performance app. Install succeeds and app
is available.
- In testing container, install Performance app. Install succeeds and
app is available.
- Build stable-backports package with new version. Install in stable VM.
Install Performance app. Check that dist-upgrade succeeds. After
dist-upgrade, Performance app is still working. Uninstalling
Performance app works. Installing Performance app works. Diagnostics
are all passed.
Note: There is one minor issue with the Diagnostics. Package
cockpit-bridge line is shown twice (both are passed).
Fixes: #2475
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Use docker container via registry.freedombox.org to obtain the package.
Specify this in the description.
- Mark the app as experimental.
- Show information that a dedicated domain is required to host Home Assistant.
- Use special YAML loader/dumper to deal with custom YAML tags in configuration
file.
- Obtain logo file from a test file in code repository with Apache license as
the actual logo files are freely licensed.
- Write functional tests without accessing the website as a dedicated domain is
necessary.
Tests:
- Functional tests work.
- Add a domain 'mydomain.example' using the Names app. Assign this domain in
Home Assistant app configuration. In /etc/hosts on the host machine add a
mapping from mydomain.example to the IP address of the container/VM. Access the
web interface using https://mydomain.example. Home Assistant web interface is
available and functional.
- After install of the app the configuration.yaml file contains the proxy
related lines are expected.
- Diagnostics work (expect the URL access).
- Re-run setup works.
- 'Launch web client' and frontpage shortcut work as expected.
- Non-admin users can't connect on port 8123.
- Home Assistant is able to establish websocket connection in its web UI.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't redirect to '/index.html' when Apache Default is set as the home page.
This allows having other files such as 'index.php' as index file in
/var/www/html/.
- If the home page is currently set to 'Apache Default' upgrade the
configuration.
Tests:
- With Home page set to 'Apache Default' apply the patches. Config setup is
re-run. The configuration file becomes empty but is still present. Correctly
value is shown in the UI. /var/www/html/index.html is still shown as the home
page.
- With Home page set to 'Bepasty' apply the patches. Config setup is re-reun.
The configuration file is not modified. Bepasty is still shown as the home page.
Correctly value is shown in the UI.
- With Home page not modified apply the patches. Config setup is re-reun. The
configuration file is created. FreedomBox is the home page. Correctly value is
shown in the UI.
- On fresh machine with patches applied, perform first run. The configuration
file is not created. FreedomBox is the home page. Correctly value is shown in
the UI.
- Changing home page to Bepasty or 'Apache Default' works. Changing back to
'FreedomBox Service (Plinth)' also works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Instead of just the sites that have successfully obtain certificate. This
allows customization of configuration for those sites (especially useful when
testing where LE certs are not obtained).
Tests:
- When a domain is added to the system, an apache TLS configuration is created
for the domain even though the domain does not have a successfully obtained LE
cert.
- When a domain is removed, the TLS configuration for the domain is removed.
- Add a domain without the patches. Apply the patches and restart the service.
The domain added signals are fired during the startup. This results in site
specific TLS configuration files getting created and Apache reloads. When the
service is restarted, the files are not created and Apache is not reloaded.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Visit the dynamicdns app. The new description about subdomains appears.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Visit the add static domain page. Notice that additional form description is
visible.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- In version 23.6.2 (Debian Bookworm), the migration code is already present.
This means all users on bookworm would have migrated already. We don't have
support users upgrading directly from a version older than bookworm.
Tests:
- First setup works as expected when starting the service on a fresh container.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2514
- On Trixie the configuration directory is /etc/luanti and not /etc/minetest.
So, it needs to be created.
Tests:
- On Trixie and Bookworm, updating configuration works. On Trixie, directory is
created if it does not exist.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Based on suggestion from Benedek[1].
Links
1) https://salsa.debian.org/freedombox-team/freedombox/-/issues/2514#note_608054
Tests:
- On Trixie, freshly install minetest server. The server is successfully running.
Command line for the process shows that gameid is minetest_game. Configuration
file is /etc/luanti/default.conf.
- Update configuration. The update is successful. The configuration
/etc/minetest/minetest.conf is created. The server command line shows using
/etc/minetest/minetest.conf as the configuration file.
- On Bookworm, freshly install minetest server. The server is running. Updating
configuration works. Command line shows that /etc/minetest/minetest.conf is
being used.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2512.
- Newer versions of packages such as tzdata are uploaded to
bookworm-updates (first?). However, unattended-upgrades is not configured to get
package updates from bookworm-updates even though it is configured in
/etc/apt/sources.list. So, manually installation will work but not
unattended-upgrades. Fix this by explicitly allowing bookworm-updates in
FreedomBox configuration modifications for unattended-upgrades.
Tests:
- Start a bookworm VM. tzdata package is at version 2025a-0+deb12u1. Latest
version available in bookworm-updates is 2025b-0+deb12u1. Running
'unattended-upgrades -d' on command line does not upgrade the package with that
patches.
- Apply patches, run 'sudo make build install' and rerun unattended-upgrades.
tzdata package upgrades to latest version.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes an issue where confirming user deletion is not submitting the user
edit form.
Also fixes an issue where the user edit submit button is disabled after user
deletion confirmation is cancelled.
Fixes#2513.
Tests performed:
- Deleting a user works.
- All the users module tests pass.
- After cancelling the user deletion confirmation dialog, the user edit
submit button is clickable.
- On the app pages, submit buttons are disabled when app enabling or disabling
is in progress.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Zoph package depends on libapache2-mod-php. This installed and enables mod-php.
Also the process model for apache is switched to prefork. In FreedomBox, we want
mod-event and php-fpm. So, immediately after installing the package, re-run
apache setup to ensure that PHP related changes are undone.
Tests:
- On Bookworm and Trixie, install zoph. Ensure that 'a2query -m php-8.{2,4}'
show that mod-php is disabled. Also 'a2query -m mpm_event' shows it is enabled
and prefork is disabled. Apache is restarted during installation.
- On Bookworm install without patch and notice that mod-php is installed. Apply
patches and notice that mod-php and mpm_prefork are disabled while mpm_event is
enabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: https://discuss.freedombox.org/t/solved-zoph-uninstall-failure/3431
There is a debconf question being asked about remove the uploaded files while
uninstalling the package. If it is not answered, removal fails. So, answer the
question during installation.
Re-run setup so that answer is set.
Tests:
- In Bookworm and Trixie, install the app, upload an image and uninstall it.
Uninstall is successful and directory /var/lib/zoph does not exist.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2511.
- By adding bind9 to the list of packages to be held during distribution
upgrade.
Tests:
- Install bind app on Bookworm. Check that /etc/bind/named.conf.options has been
updated. Run distribution upgrade to Trixie. Notice that the configuration file
is unchanged. A new .dpkg-dist file is available with the new version of the
configuration. Journal messages show that bind was held during distupgrade and
force upgrade was later run on it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2509
If the user has changed a configuration file of a package outside of FreedomBox,
the distribution upgrade process could face a configuration file prompt and fail
midway. When using unattended-upgrades, these packages are not a problem as they
would left untouched at an old version and the rest of the system would be
upgraded. In case of distribution upgrade, these packages could cause the
distribution upgrade to fail and leave the system in an unusable state. Rather
than halt distribution upgrade midway due to a configuration file prompt, it is
better to overwrite with the new configuration. Backup copy of the old
configuration will be available to the user to later merge with the new
configuration.
For packages managed by FreedomBox, packages with configuration file prompt will
be held back during upgrade and later carefully upgraded with merge. These
package are not subject to --force-confnew option.
Tests:
- Install GNOME and edit the configuration file
/etc/fwupd/remotes.d/lvfs-testing.conf. Upgrade to Trixie. Distribution upgrade
was successful. Notice that the configuration file was force upgraded. Log shows
that new configuration file was installed as requested. Running 'apt -f install'
shows that there are not apt fixes pending.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2507.
In Bookworm, /usr/lib/GNUStep/SOGo/WebServerResources is a symlink to
/usr/share/GNUStep/SOGo/WebServerResources. On Trixie, the directory
/usr/lib/GNUStep does not exist. In both cases,
/usr/share/GNUStep/SOGo/WebServerResources is where the actual resources are.
Update apache configuration to use /usr/share instead of /usr/lib/.
Tests:
- On Bookworm and Trixie, install sogo and ensure that the web UI is working.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Benedek Nagy <contact@nbenedek.me>
Closes: #2505
Tests:
- Install app on Bookworm. Web interface works. 'Special pages' page shows
'rename user' page. That page loads.
- Dist-upgrade to Trixie. Database upgrade is performed by FreedomBox service
soon after the distribution upgrade. App still works. 'Special pages' page shows
'rename user' page. That page loads.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2498.
- Now, as soon as service starts, it will perform force upgrade operations and
post-installation app setup operations. So, it is no loner necessary to wait for
10 minutes and trigger the one of the operations with 'apt-get update'.
- In addition, the post-installation operations are triggered more explicitly
and sooner.
Tests:
- Install MediaWiki on Bookworm. Run distribution upgrade to Trixie and it
works. Log shows that post install operations were performed and mediawiki setup
was rerun.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
samba-ad-dc package depends on winbind, which breaks FreedomBox LDAP PAM
configuration. In Debian Trixie, AD server package is required by samba
package, but is not required to run Samba file server. See also Debian
bug report 1099755.
Relates to #2498.
Tests performed:
- In Debian Bookworm, install samba, do dist-upgrade, check that
samba-ad-dc and winbind packages are not insalled and adding new user
works.
- In Debian Trixie, uninstalling and installing samba app works and
after this, adding new user works.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
- Instead of an arbitrary time decided by when FreedomBox service as started.
Tests:
- Add a log message before return statement. Set the system clock to 02:00 and
start service in debug mode. Wait for 3 minutes. The timer is triggered but
nothings happens.
- Set the system clock to 06:10 and start service in debug mode. Wait for 3
minutes and a distribution upgrade check is performed and a message is printed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Show a notification 60 days, 30 days, 1 week, and 1 day before distribution
upgrade. If a notification is dismissed for any of these periods don't show
again until new period starts. Override any previous notification.
- Show a notification just before the distribution upgrade showing that the
process has started. Override any previous notification.
- Show a notification after the distribution upgrade is completed that it is
done. Override any previous notification. Keep this until it is 60 days before
next distribution upgrade. If user dismisses the notification, don't show it
again.
Tests:
- Start a bookworm VM.
- Disable the auto updates. Set the date to 2025-08-01. Start the service.
Notification is not shown when distribution check is done. Enable auto updates.
- Set the date to 2025-07-01. Start the service. No notification is shown after
distribution upgrade check is run.
- Set the date to 2025-08-01. Start the service. Notification is shown when
distribution check is done. Clicking on the 'Go to Distribution Update' takes to
distribution update page.
- Set the date to 2025-08-02. Start the service. Notification is not updated
when distribution check is done. Dismiss the notification.
- Set the date to 2025-08-03. Start the service. Notification is not shown when
distribution check is done.
- Set the date to 2025-08-22. Start the service. Notification is shown when
distribution check is done. Dismiss the notification.
- Set the date to 2025-08-23. Start the service. Notification is not shown when
distribution check is done.
- Set the date to 2025-09-15. Start the service. Notification is shown when
distribution check is done.
- Set the date to 2025-09-18 18:00. Start the service. Notification is shown
when distribution check is done.
- Set the date to 2025-09-19 18:00. Start the service. Notification is shown
that distribution update has started. Distribution upgrade has started. Dismiss
this notification. Upgrade does not succeed to due timestamp miss matches with
release file.
- Once the distribution upgrade has started. Start the service. Notification is
not shown when distribution check is done.
- Rollback to a snapshot before distribution upgrade. Start the distribution
upgrade manually and notice that notification is not shown when distribution
check is done.
- Once the distribution upgrade has completed, start the service. Notification
is shown the distribution upgrade has completed when distribution check is done.
Dismiss this notification.
- Restart the service. Notification is not shown when distribution check is
done.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This is important because only if all the command succeed, the changes to
/etc/apt/sources.list file are committed.
Tests:
- Set the time to 2025-09-20. Distribution updates are triggered. 'apt update'
fails due an mismatch with release file's timestamp. Instead of proceeding, the
distribution upgrade is halted.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This will help identify these snapshots more easily in case a revert it
needed.
Tests:
- Start a distribution upgrade. Notice that the snapshot taken has special
description that it was taken before a distribution upgrade.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Refer to the manual and mention that users can keep their distribution for 5
years before upgrade.
Tests:
- Proofread, links work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2090
- Create a new page for distribution upgrade.
- If distribution upgrade is running show its status here without any other UI.
- Show various conditions for not allowing distribution upgrades.
- Automatic updates disabled
- Distribution updates disabled
- Not enough free space.
- Unknown or mixed distribution in sources.list.
- If distribution upgrade was interrupted, show that information here and allow
triggering distribution upgrade again. This is detected by noticing that
codename in base-files is higher than one detected in sources.list.
- If the user is not testing/unstable, show a message and don't allow
triggering.
- If next stable has not been released, don't auto-upgrade but allow manual
upgrade. Show special warnings.
- If next stable has been released but only recently, don't auto-upgrade but
allow manual upgrade.
- If next stable has been released and it has been 30 days, allow auto-upgrade
and manual upgrade.
- Seek confirmation before triggering manual upgrade. Provide appropriate
advice.
- Rely on hard-coded list of releases and their release dates instead of
querying the server.
Tests:
- When automatic updates or distribution updates are disabled, an alert message
is shown distribution upgrade page. If both are disabled, both messages show up
in the alert. The start distribution upgrade button is disabled. Clicking on the
button does not work.
- Reducing the available free disk space will cause alert message to show up and
start upgrade button to be disabled.
- When the distribution in /etc/apt/sources.list is mixed or unknown, an alert
message is shown. the start distribution upgrade button is disabled.
- When the distribution in /etc/apt/sources.list is testing or unstable, an
alert message is shown "You are on a rolling release distribution...". the start
distribution upgrade button is disabled. The current distribution is
'None (testing)' or 'None (unstable)'. Next stable distribution is Unknown.
- If get_current_release is hard-coded to return (None, 'trixie'). Then a
message is show in the distribution update page 'A previous run of distribution
update may have been interrupted. Please re-run the distribution update.' A
'Continue Distribution Update' button is shown in warning color. The button
takes to confirm page where the confirm button is shown in blue and is enabled.
- On a bookworm VM, visiting the page shows the message "You are on the latest
stable distribution...". Upgrade button shows in red. Clicking it takes to
confirmation page. The page shows a warning alert and red confirmation button.
- Setting the clock to '2025-08-21' shows the message "A new stable distribution
is available. Your FreedomBox will be update automatically in 4 weeks...".
Upgrade button shows in blue. Clicking it takes to confirmation page. The page
does show warning. The button is in blue.
- Setting the clock to '2025-09-30' shows the message "A new status distribution
is available. Your FreedomBox will be updated automatically soon...". Upgrade
button shows in blue. Clicking it takes to confirmation page. The page does show
warning. The button is in blue.
- Clicking the confirmation button starts the distribution upgrade process. This
distribution upgrade page is shown. The page shows spinner with a message and no
other UI. Page is refreshed every 3 seconds. When the distribution upgrade
process is completed, the page shows the current status.
- Killing the apt-get process during distribution upgrade stop the page refresh.
The page shows that process was interrupted and also continuation. Clicking on
the confirmation button resumes the distribution upgrade process.
- After distribution upgrade, the page shows the current distribution and next
distribution properly. There is not release date for the next distribution. A
message shows: "Next stable distribution is not available yet."
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- 12 hours might genuinely not enough with SD cards, slow download speeds, and
large number of packages (due to apps such as GNOME).
Tests:
- None
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2501
Tests:
- Install radicale app.
- Install a sample package using apt. Trigger will be run and but will
not result in radicale setup rerun.
- Make newer radicale available. This can be done by enabling testing
distribution but setting its priority low. radicale priority from testing will
be set to high. When unattened-upgrades is run, it will trigger the FreedomBox
mechanism and will result in database upgrade.
- After this install a sample package using apt. Trigger will be run but will
not result in radicale setup rerun.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2119
Tests:
- Install mediawiki app.
- Install a sample package using apt. Trigger will be run and but will
not result in Mediawiki setup rerun.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #1447
Find and rerun setup for apps after a dpkg operation is completed.
This is needed in a couple of situations:
1) Some Debian packages don't manage the database used by the package. When
these packages are updated, their database schema is left at an older version
and service might become unavailable. FreedomBox can perform the database schema
upgrade. However, FreedomBox needs to know when a package has been updated so
that database schema can be upgraded.
2) A package is installed but FreedomBox has not modified its configuration.
Newer version of package becomes available with a new configuration file. Since
the original configuration file has not changed at all, the new configuration
file overwrites the old one and unattended-upgrades deals with this case. Now,
say, the configuration file modifies some defaults that FreedomBox expects
things might break. In this case, FreedomBox can apply the require configuration
changes but it needs to notified as soon as the package has been updated.
When apt runs dpkg, after the operation is completed it triggers commands listed
under the configuration 'Dpkg::Post-Invoke'. This in turn calls this class via a
DBus notification. Here, we iterate through all the apps. If an app is currently
installed and interested in rerunning setup after dpkg operations, then its
setup is rerun. Interest is expressed using the 'rerun_setup_on_upgrade' flag on
the Package() component. If all packages of the app have not be upgraded since
the last check, we skip the operation.
Tests:
- When an app is installed from FreedomBox, the trigger is not run.
- When a package is installed from command line with apt, the trigger is run. It
does nothing.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- We have a hook that triggers when 'apt update' is successfully run. This hook
handles the force upgrading mechanism. It's intended purpose is to handle
packages with configuration file prompts that unattended-upgrades does not
touch. 'apt update' is run on behalf of unattended-upgrades every day on a
schedule. This is the primary time the hook is intended to run. However, the
hook also run every time FreedomBox runs 'apt update' before installing an app.
Also no operations are performed, there is a race to see of apt is available for
the operation.
- Avoid these unnecessary runs by setting an environmental variable and by
checking it before running the trigger.
- There is one place where we want to genuinely run the trigger. That is after a
distribution upgrade. Handle this case.
Tests:
- When apt update is run on the command line, the hook is triggered.
- When installing an app, however, the hook is not triggered.
- During a dist-upgrade, the hook is triggered at the end.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Although there are no issues with kiwix like for calibre, it is the right way to
do this.
Tests:
- Without patch, restore the app on testing from a backup on stable machine and
notice that the data folder is owned by nobody:nogroup but files inside are
owned by a kiwix-server-freedombox user and group. This is not ideal.
- With patch, restore again notice that the library is accessible and all the
files are owned by nobody:nogroup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2500.
systemd 257 has introduced in which DynamicUser= services will use id-mapped
mounts[1] instead of performing chown on the entire data directory. On Debian
stable release, calibre service will contain data folders with a dynamic user
ownership while on testing release, calibre service will contain data folders
with nobody:nogroup ownership.
When a backup from stable release is restored on testing release, the two
directories are merged. The top level directory will be still owned by
nobody:nogroup while the files instead will be owned by dynamic user and group.
In this case, systemd will not recursively update the ownership. Calibre will
fail to access the library files.
The fix is to completely wipe the existing data folder before a restore. When
systemd notices that the directory ownership is not properly it will recursively
change the ownership before starting the service.
Links:
1) https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#RuntimeDirectory=
Tests:
- Without patch, restore the app on testing from a backup on stable machine and
notice that the data folder is owned by nobody:nogroup but files inside are
owned by a calibre-server-freedombox user and group. This leads to failure when
accessing the library.
- With patch, restore again notice that the library is accessible and all the
files are owned by nobody:nogroup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Many times, merging old and new data folders is not ideal and could lead to
unexpected outcomes. Perhaps removing all the backup folders and files before
restore is ideal. However, this patch tries to introduce that approach slowly on
an experimental basis.
Tests:
- Unit tests work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2503
- FreedomBox is a server that is typically always running. If applications such
as GNOME desktop environment are installed, they could, by default, cause system
to sleep or hibernate after a period of idleness (based on peripheral activity).
To ensure that services are always available over the network, prevent all such
applications from sending the system to sleep/hibernate.
- Other types of sleep such as hybrid sleep and suspend and hibernate are also
automatically disabled by systemd if either suspend or hibernate are disabled.
Tests:
- Without the changes, install GNOME. In gdm login screen or in desktop
environment, after 20 minutes (default) the system goes to sleep.
- Create the file in the patch with the appropriate directory in a production
FreedomBox machine. Run 'systemctl daemon-reload'. After this, running
'systemctl suspend' or 'systemctl hibernate' will return an error that the
operation is not supported. In GDM, the suspend button does not appear. In GNOME
desktop environment after login, the suspend button does not appear. Even after
the 15-20 minute period, the system does not go to sleep.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
