Process can be tested by upgrading to testing:
$ sudo ./actions/upgrades --develop --test-upgrade
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: cosmetic: isort fixes]
[sunil: Restore BACKPORTS_REQUESTED_KEY that was accidentally removed]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
If firewalld is running, the virtual network interface created by
systemd-nspawn gets assigned to the home zone by default. Because
of this, DHCP server is not availabe for the container and most
of the incoming ports are closed.
This commit assigns the network interface created by systemd-nspawn to
the trusted network zone if firewalld is running, so that all network
connections are accepted.
Signed-off-by: Veiko Aasa veiko17@disroot.org
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
See MR#1919.note_194567.
Since the documents and some chapters are long a table of contents has been
added at the beginning along with navigation links pointing back to it at the
end of main sections and long chapters.
Signed-off-by: Fioddor Superconcentrado <fioddor@gmail.com>
[sunil: Drop periods at the end of TOC entries]
[sunil: Re-title some sections]
[sunil: Add links to Django i18n documentation and IRC chatroom]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Required only by tests when run as superuser. However, it's addition makes it
very uniform to ensure that all dependencies are pre-installed in a container
when running tests.
- We may find ways to run root user tests in future.
- The package seems very stable.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Trying to create another admin user using the first boot wizard will certainly
fail.
- Show the list of admin users in the system so that they an be deleted and
creation of admin by first boot wizard can continue.
- If existing account can already work (such as when Plinth and LDAP entries
exist) allow skipping the step.
- Since the scenario is mostly like encountered only during advanced usage and
not for most regular users, the technical nature of solutions is okay.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
This change prevents the plinth user to become a superuser without
knowing an admin password.
Users module and action script:
- User credentials are now required for the subcommands: create-user,
set-user-password, add-user-to-group (if the group is admin),
remove-user-from-group (if the group is admin), set-user-status,
remove-user (if the removed user is the last admin user.
Note: the web UI doesn't allow to delete last admin user).
- subcommand remove-users requires authentication if the user is last
admin user. Password must be provided through standard input.
- subcommand remove-group: do not allow to remove group 'admin'
- User credentials must be provided using the argument
--auth-user and a passsword must be provided through standard input.
- If there are no users in the admin group, no admin password is
required and if the --auth-user argument is required, it can be an
empty string.
Users web UI:
- An admin needs to enter current password to create and edit a user
and to change user's password.
- Show more detailed error text on exceptions when submitting forms.
- Show page title on the edit and create user pages.
Users unit and functional tests:
- Added a configuration parameters to the pytest configuration file
to set current admin user/password.
- Added a configuration parameter 'ssh_port' to the functional tests.
You can overwrite this with the FREEDOMBOX_SSH_PORT environment
variable. Modified HACKING.md accordingly.
- Added an unit test:
- test changing the password as a non-admin user.
- test invalid admin password input.
- test that removing the admin group fails.
- Capture stdout and stderr in the unit tests when calling an action
script to be able to see more info on exceptions.
- Added functional tests for setting ssh keys and changing passwords
for admin and non-admin users.
- Added a functional test for setting a user as active/inactive.
Changes during review [sunil]:
- Move uncommon functional step definitions to users module from global. This is
keep the common functional step definitions to minimal level and promote when
needed.
- Minor styling changes, flake8 fixes.
- Don't require pampy module when running non-admin tests. This allows tests to
be run from outside the container on the host machine without python3-pam
installed.
- Call the confirm password field 'Authorization Password'. This avoid confusion
with a very common field 'Confirm Password' which essentially means retype
your password to ensure you didn't get it wrong. Add label explaining why the
field exists.
- Don't hard-code /tmp path in test_actions.py. Use tmp_path_factory fixture
provided by pytest.
- Remove unused _get_password_hash() from actions/users.
- Undo splitting ldapgid output before parsing. It does not seem correct and
could introduce problems when field values contain spaces.
Tests performed:
- No failed unit tests (run with and without sudo).
- All 'users' functional tests pass.
- Creating an admin user during the first boot wizard succeeds.
- Creating a user using the web UI with an empty or wrong admin
password fails and with the correct admin password succeeds.
- Editing a user using the web UI with an empty or wrong admin
password fails and with the correct admin password succeeds.
- Changing user's password using the web UI with an empty or wrong
admin password fails and with the correct admin password succeeds.
- Above mentioned user action script commands can't be run without
correct credentials.
- Adding the daemon user to the freedombox-share group succeeds when
installing certain apps (deluge, mldonkey, syncthing, transmission).
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Move uncommon functional step definitions to users module from global]
[sunil: Minor styling changes, flake8 fixes]
[sunil: Don't require pampy module when running non-admin tests]
[sunil: Call the confirm password field 'Authorization Password']
[sunil: Don't hard-code /tmp path in test_actions.py]
[sunil: Remove unused _get_password_hash() from actions/users]
[sunil: Undo splitting ldapgid output before parsing]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This change prevents the plinth user to set the ssh-keys without
knowing the user password.
- Debian: added new dependency python3-pampy to authenticate users.
- Added additional required parameter --auth-user to the
'actions/ssh set-keys' command. A password should be
provided through STDIN.
Tests performed:
- running 'actions/ssh set-keys' with empty or wrong admin credentials
fails.
- running 'actions/ssh set-keys' with correct admin credentials
succeeds.
- running 'actions/ssh set-keys' with correct non-admin credentials
succeeds if the --username is the same user.
- running 'actions/ssh set-keys' with correct non-admin credentials
fails if the --username is a different user.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Without these changes, with Quassel not-installed, change the domain name.
Notice that certificate events for Quassel fails due to missing domain
information.
- With these changes, with Quassel not-installed, change the domain name. Notice
that certificate events for Quassel don't result in any actions.
- With these changes, when Quassel is installed, certificate is properly setup
for a domain.
- With these changes, with Quassel installed, change the domain name. Notice
that certificate events for Quassel succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Without these changes, with Coturn not-installed, change the domain name.
Notice that certificate events for Coturn fails due to missing domain
information.
- With these changes, with Coturn not-installed, change the domain name. Notice
that certificate events for Coturn don't result in any actions.
- With these changes, when Coturn is installed, certificate is properly setup
for a domain.
- With these changes, with Coturn installed, change the domain name. Notice that
certificate events for Coturn succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fix update command failing when image files do not exist.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Certificate can be setup for a single domain at a time in Mumble. So, allow the
user to choose the domain purely for this propose even though Mumble can work
with multiple domains. Tell Let's Encrypt to work with this domain.
Tests:
- Without Mumble installed, change the domain name. Notice the mumble related
certificate events are ignored.
- Install Mumble, a TLS domain is automatically selected. Certificate is setup
for that domain.
- Ensure at least two domains are setup in the system. See the list in the
Mumble app page. Choose a non-default domain. Domain should change and cert
should be setup for that domain.
- Go to config app and change the domain. Mumble domain should get set to a
different domain and cert should get updated.
- Install mumble without these changes. Apply the changes and start FreedomBox.
Mumble app should get upgraded and certificate should get setup for a domain.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Without these changes, with Quassel not-installed, change the domain name.
Notice that certificate events for Quassel fails due to missing domain
information.
- With these changes, with Quassel not-installed, change the domain name. Notice
that certificate events for Quassel don't result in any actions.
- With these changes, with Quassel installed, change the domain name. Notice
that certificate events for Quassel succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Without these changes, with Coturn not-installed, change the domain name.
Notice that certificate events for Coturn fails due to missing domain
information.
- With these changes, with Coturn not-installed, change the domain name. Notice
that certificate events for Coturn don't result in any actions.
- With these changes, with Coturn installed, change the domain name. Notice that
certificate events for Coturn succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Install Tor and enable onion service. Restart FreedomBox. During
initialization the onion service domain is added. Check in Name Services.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Due to a minor regression with init() method refactoring:
- Pagekite tries to check if it is enabled even when it is not installed. This
is an unnecessary check.
- Pagekite tries to remove domains from name services even when it is not
installed. This could have unnecessary consequences.
Fix this by checking if Pagekite is installed and perform name services updating
only if service is enabled.
Tests:
- Enable pagekite and configure it. When FreedomBox is restarted, Pagekite kite
is announced as domain and shown in Name Services.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #1891.
As soon as the app is installed, the default configuration has NAME.pagekite.me.
This is incorrectly announced as a valid domain to the system. Avoid this
behavior by never announcing this default configured kite name.
Tests:
- Install Pagekite. Observe that the default kite name is not announced as a
domain (confirmed in Name Services). With the patch, it will.
- Change the domain to anything other than default. It is announced. LE tries to
obtain cert. Name Services list the domain.
- Change the domain back to default kite name. It is not announced. Old domain
is removed.
- Start FreedomBox with Pagekite configured with default domain. It is not
announced.
- Start FreedomBox with Pagekite configured with non-default domain. It is
announced.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Drop message for initialization of each app. This was removed earlier but was
reintroduced during init() refactoring. There is not much use for these messages
and the noise they generate hide some important messages relating to domains
added.
- Print lists in a better way for humans.
- Add a log message after all the initialization is completed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Reword the extra requirements to explain when they are needed]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Allow read access by URL by default.
Tests:
- Installing bepasty fresh show the default permissions as read.
- Upgrading bepasty from older version when default permissions are none sets
the default permissions to read.
- Upgrading bepasty from older version when default permissions are not none
retrains the permissions.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Don't relocate setup() method]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
