- According to a recent change in Salsa CI[1], this job does nothing.
- There is a syntax error that causes entire pipeline file from becoming valid.
Link: 2dd7850308
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- The current name does not the match the base class method it intends to
override.
Tests:
- Run functional tests for bepasty -v option and notice that only one backup and
restore test runs.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- On stable, testing distributions applying the patches and restarting the
services causes two files to be created on the system.
/etc/apt/sources.list.d/freedombox-unstable.list and
/etc/apt/preferences.d/50freedombox-dist.pref. In unstable distributions the
files are not created.
- Installing Matrix Synapse on all three distributions works. Initial domain
configuration works. All diagnostic tests pass.
- On stable and testing distributions, running 'apt policy matrix-synapse' shows
that priority for package from unstable is 200 higher than installed package
priority of 100. Same for the package python3-pympler. Running 'apt policy
freedombox' shows that package from -backports has a priority of 500 that is
same as the priority of non-backports package.
Tests:
- During re-run of setup, unstable sources are setup.
- Matrix synapse app shows updated description.
- Upgrades app shows updated description about frequent feature updates.
- On oldstable, stable, and testing distributions unstable sources are setup.
But not on unstable.
- On stable, testing distributions applying the patches and restarting the
services causes two files to be created on the system.
/etc/apt/sources.list.d/freedombox-unstable.list and
/etc/apt/preferences.d/50freedombox-unstable.pref. In unstable distributions the
files are not created.
- Installing Matrix Synapse on all four distributions works. Initial domain
configuration works. All diagnostic tests pass.
- On oldstable, stable, and testing distributions, running 'apt policy
python3-pympler matrix-synapse python3-python-multipart' shows that priority for
package from unstable is 200 higher than installed package priority of 100.
Running 'apt policy freedombox' shows that package from -backports has a
priority of 500 that is same as the priority of non-backports package.
- When frequent feature updates is not enabled, the app can't be installed.
"This application is currently not available in your distribution." message is
shown. After enabling frequent feature updates, the apps can be installed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Ensure that packages that are not installable to negative priority are not
shown as available.
Tests:
- Set priority of an available package to less than 0. This package will be
shown as not-available in the app install page.
- Normal apps are shown as available and can be installed as usual.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When backports repository or unstable repository freshly added by the updates
app. We will like apps to become available due to newly available Debian
packages. For this to happen 'apt update' must be called before checking if an
app is available.
Tests:
- Freshly apply the patches for upgrades app. Setup is re-run and unstable
sources file is introduced. Immediately visit the Matrix app and notice that is
shown as available and can be installed immediately.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Move some utilities to utils.py from distupgrade.py and __init__.py.
- This fixes issues with apt preferences being set on unstable
distribution (despite code that tries to prevent it).
- There is no way to distinguish between 'testing' and 'unstable' distributions
in Debian using commands like lsb_release (powered by /etc/os-release). See:
https://lwn.net/Articles/984635/ . So, use the value set in
/etc/apt/sources.list.
Tests: (tested entire patchset)
- Deluge can be installed in trixie.
- Auto-distribution upgrade button is checked during setup on stable and
oldstable but not on testing and unstable.
- Auto-distribution upgrade button is enabled in the form on stable and
oldstable but not on testing and unstable.
- Backports wizard step is skipped on unstable (non-develop mode), but not on
oldstable, stable, testing, and unstable (develop mode).
- If backports are not activated during first wizard, then backports can be
activated on upgrades app page if distribution is oldstable, stable, testing, or
unstable (non-develop mode) but not unstable (develop mode).
- During re-run of setup, setting up backport sources is skipped if already
setup.
- Backports sources files are not added in testing (non-develop) and
unstable (non-develop) distributions. Backports sources are added to oldstable,
stable, testing (develop) and unstable (develop). Unstable sources sources are
not added to unstable but added to oldstable, stable, and testing.
- Backports sources file is added with correct code name bookworm/trixie for
oldstable, stable, and testing distributions.
- When backports sources is set to 'bookworm-backports' on Trixie distribution,
re-running setup updates them to 'trixie-backports'.
- Preferences files are added in oldstable, stable, and testing distributions
but not unstable.
- If unstable and another distro is present in apt sources, then it is treated
as unstable as shown in the distribution upgrade page.
- Current codename is shown properly from sources.list in oldstable, stable,
testing, and unstable in distribution upgrade page.
- NOT TESTED: If distribution upgrade is interrupted, then continue page is
shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Recently we have changed to using HTTP protocol for GnuDIP updates. These
involve using requests library. For exceptions raised by this library the
arguments may not all be JSON serializable. So, explicitly convert them into
strings.
Tests:
- Turn of network connection to the machine. Trigger a Dynamic DNS update by
re-submitting configuration form. This will results in an error message shown
in status table instead of an unhandled exception.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- This prevents double logging for all log statements in privileged daemon.
- Also drop conditional checking for systemd.journal python module. We hard
depend on python3-systemd package which has it.
Tests:
- All logs messages from privileged daemon log only once to the journal.
- For main service, the log message happens on console only when running on the
command line. When the systemd service is started, it is only logged to the
journal.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Tests:
- Mounting/unmounting of remote SSH repositories works.
- Creating repo, creating/deleting/list archives work.
- If a privileged method raises an exception after outputting to stdout (using
action_utils.run) then stdout is shown in the HTML UI message.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Tests:
- If there is a syntax error in communication with privileged server. 'stdout'
and 'stderr' keys are present in 'exception' dictionary of the reply.
- If there is a error in the privileged method in communication with privileged
server. 'stdout' and 'stderr' keys are present in 'exception' dictionary of the
reply. The values are filled with output of the command that have been run.
- If a privileged method uses action_utils.run, then raising an exception in the
method shows proper stdout and stderr in the UI HTML message.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Tests:
- /usr/share/plinth/actions/actions is not installed.
- Code check works on plinth directory and container script only
- Provisioning a container does not add sudo configuration for actions. 'fbx'
user can perform 'sudo' operations.
- Make install does not install actions based sudo configuration. Admin users
can perform sudo operations.
- Exporting backup archive works. Validating a transmission directory works.
Some of the privileged operations works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Regression: downloading does not work with sudo based action anymore. However,
sudo based actions are to be removed in later patches.
Tests:
- Downloading tar backup archive works. Untar works. Downloading gives upto
10MiB/s speed.
- If API is not called with _raw_output=True, then special exception is raised.
- Downloading tar file from command line using nc also works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Used after migration gitweb and storage calls to using
action_utils.run_as_user.
Tests:
- Gitweb operations and directory validations works when privileged daemon is
running or not running.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Instead implement running specific commands inside the privileged action as a
specific user.
Tests:
- In transmission, setting the download directory is valid if
- A parent level directory is writable by transmission daemon and child does
not exist.
- A leaf level directory is writable by transmission daemon when leaf exists.
- A leaf level exists and is not a directory.
- In MiniDLNA, setting the directory works only if it exists and is readable.
Work when write permission is not available.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Instead implement running specific commands inside the privileged action as a
specific user.
Tests:
- Gitweb functional tests and unit tests work.
- Running various operations such as clone, create, set branch, rename, etc. all
result in repositories (and all their contents) owned by www-data:www-data.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Tests:
- Existing gitweb repos are listed properly. Newly created repos are reported
properly.
- Directories without .git extension or starting with . are not shown.
- Private repos are shown as private and public ones as public.
- Cloning progress is shown properly in the list of repos.
- Cloning starts with 0%.
- Cloning file is removed after completion of cloning process.
- Cloning is done into .temp directory.
- After cloning repo can be checked out as expected.
- Getting/setting of default branch/description/owner/private works.
- Getting the list of branches work when selecting the default branch.
- Creating new blank repo works.
- Deleting a repo works
- Uninstalling the app works. All repos are removed.
- Retrieving non-existent repo shows error as expected
- Backup/restore of repos works as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- To be used to run specific command as another user.
Tests:
- Unit tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- When there is no URL name provided, the view fails to render when computing
breadcrumbs from middleware. Provide a name so that the URL does not lead to a
500 HTTP error.
Tests:
- Accessing the URL on development machine does not lead to an error page.
- On a production machine, when trying to use Thunderbird account setup wizard,
without the patch, Thunderbird says that it found configuration by enumerating
common names for the domain. A 500 error can be seen in the journal. After the
change in patch, Thunderbird says that it found the configuration from the
provider. A 200 success code can be seen from journal.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Files from web service are uploaded to /var/tmp/ directory. They need to
accessible to privileged daemon to that it can move them to a target location.
So, if /var/tmp is isolated for privileged daemon, it can't see those files as a
separate tmpfs filesystem is mounted on that folder.
- Ideally, we should have PrivateTmp=yes and
JoinsNameSpacesOf=freedombox-privileged.service set on plinth.service. However,
this requires further changes to the way developer execution is done command
line. This is done in future.
Tests:
- Uploading a backup works.
- Uploading a kiwix archive works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Removed android apps that have been discontinued and added SambaLite
app.
Tested that SambaLite works with Samba app.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Fixes: #2534.
- Otherwise, if python standard library is updated, needs-restart will determine
that the freedombox-privileged.service needs to be restarted. The service may
have triggered the 'apt-get install' operation that triggered needs-restart in
the first place. That causes the install operation to fail.
Tests:
- Installing Calibre app which also brings in python standard library update
succeeds and freedombox-privileged.service is not restarted during 'apt-get
install' operation.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Helps: #2534.
- When a module change is detected. Don't restart. Restart only when FreedomBox
source code is changed. This prevents unwanted restarts when Python standard
library is updated during an app's installation.
- This will make functional tests more robust as during functional tests,
freedombox service run in development mode.
- This may lead to annoyances during development when we have to restart the
service manually. This is unlikely but if it happens we can tweak the setting by
maintaining the allow list of modules instead of deny list of modules.
Tests:
- Calibre installation which brings in new version of python standard library
works without causing CherryPy to detect python module changes during 'apt-get
install'.
- Changing a source code file under the plinth/ directory leads to the service
getting automatically restarted.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Defined two settings for ignoring laptop lid close action. They handle
the two cases - running on battery power and running on external power.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
