Tests:
- /usr/share/plinth/actions/actions is not installed.
- Code check works on plinth directory and container script only
- Provisioning a container does not add sudo configuration for actions. 'fbx'
user can perform 'sudo' operations.
- Make install does not install actions based sudo configuration. Admin users
can perform sudo operations.
- Exporting backup archive works. Validating a transmission directory works.
Some of the privileged operations works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Keep Bookworm as oldstable.
- Introduce delay before resize the filesystem as mount operation may start a
balancing operation that conflicts with resize.
- Change the VM configuration to enable UEFI for all but bookworm images.
- Add --nvram when destroying the VM so that VMs with UEFI booting and NVRAM
storage enabled can be deleted.
- Add UEFI parameters to grub-install after changing FSID. Mount the EFI
partition to allow grub-install to work.
Tests:
- On a clean setup (rm -rf .container), bring up all four containers using
machine-type=vm with on host machine arch amd64. Run first wizard successfully.
- On all but oldstable, run mokutil --sb-state and ensure that secure boot is
enabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests performed:
- Without starting `freedombox-develop` inside the container,
`./container run-tests ...` waits until plinth setup is finished and
then runs the functional tests.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Use qcow2 image format so that snapshots of VMs can be taken.
- Snapshots of running VMs can't yet taken yet. But once the VM is stopped,
snapshots are possible.
Tests:
- Bring up a stable VM freshly after destroying. Work with the VM, stop it and
take a snapshot using virt-manager.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Use virsh command line tool to create and control VMs.
- Use virtiofs for shared folder between host and guest.
Tests:
- Create a testing container and run unit tests on it.
- Create a testing VM.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- When fsid of the btrfs filesystem is updated, grub needs to updated too.
Otherwise, the image can't be booted into using a virtual machine.
- When fsid of the btrfs filesystem is updated, /etc/fstab needs to updated too.
Otherwise, the root file system can't be remounted as read-write.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- In anticipation of adding support to launch VMs using the same script.
- Assume image operations will be common other backends, even when they use
systemd-nspawn.
- Drop support for systemd-nspawn (<247). Bullseye ships with systemd-container
package 247.3. Remove version specific code that is no longer needed.
- Fix issue with checking if an image has been provisioned or not.
- Attempt to setup network manager connection every time container is launched
instead only once when image is setup. This ensures that if the connection is
removed after image setup, it will re-created when container is launched.
Tests:
- Run all the basic commands of the container and ensure they are working.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
[vexch: Removed unused argument in _setup_image() and fixed one typo]
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Adds single quotes inside single-quoted string, for example bash command
`echo ' '"'"'test'"'"' '` prints ` 'test' `.
Also:
- Remove wrong comment in the same function.
- Fix quote usages in container script.
Tested that running bepasty tests with keyword expression filter
`-k "enable_disable or uninstall` works.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Use shlex.quote() for quoting]
[sunil: Pipe the script 'ssh sudo bash' instead of sending argument]
[sunil: enable color always for pytest]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- If provision fails and the container is in running state, then running
'./container up' does not lead to re-run of provisioning script. Fix this.
Tests:
- Without patch, insert 'exit 1' in provisioning script. Run './container
destroy; ./container up'. Provision script will fail. Re-run './container up'.
Provision script is not run and message that container is already running is
printed.
- With patch, insert 'exit 1' in provisioning script. Run './container destroy;
./container up'. Provision script will fail. Re-run './container up'. Provision
script is not run and message that container is already running is printed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- setuptools aims to a build library instead of being invoked by setup.py.
Launching setup tools using ./setup.py is deprecated. Launching it using
generic build tools that use pyproject.toml is recommended.
- With the new approach customizing the build is not possible to the earlier
extent. So, introduce is a simple and sufficient build system using 'make'.
Tests:
- Check the pyproject.toml using validate-pyproject tool.
- Run diffoscope on old and new packages and verify that no unexpected changes
were introduced by the build system change.
- None of the files part of .deb package have different file permissions
compared to before.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Check for errors when running the provisioning script.
- Check for errors when installing missing packages.
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
The script detects the system architecture of the Debian machine and
picks the appropriate container images to download and run.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is for arm64 boards like Raspberry Pi and cross-arch VMs.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2324.
The arm64 image contains two partitions in a GPT partition table. First is the
EFI partition and the second is the root partition. The container script
currently assumes that there will only be one partition in the image file. Fix
this by picking up the partition number of the last partition and resizing that.
GPT partition table also requires relocating the second copy of the partition
table to the end before partition resize can succeed.
Tests:
- Create testing containers in arm64 and amd64 architectures.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- DONE: Functional tests work
- DONE: Initial setup works
- DONE: Automatic upgrades are enable by default
- DONE: apt preferences have been updated
- DONE: Enabling backports works
- DONE: Configuration file is created
- DONE: Correct status is shown in the app page
- DONE: Enabling/disabling automatic upgrades works
- DONE: Configuration file is updated
- DONE: Correct status is shown in the app page
- DONE: Manual triggering of updates work
- DONE: Log is shown properly in the app page
- DONE: Checking for distribution upgrade works
- DONE: Distribution upgrade from stable to testing works
- DONE: When running on btrfs distribution, snapshot is created before.
- DONE: Snapshots will be disable before upgrade and re-enabled later.
- DONE: When searx is enabled before upgrade, it's uwsgi will be disabled and
re-enabled later.
- Failures due to freedombox package not being the latest version (with the
changes).
- DONE: Development Vagrant box
- DONE: Automatic updates are disabled during development setup
- DONE: Development Container
- DONE: Automatic updates are disabled during development setup
- DONE: On stable, backports are enabled when running tests
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Currently privileged actions use stdout for returning the results. If any of the
sub-processes accidentally output to stdout, decoding errors occur. Prevent this
by opening a pipe to the privileged action and returning the output in that
pipe.
Tests:
- Run unit tests
- Functional tests for other apps pass
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Use the default formatter on all the subparsers]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Invoke ssh with the 'IdentitiesOnly` option enabled in order to
force the use of the configured authentication identity. This is
needed in situations where ssh-agent offers many different identities.
Closes#2243
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
This is recommended by PEP-0597: https://peps.python.org/pep-0597/
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This allows the user to understand the wrapper script and skip/adapt it when
necessary.
- Debug any issues with the script.
- Maintain consistency with the philosophy of the rest of the container script.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
This removes the dependencies xvfb and pytest-xvfb.
--splinter-headless can be used as a substitute for running tests in
headless mode.
[sunil: Edit description as running run-tests starts plinth in container]
[sunil: Retain the xauth command]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Currently, with recent version of systemd on host machine, running './container
up' results in the following warning thrown many times. Fix this.
Console mode 'pipe' selected, but standard input/output are connected to an
interactive TTY. Most likely you want to use 'interactive' console mode for
proper interactivity and shell job control. Proceeding anyway.
Tests:
- With systemd version 248 on host machine, run './container up' and notice that
warning is no longer printed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Avoid flake8 warnings.
- Makes the call more explicitly readable in case an exception is expected but
check=True is not passed by mistake.
Tests:
- Many tests are skipped since the changes are considered trivial.
check=False is already the default for subprocess.run() method.
- actions/package: Install an app when it is not installed.
- actions/upgrade: Run manual upgrades.
- actions/users: Change a user password. Login. Create/remove a user.
- actions/zoph: Restore a database.
- container: On a fresh repository, run ./container up,ssh,stop,destroy for a
testing container.
- plinth/action_utils.py: Enable/disable an app that has a running service.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2109.
We moved from Nginx to Apache on ftp.freedombox.org. This changed the datetime
format in the index pages we were relying on to find the difference with local
image. Update this datetime format.
Tests:
- Run ./container update with an old image already in the .container directory.
New image will be downloaded and verified.
- Run ./container update immediately after downloading the latest image. No new
download is done.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Use the bullseye/ directory for more URL stability]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2091.
To avoid current issues with keys.gnupg.net.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Allow distribution to be passed as an environment variable.
Fixes#1914
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Install bash-completion when provisioning container, makes terminal
usage more comfortable.
- Increase default container image size to 16G, so that a distribution
upgrade fits well.
- Check free disk space on host before expanding disk image.
- Make pytest coverage reports writable to the fbx user, closes #2010.
- run-tests command:
- Use DEBIAN_FRONTEND=noninteractive when upgrading packages.
- Do not install sshpass as provision script already installs it.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Add './container ip' command to print current IP address of the container.
Useful when running container related scripts on host machine.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
- Add new subcommand `run-tests` to the ./container script and the --pytest-args
argument to pass additional arguments to the pytest command.
- Runs tests as root.
- Add new parameters to the SSH command:
- -Y Enable X11 forwarding to be able to run a browser GUI on a container.
- -C Use traffic compression so the X11 GUI is not laggy.
- -t Force pseudo-terminal allocation to enable colors on terminal.
- Use the LogLevel=error option to suppress some warning messages.
- Update module markers in the pytest.ini file.
- Increase the default container disk size to 12G.
- Update HACKING.md to run unit and functional tests.
PROVISION_SCRIPT:
- Explicitly install sshpass as requirement for tests, needed on Debian
stable.
- Ensure that geckodriver.log and .pytest_cache/ exist and are others-writable.
Closes#1901
Tests performed:
- Run unit tests on stable, testing and unstable containers, no failed tests.
- Run functional tests on stable and testing containers, no regressions.
[ fioddor: Some failing tests. All of them unrelated to the changes
introduced. Impact restricted to development tools; the product
hasn't been changed.]
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Fioddor Superconcentrado <fioddor@gmail.com>
If firewalld is running, the virtual network interface created by
systemd-nspawn gets assigned to the home zone by default. Because
of this, DHCP server is not availabe for the container and most
of the incoming ports are closed.
This commit assigns the network interface created by systemd-nspawn to
the trusted network zone if firewalld is running, so that all network
connections are accepted.
Signed-off-by: Veiko Aasa veiko17@disroot.org
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
