- Bootswatch is a theme library for bootstrap. In Debian, only 3.x version of
the package is available. It is compatible with bootstrap 3.x but not bootstrap
5. Drop the theming altogether and use the basic bootstrap style (which is
already very close to the theme).
- Updated copyright year, mention the video room files in debian/copyright.
- Drop libjs-spin.js which is no longer used by the updated code.
- Change bootstrap version to 5.x from the earlier 4.x. Also add node-popper2
library (needed by bootstrap5 and video room code) as explicit dependency.
- Add missing style for btn-default class dropped in bootstrap 5.
- .simulcast-button CSS style is not longer needed as updated code used flex box
with .d-flex bootstrap class.
Tests:
- Compare the files in janus source code around Mar 2022 with the files in
FreedomBox source code before this patch. Compare latest janus source code with
the files after this patch. Both sets of changes are very similar.
- Connect to video room using two browser windows. Connection is successful and
2 video streams are shown in each of the browser windows.
- Styling looks close to the demo on janus website and is acceptable.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Needed for the new video room code to run without CSP errors in the browser
console. JS error happens immediately after loading the page before Janus
initialization. Styling related errors happen after joining the room despite
eliminating use of'style=' attributes from JS code.
Tests:
- The video room works for a conference without showing any
Content-Security-Policy header related errors in the Firefox developer console.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Janus is currently not installable in Trixie because Janus was temporarily
removed during the release process of Trixie.
- Installing it from unstable, despite the instability is better than keeping
the app unavailable. Users have reported using the app.
Tests:
- Restarting the service after applying the patch leads to setup for upgrades
app to run. Apt preferences for janus packages are set. App is shown as
available. It can be installed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This allows overriding these headers in individual pages easily instead of
relaxing global policy.
- Drop the obsolete CSP directive "block-all-mixed-content" and avoid a console
warning in Firefox.
Tests:
- Load a page and notice in the browser developer tools that the three headers
referrer-policy, content-security-policy, and x-content-type-options are set as
before.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Running 'make build install' remove the module loading include file for ttrss.
- TT-RSS is no longer available in apps page.
- Installing Tor works. Onion header is set correctly. Re-running app setup
works.
- RSS Bridge's description is updated as expected. Links work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The following message is shown when Matrix Synapse server is started.
"""
This server is configured to use 'matrix.org' as its trusted key server via the
'trusted_key_servers' config option. 'matrix.org' is a good choice for a key
server since it is long-lived, stable and trusted. However, some admins may
wish to use another server for this purpose.
To suppress this warning and continue using 'matrix.org', admins should set
'suppress_key_server_warning' to 'true' in homeserver.yaml.
"""
Explicitly configure the server to use matrix.org as the trusted key server to
avoid the warning. The value can be set to empty list of servers, however, our
users are served best by this default.
Tests:
- On a testing container, when patch is applied after Matrix app installation,
the configuration file is updated.
- After the configuration is updated the warning is removed during Matrix
Synapse startup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Create a separate section for federation as it is so important.
Tests:
- Federation description and TLS warning are shown in a separate section on the
app's post-setup page.
- Clicking on the testing tool link takes the user to the testing tool and the
current server's domain is automatically tested.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This has already been update in the pre-setup page.
Tests:
- View the post-setup page and notice that the message was updated.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Images are shown in the pages /plinth/help/manual/en/bepasty and
/plinth/help/manual/en/. Before the patch, images are not shown and 404 errors
are raised.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Similar to freedombox-privileged daemon. It makes it easy to turn on
development mode from a systemd service override (without having to override the
entire command line).
Tests:
- With the changes to systemd service file in this patch series, changing source
code file leads to plinth getting restarted.
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This can have may uses such as:
- Waiting properly on the reboot page until the system has been restarted
while showing the status.
- Or, waiting for first setup to complete before running functional tests.
- Or, monitoring for the health status of FreedomBox in general.
- The page is public as all the information conveyed there is also already
public. Should we introduce any sensitive information there such as
'operations_in_progress', we can provide that information only to
administrators.
Tests:
- Visiting /plinth/status/ shows the status in JSON. Using curl to retrieve the
information is also possible.
- During the first setup 'is_first_setup_running' is 'true'. After it has
completed, it is 'false'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Fixes: #2536.
Multiple fixes:
- When miniflux and postgresql are install simultaneously, miniflux setup may be
installed before postgresql is started.
- When postgresql is already installed and disabled (due to a previous
uninstall), then postgresql may not be running during miniflux package
installation (and fail initial DB setup).
- When app is being installed while it is disabled, the database may not running
and may lead to failure in removing the app database.
Tests:
- Run functional tests on stable/testing twice in a row.
- Install the app without postgresql or miniflux installed.
- Disable the app and uninstall it. DB is purged.
- Uninstall and re-install (with postgresql is disabled during installed).
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Uninstall miniflux and postgresql. Install freshly with all the patches in
this series. When installing miniflux freshly, postgresql is not disabled soon
after miniflux package is installed. Without this patch, postgresql is disabled
after packages are installed leading to a setup failure.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This prevents logging usernames and passwords to the journal logs and to the
Git repo configuration. Also, avoids usernames and passwords appear in the
process list when cloning a repository.
Tests performed:
- Create a new repository by cloning an existing repository URL with basic
auth credentials. Check that:
- Cloning succeeds.
- Journal logs don't contain URLs with credential info.
- The configuration of the cloned repository doesn't contain credential info.
- Try to clone a non-existing repository URL that contains credential
info. Cloning fails and there are no credential info in the journal logs.
- Cloning a public git repository without credential info succeeds.
- All the gitweb module tests pass.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
[sunil: Add/fix some more type hints]
[sunil: Add tests for URL parsing]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- These situation occur when server encounters an error when trying to formulate
a response. All exceptions during execution of actions are caught and reported
properly. However, server may encounter errors during processing of exception
raised in an action. Or may die abruptly. This special error will make
identifying such situations easier.
Tests:
- Add a 'return' after _read_request() in
privileged_daemon.py:RequestHandler:handle(). This will trigger this error.
Starting FreedomBox service will show these errors as 'ConnectionError: Server
returned empty response'. Similarly running 'freedombox-cmd --no-args plinth
is_package_manager_busy' will show the same error.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Now that we have a mechanism for properly collecting, transmitting, and display
the stdout and stderr. There is no reason not to collect all of the stdin and
stderr.
- Also, the stdin/stderr=subprocess.PIPE is redundant and prevents the output
from getting collected for debugging. So, remove it.
Tests:
- Ran functional tests on backups, calibre, ejabberd, email, gitweb, ikiwiki,
infinoted, kiwix, mediawiki, mumble, nextcloud,, openvpn, samba, wireguard,
zoph. 2-3 issues were found but did not seem like new errors.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This is to capture stdout and stderr and transmit that from privileged daemon
back to the service to be displayed in HTML.
Tests:
- Unit tests and code checks pass.
- Some of the modified actions work as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This is to capture stdout and stderr and transmit that from privileged daemon
back to the service to be displayed in HTML.
Tests:
- Unit tests and code checks pass.
- Some of the modified actions work as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This is to capture stdout and stderr and transmit that from privileged daemon
back to the service to be displayed in HTML.
Tests:
- Unit tests and code checks pass.
- Some of the modified actions work as expected.
- systemd daemon-reload is performed during infinoted setup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This is to capture stdout and stderr and transmit that from privileged daemon
back to the service to be displayed in HTML.
Tests:
- Unit tests and code checks pass.
- Some of the modified actions work as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- When an exception is raised in subprocess.run(), for that call the stdout and
stderr are not being collected. Any previous successful calls are being
collected.
- This also fixes issues with adding an existing backup repository back after
removal. Capturing stderr is essential for raising the proper exceptions and
working correctly.
Tests:
- Remove an existing backup repository and add it back again. It fails with the
patches and succeeds with the patches.
- Remove an existing encrypted backup repository and add it back again with the
wrong password. A proper error message is shown 'Incorrect encryption
passphrase'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- A local storage object must exist globally shared by all threads. Then
object.__dict__ is the thread specific storage. Absent this, when multiple
actions run in parallel, one will erase the thread local object of another.
Tests:
- When an error is raised in a privileged method, then the HTML error shown
contains stdout and stderr of the involved processes.
- Running functional tests on a lot of apps does not show this error anymore.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
