Closes: #2405.
- When Django module is mocked, there are some cases where modules using django
can't be imported due to errors.
- To fix that, don't mock the django module and require django and related
Debian packages to be installed on the system generate developer documentation.
- Initialize django in Sphinx configuration to allow django modules to be
imported without errors.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes#2420.
Tests performed using Debian stable:
- Set user language to espanol. Install, repair and remove gitweb app.
Check that all app operation messages are in spanish.
- All unit tests pass.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: Debian bug #1069240
Closes: Debian bug #877935
- libnss-gw-name resolves 'gateway.localhost' to the ip address currently
configured as default route. This has been abandoned upstream[2], deprecated in
Debian[1]. Using libnss-myhostname (part of systemd) instead is recommended[2].
- libnss-gw-name has been removed from testing and unstable. Installing
freedombox package in these distributions no longer installs the libnss-gw-name
package but freedombox installation succeeds as this is only a recommends.
Latest images don't contain the libnss-gw-name package either.
- We already recommend libnss-myhostname and this package is typically installed
along with freedombox package.
- libnss-myhostname resolves '_gateway' where as libnss-gw-name resolves
'gateway.localhost'. This is technically a breaking change. However, we have
neither used nor documented gateway resolution on FreedomBox machines. So, any
disruption is likely minimal.
Tests:
- On a FreedomBox container, running 'ping _gateway' shows that it resolves to
the same IP address as default route shown in 'ip route'.
Links:
1) https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#deprecated-components
2) https://github.com/nomeata/libnss-gw-name
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Add a new diagnostic check result for skipped tests.
Tests:
- Put a hold on a package. The diagnostic is failed.
- Remove the hold from the package. The diagnostic is passed.
- Start installing an app, then immediately run the upgrades
diagnostics. The diagnostic is skipped.
Helps: #2347
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Allow i18n for new state 'skipped']
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: Debian bug #961733.
- The version of Linux kernel supported in FreedomBox is from Debian Bookworm
and that is 6.1, released on Sun, 11 Dec 2022[4][5].
- Around 2014, in Linux kernel version 5.4, a way to extract entropy from CPU
execution jitter every second was implemented. This is similar to
HAVAGE/havaged's approach[1][2]. This ensures that user space applications never
hang indefinitely when entropy is not available.
- Since 2020, /dev/random only blocks until it is initialized and after that
never blocks. It provides cryptographically secure psuedo-random numbers after
initialization (which is believed to be as good as blocking pool even for
security sensitive applications). This the same behavior as getrandom() call[6].
This means that even on embedded systems, haveged is not necessary once the
initialization of the random pool has been completed.
- Since Feb/Mar 2022, /dev/urandom no longer provides insecure random
numbers[3]. Earlier, if it was used before full initialization, it provided
insecure random numbers. Now it blocks the caller until initialization and then
provides cryptographically secure pseudo-random numbers. The initialization
itself won't take too much time due to the "Jitter Dance" technique of
extracting entropy from CPU execution jitter. The only way to request for
insecure random number (without even blocking for 1 second) is to use
getrandom(GRND_INSECURE) which systemd uses to initialize hash tables. This
change was reverted because Jitter Dance did not work on several architectures
including arm[3]. Later it was added back as an opportunistic approach, where
secure random numbers would be provided by urandom if Jitter Dance worked.
- Git repository for haveged mentions that it is less relevant now[7]. It also
lists circumstances where haveged might still help (old kernels, user-space RNG,
additional source of entry and early boot). Of these, only early boot scenario is
of interest for us.
- In summary, the understanding of relevance of haveged is as follows:
Request Random Number
---------------------
Is this during initialization of the random pool?
No:
- Linux never blocks after initialization. It uses CSPRNG now instead of
blocking for entropy.
Yes:
Is this for secure purposes?
No:
- It does not block and provides insecure (or secure in most practical
cases) numbers with getrandom(GRND_INSECURE), used by systemd hash tables,
etc.
Yes:
Does the architecture provide hardware random numbers?
Yes:
- Use RDSEED (Intel/AMD) CPU instruction or HWRNG (SOCs) to initialize the
random pool.
- If on virtual machine, use virtio-rng, ACPI VM ID, etc. to initialize the
random pool.
No:
Is this on architectures with time stamp counter?
Yes:
- The system will block for 1-2 seconds and provide secure random numbers
using "Jitter Dance" (similar to haveged).
- ARMv7 (Allwinner A20, etc.) the lowest ARM architecture we support,
seems to have time stamp counters but we not sure kernel uses it and
implements "Jitter Dance".
No:
- On urandom, The system will not block and provide insecure random
numbers. This is as per the original definition of /dev/urandom.
- The system will block until entropy is available through interrupts,
etc.
- haveged will likely not help here because it also requires time stamp
counter provided by CPU.
Links:
1) https://lwn.net/Articles/802360/
2) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50ee7529ec45
3) https://www.zx2c4.com/projects/linux-rng-5.17-5.18/
4) https://lkml.org/lkml/2022/12/11/206
5) https://packages.debian.org/search?searchon=names&keywords=linux-image-6.1.0
6) https://lwn.net/Articles/808575/
7) https://github.com/jirka-h/haveged
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Create new policy that allows forwarding between zones.
See: https://bugzilla.redhat.com/show_bug.cgi?id=2016864#c8
- Increment version to perform setup on upgrade.
Closes: #2355
Tests:
- Build freedombox package, and install on top of Bookworm VM The
firewall setup is performed. firewall-cmd lists the fbx_int_to_ext_fwd
policy, masquerade on external zone, and forward on internal zone.
Not tested:
- I did not test forwarding traffic from external to internal zone.
However, several users have reported following these instructions on
the forum, and that it solved the issue for them.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Minor refactors for readability]
[sunil: Ensure that operation is idempotent]
[sunil: Reload instead of restarting firewalld]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
If the GRUB install device has not been selected, then grub package
configuration will fail during upgrades.
Tests:
- Install freedombox package with this change in a VM. Check that the
diagnostic is passed.
- Re-install the grub-pc package with DEBIAN_FRONTEND set to
noninteractive, so that it fails to be configured. Check that the
diagnostic is failed.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- All forms are rendered using django-bootstrap-form excep the
app enable/disable form. Render this one too using django-boostrap-form so that
the default.html is not used for rendering. Using default.html is deprecated in
Django 4.0 and in 5.0 will default to using div.html.
Tests:
- No change in HTML output, appearance or functionality for the enable/disable
button.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Eliminate a Django warning message.
- This setting has been deprecated. It will be remove in Django 5.0 and is
always on.
Tests:
- On Debian stable, django.VERSION <= (4,0) evaluates to True and on testing it
evaluates to False.
- After the patch, the warning related to USE_L10N has disappeared.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
This is to ensure that secret parameter which must likely be marked as secret
are not marked as secret. The partially mitigates the biggest disadvantage of
printing all the parameters by default and marking exception, that is,
forgetting to mark.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When privileged action is called, it is logged without arguments currently.
Extend this to log all arguments but excluding the parameters of type
secret_str.
- When error is raised, all arguments are being logged currently. Extend this to
exclude the parameters of type secret_str.
Tests:
- Privileged actions with secret strings log messages with '****' instead of
secret string.
- When an error is raised in a privileged action, an exception is logged. In the
exception message, the method and parameters are printed. Parameters that are
secret strings are shown as '****'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged (except initializing init/info a new SSH repository).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged (except deleting the last admin user).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2435
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Perform effected actions and ensure that secrets are not logged on the
console.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Method parameters marked with secret_str will not be logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When older version is already built and later code is updated to newer version
and built multiple .whl files are present in dist/ directory. This confuses the
install script that assumes only one .whl is present. Pip refuses to install
multiple versions of the same package. This error was seen when bringing up the
'stable' container.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
TiddlyWiki uses almost the same Apache configuration as Feather Wiki,
with one difference - disabling gzip for the `HEAD` request.
The FreedomBox app for TiddlyWiki is identical to Feather Wiki in
every other aspect.
- Proxy download through freedombox.org. This serves two purposes:
1. Upstream's website cannot track the IP addresses of FreedomBox users.
2. We can update the versions of the empty quine files without making
code changes in FreedomBox.
[sunil]
- Update description to correct the list of users who can access the app.
- Update logo to adhere to the logo guidelines.
- Minor styling fix.
- Update the copyright on the logo based on information from upstream git
repository.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This serves two purposes:
1. Upstream's website cannot track the IP addresses of FreedomBox users.
2. We can update the versions of the empty quine files without making
code changes in FreedomBox.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Update description to reflect the change in upstream URL]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.or>g
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
