Preseeding settings with debconf won't have any effect if the packages
are already installed. Instead, provide an override database to
dpkg-reconfigure.
- Fix code style.
- Keep description and util functions at module level.
- Add license notice to forms file.
- Internationalize and make choice descriptions more informative.
Select the frequency band (2.4 GHz vs. 5 GHz) is a prerequisite for
selecting the channel. Channel selection is useful primarily as follow:
- Restrict to a particular access point when multiple access points use
the same SSID (AP name) but are available on different frequencies.
- Configure for a particular ad-hoc mesh network.
- Setup multiple access points from a single FreedomBox on multiple
channels to maximize the throughput and number of simultaneous
clients.
Ability to specify a particular BSSID will help associate with a
particular access point when multiple access points use the same
SSID (AP name). This is also makes it slightly harder to trick clients
into connection to a malicious device. Also configuring BATMAN-adv
seems to require setting a particular BSSID.
Disabled IPv4 method allows not configuring IPv4 entirely on network
interfaces as required in some cases.
Also, make sure to internationalize all the choices form values in
network module. There were missed before.
After batman-adv kernel driver takes over the Wi-Fi network interface
and provides a bat0 interface, this interface shows up as device type
'batadv'. This type is not recognized by network manager is dealt with
as a generic device. Configuring this device for IPv4/IPv6 in
auto/shared mode etc. works fine. So, add the ability to configure
generic interfaces.
- Allow users to run regular relays. In addition to that users will be
able to turn them into bridge relays. Like before, by default,
relaying is enabled and the relay type bridge relay.
- Show obfs3/4 transport ports as needing firewall port forwarding only
if bridge relay is enabled.
- Remove pluggable transports configuration from configuration when
bridge rely is disabled.
- Improve description message for relays and bridge relays.
- Do stricter matches when editing configuration file. Earlier
mechanism would match comments etc.
- Move action methods to module core from views.
- During first boot, notify users that console login is restricted and
that they can changed that from security settings.
- Recommend enabling conosle login restrictions. Add message about why
console restrictions are important.
- Show title in security module.
- When Tor hidden service is enable along with regular web server, it is
possible to de-anonymize the server.
- When Tor hidden service is enabled along with Tor relay, the hidden
service can be de-anonymized by sending large traffic observing
traffic patterns published by Tor relay. See:
https://trac.torproject.org/projects/tor/ticket/8742
Warn users not to rely on Tor hidden service functionality for strong
anonymity. We can remove this warning when implement a mechanism to
disable most other services when Tor hidden service is enabled.
- Show free space of currently mounted partitions. Should help with
people running out of free space and ending up with non-working
system. In future, this module could emit more visible messages.
- Show and allow expanding root partition to help people who have
written FreedomBox images to higher capacity SD cards. Very selective
and restrictive checks to minimize problems.
- Automated tests to ensure expansion works in non-trivial senarious.
This can then be used by a privileged action to verify that packages
requested for installation are in fact valid. This slightly improves
security of those privileged actions.
Setting IP address on a shared connection can be usefull. This tells
Network Manager to pick the provided network range (inferred from
IP/netmask) instead of something in 10.42.x.x. This can be used to give
predicatable IPs, static IPs and to make large static
reservations (instead of the default 8).
After the recent cleanup, pagekite no longer shows description before
installation. Only after installation does it show the insturctions
about why it is needed. Also in the description {box_name} is not
substituted and there are incorrect escape sequences.
Revert this earlier change that causes these regressions.
This app rightfully belongs in system configuration section instead of
the application section. It is setup once and not used regularly. It
is not service but enabler for other services.
This app rightfully belongs in system configuration section instead of
the application section. It is setup once and not used regularly. It
is not service but enabler for other services. Closes: #441.
Currently menu items are shown in alphabetical order in applications and
no clear order in system configuration. This is done using static
weights for menu items based on English names that does not work for
other locales.
Sorting can't be done at the time of adding menu items as users of
multiple locales may use the interface at the same time.
Implement a sorting mechanism based on existing order as well as labels
of menu item. This allows the flexiblity of grouping menu items in
future as it may be need for system configuration. In case of help menu
Remove sort order for all modules except for help menu as here we want
that specific order.
When firewall services are list, the order changes for every run of
plinth and is not predictable making it hard to lookup a service. List
services alphabetically to fix the problem.
It has become confusing to reuse the name of the service for name of the
systemd unit file and firewall port. This has lead to the regression
that quassel, mumble and minetest can no longer open firewall ports.
Fix this by explicitly specifying ports all services.
wget does not seem to support interface scoping for IPv6 addresses. For
example, http_proxy=http://[fe80::babe:ff:ffff:babe%eth0]:8118/ . Curl
supports this.
This fixes most of the failures for IPv6 related addresses. Hide the
last failure as there does not seem to be a proper fix from OS level:
when using link local addresses, if a hostname is resolved to IPv6 link
local address, it is not scoped to that interface. It can't properly be
used by any tool then.
It has been decided that FreedomBox will no longer support ownCloud due
it's removal from Debian. To deal with this:
- Don't show ownCloud in Plinth any more for new users.
- For users who have already installed ownCloud, show a warning message
that they need to migrate away from ownCloud or need to manage it
manually.
