Given a list of packages, check with among those will result in showing a
configuration file prompt.
Irrespective of whether apt shows a conffile prompt, this logic mimics what
unattended-upgrades perceives as package needing a conffile prompt. This is
because when unattended-upgrades gives up, that is when this logic need to take
over.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Ensure that force upgrade mechanism runs only once simultaneously.
- Multiple attempts.
- Wait before first attempt and after each attempt. Shutdown properly while
waiting.
- Only consider managed packages of apps that implement force_upgrade() hook.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Implement listening for CacheUpdated notification.
- Configuration to allow only root to trigger the notification.
- Trigger the notification from an apt update hook.
- Retrieve the list of packages available for upgrade and print them to log.
- Add dependency on libglib2.0-bin for the gdbus command line tool.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This will keep web server de-coupled with service that want to shutdown on exit.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This supports the use case of hosting a website on FreedomBox at Apache's web
root. This makes the assumption that index.html is a file in the website.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When a user selects their Ikiwiki wiki or blog as the default app, the UI
doesn't reflect that. It still shows Plinth as the default app. This commit
fixes the bug.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When run on empty directory FileNotFoundError is raised. Include it in the list
of expected errors.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When an exception is raised within the context, the YAML file should not
written.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When ORPort is set to 'auto', Tor automatically allocates a port for it. During
it's first run, we able to extract the port number and open the firewall port.
However, unlike for pluggable transports, Tor does not seem to store this port
for future reuse in the state file. It hence opens a new port every time it is
started. This leads to a new port being assigned on next Tor startup and leads
to relay functionality not being reachable from outside.
According to the documentation, only possible values for ORPort are a fixed
number or 0 (disable) or auto (current behavior). Choose 9001 as this is the
commonly used port number for ORPort. The recommended port number of 443 is not
possible in FreedomBox due it is use for other purposes.
Closes: #1495.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Use the function get_domainname() in config module everywhere
- Delete duplicate implementations in ejabberd and jsxc
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Whatever function is passed in post_exit can simply be called by the caller
itself as the next statement.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
If a valid certificate is available but not yet setup, the earlier code assumes
there is a valid certificate.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Immediately after the installation, a self-signed certificate is used because
domain name is not available. However, after domain name becomes available,
setup a Let's Encrypt certificate.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Setting permissions after copying the file will lead to momentary exposure of
the private key to other users on the system. Use umask instead.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Don't match the hook's domain against domain set in configuration. We already
check if the domain matches the Matrix Synapse configured domain.
- Fix un-checking letsencrypt option for matrixsynapse. Keep the old certificate
but don't throw error. This means future certificates are not renewed.
- Use utility get_configured_domain_name()
- Style function names without uppercase.
- Style multi-line docstrings correctly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Matrix requires valid certificates for federation with other servers from
version 1.0 onward. If the FreedomBox server already has LE cert and private
key, copy them into /etc/matrix-synapse
- Add certificate renewal hooks for Matrix Synapse. Reusing the certificate
renewal mechanism built for ejabberd with matrix-synapse as well. One notable
difference is that Matrix Synapse doesn't support switching the domain name or
dropping the Let's Encrypt certificate.
- Use self-signed certificate if there is no LE certificate. Matrix Synapse
server startup fails if the files homeserver.tls.crt and homeserver.tls.key
are missing.
- Copy Apache's snakeoil certificates to /etc/matrix-synapse when LE
certificates are not available. Prefer LE certificates if available.
- Display warning if no valid LE certificate is found.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
