- If backports is for older release, then it can be activated again to
upgrade to latest release. (Plan is to make this automatic, but
leave the manual option as a fallback.)
- Security notice still shown if older backports are enabled.
Tests:
- On Buster system, change distribution in
/etc/apt/sources.list.d/freedombox2.list to
stretch-backports. Updates page shows button to activate backports
again. Activate and check the source list to confirm that it has
buster-backports again.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Build deb and install in buster image. Manually remove backports
sources file. Security page does not show backports notice. Updates
page shows button to activate backports.
- Activate backports from updates page. Success message is shown and
button to activate backports is removed. Security page shows
backports notice.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Although useradd recommends starting with either a lowercase letter or an
underscore, there is nothing that consistently adheres to this recommendation
across systems. Because some systems do not follow this recommendation and this
recommendation is not a hard requirement, we should not prevent connections at
the validation stage.
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested that after this change, only admins can see the MiniDLNA
statistics page https://<freedombox>/_minidlna/ over the web.
Everybody can still see the page on local network using
an address http://<freedombox>:8200/
MiniDLNA web page shows how many media files are served and
some information (IP, MAC address) about the connected clients.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tested against ejabberd's failing installation. The entire test suite
gets marked as failed if the application installation fails.
Fixes#1902#1895
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Ignore errors while trying to expand a file path list into its .d components
path list.
- Ignore errors when reading shortcuts fails a file for any reason.
- Errors when reading configuration file already ignored. os.path.isfile() and
configparser.Configparser.read() do not raise an exception under any
circumstances.
Analysis:
Regression in 20.12 reported at
https://discuss.freedombox.org/t/fb-20-12-solved-plinth-fails-to-start-due-to-new-frontpage-py-shortcuts-and-filesystem-permissions/994/4
- freedom-maker creates /var/lib/freedombox/ with mode 755 as root but this only
applies for disk images.
- freedombox.postinst, networks, apache check for the existence of
/var/lib/freedombox/is-freedombox-disk-image .
- Samba creates /var/lib/freedombox with mode 755 as root.
- Backups creates /var/lib/freedombox/borgbackup but not the parent directory?
- Shortcuts are now read from /var/lib/freedombox/.
Tests performed:
- Create directories /var/lib/freedombox and /etc/freedombox with permission set
to 750. In case of configuration, an early warning message is printed and in
case of shortcuts warnings are printed but service starts properly. Changing the
permission to 755 removes the warnings.
- Ensure 755 permission on above two directories. Create non-empty files
custom-shortcuts.json and freedombox.config with permissions 640. In case of
config no warning is printed (silently ignored) and in case of shortcuts,
warning is printed that file could not be read but service starts properly.
Changing the permission to 644, no warnings are printed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Change "overtime" to "over time", also matches the other choice in the
form.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Implement ability to refresh page at the framework level so that every page
does not need to handle it.
- Refresh after number of seconds specified in context of the view.
Tests performed:
- Trigger the following functions and ensure that page reload after 3 seconds
during the running operation while it does refresh before and after the
operation.
- Diagnostics tests from the module.
- Gitweb repository cloning.
- Monkeysphere publish key to server.
- OpenVPN setup.
- Tor configuration update.
- Manual software update.
- App installation.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests performed:
- Submit a form and notice that button has a spinner soon after click.
- Select a from like Gitweb repository creation form and submit it. After submit
go back to previous form using back button. Notice that button has been restored
to proper state.
- Without filling valid information the form, press submit. Notice that the
button does not change to a spinner.
- Check installing an app, snapshots management, network forms, wireguard forms,
etc.
- Test on Firefox and Chromium.
- Test with LibreJS that the script is accepted as valid free software license.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Mention that interface is automatically assigned to external zone.
Test:
- Re-assigned host0 interface to public zone. Disabled firewalld to
still access interface. Firewall zone is shown as "external" with the
note about automatic assignment.
Closes: #1858.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Ensuring that load_cfg fixture is ordered first will ensure that configuration
is properly restored after test and that changes in other fixtures take effect.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- In containers, loopback devices may not be available. Skip tests in this case
by looking at the output of losetup setup utility.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When deleting connections after editing, sometimes the connection is not found.
Wait until the connection settles down to avoid connection not found errors
during cleanup. Seems to work for now but still not the best way to handle this.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't run the second phase of web framework initialization. This avoids
writing to the DB file.
- Set log level to ERROR so that no messages get printed even to stderr while
listing dependencies.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This allows --list-dependencies to run without having to write to disk.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
A simple Django configuration does not need to create the database whereas DB
migration requires creating the database.
In some operations such as listing dependencies, we can skip running the second
part and so writing to database will no longer be necessary during such
operations.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Only effects develop mode.
- To primarily avoid writing to the source code directory. Multiple containers
or VMs using the source folder won't fight with the database file (the overlay
file system plan is not working out well for containers #1873).
- In the earlier days, we used to allow running from source code directory
without even doing ./setup.py install. Currently it is not possible anyway. We
pretty much install freedombox package before running from source directory.
- If the build process itself learns not to write to source directory, then
containers/VMs won't have to write to source directory at all.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The file is not meant for human reading. The comments are already part of the
code.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Read configuration files from three different locations.
/usr/share/freedombox/freedombox.config, /etc/plinth/plinth.config and
/etc/freedombox/freedombox.conf. Later listed has higher priority.
- Provide backward compatibility for /etc/plinth/plinth.config files. With lower
priority than /etc/freedombox but higher priority than /usr/share/.
- Read sorted files from config.d directories with the same suffix as original
configuration file. Parse them by priority. This allows administrator/programs
to drop in configuration bits without worry about editing files.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Avoid a top level source code file.
- Makes it clear that the configuration file is only meant for development
purposes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Read from /etc/plinth, /usr/share/plinth and /var/lib/plinth.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- The configuration module defaults to values in the production configuration
file.
- If the file is found, it is read and the read values overwrite the defaults.
If the file is not found, no error is raised. This allows us to not ship the
configuration file. User may create the configuration if they want to change the
defaults. This eases upgrades when configuration is edited. This also make
FreedomBox robust to deployments where /etc/ is not populated by default such as
OSTree. It is also a good practice for daemons as followed by the likes of
systemd.
- If the file partly populated only the values read override the defaults and
the remaining values don't change. This allows the user to write simpler
configuration file.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This was needed when our behavior for reading production vs. development
configuration depended on the presence of configuration files in expected
locations. The current behavior is based on whether --develop option is given or
not. This behavior is safer and more predictable.
So, remove the option to fallback to develop configuration if the production
configuration is not found.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
We are currently using django.utils.http.is_safe_url which is a private method
and may break API anytime. Replace it with similar but limited implementation.
Tests:
- Unit tests.
- Dismiss a notification and the redirect to the same page happens properly.
- Logout, goto to home page or login page. Change the language and it will
redirect back to home page or login page appropriately.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The request variable is not available when a custom template is used to render a
notification. Fix this by passing the template rendering context additional
request variable.
Closes: #1887.
Tests:
- Reduce the version number in data for 'upgrades-new-release' notification
in the plinth_storednotification table in the DB. Start FreedomBox. New release
message will appear. Go to page other than home page. The dismiss button has
next= parameter filled properly with current URL. Dismiss the notification and
notice that page URL stays the same.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- In a container, fill up space. Start FreedomBox in develop mode wait 3 minutes
for storage warning to show.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
