- When subprocess.call() fails and one of the arguments is a Path-like object,
the exception also contains a Path-like object. The default JSON encoder can't
handle this and will lead to failure when encoding the exception altogether
resulting in a generic exception.
Tests:
- Add an invalid .zim file to kiwix. It fails and shows a default error
exception. Without this patch, it fails.
- Functional tests for kiwix pass.
- Backups app can list archives. This is a result returned from a privileged
method.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Without patch, upload an invalid zim file, 'Failed to add content'... message
is shown. The library's content directory contains that invalid file. Try to add
the file again and the message shown is 'File already exists'.
- With patch, upload an invalid zim file, 'Failed to add content'... message is
shown. The library's content directory does not contain that file. Try to add
the file again and the same message is shown.
- Functional tests for kiwix pass. Repeating just the test
test_add_invalid_zim_file works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Raise an error by editing code in create, upload, rename and delete
operations. Notice that the details error messages are shown with a drop-down.
- Upload a wiki and it works. The name is as expected.
- Upload the wiki again notice that the duplicate wiki error is shown.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Use new utility for uploading]
[sunil: Better error message display in the UI]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Raise an error by editing code in create, upload, rename and delete
operations. Notice that the details error messages are shown with a drop-down.
- Upload a wiki and it works. The name is as expected.
- Upload the wiki again notice that the duplicate wiki error is shown.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Use new utility for uploading]
[sunil: Better error message display in the UI]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Earlier, the uploaded ZIM file was being written to disk twice.
Manual Test
-----------
Without the changes in this commit, the English MediaWiki archive of
6.83 GB cannot be uploaded to the dev container of size 12 GB, since two
temporary files are created.
With the changes in this commit, the same file can be uploaded
successfully and accessed using Kiwix reader.
- Uploaded file has expected ownership and permissions.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Handle error for uploading duplicate content.]
[sunil: Set root:root ownership on the uploaded file.]
[sunil: Use the action utility for checking that the upload file and moving it.]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
1. Set temporary directory to /var/tmp
2. Drop MemoryFileUploadHandler
Tests:
- During upload notice that file are in /var/tmp/system-private... folder
instead of /var/tmp.
- Upload a file but rename with another extension instead of moving to
destination through changes in code. Notice that the file is available in
/var/tmp/systemd-private... directory after the upload operation is completed.
Stop the service and notice that the file has been deleted. Folder is empty
after the service starts again.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Add PrivateTmp=yes in plinth.service file]
[sunil: Update comments]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Fixes an error in testing container where installing dependencies for
functional tests wants to uninstall system installed urllib3.
Also minor quotes fixes.
Note that dependencies are upgraded only in new dev environments where
geckodriver is not yet installed.
Tests performed, in both stable and testing containers:
- Run all tests, no upgrade related failures found. There were some
seemingly unrelated test failures in apps: calibre, ejabberd, deluged,
minetest, users, transmission , wordpress, zoph.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Insider a container, it is not possible to use loopback devices without
additional permissions. Skips tests that need loopback devices. This will
results in fewer errors when running './container run-tests'.
Tests:
- Run './container run-tests --pytest-args
plinth/modules/stroage/test_storage.py'. Notice that all tests are either
skipped or succeed.
- Run the tests on host machine and they all run without skipping.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Reasons:
- Privileged action security: restoring Samba configuration from a backup file
could expose any folder in OS and allows to run any commmand as a root user.
- Samba backups aren't so useful as only app configuration is included.
Configured shares are trivial to enable without backups. Also, providing
backups could be misleading as stored user files aren't actually backupped.
Tests performed:
- All Samba functional tests pass.
- Restoring from an old backup that also includes Samba is not failing,
restoring Samba is skipped.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- This was supposed to removed in MR #2309 in the commit
253540fb3d12254c920b632cc484be6a79d27229. It was overlooked.
- Version number of users app has not been incremented as it has already been
incremented in this release.
Tests:
- There is no directory /etc/security/access.conf.d.
- There are not directives in /etc/security/access.conf that are not commented
out.
- After applying the patch (assuming previously setup version is 24.20) and
manually removing the destination file, app setup for users app runs. It
succeeds. /etc/pam.d/common-account no longer contains the line 'account
required pam_access.so'.
- After the upgrade, users who are root and non-root are able to login via SSH
and Cockpit. After a reboot, users are able to login via SSH and Cockpit.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Since previous release 24.20 already has a increment to version 6, users app
version must be incremented in order for the changes related to inactive users
to take effect.
Tests:
- On applying the patches and running the service, upgrade to new app version
runs and succeeds. If there are inactive users presets, then before the setup()
privileged method is run, setup_and_sync_user_states() is run.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Disable and mask the nmb service, which is alias to the already
disabled nmbd service.
Tests performed:
- Upgrading Samba app works.
- Systemd doesn't show nmb.service in erroneous state after upgrade.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This restriction is also used by systemd:
0992a823a4
This is another attempt to fix#2450.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Some trivial refactoring.
Tests:
- The default password policy works. Inactive users are unable to login via
console, SSH and cockpit.
- After the app is setup freshly and after it is upgraded from previous version,
the namedobject.schema has been ingested into the OpenLDAP configuration.
- Rerunning setup for users app works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Previously, users were inactivated only in plinth users database. This change
adds ability to inactivate users in LDAP database.
Changes:
- Inactive users in plinth users database are also inactivated in LDAP
during app upgrade.
- Inactivated users can't login using LDAP password.
- Apache2 single-sign-on module now requires LDAP connection. SSO
sessions are now invalidated when users are inactivated.
- PAM/nslcd now performs authorization checks against LDAP, which means
inactivated users can't do passwordless ssh logins and running their
crontabs are blocked.
- When inactivating a user, all user's processes are killed.
Also, update LDAP diagnostics:
- Fix LDAP checks returned always passed results.
- Fix `ou=people` entry doesn't exist in LDAP.
- Add diagnostics checks for `ou=policies` and `cn=DefaultPPolicy`.
Tests performed:
- App upgrade works.
- App upgrade with previously disabled user works, user is inactivated
also in LDAP.
- App upgrade with disabled user that doesn't exists in LDAP database works.
- Increment app version again, to 7, app upgrade works second time.
- Inactivate user and test logins:
- can't login using direct LDAP (nextcloud, ejabberd, matrixsynapse)
- can't login using Apache2 LDAP module (gitweb, ikiwiki, rssbridge,
transmission)
- can't login using apache sso module (featherwiki, gitweb, rssbridge,
sharing, syncthing, tiddlywiki, transmission, wordpress).
- can't login using ssh with password or passwordless
- Inactivate user and test exsisting sessions:
- ssh, cockpit and samba sessions are killed.
- Configure crontab, configured crontab is failing to run after user
is inactivated.
- All the users app tests pass.
Notes:
- Only Apache2 SSO sessions are disabled. Apps that create their own
sessions keep working, like nextcloud, ejabberd, matrix-synapse,
ikiwiki. In the future, we could add a feature that apps can implement
their own users locking functions.
- When testing inactivated users, users and IP-s can be banned by the system,
banned IP-s/users can be viewed with commands `fail2ban-client banned` and
`pam_abl`.
- Existing sessions keep working when deleting a user or removing
a user from an access group.
- I didn't test e-mail app.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
I introduced this code quality issue when handling a merge conflict in
711c19b511f969d0dce5c36221428e8caa0e7473.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
The latest version of miniflux can't connect to the database after a fresh
installation. This is due to incorrect ownership of /etc/miniflux/database file
which is owned by root (and correctly having the permissions 0600). After
changes in bug #1078416, miniflux no longer runs as root user and instead runs
as miniflux user. This user can't read the database file. The daemon silently
falls back to using built in defaults and fails to connect to PostgreSQL
database. This is originally caught by functional tests in FreedomBox's miniflux
integration.
Links:
1) https://bugs.debian.org/1081562
2) https://salsa.debian.org/go-team/packages/miniflux/-/merge_requests/2
Tests:
- Freshly install miniflux with the patch and the daemon is running. Ownership
for the file /etc/miniflux/database is as expected.
- Install miniflux without the patch. Daemon is not running. Apply patch and
restart service. miniflux app is updated. Daemon is running. Ownership for the
file /etc/miniflux/database is as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
nscd daemon caches queries made to NSS via glibc. In our case queries to passwd
and group databases are cached. But this leads to many problems.
See: https://salsa.debian.org/freedombox-team/freedombox/-/merge_requests/2520
The bug that this MR fixes, that is, the inaccuracy of the authentication data,
is horrible and only acceptable if the caching provides very important
functionality. Already, having to purge nscd caches after modifying user
accounts is not nice.
I believe that we have encountered this bug before and blamed libpam-abl due to
the time sensitive nature of the problem.
nscd itself recommends that it should be used if NSS lookup are expensive (such
as in case of NIS, NIS+ queries according to /etc/init.d/nscd). In case of
FreedomBox, LDAP queries are unlikely to be made using network. LDAP server is
likely always local. I believe we can safely remove nscd by masking and stopping
nscd.service and unscd.service.
Tests:
- After applying the patches, users app setup is re-run. Service nscd is stopped
and masked. unscd is also masked.
- Running 'id tester' shows expected value 'uid=10001(tester) gid=100(users)
groups=100(users),10002(admin)'.
- Adding, removing, renaming a user immediately reflects in 'id <user>'.
- Adding and removing a user from groups immediately reflects in 'id <user>'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Don't delete overwrite.cli.url when the Nextcloud app's settings are
updated with no domain configured. Instead, set it to the default value
of http://localhost/nextcloud
We might want to consider updating existing, faulty setups.
Helps: #2433
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes an issue where LDAP group membership info is not available long time
after system restart. This can happen when nscd cache is expired and name
service queries are made while nslcd is not yet started. As a result, nscd
group cache contains only local system groups and not LDAP groups. The issue
arises more likely in slow systems where slapd/nslcd startup can take minutes.
Could also depend on how long the device has been shut down before.
Tests performed:
- stop nscd service, start nslcd service, check form the logs that
nscd reload errors are ignored and nslcd service starts successfully.
- Test when nscd group cache is invalidated while nslcd is not running.
Run commands:
```
systemctl reload nscd
id tester
systemctl stop nslcd
nscd -i group
id tester
systemctl start nslcd
id tester
```
Result before patch applied.
```
uid=10001(tester) gid=100(users) groups=10002(admin),100(users)
uid=10001(tester) gid=100(users) groups=100(users)
uid=10001(tester) gid=100(users) groups=100(users)
```
Result after patch applied, tester is in the admins group at the end.
```
uid=10001(tester) gid=100(users) groups=10002(admin),100(users)
uid=10001(tester) gid=100(users) groups=100(users)
uid=10001(tester) gid=100(users) groups=10002(admin),100(users)
```
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This is attempting to fix a test setup issue in Debian CI, see #2450.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes: #2271
When domain name is updated, it usually results in a error page as the HTTP
connection is broken in the middle of a page load. This is due to apache
restarting in the middle of domain change operation by letsencrypt component.
This also leads to several functional tests failing. To fix this, ensure that
letsencrypt does a reload on the apache2 daemon instead of restarting it.
'reload' operation on apache2 triggers the command 'apachectl graceful'. It
ensures that currently running continue to serve the open HTTP connection until
the page load has been completed. After that those connections stop. Meanwhile,
the server reloads configuration (and apparently the related TLS certificates too).
Tests:
- Unit tests pass.
- When self-signed certificate is updated with 'make-ssl-cert
generate-default-snakeoil --force-overwrite' and 'systemctl
try-reload-or-restart apache2' is called, the new certificate is loaded by
apache2. Browser shows the untrusted certificate warning again. The
certificate information in the connection details has been updated.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Reload a service if it supports reloading, otherwise restart. Do nothing if
service is not running.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Likely helps: #2271.
When web server restarts we are shown an error page. Trying to lookup and
element in this error page still raises StaleElementReferenceException. However,
if the page was reloaded with driver.visit(), then trying to lookup the old
element does not throw StaleElementReferenceException. Instead the
NoSuchElementException is thrown. For this case, ensure that we stop waiting
appropriately. This is likely to solve the large waits and timeouts when testing
dynamicdns.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Config app description is as expected.
- Config form does not show domain name field anymore.
- Submitting the form with changes works.
- Names app has correct link for configuring static domain name. Clicking it
takes to page for setting domain name.
- On startup, static domian name signal is sent properly if set. Otherwise no
signal is send.
- Change domain name form shows correct value for current domain name.
- Change domain name form sets the value for domain name properly.
- Page title is correct.
- Validations works.
- Add/remove domain name signals are sent properly.
- Success message as shown expected
- /etc/hosts is updated as expected.
- Unit tests work.
- Functional tests on ejabberd, letsencrypt, matrix, email, jsxc, openvpn
- After freshly starting the service. Visiting names app shows correct list of
domains.
- ejabberd:
- Installs works as expected. Currently set domain_name is setup properly.
Copy certificate happens on proper domain.
- Changing the domain sets the domain properly in ejabberd configuration.
- Ejabberd app page shows link to name services instead of config app.
Clicking works as expected.
- letsencrypt:
- When no domains are configured, the link to 'Configure domains' is to the
names app.
- matrix-synapse:
- Domain name is properly shown in the status.
- email:
- Primary domain name is shows properly in the app page.
- Setting new primary domain works.
- When installing, domain set as static domain name is prioritized as primary
domain.
- jsxc:
- Show the current static domain name in the domain field. BOSH server is
available.
- openvpn:
- Show the current static domain in profile is set otherwise show the current
hostname.
- If domain name is not set, downloaded OpenVPN profile shows hostname.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Config app description is as expected.
- Config form does not show hostname anymore.
- Submitting the form with changes works.
- Names app has correct link for configuring Local Domain Name. Clicking it
takes to page for setting hostname.
- Avahi shows the current .local domain correctly in Names app.
- Change hostname form shows correct value for current hostname.
- Change hostname form sets the value for hostname properly.
- Page title is correct.
- Validations works.
- Pre/post hostname change signals are sent properly
- Success message as shown expected
- hostnamectl shows the set domain
- If domain name is not set, downloaded OpenVPN profile shows hostname.
- Unit tests work.
- Functional tests on names/config/avahi apps work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Closes#2092
On testing and unstable systems, /etc/os-release does not contain
VERSION_ID. In this case, lsb_release will report the release as
"n/a".
For unstable, this means that backports can be enabled in development
mode. When this happens, trixie-backports will be added as an apt
repository. The repository already exists, so it does not cause any
problem.
Tests:
- In stable container, backports can be enabled.
- In stable container, dist-upgrade can be disable and enabled.
- In stable container, in development mode, dist-upgrade can be
started.
- In testing container, backports cannot be enabled.
- In testing container, dist-upgrade cannot be enabled or started.
- In testing container, in development mode, backports can be enabled.
- In testing container, in development mode, dist-upgrade cannot be
started.
- In unstable container, in development mode, backports can be enabled
(as trixie-backports).
- In unstable container, in development mode, dist-upgrade cannot be
started.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Merge the case of outdated unstable distributions that return 'unstable'
as release and newer unstable distributions that return 'n/a']
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
