/etc/sysctl.conf is owned by procps package.
Test: Run minidlna install on fresh image.
- /etc/sysctl.conf is not modified.
- /etc/sysctl.d/50-freedombox.conf has the expected content.
- /proc/sys/fs/inotify/max_user_watches contains 100000.
- Running with these changes upgrades app version and triggers a setup. Changes
in /etc/sysctl.conf are removed. After undoing the changes /etc/sysctl.conf is
identical to pristine version installed from procps package. This can be
obtained by running; rm -f /etc/sysctl.conf ; apt install --reinstall procps -o
Dpkg::Options::=--force-confmiss
Closes#1802.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Undo changes done in /etc/sysctl.conf in older versions]
[sunil: Increment app version to trigger configuration migration]
[sunil: Ensure that app is not re-enabled during migration]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Logo is not shown when first setup is running in the background and the first
setup busy page is shown. This is a regression when PNG logos were moved to a
different folder.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Reuse the method in package.py that checks is package manager is busy without
printing and error log.
Tests performed:
- Try to install a package and wait at the apt confirmation prompt.
- Go to power index page /sys/power/ . It shows a warning that package manager
is busy. No error log is printed.
- Go to system restart page. It shows a warning that package manager is busy. No
error log is printed.
- Go to system poweroff page. It shows a warning that package manager is busy.
No error log is printed.
- Without package manager being busy, above warnings are not shown.
- Go to manual update package. It shows as updating if apt is busy, otherwise
shows the manual update button.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Installed Quassel and diagnostics are passed.
- Quassel client connection is successful.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Remove RemainAfterExit=no as it is default]
[sunil: Remove ReadWritePaths= as {Logs|State}Directory= take care of it]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Remove freedombox-udiskie.service file. Don't run udiskie anymore. Use our own
implementation of auto-mounting.
- Schedule disk failure checking to 3 seconds after application initialization.
Also perform auto-mounting at that time.
- Listen to new filesystems added and auto-mount them.
- Listen to disk failing attribute and report to user via a notification.
- Add rules to polkit-1 to allow plinth user to mount drives.
- Add simple abstractions over DBusProxy objects make accessing properties
simpler.
- Replicate udiskie's approach to mounting disks.
- Mount as root user for now using command line instead of DBus API. This is to
keep compatibility with older code that mounted under /media/root with relaxed
permissions.
Udiskie analysis:
- On device added, media added, perform auto_add
- On device changed and is addable and old state is not addable or removeable
- Automount condition:
- Matches configuration
- Not ignored
- is_filesystem and not mounted -> mount
- crypto device -> try unlock -> if success, mount
- is partition table
- Get all non-ignored devices, if partition then mount
- Mount condition:
- Is not ignored
- Is filesystem
- Find device with path
- Get options from configuration
- Is ntfs and executable ntfs-3g is not available
- Call mount
- No support for udisks1
- Built-in rules
- {'symlinks': '/dev/mapper/docker-*', 'ignore': True}
- {'symlinks': '/dev/disk/by-id/dm-name-docker-*', 'ignore': True}
- {'is_loop': True, 'is_ignored': False, 'loop_file': '/*', 'ignore': False}
- {'is_block': False, 'ignore': True}
- {'is_external': False, 'is_toplevel': True, 'ignore': True}
- {'is_ignored': True, 'ignore': True}
Tests performed:
- Create a CDROM in VM, inject media. Disk should get mounted.
- Create a temp file. mkfs.ext4 it at top level. losetup it. It should not get
auto mounted as it is a top level internal device.
- Create a temp file. Create two partitions and format the partitions. kpartx
-a on it. Both the file systems should get mounted.
- Create a temp file. luksformat it. Create a filesystem. luksopen the file.
It should get auto mounted.
- Checking for disk space repeatedly happens every 3 minutes.
- Drives are checked for healthy status only once, 3 seconds after FreedomBox is started.
- FreedomBox is able to mount disks while running as 'plinth' user with
policykit-1 version 0.105-26.
- FreedomBox is able to mount disks while running as 'plinth' user with
policykit-1 version 0.116-2 from experimental.
- Temporarily flip the is_failing condition in report_failing_drive. When
FreedomBox is restarted, notification about drives failing show up. When the
condition is reverted to normal, the notification is withdrawn.
- Build new Debian package and upgrade system with 20.8 installed. Two files
should be removed:
/var/lib/systemd/deb-systemd-helper-enabled/freedombox-udiskie.service.dsh-also
/etc/systemd/system/multi-user.target.wants/freedombox-udiskie.service .
systemctl status freedombox-udiskie.service should report no such unit.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Disabling an application at the end of test suite frees us system
resources for the remaining applications.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
firewalld has no problem retrieving service information for just-installed
files, it only fails when adding/removing those services to zones. A reload is
needed before those services can be used.
Don't perform firewalld reload during setup.py or debian/postinst. Instead
reload when firewalld throws an error that it does not know a service. This
approach is more minimally intrusive and does not run reload operations when no
services need to be loaded, during Debian package building etc.
Closes: #376.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
bind9 package version 1:9.16.1-2 in unstable renamed bind9.service to
named.service. The new service file contains Alias=bind9.service. Use this
support multiple versions of the package across Debian stable, testing and
unstable.
Closes: #1816.
Tests performed:
- Enable the service. 'service enable bind9' is called but fails with error
ignored. 'service enable named' is also called but succeeds. Running 'service
is-enable bind9' and 'service is-enabled named' return success. App page show
enabled, there are no errors on the page.
- When app is enabled, there is no message that service is not running.
- When diagnostics are run, it shows that bind9 service is running.
- Disable the app. 'service disable bind9' is called. Running 'service is-enable
bind9' and 'service is-enabled named' return errors. App page shows disabled,
there are no errors.
- Repeat tests on Debian stable.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Using cockpit-pcp in ‘System’ section.
Signed-off-by: fred1m <frederic.le-meur@ac-versailles.fr>
[sunil: Minor grammar fix in description, minor styling]
[sunil: Drop the icon completely in favor of just the font icon]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Avoid no-response error when deleting a snapshot. This is caused when disk is
full and delete operation tries to store data in session which is stored on
disk. The session update fails and there are no values to delete. This case in
not handled and return a None in view causing a 500 error. Use GET params
instead.
- Delete all functionality that is meant to speed up deleting snapshots has
regressed and is currently never used. Further, there are more types of
snapshots that can't be deleted that needs to be handled in delete all
functionality. Drop it for now.
- When snapper list is run the snapshot number can contain '-', '+' or '*'
suffixed to it. Currently only '*' is handled. This leads to failure in listing
the snapshots after a restore snapshot'. Fix this is properly parsing. Also it
is no longer needed to query 'btrfs' command to know the snapshot that will
used at next boot. '+' or '*' means that.
- Don't list snapshot number '0'. It is never listed to the user and it can
never be deleted. It represents the current system.
- Properly implement checking for default and active snapshots. Don't let delete
operation on either of them.
- Fix regression with disabling the delete button when there are no snapshots
that can be deleted.
Tests performed:
- Before any snapshot is restored, the labels 'will be used at next boot' and
'in use' are not shown. Snapshot with number 0 is not shown.
- Immediately after restoring a snapshot, the 'will be used at next boot' label
will shown up on snapshot that is going to boot next.
- After rebooting after restore, the snapshot that has been restored will show
'will be used at next boot' and 'in use' labels. Restoring another snapshot will
move the 'will be used at next boot' label to the new restore snapshot but keep
the 'in use' label on the current snapshot until next reboot. Snapshot with
number 0 is not shown.
- Delete check boxes are not shown against the 'in use' and 'will be used at
next boot' snapshots. Entering their values manually in the URL in the delete
screen will lead them to be ignored.
- Select multiple snapshots and click delete. The details appear properly in the
confirmation window. Deleting will delete the snapshots.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Storage Snapshots will be installed by default. It will only be usable
if filesystem is btrfs. For other filesystems, a message is displayed
that it is not available.
Closes#1284.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #1846
Tests:
- When systemd-timesyncd is running, 'Run Diagnostics' button is shown and two
diagnostics results are shown. The two results appears on the diagnostics app
results too.
- When systemd-timesyncd is not running, 'Run Diagnostics' button is not shown.
Datetime app is not included the diagnostics app page results.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is workaround for /usr/bin/php pointing to a different version than what
php-defaults (and php-mbstring, php-xml) points to. See:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959742
Tests performed:
- On unstable, install MediaWiki and open the web interface.
- On testing, install MediaWiki and open the web interface.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Merged the two DateTimeApp classes. In future, we will remove all
module.init() methods in favor of automatically performing the operations from
module_loader.
- Also fix an error running './run --list-dependencies' when running without
systemd support inside a test case container:
ERROR plinth.module_loader Exception while running init for <module 'plinth.modules.datetime' from '/builds/sunilmohan/plinth/plinth/modules/datetime/__init__.py'>: Command '['systemctl', 'show', '--property=ConditionResult', '--value', 'systemd-timesyncd']' returned non-zero exit status 1.
Traceback (most recent call last):
File "/builds/sunilmohan/plinth/plinth/module_loader.py", line 123, in _initialize_module
init()
File "/builds/sunilmohan/plinth/plinth/modules/datetime/__init__.py", line 77, in init
if _is_time_managed():
File "/builds/sunilmohan/plinth/plinth/modules/datetime/__init__.py", line 112, in _is_time_managed
output = subprocess.check_output([
File "/usr/lib/python3.8/subprocess.py", line 411, in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
File "/usr/lib/python3.8/subprocess.py", line 512, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['systemctl', 'show', '--property=ConditionResult', '--value', 'systemd-timesyncd']' returned non-zero exit status 1.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
CC: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Shows URLs and shared secret that communication servers like matrix-synapse
should be configured to. Later we will implement auto-configuring those servers.
- Allow selecting domain for the sake of TLS/DTLS certificate installation.
- Simplify systemd service file options. Drop log file and pid file support as
they are not needed with systemd. Add security options.
- Set custom configuration file by overriding systemd service file options so
that we don't have a problem with conffile prompts.
- Implement functional tests (and automatic diagnostics).
- Custom icon selected from the Noun project as Coturn project does not have
one.
- Backup/restore configuration file and certificates.
- Document some questions regarding configuration options.
Tests performed:
- App is not listed in the app page if 'advanced' flag is disabled.
- App name, icon and short description shows up correctly in apps page.
- App name, icon, short description, description, manual link, enable/disable
button and diagnostics link show up currently in app page.
- Verify that configuration used by coturn server is the FreedomBox
configuration by checking the cert path in the log output.
- PID file is not created in /var/run/turnserver/. It goes into /dev/null
according to the log output.
- No log file is created other than what is collected by systemd from command
line.
- systemctl show coturn.service shows all the intended restrictions such as
NoNewPrivileges, Protect* options.
- Run functional tests.
- Ensure that backup of configuration file works by taking backup, changing the
secret and restoring. During backup and restore coturn should be stopped and
started as per logs.
- Build Debian package. No warnings about the copyright file.
- Enabling the app enables the service and runs it.
- Disabling the app disables the service and stop it.
- All diagnostics tests pass.
- Diagnostic tests show firewall port coturn-freedombox for internal and
external networks, service coturn, and each listening port for udp4, udp6, tcp4
and tcp6.
- Information in the firewall page shows up properly. Enabling the app opens
firewall ports, and disabling it closes them.
- When the app is installed, if a cert domain is available, it will be used.
When multiple domains are available, one of them is picked.
- Status shows 4 URLs with the currently selected domain and secret key.
- Changing domain to another domain succeeds and reflects in the status
information.
- When no domain is configured. Installing the app succeeds. No domain is shown
in the list of domains.
- When domain is changed, the certificates files in /etc/coturn/certs are
overwritten.
- Certificates have the ownership turnserver:turnserver. Public key is cert.pem
has 644 permissions. Private is pkey.pem has 600 permissions. /etc/coturn/certs
is owned by root:root.
- Let's encrypt certificates are setup immediately after install.
- Port forwarding information shows all ports except for relay ports.
- Trying to create a user with username 'turnserver' throws an error. This
happens even when coturn is not installed yet.
- After installing coturn, the configuration file /etc/coturn/freedombox.conf is
created with ownership root:turnserver and permissions 640. The directory
/etc/coturn is created with ownership root:root and permissions 755.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
[jvalleroy: Fix copied form_valid comment]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
* `py.test-3 plinth/modules/mumble/manifest.py` said only two warnings
(could not create cache path {path})
* `sudo -u plinth /vagrant/run --develop` and https://localhost:4430/ had
show me what I expected
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Homebrew is the correct name of the package manager, not Brew.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Add more detailed instructions for installing VirtualBox manually on
Debian and its derivatives.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- The repository has been renamed from 'plinth' to 'freedombox'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
