- Handle groups needed by an app.
- Handle reserved usernames for an app.
- Updated documentation
- Updated unit tests
Tests performed:
- Reserved usernames: ez-ipupd, ejabberd, Debian-minetest, mldonkey,
monkeysphere, mumble-server, privoxy, quasselcore, radicale, debian-tor,
debian-transmission
- Reserved usernames checks should work in the following forms:
- Create user
- Update user
- First boot user creation
- Full list of available groups should appear in following cases:
- Create user form
- Update user form
- Full list of groups should get created in Django DB during:
- Update user form display
- First boot form save
- When updating the last admin user, the 'admin' group choice is checked
and disabled.
- Following groups show up (sorted by group name):
- bit-torrent: Download files using BitTorrent applications
- git-access: Read-write access to Git repositories
- i2p: Manage I2P application
- wiki: View and edit wiki applications
- minidlna: Media streaming server
- ed2k: Download files using eDonkey applications
- freedombox-share: Access to the private shares
- web-search: Search the web
- syncthing: Administer Syncthing application
- feed-reader: Read and subscribe to news feeds
- admin: Access to all services and system settings
- Directory validation form checks for write permissions for following apps:
- deluge with debian-deluged user
- transmission with debian-transmission user
- Sharing app should show all the groups in add/edit share forms
- The following apps should get added to share group during setup:
debian-transmission
debian-deluged
- Unit tests pass
- Functional tests for users and groups pass
- Test that an app (example syncthing) provides the necessary
permissions to users in that group (but not in admin group).
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Fix i18n of group descriptions]
[sunil: Update developer documentation]
[sunil: Separate out cosmetic changes]
[sunil: Fix component ID for mumble]
[sunil: sharing: Remove unneeded dependency on users app]
[sunil: Implement better API for getting groups in component]
[sunil: Fix incorrect regression change ttrss app]
[sunil: Make iterating over gourps more readable]
[sunil: Improve tests, drop single use fixtures]
[sunil: Simplify test_view.py fixture]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes#1429
Test:
- Install latest radicale (2.1.11-8). Downgrade python3-radicale and
radicale to 2.1.11-6. Change access rights setting to something
other than the default. Run `unattended-upgrades -v` and confirm
that there is a conffile prompt. Run `apt update` and check that log
show radicale is upgraded. Confirm that access rights are still set
as selected.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Nektarios Katakis <iam@nektarioskatakis.xyz>
Tests performed:
- Visit monkeysphere page, observe that all the action buttons have similar
width of 9em (as per inspector).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Introduce new API to mark an app that it can't be disabled.
- Mark jsxc, storage, config, upgrade and firewall apps as can't be disabled.
- Fixed functional tests
- Replaced AppForm with forms.Form in all modules' forms.py.
- Remove app.template.js.
- Remove unused styles.
- Remove app status checks in form_valid of Deluge, Diaspora, Matrix, Ejabberd,
MediaWiki, Storage, Transmission, Quassel
- Purge unused is_enabled context variables (Ikiwiki)
- ejabberd: Minor cleanup in template
- jsxc: Cleanup unneeded overrides
- tahoe: Cleanup unnecessary overrides
Tests performed:
- For all apps affected, test enable/disable button works and submitting
configuration form works: with changes updates message and without changes
'settings unchanged' message.
- avahi
- bind
- cockpit
- SKIP: coquelicot
- datetime
- deluge
- SKIP: diaspora
- ejabberd
- gitweb
- i2p
- infinoted
- ikiwiki
- matrixsynapse
- mediawiki
- minetest
- minidlna
- mldonkey
- mumble
- pagekite
- privoxy
- quassel
- radicale
- roundcube
- SKIP: samba
- searx
- SKIP: shaarli
- shadowsocks
- ssh
- tahoe
- transmission
- FAIL: tt-rss (not installable)
- wireguard
- Deluge test that configuration changes when app is disabled work
- Quassel test that setting the domain works when app is diabled
- Transmission test that setting the domain works when app is diabled
- Ikiwiki create form works properly
- Enable/disable button appears as expected when enabled and when disabled
- Enable/disable button works without Javascript
- Functional tests work for affected apps, Tor and OpenVPN
- AppForm is removed from developer documentation
- Forms reference
- Customizing tutorial
- Test all apps using directory select form
- Transmission
- Deluge
- Visit each template that overrides block configuration and ensure that it is
loaded properly and the display is as expected.
- All apps that use AppView that are not tested above should not have an
enable/disable button. That is JSXC, update, config, firewall, storage, users.
Signed-off-by: Alice Kile <buoyantair@protonmail.com>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- When there are multiple binary packages, a common practice is to install into
debian/tmp using the Makefile and then use dh_install and .install files. This
splits the contents installed into debian/tmp to various package directories
debian/{package}.
- Install documentation in to /usr/share/freedombox instead of
/usr/share/doc/freedombox. Then create a link to /usr/share/doc/freedombox/.
This approach is recommended Debian Policy Manual in section 12.3[1] because
it should safe for administrator to delete files in /usr/share/doc safely
without breaking the application functionality. The doc-base must refer to the
documentation in /usr/share/doc as per doc-base documentation.
Links
1) https://www.debian.org/doc/debian-policy/ch-docs.html#additional-documentation
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Rename various files in debian directory so that it is clear which binary
package they are relevant for.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Fix the list of files for the HTML format.
- Add PDF format listing.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests performed:
- Print the calls to _mount_static_directory() before and after the changes.
They should print the same.
- With English as the preferred language, visit the user manual. Images should
be visible. Visit MediaWiki manual page with learn more link in MediaWiki.
Images should be visible.
- Repeat with Spanish as the preferred language.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
When private mode is turned on and off, a setting to allow anonymous editing is
being written. This turns on anonymous editing on the wiki. To fix, drop the
code that adds anonymous editing line and implement migration from older
settings to newer settings.
Closes: #1783.
Tests performed:
- Install mediawiki with current master. Private mode is disabled by default.
Anonymous users can't edit. There is a line for editing set to false in
FreedomBoxSettings.php configuration file. Switch to latest code. The line
should be removed. private mode is still disabled. Anonymous users should not be
able to edit the wiki.
- Install mediawiki with current master. Enable private mode. Anonymous users
can't edit, login is required to view wiki. There is a line for editing set to
false in FreedomBoxSettings.php configuration file. Switch to latest code. The
line should be removed. private mode is still enabled. Anonymous users should
not be able to edit the wiki. Login is required to view the wiki.
- Install mediawiki with current master. Enable private mode and disable it.
Anonymous users can edit the wiki. There is a line for editing set to true in
FreedomBoxSettings.php configuration file. Switch to latest code. The line
should be removed. private mode is still disabled. Anonymous users should not be
able to edit the wiki but they can read the wiki.
- Install mediawiki with the changes in the branch. Line for editing the wiki is
not present in FreedomBoxSettings.php configuration file. Enabling/disabling the
private mode does not introduce the line either. When private mode is enabled,
login is required to read/edit the wiki. When it is disabled, anonymous users
can read the wiki but not edit it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
If the app is disabled and configuration is edited, don't start the daemon.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Nektarios Katakis <iam@nektarioskatakis.xyz>
Commit 50e5608331330b37c0b9cce846e34ccc193d1b0d incorrectly sets the
StateDirectory without setting DynamicUser. Buster's shadowsocks will then
create directory /var/lib/shadowsocks-libev/freedombox/ and refuse to delete it
in later versions when DynamicUser=yes needs it to be a symlink.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Nektarios Katakis <iam@nektarioskatakis.xyz>
- Reduce password length to encourage users to use the auto-generated one
instead of setting a new one.
- Don't set mode to tcp_and_udp: 1) upstream default to TCP only, leave the
decision to upstream. 2) firewalld service file only allows TCP. Without editing
the firewalld configuration, this change is incorrect.
- Don't set timeout. This values matches with the upstream default.. Leave this
to upstream.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Nektarios Katakis <iam@nektarioskatakis.xyz>
- Ensure that /var/lib/private/shadowsocks-libev/freedombox always exists. This
fixes not being able to save configuration after setup on fresh Buster installs.
- Merge migration path from version 1 to 2 into setup process in an idempotent
way.
- Always creating an initial configuration file so that daemon starts soon after
install. Set a default random password. Localhost as default server.
Closes: #1792
Signed-off-by: Nektarios Katakis <iam@nektarioskatakis.xyz>
[sunil: Minor indentation, update commit message]
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- For setting up backports repositories. Using an internal scheduler is easy to
maintain in the long run.
- Run it more frequently when in developer mode.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This only effects development environments where ./setup.py is run but not the
shipped product.
- Write log messages about removing the files only when actually removing the
file. This is so that the log output is quiet when no action is taken (typical).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't ship the file preferences file as this is a violation of the Debian
policy. Lintian throws a hard error that can't be overridden. Remove the lintian
override. Remove this file using maintainer scripts when upgrading from all
version below 20.5.
- The preferences file is now renamed to 50freedombox4.pref.
- Instead write the file when the app is getting setup (on each new version).
- Don't run the setup code on daily timer, instead run the code when the app
upgrades. This ensures that as soon as freedombox package is upgraded and run,
the new preferences file is created instead of waiting for the daily timer to
run.
- From now on when the preferences change, we will increment the version number
of the upgrades app. Change the setup() for the app so that it does not
re-enable automatic upgrades every time setup() is run.
Closes: #1673.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests performed:
- Pick an app like Infonoted that does not have web client. Visit the front page
click on Infinoted. Clients button should show up. Clicking on it should expand
the clients information table.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- So that it can be reused in frontpage.
Tests performed:
- Go to an app like Gitweb. Both launch web client button and clients apps
button should be visible. Similarly, Deluge should only show launch button.
Infinoted should only show clients button.
- Go to an app like Gitweb where launch web client button is available. Enabling
the app should enable the launch web client button and disabling the app should
disable the launch web client button.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
