Unix paths can contain double quotes. Allow entering paths with double quotes by
escaping them in c-style[1] and retrieve them back properly.
1) https://httpd.apache.org/docs/2.4/expr.html
Tests:
Run tests on with various paths:
- /var/a b
- /var/c"d
- /var/ef"
Run the following tests.
- Create a directory with the test path and create a sample file inside it.
- Add a share with the test path.
- Ensure that the share is accessible and the file can be downloaded.
- Ensure that the list of the shares shows the path correctly.
- Ensure that the share can be edited.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Make terminology more consistent managed vs. possible, resolve vs. actual.
- Fix regression in security report caused by comparing package expressions with
package names.
- Fix regression in package upgrades caused by comparing package expressions
with package names.
- Update API method names to improve readability and prevent accidental
mismatching of package names and package expressions. Update variable names for
same reason during usage.
Tests:
- minetest install successfully in testing.
- Security report shows non-zero value in the current vulnerabilities column.
- When an unavailable package is added to list of packages in an app, the app
can't be installed.
- When PackageOr expressions is added to an essential package, running
--list-dependencies shows an expressions with '|' in it.
- Unit tests succeed.
- Find a package with conffile prompt and add that to list of a packages in an
app like bepasty and implement a stub force_upgrade() method in the app. Run
'apt update' and that triggers and analysis of packages with conf file prompts.
This should call force_upgrade() method in bepasty and with proper argument for
list of packages.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
In Bookworm, the minetest-mod-player-3d-armor package is renamed to
minetest-mod-3d-armor. Allow either package name to fulfill the
requirement, so that the app is installable in both Bullseye and
Bookworm.
Fixes#2164.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Viewing a wifi connection will cause a 500 error. To reproduce this
issue, go to plinth/sys/networks/. If no wifi connections exist,
add one use the "Add Connection" button. Then, click on the name of
the wifi connection to view it. A 500 error is returned.
This commit fixes this error so the normal "show connection" is
returned. It also fixes a bytestring conversion error
for the SSID and a blank value for "mode" on the page.
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This allows any binary package in src:freedombox to be upgraded from
backports, so that packaged manuals are included.
Thanks for Frank Woodward for finding the root cause and solution.
Tests:
- Build a FreedomBox bullseye image with backports disabled.
- During setup, enable backports, and update packages. freedombox
package from bullseye-backports is installed, but freedombox-doc-*
packages are from bullseye.
- Install freedombox package with the fix, and update
packages. freedombox-doc-* packages from bullseye-backports are
installed.
Closes#2106.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2186.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[jvalleroy: Remove duplicate import]
[jvalleroy: Reword help text slightly]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
When old configuration is not set and is exported with new code into newer
format, the result is a domain added with domain name 'null'. This causes issues
with UI not showing configuration and with null domain being added into
configurations of various daemons.
Tests:
- To reproduce the issue, switch to a revision with old dynamicdns code. Then
switch to a latest version without the fix. A 'null' domain is added to
configuration.
- To reproduce the issue, switch to a revision with old dynamicdns code. Then
switch to a latest version with the fix. A 'null' domain is not added to
configuration.
- With null domain in the configuration. Start FreedomBox with the fix. The null
domain should be removed and null domain should not be announced to other
daemons.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Since FreedomBox does not allow any users but those belonging to 'admin' group
to login, using passwd driver for auth means that only admin can login to
postfix/dovecot. Fix this by reverting to using LDAP driver.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Unified querying, reduce random writes for SD cards, eliminate need for separate
log rotation.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The site will then redirect to a language specific URL.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Otherwise, the default directives in 10-auth.conf take higher priority.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Not very critical. Reduce complexity. Re-implement later at framework level.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
They are unused. postfix-ldap is needed for LDAP based maps. In dovecot,
authentication happens using PAM.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
There is nothing related to LDAP in the module. It actually configures postfix.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Remove unnecessary complex crash handler needed due to setting the service
configuration in two steps. Merge the two step into one after which crash
handler is not needed.
- Drop '_unsafe' API and verify all keys and values for sanity.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is not critically needed in FreedomBox. Implementation is complex. This may
be recreated at framework level to benefit all applications.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The module does not interact with kernel audit system or is not related to
security logging. The 'privileged' makes us pay more attension.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
A fresh install of clamav-daemon takes up about 1GiB or RAM. Most of this is the
virus signature database and is used regularly for a scan. This makes ClamAV
unsuitable for FreedomBox running on many single board computers. Drop ClamAV
until we start recommending/requiring at least 2GiB of RAM.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- There is no use case for keeping an alias disabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- The default, which is to trust local LAN IPs is good enough for FreedomBox use
case.
- This allows skipping some checks like DKIM for mails originating from local
networks which are not expected to have proper signatures.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Reduces a lot of complexity and avoids running a couple of more postfix
daemons (one on 10025 port and other on socket fbxcleanup).
- Cleaning outbound headers for privacy can be done in a simpler way. This may
be re-implemented later.
- Masquerading domains is not very important for FreedomBox use case. Users are
expected to send all mail using MUA using properly configured email addresses.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
There is no special reason to handle them separately instead of letting DNS
resolution to them fail. No documentation on what caret addresses are or what
.fm.localhost TLD is.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
