matrix-synapse 1.47.0-2 requires python3-frozendict 1.2-3 or higher. This is
only available in bullseye-backports, testing and unstable but not bullseye.
Allow python3-frozendict to be installed from buster-backports. Further there is
no longer any need to allow packages from buster-backports (on the master
branch). So, drop all those.
Tests:
- On stable/testing, without matrix-synapse and its dependencies installed, run
matrix-synapse functional tests.
- On stable, with older version of matrix-synapse and python3-frozendict, run
unattened-upgrade and notice that matrix-synapse upgrades to latest version.
- Without this patch, run service. Notice the contents of
/etc/apt/preferences.d/51freedombox.pref. When this patch is applied and service
is restarted, upgrades app is setup again and the files contents will change as
expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2170.
Starting with Django 2.2.25, re_path behavior has changed. When the regular
expression ends with a '$', a full match is performed with the regular
expression. This breaks the behavior of how we are currently matching the locked
URLs for CAPTCHA based login forms.
Tests:
- All tests are done on Debian stable with Django 2.2.25 and on Debian unstable
with Django 3.2.10.
- Go to home page, click on login link. Enter wrong password three times.
CAPTCHA page is show with URL ending with /locked. Type the correct password and
login will be successful.
- Install tt-rss. Logout. Go to /tt-rss/, redirection will happen to login page.
Enter wrong password three times. CAPTCHA page is show with URL ending with
/locked. Type the correct password and login will be successful.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Install tt-rss. Logout. Visit the /tt-rss link. We will be redirected to the
login page. Login with wrong password 3 times. CAPTCHA is shown. Login with
correct password. Login will be successful.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
In CI tests, when running 'run --list-dependencies', init for ikiwiki fails with
the following error. Fix that.
Exception while running init for <module 'plinth.modules.ikiwiki' from '/builds//freedombox/plinth/modules/ikiwiki/__init__.py'>: Action must exist in action directory.
Traceback (most recent call last):
File "/builds//freedombox/plinth/app.py", line 536, in _initialize_module
module.app = app_class()
File "/builds//freedombox/plinth/modules/ikiwiki/__init__.py", line 61, in __init__
self.refresh_sites()
File "/builds//freedombox/plinth/modules/ikiwiki/__init__.py", line 102, in refresh_sites
sites = actions.run('ikiwiki', ['get-sites']).split('\n')
File "/builds//freedombox/plinth/actions.py", line 95, in run
return _run(action, options, input, run_in_background, False)
File "/builds//freedombox/plinth/actions.py", line 147, in _run
raise ValueError('Action must exist in action directory.')
ValueError: Action must exist in action directory.
Tests:
- Shortcuts for ikiwiki show up properly on the front page after FreedomBox
daemon is restarted.
- Salsa CI no longer show the above error during --list-dependencies.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- It is reported on the mailing list that first setup operation on the help app
fails. The logs indicate that /usr/share/freedombox/manual directory is not
present on the system. Although this situation does not occur on a normal
installation, catch, log and ignore this error to be safe.
- Also ensure that this static files component is added in post_init so that
basic setup is not at all affected by it.
Tests:
- In the development directory, move doc/manual to doc/manual.bak. Observe that
the error message is printed during initialization but the process continues.
- With the manual directory properly restored, the full help manual is displayed
properly with images.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2162.
Something changed in Debian packaging and systemd-timesyncd was not
automatically being installed.
Tests:
- Run functional tests for datatime app.
- Run ./run --list-dependencies and note that systemd-timesyncd is listed.
- packages.debian.org shows that systemd-timesyncd package is available in
Bullseye, Bookworm and sid.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- The term 'Update' without a context is not easy to understand. This is
especially true during first setup wizard.
- This makes our UI similar to Android and lot of other OSes.
Tests:
- Trigger a update notification by incrementing FreedomBox version. In there,
the name of the app in the first line shows 'Software Update'.
- During first setup wizard, the title of the wizard step is 'Software Update'
initially and also when upgrades are running.
- In the System page, the title on the card is 'Software Update'. So is the
title on the app page.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes#2157.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Split diaspora and tahoe-lafs into separate commits]
[sunil: Remove monkeysphere from help/tests/test_views.py]
[sunil: Add to configuration file removal in Debian package and setup.py]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
MLDonkey is currently not available in testing and not installable in
unstable. Attempting to install MLDonkey leaves dpkg in a broken state
which breaks other app installations as well.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Fixes#2158.
When 'systemctl show' is used see the ConditionResult property, the value is
correct only when the unit has been started. When the unit is not running but
can run, ConditionResult has a value of 'no' leading to an incorrect result.
This in turn leads to _is_time_managed() returning incorrect value once the
service has been stopped. FreedomBox would have noted that daemon can be
enabled/disabled during startup while during attempts to enable it the action
script will think that service can't be enabled/disabled.
Fix this by using a better approach to detect when the service can run. Newer
versions of systemd (likely >=250) have the ability to run 'systemd-analzye
condition --unit=systemd-timesyncd.service' which have been ideal to detect
this. However, --unit option is not available in older versions. Use
systemd-virt-detect (part of systemd package) to detect for containers instead.
Tests:
- Boot the machine and run datetime functional tests
- User interface should not show enable/disable button for the app in container
but show in VM.
- Running first setup (after removing /var/lib/plinth/plinth.sqlite3) should
work on container and VM.
- Run above tests on a container and on a VM
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Configuration parameters are set properly after fresh app setup according to
'doveconf'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't add TLS debugging information to Received: header.
- Drop unused fingerprint digest configuration. They are only used when
smtpd_tls_security_level is set to 'fingerprint' in which case certifying
authorities are ignored.
- Drop alterations to TLS low/high cipher lists. They are not used since
tls_ciphers are all set to 'medium'.
Tests:
- No configuration errors are reported by postfix in its logs after startup.
- 'postconf' shows that the new configuration parameters are set properly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Use LetsEncrypt component to perform TLS certificate copying instead of custom
implementation.
- Use two components to copy the certificates to dovecot and postfix separately.
- Add support for multiple domains using SNI. Provide all the certificates. Use
primary domain's certificate as the fallback certificate.
- Drop the diagnose/repair approach due to its complexity.
Tests:
- Installing the app works. After installation, all TLS parameters are show as
expected by 'postconf' command and 'doveconf' command.
- A default domain is selected by default. This will reflect as primary domain
in TLS certificate configuration.
- When primary domain is changed, the configuration is updated to reflect the
default certificate path but SNI configuration is unchanged in dovecot and
postfix.
- Postfix and dovecot are restarted after setup.
- There are no configuration error shows in postfix/dovecot logs.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Mostly for consistency. Will be useful when uninstall action is implemented.
Tests:
- Installation of email server app works without errors.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Currently, when domains is for an app's LE component is set as '*'. Calling
setup_certificates() results in copying certificate for the '*' domain instead
copying certificates for each of the domains on the system. Fix this by
implementing a special case where certificates are copied for all domains that
can have certificates.
Tests:
- Implement and run unit tests.
- Certificates are copied to /etc/{postfix,dovecot}/letsencrypt/ when email
server uses LE components with '*' for domains parameter.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2159.
Ship a separate Apache configuration file instead of editing the one provided by
roundcube package. This avoids configuration file prompt when roundcube package
needs to be upgraded.
Tests:
- Freshly install roundcube package 1.4.x (using apt preferences and Bullseye),
run functional tests and login to a gmail account.
- Freshly install roundcube package 1.5.x (from testing), run functional tests
and login to a gmail account.
- Install roundcube 1.4.x version on testing container without these changes.
After applying these changes, run 'apt update' while roundcube is enabled and
let FreedomBox upgrade roundcube to 1.5.x version. After this, run functional
tests and login to a gmail account.
- Repeat the previous test with upgrade while rouncube is disabled. Then enable
rouncube, run functional tests and login to gmail account.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2156.
Tests:
- Remove a domain from System -> Config, 'letsencrypt revoke' action is not
invoked.
- Triggering a manual revoke operation still leads to action getting triggered.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Test:
- Submit the domain form unchanged. Message is printed that settings are
unchanged.
- Submit the domain form with changes. Message is printed that domain has been
updated. Configuration reflects the new domain.
- On page load, the current domain is shown in the domain configuration form.
- Clicking the repair button the service alert section triggers the repair
operations as seen in the console.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- By default, receive mail for all the domains on the system.
- Allow user to select a primary domain. This domain is used for TLS
certificate, automatically adding domain to sender address, etc.
- Don't expose postfix configuration parameters.
Tests:
- On installation, the domain list populated in postfix. Primary domain is
the one set in the config module. If it is not set, any other domain from
configured domains is taken.
- When not installed, adding/removing domains does not cause errors.
- Changing the domain in the domain view works. mydomain has the primary domain
set. myhostname has primary domain set. mydestination has default values and in
addition has all the domains on the system.
- /etc/mailname is populated with the primary domain.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't try to get the depends from module level and sort modules based on that.
- Instead after all App instances are created, sort the apps based on
app.info.depends and app.info.is_essential.
- Print message that apps have been initialized instead of printing before they
are initialized. The correct order of apps is only known after they have been
initialized and sorted.
- Avoid circular import on module_loader and setup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Alias was added to deal with Buster -> Bullseye transition. In Buster the daemon
was named bind9 and in Bullseye the daemon is named named with alias to bind9.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
