See #1841 for discussion on why Turbolinks needs to be removed.
Closes: #1841.
Closes: #1804.
Tests performed:
- There are no more references to 'turbolinks' in source code other than .po(t)
files and the manual.
- When loading a page, turbolinks.js is no longer loaded.
- The following links don't have data-turbolinks attribute and work well when
clicked.a
- Gitweb repository links
- Download manual links (en, es)
- Ikiwiki wiki links
- Sharing app web share links
- TT-RSS mobile app link
- 'Launch web client' button
- 'Launch' button in web section of clients table
- Active and regular front page shortcut
- Roundcube does not have a link to /roundcube in description.
- turblinks not present in /static/jslicense.html . LibreJs accepts all scripts.
Reported-by: Veiko Aasa <veiko17@disroot.org>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
This is to make Pagekite use certficates shipped by Debian. Otherwise by
default, it uses internally shipped certificates that may be outdated. See:
https://pagekite.wordpress.com/2020/05/30/tls-certificate-validation-issues/
Tests performed:
- Without the patch, configure pagekite with a proper account. Notice that
pagekite fails to connect to the server due to SSL failures.
- Stop FreedomBox, apply the patch, run ./setup.py and run FreedomBox. File
/etc/pagekite.d/90_freedombox_certs.rc is present. Pagekite is restarted by
restarts. It start connecting to the server successfully.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
[jvalleroy: Fix typo in comment]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Also properly stylize the app name as done on project website.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- We are mention in the internal zone warning that services are available when
connected over VPN.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #1863.
Tested:
- Click on link and it loads valid page.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Talk about cockpit in networking, firewall and storage apps for advanced
operations. Make it a separate section instead of just description update to
provider higher emphasis.
- Update cockpit description too.
Closes: #1809.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #1814.
Tests performed:
- Connect with all the mentioned clients to a Samba folder on a FreedomBox.
- Visit all the links in the clients information table.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- To be able to write to folders shared with other apps.
- Increment app version so that already installed apps also get upgraded and
mldonkey becomes part of freedombox-share group.
- Ensure that app does not get enabled after upgrade.
- Relax path restrictions for write access so that mldonkey can write to
external disks and root disk shared folders.
Closes: #1813.
Tests performed:
- Install app freshly mldonkey user is part of freedombox-share group.
- Install app without changes. Switch to a branch with changes. Run ./setup.py
install. The app is upgraded after run. mldonkey user is now part of
freedombox-share group. To check run sudo actions/users get-group-users
freedombox-share.
- Modify options -> Shares and Add Share with a group shared folder with
strategy incoming_files. Remove old share with strategy incoming_files.
Downloading a new file means it will be stored in the shared folder.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
This is a fix for regression introduced by
ebe6a0ed026e27dc650b4c2fed8426357f959ddc. I have incorrectly assumed that
providing only IPv6 ORPort is sufficient to listen on IPv4 and IPv6. As a
result, Tor does not run when relay is enabled. Fix this by adding ORPorts for
both IPv6 and IPv4.
Tests performed:
- Tor shows as running after enabling relay functionality.
- Adding single or multiple ORPort values in the configuration file leads to
actions/tor get-status reporting that relay is enabled.
- Functional tests for Tor run properly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Looks like the old 'Actions...' menu has been changed into a burger menu. Keep
compatibility with earlier version too.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Move non-reusable app specific step definitions and helper methods into
<app>/tests/test_functional.py.
- Merge reusable helper methods into plinth.tests.functional
- Merge reusable step definitions into plinth.tests.functional.step_definitions
- avahi, datetime, ikiwiki: Reuse common methods to avoid repetition. Avoid
mapping from app nicknames to actual app names.
- deluge, transmission: Make a copy of sample.torrent for each app to avoid
clogging common place.
- Implement functional.visit() to simplify a lot of browser.visit() calls.
- Ensure that name of the mark on functional tests for an app is same as name of
the app. This will help with predicting the mark when running tests for a
particular app.
Tests performed:
- Run all functional tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Due to improper python include path. Don't know why the problem surfaced.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Add pytest hooks to ignore all functional tests if pytest_bdd is not
installed.
- Update pytest hooks to skip tests in file named 'test_functional.py' if
--include-functional argument is not provided.
- Move functional_tests/install.py into plinth/tests/functional and update
reference in Vagrantfile.
- Move scenario files into individual app folders. Rename them after the app
they are testing. Merge TODO items listed in todo.org into corresponding feature
files.
- Add test_functional.py in each app to build tests from the features file using
pytest_bdd.
- Move all step_definitions, support and data into plinth/tests/functional/.
Include all step_definitions from conftest.py. Update to relative imports
instead of absolute imports.
Tests performed:
- Run py.test-3 --collect-only shows all functional tests and lists 574 tests.
No errors show that name of feature files are correct. The number says that all
functional test features are included.
- Remove pytest_bdd (or modify the import name) and run py.test-3 --collect-only
skips collecting all functional tests and shows only 300+ tests.
- Run functional tests for a few apps with py.test-3 --include-functional -m
app. For storage, deluge.
- Run unit tests with py.test-3. Functional tests are listed by skipped.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Tests performed:
- When app is not setup, app toggle button is not shown. Running status of the
app is also not present in the page. Profile download is not shown. Setup button
is shown.
- When app is being setup, app toggle button is not shown. Running status of the
app is also not present in the page. Page keeps refreshing every 3 seconds
during setup. Profile download is not shown. A progress spinner is shown that
setup is currently running.
- When app setup has completed, app toggle button is shown. Running status is
shown. When daemon is stopped, a message that daemon is not running is show.
Profile download is shown.
- Transition from being setup into setup completed is done with a single page
refresh. Message that setup is completed is shown.
- Port forwarding information is always shown (before, during and after setup).
- Run functional tests for OpenVPN.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Test:
- Downgrade kernel (linux-image-amd64) to earlier version.
- Reboot into the older kernel.
- Remove the newer kernel package.
- Run FreedomBox in develop mode.
- Run unattended-upgrades --debug to upgrade all packages.
- At the end a message is printed that shutdown is scheduled.
- Check /run/systemd/shutdown/scheduled file and see that microseconds since
epoch is set to tomorrow 02:00 local time.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
/etc/sysctl.conf is owned by procps package.
Test: Run minidlna install on fresh image.
- /etc/sysctl.conf is not modified.
- /etc/sysctl.d/50-freedombox.conf has the expected content.
- /proc/sys/fs/inotify/max_user_watches contains 100000.
- Running with these changes upgrades app version and triggers a setup. Changes
in /etc/sysctl.conf are removed. After undoing the changes /etc/sysctl.conf is
identical to pristine version installed from procps package. This can be
obtained by running; rm -f /etc/sysctl.conf ; apt install --reinstall procps -o
Dpkg::Options::=--force-confmiss
Closes#1802.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Undo changes done in /etc/sysctl.conf in older versions]
[sunil: Increment app version to trigger configuration migration]
[sunil: Ensure that app is not re-enabled during migration]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Reuse the method in package.py that checks is package manager is busy without
printing and error log.
Tests performed:
- Try to install a package and wait at the apt confirmation prompt.
- Go to power index page /sys/power/ . It shows a warning that package manager
is busy. No error log is printed.
- Go to system restart page. It shows a warning that package manager is busy. No
error log is printed.
- Go to system poweroff page. It shows a warning that package manager is busy.
No error log is printed.
- Without package manager being busy, above warnings are not shown.
- Go to manual update package. It shows as updating if apt is busy, otherwise
shows the manual update button.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Installed Quassel and diagnostics are passed.
- Quassel client connection is successful.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Remove RemainAfterExit=no as it is default]
[sunil: Remove ReadWritePaths= as {Logs|State}Directory= take care of it]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Remove freedombox-udiskie.service file. Don't run udiskie anymore. Use our own
implementation of auto-mounting.
- Schedule disk failure checking to 3 seconds after application initialization.
Also perform auto-mounting at that time.
- Listen to new filesystems added and auto-mount them.
- Listen to disk failing attribute and report to user via a notification.
- Add rules to polkit-1 to allow plinth user to mount drives.
- Add simple abstractions over DBusProxy objects make accessing properties
simpler.
- Replicate udiskie's approach to mounting disks.
- Mount as root user for now using command line instead of DBus API. This is to
keep compatibility with older code that mounted under /media/root with relaxed
permissions.
Udiskie analysis:
- On device added, media added, perform auto_add
- On device changed and is addable and old state is not addable or removeable
- Automount condition:
- Matches configuration
- Not ignored
- is_filesystem and not mounted -> mount
- crypto device -> try unlock -> if success, mount
- is partition table
- Get all non-ignored devices, if partition then mount
- Mount condition:
- Is not ignored
- Is filesystem
- Find device with path
- Get options from configuration
- Is ntfs and executable ntfs-3g is not available
- Call mount
- No support for udisks1
- Built-in rules
- {'symlinks': '/dev/mapper/docker-*', 'ignore': True}
- {'symlinks': '/dev/disk/by-id/dm-name-docker-*', 'ignore': True}
- {'is_loop': True, 'is_ignored': False, 'loop_file': '/*', 'ignore': False}
- {'is_block': False, 'ignore': True}
- {'is_external': False, 'is_toplevel': True, 'ignore': True}
- {'is_ignored': True, 'ignore': True}
Tests performed:
- Create a CDROM in VM, inject media. Disk should get mounted.
- Create a temp file. mkfs.ext4 it at top level. losetup it. It should not get
auto mounted as it is a top level internal device.
- Create a temp file. Create two partitions and format the partitions. kpartx
-a on it. Both the file systems should get mounted.
- Create a temp file. luksformat it. Create a filesystem. luksopen the file.
It should get auto mounted.
- Checking for disk space repeatedly happens every 3 minutes.
- Drives are checked for healthy status only once, 3 seconds after FreedomBox is started.
- FreedomBox is able to mount disks while running as 'plinth' user with
policykit-1 version 0.105-26.
- FreedomBox is able to mount disks while running as 'plinth' user with
policykit-1 version 0.116-2 from experimental.
- Temporarily flip the is_failing condition in report_failing_drive. When
FreedomBox is restarted, notification about drives failing show up. When the
condition is reverted to normal, the notification is withdrawn.
- Build new Debian package and upgrade system with 20.8 installed. Two files
should be removed:
/var/lib/systemd/deb-systemd-helper-enabled/freedombox-udiskie.service.dsh-also
/etc/systemd/system/multi-user.target.wants/freedombox-udiskie.service .
systemctl status freedombox-udiskie.service should report no such unit.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
firewalld has no problem retrieving service information for just-installed
files, it only fails when adding/removing those services to zones. A reload is
needed before those services can be used.
Don't perform firewalld reload during setup.py or debian/postinst. Instead
reload when firewalld throws an error that it does not know a service. This
approach is more minimally intrusive and does not run reload operations when no
services need to be loaded, during Debian package building etc.
Closes: #376.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
bind9 package version 1:9.16.1-2 in unstable renamed bind9.service to
named.service. The new service file contains Alias=bind9.service. Use this
support multiple versions of the package across Debian stable, testing and
unstable.
Closes: #1816.
Tests performed:
- Enable the service. 'service enable bind9' is called but fails with error
ignored. 'service enable named' is also called but succeeds. Running 'service
is-enable bind9' and 'service is-enabled named' return success. App page show
enabled, there are no errors on the page.
- When app is enabled, there is no message that service is not running.
- When diagnostics are run, it shows that bind9 service is running.
- Disable the app. 'service disable bind9' is called. Running 'service is-enable
bind9' and 'service is-enabled named' return errors. App page shows disabled,
there are no errors.
- Repeat tests on Debian stable.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Using cockpit-pcp in ‘System’ section.
Signed-off-by: fred1m <frederic.le-meur@ac-versailles.fr>
[sunil: Minor grammar fix in description, minor styling]
[sunil: Drop the icon completely in favor of just the font icon]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Avoid no-response error when deleting a snapshot. This is caused when disk is
full and delete operation tries to store data in session which is stored on
disk. The session update fails and there are no values to delete. This case in
not handled and return a None in view causing a 500 error. Use GET params
instead.
- Delete all functionality that is meant to speed up deleting snapshots has
regressed and is currently never used. Further, there are more types of
snapshots that can't be deleted that needs to be handled in delete all
functionality. Drop it for now.
- When snapper list is run the snapshot number can contain '-', '+' or '*'
suffixed to it. Currently only '*' is handled. This leads to failure in listing
the snapshots after a restore snapshot'. Fix this is properly parsing. Also it
is no longer needed to query 'btrfs' command to know the snapshot that will
used at next boot. '+' or '*' means that.
- Don't list snapshot number '0'. It is never listed to the user and it can
never be deleted. It represents the current system.
- Properly implement checking for default and active snapshots. Don't let delete
operation on either of them.
- Fix regression with disabling the delete button when there are no snapshots
that can be deleted.
Tests performed:
- Before any snapshot is restored, the labels 'will be used at next boot' and
'in use' are not shown. Snapshot with number 0 is not shown.
- Immediately after restoring a snapshot, the 'will be used at next boot' label
will shown up on snapshot that is going to boot next.
- After rebooting after restore, the snapshot that has been restored will show
'will be used at next boot' and 'in use' labels. Restoring another snapshot will
move the 'will be used at next boot' label to the new restore snapshot but keep
the 'in use' label on the current snapshot until next reboot. Snapshot with
number 0 is not shown.
- Delete check boxes are not shown against the 'in use' and 'will be used at
next boot' snapshots. Entering their values manually in the URL in the delete
screen will lead them to be ignored.
- Select multiple snapshots and click delete. The details appear properly in the
confirmation window. Deleting will delete the snapshots.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Storage Snapshots will be installed by default. It will only be usable
if filesystem is btrfs. For other filesystems, a message is displayed
that it is not available.
Closes#1284.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #1846
Tests:
- When systemd-timesyncd is running, 'Run Diagnostics' button is shown and two
diagnostics results are shown. The two results appears on the diagnostics app
results too.
- When systemd-timesyncd is not running, 'Run Diagnostics' button is not shown.
Datetime app is not included the diagnostics app page results.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Merged the two DateTimeApp classes. In future, we will remove all
module.init() methods in favor of automatically performing the operations from
module_loader.
- Also fix an error running './run --list-dependencies' when running without
systemd support inside a test case container:
ERROR plinth.module_loader Exception while running init for <module 'plinth.modules.datetime' from '/builds/sunilmohan/plinth/plinth/modules/datetime/__init__.py'>: Command '['systemctl', 'show', '--property=ConditionResult', '--value', 'systemd-timesyncd']' returned non-zero exit status 1.
Traceback (most recent call last):
File "/builds/sunilmohan/plinth/plinth/module_loader.py", line 123, in _initialize_module
init()
File "/builds/sunilmohan/plinth/plinth/modules/datetime/__init__.py", line 77, in init
if _is_time_managed():
File "/builds/sunilmohan/plinth/plinth/modules/datetime/__init__.py", line 112, in _is_time_managed
output = subprocess.check_output([
File "/usr/lib/python3.8/subprocess.py", line 411, in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
File "/usr/lib/python3.8/subprocess.py", line 512, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['systemctl', 'show', '--property=ConditionResult', '--value', 'systemd-timesyncd']' returned non-zero exit status 1.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
CC: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Shows URLs and shared secret that communication servers like matrix-synapse
should be configured to. Later we will implement auto-configuring those servers.
- Allow selecting domain for the sake of TLS/DTLS certificate installation.
- Simplify systemd service file options. Drop log file and pid file support as
they are not needed with systemd. Add security options.
- Set custom configuration file by overriding systemd service file options so
that we don't have a problem with conffile prompts.
- Implement functional tests (and automatic diagnostics).
- Custom icon selected from the Noun project as Coturn project does not have
one.
- Backup/restore configuration file and certificates.
- Document some questions regarding configuration options.
Tests performed:
- App is not listed in the app page if 'advanced' flag is disabled.
- App name, icon and short description shows up correctly in apps page.
- App name, icon, short description, description, manual link, enable/disable
button and diagnostics link show up currently in app page.
- Verify that configuration used by coturn server is the FreedomBox
configuration by checking the cert path in the log output.
- PID file is not created in /var/run/turnserver/. It goes into /dev/null
according to the log output.
- No log file is created other than what is collected by systemd from command
line.
- systemctl show coturn.service shows all the intended restrictions such as
NoNewPrivileges, Protect* options.
- Run functional tests.
- Ensure that backup of configuration file works by taking backup, changing the
secret and restoring. During backup and restore coturn should be stopped and
started as per logs.
- Build Debian package. No warnings about the copyright file.
- Enabling the app enables the service and runs it.
- Disabling the app disables the service and stop it.
- All diagnostics tests pass.
- Diagnostic tests show firewall port coturn-freedombox for internal and
external networks, service coturn, and each listening port for udp4, udp6, tcp4
and tcp6.
- Information in the firewall page shows up properly. Enabling the app opens
firewall ports, and disabling it closes them.
- When the app is installed, if a cert domain is available, it will be used.
When multiple domains are available, one of them is picked.
- Status shows 4 URLs with the currently selected domain and secret key.
- Changing domain to another domain succeeds and reflects in the status
information.
- When no domain is configured. Installing the app succeeds. No domain is shown
in the list of domains.
- When domain is changed, the certificates files in /etc/coturn/certs are
overwritten.
- Certificates have the ownership turnserver:turnserver. Public key is cert.pem
has 644 permissions. Private is pkey.pem has 600 permissions. /etc/coturn/certs
is owned by root:root.
- Let's encrypt certificates are setup immediately after install.
- Port forwarding information shows all ports except for relay ports.
- Trying to create a user with username 'turnserver' throws an error. This
happens even when coturn is not installed yet.
- After installing coturn, the configuration file /etc/coturn/freedombox.conf is
created with ownership root:turnserver and permissions 640. The directory
/etc/coturn is created with ownership root:root and permissions 755.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
[jvalleroy: Fix copied form_valid comment]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
* `py.test-3 plinth/modules/mumble/manifest.py` said only two warnings
(could not create cache path {path})
* `sudo -u plinth /vagrant/run --develop` and https://localhost:4430/ had
show me what I expected
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- The repository has been renamed from 'plinth' to 'freedombox'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
