- Significantly reduce the time taken to perform the operations in the following
cases:
- Enable/disable an app
- list services in firewall page
- Load app page when interfaces belonging to internal zone need to shown
- First run setup of FreedomBox
- Install a polkit local authority configuration file to allow FreedomBox
service to perform: information queries and configuration changes.
- Drop unused actions.
- Alter the template for showing firewall port information since port/protocol
pairs are no longer pre-formatted.
- Handle errors when trying to get ports details of an unknown service.
Tests performed:
- Enable/disable an app. Ensure with firewall-cmd that ports are added/removed
properly.
- Temporarily modify code to call add_service() and remove_service() twice in a
row. Perform enable/disable operations and ensure that there are not error
thrown to test that add/remove services operations are idempotent.
- Visit the firewalld page and see the current state is reflected properly.
- Visit an app that shows the list of interfaces in firewall zone. Internal
interfaces should be listed properly.
- Reset the installed version of firewall app and disable all firewall services.
Start FreedomBox and ensure that when setup is re-run, default ports (http,
https, dns and dhcp) are opened properly. Run again but with ports already
enabled to check that the setup operation is idempotent.
- Visit diagnostics of an app that uses firewall components and see that ports
are listed properly in the port diagnostic test result.
- Remove some needed services such as those in /etc/firewalld/services and try
to visit the firewalld page. The page should show blank details against the
affected services.
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Additional ')' got accidentally inserted into the augeas path to be read during
a commit for routine styling (ed646d84a51ae2c54ed7950ce60cb9e9662ada71).
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- The Debian package doesn't ship a gzip compressed settings file anymore.
- Tested both the cases - settings.yml.gz and settings.yml
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Create parent directory before simple copy of settings.yml]
[sunil: Use pathlib for simpler code]
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- samba app doesn't need anymore to change mount permissions
Fixes#1692 (in a different way)
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Deluge setup now waits longer after first startup to make sure services
are fully started.
Fixes#1764
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- add directory selection form to the app configuration page
- add debian-deluged user to the freedombox-share group
- storage: new validator parameter check-creatable
(because deluged is able to create subdirectories)
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The repro app has been disabled for a long time. Its package has been
removed from Debian, and there is no sign of it returning soon.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
- Any changes done directly using 'wg' command need to be redone after a reboot
and disable/enable sequence. Let that duty be handled by network manager.
- Handle (none) values for keys and 0 values for latest handshake from 'wg'
dump command output.
- Don't store public/private keys for wireguard in /var/lib. Let Network Manager
deal with the storage of secrets.
- Create client connections in the 'external' zone.
- Show allowed IPs for each client in the main page.
- Show server connection public key only for clients. We use different key pairs
when connecting to each of the servers.
- Separate out configuration information and status information in the show
page.
- Allocate IP addresses to each of the clients.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't create network link. This don't persist across reboots and it is the job
of Network Manager.
- Move NM settings code to regular plinth process instead of superuser.
Permission for managing NM connections from the service daemon is granted by
PolKit.
- Use interface name to identify the connection as it seems to be simply to do
so than the public key. Public key is not easy to retrieve from NM connection.
- Merge code for adding and editing the connection to avoid repetition.
- Add icon to the edit button.
- Throw 404 error when incorrect client is specified.
- Fix issue with storing preshared key.
- Show formatting date in case of last connected time.
- Show formatted sizes for data transmitted.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Use the new method for creating network manager client instance]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- run deluged daemon with default configuration location
- deluge-web: autoconnect to the deluged daemon
- functional tests: assert deluge-web is connected to the deluged daemon
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Speedup actions script startup time from 3.6s to 0.45s on
A20-OLinuXino-LIME2 hardware, improve top three slowest imports:
- don't import constant from manifest (saves 2.7s)
- defer importing actions_utils and augeas (saves 0.3s + 0.15s)
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
This enables clients to connect to servers on IPv6 networks. After the
connection, the tunnel works just like before.
- Make sure that after upgrading the server configuration, if the server is
running (which means it was enabled), restart the server to reflect the new
configuration.
- Don't increment the app version number as it has already been incremented in
this release cycle.
Tests:
- Check that the listen address before the change is 0.0.0.0:1194 and after
upgrade (temporarily increment app version number again) the listen address
automatically changes to *:1194.
- Download the new client profile and use it connect to the server on IPv4
network and observe that there is error during connection.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
On Raspberry Pi 3B+ image, it was observed that resizing partition fails during
initial setup. Due to this, Apache, SSH and Plinth become unavailable. This is
due newer version of parted 3.3 (Debian testing/unstable) which does not work
with ---pretend-input-tty option as previously expected of parted 3.2 (Debian
buster).
Fix the problem by sending answers to promoted questions via stdin instead of
via command line. This solution works on both versions of parted, i.e., 3.2 and
3.3.
Tests:
- On a freshly built Raspberry Pi 3B+ unstable image the problem is
reproducible. Running expand partition fails repeatedly.
- Downgrade version of parted to 3.2 observe that the expanding operation runs
fine. Upgrade to version parted 3.3 again.
- Apply the patch on the action script. Re-run expanding partition and observe
that the problem is resolved. The version of parted is 3.3.
- Downgrade the version of parted to 3.2. Downsize the partition, re-run
expanding partition.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes#1731
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Refactor getting skins and form field for simplicity]
[sunil: Remove incorrect change to showing success form message]
[sunil: Minor simplification to editing the configuration]
[sunil: Read configuration value enclosed in single as well as double quote]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Set the session cache to use database. This will also have the added benefit of
sessions persisting across reboots (and PHP session cleanups). See bug report on
why this is needed. https://salsa.debian.org/freedombox-team/plinth/issues/1736
We are unfortunately modifying the MediaWiki settings that file that we are
shipping when preferences are modified in the FreedomBox UI. This means that if
a newer version of this settings file is shipped, then FreedomBox package will
show configuration file prompts. To solve this, introduce a new static settings
file that will have lower priority than the file modified by FreedomBox UI.
Closes: #1736.
Tests:
- Test that running FreedomBox daemon with changes runs the MediaWiki app's
setup and introduces the new line into LocalSettings.php
- That LocalSettings.php will be populated with lines to include
FreedomBoxStaticSettings.php and FreedomBoxSettings.php in that order when
'actions/mediawiki setup' is run. This should work when no lines are present,
one of the lines is already present and both the lines are already present.
- Test that running './setup.py install' installs FreedomBoxStaticSettings.php.
- Test that MediaWiki runs without FreedomBoxStaticSettings.php
- Test that private wiki and public registrations settings work with the new
changes.
- Run functional tests for MediaWiki app with the changes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
By default update.php will pause for 5 seconds before doing anything
to remind the user to make a backup before the script runs. Since we're
running it in a separate process where the user won't get that opportunity
anyways, skip the 5 second delay by passing `--quick`.
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Fix: after renaming a user delete old username from the Samba password database
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- new share types - group and home shares
- users: when creating, deleting or changing user password, update also Samba
tdbsam backend database
- users: new managed packages - samba-common-bin, tdb-tools
- module page: show current samba users who are in freedombox-share group
- module page: show users who should re-enter their password in the password change page
- fix: use os.path.ismount() from Python standard library to validate a mount point
- fix: samba share permissions, fixes#1729
- fix: delete a share - do not raise an exception if the share doesn't exist
- storage: show samba share type in the directory selection form
Closes#1727
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Directory selection allows to:
- select from default directory
- select from available Samba shares
- specify subdirectory
- insert custom directory
- directory validator checks: path exists, is directory, is readable, is writable
- samba: action script: include share path in share list
- create freedombox-share group inside users module instead of samba module
Closes#1703
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
