Due to permission restrictions on the configuration file (due to stored
password), it is not possible to read it as plinth user. Read it using
sudo instead.
This can then be used by a privileged action to verify that packages
requested for installation are in fact valid. This slightly improves
security of those privileged actions.
Currently menu items are shown in alphabetical order in applications and
no clear order in system configuration. This is done using static
weights for menu items based on English names that does not work for
other locales.
Sorting can't be done at the time of adding menu items as users of
multiple locales may use the interface at the same time.
Implement a sorting mechanism based on existing order as well as labels
of menu item. This allows the flexiblity of grouping menu items in
future as it may be need for system configuration. In case of help menu
Remove sort order for all modules except for help menu as here we want
that specific order.
wget does not seem to support interface scoping for IPv6 addresses. For
example, http_proxy=http://[fe80::babe:ff:ffff:babe%eth0]:8118/ . Curl
supports this.
This fixes most of the failures for IPv6 related addresses. Hide the
last failure as there does not seem to be a proper fix from OS level:
when using link local addresses, if a hostname is resolved to IPv6 link
local address, it is not scoped to that interface. It can't properly be
used by any tool then.
- adapted all modules to not use views.ConfigurationView anymore
- removed templates that are not needed anymore
- no more implicit 'enabled' and 'get_status' functions in __init__.py files
- (more coherent/explicit use of Django functionality)
The Service object now offers handling services on a system level,
and gathering information whether it's enabled or running.
New methods: enable, disable, is_enabled, is_running;
For this it needs the correct (system-level) service name.
All of the methods can be overridden/customized.
This changes all modules to the new Service object and deletes
action scripts that are not required anymore.
- API: start, stop, enable, disable, reload, is-running, is-enabled, list
- only allows access to a service if the service name is listed in a
'managed_services' variable of any plinth module.
- The last part of the module import path is the module name. This also
becomes the Django app name. Apps names have to be unique. Hence,
there is no scope for two different modules with same name but
different load path to exist in the project.
- Most uses of list of loaded modules are dealing with app names instead
of full module load path. This is due to the fact that Django deals
with app names and not module paths.
- It is also somewhat clumsy to access a loaded module as we are
re-importing every time to get access module.
- Simplify all of the above by using app names are module identifiers
and maintaing an ordered dictionary of app names to loadded modules.
- Remove unused imports.
- Minor styling fixes.
- To check whether a service is running does not require root
privileges. This can directly be done from a module without any
action.
- Since actions are allowed to be run using sudo, introducing
unnecessary sub-commands increases attack surface.
- Simple functions calls are unnecessarily being converted to command
line invocations and involve parsing response.
- There is a lot of repeated code because of this that can be
eliminated.
- To generalize this, we need to make all non-root system operations
directly from module instead of delegating to action commands.
- For each application, add ./tests directory and __init__.py file
within it.
- Modify test controllers (coverage.py, runtests.py) to find the new
test directories for testing and coverage analysis.
- Move existing application-specific test modules (test_pagekite.py) to
the newly created directories.
- Introduce Apache configuration for plinth.
- Remove Transmission service file for firewalld.
- Enable transmission on install.
- Enable/disable Apache configuration on Transmission on enable/disable.
- Remove IP address whilelisting as 127.0.0.1 is the default setting and
is sufficient for Apache to reverse proxy.
- Update UI URL.
