Tests:
- systemd-run --pipe
--property=BindReadOnlyPaths=/usr/share/freedombox/etc/needrestart/conf.d/freedombox-self.conf:/etc/needrestart/conf.d/freedombox-self.conf
ls -la /etc/needrestart/conf.d/ shows that the new configuration is listed as
expected.
- Running about command with 'cat /etc/needrestart/conf.d/freedombox-self.conf'
shows that configuration content is as expected.
- Running functional tests for coturn app work as expected. systemd journal
shows that transient services are being created to run apt commands.
- After the execution of an operation an empty file is created as
/etc/needrestart/conf.d/freedombox-self.conf.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[Sunil]:
- Drop Uwsgi component entirely. After the changes, it mostly looks like Daemon
component minus some features. One change that Uwsgi component does is when
component is disabled, it also stops and disables the .service unit. Stopping
the service is useful and we can add this to Daemon component.
- Use /run instead of /var/run/ as 1) /var/run is a symlink to /run 2) /run/
path is what is listed in uwsgi-app@.socket unit file.
- Implement upgrade for apps from older version. Disable and mask uwsgi init.d
script. Enable the daemon component if the webserver component is enabled.
- Update manifest files to deal with .socket units instead of 'uwsgi' service.
Backup the /var/lib/private directories as that is actual directory to backup
with DynamicUser=yes.
- For bepasty load the configuration as a systemd provided credential since
DynamicUser=yes.
- Remove the /var/lib/private directories during uninstall.
- Don't create user/group for bepasty as it is not needed with DynamicUser=yes.
Tests:
- Radicale
- Functional tests pass
- Freshly install radicale.
- Web interface works.
- Create and edit calendars
- Path of the storage directory is in /var/lib/private/radicale (after
accessing web interface)
- Permissions on the storage folder and files inside are set to nobody:nobody.
- Uninstall removes the /var/lib/private/radicale directory.
- Create a calender and backup the app. Uninstall the app. Re-install the app.
The calendar is not available. After restoring the backup, the calendar is
available.
- Install radicale without patch and create a calendar. Apply patches and
start plinth.service. Setup is run. UWSGI is disabled and masked. Service is
running. Old calender is visible.
- Install radicale without patch. Disable and apply patches and start
plinth.service. Setup is run. UWSGI is disabled and masked. Service is not
running. Enabling the service works.
- After upgrade, data storage path got migrated to /var/lib/private/radicale.
Old data is accessible.
- After upgrade the directory is still owned by radicale:radicale.
- Freshly install radicale with patch and restore an old backup. The data is
available in the web interface and data was migrated to
/var/lib/private/radicale.
- Bepasty
- Functional tests pass
- Freshly install bepasy.
- Enabling and disabling rapidly works.
- Uploading files works.
- Path of the storage directory is /var/lib/private/bepasty.
- Permissions on the storage folder are as expect 755 but on the parent are
700.
- Permissions on the stored files are 644 and owned by nobody:nobody.
- Uninstall removes the /var/lib/private/bepasty directory.
- Upload a picture and backup the app. Uninstall the app. Re-install the app.
The uploaded file is not available. After restoring the backup, the uploaded
file is available.
- Install bepasty without patch and upload a file. Apply patches and start
plinth.service. Setup is run. UWSGI is disabled and masked. Service is
running. Old uploaded picture is visible.
- Install bepasty without patch. Disable app. Apply patches and start
plinth.service. Setup is run. UWSGI is disabled and masked. Service is not
running. Enabling the service works.
- After upgrade, data storage path got migrated to /var/lib/private/bepasty.
Old data is accessible.
- After upgrade the directory is still owned by bepasty:bepasty.
- Freshly install bepasty with patch and restore an old backup. The uploaded
file is available in the web interface and data was migrated to
/var/lib/private/bepasty.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Without patch, open FeatherWiki wiki and save after 5 minutes. Save fails.
- Apply the patch, Apache app setup is run and mod_auth_openidc configuration
is updated. Open FeatherWiki wiki and save after 5 minutes. Save works, wiki
contents are saved.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
In the upstream demo, https://janus.conf.meetecho.com/demos/videoroom.html, the
font-awesome glyphicons were only being used to show the 'user' icon next to
alias text field. We have replaced that with a simple unicode character. We also
seem to have dropped the dependency on Debian package. However, we seem to
forgotten to remove the inclusion of the JS file. This leads to a 404 error when
loading Janus room.
Tests:
- The page loads and works as expected. The 'user' icon shows up. There are no
404 errors in the browser console.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Adding and deleting a custom service no longer results in an error message.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All the icons appear as before in both light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- The icons appears as before in the app page in light/dark themes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- The icons appears as before on the add/edit/delete buttons in light/dark
themes.
- The icon appears as before on the error message.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Drop unnecessary inkscape markup.
- Ensure that all the SVGs have viewBox='' attribute.
- Drop unnecessary id='' attributes.
- Prefix all IDs with 'autoidmagic-'. This will be replaced with a random string
for each inlining in HTML to avoid duplicate IDs.
Tests:
- All SVGs appear the same as before.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Remove the following warnings when running functional tests.
plinth/modules/calibre/tests/test_functional.py:13: PytestUnknownMarkWarning: Unknown pytest.mark.sso - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html
pytestmark = [pytest.mark.apps, pytest.mark.sso, pytest.mark.calibre]
plinth/modules/kiwix/tests/test_functional.py:15: PytestUnknownMarkWarning: Unknown pytest.mark.sso - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html
pytestmark = [pytest.mark.apps, pytest.mark.sso, pytest.mark.kiwix]
plinth/modules/searx/tests/test_functional.py:9: PytestUnknownMarkWarning: Unknown pytest.mark.sso - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html
pytestmark = [pytest.mark.apps, pytest.mark.searx, pytest.mark.sso]
plinth/modules/syncthing/tests/test_functional.py:11: PytestUnknownMarkWarning: Unknown pytest.mark.sso - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html
pytestmark = [pytest.mark.apps, pytest.mark.syncthing, pytest.mark.sso]
plinth/modules/transmission/tests/test_functional.py:13: PytestUnknownMarkWarning: Unknown pytest.mark.sso - is this a typo? You can register custom marks to avoid this warning - for details, see https://docs.pytest.org/en/stable/how-to/mark.html
pytestmark = [pytest.mark.apps, pytest.mark.transmission, pytest.mark.sso]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes: #2568.
When Let's Encrypts events are fired for all applications, they happen on apps
that install as well. They have not been a problem so far because seem to
succeed always. However, ejabberd recently changed to having '*' for list of
domains accepted and also has non-root account for certificate ownership. This
combination causes a certificate operation to fail as the package 'ejabberd' is
not installed and 'ejabberd' user is not available. Fix this by making limiting
certificate operations to apps that have been installed.
Tests:
- Add a new domain name to a production FreedomBox using the Dynamic DNS
'tester' account. 'ejabberd' app should not be installed. LE events fire and a
log message showing failure is noticed. All the events after the failure for
other apps also succeed. The failure is a minor and contained to ejabberd.
- Apply the patch and revoke the certificate. LE event is fired on all other
installed apps but not on ejabberd. No error is logged.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Django's request.get_host() use X_FORWARDED_HOST when appropriate and falls
back to HTTP_HOST. In case of FreedomBox due to 'ProxyPreserveHost On' in Apache
configuration, both the values are the same. So, it makes no difference.
- Also document the need for 'ProxyPreserveHost On' in another validation.
Tests:
- Log the value of request_host, request.META['HTTP_HOST'], and
request.META['X_FORWARDED_HOST'] in DiscoverIDPView:get(). All the values are
same when accessing with IP address value not starting with 127.0.0.1.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Update download link to .exe provided by WireGuard.
A utility that downloads, verifies and executes provided MSIs.
source: https://www.wireguard.com/install/
Signed-off-by: Frederico Gomes <fredericojfgomes@gmail.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Link to the F-Droid WireGuard package returns 404 Not Found.
WireGuard seems to no longer be packaged by F-Droid.
Signed-off-by: Frederico Gomes <fredericojfgomes@gmail.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Since FreedomBox does not depend on the package anymore, unattended-upgrades
will remove the package. This causes Apache2 to fail to start. Disable the
module from Apache2 configuration.
Tests:
- Remove the libapache2-mod-auth-pubtkt package. Re-run apache app setup by
incrementing it version number. Apache will fail to start. Apply the patch and
increment the version number. auth_pubtkt module will be disabled and Apache is
automatically running again.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Clear out the directory /var/cache/apache2/mod_auth_openidc/metadata/. Then
run diagnostics on Calibre app without the patch. Several URLs fail because 404
has been returned on <domain>/calibre URL. With the patch the diagnostics
succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- 'make install' removes enabled sso module
- Already logged in users stay logged in after update
- Apps need to re-authenticate of update (but this is transparent)
- Login and logout work as expected
- Failed login attempts lead to CAPTCHA form
- CAPTCHA form can't be skipped
- Answering CAPTCHA form will lead back to login page
- Users functional tests work
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
