Closes: #1782.
This restores the API to the earlier behavior of ignoring errors when firewalld
is not running. This may not be the best approach however.
- Ignore errors on all operations when firewalld is not running. This include
enable/disable service, list interfaces of a zone, get service ports and get
enabled service.
- Log errors when firewalld is not running.
- ALREADY_ENABLE and NOT_ENABLED errors already ignored during enable/disable
service operations respectively.
Tests successfully executed:
- Turn off firewalld and perform following operations. They should all log an
error that firewalld is not running.
- Visit app page of an app that works only on internal networks such as
Privoxy. It should show that there are no internal networks.
- Run diagnostics of an app. It should show ports for a service as empty list.
- Enable/disable an app, it should enable/disable without failure.
- Visit firewall app page. It should show that firewalld is not running.
- Perform all the about operations without error message showing up and with
expected results.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Significantly reduce the time taken to perform the operations in the following
cases:
- Enable/disable an app
- list services in firewall page
- Load app page when interfaces belonging to internal zone need to shown
- First run setup of FreedomBox
- Install a polkit local authority configuration file to allow FreedomBox
service to perform: information queries and configuration changes.
- Drop unused actions.
- Alter the template for showing firewall port information since port/protocol
pairs are no longer pre-formatted.
- Handle errors when trying to get ports details of an unknown service.
Tests performed:
- Enable/disable an app. Ensure with firewall-cmd that ports are added/removed
properly.
- Temporarily modify code to call add_service() and remove_service() twice in a
row. Perform enable/disable operations and ensure that there are not error
thrown to test that add/remove services operations are idempotent.
- Visit the firewalld page and see the current state is reflected properly.
- Visit an app that shows the list of interfaces in firewall zone. Internal
interfaces should be listed properly.
- Reset the installed version of firewall app and disable all firewall services.
Start FreedomBox and ensure that when setup is re-run, default ports (http,
https, dns and dhcp) are opened properly. Run again but with ports already
enabled to check that the setup operation is idempotent.
- Visit diagnostics of an app that uses firewall components and see that ports
are listed properly in the port diagnostic test result.
- Remove some needed services such as those in /etc/firewalld/services and try
to visit the firewalld page. The page should show blank details against the
affected services.
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Remove the need to pass all the individual information elements to the AppView
separately. This eliminates many issues with elements that were mistakenly not
sent to AppView. Also reduces a lot of code duplication.
- Create App classes for power and sso for consistency.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Use AppView for firewall view so that diagnostics button shows up
automatically. Consistency with the rest of the apps. Allow new features to
AppView become useful.
- A status section is automatically added but can be removed when all the other
apps loose their status section.
- Does not change anything else.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Test that a port meant to available to internal network is available.
- Test that a port meant to available to external network is available.
- Test that a port meant to unavailable to external network is unavailable.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- move header section to it's own file so that it can be imported across
the app (app.html, simple_app.html, setup.html)
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #1608
Allow upgrade to any version of 0.7.x series. Use new configuration and apply
the two default configuration changes of FreedomBox.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Currently, in cases of ignoring an upgrade and actually upgrading, the log
message says success which is somewhat confusing. Make the force_upgrade()
methods in apps return information about ignoring the upgrade and print log
message accordingly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Introduce base class for all apps that will contain components. With
unittests.
- Introduce base classes for components. With unittests.
- Turn Menu class into an app component.
- Further cleanup Menu class.
- Update tests.
- Maintain a global list of menu items and look them up easily. Generalize
such that subsubmenus can later be merged into Menu class.
- Cleanup scope of main menu initialization.
- Use None instead of empty strings for various values. Ensure that
printing short_description does not show 'None' in output.
- Use enable/disable instead of promote/demote.
- Use menu component in all apps.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Add interface to get port types and numbers for a service.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Since it is no longer a paragraph but title, no need for colon. Reuse existing
translated message instead of using 'Current Status'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- firewalld is always on an active. Running setup is not a problem.
- Installing new configuration and applying changes on top is more reliable.
Changes to be done are not configuration settings but FreedomBox defaults.
Fixes: #1367.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
restart service after setting the firewall backend
Fixes#1400Fixes#1430
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
There might be data to backup in future if we allow adding custom rules or
provide features such as blocking untrusted devices at home. Currently, it is
just an assurance to the user that there is no data to backup.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes#930
- Make targets to download wiki pages of each service
- Add post-processor script for DocBook file processing
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
There is no need to restart firewalld after the setup steps run.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Remove apps and system modules and merge their views into main views.
- Move main_menu from cfg into menu.py.
- Remove dependencies of other modules on apps and system modules.
- Update tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Most tables now occupy the full width of the container row. Some of
them are otherwise squished. Also make sure the new fixed container
layout has not reduced the originally intended width of a table.
This can then be used by a privileged action to verify that packages
requested for installation are in fact valid. This slightly improves
security of those privileged actions.
Currently menu items are shown in alphabetical order in applications and
no clear order in system configuration. This is done using static
weights for menu items based on English names that does not work for
other locales.
Sorting can't be done at the time of adding menu items as users of
multiple locales may use the interface at the same time.
Implement a sorting mechanism based on existing order as well as labels
of menu item. This allows the flexiblity of grouping menu items in
future as it may be need for system configuration. In case of help menu
Remove sort order for all modules except for help menu as here we want
that specific order.
When firewall services are list, the order changes for every run of
plinth and is not predictable making it hard to lookup a service. List
services alphabetically to fix the problem.
- The last part of the module import path is the module name. This also
becomes the Django app name. Apps names have to be unique. Hence,
there is no scope for two different modules with same name but
different load path to exist in the project.
- Most uses of list of loaded modules are dealing with app names instead
of full module load path. This is due to the fact that Django deals
with app names and not module paths.
- It is also somewhat clumsy to access a loaded module as we are
re-importing every time to get access module.
- Simplify all of the above by using app names are module identifiers
and maintaing an ordered dictionary of app names to loadded modules.
- Remove unused imports.
- Minor styling fixes.
