/etc/sysctl.conf is owned by procps package.
Test: Run minidlna install on fresh image.
- /etc/sysctl.conf is not modified.
- /etc/sysctl.d/50-freedombox.conf has the expected content.
- /proc/sys/fs/inotify/max_user_watches contains 100000.
- Running with these changes upgrades app version and triggers a setup. Changes
in /etc/sysctl.conf are removed. After undoing the changes /etc/sysctl.conf is
identical to pristine version installed from procps package. This can be
obtained by running; rm -f /etc/sysctl.conf ; apt install --reinstall procps -o
Dpkg::Options::=--force-confmiss
Closes#1802.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Undo changes done in /etc/sysctl.conf in older versions]
[sunil: Increment app version to trigger configuration migration]
[sunil: Ensure that app is not re-enabled during migration]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Remove freedombox-udiskie.service file. Don't run udiskie anymore. Use our own
implementation of auto-mounting.
- Schedule disk failure checking to 3 seconds after application initialization.
Also perform auto-mounting at that time.
- Listen to new filesystems added and auto-mount them.
- Listen to disk failing attribute and report to user via a notification.
- Add rules to polkit-1 to allow plinth user to mount drives.
- Add simple abstractions over DBusProxy objects make accessing properties
simpler.
- Replicate udiskie's approach to mounting disks.
- Mount as root user for now using command line instead of DBus API. This is to
keep compatibility with older code that mounted under /media/root with relaxed
permissions.
Udiskie analysis:
- On device added, media added, perform auto_add
- On device changed and is addable and old state is not addable or removeable
- Automount condition:
- Matches configuration
- Not ignored
- is_filesystem and not mounted -> mount
- crypto device -> try unlock -> if success, mount
- is partition table
- Get all non-ignored devices, if partition then mount
- Mount condition:
- Is not ignored
- Is filesystem
- Find device with path
- Get options from configuration
- Is ntfs and executable ntfs-3g is not available
- Call mount
- No support for udisks1
- Built-in rules
- {'symlinks': '/dev/mapper/docker-*', 'ignore': True}
- {'symlinks': '/dev/disk/by-id/dm-name-docker-*', 'ignore': True}
- {'is_loop': True, 'is_ignored': False, 'loop_file': '/*', 'ignore': False}
- {'is_block': False, 'ignore': True}
- {'is_external': False, 'is_toplevel': True, 'ignore': True}
- {'is_ignored': True, 'ignore': True}
Tests performed:
- Create a CDROM in VM, inject media. Disk should get mounted.
- Create a temp file. mkfs.ext4 it at top level. losetup it. It should not get
auto mounted as it is a top level internal device.
- Create a temp file. Create two partitions and format the partitions. kpartx
-a on it. Both the file systems should get mounted.
- Create a temp file. luksformat it. Create a filesystem. luksopen the file.
It should get auto mounted.
- Checking for disk space repeatedly happens every 3 minutes.
- Drives are checked for healthy status only once, 3 seconds after FreedomBox is started.
- FreedomBox is able to mount disks while running as 'plinth' user with
policykit-1 version 0.105-26.
- FreedomBox is able to mount disks while running as 'plinth' user with
policykit-1 version 0.116-2 from experimental.
- Temporarily flip the is_failing condition in report_failing_drive. When
FreedomBox is restarted, notification about drives failing show up. When the
condition is reverted to normal, the notification is withdrawn.
- Build new Debian package and upgrade system with 20.8 installed. Two files
should be removed:
/var/lib/systemd/deb-systemd-helper-enabled/freedombox-udiskie.service.dsh-also
/etc/systemd/system/multi-user.target.wants/freedombox-udiskie.service .
systemctl status freedombox-udiskie.service should report no such unit.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Avoid no-response error when deleting a snapshot. This is caused when disk is
full and delete operation tries to store data in session which is stored on
disk. The session update fails and there are no values to delete. This case in
not handled and return a None in view causing a 500 error. Use GET params
instead.
- Delete all functionality that is meant to speed up deleting snapshots has
regressed and is currently never used. Further, there are more types of
snapshots that can't be deleted that needs to be handled in delete all
functionality. Drop it for now.
- When snapper list is run the snapshot number can contain '-', '+' or '*'
suffixed to it. Currently only '*' is handled. This leads to failure in listing
the snapshots after a restore snapshot'. Fix this is properly parsing. Also it
is no longer needed to query 'btrfs' command to know the snapshot that will
used at next boot. '+' or '*' means that.
- Don't list snapshot number '0'. It is never listed to the user and it can
never be deleted. It represents the current system.
- Properly implement checking for default and active snapshots. Don't let delete
operation on either of them.
- Fix regression with disabling the delete button when there are no snapshots
that can be deleted.
Tests performed:
- Before any snapshot is restored, the labels 'will be used at next boot' and
'in use' are not shown. Snapshot with number 0 is not shown.
- Immediately after restoring a snapshot, the 'will be used at next boot' label
will shown up on snapshot that is going to boot next.
- After rebooting after restore, the snapshot that has been restored will show
'will be used at next boot' and 'in use' labels. Restoring another snapshot will
move the 'will be used at next boot' label to the new restore snapshot but keep
the 'in use' label on the current snapshot until next reboot. Snapshot with
number 0 is not shown.
- Delete check boxes are not shown against the 'in use' and 'will be used at
next boot' snapshots. Entering their values manually in the URL in the delete
screen will lead them to be ignored.
- Select multiple snapshots and click delete. The details appear properly in the
confirmation window. Deleting will delete the snapshots.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is workaround for /usr/bin/php pointing to a different version than what
php-defaults (and php-mbstring, php-xml) points to. See:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959742
Tests performed:
- On unstable, install MediaWiki and open the web interface.
- On testing, install MediaWiki and open the web interface.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Shows URLs and shared secret that communication servers like matrix-synapse
should be configured to. Later we will implement auto-configuring those servers.
- Allow selecting domain for the sake of TLS/DTLS certificate installation.
- Simplify systemd service file options. Drop log file and pid file support as
they are not needed with systemd. Add security options.
- Set custom configuration file by overriding systemd service file options so
that we don't have a problem with conffile prompts.
- Implement functional tests (and automatic diagnostics).
- Custom icon selected from the Noun project as Coturn project does not have
one.
- Backup/restore configuration file and certificates.
- Document some questions regarding configuration options.
Tests performed:
- App is not listed in the app page if 'advanced' flag is disabled.
- App name, icon and short description shows up correctly in apps page.
- App name, icon, short description, description, manual link, enable/disable
button and diagnostics link show up currently in app page.
- Verify that configuration used by coturn server is the FreedomBox
configuration by checking the cert path in the log output.
- PID file is not created in /var/run/turnserver/. It goes into /dev/null
according to the log output.
- No log file is created other than what is collected by systemd from command
line.
- systemctl show coturn.service shows all the intended restrictions such as
NoNewPrivileges, Protect* options.
- Run functional tests.
- Ensure that backup of configuration file works by taking backup, changing the
secret and restoring. During backup and restore coturn should be stopped and
started as per logs.
- Build Debian package. No warnings about the copyright file.
- Enabling the app enables the service and runs it.
- Disabling the app disables the service and stop it.
- All diagnostics tests pass.
- Diagnostic tests show firewall port coturn-freedombox for internal and
external networks, service coturn, and each listening port for udp4, udp6, tcp4
and tcp6.
- Information in the firewall page shows up properly. Enabling the app opens
firewall ports, and disabling it closes them.
- When the app is installed, if a cert domain is available, it will be used.
When multiple domains are available, one of them is picked.
- Status shows 4 URLs with the currently selected domain and secret key.
- Changing domain to another domain succeeds and reflects in the status
information.
- When no domain is configured. Installing the app succeeds. No domain is shown
in the list of domains.
- When domain is changed, the certificates files in /etc/coturn/certs are
overwritten.
- Certificates have the ownership turnserver:turnserver. Public key is cert.pem
has 644 permissions. Private is pkey.pem has 600 permissions. /etc/coturn/certs
is owned by root:root.
- Let's encrypt certificates are setup immediately after install.
- Port forwarding information shows all ports except for relay ports.
- Trying to create a user with username 'turnserver' throws an error. This
happens even when coturn is not installed yet.
- After installing coturn, the configuration file /etc/coturn/freedombox.conf is
created with ownership root:turnserver and permissions 640. The directory
/etc/coturn is created with ownership root:root and permissions 755.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
[jvalleroy: Fix copied form_valid comment]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
If an error occurs during creation of a git repository, delete possibly
corrupted git repository directory and show more specific error message.
Closes#1829
Tests performed:
- Gitweb unit and functional tests pass
- Create a small disk for git repositories:
> dd if=/dev/zero of=disk.img iflag=fullblock bs=128k count=100 && sync
> mkfs.ext4 disk.img
> mount -o loop disk.img /var/lib/git/
- Clone a large repository https://salsa.debian.org/freedombox-team/plinth
Disk got full during cloning remote repository. Repository listing do not
show this repository anymore. (No errors is shown to the user.)
- Fill disk space:
> head -c 1G </dev/urandom > /var/lib/git/myfile
- Disk is full. Cloning an existing remote repository fails with an error
message (No space left on device)
- Disk is full. Creating a new repository fails with an error message
(No space left on device)
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
In case the package to be installed (or its dependencies) conflicts
with freedombox (or its dependencies), this will fail the installation
rather than removing the freedombox package.
Closes#1790.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
When private mode is turned on and off, a setting to allow anonymous editing is
being written. This turns on anonymous editing on the wiki. To fix, drop the
code that adds anonymous editing line and implement migration from older
settings to newer settings.
Closes: #1783.
Tests performed:
- Install mediawiki with current master. Private mode is disabled by default.
Anonymous users can't edit. There is a line for editing set to false in
FreedomBoxSettings.php configuration file. Switch to latest code. The line
should be removed. private mode is still disabled. Anonymous users should not be
able to edit the wiki.
- Install mediawiki with current master. Enable private mode. Anonymous users
can't edit, login is required to view wiki. There is a line for editing set to
false in FreedomBoxSettings.php configuration file. Switch to latest code. The
line should be removed. private mode is still enabled. Anonymous users should
not be able to edit the wiki. Login is required to view the wiki.
- Install mediawiki with current master. Enable private mode and disable it.
Anonymous users can edit the wiki. There is a line for editing set to true in
FreedomBoxSettings.php configuration file. Switch to latest code. The line
should be removed. private mode is still disabled. Anonymous users should not be
able to edit the wiki but they can read the wiki.
- Install mediawiki with the changes in the branch. Line for editing the wiki is
not present in FreedomBoxSettings.php configuration file. Enabling/disabling the
private mode does not introduce the line either. When private mode is enabled,
login is required to read/edit the wiki. When it is disabled, anonymous users
can read the wiki but not edit it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
If the app is disabled and configuration is edited, don't start the daemon.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Nektarios Katakis <iam@nektarioskatakis.xyz>
Commit 50e5608331330b37c0b9cce846e34ccc193d1b0d incorrectly sets the
StateDirectory without setting DynamicUser. Buster's shadowsocks will then
create directory /var/lib/shadowsocks-libev/freedombox/ and refuse to delete it
in later versions when DynamicUser=yes needs it to be a symlink.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Nektarios Katakis <iam@nektarioskatakis.xyz>
- Reduce password length to encourage users to use the auto-generated one
instead of setting a new one.
- Don't set mode to tcp_and_udp: 1) upstream default to TCP only, leave the
decision to upstream. 2) firewalld service file only allows TCP. Without editing
the firewalld configuration, this change is incorrect.
- Don't set timeout. This values matches with the upstream default.. Leave this
to upstream.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Nektarios Katakis <iam@nektarioskatakis.xyz>
- Ensure that /var/lib/private/shadowsocks-libev/freedombox always exists. This
fixes not being able to save configuration after setup on fresh Buster installs.
- Merge migration path from version 1 to 2 into setup process in an idempotent
way.
- Always creating an initial configuration file so that daemon starts soon after
install. Set a default random password. Localhost as default server.
Closes: #1792
Signed-off-by: Nektarios Katakis <iam@nektarioskatakis.xyz>
[sunil: Minor indentation, update commit message]
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Don't ship the file preferences file as this is a violation of the Debian
policy. Lintian throws a hard error that can't be overridden. Remove the lintian
override. Remove this file using maintainer scripts when upgrading from all
version below 20.5.
- The preferences file is now renamed to 50freedombox4.pref.
- Instead write the file when the app is getting setup (on each new version).
- Don't run the setup code on daily timer, instead run the code when the app
upgrades. This ensures that as soon as freedombox package is upgraded and run,
the new preferences file is created instead of waiting for the daily timer to
run.
- From now on when the preferences change, we will increment the version number
of the upgrades app. Change the setup() for the app so that it does not
re-enable automatic upgrades every time setup() is run.
Closes: #1673.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Change in any of the following is treated as unique: protocol, frontend port,
subdomains.
- Change in any of the following is not treated as unique: backend port.
Issue reported in
https://salsa.debian.org/freedombox-team/plinth/-/merge_requests/1742#note_147960
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
When app is disabled with older code, 'abort_not_configured' is present in the
configuration file. Wipe it when re-enabling with newer code.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Turn some methods in action script to private to improve abstraction.
- Always enable the predefined services when setting the configuration for the
first time.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Simplifies the form submission code.
- When service is disabled, don't add the abort_not_configured configuration
flag. There is not need to change the configuration as disabling the daemon from
running is reliable enough.
- When the configuration is set for the first time, drop the
abort_not_configured flag and don't ever add it back.
- Set default values properly for frontend fields when no value is supplied.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Merge actions is-disabled, get-frontend, get-kite and get-services into
get-config. This improves the initial startup time for FreedomBox service and
also the page load time for pagekite app. This also significantly simplifies the
code.
- Only use the pagekite service enabled status determine if pagekite is enabled.
Don't use the configuration setting.
- For custom services, provide additional data such as display URL from
get-config action. This removes the need for additional processing
prepare_service_for_display() and template tag create_pagekite_service_url.
- Also reduce the number of times configuration is retrieved to 1 when loading
the app view page and during startup of FreedomBox service.
- Ensure that all keys of the configuration always present and use that to
simplify some code.
- Remove ContextMixin from view DeleteServiceView that does not need it. Use
AppView and drop ContextMixin.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Action script:
- must not be root when validating directory
- return only first validation error
- Directory selection form, transmission, deluge:
show the download path as it is in the configuration,
the path is resolved only on form submit.
- Tests: add relative path checks, refactor parametrize code
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Shadowsocks is unable to read its own configuration file because it
doesn't have read permissions to the file.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[jvalleroy: Add comment about security concerns]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #1779.
Wait until configuration files are created the deluge services.
- Deluged service on Debian Stable creates the core configuration file after
first exit. The version on Debian Testing creates the configuration file during
first run.
- deluge-web seems to create web.conf on first run.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Significantly reduce the time taken to perform the operations in the following
cases:
- Enable/disable an app
- list services in firewall page
- Load app page when interfaces belonging to internal zone need to shown
- First run setup of FreedomBox
- Install a polkit local authority configuration file to allow FreedomBox
service to perform: information queries and configuration changes.
- Drop unused actions.
- Alter the template for showing firewall port information since port/protocol
pairs are no longer pre-formatted.
- Handle errors when trying to get ports details of an unknown service.
Tests performed:
- Enable/disable an app. Ensure with firewall-cmd that ports are added/removed
properly.
- Temporarily modify code to call add_service() and remove_service() twice in a
row. Perform enable/disable operations and ensure that there are not error
thrown to test that add/remove services operations are idempotent.
- Visit the firewalld page and see the current state is reflected properly.
- Visit an app that shows the list of interfaces in firewall zone. Internal
interfaces should be listed properly.
- Reset the installed version of firewall app and disable all firewall services.
Start FreedomBox and ensure that when setup is re-run, default ports (http,
https, dns and dhcp) are opened properly. Run again but with ports already
enabled to check that the setup operation is idempotent.
- Visit diagnostics of an app that uses firewall components and see that ports
are listed properly in the port diagnostic test result.
- Remove some needed services such as those in /etc/firewalld/services and try
to visit the firewalld page. The page should show blank details against the
affected services.
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Additional ')' got accidentally inserted into the augeas path to be read during
a commit for routine styling (ed646d84a51ae2c54ed7950ce60cb9e9662ada71).
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- The Debian package doesn't ship a gzip compressed settings file anymore.
- Tested both the cases - settings.yml.gz and settings.yml
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Create parent directory before simple copy of settings.yml]
[sunil: Use pathlib for simpler code]
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- samba app doesn't need anymore to change mount permissions
Fixes#1692 (in a different way)
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Deluge setup now waits longer after first startup to make sure services
are fully started.
Fixes#1764
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- add directory selection form to the app configuration page
- add debian-deluged user to the freedombox-share group
- storage: new validator parameter check-creatable
(because deluged is able to create subdirectories)
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The repro app has been disabled for a long time. Its package has been
removed from Debian, and there is no sign of it returning soon.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
- Any changes done directly using 'wg' command need to be redone after a reboot
and disable/enable sequence. Let that duty be handled by network manager.
- Handle (none) values for keys and 0 values for latest handshake from 'wg'
dump command output.
- Don't store public/private keys for wireguard in /var/lib. Let Network Manager
deal with the storage of secrets.
- Create client connections in the 'external' zone.
- Show allowed IPs for each client in the main page.
- Show server connection public key only for clients. We use different key pairs
when connecting to each of the servers.
- Separate out configuration information and status information in the show
page.
- Allocate IP addresses to each of the clients.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't create network link. This don't persist across reboots and it is the job
of Network Manager.
- Move NM settings code to regular plinth process instead of superuser.
Permission for managing NM connections from the service daemon is granted by
PolKit.
- Use interface name to identify the connection as it seems to be simply to do
so than the public key. Public key is not easy to retrieve from NM connection.
- Merge code for adding and editing the connection to avoid repetition.
- Add icon to the edit button.
- Throw 404 error when incorrect client is specified.
- Fix issue with storing preshared key.
- Show formatting date in case of last connected time.
- Show formatted sizes for data transmitted.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Use the new method for creating network manager client instance]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
