Unix paths can contain double quotes. Allow entering paths with double quotes by
escaping them in c-style[1] and retrieve them back properly.
1) https://httpd.apache.org/docs/2.4/expr.html
Tests:
Run tests on with various paths:
- /var/a b
- /var/c"d
- /var/ef"
Run the following tests.
- Create a directory with the test path and create a sample file inside it.
- Add a share with the test path.
- Ensure that the share is accessible and the file can be downloaded.
- Ensure that the list of the shares shows the path correctly.
- Ensure that the share can be edited.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Make terminology more consistent managed vs. possible, resolve vs. actual.
- Fix regression in security report caused by comparing package expressions with
package names.
- Fix regression in package upgrades caused by comparing package expressions
with package names.
- Update API method names to improve readability and prevent accidental
mismatching of package names and package expressions. Update variable names for
same reason during usage.
Tests:
- minetest install successfully in testing.
- Security report shows non-zero value in the current vulnerabilities column.
- When an unavailable package is added to list of packages in an app, the app
can't be installed.
- When PackageOr expressions is added to an essential package, running
--list-dependencies shows an expressions with '|' in it.
- Unit tests succeed.
- Find a package with conffile prompt and add that to list of a packages in an
app like bepasty and implement a stub force_upgrade() method in the app. Run
'apt update' and that triggers and analysis of packages with conf file prompts.
This should call force_upgrade() method in bepasty and with proper argument for
list of packages.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- managed_packages() finds all possible packages that could be
installed. This is used for the check in the action script.
- resolve() finds actual packages to be installed. This is used in
setup, diagnose, and has_unavailable_packages.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
This allows any binary package in src:freedombox to be upgraded from
backports, so that packaged manuals are included.
Thanks for Frank Woodward for finding the root cause and solution.
Tests:
- Build a FreedomBox bullseye image with backports disabled.
- During setup, enable backports, and update packages. freedombox
package from bullseye-backports is installed, but freedombox-doc-*
packages are from bullseye.
- Install freedombox package with the fix, and update
packages. freedombox-doc-* packages from bullseye-backports are
installed.
Closes#2106.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
When old configuration is not set and is exported with new code into newer
format, the result is a domain added with domain name 'null'. This causes issues
with UI not showing configuration and with null domain being added into
configurations of various daemons.
Tests:
- To reproduce the issue, switch to a revision with old dynamicdns code. Then
switch to a latest version without the fix. A 'null' domain is added to
configuration.
- To reproduce the issue, switch to a revision with old dynamicdns code. Then
switch to a latest version with the fix. A 'null' domain is not added to
configuration.
- With null domain in the configuration. Start FreedomBox with the fix. The null
domain should be removed and null domain should not be announced to other
daemons.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The module does not interact with kernel audit system or is not related to
security logging. The 'privileged' makes us pay more attension.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
For simplicity and consistency. Eliminate '_' in the name.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Drop all the bash code.
- Run the update URL code with same logic as before. Don't need to use action
code for it.
- Completely new way to handle configuration: using key/value store. Import old
configuration once and delete it.
- Use a glib scheduler instead of creating a cron job.
- Store and show status from key/value store.
- Handle multiple domains when getting/setting configuration and status. The UI
still shows a single configuration form. To be improved later.
- Catch and report all errors during the update process.
- Drop all NAT detection code.
- Drop selfhost.bz. German only, no free account, no proper TLS on domain, no
easy to test. Existing accounts will continue to work with "other" as the
service type.
- For gnudip update code, add a timeout of 10 seconds, set a buffer size of two
powers and fix handling error messages from server.
Tests:
- GnuDIP:
- Upon submission of the form, the IP is updated if app is enabled. IP is not
updated if app is disabled.
- Every 5 minutes, check is made again and IP is updated.
- If IP lookup URL is available, update calls are not made if the DNS is
already up-to-date.
- If IP lookup URL is not available, update calls are made unconditionally
every 5 minutes.
- For each of noip.com, freedns.afraid.org and other service:
- Upon submission of the form, the IP is updated if app is enabled. IP is not
updated if app is disabled.
- Every 5 minutes, check is made again and IP is updated.
- If IP lookup URL is available, update calls are not made if the DNS is
already up-to-date.
- If IP lookup URL is not available, update calls are made unconditionally
every 5 minutes.
- Form validation:
- Domain field is always mandatory.
- When type is selected as gnudip, the fields server, username, and password
are mandatory.
- When type is selected other than gnudip, the field update URL is mandatory.
The rest are optional.
- When the update URL contains a field contains <User>, username is mandatory.
For <Pass>, password is mandatory. For <Ip>, ip_lookup_url is mandatory.
- When use HTTP basic auth is checked, the fields username and password are
mandatory.
- Password is optional only if a previous password exists. If configuration is
deleted from kvstore, password is mandatory.
- Configuration import:
Install dynamicdns without the patch. Add configuration with each of the
service types. For GnuDIP service type, set two configurations with one with
and without IP lookup URL. Update to code with the patch. Setup should run.
- All fields in the configuration should be imported properly.
- If the previous configuration is disabled, app should be disabled after
import. Enabled otherwise.
- Updating the IP address should work immediately after import.
- Enable/Disable: when enabled, IP URL should be enabled every 5 minutes.
When disabled, updates should not happen.
- Status:
- When status is removed from the DB, it should show that no status is
available yet.
- When the form is updated or update happens via the timer, the status is
shown. It should show success for a proper update. Proper external IP address
should be shown.
- Set the server to localhost and submit. Status should show 'Server refused
connection' message. IP address should be '-'.
- Set the server to an unknown domain. Status should show 'Could not find
server' message. IP address should be '-'.
- Set the server to a known domain. Status should show 'Connection timed out'
message. IP address should be '-'.
- Last update time should keep increasing as time passes.
- Backup/restore:
- Functional tests.
- Javascript:
- When GnuDIP is selected as the type, the fields server, username, password,
domain, show password, and IP lookup URL should be shown while other fields
should be hidden. Same on page load with GnuDIP as pre-selected type.
- When GnuDIP is not selected as the type, the fields update URL, accept all
SSL certificates, use basic HTTP auth, domain name, username, password, show
password, IP lookup URL and use IPv6 fields should be shown and rest of the
fields should be hidden. Same on page load with non-GnuDIP as pre-selected
type.
- When show password is checked, password should be shown and when it is
unchecked, password is masked.
- When other service types are selected, the update URL values changes to the
respective service's URL.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Implemented within the backup component. Scope for implementing database
backup/restore in similar way.
- Add new 'settings' key in the backup manifest to allow keys to backed up and
restored.
- Implement by dumping/loading settings from DB into the file.
Tests:
- Unit tests.
- Backup/restore tests for dynamicdns workss.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Add Python implementation of GnuDIP client.
Tests:
- In testing container, configure Dynamic DNS with a (previously
offlined) freedombox.rocks account. FreedomBox interface shows that
the address has been updated. GnuDIP server also shows the correct
IP address.
- Running "gnudip update" and "dynamicdns update" actions produce the
expected results.
When this option is enabled, it would make the interface easy to work with. This
is likely what most users would want. Don't break things for users who have
already installed roundcube and ensure that local only is disable for them.
Tests:
- Install roundcube without the patch. Disable the app. Apply patch. Restart
service. Notice that roundcube is not re-enabled.
- Install roundcube without the patch. Apply patch. Restart service. Notice that
roundcube configuration /etc/roundcube/config.inc.php file has been updated and
include_once() at the end has been added. The file
/etc/roundcube/freedombox-config.php has been added. Local only option is
disabled.
- Install roundcube freshly with the patch. Local only option is enabled. Open
interface. Notice that server option is not presented.
- Disable local only option and notice that server field is shown in the
interface.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
[jvalleroy: Fix comment]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2069.
Without a listening port, coturn will try to enumerate the non-local IP
addresses and try to listen on them. If coturn is started before network is
fully setup, it finds no usable IP addresses and fails. Furthermore, if IPs are
added to the system, it does not automatically listen on them.
A better approach as advised by systemd NetworkTarget documentation is to listen
on a wildcard address. This does not require network to be online and works well
for IP addresses being added/removed from the system. coturn is itself unable to
make changes to its default listening behavior for backward compatibility.
Tests:
- Freshly install coturn. Observe that listening-ip is properly set in the
configuration file. coturn is listening on 3478, 3479, 5349, 5350. coturn is
listening on ::1 and * addresses instead of individual IP addresses.
- Install coturn without the patch. Apply the patch and restart FreedomBox.
coturn setup will run. listening-ips get added to the configuration file. The
static-auth-secret is not changed from earlier. coturn will be restarted. coturn
is listening on 3478, 3479, 5349, 5350. coturn is listening on ::1 and *
addresses instead of individual IP addresses.
- Install coturn without the patch. Disable coturn. Apply the patch and restart
FreedomBox. coturn setup will run. coturn will not be enabled. coturn will be
running after setup.
- Functional tests pass.
- All ports able to connect using netcat (nc command) with IPv4 (-4 option) and
IPv6 (-6 option).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2157.
Original author of the app J. Carlos Romero <juancarlos.romero@gmail.com> has
been contacted to see if there is interest in continuing to maintain the app.
There has been no response.
Since the app is not available even in the current stable (Bullseye), few users
are presumably using it on a supported FreedomBox distribution. Any users are
advised to maintain the manually instead of relying on FreedomBox for it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
matrix-synapse 1.47.0-2 requires python3-frozendict 1.2-3 or higher. This is
only available in bullseye-backports, testing and unstable but not bullseye.
Allow python3-frozendict to be installed from buster-backports. Further there is
no longer any need to allow packages from buster-backports (on the master
branch). So, drop all those.
Tests:
- On stable/testing, without matrix-synapse and its dependencies installed, run
matrix-synapse functional tests.
- On stable, with older version of matrix-synapse and python3-frozendict, run
unattened-upgrade and notice that matrix-synapse upgrades to latest version.
- Without this patch, run service. Notice the contents of
/etc/apt/preferences.d/51freedombox.pref. When this patch is applied and service
is restarted, upgrades app is setup again and the files contents will change as
expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes#2157.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Split diaspora and tahoe-lafs into separate commits]
[sunil: Remove monkeysphere from help/tests/test_views.py]
[sunil: Add to configuration file removal in Debian package and setup.py]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Skip handling of obsolete packages if there are none.
- Skip handling of debconf selections if none are required.
- Handle tt-rss same as other packages with prompts.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2159.
Ship a separate Apache configuration file instead of editing the one provided by
roundcube package. This avoids configuration file prompt when roundcube package
needs to be upgraded.
Tests:
- Freshly install roundcube package 1.4.x (using apt preferences and Bullseye),
run functional tests and login to a gmail account.
- Freshly install roundcube package 1.5.x (from testing), run functional tests
and login to a gmail account.
- Install roundcube 1.4.x version on testing container without these changes.
After applying these changes, run 'apt update' while roundcube is enabled and
let FreedomBox upgrade roundcube to 1.5.x version. After this, run functional
tests and login to a gmail account.
- Repeat the previous test with upgrade while rouncube is disabled. Then enable
rouncube, run functional tests and login to gmail account.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't try to get the depends from module level and sort modules based on that.
- Instead after all App instances are created, sort the apps based on
app.info.depends and app.info.is_essential.
- Print message that apps have been initialized instead of printing before they
are initialized. The correct order of apps is only known after they have been
initialized and sorted.
- Avoid circular import on module_loader and setup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Alias was added to deal with Buster -> Bullseye transition. In Buster the daemon
was named bind9 and in Bullseye the daemon is named named with alias to bind9.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Instead of getting it from managed_packages module level variable. This is made
possible by the ability to instantiate an app without being able to instantiate
all apps at once and without even initializing Django.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Syslog is not used on FreedomBox machines. Logging to syslog instead of
journald looses a lot of information fields that are otherwise available.
- Drop logging additional information. Most of the information is already
present in full journald records. Access using journalctl -o json.
- Use the same formatting for console as the primary daemon.
- When logging for actions, capture warnings too.
- Always log to stderr so that UI can capture the traceback and show UI error
messages. stderr is never used for returning data.
Tests:
- Run action script using command line with a error 'sudo actions/email_server
home mk a b'. See the traceback message printed on stderr (not stdout). Message
is printed with full field information in journalctl -o json.
- Main daemon writes to stderr and to journal with same formatting as before.
- Adding a warning in action code or main daemon results in printing of the
warning with desired formatting. import warnings; warnings.warn('Foo warning')
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Parse arguments in a readable way.
- Convert decorator into simple call.
- Make a simple call instead of looking for subcommand.
- Don't setup logging in global scope.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Helps test cases.
- In future, we can resize non-root partitions.
Tests:
- On an amd64 disk image, apply this patch. Increase the image size. Boot the
image. During first setup. The root partition should get expanded successfully
and show full disk size.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Avoid flake8 warnings.
- Makes the call more explicitly readable in case an exception is expected but
check=True is not passed by mistake.
Tests:
- Many tests are skipped since the changes are considered trivial.
check=False is already the default for subprocess.run() method.
- actions/package: Install an app when it is not installed.
- actions/upgrade: Run manual upgrades.
- actions/users: Change a user password. Login. Create/remove a user.
- actions/zoph: Restore a database.
- container: On a fresh repository, run ./container up,ssh,stop,destroy for a
testing container.
- plinth/action_utils.py: Enable/disable an app that has a running service.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Functions needed to spot and remove installed conflicting packages
before installation of apps.
- Remove all packages in a single operation as this way apt can search for
solutions to conflicts more easily.
- Use type hints rather than a lot of type checking. Type hints shall later be
enforced using offline checking (with mypy) or at runtime (with enforce, etc.).
Signed-off-by: Fioddor Superconcentrado <fioddor@gmail.com>
[sunil: Run single remove operation on all packages]
[sunil: Use type hints instead of extensive type checking]
[sunil: Trim down the test case as it would only succeed after install]
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
package
Avoid the deprecation warning:
DeprecationWarning: str for data is no longer accepted, use bytes
sig = crypto.sign(pkey, data, 'sha512')
Tests:
- Login to web interface, access Syncthing web interface. The login should work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Done automatically by running isort . in top level directory.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- TLS configuration as recommended by Mozilla's SSL Configuration Generator with
'Intermediate' configuration. See:
https://wiki.mozilla.org/Security/Server_Side_TLS
- Disable ciphers that are weak or without forward secrecy.
- Allow client to choose ciphers as they will know best if they have support for
hardware-accelerated AES.
- TLS session tickets (RFC 5077) require restarting web server with an
appropriate frequency. See:
https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslsessiontickets
- Send OCSP responses to the client and reduce their round trips.
- No need to increment apache app version number as it has already been
incremented in this release cycle for enabling HTTP/2 module.
Tests:
- FreedomBox interface is reachable with the changes.
- ssllabs.com gives an A+ rating on a server with these changes.
- All ciphers are shown as secure.
- Forward Secrecy rating is ROBUST.
- OCSP stapling shows as enabled.
- Client support seems to match the expected after dropping <= TLS1.1.
- Session resumption with tickets shows as disabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Enabling the module automatically sets 'Protocols h2 h2c http/1.1' in shipped
module configuration.
- HTTP/2 is given higher priority over HTTP/1.1 for supported clients.
- Clients not supporting HTTP/2 continue to work with HTTP/1.1.
- Clients work by using APLN extension in TLS to figure out that server supports
HTTP/2 and use it.
- HTTP/2 improves performance.
- Recommended by Mozilla's SSL configurator: https://ssl-config.mozilla.org/.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Use php-fpm instead of using mod-php.
- Create database and setup permissions manually. Tables and initial data are
created during the initial setup process done by WordPress. Database upgrades
are handled by WordPress. Minor versions are upgraded automatically and major
version need user intervention.
- Backup/restore functionality including database.
- Install recommended extensions for performance.
- Setup and run cron jobs to ensure that scheduled publications are
completed (among other things). Service has systemd security features. Timer is
set to run every 10 minutes.
- Functional tests for adding/removing posts and backup/restore.
- Increase file upload size limit to 128MiB.
- A private mode (default) for keeping the setup process secure. Should be
disabled after first setup is completed. This uses a new approach using
file-based flag for different Apache configurations.
TODO:
- Find a nice way to allow WordPress to upload plugins/themes. Currently this
operation files and users are expected to manually scp the files to
/var/lib/wordpress/wp-content/{plugins,themes} directory.
Tests:
- Functional tests.
- Schedule publishing of a post. Notice that post got published.
- Test uploading a file larger than 2MiB.
- Test enabling permalinks. This leads to nicer looking URLs.
- Test adding images to posts/pages.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
email_server:
- `-i` option passes all remaining arguments to action
- delete unused "touch file" option
Views:
- delete broken links
- add tabs to every page
- separate admin tabs from user tabs
- Rewrote action script to eliminate stdin communication
- Changed return type of audit.*.get()
- An audit can return multiple lines of diagnostics
- Move recommended endpoint URLs into function docstrings
