Closes: #2215.
- matrix-synapse >= 1.55.0-2 requires python3-jinja2 >= 3.0~
- python3-jinja2 >= 3.0~ requires python3-markupsafe >= 2.0
Tests:
- On a stable container, matrixsynapse app is not installable.
- With the changes, start FreedomBox service, setup will run on the upgrades
module and /etc/apt/preferences.d/51freedombox-apps.conf will be changed to
include the two new entries. After this, matrix-synapse app is installable.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2063.
When admin password is being set in MediaWiki, if the password is found in the common
list of passwords, MediaWiki will fail instead of setting the password. Detect
this case and show an error instead of a hard server.
Tests:
- Setting the admin password to 'passwordpassword' fails due to check in common
passwords list. A message is shown that strong password is needed instead of a
500 error page.
- Set the password to 'passwordpassword' and update other settings. Settings are
updated with success message but password update fails with error message.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Sunil: Current passwords policies as of MediaWiki 1.35.6 do not require capital
letter and numeral. Add comment that the password can't be common one.
Tests:
- Set the admin password to 'testingtesting'. Update should be successful.
[sunil: Fix typos]
[sunil: Drop checking for capital letter and numeral in password]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Without the base attribute set, LDAP search returns no results and because of
the lookup failure LMTP will not be able to deliver message even though postfix
has successfully received the messages.
Tests:
- On a fresh container, send a message to a local user using roundcube. The user
should receive the message successfully.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Unix paths can contain double quotes. Allow entering paths with double quotes by
escaping them in c-style[1] and retrieve them back properly.
1) https://httpd.apache.org/docs/2.4/expr.html
Tests:
Run tests on with various paths:
- /var/a b
- /var/c"d
- /var/ef"
Run the following tests.
- Create a directory with the test path and create a sample file inside it.
- Add a share with the test path.
- Ensure that the share is accessible and the file can be downloaded.
- Ensure that the list of the shares shows the path correctly.
- Ensure that the share can be edited.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Make terminology more consistent managed vs. possible, resolve vs. actual.
- Fix regression in security report caused by comparing package expressions with
package names.
- Fix regression in package upgrades caused by comparing package expressions
with package names.
- Update API method names to improve readability and prevent accidental
mismatching of package names and package expressions. Update variable names for
same reason during usage.
Tests:
- minetest install successfully in testing.
- Security report shows non-zero value in the current vulnerabilities column.
- When an unavailable package is added to list of packages in an app, the app
can't be installed.
- When PackageOr expressions is added to an essential package, running
--list-dependencies shows an expressions with '|' in it.
- Unit tests succeed.
- Find a package with conffile prompt and add that to list of a packages in an
app like bepasty and implement a stub force_upgrade() method in the app. Run
'apt update' and that triggers and analysis of packages with conf file prompts.
This should call force_upgrade() method in bepasty and with proper argument for
list of packages.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
In Bookworm, the minetest-mod-player-3d-armor package is renamed to
minetest-mod-3d-armor. Allow either package name to fulfill the
requirement, so that the app is installable in both Bullseye and
Bookworm.
Fixes#2164.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Viewing a wifi connection will cause a 500 error. To reproduce this
issue, go to plinth/sys/networks/. If no wifi connections exist,
add one use the "Add Connection" button. Then, click on the name of
the wifi connection to view it. A 500 error is returned.
This commit fixes this error so the normal "show connection" is
returned. It also fixes a bytestring conversion error
for the SSID and a blank value for "mode" on the page.
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This allows any binary package in src:freedombox to be upgraded from
backports, so that packaged manuals are included.
Thanks for Frank Woodward for finding the root cause and solution.
Tests:
- Build a FreedomBox bullseye image with backports disabled.
- During setup, enable backports, and update packages. freedombox
package from bullseye-backports is installed, but freedombox-doc-*
packages are from bullseye.
- Install freedombox package with the fix, and update
packages. freedombox-doc-* packages from bullseye-backports are
installed.
Closes#2106.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2186.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[jvalleroy: Remove duplicate import]
[jvalleroy: Reword help text slightly]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
When old configuration is not set and is exported with new code into newer
format, the result is a domain added with domain name 'null'. This causes issues
with UI not showing configuration and with null domain being added into
configurations of various daemons.
Tests:
- To reproduce the issue, switch to a revision with old dynamicdns code. Then
switch to a latest version without the fix. A 'null' domain is added to
configuration.
- To reproduce the issue, switch to a revision with old dynamicdns code. Then
switch to a latest version with the fix. A 'null' domain is not added to
configuration.
- With null domain in the configuration. Start FreedomBox with the fix. The null
domain should be removed and null domain should not be announced to other
daemons.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Since FreedomBox does not allow any users but those belonging to 'admin' group
to login, using passwd driver for auth means that only admin can login to
postfix/dovecot. Fix this by reverting to using LDAP driver.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Unified querying, reduce random writes for SD cards, eliminate need for separate
log rotation.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The site will then redirect to a language specific URL.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Otherwise, the default directives in 10-auth.conf take higher priority.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Not very critical. Reduce complexity. Re-implement later at framework level.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
They are unused. postfix-ldap is needed for LDAP based maps. In dovecot,
authentication happens using PAM.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
There is nothing related to LDAP in the module. It actually configures postfix.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Remove unnecessary complex crash handler needed due to setting the service
configuration in two steps. Merge the two step into one after which crash
handler is not needed.
- Drop '_unsafe' API and verify all keys and values for sanity.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is not critically needed in FreedomBox. Implementation is complex. This may
be recreated at framework level to benefit all applications.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The module does not interact with kernel audit system or is not related to
security logging. The 'privileged' makes us pay more attension.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
A fresh install of clamav-daemon takes up about 1GiB or RAM. Most of this is the
virus signature database and is used regularly for a scan. This makes ClamAV
unsuitable for FreedomBox running on many single board computers. Drop ClamAV
until we start recommending/requiring at least 2GiB of RAM.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- There is no use case for keeping an alias disabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
