- Verify that issue data is sent in context properly.
- Ensure that an external request is not made during testing.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
This doesn't use the how-can-i-help package, but it is a similar
implementation that fetches the same data from udd.debian.org.
There are sections for the following issues:
- Packages that will be removed from Debian testing
- Packages that are not in Debian testing
- Good first issues for beginners
- Issues for which the package maintainer has requested help
The overall "How can I help?" section is collapsed by default.
Test:
- View the page in stable and testing container.
- Run help functional tests.
Closes: #536
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Minor indentation fix]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Additional plugin and theme installation is done with the 'direct filesystem
method' as opposed to ssh, so this package is not needed.
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Functional tests pass
- Same tests as previous patch for setting logging to syslog.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Default backend for fail2ban is systemd journal. Roundcube will be configured in
FreedomBox to log to journal (via syslog).
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- On a fresh container, install roundcube. log_driver is set to syslog in
freedombox-config.conf.
- Install roundcube without the changes. Enable local only. Apply the changes
and restart service. roundcube setup is run. log_driver is set to syslog in
freedombox-config.conf. Setting is still local-only.
- Install roundcube without the changes. Disable local only. Apply the changes
and restart service. roundcube setup is run. log_driver is set to syslog in
freedombox-config.conf. Setting is still not local-only.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This reduces the number of writes to the disk improving disk longevity and IO
performance. Note that systemd-journald is already very reasonable with how
often it writes to the disk. It's flush interval is 5 minutes.
Most users of FreedomBox are not expected to see logs. Those that see the logs
do so for debugging purposes. Debugging can still be done if reboot does not
occur. Users can change the logging mode to 'persistent' before debugging issues
that require reboot. This makes debugging harder for non-reproducible bugs, but
is, at present, considered an acceptable compromise.
Tests:
- On a fresh container, with the patch applied, config page shows 'volatile' as
the logging mode.
- On an container with changes not applied, start freedombox service. Then apply
the patch and restart service. config app setup will be run. Config page shows
'volatile' as the logging mode.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- None disables logging altogether. This is useful when we want to prevent
FreedomBox from collecting IP addresses of visitors and other sensitive
information.
- Volatile logs are kept in RAM until the system is rebooted. Only 5% of RAM
will be used at most and only 2 days worth of logs are kept.
- Permanent will store logs into /var/log/journal. systemd-journald defaults
will apply. 10% of disk capacity is used at most, capped at 4GiB. Also logging
will stop if free space is below 15%. Maximum of 100 files are kept. No time
based cleanup is done.
Tests:
- Set the logging mode to disabled. Observe that `journalctl -f` does not show
any logs (say when performing plinth actions).
- Set the logging mode to volatile. Observe that `journalctl` shows that logging
is set to /run/log/journal/ and 5% of available memory is set as maximum.
- Set the logging mode to persistent. Observe that `journalctl` shows that
logging is set to /var/log/journal/ and 10% of disk space is set as maximum.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- It is simpler to keep all the configuration in a single file. Any overrides
are expected to be done by writing additional configuration files with higher
priority.
- /etc/apache2/site-available/ is typically reserved for virtual host
configurations. Redirections and proxying for all virtual hosts rather belongs
in /etc/apache2/conf-available/.
- This looses the option of disabling plinth-ssl.conf when needed. In the
initial days of enabling TLS, there was a need felt to keep the option of easily
disabling redirection to TLS in case there is a need for it. However, TLS
certificate setup is mature and the limitations are well understood. There is no
longer a need for it. It still may be possible to avoid the redirection with an
additional configuration.
Tests:
- In a fresh container, setup succeeds. Redirecting to https:// for /plinth
works. FreedomBox web interface is available.
- Without the patch applied created a container. Run setup and access Plinth
interface. Apply the patches. Apache setup is run. a2query -s plinth and a2query
-s plinth-ssl show that sites are not enabled. Redirecting to https:// for
/plinth works. FreedomBox web interface is available.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This makes it clearer why one would wish to install and use this app.
Closes#2236.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
[sunil: Update description for simplicity, group info]
[sunil: Indentation fixes]
[sunil: End all URLs with a slash]
[sunil: Update frontpage shortcut to be a simple one]
[sunil: Enable single-sign-on for main interface only]
[sunil: In copyright file, merge with public-domain section]
[sunil: Simplify and vectorify the icon]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
I tested additionally that if the root user has already configured
default branch other than main, it is not changed by the gitweb app
setup process.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Login to Cockpit on a freshly setup container.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When Cockpit is not configured any origins, it uses the host and protocol of the
incoming request to set the allowed origin for WebSocket connections. By
ensuring that the original host/protocol is passed on to Cockpit from the
browser, we can eliminate the need for configuring a pre-determined list of
origins. Passing the host and protocol from the browser is done by setting
ProxyPreserveHost and using https:// for proxying.
For a cross-site request, Origin: and Host: entries won't match and '403
Forbidden' is thrown. So, this approach is still safe.
Tests:
- Without the patch, access Cockpit using IP address and it fails. Apply the
patch. Cockpit setup should run. Origins= directive in the configuration file
/etc/cockpit/cockpit.conf should get removed. Accessing with IP address and
logging in succeeds.
- Freshly setup a container with the patch and access Cockpit using IP address.
This works and login succeeds.
- Test on stable and testing containers.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- App installation works. Proxying works when configured with Firefox.
listen-address and permit-access directives are set as expected in the
configuration file.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Make sure a user might not run Privoxy as an open proxy, potentially giving
unwanted access to local resources. Only private IP classes are allowed to
connect.
Tests:
- Freshly install privoxy app. permit-access directives are set in the
configuration. Proxy works when tested with a private IP address with Firefox.
- Install privoxy app without the changes. Apply the changes, privoxy setup
should run. permit-access directives are set in the configuration. Proxy works
when tested with a private IP address with Firefox.
- Privoxy works when accessed with IPv4 address (such as 10.42.0.x) and IPv6
address (such as fe80:❌y:z%ve-fbx-testing).
[sunil: Use Spacevars augeus lens to edit the configuration file]
[sunil: Update IP ranges with auto-configuration, IPv6 addresses, etc.]
[sunil: Update description to mention that only local IPs are allowed]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2089.
Tests:
- Regular startup works without errors. Cockpit is ordered after Apache.
- After creating a fresh container, Cockpit works as expected. Cockpit setup
runs after Apache setup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This was required in Python 2 but useless in Python 3.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is recommended by PEP-0597: https://peps.python.org/pep-0597/
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Make the umount code specific to SSH repositories]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Test I made: Created a few users, then appied the changes
and rebooted FreedomBox. After reboot I created another user
whose home directory could now be listed.
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This allows the root channel name to be preserved as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't use command line argument for sending the join password for security.
- murmurd can switch to mumble-server UID before performing database operations.
Remove code to switch to mumble-server user.
- murmurd seems to return correct response code of 0 upon successfully setting
the password. Simplify code accordingly.
- Use subprocess.run() instead of subprocess.Popen for convenience.
Tests:
- Run functional and unit tests on Debian stable.
- Perform a fresh installation.
- Verify that setting super user password works.
- Verify that setting root channel names works.
- Verify that setting join password works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2230.
- matrix-synapse >= 1.59.1-1 requires python3-unpaddedbase64 >= 2.1.0~
Tests:
- On a stable container, matrixsynapse app is not installable.
- With the changes, start FreedomBox service, setup will run on the upgrades
module and /etc/apt/preferences.d/51freedombox-apps.conf will be changed to
include the two new entries. After this, matrix-synapse app is installable.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Get and set the storage path.
- Functional tests pass.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Update the form description for styling]
[sunil: Show the default site name when nothing is set]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Choices includes all of the available domain names in the system, as
well as any domains that are in ejabberd configuration.
Tests:
- Disable a domain. It is removed from ejabberd config.
- Enable a domain. It is added to ejabberd config.
- Enable all name services. Run ejabberd functional tests and observe
that they pass.
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes#2183.
Tests:
- Install Ejabberd. "Automatically manage audio/video call setup" is
enabled.
- Set a domain name and install Coturn. Ejabberd config is updated.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Helps: #2228.
In Django 4.0, form_valid() method should be overridden instead of delete()
method. This is because DeleteView inherits from FormMixin. To make the code
work for Django 2.2 and up, implement both methods but make delete() method
available only after base __init__() so that Django does not show a warning with
Django 4.0.
Tests:
- Run unit tests on stable, testing and unstable containers.
- Create a temporary user and delete the user. User deletion success message
must be show. Create another user with the same username as the deleted user (to
ensure that deletion actually happened). Perform the test on stable, testing and
unstable containers.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[james: Apply yapf formatting]
[james: Minor adjustment to help text]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
- Discussed during progress call.
- More testing has happened on the app since making it available.
- Will document difficulties with setting up domain name and ISP outgoing
traffic on port 25.
Tests:
- App is available without the advance flag.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
As discussed during progress calls, this is a pre-condition for making the app
generally available (without advanced flag).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Add basic video room based on demo.
- Set port range to use for RTP.
- coturn: Add component for time-limited TURN configuration.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Don't error out when coturn is not installed/configured]
[sunil: Prepend data- to custom attribute in HTML]
[sunil: Convert SVG with embedded bitmap to vector graphics]
[sunil: Hide Javascript license information in footer]
[sunil: Minor changes to comments for styling]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Newer versions of wordpress after Bullseye seem to have a different HTML
structure for the title element. Make the functional tests work for the new
structure as well as the old one.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Show the current name of the root channel
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[james: Use augeas for config file operations]
[james: Pass channel name on command line]
[james: Add functional test for change root channel name]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
