- Ignore errors while trying to expand a file path list into its .d components
path list.
- Ignore errors when reading shortcuts fails a file for any reason.
- Errors when reading configuration file already ignored. os.path.isfile() and
configparser.Configparser.read() do not raise an exception under any
circumstances.
Analysis:
Regression in 20.12 reported at
https://discuss.freedombox.org/t/fb-20-12-solved-plinth-fails-to-start-due-to-new-frontpage-py-shortcuts-and-filesystem-permissions/994/4
- freedom-maker creates /var/lib/freedombox/ with mode 755 as root but this only
applies for disk images.
- freedombox.postinst, networks, apache check for the existence of
/var/lib/freedombox/is-freedombox-disk-image .
- Samba creates /var/lib/freedombox with mode 755 as root.
- Backups creates /var/lib/freedombox/borgbackup but not the parent directory?
- Shortcuts are now read from /var/lib/freedombox/.
Tests performed:
- Create directories /var/lib/freedombox and /etc/freedombox with permission set
to 750. In case of configuration, an early warning message is printed and in
case of shortcuts warnings are printed but service starts properly. Changing the
permission to 755 removes the warnings.
- Ensure 755 permission on above two directories. Create non-empty files
custom-shortcuts.json and freedombox.config with permissions 640. In case of
config no warning is printed (silently ignored) and in case of shortcuts,
warning is printed that file could not be read but service starts properly.
Changing the permission to 644, no warnings are printed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Read configuration files from three different locations.
/usr/share/freedombox/freedombox.config, /etc/plinth/plinth.config and
/etc/freedombox/freedombox.conf. Later listed has higher priority.
- Provide backward compatibility for /etc/plinth/plinth.config files. With lower
priority than /etc/freedombox but higher priority than /usr/share/.
- Read sorted files from config.d directories with the same suffix as original
configuration file. Parse them by priority. This allows administrator/programs
to drop in configuration bits without worry about editing files.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Avoid a top level source code file.
- Makes it clear that the configuration file is only meant for development
purposes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- The configuration module defaults to values in the production configuration
file.
- If the file is found, it is read and the read values overwrite the defaults.
If the file is not found, no error is raised. This allows us to not ship the
configuration file. User may create the configuration if they want to change the
defaults. This eases upgrades when configuration is edited. This also make
FreedomBox robust to deployments where /etc/ is not populated by default such as
OSTree. It is also a good practice for daemons as followed by the likes of
systemd.
- If the file partly populated only the values read override the defaults and
the remaining values don't change. This allows the user to write simpler
configuration file.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This was needed when our behavior for reading production vs. development
configuration depended on the presence of configuration files in expected
locations. The current behavior is based on whether --develop option is given or
not. This behavior is safer and more predictable.
So, remove the option to fallback to develop configuration if the production
configuration is not found.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- The code was never used by end users.
- The code was expected to be used long back but the plans didn't materialize.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- There is no compelling reason to make the file configurable. Simplifies
configuration file if we make it relative to FreedomBox data directory.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
- Use the X-Forwarded-For header only if specified in the configuration. This
makes FreedomBox safe to use when not behind a reverse proxy server (although
we are unlikely to do this).
- When fetching the IP address to reset after successful login, use the
X-Forwarded-For header only if specified in the configuration.
- Minor flake8 refactorings.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Remove access/error log references in configuration files and tests.
- Ensure that /var/log/plinth directory is not created anymore.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Static files are directly served by the CherryPy web server.
- .gitignore file placed as a placeholder to be able to commit the directory
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
And re-activate cfg.get_config_paths() for easier testing
Signed-off-by: Michael Pimmer <info@fonfon.at>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Remove apps and system modules and merge their views into main views.
- Move main_menu from cfg into menu.py.
- Remove dependencies of other modules on apps and system modules.
- Update tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
We pretty much only run in systemd environment and I don't see that
changing any time soon. By relying on it, we can reduce some burden.
Remove init script.
Daemonizing is not needed for systemd. Remove code related
daemonization.
- Split the read method into two separate methods for getting the config
file and for reading config file.
- Use logging module for printing error.
- Fix global variable naming.
- Get/set/show the realpath of the config file.
- Convert config items into a list so that the order is more
predictable. This is the reason for unpredictable failures in test
cases.
The name 'Plinth' (cfg.product_name) is not used anymore after my previous
commits.
Reason for the complete removal: I do not think that users should know or have
to care about the internal name of the web interface of the FreedomBox.
- Explicitly state datatype in config_items to handle them more
generically
- Handle boolean values correctly. Before this fix we got the string
'False' which evaluated to True (this affected the entry
'use_x_forwarded_host').
- Add the config entry 'danube_edition'. Activating it shows a voucher
input field for pagekite accounts on freedombox.me during the
firstboot process. Other vouchers (i.e. for VPN services) might
follow. Add description and test for 'danube_edition' setting.
- Change default server directory from plinth/ to /plinth as the program
expects.
- First load the values from configuration file and then override them
with command line parameters.
- Show default values on the command line help.
- Use configuration file values as default values to command line
parameters.
- Log the value of script prefix (server_dir) for easy debugging.
- Make sure the server_dir is properly loaded from configuration files.
* Add unit tests for cfg.py, context_processors.py, and menu.py
* Add new plinth/tests/data directory for miscellaneous test data
* In cfg.py, add an explicit check to verify the existence of the secondary
(non-default) plinth.config file
* In cfg.py, replace deprecated configparser.SafeConfigParser with
configparser.ConfigParser
- Request Apache to send X-Forwarded-Proto header.
- Use X-Forwarded-Proto header to understand original protocol
requested.
- Use X-Forwarded-Host header to understand original host requested.
- Allow any incoming host header so that FreedomBox can have any
hostname and when user requests for Plint with that hostname, it
works.
- Don't depend on Apache to rewrite the Location: header. Instead use
the original host and original scheme to set proper Location: header.
The package license (AGPL3+) implicitly indicates the license of each
file. However, it is desirable to have license headers in each file.
This is the case for many prominent projects like GNU project, Mozilla
etc.
- Remove dependency on withsqlite and use Django models.
This avoids depending on a module that is not available in PyPi.
Withsqlite does not have Python3 support. It does not work when
we choose a different database backend. Atleast partly duplicates
what Django models are meant for.
- Check and update database schema on every run so that
newly added modules can add tables and old ones can update.
