In case apt full-upgrade fails for any reason, do not
continue. Otherwise, may get stuck unattended-upgrade later (#2266).
Since the dist-upgrade flag remains set, Plinth should retry the
dist-upgrade later.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
The original change worked ok in a container, but failed in
virtualbox. This was due to the component being replaced by the Daemon
component that had the same ID, on systems where time is managed.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2328.
Coturn depends on sqlite3 package. As sqlite3 is listed as a package in
roundcube, it is removed when roundcube is uninstalled. This results in the
removal of coturn as well. Prevent this by listing sqlite3 package explicitly in
coturn app.
Tests:
- Without the patch, install coturn and roundcube. When roundcube is
uninstalled, coturn package is no longer installed.
- Apply the patch, install coturn and roundcube. When roundcube is uninstalled,
coturn and sqlite3 packages are still installed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2326.
Earlier /etc/timezone was used to store timezone. Now, we use /etc/localtime
symlink instead. Since the change, backup/restore for timezone has not been
working. Implement this by backing up and restoring the new symlink. Borg
understands symlinks so it properly backs them up and restore them.
When the symlink is restored, timedatectl does not immediately show the new
timezone. This is because a DBus activated daemon 'systemd-timedated' which
supplies the information for timedatectl needs to be reloaded. Add this service
to list of services that backup framework needs to restart.
Tests:
- Set a new timezone. Backup datetime app. Set another timezone. Restore the
datetime app. Visiting the datetime app shows the restored timezone as expected
and timedatectl on command line also immediately shows the expected timezone.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2326.
There are plans to remove /etc/timezone from Debian (Debian bug: #822733). It
has been removed temporarily and that caused failures in FreedomBox. Since we
use systemd-timesyncd and timedatectl, use timedatectl to retrieve the currently
set timezone value. This eliminates the need to read timezone at a lower level.
Tests:
- Getting and setting the timezone works.
- Removing /etc/timezone and /etc/localtime then visiting the Date & Time app
works. After setting the timezone, /etc/localtime file is created as symlink.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2206
Use pg_dumpall instead of pg_dump.
Test I did:
1. Install tt-rss and add a feed
2. Create a backup
3. On a fresh installation restore the backup from file
Signed-off-by: nbenedek <contact@nbenedek.me>
[jvalleroy: Add a comment about the limitation of this approach]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The reason for this patch is explained in issue #789 .
See also: !2250
Signed-off-by: nbenedek <contact@nbenedek.me>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[jvalleroy: Don't enable app when upgrading]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
This was changed by mistake in
89a404fb7d32af1667110480dcaf142c4868fd86.
Tests:
- MediaWiki app page is shown without error.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2323.
- Monal is BSD 2-Clause licensed.
- Siskin IM is GPLv3 licensed.
Tests:
- In app install page, clicking on clients shows the two new clients and old
client removed. Clicking on the buttons takes us to correct pages on the iOS app
store.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2321.
- Without verification configuration being set, if public registrations are
enabled, matrix-synapse server does not start. Fix this by disabling
registration verification.
Tests:
- Without the patch, install matrix and enable public registrations. Matrix
daemon will no longer be running. Apply patches and restart. Matrix app will be
updated. 'enable_registration_without_verification: true' will appear in
/etc/matrix-synapse/conf.d/freedombox-registration.yaml. Server will be running.
- Enabling/disabling the public registration option works. The option will be
added and removed. enable_public_registration is set to true/false.
- Functional tests for matrix-synapse work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Consistency with rest of the apps, more robustness and extensibility.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- test_uninstall is skipped for dynamicdns.
- test_uninstall is passed for bepasty.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Take app_id in a URL fragment and fill that as the default selected app in
create backup form. This URL can be used in apps to create a backup link.
Tests:
- Visit /plinth/sys/backups/create/bepasty/. Only bepasty app will be selected.
- Visit /plinth/sys/backups/create/foo/. No apps are selected.
- Visit /plinth/sys/backups/create/. All apps are selected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2313.
systemd-journald does not (never did) accept size values given in percent of
file system size. Only the defaults work with percent values. Hence our addition
of RuntimeMaxUse= as percent value in configuration file did not work.
systemd-journald outputs a warning to dmesg and ignores the value.
We could change the value to fixed size. We would have to choose a value that
works for systems with less memory (such as 1GiB) and that value would serve
poorly for systems with more memory. Instead, leaving the default value of 10%
for RuntimeMaxUse= might be better. Additional configuration of MaxFileSec=6h
and MaxRetentionSec=2day would also ease the burden in most cases for the low
memory devices. Considering that people did not report issues with status
quo (where the value we have set did not work and default size was used) also
suggests that default value will work. Further, /run filesystem itself seems to
be allocated only 10% of available memory.
Tests:
- Without the patch, start a vagrant machine. Notice that dmesg shows the error
mentioned in the issue #2313. Apply patch and restart the service. Setup is run
for config app. The file /etc/systemd/journald.conf.d/50-freedombox.conf will no
longer have the RuntimeMaxUse= directive.
- After reboot, dmesg will no longer show the error. systemctl status
systemd-journald shows that 10% of the size of /run is the max for journal file.
- In config app page, setting various values of log persistence works.
- On a fresh container with the patch, initial setup succeeds and
journald.conf.d file is setup without the RuntimeMaxUse= directive.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2085.
- Read the list of snapshots and properly determine the full subvolume name to
be used for mounting the .snapshots subvolume.
- Use systemd .mount units instead of editing fstab. Fstab editing is dangerous
and could result in system not booting properly. systemd units are better suited
for tool based editing while /etc/fstab is recommended for humans.
- Use automount feature provided by systemd using autofs to perform mounting. This
means that the backing filesystem is only accessed and mounted when the mount
point is accessed by a program. Parse errors in the mount/automount file and
incorrect mount parameters are also tolerated well with failure to boot.
Tests:
- On a fresh Debian Bullseye install with btrfs. Install FreedomBox with the
changes, create and delete manual snapshots. Rollback to a snapshot should also
work. /.snapshots should contain all the files inside each of the snapshots.
- After rebooting into a rolled back snapshot, create/delete and restore to a
snapshot should work. /.snapshots should contain all the files inside each of
the snapshots.
- Introduce an error in .mount file such the mount operation will fail. Reboot
the machine. Reboot is successful. /.snapshots is still mounted as autofs.
Trying to access /.snapshots will result in error during mount operation.
- On a vagrant box without changes. Install freedombox and ensure snapshot app
setup has been run. This creates the /etc/fstab entry. Apply the patches.
snapshot app will run and remove the mount line in /etc/fstab and create the
.mount entry. /.snapshots is still mounted but not because of .automount. After
reboot, /.snapshots is mounted with autofs and also with btrfs. Unmounting
/.snapshots and then trying to run 'ls /.snapshots' will perform the mount again.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2144.
- '--ambit' seems to a required argument if there is no default subvolume set on
the filesystem. Add it to prevent error during rollback.
- Description is not a required option for rollback (anymore?) and default
descriptions for the two snapshots are more descriptive.
Tests:
- On a fresh vagrant machine, run snapshot rollback with the patch. It fails.
With the patch, rollback succeeds.
- The description created for the rollback is the default one 'rollback backup'
and 'writable copy of #x'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2318.
We currently set 'restricted: false' to both stun and turn server configuration
in ejabberd. This works for stun but for turn, ejabberd assumes that
authentication is not needed even though it is needed for our coturn setup. Drop
the configuration option entirely as the desired values are already default in
both stun and turn cases.
Tests:
- On a fresh setup, install coturn and ejabberd. In ejabberd.yaml, the stun/turn
configuration does not have the restricted option.
- On a container without the patch, install coturn and ejabberd. Configuration
has restricted option. Apply the patch, ejabberd setup is updated and restricted
option is removed.
- Test that calls can't be made with TURN with 'restricted: false' set. Changing
it to true for TURN configuration allows the calls to be established. Remove the
restricted option entirely also works. This was tested by @Znoteer in #2318.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
If Roundcube is not yet installed and the user clicks on 'Launch web client',
redirect to the installation page instead of Apache's Not Found page.
Signed-off-by: nbenedek <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2028.
Tests:
- Backup and restore with no sites.
- Backup and restore with one wiki and one blog. Confirm that login
works for both sites.
- Backup from one container, and restore in another container. Confirm
that login works for both sites.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
libjs-bootstrap is a transitive dependency of searx package. It is
also listed as a package to be installed by Janus app. This is a quick
fix to prevent accidental uninstall of searx package, when Janus app
is uninstalled.
Closes#2298.
Tests:
- Install Searx.
- Install Janus, and then uninstall it. searx package is still
installed. Searx diagnostics are passed.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
python3-psycopg2 is a dependency of matrix-synapse package. It is also
listed as a package to be installed by TT-RSS app. This is a quick fix
to prevent accidental uninstall of matrix-synapse package, when TT-RSS
app is uninstalled.
Helps #2298.
Tests:
- Install Matrix Synapse.
- Install TT-RSS, and then uninstall it. matrix-synapse package is
still installed. Matrix Synapse diagnostics are passed.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This reverts commit 82104ccf847531944b32810f677cc6cc5c36ccc8.
Due to implementation of a proper view for showing an app with operations, this
workaround should no longer be needed. AppView should not used during or after
the uninstall step.
Tests:
- Functional tests for email pass.
- Refreshing the email app page during uninstall does not lead to an error.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Unit tests work when git is not installed. Marked tests are skipped.
- Unit tests work when git is installed. Marked tests are not skipped.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2309.
- This prevents processing of AppView when the app is being uninstalled. For at
least two apps, this has failed because the AppView assumes that app and its
dependencies are installed.
- Use a dedicated template as well is simplify app template.
Tests:
- Installing and uninstalling an app works.
- Refreshing the app page during uninstall does not lead to an error for samba
and email apps.
- Unit tests pass.
- Functional tests for samba and email work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2194.
In the four cases fixed, if a notification is present with a 'btn-primary' in
it, then instead of submitting the intended form, the button on the notification
is clicked. This will result in an indefinite wait for the form to perform an
action. Fix this by specifying which form exactly we want to submit.
Tests:
- Run functional tests for config app and updates app.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2314.
Tests:
- On a fresh testing container, verify that the file
/etc/apache2/conf-available/freedombox-apache-homepage.conf is not present.
Visit the config app and notice that home page shows as 'Apache Default'.
- Apply the patch and refresh the page. The page now shows 'FreedomBox
Service (Plinth)' as the home page.
- Functional tests work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- After a dist-upgrade to Bookworm, install freedombox with this
change. Then update apt cache. After a delay, firewalld is
upgraded. Then apps can be installed as normal.
- On a stable machine, add testing into apt sources list. Run apt update.
FreedomBox will receive the apt update hook and upgrade firewall version to
1.3.x. DefaultZone is set to 'external' after that.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Update all the way up to 2.0]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This will handle sources files with Deb822 format.
Closes: #214.
Tests:
- Enable package download through Tor. "tor+" is prepended to sources
URL.
- Disable package download through Tor. "tor+" is removed from sources
URL.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Helps #214.
Tests:
- Augeas lens tests passed using augparse.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Fix issue with not being able write back with lens]
[sunil: Parse single/multi field values based on man page]
[sunil: Allow creating multi field values by adding \n at the end of the value]
[sunil: Add documentation and make ready for upstream submission]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
The upstream issue was fixed in 2015:
https://github.com/hercules-team/augeas/pull/295
Tests:
- In stable container, add options like [arch=amd64] to apt
sources.list.
- Enable package download through Tor. "tor+" is prepended to sources
URL.
- Disable package download through Tor. "tor+" is removed from sources
URL.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- On a setup with the patch, disable and re-enable the restricted users feature.
sudo is not part of allowed users. Apply the patch and restart the service. SSH
app will be updated and sudo is added to SSH allowed groups.
- Add a fresh unprivileged user to sudo group. SSH using that user to the
system.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
This is to allow vagrant user to login, as well as a normal sudo user
that was created before installing FreedomBox.
For most FreedomBoxes, the sudo group is empty, so it will have no
impact.
I do not update the existing file. But if someone needs this update,
they can disable and then re-enable the restrict option.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes: #2098.
Tests:
- Install quassel in bullseye system.
- Start dist upgrade. Check that quassel service is stopped during the
dist upgrade.
- Finish dist upgrade. Quassel service is running again.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- When hidden service is enabled create and enable an apache site with the
proper configurations. This will let visitors using the Tor browser that a
hidden version of the website is available.
- Disable apache site when hidden service is disabled
- Create a backup of the apache site
- Hidden service won't be advertised when the user visits mediawiki, wordpress
or tt-rss. These sites don't work (well) with a hidden service when a normal
domain is already set up.
Tests:
- Functional tests pass.
- With fresh install of Tor app, onion location header apache configuration is
enabled and header is served in HTTP requests.
- When Onion services are enabled/disabled, header is enabled/disabled due to
webserver configuration changes.
- When Tor app is enabled/disabled, header is enabled/disabled due to webserver
configuration being enabled/disabled.
- When Tor app is upgraded from earlier version while app is enabled, onion
service is enabled, Tor app remains enabled. Onion location is enabled.
- FAILED: When Tor app is upgraded from earlier version while app is enabled,
onion service is disabled, Tor app remains enabled. Onion location is disabled.
- FAILED: When Tor app is upgraded from earlier version while app is disabled,
onion service is enabled, Tor app remains disabled. Onion location is disabled.
- FAILED: When Tor app is upgraded from earlier version while app is disabled,
onion service is disabled, Tor app remains disabled. Onion location is disabled.
Signed-off-by: nbenedek <contact@nbenedek.me>
[sunil: Ensure that enabling/disabling app enables/disables onion location]
[sunil: Ensure that upgrading from old version does not enable the app]
[sunil: Ensure that upgrading from old version enables/disables onion location]
[sunil: Apache file should be a 'config' and not 'site']
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is to ensure that mysql server is not uninstalled when wordpress is
uninstalled.
Tests:
- Uninstalling zoph does not remove default-mysql-server when wordpress is
installed.
- Uninstalling wordpress does not remove default-mysql-server when zoph is
installed.
- Uninstalling both wordpress and zoph removes default-mysql-server.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Showing the uninstall progress page fails during uninstall of email app.
Workaround that by handling the errors raised. A better approach is to ensure
that the view is not processed when uninstall operation is in progress.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes#2306.
Tested that all the gitweb tests pass in Debian stable and testing
containers.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2303.
Tests:
- In testing container, install Janus.
- Downgrade janus package to 1.0.1-1.
- Manually re-run janus setup action.
- Run "apt update".
- janus is upgraded to 1.1.1-1, and rtp_port_range is set in
/etc/janus/janus.jcfg.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This change was only needed for upgrade to bullseye.
Closes: #2302.
Tests:
- Run a dist upgrade in a bullseye vagrant box. Apt sources has
expected content and apt-get does not produce an error.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2239.
- Adding Conflicts in freedombox Debian package seems to cause
unattended-upgrade to not upgrade the package to next version. This approach
seems be an alternative.
Tests:
- Install libpam-tmpdir. Go to Zoph page, see that conflicts messages is shown.
Install succeeds. libpam-tmpdir is removed.
- Install libpam-tmpdir. Go to WordPress page, see that conflicts messages is
shown. Install succeeds. libpam-tmpdir is removed.
- Remove libpam-tmpdir. Go to Zoph page, see that conflicts message is not
shown. Install succeeds.
- Remove libpam-tmpdir. Go to WordPress page, see that conflicts message is not
shown. Install succeeds.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Warning that exim4 will be removed is incorrectly not shown during email app
installation. Fix that.
Tests:
- Unit tests pass.
- On a fresh testing container, trying to install email app shows the warning
message that exim will be removed. Installing the email app succeeds. exim is
removed during installation.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is a regression from commit 9b6774f279e2c8af588609c2413aa9804fd48cfa. When
change the view to use AppView, the condition to check for non-btrfs filesystems
and show an unsupported message instead of the actual view was accidentally
removed. Restore the check and show a different view when on non-btrfs
filesystems.
Fixes: #2268.
Tests:
- On non-btrfs filesystem, snapshots view is shown as expected.
- On ext4 filesystem, a message that snapshots are not supported is shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
MiniDLNA's TCP service has been incorrectly marked as needing to be protected
from local users. This leads to service not being accessible from local network.
Fix this by removing local protection.
As reported on https://discuss.freedombox.org/t/minidlna-on-22-26/2386
Tests:
- With MiniDLNA installed, apply the changes and restart service. 'nft list
ruleset ip', 'nft list ruleset ip6' and 'cat /etc/firewalld/direct.xml' confirm
that port 8200 is no longer protected as a local service.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2276.
Functionality all over the system keeps failing due this approach. The latest is
changing hostname in ejabberd Mnesia database fails (#2276). Further, users
connecting FreedomBox to a monitor can't use a GUI.
Tests:
- Without patches, enable restricted access. Apply patches and setup.py install.
Security app is updated. Restricted access is disabled and
/etc/security/access.d/{50freedombox.conf, 10freedombox-security.conf,
10freedombox-performance.conf} are removed. It is possible to login into
non-admin account via SSH.
- On a fresh install, the configuration files are not found.
- Security page does not show 'restrict console logins' option.
- Updating security app setting works. Message 'Configuration updated.' is
shown.
- First boot succeeds. Restrict console login is not enabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
