Closes: https://bugs.debian.org/1063968.
- Due to a changed behavior in pytest 8.x, any imports with 'setup_module' name
will be treated as a method to setup the module in the style of unittest/nose.
pytest tries to call this as a method and will fail.
- Rename the import to 'setup_module_' instead of 'setup_module' to fix this issue.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- It removes this warning. plinth/modules/backups/tests/test_ssh_remotes.py:62: PytestRemovedIn9Warning: Marks applied to fixtures have no effect.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2396.
New configuration options were introduced from 1.3.x to 2.1.x. This cause
configuration file prompt due to our existing changes to the configuration file.
Changes to the configuration file were investigated in #2396.
Tests:
- Install firewalld 1.3.x. Ensure that firewalld configuration changes are
present as intended by FreedomBox. Change priority of the .deb package to allow
installing 2.1.x. Run apt update and notice that force upgrade has been
performed to 2.1.x.
- firewalld upgrade has also been tested as part of this patch series.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This prevents the test from failing if install has not run yet.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The option is stored in kvstore. If no value is set, it is assumed to be
enabled.
Tests:
- Disable daily run. In development mode, diagnostic are not run after several
minutes.
- Enable daily run. In development mode, diagnostics are run after several
minutes.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Minor refactoring and update messages in UI]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
I tested both fresh install and updating an existing installation.
When updating an existing instance, the app had to be manually enabled,
so I added:
```
elif old_version < 2:
self.enable()
```
Fixes: #2345
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
[sunil: Change the config name to zoph-freedombox.php]
[sunil: Enable the config during update only if app is already enabled]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
It is best to have obtained the results lock when counting the severe failures
in diagnostic results.
Tests:
- When some packages are outdated, notification is shown with warning severity.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Unit tests pass.
- Run full diagnostics tests and see that results and app name are translated
when language preference is not English.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Run diagnostics. Restart plinth, and check that the diagnostics results are
still available to view.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Enable all apps, and run diagnostics. Diagnostic descriptions are formatted
as expected.
- Change the language to Spanish, and view the diagnostic results. Diagnostic
descriptions are translated as expected.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Change the partition to test to '/mnt'. Mount a loopback filesystem on /mnt.
'dd if=/dev/zero of=/test-file bs=1M count=100; mkfs.ext4 /test-file; mount -o
loop /test-file /mnt'. Turn it to read-only with 'mount -o remount,ro /mnt'.
Wait about 3 minutes for the notification to show up.
- The notification shows icon, title and message as expected. The button power
app appears and works as expected.
- When the filesystem is mount rw again, the notification goes away in 3
minutes. 'mount -o remount,rw /mnt'.
[sunil: Let glib.schedule decide time when debugging]
[sunil: Perform exact matching in partition mount options]
[sunil: Simplify notification message. Minor grammar change]
[sunil: Minor refactoring for styling]
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- This includes the envelope size, so the actual size of the message and
attachments is somewhat lower.
Tests:
- Install the app freshly with the patch. Notice that message_size_limit is set
to 102400000 by running 'postconf message_size_limit'.
- Install the app without the patch. Apply patche and notice that the app is
updated. Notice that message_size_limit is set to 102400000 by running 'postconf
message_size_limit'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- If the STUN/TURN configuration is not managed by FreedomBox, the parameters
are left unchanged.
Tests:
- Install app after installing Coturn. Notice that STUN URI doesn't have a
'transport' parameter.
- Install app without the patches after installing Coturn. Notice that STUN URIs
have 'transport' parameter. Then apply patches. Setup is run. 'transport'
parameter is removed and only one STUN URI is present. matrix-synapse server
restarts successfully and don't have show any errors/warnings regarding
STUN/TURN configuration during startup.
- Install app without patches and set custom STUN/TURN URIs. Apply patches.
Setup is run. The URIs are not changed.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- If the STUN/TURN configuration is not managed by FreedomBox, the parameters
are left unchanged.
Tests:
- Install app after installing Coturn. Notice that STUN URI doesn't have a
'transport' parameter.
- Install app without the patches after installing Coturn. Notice that STUN URIs
have 'transport' parameter. Then apply patches. Setup is run. 'transport'
parameter is removed and only one STUN URI is present. matrix-synapse server
restarts successfully and don't have show any errors/warnings regarding
STUN/TURN configuration during startup.
- Install app without patches and set custom STUN/TURN URIs. Apply patches.
Setup is run. The URIs are not changed.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2362.
Passing ?transport= parameter in STUN URIs is invalid. It always uses UDP.
Chrome and perhaps Firefox has recently started enforcing the correct syntax
leading to failures using the Coturn server URIs we set in Janus. This also
likely effects matrix-syanpse and ejabberd clients.
Links:
1) https://www.rfc-editor.org/rfc/rfc7064#section-3.1
2) https://bugs.chromium.org/p/chromium/issues/detail?id=1385735
Tests:
- Install Coturn. Observe that STUN URIs shown don't contain the 'transport'
parameter.
- Install Janus and launch the meeting room. Notice that the STUN URIs in the
room page don't have 'transport' parameter.
- Install ejabberd and notice that the auto-configured STUN URIs don't have
'transport' parameter.
- Install matrix-synapse and notice that the auto-configured STUN URIs don't
have 'transport' parameter.
- Install ejabberd and matrix-synapse. Ensure that STUN URIs manually. They are
not allowed to 'transport' parameter for the STUN URIs but must have transport
parameter for TURN URIs.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- We stop services before backup and restart them when backup is completed.
However, if backup fails, we are not restarting the services. With this change,
ensure that stopped services are restarted even if backup process fails.
- Similarly for restore operation.
Tests:
- Backup and restore of an app work.
- Functional tests for matrix-synapse work.
- Run the following two tests without the patch to ensure that the reported bug
is reproducible.
- Make a backup operation fail by raising an exception in the privileged code
that takes backup. Enable matrix-synapse app. Run backup including the
matrix-synapse app. Backup fails and shows an error. The service is
stopped before backup and restarted after backup failure.
- Make a restore operation fail by raising an exception in the privileged code
that does restore. Enable matrix-synapse app. Run backup including the
matrix-synapse app and try to restore it. Restore fails and shows an error. The
service is stopped before restore and restarted after restore failure.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2384
- This was missed during the original transition to DiagnosticCheck class for
returning diagnostic results.
Tests:
- In vagrant container, test that the diagnostic test result shows up in
datetime app and it passes.
- Running full diagnostics on the system works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When running diagnostics for an app, if there are any failures or warnings,
then show a button to re-run setup.
- When showing all diagnostics results, if there are any failures or warnings
for an app, then show a button to re-run setup for that app.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Use Result class instead of strings for comparison]
[sunil: Use flex box's justify-content-between to improve button styling]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Kiwix content packages should be publicly accessible by default. Allow
the frontpage shortcut to be accessed without logging in.
Added a functional test to check that Kiwix library can be accessed
without logging in.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Print the interval time in schedule() method and verify that the times are as
expected in develop mode and production mode.
- Notification shows up for RAM usage if the check hardcoded to True.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
We already have one in /usr/share/freedombox/modules-enabled.
Tests:
- Run ./setup.py install and ensure that app shows up in the UI.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Fix icon paths in copyright file.
- Minor refactoring.
- Add Kiwix library link to app page as well as users may want to see the
content available before installing the app.
- Consolidate terminology to 'content package' for UI and just 'package'
internally.
- Drop unused SYSTEM_USER constant.
- Simplify the ExecStart= in systemd service file.
- Fix incorrect i18n caused by non-lazy formatting of strings.
- Confirm that xml parsing is not vulnerable as expat library of required
version is used in Debian bookworm.
- Don't start the kiwix daemon when managing library if app is disabled.
- Ignore errors when removing files during uninstallation.
- Handle failures more gracefully when library XML file does not have required
attributes.
- Update SVG/PNG icons to adhere to FreedomBox guidelines.
- Trim block translations in templates.
- Drop comments/deadcode inside translation strings.
- Drop a comment inside add content page that only makes sense with multiple
methods for adding content.
- tests: Don't use pkg_resources library as it is deprecated. We can use
importlib.resources library in future if we run tests on zip installations.
- Fix potential security issues while writing file to tmp directory.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- It does not look like matrix-synapse will ever support changing domain name.
- Our only recourse is to uninstall and install the app. Mention this solution
to users and its consequences upfront.
Tests:
- Test that message got updated during setup after installation.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Update the outdated apt preferences file that still refers to
bullseye-backports instead of bookworm-backports.
- Perform matching using n= instead of a= for matching distribution codename.
- Drop preferences for libraries that were only required in bullseye-backports
and not in bookworm-backports.
Tests:
- Install matrix-synapse app in testing container and stable container.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When running full diagnostics manually, we can use the Operation class. This
allows us to use many of its features.
- Ensure only one task is running at any time. No need to use running_task
global variable and a lock for it.
- Don't run the operation if app install/uninstall or other potentially
contentious tasks are running.
- Since Operation object creates a thread, don't create another one with
glib.schedule(). Don't wait unnecessarily for the operation to finish in the
glib thread (or glib created thread).
- Since the app will show progress of operations when an operation is running,
it would not be possible to show progress of diagnostics running. So, create a
separate page for diagnostics results.
Tests:
- Run diagnostics and see redirection happens to diagnostics results page.
Results page shows ongoing tests. It refreshes automatically. When tests are
completed, 'Re-run diagnostics' button is shown.
- When visiting /diagnostics/full/ URL is visited without running the test. Only
the re-run button is shown. No results are shown. If tests have been run, re-run
button along with results are shown.
- On the app page, if the tests have been run, a button for viewing results is
shown. Otherwise, the button is not shown.
- In development mode, background diagnostics are run after 3 minutes (change
the time to 150 seconds if database locked errors show up). Results are
available in the results page.
- Make a diagnostic test fail by changing code or disabling a daemon. Run
diagnostics and notice that a notification is shown with the button to go to the
results. Clicking on the button shows the results page. Clicking dismiss removes
the notification.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Ensure that each diagnostic test category can be identified by easy prefix
matching on the test ID.
- Give a different unique IDs each different kind of test. More specific tests
of a type get a different kind of ID.
- Make comparison of diagnostic test results in test cases more comprehensive.
- Simplify code that shows the number if issues identified.
- In many languages, there is complex logic to write plural forms. Plurals
can't be handled by assuming singular = 1 item and plural is > 1. Translation of
messages in Notification does not support plurals properly. Avoid this for now
by using sometimes incorrect plural form.
- For i18n we should avoid joining phrases/words. Words don't always maintain
order after translation.
- Notify about the total number of issues in diagnostics and not just the most
severe category. This is likely to draw more attention and avoid i18n
complexity.
- Dismiss the diagnostic notification if the latest run succeeded completely.
Tests:
- Unit tests pass.
- Diagnostics for following apps works: networks (drop-in config),
apache (daemon, listen address, internal firewall, external firewall),
tor (netcat), torproxy (internal only firewall, torproxy url, torproxy using
tor), privoxy (privoxy url, package available, package latest),
- Untested: Is release file available method in upgrades app.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Helps in retrieving an operation that is currently running.
- Prevent starting an operation that is already running.
Tests:
- Unit tests work.
- Installing, uninstalling an app works.
- For upgrading an app works.
- Running background diagnostics works.
- Updating tor configuration works.
- Updating torproxy configuration works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Set unique check_id for each diagnostic check.
- Result is a string-based enumeration. The default value (NOT_DONE) can be
used for diagnostic checks that have not been completed yet.
- Result is StrEnum so that the return value of check_url can still be used
directly as a diagnostic result.
Closes: #2375
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- One notification is shown with a count of the highest severity issues.
- Un-dismiss the notification, so it is shown even if previously dismissed.
- Add link to see the results, which are stored in a global variable.
- Add a lock for running_task.
Tests:
- Notification with 2 warnings shown on stable container due, to packages not
upgraded.
- Change the firewalld default zone to public. After the next run, the
notification changes to an error, and shows 1 failure.
Helps #2366.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
borg throws and warning "Warning: Attempting to access a previously unknown
unencryped repository!\nDo you want to continue?" and then fails while asking
for a manual confirmation. Avoid this by telling borg not to prompt (and confirm
yes).
This commit provides a fix for the issue described here:
https://discuss.freedombox.org/t/how-do-i-restore-freedombox/2022/10
[sunil: Drop the part about handling the error message]
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
During installation of email app, sievec is run on
/etc/dovecot/freedombox-sieve-after/sort-spam.sieve file to produce a binary
version of the file. However, this file is not available until after the app is
enabled. This is due to the newly introduced drop-in configuration mechanism. To
fix this, during setup, enable the drop-in configuration component responsible
for this file. The component is newly split from the component that deals with
all drop-in components so that not all the drop-in configuration files are
symlinked.
There is no change needed to the app when the drop-in configuration component is
split into multiple components. This is true for all three state of the app;
not-installed, installed-enabled, and installed-disabled.
Tests:
- Install latest code with ./setup.py install. Install the app and it works.
- Uninstall the app and reinstall. It works. There are no warnings that config
file have been replaced with symlinks.
- /etc/dovecot/freedombox-sieve-after has the sort-span.svbin binary sievec
compiled file.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- mypy does not show any errors.
- Installing ejabberd app works. Privileged actions run fine.
- Unit tests work.
- No additional testing was done as type annotations don't have any effect at
runtime.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Try to mark class variables in component classes.
- Leave typing hints generic, such as 'list' and 'dict' where content is usually
not filled, too complex, or context is unimportant.
- backups: Handle failure for tarfile extraction so that methods are not called
on potentially None valued variables.
- backups: Prevent potentially passing a keyword argument twice.
- dynamicdns: Deal properly with outcome of urlparsing.
- ejabberd: Deal with failed regex match
- email: Fix a mypy compliant when iterating a filtered list.
- tor: Don't reuse variables for different typed values.
- tor: Don't reuse variables for different typed values.
- operation: Return None explicitly.
- operation: Ensure that keyword argument is not repeated.
Tests:
- Where only typing hints were modified and no syntax error came up, additional
testing was not done.
- `mypy --ignore-missing-imports .` run successfully.
- Generate developer documentation.
- Service runs without errors upon start up.
- backups: Listing and restoring specific apps from a backup works.
- backups: Mounting a remote backup repository works.
- NOT TESTED: dynamicdns: Migrating from old style configuration works.
- ejabberd: Verify that setting coturn configuration works.
- email: Test that showing configuration from postfix works.
- tor: Orport value is properly shown.
- transmission: Configuration values are properly set.
- users: Running unit tests as root works.
- operation: Operation status messages are show properly during app install.
- ./setup.py install runs
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This was missed during the split of tor/torproxy apps.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is the recommended approach. On Debian, php is usually resolved to
/usr/bin/php.
Tests:
- Tests with absolute path in service file were performed as part of testing
done in https://salsa.debian.org/freedombox-team/freedombox/-/issues/2373 . No
separate testing was done.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2102.
- Wiki: Unchanged behavior is to have discussion pages enabled. To post users
must login.
- Blog: Earlier behavior is to allow anonymous users to post comments. They go
into the moderation queue when posted. This could lead to a lot of spam comments
to moderate. New behavior is to allow posting comments only when logged in.
- Blog: discussion => 0 does not effect comments. It is meant for discussion
page on the blog's home page (and possibly other pages). Discussion on those
pages is disabled by default.
- The changes only apply to defaults. Everything can be changed from Setup page.
Testing:
- Test the above described behavior in Debian testing.
- Debian stable testing was not done as the version of ikiwiki is that same as
testing.
[sunil: Drop removal of discussion from wiki pages]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Set renewal period to 3 years before expiry so that users not inconvenienced
too much.
- Renew server certificate if possible.
- There are openvpn server setups where the expiry of the server certificate has
been set to 2 years due to a bug in our code. Triggering a setup call will renew
these certificates without effecting any clients. Even during the bug, CA certs
were still be valid for 10 years. So, they are unaffected.
- When downloading profile, if client certificate is renewable, renew
before providing profile for download. Old certificates will still be valid
until their expiry.
Tests:
- Without the patches, install openvpn app. Server certificate will be created
with a validity of 2 years. Download the client profile. Apply patches, setup
will be rerun. OpenVPN will be restarted. Server certificate will be renewed and
show 10 years expiry. Old client profile will continue to connect successfully.
It will have expiry of 2 years. Download the client profile again. It will an
expiry of 10 years and will successfully to the server.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't overwrite the entire PKI directory or CA certificates.
- Don't re-enable app during setup.
Tests:
- Install app with patches. Rerun setup. It succeeds. Server certificate is not
changed.
- Disable app. Re-run setup. App is not re-enabled. OpenVPN is not running.
- Enable app. Re-run setup. OpenVPN is restarted.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- A configuration file seems to be the preferred approach for invoke easy-rsa
since version 3.
- Drop unused configuration keys KEY_CONFIG, KEY_DIR and EASYRSA_REQ_NAME. These
are no longer referred to in the easy-rsa script.
- Remove configuration key EASYRSA_OPENSSL as the value 'openssl' is already the
default.
- Use pathlib.Path to simplify some code.
Tests:
- Re-run setup and notice the ca.cert file has not changed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- After moving to easy-rsa 3.x, the expiry configuration key changed and
original intention of setting the expiry to 10 years was not working. Update the
key to set the expiry properly.
Tests:
- Install the app freshly and verify the server and client have 'Valid Not
After' date set 10 years in future.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
