nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-06-10 11:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
FreedomBox/plinth/modules/bepasty/privileged.py
James Valleroy 0e698eb4b4
apache: Use a Uwsgi native socket systemd unit for each app 
[Sunil]:

- Drop Uwsgi component entirely. After the changes, it mostly looks like Daemon
component minus some features. One change that Uwsgi component does is when
component is disabled, it also stops and disables the .service unit. Stopping
the service is useful and we can add this to Daemon component.

- Use /run instead of /var/run/ as 1) /var/run is a symlink to /run 2) /run/
path is what is listed in uwsgi-app@.socket unit file.

- Implement upgrade for apps from older version. Disable and mask uwsgi init.d
script. Enable the daemon component if the webserver component is enabled.

- Update manifest files to deal with .socket units instead of 'uwsgi' service.
Backup the /var/lib/private directories as that is actual directory to backup
with DynamicUser=yes.

- For bepasty load the configuration as a systemd provided credential since
DynamicUser=yes.

- Remove the /var/lib/private directories during uninstall.

- Don't create user/group for bepasty as it is not needed with DynamicUser=yes.

Tests:

- Radicale

  - Functional tests pass

  - Freshly install radicale.

  - Web interface works.

  - Create and edit calendars

  - Path of the storage directory is in /var/lib/private/radicale (after
  accessing web interface)

  - Permissions on the storage folder and files inside are set to nobody:nobody.

  - Uninstall removes the /var/lib/private/radicale directory.

  - Create a calender and backup the app. Uninstall the app. Re-install the app.
  The calendar is not available. After restoring the backup, the calendar is
  available.

  - Install radicale without patch and create a calendar. Apply patches and
  start plinth.service. Setup is run. UWSGI is disabled and masked. Service is
  running. Old calender is visible.

  - Install radicale without patch. Disable and apply patches and start
  plinth.service. Setup is run. UWSGI is disabled and masked. Service is not
  running. Enabling the service works.

  - After upgrade, data storage path got migrated to /var/lib/private/radicale.
  Old data is accessible.

  - After upgrade the directory is still owned by radicale:radicale.

  - Freshly install radicale with patch and restore an old backup. The data is
  available in the web interface and data was migrated to
  /var/lib/private/radicale.

- Bepasty

  - Functional tests pass

  - Freshly install bepasy.

  - Enabling and disabling rapidly works.

  - Uploading files works.

  - Path of the storage directory is /var/lib/private/bepasty.

  - Permissions on the storage folder are as expect 755 but on the parent are
  700.

  - Permissions on the stored files are 644 and owned by nobody:nobody.

  - Uninstall removes the /var/lib/private/bepasty directory.

  - Upload a picture and backup the app. Uninstall the app. Re-install the app.
  The uploaded file is not available. After restoring the backup, the uploaded
  file is available.

  - Install bepasty without patch and upload a file. Apply patches and start
  plinth.service. Setup is run. UWSGI is disabled and masked. Service is
  running. Old uploaded picture is visible.

  - Install bepasty without patch. Disable app. Apply patches and start
  plinth.service. Setup is run. UWSGI is disabled and masked. Service is not
  running. Enabling the service works.

  - After upgrade, data storage path got migrated to /var/lib/private/bepasty.
  Old data is accessible.

  - After upgrade the directory is still owned by bepasty:bepasty.

  - Freshly install bepasty with patch and restore an old backup. The uploaded
  file is available in the web interface and data was migrated to
  /var/lib/private/bepasty.

Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2026-03-21 07:45:51 -07:00

157 lines
4.6 KiB
Python
Raw Blame History

# SPDX-License-Identifier: AGPL-3.0-or-later
"""Configuration helper for bepasty."""
import collections
import json
import pathlib
import secrets
import shutil
import string
import augeas
from plinth import action_utils
from plinth.actions import privileged, secret_str
from plinth.modules import bepasty
CONF_FILE = pathlib.Path('/etc/bepasty-freedombox.conf')
DATA_DIR = '/var/lib/private/bepasty'
PASSWORD_LENGTH = 20
SERVICE_NAME = 'uwsgi-app@bepasty-freedombox.service'
def _augeas_load():
"""Initialize Augeas."""
aug = augeas.Augeas(flags=augeas.Augeas.NO_LOAD +
augeas.Augeas.NO_MODL_AUTOLOAD)
aug.set('/augeas/load/Simplevars/lens', 'Simplevars.lns')
aug.set('/augeas/load/Simplevars/incl[last() + 1]', str(CONF_FILE))
aug.load()
return aug
def _key_path(key):
"""Return the augeas path for the key."""
return '/files' + str(CONF_FILE) + '/' + key
def conf_file_read():
"""Read and return the configuration."""
aug = _augeas_load()
conf = collections.OrderedDict()
for path in aug.match(_key_path('*')):
key = path.rsplit('/', 1)[-1]
if key[0] != '#':
conf[key] = json.loads(aug.get(path))
return conf
def conf_file_write(conf):
"""Write configuration to the file."""
aug = _augeas_load()
for key, value in conf.items():
if not key.startswith('#'):
value = json.dumps(value)
aug.set(_key_path(key), value)
aug.save()
@privileged
def setup(domain_name: str):
"""Post installation actions for bepasty."""
# Create configuration file if needed.
if not CONF_FILE.is_file():
passwords = [_generate_password() for _ in range(3)]
conf = {
'#comment':
'This file is managed by FreedomBox. Only a small subset of '
'the original configuration format is supported. Each line '
'should be in KEY = VALUE format. VALUE must be a JSON '
'encoded string.',
'SITENAME': domain_name,
'STORAGE_FILESYSTEM_DIRECTORY': '/var/lib/bepasty',
'SECRET_KEY': secrets.token_hex(64),
'PERMISSIONS': {
passwords[0]: 'admin,list,create,read,delete',
passwords[1]: 'list,create,read,delete',
passwords[2]: 'list,read',
},
'PERMISSION_COMMENTS': {
passwords[0]: 'admin',
passwords[1]: 'editor',
passwords[2]: 'viewer',
},
'DEFAULT_PERMISSIONS': 'read',
}
conf_file_write(conf)
CONF_FILE.chmod(0o640)
# Migrate from old bepasty:bepasty ownership to root:root
shutil.chown(CONF_FILE, user='root', group='root')
action_utils.run(['deluser', 'bepasty'], check=False)
action_utils.run(['delgroup', 'bepasty'], check=False)
@privileged
def get_configuration() -> dict[str, object]:
"""Get default permissions, passwords, permissions and comments."""
return conf_file_read()
@privileged
def add_password(permissions: list[str], comment: str | None = None):
"""Generate a password with given permissions."""
conf = conf_file_read()
permissions = _format_permissions(permissions)
password = _generate_password()
conf['PERMISSIONS'][password] = permissions
if comment:
conf['PERMISSION_COMMENTS'][password] = comment
conf_file_write(conf)
# Service is started again by socket.
action_utils.service_stop(SERVICE_NAME)
@privileged
def remove_password(password: secret_str):
"""Remove a password and its permissions."""
conf = conf_file_read()
if password in conf['PERMISSIONS']:
del conf['PERMISSIONS'][password]
if password in conf['PERMISSION_COMMENTS']:
del conf['PERMISSION_COMMENTS'][password]
conf_file_write(conf)
action_utils.service_stop(SERVICE_NAME)
@privileged
def set_default(permissions: list[str]):
"""Set default permissions."""
conf = {'DEFAULT_PERMISSIONS': _format_permissions(permissions)}
conf_file_write(conf)
action_utils.service_stop(SERVICE_NAME)
def _format_permissions(permissions=None):
"""Format permissions as comma-separated."""
return ','.join(set(bepasty.PERMISSIONS.keys()).intersection(
permissions)) if permissions else ''
def _generate_password():
"""Generate a random password."""
alphabet = string.ascii_letters + string.digits
return ''.join(secrets.choice(alphabet) for _ in range(PASSWORD_LENGTH))
@privileged
def uninstall():
"""Remove bepasty user, group and data."""
shutil.rmtree(DATA_DIR, ignore_errors=True)
CONF_FILE.unlink(missing_ok=True)
Reference in New Issue View Git Blame Copy Permalink