nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-06-10 11:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
FreedomBox/plinth/modules/radicale/__init__.py
James Valleroy 0e698eb4b4
apache: Use a Uwsgi native socket systemd unit for each app 
[Sunil]:

- Drop Uwsgi component entirely. After the changes, it mostly looks like Daemon
component minus some features. One change that Uwsgi component does is when
component is disabled, it also stops and disables the .service unit. Stopping
the service is useful and we can add this to Daemon component.

- Use /run instead of /var/run/ as 1) /var/run is a symlink to /run 2) /run/
path is what is listed in uwsgi-app@.socket unit file.

- Implement upgrade for apps from older version. Disable and mask uwsgi init.d
script. Enable the daemon component if the webserver component is enabled.

- Update manifest files to deal with .socket units instead of 'uwsgi' service.
Backup the /var/lib/private directories as that is actual directory to backup
with DynamicUser=yes.

- For bepasty load the configuration as a systemd provided credential since
DynamicUser=yes.

- Remove the /var/lib/private directories during uninstall.

- Don't create user/group for bepasty as it is not needed with DynamicUser=yes.

Tests:

- Radicale

  - Functional tests pass

  - Freshly install radicale.

  - Web interface works.

  - Create and edit calendars

  - Path of the storage directory is in /var/lib/private/radicale (after
  accessing web interface)

  - Permissions on the storage folder and files inside are set to nobody:nobody.

  - Uninstall removes the /var/lib/private/radicale directory.

  - Create a calender and backup the app. Uninstall the app. Re-install the app.
  The calendar is not available. After restoring the backup, the calendar is
  available.

  - Install radicale without patch and create a calendar. Apply patches and
  start plinth.service. Setup is run. UWSGI is disabled and masked. Service is
  running. Old calender is visible.

  - Install radicale without patch. Disable and apply patches and start
  plinth.service. Setup is run. UWSGI is disabled and masked. Service is not
  running. Enabling the service works.

  - After upgrade, data storage path got migrated to /var/lib/private/radicale.
  Old data is accessible.

  - After upgrade the directory is still owned by radicale:radicale.

  - Freshly install radicale with patch and restore an old backup. The data is
  available in the web interface and data was migrated to
  /var/lib/private/radicale.

- Bepasty

  - Functional tests pass

  - Freshly install bepasy.

  - Enabling and disabling rapidly works.

  - Uploading files works.

  - Path of the storage directory is /var/lib/private/bepasty.

  - Permissions on the storage folder are as expect 755 but on the parent are
  700.

  - Permissions on the stored files are 644 and owned by nobody:nobody.

  - Uninstall removes the /var/lib/private/bepasty directory.

  - Upload a picture and backup the app. Uninstall the app. Re-install the app.
  The uploaded file is not available. After restoring the backup, the uploaded
  file is available.

  - Install bepasty without patch and upload a file. Apply patches and start
  plinth.service. Setup is run. UWSGI is disabled and masked. Service is
  running. Old uploaded picture is visible.

  - Install bepasty without patch. Disable app. Apply patches and start
  plinth.service. Setup is run. UWSGI is disabled and masked. Service is not
  running. Enabling the service works.

  - After upgrade, data storage path got migrated to /var/lib/private/bepasty.
  Old data is accessible.

  - After upgrade the directory is still owned by bepasty:bepasty.

  - Freshly install bepasty with patch and restore an old backup. The uploaded
  file is available in the web interface and data was migrated to
  /var/lib/private/bepasty.

Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2026-03-21 07:45:51 -07:00

168 lines
5.6 KiB
Python
Raw Blame History

# SPDX-License-Identifier: AGPL-3.0-or-later
"""
FreedomBox app for radicale.
"""
import logging
import augeas
from django.utils.translation import gettext_lazy as _
from plinth import app as app_module
from plinth import cfg, frontpage, menu
from plinth.config import DropinConfigs
from plinth.daemon import Daemon
from plinth.modules.apache.components import Webserver
from plinth.modules.backups.components import BackupRestore
from plinth.modules.firewall.components import Firewall
from plinth.modules.users.components import UsersAndGroups
from plinth.package import Packages, install
from plinth.privileged import service as service_privileged
from plinth.utils import Version, format_lazy
from . import manifest, privileged
_description = [
format_lazy(
_('Radicale is a CalDAV and CardDAV server. It allows synchronization '
'and sharing of scheduling and contact data. To use Radicale, a '
'<a href="https://radicale.org/master.html#supported-clients">'
'supported client application</a> is needed. Radicale can '
'be accessed by any user with a {box_name} login.'),
box_name=_(cfg.box_name)),
_('Radicale provides a basic web interface, which only supports creating '
'new calendars and addressbooks. It does not support adding events or '
'contacts, which must be done using a separate client.'),
]
logger = logging.getLogger(__name__)
CONFIG_FILE = '/etc/radicale/config'
class RadicaleApp(app_module.App):
"""FreedomBox app for Radicale."""
app_id = 'radicale'
_version = 5
def __init__(self) -> None:
"""Create components for the app."""
super().__init__()
info = app_module.Info(app_id=self.app_id, version=self._version,
name=_('Radicale'), icon_filename='radicale',
description=_description,
manual_page='Radicale',
clients=manifest.clients, tags=manifest.tags)
self.add(info)
menu_item = menu.Menu('menu-radicale', info.name, info.icon_filename,
info.tags, 'radicale:index',
parent_url_name='apps')
self.add(menu_item)
shortcut = frontpage.Shortcut('shortcut-radicale', info.name,
icon=info.icon_filename,
url='/radicale/', clients=info.clients,
tags=info.tags, login_required=True)
self.add(shortcut)
packages = Packages('packages-radicale', ['radicale'],
rerun_setup_on_upgrade=True)
self.add(packages)
dropin_configs = DropinConfigs('dropin-configs-radicale', [
'/etc/apache2/conf-available/radicale2-freedombox.conf',
])
self.add(dropin_configs)
firewall = Firewall('firewall-radicale', info.name,
ports=['http', 'https'], is_external=True)
self.add(firewall)
webserver = Webserver('webserver-radicale', 'radicale2-freedombox',
urls=['https://{host}/radicale'])
self.add(webserver)
daemon = Daemon('daemon-radicale', 'uwsgi-app@radicale.socket')
self.add(daemon)
users_and_groups = UsersAndGroups('users-and-groups-radicale',
reserved_usernames=['radicale'])
self.add(users_and_groups)
backup_restore = BackupRestore('backup-restore-radicale',
**manifest.backup)
self.add(backup_restore)
def enable(self):
"""Fix missing directories before enabling radicale."""
privileged.fix_paths()
super().enable()
def setup(self, old_version):
"""Install and configure the app."""
super().setup(old_version)
privileged.setup()
if not old_version:
self.enable()
if old_version and old_version <= 4:
webserver = self.get_component('webserver-radicale')
daemon = self.get_component('daemon-radicale')
if webserver.is_enabled():
daemon.enable()
# Vanquish the old uwsgi init.d script.
service_privileged.disable('uwsgi')
service_privileged.mask('uwsgi')
def force_upgrade(self, packages):
"""Force upgrade radicale to resolve conffile prompt."""
if 'radicale' not in packages:
return False
# Allow upgrade from 3.1.8 (bookworm) to 3.4.1 (trixie) and beyond 3.x.
package = packages['radicale']
if Version(package['new_version']) > Version('4~'):
return False
rights = get_rights_value()
install(['radicale'], force_configuration='new')
privileged.setup()
privileged.configure(rights)
return True
def uninstall(self):
"""De-configure and uninstall the app."""
super().uninstall()
privileged.uninstall()
def load_augeas():
"""Prepares the augeas."""
aug = augeas.Augeas(flags=augeas.Augeas.NO_LOAD +
augeas.Augeas.NO_MODL_AUTOLOAD)
# INI file lens
aug.set('/augeas/load/Puppet/lens', 'Puppet.lns')
aug.set('/augeas/load/Puppet/incl[last() + 1]', CONFIG_FILE)
aug.load()
return aug
def get_rights_value():
"""Returns the current Rights value."""
aug = load_augeas()
value = aug.get('/files' + CONFIG_FILE + '/rights/type')
if value == 'from_file':
# Default rights file is equivalent to owner_only.
value = 'owner_only'
return value
Reference in New Issue View Git Blame Copy Permalink