Package: freedombox-setup Version: 0.10 Severity: normal Tags: patch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Currently, Plinth is undergoing changes to move a lot of setup steps into Plinth. This will eliminate the need for many steps in freedombox-setup. Attached patch is a work-in-progress patch to indicate the kind of cleanups that may be done on freedombox-setup after these changes. Note that both the packages should depend on particular versions with these changes (using Depends and Breaks to avoid circular dependencies). This patch is somewhat aggressive. While the first-run can be completely removed without question, same is not true setup process. However, what remains in setup step is so minimal that it does not warrant an extra FreedomBox install complication. So, with this patch I suggest removing functionalities of etckeeper and provide source temporarily in order to gain the huge advantage of simplification of the FreedomBox install/setup process. - -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IN.UTF-8, LC_CTYPE=en_IN.UTF-8 (charmap=UTF-8), LANGUAGE=en_IN.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEE5xPDY9ZyWnWupXSBQ+oc/wqnxfIFAlmpYusRHHN1bmlsQG1l ZGhhcy5vcmcACgkQQ+oc/wqnxfJhahAAgbhTVkCHrbG5oPUQj1RQqHrjiBeVDuJr FQv+F4Pa/OvPrrdQOUW54jCt9VP9QC87y2cxXVU6j5gxzZ7290oOC0t1Q0yOSiPy NH9X6wZ1629ywTd6tmat1rphWlmPFLTANZTJlKeR4ZWUB/MnIaH5f2jT2wbgI0lC Y1503luAfAGlwiBKjAQJnOMGQPFQekibpsgEUwtWSBskA0DO7My+oTChuXY429jg vPy5ACMkSLH+GBSqFwwj7dv8RvLpzEDGbmudb+Ry5+GQJDgrG66XleyEo+ut62f4 V4vm3kIsl3tjsVYnL1+DhMC8pFFkUYShIDlSucNoF01J1UHahiIuGsotQTS9W5YB vq6D29nXw+UE+eLRJQdS47SjXwgsdrNGLd+E0SKHOXkvXHjXArmRQ45u9dCbhgaO whDtvZxtyGcfHXweHW4WncB7VG8sjXDlb+F16Q5PjZ0vK12hSq7GIjjbARphLMFU vaeNYv43sWmscu2lse4SNw1y9kUjukmJ5umg3a5ZjLcEC5Czc6jPGO2zherZxatf 9mdcec90ahPOgu0Pm5fa7TpDUlVsOex79zsKSIbPh9XnlhswVnrJBHs7hI8EjAK6 232MPuywB/e7r7kHv5m4KF2h74UJc/agB1igrZR3bUBqDkKnZ5yFrRyGkcD9lFOb 0zxK4ysd8rw= =hE65 -----END PGP SIGNATURE-----
>From c7b26d6e2df98ae97b0ed4263bc3d94d98ec0bee Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <[email protected]> Date: Fri, 1 Sep 2017 18:41:33 +0530 Subject: [PATCH] WIP: Move most setup steps to Plinth Signed-off-by: Sunil Mohan Adapa <[email protected]> --- debian/freedombox-setup.freedombox-first-run.init | 64 ------------ debian/freedombox-setup.install | 3 - debian/freedombox-setup.maintscript | 1 + debian/rules | 3 - debian/tests/control | 2 - debian/tests/test-run-setup | 15 --- first-run.d/05_network | 119 ---------------------- first-run.d/10_ssh-keys | 12 --- first-run.d/40_apache2 | 8 -- setup | 29 ------ setup.d/01_etckeeper-pre | 15 --- setup.d/90_apache2 | 44 -------- setup.d/98_next-is-first-run | 7 -- setup.d/99_etckeeper | 7 -- setup.d/99_provide-source | 28 ----- setup.d/99_zmessage | 22 ---- 16 files changed, 1 insertion(+), 378 deletions(-) delete mode 100755 debian/freedombox-setup.freedombox-first-run.init delete mode 100644 debian/tests/control delete mode 100755 debian/tests/test-run-setup delete mode 100755 first-run.d/05_network delete mode 100755 first-run.d/10_ssh-keys delete mode 100755 first-run.d/40_apache2 delete mode 100755 setup delete mode 100755 setup.d/01_etckeeper-pre delete mode 100755 setup.d/90_apache2 delete mode 100755 setup.d/98_next-is-first-run delete mode 100755 setup.d/99_etckeeper delete mode 100755 setup.d/99_provide-source delete mode 100755 setup.d/99_zmessage diff --git a/debian/freedombox-setup.freedombox-first-run.init b/debian/freedombox-setup.freedombox-first-run.init deleted file mode 100755 index bb8cd96..0000000 --- a/debian/freedombox-setup.freedombox-first-run.init +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: freedombox-first-run -# Default-Start: 2 3 4 5 -# Default-Stop: -# Required-Start: $network $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Should-Start: firewalld tor haveged -# Short-Description: Finish Freedombox install after first boot -# Description: -# Script to complete the post-install process on first FBX boot. -### END INIT INFO - -RUNONCE=/var/lib/freedombox/first-run-enable -LOGFILE=/var/log/freedombox-first-run.log - -if [ ! -e $RUNONCE ] -then - exit -fi - -. /lib/lsb/init-functions - -exec > $LOGFILE 2>&1 - -etckeeper_commit() { - if type etckeeper > /dev/null 2>&1 ; then - HOME=/root etckeeper commit -m "$1" - fi -} - -mark_complete() { - # Prevent this initial configuration script from running again. - - log_action_begin_msg "Marking first-run complete" - mkdir -p "${RUNONCE%/*}" - rm -f $RUNONCE - log_action_end_msg 0 -} - -case "$1" in - start) - etckeeper_commit "Status before first-run on first boot." - - for f in /usr/lib/freedombox/first-run.d/* ; do - $f - done - - etckeeper_commit "Status after first-run on first boot." - - # the last things we do before quitting. - mark_complete - - # we're done, reboot. - reboot - ;; - stop|restart|force-reload) - # Do nothing - ;; - *) - log_success_msg "Usage: /etc/init.d/first-run {start}" - exit 1 - ;; -esac diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index 4b94d12..fe3d1a6 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -1,6 +1,3 @@ -setup usr/lib/freedombox -setup.d usr/lib/freedombox -first-run.d usr/lib/freedombox data/etc/apache2/conf-available/freedombox.conf etc/apache2/conf-available data/etc/avahi/services/*.service etc/avahi/services data/etc/sudoers.d/freedombox etc/sudoers.d diff --git a/debian/freedombox-setup.maintscript b/debian/freedombox-setup.maintscript index d29ba4d..c8875c5 100644 --- a/debian/freedombox-setup.maintscript +++ b/debian/freedombox-setup.maintscript @@ -1,4 +1,5 @@ mv_conffile /etc/init.d/first-run /etc/init.d/freedombox-first-run 0.0.43 +rm_conffile /etc/init.d/freedombox-first-run 0.10 rm_conffile /etc/init.d/proxy 0.0.43 rm_conffile /etc/init.d/freedombox-client-proxy 0.0.44 rm_conffile /etc/init.d/freedombox-create-uap0 0.9.2~ diff --git a/debian/rules b/debian/rules index c9211e2..9cb08f8 100755 --- a/debian/rules +++ b/debian/rules @@ -1,6 +1,3 @@ #!/usr/bin/make -f %: dh $@ --with python3 - -override_dh_installinit: - dh_installinit --no-start --name=freedombox-first-run -u"start 20 2 3 4 5 ." diff --git a/debian/tests/control b/debian/tests/control deleted file mode 100644 index 0ba14fa..0000000 --- a/debian/tests/control +++ /dev/null @@ -1,2 +0,0 @@ -Tests: test-run-setup -Restrictions: needs-root, breaks-testbed, allow-stderr diff --git a/debian/tests/test-run-setup b/debian/tests/test-run-setup deleted file mode 100755 index dbc6e23..0000000 --- a/debian/tests/test-run-setup +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -set -e - -# Make sure running the test do not modify the users setup, and that -# git can work even when no HOME is set. -HOME="$(mktemp -d)" -export HOME - -# Don't page systemd output, so error details are shown in log. -export SYSTEMD_PAGER=cat - -/usr/lib/freedombox/setup - -rm -rf "${HOME}" diff --git a/first-run.d/05_network b/first-run.d/05_network deleted file mode 100755 index c019e2d..0000000 --- a/first-run.d/05_network +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/bash - -set -e - -# Configure networking for all wired and wireless devices. -# -# Creates network-manager connections. - -function get-interfaces { - # XXX: Sorting of interfaces is non-numeric - WIRED_IFACES=$(nmcli --terse --fields type,device device | grep "^ethernet:" | cut -d: -f2 | sort) - NO_OF_WIRED_IFACES=$(echo $WIRED_IFACES | wc -w) - - WIRELESS_IFACES=$(nmcli --terse --fields type,device device | grep "^wifi:" | cut -d: -f2 | sort) - NO_OF_WIRELESS_IFACES=$(echo $WIRELESS_IFACES | wc -w) -} - -function configure-regular-interface { - local interface="$1" - local zone="$2" - local connection_name="FreedomBox WAN" - - # Create n-m connection for a regular interface - nmcli con add con-name "$connection_name" ifname "$interface" type ethernet - nmcli con modify "$connection_name" connection.autoconnect TRUE - nmcli con modify "$connection_name" connection.zone "$zone" - - echo "Configured interface '$interface' for '$zone' use as '$connection_name'." -} - -function configure-shared-interface { - local interface="$1" - local connection_name="FreedomBox LAN $interface" - - # Create n-m connection for eth1 - nmcli con add con-name "$connection_name" ifname "$interface" type ethernet - nmcli con modify "$connection_name" connection.autoconnect TRUE - nmcli con modify "$connection_name" connection.zone internal - - # Configure this interface to be shared with other computers. - # - Self-assign an address and network - # - Start and manage DNS server (dnsmasq) - # - Start and manage DHCP server (dnsmasq) - # - Register address with mDNS - # - Add firewall rules for NATing from this interface - nmcli con modify "$connection_name" ipv4.method shared - - echo "Configured interface '$interface' for shared use as '$connection_name'." -} - -function configure-wireless-interface { - local interface="$1" - local connection_name="FreedomBox $interface" - local ssid="FreedomBox$interface" - local secret="freedombox123" - - nmcli con add con-name "$connection_name" ifname "$interface" type wifi ssid "$ssid" - nmcli con modify "$connection_name" connection.autoconnect TRUE - nmcli con modify "$connection_name" connection.zone internal - nmcli con modify "$connection_name" ipv4.method shared - nmcli con modify "$connection_name" wifi.mode ap - nmcli con modify "$connection_name" wifi-sec.key-mgmt wpa-psk - nmcli con modify "$connection_name" wifi-sec.psk "$secret" - - echo "Configured interface '$interface' for shared use as '$connection_name'." -} - -function multi-wired-setup { - local first_interface="$1" - shift - local remaining_interfaces="$@" - - configure-regular-interface "$first_interface" external - - for interface in $remaining_interfaces - do - configure-shared-interface "$interface" - done -} - -function one-wired-setup { - local interface="$1" - - case $NO_OF_WIRELESS_IFACES in - "0") - configure-regular-interface "$interface" internal - ;; - *) - configure-regular-interface "$interface" external - ;; - esac -} - -function wireless-setup { - local interfaces="$@" - - for interface in $interfaces - do - configure-wireless-interface "$interface" - done -} - -echo "Setting up network configuration..." -get-interfaces - -case $NO_OF_WIRED_IFACES in - "0") - echo "No wired interfaces detected." - ;; - "1") - one-wired-setup $WIRED_IFACES - ;; - *) - multi-wired-setup $WIRED_IFACES -esac - -wireless-setup $WIRELESS_IFACES - -echo "Done setting up network configuration." diff --git a/first-run.d/10_ssh-keys b/first-run.d/10_ssh-keys deleted file mode 100755 index aeacb96..0000000 --- a/first-run.d/10_ssh-keys +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -set -e - -. /lib/lsb/init-functions - -log_action_begin_msg "Creating SSH keys" -if dpkg-reconfigure openssh-server ; then - log_action_end_msg 0 -else - log_action_end_msg 1 -fi diff --git a/first-run.d/40_apache2 b/first-run.d/40_apache2 deleted file mode 100755 index ff77c0d..0000000 --- a/first-run.d/40_apache2 +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -# -# Make sure every machine have their own unique SSL certificate, even -# if it is a snake oil one. - -set -e - -make-ssl-cert generate-default-snakeoil --force-overwrite diff --git a/setup b/setup deleted file mode 100755 index 0d268bd..0000000 --- a/setup +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh - -set -e # Exit on error - -at_exit() { - if $policyd ; then - rm -f /usr/sbin/policy-rc.d - fi - policyd=false -} - -# Make sure configuring packages do not start any services. Also make -# sure we remove policy-rc.d only if we created it. -trap at_exit HUP INT TERM EXIT -if [ ! -e /usr/sbin/policy-rc.d ] ; then - cat > /usr/sbin/policy-rc.d <<EOF -#!/bin/sh -exit 101 -EOF - chmod a+rx /usr/sbin/policy-rc.d - policyd=true -else - policyd=false -fi - -for f in /usr/lib/freedombox/setup.d/* ; do - echo "running $f" - $f -done diff --git a/setup.d/01_etckeeper-pre b/setup.d/01_etckeeper-pre deleted file mode 100755 index 0aef4b4..0000000 --- a/setup.d/01_etckeeper-pre +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -set -e - -# Avoid etckeeper problem (refuses to commit) because git picked a -# email address with an empty domain. -if which etckeeper > /dev/null 2>&1 && \ - [ ! -e /etc/mailname ] && - [ -z "$(git config --global --get user.email)" ] ; then - echo "info: Setting git user.email." - git config --global user.email "root@localhost" - etckeeper commit -m "Status before freedombox-setup run." -else - echo "info: Not setting git user.email." -fi diff --git a/setup.d/90_apache2 b/setup.d/90_apache2 deleted file mode 100755 index 696b620..0000000 --- a/setup.d/90_apache2 +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh -# -# Configure Apache for FBX. - -set -e - -echo "Configuring Apache..." - -# enable non-multithreaded Apache worker model as there a many PHP -# applications. -a2dismod mpm_event -a2dismod mpm_worker -a2enmod mpm_prefork - -# enable miscellaneous modules. -a2enmod rewrite - -# enable GnuTLS -a2dismod ssl -a2enmod gnutls - -# enable mod_alias for RedirectMatch -a2enmod alias - -# enable mod_headers for HSTS -a2enmod headers - -# enable some critical modules to avoid restart while installing -# Plinth applications. -a2enmod php7.0 -a2enmod cgi -a2enmod authnz_ldap - -# enable users to share files uploaded to ~/public_html -a2enmod userdir - -# setup freedombox site -a2enconf freedombox - -a2ensite 000-default -a2dissite default-ssl -a2ensite default-tls - -echo "Done configuring Apache." diff --git a/setup.d/98_next-is-first-run b/setup.d/98_next-is-first-run deleted file mode 100755 index 81ae649..0000000 --- a/setup.d/98_next-is-first-run +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -set -e - -# Tell init.d/first-run to do its stuff on the next boot. -mkdir -p /var/lib/freedombox -touch /var/lib/freedombox/first-run-enable diff --git a/setup.d/99_etckeeper b/setup.d/99_etckeeper deleted file mode 100755 index 1e86b92..0000000 --- a/setup.d/99_etckeeper +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -set -e - -if type etckeeper > /dev/null 2>&1 ; then - etckeeper commit -m "Status after freedombox-setup run." -fi diff --git a/setup.d/99_provide-source b/setup.d/99_provide-source deleted file mode 100755 index fbb8d8e..0000000 --- a/setup.d/99_provide-source +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh -# -# Make sure generated images complies with licenses requiring the -# source to be available, by providing the source of every package -# used. - -set -e - -if [ 'true' = "$SOURCE" ] ; then - echo "Adding source packages to file system" -else - echo "Not adding source packages to filesystem (SOURCE=false)" - exit 0 -fi - -targetdir=/usr/src/packages - -echo "Adding source packages to filesystem in $targetdir" -apt-get update || true -dpkg --get-selections > /tmp/selections -mkdir -p $targetdir -cd $targetdir - -cut -f 1 < /tmp/selections | \ - cut -d ':' -f 1 > /tmp/packages -apt-get source -m --download-only `cat /tmp/packages` - -rm /tmp/selections /tmp/packages diff --git a/setup.d/99_zmessage b/setup.d/99_zmessage deleted file mode 100755 index df821bd..0000000 --- a/setup.d/99_zmessage +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh - -set -e - -cat <<EOF - -=================================================================== -FreedomBox setup completed -=================================================================== - -Please note: - -- For server security, all users except 'root', 'fbx' and those in - 'admin' and 'sudo' groups will be denied console/GUI login access. - This is recommended for the security of various services running on - FreedomBox. Please edit /etc/security/access.conf if you wish to - remove or alter this restriction. Also see 'man access.conf'. - -- You need to reboot before using FreedomBox to allow first run - operations to finish. -=================================================================== -EOF -- 2.11.0
