Update set of patches. This time much cleaner and well separately. Still testing them with Plinth and freedom-maker changes.
-- Sunil
From b8976b7d9e5ff96250817e2b0007fd9bf1580aa9 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Fri, 29 Sep 2017 12:08:56 +0530 Subject: [PATCH 8/8] Move Avahi configuration to Plinth Plinth already handles all Avahi configuration. After moving this file to Plinth. freedombox-setup must 'Depend' on Plinth >> 0.15.2 and Plinth 'Breaks' freedombox-setup <= 0.15.2. Signed-off-by: Sunil Mohan Adapa <su...@medhas.org> Signed-off-by: Joseph Nuthalapati <njos...@thoughtworks.com> --- data/etc/avahi/services/domain.service | 12 ------------ data/etc/avahi/services/sftp-ssh.service | 14 -------------- data/etc/avahi/services/ssh.service | 12 ------------ data/etc/avahi/services/xmpp-server.service | 12 ------------ debian/control | 2 -- debian/freedombox-setup.install | 1 - 6 files changed, 53 deletions(-) delete mode 100644 data/etc/avahi/services/domain.service delete mode 100644 data/etc/avahi/services/sftp-ssh.service delete mode 100644 data/etc/avahi/services/ssh.service delete mode 100644 data/etc/avahi/services/xmpp-server.service diff --git a/data/etc/avahi/services/domain.service b/data/etc/avahi/services/domain.service deleted file mode 100644 index f6210c1..0000000 --- a/data/etc/avahi/services/domain.service +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" standalone='no'?><!--*-nxml-*--> -<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> -<service-group> - - <name replace-wildcards="yes">%h</name> - - <service> - <type>_domain._udp</type> - <port>53</port> - </service> - -</service-group> diff --git a/data/etc/avahi/services/sftp-ssh.service b/data/etc/avahi/services/sftp-ssh.service deleted file mode 100644 index bfe1a0f..0000000 --- a/data/etc/avahi/services/sftp-ssh.service +++ /dev/null @@ -1,14 +0,0 @@ -<?xml version="1.0" standalone='no'?><!--*-nxml-*--> -<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> -<service-group> - - <name replace-wildcards="yes">%h</name> - - <service> - <type>_sftp-ssh._tcp</type> - <port>22</port> - <txt-record>path=/home/fbx</txt-record> - <txt-record>u=fbx</txt-record> - </service> - -</service-group> diff --git a/data/etc/avahi/services/ssh.service b/data/etc/avahi/services/ssh.service deleted file mode 100644 index 7090f20..0000000 --- a/data/etc/avahi/services/ssh.service +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" standalone='no'?><!--*-nxml-*--> -<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> -<service-group> - - <name replace-wildcards="yes">%h</name> - - <service> - <type>_ssh._tcp</type> - <port>22</port> - </service> - -</service-group> diff --git a/data/etc/avahi/services/xmpp-server.service b/data/etc/avahi/services/xmpp-server.service deleted file mode 100644 index 4dc9b06..0000000 --- a/data/etc/avahi/services/xmpp-server.service +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" standalone='no'?><!--*-nxml-*--> -<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> -<service-group> - - <name replace-wildcards="yes">%h</name> - - <service> - <type>_xmpp-server._tcp</type> - <port>5269</port> - </service> - -</service-group> diff --git a/debian/control b/debian/control index 4e68828..4e62d84 100644 --- a/debian/control +++ b/debian/control @@ -22,8 +22,6 @@ Depends: ${misc:Depends} , ${python3:Depends} , apache2 , augeas-tools - , avahi-daemon - , avahi-utils , bridge-utils , curl , devio diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index 9a7b08d..4203fbe 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -1,4 +1,3 @@ -data/etc/avahi/services/*.service etc/avahi/services data/etc/sudoers.d/freedombox etc/sudoers.d data/etc/sysctl.d/freedombox.conf etc/sysctl.d data/etc/update-motd.d/50-freedombox etc/update-motd.d/ -- 2.11.0
From a60fe1bbea315ffecb6ec5b90557da17dc699f92 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Fri, 29 Sep 2017 12:03:51 +0530 Subject: [PATCH 7/8] Move Apache FreedomBox configuration to Plinth Plinth already handles all Apache configuration. This configuration file is actually enabled in Plinth now. If freedombox-setup is not installed and Plinth tries to do Apache setup, then we might run into Apache setup failure. After moving this file to Plinth. freedombox-setup must 'Depend' on Plinth >> 0.15.2 and Plinth 'Breaks' freedombox-setup <= 0.15.2. Signed-off-by: Sunil Mohan Adapa <su...@medhas.org> Signed-off-by: Joseph Nuthalapati <njos...@thoughtworks.com> --- data/etc/apache2/conf-available/freedombox.conf | 11 ----------- debian/freedombox-setup.install | 1 - debian/freedombox-setup.lintian-overrides | 6 ------ 3 files changed, 18 deletions(-) delete mode 100644 data/etc/apache2/conf-available/freedombox.conf delete mode 100644 debian/freedombox-setup.lintian-overrides diff --git a/data/etc/apache2/conf-available/freedombox.conf b/data/etc/apache2/conf-available/freedombox.conf deleted file mode 100644 index 3156b37..0000000 --- a/data/etc/apache2/conf-available/freedombox.conf +++ /dev/null @@ -1,11 +0,0 @@ -## -## Enable HSTS, even for subdomains. -## -Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS - -## -## Redirect traffic on home to /plinth as part of turning the machine -## into FreedomBox server. Plinth then acts as a portal to reach all -## other services. -## -RedirectMatch "^/$" "/plinth" diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index fe3d1a6..9a7b08d 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -1,4 +1,3 @@ -data/etc/apache2/conf-available/freedombox.conf etc/apache2/conf-available data/etc/avahi/services/*.service etc/avahi/services data/etc/sudoers.d/freedombox etc/sudoers.d data/etc/sysctl.d/freedombox.conf etc/sysctl.d diff --git a/debian/freedombox-setup.lintian-overrides b/debian/freedombox-setup.lintian-overrides deleted file mode 100644 index 5eb42c8..0000000 --- a/debian/freedombox-setup.lintian-overrides +++ /dev/null @@ -1,6 +0,0 @@ -# This lintian check is meant for making sure there are no clashes -# when Apache configuration files are installed. Given the uniqueness -# of the name for FreedomBox configuration (freedombox.conf), this is -# taken care of. freedombox-setup is configure Apache for FreedomBox -# and not for itself. -freedombox-setup binary: non-standard-apache2-configuration-name freedombox.conf != freedombox-setup.conf -- 2.11.0
From 2cf82269fdebb4e20d5ef12062582133d3bbe167 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Thu, 28 Sep 2017 18:51:23 +0530 Subject: [PATCH 6/8] Remove setup step Without the setup step, a user after installing freedombox-setup as Debian package may simply proceed to use the Plinth interface instead of having to run the freedombox/setup. This is a major setup towards simplification. Users installing freedombox-setup from a GUI package manager will benefit immensely. Signed-off-by: Sunil Mohan Adapa <su...@medhas.org> Signed-off-by: Joseph Nuthalapati <njos...@thoughtworks.com> --- README | 11 ++--------- debian/control | 1 - debian/freedombox-setup.install | 2 -- debian/tests/control | 2 -- debian/tests/test-run-setup | 15 --------------- preseed/preseed-stretch.dat | 2 +- setup | 29 ----------------------------- setup.d/99_zmessage | 22 ---------------------- 8 files changed, 3 insertions(+), 81 deletions(-) delete mode 100644 debian/tests/control delete mode 100755 debian/tests/test-run-setup delete mode 100755 setup delete mode 100755 setup.d/99_zmessage diff --git a/README b/README index d16e282..5d5e199 100644 --- a/README +++ b/README @@ -5,15 +5,8 @@ To make sure a FreedomBox can be set up on any architecture supported by Debian, the code and settings used to configure packages are gathered in this deb. -The scripts in setup.d/ are executed during installation to install -and configure different parts of the FreedomBox. Note that most setup -should be done as plinth modules on request of its user, and not -during installation. These scripts should not make any assumtions -about hostname or encryption keys, as these will be set or generated -on the first boot. - -After freedombox-setup is installed, the /usr/lib/freedombox/setup -should be called to finish the setup. +Note that most setup is done as plinth modules on request of its +user, and not during installation. To create the deb file: diff --git a/debian/control b/debian/control index db186e9..4e68828 100644 --- a/debian/control +++ b/debian/control @@ -12,7 +12,6 @@ Build-Depends: debhelper (>= 9) , dh-python , python3-all Standards-Version: 3.9.8 -Testsuite: autopkgtest Homepage: https://wiki.debian.org/FreedomBox Vcs-Git: https://anonscm.debian.org/git/freedombox/freedombox-setup.git Vcs-Browser: https://anonscm.debian.org/cgit/freedombox/freedombox-setup.git diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index f550c0d..fe3d1a6 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -1,5 +1,3 @@ -setup usr/lib/freedombox -setup.d usr/lib/freedombox data/etc/apache2/conf-available/freedombox.conf etc/apache2/conf-available data/etc/avahi/services/*.service etc/avahi/services data/etc/sudoers.d/freedombox etc/sudoers.d diff --git a/debian/tests/control b/debian/tests/control deleted file mode 100644 index 0ba14fa..0000000 --- a/debian/tests/control +++ /dev/null @@ -1,2 +0,0 @@ -Tests: test-run-setup -Restrictions: needs-root, breaks-testbed, allow-stderr diff --git a/debian/tests/test-run-setup b/debian/tests/test-run-setup deleted file mode 100755 index dbc6e23..0000000 --- a/debian/tests/test-run-setup +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -set -e - -# Make sure running the test do not modify the users setup, and that -# git can work even when no HOME is set. -HOME="$(mktemp -d)" -export HOME - -# Don't page systemd output, so error details are shown in log. -export SYSTEMD_PAGER=cat - -/usr/lib/freedombox/setup - -rm -rf "${HOME}" diff --git a/preseed/preseed-stretch.dat b/preseed/preseed-stretch.dat index 9f0741c..bbea36b 100644 --- a/preseed/preseed-stretch.dat +++ b/preseed/preseed-stretch.dat @@ -28,7 +28,7 @@ grub-installer grub-installer/only_debian boolean true # and set up the Freedombox. Block init.d scripts from running using # policy-rc.d to make sure dnsmasq do not overwrite the resolv.conf # file we just inserted (and to keep services from starting in the chroot). -d-i preseed/late_command string cp /etc/resolv.conf /target/etc/resolvconf/run/resolv.conf; SOURCE=false in-target /usr/lib/freedombox/setup +d-i preseed/late_command string cp /etc/resolv.conf /target/etc/resolvconf/run/resolv.conf # Avoid that last message about the install being complete. d-i finish-install/reboot_in_progress note diff --git a/setup b/setup deleted file mode 100755 index 0d268bd..0000000 --- a/setup +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh - -set -e # Exit on error - -at_exit() { - if $policyd ; then - rm -f /usr/sbin/policy-rc.d - fi - policyd=false -} - -# Make sure configuring packages do not start any services. Also make -# sure we remove policy-rc.d only if we created it. -trap at_exit HUP INT TERM EXIT -if [ ! -e /usr/sbin/policy-rc.d ] ; then - cat > /usr/sbin/policy-rc.d <<EOF -#!/bin/sh -exit 101 -EOF - chmod a+rx /usr/sbin/policy-rc.d - policyd=true -else - policyd=false -fi - -for f in /usr/lib/freedombox/setup.d/* ; do - echo "running $f" - $f -done diff --git a/setup.d/99_zmessage b/setup.d/99_zmessage deleted file mode 100755 index df821bd..0000000 --- a/setup.d/99_zmessage +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh - -set -e - -cat <<EOF - -=================================================================== -FreedomBox setup completed -=================================================================== - -Please note: - -- For server security, all users except 'root', 'fbx' and those in - 'admin' and 'sudo' groups will be denied console/GUI login access. - This is recommended for the security of various services running on - FreedomBox. Please edit /etc/security/access.conf if you wish to - remove or alter this restriction. Also see 'man access.conf'. - -- You need to reboot before using FreedomBox to allow first run - operations to finish. -=================================================================== -EOF -- 2.11.0
From fbc674582b5488f8e1612fe40a755ac95585abeb Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Thu, 28 Sep 2017 18:35:01 +0530 Subject: [PATCH 5/8] Remove providing source - This feature is not being used while building current official images. - This feature is not useful for users who install FreedomBox from Debian package using `apt install freedombox-setup`. - This functionality can be moved to freedom-maker. - Very few things remain as part of freedombox-setup and provide-source is one of the main things. Although it has some value, it is not enough to keep the entire process of freedombox/setup around. A user after installing freedombox-setup as Debian package may simply proceed to use the Plinth interface instead of having to run the freedombox/setup. This is a major setup towards simplification. Users installing freedombox-setup from a GUI package manager will benefit immensely. Signed-off-by: Sunil Mohan Adapa <su...@medhas.org> Signed-off-by: Joseph Nuthalapati <njos...@thoughtworks.com> --- setup.d/99_provide-source | 28 ---------------------------- 1 file changed, 28 deletions(-) delete mode 100755 setup.d/99_provide-source diff --git a/setup.d/99_provide-source b/setup.d/99_provide-source deleted file mode 100755 index fbb8d8e..0000000 --- a/setup.d/99_provide-source +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh -# -# Make sure generated images complies with licenses requiring the -# source to be available, by providing the source of every package -# used. - -set -e - -if [ 'true' = "$SOURCE" ] ; then - echo "Adding source packages to file system" -else - echo "Not adding source packages to filesystem (SOURCE=false)" - exit 0 -fi - -targetdir=/usr/src/packages - -echo "Adding source packages to filesystem in $targetdir" -apt-get update || true -dpkg --get-selections > /tmp/selections -mkdir -p $targetdir -cd $targetdir - -cut -f 1 < /tmp/selections | \ - cut -d ':' -f 1 > /tmp/packages -apt-get source -m --download-only `cat /tmp/packages` - -rm /tmp/selections /tmp/packages -- 2.11.0
From 560090f2d2e25d069adfd406d910a84da9b94e44 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Thu, 28 Sep 2017 18:26:27 +0530 Subject: [PATCH 4/8] Remove etckeeper - Very few things remain as part of freedombox-setup and etckeeper is one of the main things. Although it has some value, it is not enough to keep the entire process of freedombox/setup around. A user after installing freedombox-setup as Debian package may simply proceed to use the Plinth interface instead of having to run the freedombox/setup. This is a major setup towards simplification. Users installing freedombox-setup from a GUI package manager will benefit immensely. - This is not a feature that our target audience (regular users) will ever use. - This feature may be resurrected later in Plinth as a module. Signed-off-by: Sunil Mohan Adapa <su...@medhas.org> Signed-off-by: Joseph Nuthalapati <njos...@thoughtworks.com> --- debian/control | 1 - setup.d/01_etckeeper-pre | 15 --------------- setup.d/99_etckeeper | 7 ------- 3 files changed, 23 deletions(-) delete mode 100755 setup.d/01_etckeeper-pre delete mode 100755 setup.d/99_etckeeper diff --git a/debian/control b/debian/control index 77615c4..db186e9 100644 --- a/debian/control +++ b/debian/control @@ -32,7 +32,6 @@ Depends: ${misc:Depends} , dnsmasq-base , dnsutils , dosfstools - , etckeeper , haveged , how-can-i-help , htop diff --git a/setup.d/01_etckeeper-pre b/setup.d/01_etckeeper-pre deleted file mode 100755 index 0aef4b4..0000000 --- a/setup.d/01_etckeeper-pre +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -set -e - -# Avoid etckeeper problem (refuses to commit) because git picked a -# email address with an empty domain. -if which etckeeper > /dev/null 2>&1 && \ - [ ! -e /etc/mailname ] && - [ -z "$(git config --global --get user.email)" ] ; then - echo "info: Setting git user.email." - git config --global user.email "root@localhost" - etckeeper commit -m "Status before freedombox-setup run." -else - echo "info: Not setting git user.email." -fi diff --git a/setup.d/99_etckeeper b/setup.d/99_etckeeper deleted file mode 100755 index 1e86b92..0000000 --- a/setup.d/99_etckeeper +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -set -e - -if type etckeeper > /dev/null 2>&1 ; then - etckeeper commit -m "Status after freedombox-setup run." -fi -- 2.11.0
From af6c41f0c556b1f4ca47d7a6b9ce6f9eae040002 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Thu, 28 Sep 2017 18:13:29 +0530 Subject: [PATCH 3/8] Remove first-run completely and avoid rebooting There are no longer any first-run steps with all the steps having moved to Plinth. In future, we want to run setup steps such as these in Plinth instead. Rebooting after running the first-run scripts currently causes problems for Plinth as it does its setup in background, the setup process is interrupted. Signed-off-by: Sunil Mohan Adapa <su...@medhas.org> Signed-off-by: Joseph Nuthalapati <njos...@thoughtworks.com> --- README | 7 --- debian/freedombox-setup.freedombox-first-run.init | 64 ----------------------- debian/freedombox-setup.install | 1 - debian/freedombox-setup.maintscript | 3 +- debian/rules | 3 -- setup.d/98_next-is-first-run | 7 --- 6 files changed, 2 insertions(+), 83 deletions(-) delete mode 100755 debian/freedombox-setup.freedombox-first-run.init delete mode 100755 setup.d/98_next-is-first-run diff --git a/README b/README index 70a1e06..d16e282 100644 --- a/README +++ b/README @@ -12,16 +12,9 @@ during installation. These scripts should not make any assumtions about hostname or encryption keys, as these will be set or generated on the first boot. -The scripts in first-run.d/ are executed during first boot, and the -end of the boot sequence. - After freedombox-setup is installed, the /usr/lib/freedombox/setup should be called to finish the setup. -On the first boot, /etc/init.d/first-run is called and a reboot done -when it finishes to make sure all services are started with the -correct configuration. - To create the deb file: sudo apt-get install git build-essential debhelper devscripts diff --git a/debian/freedombox-setup.freedombox-first-run.init b/debian/freedombox-setup.freedombox-first-run.init deleted file mode 100755 index bb8cd96..0000000 --- a/debian/freedombox-setup.freedombox-first-run.init +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: freedombox-first-run -# Default-Start: 2 3 4 5 -# Default-Stop: -# Required-Start: $network $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Should-Start: firewalld tor haveged -# Short-Description: Finish Freedombox install after first boot -# Description: -# Script to complete the post-install process on first FBX boot. -### END INIT INFO - -RUNONCE=/var/lib/freedombox/first-run-enable -LOGFILE=/var/log/freedombox-first-run.log - -if [ ! -e $RUNONCE ] -then - exit -fi - -. /lib/lsb/init-functions - -exec > $LOGFILE 2>&1 - -etckeeper_commit() { - if type etckeeper > /dev/null 2>&1 ; then - HOME=/root etckeeper commit -m "$1" - fi -} - -mark_complete() { - # Prevent this initial configuration script from running again. - - log_action_begin_msg "Marking first-run complete" - mkdir -p "${RUNONCE%/*}" - rm -f $RUNONCE - log_action_end_msg 0 -} - -case "$1" in - start) - etckeeper_commit "Status before first-run on first boot." - - for f in /usr/lib/freedombox/first-run.d/* ; do - $f - done - - etckeeper_commit "Status after first-run on first boot." - - # the last things we do before quitting. - mark_complete - - # we're done, reboot. - reboot - ;; - stop|restart|force-reload) - # Do nothing - ;; - *) - log_success_msg "Usage: /etc/init.d/first-run {start}" - exit 1 - ;; -esac diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index 4b94d12..f550c0d 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -1,6 +1,5 @@ setup usr/lib/freedombox setup.d usr/lib/freedombox -first-run.d usr/lib/freedombox data/etc/apache2/conf-available/freedombox.conf etc/apache2/conf-available data/etc/avahi/services/*.service etc/avahi/services data/etc/sudoers.d/freedombox etc/sudoers.d diff --git a/debian/freedombox-setup.maintscript b/debian/freedombox-setup.maintscript index d29ba4d..adb3df7 100644 --- a/debian/freedombox-setup.maintscript +++ b/debian/freedombox-setup.maintscript @@ -1,4 +1,5 @@ -mv_conffile /etc/init.d/first-run /etc/init.d/freedombox-first-run 0.0.43 +rm_conffile /etc/init.d/first-run 0.0.43 +rm_conffile /etc/init.d/freedombox-first-run 0.10 rm_conffile /etc/init.d/proxy 0.0.43 rm_conffile /etc/init.d/freedombox-client-proxy 0.0.44 rm_conffile /etc/init.d/freedombox-create-uap0 0.9.2~ diff --git a/debian/rules b/debian/rules index c9211e2..9cb08f8 100755 --- a/debian/rules +++ b/debian/rules @@ -1,6 +1,3 @@ #!/usr/bin/make -f %: dh $@ --with python3 - -override_dh_installinit: - dh_installinit --no-start --name=freedombox-first-run -u"start 20 2 3 4 5 ." diff --git a/setup.d/98_next-is-first-run b/setup.d/98_next-is-first-run deleted file mode 100755 index 81ae649..0000000 --- a/setup.d/98_next-is-first-run +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -set -e - -# Tell init.d/first-run to do its stuff on the next boot. -mkdir -p /var/lib/freedombox -touch /var/lib/freedombox/first-run-enable -- 2.11.0
From f59b61a6b0f1be6f302122ce67bbfd91da77d810 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Thu, 28 Sep 2017 17:56:11 +0530 Subject: [PATCH 2/8] Remove initial configuration of network devices Plinth (> 0.15.2) will contain changes that will perform initial network device configuration when started from a FreedomBox disk image (and not when FreedomBox is installed from a Debian pacakge). Hence by depending on that version of Plinth, the network configuration may be removed from here. Signed-off-by: Sunil Mohan Adapa <su...@medhas.org> Signed-off-by: Joseph Nuthalapati <njos...@thoughtworks.com> --- debian/control | 2 +- first-run.d/05_network | 119 ------------------------------------------------- 2 files changed, 1 insertion(+), 120 deletions(-) delete mode 100755 first-run.d/05_network diff --git a/debian/control b/debian/control index f945e76..77615c4 100644 --- a/debian/control +++ b/debian/control @@ -54,7 +54,7 @@ Depends: ${misc:Depends} , network-manager , openssh-server , parted - , plinth (>= 0.15.2) + , plinth (>> 0.15.2) , psmisc , resolvconf , ssl-cert diff --git a/first-run.d/05_network b/first-run.d/05_network deleted file mode 100755 index c019e2d..0000000 --- a/first-run.d/05_network +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/bash - -set -e - -# Configure networking for all wired and wireless devices. -# -# Creates network-manager connections. - -function get-interfaces { - # XXX: Sorting of interfaces is non-numeric - WIRED_IFACES=$(nmcli --terse --fields type,device device | grep "^ethernet:" | cut -d: -f2 | sort) - NO_OF_WIRED_IFACES=$(echo $WIRED_IFACES | wc -w) - - WIRELESS_IFACES=$(nmcli --terse --fields type,device device | grep "^wifi:" | cut -d: -f2 | sort) - NO_OF_WIRELESS_IFACES=$(echo $WIRELESS_IFACES | wc -w) -} - -function configure-regular-interface { - local interface="$1" - local zone="$2" - local connection_name="FreedomBox WAN" - - # Create n-m connection for a regular interface - nmcli con add con-name "$connection_name" ifname "$interface" type ethernet - nmcli con modify "$connection_name" connection.autoconnect TRUE - nmcli con modify "$connection_name" connection.zone "$zone" - - echo "Configured interface '$interface' for '$zone' use as '$connection_name'." -} - -function configure-shared-interface { - local interface="$1" - local connection_name="FreedomBox LAN $interface" - - # Create n-m connection for eth1 - nmcli con add con-name "$connection_name" ifname "$interface" type ethernet - nmcli con modify "$connection_name" connection.autoconnect TRUE - nmcli con modify "$connection_name" connection.zone internal - - # Configure this interface to be shared with other computers. - # - Self-assign an address and network - # - Start and manage DNS server (dnsmasq) - # - Start and manage DHCP server (dnsmasq) - # - Register address with mDNS - # - Add firewall rules for NATing from this interface - nmcli con modify "$connection_name" ipv4.method shared - - echo "Configured interface '$interface' for shared use as '$connection_name'." -} - -function configure-wireless-interface { - local interface="$1" - local connection_name="FreedomBox $interface" - local ssid="FreedomBox$interface" - local secret="freedombox123" - - nmcli con add con-name "$connection_name" ifname "$interface" type wifi ssid "$ssid" - nmcli con modify "$connection_name" connection.autoconnect TRUE - nmcli con modify "$connection_name" connection.zone internal - nmcli con modify "$connection_name" ipv4.method shared - nmcli con modify "$connection_name" wifi.mode ap - nmcli con modify "$connection_name" wifi-sec.key-mgmt wpa-psk - nmcli con modify "$connection_name" wifi-sec.psk "$secret" - - echo "Configured interface '$interface' for shared use as '$connection_name'." -} - -function multi-wired-setup { - local first_interface="$1" - shift - local remaining_interfaces="$@" - - configure-regular-interface "$first_interface" external - - for interface in $remaining_interfaces - do - configure-shared-interface "$interface" - done -} - -function one-wired-setup { - local interface="$1" - - case $NO_OF_WIRELESS_IFACES in - "0") - configure-regular-interface "$interface" internal - ;; - *) - configure-regular-interface "$interface" external - ;; - esac -} - -function wireless-setup { - local interfaces="$@" - - for interface in $interfaces - do - configure-wireless-interface "$interface" - done -} - -echo "Setting up network configuration..." -get-interfaces - -case $NO_OF_WIRED_IFACES in - "0") - echo "No wired interfaces detected." - ;; - "1") - one-wired-setup $WIRED_IFACES - ;; - *) - multi-wired-setup $WIRED_IFACES -esac - -wireless-setup $WIRELESS_IFACES - -echo "Done setting up network configuration." -- 2.11.0
From ff2996f65230f0d1e049f0261734bb9b81e70aca Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Thu, 28 Sep 2017 17:47:42 +0530 Subject: [PATCH 1/8] Remove SSH and Apache setup moved to Plinth The following configuration is now available in Plinth 0.15.2. - dpkg-reconfigure required for SSH to generate SSH keys. - Force creation of Apache's self signed certificate. - Enabling various Apache modules, sites and configuration. - Restarting Apache after configuration changes. These changes can now be removed by depending on Plinth 0.15.2. Signed-off-by: Sunil Mohan Adapa <su...@medhas.org> Signed-off-by: Joseph Nuthalapati <njos...@thoughtworks.com> --- debian/control | 2 +- first-run.d/10_ssh-keys | 12 ------------ first-run.d/40_apache2 | 8 -------- setup.d/90_apache2 | 44 -------------------------------------------- 4 files changed, 1 insertion(+), 65 deletions(-) delete mode 100755 first-run.d/10_ssh-keys delete mode 100755 first-run.d/40_apache2 delete mode 100755 setup.d/90_apache2 diff --git a/debian/control b/debian/control index bca4096..f945e76 100644 --- a/debian/control +++ b/debian/control @@ -54,7 +54,7 @@ Depends: ${misc:Depends} , network-manager , openssh-server , parted - , plinth (>> 0.9.2) + , plinth (>= 0.15.2) , psmisc , resolvconf , ssl-cert diff --git a/first-run.d/10_ssh-keys b/first-run.d/10_ssh-keys deleted file mode 100755 index aeacb96..0000000 --- a/first-run.d/10_ssh-keys +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -set -e - -. /lib/lsb/init-functions - -log_action_begin_msg "Creating SSH keys" -if dpkg-reconfigure openssh-server ; then - log_action_end_msg 0 -else - log_action_end_msg 1 -fi diff --git a/first-run.d/40_apache2 b/first-run.d/40_apache2 deleted file mode 100755 index ff77c0d..0000000 --- a/first-run.d/40_apache2 +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -# -# Make sure every machine have their own unique SSL certificate, even -# if it is a snake oil one. - -set -e - -make-ssl-cert generate-default-snakeoil --force-overwrite diff --git a/setup.d/90_apache2 b/setup.d/90_apache2 deleted file mode 100755 index 696b620..0000000 --- a/setup.d/90_apache2 +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh -# -# Configure Apache for FBX. - -set -e - -echo "Configuring Apache..." - -# enable non-multithreaded Apache worker model as there a many PHP -# applications. -a2dismod mpm_event -a2dismod mpm_worker -a2enmod mpm_prefork - -# enable miscellaneous modules. -a2enmod rewrite - -# enable GnuTLS -a2dismod ssl -a2enmod gnutls - -# enable mod_alias for RedirectMatch -a2enmod alias - -# enable mod_headers for HSTS -a2enmod headers - -# enable some critical modules to avoid restart while installing -# Plinth applications. -a2enmod php7.0 -a2enmod cgi -a2enmod authnz_ldap - -# enable users to share files uploaded to ~/public_html -a2enmod userdir - -# setup freedombox site -a2enconf freedombox - -a2ensite 000-default -a2dissite default-ssl -a2ensite default-tls - -echo "Done configuring Apache." -- 2.11.0
signature.asc
Description: OpenPGP digital signature