Update set of patches. This time much cleaner and well separately. Still testing them with Plinth and freedom-maker changes.
-- Sunil
From b8976b7d9e5ff96250817e2b0007fd9bf1580aa9 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <su...@medhas.org>
Date: Fri, 29 Sep 2017 12:08:56 +0530
Subject: [PATCH 8/8] Move Avahi configuration to Plinth
Plinth already handles all Avahi configuration.
After moving this file to Plinth. freedombox-setup must 'Depend' on Plinth >>
0.15.2 and Plinth 'Breaks' freedombox-setup <= 0.15.2.
Signed-off-by: Sunil Mohan Adapa <su...@medhas.org>
Signed-off-by: Joseph Nuthalapati <njos...@thoughtworks.com>
---
data/etc/avahi/services/domain.service | 12 ------------
data/etc/avahi/services/sftp-ssh.service | 14 --------------
data/etc/avahi/services/ssh.service | 12 ------------
data/etc/avahi/services/xmpp-server.service | 12 ------------
debian/control | 2 --
debian/freedombox-setup.install | 1 -
6 files changed, 53 deletions(-)
delete mode 100644 data/etc/avahi/services/domain.service
delete mode 100644 data/etc/avahi/services/sftp-ssh.service
delete mode 100644 data/etc/avahi/services/ssh.service
delete mode 100644 data/etc/avahi/services/xmpp-server.service
diff --git a/data/etc/avahi/services/domain.service b/data/etc/avahi/services/domain.service
deleted file mode 100644
index f6210c1..0000000
--- a/data/etc/avahi/services/domain.service
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
-<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
-<service-group>
-
- <name replace-wildcards="yes">%h</name>
-
- <service>
- <type>_domain._udp</type>
- <port>53</port>
- </service>
-
-</service-group>
diff --git a/data/etc/avahi/services/sftp-ssh.service b/data/etc/avahi/services/sftp-ssh.service
deleted file mode 100644
index bfe1a0f..0000000
--- a/data/etc/avahi/services/sftp-ssh.service
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
-<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
-<service-group>
-
- <name replace-wildcards="yes">%h</name>
-
- <service>
- <type>_sftp-ssh._tcp</type>
- <port>22</port>
- <txt-record>path=/home/fbx</txt-record>
- <txt-record>u=fbx</txt-record>
- </service>
-
-</service-group>
diff --git a/data/etc/avahi/services/ssh.service b/data/etc/avahi/services/ssh.service
deleted file mode 100644
index 7090f20..0000000
--- a/data/etc/avahi/services/ssh.service
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
-<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
-<service-group>
-
- <name replace-wildcards="yes">%h</name>
-
- <service>
- <type>_ssh._tcp</type>
- <port>22</port>
- </service>
-
-</service-group>
diff --git a/data/etc/avahi/services/xmpp-server.service b/data/etc/avahi/services/xmpp-server.service
deleted file mode 100644
index 4dc9b06..0000000
--- a/data/etc/avahi/services/xmpp-server.service
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
-<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
-<service-group>
-
- <name replace-wildcards="yes">%h</name>
-
- <service>
- <type>_xmpp-server._tcp</type>
- <port>5269</port>
- </service>
-
-</service-group>
diff --git a/debian/control b/debian/control
index 4e68828..4e62d84 100644
--- a/debian/control
+++ b/debian/control
@@ -22,8 +22,6 @@ Depends: ${misc:Depends}
, ${python3:Depends}
, apache2
, augeas-tools
- , avahi-daemon
- , avahi-utils
, bridge-utils
, curl
, devio
diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install
index 9a7b08d..4203fbe 100644
--- a/debian/freedombox-setup.install
+++ b/debian/freedombox-setup.install
@@ -1,4 +1,3 @@
-data/etc/avahi/services/*.service etc/avahi/services
data/etc/sudoers.d/freedombox etc/sudoers.d
data/etc/sysctl.d/freedombox.conf etc/sysctl.d
data/etc/update-motd.d/50-freedombox etc/update-motd.d/
--
2.11.0
From a60fe1bbea315ffecb6ec5b90557da17dc699f92 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Fri, 29 Sep 2017 12:03:51 +0530 Subject: [PATCH 7/8] Move Apache FreedomBox configuration to Plinth Plinth already handles all Apache configuration. This configuration file is actually enabled in Plinth now. If freedombox-setup is not installed and Plinth tries to do Apache setup, then we might run into Apache setup failure. After moving this file to Plinth. freedombox-setup must 'Depend' on Plinth >> 0.15.2 and Plinth 'Breaks' freedombox-setup <= 0.15.2. Signed-off-by: Sunil Mohan Adapa <su...@medhas.org> Signed-off-by: Joseph Nuthalapati <njos...@thoughtworks.com> --- data/etc/apache2/conf-available/freedombox.conf | 11 ----------- debian/freedombox-setup.install | 1 - debian/freedombox-setup.lintian-overrides | 6 ------ 3 files changed, 18 deletions(-) delete mode 100644 data/etc/apache2/conf-available/freedombox.conf delete mode 100644 debian/freedombox-setup.lintian-overrides diff --git a/data/etc/apache2/conf-available/freedombox.conf b/data/etc/apache2/conf-available/freedombox.conf deleted file mode 100644 index 3156b37..0000000 --- a/data/etc/apache2/conf-available/freedombox.conf +++ /dev/null @@ -1,11 +0,0 @@ -## -## Enable HSTS, even for subdomains. -## -Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS - -## -## Redirect traffic on home to /plinth as part of turning the machine -## into FreedomBox server. Plinth then acts as a portal to reach all -## other services. -## -RedirectMatch "^/$" "/plinth" diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index fe3d1a6..9a7b08d 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -1,4 +1,3 @@ -data/etc/apache2/conf-available/freedombox.conf etc/apache2/conf-available data/etc/avahi/services/*.service etc/avahi/services data/etc/sudoers.d/freedombox etc/sudoers.d data/etc/sysctl.d/freedombox.conf etc/sysctl.d diff --git a/debian/freedombox-setup.lintian-overrides b/debian/freedombox-setup.lintian-overrides deleted file mode 100644 index 5eb42c8..0000000 --- a/debian/freedombox-setup.lintian-overrides +++ /dev/null @@ -1,6 +0,0 @@ -# This lintian check is meant for making sure there are no clashes -# when Apache configuration files are installed. Given the uniqueness -# of the name for FreedomBox configuration (freedombox.conf), this is -# taken care of. freedombox-setup is configure Apache for FreedomBox -# and not for itself. -freedombox-setup binary: non-standard-apache2-configuration-name freedombox.conf != freedombox-setup.conf -- 2.11.0
From 2cf82269fdebb4e20d5ef12062582133d3bbe167 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Thu, 28 Sep 2017 18:51:23 +0530 Subject: [PATCH 6/8] Remove setup step Without the setup step, a user after installing freedombox-setup as Debian package may simply proceed to use the Plinth interface instead of having to run the freedombox/setup. This is a major setup towards simplification. Users installing freedombox-setup from a GUI package manager will benefit immensely. Signed-off-by: Sunil Mohan Adapa <su...@medhas.org> Signed-off-by: Joseph Nuthalapati <njos...@thoughtworks.com> --- README | 11 ++--------- debian/control | 1 - debian/freedombox-setup.install | 2 -- debian/tests/control | 2 -- debian/tests/test-run-setup | 15 --------------- preseed/preseed-stretch.dat | 2 +- setup | 29 ----------------------------- setup.d/99_zmessage | 22 ---------------------- 8 files changed, 3 insertions(+), 81 deletions(-) delete mode 100644 debian/tests/control delete mode 100755 debian/tests/test-run-setup delete mode 100755 setup delete mode 100755 setup.d/99_zmessage diff --git a/README b/README index d16e282..5d5e199 100644 --- a/README +++ b/README @@ -5,15 +5,8 @@ To make sure a FreedomBox can be set up on any architecture supported by Debian, the code and settings used to configure packages are gathered in this deb. -The scripts in setup.d/ are executed during installation to install -and configure different parts of the FreedomBox. Note that most setup -should be done as plinth modules on request of its user, and not -during installation. These scripts should not make any assumtions -about hostname or encryption keys, as these will be set or generated -on the first boot. - -After freedombox-setup is installed, the /usr/lib/freedombox/setup -should be called to finish the setup. +Note that most setup is done as plinth modules on request of its +user, and not during installation. To create the deb file: diff --git a/debian/control b/debian/control index db186e9..4e68828 100644 --- a/debian/control +++ b/debian/control @@ -12,7 +12,6 @@ Build-Depends: debhelper (>= 9) , dh-python , python3-all Standards-Version: 3.9.8 -Testsuite: autopkgtest Homepage: https://wiki.debian.org/FreedomBox Vcs-Git: https://anonscm.debian.org/git/freedombox/freedombox-setup.git Vcs-Browser: https://anonscm.debian.org/cgit/freedombox/freedombox-setup.git diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index f550c0d..fe3d1a6 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -1,5 +1,3 @@ -setup usr/lib/freedombox -setup.d usr/lib/freedombox data/etc/apache2/conf-available/freedombox.conf etc/apache2/conf-available data/etc/avahi/services/*.service etc/avahi/services data/etc/sudoers.d/freedombox etc/sudoers.d diff --git a/debian/tests/control b/debian/tests/control deleted file mode 100644 index 0ba14fa..0000000 --- a/debian/tests/control +++ /dev/null @@ -1,2 +0,0 @@ -Tests: test-run-setup -Restrictions: needs-root, breaks-testbed, allow-stderr diff --git a/debian/tests/test-run-setup b/debian/tests/test-run-setup deleted file mode 100755 index dbc6e23..0000000 --- a/debian/tests/test-run-setup +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -set -e - -# Make sure running the test do not modify the users setup, and that -# git can work even when no HOME is set. -HOME="$(mktemp -d)" -export HOME - -# Don't page systemd output, so error details are shown in log. -export SYSTEMD_PAGER=cat - -/usr/lib/freedombox/setup - -rm -rf "${HOME}" diff --git a/preseed/preseed-stretch.dat b/preseed/preseed-stretch.dat index 9f0741c..bbea36b 100644 --- a/preseed/preseed-stretch.dat +++ b/preseed/preseed-stretch.dat @@ -28,7 +28,7 @@ grub-installer grub-installer/only_debian boolean true # and set up the Freedombox. Block init.d scripts from running using # policy-rc.d to make sure dnsmasq do not overwrite the resolv.conf # file we just inserted (and to keep services from starting in the chroot). -d-i preseed/late_command string cp /etc/resolv.conf /target/etc/resolvconf/run/resolv.conf; SOURCE=false in-target /usr/lib/freedombox/setup +d-i preseed/late_command string cp /etc/resolv.conf /target/etc/resolvconf/run/resolv.conf # Avoid that last message about the install being complete. d-i finish-install/reboot_in_progress note diff --git a/setup b/setup deleted file mode 100755 index 0d268bd..0000000 --- a/setup +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh - -set -e # Exit on error - -at_exit() { - if $policyd ; then - rm -f /usr/sbin/policy-rc.d - fi - policyd=false -} - -# Make sure configuring packages do not start any services. Also make -# sure we remove policy-rc.d only if we created it. -trap at_exit HUP INT TERM EXIT -if [ ! -e /usr/sbin/policy-rc.d ] ; then - cat > /usr/sbin/policy-rc.d <<EOF -#!/bin/sh -exit 101 -EOF - chmod a+rx /usr/sbin/policy-rc.d - policyd=true -else - policyd=false -fi - -for f in /usr/lib/freedombox/setup.d/* ; do - echo "running $f" - $f -done diff --git a/setup.d/99_zmessage b/setup.d/99_zmessage deleted file mode 100755 index df821bd..0000000 --- a/setup.d/99_zmessage +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh - -set -e - -cat <<EOF - -=================================================================== -FreedomBox setup completed -=================================================================== - -Please note: - -- For server security, all users except 'root', 'fbx' and those in - 'admin' and 'sudo' groups will be denied console/GUI login access. - This is recommended for the security of various services running on - FreedomBox. Please edit /etc/security/access.conf if you wish to - remove or alter this restriction. Also see 'man access.conf'. - -- You need to reboot before using FreedomBox to allow first run - operations to finish. -=================================================================== -EOF -- 2.11.0
From fbc674582b5488f8e1612fe40a755ac95585abeb Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Thu, 28 Sep 2017 18:35:01 +0530 Subject: [PATCH 5/8] Remove providing source - This feature is not being used while building current official images. - This feature is not useful for users who install FreedomBox from Debian package using `apt install freedombox-setup`. - This functionality can be moved to freedom-maker. - Very few things remain as part of freedombox-setup and provide-source is one of the main things. Although it has some value, it is not enough to keep the entire process of freedombox/setup around. A user after installing freedombox-setup as Debian package may simply proceed to use the Plinth interface instead of having to run the freedombox/setup. This is a major setup towards simplification. Users installing freedombox-setup from a GUI package manager will benefit immensely. Signed-off-by: Sunil Mohan Adapa <su...@medhas.org> Signed-off-by: Joseph Nuthalapati <njos...@thoughtworks.com> --- setup.d/99_provide-source | 28 ---------------------------- 1 file changed, 28 deletions(-) delete mode 100755 setup.d/99_provide-source diff --git a/setup.d/99_provide-source b/setup.d/99_provide-source deleted file mode 100755 index fbb8d8e..0000000 --- a/setup.d/99_provide-source +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh -# -# Make sure generated images complies with licenses requiring the -# source to be available, by providing the source of every package -# used. - -set -e - -if [ 'true' = "$SOURCE" ] ; then - echo "Adding source packages to file system" -else - echo "Not adding source packages to filesystem (SOURCE=false)" - exit 0 -fi - -targetdir=/usr/src/packages - -echo "Adding source packages to filesystem in $targetdir" -apt-get update || true -dpkg --get-selections > /tmp/selections -mkdir -p $targetdir -cd $targetdir - -cut -f 1 < /tmp/selections | \ - cut -d ':' -f 1 > /tmp/packages -apt-get source -m --download-only `cat /tmp/packages` - -rm /tmp/selections /tmp/packages -- 2.11.0
From 560090f2d2e25d069adfd406d910a84da9b94e44 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <su...@medhas.org>
Date: Thu, 28 Sep 2017 18:26:27 +0530
Subject: [PATCH 4/8] Remove etckeeper
- Very few things remain as part of freedombox-setup and etckeeper is one of the
main things. Although it has some value, it is not enough to keep the entire
process of freedombox/setup around. A user after installing freedombox-setup
as Debian package may simply proceed to use the Plinth interface instead of
having to run the freedombox/setup. This is a major setup towards
simplification. Users installing freedombox-setup from a GUI package manager
will benefit immensely.
- This is not a feature that our target audience (regular users) will ever use.
- This feature may be resurrected later in Plinth as a module.
Signed-off-by: Sunil Mohan Adapa <su...@medhas.org>
Signed-off-by: Joseph Nuthalapati <njos...@thoughtworks.com>
---
debian/control | 1 -
setup.d/01_etckeeper-pre | 15 ---------------
setup.d/99_etckeeper | 7 -------
3 files changed, 23 deletions(-)
delete mode 100755 setup.d/01_etckeeper-pre
delete mode 100755 setup.d/99_etckeeper
diff --git a/debian/control b/debian/control
index 77615c4..db186e9 100644
--- a/debian/control
+++ b/debian/control
@@ -32,7 +32,6 @@ Depends: ${misc:Depends}
, dnsmasq-base
, dnsutils
, dosfstools
- , etckeeper
, haveged
, how-can-i-help
, htop
diff --git a/setup.d/01_etckeeper-pre b/setup.d/01_etckeeper-pre
deleted file mode 100755
index 0aef4b4..0000000
--- a/setup.d/01_etckeeper-pre
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Avoid etckeeper problem (refuses to commit) because git picked a
-# email address with an empty domain.
-if which etckeeper > /dev/null 2>&1 && \
- [ ! -e /etc/mailname ] &&
- [ -z "$(git config --global --get user.email)" ] ; then
- echo "info: Setting git user.email."
- git config --global user.email "root@localhost"
- etckeeper commit -m "Status before freedombox-setup run."
-else
- echo "info: Not setting git user.email."
-fi
diff --git a/setup.d/99_etckeeper b/setup.d/99_etckeeper
deleted file mode 100755
index 1e86b92..0000000
--- a/setup.d/99_etckeeper
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if type etckeeper > /dev/null 2>&1 ; then
- etckeeper commit -m "Status after freedombox-setup run."
-fi
--
2.11.0
From af6c41f0c556b1f4ca47d7a6b9ce6f9eae040002 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <su...@medhas.org>
Date: Thu, 28 Sep 2017 18:13:29 +0530
Subject: [PATCH 3/8] Remove first-run completely and avoid rebooting
There are no longer any first-run steps with all the steps having moved to
Plinth. In future, we want to run setup steps such as these in Plinth instead.
Rebooting after running the first-run scripts currently causes problems for
Plinth as it does its setup in background, the setup process is interrupted.
Signed-off-by: Sunil Mohan Adapa <su...@medhas.org>
Signed-off-by: Joseph Nuthalapati <njos...@thoughtworks.com>
---
README | 7 ---
debian/freedombox-setup.freedombox-first-run.init | 64 -----------------------
debian/freedombox-setup.install | 1 -
debian/freedombox-setup.maintscript | 3 +-
debian/rules | 3 --
setup.d/98_next-is-first-run | 7 ---
6 files changed, 2 insertions(+), 83 deletions(-)
delete mode 100755 debian/freedombox-setup.freedombox-first-run.init
delete mode 100755 setup.d/98_next-is-first-run
diff --git a/README b/README
index 70a1e06..d16e282 100644
--- a/README
+++ b/README
@@ -12,16 +12,9 @@ during installation. These scripts should not make any assumtions
about hostname or encryption keys, as these will be set or generated
on the first boot.
-The scripts in first-run.d/ are executed during first boot, and the
-end of the boot sequence.
-
After freedombox-setup is installed, the /usr/lib/freedombox/setup
should be called to finish the setup.
-On the first boot, /etc/init.d/first-run is called and a reboot done
-when it finishes to make sure all services are started with the
-correct configuration.
-
To create the deb file:
sudo apt-get install git build-essential debhelper devscripts
diff --git a/debian/freedombox-setup.freedombox-first-run.init b/debian/freedombox-setup.freedombox-first-run.init
deleted file mode 100755
index bb8cd96..0000000
--- a/debian/freedombox-setup.freedombox-first-run.init
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/bin/sh
-### BEGIN INIT INFO
-# Provides: freedombox-first-run
-# Default-Start: 2 3 4 5
-# Default-Stop:
-# Required-Start: $network $remote_fs $syslog
-# Required-Stop: $remote_fs $syslog
-# Should-Start: firewalld tor haveged
-# Short-Description: Finish Freedombox install after first boot
-# Description:
-# Script to complete the post-install process on first FBX boot.
-### END INIT INFO
-
-RUNONCE=/var/lib/freedombox/first-run-enable
-LOGFILE=/var/log/freedombox-first-run.log
-
-if [ ! -e $RUNONCE ]
-then
- exit
-fi
-
-. /lib/lsb/init-functions
-
-exec > $LOGFILE 2>&1
-
-etckeeper_commit() {
- if type etckeeper > /dev/null 2>&1 ; then
- HOME=/root etckeeper commit -m "$1"
- fi
-}
-
-mark_complete() {
- # Prevent this initial configuration script from running again.
-
- log_action_begin_msg "Marking first-run complete"
- mkdir -p "${RUNONCE%/*}"
- rm -f $RUNONCE
- log_action_end_msg 0
-}
-
-case "$1" in
- start)
- etckeeper_commit "Status before first-run on first boot."
-
- for f in /usr/lib/freedombox/first-run.d/* ; do
- $f
- done
-
- etckeeper_commit "Status after first-run on first boot."
-
- # the last things we do before quitting.
- mark_complete
-
- # we're done, reboot.
- reboot
- ;;
- stop|restart|force-reload)
- # Do nothing
- ;;
- *)
- log_success_msg "Usage: /etc/init.d/first-run {start}"
- exit 1
- ;;
-esac
diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install
index 4b94d12..f550c0d 100644
--- a/debian/freedombox-setup.install
+++ b/debian/freedombox-setup.install
@@ -1,6 +1,5 @@
setup usr/lib/freedombox
setup.d usr/lib/freedombox
-first-run.d usr/lib/freedombox
data/etc/apache2/conf-available/freedombox.conf etc/apache2/conf-available
data/etc/avahi/services/*.service etc/avahi/services
data/etc/sudoers.d/freedombox etc/sudoers.d
diff --git a/debian/freedombox-setup.maintscript b/debian/freedombox-setup.maintscript
index d29ba4d..adb3df7 100644
--- a/debian/freedombox-setup.maintscript
+++ b/debian/freedombox-setup.maintscript
@@ -1,4 +1,5 @@
-mv_conffile /etc/init.d/first-run /etc/init.d/freedombox-first-run 0.0.43
+rm_conffile /etc/init.d/first-run 0.0.43
+rm_conffile /etc/init.d/freedombox-first-run 0.10
rm_conffile /etc/init.d/proxy 0.0.43
rm_conffile /etc/init.d/freedombox-client-proxy 0.0.44
rm_conffile /etc/init.d/freedombox-create-uap0 0.9.2~
diff --git a/debian/rules b/debian/rules
index c9211e2..9cb08f8 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,6 +1,3 @@
#!/usr/bin/make -f
%:
dh $@ --with python3
-
-override_dh_installinit:
- dh_installinit --no-start --name=freedombox-first-run -u"start 20 2 3 4 5 ."
diff --git a/setup.d/98_next-is-first-run b/setup.d/98_next-is-first-run
deleted file mode 100755
index 81ae649..0000000
--- a/setup.d/98_next-is-first-run
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Tell init.d/first-run to do its stuff on the next boot.
-mkdir -p /var/lib/freedombox
-touch /var/lib/freedombox/first-run-enable
--
2.11.0
From f59b61a6b0f1be6f302122ce67bbfd91da77d810 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <su...@medhas.org>
Date: Thu, 28 Sep 2017 17:56:11 +0530
Subject: [PATCH 2/8] Remove initial configuration of network devices
Plinth (> 0.15.2) will contain changes that will perform initial network device
configuration when started from a FreedomBox disk image (and not when FreedomBox
is installed from a Debian pacakge). Hence by depending on that version of
Plinth, the network configuration may be removed from here.
Signed-off-by: Sunil Mohan Adapa <su...@medhas.org>
Signed-off-by: Joseph Nuthalapati <njos...@thoughtworks.com>
---
debian/control | 2 +-
first-run.d/05_network | 119 -------------------------------------------------
2 files changed, 1 insertion(+), 120 deletions(-)
delete mode 100755 first-run.d/05_network
diff --git a/debian/control b/debian/control
index f945e76..77615c4 100644
--- a/debian/control
+++ b/debian/control
@@ -54,7 +54,7 @@ Depends: ${misc:Depends}
, network-manager
, openssh-server
, parted
- , plinth (>= 0.15.2)
+ , plinth (>> 0.15.2)
, psmisc
, resolvconf
, ssl-cert
diff --git a/first-run.d/05_network b/first-run.d/05_network
deleted file mode 100755
index c019e2d..0000000
--- a/first-run.d/05_network
+++ /dev/null
@@ -1,119 +0,0 @@
-#!/bin/bash
-
-set -e
-
-# Configure networking for all wired and wireless devices.
-#
-# Creates network-manager connections.
-
-function get-interfaces {
- # XXX: Sorting of interfaces is non-numeric
- WIRED_IFACES=$(nmcli --terse --fields type,device device | grep "^ethernet:" | cut -d: -f2 | sort)
- NO_OF_WIRED_IFACES=$(echo $WIRED_IFACES | wc -w)
-
- WIRELESS_IFACES=$(nmcli --terse --fields type,device device | grep "^wifi:" | cut -d: -f2 | sort)
- NO_OF_WIRELESS_IFACES=$(echo $WIRELESS_IFACES | wc -w)
-}
-
-function configure-regular-interface {
- local interface="$1"
- local zone="$2"
- local connection_name="FreedomBox WAN"
-
- # Create n-m connection for a regular interface
- nmcli con add con-name "$connection_name" ifname "$interface" type ethernet
- nmcli con modify "$connection_name" connection.autoconnect TRUE
- nmcli con modify "$connection_name" connection.zone "$zone"
-
- echo "Configured interface '$interface' for '$zone' use as '$connection_name'."
-}
-
-function configure-shared-interface {
- local interface="$1"
- local connection_name="FreedomBox LAN $interface"
-
- # Create n-m connection for eth1
- nmcli con add con-name "$connection_name" ifname "$interface" type ethernet
- nmcli con modify "$connection_name" connection.autoconnect TRUE
- nmcli con modify "$connection_name" connection.zone internal
-
- # Configure this interface to be shared with other computers.
- # - Self-assign an address and network
- # - Start and manage DNS server (dnsmasq)
- # - Start and manage DHCP server (dnsmasq)
- # - Register address with mDNS
- # - Add firewall rules for NATing from this interface
- nmcli con modify "$connection_name" ipv4.method shared
-
- echo "Configured interface '$interface' for shared use as '$connection_name'."
-}
-
-function configure-wireless-interface {
- local interface="$1"
- local connection_name="FreedomBox $interface"
- local ssid="FreedomBox$interface"
- local secret="freedombox123"
-
- nmcli con add con-name "$connection_name" ifname "$interface" type wifi ssid "$ssid"
- nmcli con modify "$connection_name" connection.autoconnect TRUE
- nmcli con modify "$connection_name" connection.zone internal
- nmcli con modify "$connection_name" ipv4.method shared
- nmcli con modify "$connection_name" wifi.mode ap
- nmcli con modify "$connection_name" wifi-sec.key-mgmt wpa-psk
- nmcli con modify "$connection_name" wifi-sec.psk "$secret"
-
- echo "Configured interface '$interface' for shared use as '$connection_name'."
-}
-
-function multi-wired-setup {
- local first_interface="$1"
- shift
- local remaining_interfaces="$@"
-
- configure-regular-interface "$first_interface" external
-
- for interface in $remaining_interfaces
- do
- configure-shared-interface "$interface"
- done
-}
-
-function one-wired-setup {
- local interface="$1"
-
- case $NO_OF_WIRELESS_IFACES in
- "0")
- configure-regular-interface "$interface" internal
- ;;
- *)
- configure-regular-interface "$interface" external
- ;;
- esac
-}
-
-function wireless-setup {
- local interfaces="$@"
-
- for interface in $interfaces
- do
- configure-wireless-interface "$interface"
- done
-}
-
-echo "Setting up network configuration..."
-get-interfaces
-
-case $NO_OF_WIRED_IFACES in
- "0")
- echo "No wired interfaces detected."
- ;;
- "1")
- one-wired-setup $WIRED_IFACES
- ;;
- *)
- multi-wired-setup $WIRED_IFACES
-esac
-
-wireless-setup $WIRELESS_IFACES
-
-echo "Done setting up network configuration."
--
2.11.0
From ff2996f65230f0d1e049f0261734bb9b81e70aca Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <su...@medhas.org>
Date: Thu, 28 Sep 2017 17:47:42 +0530
Subject: [PATCH 1/8] Remove SSH and Apache setup moved to Plinth
The following configuration is now available in Plinth 0.15.2.
- dpkg-reconfigure required for SSH to generate SSH keys.
- Force creation of Apache's self signed certificate.
- Enabling various Apache modules, sites and configuration.
- Restarting Apache after configuration changes.
These changes can now be removed by depending on Plinth 0.15.2.
Signed-off-by: Sunil Mohan Adapa <su...@medhas.org>
Signed-off-by: Joseph Nuthalapati <njos...@thoughtworks.com>
---
debian/control | 2 +-
first-run.d/10_ssh-keys | 12 ------------
first-run.d/40_apache2 | 8 --------
setup.d/90_apache2 | 44 --------------------------------------------
4 files changed, 1 insertion(+), 65 deletions(-)
delete mode 100755 first-run.d/10_ssh-keys
delete mode 100755 first-run.d/40_apache2
delete mode 100755 setup.d/90_apache2
diff --git a/debian/control b/debian/control
index bca4096..f945e76 100644
--- a/debian/control
+++ b/debian/control
@@ -54,7 +54,7 @@ Depends: ${misc:Depends}
, network-manager
, openssh-server
, parted
- , plinth (>> 0.9.2)
+ , plinth (>= 0.15.2)
, psmisc
, resolvconf
, ssl-cert
diff --git a/first-run.d/10_ssh-keys b/first-run.d/10_ssh-keys
deleted file mode 100755
index aeacb96..0000000
--- a/first-run.d/10_ssh-keys
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-
-set -e
-
-. /lib/lsb/init-functions
-
-log_action_begin_msg "Creating SSH keys"
-if dpkg-reconfigure openssh-server ; then
- log_action_end_msg 0
-else
- log_action_end_msg 1
-fi
diff --git a/first-run.d/40_apache2 b/first-run.d/40_apache2
deleted file mode 100755
index ff77c0d..0000000
--- a/first-run.d/40_apache2
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-#
-# Make sure every machine have their own unique SSL certificate, even
-# if it is a snake oil one.
-
-set -e
-
-make-ssl-cert generate-default-snakeoil --force-overwrite
diff --git a/setup.d/90_apache2 b/setup.d/90_apache2
deleted file mode 100755
index 696b620..0000000
--- a/setup.d/90_apache2
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/sh
-#
-# Configure Apache for FBX.
-
-set -e
-
-echo "Configuring Apache..."
-
-# enable non-multithreaded Apache worker model as there a many PHP
-# applications.
-a2dismod mpm_event
-a2dismod mpm_worker
-a2enmod mpm_prefork
-
-# enable miscellaneous modules.
-a2enmod rewrite
-
-# enable GnuTLS
-a2dismod ssl
-a2enmod gnutls
-
-# enable mod_alias for RedirectMatch
-a2enmod alias
-
-# enable mod_headers for HSTS
-a2enmod headers
-
-# enable some critical modules to avoid restart while installing
-# Plinth applications.
-a2enmod php7.0
-a2enmod cgi
-a2enmod authnz_ldap
-
-# enable users to share files uploaded to ~/public_html
-a2enmod userdir
-
-# setup freedombox site
-a2enconf freedombox
-
-a2ensite 000-default
-a2dissite default-ssl
-a2ensite default-tls
-
-echo "Done configuring Apache."
--
2.11.0
signature.asc
Description: OpenPGP digital signature
