Bug#873946: freedombox-setup: Cleanup setup steps based on Plinth changes
On Fri, 29 Sep 2017 15:37:46 +0530 Sunil Mohan Adapawrote: > Update set of patches. This time much cleaner and well separately. > Still testing them with Plinth and freedom-maker changes. I've committed these changes to the git repository. -- James signature.asc Description: OpenPGP digital signature
Bug#873946: freedombox-setup: Cleanup setup steps based on Plinth changes
I believe the patches are now ready for merge. I have done the following tests: * In the image - FIXED: /usr/lib/freedombox directory should not exit - first-run.d exists - setup.d exists with 86_plinth - PASS: Four files should exist in /etc/avahi/services directory - PASS: avahi-utils package must be installed - PASS: Image contains file /var/lib/freedombox/is-freedombox-disk-image - PASS: /etc/init.d/freedombox-first-run should not exit - PASS: /var/lib/freedombox/first-run-enable should not exist - PASS: /var/lib/freedombox should exist - PASS: etckeeper should not be installed and should not be configured - PASS: There should be no git repository in /etc/ - PASS: /usr/src/packages should not exist * Plinth setup - PASS: Building freedom-maker image should not have issues - PASS: Setup should succeed - PASS: Machine should not automatically restart - PASS: Setup should succeed without network * After Plinth setup - PASS: Apache - PASS: Apache configuration must be properly setup - PASS: Apache must be running - PASS: Apache must have SSL snakeoil certificate regenerated - PASS: Modules disabled - PASS: mpm_event - PASS: mpm_worker - PASS: ssl - PASS: Modules enabled - PASS: mpm_prefork - PASS: proxy - PASS: proxy_http - PASS: rewrite - PASS: gnutls - PASS: alias - PASS: headers - PASS: php7.0 - PASS: cgi - PASS: authnz_ldap - PASS: userdir - PASS: Config enabled - PASS: freedombox - PASS: javascript-common - PASS: Sites enabled - PASS: 000-default - PASS: default-tls - PASS: plinth - PASS: plinth-ssl - PASS: Sites disasbled - PASS: default-ssl - PASS: /etc/apache2/conf-available/freedombox.conf should exist - PASS: SSO - PASS: SSO private keys are created - PASS: Able to login to TTRSS, syncthing, repro - PASS: Non admin users should not be able to login to repro - NOTE: They are simply redirected back to Plinth - PASS: Unauthorized use of apps should send user to login page - PASS: SSH - PASS: SSH must have server keys generated - PASS: SSH shows as running by default - PASS: SSH must be running by default - PASS: SSH interface works - PASS: Disabling SSH stops server, disable port shows as stopped - PASS: Enabling SSH starts server, enables port shows as started - PASS: Firewall - FAIL: Enabling Tor enables Tor ports - Only tor-socks service is enabled - PASS: NTP ports should be enabled - PASS: Avahi ports should be enabled - PASS: Enabling privoxy should enable privoxy ports - PASS: Enabling XMPP enables XMPP ports - PASS: HTTP, HTTPS, DNS and DHCP ports are enabled - PASS: Default firewall zone must external - Avahi - PASS: Avahi should be running - FIXED: Avahi should have restarted and picked up new configuration files - Network - PASS: One ethernet should be configuration as DHCP (internal) - PASS: More ethernets: First interface DHCP (external), others are shared (internal) - UNTESTED: One ethernet, wireless: Ethernet is DHCP (external) - UNTESTED: All wireless: Should shared (internal) - FIXED: All network connections should be active (NM restarted) - PASS: Automatic upgrades - PASS: Automatic upgrades are enabled - PASS: Users - PASS: Should be able to create admin user during first-boot - FIXED: Should be to login with admin user on SSH - NOTE: Required restart - PASS: Should be able to sudo with admin but not non-admin user signature.asc Description: OpenPGP digital signature
Bug#873946: freedombox-setup: Cleanup setup steps based on Plinth changes
Update set of patches. This time much cleaner and well separately. Still testing them with Plinth and freedom-maker changes. -- Sunil From b8976b7d9e5ff96250817e2b0007fd9bf1580aa9 Mon Sep 17 00:00:00 2001 From: Sunil Mohan AdapaDate: Fri, 29 Sep 2017 12:08:56 +0530 Subject: [PATCH 8/8] Move Avahi configuration to Plinth Plinth already handles all Avahi configuration. After moving this file to Plinth. freedombox-setup must 'Depend' on Plinth >> 0.15.2 and Plinth 'Breaks' freedombox-setup <= 0.15.2. Signed-off-by: Sunil Mohan Adapa Signed-off-by: Joseph Nuthalapati --- data/etc/avahi/services/domain.service | 12 data/etc/avahi/services/sftp-ssh.service| 14 -- data/etc/avahi/services/ssh.service | 12 data/etc/avahi/services/xmpp-server.service | 12 debian/control | 2 -- debian/freedombox-setup.install | 1 - 6 files changed, 53 deletions(-) delete mode 100644 data/etc/avahi/services/domain.service delete mode 100644 data/etc/avahi/services/sftp-ssh.service delete mode 100644 data/etc/avahi/services/ssh.service delete mode 100644 data/etc/avahi/services/xmpp-server.service diff --git a/data/etc/avahi/services/domain.service b/data/etc/avahi/services/domain.service deleted file mode 100644 index f6210c1..000 --- a/data/etc/avahi/services/domain.service +++ /dev/null @@ -1,12 +0,0 @@ - - - - - %h - - -_domain._udp -53 - - - diff --git a/data/etc/avahi/services/sftp-ssh.service b/data/etc/avahi/services/sftp-ssh.service deleted file mode 100644 index bfe1a0f..000 --- a/data/etc/avahi/services/sftp-ssh.service +++ /dev/null @@ -1,14 +0,0 @@ - - - - - %h - - -_sftp-ssh._tcp -22 -path=/home/fbx -u=fbx - - - diff --git a/data/etc/avahi/services/ssh.service b/data/etc/avahi/services/ssh.service deleted file mode 100644 index 7090f20..000 --- a/data/etc/avahi/services/ssh.service +++ /dev/null @@ -1,12 +0,0 @@ - - - - - %h - - -_ssh._tcp -22 - - - diff --git a/data/etc/avahi/services/xmpp-server.service b/data/etc/avahi/services/xmpp-server.service deleted file mode 100644 index 4dc9b06..000 --- a/data/etc/avahi/services/xmpp-server.service +++ /dev/null @@ -1,12 +0,0 @@ - - - - - %h - - -_xmpp-server._tcp -5269 - - - diff --git a/debian/control b/debian/control index 4e68828..4e62d84 100644 --- a/debian/control +++ b/debian/control @@ -22,8 +22,6 @@ Depends: ${misc:Depends} , ${python3:Depends} , apache2 , augeas-tools - , avahi-daemon - , avahi-utils , bridge-utils , curl , devio diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index 9a7b08d..4203fbe 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -1,4 +1,3 @@ -data/etc/avahi/services/*.service etc/avahi/services data/etc/sudoers.d/freedombox etc/sudoers.d data/etc/sysctl.d/freedombox.conf etc/sysctl.d data/etc/update-motd.d/50-freedombox etc/update-motd.d/ -- 2.11.0 From a60fe1bbea315ffecb6ec5b90557da17dc699f92 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Fri, 29 Sep 2017 12:03:51 +0530 Subject: [PATCH 7/8] Move Apache FreedomBox configuration to Plinth Plinth already handles all Apache configuration. This configuration file is actually enabled in Plinth now. If freedombox-setup is not installed and Plinth tries to do Apache setup, then we might run into Apache setup failure. After moving this file to Plinth. freedombox-setup must 'Depend' on Plinth >> 0.15.2 and Plinth 'Breaks' freedombox-setup <= 0.15.2. Signed-off-by: Sunil Mohan Adapa Signed-off-by: Joseph Nuthalapati --- data/etc/apache2/conf-available/freedombox.conf | 11 --- debian/freedombox-setup.install | 1 - debian/freedombox-setup.lintian-overrides | 6 -- 3 files changed, 18 deletions(-) delete mode 100644 data/etc/apache2/conf-available/freedombox.conf delete mode 100644 debian/freedombox-setup.lintian-overrides diff --git a/data/etc/apache2/conf-available/freedombox.conf b/data/etc/apache2/conf-available/freedombox.conf deleted file mode 100644 index 3156b37..000 --- a/data/etc/apache2/conf-available/freedombox.conf +++ /dev/null @@ -1,11 +0,0 @@ -## -## Enable HSTS, even for subdomains. -## -Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS - -## -## Redirect traffic on home to /plinth as part of turning the machine -## into FreedomBox server. Plinth then acts as a portal to reach all -## other services. -## -RedirectMatch "^/$" "/plinth" diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index fe3d1a6..9a7b08d 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -1,4 +1,3 @@ -data/etc/apache2/conf-available/freedombox.conf
Bug#873946: freedombox-setup: Cleanup setup steps based on Plinth changes
Package: freedombox-setup Version: 0.10 Severity: normal Tags: patch -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Currently, Plinth is undergoing changes to move a lot of setup steps into Plinth. This will eliminate the need for many steps in freedombox-setup. Attached patch is a work-in-progress patch to indicate the kind of cleanups that may be done on freedombox-setup after these changes. Note that both the packages should depend on particular versions with these changes (using Depends and Breaks to avoid circular dependencies). This patch is somewhat aggressive. While the first-run can be completely removed without question, same is not true setup process. However, what remains in setup step is so minimal that it does not warrant an extra FreedomBox install complication. So, with this patch I suggest removing functionalities of etckeeper and provide source temporarily in order to gain the huge advantage of simplification of the FreedomBox install/setup process. - -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_IN.UTF-8, LC_CTYPE=en_IN.UTF-8 (charmap=UTF-8), LANGUAGE=en_IN.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEE5xPDY9ZyWnWupXSBQ+oc/wqnxfIFAlmpYusRHHN1bmlsQG1l ZGhhcy5vcmcACgkQQ+oc/wqnxfJhahAAgbhTVkCHrbG5oPUQj1RQqHrjiBeVDuJr FQv+F4Pa/OvPrrdQOUW54jCt9VP9QC87y2cxXVU6j5gxzZ7290oOC0t1Q0yOSiPy NH9X6wZ1629ywTd6tmat1rphWlmPFLTANZTJlKeR4ZWUB/MnIaH5f2jT2wbgI0lC Y1503luAfAGlwiBKjAQJnOMGQPFQekibpsgEUwtWSBskA0DO7My+oTChuXY429jg vPy5ACMkSLH+GBSqFwwj7dv8RvLpzEDGbmudb+Ry5+GQJDgrG66XleyEo+ut62f4 V4vm3kIsl3tjsVYnL1+DhMC8pFFkUYShIDlSucNoF01J1UHahiIuGsotQTS9W5YB vq6D29nXw+UE+eLRJQdS47SjXwgsdrNGLd+E0SKHOXkvXHjXArmRQ45u9dCbhgaO whDtvZxtyGcfHXweHW4WncB7VG8sjXDlb+F16Q5PjZ0vK12hSq7GIjjbARphLMFU vaeNYv43sWmscu2lse4SNw1y9kUjukmJ5umg3a5ZjLcEC5Czc6jPGO2zherZxatf 9mdcec90ahPOgu0Pm5fa7TpDUlVsOex79zsKSIbPh9XnlhswVnrJBHs7hI8EjAK6 232MPuywB/e7r7kHv5m4KF2h74UJc/agB1igrZR3bUBqDkKnZ5yFrRyGkcD9lFOb 0zxK4ysd8rw= =hE65 -END PGP SIGNATURE- >From c7b26d6e2df98ae97b0ed4263bc3d94d98ec0bee Mon Sep 17 00:00:00 2001 From: Sunil Mohan AdapaDate: Fri, 1 Sep 2017 18:41:33 +0530 Subject: [PATCH] WIP: Move most setup steps to Plinth Signed-off-by: Sunil Mohan Adapa --- debian/freedombox-setup.freedombox-first-run.init | 64 debian/freedombox-setup.install | 3 - debian/freedombox-setup.maintscript | 1 + debian/rules | 3 - debian/tests/control | 2 - debian/tests/test-run-setup | 15 --- first-run.d/05_network| 119 -- first-run.d/10_ssh-keys | 12 --- first-run.d/40_apache2| 8 -- setup | 29 -- setup.d/01_etckeeper-pre | 15 --- setup.d/90_apache2| 44 setup.d/98_next-is-first-run | 7 -- setup.d/99_etckeeper | 7 -- setup.d/99_provide-source | 28 - setup.d/99_zmessage | 22 16 files changed, 1 insertion(+), 378 deletions(-) delete mode 100755 debian/freedombox-setup.freedombox-first-run.init delete mode 100644 debian/tests/control delete mode 100755 debian/tests/test-run-setup delete mode 100755 first-run.d/05_network delete mode 100755 first-run.d/10_ssh-keys delete mode 100755 first-run.d/40_apache2 delete mode 100755 setup delete mode 100755 setup.d/01_etckeeper-pre delete mode 100755 setup.d/90_apache2 delete mode 100755 setup.d/98_next-is-first-run delete mode 100755 setup.d/99_etckeeper delete mode 100755 setup.d/99_provide-source delete mode 100755 setup.d/99_zmessage diff --git a/debian/freedombox-setup.freedombox-first-run.init b/debian/freedombox-setup.freedombox-first-run.init deleted file mode 100755 index bb8cd96..000 --- a/debian/freedombox-setup.freedombox-first-run.init +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: freedombox-first-run -# Default-Start: 2 3 4 5 -# Default-Stop: -# Required-Start:$network $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Should-Start: firewalld tor haveged -# Short-Description: Finish Freedombox install after first boot -# Description: -# Script to complete the post-install process on first FBX boot. -### END INIT INFO - -RUNONCE=/var/lib/freedombox/first-run-enable -LOGFILE=/var/log/freedombox-first-run.log - -if [ ! -e $RUNONCE ] -then -exit -fi - -. /lib/lsb/init-functions - -exec > $LOGFILE 2>&1 - -etckeeper_commit() { -if