Wiki

• FrontPage
• RecentChanges
• FindPage
• HelpContents
• 2021-07-25

Progress call: 17:00 UTC

• freedombox 21.4.4 in bullseye and buster-backports (James)
  • Accepted unblock for 21.4.4
  • Uploaded to buster-backports
  • Removed fuse3 change in buster-backports
  • Not a problem for bullseye
  • Fix for holding the freedombox package is included in 21.4.4. Only change for bullseye
  • Bullseye release August 14th
• Kiwix app (Joseph)
  • Offline Wikipedia

  • User uploads or FreedomBox downloads zim file

  • Lightweight (only kiwix-tools. No browser).
  • Already used in village deployments

    • https://en.wikibooks.org/wiki/FreedomBox_for_Communities/Offline_Wikipedia

  • Kiwix content page

    • https://wiki.kiwix.org/wiki/Content_in_all_languages

• btrfs-tools package missing in bullseye. Impacts on container/VM? (fioddor)
  • Just use btrfs-progs instead.
  • Container script is currently using btrfs-progs.

• WordPress (sunil)

  • Almost completed
  • Functional tests, backup and restore working
  • Using MariaDB, since that's the only database supported.
  • Security features
    • User Management: can potentially use LDAP, but the plugin is not ready
    • Initial setup page will be for internal networks only and then the site will be made public.
    • Containerizing the PHP-FPM application in the future.
    • Plugins and themes directory is writable in Debian.
  • Plugins are at the user's own risk.
    • Make sure that the user reads this disclaimer. Have plugins disabled by default and make enabling them an explicit action.

• Client configuration for FreedomBox Mail (GSoC)

  • Roundcube
    • Edit /etc/roundcube/config.inc.php
    • IMAP URL: ssl://freedombox
    • SMTP URL: tls://freedombox port 587
    • FQDN must match your TLS certificate
  • Mozilla Thunderbird
    • May use Let's Encrypt (not tested)
    • TB does not accept self-signed certificates that are also certificate authorities
  • Claws Mail works
    • Implicit SSL for IMAP
    • STARTTLS for SMTP (port 587)
• Fallback logic for non-admin view rendering (GSoC)

  • https://salsa.debian.org/freedombox-team/freedombox/-/issues/2094

  • configuration block vs. user_configuration and admin_configuration
  • Sunil to assist with merging the patch
• TLS/SSL settings in Postfix and Dovecot (GSoC)
  • Debian Postfix still uses weak algorithms (improvements available starting v3.x)

  • Use this tool instead: https://ssl-config.mozilla.org/ (Intermediate configuration)

    • tls_preempt_cipherlist = no (reason being some bad mail clients fall back to insecure ciphers if server preferences cannot be honored)
  • Also change the certificate fingerprint algorithm to SHA-256 (default in v3.x)
  • Certificate verification problem in Postfix SMTP client (???)
    • 127.0.0.1 freedombox host2.test.example

    • Email deliverable from user1@freedombox to user2@host2.test.example

    • TLS certificate matches freedombox but not host2.test.example

    • To investigate
• Dynamic DNS (GSoC)
  • VM for testing mail server, Let's Encrypt, email authentication
  • fliu to send SSH key for AWS

• Preparing the wiki page for UserManual (GSoC)

  • Create page on wiki
• Ikiwiki: How do you set up the CGI for Ikiwiki, any documentation on that?
  • ikiwiki --setup Somehow not working?
  • Add CGI handler in Apache

    • https://salsa.debian.org/freedombox-team/freedombox/-/blob/master/plinth/modules/ikiwiki/data/etc/apache2/conf-available/ikiwiki-plinth.conf

• Debconf 21 BoF session for FreedomBox

  • BoF is confirmed
  • BoF may be recorded (BoF were recorded last year)