Dear FB fellows.
Problem
My FB did an automated upgrade this morning from 20.11 to 20.12 but failed to start the Plinth service afterwards. I’ve seen in the 20.12 announcement[0] that new shortcut paths have been added to the frontpage:
- frontpage: Allow adding shotcuts using .d drop-in files
- frontpage: Read shortcuts from multiple locations in /etc/, /usr/share and /var/lib
When starting the service via systemctl
I do not get any meaningful error messages:
Jul 03 11:00:03 box systemd[1]: plinth.service: Main process exited, code=exited, status=1/FAILURE
Jul 03 11:00:03 box systemd[1]: plinth.service: Failed with result 'exit-code'.
When starting the plinth service manually in foreground, I get more detail and can see the following error:
root@box:/var/lib/freedombox# sudo -u plinth plinth
INFO plinth.__main__ FreedomBox Service (Plinth) version - 20.12
INFO plinth.__main__ Script prefix - /plinth
INFO axes.watch_login AXES: BEGIN LOG
INFO axes.watch_login AXES: Using django-axes 4.4.0
INFO axes.watch_login AXES: blocking by IP only.
INFO plinth.module_loader Module load order - ['apache', 'api', 'names', 'avahi', 'storage', 'backups', 'bind', 'cockpit', 'firewall', 'config', 'datetime', 'deluge', 'diagnostics', 'dynamicdns', 'ejabberd', 'first_boot', 'help', 'ikiwiki', 'infinoted', 'jsxc', 'letsencrypt', 'matrixsynapse', 'mediawiki', 'minetest', 'mldonkey', 'monkeysphere', 'mumble', 'networks', 'openvpn', 'pagekite', 'power', 'privoxy', 'quassel', 'radicale', 'roundcube', 'searx', 'security', 'shadowsocks', 'snapshot', 'ssh', 'sso', 'syncthing', 'tahoe', 'tor', 'transmission', 'ttrss', 'upgrades', 'users', 'i2p', 'gitweb', 'samba', 'minidlna', 'wireguard', 'sharing', 'coturn', 'performance']
INFO plinth.modules.names Added domain box.local of type domain-type-local with services __all__
INFO plinth.modules.names Added domain box.example.org of type domain-type-static with services __all__
INFO plinth.actions # dynamicdns status
INFO plinth.actions $ ikiwiki get-sites
INFO plinth.modules.letsencrypt Checking if any Let's Encrypt certificates got renewed.
INFO plinth.actions # letsencrypt get-status
Traceback (most recent call last):
File "/usr/bin/plinth", line 6, in <module>
plinth.__main__.main()
File "/usr/lib/python3/dist-packages/plinth/__main__.py", line 152, in main
frontpage.add_custom_shortcuts()
File "/usr/lib/python3/dist-packages/plinth/frontpage.py", line 131, in add_custom_shortcuts
custom_shortcuts = get_custom_shortcuts()
File "/usr/lib/python3/dist-packages/plinth/frontpage.py", line 175, in get_custom_shortcuts
for file_path in get_custom_shortcuts_paths():
File "/usr/lib/python3/dist-packages/plinth/frontpage.py", line 169, in get_custom_shortcuts_paths
return cfg.expand_to_dot_d_paths(file_paths)
File "/usr/lib/python3/dist-packages/plinth/cfg.py", line 60, in expand_to_dot_d_paths
for dot_d_file in sorted(path_d.glob('*' + path.suffix)):
File "/usr/lib/python3.7/pathlib.py", line 1102, in glob
for p in selector.select_from(self):
File "/usr/lib/python3.7/pathlib.py", line 483, in select_from
if not is_dir(parent_path):
File "/usr/lib/python3.7/pathlib.py", line 1351, in is_dir
return S_ISDIR(self.stat().st_mode)
File "/usr/lib/python3.7/pathlib.py", line 1161, in stat
return self._accessor.stat(self)
PermissionError: [Errno 13] Permission denied: '/var/lib/freedombox/custom-shortcuts.json.d'
Root cause
Following along I see the corresponding piece of code in /usr/lib/python3/dist-packages/plinth/frontpage.py
hardcoding, among other paths /var/lib/freedombox/custom-shortcuts.json.d
. This directory does not exist on my machine, the parent folder belongs to root and has 600 permissions (hence not accessible to other users such as plinth).
I am running an original Olimex FreedomBox[1], and it’s been working fine without hassle so far. I am surprised at this breaking change, since I am running a vanilla version with just a few services and no manual custimizations.
Solution
I’ve fixed the issue by allowing non-root users to ‘execute’ the directory:
chmod a+x /var/lib/freedombox
Afterwards I was able to successfully start the service again using systemctl start plinth
.
Remaining Question
- Should
/var/lib/freedombox
be ‘a+x’? - If so, should the freedom box installer / post-install script set the permissions accordingly?
Thanks for listening, I hope this transcript may help others.
Cheers,
Axel
–
[0] FreedomBox 20.12 released
[1] Pioneer-FreedomBox-HSK - Open Source Hardware Board