FreedomBox backport automatic update issue

When run on Debian stable, FreedomBox has an optional feature called “Frequent Feature Updates”. If this feature is enabled, it has 2 effects:

  1. The stable-backports repository is added to the system.
  2. Apt pinning is configured so that FreedomBox itself, and a small number of other carefully selected packages, will be kept updated to the latest version available in the backports repository.

However for bookworm-backports, there was a small change in the repository for bookworm-backports, which meant that our approach to apt pinning was no longer correct. The change is a difference between the repository’s “Suite” and “Codename”. For bullseye-backports, these were the same, but for bookworm-backports, they are now different (stable-backports vs bookworm-backports). The issue is described in [1].

The result is that a FreedomBox on the current Debian stable release, bookworm, will not automatically upgrade to new versions in bookworm-backports, even if the “Frequent Feature Updates” option is selected. The fix for a issue is a very small change to two configuration files (for apt and unattended-upgrades), so that they refer to the Codename instead of the Suite. (See [2] for details.)

So far, the fixed version of the freedombox package, 23.14~bpo12+1, is available in bookworm-backports. For FreedomBox users who would like to get the newer versions right away, you can get the latest package installed by running the following command through SSH or Cockpit’s terminal:

$ sudo apt install -t bookworm-backports freedombox

We are also planning to update the version of FreedomBox in bookworm to have the fix. Once this update is available, then running the above command won’t be necessary to receive FreedomBox feature updates.



Debian FreedomBox

File sharing with bepasty

One of the apps running on my FreedomBox that I use frequently is bepasty. bepasty is essentially a self-hosted, free software pastebin. It allows you to paste text, or upload any type of file. You can also set an expiration date for when the file or text will automatically be deleted. If you are uploading multiple related files, you can organize them into a list.

bepasty does not have user accounts. Instead, it has shared passwords, where each password is linked to a set of permissions. There are five permissions: Read, List, Create, Delete, and Admin. (The meanings are mostly straightforward, except for Admin, which means the ability to lock and unlock files.) This allows very fine-grained control. For example, if you want someone to be able to upload files to your bepasty, but not view or download anything, than you can generate a password with only the “Create” permission, and give this password to the person who will be uploading files.

To simplify the initial setup in FreedomBox, we generate three passwords by default: one for viewers (List and Read), one for editors (List, Read, Create, and Delete), and one for admins (all permissions). In addition, when no password has been provided, the Read (but not List) permission is provided by default. This allows files to be easily shared by sending just their URLs (and no password required). The URLs contain some random characters, so it is not easy to guess.

I mostly use bepasty for moving files between systems, whether its a physical machine or VPS, or a VM or container that I will use only briefly. Especially in the latter case, it’s nice that I don’t need to do any extra setup (such as copying SSH keys) before I copy my files over.

The bepasty package is available in Debian stable (with a newer version in stable-backports and testing). The many use-cases that it provides, and the well-maintained Debian packaging, made it a compelling choice for integration into FreedomBox, which has included bepasty for one-click installation since version 20.14.

Debian FreedomBox

FreedomBox Packages in Debian

FreedomBox is a Debian pure blend that reduces the effort needed to run and maintain a small personal server. Being a “pure blend” means that all of the software packages which are used in FreedomBox are included in Debian. Most of these packages are not specific to FreedomBox: they are common things such as Apache web server, firewalld, slapd (LDAP server), etc. But there are a few packages which are specific to FreedomBox: they are named freedombox, freedombox-doc-en, freedombox-doc-es, freedom-maker, fbx-all and fbx-tasks.

freedombox is the core package. You could say, if freedombox is installed, then your system is a FreedomBox (or a derivative). It has dependencies on all of the packages that are needed to get a FreedomBox up and running, such as the previously mentioned Apache, firewalld, and slapd. It also provides a web interface for the initial setup, configuration, and installing apps. (The web interface service is called “Plinth” and is written in Python using Django framework.) The source package of freedombox also builds freedombox-doc-en and freedombox-doc-es. These packages install the FreedomBox manuals for English and Spanish, respectively.

freedom-maker is a tool that is used to build FreedomBox disk images. An image can be copied to a storage device such as a Solid State Disk (SSD), eMMC (internal flash memory chip), or a microSD card. Each image is meant for a particular hardware device (or target device), or a set of devices. In some cases, one image can be used across a wide range of devices. For example, the amd64 image is for all 64-bit x86 architecture machines (including virtual machines). The arm64 image is for all 64-bit ARM machines that support booting a generic image using UEFI.

fbx-all and fbx-tasks are special metapackages, both built from a single source package named debian-fbx. They are related to tasksel, a program that displays a curated list of packages that can be installed, organized by interest area. Debian blends typically provide task files to list their relevant applications in tasksel. fbx-tasks only installs the tasks for FreedomBox (without actually installing FreedomBox). fbx-all goes one step further and also installs freedombox itself. In general, FreedomBox users won’t need to interact with these two packages.