user-docs issueshttps://gitlab.nic.cz/turris/user-docs/-/issues2020-11-14T01:07:11+01:00https://gitlab.nic.cz/turris/user-docs/-/issues/98Review factory image for Shield2020-11-14T01:07:11+01:00Vojtech MyslivecReview factory image for ShieldShield is distributed with %"Turris OS 5.1.2", yet we announce it was %"Turris OS 5.1.0"
From currently published [docs](https://docs.turris.cz/basics/tos_versions/):
![Screenshot_from_2020-11-14_01-04-42](/uploads/ad92c58c267310e8a99...Shield is distributed with %"Turris OS 5.1.2", yet we announce it was %"Turris OS 5.1.0"
From currently published [docs](https://docs.turris.cz/basics/tos_versions/):
![Screenshot_from_2020-11-14_01-04-42](/uploads/ad92c58c267310e8a99286446a60429a/Screenshot_from_2020-11-14_01-04-42.png)
From fresh new unpacked Shield:
![Screenshot_from_2020-11-14_01-06-12](/uploads/109e977befbf54ca60a85379aad88653/Screenshot_from_2020-11-14_01-06-12.png)
It would be nice to include this info in the docsMichal HruseckyMichal Hruseckyhttps://gitlab.nic.cz/turris/user-docs/-/issues/97Add software erratum2021-06-22T12:24:51+02:00Karel KociAdd software erratumWe should create article with long-standing software issues we know about we can't do anything about.
Feel free to add any known ones in here for now.
* DDNS scripts might delay update until we kill process
turris-os-packages#265We should create article with long-standing software issues we know about we can't do anything about.
Feel free to add any known ones in here for now.
* DDNS scripts might delay update until we kill process
turris-os-packages#265https://gitlab.nic.cz/turris/user-docs/-/issues/96Erratum for Turris Shield2021-04-12T10:19:51+02:00Karel KociErratum for Turris ShieldThis should mention at minimum:
* LAN4 port issue
* IP assignment issue (that LAN IP address is removed if connected to 192.168.1.1/24 network on WAN side)This should mention at minimum:
* LAN4 port issue
* IP assignment issue (that LAN IP address is removed if connected to 192.168.1.1/24 network on WAN side)Michal HruseckyMichal Hruseckyhttps://gitlab.nic.cz/turris/user-docs/-/issues/94Link checker can't find remote links on openwrt.org2021-10-19T14:58:39+02:00Lukas JelinekLink checker can't find remote links on openwrt.orgThe link checker (`test-links.sh`) can't find remote links on `openwrt.org` and reports them as errors. It leads to warnings in GitLab CI pipelines.
## Steps to reproduce
1. Run `test-links.sh --remote`.
2. Check its output.
## Expecte...The link checker (`test-links.sh`) can't find remote links on `openwrt.org` and reports them as errors. It leads to warnings in GitLab CI pipelines.
## Steps to reproduce
1. Run `test-links.sh --remote`.
2. Check its output.
## Expected results
All available remote links should be reported as `200 OK`.
## Actual results
Remote links on `openwrt.org` are reported as unavailable ("Vzdálený soubor neexistuje – slepý odkaz!!!"). The server returns `429 Too Many Requests`.Lukas JelinekLukas Jelinekhttps://gitlab.nic.cz/turris/user-docs/-/issues/93Distinguish the software version in documentation2020-11-09T14:34:33+01:00Jan PavlinecDistinguish the software version in documentation
Why this could be helpful.
In the case of device certification, we would like to link to the user documentation for info confirmation, etc. The reviewed version of SW could include different feature sets (there could be new features no...
Why this could be helpful.
In the case of device certification, we would like to link to the user documentation for info confirmation, etc. The reviewed version of SW could include different feature sets (there could be new features not presented in the older version, some features could be removed from the new version, etc.).
Possible solutions:
* Archive older documentary with SW version ( example https://knot-resolver.readthedocs.io/en/v5.1.3/)
* Highlight - new/obsolete features in SW documentation **(this is preferred method)**
Related to https://gitlab.nic.cz/turris/biz/singapore-certification/-/issues/1https://gitlab.nic.cz/turris/user-docs/-/issues/92OpenVPN client2021-02-16T11:56:00+01:00Vojtech MyslivecOpenVPN clientThere seems to be no OpenVPN client documentation. Required config file format, routing conditions and so...There seems to be no OpenVPN client documentation. Required config file format, routing conditions and so...Lukas JelinekLukas Jelinekhttps://gitlab.nic.cz/turris/user-docs/-/issues/91Add competency level and board support to all articles2021-05-18T15:58:48+02:00Karel KociAdd competency level and board support to all articlesLabels for articles were added in: turris/user-docs!138
We should use that and introduce them to all articles.Labels for articles were added in: turris/user-docs!138
We should use that and introduce them to all articles.https://gitlab.nic.cz/turris/user-docs/-/issues/90Document how to configure router by using USB configuration file2021-04-14T20:41:57+02:00Karel KociDocument how to configure router by using USB configuration fileIn turris/turris-os-packages!560 we added a way to easily configure router without using ethernet cable. It covers minimal initial steps to get "secure" access to router over WiFi. This should be documented as well in this documentation.In turris/turris-os-packages!560 we added a way to easily configure router without using ethernet cable. It covers minimal initial steps to get "secure" access to router over WiFi. This should be documented as well in this documentation.Turris OS 5.2.0https://gitlab.nic.cz/turris/user-docs/-/issues/88Add support period for Turris devices2020-10-27T17:31:03+01:00Jan PavlinecAdd support period for Turris devices
This could be part of Turris OS version table from https://docs.turris.cz/basics/tos_versions/
This should help meet the following mandatory requirements for Tier 1 defined by CSA Singapore's Cybersecurity Labeling Scheme
* 5.3-...
This could be part of Turris OS version table from https://docs.turris.cz/basics/tos_versions/
This should help meet the following mandatory requirements for Tier 1 defined by CSA Singapore's Cybersecurity Labeling Scheme
* 5.3-13:The manufacturer shall publish, in an accessible way that is clear and transparent to the user, the defined support period.
Related to https://gitlab.nic.cz/turris/biz/singapore-certification/-/issues/1https://gitlab.nic.cz/turris/user-docs/-/issues/87Create article about Foris update section2021-05-18T15:58:17+02:00Jan PavlinecCreate article about Foris update sectionThis should describe the following:
* automatic updates
* notification
* delayed updates
This should help meet the following **recommended** requirements for ** Tier 1 ** defined by CSA Singapore's Cybersecurity Labeling Scheme
* 5.3-4...This should describe the following:
* automatic updates
* notification
* delayed updates
This should help meet the following **recommended** requirements for ** Tier 1 ** defined by CSA Singapore's Cybersecurity Labeling Scheme
* 5.3-4: Automatic mechanisms should be used for software updates.
* 5.3-5: The device should check after initialization, and then periodically, whether security updates are available.
* 5.3-6: If the device supports automatic updates and / or update notifications, these should be enabled in the initialized state and configurable so that the user can enable, disable, or postpone the installation of security updates and / or update notifications.
Related to https://gitlab.nic.cz/turris/biz/singapore-certification/-/issues/1Lukas JelinekLukas Jelinekhttps://gitlab.nic.cz/turris/user-docs/-/issues/86Create article about updates2020-11-03T13:04:01+01:00Jan PavlinecCreate article about updates
I'm not sure if this should be a separate page or if it should be in Foris/Updater documentation.
There should be a reference to all supported ways of SW update (updater via cli/foris, medkit via usb/network)
There should be a re...
I'm not sure if this should be a separate page or if it should be in Foris/Updater documentation.
There should be a reference to all supported ways of SW update (updater via cli/foris, medkit via usb/network)
There should be a reference about used encryption in medkit signature and in packages installed by the updater. We should also describe the properties of repo.turris.cz TLS certificate.
There should be a reference to updater documentation which describes its security consideration
(example "Goals to protect against specific attacks" https://github.com/theupdateframework/specification/blob/master/tuf-spec.md#the-update-framework-specification)
This should help meet the following mandatory requirements for Tier 1 defined by CSA Singapore's Cybersecurity Labeling Scheme
* 5.3-2: When the device is not a constrained device, it shall have an update mechanism for the secure installation of updates.
* 5.3-3: An update shall be simple for the user to apply.
* 5.3-7: The device shall use best practice cryptography to facilitate secure update mechanisms.
* 5.3-8: Security updates shall be timely.
* 5.3-10: Where updates are delivered over a network interface, the device shall verify the authenticity and integrity of each update via a trust relationship.
Related to https://gitlab.nic.cz/turris/biz/singapore-certification/-/issues/1https://gitlab.nic.cz/turris/user-docs/-/issues/85Extend rescue mod documentation with medkit signature description2020-10-27T15:02:32+01:00Jan PavlinecExtend rescue mod documentation with medkit signature descriptionDocumentation is describing how to verify sha256 checksum but signature verification is missing.
see https://docs.turris.cz/hw/omnia/rescue_modes/#re-flash-router
We should also describe what the signature algorithm is used.
This shoul...Documentation is describing how to verify sha256 checksum but signature verification is missing.
see https://docs.turris.cz/hw/omnia/rescue_modes/#re-flash-router
We should also describe what the signature algorithm is used.
This should help meet the following mandatory requirements for Tier 1 defined by CSA Singapore's Cybersecurity Labeling Scheme
* 5.3-2:When the device is not a constrained device, it shall have an update mechanism for the secure installation of updates.
Related to https://gitlab.nic.cz/turris/biz/singapore-certification/-/issues/1https://gitlab.nic.cz/turris/user-docs/-/issues/84Create page for vulnerability reporting2021-06-15T10:50:13+02:00Jan PavlinecCreate page for vulnerability reportingThis page should provide contact information and timelines for acknowledgment of receipt and status update timeline.
We can get inspiration from products with certification see https://www.csa.gov.sg/programmes/cybersecurity-labelling/p...This page should provide contact information and timelines for acknowledgment of receipt and status update timeline.
We can get inspiration from products with certification see https://www.csa.gov.sg/programmes/cybersecurity-labelling/product-list
example https://kylaconnect.com/vulnerability-disclosure-policy/
This should help meet the following mandatory requirements for Tier 1 defined by CSA Singapore's Cybersecurity Labeling Scheme
* 5.2-1:The manufacturer shall make a vulnerability disclosure policy publicly available. This policy shall include, at a minimum: contact information for the reporting of issues; and information on timelines for:
1)initial acknowledgment of receipt; and 2)status updates until the resolution of the reported issues.
Related to https://gitlab.nic.cz/turris/biz/singapore-certification/-/issues/1https://gitlab.nic.cz/turris/user-docs/-/issues/83Create article about passwords2021-05-18T15:58:33+02:00Jan PavlinecCreate article about passwords
The main goal of this page should be:
* describe that there is no default password and user sets password in the wizard, also describe the difference between Foris and system password
* describe how are these passwords stored and what e...
The main goal of this page should be:
* describe that there is no default password and user sets password in the wizard, also describe the difference between Foris and system password
* describe how are these passwords stored and what encryption/hash function is used (/etc/shadow and /etc/config/foris auth.password)
* describe how to change the password (system and password for foris)
This should help meet the following mandatory requirements for **Tier 1** defined by **CSA Singapore's Cybersecurity Labeling Scheme**
* 5.1-1:Where passwords are used and in any state other than the factory default, all consumer IoT devicepasswords shall be unique per device or defined by the user.
* 5.1-3:Authentication mechanisms used to authenticate users against a device shall use best practice cryptography, appropriate to the properties of the technology, risk, and usage.
* 5.1-4:Where a user can authenticate against a device, the device shall provide to the user or an administratora simple mechanism to changethe authentication value used.
Related to https://gitlab.nic.cz/turris/biz/singapore-certification/-/issues/1Lukas JelinekLukas Jelinekhttps://gitlab.nic.cz/turris/user-docs/-/issues/81Add heading to every article about applicable routers and level of knowledge2021-09-22T11:38:29+02:00Karel KociAdd heading to every article about applicable routers and level of knowledgeWe can use meta tags for this (https://squidfunk.github.io/mkdocs-material/reference/meta-tags/). We should somehow display it in compact form (probably icons of routers).We can use meta tags for this (https://squidfunk.github.io/mkdocs-material/reference/meta-tags/). We should somehow display it in compact form (probably icons of routers).Aleksandr GumroianAleksandr Gumroianhttps://gitlab.nic.cz/turris/user-docs/-/issues/80Documentation about WiFi coverage and router placement2021-05-18T15:58:41+02:00Karel KociDocumentation about WiFi coverage and router placementWe should write some article about WiFi coverage and how to place router at home to get best coverage (potentially how to expend it with Mox?)
This should also include some suggestion on how to debug/scan coverage such as suggestion of ...We should write some article about WiFi coverage and how to place router at home to get best coverage (potentially how to expend it with Mox?)
This should also include some suggestion on how to debug/scan coverage such as suggestion of wifi analyzer on phone (https://f-droid.org/en/packages/com.vrem.wifianalyzer/).Lukas JelinekLukas Jelinekhttps://gitlab.nic.cz/turris/user-docs/-/issues/79Full-page search2020-10-16T10:01:18+02:00Lukas JelinekFull-page searchOriginally from here (by [fantomas](https://forum.turris.cz/u/fantomas)): https://forum.turris.cz/t/search-on-docs-turris-cz/13962
Is it possible to search on docs.turris.cz via full-page search? Currently I’m only able to get that “Typ...Originally from here (by [fantomas](https://forum.turris.cz/u/fantomas)): https://forum.turris.cz/t/search-on-docs-turris-cz/13962
Is it possible to search on docs.turris.cz via full-page search? Currently I’m only able to get that “Type to start searching” box which opens small window with results. Can I get these results in full page?
This is similar to what [this forum](https://forum.turris.cz) does, but in this forum I can get the full page by clicking “options”.https://gitlab.nic.cz/turris/user-docs/-/issues/78Collect data about visitors behavior2024-03-27T16:39:18+01:00Jan BetikCollect data about visitors behaviorWe do not have any information about the visitors of docs.turris.cz
I would like to use the Piwik/Matomo on the site to have better insight about the behavior of our visitors.We do not have any information about the visitors of docs.turris.cz
I would like to use the Piwik/Matomo on the site to have better insight about the behavior of our visitors.https://gitlab.nic.cz/turris/user-docs/-/issues/77Create article for common post-first-setup steps2023-08-29T11:10:46+02:00Karel KociCreate article for common post-first-setup stepsThis should include:
* [x] Configuration of notifications to email
* [x] Configure automatic restarts
* [x] Think about enabling data collect
There can be more and we should think about including more. The idea is to provide users with ...This should include:
* [x] Configuration of notifications to email
* [x] Configure automatic restarts
* [x] Think about enabling data collect
There can be more and we should think about including more. The idea is to provide users with checklist of things to do with their new device but not stuff they have to investigate more in depth such as LXC or Pakon. I mean to tell them what they probably want to configure immediately after guide.Lukas JelinekLukas Jelinekhttps://gitlab.nic.cz/turris/user-docs/-/issues/76Expand interesting features to try2020-10-14T15:13:42+02:00Karel KociExpand interesting features to tryI even didn't know that we have this page but we have (https://docs.turris.cz/basics/highlights/). We should expand that. It looks rather empty. For example adding logos and potentially link to upstream would make sense in case of Nextcl...I even didn't know that we have this page but we have (https://docs.turris.cz/basics/highlights/). We should expand that. It looks rather empty. For example adding logos and potentially link to upstream would make sense in case of Nextcloud. Also we do not have just three highlights. How about data collect? LXC? Snapshots? Guest network? Storage? Netmetr?