infrastructure March 2009

infrastructure@lists.fedoraproject.org

58 participants
86 discussions

[Change Request] Fix duplicate definition of Selinux_bool[rsync_export_all_ro].
by Ricky Zhou 13 Mar '09

13 Mar '09

--- manifests/servergroups/cvs.pp | 4 ---- 1 files changed, 0 insertions(+), 4 deletions(-) diff --git a/manifests/servergroups/cvs.pp b/manifests/servergroups/cvs.pp index 8dc4038..bc8d770 100644 --- a/manifests/servergroups/cvs.pp +++ b/manifests/servergroups/cvs.pp @@ -24,10 +24,6 @@ class cvs { hasstatus => true, } - selinux_bool { 'rsync_export_all_ro': - bool => 'on' - } - semanage_fcontext { '/srv/scm/cvs(/.*)?': type => 'cvs_data_t' } -- 1.5.5.6

2 2

[Change Request]
by Ricky Zhou 13 Mar '09

13 Mar '09

Apparently, the current upload.cgi isn't checking group permissions properly. Here's a patch to simplify auth checking (and clean formatting up).

3 3

[Change Request] - transifex-0.5-0.6.rc1.hgc3439806202e
by Mike McGrath 13 Mar '09

13 Mar '09

I'd like to update app1 to transifex-0.5-0.6.rc1.hgc3439806202e 2+1's ? -Mike

4 3

Re: tiket #72
by Dmitry Kolesov 13 Mar '09

13 Mar '09

Hello. It is channges for the dispatcher.py. I added the function remove_user(). === modified file 'pkgdb/dispatcher.py' --- pkgdb/dispatcher.py 2009-02-27 15:58:55 +0000 +++ pkgdb/dispatcher.py 2009-03-13 01:20:10 +0000 @@ -1397,3 +1397,95 @@ identity.current.user, [clone_branch]) return dict(pkglisting=clone_branch) + + @expose(allow_json=True) + # Check that the requestor is in a group that could potentially set ACLs. + @identity.require(identity.not_anonymous()) + def remove_user(self, pkg_name, username, collectn_list=None): + '''Remove users from a package. + :arg pkg_name: Name of the package + :arg username: Name of user to remove from the package + :arg collectn_list: list of collections like 'F-10', 'devel' + ''' + person = fas.person_by_username(username) + if not person: + return dict(status=False, + message='Specified user name %s does not have a' \ + ' Fedora Account' % username) + try: + # pylint: disable-msg=E1101 + pkg = Package.query.filter_by(name=pkg_name).one() + except InvalidRequestError: + return dict(status=False, message='Package %s does not exist' % pkg_name) + + # Check that the current user is allowed to change acl statuses + approved = self._user_can_set_acls(identity, pkg) + if not ident.in_group('cvsadmin'): + return dict(status=False, message= + '%s is not allowed to remove user from the package' % + identity.current.user_name) + + log_msgs = [] + + if collectn_list: + for simple_name in collectn_list: + try: + collectn = Collection.by_simple_name(simple_name) + except InvalidRequestError: + return dict(status=False, message='Collection %s does not exist' % simple_name) + + pkg_listing = PackageListing.query.filter_by(packageid=pkg.id, + collectionid=collectn.id).one() + + acls = PersonPackageListingAcl.query.filter(and_( + PersonPackageListingAcl.c.personpackagelistingid + == PersonPackageListing.c.id, + PersonPackageListing.c.packagelistingid == pkg_listing.id, + PersonPackageListing.c.username == person['username'])).all() + + for acl in acls: + person_acl = self._create_or_modify_acl(pkg_listing, person['id'], acl, self.obsoleteStatus) + + log_msg = u'%s has set the %s acl on %s (%s %s) to Obsolete for %s' % ( + identity.current.user_name, acl, pkg.name, + pkg_listing.collection.name, pkg_listing.collection.version, + person['username']) + log = PersonPackageListingAclLog(identity.current.user.id, + self.obsoleteStatus.statuscodeid, log_msg) + log.acl = person_acl # pylint: disable-msg=W0201 + log_msgs.append(log_msg) + + else: + for pkg_listing in pkg.listings: + acls = PersonPackageListingAcl.query.filter(and_( + PersonPackageListingAcl.c.personpackagelistingid + == PersonPackageListing.c.id, + PersonPackageListing.c.packagelistingid == pkg_listing.id, + PersonPackageListing.c.username == person['username'])).all() + + for acl in acls: + person_acl = self._create_or_modify_acl(pkg_listing, person['id'], acl, self.obsoleteStatus) + + log_msg = u'%s has set the %s acl on %s (%s %s) to Obsolete for %s' % ( + identity.current.user_name, acl, pkg.name, + pkg_listing.collection.name, pkg_listing.collection.version, + person['username']) + log = PersonPackageListingAclLog(identity.current.user.id, + self.obsoleteStatus.statuscodeid, log_msg) + log.acl = person_acl # pylint: disable-msg=W0201 + log_msgs.append(log_msg) + + try: + session.flush() + except SQLError, e: + # An error was generated + return dict(status=False, + message='Not able to change acl %s on %s with status %s' \ + % (acl, pkgid, self.obsoleteStatus.statusname)) + + # Send a log to people interested in this package as well + self._send_log_msg('\n'.join(log_msgs), '%s had acl change status' % ( + pkg.name), identity.current.user, pkg.listings, + other_email=(person['email'],)) + + return dict(status=True)

2 1

Change request -- Django Provider update 2
by Toshio Kuratomi 12 Mar '09

12 Mar '09

Okay, the last auth update fixed redirects but broke logging into django apps. I'd like to install a new python-fedora with a one-line change for that. === modified file 'fedora/django/auth/middleware.py' --- fedora/django/auth/middleware.py 2009-03-12 14:02:58 +0000 +++ fedora/django/auth/middleware.py 2009-03-12 22:34:37 +0000 @@ -39,7 +39,7 @@ logout(request) def process_response(self, request, response): - if type(response) == HttpResponse: + if response.status_code != 301: if isinstance(request.user, AnonymousUser): # response.set_cookie(key='tg-visit', value='', max_age=0) if 'tg-visit' in request.session: -Toshio

3 2

Unclaimed F11 Beta Tickets
by Mike McGrath 12 Mar '09

12 Mar '09

Hey all, just a heads up. Some of these tickets are still unclaimed (I just created them today). Some of these (like the MM redirects) can only be done by people who have access to them. But others, like the website, could be done by anyone who can email a patch our way. Though ricky usually does it :) https://fedorahosted.org/fedora-infrastructure/report/9 -Mike

1 0

Meeting Log - 2009-03-12
by Ricky Zhou 12 Mar '09

12 Mar '09

20:00 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Who's here? 20:00 * ricky 20:00 * collier_s is here 20:01 * ivazquez|laptop is around 20:01 -!- MostafaDaneshvar [n=MostafaD@unaffiliated/mostafadaneshvar] has joined #fedora-meeting 20:01 * SmootherFrOgZ here 20:02 < mmcgrath> Ok, so lets get started 20:03 -!- Sonar_Gal [n=Andrea@fedora/SonarGal] has quit Connection timed out 20:03 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Tickets 20:03 * skvidal is 20:03 < mmcgrath> Looks like there actually aren't any tickets. 20:04 < mmcgrath> So next topic 20:04 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Fedora Cloud 20:04 < mmcgrath> So it looks like our Fedora cloud might finally be delivered. 20:04 < SmootherFrOgZ> \o/ 20:04 < mmcgrath> From what I understand the last of the network stuff should be ready by tomorrow night. 20:05 < mmcgrath> SmootherFrOgZ: you still interested.. even though it's been 2 months?!?! :) 20:05 < SmootherFrOgZ> mmcgrath: hahaha, are you kidding me ? 20:06 < ricky> What work is there to be done once it's delivered? 20:06 < mmcgrath> :) 20:06 < SmootherFrOgZ> i've a lot of work to commit ;) 20:06 < mmcgrath> ricky: my understanding is we've been waiting for months to get a switch and router configured. 20:06 < ricky> Haha 20:06 < mmcgrath> anywho. 20:06 < mmcgrath> It's coming! 20:06 < mmcgrath> so that's good. 20:06 < mmcgrath> And it's something we can work on while we're frozen so that's nice too. 20:06 -!- basilgohar [n=basilgoh(a)60.48.61.220] has quit Read error: 54 (Connection reset by peer) 20:06 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Password Resets. 20:06 < collier_s> i'd like to help out in anyway / shape / form 20:07 < mmcgrath> collier_s: sure thing, I'm sure there will be a bunch of stuff to do. 20:07 < mmcgrath> So the password resets went remarkably well for most people. There's a pretty vocal minority though. 20:07 < mmcgrath> Some good ideas came out of it. 20:07 -!- tibbs [n=tibbs@fedora/tibbs] has quit "Konversation terminated!" 20:08 < ricky> So exactly what changes are we looking at for next time? 20:08 < mmcgrath> ricky: the 3 things mentioned in my email. 20:08 < mmcgrath> recovery of home dir, more explicit email, and aliases to stick around longer. 20:08 < ricky> Sorry, I've been looking at several different threads on this topic 20:09 < ricky> Aha 20:09 < mmcgrath> And since people bitched and moaned enough we will probably go off of "last seen" and start updating that. 20:09 < mmcgrath> It accomplishes a similar goal. It'll make things easier on the package contributors if we can get it updated in pkgdb and bodhi. 20:10 * ricky will look at getting fasClient and the expiry script modified for those things 20:10 < mmcgrath> and since they seem to be the ones who had the biggest problem figuring out who this whole process worked, if we can avoid inconveniencing them in the future we might as well. 20:10 < mmcgrath> s/who/how/ 20:10 -!- basilgohar [n=basilgoh(a)220.61.48.60.trm01-home.tm.net.my] has joined #fedora-meeting 20:11 < mmcgrath> ricky: how much time will you have to devote to that over the next month or so? 20:11 < mmcgrath> I'd like to enable a regular daily check as soon as we can. 20:11 < mmcgrath> abadger1999 is familiar with some of the issues and suggestions as well but I didn't want to volunteer him to fix them. 20:11 < ricky> I wish I could give a definitely number :-( I should be able to get the big requirements done this week, while it's spring break 20:11 < ricky> **definite 20:12 < mmcgrath> ricky: k, well keep me in the loop. If things fall apart I can spend some more time getting it up and going. 20:12 < mmcgrath> Anyone have anything else on that? 20:13 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- compose-x86 20:13 < mmcgrath> Boy was that box borked. 20:13 < mmcgrath> it's mostly fixed now. 20:13 < mmcgrath> as a result we're also going to do bios updates to our other x86 blades and the ppc blades just for fun. 20:13 < mmcgrath> compose-x86 runs rawhide so we had all sorts of fun getting it all back up. 20:13 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Transifex 20:14 * mmcgrath summons glezos 20:14 < mmcgrath> ivazquez|laptop: how's transifex going? 20:14 < ivazquez|laptop> Well. 20:14 < mmcgrath> My understanding is we couldn't commit last night because the transif user didn't have access. 20:14 < mmcgrath> other then that and the final migration to a $REAL_DB, things are working? 20:15 < ivazquez|laptop> A fix for PG 8.2+ has been applied. 20:15 < ivazquez|laptop> MySQL we all know about. 20:15 < mmcgrath> ivazquez|laptop: that was a transifex fix, not a django fix right? 20:15 < ivazquez|laptop> Correct. 20:15 -!- Zool^ [n=kaland(a)19.81-166-29.customer.lyse.net] has quit Read error: 110 (Connection timed out) 20:15 < mmcgrath> k 20:15 < mmcgrath> do you know when this is going to start getting used to do actual translations? 20:16 < mmcgrath> or has the translations team started already? 20:16 < ivazquez|laptop> I haven't been watching that side; glezos would better answer that. 20:16 < mmcgrath> k 20:16 -!- Sonar_Gal [n=Andrea@fedora/SonarGal] has joined #fedora-meeting 20:16 < mmcgrath> ivazquez|laptop: do you think we should sqlite -> postgres sooner or later? 20:17 < ivazquez|laptop> Yes. I can respin a new SRPM today. 20:17 < mmcgrath> k, sounds good. I'll make sure to have free time this afternoon to convert and test. 20:17 < ivazquez|laptop> Then it's a matter of altering a single column for the fix. 20:17 < mmcgrath> I still need to get all of this stuff into puppet. 20:18 < mmcgrath> k 20:18 < mmcgrath> ivazquez|laptop: anything else on that? 20:18 < ivazquez|laptop> Sounds about it. 20:19 < mmcgrath> k 20:19 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Beta Release 20:19 < mmcgrath> The beta release is coming up, I've still got some tickets to create and hand out. 20:19 < mmcgrath> And a mirror to verify we have enough space for. 20:20 < mmcgrath> any questions about the freeze right now? 20:20 < ggruener> what is the date of the beta release? 20:21 -!- rwmjones_ [n=rwmjones(a)87.127.66.208] has quit "Closed connection" 20:21 < mmcgrath> ggruener: looks like March 24th. 20:21 < mmcgrath> usually around 10:00 am Eastern time 20:21 < ggruener> ok 20:21 < mmcgrath> Ok, so that's all I had for the meeting 20:21 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Open Floor 20:21 < mmcgrath> anyone have anything they'd like to discuss? 20:23 < mmcgrath> Then I'd just like to thank abadger1999 ivazquez|laptop G_work Rasther and glezos for their work on helping us get the new transifex deployed. 20:23 -!- rdieter is now known as rdieter_away 20:23 < mmcgrath> all in all it's gone fairly well, lots of bumps but nothing horrible. It certainly could have been much much worse. 20:23 -!- lcafiero [n=larry(a)dsl-63-249-115-153.cruzio.com] has quit Remote closed the connection 20:24 < mmcgrath> so 3 cheers. 20:24 < mmcgrath> Ok, if no one has anything I'll close the meeting in 30 20:24 < ricky> Thanks a lot! 20:24 < f13> I got nuthin 20:24 < mmcgrath> 15 20:24 < mmcgrath> 5 20:24 -!- mmcgrath changed the topic of #fedora-meeting to: Infrastructure -- Meeting End

1 0

Meeting Today
by Mike McGrath 12 Mar '09

12 Mar '09

Just a reminder that the our meetings are at 20:00 UTC. (you can run date -u to see what utc time it is). But this means for most of us in the states, the meetings are now an hour later, starting at 4:00 pm Eastern (3:00 pm Chicago Cubs time) -Mike

3 2

[Change Request] Adding files to ssh-known-hsts
by Mike McGrath 12 Mar '09

12 Mar '09

Trying again, hopefully with less fail. -Mike

3 3

Change Request
by Mike McGrath 12 Mar '09

12 Mar '09

Can I get 2 +1's?

4 5

← Newer
1
2
3
4
5
6
7
8
9
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

infrastructure March 2009