Hi,
This is the next step of preparing pagure.io for repoSpanner: switch the entry command to aclchecker, which is a small script that calls either repoBridge for repos on repoSpanner (none at this moment) or gitolite for all others. This adds some configuration for repobridge, but that won't be used yet. This can be reverted by switching the SSH config back to no longer calling keyhelper.
Patrick
commit 6d313b60b05b022c1ae04dc81f9956cff33fb5b5 (HEAD -> master) Author: Patrick Uiterwijk patrick@puiterwijk.org Date: Thu Oct 11 20:19:11 2018 +0200
Switch Pagure.io over to aclchecker
This will make it possible to migrate repositories to repoSpanner.
Signed-off-by: Patrick Uiterwijk patrick@puiterwijk.org
diff --git a/roles/pagure/frontend/templates/pagure.cfg b/roles/pagure/frontend/templates/pagure.cfg index 4fddd17e7..54e28930b 100644 --- a/roles/pagure/frontend/templates/pagure.cfg +++ b/roles/pagure/frontend/templates/pagure.cfg @@ -313,4 +313,21 @@ THEME = 'pagureio' MIRROR_SSHKEYS_FOLDER='/srv/mirror/ssh'
SSH_KEYS_USERNAME_EXPECT = "git" -SSH_KEYS_OPTIONS = 'command="/usr/share/gitolite3/gitolite-shell %(username)s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty' +SSH_KEYS_OPTIONS = 'restrict,command="/usr/libexec/pagure/aclchecker.py %(username)s"' + +SSH_COMMAND_REPOSPANNER = ([ + "/usr/libexec/repobridge", + "--extra", "username", "%(username)s", + "--extra", "repotype", "%(repotype)s", + "--extra", "project_name", "%(project_name)s", + "--extra", "project_user", "%(project_user)s", + "--extra", "project_namespace", "%(project_namespace)s", + "%(cmd)s", + "'pagure/%(repotype)s/%(reponame)s'", +], {"REPOBRIDGE_CONFIG": "/etc/repobridge/rpms.json"}) +SSH_COMMAND_NON_REPOSPANNER = ([ + "/usr/share/gitolite3/gitolite-shell", + "%(username)s", + "%(cmd)s", + "%(reponame)s", +], {})
(Actually, until a future PR where I apply the correct sshd_Config to pagure01, it won't even change anything on prod for now other than the existance of these config options.)
+1
-re
On 10/11/2018 02:22 PM, Patrick マルタインアンドレアス Uiterwijk wrote:
Hi,
This is the next step of preparing pagure.io for repoSpanner: switch the entry command to aclchecker, which is a small script that calls either repoBridge for repos on repoSpanner (none at this moment) or gitolite for all others. This adds some configuration for repobridge, but that won't be used yet. This can be reverted by switching the SSH config back to no longer calling keyhelper.
Patrick
commit 6d313b60b05b022c1ae04dc81f9956cff33fb5b5 (HEAD -> master) Author: Patrick Uiterwijk patrick@puiterwijk.org Date: Thu Oct 11 20:19:11 2018 +0200
Switch Pagure.io over to aclchecker This will make it possible to migrate repositories to repoSpanner. Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
diff --git a/roles/pagure/frontend/templates/pagure.cfg b/roles/pagure/frontend/templates/pagure.cfg index 4fddd17e7..54e28930b 100644 --- a/roles/pagure/frontend/templates/pagure.cfg +++ b/roles/pagure/frontend/templates/pagure.cfg @@ -313,4 +313,21 @@ THEME = 'pagureio' MIRROR_SSHKEYS_FOLDER='/srv/mirror/ssh'
SSH_KEYS_USERNAME_EXPECT = "git" -SSH_KEYS_OPTIONS = 'command="/usr/share/gitolite3/gitolite-shell %(username)s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty' +SSH_KEYS_OPTIONS = 'restrict,command="/usr/libexec/pagure/aclchecker.py %(username)s"'
+SSH_COMMAND_REPOSPANNER = ([
- "/usr/libexec/repobridge",
- "--extra", "username", "%(username)s",
- "--extra", "repotype", "%(repotype)s",
- "--extra", "project_name", "%(project_name)s",
- "--extra", "project_user", "%(project_user)s",
- "--extra", "project_namespace", "%(project_namespace)s",
- "%(cmd)s",
- "'pagure/%(repotype)s/%(reponame)s'",
+], {"REPOBRIDGE_CONFIG": "/etc/repobridge/rpms.json"}) +SSH_COMMAND_NON_REPOSPANNER = ([
- "/usr/share/gitolite3/gitolite-shell",
- "%(username)s",
- "%(cmd)s",
- "%(reponame)s",
+], {}) _______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
infrastructure@lists.fedoraproject.org