Hi, (sorry for the delay, I had troubles coping with everything over the past few weeks).
I have no problem with turning sftp off. I'm glad you're working to get an official way to disable user-controlled plugins in bzr, server-side. What you also need to do is: - coordinate with other bzr users - move the bzr service to the 'vcs-noshell' VM (instead of the current 'sftp' VM) - so you don't disable SFTP access to the download area. I gave you root access to 'colonialone.fsf.org' (the rsa key only). Check: http://savannah.gnu.org/maintenance/SavannahArchitecture to access other areas of Savannah. The rule is: what you break, you fix. If you agree with the rule, you can proceed with the changes :) -- Sylvain On Mon, Mar 22, 2010 at 05:57:09PM -0400, Karl Fogel wrote: > Ping. Any reaction from Savannah admins to the proposal below? > > Karl Fogel <[email protected]> writes: > >Okay, so how about we: > > > > 1) Turn off sftp access. > > 2) Apply the diff at the end of this mail :-). > > 3) Update the developer instructions accordingly. > > > >>Configuration files are not under a VCS, but a good deal of > >>information can be found in the bzr repository for project > >>'administration'. > > > >Thanks. (After we agree on the course of action, I'll have some changes > >to submit to administration/bzr.txt too.) > > > >Regarding commit emails: let's just continue using bzr-hookless-email > >for now. It works, and right now the problem we're trying to solve is > >bzr+ssh:// access. We can tackle other Bazaar issues afterwards. > > > >Below is the diff; please review. If you like it, my next step will be > >to come up with the developer instructions so those currently using > >sftp:// can switch over. (Naturally, we'll warn them first and set a > >flag date.) > > > >[[[ > >Restore Bazaar bzr+ssh:// access, but this time without plugins. > > > >* /usr/local/bin/sv_membersh: Suppress logging in the modern way. > > Add the '--no-plugins' option to the bzr serve command. > > > >* /etc/membersh-conf.pl: Set use_bzr to 1. > >]]] > > > >--- /usr/local/bin/sv_membersh 2010-03-17 15:38:57.000000000 -0400 > >+++ /usr/local/bin/sv_membersh 2010-03-17 16:00:02.000000000 -0400 > >@@ -151,12 +151,11 @@ > > > > } elsif ($use_bzr and $ARGV[1] =~ m:$regexp_bzr:) { > > > >- # bzr wants to write a ~/.bzr.log > >- # Tip: mkdir -m 755 /var/lib/bzr > >- # ln -s /dev/null /var/lib/bzr/.bzr.log > >- $ENV{'HOME'} = '/var/lib/bzr'; > >+ # bzr wants to write a ~/.bzr.log. Suppress that (see > >+ # https://bugs.edge.launchpad.net/bzr/+bug/106117 for more). > >+ $ENV{'BZR_LOG'} = '/dev/null'; > > # authorize 'bzr serve' in SSH tunnel mode > >- exec($bin_bzr, 'serve', '--inet', '--directory='.$dir_bzr, > >'--allow-writes') > >+ exec($bin_bzr, '--no-plugins', 'serve', '--inet', > >'--directory='.$dir_bzr, '--allow-writes') > > or die("Failed to exec '$bin_bzr serve --inet --directory=$dir_bzr > > --allow-writes': $!"); > > > > } elsif ($use_hg and $ARGV[1] =~ m:$regexp_hg:) { > > > > > >--- /etc/membersh-conf.pl 2010-03-17 14:31:11.000000000 -0400 > >+++ /etc/membersh-conf.pl 2010-03-17 15:31:55.000000000 -0400 > >@@ -17,4 +17,4 @@ > > # SFTP-accessible area (== local access) when said commit hook support > > # is eventually ready in bzr > > > >-#$use_bzr = '1'; > >+$use_bzr = '1';
