Meeting agenda for 2018-10-11
This shared document is for the next fedora infrastructure meeting. = Preamble = The infrastructure team will be having its weekly meeting tomorrow, 2018-10-04 at 14:00 UTC in #fedora-meeting-1 on the freenode network. We have a gobby document (see: https://fedoraproject.org/wiki/Gobby ) fedora-infrastructure-meeting-next is the document. Please try and review and edit that document before the meeting and we will use it to have our agenda of things to discuss. A copy as of today is included in this email. If you have something to discuss, add the topic to the discussion area with your name. If you would like to teach other folks about some application or setup in our infrastructure, please add that topic and your name to the learn about section. = Introduction = We will use it over the week before the meeting to gather status and info and discussion items and so forth, then use it in the irc meeting to transfer information to the meetbot logs. = Meeting start stuff = #startmeeting Infrastructure (2018-10-11) #meetingname infrastructure #topic aloha #chair nirik pingou puiterwijk relrod smooge tflink threebean cverna = Let new people say hello = #topic New folks introductions #info This is a place where people who are interested in Fedora Infrastructure can introduce themselves = Status / Information / Trivia / Announcements = (We put things here we want others on the team to know, but don't need to discuss) (Please use #info - your name) #topic announcements and information #info tflink is on extended PTO #info smooge is on PTO 2018-10-06->2018-10-09 #info nirik is on PTO 2018-10-24->2018-10-28 #info Final Freeze has started 2018-10-09 = Things we should discuss = We use this section to bring up discussion topics. Things we want to talk about as a group and come up with some consensus /suor decision or just brainstorm a problem or issue. If there are none of these we skip this section. (Use #topic your discussion topic - your username) #topic Oncall #info bowlofeggs is on call from 2018-10-04 -> 2018-10-11 #info smooge is on call from 2018-10-11 -> 2018-10-18 #info relrod is on call from 2018-10-18 -> 2018-10-25 #info smooge is on call from 2018-10-25 -> 2018-11-01 #info ??? is on call from 2018-11-01 -> 2018-11-?? #info Summary of last week: (from bowlofeggs) #topic RFR revamp - kevin #topic Tickets discussion #info https://pagure.io/fedora-infrastructure/report/Meetings%20ticket Go thru each ticket one by one = Apprentice office hours = #topic Apprentice Open office minutes #info A time where apprentices may ask for help or look at problems. Here we will discuss any apprentice questions, try and match up people looking for things to do with things to do, progress, testing anything like that. = Learn about some application or setup in infrastructure = (This section, each week we get 1 person to talk about an application or setup that we have. Just going over what it is, how to contribute, ideas for improvement, etc. Whoever would like to do this, just add the i/nfo in this section. In the event we don't find someone to teach about something, we skip this section and just move on to open floor.) #info = Meeting end stuff = #topic Open Floor #endmeeting signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: fedora-messaging v1.0
On 10/10/18 1:23 PM, Jeremy Cline wrote: > Hey folks, > > Today Aurélien and I tagged the v1.0 release for fedora-messaging. It's > available on PyPI, Rawhide, F29[0], and in the infra staging repos for > F28, F27, and EPEL7. > > The complete changelog and documentation is available on readthedocs[1]. > > The broker and messaging bridges between fedmsg and AMQP are running in > staging, so we're ready for applications to begin porting. If you have > any questions that the documentation doesn't answer, please don't > hesitate to ask me or Aurélien. > Great to see this. Very nice work. > > [0] https://bodhi.fedoraproject.org/updates/fedora-messaging-1.0.1-1.fc29 > [1] https://fedora-messaging.readthedocs.io/ > ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
fedora-messaging v1.0
Hey folks, Today Aurélien and I tagged the v1.0 release for fedora-messaging. It's available on PyPI, Rawhide, F29[0], and in the infra staging repos for F28, F27, and EPEL7. The complete changelog and documentation is available on readthedocs[1]. The broker and messaging bridges between fedmsg and AMQP are running in staging, so we're ready for applications to begin porting. If you have any questions that the documentation doesn't answer, please don't hesitate to ask me or Aurélien. [0] https://bodhi.fedoraproject.org/updates/fedora-messaging-1.0.1-1.fc29 [1] https://fedora-messaging.readthedocs.io/ -- Jeremy Cline XMPP: jer...@jcline.org IRC: jcline ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [Freeze Break Request: ] Upgrade pagure.io to pagure 5.1.2
On Wed, Oct 10, 2018 at 09:32:15AM -0700, Kevin Fenzi wrote: > On 10/10/18 6:35 AM, Pierre-Yves Chibon wrote: > > Good Morning Everyone, > > > > Today people started to indicate some issues with merging, accessing or > > delete > > branches in some projects. All what these persons had in common, they had > > access > > to the project via a group. > > It turns out, in 5.1 the logic to determine if a person is a committer to a > > project has been changed and our test suite seems to be incomplete here as > > people having commit via a group are not considered committers. > > > > I've spent sometime getting this fixed in a way that remains compatible > > with the > > reason it was changed in the first place and added more tests for this. > > > > Seeing that the changelog since the 5.1.1 release isn't large: > > * 7dbcb0e5 Add test checking that group with ticket access aren't committer > > * 8bba7704 Add test to ensure committers in a group with commit access are > > recognized > > * 695f8cad Ensure there is a session in flask.g and patch it correctly > > * 2a1d4db8 Fix detecting if the user is a committer via a group > > * a3c93a3d Also provide PATH and content encoding for clone.py > > * 557a7ab3 Use the manually updated updated_on field rather than > > last_updated > > * 6764e6aa Make the sshkey migration more flexible > > * 6387abb7 Fix underline length in the doc - fixes warning in sphinx > > * 20456fac Add some documentation about MIRROR_SSHKEYS_FOLDER > > * 3e055021 If a value is None, insert empty strings into the arguments > > > > (This is including the commits fixing the issue, PR pending at: > > https://pagure.io/pagure/pull-request/3890) > > > > I am considering just doing a 5.1.2 bug fix release and I would like to > > request > > permission to push this to pagure.io. > > > > Thoughts? > > Does this version have any schema changes? ie, can we go back if we need to? No DB changes, going back would be downgrading the RPM and restarting the services :) > In any case +1, but do make sure it's solid in stg and everything we > need to fix is collected. Will do, thanks :) Pierre signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [Freeze Break Request: ] Upgrade pagure.io to pagure 5.1.2
On 10/10/18 6:35 AM, Pierre-Yves Chibon wrote: > Good Morning Everyone, > > Today people started to indicate some issues with merging, accessing or delete > branches in some projects. All what these persons had in common, they had > access > to the project via a group. > It turns out, in 5.1 the logic to determine if a person is a committer to a > project has been changed and our test suite seems to be incomplete here as > people having commit via a group are not considered committers. > > I've spent sometime getting this fixed in a way that remains compatible with > the > reason it was changed in the first place and added more tests for this. > > Seeing that the changelog since the 5.1.1 release isn't large: > * 7dbcb0e5 Add test checking that group with ticket access aren't committer > * 8bba7704 Add test to ensure committers in a group with commit access are > recognized > * 695f8cad Ensure there is a session in flask.g and patch it correctly > * 2a1d4db8 Fix detecting if the user is a committer via a group > * a3c93a3d Also provide PATH and content encoding for clone.py > * 557a7ab3 Use the manually updated updated_on field rather than last_updated > * 6764e6aa Make the sshkey migration more flexible > * 6387abb7 Fix underline length in the doc - fixes warning in sphinx > * 20456fac Add some documentation about MIRROR_SSHKEYS_FOLDER > * 3e055021 If a value is None, insert empty strings into the arguments > > (This is including the commits fixing the issue, PR pending at: > https://pagure.io/pagure/pull-request/3890) > > I am considering just doing a 5.1.2 bug fix release and I would like to > request > permission to push this to pagure.io. > > Thoughts? Does this version have any schema changes? ie, can we go back if we need to? In any case +1, but do make sure it's solid in stg and everything we need to fix is collected. kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Enable keyhelper for pagure01
+1 here as it has a easy fallback and we are just starting freeze. kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: Automating bodhi daily pushes
Okay, fixed.
And as Randy mentioned, we can use this without fixing @2579.
diff --git a/roles/bodhi2/backend/files/bodhi-automated-pushes.py
b/roles/bodhi2/backend/files/bodhi-auto
new file mode 100644
index 000..aacc81c
--- /dev/null
+++ b/roles/bodhi2/backend/files/bodhi-automated-pushes.py
@@ -0,0 +1,12 @@
+import requests
+import json
+import subprocess
+import logging
+
+req = requests.get('https://bodhi.fedoraproject.org/composes/')
+bodhi_composes = req.json()
+
+if len(bodhi_composes['composes']) == 0:
+bodhi_push_cmd = ["bodhi-push", "--username", "releng"]
+push = subprocess.Popen(bodhi_push_cmd, stdout=PIPE, stderr=PIPE,
stdin=PIPE)
+push.stdin.write('y')
diff --git a/roles/bodhi2/backend/tasks/main.yml
b/roles/bodhi2/backend/tasks/main.yml
index f76d944..7e37d24 100644
--- a/roles/bodhi2/backend/tasks/main.yml
+++ b/roles/bodhi2/backend/tasks/main.yml
@@ -264,6 +264,14 @@
- bodhi
- cron
+- name: put bodhi-automated-pushes.py in place
+ copy: src=bodhi-automated-pushes.py
dest=/usr/local/bin/bodhi-automated-pushes.py mode=0755
+ when: inventory_hostname.startswith('bodhi-backend01') and env ==
"production"
+ tags:
+ - config
+ - bodhi
+ - cron
+
- name: put update-fullfiletimelist in place
copy: src="{{ files }}/scripts/update-fullfiletimelist"
dest=/usr/local/bin/update-fullfiletimelist mo
when: inventory_hostname.startswith('bodhi-backend01') and env ==
"production"
@@ -288,6 +296,14 @@
- bodhi
- cron
+- name: Set the bodhi-automated-pushes cron job
+ template: src=bodhi-automated-pushes.cron.j2
dest=/etc/cron.d/bodhi-automated-pushes
+ when: inventory_hostname.startswith('bodhi-backend01') and env ==
"production"
+ tags:
+ - config
+ - bodhi
+ - cron
+
- name: directory sizes update cron job.
cron: name="directory-sizes-update" minute="30" hour="19" user="ftpsync"
job="/usr/bin/find /pub/alt/ /pub/archive/ /pub/fedora-secondary/
/pub/fedora/ /pub/epel/ -type
diff --git a/roles/bodhi2/backend/templates/bodhi-automated-pushes.cron.j2
b/roles/bodhi2/backend/templat
new file mode 100644
index 000..7d440af
--- /dev/null
+++ b/roles/bodhi2/backend/templates/bodhi-automated-pushes.cron.j2
@@ -0,0 +1,5 @@
+{% if Frozen %}
+{{ '#' }}00 00 * * * apache /usr/local/bin/bodhi-automated-pushes.py
+{% else %}
+00 00 * * * apache /usr/local/bin/bodhi-automated-pushes.py
+{% endif %}
On Fri, Oct 5, 2018 at 9:49 AM Randy Barlow
wrote:
> On Thu, 2018-10-04 at 17:09 -0700, Kevin Fenzi wrote:
> > And secondly:
> >
> > https://github.com/fedora-infra/bodhi/issues/2579
> >
> > we probibly need at least that bug fixed, although we could put a
> > lock
> > wrapper around it so it only runs one at a time ever.
>
> Mohan's code did ensure that the len() on the composes was 0, which is
> the same thing I would do if I fixed #2579, so I think his code will
> work without fixing #2579 (though of course, we should still fix #2579
> because that's the right place to fix it ultimately).
>
> +1 to the suggestion of using the Frozen variable.
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to
> infrastructure-le...@lists.fedoraproject.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
>
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
FBR: Enable keyhelper for pagure01
Hi, Can I get +1s to the following patch? This would enable keyhelper.py on pagure.io, which is an alternative to authorized_keys file, which need a gitolite recompile to get changes activated. If anything goes wrong with it, sshd will fall back to the authorized_keys file, which will still be updated. Note that due to the fact that sshd_config is a file (instead of template), it needs a copy of the file (I have a todo to fix this), but the only change from the EL7 one to this is the last two lines, addition of AuthorizedKeysCommand. Patrick commit 95523df6b2ed99a170cac19f6e84daf43b81b617 Author: Patrick Uiterwijk Date: Wed Oct 10 17:37:16 2018 +0200 Add keyhelper to pagure.io Signed-off-by: Patrick Uiterwijk diff --git a/roles/basessh/files/ssh/sshd_config.pagure b/roles/basessh/files/ssh/sshd_config.pagure new file mode 100644 index 0..8fca2d49f --- /dev/null +++ b/roles/basessh/files/ssh/sshd_config.pagure @@ -0,0 +1,166 @@ +# $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/usr/bin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +# If you want to change the port on a SELinux system, you have to tell +# SELinux about this change. +# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER +# +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# The default requires explicit activation of protocol 1 +#Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub +#HostKey /etc/ssh/ssh_host_dsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Ciphers and keying +#RekeyLimit default none + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +SyslogFacility AUTHPRIV +#LogLevel INFO +LogLevel VERBOSE + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin yes +#StrictModes yes +PermitRootLogin without-password +StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no +PasswordAuthentication no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no +#KerberosUseKuserok yes + +# GSSAPI options +#GSSAPIAuthentication no +GSSAPIAuthentication yes +#GSSAPICleanupCredentials yes +GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several +# problems. +#UsePAM no +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +UsePrivilegeSeparation sandbox # Default for new installations. +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#ShowPatchLevel no +#UseDNS yes +#PidFile /var/run/sshd.pid
Re: FAS & openid application development
On Wed, Oct 10, 2018 at 3:25 PM Radka Janekova wrote: > Hi, > > please excuse me if this information is somewhere and I failed to find > it... > > I'm looking for a way to add an application / get an id, to be used in a > web application used to authenticate the user with Fedora account. I did > not see any mention of it in the auth/openid wiki page, I'm assuming that > it would be to create a ticket with infrastructure? > > Who would be the right person to talk to about this topic? Willing to > spare a bit of time to provide some guidance? (Czech would be welcome as it > is a local high school intern working on the project, and I'm not entirely > confident in his English :P) > > Project details to give you a better picture what am I talking about - A > website where the user will log-in with their Fedora account, then have > some options to choose from, these would be generated based on their > scope/groups ... > This sounds like a really cool project. I went looking for docs/descriptions and didn't see them. Where can I find it? Thanks, bex > > Thank you, > Radka > > -- > *Radka Janeková* > .NET Engineer, Red Hat > *radka.ja...@redhat.com * > IRC: radka | Freenode: Rhea > > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to > infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org > -- Brian (bex) Exelbierd | bexel...@redhat.com | b...@pobox.com Fedora Community Action & Impact Coordinator @bexelbie | http://www.winglemeyer.org ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FAS & openid application development
On Wed, Oct 10, 2018 at 09:36:57AM -0400, Neal Gompa wrote: > On Wed, Oct 10, 2018 at 9:24 AM Radka Janekova wrote: > > > > Hi, > > > > please excuse me if this information is somewhere and I failed to find it... > > > > I'm looking for a way to add an application / get an id, to be used in a > > web application used to authenticate the user with Fedora account. I did > > not see any mention of it in the auth/openid wiki page, I'm assuming that > > it would be to create a ticket with infrastructure? > > > > Who would be the right person to talk to about this topic? Willing to spare > > a bit of time to provide some guidance? (Czech would be welcome as it is a > > local high school intern working on the project, and I'm not entirely > > confident in his English :P) > > > > Project details to give you a better picture what am I talking about - A > > website where the user will log-in with their Fedora account, then have > > some options to choose from, these would be generated based on their > > scope/groups ... > > > > You should be able to do this out of the gate as-is. If it's Python > based using Flask, you can use `python3-fedora-flask` and source that > module to pre-configure for authentication with FAS. For other > language stacks, take a look at how it works in Python[1] and adapt > accordingly. It also depends if you're going to use openid or openid-connect. For the former there is nothing to do on our end, it's the plain, usual openid protocol. For the later, that application would need to be registered in our end but for development purposes you can register against iddev.fedorainfracloud.org see the "registration" paragraph in https://flask-oidc.readthedocs.io/en/latest/ Pierre ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FAS & openid application development
On Wed, Oct 10, 2018 at 9:24 AM Radka Janekova wrote: > > Hi, > > please excuse me if this information is somewhere and I failed to find it... > > I'm looking for a way to add an application / get an id, to be used in a web > application used to authenticate the user with Fedora account. I did not see > any mention of it in the auth/openid wiki page, I'm assuming that it would be > to create a ticket with infrastructure? > > Who would be the right person to talk to about this topic? Willing to spare a > bit of time to provide some guidance? (Czech would be welcome as it is a > local high school intern working on the project, and I'm not entirely > confident in his English :P) > > Project details to give you a better picture what am I talking about - A > website where the user will log-in with their Fedora account, then have some > options to choose from, these would be generated based on their scope/groups > ... > You should be able to do this out of the gate as-is. If it's Python based using Flask, you can use `python3-fedora-flask` and source that module to pre-configure for authentication with FAS. For other language stacks, take a look at how it works in Python[1] and adapt accordingly. [1]: https://github.com/fedora-infra/python-fedora/blob/develop/flask_fas_openid.py -- 真実はいつも一つ!/ Always, there's only one truth! ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
[Freeze Break Request: ] Upgrade pagure.io to pagure 5.1.2
Good Morning Everyone, Today people started to indicate some issues with merging, accessing or delete branches in some projects. All what these persons had in common, they had access to the project via a group. It turns out, in 5.1 the logic to determine if a person is a committer to a project has been changed and our test suite seems to be incomplete here as people having commit via a group are not considered committers. I've spent sometime getting this fixed in a way that remains compatible with the reason it was changed in the first place and added more tests for this. Seeing that the changelog since the 5.1.1 release isn't large: * 7dbcb0e5 Add test checking that group with ticket access aren't committer * 8bba7704 Add test to ensure committers in a group with commit access are recognized * 695f8cad Ensure there is a session in flask.g and patch it correctly * 2a1d4db8 Fix detecting if the user is a committer via a group * a3c93a3d Also provide PATH and content encoding for clone.py * 557a7ab3 Use the manually updated updated_on field rather than last_updated * 6764e6aa Make the sshkey migration more flexible * 6387abb7 Fix underline length in the doc - fixes warning in sphinx * 20456fac Add some documentation about MIRROR_SSHKEYS_FOLDER * 3e055021 If a value is None, insert empty strings into the arguments (This is including the commits fixing the issue, PR pending at: https://pagure.io/pagure/pull-request/3890) I am considering just doing a 5.1.2 bug fix release and I would like to request permission to push this to pagure.io. Thoughts? Thanks, Pierre signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
FAS & openid application development
Hi, please excuse me if this information is somewhere and I failed to find it... I'm looking for a way to add an application / get an id, to be used in a web application used to authenticate the user with Fedora account. I did not see any mention of it in the auth/openid wiki page, I'm assuming that it would be to create a ticket with infrastructure? Who would be the right person to talk to about this topic? Willing to spare a bit of time to provide some guidance? (Czech would be welcome as it is a local high school intern working on the project, and I'm not entirely confident in his English :P) Project details to give you a better picture what am I talking about - A website where the user will log-in with their Fedora account, then have some options to choose from, these would be generated based on their scope/groups ... Thank you, Radka -- *Radka Janeková* .NET Engineer, Red Hat *radka.ja...@redhat.com * IRC: radka | Freenode: Rhea ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [Freeze Break Request: ] Switch anitya backups to use --exclude-table-data rather than excluding entire tables
+1 On 10/10/2018 02:17 AM, ke...@scrye.com wrote: > From: Kevin Fenzi > > This allows people to use the db dump without having to manually create the > missing tables. > > Signed-off-by: Kevin Fenzi > --- > roles/postgresql_server/files/backup-database.anitya | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/roles/postgresql_server/files/backup-database.anitya > b/roles/postgresql_server/files/backup-database.anitya > index c28f31b..a2e05a8 100644 > --- a/roles/postgresql_server/files/backup-database.anitya > +++ b/roles/postgresql_server/files/backup-database.anitya > @@ -10,7 +10,7 @@ DB=anitya > # Make it use a limited number of threads because pxz will use all the > # cpus which causes pg_dump to starve which causes... > > -/usr/bin/pg_dump -T users -T tokens -T 'social*' -T sessions -C $DB | > /usr/bin/pxz -T4 > /backups/$DB-public-$(date +%F).dump.xz > +/usr/bin/pg_dump --exclude-table-data users --exclude-table-data tokens > --exclude-table-data 'social*' --exclude-table-data sessions -C $DB | > /usr/bin/pxz -T4 > /backups/$DB-public-$(date +%F).dump.xz > > # Also, delete the backup from a few days ago. > rm -f /backups/$DB-public-$(date --date="1 days ago" +%F).dump.xz > -- Mikolaj Izdebski Senior Software Engineer, Red Hat IRC: mizdebsk ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
