proxy1.stg and xen6
I'm doing some work on proxy1.stg specifically with it's aliased IP 10.8.34.98 on xen6. Please don't touch them until I give the ok (troubleshooting network issues with a dedicated box) -Mike ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Meeting today
Just a reminder there's a meeting today and we'll be discussing the alpha release just less then a week away! https://fedorahosted.org/fedora-infrastructure/report/9 -Mike ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
[Change Request] Mercurial upgrade on app1
There is a bug related to Mercurial-1.2.x that is boring some of our translators when using Transifex[1]. Could I have +1's for updating it with the following version? https://admin.fedoraproject.org/updates/mercurial-1.3.1-3.el5 [1] http://transifex.org/ticket/279 Regards -- Diego Búrigo Zacarão http://diegobz.net ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Change request - Mercurial - app1
There's been a request to update mercurial on app1 from mercurial-1.2-2.el5.1 to mercurial-1.3.1-3.el5 which is the latest in epel 2+1's? -Mike ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Change request - Mercurial - app1
ignore this one On Thu, 20 Aug 2009, Mike McGrath wrote: There's been a request to update mercurial on app1 from mercurial-1.2-2.el5.1 to mercurial-1.3.1-3.el5 which is the latest in epel 2+1's? -Mike ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: [Change Request] Mercurial upgrade on app1
On Thu, 20 Aug 2009, Diego Búrigo Zacarão wrote: There is a bug related to Mercurial-1.2.x that is boring some of our translators when using Transifex[1]. Could I have +1's for updating it with the following version? https://admin.fedoraproject.org/updates/mercurial-1.3.1-3.el5 [1] http://transifex.org/ticket/279 +1 -Mike___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: [Change Request] Mercurial upgrade on app1
On 2009-08-20 02:59:03 PM, Diego Búrigo Zacarão wrote: There is a bug related to Mercurial-1.2.x that is boring some of our translators when using Transifex[1]. Could I have +1's for updating it with the following version? https://admin.fedoraproject.org/updates/mercurial-1.3.1-3.el5 [1] http://transifex.org/ticket/279 +1 Thanks, Ricky pgpRudyHT1Gs0.pgp Description: PGP signature ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
[Change Request] Add script/cron job for checking git repo perms
The git::check-perms class includes a script for checking that the permissions of git repositories are generally proper for shared repositories. It also runs this script each day via a cron job. This is included on the hosted1 node. --- The intent of this script is to check that git repos on hosted don't end up with permissions that will cause problems when folks try to push to them. This shouldn't happen too often anymore since we fixed a git bug and have better scripts for creating the repositories, but it can still crop up. This script won't catch something like the a repo having the wrong group, unless we want to standardize on group naming and fix up existing repositories that don't follow that convention. (Which doesn't seem worth the effort.) I just picked the time for the cron job at random. If there is a better time for it to run, I can change it before pushing this. The change should be very low risk and easy to fix should it cause any problems. If I weren't likely to forget about it, it could wait until after the freeze it over. :) manifests/nodes/hosted1.fedoraproject.org.pp |4 + modules/git/README |4 + modules/git/files/check-perms.py | 148 ++ modules/git/manifests/init.pp| 31 ++ 4 files changed, 187 insertions(+), 0 deletions(-) create mode 100755 modules/git/files/check-perms.py diff --git a/manifests/nodes/hosted1.fedoraproject.org.pp b/manifests/nodes/hosted1.fedoraproject.org.pp index e94c151..a6c86c0 100644 --- a/manifests/nodes/hosted1.fedoraproject.org.pp +++ b/manifests/nodes/hosted1.fedoraproject.org.pp @@ -5,6 +5,10 @@ node hosted1 { include openvpn::client include spamassassin::server +$git_check_perms_gitroot = /git +$git_check_perms_mailto = sysadmin-hosted-memb...@fedoraproject.org +include git::check-perms + $mailman_default_url_proto = https $mailman_default_url_host = fedorahosted.org $mailman_default_email_host = lists.fedorahosted.org diff --git a/modules/git/README b/modules/git/README index e9a5e99..100a560 100644 --- a/modules/git/README +++ b/modules/git/README @@ -14,6 +14,10 @@ The git rpm installs the core tools with minimal dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. +The git::check-perms class includes a script for checking that the +permissions of git repositories are generally proper for shared +repositories. It also runs this script each day via a cron job. + The git::mail-hooks class installs some convenient tools for use as post-receive hooks, courtesy of the gnome.org sysadmins. diff --git a/modules/git/files/check-perms.py b/modules/git/files/check-perms.py new file mode 100755 index 000..88d7bff --- /dev/null +++ b/modules/git/files/check-perms.py @@ -0,0 +1,148 @@ +#!/usr/bin/python -tt +Check permissions of a tree of git repositories, optionally fixing any +problems found. + + +import os +import re +import sys +import optparse +from stat import * +from subprocess import call, PIPE, Popen + +usage = '%prog [options] [gitroot]' +parser = optparse.OptionParser(usage=usage) +parser.add_option('-f', '--fix', dest='fix', + action='store_true', default=False, + help='Correct any problems [%default]') +opts, args = parser.parse_args() + +if args: +gitroot = args[0] +else: +gitroot = '/git' + +object_re = re.compile('[0-9a-z]{40}') + +def is_object(path): +Check if a path is a git object. +parts = path.split(os.path.sep) +if 'objects' in parts and len(parts) 2 and \ +object_re.match(''.join(path.split(os.path.sep)[-2:])): +return True +return False + +def is_shared_repo(gitdir): +Check if a git repository is shared. +cmd = ['git', '--git-dir', gitdir, 'config', 'core.sharedRepository'] +p = Popen(cmd, stdout=PIPE, stderr=PIPE) +shared, error = p.communicate() +sharedmodes = ['1', 'group', 'true', '2', 'all', 'world', 'everybody'] +if shared.rstrip() not in sharedmodes or p.returncode: +return False +return True + +def set_shared_repo(gitdir, value='group'): +Set core.sharedRepository for a git repository. +mode_re = re.compile('06[0-7]{2}') +if value in [0, 'false', 'umask']: +value = 'umask' +elif value in [1, 'true', 'group']: +value = 'group' +elif value in [2, 'all', 'world', 'everybody']: +value = 'all' +elif mode_re.match(value): +pass +else: +raise SystemExit('Bogus core.sharedRepository value %s' % value) +cmd = ['git', '--git-dir', gitdir, 'config', 'core.sharedRepository', +value] +ret = call(cmd) +if ret: +return False +return True + +def check_git_perms(path, fix=False): +Check if permissions on a git repo are correct. + +If fix is true, problems found are corrected. + +
Re: [Change Request] Add script/cron job for checking git repo perms
On Thu, 20 Aug 2009, Todd Zullinger wrote: The git::check-perms class includes a script for checking that the permissions of git repositories are generally proper for shared repositories. It also runs this script each day via a cron job. This is included on the hosted1 node. --- The intent of this script is to check that git repos on hosted don't end up with permissions that will cause problems when folks try to push to them. This shouldn't happen too often anymore since we fixed a git bug and have better scripts for creating the repositories, but it can still crop up. This script won't catch something like the a repo having the wrong group, unless we want to standardize on group naming and fix up existing repositories that don't follow that convention. (Which doesn't seem worth the effort.) I just picked the time for the cron job at random. If there is a better time for it to run, I can change it before pushing this. The change should be very low risk and easy to fix should it cause any problems. If I weren't likely to forget about it, it could wait until after the freeze it over. :) manifests/nodes/hosted1.fedoraproject.org.pp |4 + modules/git/README |4 + modules/git/files/check-perms.py | 148 ++ modules/git/manifests/init.pp| 31 ++ 4 files changed, 187 insertions(+), 0 deletions(-) create mode 100755 modules/git/files/check-perms.py diff --git a/manifests/nodes/hosted1.fedoraproject.org.pp b/manifests/nodes/hosted1.fedoraproject.org.pp index e94c151..a6c86c0 100644 --- a/manifests/nodes/hosted1.fedoraproject.org.pp +++ b/manifests/nodes/hosted1.fedoraproject.org.pp @@ -5,6 +5,10 @@ node hosted1 { include openvpn::client include spamassassin::server +$git_check_perms_gitroot = /git +$git_check_perms_mailto = sysadmin-hosted-memb...@fedoraproject.org +include git::check-perms + $mailman_default_url_proto = https $mailman_default_url_host = fedorahosted.org $mailman_default_email_host = lists.fedorahosted.org diff --git a/modules/git/README b/modules/git/README index e9a5e99..100a560 100644 --- a/modules/git/README +++ b/modules/git/README @@ -14,6 +14,10 @@ The git rpm installs the core tools with minimal dependencies. To install all git packages, including tools for integrating with other SCMs, install the git-all meta-package. +The git::check-perms class includes a script for checking that the +permissions of git repositories are generally proper for shared +repositories. It also runs this script each day via a cron job. + The git::mail-hooks class installs some convenient tools for use as post-receive hooks, courtesy of the gnome.org sysadmins. diff --git a/modules/git/files/check-perms.py b/modules/git/files/check-perms.py new file mode 100755 index 000..88d7bff --- /dev/null +++ b/modules/git/files/check-perms.py @@ -0,0 +1,148 @@ +#!/usr/bin/python -tt +Check permissions of a tree of git repositories, optionally fixing any +problems found. + + +import os +import re +import sys +import optparse +from stat import * +from subprocess import call, PIPE, Popen + +usage = '%prog [options] [gitroot]' +parser = optparse.OptionParser(usage=usage) +parser.add_option('-f', '--fix', dest='fix', + action='store_true', default=False, + help='Correct any problems [%default]') +opts, args = parser.parse_args() + +if args: +gitroot = args[0] +else: +gitroot = '/git' + +object_re = re.compile('[0-9a-z]{40}') + +def is_object(path): +Check if a path is a git object. +parts = path.split(os.path.sep) +if 'objects' in parts and len(parts) 2 and \ +object_re.match(''.join(path.split(os.path.sep)[-2:])): +return True +return False + +def is_shared_repo(gitdir): +Check if a git repository is shared. +cmd = ['git', '--git-dir', gitdir, 'config', 'core.sharedRepository'] +p = Popen(cmd, stdout=PIPE, stderr=PIPE) +shared, error = p.communicate() +sharedmodes = ['1', 'group', 'true', '2', 'all', 'world', 'everybody'] +if shared.rstrip() not in sharedmodes or p.returncode: +return False +return True + +def set_shared_repo(gitdir, value='group'): +Set core.sharedRepository for a git repository. +mode_re = re.compile('06[0-7]{2}') +if value in [0, 'false', 'umask']: +value = 'umask' +elif value in [1, 'true', 'group']: +value = 'group' +elif value in [2, 'all', 'world', 'everybody']: +value = 'all' +elif mode_re.match(value): +pass +else: +raise SystemExit('Bogus core.sharedRepository value %s' % value) +cmd = ['git', '--git-dir', gitdir, 'config', 'core.sharedRepository', +value] +ret = call(cmd) +if ret: +return False +return
Re: [Change Request] Add script/cron job for checking git repo perms
Mike McGrath wrote: Just to be clear, we've run this several times already. We're just puppetizing it and adding a cron job? Yep. I've run a number of times. I ran it with the --fix option this morning to have it fix up the minor issues it noted. I also tested it run as user nobody with PATH=/usr/bin:/usr/local/bin, to (hopefully) ensure that things will work correctly when it runs via cron. -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ I am not young enough to know everything. -- Oscar Wilde (1854-1900) pgpNIFgAqqyaB.pgp Description: PGP signature ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: [Change Request] Add script/cron job for checking git repo perms
On 2009-08-20 07:54:24 PM, Todd Zullinger wrote: The git::check-perms class includes a script for checking that the permissions of git repositories are generally proper for shared repositories. It also runs this script each day via a cron job. +1 (Although I didn't think fedorahosted.org was covered under the change freeze). Thanks, Ricky pgpBfu1536NEc.pgp Description: PGP signature ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: [Change Request] Add script/cron job for checking git repo perms
Ricky Zhou wrote: +1 (Although I didn't think fedorahosted.org was covered under the change freeze). I would have guessed it wasn't too. But according to Environments.odg it is. Speaking of which, would exporting that .odg to a .png or other format make it easier to link to via the wiki for those that don't normally have OOo installed? Or would that just make it too likely to get out of sync? -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ The surest sign that intelligent life exists elsewhere in the universe is that it has never tried to contact us. -- Bill Watterson (Calvin and Hobbes) pgp9hnsk8JqJZ.pgp Description: PGP signature ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: [Change Request] Add script/cron job for checking git repo perms
Ricky Zhou wrote: I would have guessed it wasn't too. But according to Environments.odg it is. Are you sure? We're still in the prerelease freeze, so the machines covered are a bit more limited than a full freeze. Hmm, I did read that wrong then, it doesn't appear to be in the list for pre-release freezes. Thanks for correcting me. :) -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ Nothing is wrong with California that a rise in the ocean level wouldn't cure. -- Ross MacDonald (1915-1983) pgpljjdOEVMS0.pgp Description: PGP signature ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: [Change Request] Add script/cron job for checking git repo perms
On 2009-08-20 09:15:41 PM, Todd Zullinger wrote: Ricky Zhou wrote: +1 (Although I didn't think fedorahosted.org was covered under the change freeze). I would have guessed it wasn't too. But according to Environments.odg it is. Are you sure? We're still in the prerelease freeze, so the machines covered are a bit more limited than a full freeze. Speaking of which, would exporting that .odg to a .png or other format make it easier to link to via the wiki for those that don't normally have OOo installed? Or would that just make it too likely to get out of sync? That'd be a nice idea - that document could already use some updating now, and it couldn't hurt to make a PNG version ta the same time as it gets updated. Thanks, Ricky pgphgbpQu919q.pgp Description: PGP signature ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list