Re: [ansible] Try out this conditional restart stuff.
On 03/14/2014 04:30 PM, Ralph Bean wrote: +- name: restart fedmsg-gateway + command: /usr/local/bin/conditional-restart.sh fedmsg-gateway fedmsg-gateway Ralph, I tried to run copr-backend playbook and this notified and therefore executed, but failed, because NOTIFIED: [restart fedmsg-gateway] failed: [209.132.184.142] = {cmd: [/usr/local/bin/conditional-restart.sh, fedmsg-gateway, fedmsg-gateway], failed: true, item: , rc: 2} msg: [Errno 2] No such file or directory and: yum whatprovides /usr/local/bin/conditional-restart.sh No matches found So where I can get that file please? -- Miroslav Suchy, RHCE, RHCDS Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: [ansible] Try out this conditional restart stuff.
On Mon, Mar 17, 2014 at 10:46:38AM +0100, Miroslav Suchý wrote: On 03/14/2014 04:30 PM, Ralph Bean wrote: +- name: restart fedmsg-gateway + command: /usr/local/bin/conditional-restart.sh fedmsg-gateway fedmsg-gateway Ralph, I tried to run copr-backend playbook and this notified and therefore executed, but failed, because NOTIFIED: [restart fedmsg-gateway] failed: [209.132.184.142] = {cmd: [/usr/local/bin/conditional-restart.sh, fedmsg-gateway, fedmsg-gateway], failed: true, item: , rc: 2} msg: [Errno 2] No such file or directory and: yum whatprovides /usr/local/bin/conditional-restart.sh No matches found So where I can get that file please? It is part of the ansible repo: ./roles/base/files/common-scripts/conditional-restart.sh You might be missing the part that installs it. Pierre ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Lookaside: Move away from md5
We should move to something more secure than md5 for the uploaded sources. This patch series implements the server-side part of this change, adding support for sha512, but keeping support for md5 as a fallback for now. We might want to drop the md5 fallback once we have migrated completely, that is when fedpkg has been updated too. The last patch is unrelated, but it's a fix for a problem I found while testing this change. https://fedorahosted.org/rel-eng/ticket/5846 ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
[PATCH 3/4] Add support for sha512 file hashes
With this change, the upload CGI script will start preferring uploads hashed as sha512, but still accept md5 as a fallback. https://fedorahosted.org/rel-eng/ticket/5846 --- scripts/upload.cgi/upload.cgi | 23 +-- 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/scripts/upload.cgi/upload.cgi b/scripts/upload.cgi/upload.cgi index 00d0988..e32573d 100644 --- a/scripts/upload.cgi/upload.cgi +++ b/scripts/upload.cgi/upload.cgi @@ -22,7 +22,6 @@ except ImportError: from email.MIMEText import MIMEText import hashlib -md5_constructor = hashlib.md5 # Reading buffer size BUFFER_SIZE = 4096 @@ -108,7 +107,19 @@ def main(): form = cgi.FieldStorage() name = check_form(form, 'name') -checksum = check_form(form, 'md5sum') + +# Search for the file hash, start with stronger hash functions +if form.has_key('sha512sum'): +checksum = check_form(form, 'sha512sum') +hash_type = sha512 + +elif form.has_key('md5sum'): +# Fallback on md5, as it's what we currently use +checksum = check_form(form, 'md5sum') +hash_type = md5 + +else: +send_error('Required checksum is not present.') action = None upload_file = None @@ -121,7 +132,7 @@ def main(): action = 'check' filename = check_form(form, 'filename') filename = os.path.basename(filename) -print sys.stderr, '[username=%s] Checking file status: NAME=%s FILENAME=%s CHECKSUM=%s' % (username, name, filename, checksum) +print sys.stderr, '[username=%s] Checking file status: NAME=%s FILENAME=%s %sSUM=%s' % (username, name, filename, hash_type, checksum) else: action = 'upload' if form.has_key('file'): @@ -131,7 +142,7 @@ def main(): filename = os.path.basename(upload_file.filename) else: send_error('Required field file is not present.') -print sys.stderr, '[username=%s] Processing upload request: NAME=%s FILENAME=%s CHECKSUM=%s' % (username, name, filename, checksum) +print sys.stderr, '[username=%s] Processing upload request: NAME=%s FILENAME=%s %sSUM=%s' % (username, name, filename, hash_type, checksum) module_dir = os.path.join(CACHE_DIR, name) hash_dir = os.path.join(module_dir, filename, checksum) @@ -167,7 +178,7 @@ def main(): tmpfd = open(tmpfile, 'w') # now read the whole file in -m = md5_constructor() +m = getattr(hashlib, hash_type)() filesize = 0 while True: data = upload_file.file.read(BUFFER_SIZE) @@ -192,7 +203,7 @@ def main(): os.chmod(dest_file, 0644) print sys.stderr, '[username=%s] Stored %s (%d bytes)' % (username, dest_file, filesize) -print 'File %s size %d MD5 %s stored OK' % (filename, filesize, checksum) +print 'File %s size %d %s %s stored OK' % (filename, filesize, hash_type, checksum) send_email(name, checksum, filename, username) if __name__ == '__main__': -- 1.8.5.3 ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
[PATCH 4/4] Remove tempfile when hash verification fails
--- scripts/upload.cgi/upload.cgi | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/upload.cgi/upload.cgi b/scripts/upload.cgi/upload.cgi index e32573d..999155e 100644 --- a/scripts/upload.cgi/upload.cgi +++ b/scripts/upload.cgi/upload.cgi @@ -192,6 +192,7 @@ def main(): tmpfd.close() check_checksum = m.hexdigest() if checksum != check_checksum: +os.unlink(tmpfile) send_error(Checksum check failed. Received %s instead of %s. % (check_checksum, checksum)) # wow, even the check matches. make sure full path is valid now -- 1.8.5.3 ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
[PATCH 2/4] Rename some variables and comments away from md5
We are moving away from using md5 for the uploaded source tarballs, so the code shouldn't be full of assumption that everything is md5 any more. --- scripts/upload.cgi/upload.cgi | 36 ++-- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/scripts/upload.cgi/upload.cgi b/scripts/upload.cgi/upload.cgi index a43cc6e..00d0988 100644 --- a/scripts/upload.cgi/upload.cgi +++ b/scripts/upload.cgi/upload.cgi @@ -57,10 +57,10 @@ def check_auth(username): pass return authenticated -def send_email(pkg, md5, filename, username): +def send_email(pkg, checksum, filename, username): text = A file has been added to the lookaside cache for %(pkg)s: -%(md5)s %(filename)s % locals() +%(checksum)s %(filename)s % locals() msg = MIMEText(text) try: sender_name = pwd.getpwnam(username)[4] @@ -108,7 +108,7 @@ def main(): form = cgi.FieldStorage() name = check_form(form, 'name') -md5sum = check_form(form, 'md5sum') +checksum = check_form(form, 'md5sum') action = None upload_file = None @@ -121,7 +121,7 @@ def main(): action = 'check' filename = check_form(form, 'filename') filename = os.path.basename(filename) -print sys.stderr, '[username=%s] Checking file status: NAME=%s FILENAME=%s MD5SUM=%s' % (username, name, filename, md5sum) +print sys.stderr, '[username=%s] Checking file status: NAME=%s FILENAME=%s CHECKSUM=%s' % (username, name, filename, checksum) else: action = 'upload' if form.has_key('file'): @@ -131,10 +131,10 @@ def main(): filename = os.path.basename(upload_file.filename) else: send_error('Required field file is not present.') -print sys.stderr, '[username=%s] Processing upload request: NAME=%s FILENAME=%s MD5SUM=%s' % (username, name, filename, md5sum) +print sys.stderr, '[username=%s] Processing upload request: NAME=%s FILENAME=%s CHECKSUM=%s' % (username, name, filename, checksum) module_dir = os.path.join(CACHE_DIR, name) -md5_dir = os.path.join(module_dir, filename, md5sum) +hash_dir = os.path.join(module_dir, filename, checksum) # first test if the module really exists cvs_dir = os.path.join(CVSREPO, name) @@ -143,7 +143,7 @@ def main(): send_error('Module %s does not exist!' % name) # try to see if we already have this file... -dest_file = os.path.join(md5_dir, filename) +dest_file = os.path.join(hash_dir, filename) if os.path.exists(dest_file): if action == 'check': print 'Available' @@ -163,7 +163,7 @@ def main(): # grab a temporary filename and dump our file in there tempfile.tempdir = module_dir -tmpfile = tempfile.mkstemp(md5sum)[1] +tmpfile = tempfile.mkstemp(checksum)[1] tmpfd = open(tmpfile, 'w') # now read the whole file in @@ -177,23 +177,23 @@ def main(): m.update(data) filesize += len(data) -# now we're done reading, check the MD5 sum of what we got +# now we're done reading, check the checksum of what we got tmpfd.close() -check_md5sum = m.hexdigest() -if md5sum != check_md5sum: -send_error(MD5 check failed. Received %s instead of %s. % (check_md5sum, md5sum)) +check_checksum = m.hexdigest() +if checksum != check_checksum: +send_error(Checksum check failed. Received %s instead of %s. % (check_checksum, checksum)) -# wow, even the MD5SUM matches. make sure full path is valid now -if not os.path.isdir(md5_dir): -os.makedirs(md5_dir, 02775) -print sys.stderr, '[username=%s] mkdir %s' % (username, md5_dir) +# wow, even the check matches. make sure full path is valid now +if not os.path.isdir(hash_dir): +os.makedirs(hash_dir, 02775) +print sys.stderr, '[username=%s] mkdir %s' % (username, hash_dir) os.rename(tmpfile, dest_file) os.chmod(dest_file, 0644) print sys.stderr, '[username=%s] Stored %s (%d bytes)' % (username, dest_file, filesize) -print 'File %s size %d MD5 %s stored OK' % (filename, filesize, md5sum) -send_email(name, md5sum, filename, username) +print 'File %s size %d MD5 %s stored OK' % (filename, filesize, checksum) +send_email(name, checksum, filename, username) if __name__ == '__main__': main() -- 1.8.5.3 ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
[PATCH 1/4] Drop EL 6 support
This will make it easier to move away from md5 for the source tarballs. It shouldn't cause any problem anyway, as Fedora runs this on EL 6. --- scripts/upload.cgi/upload.cgi | 8 ++-- 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/scripts/upload.cgi/upload.cgi b/scripts/upload.cgi/upload.cgi index 70320f9..a43cc6e 100644 --- a/scripts/upload.cgi/upload.cgi +++ b/scripts/upload.cgi/upload.cgi @@ -21,12 +21,8 @@ try: except ImportError: from email.MIMEText import MIMEText -try: -import hashlib -md5_constructor = hashlib.md5 -except ImportError: -import md5 -md5_constructor = md5.new +import hashlib +md5_constructor = hashlib.md5 # Reading buffer size BUFFER_SIZE = 4096 -- 1.8.5.3 ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: [ansible] Try out this conditional restart stuff.
On Mon, Mar 17, 2014 at 11:02:40AM +0100, Pierre-Yves Chibon wrote: On Mon, Mar 17, 2014 at 10:46:38AM +0100, Miroslav Suchý wrote: So where I can get that file please? It is part of the ansible repo: ./roles/base/files/common-scripts/conditional-restart.sh You might be missing the part that installs it. Yes, it is installed by the 'base' role. Did I incorrectly assume that we are including that in every playbook? pgp1ovqPIAqu3.pgp Description: PGP signature ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Test list available on Mailman3/Hyperkitty
Okay, there's a list available for testing on the new Mailman3/HyperKitty server : test-mailm...@lists.fedoraproject.org You can subscribe to it via the admin interface (called Postorius): https://lists.fedoraproject.org/admin/lists/test-mailm...@lists.fedoraproject.org/ Please report any bug you can find, either in Postorius or in HyperKitty. The bug tracker is on fedorahosted: https://fedorahosted.org/hyperkitty/ Thanks ! :-) Aurélien ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: Test list available on Mailman3/Hyperkitty
And what you were all expecting, the HyperKitty URL for that list: https://lists.fedoraproject.org/archives/list/test-mailm...@lists.fedoraproject.org/ Logging in with FAS currently has an issue because of the proxying, but I'll fix it shortly. A. 2014-03-17 15:40 GMT-03:00 Aurelien Bompard aurel...@bompard.org: Okay, there's a list available for testing on the new Mailman3/HyperKitty server : test-mailm...@lists.fedoraproject.org You can subscribe to it via the admin interface (called Postorius): https://lists.fedoraproject.org/admin/lists/test-mailm...@lists.fedoraproject.org/ Please report any bug you can find, either in Postorius or in HyperKitty. The bug tracker is on fedorahosted: https://fedorahosted.org/hyperkitty/ Thanks ! :-) Aurélien ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: Test list available on Mailman3/Hyperkitty
I love the User Interface of this list; and it's about time that Mailman gets re-written. Logging in with Google, I get an Error 500 Response however. And keep in mind, OAuth and OpenID will be phased out in Google completely by 2015 and should be upgraded to Google Plus Sign On: https://developers.google.com/+/api/auth-migration Matthew M. Kaufman http://mattisbusy.com Skype: mkfmncom | Phone: 703-677-8901 | EMail: matt...@spclops.com On Mar 17, 2014, at 3:00 PM, Aurélien Bompard gau...@free.fr wrote: And what you were all expecting, the HyperKitty URL for that list: https://lists.fedoraproject.org/archives/list/test-mailm...@lists.fedoraproject.org/ Logging in with FAS currently has an issue because of the proxying, but I'll fix it shortly. A. 2014-03-17 15:40 GMT-03:00 Aurelien Bompard aurel...@bompard.org: Okay, there's a list available for testing on the new Mailman3/HyperKitty server : test-mailm...@lists.fedoraproject.org You can subscribe to it via the admin interface (called Postorius): https://lists.fedoraproject.org/admin/lists/test-mailm...@lists.fedoraproject.org/ Please report any bug you can find, either in Postorius or in HyperKitty. The bug tracker is on fedorahosted: https://fedorahosted.org/hyperkitty/ Thanks ! :-) Aurélien ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Nasty artifact: was: Re: Test list available on Mailman3/Hyperkitty
And what you were all expecting, the HyperKitty URL for that list: https://lists.fedoraproject.org/archives/list/test-mailm...@lists.fedoraproject.org/ Viewing that URL, with a browser [CentOS 6 Firefox] which is reported by Gimp as yielding a screenshot image of 1360x769, there is a pretty obvious ( CSS ?) layout infringement problem. see: http://gallery.herrold.com/kyperkitty-fedora-20140317.png I have marked the issue ... In checking, I guess I don't know where a mailman3 SRPM is to see where to file a bug. Any hint? That same region, viewed with konqueror, ends up with a spinning disk that ever 'ends' -- Russ herrold ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: Test list available on Mailman3/Hyperkitty
Logging in with Google, I get an Error 500 Response however. And keep in mind, OAuth and OpenID will be phased out in Google completely by 2015 and should be upgraded to Google Plus Sign On: https://developers.google.com/+/api/auth-migration Thanks Matthew, there is currently something wrong with the Apache proxy on collab03, which blocks FAS authentication, I suspect it also blocks Google auth. But anyway those methods come from http://django-social-auth.readthedocs.org, so that's where the upgrade to Google Plus Sign On should be made. Aurélien ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: Test list available on Mailman3/Hyperkitty
On Mon, 2014-03-17 at 15:40 -0300, Aurelien Bompard wrote: Okay, there's a list available for testing on the new Mailman3/HyperKitty server : Hi Aurelien, Please report any bug you can find, either in Postorius or in HyperKitty. The bug tracker is on fedorahosted: https://fedorahosted.org/hyperkitty/ One bug filed: https://fedorahosted.org/hyperkitty/ticket/54 Another thing. I posted a replies using Postorius but I am not receiving an e-mails for them. Is this how it's supposed to work? Shouldn't I get mails for posts made from either my e-mail or the web interface? Should I file a ticket for this too? Here's the post I made: https://lists.fedoraproject.org/archives/list/test-mailm...@lists.fedoraproject.org/message/3N7GSC4LW4YC6N3CA3LRQKKDJAB4T2PV/ -- Thanks, Warm regards, Ankur (FranciscoD) http://fedoraproject.org/wiki/User:Ankursinha Join Fedora! Come talk to us! http://fedoraproject.org/wiki/Fedora_Join_SIG signature.asc Description: This is a digitally signed message part ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: Test list available on Mailman3/Hyperkitty
One bug filed: https://fedorahosted.org/hyperkitty/ticket/54 Thanks. Another thing. I posted a replies using Postorius but I am not receiving an e-mails for them. Is this how it's supposed to work? Shouldn't I get mails for posts made from either my e-mail or the web interface? Two things here: - if you post a reply, you don't receive it by email, just as when you don't receive duplicates of the emails you send - if you only post via the web interface, you get automatically subscribed to the list, but in no-delivery mode. This way you can keep following the list using HyperKitty like you would do with a web forum. If you want to subscribe via email, you have to go through Postorius, the admin interface. I agree there should be a button on HyperKitty to let you (un)subscribe to the list via email, but it's not there yet. Aurélien ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: Test list available on Mailman3/Hyperkitty
On Mon, 2014-03-17 at 22:18 -0300, Aurélien Bompard wrote: Two things here: - if you post a reply, you don't receive it by email, just as when you don't receive duplicates of the emails you send Oh! OK. Makes sense. - if you only post via the web interface, you get automatically subscribed to the list, but in no-delivery mode. This way you can keep following the list using HyperKitty like you would do with a web forum. If you want to subscribe via email, you have to go through Postorius, the admin interface. I agree there should be a button on HyperKitty to let you (un)subscribe to the list via email, but it's not there yet. Ah. I found the required settings in Postorius. I tested and confirm that enabling the setting sends me mail. -- Thanks, Warm regards, Ankur (FranciscoD) http://fedoraproject.org/wiki/User:Ankursinha Join Fedora! Come talk to us! http://fedoraproject.org/wiki/Fedora_Join_SIG signature.asc Description: This is a digitally signed message part ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure