Re: FBR: Switch Pagure over to aclchecker
+1 -re On 10/11/2018 02:22 PM, Patrick マルタインアンドレアス Uiterwijk wrote: > Hi, > > This is the next step of preparing pagure.io for repoSpanner: switch the > entry command to aclchecker, which is a small script that calls either > repoBridge for repos on repoSpanner (none at this moment) or gitolite for all > others. > This adds some configuration for repobridge, but that won't be used yet. > This can be reverted by switching the SSH config back to no longer calling > keyhelper. > > Patrick > > > commit 6d313b60b05b022c1ae04dc81f9956cff33fb5b5 (HEAD -> master) > Author: Patrick Uiterwijk > Date: Thu Oct 11 20:19:11 2018 +0200 > > Switch Pagure.io over to aclchecker > > This will make it possible to migrate repositories to repoSpanner. > > Signed-off-by: Patrick Uiterwijk > > diff --git a/roles/pagure/frontend/templates/pagure.cfg > b/roles/pagure/frontend/templates/pagure.cfg > index 4fddd17e7..54e28930b 100644 > --- a/roles/pagure/frontend/templates/pagure.cfg > +++ b/roles/pagure/frontend/templates/pagure.cfg > @@ -313,4 +313,21 @@ THEME = 'pagureio' > MIRROR_SSHKEYS_FOLDER='/srv/mirror/ssh' > > SSH_KEYS_USERNAME_EXPECT = "git" > -SSH_KEYS_OPTIONS = 'command="/usr/share/gitolite3/gitolite-shell > %(username)s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty' > +SSH_KEYS_OPTIONS = 'restrict,command="/usr/libexec/pagure/aclchecker.py > %(username)s"' > + > +SSH_COMMAND_REPOSPANNER = ([ > +"/usr/libexec/repobridge", > +"--extra", "username", "%(username)s", > +"--extra", "repotype", "%(repotype)s", > +"--extra", "project_name", "%(project_name)s", > +"--extra", "project_user", "%(project_user)s", > +"--extra", "project_namespace", "%(project_namespace)s", > +"%(cmd)s", > +"'pagure/%(repotype)s/%(reponame)s'", > +], {"REPOBRIDGE_CONFIG": "/etc/repobridge/rpms.json"}) > +SSH_COMMAND_NON_REPOSPANNER = ([ > +"/usr/share/gitolite3/gitolite-shell", > +"%(username)s", > +"%(cmd)s", > +"%(reponame)s", > +], {}) > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Switch Pagure over to aclchecker
+1 kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Switch Pagure over to aclchecker
(Actually, until a future PR where I apply the correct sshd_Config to pagure01, it won't even change anything on prod for now other than the existance of these config options.) ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
FBR: Switch Pagure over to aclchecker
Hi, This is the next step of preparing pagure.io for repoSpanner: switch the entry command to aclchecker, which is a small script that calls either repoBridge for repos on repoSpanner (none at this moment) or gitolite for all others. This adds some configuration for repobridge, but that won't be used yet. This can be reverted by switching the SSH config back to no longer calling keyhelper. Patrick commit 6d313b60b05b022c1ae04dc81f9956cff33fb5b5 (HEAD -> master) Author: Patrick Uiterwijk Date: Thu Oct 11 20:19:11 2018 +0200 Switch Pagure.io over to aclchecker This will make it possible to migrate repositories to repoSpanner. Signed-off-by: Patrick Uiterwijk diff --git a/roles/pagure/frontend/templates/pagure.cfg b/roles/pagure/frontend/templates/pagure.cfg index 4fddd17e7..54e28930b 100644 --- a/roles/pagure/frontend/templates/pagure.cfg +++ b/roles/pagure/frontend/templates/pagure.cfg @@ -313,4 +313,21 @@ THEME = 'pagureio' MIRROR_SSHKEYS_FOLDER='/srv/mirror/ssh' SSH_KEYS_USERNAME_EXPECT = "git" -SSH_KEYS_OPTIONS = 'command="/usr/share/gitolite3/gitolite-shell %(username)s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty' +SSH_KEYS_OPTIONS = 'restrict,command="/usr/libexec/pagure/aclchecker.py %(username)s"' + +SSH_COMMAND_REPOSPANNER = ([ +"/usr/libexec/repobridge", +"--extra", "username", "%(username)s", +"--extra", "repotype", "%(repotype)s", +"--extra", "project_name", "%(project_name)s", +"--extra", "project_user", "%(project_user)s", +"--extra", "project_namespace", "%(project_namespace)s", +"%(cmd)s", +"'pagure/%(repotype)s/%(reponame)s'", +], {"REPOBRIDGE_CONFIG": "/etc/repobridge/rpms.json"}) +SSH_COMMAND_NON_REPOSPANNER = ([ +"/usr/share/gitolite3/gitolite-shell", +"%(username)s", +"%(cmd)s", +"%(reponame)s", +], {}) ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org