Re: FBR: Switch Pagure over to aclchecker
+1
-re
On 10/11/2018 02:22 PM, Patrick マルタインアンドレアス Uiterwijk wrote:
> Hi,
>
> This is the next step of preparing pagure.io for repoSpanner: switch the
> entry command to aclchecker, which is a small script that calls either
> repoBridge for repos on repoSpanner (none at this moment) or gitolite for all
> others.
> This adds some configuration for repobridge, but that won't be used yet.
> This can be reverted by switching the SSH config back to no longer calling
> keyhelper.
>
> Patrick
>
>
> commit 6d313b60b05b022c1ae04dc81f9956cff33fb5b5 (HEAD -> master)
> Author: Patrick Uiterwijk
> Date: Thu Oct 11 20:19:11 2018 +0200
>
> Switch Pagure.io over to aclchecker
>
> This will make it possible to migrate repositories to repoSpanner.
>
> Signed-off-by: Patrick Uiterwijk
>
> diff --git a/roles/pagure/frontend/templates/pagure.cfg
> b/roles/pagure/frontend/templates/pagure.cfg
> index 4fddd17e7..54e28930b 100644
> --- a/roles/pagure/frontend/templates/pagure.cfg
> +++ b/roles/pagure/frontend/templates/pagure.cfg
> @@ -313,4 +313,21 @@ THEME = 'pagureio'
> MIRROR_SSHKEYS_FOLDER='/srv/mirror/ssh'
>
> SSH_KEYS_USERNAME_EXPECT = "git"
> -SSH_KEYS_OPTIONS = 'command="/usr/share/gitolite3/gitolite-shell
> %(username)s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty'
> +SSH_KEYS_OPTIONS = 'restrict,command="/usr/libexec/pagure/aclchecker.py
> %(username)s"'
> +
> +SSH_COMMAND_REPOSPANNER = ([
> +"/usr/libexec/repobridge",
> +"--extra", "username", "%(username)s",
> +"--extra", "repotype", "%(repotype)s",
> +"--extra", "project_name", "%(project_name)s",
> +"--extra", "project_user", "%(project_user)s",
> +"--extra", "project_namespace", "%(project_namespace)s",
> +"%(cmd)s",
> +"'pagure/%(repotype)s/%(reponame)s'",
> +], {"REPOBRIDGE_CONFIG": "/etc/repobridge/rpms.json"})
> +SSH_COMMAND_NON_REPOSPANNER = ([
> +"/usr/share/gitolite3/gitolite-shell",
> +"%(username)s",
> +"%(cmd)s",
> +"%(reponame)s",
> +], {})
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
signature.asc
Description: OpenPGP digital signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Switch Pagure over to aclchecker
+1 kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Switch Pagure over to aclchecker
(Actually, until a future PR where I apply the correct sshd_Config to pagure01, it won't even change anything on prod for now other than the existance of these config options.) ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
FBR: Switch Pagure over to aclchecker
Hi,
This is the next step of preparing pagure.io for repoSpanner: switch the entry
command to aclchecker, which is a small script that calls either repoBridge for
repos on repoSpanner (none at this moment) or gitolite for all others.
This adds some configuration for repobridge, but that won't be used yet.
This can be reverted by switching the SSH config back to no longer calling
keyhelper.
Patrick
commit 6d313b60b05b022c1ae04dc81f9956cff33fb5b5 (HEAD -> master)
Author: Patrick Uiterwijk
Date: Thu Oct 11 20:19:11 2018 +0200
Switch Pagure.io over to aclchecker
This will make it possible to migrate repositories to repoSpanner.
Signed-off-by: Patrick Uiterwijk
diff --git a/roles/pagure/frontend/templates/pagure.cfg
b/roles/pagure/frontend/templates/pagure.cfg
index 4fddd17e7..54e28930b 100644
--- a/roles/pagure/frontend/templates/pagure.cfg
+++ b/roles/pagure/frontend/templates/pagure.cfg
@@ -313,4 +313,21 @@ THEME = 'pagureio'
MIRROR_SSHKEYS_FOLDER='/srv/mirror/ssh'
SSH_KEYS_USERNAME_EXPECT = "git"
-SSH_KEYS_OPTIONS = 'command="/usr/share/gitolite3/gitolite-shell
%(username)s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty'
+SSH_KEYS_OPTIONS = 'restrict,command="/usr/libexec/pagure/aclchecker.py
%(username)s"'
+
+SSH_COMMAND_REPOSPANNER = ([
+"/usr/libexec/repobridge",
+"--extra", "username", "%(username)s",
+"--extra", "repotype", "%(repotype)s",
+"--extra", "project_name", "%(project_name)s",
+"--extra", "project_user", "%(project_user)s",
+"--extra", "project_namespace", "%(project_namespace)s",
+"%(cmd)s",
+"'pagure/%(repotype)s/%(reponame)s'",
+], {"REPOBRIDGE_CONFIG": "/etc/repobridge/rpms.json"})
+SSH_COMMAND_NON_REPOSPANNER = ([
+"/usr/share/gitolite3/gitolite-shell",
+"%(username)s",
+"%(cmd)s",
+"%(reponame)s",
+], {})
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
