| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
More information at https://nvd.nist.gov/vuln/detail/CVE-2018-14912
|
|
|
|
|
|
|
|
|
|
| |
I hit a strange issue after upgrading git.baserock.org where the
wrong cgit.css stylesheet was being served. Restarting the lighttpd-git
service fixed it. I suspect this might be to do with the service
starting before the /var subvolume is mounted. I can't exactly prove
it but this change seems sensible in any case.
Change-Id: I535305da9ba6135851a38fd3d04c50876de99e21
|
|
|
|
|
|
|
|
|
|
| |
This fixes an issue where some .morph files wouldn't display correctly,
because they'd contain a < character and the browser would think that
this was a tag.
I've added some docstrings as well.
Change-Id: I3c7252319a06cac04880f8b20596003fde531609
|
|
|
|
| |
Change-Id: I6f2a8f173ee31f6ab652bbcd9b93306555ebf5c2
|
|
|
|
| |
Change-Id: I65e3386d5aec31a8bb8a02191b15ecc38ee33f43
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously the whole of git.baserock.org was effectively inaccessible
over HTTPS, because it would require a username and password for all
HTTPS requests. This was done to ensure that we don't make Trove
"insecure by default" by allowing access to hidden repos over anonymous
HTTPS.
Firstly, we only need to require auth for the actual Gitano URLs. The
other ones (cgit, lc-status.html, releases) are identical over HTTP and
HTTPS anyway, so there's no point in hiding them on one protocol but not
the other.
Also, I have now verified that Gitano's CGI scripts authenticate based
on the REMOTE_USER variable set by mod_auth, and if this isn't set they
treat the request as anonymous and correctly deny any requests that
the anonymous user doesn't have permissions for. This is noted in a
comment.
The behaviour of Gitano-over-HTTPS in Trove should be completely
unchanged by this commit, however.
Change-Id: Ie5dbc3bd3ab8d37ef3e5c08c9541c571944e1f58
|
|
|
|
|
|
|
|
|
| |
This is much less typing and gives us neater URLs!
The paths /baserock and /delta are also now specially redirected to
/cgit/baserock and /cgit/delta, for the benefit of the extra-lazy.
Change-Id: I9cda805c0a6134fb91595bbf8f3e74668d745327
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, when Trove mirrored an upstream repo, it would allow users
to push branches as long as they started with the trove-id. The
intention is to keep local changes in a separate namespace that can
co-exist with whatever branches the upstream repo has. This patch
extends this to tags, so that users can push tags to refs/tags/{{
trove-id}}/whatever.
This is necessary for the `morph anchor` command to work as expected
when the 'ref' fields of some definitions point to tag objects. Git
itself prevents pushing tags to 'refs/heads/...' so `morph anchor` must
be configured to push them to 'refs/tags/...'. Without this patch,
Gitano will prevent that as well, but with this patch, `morph anchor`
should be usable.
Repos in the Trove's own prefix (such as the baserock/ repos on
git.baserock.org, or the foo-trove/ repos on a Trove with trove ID
'foo-trove') are the only ones not considered to be mirrors, and
users can already push branches and tags wherever they want to in these
repos.
Change-Id: I06496ea6c5c57d3fae7e5750cf51e31bbd16d8d2
|
|
|
|
| |
Change-Id: I73131cfa5697d0da8a9aa38f9316721d6d8941f0
|
|
|
|
| |
Change-Id: I193216280797e5453ab1606d6a8f83e27bd0a28e
|
|
|
|
| |
Change-Id: I7c5561aeace4dc7ebdf4b86b3def8d8e64b9c217
|
|
|
|
| |
Change-Id: I33c74dc19e5835c65740f483aae89a1e8e415f0c
|
|
|
|
| |
Change-Id: Icef0a0a7ed2d34007ed96ef582d61a62d0e5d38e
|
|
|
|
| |
Change-Id: Ica0b1412ef402eaf2474288d54f1471f655d31c5
|
|
|
|
|
|
|
|
|
|
| |
Use the dict-form for the creates arguments, to avoid problems
with strings interpolations.
This solved problems on a Trove with TROVE_ID 'baserock-clone',
because it wasn't recognising the already exsisting repositories.
Change-Id: Ic613f732596aae9d81b0c17c8fd1e846d69f58db
|
|\
| |
| |
| |
| | |
Reviewed-By: Pedro Alvarez <pedro.alvarez@codethink.co.uk>
Reviewed-By: Adam Coldrick <adam.coldrick@codethink.co.uk>
|
| |
| |
| |
| |
| | |
These settings had a meaning for the old implementation of
lorry-controller, but are ignored by the current implementation.
|
|\ \
| |/
|/|
| |
| | |
Reviewed-By: Francisco Redondo Marchena <francisco.marchena@codethink.co.uk>
Reviewed-By: Sam Thursfield <sam.thursfield@codethink.co.uk>
|
|/
|
|
|
|
| |
The stderr string of the `systemctl enable` command has changed in
the commit 749ebb2da4933de68bfaa4d6f6ffd9e4692ee547 of systemd. We
use this string to trigger another Ansible task.
|
|\
| |
| |
| |
| | |
Reviewed-By: Paul Sherwood <paul.sherwood@codethink.co.uk>
Reviewed-By: Mike Smith <mike.smith@codethink.co.uk>
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
The Mason referred to here is the 1st version of the Mason continuous
delivery tool. There have been no instances of this for two years.
We have made two subsequent Mason implementations since then which don't
require coupling in Trove in order to work.
As well as removing unneeded configuration, this will fix the misleading
warning that users see on Git pushes:
remote: [git.baserock.org] Notifying Mason of changes...
remote: [git.baserock.org] Notification failed somehow
|
|\
| |
| |
| | |
Reviewed-By: Pedro Alvarez <pedro.alvarez@codethink.co.uk>
|
|/
|
|
|
| |
This is still referenced in the trove-setup Ansible scripts, so it
shouldn't have been removed.
|
|\
| |
| |
| |
| | |
Reviewed-by: Richard Maw
Reviewed-by: Pedro Alvarez
|
|/ |
|
| |
|
|\
| |
| |
| |
| | |
Reviewed-by: Richard Maw
Reviewed-by: Lars Wirzenius
|
|/
|
|
|
|
|
| |
Now UPSTREAM_TROVE is not mandatory to configure a Trove, and
if the value is not set, then the configuration of the lorry
controller (lorry-controller.conf) won't include any configuration
for an upstream Trove.
|
|\ |
|
|/ |
|
|\
| |
| |
| | |
Reviewed-by: Lars Wirzenius
|
|/
|
|
|
|
| |
This allows downstream troves that only need to access publically
available content to be able to operate without configuring
ssh keys on the upstream trove.
|
|\
| |
| |
| |
| | |
Reviewed-by: Richard Maw
Reviewed-by: Lars Wirzenius
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
They where generated in trove.configure before.
|
| | |
|
| |
| |
| |
| |
| |
| | |
They aren't eligible to be started until they are configured,
and Ansible handles both the initial start, and configuring
them to start automatically on next boot.
|
| | |
|
| | |
|
| | |
|
|/ |
|
|\
| |
| |
| |
| |
| |
| |
| | |
Reviewed by Daniel and Richard on the mailing list, and further
changes based on review feedback by Richard on IRC.
Reviewed-by: Richard Maw
Reviewed-by: Daniel Silverstone
|
| |
| |
| |
| |
| | |
This will make the output be even more verbose for Trove's
Lorry Controller.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|