On Mon, Jan 26, 2015 at 04:12:31PM +0100, Mathieu Bridon wrote: > On Fri, 2015-01-23 at 14:10 +0100, Pierre-Yves Chibon wrote: > > Since it seems to us that all is now fixed and ready, we are re-building the > > host from scratch and then all that is left is: testing :) > > So Pierre-Yves finished rebuilding the host and syncing some git data on > it from prod. > > And things just work. :) > > So far, I've tested: > > * shell access for admins (works for Pierre-Yves from sysadmin-main, > works for me from sysadmin-noc) > > * fedpkg clone/push, verifying that push fails for packages I don't > have acls on > > * git push of branches starting with "origin/", which is supposed to > fail (https://fedorahosted.org/rel-eng/ticket/4071) > > Still needs to be tested: > > * cgit seems to not see any package > > * fedpkg sources / new-sources fail (looking into this right now) After some more fighting: is working: - shell access for admins - fedpkg clone, pull, push - Fails on package on which user does not have the ACLs - Fails on branches not allowed - Fails on branches named origin/... - cgit: http://pkgs.stg.fedoraproject.org/cgit/ - fedpkg new-sources / sources All this with SELinux enabled. Fails: - fedmsg-genacls.sh - fedmsg messages sent after an upload Of the two, the last one at least is still SELinux related, no clue for the first one. So if we want to move it along, we can run w/o SELinux for the moment (as we do currently) or wait some more to debug/fix things. Thanks to Mathieu and tfirg on #selinux for the great help on this work! Pierre _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure