On Wed, Jan 28, 2015 at 06:01:59PM +0100, Pierre-Yves Chibon wrote: > On Mon, Jan 26, 2015 at 04:12:31PM +0100, Mathieu Bridon wrote: > > On Fri, 2015-01-23 at 14:10 +0100, Pierre-Yves Chibon wrote: > > > Since it seems to us that all is now fixed and ready, we are re-building the > > > host from scratch and then all that is left is: testing :) > > > > So Pierre-Yves finished rebuilding the host and syncing some git data on > > it from prod. > > > > And things just work. :) > > > > So far, I've tested: > > > > * shell access for admins (works for Pierre-Yves from sysadmin-main, > > works for me from sysadmin-noc) > > > > * fedpkg clone/push, verifying that push fails for packages I don't > > have acls on > > > > * git push of branches starting with "origin/", which is supposed to > > fail (https://fedorahosted.org/rel-eng/ticket/4071) > > > > Still needs to be tested: > > > > * cgit seems to not see any package > > > > * fedpkg sources / new-sources fail (looking into this right now) > > After some more fighting: > is working: > - shell access for admins > - fedpkg clone, pull, push > - Fails on package on which user does not have the ACLs > - Fails on branches not allowed > - Fails on branches named origin/... > - cgit: http://pkgs.stg.fedoraproject.org/cgit/ > - fedpkg new-sources / sources > > All this with SELinux enabled. > > Fails: > - fedmsg-genacls.sh This is now fixed. It was basically two permission issues, one for running genacls.sh which now needs to be run as root as it as to chown and chmod some files and the second was adjust the permissions to allow fedmsg to sudo as root to run genacls.sh > - fedmsg messages sent after an upload > Of the two, the last one at least is still SELinux related, no clue for the > first one. Remains this one :) Pierre _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure