Re: Great Infrastructure projects status roundup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jan 29, 2015 at 11:46:03AM +0100, Pierre-Yves Chibon wrote:
> On Wed, Jan 28, 2015 at 06:01:59PM +0100, Pierre-Yves Chibon wrote:
> > On Mon, Jan 26, 2015 at 04:12:31PM +0100, Mathieu Bridon wrote:
> > > On Fri, 2015-01-23 at 14:10 +0100, Pierre-Yves Chibon wrote:
> > > > Since it seems to us that all is now fixed and ready, we are re-building the
> > > > host from scratch and then all that is left is: testing :)
> > > 
> > > So Pierre-Yves finished rebuilding the host and syncing some git data on
> > > it from prod.
> > > 
> > > And things just work. :)
> > > 
> > > So far, I've tested:
> > > 
> > > * shell access for admins (works for Pierre-Yves from sysadmin-main,
> > >   works for me from sysadmin-noc)
> > > 
> > > * fedpkg clone/push, verifying that push fails for packages I don't
> > >   have acls on
> > > 
> > > * git push of branches starting with "origin/", which is supposed to
> > >   fail (https://fedorahosted.org/rel-eng/ticket/4071)
> > > 
> > > Still needs to be tested:
> > > 
> > > * cgit seems to not see any package
> > > 
> > > * fedpkg sources / new-sources fail (looking into this right now)
> > 
> > After some more fighting:
> > is working:
> > - shell access for admins
> > - fedpkg clone, pull, push
> >   - Fails on package on which user does not have the ACLs
> >   - Fails on branches not allowed
> >   - Fails on branches named origin/...
> > - cgit: http://pkgs.stg.fedoraproject.org/cgit/
> > - fedpkg new-sources / sources
> > 
> > All this with SELinux enabled.
> > 
> > Fails:
> > - fedmsg-genacls.sh
> 
> This is now fixed.
> It was basically two permission issues, one for running genacls.sh which now
> needs to be run as root as it as to chown and chmod some files and the second
> was adjust the permissions to allow fedmsg to sudo as root to run genacls.sh
> 
> > - fedmsg messages sent after an upload
> > Of the two, the last one at least is still SELinux related, no clue for the
> > first one.
> 
> Remains this one :)

And with one last SELinux boolean tunning, this is working \ó/

pkgs01.stg has been rebuilt (again) and all seems to work fine.

So if someone wants to review our change, I think we're good :)


Pierre
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure





[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux