FBR: Switch to in-Pagure https cloning and enable keyhelper/aclchecker for prod

Patrick マルタインアンドレアス Uiterwijk <puiterwijk@xxxxxxxxxx> · Thu, 11 Oct 2018 19:13:09 -0000

Hi all,

Can I get +1s for these last two patches, which should make Pagure.io fully repoSpanner compatible?
It switches the prod sshd to the new sshd_config with keyhelper, and the other patch disables the scriptalias, which means it hits the code in Pagure that multiplexes this to gitolite (for us) or repoSpanner (future).

Patrick



commit 93bdfdf91339df06dda9b61bc9bda7d27e6cc4e7 (HEAD -> master)
Author: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>
Date:   Thu Oct 11 21:08:48 2018 +0200

    Switch over prod pagure.io to keyhelper/aclchecker
    
    Signed-off-by: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>

diff --git a/inventory/group_vars/pagure b/inventory/group_vars/pagure
index afa936a6f..a172bf8b9 100644
--- a/inventory/group_vars/pagure
+++ b/inventory/group_vars/pagure
@@ -17,6 +17,8 @@ stunnel_service: "eventsource"
 stunnel_source_port: 8088
 stunnel_destination_port: 8080
 
+sshd_config: ssh/sshd_config.pagure
+
 # These are consumed by a task in roles/fedmsg/base/main.yml
 fedmsg_certs:
 - service: shell

commit 2b45182edde6b7896500088da7d430e5435c49b8
Author: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>
Date:   Thu Oct 11 21:08:09 2018 +0200

    Remove ScriptAlias to use in-Pagure https clone
    
    Signed-off-by: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>

diff --git a/roles/pagure/frontend/templates/0_pagure.conf b/roles/pagure/frontend/templates/0_pagure.conf
index cd1004845..50c2d6e9b 100644
--- a/roles/pagure/frontend/templates/0_pagure.conf
+++ b/roles/pagure/frontend/templates/0_pagure.conf
@@ -80,15 +80,6 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
 
   SetEnv GIT_PROJECT_ROOT /srv/git/repositories
 
-  AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$          /srv/git/repositories/$1
-  AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /srv/git/repositories/$1
-  ScriptAliasMatch \
-    "(?x)^/(.*/(HEAD | \
-    info/refs | \
-    objects/info/[^/]+ | \
-    git-(upload|receive)-pack))$" \
-    /usr/libexec/git-core/git-http-backend/$1
-
   <Location />
    WSGIProcessGroup pagure
    <IfModule mod_authz_core.c>
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx







