infrastructure February 2009

infrastructure@lists.fedoraproject.org

60 participants
77 discussions

Can we share the login template?
by Toshio Kuratomi 02 Feb '09

02 Feb '09

Hey TG App authors, I've been working on fixing our CSRF problem and I've gotten a prototype FAS up and running. It requires only a few changes to the code you have in your application but one of those is in the login template. We have to run forward_url and previous_url through the tg.url() function in order for the csrf token to be added to the urls. Additionally, we can have a click-through page to authenticate a user who already has an active, authenticated session and only lacks a tg-visit. This needs to be added to the login template. I have a working template in fas. In the interest of making this transition as painless as possible I was thinking of adding it to the python-fedora package as well. The trouble is I don't know if it can be used verbatim in all of our apps. The fas login template, for instance, is written in genshi and has an <xi:include href="master.html> (meaning that it pulls some of its look and feel from a template named master.html). So questions that spring to mind: 1) Is everyone using genshi now or do we need several templates for genshi, mako, kid, etc? 2) Is everyone's base template named master.html or willing to change? I know pkgdb is named layout.html but I can easily change this. 3) Does everyone like the idea of having a centralized login template? 4) Does this tie in with the Chrome that mizmo is working on at all (or is that all css)? 5) Can we reference the master template in the individual apps from the login.html in a centralized location? (I imagine it would work but haven't tried yet)? 6) Am I going about this wrong? Should we have an intermediate template in each app that pulls in a fragment from the centralized location? This might be more organized but requires some recoding for each app. -Toshio

2 1

Security Policy Changes
by Mike McGrath 02 Feb '09

02 Feb '09

I've added some patches (mostly more better English :) to the security policy. I've also added an "Administrative Exceptions" section to deal with the following valid use-cases: - Password sharing (like that of the mailman admin password) - Role accounts (for Ian and our wiki bot account) - Policy for other non-user passwords (like those of our webapps contacting the database) Please comment on clarity and logic: http://infrastructure.fedoraproject.org/csi/security-policy/en-US/html-sing… -Mike

1 0

Upgrading Fedora Hosted to Trac-0.11
by Jesse Keating 02 Feb '09

02 Feb '09

There are some features I'd really like to make use of in 0.11, particularly the metrics feature, but I think there are others as well. Trac 0.11 is where all the development seems to be happening, we'll slowly fall farther and farther behind. There is a catch with 0.11, in that it requires an ondisk change of the project db, so I don't feel comfortable just putting 0.11 in EPEL-5 as an upgrade to 0.10. What I'd like is some help in investigating and planning how to do the upgrade in such a way that will be a low cost to the Infra team to maintain, but could also perhaps be pushed into EPEL for other trac users. Would anybody like to help me with this? -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating

3 5

Change request: Another tmpfile fix
by Ricky Zhou 02 Feb '09

02 Feb '09

Looks like there's a problem with the fullfilelist tmpfile removal for EPEL as well. Can I get some +1s for this patch? diff --git a/manifests/services/mirrormaster.pp b/manifests/services/mirrormaster.pp index ca01522..846d581 100644 --- a/manifests/services/mirrormaster.pp +++ b/manifests/services/mirrormaster.pp @@ -18,7 +18,7 @@ class mirrormaster { } cron { epel-sync: - command => 'rsync -aHz --numeric-ids --delete-after --exclude=".snapshot" --exclude="*/build-logs" buildsys.fedoraproject.org::epel/ /pub/epel/ &>/dev/null && TMPFILE=`mktemp -p /tmp`; pushd /pub/epel; find * -print > $TMPFILE; diff $TMPFILE fullfilelist >/dev/null; if [ "$?" = "1" ]; then mv $TMPFILE fullfilelist; fi', + command => 'rsync -aHz --numeric-ids --delete-after --exclude=".snapshot" --exclude="*/build-logs" buildsys.fedoraproject.org::epel/ /pub/epel/ &>/dev/null && TMPFILE=`mktemp -p /tmp`; pushd /pub/epel; find * -print > $TMPFILE; diff $TMPFILE fullfilelist >/dev/null; if [ "$?" = "1" ]; then mv $TMPFILE fullfilelist; else rm -f $TMPFILE; fi', user => ftpsync, minute => [ 10, 40 ], ensure => present, -- Thanks, Ricky

3 5

[Fwd: Can you help me please?]
by Ignacio Vazquez-Abrams 02 Feb '09

02 Feb '09

For your consideration. -------- Forwarded Message -------- From: Carlos Vassalo (opossum1er) <opossum1er(a)fedoraproject.org> To: webmaster(a)fedoraproject.org Subject: Can you help me please? Date: Sun, 01 Feb 2009 21:55:25 +0100 Hi, I have a big problem. I remove all the content of my personnal directory "opossum1er" on fedorapeople (.ssh, public-html) with filezilla… :( What can I do now? Best regards -- Ignacio Vazquez-Abrams <ivazqueznet(a)gmail.com>

3 2

Change request; tmpfile cleanup
by Jesse Keating 01 Feb '09

01 Feb '09

I added some code just after FUDCon to generate a fullfilelist at the top of /pub/fedora/. I made an error in this leading to lots of /tmp/ files. Subject: [PATCH] Fix an alias assignment. This was causing /tmp/ to fill up with lots of tmpfiles of no use. Also, use a more modern syntax. --- configs/system/fedora-updates-push | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/configs/system/fedora-updates-push b/configs/system/fedora-updates-push index 473048a..8c09e27 100755 --- a/configs/system/fedora-updates-push +++ b/configs/system/fedora-updates-push @@ -36,7 +36,7 @@ rsync -rlptDvHh --delay-updates $RSYNC_OPTS --delete --delete-after \ done pushd /pub/fedora/ -TMPFILE = `mktemp -p /tmp/` +TMPFILE=$(mktemp -p /tmp/) find * -print > $TMPFILE diff $TMPFILE fullfilelist >/dev/null if [ "$?" = "1" ]; then -- 1.5.5.6 -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating

3 2

telia1 is hurtin for certain
by Mike McGrath 01 Feb '09

01 Feb '09

Nirik noticed the wiki behaving slow. After some investigation I noticed telia1 had a ro filesystem. Anyway, a reboot later and she's dead jim. I've created a ticket with proio (they provide our remote hands in telia for free, we are happy to have them as a Fedora sponsor :) Anywho, I'll let you all know whats up when I know more. In the meantime I've removed telia1 from our proxy rotation. -Mike

1 0

CSI (Security Policy) Help
by Frank Chiulli 01 Feb '09

01 Feb '09

So I've implemented the CSI (Security Policy) as previously posted by Mike (http://infrastructure.fedoraproject.org/csi/security-policy/en-US/html-sing…) Now I'm seeing the following messages in /var/log/messages: Jan 31 19:09:21 localhost kernel: FW-REJECT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:16:01:41:10:5b:08:00 SRC=192.168.2.248 DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=137 DPT=137 LEN=58 Jan 31 19:09:21 localhost kernel: FW-REJECT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:3b:02:0e:b7:08:00 SRC=192.168.2.250 DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=209 192.168.2.248 is a NAS device 192.168.2.250 is a Hawking print server I'm not an iptables expert. Usually I just leave it alone. Can someone help me write one or more rules to eliminate the messages? Frank

5 7

Re: /releases/10/Everything: several packages changed
by Jesse Keating 01 Feb '09

01 Feb '09

On Sat, 2009-01-31 at 20:10 +0200, Axel Thimm wrote: > a current rsync shows that thousands of files have been changed in the > last week. This is not expected as /releases/ is considered to only > change for the release day and then never again. > > The files have a date of Jan 23rd. Although I don't have a copy to > compare with looking at the internal date it looks like the files have > just been `touch'ed (but I only checked a coupl of the 2000+ changed > ones). Could someone bring back the old dates to make it consistent > again? Thanks! Hrm, there was no action on my part to touch everything, so I'll have to do some investigation into what's going on. Looking on the server, all the files in releases/10/Everything/i386/os/Packages/ have varying timestamps, but I do indeed see some things with a stamp as new as Jan 22. Its certainly not every file, but I'm still not quite finding any commonality in my brief looking. More investigation to follow. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating

2 5

Re: [Ambassadors] Re: Fedora 11: What do we expect?
by Angel 01 Feb '09

01 Feb '09

Exactly, what I wanted to say. On Sun, Feb 1, 2009 at 11:22 PM, Joseph Smidt <josephsmidt(a)gmail.com> wrote: > I think we are attacking the wrong goal. What people want is > that their OS "Just Works". > > What Fedora really needs to do is find a legal way to make all of > these things "Just Work". As long as the OS just works, newbies will > love it. > > Most people don't care if their driver came from Nvidia or not, > as long as it just works and gives equal performance. > > Joseph Smidt > -- > ------------------------------------------------------------------------ > Joseph Smidt <josephsmidt(a)gmail.com> > > Physics and Astronomy > 4129 Frederick Reines Hall > Irvine, CA 92697-4575 > Office: 949-824-3269 > > -- > Fedora-ambassadors-list mailing list > Fedora-ambassadors-list(a)redhat.com > https://www.redhat.com/mailman/listinfo/fedora-ambassadors-list > -- Angel GPG key: 0x34001F46 Bangladesh Linux Users Alliance Fedora Ambassador Bangladesh http://fedoraproject.org/wiki/User:Angel Fedora -- Freedom² and rapid innovation

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

infrastructure February 2009