Can we share the login template?
by Toshio Kuratomi
Hey TG App authors,
I've been working on fixing our CSRF problem and I've gotten a prototype
FAS up and running. It requires only a few changes to the code you have
in your application but one of those is in the login template. We have
to run forward_url and previous_url through the tg.url() function in
order for the csrf token to be added to the urls. Additionally, we can
have a click-through page to authenticate a user who already has an
active, authenticated session and only lacks a tg-visit. This needs to
be added to the login template.
I have a working template in fas. In the interest of making this
transition as painless as possible I was thinking of adding it to the
python-fedora package as well. The trouble is I don't know if it can be
used verbatim in all of our apps. The fas login template, for instance,
is written in genshi and has an <xi:include href="master.html> (meaning
that it pulls some of its look and feel from a template named master.html).
So questions that spring to mind:
1) Is everyone using genshi now or do we need several templates for
genshi, mako, kid, etc?
2) Is everyone's base template named master.html or willing to change?
I know pkgdb is named layout.html but I can easily change this.
3) Does everyone like the idea of having a centralized login template?
4) Does this tie in with the Chrome that mizmo is working on at all (or
is that all css)?
5) Can we reference the master template in the individual apps from the
login.html in a centralized location? (I imagine it would work but
haven't tried yet)?
6) Am I going about this wrong? Should we have an intermediate template
in each app that pulls in a fragment from the centralized location?
This might be more organized but requires some recoding for each app.
-Toshio
14 years, 10 months
Security Policy Changes
by Mike McGrath
I've added some patches (mostly more better English :) to the security
policy.
I've also added an "Administrative Exceptions" section to deal with the
following valid use-cases:
- Password sharing (like that of the mailman admin password)
- Role accounts (for Ian and our wiki bot account)
- Policy for other non-user passwords (like those of our webapps
contacting the database)
Please comment on clarity and logic:
http://infrastructure.fedoraproject.org/csi/security-policy/en-US/html-si...
-Mike
14 years, 10 months
Upgrading Fedora Hosted to Trac-0.11
by Jesse Keating
There are some features I'd really like to make use of in 0.11,
particularly the metrics feature, but I think there are others as well.
Trac 0.11 is where all the development seems to be happening, we'll
slowly fall farther and farther behind.
There is a catch with 0.11, in that it requires an ondisk change of the
project db, so I don't feel comfortable just putting 0.11 in EPEL-5 as
an upgrade to 0.10.
What I'd like is some help in investigating and planning how to do the
upgrade in such a way that will be a low cost to the Infra team to
maintain, but could also perhaps be pushed into EPEL for other trac
users.
Would anybody like to help me with this?
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
14 years, 10 months
Change request: Another tmpfile fix
by Ricky Zhou
Looks like there's a problem with the fullfilelist tmpfile removal for
EPEL as well. Can I get some +1s for this patch?
diff --git a/manifests/services/mirrormaster.pp b/manifests/services/mirrormaster.pp
index ca01522..846d581 100644
--- a/manifests/services/mirrormaster.pp
+++ b/manifests/services/mirrormaster.pp
@@ -18,7 +18,7 @@ class mirrormaster {
}
cron { epel-sync:
- command => 'rsync -aHz --numeric-ids --delete-after --exclude=".snapshot" --exclude="*/build-logs" buildsys.fedoraproject.org::epel/ /pub/epel/ &>/dev/null && TMPFILE=`mktemp -p /tmp`; pushd /pub/epel; find * -print > $TMPFILE; diff $TMPFILE fullfilelist >/dev/null; if [ "$?" = "1" ]; then mv $TMPFILE fullfilelist; fi',
+ command => 'rsync -aHz --numeric-ids --delete-after --exclude=".snapshot" --exclude="*/build-logs" buildsys.fedoraproject.org::epel/ /pub/epel/ &>/dev/null && TMPFILE=`mktemp -p /tmp`; pushd /pub/epel; find * -print > $TMPFILE; diff $TMPFILE fullfilelist >/dev/null; if [ "$?" = "1" ]; then mv $TMPFILE fullfilelist; else rm -f $TMPFILE; fi',
user => ftpsync,
minute => [ 10, 40 ],
ensure => present,
--
Thanks,
Ricky
14 years, 10 months
[Fwd: Can you help me please?]
by Ignacio Vazquez-Abrams
For your consideration.
-------- Forwarded Message --------
From: Carlos Vassalo (opossum1er) <opossum1er(a)fedoraproject.org>
To: webmaster(a)fedoraproject.org
Subject: Can you help me please?
Date: Sun, 01 Feb 2009 21:55:25 +0100
Hi,
I have a big problem.
I remove all the content of my personnal directory "opossum1er" on
fedorapeople (.ssh, public-html) with filezilla… :(
What can I do now?
Best regards
--
Ignacio Vazquez-Abrams <ivazqueznet(a)gmail.com>
14 years, 10 months
Change request; tmpfile cleanup
by Jesse Keating
I added some code just after FUDCon to generate a fullfilelist at the
top of /pub/fedora/. I made an error in this leading to lots of /tmp/
files.
Subject: [PATCH] Fix an alias assignment.
This was causing /tmp/ to fill up with lots of tmpfiles of no use.
Also, use a more modern syntax.
---
configs/system/fedora-updates-push | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/configs/system/fedora-updates-push
b/configs/system/fedora-updates-push
index 473048a..8c09e27 100755
--- a/configs/system/fedora-updates-push
+++ b/configs/system/fedora-updates-push
@@ -36,7 +36,7 @@ rsync -rlptDvHh --delay-updates $RSYNC_OPTS --delete
--delete-after \
done
pushd /pub/fedora/
-TMPFILE = `mktemp -p /tmp/`
+TMPFILE=$(mktemp -p /tmp/)
find * -print > $TMPFILE
diff $TMPFILE fullfilelist >/dev/null
if [ "$?" = "1" ]; then
--
1.5.5.6
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
14 years, 10 months
telia1 is hurtin for certain
by Mike McGrath
Nirik noticed the wiki behaving slow. After some investigation I noticed
telia1 had a ro filesystem. Anyway, a reboot later and she's dead jim.
I've created a ticket with proio (they provide our remote hands in telia
for free, we are happy to have them as a Fedora sponsor :)
Anywho, I'll let you all know whats up when I know more. In the meantime
I've removed telia1 from our proxy rotation.
-Mike
14 years, 10 months
CSI (Security Policy) Help
by Frank Chiulli
So I've implemented the CSI (Security Policy) as previously posted by Mike
(http://infrastructure.fedoraproject.org/csi/security-policy/en-US/html-si...)
Now I'm seeing the following messages in /var/log/messages:
Jan 31 19:09:21 localhost kernel: FW-REJECT IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:16:01:41:10:5b:08:00 SRC=192.168.2.248
DST=192.168.2.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP
SPT=137 DPT=137 LEN=58
Jan 31 19:09:21 localhost kernel: FW-REJECT IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:0e:3b:02:0e:b7:08:00 SRC=192.168.2.250
DST=192.168.2.255 LEN=229 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP
SPT=138 DPT=138 LEN=209
192.168.2.248 is a NAS device
192.168.2.250 is a Hawking print server
I'm not an iptables expert. Usually I just leave it alone. Can
someone help me write one or more rules to eliminate the messages?
Frank
14 years, 10 months
Re: /releases/10/Everything: several packages changed
by Jesse Keating
On Sat, 2009-01-31 at 20:10 +0200, Axel Thimm wrote:
> a current rsync shows that thousands of files have been changed in the
> last week. This is not expected as /releases/ is considered to only
> change for the release day and then never again.
>
> The files have a date of Jan 23rd. Although I don't have a copy to
> compare with looking at the internal date it looks like the files have
> just been `touch'ed (but I only checked a coupl of the 2000+ changed
> ones). Could someone bring back the old dates to make it consistent
> again? Thanks!
Hrm, there was no action on my part to touch everything, so I'll have to
do some investigation into what's going on.
Looking on the server, all the files in
releases/10/Everything/i386/os/Packages/ have varying timestamps, but I
do indeed see some things with a stamp as new as Jan 22. Its certainly
not every file, but I'm still not quite finding any commonality in my
brief looking. More investigation to follow.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
14 years, 10 months
Re: [Ambassadors] Re: Fedora 11: What do we expect?
by Angel
Exactly, what I wanted to say.
On Sun, Feb 1, 2009 at 11:22 PM, Joseph Smidt <josephsmidt(a)gmail.com> wrote:
> I think we are attacking the wrong goal. What people want is
> that their OS "Just Works".
>
> What Fedora really needs to do is find a legal way to make all of
> these things "Just Work". As long as the OS just works, newbies will
> love it.
>
> Most people don't care if their driver came from Nvidia or not,
> as long as it just works and gives equal performance.
>
> Joseph Smidt
> --
> ------------------------------------------------------------------------
> Joseph Smidt <josephsmidt(a)gmail.com>
>
> Physics and Astronomy
> 4129 Frederick Reines Hall
> Irvine, CA 92697-4575
> Office: 949-824-3269
>
> --
> Fedora-ambassadors-list mailing list
> Fedora-ambassadors-list(a)redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-ambassadors-list
>
--
Angel
GPG key: 0x34001F46
Bangladesh Linux Users Alliance
Fedora Ambassador Bangladesh
http://fedoraproject.org/wiki/User:Angel
Fedora -- Freedom² and rapid innovation
14 years, 10 months