1. 05 Nov, 2019 1 commit
    • Vivek Das Mohapatra's avatar
      Suppress a 500 error in the web-UI for project meta config · e220e271
      Vivek Das Mohapatra authored
      When a user tries to view a project's meta config, the rails
      application actually recreates the XML from the database contents
      using the project model.
      
      It does this with the user id set in its context and applies normal
      ACL rules.
      
      This means that any data relating to a project the user does not have
      at least read access to is missing from the model's internal data
      structures, so <path…> elements that refer to unreadable projects
      result in a method call on nil and a 500 error in the web UI.
      
      This patch ameliorates that by checking that the relevant object
      actually exists in the model before calling an accessor method on it,
      and substituting 'HIDDEN' for the project's name if it does not.
      
      This does mean that the user SHOULD NOT try and save said meta config
      but that restriction is not enforced here.
      e220e271
  2. 03 Apr, 2019 2 commits
  3. 02 Apr, 2019 1 commit
  4. 01 Apr, 2019 6 commits
  5. 27 Mar, 2019 3 commits
  6. 26 Mar, 2019 2 commits
    • Andrew Lee (李健秋)'s avatar
      Update correct group permission for rb_sysopen · b62403bf
      Andrew Lee (李健秋) authored
      The rb_sysopen runs as www-data that needs to access to production.log,
      backend_access.log and database.yml.
      
      Revert the group owner to www-data to avoid following errors:
      
       Rails Error: Unable to access log file. Please ensure that
       /usr/share/obs/api/log/production.log exists and is writable (ie, make
       it writable for user and group: chmod 0664
       /usr/share/obs/api/log/production.log). The log level has been raised
       to WARN and the output directed to STDERR until the problem is fixed.
       rake aborted!
       Errno::EACCES: Cannot load `Rails.application.database_configuration`:
       Permission denied @ rb_sysopen - /usr/share/obs/api/config/database.yml
       /usr/share/obs/api/config/environment.rb:30:in `<top (required)>'
       Errno::EACCES: Permission denied @ rb_sysopen -
       /usr/share/obs/api/config/database.yml
       /usr/share/obs/api/config/environment.rb:30:in `<top (required)>'
       Tasks: TOP => environment
       (See full trace by running task with --trace)
       Errno::EACCES: Permission denied @ rb_sysopen -
       /usr/share/obs/api/log/backend_access.log
       /usr/share/obs/api/lib/opensuse/backend.rb:14:in `new'
       /usr/share/obs/api/lib/opensuse/backend.rb:14:in `<class:Backend>'
       /usr/share/obs/api/lib/opensuse/backend.rb:6:in `<module:Suse>'
       /usr/share/obs/api/lib/opensuse/backend.rb:5:in `<top (required)>'
       /usr/share/obs/api/app/models/project.rb:1:in `<top (required)>'
       /usr/share/obs/api/app/indices/project_index.rb:2:in `block in <top
       (required)>'
       Tasks: TOP => ts:index
       (See full trace by running task with --trace)
      Signed-off-by: default avatarAndrew Lee (李健秋) <ajqlee@debian.org>
      b62403bf
    • Andrew Lee (李健秋)'s avatar
      Make passenger rubyapp runs as obsapi user. · b40ef240
      Andrew Lee (李健秋) authored
      Passenger's default user is nobody:
       https://www.phusionpassenger.com/library/config/nginx/reference/#passenger_default_user
      
      So that we got Passenger and the RubyApp runs as nobody. However,
      according to Debian's SystemGroup usage:
        https://wiki.debian.org/SystemGroups
      
      nogroup (user: nobody): Daemons that need not own any files run as user
      nobody and group nogroup. Thus, no files on a system should be owned by
      this user or group.
      
      So that we should create a new user call 'obapi' and force passenger app
      to run as obs-api instead.
      
      And config files should be readable by that obsapi user but usually not
      writable.
      Signed-off-by: default avatarAndrew Lee (李健秋) <ajqlee@debian.org>
      Signed-off-by: Héctor Orón Martínez's avatarHéctor Orón Martínez <hector.oron@collabora.com>
      b40ef240
  7. 25 Mar, 2019 3 commits
  8. 22 Mar, 2019 11 commits
  9. 21 Mar, 2019 1 commit
  10. 20 Mar, 2019 2 commits
  11. 19 Sep, 2018 4 commits
  12. 14 Sep, 2018 1 commit
  13. 12 Sep, 2018 3 commits