Commits · 4650cce63e302b22d3e763014dddeee103f2c7cd · obs / open-build-service

16 May, 2022 4 commits

backend: Add default reprepro snapshot hook · 4650cce6

Ariel D'Alessandro authored May 03, 2022



This is the default reprepro snaphost hook script. Let's add it until
OBS reprepro support is finally dropped.

Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>

4650cce6

aptly: Add aptly_repo_clean function to aptly module · 058e71d2

Ariel D'Alessandro authored May 03, 2022



This function cleans up all contents from a repository.

In order to re-create snapshots from reprepro, we may wanna reset a
repository, then add all packages from an old reprepro snapshot and
create the aptly snapshot from there.

Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>

058e71d2

tests: aptly: Set project prefix to match reprepro schema · 7741a313

Ariel D'Alessandro authored May 03, 2022



Update the prefix used in the aptly test, to match the one used by
reprepro repositories in general.

Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>

7741a313

aptly: Move snapshot functions to backend BSAptly.pm module · 853f3b50

Ariel D'Alessandro authored May 03, 2022



These functions will be used from other perl scripts as well. Let's make
it available from the aptly module.

Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>

853f3b50

12 May, 2022 6 commits

helm: Add a configmap entry for aptly.conf · ed9bbc8a
Andrej Shadura authored May 02, 2022 and Sjoerd Simons committed May 12, 2022
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
ed9bbc8a

aptly: Add test suite · 52128881

Ariel D'Alessandro authored Mar 29, 2022 and

Sjoerd Simons committed May 12, 2022

This commit adds tests for the OBS aptly integration.

See tests/aptly/README.md for instructions on how to run the test suite.

Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>

52128881

Add aptly support · e4ebfb64

Ariel D'Alessandro authored Feb 03, 2022 and

Sjoerd Simons committed May 12, 2022



This commit integratates aptly backend. The following features are
supported:

* OBS repositories gets automatically created/removed on aptly.
* Each arch with the publish flag enabled in a repository, get published
  on aptly.
* Package binaries get added to the aptly repository right after they
  get built. Old versions are automatically removed.
* Every time a package is published, a snapshot is taken and published.

Related documentation is added to `README.aptly.md`:
* aptly configuration files.
* snapshot and db-cleanup scripts.

Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>

e4ebfb64

Don’t show "Or sign in with" if no SSO is configured · e10039cc
Andrej Shadura authored May 12, 2022 and Sjoerd Simons committed May 12, 2022
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
e10039cc

Copy secrets with correct ownership instead of symlinking them · f3b232dd

Andrej Shadura authored May 12, 2022 and

Sjoerd Simons committed May 12, 2022



Secrets are owned by root and are not world-readable by default, so
the frontend cannot access them when it’s not running as root.
Not all versions of docker-compose support setting access rights for
secrets, so instead of wrangling with them, just copy secrets and
re-own them.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

f3b232dd

Move the backend dependency to the right place in docker-compose.yml · 2cad17ab
Andrej Shadura authored May 12, 2022
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
2cad17ab

04 May, 2022 1 commit

Allow new SSO logins in "deny" mode · fca80a4d

Andrej Shadura authored May 04, 2022 and

Sjoerd Simons committed May 04, 2022



The can_register check is actually only suitable for preventing new
unverified registrations; in SSO mode, we normally trust the SSO
provider have performed the checks and only gives us users we’re
supposed to let in.

Ideally, this should be a separate set of settings to allow e.g.
optionally requiring confirmation on SSO logins or to configure
different levels of trust per SSO provider.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

fca80a4d

03 May, 2022 1 commit
- Disable InfluxDB by default but allow configuring it through envvars · c743b6a3
  Andrej Shadura authored May 03, 2022
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
  c743b6a3
02 May, 2022 20 commits

Only store the 'info' part of the auth hash in the session · 04d85c79

Andrej Shadura authored Jan 31, 2022

The auth hash can be quite large, and with session storage in cookies,
the cookie can easily reach the 4 KB limit. Work around this issue
by only storing the part of the hash we currently use.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

04d85c79

Add omniauth-github · 1683e170
Andrej Shadura authored Jan 31, 2022
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
1683e170
Add dependency on omniauth_openid_connect 0.4.0+ · 80aace25
Andrej Shadura authored Jan 28, 2022
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
80aace25

Mark passwords for SSO-only users as invalid to allow changing them later · 0c8d82ff

Andrej Shadura authored Jun 15, 2021

Add a new "hash type" for invalid passwords, which is never equal to
normal passwords, but nevertheless can be changed without being known by
the user.

This "invalid" password can only be set by directly setting the password
hash type. When updating the password using update_password method, it will
always be upgrade it to the strongest hash type, sha256crypt.

To allow changing this "invalid" password to a normal one, stop
requiring a non-empty current password in the password change dialog
when changing a password from an "invalid" one. Don’t show the current
password box either, as it is not used anyway in this case, making
it better not to show it to avoid confusion.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

0c8d82ff

Verify the referrer URL when redirecting back · 8ebe1e5a

Andrej Shadura authored Jan 27, 2022



The redirect should only happen to the referrer URL pointing at our
domain, never to the external ones.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

8ebe1e5a

Try harder to derive the username from email addresses · 960c56af

Andrej Shadura authored Jun 08, 2021



Some providers set username or nickname to an email address.
For this reason, first collect the best possible user name we can find,
and only then fix it to match our requirements.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

960c56af

Implement first login flow · b964a418
Andrej Shadura authored May 27, 2021
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
b964a418

Reenable SSO · 90626a81

Andrej Shadura authored Jan 26, 2022



Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

90626a81

Add SSO callback to allow existing users log in with an external source · 83cfd486
Andrej Shadura authored May 18, 2021
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
83cfd486
user model: add find_with_omniauth/create_with_omniauth · aa61b341
Andrej Shadura authored May 27, 2021
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
aa61b341
Rename create_ldap_user to create_external_user · 73138246
Andrej Shadura authored May 27, 2021
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
73138246
Add an SSO login page so that users can choose between providers · 1c894350
Andrej Shadura authored May 17, 2021
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
1c894350
Parse SSO authentication config on startup · f9f7e2a7
Andrej Shadura authored May 27, 2021
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
f9f7e2a7
Add omniauth-rails_csrf_protection · 8efa7b76
Andrej Shadura authored Jan 26, 2022
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
8efa7b76
Add dependency on omniauth-gitlab · a9e2a658
Andrej Shadura authored Jan 26, 2022
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
a9e2a658
Add omniauth dependency · d4258b84
Andrej Shadura authored Jan 20, 2022
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
d4258b84
Add more settings, including SSO and msmtp · b9e88678
Andrej Shadura authored Apr 27, 2022
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
b9e88678
Add a loglevel setting for the frontend · c2365630
Andrej Shadura authored Apr 27, 2022
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
c2365630
Add labels to the backend configmap · cfabe712
Andrej Shadura authored Apr 27, 2022
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
cfabe712
Install patched reprepro with "conflictingarchall" ignore option added · c68794b4
Andrej Shadura authored May 02, 2022
```
See https://bugs.debian.org/697630



Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
c68794b4

28 Apr, 2022 1 commit

Move service dispatch daemon after the source service · 876e73dc

Andrej Shadura authored Apr 28, 2022



Service dispatch daemon depends on the source service, so it has to
start after it.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

876e73dc

27 Apr, 2022 3 commits

Order the backend services according to their dependencies · cd5ab0f2

Andrej Shadura authored Apr 27, 2022 and

Sjoerd Simons committed Apr 27, 2022

Backend services have internal dependencies, so it’s better to start
them in the correct order. Supervisord does not guarantee this order,
but it’s still better than starting them all at once.

See: https://openbuildservice.org/help/manuals/obs-admin-guide/obs.cha.installation_and_configuration.html#_backend_installation

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

cd5ab0f2

Replace armv7l with armv7hl and add aarch64 to the default configuration · 411b902d
Andrej Shadura authored Apr 27, 2022
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
411b902d
Make supervisord try harder with retries for the backend · 63e4fed3
Andrej Shadura authored Apr 26, 2022 and Sjoerd Simons committed Apr 27, 2022
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
63e4fed3

26 Apr, 2022 2 commits

Switch to stateful set · ef9b6973

Sjoerd Simons authored Apr 26, 2022 and

Andrej Shadura committed Apr 26, 2022



The backend better fits to a stateful set rather then a replicaset; As
obviously the backend has a lot of state and a 1:1 relationship with its
volumes

Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>

ef9b6973

Remove service account creation · ea8aaf85

Sjoerd Simons authored Apr 26, 2022 and

Andrej Shadura committed Apr 26, 2022



OBS doesn't talk to the kubernetes api so there is no reason to create
service accounts

Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>

ea8aaf85

25 Apr, 2022 2 commits
- Don’t try to repeatedly disable the signer · cbfda8eb
  Andrej Shadura authored Apr 25, 2022
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
  cbfda8eb
- Make sure the "t" bit is set on /tmp · a146dfd5
  Andrej Shadura authored Apr 25, 2022
```
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
```
  a146dfd5