savannah-hackers-public
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] Setting up bzr+ssh on Savannah.

From: Sylvain Beucler
Subject: Re: [Savannah-hackers-public] Setting up bzr+ssh on Savannah.
Date: Thu, 8 Apr 2010 22:42:56 +0200
User-agent: Mutt/1.5.20 (2009-06-14) 
Hi,

(sorry for the delay, I had troubles coping with everything over the
past few weeks).

I have no problem with turning sftp off.

I'm glad you're working to get an official way to disable
user-controlled plugins in bzr, server-side.

What you also need to do is:

- coordinate with other bzr users

- move the bzr service to the 'vcs-noshell' VM (instead of the current
  'sftp' VM) - so you don't disable SFTP access to the download area.


I gave you root access to 'colonialone.fsf.org' (the rsa key only).
Check:
http://savannah.gnu.org/maintenance/SavannahArchitecture
to access other areas of Savannah.

The rule is: what you break, you fix.
If you agree with the rule, you can proceed with the changes :)

-- 
Sylvain

On Mon, Mar 22, 2010 at 05:57:09PM -0400, Karl Fogel wrote:
> Ping.  Any reaction from Savannah admins to the proposal below?
> 
> Karl Fogel <address@hidden> writes:
> >Okay, so how about we:
> >
> >  1) Turn off sftp access.
> >  2) Apply the diff at the end of this mail :-).
> >  3) Update the developer instructions accordingly.
> >
> >>Configuration files are not under a VCS, but a good deal of
> >>information can be found in the bzr repository for project
> >>'administration'.
> >
> >Thanks.  (After we agree on the course of action, I'll have some changes
> >to submit to administration/bzr.txt too.)
> >
> >Regarding commit emails: let's just continue using bzr-hookless-email
> >for now.  It works, and right now the problem we're trying to solve is
> >bzr+ssh:// access.  We can tackle other Bazaar issues afterwards.
> >
> >Below is the diff; please review.  If you like it, my next step will be
> >to come up with the developer instructions so those currently using
> >sftp:// can switch over.  (Naturally, we'll warn them first and set a
> >flag date.)
> >
> >[[[
> >Restore Bazaar bzr+ssh:// access, but this time without plugins.
> >
> >* /usr/local/bin/sv_membersh: Suppress logging in the modern way.
> >  Add the '--no-plugins' option to the bzr serve command.
> >
> >* /etc/membersh-conf.pl: Set use_bzr to 1.
> >]]]
> >
> >--- /usr/local/bin/sv_membersh       2010-03-17 15:38:57.000000000 -0400
> >+++ /usr/local/bin/sv_membersh       2010-03-17 16:00:02.000000000 -0400
> >@@ -151,12 +151,11 @@
> > 
> >     } elsif ($use_bzr and $ARGV[1] =~ m:$regexp_bzr:) {
> > 
> >-    # bzr wants to write a ~/.bzr.log
> >-    # Tip: mkdir -m 755 /var/lib/bzr
> >-    #      ln -s /dev/null /var/lib/bzr/.bzr.log
> >-    $ENV{'HOME'} = '/var/lib/bzr';
> >+    # bzr wants to write a ~/.bzr.log.  Suppress that (see
> >+        # https://bugs.edge.launchpad.net/bzr/+bug/106117 for more).
> >+    $ENV{'BZR_LOG'} = '/dev/null';
> >     # authorize 'bzr serve' in SSH tunnel mode
> >-        exec($bin_bzr, 'serve', '--inet', '--directory='.$dir_bzr, 
> >'--allow-writes')
> >+        exec($bin_bzr, '--no-plugins', 'serve', '--inet', 
> >'--directory='.$dir_bzr, '--allow-writes')
> >         or die("Failed to exec '$bin_bzr serve --inet --directory=$dir_bzr 
> > --allow-writes': $!");
> > 
> >     } elsif ($use_hg and $ARGV[1] =~ m:$regexp_hg:) {
> >
> >
> >--- /etc/membersh-conf.pl    2010-03-17 14:31:11.000000000 -0400
> >+++ /etc/membersh-conf.pl    2010-03-17 15:31:55.000000000 -0400
> >@@ -17,4 +17,4 @@
> > # SFTP-accessible area (== local access) when said commit hook support
> > # is eventually ready in bzr
> > 
> >-#$use_bzr = '1';
> >+$use_bzr = '1';
reply via email to
[Prev in Thread] Current Thread [Next in Thread]