Commits · 7c613892b2f343ff0f7dd36e6963e63bfacaffb2 · Arch Linux / infrastructure

03 Mar, 2017 1 commit
- roles/quassel: Install cert as root:quassel 640 · 7c613892
  Jan Alexander Steffens (heftig) authored Mar 03, 2017
  
  7c613892
02 Mar, 2017 10 commits
- gitpkg: Use meson --buildtype=release · 5d3e9669
  Jan Alexander Steffens (heftig) authored Mar 02, 2017
```
This behaves better with non-C compilers, where we do not provide any
environment FLAGS.

It does add -O3, but I think this can be excused as an upstream choice.
```
  5d3e9669
- gitpkg: Add support for meson · 25f357d2
  Jan Alexander Steffens (heftig) authored Mar 02, 2017
  
  25f357d2
- gitpkg: Overhaul function injection · 25c013a8
  Jan Alexander Steffens (heftig) authored Mar 02, 2017
  
  25c013a8
- gitpkg: Only display .gitmodules if present · e6446ea2
  Jan Alexander Steffens (heftig) authored Mar 02, 2017
  
  e6446ea2
- gitpkg: Only display diff if not empty · 869d65ae
  Jan Alexander Steffens (heftig) authored Mar 02, 2017
  
  869d65ae
- gitpkg: Only display NEWS if present · 27dba431
  Jan Alexander Steffens (heftig) authored Mar 02, 2017
  
  27dba431
- gitpkg: Return nil from read_file on error · f26a8659
  Jan Alexander Steffens (heftig) authored Mar 02, 2017
  
  f26a8659
- gitpkg: Suppress stderr from git calls · 369249a9
  Jan Alexander Steffens (heftig) authored Mar 02, 2017
  
  369249a9
- gitpkg: Combine redirection (no effective change) · e983ff1b
  Jan Alexander Steffens (heftig) authored Mar 02, 2017
  
  e983ff1b
- gitpkg: Use r+ instead of w+ mode (no func. change) · 32bc78a2
  Jan Alexander Steffens (heftig) authored Mar 02, 2017
  
  32bc78a2
01 Mar, 2017 1 commit
- Add new TU: Christian Rebischke · 4a08eda2
  Florian Pritz authored Mar 01, 2017
```
Signed-off-by: Florian Pritz <bluewind@xinu.at>
```
  4a08eda2
22 Feb, 2017 1 commit
- roles/archweb: Add NM connectivity responder · c81a1ca6
  Jan Alexander Steffens (heftig) authored Feb 22, 2017
```
At http://www.archlinux.org/check_network_status.txt (no https)
```
  c81a1ca6
18 Feb, 2017 1 commit
- roles/archbuild: Cleanup srcdest dirs containing no recently accessed files · 6bcdfe33
  Jan Alexander Steffens (heftig) authored Feb 18, 2017
```
Instead of looking at the access time of the dirs; that one is
useless for cleaning.
```
  6bcdfe33
10 Feb, 2017 4 commits

roles/borg-client: Create some defaults · cbdc640f

Giancarlo Razzolini authored Feb 10, 2017

The tasks that use variables need them to be at least defined,
even if empty, to be able to run. Added some defaults.

cbdc640f

roles/borg-client: Remove != None check · 6a07fd31

Giancarlo Razzolini authored Feb 10, 2017

When using when: on ansible, it already checks if the variable is
set or not. But the variable must still be defined.

6a07fd31

Merge branch 'master' of arch-git:/srv/git/infrastructure · c274b67a
Giancarlo Razzolini authored Feb 10, 2017

c274b67a

roles/*: Fix nginx log dir permissions · ff27e416

Giancarlo Razzolini authored Feb 10, 2017

To correctly be safe for CVE-2016-1247, we need all nginx log dirs
to be owned by both user and group root. Also, since nginx childs
runs as http user, the directories permissions must be 0755, so the
http user can descent into it. Since the logrotate will create the
log files as http:log, the nginx childs will be able to write to the
logs, but will not be able to create files inside those dirs, fully
preventing CVE-2016-1247.

ff27e416

09 Feb, 2017 8 commits
- roles/archbuild: Merge distro swap.conf · b2d27800
  Jan Alexander Steffens (heftig) authored Feb 09, 2017
  
  b2d27800
- roles/patchwork: Deploy the 503 page · 2c353e4e
  Giancarlo Razzolini authored Feb 09, 2017
  
  2c353e4e
- roles/patchwork: Add the 503 page · da0f725a
  Giancarlo Razzolini authored Feb 09, 2017
  
  da0f725a
- playbooks/apollo: Add the patchwork role to apollo · b23cf257
  Giancarlo Razzolini authored Feb 09, 2017
  
  b23cf257
- roles/patchwork: Add the configuration to return the 503 page · 6faf5f16
  Giancarlo Razzolini authored Feb 09, 2017
  
  6faf5f16
- roles/patchwork: Create the patchwork user and fix the home permissions · 818ec5ed
  Giancarlo Razzolini authored Feb 09, 2017
  
  818ec5ed
- roles/patchwork: Add a default directory to the defaults · 02664441
  Giancarlo Razzolini authored Feb 09, 2017
  
  02664441
- roles/patchwork: Dummy role for returning HTTP 503 · 2df19e85
  Giancarlo Razzolini authored Feb 08, 2017
```
Create a dummy patchwork role for returning a HTTP 503 message while
we work on updating patchwork version and carry on with gudrun decommission.
```
  2df19e85
08 Feb, 2017 1 commit
- mailman: Add redirect for mailman.archlinux.org · 791144b9
  Florian Pritz authored Feb 08, 2017
```
Signed-off-by: Florian Pritz <bluewind@xinu.at>
```
  791144b9
07 Feb, 2017 8 commits
- Backup mysql databases · 81196f5e
  Florian Pritz authored Feb 07, 2017
```
Signed-off-by: Florian Pritz <bluewind@xinu.at>
```
  81196f5e
- Merge branch 'master' of arch-git:/srv/git/infrastructure · c483523d
  Giancarlo Razzolini authored Feb 07, 2017
  
  c483523d
- roles/flyspray: Added missing rewrites · 52557096
  Giancarlo Razzolini authored Feb 07, 2017
```
Added the missing index rewrites. They are used for sorting the issues,
and they were not working, because nginx needs it to be an absolute regex,
ending in $ for it to work, otherwise it replaces the index files finding
logic.
```
  52557096
- php-fpm: Drop template for zend_extensions · 84d923f6
  Florian Pritz authored Feb 07, 2017
```
We don't use any and the template is the same as for normal extensions
so it's wrong anways.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
```
  84d923f6
- php-fpm: Merge settings from apollo · 9283dfdb
  Florian Pritz authored Feb 07, 2017
```
Signed-off-by: Florian Pritz <bluewind@xinu.at>
```
  9283dfdb
- php-fpm: allow to specify extensions · d547a869
  Bartłomiej Piotrowski authored Jan 21, 2017 and Florian Pritz committed Feb 07, 2017
  
  d547a869
- roles/flyspray: Fix task rewrites · 2fe9e5c4
  Giancarlo Razzolini authored Feb 07, 2017
```
The task rewrites were not working because the location regex was
matching only up to the task id.
```
  2fe9e5c4
- roles/flyspray: Increase the number of php servers to 30 · 8af78fbe
  Giancarlo Razzolini authored Feb 07, 2017
  
  8af78fbe
06 Feb, 2017 5 commits

roles/flyspray: Fix permissions of nginx log dirs, CVE-2016-1247 · 7ec1b301

Giancarlo Razzolini authored Feb 06, 2017

CVE-2016-1247 is a symlink attack on the log dir of nginx since a
reopening of the logs (triggered by logrotate) opens the logs as
nginx instead of root. logrotate creates the proper log files
already so nginx doesn't need write permissions to those directories.

7ec1b301

roles/flyspray: Almost all rewrite's done · f4f17e06
Giancarlo Razzolini authored Feb 03, 2017

f4f17e06

roles/flyspray: More work on the rewrite's · 46e060a7

Giancarlo Razzolini authored Feb 03, 2017

Added some more rewrites to the flyspray role. Changed from using
try_files (they are meant to static first, then dynamic). Nginx
locations can only deal in absolute URL's, so they all need to have
/ in front of them.

46e060a7

roles/flyspray: Tasks rewrites · 5b1151f3
Giancarlo Razzolini authored Jan 30, 2017
```
Initial work on the flyspray rewrites. The tasks rewrites are working.
```
5b1151f3

roles/flyspray: Add a register to not create the setup dir · 8f9935ea

Giancarlo Razzolini authored Jan 30, 2017

When cloning the empty repository for the first time, there can't
be a setup directory, otherwise the clone will fail. We check if
the user was created on that run or not and don't create the setup
directory in that case.

8f9935ea