infra issueshttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues2019-07-12T16:28:54Zhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/8446Upgrade redmine to latest version2019-07-12T16:28:54ZCarlo LandmeterUpgrade redmine to latest versionWe are currently running an older version of redmine which is still
based on apk based installation.
The idea is to upgrade redmine by:
1. Install in new container (test already available)
2. Upgrade the current test install
3. chec...We are currently running an older version of redmine which is still
based on apk based installation.
The idea is to upgrade redmine by:
1. Install in new container (test already available)
2. Upgrade the current test install
3. check if current ruby deps are in aports (hint imagemagick)
4. install services currently running on redmine container
1. smtp server (postfix)
2. mqtt-exec to update local git repos for redmine
5. change dhcp server to use dhcp static ip assignment for new redmine.
6. update nginx proxy (and check config) to use new redmine
7. all that is forgotten
*(from redmine: issue id 8446, created on 2018-01-29, closed on 2018-03-13)*Kevin DaudtKevin Daudt2018-03-06https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/4981Wiki should use SSL/TLS2019-07-12T16:22:40ZJakub JirutkaWiki should use SSL/TLSThere’s an expired certificate on https://wiki.alpinelinux.org and web
server returns 503 Service Unavailable.
*(from redmine: issue id 4981, created on 2016-01-01, closed on 2017-12-09)*There’s an expired certificate on https://wiki.alpinelinux.org and web
server returns 503 Service Unavailable.
*(from redmine: issue id 4981, created on 2016-01-01, closed on 2017-12-09)*Nathan AngelacosNathan Angelacos2016-06-02https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/357upgrade mediawiki2019-07-12T16:14:07ZNatanael Copaupgrade mediawikiSecurity update.
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
K0gen: please let me know if you want help with this (if you are busy)
*(from redmine: issue id 357, created on 2010-06-08, closed on 2010-...Security update.
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
K0gen: please let me know if you want help with this (if you are busy)
*(from redmine: issue id 357, created on 2010-06-08, closed on 2010-09-29)*Natanael CopaNatanael Copa2010-06-15https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10628mirrors.alpinelinux.org: missing v3.9 and v3.10 status2019-07-12T16:32:54ZAleksey Mmirrors.alpinelinux.org: missing v3.9 and v3.10 statusI already sent pull request for v3.9 almost 3 weeks ago, but looks like
it went unnoticed.
Updated it to include v3.10 today. Hope I’m using right place to report
this time.
See https://github.com/alpinelinux/alpine-mirror-status/pul...I already sent pull request for v3.9 almost 3 weeks ago, but looks like
it went unnoticed.
Updated it to include v3.10 today. Hope I’m using right place to report
this time.
See https://github.com/alpinelinux/alpine-mirror-status/pull/1 for
proposed patch.
*(from redmine: issue id 10628, created on 2019-06-28, closed on 2019-06-28)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10606Redmine and git project/repo conversion/migration to Gitlab2019-07-18T21:17:09ZCarlo LandmeterRedmine and git project/repo conversion/migration to Gitlabwe currently have a specific setup on both Redmine and git.a.o.
### Redmine projects
- AConf
- Alpine Linux
- Alpine Build tools (abuild)
- Alpine Documentation
- Alpine Infrastructure
- Alpine Package Keepe...we currently have a specific setup on both Redmine and git.a.o.
### Redmine projects
- AConf
- Alpine Linux
- Alpine Build tools (abuild)
- Alpine Documentation
- Alpine Infrastructure
- Alpine Package Keeper (apk-tools)
- Alpine Security
- Alpine Setup Scripts
- AWall
- Squark
### git.a.o repos
- Alpine Projects
- repos
- Docks
- repos
- ACF
- repos
- Hosted
- repos
- user
- user repos
### Namespace conversion for projects with source code (git repo):
- projects/alpine =>alpine/aports
- projects/abuild =>alpine/abuild
- projects/apk-tools =>alpine/apk-tools
- projects/alpine-conf =>alpine/alpine-conf
- projects/awall =>alpine/awall
### Namespace conversion for projects without source code (git repo)
These would have a single README.md explaining these projects have
issues only
- projects/alpine-infra =>alpine/infra/general
- projects/alpinedoc =>alpine/docs/general
- projects/alpine-security =>alpine/security/general
### Docs (git repos)
These have no projects on redmine and can be converted to similar Gitlab
namespacing:
- alpine/docs/repository
### Hosted (git repos)
Need to check under which namespace to move these
### ACF
There are a lot of repos on git.a.o and we have mixed the issues within
the alpine (aports) namespace.
We have to discus with Ted Trask how to handle this.
### AConf
I think we can skip migrating Aconf, this project seems empty on
redmine.
### Squark
This seems like an old project. Probably easier to just keep it on
git.a.o
### User repos
We can allow users to migrate their repositories into gitlab or just
keep them on git.a.o.
*(from redmine: issue id 10606, created on 2019-06-23)*
* Relations:
* parent #10573Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10573migration to gitlab2020-01-06T13:02:23ZCarlo Landmetermigration to gitlabwe are currently testing a new gitlab instance at
gitlab.alpinelinux.org.
Please reply with issues found and features which are missing.
This is also a good place to start discussing how to organize git.a.o
and bugs.a.o into gitlab.
...we are currently testing a new gitlab instance at
gitlab.alpinelinux.org.
Please reply with issues found and features which are missing.
This is also a good place to start discussing how to organize git.a.o
and bugs.a.o into gitlab.
If you want a test account please email me or send a message on IRC for
a password as smtp is disabled atm for obvious reasons.
*(from redmine: issue id 10573, created on 2019-06-14)*
* Relations:
* child #10606
* child #10634
* Uploads:
* ![Screenshot_from_2019-06-14_12-03-06](/uploads/154af9d912af126b459e0740e11c7421/Screenshot_from_2019-06-14_12-03-06.png)Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10470Wrong certifcates on https://dl-3.alpinelinux.org/2019-07-12T16:32:35ZChristopher WattonWrong certifcates on https://dl-3.alpinelinux.org/Similar issue to this one - https://bugs.alpinelinux.org/issues/4982
Certificates currently on https://dl-3.alpinelinux.org/ are registered
for default.ssl.fastly.net instead of dl-3.aplinelinux.org.
*(from redmine: issue id 10470, cr...Similar issue to this one - https://bugs.alpinelinux.org/issues/4982
Certificates currently on https://dl-3.alpinelinux.org/ are registered
for default.ssl.fastly.net instead of dl-3.aplinelinux.org.
*(from redmine: issue id 10470, created on 2019-05-20, closed on 2019-06-19)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10149Upgrade Redmine/Rails to mitigate CVE-2019-54182019-07-13T12:35:33ZKevin DaudtUpgrade Redmine/Rails to mitigate CVE-2019-5418See:
- https://github.com/mpgn/CVE-2019-5418
- https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
bugs.alpinelinux.org:
alpine-bugs:/usr/share/webapps/redmine# gem list --local '^rails$'
**...See:
- https://github.com/mpgn/CVE-2019-5418
- https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
bugs.alpinelinux.org:
alpine-bugs:/usr/share/webapps/redmine# gem list --local '^rails$'
*** LOCAL GEMS ***
rails (4.2.8)
This should be updated to 4.2.11.1 at least.
*(from redmine: issue id 10149, created on 2019-03-22)*Kevin DaudtKevin Daudthttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10033Cannot watch issue in bug tracker2019-07-12T16:31:48ZalgitbotCannot watch issue in bug trackerWhen I tried to watch an issue in this bug tracker, I’ve got
https://bugs.alpinelinux.org/watchers/watch?object\_id=8665&object\_type=issue
\`\`\`
Page not found
The page you were trying to access doesn’t exist or has been removed.
...When I tried to watch an issue in this bug tracker, I’ve got
https://bugs.alpinelinux.org/watchers/watch?object\_id=8665&object\_type=issue
\`\`\`
Page not found
The page you were trying to access doesn’t exist or has been removed.
Back
\`\`\`
Issue in question: https://bugs.alpinelinux.org/issues/8665
I’m don’t know if I should report it here bug don’t know where else.
*(from redmine: issue id 10033, created on 2019-02-25, closed on 2019-05-25)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9977Flagging packages is not working, 404 instead.2023-06-07T12:16:38ZYaron ShahrabaniFlagging packages is not working, 404 instead.This is website related.
The packages interface doesn’t allow flagging, an error appears.
*(from redmine: issue id 9977, created on 2019-02-11)*This is website related.
The packages interface doesn’t allow flagging, an error appears.
*(from redmine: issue id 9977, created on 2019-02-11)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9924Allow selecting all arches in pkgs.alpinelinux.org2023-06-07T12:16:38ZKevin DaudtAllow selecting all arches in pkgs.alpinelinux.orgThe arch selection field by default has no arch selected, so it allows
you to search in any arch. But once you selected an arch, it’s no longer
possible to select no arch.
*(from redmine: issue id 9924, created on 2019-01-26)*The arch selection field by default has no arch selected, so it allows
you to search in any arch. But once you selected an arch, it’s no longer
possible to select no arch.
*(from redmine: issue id 9924, created on 2019-01-26)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9592pkgs.alpinelinux.org - Denial of Service vulnerability2019-07-12T16:31:03ZMatt Hamiltonpkgs.alpinelinux.org - Denial of Service vulnerabilitypkgs.alpinelinux.org is vulnerable to a denial of service vulnerability.
Simply sending an HTTP GET to the following URL will cause nginx to
return a 502 error for between 5-15 seconds:
<code class="text">
https://pkgs.alpineli...pkgs.alpinelinux.org is vulnerable to a denial of service vulnerability.
Simply sending an HTTP GET to the following URL will cause nginx to
return a 502 error for between 5-15 seconds:
<code class="text">
https://pkgs.alpinelinux.org/packages?name=aabb%u003c&branch=edge
</code>
This suggests that this query kills the application server sitting
behind nginx and results in a lack of availability until the backend
server automatically restarts.
An attacker could exploit this vulnerability to deny availability of the
pkgs.aplinelinux.org web server.
While I have not tested this extensively, it appears that any URL
encoded unicode character sent as a part of the package search query
results in this behavior.
I can’t seem to find a way to restrict this bug report or mark it as
sensitive, perhaps someone could assist with that if possible?
Cheers
-eriner
*(from redmine: issue id 9592, created on 2018-10-28, closed on 2018-12-28)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9589Anitya (release-monitoring) checker stopped working2020-01-06T13:06:54ZJakub JirutkaAnitya (release-monitoring) checker stopped workingMy access to the container running pkgs.a.o has stopped working
**again**, so I cannot check out what’s wrong. `anitya-check-all` should
be executed periodically by cron.
ssh jirutka@172.16.4.21
ssh: connect to host 172.16.4.21 ...My access to the container running pkgs.a.o has stopped working
**again**, so I cannot check out what’s wrong. `anitya-check-all` should
be executed periodically by cron.
ssh jirutka@172.16.4.21
ssh: connect to host 172.16.4.21 port 22: No route to host
*(from redmine: issue id 9589, created on 2018-10-26)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9493improve patchwork mail routing2020-01-06T13:05:58ZCarlo Landmeterimprove patchwork mail routingCurrently mails for patchwork are routed via redmine container.
This is not very obvious and can lead into issues when changing
container locations.
It would be better if we have a single point of entry (mail.a.o) and
forward to the ...Currently mails for patchwork are routed via redmine container.
This is not very obvious and can lead into issues when changing
container locations.
It would be better if we have a single point of entry (mail.a.o) and
forward to the correct container directly via vpn.
*(from redmine: issue id 9493, created on 2018-09-30)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9336git.alpinelinux.org/cgit/alpine-secdb redirect updates2019-07-12T16:30:36ZJason Bradshawgit.alpinelinux.org/cgit/alpine-secdb redirect updatesI opened a bug previously, but wanted to ask for a community favor
instead (also commented this on
https://github.com/coreos/clair/issues/593).
I agree that an alternate endpoint should be used, as this is a taxing
load on Alpine Linux ...I opened a bug previously, but wanted to ask for a community favor
instead (also commented this on
https://github.com/coreos/clair/issues/593).
I agree that an alternate endpoint should be used, as this is a taxing
load on Alpine Linux infrastructure. Until this change has been pushed,
could you make a small adjustment to the 301 configuration to not
redirect everything to the root
https://github.com/alpinelinux/alpine-secdb/ but instead include the
paths and the query string? This should keep the load off your git
servers while the endpoint changes propagate but not break current
running applications. Something like, \`rewrite
^/cgit/alpine-secdb/(.\*?)/?$
https://github.com/alpinelinux/alpine-secdb/$1 permanent;\` will enable
most git clients to clone as before.
Sorry to take your time on this issue.
*(from redmine: issue id 9336, created on 2018-08-24, closed on 2018-09-30)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9330Python3 packages missing in repository (but existent in the index)2019-07-12T16:30:35ZJanosch MaierPython3 packages missing in repository (but existent in the index)Since yesterday, the python3-3.5.6-r0 \[1\] and python3-dev-3.5.6-r0
\[2\] are missing in the package repository. The packages appear with
this version numbers in the package index but do not exist on the
download server.
\[1\]
http://d...Since yesterday, the python3-3.5.6-r0 \[1\] and python3-dev-3.5.6-r0
\[2\] are missing in the package repository. The packages appear with
this version numbers in the package index but do not exist on the
download server.
\[1\]
http://dl-cdn.alpinelinux.org/alpine/v3.5/main/x86\_64/python3-3.5.6-r0.apk
\[2\]
http://dl-cdn.alpinelinux.org/alpine/v3.5/main/x86\_64/python3-dev-3.5.6-r0.apk
*(from redmine: issue id 9330, created on 2018-08-23, closed on 2018-09-30)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9329git.alpinelinux.org/cgit/alpine-secdb redirect to https://github.com/alpineli...2019-07-12T16:30:34ZJason Bradshawgit.alpinelinux.org/cgit/alpine-secdb redirect to https://github.com/alpinelinux/alpine-secdb causing issues with git clone via https (CLAIR SCANNER)Hopefully this is the right place. I was checking out goharbor, and
noticed that clair was having some issues with the alpine vulnerability
database downloads. Looks like clair
https://github.com/coreos/clair/blob/master/ext/vulnsrc/alpi...Hopefully this is the right place. I was checking out goharbor, and
noticed that clair was having some issues with the alpine vulnerability
database downloads. Looks like clair
https://github.com/coreos/clair/blob/master/ext/vulnsrc/alpine/alpine.go\#L38
is cloning via https and is having issues with the redirect.
{[Event]("could) not pull alpine-secdb
repository“,”Level“:”error“,”Location“:”alpine.go:186“,”Time“:”2018-08-23
02:13:59.211600“,”error“:”exit status 128“,”output“:”Cloning into
‘.’…\\nfatal: unable to update url base from redirection:\\n asked for:
https://git.alpinelinux.org/cgit/alpine-secdb/info/refs?service=git-upload-pack\\n
redirect: https://github.com/alpinelinux/alpine-secdb\\n"}
curl -v
https://git.alpinelinux.org/cgit/alpine-secdb/info/refs?service=git-upload-pack
- Trying 185.15.220.34…
…
…
>
< HTTP/1.1 301 Moved Permanently
…
…
< Location: https://github.com/alpinelinux/alpine-secdb
git clone https://git.alpinelinux.org/cgit/alpine-secdb
Cloning into ‘alpine-secdb’…
fatal: unable to update url base from redirection:
asked for:
https://git.alpinelinux.org/cgit/alpine-secdb/info/refs?service=git-upload-pack
redirect: https://github.com/alpinelinux/alpine-secdb
*(from redmine: issue id 9329, created on 2018-08-23, closed on 2018-08-23)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9247Improve mirror monitoring2019-07-12T16:30:26ZKevin DaudtImprove mirror monitoringCurrently mirror monitoring only includes checking if the mirror is
alive. Improve monitoring so that we can see if a mirror behind for a
long period.
*(from redmine: issue id 9247, created on 2018-08-16, closed on 2018-09-30)*Currently mirror monitoring only includes checking if the mirror is
alive. Improve monitoring so that we can see if a mirror behind for a
long period.
*(from redmine: issue id 9247, created on 2018-08-16, closed on 2018-09-30)*Kevin DaudtKevin Daudthttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9198images/ missing from boot.a.o2019-07-12T16:30:21ZGhost Userimages/ missing from boot.a.oThe links in the “Image” section are leading into 404’s, it worked
previously.
*(from redmine: issue id 9198, created on 2018-08-07, closed on 2018-08-20)*The links in the “Image” section are leading into 404’s, it worked
previously.
*(from redmine: issue id 9198, created on 2018-08-07, closed on 2018-08-20)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9194Problems with dl-cdn.alpinelinux.org: redirect to https via Squid (results in...2019-07-12T16:30:20ZDaniel HahlerProblems with dl-cdn.alpinelinux.org: redirect to https via Squid (results in 404)1. I have noticed that “curl -I
http://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86\_64/APKINDEX.tar.g
z” redirects to
“https://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86\_64/APKINDEX.tar.gz”,
but only when using a local Squid http cac...1. I have noticed that “curl -I
http://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86\_64/APKINDEX.tar.g
z” redirects to
“https://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86\_64/APKINDEX.tar.gz”,
but only when using a local Squid http cache!
The redirection target results in a 404 then.
2. When trying to access https://dl-cdn.alpinelinux.org in general, you
will get a certificate error:
% curl
https://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86\_64/APKINDEX.tar.gz
curl: (51) SSL: no alternative certificate subject name matches target
host name ‘dl-cdn.alpinelinux.org’
3. On https://wiki.alpinelinux.org/wiki/Alpine\_Linux:Mirrors there is a
link to http://rsync.alpinelinux.org/alpine/MIRRORS.txt, which appears
to redirect to https://dl-cdn.alpinelinux.org/alpine/MIRRORS.txt (404).
The most puzzling part is 1. though - it appears to really be related to
using Squid, even with
“forwarded\_for transparent” and “via off”.
I’ve tried to look at what happens with
https://github.com/yinqiwen/gsnova between dl-cdn and Squid to some
mixed avail - I think without “forwarded\_for transparent” and “via off”
it would still redirect, but with those options enabled (to hide that
Squid is used) it worked better (it does not redirect to https/404), but
resulted in i/o timeout, e.g. “apk update” fails:
fetch
http://dl-cdn.alpinelinux.org/alpine/v3.8/main/x86\_64/APKINDEX.tar.gz
ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.8/main: BAD signature
I’ve used the following to use gsnova as parent proxy:
cache\_peer 127.0.0.1 parent 23128 0 no-query no-digest
never\_direct allow all
*(from redmine: issue id 9194, created on 2018-08-06, closed on 2018-08-07)*