infra issueshttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues2023-06-07T12:16:38Zhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9924Allow selecting all arches in pkgs.alpinelinux.org2023-06-07T12:16:38ZKevin DaudtAllow selecting all arches in pkgs.alpinelinux.orgThe arch selection field by default has no arch selected, so it allows
you to search in any arch. But once you selected an arch, it’s no longer
possible to select no arch.
*(from redmine: issue id 9924, created on 2019-01-26)*The arch selection field by default has no arch selected, so it allows
you to search in any arch. But once you selected an arch, it’s no longer
possible to select no arch.
*(from redmine: issue id 9924, created on 2019-01-26)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9977Flagging packages is not working, 404 instead.2023-06-07T12:16:38ZYaron ShahrabaniFlagging packages is not working, 404 instead.This is website related.
The packages interface doesn’t allow flagging, an error appears.
*(from redmine: issue id 9977, created on 2019-02-11)*This is website related.
The packages interface doesn’t allow flagging, an error appears.
*(from redmine: issue id 9977, created on 2019-02-11)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9076Remove flag button from non-edge packages on pkgs.alpinelinux.org2022-07-25T10:55:13ZSascha PaunovicRemove flag button from non-edge packages on pkgs.alpinelinux.orgSince one cannot flag packages that aren’t in the edge repos, having the
flag button doesn’t make sense there doesn’t make sense.
*(from redmine: issue id 9076, created on 2018-07-11)*Since one cannot flag packages that aren’t in the edge repos, having the
flag button doesn’t make sense there doesn’t make sense.
*(from redmine: issue id 9076, created on 2018-07-11)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/1858Create mailing list for security alerts2020-01-06T14:19:15ZNatanael CopaCreate mailing list for security alertsWe already have a amiling list named ‘alpine-security’. I wonder if we
should make it more clear what this list is for.
Maybe we should have a sec-errata@lists.alpinelinux.org too, where we
only post security erratas.
*(from redmine: ...We already have a amiling list named ‘alpine-security’. I wonder if we
should make it more clear what this list is for.
Maybe we should have a sec-errata@lists.alpinelinux.org too, where we
only post security erratas.
*(from redmine: issue id 1858, created on 2013-05-13)*
* Relations:
* relates #2104
* parent #1846Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9071Outdated copyright notice2020-01-06T13:10:33ZTBKOutdated copyright noticeOn https://alpinelinux.org/ and https://pkgs.alpinelinux.org/packages
the footer copyright notice says 2017.
See attached file.
*(from redmine: issue id 9071, created on 2018-07-11)*
* Uploads:
* ![2018-07-11_03-02-09](/uploads/c79...On https://alpinelinux.org/ and https://pkgs.alpinelinux.org/packages
the footer copyright notice says 2017.
See attached file.
*(from redmine: issue id 9071, created on 2018-07-11)*
* Uploads:
* ![2018-07-11_03-02-09](/uploads/c79b02d159f5ab696d19f1efe5447669/2018-07-11_03-02-09.png)Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9589Anitya (release-monitoring) checker stopped working2020-01-06T13:06:54ZJakub JirutkaAnitya (release-monitoring) checker stopped workingMy access to the container running pkgs.a.o has stopped working
**again**, so I cannot check out what’s wrong. `anitya-check-all` should
be executed periodically by cron.
ssh jirutka@172.16.4.21
ssh: connect to host 172.16.4.21 ...My access to the container running pkgs.a.o has stopped working
**again**, so I cannot check out what’s wrong. `anitya-check-all` should
be executed periodically by cron.
ssh jirutka@172.16.4.21
ssh: connect to host 172.16.4.21 port 22: No route to host
*(from redmine: issue id 9589, created on 2018-10-26)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9493improve patchwork mail routing2020-01-06T13:05:58ZCarlo Landmeterimprove patchwork mail routingCurrently mails for patchwork are routed via redmine container.
This is not very obvious and can lead into issues when changing
container locations.
It would be better if we have a single point of entry (mail.a.o) and
forward to the ...Currently mails for patchwork are routed via redmine container.
This is not very obvious and can lead into issues when changing
container locations.
It would be better if we have a single point of entry (mail.a.o) and
forward to the correct container directly via vpn.
*(from redmine: issue id 9493, created on 2018-09-30)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10573migration to gitlab2020-01-06T13:02:23ZCarlo Landmetermigration to gitlabwe are currently testing a new gitlab instance at
gitlab.alpinelinux.org.
Please reply with issues found and features which are missing.
This is also a good place to start discussing how to organize git.a.o
and bugs.a.o into gitlab.
...we are currently testing a new gitlab instance at
gitlab.alpinelinux.org.
Please reply with issues found and features which are missing.
This is also a good place to start discussing how to organize git.a.o
and bugs.a.o into gitlab.
If you want a test account please email me or send a message on IRC for
a password as smtp is disabled atm for obvious reasons.
*(from redmine: issue id 10573, created on 2019-06-14)*
* Relations:
* child #10606
* child #10634
* Uploads:
* ![Screenshot_from_2019-06-14_12-03-06](/uploads/154af9d912af126b459e0740e11c7421/Screenshot_from_2019-06-14_12-03-06.png)Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10606Redmine and git project/repo conversion/migration to Gitlab2019-07-18T21:17:09ZCarlo LandmeterRedmine and git project/repo conversion/migration to Gitlabwe currently have a specific setup on both Redmine and git.a.o.
### Redmine projects
- AConf
- Alpine Linux
- Alpine Build tools (abuild)
- Alpine Documentation
- Alpine Infrastructure
- Alpine Package Keepe...we currently have a specific setup on both Redmine and git.a.o.
### Redmine projects
- AConf
- Alpine Linux
- Alpine Build tools (abuild)
- Alpine Documentation
- Alpine Infrastructure
- Alpine Package Keeper (apk-tools)
- Alpine Security
- Alpine Setup Scripts
- AWall
- Squark
### git.a.o repos
- Alpine Projects
- repos
- Docks
- repos
- ACF
- repos
- Hosted
- repos
- user
- user repos
### Namespace conversion for projects with source code (git repo):
- projects/alpine =>alpine/aports
- projects/abuild =>alpine/abuild
- projects/apk-tools =>alpine/apk-tools
- projects/alpine-conf =>alpine/alpine-conf
- projects/awall =>alpine/awall
### Namespace conversion for projects without source code (git repo)
These would have a single README.md explaining these projects have
issues only
- projects/alpine-infra =>alpine/infra/general
- projects/alpinedoc =>alpine/docs/general
- projects/alpine-security =>alpine/security/general
### Docs (git repos)
These have no projects on redmine and can be converted to similar Gitlab
namespacing:
- alpine/docs/repository
### Hosted (git repos)
Need to check under which namespace to move these
### ACF
There are a lot of repos on git.a.o and we have mixed the issues within
the alpine (aports) namespace.
We have to discus with Ted Trask how to handle this.
### AConf
I think we can skip migrating Aconf, this project seems empty on
redmine.
### Squark
This seems like an old project. Probably easier to just keep it on
git.a.o
### User repos
We can allow users to migrate their repositories into gitlab or just
keep them on git.a.o.
*(from redmine: issue id 10606, created on 2019-06-23)*
* Relations:
* parent #10573Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/3615Mailing list web archive need some thorough revamp2019-07-18T19:30:44ZPrzemysław PawełczykMailing list web archive need some thorough revampWhat we see at http://lists.alpinelinux.org/ is simply unbearably awful.
*(from redmine: issue id 3615, created on 2014-12-10)*What we see at http://lists.alpinelinux.org/ is simply unbearably awful.
*(from redmine: issue id 3615, created on 2014-12-10)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10149Upgrade Redmine/Rails to mitigate CVE-2019-54182019-07-13T12:35:33ZKevin DaudtUpgrade Redmine/Rails to mitigate CVE-2019-5418See:
- https://github.com/mpgn/CVE-2019-5418
- https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
bugs.alpinelinux.org:
alpine-bugs:/usr/share/webapps/redmine# gem list --local '^rails$'
**...See:
- https://github.com/mpgn/CVE-2019-5418
- https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
bugs.alpinelinux.org:
alpine-bugs:/usr/share/webapps/redmine# gem list --local '^rails$'
*** LOCAL GEMS ***
rails (4.2.8)
This should be updated to 4.2.11.1 at least.
*(from redmine: issue id 10149, created on 2019-03-22)*Kevin DaudtKevin Daudthttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10628mirrors.alpinelinux.org: missing v3.9 and v3.10 status2019-07-12T16:32:54ZAleksey Mmirrors.alpinelinux.org: missing v3.9 and v3.10 statusI already sent pull request for v3.9 almost 3 weeks ago, but looks like
it went unnoticed.
Updated it to include v3.10 today. Hope I’m using right place to report
this time.
See https://github.com/alpinelinux/alpine-mirror-status/pul...I already sent pull request for v3.9 almost 3 weeks ago, but looks like
it went unnoticed.
Updated it to include v3.10 today. Hope I’m using right place to report
this time.
See https://github.com/alpinelinux/alpine-mirror-status/pull/1 for
proposed patch.
*(from redmine: issue id 10628, created on 2019-06-28, closed on 2019-06-28)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10470Wrong certifcates on https://dl-3.alpinelinux.org/2019-07-12T16:32:35ZChristopher WattonWrong certifcates on https://dl-3.alpinelinux.org/Similar issue to this one - https://bugs.alpinelinux.org/issues/4982
Certificates currently on https://dl-3.alpinelinux.org/ are registered
for default.ssl.fastly.net instead of dl-3.aplinelinux.org.
*(from redmine: issue id 10470, cr...Similar issue to this one - https://bugs.alpinelinux.org/issues/4982
Certificates currently on https://dl-3.alpinelinux.org/ are registered
for default.ssl.fastly.net instead of dl-3.aplinelinux.org.
*(from redmine: issue id 10470, created on 2019-05-20, closed on 2019-06-19)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10033Cannot watch issue in bug tracker2019-07-12T16:31:48ZalgitbotCannot watch issue in bug trackerWhen I tried to watch an issue in this bug tracker, I’ve got
https://bugs.alpinelinux.org/watchers/watch?object\_id=8665&object\_type=issue
\`\`\`
Page not found
The page you were trying to access doesn’t exist or has been removed.
...When I tried to watch an issue in this bug tracker, I’ve got
https://bugs.alpinelinux.org/watchers/watch?object\_id=8665&object\_type=issue
\`\`\`
Page not found
The page you were trying to access doesn’t exist or has been removed.
Back
\`\`\`
Issue in question: https://bugs.alpinelinux.org/issues/8665
I’m don’t know if I should report it here bug don’t know where else.
*(from redmine: issue id 10033, created on 2019-02-25, closed on 2019-05-25)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9592pkgs.alpinelinux.org - Denial of Service vulnerability2019-07-12T16:31:03ZMatt Hamiltonpkgs.alpinelinux.org - Denial of Service vulnerabilitypkgs.alpinelinux.org is vulnerable to a denial of service vulnerability.
Simply sending an HTTP GET to the following URL will cause nginx to
return a 502 error for between 5-15 seconds:
<code class="text">
https://pkgs.alpineli...pkgs.alpinelinux.org is vulnerable to a denial of service vulnerability.
Simply sending an HTTP GET to the following URL will cause nginx to
return a 502 error for between 5-15 seconds:
<code class="text">
https://pkgs.alpinelinux.org/packages?name=aabb%u003c&branch=edge
</code>
This suggests that this query kills the application server sitting
behind nginx and results in a lack of availability until the backend
server automatically restarts.
An attacker could exploit this vulnerability to deny availability of the
pkgs.aplinelinux.org web server.
While I have not tested this extensively, it appears that any URL
encoded unicode character sent as a part of the package search query
results in this behavior.
I can’t seem to find a way to restrict this bug report or mark it as
sensitive, perhaps someone could assist with that if possible?
Cheers
-eriner
*(from redmine: issue id 9592, created on 2018-10-28, closed on 2018-12-28)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9336git.alpinelinux.org/cgit/alpine-secdb redirect updates2019-07-12T16:30:36ZJason Bradshawgit.alpinelinux.org/cgit/alpine-secdb redirect updatesI opened a bug previously, but wanted to ask for a community favor
instead (also commented this on
https://github.com/coreos/clair/issues/593).
I agree that an alternate endpoint should be used, as this is a taxing
load on Alpine Linux ...I opened a bug previously, but wanted to ask for a community favor
instead (also commented this on
https://github.com/coreos/clair/issues/593).
I agree that an alternate endpoint should be used, as this is a taxing
load on Alpine Linux infrastructure. Until this change has been pushed,
could you make a small adjustment to the 301 configuration to not
redirect everything to the root
https://github.com/alpinelinux/alpine-secdb/ but instead include the
paths and the query string? This should keep the load off your git
servers while the endpoint changes propagate but not break current
running applications. Something like, \`rewrite
^/cgit/alpine-secdb/(.\*?)/?$
https://github.com/alpinelinux/alpine-secdb/$1 permanent;\` will enable
most git clients to clone as before.
Sorry to take your time on this issue.
*(from redmine: issue id 9336, created on 2018-08-24, closed on 2018-09-30)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9330Python3 packages missing in repository (but existent in the index)2019-07-12T16:30:35ZJanosch MaierPython3 packages missing in repository (but existent in the index)Since yesterday, the python3-3.5.6-r0 \[1\] and python3-dev-3.5.6-r0
\[2\] are missing in the package repository. The packages appear with
this version numbers in the package index but do not exist on the
download server.
\[1\]
http://d...Since yesterday, the python3-3.5.6-r0 \[1\] and python3-dev-3.5.6-r0
\[2\] are missing in the package repository. The packages appear with
this version numbers in the package index but do not exist on the
download server.
\[1\]
http://dl-cdn.alpinelinux.org/alpine/v3.5/main/x86\_64/python3-3.5.6-r0.apk
\[2\]
http://dl-cdn.alpinelinux.org/alpine/v3.5/main/x86\_64/python3-dev-3.5.6-r0.apk
*(from redmine: issue id 9330, created on 2018-08-23, closed on 2018-09-30)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9329git.alpinelinux.org/cgit/alpine-secdb redirect to https://github.com/alpineli...2019-07-12T16:30:34ZJason Bradshawgit.alpinelinux.org/cgit/alpine-secdb redirect to https://github.com/alpinelinux/alpine-secdb causing issues with git clone via https (CLAIR SCANNER)Hopefully this is the right place. I was checking out goharbor, and
noticed that clair was having some issues with the alpine vulnerability
database downloads. Looks like clair
https://github.com/coreos/clair/blob/master/ext/vulnsrc/alpi...Hopefully this is the right place. I was checking out goharbor, and
noticed that clair was having some issues with the alpine vulnerability
database downloads. Looks like clair
https://github.com/coreos/clair/blob/master/ext/vulnsrc/alpine/alpine.go\#L38
is cloning via https and is having issues with the redirect.
{[Event]("could) not pull alpine-secdb
repository“,”Level“:”error“,”Location“:”alpine.go:186“,”Time“:”2018-08-23
02:13:59.211600“,”error“:”exit status 128“,”output“:”Cloning into
‘.’…\\nfatal: unable to update url base from redirection:\\n asked for:
https://git.alpinelinux.org/cgit/alpine-secdb/info/refs?service=git-upload-pack\\n
redirect: https://github.com/alpinelinux/alpine-secdb\\n"}
curl -v
https://git.alpinelinux.org/cgit/alpine-secdb/info/refs?service=git-upload-pack
- Trying 185.15.220.34…
…
…
>
< HTTP/1.1 301 Moved Permanently
…
…
< Location: https://github.com/alpinelinux/alpine-secdb
git clone https://git.alpinelinux.org/cgit/alpine-secdb
Cloning into ‘alpine-secdb’…
fatal: unable to update url base from redirection:
asked for:
https://git.alpinelinux.org/cgit/alpine-secdb/info/refs?service=git-upload-pack
redirect: https://github.com/alpinelinux/alpine-secdb
*(from redmine: issue id 9329, created on 2018-08-23, closed on 2018-08-23)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9247Improve mirror monitoring2019-07-12T16:30:26ZKevin DaudtImprove mirror monitoringCurrently mirror monitoring only includes checking if the mirror is
alive. Improve monitoring so that we can see if a mirror behind for a
long period.
*(from redmine: issue id 9247, created on 2018-08-16, closed on 2018-09-30)*Currently mirror monitoring only includes checking if the mirror is
alive. Improve monitoring so that we can see if a mirror behind for a
long period.
*(from redmine: issue id 9247, created on 2018-08-16, closed on 2018-09-30)*Kevin DaudtKevin Daudthttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9198images/ missing from boot.a.o2019-07-12T16:30:21ZGhost Userimages/ missing from boot.a.oThe links in the “Image” section are leading into 404’s, it worked
previously.
*(from redmine: issue id 9198, created on 2018-08-07, closed on 2018-08-20)*The links in the “Image” section are leading into 404’s, it worked
previously.
*(from redmine: issue id 9198, created on 2018-08-07, closed on 2018-08-20)*Carlo LandmeterCarlo Landmeter