infra issueshttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues2019-07-18T21:16:49Zhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10634Migration steps from Redmine to Gitlab2019-07-18T21:16:49ZCarlo LandmeterMigration steps from Redmine to GitlabSetup alpine-docker-gitlab
==========================
Docker
------
1. Clone: https://github.com/clandmeter/alpine-docker-gitlab
2. Use a docker-compose file like https://tpaste.us/Bo7b
3. Generate secrets by exec contrib/secrets.sh...Setup alpine-docker-gitlab
==========================
Docker
------
1. Clone: https://github.com/clandmeter/alpine-docker-gitlab
2. Use a docker-compose file like https://tpaste.us/Bo7b
3. Generate secrets by exec contrib/secrets.sh
4. Start docker containers with docker-compose up (keep it in the
foreground to see if something goes wrong)
5. See console for root password or look it up in the secrets files
6. modify unicorn.rb and set process to threads+1
7. restart docker-compose but in the background
Gitlab
------
1. Login to gitlab as root
2. Create alpine Group
3. Create aports project
4. Set group/project writable for users
5. Add a SSH key to the root user (we need it to push aports)
6. Create an API for the root user for migration
7. git push aports with mirror option
Redmine
-------
1. Create api key for admin users on redmine
Migration
---------
### Installation of migrator
1. clone https://github.com/johan-smits/redmine-gitlab-migrator
2. Follow readme to install python application
### Users
1. Generate a users.txt file from the script on mysql db server
(`ssh root`alpine-db.nld3.alpin.pw sh /root/get-redmine-users.sh@)
2. migrate all bugs users to gitlab
- Script https://tpaste.us/baLW
- this makes all of them admins
### Milestones
1. Use migrator from
https://github.com/johan-smits/redmine-gitlab-migrator
2. migrate-rg roadmap —no-verify \\
—redmine-key “$redmine\_api\_key” \\
—gitlab-key “$gitlab\_api\_key” \\
“$redmine\_uri” “$gitlab\_uri”
### Issues
1. Use migrator from
https://github.com/johan-smits/redmine-gitlab-migrator
2. migrate-rg issues —debug —no-verify —keep-id \\
—redmine-key $redmine\_api\_key \\
—gitlab-key $gitlab\_api\_key \\
$redmine\_uri $gitlab\_uri
3. debug is to make it output something when its pre processing
Cleanup
-------
1. Reset all admin privs by setting admin=false in db for all users
except admin
Configuration
-------------
1. TODO
*(from redmine: issue id 10634, created on 2019-06-28)*
* Relations:
* parent #10573Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10606Redmine and git project/repo conversion/migration to Gitlab2019-07-18T21:17:09ZCarlo LandmeterRedmine and git project/repo conversion/migration to Gitlabwe currently have a specific setup on both Redmine and git.a.o.
### Redmine projects
- AConf
- Alpine Linux
- Alpine Build tools (abuild)
- Alpine Documentation
- Alpine Infrastructure
- Alpine Package Keepe...we currently have a specific setup on both Redmine and git.a.o.
### Redmine projects
- AConf
- Alpine Linux
- Alpine Build tools (abuild)
- Alpine Documentation
- Alpine Infrastructure
- Alpine Package Keeper (apk-tools)
- Alpine Security
- Alpine Setup Scripts
- AWall
- Squark
### git.a.o repos
- Alpine Projects
- repos
- Docks
- repos
- ACF
- repos
- Hosted
- repos
- user
- user repos
### Namespace conversion for projects with source code (git repo):
- projects/alpine =>alpine/aports
- projects/abuild =>alpine/abuild
- projects/apk-tools =>alpine/apk-tools
- projects/alpine-conf =>alpine/alpine-conf
- projects/awall =>alpine/awall
### Namespace conversion for projects without source code (git repo)
These would have a single README.md explaining these projects have
issues only
- projects/alpine-infra =>alpine/infra/general
- projects/alpinedoc =>alpine/docs/general
- projects/alpine-security =>alpine/security/general
### Docs (git repos)
These have no projects on redmine and can be converted to similar Gitlab
namespacing:
- alpine/docs/repository
### Hosted (git repos)
Need to check under which namespace to move these
### ACF
There are a lot of repos on git.a.o and we have mixed the issues within
the alpine (aports) namespace.
We have to discus with Ted Trask how to handle this.
### AConf
I think we can skip migrating Aconf, this project seems empty on
redmine.
### Squark
This seems like an old project. Probably easier to just keep it on
git.a.o
### User repos
We can allow users to migrate their repositories into gitlab or just
keep them on git.a.o.
*(from redmine: issue id 10606, created on 2019-06-23)*
* Relations:
* parent #10573Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10593Publicise list of aports without a maintainer2023-06-07T13:27:34ZTBKPublicise list of aports without a maintainerWe currently have quite a few aports without a maintainer spread across
all branches.
One possible solution to reduce the number is to bring the issue to the
community’s attention.
An automated solution weekly/bi-weekly listing the apo...We currently have quite a few aports without a maintainer spread across
all branches.
One possible solution to reduce the number is to bring the issue to the
community’s attention.
An automated solution weekly/bi-weekly listing the aports (without a
maintainer) seeking a new home.
The list could be pushed to the website, IRC and ML for maximum
exposure.
*(from redmine: issue id 10593, created on 2019-06-20)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10573migration to gitlab2020-01-06T13:02:23ZCarlo Landmetermigration to gitlabwe are currently testing a new gitlab instance at
gitlab.alpinelinux.org.
Please reply with issues found and features which are missing.
This is also a good place to start discussing how to organize git.a.o
and bugs.a.o into gitlab.
...we are currently testing a new gitlab instance at
gitlab.alpinelinux.org.
Please reply with issues found and features which are missing.
This is also a good place to start discussing how to organize git.a.o
and bugs.a.o into gitlab.
If you want a test account please email me or send a message on IRC for
a password as smtp is disabled atm for obvious reasons.
*(from redmine: issue id 10573, created on 2019-06-14)*
* Relations:
* child #10606
* child #10634
* Uploads:
* ![Screenshot_from_2019-06-14_12-03-06](/uploads/154af9d912af126b459e0740e11c7421/Screenshot_from_2019-06-14_12-03-06.png)Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10484lxc-based builders seem not to have lxcfs enabled2020-04-19T13:31:02ZChloe Kudryavtsevlxc-based builders seem not to have lxcfs enabledUnder lxc, side-effects can happen when resources are limited.
As an example, see
https://build.alpinelinux.org/buildlogs/build-edge-x86/community/caddy/caddy-1.0.0-r0.log
This is caused by the container not knowing what it’s actuall...Under lxc, side-effects can happen when resources are limited.
As an example, see
https://build.alpinelinux.org/buildlogs/build-edge-x86/community/caddy/caddy-1.0.0-r0.log
This is caused by the container not knowing what it’s actually allowed
to use, and thus not having a value (in this case, defaulting to –1).
This can and will cause various failures.
*(from redmine: issue id 10484, created on 2019-05-23)*Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10223Verify / update firewall rules ipv62020-09-15T17:12:14ZKevin DaudtVerify / update firewall rules ipv6At the moment we mostly concentrated on IPv4 rules. Although awall by
default also includes ipv6 rules, we still need to verify them to see if
the rules are working properly.
*(from redmine: issue id 10223, created on 2019-04-09)*At the moment we mostly concentrated on IPv4 rules. Although awall by
default also includes ipv6 rules, we still need to verify them to see if
the rules are working properly.
*(from redmine: issue id 10223, created on 2019-04-09)*Kevin DaudtKevin Daudthttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9977Flagging packages is not working, 404 instead.2023-06-07T12:16:38ZYaron ShahrabaniFlagging packages is not working, 404 instead.This is website related.
The packages interface doesn’t allow flagging, an error appears.
*(from redmine: issue id 9977, created on 2019-02-11)*This is website related.
The packages interface doesn’t allow flagging, an error appears.
*(from redmine: issue id 9977, created on 2019-02-11)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9924Allow selecting all arches in pkgs.alpinelinux.org2023-06-07T12:16:38ZKevin DaudtAllow selecting all arches in pkgs.alpinelinux.orgThe arch selection field by default has no arch selected, so it allows
you to search in any arch. But once you selected an arch, it’s no longer
possible to select no arch.
*(from redmine: issue id 9924, created on 2019-01-26)*The arch selection field by default has no arch selected, so it allows
you to search in any arch. But once you selected an arch, it’s no longer
possible to select no arch.
*(from redmine: issue id 9924, created on 2019-01-26)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9912Writeable install images2022-07-24T02:05:31ZRichard MortierWriteable install imagesI was recently installing a set of machines, and used the provided .ISO
images on a USB stick to do so.
That worked fine, but it would’ve been nice if I could’ve customised the
image after the first install as it would’ve made each sub...I was recently installing a set of machines, and used the provided .ISO
images on a USB stick to do so.
That worked fine, but it would’ve been nice if I could’ve customised the
image after the first install as it would’ve made each subsequent
install a bit quicker.
I couldn’t do this because the ISO filesystem is read-only.
Would it be possible to provide (eg) an EXT2 or VFAT or something image
file that could be downloaded, burnt to a USB stick, and then modified
after first boot please?
*(from redmine: issue id 9912, created on 2019-01-25)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9899add ntp servers for alpine2022-11-09T12:51:56ZNatanael Copaadd ntp servers for alpinewe should not use pool.ntp.org for our default ntp config, instead we
should set up our own ntp servers.
https://www.pool.ntp.org/vendors.html#vendor-zone
https://www.pool.ntp.org/vendors.html#open-source
*(from redmine: issue id 98...we should not use pool.ntp.org for our default ntp config, instead we
should set up our own ntp servers.
https://www.pool.ntp.org/vendors.html#vendor-zone
https://www.pool.ntp.org/vendors.html#open-source
*(from redmine: issue id 9899, created on 2019-01-23)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9698FWD: CERT/CC needs Alpine email address & contact information for vulnerabil...2020-04-14T21:01:23ZNatanael CopaFWD: CERT/CC needs Alpine email address & contact information for vulnerability reports————— Forwarded message ————-
From: Laurie A Tyzenhaus <latyzenhaus@cert.org>
Date: qua, 21 de nov de 2018 às 18:16
Subject: CERT/CC needs Alpine email address & contact information for
vulnerability reports
Daniel Sabogal; Al...————— Forwarded message ————-
From: Laurie A Tyzenhaus <latyzenhaus@cert.org>
Date: qua, 21 de nov de 2018 às 18:16
Subject: CERT/CC needs Alpine email address & contact information for
vulnerability reports
Daniel Sabogal; Alicha CH;
CERT Coordination Center is updating their contact list and finds that
the
email address we have, alpine@bugs.alpinelinux.org, is not valid.
Please take a few minutes to reply to this email with an email address
that
the Alpine Linux security team will be reviewing. A current contact
email
address is vital to alerting vendors to the latest vulnerabilities CERT
is
researching and reporting.
Best Regards,
CERT Coordination Center
*(from redmine: issue id 9698, created on 2018-11-27)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9650Implement detailed monitoring of container hosts2019-07-12T16:31:09ZKevin DaudtImplement detailed monitoring of container hostsMonitoring so far has only be done from the outside, checking that
websites and other services were available.
Now the need has risen to get monitoring of things like used disk space
as well (some hosts almost run out of disk space). Fo...Monitoring so far has only be done from the outside, checking that
websites and other services were available.
Now the need has risen to get monitoring of things like used disk space
as well (some hosts almost run out of disk space). For that to be
possible we need some kind of agent installed on the host. For Zabbix,
we have 2 options:
- SNMP
- Zabbix agent
So we need to choose what method we are going to use. One consideration
we need to take into account is security, especially for the builder
hosts.
*(from redmine: issue id 9650, created on 2018-11-16)*Kevin DaudtKevin Daudthttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9589Anitya (release-monitoring) checker stopped working2020-01-06T13:06:54ZJakub JirutkaAnitya (release-monitoring) checker stopped workingMy access to the container running pkgs.a.o has stopped working
**again**, so I cannot check out what’s wrong. `anitya-check-all` should
be executed periodically by cron.
ssh jirutka@172.16.4.21
ssh: connect to host 172.16.4.21 ...My access to the container running pkgs.a.o has stopped working
**again**, so I cannot check out what’s wrong. `anitya-check-all` should
be executed periodically by cron.
ssh jirutka@172.16.4.21
ssh: connect to host 172.16.4.21 port 22: No route to host
*(from redmine: issue id 9589, created on 2018-10-26)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9573Add TLS certificate for email relaying in lists.alpinelinux.org2022-10-06T21:01:19ZMilliardo PeacecraftAdd TLS certificate for email relaying in lists.alpinelinux.orgHello,
As subject states, lists.alpinelinux.org doesn’t offer a certificate for
using STARTTLS in MTA to MTA communication. This can be checked by:
$ openssl s_client -connect lists.alpinelinux.org:25 -starttls smtp
CONNECTED(0...Hello,
As subject states, lists.alpinelinux.org doesn’t offer a certificate for
using STARTTLS in MTA to MTA communication. This can be checked by:
$ openssl s_client -connect lists.alpinelinux.org:25 -starttls smtp
CONNECTED(00000003)
didn't find starttls in server response, try anyway...
22101338425312:error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number:/usr/src/lib/libssl/ssl_pkt.c:386:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 208 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1540317980
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
Under some email servers setups such as mine, email isn’t relayed if the
remote doesn’t provides STARTTLS.
Best regards.
*(from redmine: issue id 9573, created on 2018-10-24)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9493improve patchwork mail routing2020-01-06T13:05:58ZCarlo Landmeterimprove patchwork mail routingCurrently mails for patchwork are routed via redmine container.
This is not very obvious and can lead into issues when changing
container locations.
It would be better if we have a single point of entry (mail.a.o) and
forward to the ...Currently mails for patchwork are routed via redmine container.
This is not very obvious and can lead into issues when changing
container locations.
It would be better if we have a single point of entry (mail.a.o) and
forward to the correct container directly via vpn.
*(from redmine: issue id 9493, created on 2018-09-30)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9134Improve the contributors/developers environment2020-01-06T13:09:55ZCarlo LandmeterImprove the contributors/developers environmentThis issue is not specifically targeted at a single item in our infra
but more general discussion thread to eventually evolve into sub tasks
to get a better environment.
Please add your issues and/or possible solutions and ill update t...This issue is not specifically targeted at a single item in our infra
but more general discussion thread to eventually evolve into sub tasks
to get a better environment.
Please add your issues and/or possible solutions and ill update this
item.
Current issues
==============
Authentication
--------------
Currently Redmine does not support proper Oauth integration. It would be
nice if we could have that implemented.
We currently have an issue open \#9081 to disable anon bug reporting.
Issues per branch
-----------------
Would be nice if we could somehow track security issues per branch see:
https://www.redmine.org/issues/1266\#change-56683
Multi Arch CI
-------------
Currently we use an external service (travis) to verify our
contributions. The limitations is that this is only available for
x86\_84.
It would be nice if we could somehow have a CI which can push jobs to
different containers in our infra on different architectures.
Most of our developers do not have access to these Archs so It would be
nice for them to send jobs to verify their contributions.
Patch queue management
----------------------
We currently have 2 queues, GitHub and Patchwork. This is by far optimal
and should be reduced to a single queue where people can contribute
to.
This will be much easier to maintain and less people will complain one
of the queues is better managed and remove questions as to which they
should contribute to.
To my knowledge the reason people use patchwork/ml is that they don’t
like to have an account on Github for privacy reasons. I think we should
support
this request and provided them with an alternative solution which means
we would have to replace both of them with a locally hosted solution.
Ideas regarding solutions
=========================
Unified solution
----------------
I’ve looked into the Open Source world to see if there is a holy grail
to work around the above mentioned issues.
After reviewing I ended up with only two solutions that seem to pack the
feature set we currently need is very active and had proper
documentation.
Both projects also have a side project which can migrate issues from
Redmine which is kind of nice to have.
### GitLab
This currently seems to be a choice for many other open source projects,
but its very hard to maintain it locally.
I started packaging the individual parts (gitlab-ce, gitaly…) but it was
very messy and i ended up with huge packages. I’ve seen Jirutka has
tried to
package it up for Gentoo but in the end stopped working on it. So in the
end I gave up because it seems to be very messy and time consuming.
### Phabricator
This application seems to be very easy to install, has only a few
dependencies so its a matter of an hour to get up and running.
Also the upgrade path is very simple and will be very easy to maintain
(if I read the documentation correctly).
The main issue we faced up till now is the workflow and the actual patch
integration in Phabricator. The only way to retrieve the patches
is to fetch the diff via the web interface or via the PHP cli. There is
no way to grab an mbox file or branch and locally apply and push it
(like we do with github).
This is one of the main issues ncopa faced when trying it out. I didn’t
look closer if this can be overcome somehow.
There is a test instance available at https://phabtest.alpinelinux.org
(the database isn’t running local so its maybe a bit slow at times).
Separate solutions
------------------
I didn’t have time yet to look into possible other solutions so any
feedback is appreciated.
*(from redmine: issue id 9134, created on 2018-07-25)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9076Remove flag button from non-edge packages on pkgs.alpinelinux.org2022-07-25T10:55:13ZSascha PaunovicRemove flag button from non-edge packages on pkgs.alpinelinux.orgSince one cannot flag packages that aren’t in the edge repos, having the
flag button doesn’t make sense there doesn’t make sense.
*(from redmine: issue id 9076, created on 2018-07-11)*Since one cannot flag packages that aren’t in the edge repos, having the
flag button doesn’t make sense there doesn’t make sense.
*(from redmine: issue id 9076, created on 2018-07-11)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9073GDPR compliance2019-07-12T16:30:02ZTBKGDPR complianceAccording to
https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data\_en\#examples-of-personal-data
the data collected for the creation of an account for the following two
sites:
- https://wiki.alpinelinux.or...According to
https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data\_en\#examples-of-personal-data
the data collected for the creation of an account for the following two
sites:
- https://wiki.alpinelinux.org/w/index.php?title=Special:UserLogin&returnto=Main+Page&type=signup
- https://bugs.alpinelinux.org/account/register
is considered personal data so the statement “We do not process personal
data on this site.” found on the sites mentioned below is no longer
valid:
- https://alpinelinux.org/privacy-policy.html
- https://wiki.alpinelinux.org/wiki/Alpine\_Linux:Privacy\_policy
I do not know what kind of legal entity the Alpine Linux project is or
where it is registered, nor is privacy law or any kind of law my area
expertise I just want to bring it to attention so if any incident should
happen the AL project has taken its precautions and have procedures in
place.
*(from redmine: issue id 9073, created on 2018-07-11)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9071Outdated copyright notice2020-01-06T13:10:33ZTBKOutdated copyright noticeOn https://alpinelinux.org/ and https://pkgs.alpinelinux.org/packages
the footer copyright notice says 2017.
See attached file.
*(from redmine: issue id 9071, created on 2018-07-11)*
* Uploads:
* ![2018-07-11_03-02-09](/uploads/c79...On https://alpinelinux.org/ and https://pkgs.alpinelinux.org/packages
the footer copyright notice says 2017.
See attached file.
*(from redmine: issue id 9071, created on 2018-07-11)*
* Uploads:
* ![2018-07-11_03-02-09](/uploads/c79b02d159f5ab696d19f1efe5447669/2018-07-11_03-02-09.png)Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9055Add an index.tab and index.json to the download site2021-11-12T15:08:51ZNick SchonningAdd an index.tab and index.json to the download siteSorry I’m just not looking in the right place. I checked out
http://dl-cdn.alpinelinux.org/alpine/ but couldn’t find anything like
what nodejs has for being able to easily pull relase version info. EX:
\- https://nodejs.org/dist/index.j...Sorry I’m just not looking in the right place. I checked out
http://dl-cdn.alpinelinux.org/alpine/ but couldn’t find anything like
what nodejs has for being able to easily pull relase version info. EX:
\- https://nodejs.org/dist/index.json
- https://nodejs.org/dist/index.tab
This appears to be done by a tool they wrote here
https://github.com/nodejs/nodejs-dist-indexer
The reason I’m looking for a file like this is to automate bumping
images as they are released
*(from redmine: issue id 9055, created on 2018-07-05)*Natanael CopaNatanael Copa