infra issueshttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues2019-07-12T16:28:47Zhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/8414Central syslog server2019-07-12T16:28:47ZDaniel Isaksendisaksen@alpinelinux.orgCentral syslog serverWe should, for auditing and security purposes, set up a syslog server to
receive logs from all hosts we manage.
I propose we forward syslog from hosts to syslog-ng, possibly using
logstash and elasticsearch.
*(from redmine: issue id 8...We should, for auditing and security purposes, set up a syslog server to
receive logs from all hosts we manage.
I propose we forward syslog from hosts to syslog-ng, possibly using
logstash and elasticsearch.
*(from redmine: issue id 8414, created on 2018-01-25)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/8421Define mqtt (msg.alpinelinux.org) topic structure2019-07-12T16:28:49ZCarlo LandmeterDefine mqtt (msg.alpinelinux.org) topic structureWe should define a structure to use for our mqtt topics. Currently we
have:
- git/\*
- build/\*
- alert/\*
- rsync/\*
- monitoring/\*
- issues/\*
Are there any good design principles for topic structure?
*(from redmine: i...We should define a structure to use for our mqtt topics. Currently we
have:
- git/\*
- build/\*
- alert/\*
- rsync/\*
- monitoring/\*
- issues/\*
Are there any good design principles for topic structure?
*(from redmine: issue id 8421, created on 2018-01-25)*
* Relations:
* child #8468Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/8429Mirror redirector2019-07-12T16:28:51ZDaniel Isaksendisaksen@alpinelinux.orgMirror redirectorIn order to fully utilize our numerous mirrors, we must create a HTTP
mirror redirector for use in \`apk\`.
I have looked into using GeoDNS for this, but considering mirrors store
alpine on different paths (i.e. /alpinelinux, /alpine-li...In order to fully utilize our numerous mirrors, we must create a HTTP
mirror redirector for use in \`apk\`.
I have looked into using GeoDNS for this, but considering mirrors store
alpine on different paths (i.e. /alpinelinux, /alpine-linux, /alpine)
this is impossible.
I will test mirrorbits for this, and keep this issue updated with
progress.
*(from redmine: issue id 8429, created on 2018-01-27)*Daniel Isaksendisaksen@alpinelinux.orgDaniel Isaksendisaksen@alpinelinux.orghttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9073GDPR compliance2019-07-12T16:30:02ZTBKGDPR complianceAccording to
https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data\_en\#examples-of-personal-data
the data collected for the creation of an account for the following two
sites:
- https://wiki.alpinelinux.or...According to
https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data\_en\#examples-of-personal-data
the data collected for the creation of an account for the following two
sites:
- https://wiki.alpinelinux.org/w/index.php?title=Special:UserLogin&returnto=Main+Page&type=signup
- https://bugs.alpinelinux.org/account/register
is considered personal data so the statement “We do not process personal
data on this site.” found on the sites mentioned below is no longer
valid:
- https://alpinelinux.org/privacy-policy.html
- https://wiki.alpinelinux.org/wiki/Alpine\_Linux:Privacy\_policy
I do not know what kind of legal entity the Alpine Linux project is or
where it is registered, nor is privacy law or any kind of law my area
expertise I just want to bring it to attention so if any incident should
happen the AL project has taken its precautions and have procedures in
place.
*(from redmine: issue id 9073, created on 2018-07-11)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9650Implement detailed monitoring of container hosts2019-07-12T16:31:09ZKevin DaudtImplement detailed monitoring of container hostsMonitoring so far has only be done from the outside, checking that
websites and other services were available.
Now the need has risen to get monitoring of things like used disk space
as well (some hosts almost run out of disk space). Fo...Monitoring so far has only be done from the outside, checking that
websites and other services were available.
Now the need has risen to get monitoring of things like used disk space
as well (some hosts almost run out of disk space). For that to be
possible we need some kind of agent installed on the host. For Zabbix,
we have 2 options:
- SNMP
- Zabbix agent
So we need to choose what method we are going to use. One consideration
we need to take into account is security, especially for the builder
hosts.
*(from redmine: issue id 9650, created on 2018-11-16)*Kevin DaudtKevin Daudthttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/3615Mailing list web archive need some thorough revamp2019-07-18T19:30:44ZPrzemysław PawełczykMailing list web archive need some thorough revampWhat we see at http://lists.alpinelinux.org/ is simply unbearably awful.
*(from redmine: issue id 3615, created on 2014-12-10)*What we see at http://lists.alpinelinux.org/ is simply unbearably awful.
*(from redmine: issue id 3615, created on 2014-12-10)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10634Migration steps from Redmine to Gitlab2019-07-18T21:16:49ZCarlo LandmeterMigration steps from Redmine to GitlabSetup alpine-docker-gitlab
==========================
Docker
------
1. Clone: https://github.com/clandmeter/alpine-docker-gitlab
2. Use a docker-compose file like https://tpaste.us/Bo7b
3. Generate secrets by exec contrib/secrets.sh...Setup alpine-docker-gitlab
==========================
Docker
------
1. Clone: https://github.com/clandmeter/alpine-docker-gitlab
2. Use a docker-compose file like https://tpaste.us/Bo7b
3. Generate secrets by exec contrib/secrets.sh
4. Start docker containers with docker-compose up (keep it in the
foreground to see if something goes wrong)
5. See console for root password or look it up in the secrets files
6. modify unicorn.rb and set process to threads+1
7. restart docker-compose but in the background
Gitlab
------
1. Login to gitlab as root
2. Create alpine Group
3. Create aports project
4. Set group/project writable for users
5. Add a SSH key to the root user (we need it to push aports)
6. Create an API for the root user for migration
7. git push aports with mirror option
Redmine
-------
1. Create api key for admin users on redmine
Migration
---------
### Installation of migrator
1. clone https://github.com/johan-smits/redmine-gitlab-migrator
2. Follow readme to install python application
### Users
1. Generate a users.txt file from the script on mysql db server
(`ssh root`alpine-db.nld3.alpin.pw sh /root/get-redmine-users.sh@)
2. migrate all bugs users to gitlab
- Script https://tpaste.us/baLW
- this makes all of them admins
### Milestones
1. Use migrator from
https://github.com/johan-smits/redmine-gitlab-migrator
2. migrate-rg roadmap —no-verify \\
—redmine-key “$redmine\_api\_key” \\
—gitlab-key “$gitlab\_api\_key” \\
“$redmine\_uri” “$gitlab\_uri”
### Issues
1. Use migrator from
https://github.com/johan-smits/redmine-gitlab-migrator
2. migrate-rg issues —debug —no-verify —keep-id \\
—redmine-key $redmine\_api\_key \\
—gitlab-key $gitlab\_api\_key \\
$redmine\_uri $gitlab\_uri
3. debug is to make it output something when its pre processing
Cleanup
-------
1. Reset all admin privs by setting admin=false in db for all users
except admin
Configuration
-------------
1. TODO
*(from redmine: issue id 10634, created on 2019-06-28)*
* Relations:
* parent #10573Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10606Redmine and git project/repo conversion/migration to Gitlab2019-07-18T21:17:09ZCarlo LandmeterRedmine and git project/repo conversion/migration to Gitlabwe currently have a specific setup on both Redmine and git.a.o.
### Redmine projects
- AConf
- Alpine Linux
- Alpine Build tools (abuild)
- Alpine Documentation
- Alpine Infrastructure
- Alpine Package Keepe...we currently have a specific setup on both Redmine and git.a.o.
### Redmine projects
- AConf
- Alpine Linux
- Alpine Build tools (abuild)
- Alpine Documentation
- Alpine Infrastructure
- Alpine Package Keeper (apk-tools)
- Alpine Security
- Alpine Setup Scripts
- AWall
- Squark
### git.a.o repos
- Alpine Projects
- repos
- Docks
- repos
- ACF
- repos
- Hosted
- repos
- user
- user repos
### Namespace conversion for projects with source code (git repo):
- projects/alpine =>alpine/aports
- projects/abuild =>alpine/abuild
- projects/apk-tools =>alpine/apk-tools
- projects/alpine-conf =>alpine/alpine-conf
- projects/awall =>alpine/awall
### Namespace conversion for projects without source code (git repo)
These would have a single README.md explaining these projects have
issues only
- projects/alpine-infra =>alpine/infra/general
- projects/alpinedoc =>alpine/docs/general
- projects/alpine-security =>alpine/security/general
### Docs (git repos)
These have no projects on redmine and can be converted to similar Gitlab
namespacing:
- alpine/docs/repository
### Hosted (git repos)
Need to check under which namespace to move these
### ACF
There are a lot of repos on git.a.o and we have mixed the issues within
the alpine (aports) namespace.
We have to discus with Ted Trask how to handle this.
### AConf
I think we can skip migrating Aconf, this project seems empty on
redmine.
### Squark
This seems like an old project. Probably easier to just keep it on
git.a.o
### User repos
We can allow users to migrate their repositories into gitlab or just
keep them on git.a.o.
*(from redmine: issue id 10606, created on 2019-06-23)*
* Relations:
* parent #10573Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10573migration to gitlab2020-01-06T13:02:23ZCarlo Landmetermigration to gitlabwe are currently testing a new gitlab instance at
gitlab.alpinelinux.org.
Please reply with issues found and features which are missing.
This is also a good place to start discussing how to organize git.a.o
and bugs.a.o into gitlab.
...we are currently testing a new gitlab instance at
gitlab.alpinelinux.org.
Please reply with issues found and features which are missing.
This is also a good place to start discussing how to organize git.a.o
and bugs.a.o into gitlab.
If you want a test account please email me or send a message on IRC for
a password as smtp is disabled atm for obvious reasons.
*(from redmine: issue id 10573, created on 2019-06-14)*
* Relations:
* child #10606
* child #10634
* Uploads:
* ![Screenshot_from_2019-06-14_12-03-06](/uploads/154af9d912af126b459e0740e11c7421/Screenshot_from_2019-06-14_12-03-06.png)Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9493improve patchwork mail routing2020-01-06T13:05:58ZCarlo Landmeterimprove patchwork mail routingCurrently mails for patchwork are routed via redmine container.
This is not very obvious and can lead into issues when changing
container locations.
It would be better if we have a single point of entry (mail.a.o) and
forward to the ...Currently mails for patchwork are routed via redmine container.
This is not very obvious and can lead into issues when changing
container locations.
It would be better if we have a single point of entry (mail.a.o) and
forward to the correct container directly via vpn.
*(from redmine: issue id 9493, created on 2018-09-30)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9589Anitya (release-monitoring) checker stopped working2020-01-06T13:06:54ZJakub JirutkaAnitya (release-monitoring) checker stopped workingMy access to the container running pkgs.a.o has stopped working
**again**, so I cannot check out what’s wrong. `anitya-check-all` should
be executed periodically by cron.
ssh jirutka@172.16.4.21
ssh: connect to host 172.16.4.21 ...My access to the container running pkgs.a.o has stopped working
**again**, so I cannot check out what’s wrong. `anitya-check-all` should
be executed periodically by cron.
ssh jirutka@172.16.4.21
ssh: connect to host 172.16.4.21 port 22: No route to host
*(from redmine: issue id 9589, created on 2018-10-26)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9134Improve the contributors/developers environment2020-01-06T13:09:55ZCarlo LandmeterImprove the contributors/developers environmentThis issue is not specifically targeted at a single item in our infra
but more general discussion thread to eventually evolve into sub tasks
to get a better environment.
Please add your issues and/or possible solutions and ill update t...This issue is not specifically targeted at a single item in our infra
but more general discussion thread to eventually evolve into sub tasks
to get a better environment.
Please add your issues and/or possible solutions and ill update this
item.
Current issues
==============
Authentication
--------------
Currently Redmine does not support proper Oauth integration. It would be
nice if we could have that implemented.
We currently have an issue open \#9081 to disable anon bug reporting.
Issues per branch
-----------------
Would be nice if we could somehow track security issues per branch see:
https://www.redmine.org/issues/1266\#change-56683
Multi Arch CI
-------------
Currently we use an external service (travis) to verify our
contributions. The limitations is that this is only available for
x86\_84.
It would be nice if we could somehow have a CI which can push jobs to
different containers in our infra on different architectures.
Most of our developers do not have access to these Archs so It would be
nice for them to send jobs to verify their contributions.
Patch queue management
----------------------
We currently have 2 queues, GitHub and Patchwork. This is by far optimal
and should be reduced to a single queue where people can contribute
to.
This will be much easier to maintain and less people will complain one
of the queues is better managed and remove questions as to which they
should contribute to.
To my knowledge the reason people use patchwork/ml is that they don’t
like to have an account on Github for privacy reasons. I think we should
support
this request and provided them with an alternative solution which means
we would have to replace both of them with a locally hosted solution.
Ideas regarding solutions
=========================
Unified solution
----------------
I’ve looked into the Open Source world to see if there is a holy grail
to work around the above mentioned issues.
After reviewing I ended up with only two solutions that seem to pack the
feature set we currently need is very active and had proper
documentation.
Both projects also have a side project which can migrate issues from
Redmine which is kind of nice to have.
### GitLab
This currently seems to be a choice for many other open source projects,
but its very hard to maintain it locally.
I started packaging the individual parts (gitlab-ce, gitaly…) but it was
very messy and i ended up with huge packages. I’ve seen Jirutka has
tried to
package it up for Gentoo but in the end stopped working on it. So in the
end I gave up because it seems to be very messy and time consuming.
### Phabricator
This application seems to be very easy to install, has only a few
dependencies so its a matter of an hour to get up and running.
Also the upgrade path is very simple and will be very easy to maintain
(if I read the documentation correctly).
The main issue we faced up till now is the workflow and the actual patch
integration in Phabricator. The only way to retrieve the patches
is to fetch the diff via the web interface or via the PHP cli. There is
no way to grab an mbox file or branch and locally apply and push it
(like we do with github).
This is one of the main issues ncopa faced when trying it out. I didn’t
look closer if this can be overcome somehow.
There is a test instance available at https://phabtest.alpinelinux.org
(the database isn’t running local so its maybe a bit slow at times).
Separate solutions
------------------
I didn’t have time yet to look into possible other solutions so any
feedback is appreciated.
*(from redmine: issue id 9134, created on 2018-07-25)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9071Outdated copyright notice2020-01-06T13:10:33ZTBKOutdated copyright noticeOn https://alpinelinux.org/ and https://pkgs.alpinelinux.org/packages
the footer copyright notice says 2017.
See attached file.
*(from redmine: issue id 9071, created on 2018-07-11)*
* Uploads:
* ![2018-07-11_03-02-09](/uploads/c79...On https://alpinelinux.org/ and https://pkgs.alpinelinux.org/packages
the footer copyright notice says 2017.
See attached file.
*(from redmine: issue id 9071, created on 2018-07-11)*
* Uploads:
* ![2018-07-11_03-02-09](/uploads/c79b02d159f5ab696d19f1efe5447669/2018-07-11_03-02-09.png)Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/1858Create mailing list for security alerts2020-01-06T14:19:15ZNatanael CopaCreate mailing list for security alertsWe already have a amiling list named ‘alpine-security’. I wonder if we
should make it more clear what this list is for.
Maybe we should have a sec-errata@lists.alpinelinux.org too, where we
only post security erratas.
*(from redmine: ...We already have a amiling list named ‘alpine-security’. I wonder if we
should make it more clear what this list is for.
Maybe we should have a sec-errata@lists.alpinelinux.org too, where we
only post security erratas.
*(from redmine: issue id 1858, created on 2013-05-13)*
* Relations:
* relates #2104
* parent #1846Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/8448Alpine theme for Redmine2020-02-24T17:42:01ZDaniel Isaksendisaksen@alpinelinux.orgAlpine theme for RedmineIt’d be nice if our Redmine installation conformed with the Alpine
“template” website, like alpinelinux.org, pkgs.a.o, mirrors.a.o and
such.
*(from redmine: issue id 8448, created on 2018-01-30)*It’d be nice if our Redmine installation conformed with the Alpine
“template” website, like alpinelinux.org, pkgs.a.o, mirrors.a.o and
such.
*(from redmine: issue id 8448, created on 2018-01-30)*Daniel Isaksendisaksen@alpinelinux.orgDaniel Isaksendisaksen@alpinelinux.orghttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/8489Improving package search - searching in pkgdesc2020-03-28T15:18:18ZBernhard J. M. GrünImproving package search - searching in pkgdescIt would be a nice improvement to also have a switch to enable searching
in package descriptions (pkgdesc) too on the website
https://pkgs.alpinelinux.org/packages .
*(from redmine: issue id 8489, created on 2018-02-15)*It would be a nice improvement to also have a switch to enable searching
in package descriptions (pkgdesc) too on the website
https://pkgs.alpinelinux.org/packages .
*(from redmine: issue id 8489, created on 2018-02-15)*Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9698FWD: CERT/CC needs Alpine email address & contact information for vulnerabil...2020-04-14T21:01:23ZNatanael CopaFWD: CERT/CC needs Alpine email address & contact information for vulnerability reports————— Forwarded message ————-
From: Laurie A Tyzenhaus <latyzenhaus@cert.org>
Date: qua, 21 de nov de 2018 às 18:16
Subject: CERT/CC needs Alpine email address & contact information for
vulnerability reports
Daniel Sabogal; Al...————— Forwarded message ————-
From: Laurie A Tyzenhaus <latyzenhaus@cert.org>
Date: qua, 21 de nov de 2018 às 18:16
Subject: CERT/CC needs Alpine email address & contact information for
vulnerability reports
Daniel Sabogal; Alicha CH;
CERT Coordination Center is updating their contact list and finds that
the
email address we have, alpine@bugs.alpinelinux.org, is not valid.
Please take a few minutes to reply to this email with an email address
that
the Alpine Linux security team will be reviewing. A current contact
email
address is vital to alerting vendors to the latest vulnerabilities CERT
is
researching and reporting.
Best Regards,
CERT Coordination Center
*(from redmine: issue id 9698, created on 2018-11-27)*https://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10484lxc-based builders seem not to have lxcfs enabled2020-04-19T13:31:02ZChloe Kudryavtsevlxc-based builders seem not to have lxcfs enabledUnder lxc, side-effects can happen when resources are limited.
As an example, see
https://build.alpinelinux.org/buildlogs/build-edge-x86/community/caddy/caddy-1.0.0-r0.log
This is caused by the container not knowing what it’s actuall...Under lxc, side-effects can happen when resources are limited.
As an example, see
https://build.alpinelinux.org/buildlogs/build-edge-x86/community/caddy/caddy-1.0.0-r0.log
This is caused by the container not knowing what it’s actually allowed
to use, and thus not having a value (in this case, defaulting to –1).
This can and will cause various failures.
*(from redmine: issue id 10484, created on 2019-05-23)*Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/10223Verify / update firewall rules ipv62020-09-15T17:12:14ZKevin DaudtVerify / update firewall rules ipv6At the moment we mostly concentrated on IPv4 rules. Although awall by
default also includes ipv6 rules, we still need to verify them to see if
the rules are working properly.
*(from redmine: issue id 10223, created on 2019-04-09)*At the moment we mostly concentrated on IPv4 rules. Although awall by
default also includes ipv6 rules, we still need to verify them to see if
the rules are working properly.
*(from redmine: issue id 10223, created on 2019-04-09)*Kevin DaudtKevin Daudthttps://gitlab.alpinelinux.org/alpine/infra/infra/-/issues/9055Add an index.tab and index.json to the download site2021-11-12T15:08:51ZNick SchonningAdd an index.tab and index.json to the download siteSorry I’m just not looking in the right place. I checked out
http://dl-cdn.alpinelinux.org/alpine/ but couldn’t find anything like
what nodejs has for being able to easily pull relase version info. EX:
\- https://nodejs.org/dist/index.j...Sorry I’m just not looking in the right place. I checked out
http://dl-cdn.alpinelinux.org/alpine/ but couldn’t find anything like
what nodejs has for being able to easily pull relase version info. EX:
\- https://nodejs.org/dist/index.json
- https://nodejs.org/dist/index.tab
This appears to be done by a tool they wrote here
https://github.com/nodejs/nodejs-dist-indexer
The reason I’m looking for a file like this is to automate bumping
images as they are released
*(from redmine: issue id 9055, created on 2018-07-05)*Natanael CopaNatanael Copa