#2931 For fedorapeople repositories, enhance new_repo script to check group
Closed: Fixed None Opened 12 years ago by toshio.

= phenomenon =

Currently, fedorapeople repos have a freeform entry for the group/user that owns the repo. We should change this to have more meaning or get rid of it.

http://repos.fedorapeople.org/

= recommendation =

Modify the new_repo script on fedorapeople to check that the specified group is recognized by getent groups. Set the filesystem group to that group. Set the group sticky bit on the repo directories.

Cleanup the existing repos -- set the groups and change the directories to follow the above rules.


Confirmed that this is what we want the script to do at today's infra meeting. This should be pretty simple to code so any fi-apprentices that want to do some simple python coding can take a look at it.

The new_repo script is on fedorapeople.org:

/usr/local/bin/new_repo

(When you're done working on it, we'll check it into the puppet git repo and it will get deployed to fedorapeople from there).

This python documentation can help with getting group information:

https://fedorahosted.org/fedora-infrastructure/ticket/2931

Correct link for the python documentation:
python-docutils-0.8.1-1.fc16

sigh Third time's the charm:

Correct link for the python documentation:
http://docs.python.org/library/grp.html

New_repo script that needs to be modified
new_repo

I see that there is no progress on this till now.

I've attached an ugly patch that does the trick. The issue is that there is no recursive os.chown to make it simpler.

Reviewed your changes -- they look good. arielb was also doing some work on this. It looks like you have setting the group for the repository correctly and he attempts to check that the user is in the group that he's requesting (but that section of his code isn't finished yet). Maybe we should apply your patch and then he can continue working on his?

I'll attach his script so you can take a look. (Note that he also changed spaces to 8-space-tabs -- I've told him to revert that for the next version he makes. You can compare without whitespace to see what's actually changed.)

That's totally fine with me. I'll have a look in arielb's script.

BTW we could avoid all this chown (actually chgrp) thingy if we run "newgrp" before the mkdir functions. This could also verify the membership of the user in a group. But i didn't find a way to do so via python api.

Okay, I've updated the script that's live in production with the changes from ctria. arielb -- if you take a look, the portion that checks that the group is valid is in the updated script (I'll attach that next). You can merge and finish your work to check that the user is in the group on top of that.

add new_repo.3 with the change that checks whether the user belongs to one or more groups.

Moving all currently open easyfix tickets to the HANDYWAVY-FUTURE milestone.

I'm clearing the assigned status on all easyfix tickets.

If you are an apprentice actively working on this ticket, feel free to reassign to yourself. Otherwise let a new apprentice have a look.

After reviewing this ticket, it's not clear if the contributions from the users arielb and ctria meet the requirements for this ticket or what else is left to be done.

Given it's been 2-3 years since this ticket has been created and since most of the contributions took place, is the attached new_repo.py still valid or has upstream morphed away meanwhile?

As puppet is mentioned in the comments, I'm wondering if this is something that can/will be reutilised by ansible, seeing as we are dropping puppet in favour of ansible. If this is for puppet deployments only, then I will look into other more worthwhile tickets and let this one bitrot.

Is this ticket still actual?

I'm going to say no.

The script actually hadn't been updated for any newer releases than 20, and wasn't even copied over to the new fedorapeople instance.

I think mostly people are using coprs for their repo needs these days.

We can revisit if we need to...

Login to comment on this ticket.

Metadata