- 13 Oct, 2023 13 commits
-
-
Jérome Perrin authored
previous patch - 24f5a96c (software/slapos-sr-testing: disallow usage of system python3, 2023-10-02) - was incorrect, an `entry-point` is required for a script to be generated.
-
Jérome Perrin authored
We can not rely on system python here, it's a bit better to rely on buildout's python ( the main reason is that it complies with slapos-sr-testing not having system python ). The implementation is a bit complicated, we can not just reference ${buildout:executable} in the profile, because doing so will cause an infinite loop with rebootstrap and software installation never finish because options of ca-certificates change at every run if they include the python path. Instead, we use a pre-make-hook to rewrite the Makefile without saving the interpreter in option. This python is only used during the build process (to generate the certificate files) and not used at run time, so it does not really depend on python strictly speaking. Anyway, because it's a component used very early in the bootstrap, we can not reference python here.
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
stdout/stderr is sent to supervisor and we don't want buffering the output in that case, because it introduces a delay in the output and break the usage of `slapos node supervisorctl fg` to re-attach the process and use pdb
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Jérome Perrin authored
This test fail since 450a6999 (slapos-master: Add missing RevocationCheck on apache, 2023-06-01) and we are reimplementing all this differently. Mark the test as expected failure for now, so that it does not impact the general state of test suite.
-
Jérome Perrin authored
now that slapos uses php 8
-
Jérome Perrin authored
-
- 12 Oct, 2023 3 commits
-
-
Jérome Perrin authored
-
Jérome Perrin authored
after 6e8b97ee (Publish IPv6 URL to SlapOs master., 2023-10-02) the parameters are different
-
Jérome Perrin authored
after recent updates, probably 3c514224 (component/freetype: version up 2.13.2, including security fixes., 2023-10-10), the rendering is different.
-
- 11 Oct, 2023 2 commits
-
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
- 10 Oct, 2023 6 commits
-
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Jérome Perrin authored
See merge request nexedi/slapos!1443
-
Jérome Perrin authored
See merge request nexedi/slapos!1437
-
- 09 Oct, 2023 3 commits
-
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
- 06 Oct, 2023 4 commits
-
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Kazuhiko Shiozaki authored
-
Jérome Perrin authored
favicon, manifest and service worker do not need to be public, for manifest it's required to explicitly make the link use credential.
-
- 05 Oct, 2023 4 commits
-
-
Łukasz Nowak authored
-
Łukasz Nowak authored
Call to logrotate-setup-validate can take a lot of time and fill the state file with some message from logrotate and in the same time the promise can kick in resulting with false-positive alarm. By using the temporary file such race condition is avoided. Promise running periodically will detect problem with logrotate setup.
-
Jérome Perrin authored
also update related python packages in stack/slapos.cfg
-
Jérome Perrin authored
adjust peertube to explicitly use 16.19.0 as this version does not support nodejs 18 drop some unused versions
-
- 04 Oct, 2023 4 commits
-
-
Jérome Perrin authored
-
Jérome Perrin authored
-
Łukasz Nowak authored
While generating haproxy configuration (including it's CRT list) the specific order of entries is used, so that wildcard domains end up last. Thanks to this they work as a catch-all and allow specific domain to take precedence. Care is taken to support *.example.example.com and *.example.com situation - so tree like possibility of wildcards. Anonymous in-place ACL are used per each domain, instead of per-shared instance grouping in order to avoid situation like *.example.com and example.com having single ACL, thus resulting with catch-all kicking in too fast. For the precision in the haproxy configuration and simplifcation of the regular expressions the -m reg is used, so that host_only can be applied, which also lowercases the hostname. Notes: * test00cluster_request_instance_parameter_dict changed due to sorting slaves in test's requestSlaves * the test infrastructure has been improved to assure repetition of the situation * tests in TestSlaveHostHaproxyClash are asserting that correct domain AND that specific certificate have been used while serving given frontend configuration
-
Joanne Hugé authored
-
- 02 Oct, 2023 1 commit
-
-
Jérome Perrin authored
A similar patches as ca-certificates-sbin-dir was applied upstream as 4f0d3ec7aa4ebc91793245ed66c0e24d7150782b , the rest of our patch was to use mkdir -p instead of mkdir, we keep this part in ca-certificates-mkdir-p.patch This introduces a new patch to not depend on cryptography, which is used only to print a warning on the console when an expired certificate is used.
-