[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] /srv/bzr/administration r247: More work on identifying sc
From: |
Sylvain Beucler |
Subject: |
[Savannah-cvs] /srv/bzr/administration r247: More work on identifying scripts to add to the repo |
Date: |
Sat, 18 Dec 2010 23:22:32 +0100 |
User-agent: |
Bazaar (2.0.3) |
------------------------------------------------------------
revno: 247
committer: Sylvain Beucler <address@hidden>
branch nick: infra
timestamp: Sat 2010-12-18 23:22:32 +0100
message:
More work on identifying scripts to add to the repo
modified:
backup/dl-confidential.sh
backup/dl.sh
download.txt
vcs-noshell.txt
=== modified file 'backup/dl-confidential.sh'
--- a/backup/dl-confidential.sh 2010-12-18 19:56:20 +0000
+++ b/backup/dl-confidential.sh 2010-12-18 22:22:32 +0000
@@ -6,4 +6,5 @@
--include '/root/' \
--include '/root/.ssh/' \
--include '/root/.ssh/authorized_keys' \
+ --include '/root/mirrors-contacts.txt' \
--exclude '*'
=== modified file 'backup/dl.sh'
--- a/backup/dl.sh 2010-12-18 20:48:33 +0000
+++ b/backup/dl.sh 2010-12-18 22:22:32 +0000
@@ -13,7 +13,7 @@
# reproduce the Savannah configuration. Backup confidential files
# (such as 'authorized_files') using 'dl-confidential.sh'.
-rsync -avHS address@hidden:/ colonialone.fsf.org/ \
+rsync -avHS --delete-excluded address@hidden:/ colonialone.fsf.org/ \
\
--exclude '*~' \
\
@@ -49,7 +49,31 @@
\
--exclude '*'
-rsync -avHS address@hidden:/ vcs-noshell.in.sv.gnu.org/ \
+rsync -avHS --delete-excluded address@hidden:/ frontend.in.sv.gnu.org/ \
+ \
+ --exclude '*~' \
+ \
+ --include '/etc/' \
+ --include '/etc/cron.daily/' \
+ --include '/etc/cron.daily/sv_list_groups' \
+ --include '/etc/cron.d/sv_export' \
+ \
+ --include '/etc/' \
+ --include '/etc/savane/' \
+ --include '/etc/savane/.savane.conf.php' \
+ --include '/etc/savane/savane.conf.pl' \
+ \
+ --include '/etc/' \
+ --include '/etc/apache2/' \
+ --include '/etc/apache2/sites-availables/***' \
+ --include '/etc/apache2/conf.d/' \
+ --include '/etc/apache2/conf.d/detect_bot.conf' \
+ \
+ --exclude '*'
+
+rsync -avHS --delete-excluded address@hidden:/ vcs-noshell.in.sv.gnu.org/ \
+ \
+ --exclude '*~' \
\
--include '/etc/' \
--include '/etc/init.d/' \
@@ -58,30 +82,112 @@
--include '/etc/libnss-mysql.cfg' \
--include '/etc/libnss-mysql-root.cfg' \
\
+ --include '/etc/' \
+ --include '/etc/cron.hourly/' \
+ --include '/etc/cron.hourly/bzr_commit_mail_notification' \
+ --include '/etc/cron.d/' \
+ --include '/etc/cron.d/rsync_external_cvs_repositories' \
+ --include '/etc/cron.d/sv' \
+ --include '/etc/cron.d/cvs2git' \
+ --include '/etc/cron.d/truncate-gitcvs-db-log' \
+ \
+ --include '/etc/' \
+ --include '/etc/apache2/' \
+ --include '/etc/apache2/sites-available/***' \
+ --include '/etc/apache2/conf.d/' \
+ --include '/etc/apache2/conf.d/detect_bot.conf' \
+ --include '/etc/apache2/conf.d/rlimit' \
+ --include '/etc/apache2/conf.d/status' \
+ \
+ --include '/var/' \
+ --include '/var/www/' \
+ --exclude '/var/www/*/webalizer/*' \
+ --include '/var/www/bzr/***' \
+ --include '/var/www/cvs/***' \
+ --include '/var/www/git/***' \
+ --include '/var/www/hg/***' \
+ --include '/var/www/svn/***' \
+ --include '/var/www/off-site/' \
+ --include '/var/www/off-site/README' \
+ --include '/var/www/off-site/hgweb/***' \
+ --include '/var/www/off-site/viewvc/' \
+ --include '/var/www/off-site/viewvc/viewvc.conf' \
+ --include '/var/www/off-site/viewvc/templates/' \
+ --include '/var/www/off-site/viewvc/templates/include/' \
+ --include '/var/www/off-site/viewvc/templates/include/header.ezt' \
+ \
+ --include '/etc/' \
+ --include '/etc/gitweb.conf' \
+ --include '/etc/cgitrc' \
+ --include '/etc/mercurial/***' \
+ \
--exclude '*'
# Mangle passwords (TODO: split them in separate file)
sed -i -e 's/^password.*/password XXXXX/' \
vcs-noshell.in.sv.gnu.org/etc/libnss-mysql.cfg \
vcs-noshell.in.sv.gnu.org/etc/libnss-mysql-root.cfg
-
-rsync -avHS address@hidden:/ frontend.in.sv.gnu.org/ \
+# TODO: document hgweb/viewvc/cgit/etc. configurations instead of
+# copying them.
+
+
+rsync -avHS --delete-excluded address@hidden:/ sftp.in.sv.gnu.org/ \
\
--exclude '*~' \
\
--include '/etc/' \
- --include '/etc/cron.daily/' \
- --include '/etc/cron.daily/sv_list_groups' \
- --include '/etc/cron.daily/sv' \
+ --include '/etc/cron.d/' \
+ --include '/etc/cron.d/download-tidyperms' \
+ --include '/etc/cron.d/download-timestamp' \
+ --include '/etc/cron.d/sv' \
\
--include '/etc/' \
--include '/etc/apache2/' \
- --include '/etc/apache2/sites-availables/***' \
+ --include '/etc/apache2/sites-available/***' \
--include '/etc/apache2/conf.d/' \
- --include '/etc/apache2/conf.d/detect_bot.conf' \
- \
- --include '/etc/' \
- --include '/etc/savane/' \
- --include '/etc/savane/.savane.conf.php' \
- --include '/etc/savane/savane.conf.pl' \
+ --include '/etc/apache2/conf.d/sv_dotsig' \
+ \
+ --include '/var/' \
+ --include '/var/www/' \
+ --exclude '/var/www/*/webalizer/*' \
+ --exclude '/var/www/arch/google*' \
+ --include '/var/www/arch/***' \
+ --include '/var/www/download/***' \
+ --include '/var/www/audio-video/***' \
+ \
+ --include '/srv/' \
+ --include '/srv/download/' \
+ --include '/srv/download/00_MIRRORS.*' \
+ \
+ --exclude '*'
+
+rsync -avHS --delete-excluded address@hidden:/ internal.in.sv.gnu.org/ \
+ \
+ --exclude '*~' \
+ \
+ --include '/etc/' \
+ --include '/etc/mysql/' \
+ --include '/etc/mysql/my.cnf' \
+ --include '/etc/exim4/update-exim4.conf.conf' \
+ --include '/etc/munin/munin.conf' \
+ \
+ --include '/etc/' \
+ --include '/etc/cron.d/' \
+ --include '/etc/cron.d/sv' \
+ \
+ --exclude '*'
+
+
+rsync -avHS --delete-excluded address@hidden:/ builder.in.sv.gnu.org/ \
+ \
+ --exclude '*~' \
+ \
+ --include '/usr/' \
+ --include '/usr/src/' \
+ --include '/usr/src/patched/' \
+ --include '/usr/src/patched/README' \
+ --include '/usr/src/patched/cvs-patches/***' \
+ --include '/usr/src/patched/webalizer.changelog' \
+ --include '/usr/src/patched/debs/' \
+ --include '/usr/src/patched/debs/README' \
\
--exclude '*'
=== modified file 'download.txt'
--- a/download.txt 2009-03-17 20:19:04 +0000
+++ b/download.txt 2010-12-18 22:22:32 +0000
@@ -14,6 +14,19 @@
session optional pam_umask.so umask=002
EOF
+cat <<'EOF' > /etc/membersh-conf.pl
+$allowed_paths =
"(/srv/download|/releases|/srv/arch|/archives|/srv/audio-video)";
+$use_scp = '1';
+$regexp_scp = "^scp .*(-t|-f) (-- )?$allowed_paths";
+
+$use_sftp = '1';
+$bin_sftp = '/usr/lib/openssh/sftp-server';
+$regexp_sftp = '/usr/lib/openssh/sftp-server';
+
+$use_rsync = '1';
+$regexp_rsync = '^rsync --server ';
+$regexp_dir_rsync = "^$allowed_paths";
+EOF
aptitude --without-recommends install apache2-mpm-worker
sed -i 's|NO_START=1|NO_START=0|' /etc/default/apache2
=== modified file 'vcs-noshell.txt'
--- a/vcs-noshell.txt 2010-12-18 20:48:33 +0000
+++ b/vcs-noshell.txt 2010-12-18 22:22:32 +0000
@@ -14,6 +14,24 @@
address@hidden:/etc/ssh# getent shadow > /var/lib/extrausers/shadow
+cat <<'EOF' > /etc/membersh-conf.pl
+$use_cvs = "1";
+$use_svn = "1";
+our @prepend_args_svn = ('-r', '/srv/svn');
+$use_git = "1";
+
+# Enable read-only rsync access
+$allowed_paths = "(/srv/cvs|/sources|/web)";
+$use_rsync = '1';
+$regexp_rsync = '^rsync --server --sender ';
+$regexp_dir_rsync = "^$allowed_paths";
+
+$use_hg = '1';
+
+$use_bzr = '1';
+EOF
+
+
# Details for each VCS:
# -> cvs.txt
# -> git.txt
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-cvs] /srv/bzr/administration r247: More work on identifying scripts to add to the repo,
Sylvain Beucler <=