particle-os/debian-koji
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8065 commits 1 branch 0 tags 12 MiB
Commit graph

47 commits

Author SHA1 Message Date
Tomas Kopecek
b6ccafafeb proxyauthtype for web users 2021-11-04 12:07:05 +00:00
Tim Smith
6e58377a89 Allow kojiweb to proxy users obtained via different mechanisms 
This allows for users authenticated to the Koji Web interface via
Kerberos to be proxied to the HUB using an SSL certificate and
(in theory) vice versa though it's not clear why you'd want that.

This is useful in environments where the owners of the Kerberos
realm are not willing to create service accounts and export
keytabs for them.

Set WebAuth = kerberos to indicate that users are authenticated
to the web via Kerberos. The existing config controls how kojiweb
authenticates to the HUB.

If using this, it is recommended to set

LoginCreatesUser = Off

in hub.conf, to avoid accidental creation of Koji accounts for
users of the wider Kerberos realm.
 2021-11-04 12:07:05 +00:00
Tomas Kopecek
a77e340fde web: better docs for KojiHubCA 
Related: https://pagure.io/koji/issue/2878
 2021-06-08 16:04:57 +02:00
Tomas Kopecek
072cb316d3 web: set WSGIProcessGroup inside Directory 
Don't alter server-wide configuration, just kojiweb.

Fixes: https://pagure.io/koji/issue/2695
 2021-03-02 15:33:16 +01:00
Tomas Kopecek
e72a7be0a1 stricter config file permissions 
Fixes: https://pagure.io/koji/issue/2124
 2020-09-07 09:37:11 +02:00
Ken Dreyer
0923a2eae2 web: remove "GssapiLocalName off" setting 
mod_auth_gssapi already defaults GssapiLocalName to off. Simplify our
configuration and just remove this line.
 2020-07-01 16:29:34 -06:00
Ken Dreyer
72b7418658 kojiweb: update for mod_auth_gssapi configuration 
Delete the mod_auth_kerb configuration settings from the sample
kojiweb.conf file. Add the mod_auth_gssapi settings instead.
 2020-05-18 11:42:43 +02:00
Yu Ming Zhu
2034695e88 add an option to set server realm for all clients 2019-10-10 16:37:56 +02:00
Tomas Kopecek
904a241eff use C.UTF-8 lang as default 2019-02-12 15:01:37 -05:00
Tomas Kopecek
ee673d4b66 Web UI python3 changes 
Fixes: https://pagure.io/koji/issue/890
 2019-02-12 15:01:37 -05:00
Tomas Kopecek
b98d93d788 drop mod_python support 
Fixes: https://pagure.io/koji/issue/466
 2017-07-06 14:04:19 +02:00
Jay Greguske
f1a45e0024 signed-repo kojiweb tweaks 2017-03-30 09:37:56 -04:00
Tomas Kopecek
96012ee56f make non-plugin tasks default 2017-02-14 15:03:18 +01:00
Tomas Kopecek
ac070c9ddf web.conf options for specifying which methods will appear in filter 2017-02-14 14:46:53 +01:00
Mike McLean
a37db7ff51 Also set WSGIApplicationGroup to %{GLOBAL} for the web 
see:
- https://pagure.io/koji/issue/214
- https://pagure.io/koji/pull-request/197
 2016-12-13 21:38:10 -05:00
Ralph Bean
8bdf5a3752 Space-delimited. 2016-05-16 13:44:09 -04:00
Ralph Bean
0f411d9821 Make HiddenUser into HiddenUsers. 
At @mikeb's suggestion in the code review, this makes HiddenUsers plural.

This makes the whole changeset a little more invasive than it was before, so please review carefully.
 2016-05-16 13:43:39 -04:00
Ralph Bean
708b6a411c Allow hiding a user from the frontpage task list. 
This adds new query arguments to the taskList hub xmlrpc endpoint, and then
makes use of those arguments in koji-web.  A new optional configuration value
is added for koji-web: `HiddenUser`, which can be used to specify which user
account should be hidden.  This could be useful for deployments that have a
continuous-integration account, the spam from which makes the frontpage
difficult to read.

Unit test cases are also added for some functions of the hub taskList endpoint.

Signed-off-by: Ralph Bean <rbean@redhat.com>
 2016-05-16 13:43:39 -04:00
Pavol Babincak
b964487d57 Configure httpd's access control automatically with IfVersion 
See documentation for upgrading to 2.4:
https://httpd.apache.org/docs/2.4/upgrading.html#access
 2016-02-05 09:07:24 -05:00
Till Maas
ffcf1a30eb Remove dead client CA code 
The client CA is only needed to for authentication on the server side,
not for authentication on the client side. Therefore remove it from all
client login code.
 2015-12-10 18:51:10 -05:00
Ralph Bean
8ec72226d4 Make the templated footer configurable. 
We ran into a problem[1] where old footers would cause syntax errors when
interpreted as templates.  This makes that behavior configurable and defaults
to the old literal interpretation.

[1] https://lists.fedoraproject.org/pipermail/buildsys/2015-May/004751.html
 2015-06-06 16:34:07 -04:00
Mike McLean
6ba041839b package hub.conf.d and web.conf.d 2015-03-31 17:34:16 -04:00
Mike McLean
9d433423fe update httpd access directives 2014-11-24 11:16:32 -05:00
Anthony Messina
c901a88530 add the KrbService option to web.conf 2013-09-18 15:20:35 -04:00
Mike McLean
6fabbd378e adjust web.conf logic 2012-05-11 12:49:08 -04:00
Mike McLean
54c0ed8438 Support wsgi in koji-hub and koji-web 
- mod_python still supported, but deprecated
 - mod_wsgi is the default
 - koji-web now configured via web.conf
 - new wsgi-friendly publisher for koji-web
 - koji-web now has logging
 2012-05-10 17:27:40 -04:00
Mike McLean
5b9f515250 new approach for web themes 2012-01-21 20:45:02 -05:00
Mike McLean
73d44e199a support for split storage 2011-03-18 13:57:38 -04:00
Mike Bonnet
eea730300a - enable use of a Kerberos service name other than host/ on the hub 
- get the Kerberos realm from the client principal, rather than assuming the last two components of the domain name
 2011-01-06 15:54:53 -05:00
Mike Bonnet
ebc9e7d3ac append "/ssllogin" to the hub URL when logging in via SSL, so we only need to require client certificates on that specific URL 2010-07-08 21:55:15 -04:00
Mike Bonnet
9ae9c16682 - remove KojiArchiveURL 
- fix the Maven archive links on the buildinfo page
 2009-11-04 15:56:21 -05:00
Mike Bonnet
722923c484 missing hyphen 2009-10-02 17:46:28 -04:00
Jay Greguske
d93d05ab5f enable creation of LiveCD/DVD images in Koji 
Signed-off-by: Mike Bonnet <mikeb@redhat.com>
 2009-09-28 14:07:01 -04:00
Mike McLean
f273899018 Merge branch 'master' into mead 
Conflicts:
	builder/kojid
	cli/koji
	hub/kojihub.py
	www/kojiweb/buildinfo.chtml
	www/kojiweb/builds.chtml
	www/kojiweb/index.py
 2009-03-31 15:43:08 -04:00
Mike McLean
46d8262ff4 use kojiweb.publisher 2009-02-13 15:55:55 -05:00
Mike Bonnet
a2e419b1cd set the PythonHandler name to be compatible with Fedora and RHEL-5+ 2009-02-13 11:45:11 -05:00
Mike Bonnet
fb75f641e8 Merge commit 'origin/master' into mead 2008-11-25 13:45:14 -05:00
Mike Bonnet
ff3aea70ba make the name that shows up in the title configurable 2008-11-25 13:43:05 -05:00
Mike Bonnet
4896733d52 merge in changes from the master branch 2008-10-01 19:50:08 -04:00
Mike Bonnet
a8bb474141 add download urls for Maven artifacts 2008-10-01 14:48:40 -04:00
Mike Bonnet
79978d3626 - only send the session cookie over a secure connection (patch from Toshio Kuratomi, with modifications) 
- remove the KojiWebURL config option (no longer necessary)
 2008-05-23 17:39:57 -04:00
Mike McLean
3dc2eb581e handle errors more gracefully in the web ui. Display a real explanation if possible. 2008-02-22 18:52:55 -05:00
Mike Bonnet
f71a80d167 - make client certificate config global (in ssl.conf) to avoid SSL renegotiation and buffer overruns caused by it 
- reorganize auth config in kojihub.conf
- don't set krb_principal for new hosts unless HostPrincipalFormat is set
 2007-03-27 11:56:28 -04:00
Michael Bonnet
2cb2f3684d enable authentication via SSL client certificates in the web interface 2007-03-16 21:39:02 -04:00
Jesse Keating
d802163348 Use -p with install to preserve timestamps, etc... 2007-02-20 10:01:29 -05:00
Jesse Keating
034de335ad Move web content from /var/www to /usr/share 2007-02-20 09:51:08 -05:00
Jesse Keating
5d7e66a17e Initial code drop 2007-02-14 11:25:01 -05:00