• last updated 18 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Cleanup of external binaries: always use "util::which" to resolve binaries

Background: it is important to always use the same binaries of some

programs. This is important for security reasons, consistency, and

configurability (some operating systems have read-only file systems,

which might be on the path and should be avoided for some operations).

  1. … 3 more files in changeset.
improved spelling

  1. … 3 more files in changeset.
Fix typos

Improve Git repository rebuild

- support tags: CVS tags are exported to the Git mirror and should have the precedence over branches when collecting available channels. Tags are now exported correctly from the Git repos.

- limit exported versions: we can now limit the versions that will be exported and also those that will only be exported via the "compat" channel. This works via a flag to the proc.

- hardcode openacs.org in the documentation link fo the exported repo, as the assumption is that the link will be served from the xowiki instance there

- include a download button, as per the openacs.org version in the extracted repo

  1. … 1 more file in changeset.
Provide a Git-based implementation of the logics to rebuild the package repository on OpenACS.org

apm_git_build_repository will rebuild either from scratch (clone) or via update (pull) the core repository and all of the non-core packages currently hosted on the GitHub mirror.

A different "channel" is created for every release branch detected in the core repository and for the main branch.

Possible improvements:

- automated detection of the non-core repos (may require scraping or api integration with the Git mirror)

- allow to federate a package repository, e.g. allow any OpenACS instance to act as package repository for others

The new proc is currently not used anywhere. The idea is to experiment with it on openacs.org and eventually use it to replace the CVS implementation.

Disable tests to check for executables on the system

  1. … 7 more files in changeset.
Prefer OS-agnostic path separator, add cvs to the exec dependencies

Add further dependency to test

Test that external command line dependencies are executable

Create the site_wide_subsite outside of the transaction in the test to avoid bootstraping issues on those instances that have not created one yet

Replace api

improved autorenewal message

remove call of xo::site_node

added support for eliptic curve certificates (ecdsa)

The change will become effective, once the letsencrypt packages

is updated

Reduce usage of ns_mktemp in OpenACS

ns_mktemp uses the deprecated old POSIX call mktemp(), which should

not be used anymore for security reasons (race between the name

creation and opening the file). This change removes several usages of

"ns_mktemp" from OpenACS and replaces it with calls to the

safe Tcl call "file tempfile ..." (introduced by Tcl 8.6).

  1. … 7 more files in changeset.
improve log message

check_expired_certificates: automated certificate nenewal for letsencrypt

This change reduce maintenance effort by automating certificate

renewal. When the NaviServer letsencrypt module is installed and

configured, the background operation check_expired_certificates will

automatically update the certificates when these expire soon (as

defined by the "ExpireCertificateWarningPeriod" parameter of

acs-admin). When a recent version of NaviServer is used that supports

certificate refetch on SIGHUP, the new certificates are automatically

updated without a server restart.

Prerequisites:

- Recent version of letsencrypt NaviServer module installed (0.6)

and configured

- Recent version of NaviServer (currently Bitbucket tip) for automated

certificate reloading

When the recent letsencrypt module is not installed,

check_expired_certificates sends expiration warnings as usual.

Therefore, it is also useful for sites using certificates from

different sources.

This new functionality was used for latest certificate renewal on

openacs.org.

reduce public footprint

  1. … 1 more file in changeset.
mark functions called only internally as private

  1. … 15 more files in changeset.
prefer ns_dbquotevalue over db_quote, mark latter as deprecated

  1. … 3 more files in changeset.
improve listing of test coverage

  1. … 17 more files in changeset.
make listing of tested procs more complete

  1. … 6 more files in changeset.
in newer versions of tar, the option "-C" is position dependent

make end of options explicit

  1. … 42 more files in changeset.
show HEAD branch and oacs-5-10 development branch

Fix typo in proc doc

Prefer 'namespace which' over 'info commands', as it is faster (on local tests, around 2x) and returns a single value. Many thanks to Nathan Coulter.

  1. … 56 more files in changeset.
Fix proc doc

Basic automated test for acs_admin::require_site_wide_subsite and acs_admin::require_site_wide_package

acs::per_request_cache: standardize per-request caching

- added per-request cache verfsy similar to acs::per_thread_cache

- use per-request-cache on several occasions

- bump version number of acs-tcl to 5.10.0d35

  1. … 9 more files in changeset.