• last updated 11 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
Prefer unset to array unset when we want to delete the entire array

See https://wiki.tcl-lang.org/page/Dict+VS+Array+Speed

  1. … 2 more files in changeset.
merge with missing files

  1. … 1461 more files in changeset.
merge from oacs-5-10

  1. … 8094 more files in changeset.
notice in the system log, when require_site_wide_package returns empty

provide posture overview for widely-accessible-packages when count == 1

  1. … 3 more files in changeset.
spell "site-wide" consistently with a dash

  1. … 34 more files in changeset.
fixed typo

Cleanup of external binaries: always use "util::which" to resolve binaries

Background: it is important to always use the same binaries of some

programs. This is important for security reasons, consistency, and

configurability (some operating systems have read-only file systems,

which might be on the path and should be avoided for some operations).

  1. … 3 more files in changeset.
improved spelling

  1. … 3 more files in changeset.
Fix typos

Improve Git repository rebuild

- support tags: CVS tags are exported to the Git mirror and should have the precedence over branches when collecting available channels. Tags are now exported correctly from the Git repos.

- limit exported versions: we can now limit the versions that will be exported and also those that will only be exported via the "compat" channel. This works via a flag to the proc.

- hardcode openacs.org in the documentation link fo the exported repo, as the assumption is that the link will be served from the xowiki instance there

- include a download button, as per the openacs.org version in the extracted repo

  1. … 1 more file in changeset.
Provide a Git-based implementation of the logics to rebuild the package repository on OpenACS.org

apm_git_build_repository will rebuild either from scratch (clone) or via update (pull) the core repository and all of the non-core packages currently hosted on the GitHub mirror.

A different "channel" is created for every release branch detected in the core repository and for the main branch.

Possible improvements:

- automated detection of the non-core repos (may require scraping or api integration with the Git mirror)

- allow to federate a package repository, e.g. allow any OpenACS instance to act as package repository for others

The new proc is currently not used anywhere. The idea is to experiment with it on openacs.org and eventually use it to replace the CVS implementation.

Disable tests to check for executables on the system

  1. … 7 more files in changeset.
Prefer OS-agnostic path separator, add cvs to the exec dependencies

Add further dependency to test

Test that external command line dependencies are executable

Create the site_wide_subsite outside of the transaction in the test to avoid bootstraping issues on those instances that have not created one yet

Replace api

improved autorenewal message

remove call of xo::site_node

added support for eliptic curve certificates (ecdsa)

The change will become effective, once the letsencrypt packages

is updated

Reduce usage of ns_mktemp in OpenACS

ns_mktemp uses the deprecated old POSIX call mktemp(), which should

not be used anymore for security reasons (race between the name

creation and opening the file). This change removes several usages of

"ns_mktemp" from OpenACS and replaces it with calls to the

safe Tcl call "file tempfile ..." (introduced by Tcl 8.6).

  1. … 7 more files in changeset.
improve log message

check_expired_certificates: automated certificate nenewal for letsencrypt

This change reduce maintenance effort by automating certificate

renewal. When the NaviServer letsencrypt module is installed and

configured, the background operation check_expired_certificates will

automatically update the certificates when these expire soon (as

defined by the "ExpireCertificateWarningPeriod" parameter of

acs-admin). When a recent version of NaviServer is used that supports

certificate refetch on SIGHUP, the new certificates are automatically

updated without a server restart.

Prerequisites:

- Recent version of letsencrypt NaviServer module installed (0.6)

and configured

- Recent version of NaviServer (currently Bitbucket tip) for automated

certificate reloading

When the recent letsencrypt module is not installed,

check_expired_certificates sends expiration warnings as usual.

Therefore, it is also useful for sites using certificates from

different sources.

This new functionality was used for latest certificate renewal on

openacs.org.

reduce public footprint

  1. … 1 more file in changeset.
mark functions called only internally as private

  1. … 15 more files in changeset.
prefer ns_dbquotevalue over db_quote, mark latter as deprecated

  1. … 3 more files in changeset.
improve listing of test coverage

  1. … 17 more files in changeset.
make listing of tested procs more complete

  1. … 6 more files in changeset.
in newer versions of tar, the option "-C" is position dependent