[cle-release-team] Can we get the permissions sorted on takishi?

Anthony R S Whyte arwhyte at umich.edu
Mon Sep 26 06:51:14 PDT 2011 


The old approach is sub-optimal; 1) general releases involve resetting the
perms to apache:apache; the indies traditionally rely on individual
permissions (e.g., arwhyte:release, swinsburg:release, horwitz:release,
etc.). If I try an perform a profile2 release it always fails if the folder
perms are swinsburg:release; this forces one to release from the tag, which
is no big deal per se, other than a time waster. 

As Chris writes below we should set the repo perms to
shared_release:release and make sure that everyone's who has the right to
deploy binaries to the repo have their public key added to the
shared_release user's authenticated_keys file. 

During the recent training session I asked Chris to add release team
members public keys to shared_user.  

** Chris--can you provide a list of keys that have been added? It should
include: 

Boston, Horwitz, Hudson (e.g. Jenkins), Jones, Maurer, Swinsburg, Thomas
(Zach), Whyte. I believe Lydia Li's key was added early on (possibly
the
first). 

Cheers, 

Anth 

On Mon, 26 Sep 2011 22:44:33 +1000, Steve Swinsburg  wrote: Hi Chris,  That
probably sounds about right because looking at the creation dates, they
seem to all be recent (11th September this time around). Is that release
process still in place or are we going to do something different? It would
be nice to be able to just run a script and have a release packaged up from
any machine. A workspace on one of the machines that the source can be
checked out from would be great, as it would probably take all week for a
full release to be uploaded from my machine!   Thanks for the info about
the shared_release user. Can you check that my set of SSH keys are in? I
can't seem to access when logging in as that user.  cheers, Steve   
  On 26/09/2011, at 10:31 PM, Maurer, Christopher Wayne wrote: 
   Steve, I ran into the same permission issue last week when trying to
release a sample project. I'm not sure what is making it apache:apache. I
know that part of
Anthony's old process for doing a big Sakai release was
to copy down the entire maven repo under org.sakaiproject, release the
artifacts into the local copy, then upload the whole thing back. It could
be that that re-upload was using dav and therefore the apache:apache perms?
Just a guess. As far as the shared_release user, that was something that I
setup a while back. I didn't really want to maintain a whole bunch of users
on the machine for all the folks that would be doing releases, so I created
that user and that added everyone's public keys to it. So, in theory you
(and David and others) could switch to that user instead of your own
account.  Chris   From: Steve Swinsburg 
 Date: Mon, 26 Sep 2011 20:59:22 +1000
 To: 
 Subject: [cle-release-team] Can we get the permissions sorted on takishi? 
 Hi all,  Can we please get the permissions sorted on takishi? They seem to
be constantly reset to apache:apache and every time I need to perform a
release I need to manually login and chown
the folders for the projects I
am releasing. There is already the release group, of which I am a member:  
[sswinsburg at takeshi kernel]$ id uid=508(sswinsburg) gid=511(sswinsburg)
groups=507(release),511(sswinsburg)   Can't everything just be set
writeable to that group? I know there are plans for jenkins to be able to
release projects, but I presume jenkins will just be a member of the
release group anyway.  I note that the kernel has a special user
shared_release.   Let me know if I can do anything. I run our own maven
repo here at ANU.  cheers. Steve    
_______________________________________________ cle-release-team mailing
list  cle-release-team at collab.sakaiproject.org [3] 
http://collab.sakaiproject.org/mailman/listinfo/cle-release-team [4]      

 

Links:
------
[1] mailto:steve.swinsburg at gmail.com
[2] mailto:cle-release-team at collab.sakaiproject.org
[3] mailto:cle-release-team at collab.sakaiproject.org
[4] http://collab.sakaiproject.org/mailman/listinfo/cle-release-team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/cle-release-team/attachments/20110926/00188436/attachment-0006.html

More information about the cle-release-team mailing list