We use rpm/rpm2cpio/cpio to deal with the derivative packages, so we
need them in the application container.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Without this, celery tasks were attempting to connect with the default
user (root) and failing because the passwords are different.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
There's a little more to patch handling in spec files than "patchX:"
fields - the patch actually has to be applied in the %prep section as
well, though this can take one of several forms (%autosetup / %autopatch
which apply all patches, individual %patchX directives, or even direct
application (rare). There's also the matter of the striplevel (-p option
to the patch command). Add fields to record whether or not a patch is
applied and the striplevel.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
I came across several spec files in Clear Linux that has a PNG file in
the description value. No idea how that got there, but avoid choking and
ignore the garbage description if this happens.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
We don't actually need this for anything at the moment, but it would be
useful if we get to the point where we need to access imported files
within the application after the import process (e.g. to compare
patches).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Do not allow proceeding until an email address has been entered, because
we need it later on for creating the superuser account.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
If a source points to a local file, get the sha256sum of it and save it
into the field we just added.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Allow us to record a checksum for local sources (and potentially remote
ones if it is recorded in the recipe). This just adds the field, but
doesn't populate it.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Make it easier to import different versions of the other distro by not
requiring you to manually create the layer and branch.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
If for some reason we do not find any spec files in the specified
directory, error out instead of marking all packages as deleted. (This
can happen if the wrong directory is specified.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
* Make patch / user fields non-editable for existing records (patch
mostly because the list is huge for a drop-down)
* User must be a superuser or the dispositioner to edit
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Add the ability to mark each patch with a disposition indicating whether
the patch is interesting or not.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Editing on this page is done by clicking through to another page, so
it should be a DetailView rather than an UpdateView and shouldn't have a
form class set.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Currently, the processing of larger images takes some time, for example
a manifest generated from core-image-sato-sdk seems to take about 45s to
load into the database which is longer than gunicorn's default worker
timeout of 30s. Increase the timeout to 60s as a workaround until we
optimise the import.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
It's likely an image manifest tarball will be more than 1mb in size;
increase it to 16mb to handle where a large number of patches are
included in an image containing a lot of packages from different
recipes.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Error reports get emailed to the addresses specified in the ADMINS
setting, but up until now dockersetup wasn't setting this and so the
details of any internal error were not visible anywhere. If we're not
updating, prompt the user for an email address early in the process,
and use this for the ADMINS setting, the superuser account, and Let's
Encrypt (if selected).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
If we've messed around with the migrations during development then they
may need to be run carefully (with some fake steps), so provide an
option to update the container and then do the migrations manually
afterwards.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
For the purposes of creating a dump suitable for importing into a fresh
database during initial setup, add a script that creates a dump of an
existing database with the complete structure but without any data that
involves users (or anything else we don't want).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
If you specified only the layer index URL and not the full API URL i.e.
https://layers.openembedded.org then we put an extra slash in the URL
which resulted in the request being redirected to the main page which
breaks the request.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Change the focus to really be on the docker-based setup:
* Integrate docker/README into the main README
* Move all documentation of the standalone setup to README.devel
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
In order to have registration/password reset emails working properly we
need to have both the site domain and email host/port set correctly.
Email host/port is easy to set (environment variable read into the
configuration). However, to set the site info, create a simple script
that we can call to do so.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
If we move the superuser account creation to the end, it's practical to
Ctrl+C it in case you already have a superuser in the data that got
imported.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
If the database dump is older than the application, there may be
migrations to run, so we need to run them after importing and not
beforehand.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
It's best practice for security reasons to use shell=False and pass
command line arguments as a list; it also avoids some pain with
escaping, so let's use it everywhere we can (in fact we're only left
with one place in layerindex/tasks.py where we now pass shell=True).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Change minimum required version of Django to 1.11.11.
Signed-off-by: Amber Elliot <amber.n.elliot@intel.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
The original TableSorter is unmaintained, move to the latest version of
the active fork:
https://mottie.github.io/tablesorter/docs/
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Indentation, spacing, and wrapping of a long import line.
Signed-off-by: Amber Elliot <amber.n.elliot@intel.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Add user security questions upon registration as extra authentication
for password reset. Three unique security questions must be chosen and
answered. Answers are then stored in the database with the same hashing
algorithm as the users's password.
On password reset, users get two chances to get two out of three
security questions answered correctly. After a second failure their
account is locked and email is sent to the admin. The same template is
shown for the axes lockout. Super user cannot reset their password until
they set security questions.
Users can update their security questions or add them if they weren't
originally set (in the case of super user) in Edit Profile.
Signed-off-by: Amber Elliot <amber.n.elliot@intel.com>
This involves changing how registration templates are referenced
and how the activation email is sent on user's email address change.
Signed-off-by: Amber Elliot <amber.n.elliot@intel.com>
This allows users to see the site ID in the admin page.
Signed-off-by: Amber Elliot <amber.n.elliot@intel.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Database dumps are simply SQL (i.e. plain text) so they tend to be
both large and easy to compress, so having them gzipped is something
worth supporting.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Make the app should use a database account that has only the privileges
it needs rather than the root account for improved security.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
You really need to specify these both together since during updates we
will very likely fetch over both HTTP and HTTPS.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
* We can't use # because it can result in part of the password being
trimmed off when it gets put in a configuration file.
* Similarly, our parsing splits on = so it is unwise to allow as a valid
character.
* Add uppercase characters for a little more randomisation.
Make it easier to do updates and also reinstall from scratch; if the
application is already installed, we force the user be explicit about
which one they want to do so that there is less chance of data loss.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Refactor out HTTPS configuration code to a new function to give the code
a bit more structure.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Add settings for user/password for the RabbitMQ server and make
dockersetup.py set it up. (The rabbitmq container intrinsically
understands RABBITMQ_DEFAULT_*, and for the sake of consistency I've
reused those variables for the other containers.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
The default wait_timeout we are getting from the official MariaDB
container (as inherited from Debian) is 600s, which is too short if you
walk away while the setup script is running and it stops on the
"manage.py createsuperuser" step for longer than 10 minutes. We don't
really need this timeout, so just use the upstream default of 28800 (8h)
instead.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
The application is most likely to be used in an internal setting,
however should someone want to make it accessible externally, add
support for Let's Encrypt certificates for serving via HTTPS.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Apply some branding, improve user friendliness and give the user a
chance to break out if they actually don't want to run the installation.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
