[opensuse-buildservice] OBS 2.1 Beta 1 released
OBS 2.1 Beta 1 is available =========================== As usual packages can be found inside of the openSUSE:Tools:Unstable project of OBS and its repositories. The correct version tag for the packages and inside git is 2.0.103 for this release: http://download.opensuse.org/repositories/openSUSE:/Tools:/Unstable/ Appliances can be accessed via this wiki page as usual: http://en.opensuse.org/Build_Service/OBS-Appliance Appliance users can just update the appliance image or the packages and reboot for ugrading their instance. Others need to read the "README.UPDATERS" file with information about manual updating the server. There is also a new media, called obs-server-install inside of http://download.opensuse.org/repositories/openSUSE:/Tools:/Unstable/images/i... which can be used to install an entire OBS server from scratch to hard disc. Special thanks go to LinuxFoundation, Intel and Nokia for their contributions to this release. We plan to release 2.1 Final in about 2 weeks. The following is an extract of the release notes with informations about the new features: Features: ========= * web interface improvements: - Linked projects and packages are shown if existing. - Source Service Editor can be used to add or remove source services. Also to edit each service parameters and to trigger a run. - Merged sources of linked packages can be shown and the merged files can be edited. - New submit requests can be created. - Existing repository configuration can be edited. Add or remove pathes or architectures. - Additional reviews by users or groups can be added to requests. The reviews can be processed as well in web interface. - Displayed load diagrams can be configured to any architecture now. - Source history and commit view has been added. * api - Support Clone and supersed of existing requests. "osc rq clone" can be used to clone packages from an existing request. When submitting these cloned packages the original request gets superseded. - api: Improved LDAP support updating user information from LDAP server (This functionality has been provided by Intel) - Read access control for package sources. New created projects or packages can get the "<sourceaccess>" flag to hide any access to the sources of a package. This includes access to the source files, source and debug packages and build log. (This functionality has been provided by the LinuxFoundation) * backend: - Source services to checkout from external SCM repositories have been added. This includes also necessary source services to compress tar balls, use spec/dsc files out of them or to update the version in spec/dsc files. - Accepted submit request store the exact merged versions to allow later tracking of the requests. osc and the web interface can show now the diffs of accepted requests as result. - aggregate allows to skip source packages now. (Functionality has been provided by Nokia). - File provides can be mapped to packages now in prjconf - GPG sign key can get modifed with increased expiration date - scheduler kills building jobs when switching to blocked/excluded/disabled state - Cross Build support for MIPS architecture (Functionality has been provided by LinuxFoundation) Changes: ======== * It is recommended to switch to MySQL database for the webui. Please see README.UPDATERS for details. -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Hi, I would like to emphasize that the Access Control System implemented now is more than just another flag. It the most intrusive API change of OBS since a long time. Those willing to try out, we had documented the system here: http://en.opensuse.org/openSUSE:Build_Service_Concept_ACL All the documented flags and permissions are implemented. Martin -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Am Mittwoch, 22. September 2010, 17:47:21 schrieb Martin Mohring:
Hi,
I would like to emphasize that the Access Control System implemented now is more than just another flag. It the most intrusive API change of OBS since a long time.
Those willing to try out, we had documented the system here: http://en.opensuse.org/openSUSE:Build_Service_Concept_ACL
All the documented flags and permissions are implemented.
Just to clarify, only "sourceaccess" is usable with 2.1. The others of this concept ("access" and "privacy") can't be used since the protection of them is not complete. However you could allow the usage on your local instace by modifing the schema files of project and package meta data (look for the commented out parts). "binarydownload" is also still there, but not considered as security mechanism so far. Just as bandwidth protection, since you can still "steal" binaries protected via this flag in various ways. -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Hi, Adrian: fully correct. And last but not least I will write down a list of cautions should you still want to use the other flags also, because they are useful for you. They do not make the system more unsecure compared to using only "sourceaccess". Martin Adrian Schröter wrote:
Am Mittwoch, 22. September 2010, 17:47:21 schrieb Martin Mohring:
Hi,
I would like to emphasize that the Access Control System implemented now is more than just another flag. It the most intrusive API change of OBS since a long time.
Those willing to try out, we had documented the system here: http://en.opensuse.org/openSUSE:Build_Service_Concept_ACL
All the documented flags and permissions are implemented.
Just to clarify, only "sourceaccess" is usable with 2.1.
The others of this concept ("access" and "privacy") can't be used since the protection of them is not complete. However you could allow the usage on your local instace by modifing the schema files of project and package meta data (look for the commented out parts).
"binarydownload" is also still there, but not considered as security mechanism so far. Just as bandwidth protection, since you can still "steal" binaries protected via this flag in various ways.
-- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Thu, Sep 23, 2010 at 11:15, Martin Mohring
Hi,
Adrian: fully correct.
And last but not least I will write down a list of cautions should you still want to use the other flags also, because they are useful for you.
They do not make the system more unsecure compared to using only "sourceaccess".
Martin
Adrian Schröter wrote:
Am Mittwoch, 22. September 2010, 17:47:21 schrieb Martin Mohring:
Hi,
I would like to emphasize that the Access Control System implemented now is more than just another flag. It the most intrusive API change of OBS since a long time.
Those willing to try out, we had documented the system here: http://en.opensuse.org/openSUSE:Build_Service_Concept_ACL
All the documented flags and permissions are implemented.
Just to clarify, only "sourceaccess" is usable with 2.1.
The others of this concept ("access" and "privacy") can't be used since the protection of them is not complete. However you could allow the usage on your local instace by modifing the schema files of project and package meta data (look for the commented out parts).
"binarydownload" is also still there, but not considered as security mechanism so far. Just as bandwidth protection, since you can still "steal" binaries protected via this flag in various ways.
The new source services with OBS 2.1... Do I need to set them up in any way, or just install them? Because I added the new source services and my lighttpd does not run anymore. -- later, Robert Xu -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Hi, for those of you that want to use also the new flags currently deactivated and do not feel uncomfortable in exporing a new security system, I have added a security warnings section into the ACL Document: http://en.opensuse.org/openSUSE:Build_Service_Concept_ACL#List_of_Security_W... Martin Martin Mohring wrote:
Hi,
Adrian: fully correct.
And last but not least I will write down a list of cautions should you still want to use the other flags also, because they are useful for you.
They do not make the system more unsecure compared to using only "sourceaccess".
Martin
Adrian Schröter wrote:
Am Mittwoch, 22. September 2010, 17:47:21 schrieb Martin Mohring:
Hi,
I would like to emphasize that the Access Control System implemented now is more than just another flag. It the most intrusive API change of OBS since a long time.
Those willing to try out, we had documented the system here: http://en.opensuse.org/openSUSE:Build_Service_Concept_ACL
All the documented flags and permissions are implemented.
Just to clarify, only "sourceaccess" is usable with 2.1.
The others of this concept ("access" and "privacy") can't be used since the protection of them is not complete. However you could allow the usage on your local instace by modifing the schema files of project and package meta data (look for the commented out parts).
"binarydownload" is also still there, but not considered as security mechanism so far. Just as bandwidth protection, since you can still "steal" binaries protected via this flag in various ways.
-- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
participants (3)
-
Adrian Schröter
-
Martin Mohring
-
Robert Xu