[opensuse-buildservice] Read-only build service account
Hi, I've done some scripts from the GNOME team that reads data from the build service. It will hopefully be useful in the near future. One of the scripts reads data from the build service and should be run in a cron job. Since I don't trust myself (true :-)), I'd love to be sure that this script can't do any damage and so a read-only access to the build service would be quite helpful there. Right now, the script runs with my account, but not in a cron job. Is this something that we can setup? Thanks, Vincent -- Les gens heureux ne sont pas pressés. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Vincent Untz wrote:
One of the scripts reads data from the build service and should be run in a cron job. Since I don't trust myself (true :-)), I'd love to be sure that this script can't do any damage and so a read-only access to the build service would be quite helpful there. Right now, the script runs with my account, but not in a cron job.
Is this something that we can setup?
Most of the /source URLs have a readonly passwordless twin below /public/source: $ osc req /source/GNOME:STABLE/_meta $ curl https://api.opensuse.org/public/source/GNOME:STABLE/_meta I'm not sure if it's OK to use these URLs from scripts, hopefully yes (darix, Adrian?). They are intended for the build service interconnect feature. Or, you can register another user account that can only write to home:vincent_script and not to GNOME:*. Michal --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Le lundi 01 septembre 2008, à 12:22 +0200, Michal Marek a écrit :
Vincent Untz wrote:
One of the scripts reads data from the build service and should be run in a cron job. Since I don't trust myself (true :-)), I'd love to be sure that this script can't do any damage and so a read-only access to the build service would be quite helpful there. Right now, the script runs with my account, but not in a cron job.
Is this something that we can setup?
Most of the /source URLs have a readonly passwordless twin below /public/source:
$ osc req /source/GNOME:STABLE/_meta $ curl https://api.opensuse.org/public/source/GNOME:STABLE/_meta
Sounds cool. It doesn't really work with the osc code, though: + if I configure apisrv correctly to use api.opensuse.org/public/, it doesn't work because core.makeurl remove the '/public/' part. + when forcing the '/public/' in core.makeurl, I just get an Internal Server Error. I didn't investigate, though Vincent -- Les gens heureux ne sont pas pressés. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Vincent Untz wrote:
Le lundi 01 septembre 2008, à 12:22 +0200, Michal Marek a écrit :
Most of the /source URLs have a readonly passwordless twin below /public/source:
$ osc req /source/GNOME:STABLE/_meta $ curl https://api.opensuse.org/public/source/GNOME:STABLE/_meta
Sounds cool. It doesn't really work with the osc code, though:
+ if I configure apisrv correctly to use api.opensuse.org/public/, it doesn't work because core.makeurl remove the '/public/' part.
That's a bug IMHO.
+ when forcing the '/public/' in core.makeurl, I just get an Internal Server Error. I didn't investigate, though
For which URL? Not every /source URL exists below public, e.g. you can't list projects and packages using /public. Creating another user is maybe less cool but a more reliable method ;-). Michal --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Le lundi 01 septembre 2008, à 14:18 +0200, Michal Marek a écrit :
Vincent Untz wrote:
+ when forcing the '/public/' in core.makeurl, I just get an Internal Server Error. I didn't investigate, though
For which URL? Not every /source URL exists below public, e.g. you can't list projects and packages using /public.
Ah, didn't know that. I'm listing packages in a project. So I'm hitting a feature ;-)
Creating another user is maybe less cool but a more reliable method ;-).
Yeah. I might do that in the end. I really wanted to avoid it, though ;-) Vincent -- Les gens heureux ne sont pas pressés. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
participants (2)
-
Michal Marek -
Vincent Untz