From 4c95c25854080585d21d449fe32ead555d107536 Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Thu, 16 May 2024 03:39:47 +0100 Subject: [PATCH 01/16] community: remove workaround, fixed upstream --- cookbooks/community/templates/default/web_only.yml.erb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/cookbooks/community/templates/default/web_only.yml.erb b/cookbooks/community/templates/default/web_only.yml.erb index 551be5800..2764f03b7 100644 --- a/cookbooks/community/templates/default/web_only.yml.erb +++ b/cookbooks/community/templates/default/web_only.yml.erb @@ -114,11 +114,6 @@ hooks: cd: $home cmd: - sudo -H -E -u discourse cp /shared/feeds/update-feeds.atom public/update-feeds.atom - - exec: - # FIXME: Workaround until https://github.com/discourse/discourse/pull/27040 merged - cd: $home - cmd: - - "sudo -H -E -u discourse sed -i 's/follow_redirect: false,/follow_redirect: true,/' lib/discourse_ip_info.rb" after_ssl: - replace: filename: "/etc/nginx/conf.d/discourse.conf" -- 2.45.1 From bf640328133e47a7c686b60cf73f63b3cd606b29 Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Thu, 16 May 2024 04:07:49 +0100 Subject: [PATCH 02/16] otrs: attempt workaround for otrs daemon writes --- cookbooks/otrs/recipes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/otrs/recipes/default.rb b/cookbooks/otrs/recipes/default.rb index 7aae67953..6910b29e4 100644 --- a/cookbooks/otrs/recipes/default.rb +++ b/cookbooks/otrs/recipes/default.rb @@ -102,7 +102,7 @@ systemd_service "otrs" do runtime_directory "otrs" runtime_directory_mode 0o770 runtime_directory_preserve true - read_write_paths ["/var/lib/otrs", "/run/otrs", "/var/log/exim4", "/var/spool/exim4"] + read_write_paths ["/var/lib/otrs", "/usr/share/otrs/var", "/run/otrs", "/var/log/exim4", "/var/spool/exim4"] end service "otrs" do -- 2.45.1 From dcedd2b079eb2b695c4febe9941f1a052ceafa0f Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Thu, 16 May 2024 04:10:15 +0100 Subject: [PATCH 03/16] Revert "otrs: attempt workaround for otrs daemon writes" This reverts commit bf640328133e47a7c686b60cf73f63b3cd606b29. --- cookbooks/otrs/recipes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/otrs/recipes/default.rb b/cookbooks/otrs/recipes/default.rb index 6910b29e4..7aae67953 100644 --- a/cookbooks/otrs/recipes/default.rb +++ b/cookbooks/otrs/recipes/default.rb @@ -102,7 +102,7 @@ systemd_service "otrs" do runtime_directory "otrs" runtime_directory_mode 0o770 runtime_directory_preserve true - read_write_paths ["/var/lib/otrs", "/usr/share/otrs/var", "/run/otrs", "/var/log/exim4", "/var/spool/exim4"] + read_write_paths ["/var/lib/otrs", "/run/otrs", "/var/log/exim4", "/var/spool/exim4"] end service "otrs" do -- 2.45.1 From 4f2a5bdd00b8b7c7224a5005a56683dd9d2fa79a Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Thu, 16 May 2024 04:11:02 +0100 Subject: [PATCH 04/16] otrs: attempt workaround another workaround --- cookbooks/otrs/recipes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/otrs/recipes/default.rb b/cookbooks/otrs/recipes/default.rb index 7aae67953..13b6848ae 100644 --- a/cookbooks/otrs/recipes/default.rb +++ b/cookbooks/otrs/recipes/default.rb @@ -98,7 +98,7 @@ systemd_service "otrs" do exec_start "/usr/share/otrs/bin/otrs.Daemon.pl start" private_tmp true protect_system "strict" - protect_home "read-only" + protect_home false runtime_directory "otrs" runtime_directory_mode 0o770 runtime_directory_preserve true -- 2.45.1 From bc09bffd95e2292d941a19499ea64967d9e7a988 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Thu, 16 May 2024 22:33:35 +0100 Subject: [PATCH 05/16] Update bundle --- Gemfile.lock | 79 ++++++++++++++++++++++++++++++++-------------------- 1 file changed, 49 insertions(+), 30 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 91643f30a..24ff1f177 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ GEM remote: https://rubygems.org/ specs: - activesupport (7.1.3.2) + activesupport (7.1.3.3) base64 bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) @@ -271,7 +271,7 @@ GEM ms_rest_azure (~> 0.12.0) base64 (0.2.0) bcrypt_pbkdf (1.1.0) - bigdecimal (3.1.7) + bigdecimal (3.1.8) bson (4.15.0) builder (3.2.4) chef-config (18.4.12) @@ -356,22 +356,34 @@ GEM faraday (~> 1.0) ffi (1.16.3) fuzzyurl (0.9.0) - google-api-client (0.52.0) + google-apis-admin_directory_v1 (0.46.0) + google-apis-core (>= 0.11.0, < 2.a) + google-apis-cloudkms_v1 (0.41.0) + google-apis-core (>= 0.11.0, < 2.a) + google-apis-cloudresourcemanager_v1 (0.35.0) + google-apis-core (>= 0.11.0, < 2.a) + google-apis-compute_v1 (0.83.0) + google-apis-core (>= 0.11.0, < 2.a) + google-apis-core (0.11.3) addressable (~> 2.5, >= 2.5.1) - googleauth (~> 0.9) - httpclient (>= 2.8.1, < 3.0) + googleauth (>= 0.16.2, < 2.a) + httpclient (>= 2.8.1, < 3.a) mini_mime (~> 1.0) representable (~> 3.0) - retriable (>= 2.0, < 4.0) + retriable (>= 2.0, < 4.a) rexml - signet (~> 0.12) - googleauth (0.14.0) - faraday (>= 0.17.3, < 2.0) + google-apis-iam_v1 (0.50.0) + google-apis-core (>= 0.11.0, < 2.a) + google-apis-monitoring_v3 (0.51.0) + google-apis-core (>= 0.11.0, < 2.a) + google-apis-storage_v1 (0.30.0) + google-apis-core (>= 0.11.0, < 2.a) + googleauth (1.8.1) + faraday (>= 0.17.3, < 3.a) jwt (>= 1.4, < 3.0) - memoist (~> 0.16) multi_json (~> 1.11) os (>= 0.9, < 2.0) - signet (~> 0.14) + signet (>= 0.16, < 2.a) gssapi (1.3.1) ffi (>= 1.0.1) gyoku (1.4.0) @@ -383,7 +395,7 @@ GEM http-cookie (1.0.5) domain_name (~> 0.5) httpclient (2.8.3) - i18n (1.14.4) + i18n (1.14.5) concurrent-ruby (~> 1.0) ice_nine (0.11.2) inifile (3.0.0) @@ -423,7 +435,7 @@ GEM tty-prompt (~> 0.17) tty-table (~> 0.10) jmespath (1.6.2) - json (2.7.1) + json (2.7.2) jsonpath (1.1.5) multi_json jwt (2.8.1) @@ -456,10 +468,9 @@ GEM logging (2.3.1) little-plugger (~> 1.1) multi_json (~> 1.14) - memoist (0.16.2) - method_source (1.0.0) + method_source (1.1.0) mini_mime (1.1.5) - minitest (5.22.3) + minitest (5.23.0) mixlib-config (3.0.27) tomlrb mixlib-install (3.12.30) @@ -482,7 +493,7 @@ GEM faraday-cookie_jar (~> 0.0.6) ms_rest (~> 0.7.6) multi_json (1.15.0) - multipart-post (2.4.0) + multipart-post (2.4.1) mutex_m (0.2.0) net-scp (4.0.0) net-ssh (>= 2.6.5, < 8.0.0) @@ -494,7 +505,7 @@ GEM options (2.3.2) os (1.1.4) parallel (1.24.0) - parser (3.3.0.5) + parser (3.3.1.0) ast (~> 2.4.1) racc parslet (2.0.0) @@ -506,18 +517,19 @@ GEM pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) - public_suffix (5.0.4) + public_suffix (5.0.5) racc (1.7.3) rainbow (3.1.1) - rake (13.1.0) + rake (13.2.1) recursive-open-struct (1.1.3) - regexp_parser (2.9.0) + regexp_parser (2.9.2) representable (3.2.0) declarative (< 0.1.0) trailblazer-option (>= 0.1.1, < 0.2.0) uber (< 0.2.0) retriable (3.1.2) - rexml (3.2.6) + rexml (3.2.8) + strscan (>= 3.0.9) rspec (3.12.0) rspec-core (~> 3.12.0) rspec-expectations (~> 3.12.0) @@ -543,8 +555,8 @@ GEM rubocop-ast (>= 1.15.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.31.2) - parser (>= 3.3.0.4) + rubocop-ast (1.31.3) + parser (>= 3.3.1.0) ruby-progressbar (1.13.0) ruby2_keywords (0.0.5) rubyntlm (0.6.3) @@ -561,6 +573,7 @@ GEM unicode-display_width (>= 1.5, < 3.0) unicode_utils (~> 1.4) strings-ansi (0.2.0) + strscan (3.1.0) test-kitchen (3.6.0) bcrypt_pbkdf (~> 1.0) chef-utils (>= 16.4.35) @@ -579,7 +592,7 @@ GEM timeliness (0.3.10) tomlrb (1.3.0) trailblazer-option (0.1.2) - train (3.11.0) + train (3.12.3) activesupport (>= 6.0.3.1) azure_graph_rbac (~> 0.16) azure_mgmt_key_vault (~> 0.17) @@ -587,10 +600,16 @@ GEM azure_mgmt_security (~> 0.18) azure_mgmt_storage (~> 0.18) docker-api (>= 1.26, < 3.0) - google-api-client (>= 0.23.9, <= 0.52.0) - googleauth (>= 0.6.6, <= 0.14.0) + google-apis-admin_directory_v1 (~> 0.46.0) + google-apis-cloudkms_v1 (~> 0.41.0) + google-apis-cloudresourcemanager_v1 (~> 0.35.0) + google-apis-compute_v1 (~> 0.83.0) + google-apis-iam_v1 (~> 0.50.0) + google-apis-monitoring_v3 (~> 0.51.0) + google-apis-storage_v1 (~> 0.30.0) + googleauth (>= 0.16.2, < 1.9.0) inifile (~> 3.0) - train-core (= 3.11.0) + train-core (= 3.12.3) train-winrm (~> 0.2) train-aws (0.2.41) aws-partitions (~> 1.863.0) @@ -673,7 +692,7 @@ GEM aws-sdk-transfer (~> 1.86.0) aws-sdk-waf (~> 1.58.0) aws-sdk-wafv2 (~> 1.74.0) - train-core (3.11.0) + train-core (3.12.3) addressable (~> 2.5) ffi (!= 1.13.0) json (>= 1.8, < 3.0) @@ -732,7 +751,7 @@ GEM wisper (2.0.1) yajl-ruby (1.4.3) yaml-safe_load_stream3 (0.1.2) - zeitwerk (2.6.13) + zeitwerk (2.6.14) PLATFORMS ruby -- 2.45.1 From c740ccae117d0af197c29ce46a879f49f103a4fb Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Fri, 17 May 2024 00:30:03 +0100 Subject: [PATCH 06/16] Treat all directories as safe on the git server --- cookbooks/git/templates/default/gitconfig.erb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cookbooks/git/templates/default/gitconfig.erb b/cookbooks/git/templates/default/gitconfig.erb index e5067f983..3f4b01067 100644 --- a/cookbooks/git/templates/default/gitconfig.erb +++ b/cookbooks/git/templates/default/gitconfig.erb @@ -1,6 +1,4 @@ # DO NOT EDIT - This file is being maintained by Chef [safe] - directory = /var/lib/chef/public - directory = /var/lib/chef/private - directory = /var/lib/dns + directory = * -- 2.45.1 From 02d3998d3020f4e5c105d036ebf291ffcba10e22 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Fri, 17 May 2024 08:26:58 +0100 Subject: [PATCH 07/16] Update interface names for odin --- roles/odin.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/odin.rb b/roles/odin.rb index 9a19c5b2d..03d0d59b3 100644 --- a/roles/odin.rb +++ b/roles/odin.rb @@ -14,7 +14,7 @@ default_attributes( :mode => "802.3ad", :lacprate => "fast", :xmithashpolicy => "layer3+4", - :slaves => %w[eno1 eno2] + :slaves => %w[eno1np0 eno2np1] } }, :external => { -- 2.45.1 From 47b2533386f29c3d3424bb3fcc5ff834f5fde16f Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Fri, 17 May 2024 16:56:39 +0100 Subject: [PATCH 08/16] Make the location of the replication state directory configurable --- cookbooks/tile/attributes/default.rb | 1 + cookbooks/tile/recipes/default.rb | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/cookbooks/tile/attributes/default.rb b/cookbooks/tile/attributes/default.rb index 776e274b0..cc5803d00 100644 --- a/cookbooks/tile/attributes/default.rb +++ b/cookbooks/tile/attributes/default.rb @@ -8,6 +8,7 @@ default[:tile][:database][:tag_transform_script] = nil default[:tile][:mapnik] = "3.1" +default[:tile][:replication][:directory] = "/var/lib/replicate" default[:tile][:replication][:url] = "https://osm-planet-eu-central-1.s3.dualstack.eu-central-1.amazonaws.com/planet/replication/minute" default[:tile][:data] = {} diff --git a/cookbooks/tile/recipes/default.rb b/cookbooks/tile/recipes/default.rb index 0c9da1339..a05cd0fd9 100644 --- a/cookbooks/tile/recipes/default.rb +++ b/cookbooks/tile/recipes/default.rb @@ -514,12 +514,19 @@ package %w[ pyosmium ] -directory "/var/lib/replicate" do +directory node[:tile][:replication][:directory] do owner "tile" group "tile" mode "755" end +link "/var/lib/replicate" do + to node[:tile][:replication][:directory] + owner "tile" + group "tile" + not_if { node[:tile][:replication][:directory] == "/var/lib/replicate" } +end + template "/usr/local/bin/expire-tiles" do source "expire-tiles.erb" owner "root" -- 2.45.1 From b86b20ea2cfe55a288ecf4307fb13037511b1968 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Fri, 17 May 2024 17:14:59 +0100 Subject: [PATCH 09/16] Move replication state to /store on balerion and bowser --- roles/balerion.rb | 3 +++ roles/bowser.rb | 3 +++ 2 files changed, 6 insertions(+) diff --git a/roles/balerion.rb b/roles/balerion.rb index 60e6bbcb0..4aef19a05 100644 --- a/roles/balerion.rb +++ b/roles/balerion.rb @@ -40,6 +40,9 @@ default_attributes( :postgis => "3" }, :mapnik => "3.1", + :replication => { + :directory => "/store/replication" + }, :styles => { :default => { :tile_directories => [ diff --git a/roles/bowser.rb b/roles/bowser.rb index 8ebde6e8b..eca0fa2cf 100644 --- a/roles/bowser.rb +++ b/roles/bowser.rb @@ -40,6 +40,9 @@ default_attributes( :postgis => "3" }, :mapnik => "3.1", + :replication => { + :directory => "/store/replication" + }, :styles => { :default => { :tile_directories => [ -- 2.45.1 From 966575c97b9709b66ba337f6b3b1ddcde67c0960 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Fri, 17 May 2024 17:22:39 +0100 Subject: [PATCH 10/16] Prevent use of buggy parser gem https://github.com/inspec/inspec/issues/7029 --- Gemfile | 1 + Gemfile.lock | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index ec9eb03b0..b3ddc3de8 100644 --- a/Gemfile +++ b/Gemfile @@ -3,4 +3,5 @@ source "https://rubygems.org" gem "cookstyle" gem "kitchen-dokken" gem "kitchen-inspec" +gem "parser", "!= 3.3.1.0" gem "test-kitchen" diff --git a/Gemfile.lock b/Gemfile.lock index 24ff1f177..45b76e6c5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -505,7 +505,7 @@ GEM options (2.3.2) os (1.1.4) parallel (1.24.0) - parser (3.3.1.0) + parser (3.3.0.5) ast (~> 2.4.1) racc parslet (2.0.0) @@ -555,8 +555,8 @@ GEM rubocop-ast (>= 1.15.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.31.3) - parser (>= 3.3.1.0) + rubocop-ast (1.31.2) + parser (>= 3.3.0.4) ruby-progressbar (1.13.0) ruby2_keywords (0.0.5) rubyntlm (0.6.3) @@ -760,6 +760,7 @@ DEPENDENCIES cookstyle kitchen-dokken kitchen-inspec + parser (!= 3.3.1.0) test-kitchen BUNDLED WITH -- 2.45.1 From 8b1ca2022be35ce90ba3624e26e2882d16c21dc1 Mon Sep 17 00:00:00 2001 From: Guillaume RISCHARD Date: Tue, 21 May 2024 16:59:19 -0400 Subject: [PATCH 11/16] civi version bump --- cookbooks/civicrm/attributes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/civicrm/attributes/default.rb b/cookbooks/civicrm/attributes/default.rb index b873c570b..ca5333e59 100644 --- a/cookbooks/civicrm/attributes/default.rb +++ b/cookbooks/civicrm/attributes/default.rb @@ -1,5 +1,5 @@ # See https://docs.civicrm.org/installation/en/latest/general/requirements/ for required php versions -default[:civicrm][:version] = "5.73.1" +default[:civicrm][:version] = "5.73.2" # was used for SotM # default[:civicrm][:extensions][:cividiscount][:name] = "org.civicrm.module.cividiscount" -- 2.45.1 From 45853e83f18e443f1ec5e146e70df21bfe017df8 Mon Sep 17 00:00:00 2001 From: Guillaume RISCHARD Date: Tue, 21 May 2024 18:15:18 -0400 Subject: [PATCH 12/16] civi ext version bump --- cookbooks/civicrm/attributes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/civicrm/attributes/default.rb b/cookbooks/civicrm/attributes/default.rb index ca5333e59..2ef110a2f 100644 --- a/cookbooks/civicrm/attributes/default.rb +++ b/cookbooks/civicrm/attributes/default.rb @@ -68,7 +68,7 @@ default[:civicrm][:extensions][:omnipay][:revision] = "3.23" # Pay with Stripe default[:civicrm][:extensions][:stripe][:name] = "com.drastikbydesign.stripe" default[:civicrm][:extensions][:stripe][:repository] = "https://lab.civicrm.org/extensions/stripe.git" -default[:civicrm][:extensions][:stripe][:revision] = "6.9.4" +default[:civicrm][:extensions][:stripe][:revision] = "6.10.2" # Stripe requires mjwshared ("payment shared") default[:civicrm][:extensions][:mjwshared][:name] = "com.mjwconsult.mjwshared" -- 2.45.1 From 96e2ac0bfb678221faaa0feba7039deeb853ddf0 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Wed, 22 May 2024 08:16:23 +0100 Subject: [PATCH 13/16] Fix incorrect alert annotation --- cookbooks/prometheus/templates/default/alert_rules.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/prometheus/templates/default/alert_rules.yml.erb b/cookbooks/prometheus/templates/default/alert_rules.yml.erb index a0cea5792..fdb90765b 100644 --- a/cookbooks/prometheus/templates/default/alert_rules.yml.erb +++ b/cookbooks/prometheus/templates/default/alert_rules.yml.erb @@ -118,7 +118,7 @@ groups: labels: alertgroup: database annotations: - delay: "{{ $value }}" + queries: "{{ $value }}" - name: discourse rules: - alert: discourse job failure rate -- 2.45.1 From 15dbc1355fb4cea1b5c4998791900b6c0c3ba3cb Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Sat, 25 May 2024 07:40:32 +0100 Subject: [PATCH 14/16] Update bundle --- Gemfile | 1 - Gemfile.lock | 21 ++++++++++----------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/Gemfile b/Gemfile index b3ddc3de8..ec9eb03b0 100644 --- a/Gemfile +++ b/Gemfile @@ -3,5 +3,4 @@ source "https://rubygems.org" gem "cookstyle" gem "kitchen-dokken" gem "kitchen-inspec" -gem "parser", "!= 3.3.1.0" gem "test-kitchen" diff --git a/Gemfile.lock b/Gemfile.lock index 45b76e6c5..e7a993a61 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -270,7 +270,7 @@ GEM azure_mgmt_storage (0.23.0) ms_rest_azure (~> 0.12.0) base64 (0.2.0) - bcrypt_pbkdf (1.1.0) + bcrypt_pbkdf (1.1.1) bigdecimal (3.1.8) bson (4.15.0) builder (3.2.4) @@ -399,10 +399,9 @@ GEM concurrent-ruby (~> 1.0) ice_nine (0.11.2) inifile (3.0.0) - inspec (5.22.40) - cookstyle + inspec (5.22.50) faraday_middleware (>= 0.12.2, < 1.3) - inspec-core (= 5.22.40) + inspec-core (= 5.22.50) mongo (= 2.13.2) progress_bar (~> 1.3.3) rake @@ -411,9 +410,10 @@ GEM train-habitat (~> 0.1) train-kubernetes (~> 0.1) train-winrm (~> 0.2) - inspec-core (5.22.40) + inspec-core (5.22.50) addressable (~> 2.4) chef-telemetry (~> 1.0, >= 1.0.8) + cookstyle faraday (>= 1, < 3) faraday-follow_redirects (~> 0.3) hashie (>= 3.4, < 6.0) @@ -470,7 +470,7 @@ GEM multi_json (~> 1.14) method_source (1.1.0) mini_mime (1.1.5) - minitest (5.23.0) + minitest (5.23.1) mixlib-config (3.0.27) tomlrb mixlib-install (3.12.30) @@ -505,7 +505,7 @@ GEM options (2.3.2) os (1.1.4) parallel (1.24.0) - parser (3.3.0.5) + parser (3.3.1.0) ast (~> 2.4.1) racc parslet (2.0.0) @@ -518,7 +518,7 @@ GEM coderay (~> 1.1) method_source (~> 1.0) public_suffix (5.0.5) - racc (1.7.3) + racc (1.8.0) rainbow (3.1.1) rake (13.2.1) recursive-open-struct (1.1.3) @@ -555,8 +555,8 @@ GEM rubocop-ast (>= 1.15.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.31.2) - parser (>= 3.3.0.4) + rubocop-ast (1.31.3) + parser (>= 3.3.1.0) ruby-progressbar (1.13.0) ruby2_keywords (0.0.5) rubyntlm (0.6.3) @@ -760,7 +760,6 @@ DEPENDENCIES cookstyle kitchen-dokken kitchen-inspec - parser (!= 3.3.1.0) test-kitchen BUNDLED WITH -- 2.45.1 From 3204df8c9e220f9b5b749db61c11bd4363b941ac Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Fri, 24 May 2024 19:09:54 +0100 Subject: [PATCH 15/16] Disable OAuth 1.0a and basic authentication --- cookbooks/web/recipes/cgimap.rb | 2 +- cookbooks/web/resources/rails_port.rb | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/cookbooks/web/recipes/cgimap.rb b/cookbooks/web/recipes/cgimap.rb index d36550684..7188b5373 100644 --- a/cookbooks/web/recipes/cgimap.rb +++ b/cookbooks/web/recipes/cgimap.rb @@ -64,7 +64,7 @@ systemd_service "cgimap" do user "rails" group "www-data" umask "0002" - exec_start "/usr/bin/openstreetmap-cgimap --daemon --instances 30" + exec_start "/usr/bin/openstreetmap-cgimap --daemon --instances 30 --basic_auth_support false --oauth_10_support falsE" exec_reload "/bin/kill -HUP $MAINPID" runtime_directory "cgimap" private_tmp true diff --git a/cookbooks/web/resources/rails_port.rb b/cookbooks/web/resources/rails_port.rb index 3f5078d34..debc4db50 100644 --- a/cookbooks/web/resources/rails_port.rb +++ b/cookbooks/web/resources/rails_port.rb @@ -364,7 +364,9 @@ action :create do "max_number_of_way_nodes" => node[:web][:max_number_of_way_nodes], "max_number_of_relation_members" => node[:web][:max_number_of_relation_members], "oauth_10_support" => false, - "oauth_10_registration" => false + "oauth_10_registration" => false, + "oauth_10a_support" => false, + "basic_auth_support" => false ) if new_resource.memcache_servers -- 2.45.1 From 150799f5bbfb2ec4316584b15a0a773959ab63db Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Mon, 27 May 2024 11:09:01 +0100 Subject: [PATCH 16/16] Revert "Disable OAuth 1.0a and basic authentication" This reverts commit 3204df8c9e220f9b5b749db61c11bd4363b941ac. --- cookbooks/web/recipes/cgimap.rb | 2 +- cookbooks/web/resources/rails_port.rb | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/cookbooks/web/recipes/cgimap.rb b/cookbooks/web/recipes/cgimap.rb index 7188b5373..d36550684 100644 --- a/cookbooks/web/recipes/cgimap.rb +++ b/cookbooks/web/recipes/cgimap.rb @@ -64,7 +64,7 @@ systemd_service "cgimap" do user "rails" group "www-data" umask "0002" - exec_start "/usr/bin/openstreetmap-cgimap --daemon --instances 30 --basic_auth_support false --oauth_10_support falsE" + exec_start "/usr/bin/openstreetmap-cgimap --daemon --instances 30" exec_reload "/bin/kill -HUP $MAINPID" runtime_directory "cgimap" private_tmp true diff --git a/cookbooks/web/resources/rails_port.rb b/cookbooks/web/resources/rails_port.rb index debc4db50..3f5078d34 100644 --- a/cookbooks/web/resources/rails_port.rb +++ b/cookbooks/web/resources/rails_port.rb @@ -364,9 +364,7 @@ action :create do "max_number_of_way_nodes" => node[:web][:max_number_of_way_nodes], "max_number_of_relation_members" => node[:web][:max_number_of_relation_members], "oauth_10_support" => false, - "oauth_10_registration" => false, - "oauth_10a_support" => false, - "basic_auth_support" => false + "oauth_10_registration" => false ) if new_resource.memcache_servers -- 2.45.1