Mailing List Archive

On Fri, Jan 27, 2023 at 9:20 AM Dima Pasechnik <dimpase@gmail.com> wrote:

> Hello,
> our no longer really maintained, but actively used, trac installation
> https://trac.sagemath.org/ is in the process of migrating to another
> platform.
> However, we'd like to keep it up in a read-only form.
> It's running Trac 1.2 - yes, severe shortage of hands to maintain it
>
> I'm looking for an advice on how to achieve this with minimal intervention,
> hopefully easily reversible (if migration process will need to be
> rescheduled
> we'd like to resume using trac for a while).
> Ideally, I'd like to do so just by modifying trac.ini
>
> Dmitrii
>

Read-only can be achieved by revoking permissions. For the most part, just
leave _VIEW permissions for standard users. You can set up permissions
groups and continue to allow other users to have write access if you'd
like, such as admins.
https://trac.edgewall.org/wiki/TracPermissions

The permissions are stored in the database. You may want to screen-capture
your current permissions and groups before making any changes, so you can
return to it later if needed.

Let us know if you need any additional pointers.

Ryan

--
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to trac-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/trac-users/CA%2BBGpn8h8O08oz_v8jznHgSBYLP9whGE2Ko24OWynQj4aXw1rw%40mail.gmail.com.

On Friday, January 27, 2023 at 9:20:47 AM UTC-8 dim...@gmail.com wrote:
Hello,
our no longer really maintained, but actively used, trac installation
https://trac.sagemath.org/ is in the process of migrating to another
platform.
However, we'd like to keep it up in a read-only form.
It's running Trac 1.2 - yes, severe shortage of hands to maintain it

I'm looking for an advice on how to achieve this with minimal intervention,
hopefully easily reversible (if migration process will need to be
rescheduled
we'd like to resume using trac for a while).
Ideally, I'd like to do so just by modifying trac.ini

Dmitrii

Read-only can be achieved by revoking permissions. For the most part, just
leave _VIEW permissions for standard users. You can set up permissions
groups and continue to allow other users to have write access, such as
admins, if you'd like.
https://trac.edgewall.org/wiki/TracPermissions

The permissions are stored in the database. You may want to screen-capture
your current permissions and groups before making any changes, so you can
return to it later if needed.

Let us know if you need any additional pointers.

Ryan

--
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to trac-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/trac-users/f7ca7db0-c6af-489a-8816-c0c8e8715e9cn%40googlegroups.com.

On Fri, Jan 27, 2023 at 5:39 PM RjOllos <rjollos@gmail.com> wrote:
>
> On Friday, January 27, 2023 at 9:20:47 AM UTC-8 dim...@gmail.com wrote:
> our no longer really maintained, but actively used, trac installation
> https://trac.sagemath.org/ is in the process of migrating to another platform.
> However, we'd like to keep it up in a read-only form.
> It's running Trac 1.2 - yes, severe shortage of hands to maintain it
>
> I'm looking for an advice on how to achieve this with minimal intervention,
> hopefully easily reversible (if migration process will need to be rescheduled
> we'd like to resume using trac for a while).
> Ideally, I'd like to do so just by modifying trac.ini
>
> Read-only can be achieved by revoking permissions. For the most part, just leave _VIEW permissions for standard users. You can set up permissions groups and continue to allow other users to have write access, such as admins, if you'd like.
> https://trac.edgewall.org/wiki/TracPermissions

unfortunately it's got rather misconfigured at some point:

--------------------------------------------------------------------------
$ sudo trac-admin /srv/trac/sage_trac permission list
Error: Failed to clone gitolite-admin repository: Cloning into
'/srv/trac/sage_trac/gitolite-admin'...
fatal: 'gitolite-admin' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
----------------------------------------------------------------------------
or even

$ sudo trac-admin /srv/trac/sage_trac
Welcome to trac-admin 1.2
Interactive Trac administration console.
Copyright (C) 2003-2013 Edgewall Software

Type: '?' or 'help' for help on commands.

Trac [/srv/trac/sage_trac]> help
trac-admin - The Trac Administration Console 1.2
TracError: Failed to clone gitolite-admin repository: Cloning into
'/srv/trac/sage_trac/gitolite-admin'...
fatal: 'gitolite-admin' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Trac [/srv/trac/sage_trac]>

---------------------------------------------------

I have no idea why trac-admin wants to clone (!) this repo - and I
don't understand where it even gets
" gitolite-admin" (we do have a repository on the host, with this
name, containing ssh keys of users).
Is it a hack hardcoded somewhere? Or it's somehow parsing the directory tree?

I think what we're running a standard Trac package on Ubuntu 18.04:
https://packages.ubuntu.com/source/bionic/trac
(that was an update of some older hand-installed version in /usr/local)

>
> The permissions are stored in the database. You may want to screen-capture your current permissions and groups before making any changes, so you can return to it later if needed.

Well, as I can't use trac-admin (and there is no web admin interface
on on my account, not sure whether without
a working trac-admin it's possible to bring it up) my current plan is to

1) disable tracext.github.githubloginmodule in trac.ini (we allow
GitHub-authenticated users access to tickets and git tree)
2) point htdigest_file in trac.ini to a file without any actual passwords

I suppose 1)+2) should make tickets effectively read-only.
To make git tree read-only, one apparently still needs to disable ssh
authentication,
and I can't think of anything less intrusive than

3) removing all the ssh keys uploaded and stored
in the said gitolite-admin git repo (I can push there, and it appears
to effect changes)


>
> Let us know if you need any additional pointers.

In trac.ini there is a section

[sage_trac]
cgit_host = git.sagemath.org
cgit_repository = sage.git
github_url = https://github.com/sagemath/sagetrac-mirror
....

which seems to describe the local confg (all these values make perfect sense)
- bit I can't seem to find any docs on this.

And if you could tell me how this "git clone" thing can be avoided, so
that trac-admin becomes usable...


Dima

>
> Ryan
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Trac Users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/trac-users/C_ZFXu39jN4/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to trac-users+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/trac-users/f7ca7db0-c6af-489a-8816-c0c8e8715e9cn%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to trac-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/trac-users/CAAWYfq3y75D2Z8dQTuzw6zCsg8VY7o1Ord3xaAMAevn44Ha_LQ%40mail.gmail.com.

OK, the problem with trac-admin was due to our own old plugin,
https://github.com/sagemath/sage_trac_plugin,
which caused weirdness when run under root. Under a correct user, it went OK.
Hopefully the rest is manageable.
Sorry for noise,

Dmitrii

On Fri, Jan 27, 2023 at 7:54 PM Dima Pasechnik <dimpase@gmail.com> wrote:
>
> On Fri, Jan 27, 2023 at 5:39 PM RjOllos <rjollos@gmail.com> wrote:
> >
> > On Friday, January 27, 2023 at 9:20:47 AM UTC-8 dim...@gmail.com wrote:
> > our no longer really maintained, but actively used, trac installation
> > https://trac.sagemath.org/ is in the process of migrating to another platform.
> > However, we'd like to keep it up in a read-only form.
> > It's running Trac 1.2 - yes, severe shortage of hands to maintain it
> >
> > I'm looking for an advice on how to achieve this with minimal intervention,
> > hopefully easily reversible (if migration process will need to be rescheduled
> > we'd like to resume using trac for a while).
> > Ideally, I'd like to do so just by modifying trac.ini
> >
> > Read-only can be achieved by revoking permissions. For the most part, just leave _VIEW permissions for standard users. You can set up permissions groups and continue to allow other users to have write access, such as admins, if you'd like.
> > https://trac.edgewall.org/wiki/TracPermissions
>
> unfortunately it's got rather misconfigured at some point:
>
> --------------------------------------------------------------------------
> $ sudo trac-admin /srv/trac/sage_trac permission list
> Error: Failed to clone gitolite-admin repository: Cloning into
> '/srv/trac/sage_trac/gitolite-admin'...
> fatal: 'gitolite-admin' does not appear to be a git repository
> fatal: Could not read from remote repository.
>
> Please make sure you have the correct access rights
> and the repository exists.
> ----------------------------------------------------------------------------
> or even
>
> $ sudo trac-admin /srv/trac/sage_trac
> Welcome to trac-admin 1.2
> Interactive Trac administration console.
> Copyright (C) 2003-2013 Edgewall Software
>
> Type: '?' or 'help' for help on commands.
>
> Trac [/srv/trac/sage_trac]> help
> trac-admin - The Trac Administration Console 1.2
> TracError: Failed to clone gitolite-admin repository: Cloning into
> '/srv/trac/sage_trac/gitolite-admin'...
> fatal: 'gitolite-admin' does not appear to be a git repository
> fatal: Could not read from remote repository.
>
> Please make sure you have the correct access rights
> and the repository exists.
>
> Trac [/srv/trac/sage_trac]>
>
> ---------------------------------------------------
>
> I have no idea why trac-admin wants to clone (!) this repo - and I
> don't understand where it even gets
> " gitolite-admin" (we do have a repository on the host, with this
> name, containing ssh keys of users).
> Is it a hack hardcoded somewhere? Or it's somehow parsing the directory tree?
>
> I think what we're running a standard Trac package on Ubuntu 18.04:
> https://packages.ubuntu.com/source/bionic/trac
> (that was an update of some older hand-installed version in /usr/local)
>
> >
> > The permissions are stored in the database. You may want to screen-capture your current permissions and groups before making any changes, so you can return to it later if needed.
>
> Well, as I can't use trac-admin (and there is no web admin interface
> on on my account, not sure whether without
> a working trac-admin it's possible to bring it up) my current plan is to
>
> 1) disable tracext.github.githubloginmodule in trac.ini (we allow
> GitHub-authenticated users access to tickets and git tree)
> 2) point htdigest_file in trac.ini to a file without any actual passwords
>
> I suppose 1)+2) should make tickets effectively read-only.
> To make git tree read-only, one apparently still needs to disable ssh
> authentication,
> and I can't think of anything less intrusive than
>
> 3) removing all the ssh keys uploaded and stored
> in the said gitolite-admin git repo (I can push there, and it appears
> to effect changes)
>
>
> >
> > Let us know if you need any additional pointers.
>
> In trac.ini there is a section
>
> [sage_trac]
> cgit_host = git.sagemath.org
> cgit_repository = sage.git
> github_url = https://github.com/sagemath/sagetrac-mirror
> ....
>
> which seems to describe the local confg (all these values make perfect sense)
> - bit I can't seem to find any docs on this.
>
> And if you could tell me how this "git clone" thing can be avoided, so
> that trac-admin becomes usable...
>
>
> Dima
>
> >
> > Ryan
> >
> > --
> > You received this message because you are subscribed to a topic in the Google Groups "Trac Users" group.
> > To unsubscribe from this topic, visit https://groups.google.com/d/topic/trac-users/C_ZFXu39jN4/unsubscribe.
> > To unsubscribe from this group and all its topics, send an email to trac-users+unsubscribe@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/trac-users/f7ca7db0-c6af-489a-8816-c0c8e8715e9cn%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to trac-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/trac-users/CAAWYfq0vfrvpfTR%3Dm0j8pgAoSUuKRcBYJc938cTGOr9H%3DLZvYQ%40mail.gmail.com.