1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-18 19:40:55 +01:00
Commit graph

16 commits

Author SHA1 Message Date
Chad Little
fe5cd4ca2c Move FontIcon calls to Icon
Summary: Normalizes all `setFontIcon` calls to `setIcon`.

Test Plan: UIExamples, Almanac, Apps list, etc.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, hach-que, yelirekim

Differential Revision: https://secure.phabricator.com/D15129
2016-01-28 08:48:45 -08:00
Joshua Spence
8bacb3da23 Lock daemon configuration
Summary: I feel like the daemon configuration should be locked from editing from the web UI, given that much of it won't work unless the daemons are restarted anyway.

Test Plan: N/A

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14867
2015-12-24 11:15:07 +11:00
Joshua Spence
321c61a853 Remove daemon envHash and envInfo
Summary: Ref T7053. Remove the `envHash` and `envInfo` fields, which are no longer used now that the daemons restart automagically. Depends on D14458.

Test Plan: Saw no more setup issues.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: tycho.tatitscheff, epriestley

Maniphest Tasks: T7053

Differential Revision: https://secure.phabricator.com/D14446
2015-11-11 08:54:45 +11:00
epriestley
9c798e5cca Provide bin/garbage for interacting with garbage collection
Summary:
Fixes T9494. This:

  - Removes all the random GC.x.y.z config.
  - Puts it all in one place that's locked and which you use `bin/garbage set-policy ...` to adjust.
  - Makes every TTL-based GC configurable.
  - Simplifies the code in the actual GCs.

Test Plan:
  - Ran `bin/garbage collect` to collect some garbage, until it stopped collecting.
  - Ran `bin/garbage set-policy ...` to shorten policy. Saw change in web UI. Ran `bin/garbage collect` again and saw it collect more garbage.
  - Set policy to indefinite and saw it not collect garabge.
  - Set policy to default and saw it reflected in web UI / `collect`.
  - Ran `bin/phd debug trigger` and saw all GCs fire with reasonable looking queries.
  - Read new docs.

{F857928}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9494

Differential Revision: https://secure.phabricator.com/D14219
2015-10-02 09:17:24 -07:00
Joshua Spence
36e2d02d6e phtize all the things
Summary: `pht`ize a whole bunch of strings in rP.

Test Plan: Intense eyeballing.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12797
2015-05-22 21:16:39 +10:00
cpettet
a43e7b292c phd.verbose config key description typo
Summary: Miniscule typo patch.

Test Plan: None really!

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11986
2015-03-05 10:41:19 -08:00
epriestley
af303f458b Convert taskmasters to use an autoscale pool
Summary: Ref T7352. This is pretty straightforward. I renamed `phd.start-taskmasters` to `phd.taskmasters` for clarity.

Test Plan:
  - Ran `phd start`, `phd start --autoscale-reserve 0.25`, `phd restart --autoscale-reserve 0.25`, etc.
  - Examined PID file to see options were passed.
  - I'm defaulting this off (0 reserve) and making it a flag rather than an option because it's a very advanced feature which is probably not useful outside of instancing.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7352

Differential Revision: https://secure.phabricator.com/D11871
2015-02-24 14:50:38 -08:00
Chad Little
ae7dc8b9d2 Add getGroup to ConfigOptions
Summary: Adds core and apps grouping to configuration options, makes it somewhat easier to browse config options.

Test Plan: Set each option, review list. Breakdown is nearly 50/50 apps/core.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11722
2015-02-09 13:10:56 -08:00
Chad Little
99292c5c6a Use icons with Config Options page
Summary: This sets an icon for each config, makes it easier to scan.

Test Plan:
Reload Config page, see all new icons

{F281089}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11619
2015-02-02 10:17:25 -08:00
Bob Trahan
923096efc8 Config - add phd.variant-config to suppress "Daemon & Web config" error message on a per key basis
Summary: Fixes T6959.

Test Plan: When I was ready to test the feature, the "Daemon & Web config" error already showed up, from having added phd.variant-config. I went meta and changed the value of phd.variant-config to have phd.variant-config. The config error disappeared. I then changed the conpherence setting about conpherence email prefix and the error showed up again. Removing the conpherence config setting made the error disappear once more.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6959

Differential Revision: https://secure.phabricator.com/D11399
2015-01-14 13:46:31 -08:00
Joshua Spence
0a62f13464 Change double quotes to single quotes.
Summary: Ran `arc lint --apply-patches --everything` over rP, mainly to change double quotes to single quotes where appropriate. These changes also validate that the `ArcanistXHPASTLinter::LINT_DOUBLE_QUOTE` rule is working as expected.

Test Plan: Eyeballed it.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9431
2014-06-09 11:36:50 -07:00
epriestley
7145587df7 Lock down some config options
Summary:
This is just a general review of config options, to reduce the amount of damage a rogue administrator (without host access) can do. In particular:

  - Fix some typos.
  - Lock down some options which would potentially let a rogue administrator do something sketchy.
    - Most of the new locks relate to having them register a new service account, then redirect services to their account. This potentially allows them to read email.
    - Lock down some general disk stuff, which could be troublesome in combination with other vulnerabilities.

Test Plan:
  - Read through config options.
  - Tried to think about how to do evil things with each one.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8928
2014-05-01 10:23:49 -07:00
epriestley
476b27d9c8 Add "phd.user" with sudo hooks for SSH/HTTP writes
Summary:
Ref T2230. When fully set up, we have up to three users who all need to write into the repositories:

  - The webserver needs to write for HTTP receives.
  - The SSH user needs to write for SSH receives.
  - The daemons need to write for "git fetch", "git clone", etc.

These three users don't need to be different, but in practice they are often not likely to all be the same user. If for no other reason, making them all the same user requires you to "git clone httpd@host.com", and installs are likely to prefer "git clone git@host.com".

Using three different users also allows better privilege separation. Particularly, the daemon user can be the //only// user with write access to the repositories. The webserver and SSH user can accomplish their writes through `sudo`, with a whitelisted set of commands. This means that even if you compromise the `ssh` user, you need to find a way to escallate from there to the daemon user in order to, e.g., write arbitrary stuff into the repository or bypass commit hooks.

This lays some of the groundwork for a highly-separated configuration where the SSH and HTTP users have the fewest privileges possible and use `sudo` to interact with repositories. Some future work which might make sense:

  - Make `bin/phd` respect this (require start as the right user, or as root and drop privileges, if this configuration is set).
  - Execute all `git/hg/svn` commands via sudo?

Users aren't expected to configure this yet so I haven't written any documentation.

Test Plan:
Added an SSH user ("dweller") and gave it sudo by adding this to `/etc/sudoers`:

   dweller ALL=(epriestley) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack

Then I ran git pushes and pulls over SSH via "dweller@localhost". They successfully interacted with the repository on disk as the "epriestley" user.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2230

Differential Revision: https://secure.phabricator.com/D7589
2013-11-18 08:58:35 -08:00
Ricky Elrod
8b1fb16865 Don't preface 'Daemons' with 'Phabricator'.
Summary:
It's obvious that they're Phabricator related (why else would we provide
settings for them) and nothing else is prefaced.

Test Plan: Looked at /config/

Reviewers: epriestley, chad, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2255

Differential Revision: https://secure.phabricator.com/D4471
2013-01-16 09:47:29 -08:00
epriestley
bc2db90f61 Minor, fix old call to setOptions() introduced out of order.
Auditors: codeblock
2013-01-09 08:15:18 -08:00
Ricky Elrod
cdaf898b9c PHD Options.
Test Plan: Looked at the options render properly.

Reviewers: epriestley, btrahan, chad

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2255

Differential Revision: https://secure.phabricator.com/D4367
2013-01-09 06:05:36 -08:00