| [11:40:35] | * christefano has quit (Ping timeout: 260 seconds) |
| [11:43:52] | * christefano has joined #aegir |
| [12:10:21] | * christefano has quit (Quit: christefano) |
| [12:25:00] | * elijah has quit (Quit: Connection closed for inactivity) |
| [15:28:55] | * Wayne__ has joined #aegir |
| [15:46:07] | * Wayne__ has quit (Quit: Page closed) |
| [18:26:20] | * boshtian has joined #aegir |
| [19:27:21] | * ybabel has joined #aegir |
| [21:08:43] | * hestenet has quit (Read error: Connection reset by peer) |
| [21:09:05] | * hestenet has joined #aegir |
| [21:41:40] | * oluabbeys has joined #aegir |
| [21:42:32] | * oluabbeys has quit (Client Quit) |
| [02:52:05] | * boshtian has quit (Quit: boshtian) |
| [03:25:20] | * boshtian has joined #aegir |
| [03:35:31] | * shaneonabike1 has joined #aegir |
| [04:37:05] | * boshtian has quit (Quit: boshtian) |
| [06:21:51] | <helmo> | Scrum in 40 minutes? |
| [06:22:36] | * colan is around |
| [07:01:44] | <helmo> | Hi all, ergonlog1c bgm jonpugh colan cweagans gboudrias memtkmcc .. It's Scrum time. |
| [07:01:55] | <bgm> | hey |
| [07:01:55] | <hefring> | what's up |
| [07:02:12] | <helmo> | Although maybe it should have been an hour ago ;) |
| [07:03:13] | <helmo> | - slamed my head against docker to get my feature/quick-review branches in hosting, hostmaster and provision running in one container. |
| [07:04:19] | <helmo> | I have a a few tweaks that I can commit there but somehow it's not always picking up the right version of provision :( |
| [07:05:51] | <helmo> | With that I've been revewing a few patches here and there ... but that's readable in the queues |
| [07:06:24] | <helmo> | - The oldest needs-review item of the week is still https://www.drupal.org/node/2413023 |
| [07:06:25] | <hefring> | https://www.drupal.org/node/2413023 => Dupal 8 support for watchdog access [#2413023] => 2 comments, 2 IRC mentions |
| [07:07:06] | <helmo> | That I was reviewing just now... and am about to commit the gist of it... |
| [07:08:00] | <helmo> | The layout of the watchdog tab does need some work though ... I'll create a separate issue for that, which can then also re-activate the hook_menu item. |
| [07:08:22] | <helmo> | bgm: What are you working on? |
| [07:10:48] | <bgm> | nothing specific on my end that made it upstream. some nitty-gritty client-specific stuff mostly. |
| [07:11:11] | <bgm> | had a funny incident with someone trying to scam some clients because of hosting_git and drupal6: https://www.bidon.ca/fr/random/2016-11-22-email-security-scams-and-publi... |
| [07:12:09] | * colan turns up |
| [07:15:02] | <helmo> | hmm .git/* should always be blocked ... I havn't read the whole post yet but is there something Aegir can add? |
| [07:15:20] | <colan> | yeah, was just about to ask. we should put something in the web server config. |
| [07:16:02] | <bgm> | d7 blocs it by default in the .htaccess, and pretty sure that nginx blocks most of it (although the nginx config is very paranoid, and I often end up disabling some things) |
| [07:16:22] | <colan> | https://www.nginx.com/resources/wiki/start/topics/recipes/drupal/ |
| [07:16:34] | <helmo> | I have a similar rule in most of my web server configs |
| [07:16:56] | <colan> | memtkmcc told me we're doing everything there like the .* blocking, but not sure about d6. |
| [07:17:15] | <colan> | but that's just nginx, not sure about apache. |
| [07:17:16] | <bgm> | yep, the default nginx/aegir config would block it |
| [07:17:24] | <bgm> | but apache+d6 would not block it |
| [07:17:28] | <colan> | :( |
| [07:17:42] | <colan> | bgm: patch forthcoming then? :) |
| [07:17:59] | <bgm> | i.e. my client was affected.. they had a few orgs that received that email, with screenshot of the file listing |
| [07:18:33] | <colan> | although we're not officially supporting d6, it's an easy thing to throw in for better security. |
| [07:18:50] | <colan> | so i think it would be good to add to our apache config. |
| [07:18:56] | <bgm> | should it be part of hosting_git, or general hosting? |
| [07:19:05] | <colan> | general. |
| [07:19:06] | <helmo> | general |
| [07:19:12] | <bgm> | :) |
| [07:19:22] | <colan> | bgm: all .* stuff, like nginx is doing there. |
| [07:19:42] | <bgm> | nginx can be pita sometimes.. .* can block .well-known, for example |
| [07:19:59] | <colan> | as i discovered today.... |
| [07:20:04] | <bgm> | and nginx used to block things like '&', because it block all ";" to protect against SQLi |
| [07:20:26] | <colan> | i'd rather it be restrictive than permissive by default. |
| [07:20:29] | <bgm> | (I think I complained about it, and omega8 moved it to the -extra config set) |
| [07:21:26] | <bgm> | tangential, but if we block stuff, it's recommended to 404 those URLs because most scanners flag the 403 as a warning, but then it can be difficult to debug. |
| [07:21:46] | <helmo> | Something like: RedirectMatch 404 .*/\.git(/|$) |
| [07:22:07] | <bgm> | yep, that's what i've been using, in my provision custom module |
| [07:22:34] | <colan> | .* though, not just git. well-known can have an override (but maybe i'm being paranoid) |
| [07:23:49] | <bgm> | https://github.com/coopsymbiotic/provision_symbiotic/blob/master/verify.... |
| [07:23:52] | <bgm> | i'm using that for now |
| [07:25:45] | <bgm> | (hmm, I haven't really tested in that specific module, mostly copy-pated from another client's custom non-public provision module) |
| [07:26:28] | <helmo> | We could even add it server wide ... in ./http/Provision/Config/Apache/server.tpl.php |
| [07:28:47] | <bgm> | makes sense |
| [07:34:13] | <helmo> | Any other subjects? |
| [07:35:00] | <colan> | https://gitlab.com/aegir/hosting_https is now ready for testing. |
| [07:35:17] | <colan> | i'm doing that now, and fixing little issues here & there. |
| [07:35:46] | <colan> | apache testing is especially needed as i don't run it. |
| [07:35:56] | <colan> | going well with nginx though. |
| [07:36:31] | <bgm> | colan: cool, I can do some Apache testing |
| [07:36:40] | <helmo> | ok I'll try it in the comming week |
| [07:36:55] | <colan> | great. i'll have the README updated by then :) |
| [07:37:14] | <bgm> | colan: i was curious, in its current state, does it regenerate certs only on verify, and not a regular queue task to renew expired certs? |
| [07:37:45] | <bgm> | (because of issues in the past, I've been using some hybrid solution for LE, and slowly standardising as the module moves forward) |
| [07:39:47] | <ergonlog1c> | sorry, running late. I'll read the backlog to catch up |
| [07:40:18] | <colan> | bgm: great question! i just created https://gitlab.com/aegir/hosting_https/issues/17 |
| [07:40:43] | <colan> | bgm: if you want to work on that, please steal from me. |
| [07:40:58] | <bgm> | oh ok, cool :) |
| [07:41:26] | <bgm> | to be absolutely honest, unlikely, but if I do I'll ping you :) |
| [07:42:00] | <colan> | k. the first step is https://gitlab.com/aegir/hosting_https/issues/15, which i'm working on now. this one is a prereq. |
| [07:42:45] | * colan waves to ergonlog1c |
| [07:47:21] | <ergonlog1c> | hmm, that .git issue is concerning... It only affects D6? |
| [07:48:15] | <bgm> | ergonlog1c: yes |
| [07:48:25] | <bgm> | d6 on apache, specifically |
| [07:49:09] | <ergonlog1c> | ok, so a fix would be good, even if D6 i EOL |
| [07:49:46] | <bgm> | i added a note in my backlog |
| [07:49:53] | <ergonlog1c> | helmo: I don't *think* a security issue is warranted, but I'll deferto your judgement |
| [07:50:30] | <helmo> | ergonlog1c: neither do I |
| [07:52:53] | <ergonlog1c> | colan: I don't expect to be deploying https for NDI for another months or two. But at that point, I'll be able to give it more thorough testing. In the mean time, let me know if/how I can help |
| [07:54:17] | <ergonlog1c> | the pressing issue look reasonably easy to resolve |
| [07:54:21] | <ergonlog1c> | issues* |
| [07:55:47] | <colan> | ergonlog1c: ok, may ping to you if i need help. |
| [07:56:33] | <colan> | no idea how to do the cron stuff, but i'll try to find an example of this from somewhere. |
| [07:56:59] | <ergonlog1c> | there are a number of examples of queues out there... |
| [07:57:23] | <ergonlog1c> | there's one in hosting_probes, for example |
| [07:57:45] | <ergonlog1c> | hosting_civicrm has one too |
| [07:58:14] | <colan> | so a new queue type, can't add to an existing one? |
| [07:58:55] | <ergonlog1c> | these are separate from the task queue |
| [07:59:06] | <ergonlog1c> | so, yeah, you'll need a new one |
| [08:01:01] | <ergonlog1c> | for my part, I've been working on https://gitlab.com/aegir/aegir/issues/5 |
| [08:01:39] | <ergonlog1c> | basically just getting a solid template entity with bundles, revisions and translations |
| [08:01:48] | <ergonlog1c> | and fieldable, of course |
| [08:02:05] | <ergonlog1c> | there's a surprising amount of boilerplate involved |
| [08:02:43] | <ergonlog1c> | anyway, it's coming along reasonably well, and I've got test coverage back up to ~85% |
| [08:03:18] | <ergonlog1c> | that last 15% is a bit tricky, since it's mostly translation stuff |
| [08:03:49] | <ergonlog1c> | along with some methods required by the entity interface, but not used in normal operation |
| [08:04:14] | <ergonlog1c> | so, I figure to switch to simpletests to exercise that bit |
| [08:05:21] | <ergonlog1c> | I could use a hand with an odd bug I'm facing with router/local_tasks |
| [08:05:44] | <ergonlog1c> | if anyone here is familiar with those systems |
| [08:05:53] | <ergonlog1c> | router/menu, that is |
| [08:05:56] | <ergonlog1c> | in D8 |
| [08:06:16] | <helmo> | sorry, no :( |
| [08:06:29] | <helmo> | Have you peeked at the results from https://www.drupal.org/project/drupalmoduleupgrader |
| [08:06:57] | <ergonlog1c> | basically, the entity 'edit' tab and the field tabs refuse to appear together... |
| [08:07:17] | * shaneonabike1 has quit (Ping timeout: 248 seconds) |
| [08:10:27] | <ergonlog1c> | I used drupal-console to generate the entities, and have just been tweaking them since |
| [08:10:44] | <ergonlog1c> | that provided a mostly working base-line |
| [08:10:56] | <ergonlog1c> | anyway, I'll work it out |
| [08:28:02] | * helmo waves goodnight |
| [08:29:00] | * ybabel has quit (Quit: ybabel) |
