Build Service needs an openid.
Imagine following case: upstream needs an environment to reproduce build failure/ test failure, the best option would be osc co prj/pkg; osc build; osc chroot. But that requires Novell account. Having openid here will lower down the barrier.
Webui now works with Persona. API uses Devise with ichain plugin.
TODO:
*Generate token from WebUI, so we can talk to API directly
*Don't generate passwords for Persona logins
*Try Coolo's patches
This project is part of:
Hack Week 10
Activity
Comments
-
over 11 years ago by ancorgs | Reply
I would suggest to adapt OBS to use Devise [1], so you can use [2] for replacing current iChain (Novell account) login, [3] for implementing openid and A LOT of other authentication backends [4].
[1] https://github.com/plataformatec/devise/ [2] https://github.com/openSUSE/deviseichainauthenticatable [3] https://github.com/nbudin/deviseopenidauthenticatable [4] https://github.com/search?q=devise
-
over 11 years ago by coolo | Reply
if your target is osc co; osc build for upstreams it would be much better to get rid of this strange limitation that you can only use the webui anonymously. Adrian is afraid that we will be overrun if we allow anonymous build, but seriously - you can do that now with an interconnect and there is no need to authentificate whatsoever.
Similar Projects
Explore the integration between OBS and GitHub by pdostal
Project Description
The goals:
1) When GitHub pull request is created or modified the OBS project will be forked and the build results reported back to GitHub. 2) When new version of the GitHub project will be published the OBS will redownload the source and rebuild the project.
Goal for this Hackweek
Do as much as possible, blog about it and maybe use it another existing project.
Resources
- The Blog post
- Issue: poo#123858 - build.opensuse.org: /usr/lib/obs/service//go_modules.service No such file or directory
Bootstrap openSUSE on LoongArch by glaubitz
Description
LoongArch is a new architecture from China which has its roots in the MIPS architecture. It has been created by Loongson and is already supported by Debian Ports, Gentoo and Loongnix.
Upstream support for LoongArch is already quite complete which includes LLVM, Rust, Golang, GRUB, QEMU, LibreOffice and many more. In Debian Ports, where the port is called "loong64", more than 95% of the whole Debian archive have been successfully built for LoongArch.
QEMU support is rather complete and stable such that packages can be built in emulated environments. Hardware can also be requested by Loongson on request for free. Access to real hardware is also provided through the GCC Compile Farm.
Goals
The initial goal should be to add LoongArch to OBS and build a minimal set of packages.
Resources
- Introduction to LoongArch: https://docs.kernel.org/arch/loongarch/introduction.html
- LoongArch community on Github: https://github.com/loongarchlinux
- Debian Ports repository for loong64: http://ftp.ports.debian.org/debian-ports/pool-loong64/main/
- Gentoo stage3 for loong: https://www.gentoo.org/downloads/#loong
Results
- An initial set of packages for openSUSE loongarch64 has been successfully bootstrapped
- An OBS project has been set up to build packages for openSUSE loongarch64 with more than 3000 packages being built already
- A work-in-progress guide on how to bootstrap a new openSUSE port from Debian has been created
- A work-in-progress guide on how to add a new target to the openSUSE toolchain has been created
Acknowledgements
- Thanks to Adrian Schröter and Rüdiger Oertl for the help with setting up the FTP space and OBS project
- Thanks to Dirk Müller for the input on how to get started with a new port
- Thanks to Richard Biener for quickly accepting my submit requests to add loongarch64 support to the toolchain
Switch software-o-o to parse repomd data by hennevogel
Currently software.opensuse.org search is using the OBS binary search for everything, even for packages inside the openSUSE distributions. Let's switch this to use repomd data from download.opensuse.org
Learn about OSB and contribute to `kustomize` and `k9s` packages to add ARM arch by dpock
Description
There are already k9s
and kustomize
packages that exist for openSUSE today. These could be used as the source for these binaries in our rancher projects. By using them we would benefit from CVE fixes included in our distribution of the packages not in cluded upstream. However they are not providing arm package builds which are required.
Goals
- [ ] Update the kustomize package in OBS to use the newest version and send change request
Resources
- k9s: https://build.opensuse.org/package/show/openSUSE:Factory/k9s
- kustomize: https://build.opensuse.org/package/show/openSUSE:Factory/kustomize
- Learning Docs: https://confluence.suse.com/display/packaging/Training%2C+Talks+and+Videos
Automation of ABI compatibility checks by ateixeira
Description
ABI compatibility checks could be further automated by using the OBS API to download built RPMs and using existing tools to analyze ABI compatibility between the libraries contained in those packages. This project aims to explore these possibilities and figure out a way to make ABI checks as painless and fast as possible for package maintainers.
Resources
https://github.com/openSUSE/abi-compliance-checker
https://github.com/lvc/abi-compliance-checker
https://sourceware.org/libabigail/
OIDC Loginproxy by toe
Description
Reverse proxies can be a useful option to separate authentication logic from application logic. SUSE and openSUSE use "loginproxies" as an authentication layer in front of several services.
Currently, loginproxies exist which support LDAP authentication or SAML authentication.
Goals
The goal of this Hack Week project is, to create another loginproxy which supports OpenID Connect authentication which can then act as a drop-in replacement for the existing LDAP or SAML loginproxies.
Testing is intended to focus on the integration with OIDC IDPs from Okta, KanIDM and Authentik.
Resources