[gimp-web] devel-docs: written mirror procedure update.
- From: Jehan <jehanp src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gimp-web] devel-docs: written mirror procedure update.
- Date: Tue, 5 Oct 2021 22:40:59 +0000 (UTC)
commit f27ec7e0f49767f2b1f300c04b5a9cd7af8f8a56
Author: Jehan <jehan girinstud io>
Date: Wed Oct 6 00:40:34 2021 +0200
devel-docs: written mirror procedure update.
devel-docs/mirror-howto.md | 44 +++++++++++++++++++++++++-------------------
1 file changed, 25 insertions(+), 19 deletions(-)
---
diff --git a/devel-docs/mirror-howto.md b/devel-docs/mirror-howto.md
index 27278a4d..20a7e637 100644
--- a/devel-docs/mirror-howto.md
+++ b/devel-docs/mirror-howto.md
@@ -10,14 +10,15 @@ rules](https://gitlab.gnome.org/Infrastructure/puppet/-/blob/0df77787596314f41de
which will redirect `download.gimp.org/mirror/*` URLs to the same file
at a random mirror from the list.
-The list of mirrors in rotation is found at: /etc/httpd/download.gimp.org.map
+The list of mirrors in rotation is found at: `/etc/httpd/download.gimp.org.map`
Each file from this list should have associated rsync credentials
(though some may not have any yet, if they were created from older
-process time):
+process time; when this is the case, the mirror administrators should be
+contacted for proper re-configuration of their servers):
-* rsync credentials are set in: /etc/rsyncd/secrets
-* the login part of the credential must also be copied in: /etc/rsyncd.conf
+* rsync credentials are set in: `/etc/rsyncd/secrets`
+* the login part of the credential must also be copied in: `/etc/rsyncd.conf`
The login must be in both files, otherwise syncing will not work.
@@ -50,7 +51,7 @@ instance @Jehan can take care of part of the actions:
* if the mirror and claimed organization are different domain names,
verify they are the really linked (through `whois` or other means)
2. Verify that the `https` URL has no major issue (our redirect happens
- in https)
+ in https-only so a working https URL is mandatory)
3. If 1. and 2. are fine, generate an user and a password (e.g. with
`pwgen`) and add them to `/etc/rsyncd/secrets` in
`download.gimp.org`. This is done by directly editing the file.
@@ -62,11 +63,13 @@ instance @Jehan can take care of part of the actions:
by creating a Merge Request to
[Infrastructure/puppet](https://gitlab.gnome.org/Infrastructure/puppet)
(not editing it directly on the server, unlike 3.).
-5. Then once the MR is merged, send an email to the mirror admin (email
- given in their report) asking them for their public GPG key.
-6. When they return their key, send the rsync credentials, encrypted with
- this key, by email, and ask them to notify when the mirror is
- properly set-up and synced. Wait for their answer.
+5. Then once the MR is merged, ask the mirror admin for their public GPG
+ key.
+6. When they return their key, send the rsync credentials, encrypted
+ with this key, then signed by yours (which should be on a public key
+ server for non-tampering verification) by email, and ask them to
+ notify when the mirror is properly set-up and synced. Wait for their
+ answer.
7. Once they notify you that the sync is complete, land the mirror on
the map file by editing `/etc/httpd/download.gimp.org.map` directly
on the server.
@@ -81,9 +84,9 @@ instance @Jehan can take care of part of the actions:
10. The script will update `tools/downloads/downloads.http.txt`
automatically and should tell you that
`content/downloads/mirrors.json` has to be updated too. Do so by
- giving the public name of the mirror organization, link, location and
- other data. In "more", also add the report link.
- If other data needs to be updated, do so as well (for instance if
+ writing the public name of the mirror organization, link, location
+ and other data. In "more", also add the report link for reference.
+ If other data need to be updated, do so as well (for instance if
other mirrors changed).
11. Run again:
@@ -92,14 +95,15 @@ instance @Jehan can take care of part of the actions:
```
This time, it should tell you everything is fine.
12. Verify all mirrors (especially new ones) are well synced at least
- for the last release:
- ```sh
- tools/downloads/gimp-check-mirrors.py
- ```
+ for the last release:
+
+ ```sh
+ tools/downloads/gimp-check-mirrors.py
+ ```
13. Commit all the changes and push them to `gimp-web`'s `testing`
- branch.
+ branch.
14. After a short time, make sure that testing's [sponsor
page](https://testing.gimp.org/donating/sponsors.html)
- is properly updated.
+ is properly updated.
Of course, the public website will be updated when you merge `testing`
into `master` branch which does not have to happen immediately.
@@ -129,6 +133,8 @@ If you want to check a specific file, add it (or them) to the command
line. If you set `--verify-checksum` option, then it will also check
data integrity.
+This check is also run automatically and regularly by Gitlab CI.
+
## Future
Some work is being done to move to a MirrorBits infrastructure which
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]