- 10 Mar, 2022 6 commits
-
-
Joe Maloney authored
These are already set in snapshot for CI
-
Caleb St. John authored
-
Joe Maloney authored
-
Joe Maloney authored
-
Joe Maloney authored
-
Joe Maloney authored
* Caleb thinks current failures might be a race condition. Trying to increase timeout as he suggested to see if it resolves test issue.
-
- 09 Mar, 2022 7 commits
-
-
Andrew authored
This PR converts os.chmod calls to os.fchmod where possible, and writes the pool encryption secrets to a BytesIO object rather than a tempfile (since it's only being consumed by shutil.copyfileobj()).
-
Andrew authored
-
Caleb St. John authored
-
Andrew authored
Since these IDs should never change, add them to the list of known values to avoid unnecessary pwd and grp lookups. Also use fchmod / fchown because we already have an fds for files when we open them.
-
Andrew authored
For historical reasons we had single cacert file with manually concatenated cacerts. Convert LDAP service to use newer general-purpose one. Also use existing fd for fchmod call.
-
Waqar Ahmed authored
-
Waqar Ahmed authored
-
- 08 Mar, 2022 8 commits
-
-
Caleb St. John authored
-
bugclerk authored
-
Upasana Bansal authored
-
Andrew authored
Ensure that temporary keytab files are generated with 0o600 permissions and that directory where they are created has 0o700 permissions. Generally clean up this script as well.
-
Andrew authored
This contains a few improvements to permissions management in etc plugin: - write_if_changed is updated to allow passing an fd rather than only a path name - permissions check and file contents check are now run from same thread. - permissions are set on file before writing. - set default permissions on config files to 0644 unless dev specifies something different.
-
themylogin authored
(cherry picked from commit dc576a81)
-
Andrew authored
This is a more correct way of using dir_fd with the python builtin open() and also ensures that new file created with correct perms.
-
M. Rehan authored
* Add method to retrieve valid disk volumes with paths * Migrate existing disk devices to use correct disk path * Add merge migration * Properly load device attributes in migration * Make sure volume is not locked * Update migration from stable/angelfish * Update merge migration * Cover up usages of disk devices
-
- 07 Mar, 2022 11 commits
-
-
themylogin authored
-
themylogin authored
(cherry picked from commit 5b3bcaf0)
-
themylogin authored
If TrueNAS is installed on a USB stick, Debian changes boot pool vdev to something like `/dev/disk/by-id/usb-JetFlash_Transcend_16GB_XXXXXXXXXXXXX-0:0-part3`. This was not being mapped properly. (cherry picked from commit 95099a0f)
-
themylogin authored
(cherry picked from commit 6ff40656)
-
themylogin authored
(cherry picked from commit 0c851fa8)
-
Waqar Ahmed authored
-
Waqar Ahmed authored
-
Waqar Ahmed authored
-
Waqar Ahmed authored
This commit fixes an issue where we had a race condition between retrieving routing tables and the defined rules.
-
themylogin authored
Sometimes disks are not mapped with their vdev guids. This happens randomly and rarely (usually users are able to resolve this issue just by rebooting the system). I failed to repeat this. Let's have better debugging for the future reports of this issue. I decided to drop those awk scripts that provide "normalized" data, raw zpool output is perfectly readable and it's much reliable to have unprocessed data in the debug.
-
themylogin authored
-
- 04 Mar, 2022 6 commits
-
-
Andrew authored
Apart from having shared context (which is probably of negligable benefit here). This also makes several changes to how webdav config files are generated. We now always ensure that password hashes are owned by webdav user and permissions are 0o600 and use secrets.choice() rather than random.choice() for generating hashes. A subprocess call to change owner has also been replaced with shutil.chown(). Futher investigation may be required in order to determine whether this chown call is actually needed.
-
Andrew authored
Remove support for TLSv1, TLSv1.1 and add support for TLSv1.3 Add webdav.cert_choices method
-
M. Rehan authored
-
Andrew authored
Convert to using the default mpm for webdav. mpm_prefork was crashing on a NULL dereference and is most likely not a great choice for our purposes.. Since this change means that apache server is no longer setuid, ensure that apache is running as webdav rather than www-data so that users don't lose access to files written by webdav.
-
themylogin authored
-
themylogin authored
-
- 03 Mar, 2022 2 commits