EMS is updating our servers (both fedora.im and fedoraproject.org) to
use MAS (Matrix Auth Service). This will allow users to use new
element-x and such.
We need to add these things in order for older clients to still be
able to connect/get to the right place for auth.
These files should be valid json, please check
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
I can't recall why we disabled this at the time, but it's been disabled
for 11 years, so the likelyhood of us needing it now is low.
So, lets just delete it.
See https://pagure.io/fedora-infrastructure/issue/13002 for discussion.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
See https://pagure.io/fedora-infrastructure/issue/12995
We want to be careful adding anything here, but the same reasons we add
chromium are in play here. There's no ppc64le or s390x builds, so it
will just affect aarch64 and x86_64 where we have a lot of hosts in
heavybuilder channel.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The backend uses urlretrieve() to download comps.xml from the frontend
at /coprs/<user>/<project>/chroot/<chroot>/comps/. Since this path is
under /coprs/ which is protected by Anubis, the backend receives the
JavaScript challenge page instead of the actual comps data.
This HTML then gets saved as comps.xml and included in the repository
metadata, causing users to download Anubis challenge HTML instead of
the actual comps.xml.gz file.
We cannot simply use the same Copr path but on Pulp, because the
directory structure is different.
Copr:
@copr/copr-dev/fedora-43-x86_64/09975054-copr-cli/copr-cli-2.4.post1-1.git.12.8aed90c.fc43.src.rpm
Pulp:
@copr/copr-dev/fedora-43-x86_64/Packages/c/copr-cli-2.4.post1-1.git.12.8aed90c.fc43.src.rpm
Anubis was accidentally enabled for all traffic (/) instead of just
the /coprs/ web UI. This caused unnecessary bot challenges for API
clients, dnf/yum, and other automated tools.
Use Anubis BASE_PREFIX to cleanly protect only specific endpoints:
- Frontend: /coprs/ (web UI)
- Dist-git: /{{ cgit_uri }}/ (package browser)
https://anubis.techaro.lol/docs/admin/installation#using-base-prefix
This is mostly adding aarch64 runs of existing tests, but also
we add the new desktop_graphics_validation test on both arches,
and desktop_keyring on KDE which wasn't run before for no good
reason.
All of these were turned on in openQA itself last year. The most
recent is desktop_graphics_validation which was added 2025-11-28.
All the others have been running since at least 2025-11-19. I'll
check for any old, stuck updates which need any of these run
manually.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This tweaks the Forgejo redirect-to-pagure-for-attachments stuff
to work for prod as well as staging, since we proved it out in
staging and we do want it to actually work for prod migrations.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
I hope I got this right. This IP is trying Little Bobby Tables
attacks on openQA and it's making the servers crash.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Moved to openshift in 2022 (see e.g. ab4db44) and was dropped from
the haproxy config in 55056c6, nothing listens on 10022 on the
proxies these days.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
