path: root/
AgeCommit message (Collapse)AuthorFilesLines
2020-02-03Introduce planet functionality in archwebJelle van der Waa1-0/+4
This change introduces a replacment for which uses a python 2 project to generate static html from multiple RSS feed sources. For archweb a set of 'static' feeds can be created in the django admin view for the Arch forums and other static feeds, archweb users can add their own blog rss feed in their profile which will create a Feed model. When running the update_planet command, all Feed models are iterated over and the rss feed is parsed. The latest FeedItem is queried matching the current Feed model and every newer entry in the RSS feed is added as new FeedItem. Since the body is also stored in the FeedItem there is a limit to the amount of FeedItems per Feed configured in of which the default is 25. When a user is marked as inactive his Feed model and items are removed automatically to avoid keeping stale data around. Closes: #261
2019-10-25news: Change the news app to use the EmailMessage class to be able to ↵Giancarlo Razzolini1-0/+3
include the mailman password Due to spamming to arch-announce mail list, we now use a poster password to make sure only authorized emails are allowed through to the list.
2019-09-19Add django-extensions to the default installationGiancarlo Razzolini1-0/+1
Django extensions comes with a lot of goodies, including shell_plus. As a default, included ptpython for default shell, but this can be overridden by installing another shell (bpython, ipython) and setting the SHELL_PLUS variable on
2019-03-26retro: remove retro moduleJelle van der Waa1-1/+0
The retro pages have been moved to a seperate git repository with static content.
2019-03-17settings: Add CSP FORM_ACTION headerJelle van der Waa1-0/+1
Add the content security policy for <form> posts to only allow posts to the origin form which it's served. This disallows posting forms to a third party if a browser supports this directive.
2019-02-24Add base-uri and frame-ancestors to CSPrelease_2019-02-24Jelle van der Waa1-0/+2
The archweb website contains no <base> elements so this can be disallowed. Also set frame-ancestors is set to the same value as X-Frame-Options. Signed-off-by: Jelle van der Waa <>
2019-02-18Implement CSP for archwebJelle van der Waa1-0/+8
Add django-csp as dependency to be able to set CSP inside django's settings and allow setting a CSP_NONCE for inline <script>'s in templates. Since archweb heavily uses this pattern it's the best compromise.
2019-02-09Use sks-keyservers instead of mitFelix Yan1-1/+1
The MIT keyserver is very unstable and slow during the past years. I would suggest to use a better alternative.
2019-02-05settings: harden CRSF cookie'sJelle van der Waa1-0/+4
Harden the CSRF cookie's by allowing them HTTP ONLY and marking them as secure. Closes: #173
2019-01-28Set two more security headersrelease_2019-02-04Jelle van der Waa1-0/+7
Enable X-Content-Type-Options to prevent a browser from sniffing the MIME type if the content type is not set. Enable cross site filter protection supported by most browsers.
2019-01-21Remove false positives in tests due to Django bugFrank Vanderham1-1/+1
By reordering INSTALLED_APPS, a large amount of false positives that were generated during automated tests are avoided. This is the stated (and otherwise harmless) work-around as per the Django bug:
2018-11-17settings: Update MIDDLEWARE_CLASSES to MIDDLEWAREJelle van der Waa1-3/+3
MIDDLEWARE_CLASSES is deprecated in Django 1.10.
2018-07-22Implement cleaning up older log entries in mirrorcheckJelle van der Waa1-0/+3
MirrorLog entries are not cleaned up by default and will clog the database. The django settings now defines a retention period in days for how long to keep mirror logs, on every mirrorcheck run older logs will be removed from the database.
2018-04-08settings: Update to Django 1.8+Jelle van der Waa1-1/+1
Built-in template context processors were moved from django.core.context_processors to django.template.context_processors in Django 1.8.
2018-02-18Misc fixes (#84)jelle van der Waa1-1/+0
* Update coveragerc to exclude newly located tests There are now tests under main/tests/* etc, which should be omitted for coverage. * omit settings from coverage settings and local_settings aren't interesting for coverage, omit them. * remove leftover secure context processor The secure context processor was used to determine if the cdn served assets should be loaded over https or http. Since assets are no longer served with a cdn and the whole site is loaded over https these days, this code is dead and can be removed. * packages: Add test for flagging packages out of date Add simple test cases for flagging packages out of date, should later be improved to query the Package model for packages and use that data instead of hardcoding.
2018-02-17Remove unused Iso Model (#82)jelle van der Waa1-3/+0
The ISO model was used for the releng feedback form which was removed earlier. All this code is therefore now unused. handle flake8 warningsJelle van der Waa1-22/+22
Remove double #'s everywhere, remove spaces between [], place : directly after the string and correctly indent the TEMPLATES declaration
2017-05-22Allow templates to be debugged locallyJelle van der Waa1-19/+19
template debugging was never enabled, since TEMPLATES where defined before the local_settings where imported. So move the TEMPLATES definition under the local_settings import.
2017-05-22settings: use one import for importing pathJelle van der Waa1-5/+4
2017-05-02Remove the last piece of django-jinja existanceJelle van der Waa1-11/+0
2017-05-02Remove deprecated TEMPLATE_DEBUGJelle van der Waa1-1/+1
2017-05-02Dump debug loader for nowJelle van der Waa1-8/+1
2017-05-02Cleanup remove old TEMPLATE_ stuffJelle van der Waa1-38/+10
2017-05-02Update to django 1.8Jelle van der Waa1-15/+50
Update django, djang-jinja version. Use TEMPLATES = [] to configure the django templates etc. since the old way will be obsolete.
2017-05-01settings: pass when local_settings can't be importedJelle van der Waa1-1/+14
Continue when local_settings can't be imported for an easier test setup. Signed-off-by: Jelle van der Waa <>
2016-06-03Add information and ipxe images for the new netboot systemThomas Bächler1-3/+0
2015-12-31Allow linking to the PGP server over HTTPSEvangelos Foutras1-0/+1
Signed-off-by: Evangelos Foutras <>
2015-12-31settings: Fix settingJohannes Löthberg1-1/+1
Links should not use the port 11371. Signed-off-by: Johannes Löthberg <> Signed-off-by: Evangelos Foutras <>
2015-04-02Update to latest django-countriesDan McGee1-1/+7
Signed-off-by: Dan McGee <>
2015-01-19Update to latest django-countriesDan McGee1-6/+0
Signed-off-by: Dan McGee <>
2014-11-02Mirror view tweaks and enhancementsDan McGee1-0/+5
* Add country column to main mirror list overview page. Most mirrors are strictly in one country, so do a little magic to show the right country if it makes sense. * Use new way of getting country names so we respect the overrides now present in the django_countries package. * Make the country selection box on the mirrorlist generation page a lot taller by default so it is easier to use. Signed-off-by: Dan McGee <>
2014-10-18Enable Jinja2 template bytecode cachingDan McGee1-0/+1
Signed-off-by: Dan McGee <>
2014-10-18Install and wire up django-jinjaDan McGee1-2/+6
Signed-off-by: Dan McGee <>
2014-10-18Disable eggs template loaderDan McGee1-1/+0
2014-09-01Remove dependency on SouthDan McGee1-1/+0
Signed-off-by: Dan McGee <>
2014-09-01Silence warning with 1.7 by using new test runnerDan McGee1-0/+3
Signed-off-by: Dan McGee <>
2013-02-08Minify static files when running collectstaticDan McGee1-1/+1
This doesn't do any super optimizations, but does run the very basic cssmin and jsmin Python tools over the static resources we serve up. Signed-off-by: Dan McGee <>
2013-01-28Extract torrent trackers into a settings variableDan McGee1-0/+6
This allows them to be overridden and changed in a central location, like we do with the SVN URL, PXE boot URL, etc. Signed-off-by: Dan McGee <>
2013-01-21Switch to using the cached STATICFILES_STORAGE backendDan McGee1-0/+3
This should finally let us crank up the Expires: header to far-future values in production since updates to JS and CSS files will take effect immediately. Some minor removals were made from retro stylesheets as they were referencing files that don't actually exist because they were missing from the web archive. Signed-off-by: Dan McGee <>
2013-01-20Remove AlwaysCommitMiddlewareDan McGee1-1/+0
Let's just go with the Django database option for PostreSQL autocommit mode instead. Signed-off-by: Dan McGee <>
2013-01-15Add new AlwaysCommitMiddleware to the stackDan McGee1-0/+1
The reason for this is documented in the middleware itself. Without this, pgbouncer is of little use to us since it has to throw away every connection we try to route through it because of unclean disconnects. In theory, with the switch to using pgbouncer for all WSGI originating connections and adding this middleware, we should see a notable decrease in connection time to the database. Signed-off-by: Dan McGee <>
2013-01-13Disable XView MiddlewareDan McGee1-1/+0
This is the default now in Django anyway: Signed-off-by: Dan McGee <>
2012-12-30Remove several context processors we don't useDan McGee1-3/+0
We're not using any of the injected values these context processors provide in our templates, so remove them from our default config. Signed-off-by: Dan McGee <>
2012-12-30Enable clickjacking protection via middlewareDan McGee1-0/+4
See for details. This middleware was added to the default configuration in Django 1.4. Signed-off-by: Dan McGee <>
2012-10-26Remove usages of 'django.contrib.markup'Dan McGee1-1/+0
Switch to the news model being able to spit out the HTML version of the content, and don't use the markup contrib module. This is deprecated as of Django 1.5 so we can move off it now to save trouble down the road when it is fully removed. Signed-off-by: Dan McGee <>
2012-08-13Enable rate-limiting log filterDan McGee1-0/+26
Signed-off-by: Dan McGee <>
2012-07-28Convert releng URLs to https by defaultDan McGee1-2/+2
Signed-off-by: Dan McGee <>
2012-04-27Remove misleading comment from settings.pyDan McGee1-2/+0
We're not using cache middleware anymore, and this bug is fixed anyway. Signed-off-by: Dan McGee <>
2012-04-25Add django_countries country code fields and population migrationsDan McGee1-0/+1
This adds these columns and attempts to populate them with data from our existing country column data. Signed-off-by: Dan McGee <>
2012-04-20UserProfile model and fields shuffleDan McGee1-1/+1
Move this model into the devel/ application, and move the PGPKeyField which is used only by these models into the application as well. This involves updating some old migrations along the way to ensure we don't reference a field class that no longer exists. Signed-off-by: Dan McGee <>