Mercurial Repository: p/roundup/code: doc/upgrading.txt comparison

comparison doc/upgrading.txt @ 7341:7321c0e6c53e

Add priority markers to heading back to 1.5.0->1.6.0 upgrade Also fixed a few prior to that.

author	John Rouillard <rouilj@ieee.org>
date	Sun, 14 May 2023 11:28:03 -0400
parents	e21c7fe0b57a
children	955a4efe9cbc

comparison

equal deleted inserted replaced

-:7b9bddda9d2d
+:7321c0e6c53e
 .. index:: Upgrading; 2.0.0 to 2.1.0
 Migrating from 2.0.0 to 2.1.0
 =============================
-Rdbms version change from 5 to 6 (**)
+Rdbms version change from 5 to 6 (required)
--------------------------------------
+-------------------------------------------
 To fix an issue with importing databases, the database has to be
 upgraded for rdbms backends.
 You should run the ``roundup-admin migrate`` command for your
 database level. If you had a database that was at version 4 and
 then upgraded to version 5 you have the uniqueness enforcing
 constraint. Running migrate updates to schema version 6 and installs
 the unique index constraint if it is missing.
-Setuptools is now required to install
+Setuptools is now required to install (info)
--------------------------------------
+--------------------------------------------
 Roundup install now uses setuptools rather than distutils. You must
 install setuptools.  Use the version packgaged by your OS vendor.  If
 your OS vendor doesn't supply setuptools use ``pip install
 setuptools``. (You may need pip3 rather than pip if using python3.)
-Define Authentication Header
+Define Authentication Header (optional)
-----------------------------
+---------------------------------------
 The web server in front of roundup (apache, nginx) can perform user
 authentication. It can pass the authenticated username to the backend
 in a variable. By default roundup looks for the ``REMOTE_USER``
 variable. This can be changed by setting the parameter
 At the time this is written, support is experimental. If you use it
 you should notify the roundup maintainers using the roundup-users
 at lists.sourceforge.net mailing list.
-Classname Format Enforced
+Classname Format Enforced (info)
--------------------------
+--------------------------------
 Check schema.py and look at all Class(), IssueClass(), FileClass()
 calls. The second argument is the classname. All classnames must:
 * start with an alphabetic character
 * not end with a digit
 this was not enforced before. Using non-standard classnames could lead
 to other issues.
-jQuery updated with updates to user.help.html
+jQuery updated with updates to user.help.html (recommended)
----------------------------------------------
+-----------------------------------------------------------
 The devel and responsive templates shipped with an old version of
 jQuery with some security issues. It has been updated to the current
 version: 3.5.1. If your tracker is based on one of these templates
 (see the ``TEMPLATE-INFO.txt`` file in your tracker), remove the old
 ``html`` directory. Also copy in the new ``user.help.html`` file. It now
 references the new ``jquery-3.5.1.js`` file and also fixes a bug that
 prevented applying the change from the helper to the field on the main
 form.
-Roundup-admin security stops on incorrect properties
+Roundup-admin security stops on incorrect properties (info)
-----------------------------------------------------
+-----------------------------------------------------------
 The ``roundup-admin ... security`` command used to continue
 running through the rest of the security roles after reporting a
 property error. Now it stops after reporting the incorrect property.
 If run non-interactively, it exits with status 1. It can now be
 used in a startup script to detect permission errors.
-Futureproof devel and responsive timezone selection extension
+Futureproof devel and responsive timezone selection extension (recommended)
--------------------------------------------------------------
+---------------------------------------------------------------------------
 The devel and responsive (derived from devel) templates use a select
 control to list all available timezones when pytz is used. It
 sanitizes the data using cgi.escape. Cgi.escape is deprecated and
 removed in newer pythons. Change your ``extensions/timezone.py``
 =============================
 .. index:: roundup-admin; updateconfig subcommand
-Python 2 MYSQL users MUST READ
+Python 2 MYSQL users MUST READ (required)
-------------------------------
+-----------------------------------------
 To fix issues with encoding of data and text searching, roundup now
 explicitly sets the database connection character set. Roundup prior
 to 2.0 used the default character set which was not always utf-8. All
 roundup data is manipulated in utf-8. This mismatch causes issues with
 roundup-users AT lists.sourceforge.net mailing list.
 As people report successful or unsuccessful conversions, we will update
 the errata page at: https://wiki.roundup-tracker.org/ReleaseErrata.
-Upgrade tracker's config.ini file
+Upgrade tracker's config.ini file (recommended)
----------------------------------
+-----------------------------------------------
 Once you have installed the new roundup, use::
 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
 merge any local comments from the tracker's ``config.ini`` into
 ``newconfig.ini``. Compare the old and new files and configure any new
 settings as you want. Then replace ``config.ini`` with the
 ``newconfig.ini`` file.
-Python 3 support
+.. _Python 3 support:
-----------------
+Python 3 support (info)
+-----------------------
 Many of the ``.html`` and ``.py`` files from Roundup that are copied
 into tracker directories have changed for Python 3 support.  If you
 wish to move an existing tracker to Python 3, you need to merge in
 those changes. Also you need to make sure that locally created python
 roundup-admin -i ... updateconfig newconfig.ini`` if you want to go
 back to using python 2. (Note going back to Python 2 will require
 the same steps as moving from 2 to 3 except using Python 3 to perform
 the export.)
-Rate Limit New User Registration
+Rate Limit New User Registration (info)
---------------------------------
+---------------------------------------
 The new user registration form can be abused by bots to allow
 automated registration for spamming. This can be limited by using the
 new ``config.ini`` ``[web]`` option called
 ``registration_delay``. The default is 4 and is the number of seconds
 (see: https://hg.python.org/tracker/python-dev/rev/83477f735132), you
 can back the code out of the tracker. You must change the name of the
 field in the html template to ``opaqueregistration`` from ``opaque``
 in order to use the core code.
-PGP mail processing
+PGP mail processing (required)
--------------------
+------------------------------
 Roundup now uses the ``gpg`` module instead of ``pyme`` to process PGP
 mail.  If you have PGP processing enabled, make sure the ``gpg``
 module is installed.
-MySQL client module
+MySQL client module (recommended)
--------------------
+---------------------------------
 Although the ``MySQLdb`` module from
 https://pypi.org/project/MySQL-python/ is still supported, it is
 recommended to switch to the updated module from
 https://pypi.org/project/mysqlclient/.
-XMLRPC Access Role
+XMLRPC Access Role (info/required)
-------------------
+----------------------------------
 A new permission has been added to control access to the XMLRPC
 endpoint. If the user doesn't have the new "Xmlrpc Access" permission,
 they will not be able to log in using the /xmlrpc end point.  To add
 this new permission to the "User" role you should change your
 db.security.addPermissionToRole('User', 'Xmlrpc Access')
 This is usually included near where other permissions like "Web Access"
 or "Email Access" are assigned.
-New values for db.tx_Source
+New values for db.tx_Source (info)
----------------------------
+----------------------------------
 The database attribute tx_Source reports "xmlrpc" and "rest" when the
 /xmlrpc and /rest web endpoints are used. Check all code (extensions,
 detectors, lib) in trackers looking for tx_Source. If you have code
 like::
 or::
 if db.tx_Source in ['web', 'rest', 'xmlrpc', 'email-sig-openpgp', 'cli' ]:
-CSV export changes
+CSV export changes (info)
-------------------
+-------------------------
 The original Roundup CSV export function for indexes reported id
 numbers for links. The wiki had a version that resolved the id's to
 names, so it would report ``open`` rather than ``2`` or
 ``user2;user3`` rather than ``[2,3]``.
 be added for missing parameters.
 This turns exported values that may look like formulas into strings so
 some versions of Excel won't try to interpret them as a formula.
-Update userauditor.py to restrict usernames
+Update userauditor.py to restrict usernames (recommended)
--------------------------------------------
+---------------------------------------------------------
 A username can be created with embedded commas and < and >
 characters. Even though the < and > are usually escaped when
 displayed, the embedded comma makes it difficult to edit lists of
 users as they are comma separated.
 copy the userauditor.py from the classic template into your tracker's
 detectors directory. Otherwise merge the changes from the template
 userauditor.py. https://issues.roundup-tracker.org/issue2550921 may be
 helpful.
-Consider reindexing if you use European languages
+Consider reindexing if you use European languages (recommended)
--------------------------------------------------
+---------------------------------------------------------------
 A couple of bugs dealing with incorrect indexing of European languages
 (Russian and German were reported) have been fixed. Note reindexing
 all your data may take a long time. See:
 https://issues.roundup-tracker.org/issue1195739 and
 SATA drive. Using native indexing with sqlite took about 45
 minutes. Using whoosh took about 2 hours. Using xapian took about 6
 hours. All examples were with Python 2. Anecdotal evidence shows
 Python 3 is faster, but YMMV.
-Merge improvements in statusauditor.py
+Merge improvements in statusauditor.py (optional)
---------------------------------------
+-------------------------------------------------
 By default the detector statusauditor.py will change the status from
 "unread" to "chatting" when a second message is added to an issue.
 The distributed classic and jinja templates implement this feature in
 their copies of ``detectors/statusauditor.py``.
 DETECTOR::STATUSAUDITOR_CHATTING_REQUIRES_TWO_USERS: 'T'
 Allowed values: yes, no
 to fix this set the value to ``yes`` (True) or ``no`` (False).
-Responsive template changes
+Responsive template changes (optional)
----------------------------
+--------------------------------------
 There have been some changes to the responsive template. You can
 diff/merge these changes into your responsive template based tracker.
-Jinja template changes
+Jinja template changes (required)
-----------------------
+---------------------------------
 Auto escaping has been enabled in the jinja template engine, this
 means it is no longer necessary to manually escape dynamic strings
 with ``|e``, but strings that should not be escaped need to be marked
 with ``|safe`` (e.g. ``{{ context.history()|u|safe }}``). Also, the i18n
 Read the new config.ini and configure it to enable new
 features. Details on using these features can be found in
 this section.
-Make sure that user can view labelprop on classes (REQUIRED)
+Make sure that user can view labelprop on classes (required)
 ------------------------------------------------------------
 If you have View permissions that use ```properties=...```,
 make sure that the labelprop for the class is listed in the
 properties list.
 content.
 See: https://sourceforge.net/p/roundup/mailman/message/35763294/
 for the initial discussion of the issue.
-Cross Site Request Forgery Detection Added
+Cross Site Request Forgery Detection Added (recommended)
-------------------------------------------
+--------------------------------------------------------
 Roundup 1.6. supports a number of defenses against CSRF.
 Http header verification against the tracker's ``web``
 setting in the ``[tracker]`` section of config.ini for the
 security issue required a directory with a specific unusual name. This
 made it difficult to exploit. However allowing the use of
 subdirectories to organize the templates required that it be fixed.
-Database back end specified in config.ini (REQUIRED)
+Database back end specified in config.ini (required)
 ----------------------------------------------------
 The ``db/backend_name`` file is no longer used to configure the database
 backend being used for a tracker. The backend is now configured in the
 ``config.ini`` file using the ``backend`` option located in the ``[rdbms]``
 # address. It must be a valid RFC2822 address or people will not be
 # able to reply.
 # Default:
 replyto_address =
-Login from a search or after logout works better (REQUIRED)
+Login from a search or after logout works better (required)
 -----------------------------------------------------------
 The login form has been improved to work with some back end code
 changes. Now when a user logs in they stay on the same page where they
 started the login. To make this work, you must change the tal that is

Mercurial > p > roundup > code

comparison doc/upgrading.txt @ 7341:7321c0e6c53e