Mercurial > p > roundup > code
comparison doc/upgrading.txt @ 5304:ae32f082e623
Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 12 Oct 2017 22:31:59 -0400 |
| parents | 6efa6d44c27a |
| children | 762222535a0b |
comparison
equal
deleted
inserted
replaced
| 5303:5017c3422334 | 5304:ae32f082e623 |
|---|---|
| 22 :local: | 22 :local: |
| 23 | 23 |
| 24 Migrating from 1.5.1 to 1.6.0 | 24 Migrating from 1.5.1 to 1.6.0 |
| 25 ============================= | 25 ============================= |
| 26 | 26 |
| 27 Update tracker config file | |
| 28 -------------------------- | |
| 29 | |
| 30 After installing the new version of roundup, you should | |
| 31 update the ``config.ini`` file for your tracker. To do this: | |
| 32 | |
| 33 1. backup your existing ``config.ini`` file | |
| 34 2. using the newly installed code, run:: | |
| 35 | |
| 36 roundup-admin -i /path/to/tracker updateconfig config.ini.new | |
| 37 | |
| 38 to create the file config.ini.new. Replace | |
| 39 ``/path/to/tracker`` with the path to your tracker. | |
| 40 3. replace your tracker's config.ini with config.ini.new | |
| 41 | |
| 42 Using updateconfig keeps all the settings from your | |
| 43 tracker's config.ini file and adds settings for all the new | |
| 44 options. | |
| 45 | |
| 46 If you have added comments to your original config.ini file, | |
| 47 merge the added comments into the config.ini.new file. Then | |
| 48 replace your tracker's config.ini with config.ini.new. | |
| 49 | |
| 50 Read the new config.ini and configure it to enable new | |
| 51 features. Details on using these features can be found in | |
| 52 this section. | |
| 53 | |
| 27 Make sure that user can view labelprop on classes (REQUIRED) | 54 Make sure that user can view labelprop on classes (REQUIRED) |
| 28 ------------------------------------------------------------ | 55 ------------------------------------------------------------ |
| 29 | 56 |
| 30 If you have View permissions that use ```properties=...```, | 57 If you have View permissions that use ```properties=...```, |
| 31 make sure that the labelprop for the class is listed in the | 58 make sure that the labelprop for the class is listed in the |
| 64 | 91 |
| 65 Http header verification against the tracker's ``web`` | 92 Http header verification against the tracker's ``web`` |
| 66 setting in the ``[tracker]`` section of config.ini for the | 93 setting in the ``[tracker]`` section of config.ini for the |
| 67 following headers: | 94 following headers: |
| 68 | 95 |
| 69 # Analyze the ``Referer`` HTTP header to make sure it | 96 1. Analyze the ``Referer`` HTTP header to make sure it |
| 70 includes the web setting. | 97 includes the web setting. |
| 71 # Analyse the ``Origin`` HTTP header to make sure the | 98 2. Analyze the ``Origin`` HTTP header to make sure the |
| 72 schema://host matches the web setting. | 99 schema://host matches the web setting. |
| 73 # Analyze the ``X-Forwarded-Host`` header set by a proxy | 100 3. Analyze the ``X-Forwarded-Host`` header set by a proxy |
| 74 running in front of roundup to make sure it agrees with | 101 running in front of roundup to make sure it agrees with |
| 75 the host part of the web setting. | 102 the host part of the web setting. |
| 76 # Analyze the ``Host`` header to make sure it agrees with | 103 4. Analyze the ``Host`` header to make sure it agrees with |
| 77 the host part of the web setting. This is not done if | 104 the host part of the web setting. This is not done if |
| 78 ``X-Forwarded-Host`` is set. | 105 ``X-Forwarded-Host`` is set. |
| 79 | 106 |
| 80 By default roundup 1.6 does not require any specific header | 107 By default roundup 1.6 does not require any specific header |
| 81 to be present. However at least one of the headers above | 108 to be present. However at least one of the headers above |
| 82 *must* pass validation checks (usually ``Host`` or | 109 *must* pass validation checks (usually ``Host`` or |
| 83 ``Referer``) or the submission is rejected with an error. | 110 ``Referer``) or the submission is rejected with an error. |
| 112 tal:attributes="value python:utils.anti_csrf_nonce(lifetime=10)"> | 139 tal:attributes="value python:utils.anti_csrf_nonce(lifetime=10)"> |
| 113 | 140 |
| 114 sets the lifetime of that nonce to 10 minutes. | 141 sets the lifetime of that nonce to 10 minutes. |
| 115 | 142 |
| 116 If you want to change the default settings, you have to | 143 If you want to change the default settings, you have to |
| 117 update the web section in your tracker's config.ini's. To do | 144 update the web section in your tracker's config.ini file. Follow the |
| 118 this backup your existing config.ini. Run: | 145 section above to generate an updated config.ini file. Then |
| 119 | 146 look for settings that start with csrf. The updated config.ini |
| 120 roundup-admin -i /path/to/tracker genconfig config.ini.new | |
| 121 | |
| 122 to create a new config.ini in the file config.ini.new. Then | |
| 123 merge the new csrf settings into your tracker's config. | |
| 124 Look for settings that start with csrf. The config.ini.new | |
| 125 file includes detailed descriptions of the settings. | 147 file includes detailed descriptions of the settings. |
| 126 | 148 |
| 127 In general one of four values can be set for these | 149 In general one of four values can be set for these |
| 128 settings. The default is ``yes``, which validates the header | 150 settings. The default is ``yes``, which validates the header |
| 129 or nonce and blocks access if the validation fails. If the | 151 or nonce and blocks access if the validation fails. If the |
| 226 | 248 |
| 227 Note: the ``backend_name`` file may be located in a directory other than | 249 Note: the ``backend_name`` file may be located in a directory other than |
| 228 ``db/`` if you have configured the ``database`` option in the ``[main]`` | 250 ``db/`` if you have configured the ``database`` option in the ``[main]`` |
| 229 section of the ``config.ini`` file to be something other than ``db``. | 251 section of the ``config.ini`` file to be something other than ``db``. |
| 230 | 252 |
| 253 Note 2: if you are using the anydbm back end, you still set | |
| 254 it using the backend option in the rdbms section of the | |
| 255 config.ini file. | |
| 256 | |
| 231 New config file option 'indexer' added | 257 New config file option 'indexer' added |
| 232 -------------------------------------- | 258 -------------------------------------- |
| 233 | 259 |
| 234 With support for the Whoosh indexer, a new config file option has been | 260 This release added support for the Whoosh indexer, so a new |
| 261 config file option has been | |
| 235 added. You can force Roundup to use a particular text indexer by | 262 added. You can force Roundup to use a particular text indexer by |
| 236 setting this value in the [main] section of the tracker's | 263 setting this value in the [main] section of the tracker's |
| 237 ``config.ini`` file (usually placed right before indexer_stopwords):: | 264 ``config.ini`` file (usually placed right before indexer_stopwords):: |
| 238 | 265 |
| 239 [main] | 266 [main] |