From fe6dc7f84b6fa7430798c4c79dd1cda704110d6c Mon Sep 17 00:00:00 2001 From: Holger Levsen Date: Thu, 17 Apr 2014 10:21:50 +0200 Subject: allow token as URL parameter from (new IP address of) git.debian.org only --- etc/apache2/sites-available/jenkins.debian.net | 7 ++++--- etc/cron.daily/jenkins | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/etc/apache2/sites-available/jenkins.debian.net b/etc/apache2/sites-available/jenkins.debian.net index a456432d..40ab7c19 100644 --- a/etc/apache2/sites-available/jenkins.debian.net +++ b/etc/apache2/sites-available/jenkins.debian.net @@ -79,10 +79,11 @@ NameVirtualHost *:443 # allow certain params only from alioth (token is used to trigger builds) RewriteEngine on - RewriteCond %{REMOTE_ADDR} !217\.196\.43\.140 - # git.d.o is really vasks.d.o, so just allowing this trigger from any debian host should be fine. Anyone can run curl on alioth anyway + RewriteCond %{REMOTE_ADDR} !5\.153\.231\.21 + # git.d.o is really moszumanska.d.o + # FIXME: REMOTE_HOST surely must work somehow? Anyone can run curl on alioth anyway, so just allowing this trigger from any debian host should be fine, I just couldnt make this work: (so its disabled instead...) + # Until then etc/cron.daily/jenkins checks for changes in the IP address... which is a hack hack hack :) #RewriteCond %{REMOTE_HOST} !.*.debian.org - # FIXME: REMOTE_HOST surely must work somehow? Also see etc/cron.daily/jenkins RewriteCond %{QUERY_STRING} token RewriteRule ^ - [F] diff --git a/etc/cron.daily/jenkins b/etc/cron.daily/jenkins index 8100995e..8dd3a56d 100755 --- a/etc/cron.daily/jenkins +++ b/etc/cron.daily/jenkins @@ -4,6 +4,6 @@ # I couldn't get it to work. so I use REMOTE_ADDR... # see etc/apache2/sites-available/jenkins.debian.net -if [ "$(host git.debian.org)" != "git.debian.org has address 217.196.43.140" ] ; then +if [ "$(host git.debian.org)" != "git.debian.org has address 5.153.231.21" ] ; then echo "IP address of git.debian.org has changed, please update etc/apache2/sites-available/jenkins.debian.net and etc/cron.daily/jenkins" fi -- cgit v1.2.3-54-g00ecf