Git log: commit b9521c134c13339cbfa229e5c3bc5a67afd09c3e
Merge: fc68de140 af03b1a05
Author: Raphaƫl Hertzog <hertzog@debian.org>
Date: Fri Jun 12 14:18:49 2026 +0000
docs: update work request scheduling explanation (MR !3141)
this updates the work request scheduling documentation to describe the current tag-based scheduling approach instead of focusing on `task.can_run_on()`.
It also adds a reference to the worker configuration HOWTO and updates the architecture-specific scheduling section to explain architecture tags and worker metadata configuration
Closes #1497
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3141
commit af03b1a05b0c532b71cc0170d368a008fb121a23
Author: Ayush Sharma <ayushhardeniya.grid@gmail.com>
Date: Fri Jun 12 19:48:49 2026 +0530
docs: update work request scheduling explanation
Replace outdated references to `task.can_run_on()` with the current
scheduler tag matching model. Document architecture-specific scheduling
using `worker:build-arch:*` tags and clarify that work requests are
ordered by priority, using age as a tie-breaker
commit fc68de140882351d69f9d50dd39bf4863c736e61
Merge: 09490c61b af7e3e9b2
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jun 11 14:58:39 2026 +0000
UploadFileView: Delete FileUploads before returning shortcut 201 (MR !3136)
This can happen if a client retried an upload following a load balancer
timeout (see #1448), in which case concurrent transactions might have
created a `FileUpload` and marked the `FileInArtifact` as complete.
There's no need to keep the `FileUpload` row in this case.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3136
commit 09490c61b9dbf31d7a9b49a3d1087fddbe05ebbc
Merge: b3270fd7e eab347b16
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jun 11 14:08:25 2026 +0000
vacuum_storage: Delete redundant FileUploads (MR !3135)
Following client fixes for #1448, we sometimes see leftover `FileUpload`
rows for a complete `FileInArtifact`. These are useless and can safely
be deleted.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3135
commit af7e3e9b22aac33ff6c958dae35853eb73f16c7b
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jun 11 14:56:37 2026 +0100
UploadFileView: Delete FileUploads before returning shortcut 201
This can happen if a client retried an upload following a load balancer
timeout (see #1448), in which case concurrent transactions might have
created a `FileUpload` and marked the `FileInArtifact` as complete.
There's no need to keep the `FileUpload` row in this case.
commit eab347b1639641dd0c4177da80aec5845ead87dc
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jun 11 13:46:35 2026 +0100
vacuum_storage: Delete redundant FileUploads
Following client fixes for #1448, we sometimes see leftover `FileUpload`
rows for a complete `FileInArtifact`. These are useless and can safely
be deleted.
commit b3270fd7ee0a1380d5b70fd02834211931784f32
Merge: 85297db92 82cc83d87
Author: Stefano Rivera <stefanor@debian.org>
Date: Thu Jun 11 02:00:45 2026 +0000
Increase the number of chunk upload attempts (MR !3133)
We observe a number of system image chunks failing to upload repeatedly.
Part of: #1448
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3133
commit 82cc83d87bdabc0df37bdd76e3abc985ab1ddd49
Author: Stefano Rivera <stefano@freexian.com>
Date: Wed Jun 10 19:51:18 2026 -0400
NEWS
commit 93d0ce90e33551dc476fe093bbd8e7278756776a
Author: Stefano Rivera <stefano@freexian.com>
Date: Wed Jun 10 19:50:21 2026 -0400
Use mmap context managers, where possible
commit ca23a24c6ba5409b53d7daca0f2d582dbaa35567
Author: Stefano Rivera <stefano@freexian.com>
Date: Wed Jun 10 19:26:59 2026 -0400
File uploader: Retry 500-series errors
commit 09eed79abaf9374d99c3fe3c38192a119c6f65d8
Author: Stefano Rivera <stefano@freexian.com>
Date: Wed Jun 10 19:18:52 2026 -0400
Increase the number of chunk upload attempts
We observe a number of system image chunks failing to upload repeatedly.
commit 85297db926189f9b3b215d8f35a5155a66c324ca
Merge: d1de66915 1485b8546
Author: Stefano Rivera <stefanor@debian.org>
Date: Wed Jun 10 14:09:00 2026 +0000
Record CVEs in release-history (MR !3132)
We got a pair of CVEs assigned. Record them for posterity.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3132
commit 1485b8546dd7bca683986f231f53ec6bd7ceeae2
Author: Stefano Rivera <stefano@freexian.com>
Date: Wed Jun 10 08:37:30 2026 -0400
Add CVE (and issue) links for recently filed CVEs
commit d1de66915794907c9ee80249e83a37eae47e7f44
Merge: 1d1abde86 52470e029
Author: Stefano Rivera <stefanor@debian.org>
Date: Wed Jun 10 12:31:11 2026 +0000
Handle 0-sized partial artifact file uploads gracefully (MR !3129)
This is the server side of the issue. The client was confused and sent an empty POST by mistake.
Fixes: #1448
Closes #1448
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3129
commit 1d1abde86f7fb4bd94d7147259b0b6054f6e1fde
Merge: ab3b07112 1bcdd99e2
Author: Colin Watson <cjwatson@debian.org>
Date: Wed Jun 10 00:05:47 2026 +0000
Rewind file when retrying a file upload chunk (MR !3130)
Part of #1448.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3130
commit 1bcdd99e2b36b95f871655ffa83a25c3943b108c
Author: Colin Watson <cjwatson@debian.org>
Date: Wed Jun 10 00:29:49 2026 +0100
Rewind file when retrying a file upload chunk
Part of #1448.
commit 52470e029a19ff2728d4518327cbc3a293d8d30a
Author: Stefano Rivera <stefano@freexian.com>
Date: Tue Jun 9 18:54:32 2026 -0400
Full reproducer for the issue observed in #1448
commit 645a8c77c074126aa3a27496c03786ec5228faf0
Author: Stefano Rivera <stefano@freexian.com>
Date: Tue Jun 9 18:06:17 2026 -0400
Handle 0-sized partial artifact file uploads gracefully
commit 7bf7c2515d4539eb8c7f81a07c4a0157f207dd29
Author: Colin Watson <cjwatson@debian.org>
Date: Tue Jun 9 23:58:35 2026 +0100
Move Content-Range header preparation to _upload_chunk
commit c233288372149cf9f9d95757aca06597081e55fa
Author: Colin Watson <cjwatson@debian.org>
Date: Tue Jun 9 23:54:53 2026 +0100
Simplify and improve client chunked upload tests
commit ab3b071126306563b58bbf26f41a47dd56ccd88e
Merge: 5b4ef8ba6 7e542bef2
Author: Stefano Rivera <stefanor@debian.org>
Date: Tue Jun 9 16:06:27 2026 +0000
Revive completed parent workflows when retrying sub-workflows (MR !3120)
Otherwise we'll lockup our scheduler, repeatedly trying to schedule a task that we cannot.
Continuation of !3038
Fixes: #1496
Closes #1496
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3120
commit 7e542bef2b5d0d3a4a64d9a820334a09fb04d3f7
Author: Stefano Rivera <stefano@freexian.com>
Date: Sat Jun 6 19:17:49 2026 -0400
Revive completed parent workflows when retrying sub-workflows
Otherwise we'll lockup our scheduler, trying to schedule a task that
cannot complete.
Continuation of !3038
Fixes: #1496
commit 5b4ef8ba65428161c1c512e82dadd9540a0c80ee
Merge: c02067ec4 306b26a41
Author: Colin Watson <cjwatson@debian.org>
Date: Tue Jun 9 11:04:39 2026 +0000
Add external user tokens (MR !3121)
This is a new token type that has a username but does not correspond to
a Debusine user. As a result, it has no inherent permissions beyond
what any anonymous user could do, and it must have explicit grants
associated with it in order to do anything special. No such grants are
implemented yet; those will come in a future merge request.
These will be useful for private repository access tokens (#1392), where
they will amount to username/password pairs (with the password being a
randomly-generated 64-character hexadecimal string, as usual for token
keys) that can be granted the `VIEWER` role on individual private
repositories.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3121
commit 306b26a41402e6887bafa85cda05c73672ea8ecf
Author: Colin Watson <cjwatson@debian.org>
Date: Sun Jun 7 20:03:47 2026 +0100
Add external user tokens
This is a new token type that has a username but does not correspond to
a Debusine user. As a result, it has no inherent permissions beyond
what any anonymous user could do, and it must have explicit grants
associated with it in order to do anything special. No such grants are
implemented yet; those will come in a future merge request.
These will be useful for private repository access tokens (#1392), where
they will amount to username/password pairs (with the password being a
randomly-generated 64-character hexadecimal string, as usual for token
keys) that can be granted the `VIEWER` role on individual private
repositories.
commit c02067ec447f5997520abc2c98b560a67a7a2ee5
Merge: 2b6b0bac2 0497fa5bf
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Jun 8 23:27:01 2026 +0000
doc: Set html_baseurl (MR !3122)
This adds a `<link rel="canonical" ... />` tag to each page, which
should help search engines understand which version is preferred.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3122
commit 2b6b0bac2904f1c47c8b6baa902f343e06e5f8c1
Merge: 734dce2e5 a5b79c4a0
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Jun 8 13:20:54 2026 +0000
Document how to run integration tests locally (MR !3118)
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3118
commit 734dce2e5734673458f85ab23c30f27b6559d83a
Merge: 5bb807ed9 a10945265
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Jun 8 13:02:54 2026 +0000
Set gunicorn and Celery defaults to keep memory leaks under control (MR !3117)
Fixes: #1493
Closes #1493
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3117
commit 0497fa5bf353f6825b4d9a186e200fd2477bb459
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Jun 8 12:15:05 2026 +0100
doc: Set html_baseurl
This adds a `<link rel="canonical" ... />` tag to each page, which
should help search engines understand which version is preferred.
commit 5bb807ed9451a35bae5d85c71d9e48fef2cffb42
Merge: 7d432b06c 0890112c0
Author: Colin Watson <cjwatson@debian.org>
Date: Sun Jun 7 22:22:45 2026 +0000
artifacts: add debian:debug-symbols category and DebianDebugSymbols model (MR !3088)
Related to #957, @cjwatson
As discussed, this adds the `debian:debug-symbols` artifact category and the `DebianDebugSymbols` Pydantic model to `debusine/artifacts/models.py`, along with tests covering the 5 cases from the blueprint (valid input, wrong length, uppercase, non-hex, duplicates).
Kept `FileInArtifact.path` as bare build-IDs as you suggested and left out `file_paths` and DWZ support for now as they're out of scope for the initial implementation.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3088
commit 7d432b06c8cba7bc3c10fa265ebaba99fef1d16e
Merge: cdd4ad4de 08f37f934
Author: Colin Watson <cjwatson@debian.org>
Date: Sun Jun 7 21:30:08 2026 +0000
clarify debuginfod extraction runs on worker, not in sbuild unshare (MR !3119)
Clarify in the debuginfod blueprint that .debug extraction runs on the worker during artifact upload, not inside the sbuild unshare environment. The Requirements section previously said extraction must run "inside the isolated sbuild worker", which contradicted the Implementation plan that describes it as a helper called from \_upload_binary_packages() / upload_artifact() after the build finishes. Rewords the Requirements bullet and the closing paragraph of the extraction section to match the implementation plan. Docs only; no code changes.
Closes: #1476
Closes #1476
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3119
commit 08f37f9344d69a25368df16edd759be29ac58830
Author: Jugal Patel <ui22cs59@iiitsurat.ac.in>
Date: Sat Jun 6 16:54:37 2026 +0000
clarify debuginfod extraction runs on worker, not in sbuild unshare
commit 0890112c057463f74351f9f4e2b3b01404dfa4a3
Author: Jugal Patel <ui22cs59@iiitsurat.ac.in>
Date: Wed May 27 05:27:34 2026 +0000
artifacts: add debian:debug-symbols category and DebianDebugSymbols model
commit cdd4ad4de6c5f284e3629c876a040bbfbec203e3
Merge: d4ad634fd e01e960a9
Author: Colin Watson <cjwatson@debian.org>
Date: Fri Jun 5 16:52:19 2026 +0000
Add roles for collections (MR !3116)
For private repository access tokens (#1392), we'll want the concept of
collections with different visibility rules from their containing
workspace, so that tokens can be granted access to some collections in a
private workspace but not others. Introduce collection roles to support
this.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3116
commit a5b79c4a0674799fba0bdbfcbd53d02d0c9891f7
Author: Colin Watson <cjwatson@debian.org>
Date: Fri Jun 5 11:36:22 2026 +0100
Document how to run integration tests locally
commit a10945265c863bd664ec291455e51d602af4d776
Author: Colin Watson <cjwatson@debian.org>
Date: Fri Jun 5 11:08:12 2026 +0100
Set gunicorn and Celery defaults to keep memory leaks under control
Fixes: #1493
commit d4ad634fd6949ac772fa0599df4ac8b7903fc653
Merge: 03d30ca06 a47ad3153
Author: Colin Watson <cjwatson@debian.org>
Date: Fri Jun 5 09:57:47 2026 +0000
Add a custom input field for CopyCollectionItems (MR !3102)
This is needed in order to implement a `move` parameter for #1113,
because for that the task needs to have access to richer lookup
information so that it knows which collection the input artifacts were
found in.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3102
commit e01e960a9937a82b3ae15a0c996775e0dd6b3105
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jun 4 20:21:06 2026 +0100
Add roles for collections
For private repository access tokens (#1392), we'll want the concept of
collections with different visibility rules from their containing
workspace, so that tokens can be granted access to some collections in a
private workspace but not others. Introduce collection roles to support
this.
commit 03d30ca065b41df7d0f5a8d1e3e92a42c98a810f
Merge: 544a0f907 91f0d970d
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jun 4 15:20:38 2026 +0000
web: reject worker tokens from web views (MR !3115)
Workers are generally expected to use the API rather than the web UI.
the known exception is `DownloadPathView`, which workers use to
download artifacts.
Add an `allow_worker_tokens` flag to `BaseUIView`, defaulting to
`False`, and enable it for `DownloadPathView`.
also add a test covering the default rejection of worker tokens in web
views
fixes: #1410
Closes #1410
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3115
commit 91f0d970d359fc18fed6ebcb102c7edfbe7b0691
Author: Ayush Sharma <ayushhardeniya.grid@gmail.com>
Date: Thu Jun 4 11:46:31 2026 +0000
web: reject worker tokens from web views
Workers are generally expected to use the API rather than the web UI.
the known exception is `DownloadPathView`, which workers use to
download artifacts.
Add an `allow_worker_tokens` flag to `BaseUIView`, defaulting to
`False`, and enable it for `DownloadPathView`.
also add a test covering the default rejection of worker tokens in web
views
fixes: #1410
commit 544a0f9077a68f2d486e0baeb19451e00e54d279
Merge: 7b5dc77b1 76375b272
Author: Carles Pina i Estany <carles@pina.cat>
Date: Thu Jun 4 05:30:16 2026 +0000
debusine client "collection show {name}@{category}": show the Web URL (MR !3112)
related #1434
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3112
commit 7b5dc77b17c8bbc1a5920d01bb86f6567b9b3090
Merge: fd0a9a1f1 b312cb7ee
Author: Colin Watson <cjwatson@debian.org>
Date: Wed Jun 3 15:06:59 2026 +0000
Convert PermissionContext to a frozen dataclass (MR !3113)
This removes quite a bit of boilerplate.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3113
commit b312cb7ee3dbdb8d63fe5e22acf92ee99210dcbd
Author: Colin Watson <cjwatson@debian.org>
Date: Wed Jun 3 15:30:03 2026 +0100
Convert PermissionContext to a frozen dataclass
This removes quite a bit of boilerplate.
commit 76375b27219248da0c9e1e3dd9b809436daef2e6
Author: Carles Pina i Estany <carles@pina.cat>
Date: Wed Jun 3 13:24:13 2026 +0100
debusine client "collection show {name}@{category}": show the Web URL
related #1434
commit fd0a9a1f143754db4ad1c838235a65e08c500525
Merge: 9ff238b32 9b950906a
Author: Carles Pina i Estany <carles@pina.cat>
Date: Wed Jun 3 09:47:46 2026 +0000
CollectionRelationSetView.put: return error if destination collection is not found or accessible (MR !3107)
CollectionRelationSetView.put: return error if destination collection does not exist or is not accessible
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3107
commit 9ff238b32c22f3d1846f69b3b30e2c34a7085bb0
Merge: 1b40596d0 da984c2cc
Author: Colin Watson <cjwatson@debian.org>
Date: Wed Jun 3 07:44:40 2026 +0000
Improve archive view tests (MR !3109)
These tests are now a bit more concise and test private workspace handling more systematically, in preparation for #1392.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3109
commit da984c2cc8d1f4efbc5fef242053470460d0723e
Author: Colin Watson <cjwatson@debian.org>
Date: Tue Jun 2 19:01:16 2026 +0100
Run more private workspace tests for archive views
Move these up to a test base class so that we can easily run them for
each of the archive views.
commit b8c903b12877e95c8ec057b2bebe3bf3edc26183
Author: Colin Watson <cjwatson@debian.org>
Date: Tue Jun 2 19:00:50 2026 +0100
Refactor archive view tests to use setUpTestData more
Test coverage is equivalent, but this makes some individual tests less
repetitive. It also distinguishes more systematically between "example
path that is expected to exist" and "example path that is expected not
to exist".
commit 98f2d2ea140e5a7cd89a47cd2fde298695d8faa5
Author: Colin Watson <cjwatson@debian.org>
Date: Tue Jun 2 18:54:37 2026 +0100
Fix test isolation problem with URLconf switching
Running a test that makes a request to a URL handled by
`debusine.web.archives` (which has its own URLconf) followed by a test
that calls `reverse()` on a URL pattern in the default URLconf resulted
in the second test failing, unless an intervening test made a request to
a URL in the default URLconf.
This isn't a problem in production, because Django resets the URLconf at
the start and end of each request, but tests didn't necessarily go
through the code path that would normally reset it at the end of a
request. Reset the URLconf in `BaseDjangoTestCase.tearDown` to
compensate for this.
commit 9b950906a5db43ecdf242045fd15f6ae88d090be
Author: Carles Pina i Estany <carles@pina.cat>
Date: Mon Jun 1 15:23:14 2026 +0100
CollectionRelationSetView.put: return error if destination collection does not exist or is not accessible
commit a47ad31535915786164d998ea0482f109abc48f7
Author: Colin Watson <cjwatson@debian.org>
Date: Sun May 31 13:30:22 2026 +0100
Add a custom input field for CopyCollectionItems
This is needed in order to implement a `move` parameter for #1113,
because for that the task needs to have access to richer lookup
information so that it knows which collection the input artifacts were
found in.
