updating www.gnucash.org
Josh Sled
jsled at asynchronous.org
Fri Apr 7 19:20:37 EDT 2006
On Fri, 2006-04-07 at 12:09 -0500, Linas Vepstas wrote:
> Remind me again what needs to be done; i.e. the addr of the svn
> repository and how to pull from it.
$ svn checkout http://svn.gnucash.org/repo/htdocs/trunk [local-dir-name]
$ svn update
Thought it may be that we acutally want to put the
synced-with-the-website sources on a branch, so that trunk can be for
development commits, and one needs to be somewhat explicit to "publish"
content. Maybe http://svn.gnucash.org/repo/htdocs/branches/published ?
> My plan was:
> -- pull down svn once by hand, make sure its OK.
> -- Copy it into place.
> -- set up a cron job to pull nightly
> -- set up some sort of "port knocker" that would initiate
> a pull on demand. Do you ave any preferences/suggestions
> for how to do this?
That sounds right to me. The actual "port-knocker" is a function of
what you're comfortable with:
1/ Simple, but slightly sketchy security-wise:
(from svn.gnucash.org, on commit:)
$ nc www.gnucash.org «magic portnumber»
(server-side):
[from [x]inetd, on connection to «magic portnumber»:]
$ cd ${web_root_dir}; svn update
2/ Like the above, but with a sequence of ports involved... would
require some script listening to all the port, making sure they come in
the right sequence.
3/ svn.gnucash.org emails a gpg-signed token to www.gnucash.org on
commit, www.gnucash.org has a procmail recipe that verifies the
signature and invokes `cd ${web_server_root}; svn update`.
I think (1) -- or maybe (1) with a secret value checked for as well (to
prevent being triggered by port-scans) -- is actually pretty reasonable,
without the (modest) complexities of (2) or (3). Of course, we'd (need
to) take care to not check any secret/magic values into SVN, but that's
not too hard.
--
...jsled
http://asynchronous.org/ - `a=jsled; b=asynchronous.org; echo ${a}@${b}`
More information about the gnucash-devel
mailing list