Replace archive admin shell access with API clients
The Ubuntu archive administration team has always required direct privileged shell access to the ftpmaster system in order to perform many of its routine tasks. This is a security problem, it prevents us from opening some tasks up to those who are not Canonical employees, and it makes it hard for us to improve our own tools. Improve the Launchpad API to handle all our requirements and write suitable API clients.
We will know we have succeeded when archive admins no longer require shell access to do their jobs.
(Postponed items carried over to https:/
Blueprint information
- Status:
- Complete
- Approver:
- Steve Langasek
- Priority:
- High
- Drafter:
- Colin Watson
- Direction:
- Approved
- Assignee:
- Colin Watson
- Definition:
- Approved
- Series goal:
- Accepted for quantal
- Implementation:
- Implemented
- Milestone target:
- ubuntu-12.10
- Started by
- Colin Watson
- Completed by
- Colin Watson
Related branches
Related bugs
Whiteboard
== lp_publish ==
WBNI publisher took reliably <30mins
* run a few things outside the lock?
* possibly get rid of ls-lR?
== lp_buildd ==
buildd-mass-retry: should be movable to API
add-missing-builds: needs API
(This is not a user-visible feature, and has no associated release notes.)
Work Items
Work items:
Migrate from sync-source to syncpackage: DONE
Write auto-sync client: DONE
Migrate from backport-source to backportpackage: DONE
Write up webops procedures for upload queue inspection/
Convert sru-release to Archive.
Write an API client to replace lp-remove-package: DONE
Export queue operations over the API: DONE
Write an API client to replace queue: DONE
Fix LP and/or client so that unembargo client can use Archive.copyPackage (http://
Move sync blacklist to ~ubuntu-archive branch in LP: DONE
Move new-source into new auto-sync client: DONE
Move override helpers into new queue client: DONE
Convert copy-report to Archive.
Obsolete publish-queue in favour of new PackageUpload-based queuebot: DONE
Export enough API to permit writing a populate-archive client: POSTPONED
Write an API client to replace populate-archive: POSTPONED
Fix NewReleaseCycle
Fix stale files piling up in /srv/launchpad.
Look into different copyPackage ACLs for ubuntu-security and ubuntu-archive, so that it doesn't require separate approval: DONE
Write tool to do manual actions arising from copy-report: DONE
Dependency tree
* Blueprints in grey have been implemented.