Changes

anarcat · 56c90faa
--- a/howto/ldap.md
+++ b/howto/ldap.md
@@ -1755,6 +1755,110 @@ We have 4 patches there, and a handful were merged upstream. The
 remaining patches could probably live as configuration files in
 Puppet, reducing the diff to nil.

+Update, 2023-05-10: some patches were merged, some weren't, and we had
+to roll new ones. We have the following diff now:
+
+```
+ debian/changelog           | 22 ++++++++++++++++++++++
+ debian/compat              |  2 +-
+ debian/control             |  5 ++---
+ debian/rules               |  3 +--
+ debian/ud-replicate.cron.d |  2 +-
+ templates/passwd-changed   |  2 +-
+ templates/welcome-message  | 41 ++++++++++++++++++++++++++++-------------
+ test/test_pass.py          | 10 ++++++++++
+ ud-mailgate                |  5 +++--
+ ud-replicate               | 11 +++++++++--
+ userdir-ldap.conf          |  2 +-
+ userdir_ldap/UDLdap.py     |  5 +++++
+ userdir_ldap/generate.py   | 22 +++++++++++++++++++++-
+ userdir_ldap/ldap.py       |  2 +-
+ 14 files changed, 106 insertions(+), 28 deletions(-)
+```
+
+We now have *five* branches left:
+
+ * `tpo-scrub-0.3.104`:
+   * `43c67a3` fix URL in passwd-changed template to torproject.org
+   * `f9f9a67` Set emailappend to torproject.org
+   * `c77a70b` Use https:// in welcome email
+   * `6966895` Re-apply tpo changes to Debians repo
+ * `mailpassword-generate-0.3.104`:
+   * `6b09f95` distribute mail-passwords in a location dovecot can read
+   * `666c050` expand mail-password file fields
+   * `5032f73` add simple getter to Account
+ * `hashpass-test-0.3.104`, `7ceb72b` add tests for ldap.HashPass
+ * `bookworm-build-0.3.104`:
+   * `25d89bd` fix warning about chown(1) call in bookworm
+   * `9c49a4a` fix Depends to support python3-only installs
+   * `1ece069` bump dh compat to 7
+   * `90ef120` make this build without python2
+ * `ssh-sk-0.3.104`, `a722f6f` Add support for security key generated ssh public keys (sk- prefix)
+
+The rebase was done with the following steps.
+
+First we laid down a tag because upstream didn't:
+
+```
+git tag 0.3.104 81d0512e87952d75a249b277e122932382b86ff8
+```
+
+Then we created new branches for each old branch and rebased it on
+that release:
+
+```
+git checkout -b genpass-fix-0.3.104 origin/genpass-fix-0.3.104-pre-dd7f9a3
+git rebase 0.3.104
+git branch -m hashpass-test-0.3.104
+
+git checkout -b procmail-0.3.104 procmail-0.3.104-pre-dd7f9a3 
+git rebase 0.3.104 
+git branch -d procmail-0.3.104
+
+git checkout -b mailpassword-generate-0.3.104 origin/mailpassword-generate-0.3.104-pre-dd7f9a3
+git rebase 0.3.104 
+
+git checkout -b tpo-scrub-0.3.104 origin/tpo-scrub-0.3.104-pre-dd7f9a3 
+git rebase 0.3.104 
+
+git checkout master 
+git merge hashpass-test-0.3.104
+git merge mailpassword-generate-0.3.104
+git merge tpo-scrub-0.3.104
+
+git checkout -b bookworm-build-0.3.104 0.3.104 
+git merge bookworm-build-0.3.104
+```
+
+Verifications of the resulting diffs were made with:
+
+```
+git diff master dsa
+git diff master origin/master
+```
+
+Then the package was built and tested on `forum-test-01`, `chives`,
+`perdulce` and `alberti`:
+
+```
+dpkg-buildpackage
+```
+
+And finally uploaded to db.tpo and git:
+
+```
+git push origin -u hashpass-test-0.3.104
+git push origin -u mailpassword-generate-0.3.104
+git push origin -u bookworm-build-0.3.104 0.3.104 
+git push origin -u tpo-scrub-0.3.104 
+git push
+```
+
+Eventually, we merged with upstream's master branch to be able to use
+micah's patch (in
+https://gitlab.torproject.org/tpo/tpa/team/-/issues/41166), so we
+added an extra branch in there.
+
 ## Monitoring and testing

 Nagios checks the `/var/lib/misc/thishost/last_update.trace` timestamp