This is needed for the ist.mit.edu realm, where the same email address could be
used for all three of Zulip, Jabber, and Zephyr. To disambiguate Jabber mirror
dummy users from Zephyr mirror dummy users with the same email address (but
which would be in a different realm), we force all email addresses in the
ist.mit.edu realm to have local parts that end in "+ist".
(imported from commit 5ebad2cc8f6c7286b4b9426d57ed75578703fb86)
It doesn't actually seem to be necessary to adjust the SSL version in current
versions of Openfire.
(imported from commit 6766d9fd5081cf16f2a5e3e2b008f20e7498caa4)
We also take the opportunity to use the sleekxmpp JID parsing more instead of
doing string manipulation.
(imported from commit 6e4ba0bd2c241666fcde42333ff68b879d8ab2b7)
Previously, we were using U+1B80, which is 'SUNDANESE SIGN PANYECEK' (i.e., an
assigned character). U+1FFFE is a non-character (i.e., free for internal use)
on Plane 1.
(imported from commit f93d2401733afb96b6d717a7f659c011299071df)
For personal mirrors, this means that the mirror should join all Jabber rooms
corresponding to their Zulip subscriptions. For the public mirror, this means
that the mirror should join all Jabber rooms corresponding to Zulip streams that
end in "/xmpp".
(imported from commit 16ed9e3deee7e02b2ae0dd79925f0ed5c4acd044)
This tool is a little crude; it runs out of a cron job and will
forward to staging a notice about any new lines in the declared log
files, truncating if there are more than 10 lines.
(imported from commit 6748ddff1def0907b061dc278a3a848bd2e933f1)
We still need it in integrations, because those don't require Python
2.7, but we don't need it in any of our code that runs on internal
servers.
(imported from commit 3c340567f1a372dcb4206c6af9a6e5e18005b1b8)
These are from a list that Camilla Fox sent me of all
non-world-readable Zephyr classes currently configured.
(imported from commit 6246a981402b47056b28cd14be688e15224aacd1)
Steps needed:
- puppet apply on staging/prod when deployed to respective sites
- puppet apply on bots.z.n when deployed to prod
- copy /var/tmp/.feedback-bot-ticket-number from bots to staging
(imported from commit 2c943dac8d871809b0997a4484f508ec5b078bcd)
Have the Feedback Bot provide the sender's full name.
Put the email in the message to help searching.
Generate a ticket number to make it easier to refer to the message from
elsewhere.
(imported from commit 4d789135a0097bade50b4d980f49ca596d85b73b)
This may require just doing an mv on the home directory, plus changing
the home directory in /etc/passwd. It should of course be done carefully.
(imported from commit 660997d897ee6d33563af74f0fc5d4267a911755)
We were having problems where we were suspiciously processing notices
at a rate of 1 notice per 15s, which suggests that we the select was
timing out even though there were notices to be fetched immediately.
We fix this by clearing the queue each time our select loop ends.
(imported from commit 7e7bfbb2126d1f4170d65d1483a0b799dcab80b9)
This should enabled us, in the future, to enable support for mail
zephyrs without requiring users to re-auth.
(imported from commit 2665743212da567fe85742d30cca42b902e41a0d)
We were intending to just be directing the logger logs, not logging
every message for potentially resending.
(imported from commit 9dd53e3968880745a8c01244db5d2c2247dfe85c)
This shows up when you're not running a Zephyr mirroring bot and lets
you use Webathena to have us run it. Obviously needs more docs.
Current problems include:
* supervisorctl reload ends up recreating /var/run/supervisor.sock
with the wrong permissions, so it only works once in a row before
you need to chmod that.
* /etc/supervisor/conf.d needs to be humbug-writeable; this is a clear
local root vulnerability
* This uses SSH and thus is kinda slow.
(imported from commit 7029979615ffd50b10f126ce2cf9a85a5eefd7a2)
The davidben-patched-for-roost Zephyr branch (available at
https://github.com/davidben/zephyr/tree/roost) adds Zephyr support for
these options. We also patch python-zephyr to expose them. These
basically let you save your Zephyr tickets and port number to a file,
so that you can later restore them (even potentially after the machine
rebooted). Basically because Zephyr is UDP, the Zephyr server will
continue trying to deliver messages to a particular port number that
was registered for up to 20 minutes after getting an error; so we can
even have downtime and reboot and still get our packets so long as we
restore the sessions within 20 minutes.
(imported from commit 986cbb157ddfa57aa4b644cd826f8418e9876dc7)
Previously it only provided the list of all public streams; now it
allows one to specify any union of some of the following:
* all public streams
* all streams the user subscribed to
(the most relevant being the union of those two, which is what we want
for the "streams" page).
Or:
* all streams in realm (superuser only)
The manual task required is that when this is pushed to prod, we need
to also deploy the new sync-public-streams version to zmirror.
(imported from commit 27848b8bd136e2777f399b7d05b2fdcec35e4e21)
Our .crypt-table parsing code isn't quite correct, in that we don't
handle either the "zcrypt default" or "zcrypt by class/instance" pair
options (for sending messages in either direction) -- you have to be
zcrypting for an entire class. I think this makes sense given that on
the Zulip end we can only enforce anything on a stream level.
(imported from commit a7901b1dc025a04a23ee71ecdd499e3f150ba614)