Original idea wa to use Docker for this purpose, but it turned out full
featured virtual server will be much better suited for this task due to
the comlexity of the whole environment.

(Redmine issue: #7041)

DEPLOY: Version bumped up to '2.8.105' to build new distribution
containing the fix.

(Redmine issue: #7121)

(Redmine issue: #7121)

(Redmine issue: #7121)

(Redmine issue: #7121)

(Redmine issue: #7121)

(Redmine issue: #7121)

(Redmine issue: #7106)

Enforce correct user and group ownerships and access permissions for
queue work directories. Improved logging in case anything wrong happens
to allow better investigation options.

(Redmine issue: #7121)

...except translations for easier merge.

(Redmine issue: #7106)

(Redmine issue: #3387, #6239)

(Redmine issue: #3387, #6239, #6255, #7501)

Jan Zerdik authored 4 years ago and Rajmund Hruška committed 3 years ago

(Redmine issue: #6239)

(Redmine issue: #7377)

* Pyflakes complained.
* The fixture could be extended and improved, for group_a it does
  include developer as a group's manager while not admin. Also,
  based on previous, group_b might have not been intended to be empty.

* Pyflakes complained, semi-validly.

* The testsuite is empty. There are some testing/documenting
  functions included in the main component (piper.py), invoked
  by its main() function. Those could be extended and moved to
  the test unit.

* Unused variables were detected by pyflakes.
* This provides only rudimentary interfacing validation.

* Pyflakes complained.

* This replaces the previously used rrdtool.graphv() which is
  functionally equivalent, except that it returns metadata which
  were discarded anyways.
* Reference: https://oss.oetiker.ch/rrdtool/doc/rrdtool.en.html

(Redmine issue: #7365)

* The maintenance apache site used bootstrap.min.css downloaded
  from the CDN. This is discouraged according to lintian:
  $ lintian-info -t privacy-breach-uses-embedded-file
* The canonical way to solve this issue is to use the corresponding
  debian package providing the referenced file, which does indeed
  exist: 'libjs-bootstrap'. In hawat, which this maintenance site
  replaces during downtime, corresponding css file is included
  statically, so adding another dependency just for maintenance
  site is an overkill. Both the static hawat version and the version
  in current debian's libjs-bootstrap are from Bootstrap v3.4.1,
  but the maintenance site is based on v4.3.1, so just download
  that and include it statically. The misversioning might be a typo
  and then either reusing the hawat's version or changing both
  to use the debian's packaged one might be a better way.

* Init script link manipulation using update-rc.d was added to postinst
  and postrm (which was added), according to documentation (Debian
  Policy Manual, Section 9.3.3.1. Managing the links):
  https://www.debian.org/doc/debian-policy/ch-opersys.html#managing-the-links
* This also adds package dependency on essential package init-system-helpers
  version >= 1.50.

* Error checking of every command was enabled according to documentation
  (Debian Policy Manual, Section 10.6. Scripts):
  https://www.debian.org/doc/debian-policy/ch-files.html#scripts

* The file ownership and access rights setup was moved from postinst
  to rules to avoid the hardlink attack vulnerability, as described in:
  $ lintian-info -t maintainer-script-should-not-use-recursive-chown-or-chmod

* Solution #1 was chosen as all files should belong to root.

* The description section from control file in .deb was reformatted according
  to documentation (Debian Policy Manual, Section 5.6.13. Description):
  https://www.debian.org/doc/debian-policy/ch-controlfields.html#description

Jan Mach authored 3 years ago and Rajmund Hruška committed 3 years ago

(Redmine issue: #7379)

(Redmine issue: #7379)