X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=roundup%2Fconfiguration.py;h=6b9d05a7a2d8a0174c6df089b7b6c45629c49c67;hb=9976de4f1761b47dc459f10c4b28c311de84e103;hp=8d03f7bb3e299752864a3c37e96f57ee99287130;hpb=001f35a6bde645b5cbd67a43fabf1976aa2025f0;p=roundup.git diff --git a/roundup/configuration.py b/roundup/configuration.py index 8d03f7b..6b9d05a 100644 --- a/roundup/configuration.py +++ b/roundup/configuration.py @@ -530,6 +530,29 @@ SETTINGS = ( "stop-words (eg. A,AND,ARE,AS,AT,BE,BUT,BY, ...)"), (OctalNumberOption, "umask", "02", "Defines the file creation mode mask."), + (IntegerNumberOption, 'csv_field_size', '131072', + "Maximum size of a csv-field during import. Roundups export\n" + "format is a csv (comma separated values) variant. The csv\n" + "reader has a limit on the size of individual fields\n" + "starting with python 2.5. Set this to a higher value if you\n" + "get the error 'Error: field larger than field limit' during\n" + "import."), + (IntegerNumberOption, 'password_pbkdf2_default_rounds', '10000', + "Sets the default number of rounds used when encoding passwords\n" + "using the PBKDF2 scheme. Set this to a higher value on faster\n" + "systems which want more security.\n" + "PBKDF2 (Password-Based Key Derivation Function) is a\n" + "password hashing mechanism that derives hash from the\n" + "password and a random salt. For authentication this process\n" + "is repeated with the same salt as in the stored hash.\n" + "If both hashes match, the authentication succeeds.\n" + "PBKDF2 supports a variable 'rounds' parameter which varies\n" + "the time-cost of calculating the hash - doubling the number\n" + "of rounds doubles the cpu time required to calculate it. The\n" + "purpose of this is to periodically adjust the rounds as CPUs\n" + "become faster. The currently enforced minimum number of\n" + "rounds is 1000.\n" + "See: http://en.wikipedia.org/wiki/PBKDF2 and RFC2898"), )), ("tracker", ( (Option, "name", "Roundup issue tracker", @@ -551,6 +574,11 @@ SETTINGS = ( "or LANG, in that order of preference."), )), ("web", ( + (BooleanOption, "allow_html_file", "no", + "Setting this option enables Roundup to serve uploaded HTML\n" + "file content *as HTML*. This is a potential security risk\n" + "and is therefore disabled by default. Set to 'yes' if you\n" + "trust *all* users uploading content to your tracker."), (BooleanOption, 'http_auth', "yes", "Whether to use HTTP Basic Authentication, if present.\n" "Roundup will use either the REMOTE_USER or HTTP_AUTHORIZATION\n" @@ -567,6 +595,10 @@ SETTINGS = ( "Setting this option makes Roundup display error tracebacks\n" "in the user's browser rather than emailing them to the\n" "tracker admin."), + (BooleanOption, "migrate_passwords", "yes", + "Setting this option makes Roundup migrate passwords with\n" + "an insecure password-scheme to a more secure scheme\n" + "when the user logs in via the web-interface."), )), ("rdbms", ( (Option, 'name', 'roundup', @@ -592,8 +624,30 @@ SETTINGS = ( (NullableOption, 'read_default_group', 'roundup', "Name of the group to use in the MySQL defaults file (.my.cnf).\n" "Only used in MySQL connections."), + (IntegerNumberOption, 'sqlite_timeout', '30', + "Number of seconds to wait when the SQLite database is locked\n" + "Default: use a 30 second timeout (extraordinarily generous)\n" + "Only used in SQLite connections."), (IntegerNumberOption, 'cache_size', '100', "Size of the node cache (in elements)"), + (BooleanOption, "allow_create", "yes", + "Setting this option to 'no' protects the database against table creations."), + (BooleanOption, "allow_alter", "yes", + "Setting this option to 'no' protects the database against table alterations."), + (BooleanOption, "allow_drop", "yes", + "Setting this option to 'no' protects the database against table drops."), + (NullableOption, 'template', '', + "Name of the PostgreSQL template for database creation.\n" + "For database creation the template used has to match\n" + "the character encoding used (UTF8), there are different\n" + "PostgreSQL installations using different templates with\n" + "different encodings. If you get an error:\n" + " new encoding (UTF8) is incompatible with the encoding of\n" + " the template database (SQL_ASCII)\n" + " HINT: Use the same encoding as in the template database,\n" + " or use template0 as template.\n" + "then set this option to the template name given in the\n" + "error message."), ), "Settings in this section are used" " by RDBMS backends only" ), @@ -713,6 +767,10 @@ SETTINGS = ( "will match an issue for the interval after the issue's\n" "creation or last activity. The interval is a standard\n" "Roundup interval."), + (BooleanOption, "subject_updates_title", "yes", + "Update issue title if incoming subject of email is different.\n" + "Setting this to \"no\" will ignore the title part of" + " the subject\nof incoming email messages.\n"), (RegExpOption, "refwd_re", "(\s*\W?\s*(fw|fwd|re|aw|sv|ang)\W)+", "Regular expression matching a single reply or forward\n" "prefix prepended by the mailer. This is explicitly\n" @@ -728,6 +786,10 @@ SETTINGS = ( "Regular expression matching end of line."), (RegExpOption, "blankline_re", r"[\r\n]+\s*[\r\n]+", "Regular expression matching a blank line."), + (BooleanOption, "unpack_rfc822", "no", + "Unpack attached messages (encoded as message/rfc822 in MIME)\n" + "as multiple parts attached as files to the issue, if not\n" + "set we handle message/rfc822 attachments as a single file."), (BooleanOption, "ignore_alternatives", "no", "When parsing incoming mails, roundup uses the first\n" "text/plain part it finds. If this part is inside a\n" @@ -737,14 +799,36 @@ SETTINGS = ( ), "Roundup Mail Gateway options"), ("pgp", ( (BooleanOption, "enable", "no", - "Enable PGP processing. Requires pyme."), + "Enable PGP processing. Requires pyme. If you're planning\n" + "to send encrypted PGP mail to the tracker, you should also\n" + "enable the encrypt-option below, otherwise mail received\n" + "encrypted might be sent unencrypted to another user."), (NullableOption, "roles", "", "If specified, a comma-separated list of roles to perform\n" "PGP processing on. If not specified, it happens for all\n" - "users."), + "users. Note that received PGP messages (signed and/or\n" + "encrypted) will be processed with PGP even if the user\n" + "doesn't have one of the PGP roles, you can use this to make\n" + "PGP processing completely optional by defining a role here\n" + "and not assigning any users to that role."), (NullableOption, "homedir", "", "Location of PGP directory. Defaults to $HOME/.gnupg if\n" "not specified."), + (BooleanOption, "encrypt", "no", + "Enable PGP encryption. All outgoing mails are encrypted.\n" + "This requires that keys for all users (with one of the gpg\n" + "roles above or all users if empty) are available. Note that\n" + "it makes sense to educate users to also send mails encrypted\n" + "to the tracker, to enforce this, set 'require_incoming'\n" + "option below (but see the note)."), + (Option, "require_incoming", "signed", + "Require that pgp messages received by roundup are either\n" + "'signed', 'encrypted' or 'both'. If encryption is required\n" + "we do not return the message (in clear) to the user but just\n" + "send an informational message that the message was rejected.\n" + "Note that this still presents known-plaintext to an attacker\n" + "when the users sends the mail a second time with encryption\n" + "turned on."), ), "OpenPGP mail processing options"), ("nosy", ( (RunDetectorOption, "messages_to_author", "no", @@ -1237,6 +1321,14 @@ class CoreConfig(Config): if home_dir is None: self.init_logging() + def copy(self): + new = CoreConfig() + new.sections = list(self.sections) + new.section_descriptions = dict(self.section_descriptions) + new.section_options = dict(self.section_options) + new.options = dict(self.options) + return new + def _get_unset_options(self): need_set = Config._get_unset_options(self) # remove MAIL_PASSWORD if MAIL_USER is empty @@ -1266,8 +1358,8 @@ class CoreConfig(Config): return _file = self["LOGGING_FILENAME"] - # set file & level on the root logger - logger = logging.getLogger() + # set file & level on the roundup logger + logger = logging.getLogger('roundup') if _file: hdlr = logging.FileHandler(_file) else: @@ -1276,6 +1368,9 @@ class CoreConfig(Config): '%(asctime)s %(levelname)s %(message)s') hdlr.setFormatter(formatter) # no logging API to remove all existing handlers!?! + for h in logger.handlers: + h.close() + logger.removeHandler(hdlr) logger.handlers = [hdlr] logger.setLevel(logging._levelNames[self["LOGGING_LEVEL"] or "ERROR"])