Tuleap 12.x

Tuleap 12.3

Note

Tuleap 12.3 is currently under development.

End of support of CentOS/RHEL 6

CentOS/RHEL 6 is no more supported (security fix included). Tuleap packages for this version are not available anymore. Instances must be migrated to CentOS/RHEL 7.

Tuleap 12.2

MOTD becomes Platform banner

When you had to display a message to all users, you were used to edit file /etc/tuleap/site-content/en_US/others/motd.txt. Now you have to use the Web interface instead (former files are not taken into account anymore, you can delete them). This will bring a more integrated experience than the old way. See story #14670 for more details.

Subversion Core active deprecation

The migration from Subversion Core (legacy Subversion service) to SVN plugin intensify with banner display to encourage the switch to plugin. Subversion administrator can initiate the migration on there own with the web UI. System administrator still have access to the CLI tool /usr/share/tuleap/src/utils/php-launcher.sh /usr/share/tuleap/plugins/svn/bin/migrate_to_plugin.php

The migration is done “In Place” that is to say that data won’t be touched and URLs remains the same. Settings are migrated (iso-functional) but the new hooks are deployed. Theoretically nothing should change for end user (except email format).

The documentation of Subversion Core has been removed. The Subversion Core features that have no equivalent in plugin are disabled (SVN Widgets, SVN Query & My SVN Commits). Data remains, in case of big trouble there is a (temporary) way back (contact the dev team).

In case of trouble the migration can be reverted with administrative actions:

First, on database side:

DELETE FROM plugin_svn_repositories WHERE project_id = PROJECT_ID and is_core = 1;

Then, in the repository on file system (/var/lib/tuleap/svnroot/PROJECT_NAME/hooks) as root:

/bin/rm -f post-commit post-revprop-change pre-commit pre-revprop-change
tuleap queue-system-check
tuleap process-system-events default

If you have to revert, please contact the dev team to explain the issue

Tuleap 12.1

Mandatory changes for Subversion (core and plugin)

This is the continuation of the work initiated in Tuleap 12.0: accounts connected to an OpenID Connect provider must use SVN Tokens to access SVN repositories.

In order to enforce this change, it is necessary to allow the DB user used to handle SVN authentications more access to the database. These changes are mandatory even if your Tuleap instance does not use the OpenID Connect plugin. You must run the following commands on your database with a privileged user:

GRANT CREATE,SELECT ON plugin_ldap_user TO dbauthuser;
GRANT CREATE,SELECT ON plugin_openidconnectclient_user_mapping TO dbauthuser;
REVOKE CREATE ON plugin_ldap_user FROM dbauthuser;
REVOKE CREATE ON plugin_openidconnectclient_user_mapping FROM dbauthuser;
FLUSH PRIVILEGES;

Tuleap 12.0

LDAP and Active directory configuration

We have added a new optional configuration variable in /etc/tuleap/plugins/ldap/etc/ldap.inc:

$sys_ldap_server_common_name: This value is used in Tuleap screens to refer to the server like Enter your $sys_ldap_server_common_name credentials. It defines how people refer to the Active Directory server, most of the time it’s “Active Directory” but it can be “LDAP” or “Enterprise Directory”. When it is not defined, its default value will be “LDAP”.

CVS modifications

We made a lot of changes for CVS in the packaging and in the backend of this service. If you are still using it, after upgrading to 12.0, you have to run the following commands:

find /cvsroot/*/CVSROOT -name "loginfo" -exec sed -i "s#ALL /usr/lib/tuleap/bin/log_accum#ALL sudo -u codendiadm -E /usr/lib/tuleap/bin/log_accum#" {} \;
find /cvsroot/*/CVSROOT -name "loginfo" -exec sed -r -i "s#ALL \(/usr/lib/tuleap/bin/log_accum (.*)\)#ALL sudo -u codendiadm -E /usr/lib/tuleap/bin/log_accum \1#" {} \;
tuleap queue-system-check

The queue system check command will recreate the CVS locks. These CVS repositories will be usable once the system check is done.

OpenID Connect

Attention

Existing accounts that already connected to an OpenID Connect provider will no longer be allowed to authenticate with their local Tuleap credentials.

This impacts users for:

  • Web login (they should use OpenID Connect instead)

  • REST API access (they should use Access Keys.)

  • Git over https access (they should use Access Keys.)

  • Subversion access (they should use SVN Tokens.)

Access to SOAP API is no longer possible for users that switch to OpenID Connect.