summaryrefslogtreecommitdiff
path: root/README
blob: d43a130f03afe191bea69527f7272c26bb7eb37d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
README for Qvisqve
=============================================================================

This is an authorisation server and identity provider. Specifically,
it implements the OAuth2 client credentials grant. Originally
developed to help development of Qvarn (<http://qvarn.org>). Later on,
we hope to develop this into an OpenID Connect provider with support
for authenticating end users.


Configuration for testing
-----------------------------------------------------------------------------

The `debug.yaml` file contains a sample configuration file for Qvisqve
for debugging and light testing. Use it with the `start_qvisqve`
script.

The config defines one API client, client id `test-client`, with a
client secret of "hunter2".


Requirements
-----------------------------------------------------------------------------

The target environment is currently Debian stretch with
stretch-backports enabled. The software might work elsewhere,
especially later versions of Debian.

You'll want to have Python 3.5 or later.


Running Qvisqve for debugging
-----------------------------------------------------------------------------

At the root of the source tree, run the following:

    ./start_qvisqve debug.yaml

This starts Qvisqve using the Bottle.py built-in debug HTTP server,
instead of gunicorn. This makes it easier to debug the server. If
you'd like to run it with gunicorn instead, add the following line to
`debug.yaml`:

    gunicorn: yes

Then run this:

    ./start_qvisqve debug.yaml

This runs the server with gunicorn. Note that that means it is run in
the background. You will need to kill the process manually.


Running Qvisqve for production
-----------------------------------------------------------------------------

Install Qvisqve and then run:

    start_qvirqve /etc/qvisqve/qvisqve.yaml

This runs Qvisqve using gunicorn. Better, install the `qvisqve.service`
systemd unit and start Qvisqve with that.


Git merging workflow for development
-----------------------------------------------------------------------------

All development will happen on branches other than master. Changes are
merged into master, when they're ready to be included into the next
release. If the feature is not ready to be enabled by default, the
merge will include a feature flag that disables the feature by
default. Merging should ideally happen about daily.

Before a merge happens, the changes to be merged will be reviewed and
OK'd by someone else than the their author. The reviewer does the
merge.

The branch to be merged MUST be rebased onto the commit in master. The
actual merge MUST NOT have any conflicts.

The merge MUST be done using --no-ff, i.e., with a merge commit, even
if only one commit is being merged. The merge commit MUST say who
reviewed and accepted it, by including a `Signed-off-by` line. If
there are more than one reviewer, they should all be added to the
merge commit.

Every commit in the master branch MUST pass `./check`.

The merge process is described below. It starts after the changes have
been reviewed and are ready to be merged.

* `git checkout feature-branch`

  Check out the changes to be merged.

* `git checkout -b feature-branch-rebase`

  Create a new branch, where it's safe to rebase.

* `git rebase master`

  Rebase onto master. Resolve any conflicts. Hopefully there aren't
  any.

* `git checkout master`

  Checkout master, which is where the changes will be merged to.

* `git merge --no-ff --no-commit feature-branch-rebase`

  Merge, without committing the changes.

* `./check`

  Run tests. If there are any problem, abort merge process.

* `git commit -s`

  Commit the merge, adding the `Signed-off-by` line to the commit
  message. The merge commit message should summarise the changes made.


Legalese
-----------------------------------------------------------------------------

Qvarn in its entirety is copyright by its authors, and released under
the GNU Affero General Public Licence, version 3, or later.

    Qvisqve - an authorisation server and an identity provider
    Copyright (C) 2018  Lars Wirzenius

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU Affero General Public License as
    published by the Free Software Foundation, either version 3 of the
    License, or (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU Affero General Public License for more details.

    You should have received a copy of the GNU Affero General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.