www.wp-cli.org SSL setup wp-cli.org is…

www.wp-cli.org SSLSSL Secure Socket Layer - Encryption from the server to the browser and back. Prevents prying eyes from seeing what you are sending between your browser and the server. setup

Raised via: https://wordpress.slack.com/archives/C02QB8GMM/p1719398059892329

wp-cli.org is hosted on GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ Pages, the A records are setup properly for this.

In order for GitHub Pages to provision a SSL certificate for the www subdomain however, the subdomain needs to be a CNAME to wp-cli.github.io. Currently it’s a CNAME to wp-cli.org.

Can we please change www.wp-cli.org from a CNAME to itself, to that of github?


$ dig www.wp-cli.org +short

Should be:

$ dig www.wp-cli.org +short

#ssl #dns #github #wpcli #prio2

Schema redirect for wp-env.json

@ajlende requested via Slack: https://wordpress.slack.com/archives/C02QB8GMM/p1718649686552709

I need to add a new schemas.wp.org redirect for the wp-env.json file added in https://github.com/WordPress/gutenberg/pull/36276. I don’t have access to add the systems request like was done for Add redirect for Font Collection JSON schema. So I hope this is the right place to ask for help; I couldn’t find a channel for systems.

I’m making an assumption here; but it appears the expected format is:

https://schemas.wp.org/trunk/wp-env.json => https://raw.githubusercontent.com/WordPress/gutenberg/trunk/schemas/json/wp-env.json

#redirect #prio1

Reprovision dd32.dev wporg Sandbox

As per previous posts [1], can I get my sandbox reprovisioned for VSCode?

I’ve backed up my customisations. (please note: I’m doing this at the end of each work day, just wipe the box when time comes, pingPing The act of sending a very small amount of data to an end point. Ping is used in computer science to illicit a response from a target server to test it’s connection. Ping is also a term used by Slack users to @ someone or send them a direct message (DM). Users might say something along the lines of “Ping me when the meeting starts.” me via slackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. if online)

Please enable sudo switch-php.sh

#prio1 #sandbox

Increase query params length for trac

Could we increase the length of query parameters for TracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. instances? It seems that the existing query length limits are too low for it.


#prio1 #trac

Enable CORS for core translation downloads

Currently CORS isn’t enabled for a URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org such as the below.


This appears to be because the translation CORS headers are set to builds/(plugins|themes) which doesn’t include coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. (which is in builds/core/$locale.zip

Can we have that (plugins|themes) expanded to (core|plugins|themes) in the wporg_downloads_cors_* maps please?

Reported via https://github.com/WordPress/wordpress-playground/issues/1206


#prio2 #translations #nginx #playground

Enable DKIM for WordCamp GSuite?

While looking at DKIM for 3rd-party tools, I noticed we don’t have it setup for GSuite emails.

Do we need to setup DKIM for those domains? Or is the default gsuite dkim setup enough?

Direct link: https://admin.google.com/ac/apps/gmail/authenticateemail
You can login using the ?secret_id=7194 secret.

Outgoing emails from GSuite currently show this in gmail receivers:

SPF:  PASS with IP
DKIM:   'PASS' with domain wordcamp-org.20230601.gappssmtp.com

While emails sent from WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. production show:

DKIM: 'PASS' with domain wordcamp.org

#prio2 #email #wordcamp

Enable DKIM for 3rd-party WordCamp emails

Since February 1, 2024, Gmail and Yahoo have implemented new requirements for email senders to protect users’ inboxes from spam more effectively while ensuring legitimate emails are received.

As y’all know, Google and Yahoo have changed how they handle non-authenticated emails. While emails we send are likely to have proper authentication in place, emails sent from 3rd-parties don’t.

Some 3rd-party tools can use the Gsuite account for emails (Freescout & HelpScout for example). Other tools, such as Mailchimp, Active Campaign, Brevo, and a long list of others don’t support it.

Mailchimp is currently enabled for DKIM, as it’s used for the main Central account – and as I’ve just found out, as long as you can receive email for a email address, any WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. can use that verification; so any WordCamp using Mailchimp is fine.

Active Campaign is used (at least) by WordCamp Asia, this requires adding additional DKIM keys and a CNAME to verify the domain ownership.

acdkim1._domainkey.wordcamp.org CNAME dkim.acdkim1.acems1.com
acdkim2._domainkey.wordcamp.org CNAME dkim.acdkim2.acems1.com

em-3501330.wordcamp.org CNAME cmd.emsend1.com

Brevo is currently used by (at least) WordCamp Europe. Similar to above, it requires the DKIM records and an ownership verification record.

Unfortunately these do not use CNAME’s and require TXT records be added:

wordcamp.org TXT brevo-code:[pixelated-text]
mail._domainkey.wordcamp.org TXT k=rsa;[pixelated-text]

(@casiepa can you let me know the actual values for these? I can only find pixelated images)

I don’t know how to handle this going forward; especially in the case of the above which require may require ownership verification from future WordCamps, I’m almost certain the above authentication steps won’t work for future camps.

If systems have any objections to enabling DKIM and ownership verifications of the domain for WordCamps, let us know and we’ll discuss if there’s an alternative; At present it doesn’t appear there’s many other options; aside from requiring WordCamps to use a limited selection of tools, or to use a 3rd-party domains (such as team@wc{city}.org).

Regional WordCamps (Asia, Europe, and US) get special treatment however in this regard; so I assume enabling DKIM is going to be possible.

#wordcamp #email #prio2 #dns

Enable SSL for additional *.wp.org domains

End-users often shorten links to WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ with the wp.org domain. This isn’t an official domain that’s used, but we do have a redirect in place for it.

Currently the list of SSLSSL Secure Socket Layer - Encryption from the server to the browser and back. Prevents prying eyes from seeing what you are sending between your browser and the server.-enabled subdomains is rather small compared to the *.wordpress.org domains.

Can we expand the list of subdomains SSL is supported on, at least to the non-locale-site domains used by contributors?

wp.org www.wp.org developer.wp.org events.wp.org make.wp.org learn.wp.org login.wp.org profiles.wp.org sv.wp.org translate.wp.org schemas.wp.org

I do note that sv.wp.org is included in the current SSL cert, I’m unsure why that domain was specifically included, I don’t personally think it’s worth listing all rosetta subdomains, as we’d have to constantly update the list, so I haven’t included those above. Similarly, I don’t think it’s worth enabling wildcard support for this domain at this time due to the LE integration limitations at present.

ref: https://meta.trac.wordpress.org/ticket/7526

cc @flexseth

#prio3 #ssl

Update Git author script

During the svn => git sync process we rewrite the author using a bash script that fetches the user details. This is get-author.sh in the git home directory on svn servers.

Due to character sets, it appears that non-latin names are being corrupted.
For example:

$ git clone git://develop.git.wordpress.org/
$ cd develop.git.wordpress.org
$ git show f047b94d71e780cbd7595047f28a644955d35fff | head -n3
commit f047b94d71e780cbd7595047f28a644955d35fff
Author: Greg Ziółkowski <gziolo@git.wordpress.org>
Date:   Fri Apr 21 10:41:58 2023 +0000

Greg Ziółkowski should be Greg Ziółkowski as shown on his profile.

The SQL used for this is CONCAT(display_name, '|', user_nicename). I can’t test it as I don’t have mysqlMySQL MySQL is a relational database management system. A database is a structured collection of data where content, configuration and other options are stored. https://www.mysql.com/. tools on my sandbox, but I suspect either

  • Character sets need to be specified on the mysql command, I suspect either --default-character-set=latin1 or --default-character-set=utf8mb4 would work.
  • The above concat should do some character-set conversions; I think CONCAT( CONVERT( CAST( CONVERT( display_name USING latin1) AS BINARY) USING utf8), ‘|', user_nicename) would work.

To duplicate it, you should be able to run this on the svn host:
get-author.sh gziolo

Note: You can likely remove the 2015-era logging/debugging from the file at the same time, I don’t recall the outcomes of that, but I suspect it was long fixed.. Review the logs I guess!

Let me know if you’d like me to test or debug anything.

cc @dmsnell @gziolo (Apologies for the months long delay!)
#prio2 #git #svn

Redirect gutenberg.run

Currently gutenberg.run is hosted by a DigitalOcean instance that we’d like to shut down.

Can we please have that domain setup as a redirect to https://playground.wordpress.net/gutenberg.html?

Thanks in advance!

cc @adamziel
#gutenberg-run #playground #redirect #prio3