www.wp-cli.org SSL setup wp-cli.org is…

www.wp-cli.org SSLSSL Secure Socket Layer - Encryption from the server to the browser and back. Prevents prying eyes from seeing what you are sending between your browser and the server. setup

Raised via: https://wordpress.slack.com/archives/C02QB8GMM/p1719398059892329

wp-cli.org is hosted on GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ Pages, the A records are setup properly for this.

In order for GitHub Pages to provision a SSL certificate for the www subdomain however, the subdomain needs to be a CNAME to wp-cli.github.io. Currently it’s a CNAME to wp-cli.org.

Can we please change www.wp-cli.org from a CNAME to itself, to that of github?

Currently:

$ dig www.wp-cli.org +short
wp-cli.org.
185.199.111.153
185.199.110.153
185.199.109.153
185.199.108.153

Should be:

$ dig www.wp-cli.org +short
wp-cli.github.io.
185.199.111.153
185.199.110.153
185.199.109.153
185.199.108.153

#ssl #dns #github #wpcli #prio2

Enable CORS for core translation downloads

Currently CORS isn’t enabled for a URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org such as the below.

 https://downloads.wordpress.org/translation/core/6.5/fr_FR.zip

This appears to be because the translation CORS headers are set to builds/(plugins|themes) which doesn’t include coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. (which is in builds/core/$locale.zip

Can we have that (plugins|themes) expanded to (core|plugins|themes) in the wporg_downloads_cors_* maps please?

Reported via https://github.com/WordPress/wordpress-playground/issues/1206

Thanks!

#prio2 #translations #nginx #playground

Enable DKIM for WordCamp GSuite?

While looking at DKIM for 3rd-party tools, I noticed we don’t have it setup for GSuite emails.

Do we need to setup DKIM for those domains? Or is the default gsuite dkim setup enough?

Direct link: https://admin.google.com/ac/apps/gmail/authenticateemail
You can login using the ?secret_id=7194 secret.

Outgoing emails from GSuite currently show this in gmail receivers:

SPF:  PASS with IP 209.85.220.41
DKIM:   'PASS' with domain wordcamp-org.20230601.gappssmtp.com
DMARC:  'PASS' 

While emails sent from WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. production show:

DKIM: 'PASS' with domain wordcamp.org
DMARC:  'PASS'

#prio2 #email #wordcamp

Enable DKIM for 3rd-party WordCamp emails

Since February 1, 2024, Gmail and Yahoo have implemented new requirements for email senders to protect users’ inboxes from spam more effectively while ensuring legitimate emails are received.

As y’all know, Google and Yahoo have changed how they handle non-authenticated emails. While emails we send are likely to have proper authentication in place, emails sent from 3rd-parties don’t.

Some 3rd-party tools can use the Gsuite account for emails (Freescout & HelpScout for example). Other tools, such as Mailchimp, Active Campaign, Brevo, and a long list of others don’t support it.

Mailchimp is currently enabled for DKIM, as it’s used for the main Central account – and as I’ve just found out, as long as you can receive email for a email address, any WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. can use that verification; so any WordCamp using Mailchimp is fine.

Active Campaign is used (at least) by WordCamp Asia, this requires adding additional DKIM keys and a CNAME to verify the domain ownership.

acdkim1._domainkey.wordcamp.org CNAME dkim.acdkim1.acems1.com
acdkim2._domainkey.wordcamp.org CNAME dkim.acdkim2.acems1.com

em-3501330.wordcamp.org CNAME cmd.emsend1.com

Brevo is currently used by (at least) WordCamp Europe. Similar to above, it requires the DKIM records and an ownership verification record.

Unfortunately these do not use CNAME’s and require TXT records be added:

wordcamp.org TXT brevo-code:[pixelated-text]
mail._domainkey.wordcamp.org TXT k=rsa;[pixelated-text]

(@casiepa can you let me know the actual values for these? I can only find pixelated images)

I don’t know how to handle this going forward; especially in the case of the above which require may require ownership verification from future WordCamps, I’m almost certain the above authentication steps won’t work for future camps.

If systems have any objections to enabling DKIM and ownership verifications of the domain for WordCamps, let us know and we’ll discuss if there’s an alternative; At present it doesn’t appear there’s many other options; aside from requiring WordCamps to use a limited selection of tools, or to use a 3rd-party domains (such as team@wc{city}.org).

Regional WordCamps (Asia, Europe, and US) get special treatment however in this regard; so I assume enabling DKIM is going to be possible.

#wordcamp #email #prio2 #dns

Update Git author script

During the svn => git sync process we rewrite the author using a bash script that fetches the user details. This is get-author.sh in the git home directory on svn servers.

Due to character sets, it appears that non-latin names are being corrupted.
For example:

$ git clone git://develop.git.wordpress.org/
$ cd develop.git.wordpress.org
$ git show f047b94d71e780cbd7595047f28a644955d35fff | head -n3
commit f047b94d71e780cbd7595047f28a644955d35fff
Author: Greg Ziółkowski <gziolo@git.wordpress.org>
Date:   Fri Apr 21 10:41:58 2023 +0000

Greg Ziółkowski should be Greg Ziółkowski as shown on his profile.

The SQL used for this is CONCAT(display_name, '|', user_nicename). I can’t test it as I don’t have mysqlMySQL MySQL is a relational database management system. A database is a structured collection of data where content, configuration and other options are stored. https://www.mysql.com/. tools on my sandbox, but I suspect either

  • Character sets need to be specified on the mysql command, I suspect either --default-character-set=latin1 or --default-character-set=utf8mb4 would work.
  • The above concat should do some character-set conversions; I think CONCAT( CONVERT( CAST( CONVERT( display_name USING latin1) AS BINARY) USING utf8), ‘|', user_nicename) would work.

To duplicate it, you should be able to run this on the svn host:
get-author.sh gziolo

Note: You can likely remove the 2015-era logging/debugging from the file at the same time, I don’t recall the outcomes of that, but I suspect it was long fixed.. Review the logs I guess!

Let me know if you’d like me to test or debug anything.

cc @dmsnell @gziolo (Apologies for the months long delay!)
#prio2 #git #svn

Rosetta commit permissions

Hi can I please have commit permissions for the Rosetta Dotorg repository? I need to commit a support theme switcher to mu-plugins, so that end users of the rosetta sites can preview the new support site theme and give feedback.
#prio2 #rosetta

Add WordCamp.org Sandbox and/or Super Admin

I currently have a w.org sandbox, but not a wordcamp.org one (or WC added to mine; not sure how it’s setup). In talking with @dufresnesteven about issues with Jetpack on wordcamp.org, it would be helpful to be able to dig in a bit more directly.

#prio2 #wordcamp

Clear poststatus.com cache in planet

As reported back in November, and today in #7440-meta, feed items from poststatus.com are not appearing on planet.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/, despite being configured.

It works on sandboxes when testing, and as such the only thing I can think of is that the poststatus.com feed cache on planet is broken somehow, preventing it from parsing it.

Can you please:
– backup the following cache file for investigation
rm cache/poststatus.com* on all web nodes
– See if the python cronjob has any related error outputs.

As of making this request, the string ‘Zips not uploading’ should appear in the title of an article on Feb 1st, it’s not currently there in production, but is on sandbox.

#prio2 #planet

#7440-meta

Install Node.js 20.x on the build server

Could Node.js 20.x be installed on the build server? At the time of publishing this, the latest version is 20.10.0 paired with npm version 10.2.3.

18.x is now in Maintenance LTS (installed following this request). 20.x is now Active LTS until October 2024 when it will enter Maintenance LTS until April of 2026. While remaining on 18.x is fine, updating to the latest of 20.x is preferable because this will allow both CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. and GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ to use the latest version of Node.js, as well as completely skipping 18.x and eliminating the need for 16.x.

The current breakdown for WordPress versions to Node.js is as follows:

  • WP/Gutenberg trunk: Node.js 16.x with plans to upgrade to 18.x during the 6.5 cycle.
  • WP 6.4: Node.js 16.x.
  • WP <= 6.3: Node.js 14.x.

If 20.x is made available, WP trunk and the 6.4 branch can be upgraded to both use Node.js 20.x, essentially eliminating the need for both 16.x and 18.x on the build server from the perspective of Core and Gutenberg. I’ve confirmed that there are no changes to the built files after updating to 20.x as seen in the linked PR. Older branches of Core (6.3 and earlier) will remain on Node.js 14.x.

#prio2

Sandbox request for learn.wordpress.org testing

I would like to request a Dotorg sandbox in order to test bug fixes and enhancements for learn.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/.

At the moment members of the WordPress training team do have a way to configure a local development environment for testing bug fixes and enhancements, but it doesn’t allow us to easily test those against as close to a copy of the live environment as possible.

This means we have to rely on someone who already has a sandbox to do a final test before we can merge any changes.

To achieve this, I’d like to request a sandbox that does not have svn commit access, meaning I would not be able to commit changes or trigger a deployment, but has write access to the files and folders relevant to learn.wordpress.org so that I could test code changes submitted as PRs on our GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ repository.

The relevant files and folders are:

  • wp-content/mu-plugins/pub/locale-switcher.php
  • wp-content/mu-plugins/pub/class-validator.php
  • wp-content/mu-plugins/pub/locales.php
  • wp-content/plugins/sensei-pro
  • wp-content/plugins/wporg-learn
  • wp-content/themes/pub/wporg-learn-2020

A sandbox with this configuration will allow us to perform this final test within the training team, without needing to rely on folks from other teams. DeployingDeploy Launching code from a local development environment to the production web server, so that it's available to visitors. the changes would still require an additional check from a member of the MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team who does have svn commit access. 

Please let me know if you have any questions about this request, or if you need anything from me.

#prio2