9 21 2020 Tech Team Report - QualitativeDataRepository/TechnicalTeam GitHub Wiki
9-21-2020
Logged Tasks
| Date | Task | Hours (Main) | Hours (EOLS) | Hours (PII) |
|---|---|---|---|---|
| 14-Sep-2020 | Report, meeting, update schema-metatag module on dev, stage, implement file PID reservation | 1 | 5 | |
| 15-Sep-2020 | Test/debug/Fix replace w filePIDs | 2 | ||
| 16-Sep-2020 | Update to Drupal 8.9.6, update JWT token/test counter-processor on prod | 1 | ||
| 17-Sep-2020 | Update content-access and devel modules on dev Drupal8 | 1 | ||
| 18-Sep-2020 | Deploy Drupal on prod, review Schema theme and security issues | 1 | ||
| 19-Sep-2020 | Clean qdr theme - remove node_modules, upgrade to gulp 4, create package.json file, update | 3 |
Summary
Drupal
- Updated dev, stage, prod to 8.9.6 (security), content-access and devel module updates
- Enabled Dependabot security alerts for Drupal8 repository
- Investigated security issues identified in Schema theme - all related to use of gulp to compile scss files to css and to minify/merge javascripts
- Updated to gulp 4, removed node_modules dir and ~2K files from git, setup npm/node locally to be able to regenerate gulp dependencies as needed
- Reduced from ~9 to 3 warnings, marked them as not in used code since they aren't deployed/used in the actual QDR theme
Dataverse
- Updated production JWT for counter-processor after DataCite updates
- Implemented file PID reservation and verified it works with file replace.
Operations
- Verified that the aws jar was the only changed file within the dataverse war between stage and prod (with email issue) and that the jars only differed by the javamail.providers class
- Documented how to sign up for the GeoLite database #51
- Discovered(rediscovered?) problem with category filter: #52
Plans
- Work through any v5.0 issues
- Create PRs related to file PIDs/replace, update #4380 to stop a replacement file from having the same name as another file (per IQSS feedback)
Still TBD:
- Drupal 9
For Discussion
- Re: mail on prod - verified that the issue was a single javamail.provider file and found that there were other complaints on the Internet - possible that AWS removed it (haven't found proof). In any case, it doesn't look like there's any sign of tampering with any classes, etc.