11738aed97
* [stable-2.8] Change default file permissions so they are not world readable (#70221) * Change default file permissions so they are not world readable CVE-2020-1736 Set the default permissions for files we create with atomic_move() to 0o0660. Track which files we create that did not exist and warn if the module supports 'mode' and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults. A code audit is needed to find all instances of modules that call atomic_move() but do not call set_mode_if_different(). The findings need to be documented in a changelog since we are not warning. Warning in those instances would be frustrating to the user since they have no way to change the module code. - use a set for storing list of created files - just check the argument spac and params rather than using another property - improve the warning message to include the default permissions. (cherry picked from commit |
5 years ago | |
|---|---|---|
| .. | ||
| _extensions | 7 years ago | |
| _static | 6 years ago | |
| _themes/sphinx_rtd_theme | 5 years ago | |
| js/ansible | ||
| rst | 5 years ago | |
| .gitignore | 9 years ago | |
| .nojekyll | ||
| Makefile | 7 years ago | |
| Makefile.sphinx | 8 years ago | |
| README.md | 7 years ago | |
| jinja2-2.9.7.inv | 8 years ago | |
| keyword_desc.yml | 7 years ago | |
| modules.js | ||
| python2-2.7.13.inv | 8 years ago | |
| python3-3.6.2.inv | 8 years ago | |
| requirements.txt | 7 years ago | |
| variables.dot | ||
README.md
Homepage and Documentation Source for Ansible
This project hosts the source behind docs.ansible.com
Contributions to the documentation are welcome. To make changes, submit a pull request that changes the reStructuredText files in the rst/ directory only, and the core team can do a docs build and push the static files.
If you wish to verify output from the markup such as link references, you may install sphinx and build the documentation by running make webdocs from the ansible/docs/docsite directory.
To include module documentation you'll need to run make webdocs at the top level of the repository. The generated html files are in docsite/htmlout/.
To limit module documentation building to a specific module, run MODULES=NAME make webdocs instead. This should make testing module documentation syntax much faster. Instead of a single module, you can also specify a comma-separated list of modules. In order to skip building documentation for all modules, specify non-existing module name, for example MODULES=none make webdocs.
If you do not want to learn the reStructuredText format, you can also file issues about documentation problems on the Ansible GitHub project.
Note that module documentation can actually be generated from a DOCUMENTATION docstring in the modules directory, so corrections to modules written as such need to be made in the module source, rather than in docsite source.
To install sphinx and the required theme, install pip and then pip install sphinx sphinx_rtd_theme
HEADERS
RST allows for arbitrary hierarchy for the headers, it will 'learn on the fly'. We also want a standard that all our documents can follow:
##########################
# with overline, for parts
##########################
*****************************
* with overline, for chapters
*****************************
=, for sections
===============
-, for subsections
------------------
^, for sub-subsections
^^^^^^^^^^^^^^^^^^^^^
", for paragraphs
"""""""""""""""""
We do have pages littered with ```````` headers, but those should be removed for one of the above.