qtbase_*
thresholdsseverity ≥ minor · confidence ≥ medium · cap 12
max diff0.4 MB
pollevery 300s
Fork of Qt6 (QtBase) carrying NinjaOne patches for legacy-OS (Windows 7) support. qtbase_<ver> branches hold the upstream archive; qtbase_<ver>_patched carry our patches as commits. Review feature/patch PRs into the qtbase_* service branches only; upstream-archive drops and big rebases are out of scope (skipped by size).
A fork of Qt6 (QtBase) carrying NinjaOne's patches to keep the NinjaRemote clients
running on legacy Windows (Win7) with a pinned Qt 6.8.x line (the exact patch version
rolls forward). Enormous repo (full Qt source per version) — the reviewable work is the
patches, not Qt itself.
qtbase_<ver> — the upstream QtBase archive for that Qt version (e.g. qtbase_686= Qt 6.8.6), committed as-is. Reviewing these is reviewing upstream Qt — pointless.
qtbase_<ver>_patched — the same base with NinjaOne's patches as commits. A newversion is created by cherry-picking the previous version's patches onto the new base and
resolving conflicts; the resulting diff is saved as a patch file consumed by ncpeer_vcpkg.
qtbase_* service branches (new or fixedpatches). Upstream-archive "drops" and big version rebases are out of scope (and are
skipped by diff size anyway).
small as possible, and not change behaviour beyond the legacy-OS fix.
conflict-resolution mistakes and assumptions tied to one Qt version.
Windows/macOS/Linux.
correct and properly guarded by version checks.
Patches touching Qt networking/TLS, crypto, or process/loader behaviour — a subtle change in
a framework used everywhere has broad impact.
ncpeer_vcpkg expects.
qtbase_* branch is upstream Qt — focus only on the NinjaOne patchcommits/diff, not the surrounding Qt code.
_Orientation only — verify current specifics in the code; this describes the durable
maintenance model & risk areas, not a snapshot._
How the monitored repos relate — so a change in one repo is reviewed with its blast
radius in mind (a change upstream of ncpeer can break ncpeer even if it looks local).
Orientation only; verify specifics in code.
speak the NCRP wire protocol (protocol/format changes must stay compatible across
client and server versions).
URLs, it pairs them and forwards frames verbatim. Signed join URLs are minted by the
Ninja backend — the signature scheme is a backend⇄relay contract, and the frame
semantics are a peer⇄peer contract.
a signed upload leg streams to a signed download leg through memory (never stored).
Two parallel implementations (Python ftsv2/ + Go fts_go/) must stay behaviorally
identical; the URL/signature scheme is shared-family with websocket-switch.
NinjaRemote file-transfer features ride on these relays when peers can't go direct.
or behaviour change here affects both consumers.
build against**. A dependency bump changes what those products link (security/ABI/build).
through the ncpeer_vcpkg overlay.
shares nccommon and ncpeer_vcpkg with ncpeer.
part of the remote-desktop family). Runs as a child process of the NinjaRMM agent (the
parent owns install/upgrade/policy/launch); NinjaFlow owns the CLI contract, config schema,
credential precedence, DB schema/migrations, and exit-code meanings the parent consumes —
those are cross-process contracts. Submits telemetry to the Ninja Backend. Shares no code with
ncpeer/nmsnj; adjacent to nmsnj only in domain (network), not in implementation.
not part of any product's build. It consumes the SBOMs the other products' pipelines emit
(Ninja-Remote/ncpeer, NMS/nmsnj, NinjaFlow all appear in its scope maps), scans them for CVEs
and files Jira issues — a downstream *security-scanning* relationship, not a code dependency.
Shares no code with the others; has its own DB/schema and a toolbox submodule.
authentication component: its pam_ninja.so gates SSH reverse-tunnel access into
Ninja infrastructure with a time-based OTP. Shares no code with the other repos; its
blast radius is operational (who can SSH-tunnel into hosts), not code-level. The client OTP
generators and the module must agree on the OTP scheme + shared secret.
these are *upstream* of ncpeer (and nccommon/vcpkg also of nmsnj) — weigh the consumer
side: API/ABI compatibility, build impact, and cross-platform reach.
contract.