Re: Fedora 35 security update of curl blocked for a month

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2021-11-02 at 16:19 +0100, Kalev Lember wrote:
> On Tue, Nov 2, 2021 at 3:50 PM Kamil Dudka <kdudka@xxxxxxxxxx> wrote:
> 
> > On Tuesday, November 2, 2021 3:37:03 PM CET Fabio Valentini wrote:
> > > Maybe multiple people attempting to waive test results and re-triggering
> > > tests while things are still pending is not a good idea?
> > > 
> > > It looks like the re-triggered tests failed again, after the tests had
> > been
> > > waived, overriding the waiver. (please correct me if I'm wrong)
> > > 
> > > Fabio
> > > 
> > > (PS: sorry if this shows up as HTML email, I don't have access to my
> > Fedora
> > > machine right now)
> > 
> > To be sure, I tried to do both actions (waive and request stable) in a
> > short
> > period of time but the result is still the same.  Another batch of useless
> > e-mail notifications is now coming my way...
> > 
> 
> My understanding is that the test that failed and is blocking the push to
> stable is the openQA test. When I discussed a similar issue that a GNOME
> megaupdate ran into with adamw a few weeks ago, he said that the way to
> retrigger openQA tests is to either edit the builds in the update or
> unpush/submit it again to testing, and that the retrigger tests button
> doesn't do anything for openQA tests. Apparently Bodhi also has some kind
> of issue with waiving openQA tests so waiving doesn't work in practice. :)
> 
> Maybe it's worth a try here to see if unpushing and resubmitting to testing
> helps? And if it doesn't, maybe ask on irc in #fedora-qa to see if they can
> help get the openQA tests for the update going again?

Yeah, so, uh, sorry about this! There are kind of a lot of moving parts
here.

I explained in an early comment on the update why the tests failed
initially - the update depended on a version of openssl which was still
in updates-testing, so it was correct that the tests failed then. It
looks like that openssl update was later pushed stable, but the tests
on the curl update do not appear to have been re-run until today. So
until today, the update was still blocked on the original failed tests.

Today the tests have got re-run but in an unfortunate coincidence of
timing, some of them failed again. This is entirely my fault - it
happened because I updated a definition of the 'current stable' release
of Fedora last night and forgot I needed to trigger a rebuild of
openQA's base disk images at the same time, otherwise tests will fail
because they try to use an image that hasn't been built. I'm doing that
now and will re-run the tests, they should pass this time.

Other issues:

1. As noted, this could not have been pushed stable until this week
anyway as there was no FE or blocker bug. As Peter said, if there is a
good reason to push an update stable during freeze - 'fixes a security
bug' is certainly a good reason - please propose a bug that the update
fixes as a release blocker (if it's "important" or higher on the RH
scale) or freeze exception (otherwise). You can do this via
https://qa.fedoraproject.org/blockerbugs/propose_bug .

2. The "re-trigger tests" button in Bodhi does not currently re-run
openQA tests due to a couple of bugs in Bodhi which make it more or
less impossible to implement properly. I've fixed those bugs, but a new
version of Bodhi which includes the fixes has not yet been released and
deployed to stable. When it is, I can update the openQA test scheduler
to respond to the messages the button publishes; I have a ticket for
that and am just waiting on the Bodhi update. As Kalev says, you can
trigger an openQA re-run by editing the update in any way (just adding
or removing a single character from the description will do it), though
this is of course a non-obvious workaround.

3. I'm not sure why Bodhi is still not allowing the update to be
submitted for stable even though the tests have been waived, this is
odd. I ran the greenwave query manually and it returns (in part):

    "policies_satisfied": true,
    "unsatisfied_requirements": []

which should always satisfy Bodhi. If I've figured this out before (as
Kalev implied), then I've forgotten it now. :P But whenever the new
Bodhi version actually does get released and deployed, it tweaks
several things in this area, so whatever the problem is may get fixed.
Hopefully, once I re-run the openQA tests and they actually pass, Bodhi
will be happy.

4. The email notifications should be customizable via
https://apps.fedoraproject.org/notifications/ , I believe. I do agree
it would be good if we could tweak some defaults in the notification
code to not notify you when you do things to your own stuff, as you
likely don't need a notification in that case. But I never get around
to doing this for my own account, let alone sending a patch to make it
better for everyone...
-- 
Adam Williamson
Fedora QA
IRC: adamw | Twitter: adamw_ha
https://www.happyassassin.net

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux