devel February 2021

devel@lists.centos.org

62 participants
47 discussions

new CS8 module streams
by Carl George 15 Feb '21

15 Feb '21

Howdy everyone, I want to call attention to some new modular content that we are shipping in CentOS Stream 8 that is not yet available for RHEL 8. We've added the following optional (non-default) module streams to existing modules. You have to explicitly enable these streams to get this content. If you don't, dnf will still use the respective default stream, or a stream that you previously enabled. mariadb:10.5 postgresql:13 redis:6 subversion:1.14 swig:4.0 We also recently added a new python39 module. Similar to python38, this module can be installed in parallel with other Python modules. You can use the alternatives system to set it as the default python3 command if you wish. This new modular content is planned to be included in RHEL 8.4, but you can get it now in CS8. Please try it out and share your feedback. -- Carl George

2 1

CPE Weekly: 2021-02-14
by Aoife Moloney 15 Feb '21

15 Feb '21

Hi Everyone, If you would like to see this report and toggle to the section you are most interested in, I would suggest visiting this link https://hackmd.io/8iV7PilARSG68Tqv8CzKOQ?view and use the header bar on your left to skip to where you want to go! ## Initiative FYI Links Initiatives repo here: https://pagure.io/cpe/initiatives-proposal 2021 Quarterly Planning timetable here: https://docs.fedoraproject.org/en-US/cpe/time_tables/ so you know when I need it in by to review it. Details on initiative requesting/how to work with us on new projects here: https://docs.fedoraproject.org/en-US/cpe/initiatives/ ### Misc #### Conferences! * DevConf.cz is on 18th - 20th Feb! Get your ticket here if you haven't already https://hopin.com/events/devconf-cz-2021 * CentOS Dojo @ FOSDEM was really great last week, and if you missed it be sure to check out the CentOS youtube channel where all of the talks are now uploaded and available to view https://www.youtube.com/thecentosproject ## Project Updates *The below updates are pulled directly from our CPE team call we have every week.* ## CentOS Updates ### CentOS * Our CI infra has been updated from Ocp.ci / ocp.stg.ci to 4.6.15 * Monitoring stack updated to zabbix 5.0.8 * Kojihub now supports x86_64,ppc64le & aarch64 ### CentOS Stream * CentOS Stream container images are now readily available!Check out the mail from Brian Stinson to the CentOS-devel & announce list here for more details on tags and where to pull https://lists.centos.org/pipermail/centos-devel/2021-February/076503.html ### Fedora * Mass branching of packages was completed last week * Mass branching of modules is underway * There is already have a branched compose * The main branch changes are also almost complete with just docs left * tests namespace in dist-git has migrated to “main” with “master” as symlink for now with it being removed after F34 release, so mark your calendar! ### Noggin/AAA * Security fixes on Content Security Policy * Re-installed FreeIPA schema to test a faster way to import user data as part of tuning & performance testing while still in staging * If you are experiencing any issues logging in, please reach out to the team on IRC channel #fedora-aaa * The work tracker for this project can be found here https://github.com/orgs/fedora-infra/projects/6 * And please report any issues you find in the repo https://github.com/fedora-infra/noggin ## Team Info ### Background: The Community Platform Engineering group, or CPE for short, is the Red Hat team combining IT and release engineering from Fedora and CentOS. Our goal is to keep core servers and services running and maintained, build releases, and other strategic tasks that need more dedicated time than volunteers can give. See our wiki page here for more information:https://docs.fedoraproject.org/en-US/cpe/ As always, feedback is welcome, and we will continue to look at ways to improve the delivery and readability of this weekly report. Have a great week! Aoife Source: https://hackmd.io/8iV7PilARSG68Tqv8CzKOQ?view -- Aoife Moloney Product Owner Community Platform Engineering Team Red Hat EMEA Communications House Cork Road Waterford

1 0

libuv-devel version in Devel does not match AppStream
by Anthony Alba 14 Feb '21

14 Feb '21

Hi, The version of libuv-devel in Devel libuv-devel-1.23.1-1.el8.x86_64.rpm does not match AppStream:libuv-1.38.0-2.el8.x86_64.rpm Thanks Anthony Alba

2 1

centos-release-stream.x86_64 VS centos-stream-release.noarch
by lejeczek 13 Feb '21

13 Feb '21

Hi devel Is that not something that needs looking into? -> $ dnf search release | grep -i strea Last metadata expiration check: 0:07:24 ago on Thu 28 Jan 2021 09:46:52 GMT. centos-release-stream.x86_64 : CentOS-Stream release file centos-stream-release.noarch : CentOS Stream release files Installing one package and not the other messes things a bit. regards, L.

4 5

subversion current status of stream-1.10
by Leon Fauster 13 Feb '21

13 Feb '21

Hey all, I took a look at https://git.centos.org/rpms/subversion/blob/c8-stream-1.10/f/SPECS/subversi… and see a Release: 3%{?dist} but can not find this one in the repos? git log --pretty=format:'%cd ; %s' Fri Nov 6 08:54:57 2020 -0500 ; import subversion-1.10.2-3.module+el8.3.0+6671+2675c974 Tue Nov 19 06:49:07 2019 -0500 ; import subversion-1.10.2-2.module+el8.0.0+3900+919b6753 Tue May 7 06:59:42 2019 -0400 ; import subversion-1.10.2-1.module+el8+2562+4c88223a 1.10.2-2 pushed after 1.10.2-3 ?? Any thoughts? -- Thanks Leon

3 6

bug report - dnf and repo_gpgcheck=1
by David Johnston 12 Feb '21

12 Feb '21

dnf handles repo_gpgcheck=1 incorrectly. Where should I report it? I see 3 issues with the current behavior: 1. dnf stores a separate copy of the key for each repo in the cache 2. dnf -y update will add keys without prompting the user 3. clearing the dnf cache drops the keys, exposing the system to STEPS TO REPRODUCE (USE CASE 1) # dnf config-manager --save --setopt=*.repo_gpgcheck=1 appstream baseos extras powertools # dnf update EXPECTED RESULT dnf will call gpg to import the keys into root's keyring. gpg will query the operator once for each key ACTUAL RESULTdnf queries the operator once for each repo, loads that repo, then moves to the next repo. dnf stores the gpg keys under /var/cache/dnf, for example: /var/cache/dnf/extras-2770d521ba03e231/pubring/trustdb.gpg /var/cache/dnf/powertools-25a6a2b331e53e98/pubring/trustdb.gpg /var/cache/dnf/baseos-929b586ef1f72f69/pubring/trustdb.gpg /var/cache/dnf/appstream-a520ed22b0a8a736/pubring/trustdb.gpg STEPS TO REPRODUCE (USE CASE 2) # dnf config-manager --save --setopt=*.repo_gpgcheck=1 appstream baseos extras powertools # dnf -y update EXPECTED RESULT dnf will call gpg to import the keys into the user's keyring (root, in this case). gpg will ignore "-y" passed to dnf ACTUAL RESULT dnf accepts the keys without asking, stores the gpg keys under /var/cache/dnf Examples: /var/cache/dnf/extras-2770d521ba03e231/pubring/trustdb.gpg /var/cache/dnf/powertools-25a6a2b331e53e98/pubring/trustdb.gpg /var/cache/dnf/baseos-929b586ef1f72f69/pubring/trustdb.gpg /var/cache/dnf/appstream-a520ed22b0a8a736/pubring/trustdb.gpg STEPS TO REPRODUCE (USE CASE 3) # dnf config-manager --save --setopt=*.repo_gpgcheck=1 appstream baseos extras powertools # dnf -y update # ref #1 # dnf update # ref #2 # rm -Rf /var/cache/dnf/* # dnf update # ref #3 EXPECTED RESULT OF ref#3 dnf already has the keys ACTUAL RESULT OF ref#3 dnf asks the operator to accept the same key 4 times PROPOSED FIX dnf's repo_gpgcheck should check the signature against keys in the user's keyring. Key management should be done using gpg, not dnf.

2 1

[TripleO] [CloudSIG] Errors on Recent TripleO Deployment - Ussuri and Victoria
by Nathan McGarvey 12 Feb '21

12 Feb '21

To anyone on the cloud SIG team, specifically dealing with a TripleO deployment: As of this week, a stock install of the "Ussuri" and "Victoria" releases of TripleO undercloud fail due to internal puppet module issues as follows: Note that at least Ussuri worked recently (in the last few weeks): Ussuri: "puppet-user: Error: no parameter named 'key_size' (file: /etc/puppet/modules/tripleo/manifests/certmonger/haproxy.pp, line: 102) on Certmonger_certificate[haproxy-external-cert] (file: /etc/puppet/modules/tripleo/manifests/certmonger/haproxy.pp, line: 102) on node centos8-testing.localdomain" It seams that this may have been fixed in https://github.com/openstack/puppet-tripleo/commit/963b47338008f16039a815b0… Victoria: ... "Could not find class ::neutron::plugins::ml2::ovs_driver" ... I'm not sure if this is related/fixed, but it may be: https://review.opendev.org/c/openstack/puppet-neutron/+/757803 Steps to reproduce: Base install of CentOS8.3 Minimal (VM and baremetal behave the same) install centos-release-openstack-<version> [Optional?] dnf module disable container-tools:rhel8 and dnf module enable container-tools:2.0 dnf install python3-tripleoclient ceph-ansible openstack-selinux dnf distro-sync add the "stack" user and such, add sudo rules, etc. [copy undercloud.conf.sample to undercloud.conf] NOTE: minor customization of IPs in my test environment. [Optional] generate the container parameters yaml openstack undercloud install --verbose Has anybody else experienced this? Any ideas on how to rectify the issue or prevent this from happening in the future. This seems like a pretty big breakage since it is effectively a no-go for any new install at least. (I'd assume the overcloud install will break in the same manner since it should be using the same repos and containers.) Please pardon my ignorance if I'm missing something obvious since I'm a new poster to this thread. Thanks, -Nathan

2 2

Path forward for EL8 build roots in OBS / Copr?
by Anthony Alba 11 Feb '21

11 Feb '21

With the retirement of CentOS Linux 8, what is the intended path forward for unofficial user repositories like Fedora Copr or OBS (OpenSuse Build service)? Are they supposed to move to RHEL 8 or CentOS Stream? For example, Copr has "Epel for CentOS 8" build root for unofficial RPMs for EL8 systems. OBS has CentOS 6-8, but only RHEL 5-7. Cheers Anthony

1 0

CentOS Stream Container images available on quay.io
by Brian Stinson 11 Feb '21

11 Feb '21

Hi folks, CentOS Stream container images are now readily available! podman pull quay.io/centos/centos:stream OR podman pull quay.io/centos/centos:stream8 ## Tags· We expect the 'stream' tag to automatically move forward to new Streams as they come on board. This means when CentOS Stream 9 becomes the Live Stream, quay.io/centos/centos:stream will have 9 based content. The 'stream8' tag can be used while Stream 8 is Live, and during the overlap period between Stream 8 and Stream 9. A 'stream9' tag will be created at the appropriate time to serve the same purpose. You can browse through all of the tags for the CentOS repository here: https://quay.io/repository/centos/centos?tab=tags ## Next Steps - We are still in discussions on how to push these properly to Dockerhub. Since CentOS is an Official Image, there are some extra requirements here that we're working through. If you have questions you can find us on the centos-devel mailing list (centos-devel(a)centos.org) or in #centos-stream on Freenode Cheers! -- Brian Stinson On behalf of the CentOS Stream Team

1 0

False statement about insecurity made on Wiki
by Chris Drake 11 Feb '21

11 Feb '21

Your Wkii page here: https://wiki.centos.org/FAQ/CentOSStream#Where_is_the_source_code.3F After discussion in which it was confirmed that TLS *could* be implemented "but traditionally we have not done so", was just updated by Manuel Wolfshant with the following lie:- *Note: downloads are hosted on a mirror network, where we cannot mandate that every mirror node runs SSL/TLS, hence using regular http and not enforcing https* False statements are disgusting to begin with, but ones that attempt to excuse the lazy decision to put all CentOS customers at risk are totally unacceptable. LE is free and easy to use and setup - it's a no-brainer to fix this problem, assuming someone isn't getting a kickback from some 3-letter-agency to leave this exploitable security hole open ?

9 14

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

devel February 2021