16:00:06 #startmeeting F33-blocker-review 16:00:06 Meeting started Mon Oct 12 16:00:06 2020 UTC. 16:00:06 This meeting is logged and archived in a public location. 16:00:06 The chair is adamw. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:06 Useful Commands: #action #agreed #halp #info #idea #link #topic. 16:00:06 The meeting name has been set to 'f33-blocker-review' 16:00:06 #meetingname F33-blocker-review 16:00:06 The meeting name has been set to 'f33-blocker-review' 16:00:06 #topic Roll Call 16:00:16 morning folks, who's around to review some blockers? 16:01:26 I am!! 16:01:51 Good morning adamw too, glad you're back (I know youve been back for a week, but I can say it now too, dammit) 16:02:20 * coremodule willing and able to secretarialize. 16:03:01 roger roger 16:03:09 if it's just you and me it'll get a bit lonely though 16:03:13 coremodule, are you officially here? 16:03:17 kalev: ping 16:03:17 adamw: Ping with data, please: https://fedoraproject.org/wiki/No_naked_pings 16:03:18 .hello2 16:03:20 coremodule: coremodule 'Geoffrey Marr' 16:03:22 zodbot: shut up 16:03:26 the data was implied, damnit 16:03:32 er 16:03:32 lol 16:03:33 i meant 16:03:36 bcotton: are you officially here? 16:04:04 bcotton: "Here, because he's not all there." 16:04:43 .hello jbwillia 16:04:44 Southern_Gentlem: jbwillia 'Ben Williams' 16:04:52 .hello2 16:04:53 bcotton: bcotton 'Ben Cotton' 16:05:01 adamw: i am. i was just making lunch :-) 16:07:54 it's breakfast time, damnit 16:08:11 welp, i guess we can go ahead, we do have several bugs with some votes in the tracker so we can make quorum combined 16:08:32 #chair bcotton coremodule 16:08:32 Current chairs: adamw bcotton coremodule 16:08:39 boilerplate alert! 16:08:41 #topic Introduction 16:08:41 Why are we here? 16:08:41 #info Our purpose in this meeting is to review proposed blocker and nice-to-have bugs and decide whether to accept them, and to monitor the progress of fixing existing accepted blocker and nice-to-have bugs. 16:08:41 #info We'll be following the process outlined at: 16:08:41 #link https://fedoraproject.org/wiki/QA:SOP_Blocker_Bug_Meeting 16:08:44 #info The bugs up for review today are available at: 16:08:45 #link http://qa.fedoraproject.org/blockerbugs/current 16:08:47 #info The criteria for release blocking bugs can be found at: 16:08:49 #link https://fedoraproject.org/wiki/Basic_Release_Criteria 16:08:51 #link https://fedoraproject.org/wiki/Fedora_33_Beta_Release_Criteria 16:08:53 #link https://fedoraproject.org/wiki/Fedora_33_Final_Release_Criteria 16:08:55 #info for Final, we have: 16:08:57 #info 3 Proposed Blockers 16:08:59 #info 6 Accepted Blockers 16:09:01 #info 3 Proposed Freeze Exceptions 16:09:05 #info 10 Accepted Freeze Exceptions 16:09:16 #info coremodule will secretarialize 16:09:22 #topic Proposed Final blockers 16:10:48 #topic (1886187) bcm283x-firmware-20200928-2.f0eab3a.fc33.aarch64 fails to boot on Raspberry Pi 3 Model B 16:10:48 #link https://bugzilla.redhat.com/show_bug.cgi?id=1886187 16:10:48 #link https://pagure.io/fedora-qa/blocker-review/issue/160 16:10:48 #info Proposed Blocker, bcm283x-firmware, ON_QA 16:11:52 +1 blocker. booting is important 16:12:02 hmm 16:12:08 seems to be some confusion in the bug report 16:12:12 it seems to impact a large enough subset of hardware to be worthwhile 16:12:13 peter thought he fixed it, reporter disagrees... 16:12:48 Pi up to series 3 is listed at https://fedoraproject.org/wiki/Architectures/ARM#Supported_Hardware_and_Devices / https://fedoraproject.org/wiki/Architectures/ARM/Raspberry_Pi 16:13:04 so i'd say i'm +1 blocker for now, can revise if more info suggests this is somehow not a widespread issue 16:14:11 coremodule: any thoughts? 16:14:22 * coremodule still looking 16:14:25 reporter didnt follow directions 16:15:21 what directions? 16:15:23 i just see "Joern: Can you test this new build and let me know how you get on with it." 16:15:26 sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-e35fa0cfb3 16:15:50 Installed: 16:15:50 bcm2711-firmware-20201008-1.63b1922.fc33.aarch64 16:15:59 it's the same 16:16:12 I haven't seen this, would like to punt for later in the meeting and try to reproduce during meeting... If not, I'm +1 blocker 16:16:22 yeah, that's the package from the update. maybe the user already has updates-testing enabled 16:16:34 *I haven't tested for this 16:16:42 coremodule: i'm fine with punting for that 16:16:52 Give me 10-15 to try this myself 16:16:56 +1 blocker or +1FE 16:17:08 i'm happy to come back to this 16:17:19 #info we'll circle back to this one later in the meeting, coremodule is going to see if he can reproduce it 16:17:20 +1 Punt as well 16:17:32 #topic (1885479) Google account: Credentials have expired 16:17:32 #link https://bugzilla.redhat.com/show_bug.cgi?id=1885479 16:17:32 #link https://pagure.io/fedora-qa/blocker-review/issue/142 16:17:32 #info Proposed Blocker, gnome-online-accounts, ASSIGNED 16:17:43 so this one was previously accepted as a blocker, however New Information has emerged 16:18:05 it appears the bug only happens if you've changed your user password outside of GNOME's expectations and confused the poor dear 16:18:33 which is a thing that happens, but it's probably not a wide enough impact to keep the bug as a blocker, especially as it's a situation that's unlikely to happen on first boot or in live usage, so fixing it with an update should be fine 16:18:36 .hello2 16:18:37 lruzicka: lruzicka 'Lukáš Růžička' 16:18:42 morning lruzicka 16:19:07 hmph. this is still crappy, but i guess it's not crappy enough to block on 16:19:13 #info currently -3 in the ticket, from mcatanzaro, kparal and adamw: https://pagure.io/fedora-qa/blocker-review/issue/142 16:19:28 -1 blocker, +1 fe 16:19:53 -1 b +1FE 16:20:28 I am not sure, probably -1 but common bugs? 16:22:23 yeah i'm not even sure about FE on this one, i'm kinda 0 FE 16:23:48 is it reproducible ? 16:24:16 i believe it's reproducible so long as you change the user password with 'passwd' (which means GNOME doesn't know about the change and update the keyring password) first 16:24:36 can probably also reproduce by changing password through FreeIPA or something like it 16:25:02 ok 0 FE 16:25:28 proposed #agreed 1885479 - RejectedBlocker (Final) - this is now rejected with the information that it only happens when user password is changed in a certain way (that is fairly unlikely to be encountered on first boot or in live usage) 16:25:37 we can vote FE in the ticket, I guess 16:25:46 ack 16:25:51 ack 16:25:55 ack 16:26:36 #agreed 1885479 - RejectedBlocker (Final) - this is now rejected with the information that it only happens when user password is changed in a certain way (that is fairly unlikely to be encountered on first boot or in live usage) 16:26:56 #topic (1887367) Gnome applications cannot be forwarded via ssh. 16:26:56 #link https://bugzilla.redhat.com/show_bug.cgi?id=1887367 16:26:56 #link https://pagure.io/fedora-qa/blocker-review/issue/161 16:26:56 #info Proposed Blocker, gnome-session, NEW 16:27:52 X11 forwarding doesn't seem like "basic functionality" to me 16:27:59 yeah, i'm -1 on this 16:28:17 -1, also 16:28:20 #info we have -2 in the ticket currently, from kparal and adamw 16:28:26 -1 16:28:54 lruzicka: want to change our minds? 16:29:10 I am not sure if I can 16:29:12 +1 commonbugs 16:29:43 I sort of feel that this is not totally basic, but I believe it is good practice in linux that you can do it that way 16:29:56 however, there is an easy workaround 16:30:34 I will accept -1 I proposed it for discussion. 16:31:16 fwiw, i strongly prefer that it works, i just don't think it meets the criterion 16:32:40 lruzicka: proposing a bug isn't an automatic +1 16:32:43 you can propose and vote -1 16:32:44 or 0 16:33:02 of course, if your opinion is +1, i'm not trying to change that :) 16:33:06 this proves the discussion point :D 16:33:22 I am not sure about the blocker, but I am sure this should work D: 16:34:03 oh yeah, but that's kinda...normal 16:34:12 there's lots of bugs we really think should be fixed, but aren't release blockers. to me this is one 16:34:23 so we have...*counts*...-4 +1ish 16:34:28 (counting lruzicka as +1ish) 16:34:51 ok :D 16:35:16 proposed #agreed 1887367 - RejectedBlocker (Final) - we don't think this really meets the criterion cited or any other, ssh X forwarding does not seem like basic functionality 16:35:39 ack 16:35:43 ack 16:35:52 ack 16:36:01 ack 16:36:09 * Eighth_Doctor waves 16:38:47 #agreed 1887367 - RejectedBlocker (Final) - we don't think this really meets the criterion cited or any other, ssh X forwarding does not seem like basic functionality 16:38:49 ahoyhoy 16:39:44 booting rpi now, will install firmware and report 16:39:50 rgr 16:40:04 lruzicka, have you tested with X? 16:42:16 #topic Proposed Final freeze exceptions 16:42:22 #topic (1863531) fawkes: FTBFS in Fedora rawhide/f33 16:42:22 #link https://bugzilla.redhat.com/show_bug.cgi?id=1863531 16:42:22 #link https://pagure.io/fedora-qa/blocker-review/issue/159 16:42:22 #info Proposed Freeze Exceptions, fawkes, ON_QA 16:42:35 #info we have +2 in the ticket from kparal and adamw 16:42:55 this one seems straightforward, we usually take FTBFS bugs as FEs in the interest of having the frozen repo be as installable as possible 16:43:26 +1 fe 16:43:39 +1 FE 16:44:35 +1FE 16:46:14 proposed #agreed 1863531 - AcceptedFreezeException (Final) - accepted as we conventionally accept FTBFS bugs to try and make the frozen final repo as installable as possible 16:46:24 ack 16:46:48 ack 16:46:49 ack 16:48:31 #agreed 1863531 - AcceptedFreezeException (Final) - accepted as we conventionally accept FTBFS bugs to try and make the frozen final repo as installable as possible 16:48:37 #topic (1886561) RPM spec file syntax highlighting is not working 16:48:38 #link https://bugzilla.redhat.com/show_bug.cgi?id=1886561 16:48:38 #link https://pagure.io/fedora-qa/blocker-review/issue/153 16:48:38 #info Proposed Freeze Exceptions, nano, VERIFIED 16:48:40 so, this is a bit awkward 16:49:09 eighth_doctor fixed it, but kdudka took exception to him fixing it 16:49:23 kdudka being the maintainer, i think 16:49:34 yeah 16:49:56 accepting this as an FE would look a bit like an attempt to referee that debate, i think 16:50:03 for that matter, rejecting it might too 16:50:31 i think i'd vote to punt on this till after neal and kamil have had a duel at high noon or something 16:50:34 it seems like he agrees with my rationale, but doesn't think I should have just done it 16:50:47 +1 adamw :D 16:50:59 i mean, he didn't exactly say he agrees or disagrees with the change yet 16:51:07 I don't know how we're going to duel since I think Kamil and I are on opposite timezones 16:51:11 :P 16:51:14 it's been so long since we've had a duel at high noon 16:51:15 zoom 16:51:45 i'm also not sure how important it really is to fix it for release, do you often edit RPM specs from the installer environment or live images? 16:52:03 (even if you do you could always just copy or move the file manually...) 16:52:45 I didn't propose it as a blocker for that reason 16:53:02 but I do think it's weird that we just suddenly lost a third of our syntax highlights midway through F33 development 16:53:05 well it's clearly not a blocker 16:53:08 its fixed and others need to deal with the other politics else where 16:53:11 +1FE 16:53:11 (we didn't just lose rpm, we lost a few others) 16:53:13 anyhow, yeah, my vote is punt 16:53:43 +1 FE here 16:53:52 +1 FE as well 16:53:59 +1 fe 16:54:02 and so far, kdudka didn't revert it and accepted another PR on top and pushed it to Koji 16:54:18 so is it fixed? 16:54:38 the PR is for something else 16:54:49 this was for the vim-default-editor subpackage "fun" that was introduced in Rawhide 16:55:02 but he so far has not elected to revert my change 16:55:12 er, so the build to 'fix' this would have another change in it? 16:55:14 that's also an issue 16:55:30 i note you didn't move just the rpm syntax back, you moved everything in extra 16:55:38 well, yes, he'd have to revert https://src.fedoraproject.org/rpms/nano/c/0273023e2e30a38251837ebe8306f88a12e502f5?branch=master 16:55:48 the release note text you cited would clearly justify moving the rpm syntax back, it's less clear that it justifies moving everything 16:55:52 adamw: yes, because I found out that several grammars were missing 16:56:03 I only found out because of the rpm one 16:56:21 I filed the bug first, then did research to fix it 16:57:08 well, 'fix' seems to be a subjective call here 16:57:17 * Eighth_Doctor shrugs 16:57:18 as kamil says, upstream presumably thinks they shouldn't be there, that's why they moved them 16:58:05 it's our job to be opinionated 16:58:07 upstream also suggested downstreams move the file sup if they want them enabled 16:58:10 *files up 16:58:55 given that nano is our default editor now and this change appears to cause no harm, i'm in favor of accepting it 16:59:20 👍️ 16:59:23 i do wish upstream explained a bit better why they think it makes sense to have syntaxes but hide them 16:59:36 seems clear in commit 0273023e that the syntax highlight should be enabled 16:59:37 but it does seem like they think that makes sense for some reason 17:00:00 the thread upstream is not particularly enlightening and I really don't want a kinda-crippled nano in a release where it's a "feature" 17:00:30 Eighth_Doctor++ 17:01:12 oh, https://lists.gnu.org/archive/html/nano-devel/2020-04/msg00023.html is the rationale, it seems 17:01:44 on the whole i actually agree with you, but we should at least ensure kdudka actually agrees too 17:02:09 is kdudka around? 17:02:22 "Also, having an extra/ subdir allows us to ship some more syntaxes in the tarball without burdening the default install with them" implies that one concern for upstream is size 17:02:31 do we actually ship the contents of extra/ in the package? 17:02:37 yes 17:02:38 we did before 17:02:43 they all get installed regardless 17:02:55 all I did was move them up one directory 17:03:48 yeah, i see https://lists.gnu.org/archive/html/nano-devel/2020-04/msg00029.html now too 17:03:59 okay, i really don't understand benno's position here at all, it seems nuts. :P 17:04:11 I'm open to the idea in the future that we split out some grammars as subpackages for languages and stuff, but for now, just moving things back up a level makes it at parity with what we had in earlier F33 snapshots and in F32 17:04:13 so i think i change to +1, with the only caveat being it'd be nice to get kdudka's signoff, we can ask in bug 17:04:57 * Eighth_Doctor is glad he's not the only one confused by benno's position on this 17:05:20 +1 adamw 17:06:45 proposed #agreed 1886561 - AcceptedFreezeException (Final) - we think it makes sense to maintain continuity here and we disagree with upstream's rationale for moving these in the first place. it would be good to get kdudka's clear ack before pushing this, though 17:07:08 ack 17:07:13 ack 17:07:15 ack 17:07:17 ack 17:07:26 #agreed 1886561 - AcceptedFreezeException (Final) - we think it makes sense to maintain continuity here and we disagree with upstream's rationale for moving these in the first place. it would be good to get kdudka's clear ack before pushing this, though 17:07:36 #topic (1770599) os-prober very slow - taking up to 20 minutes 17:07:36 #link https://bugzilla.redhat.com/show_bug.cgi?id=1770599 17:07:36 #link https://pagure.io/fedora-qa/blocker-review/issue/158 17:07:36 #info Proposed Freeze Exceptions, os-prober, ON_QA 17:08:07 #info we have +2 in the ticket from kparal and adamw 17:08:08 oh os-prober, how I loathe ye 17:08:20 i mean it's no dracut, but it's a strong contender 17:08:32 I just +1 FE in the ticket 17:08:52 +1 FE 17:09:01 oh dear 20 minutes? 17:09:04 what is it doing? 17:09:12 this is an old bug too 17:09:42 lots of runs of linux-prober 17:09:42 yeah, that usually makes the case for FE weaker, but in this case i'm still +1 because if you do have an affected config it sucks to sit around for 10-20 minutes during install 17:09:51 fixing it would be good, if we're confident the fix is safe 17:10:21 +1fe 17:10:35 +1fe 17:11:06 *shrug* +1fe 17:11:17 adamw: the fix in os-prober is a workaround for grub2-mount being terrible 17:11:31 proposed #agreed 1770599 - AcceptedFreezeException (Final) - this is a sensitive thing to touch, but the bug is pretty bad for affected folks. We think it makes sense to accept a fix if we're confident about its safety, to save affected folks from a 10-20 minute delay during install 17:11:37 ack 17:11:37 ack 17:11:47 ack 17:11:47 ack 17:13:54 #agreed 1770599 - AcceptedFreezeException (Final) - this is a sensitive thing to touch, but the bug is pretty bad for affected folks. We think it makes sense to accept a fix if we're confident about its safety, to save affected folks from a 10-20 minute delay during install 17:14:08 #topic Proposed Final blockers (redux) 17:14:14 #info circling back to the one we delayed earlier 17:14:24 * zbyszek is lurking 17:14:24 #topic (1886187) bcm283x-firmware-20200928-2.f0eab3a.fc33.aarch64 fails to boot on Raspberry Pi 3 Model B 17:14:24 #link https://bugzilla.redhat.com/show_bug.cgi?id=1886187 17:14:25 #link https://pagure.io/fedora-qa/blocker-review/issue/160 17:14:25 #info Proposed Blocker, bcm283x-firmware, ON_QA 17:14:29 coremodule, what'd you find out? 17:14:37 zbyszek: any particular bug you have an interest in? 17:15:00 the update does not work and causes the system to hang at a black screen upon boot 17:15:20 So I'm +1 blocker 17:15:24 and you reproduced the bug? 17:15:26 aye 17:15:28 +1 B 17:15:29 alrighty 17:15:50 Hello I am one of the guys effected by https://bugzilla.redhat.com/show_bug.cgi?id=1885479 and there is a misunderstanding, I haven't changed my password to trigger the issue, I actually have autologin enabled 17:15:56 adamw: 1880628, but afaik it won't be discussed today 17:16:41 proposed #agreed 1886187 - AcceptedBlocker (Final) - Raspberry Pis up to series 3 are on the ARM supported hardware list, and we have confirmation of the bug from coremodule, so accepting as a clear violation of Basic criterion "All release-blocking images must boot in their supported configurations" 17:16:48 +1 Blocker for bug 1886187 17:16:56 ack 17:16:58 ack 17:17:00 ack 17:17:02 ack 17:17:03 ack 17:17:14 #agreed 1886187 - AcceptedBlocker (Final) - Raspberry Pis up to series 3 are on the ARM supported hardware list, and we have confirmation of the bug from coremodule, so accepting as a clear violation of Basic criterion "All release-blocking images must boot in their supported configurations" 17:17:55 llgaz: seems like you and cmurf may have different issues 17:17:56 Ilgaz, has more info on 142 (google) 17:18:46 llgaz: can you do the stuff at https://wiki.gnome.org/Projects/GnomeOnlineAccounts/Debugging too and post your results? that should let us figure out if your issue is a different one 17:18:55 adamw: What bugs me is the rarity of the issue, I don't want to waste anyones time if it only effects me 17:19:08 i'd guess your case is more likely to do with which email address you use, rather than autologin 17:19:10 but debug info will help 17:19:21 adamw: I did https://bugzilla.redhat.com/show_bug.cgi?id=1885479#c11 17:19:39 ah, sorry, didn't see that. let me have a quick look 17:20:19 huh, it does look like the same error.. 17:20:52 I also used both ilgaz.nsa@gmail.com and ilgaz@fastmail.fm . When I tried logging on couple/triple times I could logon to google, I verified using google drive. That time, system complained about locked credentials 17:20:57 yeah it does 17:21:15 what i'm not sure is if the gnome-keyring is unlocked with autologin? 17:21:37 hmm...i mean, you'd think it should be 17:21:42 could stand further testing, i guess 17:21:44 *shrug* 17:22:01 a plausible experience is login the user to the environment but keep their keyring locked 17:22:07 afaik, keyring is not unlocked with autologin 17:22:21 (that would be an interesting security issue if it did) 17:22:23 because the keyring contains secrets 17:22:36 yeah i think so 17:22:49 in which case there should be a dialog asking for keyring access 17:22:51 but i mean, enabling autologin sort of implies you don't care about security... 17:23:05 not quite that far no :) 17:23:05 Could this have anything to do with logging it on a fresh install, use dnf -y update to update the system and rebooting? 17:23:10 but yeah, it seems plausible as a theory 17:23:17 in both cases the keyring isn't unlocked, for different reasons 17:23:25 and then https://gitlab.gnome.org/GNOME/libsecret/-/issues/7 means you don't get prompted to unlock it 17:23:43 Ilgaz: if you've never changed your password, but just have autologin enabled, then i think the working hypothesis that it's autologin related is valid 17:23:54 so, i've asked mcatanzaro and debarshi to comment in the bug 17:24:00 yep good 17:24:06 we can keep an eye on the developments and always re-vote once more if necessary 17:24:22 thanks for flagging it up, ilgaz 17:24:25 I have spare space and CPU , I can test with Autologin disabled fresh install? 17:24:31 sure, or test in a VM 17:24:38 probably easier that way 17:24:39 or just change one thing at a time 17:24:48 just disable autologin, does it now work? 17:25:33 for sure with a clean install it works, making no other changes to defaults 17:25:52 and still works following password change in User's panel 17:26:17 yeah, methodical testing like that will be useful 17:26:21 OK, let's follow that up in the bug 17:26:27 let's do a quick check in on... 17:26:33 #topic Accepted Final blockers 17:26:56 #topic (1884260) cheese creates invalid and extremely long video files, each app restart making them longer 17:26:56 #link https://bugzilla.redhat.com/show_bug.cgi?id=1884260 17:26:56 #link https://pagure.io/fedora-qa/blocker-review/issue/136 17:26:56 #info Accepted Blocker, cheese, ASSIGNED 17:27:23 #info this is waiting on a code fix, basically. nothing much we can do here unless someone wants to dive in and fix it 17:28:38 this might need some visibility that it's a blocker 17:29:19 yeah, i'll ping the desktop team 17:29:35 #action adamw to ping desktop team to see if they can help fix #1884260 17:29:47 #topic (1883681) [abrt] gnome-calendar: on_calendar_monitor_completed_cb(): gnome-calendar killed by SIGABRT 17:29:47 #link https://bugzilla.redhat.com/show_bug.cgi?id=1883681 17:29:47 #link https://pagure.io/fedora-qa/blocker-review/issue/156 17:29:47 #info Accepted Blocker, gnome-calendar, NEW 17:31:43 so this a abrt bug or calendar bug 17:32:37 calendar bug 17:32:50 there's an upstream issue and pull request for this, though the PR has a possible issue 17:32:54 i've just commented on the bug 17:33:08 same as the last one i think we should alert desktop team to this being an unfixed blocker, i can do that 17:33:25 #action adamw to ping desktop team to see if they can help fix #1883681 also 17:33:33 I am sorry but I need to go ... take care and have a nice day. 17:34:24 thanks lruzicka 17:34:37 #topic (1874117) 5.8.3-300.fc33.aarch64 kernel panic on boot (X-Gene PMU) 17:34:37 #link https://bugzilla.redhat.com/show_bug.cgi?id=1874117 17:34:37 #link https://pagure.io/fedora-qa/blocker-review/issue/145 17:34:38 #info Accepted Blocker, kernel, ON_QA 17:34:55 That was submitted for stable this morning 17:35:03 aha, indeed, was just checking 17:35:15 #info this is fixed and fix submitted for stable, should go out in the next stable push request 17:35:23 #topic (1882718) Server crashes after one connection attempt, all subsequent attempts will fail 17:35:23 #link https://bugzilla.redhat.com/show_bug.cgi?id=1882718 17:35:23 #link https://pagure.io/fedora-qa/blocker-review/issue/131 17:35:23 #info Accepted Blocker, libvncserver, ASSIGNED 17:35:32 #info jadahl and I are currently working on this one 17:35:38 cmurf: it is indeed related to auto login 17:36:07 I disabled auto login and now I can logon to google 17:36:35 Ilgaz: ok cool, update the bug with your finding - i suspect that in this case it should cause a dialog to authenticate+unlock the keyring and that's not happening for some reason 17:37:31 cmurf: the probable reason for that is https://gitlab.gnome.org/GNOME/libsecret/-/issues/7 i believe, someone linked that in the bug 17:38:10 gotcha 17:38:15 cmurf: so both paths wind up in the same place - whether because of changing password with passwd or using autologin, the keyring isn't unlocked on login, and then GNOME should prompt you to unlock it when needed but it doesn't because of that bug, i guess 17:38:29 yeah makes sense 17:38:30 (of course, the passwd change case is tricky because to unlock the keyring you'd have to enter the *old* password) 17:38:41 yep 17:38:43 i have this fun regularly when i change my account password with freeipa 17:39:04 you can actually fix it by going into seahorse and changing the keyring password to match the user password 17:40:00 I updated the bug with comment, thanks for all 17:40:46 yeah, i think we understand what's going on with that one better now 17:40:58 i'll add a comment after the meeting's done too and we can reconsider blocker status once more 17:41:25 so yeah, on 1882718, jadahl and I are going to throw a couple more crasher fixes at it after this meeting is done and see if that helps 17:41:45 #topic (1861700) login stuck when changing users repeatedly (log out, log in a different one) 17:41:45 #link https://bugzilla.redhat.com/show_bug.cgi?id=1861700 17:41:45 #link https://pagure.io/fedora-qa/blocker-review/issue/16 17:41:45 #info Accepted Blocker, sddm, ASSIGNED 17:43:06 so, this one. fun 17:43:28 we're still waiting on someone to do bberg's proposed fix 17:43:34 i guess i can try and do it if no-one else will 17:43:58 #info still waiting on someone to try bberg's proposed fix here 17:44:18 i was under the impression this is an F34 thing 17:44:32 as in, not enough time to get it fixed for f33 17:44:33 we waived it at beta 17:44:41 by policy if you waive a bug it goes to the next milestone 17:44:49 we can waive it again, if we *want* to. 17:45:20 it's hard to argue we don't have enough time to fix it if there's a suggested fix lying around that no-one tried to do yet. 17:45:27 spoiler alert: i am strongly leaning toward waiving it if we can't get a reasonable fix in by next monday's meeting :-) 17:46:14 #topic (1883609) Secure Boot fails to boot F33 Beta image 17:46:15 #link https://bugzilla.redhat.com/show_bug.cgi?id=1883609 17:46:15 #link https://pagure.io/fedora-qa/blocker-review/issue/135 17:46:15 #info Accepted Blocker, shim, NEW 17:46:23 ze mystery boog 17:47:00 i think kparal is going slowly insane 17:47:02 hey! Canadianish! 17:47:11 well he has two kids... 17:47:27 i mean, this bug is driving him slowly insane 17:47:28 so there's sleep deprevation on top of firmware joy 17:48:01 yeah well actually trying to understand problems can have that effect 17:48:50 this showed up as accepted blocker because of FESCo https://pagure.io/fesco/issue/2479 , but i think that may be wrong 17:48:59 see https://bugzilla.redhat.com/show_bug.cgi?id=1883609#c46 17:49:02 why 17:49:21 didn't we decide kparal's bug has nothing to do with the key revocation thing? 17:49:27 no? 17:49:35 okay now i'm going fastly insane 17:49:45 shhh calm down no one is on crazy pills 17:49:57 my reading indicates that it's because of revocation updates being applied somehow 17:50:01 kparal's issue is probably something else 17:50:17 neither bug 1883609 nor fesco#2479 17:50:44 this is why the two issues are related: https://bugzilla.redhat.com/show_bug.cgi?id=1883609#c38 17:51:03 so 1883609 is basically a blocker process placeholder for fesco#2479 17:51:09 oh, i see 17:51:14 so Alex is likely running into key revocation 17:51:20 but we don't know what the hell kamil has? 17:51:27 no idea 17:51:30 that's fakaked 17:51:46 because he def does not have a dbx at all, so the clear sB keys option in his firmware did work 17:51:52 yeah, Kamil's thing confuses me 17:52:03 his denial might be because there's not even a microsoft key present 17:52:12 okay, we should sort this bug out a bit, then 17:52:22 and then also it could be garbage collection related where some key is coming back from the dead 17:52:28 oh, that would make sense, actually 17:52:29 (which could be the microsoft key) 17:52:42 no registered keys should have the same impact as revoked keys 17:53:24 anything in dbx is revoked, but it's peculiar to say the least you can revoke a revocation list but that's also another discussion :) 17:53:52 summary of my weekend fireside chat on fedora-qa 17:54:05 Ubuntu 20.04 is not updating dbx at all 17:54:11 ^ISO 17:54:50 Ubuntu 20.04.1 ISO likewise is not updating dbx. There is a secureboot-db update for 20.04.1 that does update dbx to version 77, which is pre-BootHole 17:55:19 so I still don't know exactly what is applying the embargoed dbx 17:55:36 did we check to see if there's a secureboot-db update applied via snap? 17:55:42 we'd have to ask pjones what came of his meeting from last week, how wide the scope is 17:56:02 Eighth_Doctor: I didn't. I just did the recommended updates. 17:56:19 hmm 17:56:23 posted https://bugzilla.redhat.com/show_bug.cgi?id=1883609#c47 17:56:25 There could be other updates, and maybe that's how it sneaks in? Or maybe it's already turned off? I have no idea. 17:57:16 adamw: yeap 17:57:41 #info there's still a lot of confusion about who's running into what problem here, but it seems we're broadly treating this bug as being about a scenario where the Secure Boot key that our initial bootloader (shim) is signed with gets revoked somehow (due to the BootHole vulnerability) 17:58:19 #info FESCo has agreed to treat this problem as a FESCo blocker - https://pagure.io/fesco/issue/2479#comment-694834 - but stipulates that the resolution "does not necessarily have to be technical" 17:58:35 #info so we're broadly waiting on FESCo and pjones to decide what to do about this 17:58:47 cmurf: does that all sound right to you? 17:58:51 yessir 17:58:58 thanks, and thanks for working on it 17:59:40 okay, and that's all the bugs 17:59:43 #topic Open Floor 17:59:46 any other business, folks? 18:00:53 that secure boot blocker might get waived because it's actually inconvenient to sign old shim with a new key now; and have to resign it when new shim is ready 18:00:59 and new shim is ready in months 18:01:38 we don't know that it'll take months to resign 18:01:45 the fact we keep presuming it is extremely weird 18:01:48 so one thing fesco#2479 is about, is contingency for either reissuing images or i guess an alternative is fast tracking the next release 18:02:06 it doesn't take months to sign, maybe a couple weeks 18:02:26 there's an shim 15 (what we have now) and shim 16 is imminent but not done 18:02:41 so if we need newly signed shim now, it'd be shim 15 18:02:50 but then we'd have to resign shim 16 when it's ready 18:04:07 and pjones was hoping to avoid having to issue new-world keys with shim 15, and just do it all at once with shim 16 18:04:16 well yeah, we all hate working :P 18:04:46 but anyway, it's kinda above this meeting's pay grade 18:04:59 as long as someone is Working On It our purpose is served 18:05:10 Well, part of the problem is that the space used by key revocation is limited and expensive 18:05:21 yeah that too 18:05:45 So it's non-trivial to have extra, short-lived signatures. 18:05:52 Since their revocation will live forever. 18:06:00 the solution for which is Secure Boot 2.0, which has its own expense which is a ton of firmware updates 18:06:12 i think the solution is Yak Farm 1.0 18:06:13 a lot of which might not ever happen *shrug* 18:06:22 adamw you're on Yak Farm 3.0 18:06:30 or 13.0 18:06:36 the office in my yak farm is going to have a writing desk, a drawer full of envelopes, a really good pen and a filing cabinet 18:06:45 no electricity! 18:06:48 no internet! 18:06:50 electricity is fine 18:06:55 just no network connections 18:06:57 just go with fire 18:07:20 alrighty 18:07:24 thanks for coming, everyone 18:07:47 thanks 18:07:53 (Sorry for being late, but my Mondays are a solid wall of meetings from 8:30am to 2:00pm Eastern) 18:11:14 #endmeeting