#fedora-meeting-3 log

15:04:44 <jednorozec> #startmeeting RELENG (2021-06-01)
15:04:44 <zodbot> Meeting started Tue Jun  1 15:04:44 2021 UTC.
15:04:44 <zodbot> This meeting is logged and archived in a public location.
15:04:44 <zodbot> The chair is jednorozec. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:04:44 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
15:04:44 <zodbot> The meeting name has been set to 'releng_(2021-06-01)'
15:04:46 <jednorozec> #meetingname releng
15:04:46 <zodbot> The meeting name has been set to 'releng'
15:04:48 <jednorozec> #chair nirik sharkcz pbrobinson pingou mboddu dustymabe ksinny jednorozec
15:04:48 <zodbot> Current chairs: dustymabe jednorozec ksinny mboddu nirik pbrobinson pingou sharkcz
15:04:50 <jednorozec> #topic init process
15:05:19 <nirik> morning
15:07:12 <andi89gi> morning
15:07:20 <jednorozec> morning/afternoon, what has happened during the two weeks I was off?
15:08:10 <jednorozec> you fixed all the tickets right?
15:10:08 <nirik> yep. it's just sitting on the beach with umbrella drinks now.
15:14:19 * mboddu sorta following
15:14:21 <mboddu> I have a question to nirik for open floor, please ping me when we get to open floor
15:15:18 <nirik> I have a number of items too. ;)
15:16:21 <jednorozec> nirik, so I dont have anything. I am back from PTO after 14 days and didnt manage to get through all the mail yet
15:16:55 <nirik> jednorozec: so, first thing: We got a Fedora Media Writer request while you were gone. ;(
15:17:10 <nirik> can you train mboddu or me up on how to do the windows build/signing?
15:17:24 <nirik> and/or document/update the sop
15:17:32 <jednorozec> nirik, it should be doable by the SOP I think
15:17:35 <jednorozec> let me re check
15:18:02 <jednorozec> But after last time we got some changes merged upstream so it should be working according to the SOP
15:18:19 <mboddu> jednorozec: Its not up to date
15:18:51 * nirik has no windows here, but I could make a vm I suppose
15:18:58 <jednorozec> mboddu, yes it is that is exactly what I am doing when signing it
15:19:23 <jednorozec> nirik, you dont need it for building just to test if its signed properly
15:19:36 <mboddu> jednorozec: Where is the `CERTPASS` stored?
15:19:54 <mboddu> Also, after this meeting, can we go through it together on a video call?
15:20:18 <mboddu> (I have couple of questions to jednorozec as well)
15:21:11 <jednorozec> mboddu, lets do the video tomorrow. before/after the CPE meeting
15:22:20 <mboddu> jednorozec: ack
15:22:43 <nirik> the rest of things I had were more infrormational.
15:25:44 <nirik> I can just fire off some infos if you like
15:25:45 <nirik> ?
15:25:57 <nirik> #info koji hubs upgraded to 1.25.0
15:26:26 <nirik> #info most builders upgraded to Fedora 34. The rest to finish soon
15:27:12 <nirik> I also figured out the problem I was seeing with sidetag cleanup. It was showing some old tags where people had removed the target... which prevents it from removing the sidetag. So I re-added targets to all those and deleted them.
15:28:24 <mboddu> ^ woot woot
15:29:19 <nirik> I think that was mostly it...
15:30:50 <jednorozec> nirik, nice job with the builders
15:31:08 <jednorozec> I have build the media writer, uploading now
15:32:10 <nirik> excellent thanks.
15:33:48 <jednorozec> btw once the person have certificate, building and signing steps are up to date in the SOP
15:34:31 <mboddu> jednorozec: What about the CERTPASS?
15:34:47 <jednorozec> mboddu, what do you mean? its env variable
15:34:51 <mboddu> Can you also update the SOP with the right file names?
15:35:04 <mboddu> jednorozec: Ohhh, I thought it is stored somewhere
15:35:09 <jednorozec> mboddu, I dont understand
15:35:48 <mboddu> jednorozec: The SOP has:
15:35:51 <jednorozec> Its env variable that is used by the upstream buildscripts. They pass the certs into nested build env
15:35:58 <mboddu> ```$ openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
15:35:58 <mboddu> $ openssl pkcs12 -export -in certificate.cer -inkey authenticode.key -out authenticode.pfx -certfile CACert.cer;```
15:36:15 <jednorozec> yup that are the filenames expected by the build scripts
15:36:22 <jednorozec> everything is as expected there
15:36:58 <mboddu> jednorozec: Huh, but in ansible private repo we have code-signing.* files
15:37:41 <mboddu> And it seems we dont have to convert them
15:38:28 <jednorozec> hmm I just followed and updated the SOP.
15:38:47 <mboddu> As we have code-signing.crt which means we dont to run `$ openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer`
15:39:11 <mboddu> jednorozec: Okay, lets go over it tomorrow
15:39:13 <jednorozec> mboddu, lets talk about this tomorrow. This is my first whole day behind computer after two weeks. Its exhausting...
15:39:27 <mboddu> jednorozec: Understandable :)
15:41:02 * nirik nods
15:42:11 <nirik> shall we close it out then? or anything else ?
15:45:32 <mboddu> My open floor question to nirik ?
15:45:49 <nirik> oh sure, shoot....
15:45:49 <mboddu> nirik: You can escape me :P
15:46:29 <mboddu> nirik: What is the easiest way to disable koji/make it readonly? Making it not build anything for sometime
15:46:56 <mboddu> Remove targets+remove hosts from channels+remove hosts?
15:47:53 <nirik> so, stop doing anything at all, but stay up?
15:48:40 <nirik> just taking down the db will make it say it's offline
15:49:07 <nirik> there's also some hub config to make it show an outage message and return offline (or return offline to all non admins)
15:50:08 <nirik> ServerOffline, OfflineMessage and LockOut
15:51:47 <mboddu> Oh cool, I will take a look at them
15:51:56 <mboddu> That is all
15:52:08 <mboddu> One more quick question
15:52:21 <mboddu> "return offline" what do you mean?
15:52:50 <mboddu> When I set a message say "ServerOffline", it will be disabled as well and no need of taking down the db?
15:53:00 <nirik> a ServerOffLine Fault on the xmlrpc endpoint.
15:53:18 <nirik> ie, if you run a 'koji hello' it will return 'ServerOffLine'
15:53:24 <nirik> or anything
15:54:13 <mboddu> nirik: Okay, I think that should do it, as people cant authenticate which means they cant submit the builds
15:54:14 <nirik> I guess it just depends on what you want users to get... hang or error (possibly with message)
15:54:22 <nirik> yeah
15:54:42 <mboddu> hang or error with some message is fine
15:55:01 <mboddu> Just disabling users to submit the builds with some message is all I want
15:56:22 <nirik> yeah, ServerOffline = True, and OfflineMessage = "No builds for you" should work
15:57:01 * nirik needs more coffee.
15:57:39 <mboddu> Thanks nirik
15:58:17 <mboddu> I wish it is documented in koji docs :(
16:02:06 <nirik> well, it's in the sample koji hub.conf... but yeah
16:02:25 <jednorozec> #endmeeting