15:04:44 #startmeeting RELENG (2021-06-01) 15:04:44 Meeting started Tue Jun 1 15:04:44 2021 UTC. 15:04:44 This meeting is logged and archived in a public location. 15:04:44 The chair is jednorozec. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:04:44 Useful Commands: #action #agreed #halp #info #idea #link #topic. 15:04:44 The meeting name has been set to 'releng_(2021-06-01)' 15:04:46 #meetingname releng 15:04:46 The meeting name has been set to 'releng' 15:04:48 #chair nirik sharkcz pbrobinson pingou mboddu dustymabe ksinny jednorozec 15:04:48 Current chairs: dustymabe jednorozec ksinny mboddu nirik pbrobinson pingou sharkcz 15:04:50 #topic init process 15:05:19 morning 15:07:12 morning 15:07:20 morning/afternoon, what has happened during the two weeks I was off? 15:08:10 you fixed all the tickets right? 15:10:08 yep. it's just sitting on the beach with umbrella drinks now. 15:14:19 * mboddu sorta following 15:14:21 I have a question to nirik for open floor, please ping me when we get to open floor 15:15:18 I have a number of items too. ;) 15:16:21 nirik, so I dont have anything. I am back from PTO after 14 days and didnt manage to get through all the mail yet 15:16:55 jednorozec: so, first thing: We got a Fedora Media Writer request while you were gone. ;( 15:17:10 can you train mboddu or me up on how to do the windows build/signing? 15:17:24 and/or document/update the sop 15:17:32 nirik, it should be doable by the SOP I think 15:17:35 let me re check 15:18:02 But after last time we got some changes merged upstream so it should be working according to the SOP 15:18:19 jednorozec: Its not up to date 15:18:51 * nirik has no windows here, but I could make a vm I suppose 15:18:58 mboddu, yes it is that is exactly what I am doing when signing it 15:19:23 nirik, you dont need it for building just to test if its signed properly 15:19:36 jednorozec: Where is the `CERTPASS` stored? 15:19:54 Also, after this meeting, can we go through it together on a video call? 15:20:18 (I have couple of questions to jednorozec as well) 15:21:11 mboddu, lets do the video tomorrow. before/after the CPE meeting 15:22:20 jednorozec: ack 15:22:43 the rest of things I had were more infrormational. 15:25:44 I can just fire off some infos if you like 15:25:45 ? 15:25:57 #info koji hubs upgraded to 1.25.0 15:26:26 #info most builders upgraded to Fedora 34. The rest to finish soon 15:27:12 I also figured out the problem I was seeing with sidetag cleanup. It was showing some old tags where people had removed the target... which prevents it from removing the sidetag. So I re-added targets to all those and deleted them. 15:28:24 ^ woot woot 15:29:19 I think that was mostly it... 15:30:50 nirik, nice job with the builders 15:31:08 I have build the media writer, uploading now 15:32:10 excellent thanks. 15:33:48 btw once the person have certificate, building and signing steps are up to date in the SOP 15:34:31 jednorozec: What about the CERTPASS? 15:34:47 mboddu, what do you mean? its env variable 15:34:51 Can you also update the SOP with the right file names? 15:35:04 jednorozec: Ohhh, I thought it is stored somewhere 15:35:09 mboddu, I dont understand 15:35:48 jednorozec: The SOP has: 15:35:51 Its env variable that is used by the upstream buildscripts. They pass the certs into nested build env 15:35:58 ```$ openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer 15:35:58 $ openssl pkcs12 -export -in certificate.cer -inkey authenticode.key -out authenticode.pfx -certfile CACert.cer;``` 15:36:15 yup that are the filenames expected by the build scripts 15:36:22 everything is as expected there 15:36:58 jednorozec: Huh, but in ansible private repo we have code-signing.* files 15:37:41 And it seems we dont have to convert them 15:38:28 hmm I just followed and updated the SOP. 15:38:47 As we have code-signing.crt which means we dont to run `$ openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer` 15:39:11 jednorozec: Okay, lets go over it tomorrow 15:39:13 mboddu, lets talk about this tomorrow. This is my first whole day behind computer after two weeks. Its exhausting... 15:39:27 jednorozec: Understandable :) 15:41:02 * nirik nods 15:42:11 shall we close it out then? or anything else ? 15:45:32 My open floor question to nirik ? 15:45:49 oh sure, shoot.... 15:45:49 nirik: You can escape me :P 15:46:29 nirik: What is the easiest way to disable koji/make it readonly? Making it not build anything for sometime 15:46:56 Remove targets+remove hosts from channels+remove hosts? 15:47:53 so, stop doing anything at all, but stay up? 15:48:40 just taking down the db will make it say it's offline 15:49:07 there's also some hub config to make it show an outage message and return offline (or return offline to all non admins) 15:50:08 ServerOffline, OfflineMessage and LockOut 15:51:47 Oh cool, I will take a look at them 15:51:56 That is all 15:52:08 One more quick question 15:52:21 "return offline" what do you mean? 15:52:50 When I set a message say "ServerOffline", it will be disabled as well and no need of taking down the db? 15:53:00 a ServerOffLine Fault on the xmlrpc endpoint. 15:53:18 ie, if you run a 'koji hello' it will return 'ServerOffLine' 15:53:24 or anything 15:54:13 nirik: Okay, I think that should do it, as people cant authenticate which means they cant submit the builds 15:54:14 I guess it just depends on what you want users to get... hang or error (possibly with message) 15:54:22 yeah 15:54:42 hang or error with some message is fine 15:55:01 Just disabling users to submit the builds with some message is all I want 15:56:22 yeah, ServerOffline = True, and OfflineMessage = "No builds for you" should work 15:57:01 * nirik needs more coffee. 15:57:39 Thanks nirik 15:58:17 I wish it is documented in koji docs :( 16:02:06 well, it's in the sample koji hub.conf... but yeah 16:02:25 #endmeeting