15:04:44 <jednorozec> #startmeeting RELENG (2021-06-01) 15:04:44 <zodbot> Meeting started Tue Jun 1 15:04:44 2021 UTC. 15:04:44 <zodbot> This meeting is logged and archived in a public location. 15:04:44 <zodbot> The chair is jednorozec. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:04:44 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 15:04:44 <zodbot> The meeting name has been set to 'releng_(2021-06-01)' 15:04:46 <jednorozec> #meetingname releng 15:04:46 <zodbot> The meeting name has been set to 'releng' 15:04:48 <jednorozec> #chair nirik sharkcz pbrobinson pingou mboddu dustymabe ksinny jednorozec 15:04:48 <zodbot> Current chairs: dustymabe jednorozec ksinny mboddu nirik pbrobinson pingou sharkcz 15:04:50 <jednorozec> #topic init process 15:05:19 <nirik> morning 15:07:12 <andi89gi> morning 15:07:20 <jednorozec> morning/afternoon, what has happened during the two weeks I was off? 15:08:10 <jednorozec> you fixed all the tickets right? 15:10:08 <nirik> yep. it's just sitting on the beach with umbrella drinks now. 15:14:19 * mboddu sorta following 15:14:21 <mboddu> I have a question to nirik for open floor, please ping me when we get to open floor 15:15:18 <nirik> I have a number of items too. ;) 15:16:21 <jednorozec> nirik, so I dont have anything. I am back from PTO after 14 days and didnt manage to get through all the mail yet 15:16:55 <nirik> jednorozec: so, first thing: We got a Fedora Media Writer request while you were gone. ;( 15:17:10 <nirik> can you train mboddu or me up on how to do the windows build/signing? 15:17:24 <nirik> and/or document/update the sop 15:17:32 <jednorozec> nirik, it should be doable by the SOP I think 15:17:35 <jednorozec> let me re check 15:18:02 <jednorozec> But after last time we got some changes merged upstream so it should be working according to the SOP 15:18:19 <mboddu> jednorozec: Its not up to date 15:18:51 * nirik has no windows here, but I could make a vm I suppose 15:18:58 <jednorozec> mboddu, yes it is that is exactly what I am doing when signing it 15:19:23 <jednorozec> nirik, you dont need it for building just to test if its signed properly 15:19:36 <mboddu> jednorozec: Where is the `CERTPASS` stored? 15:19:54 <mboddu> Also, after this meeting, can we go through it together on a video call? 15:20:18 <mboddu> (I have couple of questions to jednorozec as well) 15:21:11 <jednorozec> mboddu, lets do the video tomorrow. before/after the CPE meeting 15:22:20 <mboddu> jednorozec: ack 15:22:43 <nirik> the rest of things I had were more infrormational. 15:25:44 <nirik> I can just fire off some infos if you like 15:25:45 <nirik> ? 15:25:57 <nirik> #info koji hubs upgraded to 1.25.0 15:26:26 <nirik> #info most builders upgraded to Fedora 34. The rest to finish soon 15:27:12 <nirik> I also figured out the problem I was seeing with sidetag cleanup. It was showing some old tags where people had removed the target... which prevents it from removing the sidetag. So I re-added targets to all those and deleted them. 15:28:24 <mboddu> ^ woot woot 15:29:19 <nirik> I think that was mostly it... 15:30:50 <jednorozec> nirik, nice job with the builders 15:31:08 <jednorozec> I have build the media writer, uploading now 15:32:10 <nirik> excellent thanks. 15:33:48 <jednorozec> btw once the person have certificate, building and signing steps are up to date in the SOP 15:34:31 <mboddu> jednorozec: What about the CERTPASS? 15:34:47 <jednorozec> mboddu, what do you mean? its env variable 15:34:51 <mboddu> Can you also update the SOP with the right file names? 15:35:04 <mboddu> jednorozec: Ohhh, I thought it is stored somewhere 15:35:09 <jednorozec> mboddu, I dont understand 15:35:48 <mboddu> jednorozec: The SOP has: 15:35:51 <jednorozec> Its env variable that is used by the upstream buildscripts. They pass the certs into nested build env 15:35:58 <mboddu> ```$ openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer 15:35:58 <mboddu> $ openssl pkcs12 -export -in certificate.cer -inkey authenticode.key -out authenticode.pfx -certfile CACert.cer;``` 15:36:15 <jednorozec> yup that are the filenames expected by the build scripts 15:36:22 <jednorozec> everything is as expected there 15:36:58 <mboddu> jednorozec: Huh, but in ansible private repo we have code-signing.* files 15:37:41 <mboddu> And it seems we dont have to convert them 15:38:28 <jednorozec> hmm I just followed and updated the SOP. 15:38:47 <mboddu> As we have code-signing.crt which means we dont to run `$ openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer` 15:39:11 <mboddu> jednorozec: Okay, lets go over it tomorrow 15:39:13 <jednorozec> mboddu, lets talk about this tomorrow. This is my first whole day behind computer after two weeks. Its exhausting... 15:39:27 <mboddu> jednorozec: Understandable :) 15:41:02 * nirik nods 15:42:11 <nirik> shall we close it out then? or anything else ? 15:45:32 <mboddu> My open floor question to nirik ? 15:45:49 <nirik> oh sure, shoot.... 15:45:49 <mboddu> nirik: You can escape me :P 15:46:29 <mboddu> nirik: What is the easiest way to disable koji/make it readonly? Making it not build anything for sometime 15:46:56 <mboddu> Remove targets+remove hosts from channels+remove hosts? 15:47:53 <nirik> so, stop doing anything at all, but stay up? 15:48:40 <nirik> just taking down the db will make it say it's offline 15:49:07 <nirik> there's also some hub config to make it show an outage message and return offline (or return offline to all non admins) 15:50:08 <nirik> ServerOffline, OfflineMessage and LockOut 15:51:47 <mboddu> Oh cool, I will take a look at them 15:51:56 <mboddu> That is all 15:52:08 <mboddu> One more quick question 15:52:21 <mboddu> "return offline" what do you mean? 15:52:50 <mboddu> When I set a message say "ServerOffline", it will be disabled as well and no need of taking down the db? 15:53:00 <nirik> a ServerOffLine Fault on the xmlrpc endpoint. 15:53:18 <nirik> ie, if you run a 'koji hello' it will return 'ServerOffLine' 15:53:24 <nirik> or anything 15:54:13 <mboddu> nirik: Okay, I think that should do it, as people cant authenticate which means they cant submit the builds 15:54:14 <nirik> I guess it just depends on what you want users to get... hang or error (possibly with message) 15:54:22 <nirik> yeah 15:54:42 <mboddu> hang or error with some message is fine 15:55:01 <mboddu> Just disabling users to submit the builds with some message is all I want 15:56:22 <nirik> yeah, ServerOffline = True, and OfflineMessage = "No builds for you" should work 15:57:01 * nirik needs more coffee. 15:57:39 <mboddu> Thanks nirik 15:58:17 <mboddu> I wish it is documented in koji docs :( 16:02:06 <nirik> well, it's in the sample koji hub.conf... but yeah 16:02:25 <jednorozec> #endmeeting