Wednesday, 2023-10-04

« Tuesday, 2023-10-03 Index Thursday, 2023-10-05 »
opendevreviewClark Boylan proposed opendev/system-config master: Update our base container images  https://review.opendev.org/c/opendev/system-config/+/89727000:04
opendevreviewMerged opendev/system-config master: Update our base container images  https://review.opendev.org/c/opendev/system-config/+/89727001:20
tonybWhat clarkb: Whay add the 'dist-upgrade' ?? in ^^ was something missing in the update?  I don't have a problem with it just curious01:34
tonybWow, english seems to be hard for me today01:35
opendevreviewOpenStack Proposal Bot proposed openstack/project-config master: Normalize projects.yaml  https://review.opendev.org/c/openstack/project-config/+/89727302:14
fricklerdiablo_rojo: ack, so far it looks good, will try to move other sessions around that. just please move it to use meetpad instead of zoom04:38
NeilHanlonx-post here for visibility -- https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt12:03
fungiyep, been keeping an eye on package updates. working on triggering new debian-based container images12:04
fungiubuntu packages for the servers shouldn't be far behind12:04
fungihttp://changelogs.ubuntu.com/changelogs/pool/main/g/glibc/glibc_2.35-0ubuntu3.4/changelog12:05
fungithat's already in jammy-updates12:05
fungi2023-10-04 06:10:57 status installed libc-bin:amd64 2.35-0ubuntu3.412:06
fungifrom the dpkg.log on one of our servers i happened to be logged into already12:06
fungiif only the exim/libspf2 vulnerabilities had been coordinated this well12:07
opendevreviewdaniel.pawlik proposed zuul/zuul-jobs master: Add workaround for resolving DNS hostname in pod; add dns test  https://review.opendev.org/c/zuul/zuul-jobs/+/89664612:11
NeilHanlonfungi: one can only hope the coordination continues to get better :) 12:13
fungiyup12:13
NeilHanlonfwiw rocky has a mitigation for rocky 9 in our sig/security repository12:13
NeilHanlonhttps://git.rockylinux.org/sig/security/src/glibc/-/blob/1bb322095e1c0589ded0aa93cf58afb54db2bcee/SOURCES/glibc-owl-alt-sanitize-env.patch12:14
funginoticing the "owl" in there. i saw the post solar made to oss-security about working with rocky, that's awesome12:14
NeilHanlonyeah i'm pretty excited by it12:15
opendevreviewdaniel.pawlik proposed zuul/zuul-jobs master: Add feature to set --vm-driver name for minikube  https://review.opendev.org/c/zuul/zuul-jobs/+/89475512:25
fungiand i guess the next big preannounced vulnerability is for curl/libcurl, details coming one week from today12:32
opendevreviewMichal Nasiadka proposed openstack/project-config master: Add nested-virt-debian-bookworm  https://review.opendev.org/c/openstack/project-config/+/89733112:47
opendevreviewdaniel.pawlik proposed zuul/zuul-jobs master: DNM Add workaround for unqualified-search in Minikube  https://review.opendev.org/c/zuul/zuul-jobs/+/89733714:18
clarkbI'm going to stop nodepool-builder on nb04 again (the hourly job restarted it at some point) and then reboot the server. My file deletions compelted and we do have some successful builds now. I want to reboot for completeness15:17
clarkb#status log Cleared /opt/dib_tmp on nb04 and rebooted the server to reset mounts. This should fix arm64 image builds15:22
opendevstatusclarkb: finished logging15:22
opendevreviewClark Boylan proposed opendev/system-config master: Fix python-builder container image system updates  https://review.opendev.org/c/opendev/system-config/+/89734215:34
fungiyay, ubuntu got exim fixes pushed out for jammy and focal! i've gone ahead and forced an upgrade of those on the listservs, since they're the places we accept incoming smtp15:49
clarkbthe latest openssh release switches ssh-keygen to produce ed25519 keys by default16:06
clarkbthat seems like a good indication we should probably just cave into the new key type16:06
clarkbinfra-root if you have time for https://review.opendev.org/c/opendev/system-config/+/897342 it should be a quite review19:25
clarkbI want to make sure that is in sync across the base images19:25
clarkbthe arm64 images seem to building successfully very slowly20:25
clarkbI've gone ahead and approved https://review.opendev.org/c/opendev/system-config/+/897342 since it is a small cleanup21:24
clarkbtomorrow morning I've got the gerrit community meeting and then a dentist appointment21:25
clarkbAfterwards it might be a good time to land https://review.opendev.org/c/opendev/system-config/+/897244 and upgrade gitea if reviewers are happy with it21:25
clarkbre etherpad upgrade the more I think about it the more I'm happy waiting for the PTG to finish first. It seems likely people will hit cache problems post upgrade and avoiding that during the PTG is worthwhile. If the new versions were more important I'd say oh well but the updates seem minimal21:38
opendevreviewVladimir Kozhukalov proposed openstack/project-config master: Add Allow-Post-Review to openstack-helm-core group  https://review.opendev.org/c/openstack/project-config/+/89736621:51
opendevreviewVladimir Kozhukalov proposed openstack/project-config master: Add Allow-Post-Review to openstack-helm-core group  https://review.opendev.org/c/openstack/project-config/+/89736621:53
clarkbany idea if ^ use the standard jobs for uploading to docker hub? It might be a better use of time/effort to move to proven tools than go back and forth on something else if not21:53
fungiclarkb: kozhukalov is in #openstack-infra if you want to re-ask there21:58
clarkback21:59
opendevreviewMerged opendev/system-config master: Fix python-builder container image system updates  https://review.opendev.org/c/opendev/system-config/+/89734222:17
opendevreviewVladimir Kozhukalov proposed openstack/project-config master: Add Allow-Post-Review to openstack-helm-core group  https://review.opendev.org/c/openstack/project-config/+/89736622:30
« Tuesday, 2023-10-03 Index Thursday, 2023-10-05 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!