15:30:27 #startmeeting Pulp Triage 2021-01-05 15:30:27 #info dkliban has joined triage 15:30:27 !start 15:30:27 Meeting started Tue Jan 5 15:30:27 2021 UTC. The chair is dkliban. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:30:27 Useful Commands: #action #agreed #help #info #idea #link #topic. 15:30:27 The meeting name has been set to 'pulp_triage_2021-01-05' 15:30:27 dkliban: dkliban has joined triage 15:30:53 #info ggainey has joined triage 15:30:53 !here 15:30:53 ggainey: ggainey has joined triage 15:30:54 #info ppicka has joined triage 15:30:54 !here 15:30:54 ppicka: ppicka has joined triage 15:31:14 #info ttereshc has joined triage 15:31:14 !here 15:31:14 ttereshc: ttereshc has joined triage 15:31:24 I still don't see anything on the agenda for open floor. 15:31:32 Does anyone have any last minute options? 15:31:38 not I 15:31:43 oops ... s/options/topics/ 15:32:06 #info daviddavis has joined triage 15:32:06 !here 15:32:07 daviddavis: daviddavis has joined triage 15:32:08 not me 15:32:15 cool ... let's move into bug triage then 15:32:17 !next 15:32:18 #topic https://pulp.plan.io/issues/8035 15:32:18 dkliban: 5 issues left to triage: 8035, 8030, 8018, 8000, 7950 15:32:19 RM 8035 - daviddavis - NEW - pulp-oci-images uses EOL version of Fedora 15:32:20 https://pulp.plan.io/issues/8035 15:32:28 accept and add 15:32:49 or - should this be a task instead? 15:32:49 +1 15:32:55 we have a related issue that was to move the oci image to use CentOS stream 15:33:11 i believe that would resolve this issue as well 15:33:23 i am +1 to accepting and adding to the sprint 15:33:28 i'll mark the issues as related 15:33:32 +1 15:33:35 it's giong to be a problem soon 15:33:39 yus 15:33:40 once they remove f31 from https://quay.io/repository/fedora/fedora?tab=tags 15:33:53 moving to centos stream sounds good 15:34:01 yeah ... we will do this work very soon 15:34:05 +1 15:34:12 great 15:34:18 it should not be a big effort because centos stream now has all the packages we need 15:34:25 \o/ 15:34:46 * ggainey cheers wildly 15:34:46 #idea Proposed for #8035: accept and add to sprint 15:34:46 !propose other accept and add to sprint 15:34:46 dkliban: Proposed for #8035: accept and add to sprint 15:34:55 +1 15:35:14 +1 15:35:19 #agreed accept and add to sprint 15:35:19 !accept 15:35:19 dkliban: Current proposal accepted: accept and add to sprint 15:35:20 #topic https://pulp.plan.io/issues/8030 15:35:20 dkliban: 4 issues left to triage: 8030, 8018, 8000, 7950 15:35:21 RM 8030 - laugmanuel@gmail.com - NEW - pulpcore-manager does not find/read settings from PULP_SETTINGS 15:35:22 https://pulp.plan.io/issues/8030 15:35:45 note that they are using settings.yaml instead of settings.py which should work 15:35:51 not sure why it isn't 15:36:52 hmm 15:37:30 i believe this is a permissions problem 15:37:52 though i think we now produce a message when that is the case 15:38:04 hmm ok 15:38:15 actually, that's exactly what that error message says 15:38:43 settings.yaml seems to be readable for pulp group 15:38:49 dkliban: they're runnig as pulp, and settings.yaml is 640 15:38:51 yeah 15:38:57 hmmmmm 15:39:17 ok ... let's accept and add to sprint so someone investigates this 15:39:24 yeah, sounds good 15:39:34 he provided a lot of information here 15:39:36 +1 15:39:50 #idea Proposed for #8030: accept and add to sprint 15:39:50 !propose other accept and add to sprint 15:39:50 dkliban: Proposed for #8030: accept and add to sprint 15:39:54 +1 15:40:25 +1 15:40:28 #agreed accept and add to sprint 15:40:28 !accept 15:40:28 dkliban: Current proposal accepted: accept and add to sprint 15:40:29 dkliban: 3 issues left to triage: 8018, 8000, 7950 15:40:29 #topic https://pulp.plan.io/issues/8018 15:40:30 RM 8018 - mdellweg - POST - viewsets that are not guarded by rbac allow any user known to the system 15:40:31 https://pulp.plan.io/issues/8018 15:40:40 already has a PR - accept and add 15:40:58 +1 15:41:19 #idea Proposed for #8018: accept and add to sprint 15:41:19 !propose other accept and add to sprint 15:41:19 dkliban: Proposed for #8018: accept and add to sprint 15:41:30 +1 15:41:33 this is the one which requires feedback on the list 15:41:40 pulp-dev 15:41:42 yeah ... but we can accept the issue 15:41:46 sure 15:41:55 #agreed accept and add to sprint 15:41:55 !accept 15:41:55 dkliban: Current proposal accepted: accept and add to sprint 15:41:56 #topic https://pulp.plan.io/issues/8000 15:41:56 dkliban: 2 issues left to triage: 8000, 7950 15:41:57 RM 8000 - gw0101 - NEW - user improperly authenticated via valid cert 15:41:58 https://pulp.plan.io/issues/8000 15:42:09 this is a Pulp2 issue 15:42:27 * daviddavis flees under the cover of darkness 15:42:32 heh 15:42:43 lol 15:43:37 i don't want to fix this ... 15:43:53 so this involves cert-auth - is it not the case that apcahe-cert-auth handles cert-revocation? 15:44:01 is there a way to disable a session in pulp2? to remove an earlier validated cert 15:44:13 i have no idea 15:44:57 me either, alas 15:45:16 so what should we do about this issue? 15:45:56 so , two issues w/this issue - cert-revocation is the Right Way to handle this, not inside-pulp, and "Pulp2 is EOL and we're not fixing stuff like this", yeah? 15:46:30 yeah 15:46:32 yeah, that should do 15:46:43 ggainey: you want to do the honors? 15:46:46 hey wait 15:46:51 the cert-revocation I'm not as certain about, because I am not familiar with what pulp itself gives the user access to 15:46:51 hey ok .... 15:46:57 if I am reading this correctly, this is a serious problem 15:47:08 like it escalates the consumer's privledges? 15:47:39 yes it sounds like it however it's been there forever I guess 15:47:57 when you remove the user, they get the default privs which may be higher than their priv 15:48:36 yeah it does 15:49:17 hm 15:49:24 daviddavis: this is a really good point 15:49:25 alas 15:49:26 :) 15:50:02 does this affect all pulp 2 releases? 15:50:09 or 2.21+ 15:50:16 i am guessing all 15:50:24 this has not changed in years 15:50:32 since whenever auth-by-cert was introduced 15:51:00 yea 15:51:39 I recognize that no one has time to work on this 15:51:43 so I am not sure what to do 15:51:52 so are we talking about the consumer-cert? as described here ? https://docs.pulpproject.org/en/2.21/user-guide/consumer-client/register.html#pre-registration-authentication 15:52:32 i think he is talking about users 15:52:42 even though he uses the term consumer 15:52:46 REST API user 15:52:50 yeah, hence my confusion 15:54:28 I vote we skip for now and get more opinions 15:54:34 yeah ok 15:55:05 so it sounds like we need to accept and investigate 15:55:18 as I'm still a little unclear on exactly what's going on here - other than "I don't like it", whatever it is :) 15:55:47 dkliban: I think that's correct, it's a problem and we need to at least look into it 15:55:59 +1 to skip, and there is not much apart from the post request https://docs.pulpproject.org/en/2.21/dev-guide/integration/rest-api/authentication.html 15:56:28 ttereshc: ah! this is *exactly* what I needed, thank you! 15:56:35 I don't see a way to sign out 15:57:13 so should we add to the sprin? 15:57:21 yeah, let's add 15:57:40 +1 15:57:52 #idea Proposed for #8000: accept and add to sprint 15:57:52 !propose other accept and add to sprint 15:57:52 dkliban: Proposed for #8000: accept and add to sprint 15:58:24 +1 15:58:32 #agreed accept and add to sprint 15:58:32 !accept 15:58:32 dkliban: Current proposal accepted: accept and add to sprint 15:58:33 dkliban: 1 issues left to triage: 7950 15:58:33 #topic https://pulp.plan.io/issues/7950 15:58:34 RM 7950 - newswangerd - NEW - Backport 7912 15:58:35 https://pulp.plan.io/issues/7950 15:58:49 this is waiting on the bugfix 15:58:55 so we keep skipping it 15:58:59 let's skip again 15:59:04 +1 15:59:08 +1 15:59:13 !skip 15:59:14 dkliban: No issues to triage. 15:59:41 awesome! thank you all for your time! 15:59:49 #endmeeting 15:59:49 !end