On 24/04/19 3:30 am, Sam Hartman wrote: >>>>>> "Sunil" == Sunil Mohan Adapa <sunil@medhas.org> writes: > > Sunil> On 23/04/19 3:44 am, Ivo De Decker wrote: > >> Hi, > > > Sunil> However, there were still issues that we felt needed fixing > Sunil> for a stable release. Some of these fixes are workarounds for > Sunil> issues that were not fixed in other packages (such as #919517 > Sunil> and smooth upgrade failures in other packages). > > Sunil> Pretty much all the changes between 19.1 and 19.2 (version > Sunil> increment is because freedombox is a native package) were > Sunil> focused on Buster release during which we were not adding > Sunil> extra features. > > I'm speaking as an individual who has been following freedombox in the > background for years and who has had to make decisions like what the > release team does in other projects. I'm *not* speaking as the DPL even > a little bit. And even if you follow my recommendations here, the RT > might be more conservative than you hope for. > > > In order to maximize the number of changes that can get in between 19.1 > and 19.2, I recommend that you spend some time to make the release > team's job easier. > > > I'd recommend going through each commit, explaining why it meets the > release guidelines. > > If it doesn't and you want to argue for an exception, be clear about why > that specific change is safe. As an example, if one of your functional > tests covers it, say that. > > Your job is to make sure that the release team can easily see in one > place why the change is worth the risk and that you've thought about it > explicitly and considered the option of dropping that change. > > And you probably will find changes that it's better to drop. > Regardless of whether you missed the deadline by hours or whatever, > we're talking about this issue now not then. There's less time between > now and the buster release than there was back in March, and that means > the risks are higher. And so in arguing for a change you need to > account for that increased risk. > > And because the RT has a lot of work to do you need to make it easy for > them. They are going to have to review each change, so you'd better do > that first:-) > > As an example, from your original bug: > > - Upgrade changes: Complementary to unattened-upgrades, assist > non-technical > FreedomBox users to automatically upgrade from older versions of > bind, > tt-rss, firewalld, libpam-modules, and openvpn. This helps users > migrating > from Stretch. Another change was to avoid a conffile prompt within > FreedomBox itself to ease future upgrades. > > This sounds like an important bug: you ran upgrade testing from stretch > and ran into an issue that impacted users. > If there's not a bug number, you want one probably. If there is, make > sure it's marked important and it's clear why. > Thank you for taking the time to explain how to assist release team with the process. I didn't do a good job of justifying the changes first time. No matter the outcome, I regret putting extra burden on release team at a time when every is working hard for and anticipating Buster. Below I attempt to review and explain each change between 19.1 and 19.2 so that it may become easier for release team to review each change individually. https://salsa.debian.org/freedombox-team/plinth/commits/v19.2 Changes to documentation ------------------------ - These changes can be considered during full freeze as per freeze policy. - FreedomBox documentation appears to users directly in the web interface. - List includes changes to copyright messages and the machine readable copyright files. These changes have extremely slim chances to break the functionality and have been tested well. 8ae99fad doc: Fetch manual from wiki 7c01585f debian/copyright: Fix filename for tahoe-lafs logo 0a1a0cd1 debian/copyright: Update copyright for logos 06d1b167 debian/copyright: Add license text for CC-BY-SA-3.0 1e48a64d debian/copyright: Add license text for GPL-2 and GPL-3 f5c85471 debian/copyright: Add license text for public-domain a4fdf3f7 debian/copyright: Add full text for AGPL-3+ 130102e1 debian/copyright: Minor fixes e4e37992 debian/copyright: Move some more app icons from LICENSES a1d13029 debian/copyright: Include some URLs dropped from LICENSES 2297defe debian/copyright: Move more app icons from LICENSES 990c2446 debian/copyright: Fix typo in year f2b45ea1 debian/copyright: Move some app icons from LICENSES 7b0957d7 debian/copyright: Remove unnecessary fields for native package d4b4d1e2 debian/copyright: Move all license texts to end 4e5b1f34 debian: Add copyright info for theme images 44dd3c0e LICENSES: Remove files that are same license as rest of the source 354b0ca7 LICENSES: Add reference to debian/copyright 2202439a debian: Add copyright info for individual logo files 5b9b1cbf debian: Add copyright info for lato fonts adb08df5 debian: Add copyright years for debian/* fbc2ff61 Fix some paths in LICENSES de62a326 Add 2019 to copyright years 4fa1e2ab static: Remove unused files The following single change is related to documentation but is actually a change in the build process that generates the documentation. We have since tested the output documentation in PDF form and in HTML form as it appears in the web interface. There were no breakages due to this trival change. bc6ce14c docs: Fix deprecation warnings in post-processor Changes to Translations ----------------------- - These changes can be considered during full freeze as per freeze policy. - Most translations are done by translators via Weblate web interface. af33d861 locale: Update translations strings 4df3f10e Translated using Weblate (Norwegian Bokmål) 70cb3d46 Translated using Weblate (Hungarian) 8fe73336 Translated using Weblate (Telugu) 43501335 Translated using Weblate (Telugu) fb685ae1 Translated using Weblate (German) c530c032 Translated using Weblate (Hungarian) fb7ac32a Translated using Weblate (Spanish) e0b9feaa Translated using Weblate (Norwegian Bokmål) 66e08217 Translated using Weblate (Hungarian) 256ef966 Translated using Weblate (Hungarian) 2ea5f83f Translated using Weblate (Czech) Change to address firewalld bug #919517 --------------------------------------- - Without this workaround, anyone installing OpenVPN via FreedomBox will run into catastrophic failure of firewalld leading to security implications. - We submitted a backported fix on the Debian bug (severity: important) in January and waited for it to be applied. f5242193 openvpn: Work around firewalld bug 919517 Changes to address coquelicot bug #923307 ----------------------------------------- - This issue breaks the fundamental functionality of the application (severity: serious). So FreedomBox disabled the application for Buster release. This change is minimal and is not likely to cause breakages in any other functionality. 241d3a98 Disable Coquelicot for Buster release Changes to fix backup/restore issue ----------------------------------- https://salsa.debian.org/freedombox-team/plinth/issues/1448 - This issue causes a "502 proxy error" in the middle of the restore process. For Buster release, we wanted people to be able to backup from a trial machine (or cloud instance) and restore on a machine properly hosted at home to get better legal protection. Hence, this is an important bug to fix. - This bug was because during restore process, we were installing applications which could restart Apache and break the current connection with the user. The fix was to ensure that all necessary modules are pre-enabled so that Apache is never restarted. We have functional tests that check that all the applications are installable after the change. We also have functional tests to ensure that backup/restore functionality for these applications is working as expected. 7862325b apache: Increment app version number 7bdf47ee apache: Use cgid module instead of cgi 3af207a4 sso: Pre-enable necessary apache modules 33f54089 ikiwiki: Pre-enable necessary apache modules cf06aa3d letsencrypt: Pre-enable necessary apache modules c50e322c radicale, searx: Pre-enable necessary apache modules 3c420c14 cockpit: Pre-enable necessary apache modules Changes for upgrade handling for easy-rsa ----------------------------------------- https://salsa.debian.org/freedombox-team/plinth/issues/1481 - Sometime between Stretch and Buster, the easy-rsa package upgraded from version 2 to version 3. The way easy-rsa is used to manage CA setup needed for OpenVPN, this was a backward incompatible change for existing setups. However, this may not strictly be a bug in easy-rsa as it is only meant to generate cert files. - We fixed this by implementing migration from easy-rsa 2 to easy-rsa 3. This migrates the paths of the certificate files and sets proper configuration in OpenVPN. b8d4b55c openvpn: Make frontpage shortcut appear after an upgrade 117c3d75 openvpn: Fix issues with upgrade easy-rsa 2 to 3 migration 0457f34c openvpn: Increment version number for easy-rsa 3 migration 544c317c openvpn: Migration from easy-rsa 2 to 3 for existing installations Changes for upgrade handling for packages with conffile prompts --------------------------------------------------------------- When some packages are upgraded from Stretch (or in some cases later), they cause a configuration file prompt that requires manual intervention. Sometimes these changes are merely because more documentation is provided in a configuration file or because packages don't implement falling back to default value when a new configuration value is missing in the old configuration file. This may be acceptable for system administrators who manually upgrade their packages (unattended-upgrades refuses to upgrade such packages). People maintaining large number of machines find it annoying when the prompt is for trivial reasons. AFAIK, Debian does not have a policy against conffile prompts. As for FreedomBox, this is a deal breaker. We are attempting to build home servers for people without technical expertise. Showing technical terms, configuration files, or diffs is not workable. Due to the nature of the problem we felt that these issues would not be treated as bugs except in the context of FreedomBox (we did file some issues when relevant asking/implementing of debconf configuration mechanisms etc.) After dodging the problem for many years using split configuration files and using debconf for editing configuration, etc. we have finally implemented a workable (but not ideal) strategy for upgrading the remaining packages. The proposal is in line with the goal of treating FreedomBox as automatic administrator for all technical decisions to be made by the user. https://salsa.debian.org/freedombox-team/plinth/issues/1483 These changes are important to ensure that people upgrade properly to Buster. tt-rss: https://salsa.debian.org/freedombox-team/plinth/issues/1515 bd20b657 ttrss: Implement upgrade from 17.4 to 18.12 0dea9e80 ttrss: Make setup process reusable firewalld: https://salsa.debian.org/freedombox-team/plinth/issues/1367 2f0bc292 firewalld: Implement upgrading from 0.4.x to 0.6.x bind: https://salsa.debian.org/freedombox-team/plinth/issues/1246 d51a2b68 bind: Handle conffile prompt during upgrade libpam-runtime: https://salsa.debian.org/freedombox-team/plinth/issues/1504 7ee48da2 security: Migrate access config to new file Framework for handling conffile prompts: https://salsa.debian.org/freedombox-team/plinth/issues/1483 ec68eb3d setup: Make additional info available for force upgrading ebca76b2 utils: Introduce abstraction over distutils comparison of versions 3d57feac setup: Pass better data structure for force upgrade operation 871215ab setup: Rush force upgrade in development mode 16252a10 setup: Trigger force upgrade for app that implement it c8b2ba8c package: Helper method to filter packages that need conffile prompt 5b4aa1cd package: Implement identifying packages that need conffile prompts f0333625 setup: Filter packages to force upgrade d0420263 setup: Abstraction for getting managing packages of a module 2df02b05 dbus: Add new module for D-Bus services 94255806 web_server: Move shutdown handling to main Changes for upgrade handling of FreedomBox itself ------------------------------------------------- https://salsa.debian.org/freedombox-team/plinth/issues/1489 - We realized that we were modifying a configuration file we shipped from web interface. This means that users who make a certain preference change from web interface will not be able to automatically upgrade to future version of FreedomBox. This is a grave situation as our users are not expected to deal with command line. - The fix required undoing changes to configuration file we shipped and set it in a different one. bd43ed51 config: Remove Apache home page configuration from freedombox.conf bedc5ff9 config: Add option to use Apache's default home page as home page 8bc34f84 config: Rename Default App to Webserver Home Page a87b0ff5 config: Migrate default app configuration to new conf file 5ad22114 config: Move default-app configuration to a dedicated file 2aef91b1 config: Don't pass configuration file argument to action d1d3eae3 config: Reset home page setting in freedombox.conf during migration 530423d4 config: Revert changes in freedombox.conf to avoid conffile prompt During this fix additional issues related setting a couple of applications as primary applications in FreedomBox were uncovered and fixed. These changes are minimal and were tested thoroughly. b33b44b5 config: Fix error when setting JSXC as the home page 209d8e7b config: Fix Ikiwiki entries not showing up as default apps Changes to fix Tor relaying configuration ----------------------------------------- https://salsa.debian.org/freedombox-team/plinth/issues/1495 Pretty late in the work for Buster an issue was reported that make Tor relays unusable after a reboot. df76e6af tor: Use fixed 9001 port for relaying Change to fix Matrix Synapse and LDAP integration ------------------------------------------------- https://github.com/matrix-org/matrix-synapse-ldap3/issues/56 https://salsa.debian.org/freedombox-team/plinth/issues/1484 - Sometime during matrixsynapse package's transition to version 0.99 and python3 recently, LDAP integration was broken in the package matrix-synapse-ldap3. We treated it as an important issue and reported it upstream. - However, it was to be fixed by FreedomBox with configuration change. The following simple change fixes it. 668d4de7 matrix-synapse: Fix LDAP login issue Changes to fix LDAP errors during upgrade: ---------------------------------------------------- https://salsa.debian.org/freedombox-team/plinth/issues/1213 - When upgrading older versions of FreedomBox to Buster, one of our users noticed that nscd was not pulled in as dependency. As as result many user management operations were failing. - We added nscd as a dependency avoid this critical failure. This is a very small change. a4887ef0 users: Add nscd as a dependency Changes to handle Radicale 1.x to Radicale 2.x ---------------------------------------------- https://salsa.debian.org/freedombox-team/plinth/issues/1508 - Most of the changes for this addressed before the soft freeze. We wrote data migration code too. - One additional change remaining was to expose the web interface provided by the Radicale 2.x. This is arguably a feature addition but was done with a very minimal changes and was tested well. 8a60581f radicale: Add description of web interface Changes to add backup/restore support for tt-rss: ------------------------------------------------ https://salsa.debian.org/freedombox-team/plinth/issues/1390 - It is our goal that users who are installing Buster stable release be able to migrate from one machine to another seamlessly. This includes allowing users who launched cloud instances of FreedomBox to migrate to home servers without hiccups and surprises. So we implemented backup and restore support much before soft freeze of buster with 40+ apps supported. - However, one last application for which backup was not supported is tt-rss. We have completed that now. This change is backed by functional test which was added along with the changes. 1eed7d58 ttrss: Add backup support Changes for improvements to test suite -------------------------------------- - These changes improve the stability of test cases improving the overall quality of the package without touching any of the code that provides functionality. b18ac143 snapshot: Fix failing functional test ee87c005 ttrss: Make functional test definitions specific to ttrss d4fa87bb users: When ssh used in tests, add users to admin group c2f7bd63 backups: Fix failing test case Miscellaneous changes --------------------- Needed to make the release: c3cf60bc Release v19.2 to unstable Changes to developer setup that do not effect the package functionality: 57666b66 vagrant: Use virtualbox linked clones / CoW to reduce startup times Changes to fix Python deprecation warnings: 938dadca tor: Fix deprecation warning W605 for '\' character in regex Changes to fix styling or make minor refactoring as part of other changes: 595997ff tor: Styling changes due to yapf c7f46c35 tahoe: Styling changes 96e7fd3e utils: Fix some flake8 warnings d3bdaf07 utils: Handle exceptions in context management for YAMLFile 1dc1278a config: Consolidate get_domainname() implementation into config 753881b8 utils: Simplify YAMLFile by removing the post_exit argument Summary ======= - All of us at the FreedomBox project strongly believe that 19.2 makes freedombox package must more robust and stable, suitable for Buster instead of 19.1. This is because we: - Focused on important fixes - Tested it well - Backed it up with automated testing (functional and unit) - Are well tuned to bi-weekly releases. We made 40+ releases since Stretch. Regressions are rare. - Unblocking freedombox won't break other packages in Debian. Thank you, -- Sunil
Attachment:
signature.asc
Description: OpenPGP digital signature