cyberpear has quit [Quit: Connection closed for inactivity]
bgilbert has quit [Ping timeout: 240 seconds]
daMaestro has quit [Quit: Leaving]
Betal has quit [Quit: WeeChat 3.8]
gursewak has quit [Ping timeout: 252 seconds]
sentenza has quit [Read error: Connection reset by peer]
paragan has joined #fedora-coreos
saschagrunert has joined #fedora-coreos
saschagrunert has quit [Client Quit]
jcajka has joined #fedora-coreos
gursewak has joined #fedora-coreos
c4rt0 has joined #fedora-coreos
jpn has joined #fedora-coreos
jcajka has quit [Ping timeout: 252 seconds]
jcajka has joined #fedora-coreos
ravanelli has joined #fedora-coreos
ravanelli has quit [Ping timeout: 240 seconds]
c4rt0 has quit [Quit: Leaving.]
c4rt0 has joined #fedora-coreos
ravanelli has joined #fedora-coreos
ravanelli has quit [Remote host closed the connection]
ravanelli has joined #fedora-coreos
jpn has quit [Ping timeout: 265 seconds]
ravanelli has quit [Remote host closed the connection]
ravanelli has joined #fedora-coreos
jpn has joined #fedora-coreos
jpn has quit [Ping timeout: 252 seconds]
<fifofonix>
i'm struggling with debugging why rpm-ostree is not functioning behind a proxy in f38.
<fifofonix>
I have f37 drop-ins for rpm-ostreed that work just fine but stop working on f38. and on f38 node if i just type `sudo rpm-ostrree upgrade --bypass-driver` I'm getting timeout (ie. proxy not used).
<travier[m]>
fifofonix: Do you mind filling an Fedora CoreOS issue referencing this BZ? Thanks
jlebon has joined #fedora-coreos
<fifofonix>
will do so happily.
<fifofonix>
i'm scratching my head though and asking myself what i'm doing wrong that i'm not finding important information like this myself via bugzilla.
<fifofonix>
the fact that you knew about this so quickly seems to imply it was a known issue with the push of f38 to testing.
ravanelli has quit [Remote host closed the connection]
ravanelli has joined #fedora-coreos
<fifofonix>
i'll add it to the issue but i guess users behind a proxy may need to rollback to f37 before upgrading to a fixed f38 which means they will then possibly lose SSH access due to the other issue logged recently (I see jlebon suggesting a fix for that).
<fifofonix>
also, any newly provisioned f38 nodes behind a proxy will be stuck and need to be reprovisioned.
ravanelli has quit [Ping timeout: 265 seconds]
<travier[m]>
Unfortunately it pop'ed up in the new bugs list for the components that we watched but I haven't been able to get to it / raise visibility yet
<dustymabe>
travier[m]: jlebon ^^ - should we stop the rollout?
<jlebon>
dustymabe, travier[m]: ouch... yeah I think so
<travier[m]>
arg
<travier[m]>
should have raised the critical flag earlier :/ my bad
ravanelli has quit [Remote host closed the connection]
c4rt0 has joined #fedora-coreos
c4rt0 has left #fedora-coreos [#fedora-coreos]
jpn has quit [Ping timeout: 265 seconds]
baude has quit [Quit: Leaving]
* dustymabe
food
jpn has joined #fedora-coreos
daMaestro has joined #fedora-coreos
jpn has quit [Ping timeout: 252 seconds]
ravanelli has joined #fedora-coreos
mheon has joined #fedora-coreos
ravanelli has quit [Remote host closed the connection]
<dustymabe>
jmarrero: how's the proxy investigation going ?
<jmarrero>
dustymabe: I got a squid proxy running on a container. Which work via curl. Trying to replicate the issue adding a file with proxy environment variables to: /etc/systemd/system/rpm-ostreed.service.d/
<jmarrero>
no luck replicating yet.
<dustymabe>
cool let me know how it goes
<dustymabe>
you're trying to replicate with f38?
jpn has joined #fedora-coreos
jpn has quit [Ping timeout: 260 seconds]
<jmarrero>
Yeah
<dustymabe>
jmarrero: and you're having success (i.e. not reproducing the failure)
<jmarrero>
dustymabe: correct, and I am replicating on my silverblue 38 machine... I wonder if I need to test on FCOS to see the issue. Mmm actually I think it might be that I am using coreos layering this might not be even using the libcurl code.
jpn has joined #fedora-coreos
* jmarrero
tries a VM
<travier[m]>
jmarrero[m]: Can you try replicating what's in the BZ?
<jmarrero>
siosm[m]: dustymabe : yeah doing the ostree commands on the BZ against my proxy replicates it.
<jmarrero>
remove the proxy it works as expected.
<jmarrero>
So I got a easy reproducer now.
<dustymabe>
perfect
<dustymabe>
jmarrero: if you just try to use curl directly does it reproduce?
<jlebon>
and provides a possible manual workaround for people
<jlebon>
a few proxy-related things in https://curl.se/changes.html, but nothing obvious in versions newer than f38 that would indicate a relevant fix
<jmarrero>
curl-7.86.0-4 still worked.
<jmarrero>
jlebon: will do
<dustymabe>
also notable is there are no open BZs against curl in Fedora
<jmarrero>
curl-7.87.0-6 is bad too, so it's not that last CVE fixes.
sentenza has joined #fedora-coreos
ravanelli has quit [Remote host closed the connection]
ravanelli has joined #fedora-coreos
<jmarrero>
libcurl-7.87.0-1.fc38.x86_64 is where it starts to fail.
ravanelli has quit [Ping timeout: 265 seconds]
<dustymabe>
wow that's a long time for no one to have found this bug yet :)
<dustymabe>
so.. obviously we'll keep investigating.. but I'm thinking downgrading isn't really an option for us (too many bugfixes and CVEs have gone in for us to ignore)
bgilbert has quit [Ping timeout: 255 seconds]
<jmarrero>
jlebon: sadly the config knob ends up in the same situation.
jpn has quit [Ping timeout: 240 seconds]
<jlebon>
jmarrero: fun. this does work in curl though, so possibly we're doing something wrong in libostree. and maybe it didn't matter before but does now?
<jmarrero>
Maybe, let me try the fedora 39 libcurl and see what happens. They have version 8 there.
<jlebon>
btw, is it that the proxy settings are ignored completely, or that there's an issue in the proxy path? e.g. does your test system have access to the internet without a proxy?
<jlebon>
that's a good test. you might hit library issues, but you could also resetup the test in f39 entirely (and e.g. use the f39 libostree)
<jmarrero>
proxy path issue. The system has access to the internet.
<jmarrero>
libcurl-8.0.1-2.fc39.x86_64 works fine too, I am guessing this is a bug on 7.87 now.
<dustymabe>
jmarrero: maybe a backport neeeds to happen
<jmarrero>
I'll update the jira and tag the maintainer of curl?
<jlebon>
i think the report came in via bugzilla, but yeah maybe at this point we could have them look at it
<jlebon>
make sure to include all the versioning info
<jmarrero>
Will do, I meant BZ sorry.
<dustymabe>
yes. we'll increase the chances of them looking at it fast if we give them really good information in the BZ/issue
<dustymabe>
i'm hoping this is a simple "oh yes, XYZ needs to be backported to f38, here's a new build"
<jmarrero>
we can hope
ravanelli has quit [Ping timeout: 240 seconds]
<dustymabe>
jlebon: let's discuss our next steps for doing a new testing release (hopefully this week)
<dustymabe>
i know there are some changes that went into COSA recently and made it into the pipeline that we'll have to consider
<dustymabe>
should we just throw all that out the window and just build with latest COSA?
<jlebon>
dustymabe: just looked at the cosa changes since the commit we were on during the next/testing rebase releases. i think it should be fine, yeah
<dustymabe>
ok
jpn has joined #fedora-coreos
<jmarrero>
BZ updated, if don't get a response by tomorrow I can ping on Slack, it's RH maintainer. Need to disconnect for a while now. Ping me if anything else is needed today, will address once I come back tonight.
ravanelli has joined #fedora-coreos
<dustymabe>
jmarrero: maybe an update in the GH issue too would be nice
jpn has quit [Ping timeout: 248 seconds]
daMaestro has joined #fedora-coreos
ravanelli has quit [Ping timeout: 255 seconds]
ravanelli has joined #fedora-coreos
ravanelli has quit [Remote host closed the connection]
ravanelli has joined #fedora-coreos
ravanelli has quit [Ping timeout: 276 seconds]
jlebon has quit [Ping timeout: 255 seconds]
ravanelli has joined #fedora-coreos
ravanelli has quit [Ping timeout: 250 seconds]
jlebon has joined #fedora-coreos
<jmarrero>
dustymabe: done
jlebon has quit [Quit: leaving]
ravanelli has joined #fedora-coreos
jpn has joined #fedora-coreos
jpn has quit [Ping timeout: 240 seconds]
ravanelli has quit [Ping timeout: 276 seconds]
ravanelli has joined #fedora-coreos
ravanelli has quit [Ping timeout: 276 seconds]
ravanelli has joined #fedora-coreos
ravanelli has quit [Ping timeout: 240 seconds]
jpn has joined #fedora-coreos
mosen has joined #fedora-coreos
jpn has quit [Ping timeout: 276 seconds]
mosen has quit [Remote host closed the connection]