The realm of release-monitoring.org looks quiet from the top of my tower but there are plenty of activities happening below. I turn back from the window and went back to my table, various papers lying on it. All the bugs from Bugcronomicon with a few of my notes lying around. There is a lot of them ending on my table! I’m trying to address them all, but there are too many of them.
I didn’t notice that the door to my room is opening. It took me a few moments before I noticed a figure standing at the door.
“Welcome, traveler! come inside.”
The figure moves to my table and sits down on the opposite side of it.
“You are here for the news, I assume?”
Figure nodes.
“I hope you are sitting comfortably, there is much to tell…”
Anitya
The land of Anitya isn’t quiet, but right now there is a huge issue that is blocking a new release. Let me tell you about it.
Troubles with authentication library
As you might already know, Anitya is using social_auth-flask as the authentication library to authenticate users with external authentication servers (in our case it’s Fedora Account System (FAS)). As you can see in the repository, this library hasn’t been updated for a long time and now we are hitting some issues. I tried to fix this and my pull request got merged, but the contributor with permissions to release a new version isn’t active anymore.
So, what is the issue? If you try to login to purgatory (staging instance of Anitya), you will be treated with an Internal Server Error, which is caused by the issue mentioned above.
The conclave of mages decided to migrate to another authentication library and this work is currently in progress. Until the migration is done, I don’t want to release a new version of Anitya in production. I’m sorry for the inconveniences that this situation is causing.
The New Hotness
The residents of The New Hotness island had a big party on 8th December 2021. Why? They celebrated the 1.0.0 release. This release brought plenty of changes. And I will highlight some of them in the following paragraphs.
Clean architecture
As a mage, I’m interested in various magical fields. One of them is magical architecture (software design). So I spent a large amount of time trying to rebuild The New Hotness with Clean Architecture in mind. What you can see in production now is bright new Hotness, which was cleaned of the legacy code and it’s now much easier to maintain. If you are interested to learn more, the design of The New Hotness is described in the documentation.
Better error messages
Previously when something happened during the start of scratch build, the Bugzilla ticket was just updated with a message saying “there was an issue”. Now you will get the whole standard output, error output, and the backtrace – with the link to The New Hotness Bugcronomicon to report the issue. If you think the issue was caused by The New Hotness, feel free to add a ticket.
SHA512 hash as part of the error message
If you ever got a message from The New Hotness about the same sources, you were probably wondering what “sources”. In the current version The New Hotness will also print the SHA512 hash along the source name. You will now know exactly what caused the problem.
Updated documentation
The source of knowledge for The New Hotness, its documentation, was updated to reflect the current state of The New Hotness. It was updated with new sections like User Guide, Administration, Clean architecture design, and Message schema. It should now be much more useful if you want to know more about The New Hotness.
Known issues
Currently, there is one known issue that is happening after the 1.0.0 release. The packages that are using rpmautospec have an empty commit message, which causes an error in The New Hotness. In this case, the scratch build still happens, but the patch is not created. The issue is actually in rpmdevtools, The New Hotness is using the rpmdev-bumpspec
command from this project to update packages to their new version but this command doesn’t work well with macros introduced by rpmautospec yet. This should be fixed soon.
Post scriptum
This is all for now from the world of release-monitoring.org. Do you like this world and want to join our conclave of mages? Seek me (mkonecny/zlopez) in the magical yellow pages (#fedora-apps
on Libera Chat IRC) and ask how can you help. Or visit the Bugcronomicon (GitHub issues on Anitya or the-new-hotness) directly and pick something to work on.
If
release-monitoring
is still using Fedora packages, why not to package patched version?The Anitya doesn’t provide fedora RPM package and you need to patch the dependency, not Anitya itself to fix the authentication issue.
We plan to migrate to Flask OIDC and I hope this will happen soon.
Yes, I’ve meant patching the dependency.
I already submitted patch upstream and it was merged, but the maintainer who can actually release the new version is no longer around (last release happened in 2017). So it will be better to migrate to some other authentication library and the work is already going on.