Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tasks: Move to Fedora 41 #628

Merged
merged 1 commit into from
Dec 16, 2024
Merged

tasks: Move to Fedora 41 #628

merged 1 commit into from
Dec 16, 2024

Conversation

martinpitt
Copy link
Member

@martinpitt martinpitt commented Nov 29, 2024
edited
Loading

Project updates to this container (worked, but not landing until this is approved):

These need some more fixes:

@martinpitt martinpitt marked this pull request as draft November 29, 2024 09:44
@martinpitt

This comment was marked as resolved.

Sign in to view
@martinpitt martinpitt added blocked and removed blocked labels Dec 9, 2024
@martinpitt

This comment was marked as resolved.

Sign in to view
@martinpitt

This comment was marked as resolved.

Sign in to view
martinpitt added a commit that referenced this pull request Dec 13, 2024
@martinpitt
workflows: Move to Ubuntu 24.04
e7990c6 
This gets rid of the podman backport PPA, and thus finally runs the
integration test on the *exact* same machinery as the production build
(which previously has led to problems like in #628).

We can now also stop repeating the test dependencies.
@martinpitt martinpitt mentioned this pull request Dec 13, 2024
Merged
martinpitt added a commit that referenced this pull request Dec 13, 2024
@martinpitt
workflows: Move to Ubuntu 24.04
e083f43 
This gets rid of the podman backport PPA, and thus finally runs the
integration test on the *exact* same machinery as the production build
(which previously has led to problems like in #628).

We can now also stop repeating the test dependencies.
jelly pushed a commit that referenced this pull request Dec 13, 2024
@martinpitt @jelly
workflows: Move to Ubuntu 24.04
cf944c5 
This gets rid of the podman backport PPA, and thus finally runs the
integration test on the *exact* same machinery as the production build
(which previously has led to problems like in #628).

We can now also stop repeating the test dependencies.
@martinpitt martinpitt marked this pull request as ready for review December 13, 2024 10:10
@martinpitt
Copy link
Member Author

Monday morning, restarted the build.

@martinpitt martinpitt requested a review from jelly December 16, 2024 07:38
This was referenced Dec 16, 2024
Merged
Merged
Merged
Merged
Merged
Merged
@martinpitt
Copy link
Member Author

Our bots break like this:

Traceback (most recent call last):
  File "/work/bots/./run-queue", line 194, in <module>
    sys.exit(main())
             ~~~~^^
  File "/work/bots/./run-queue", line 157, in main
    with distributed_queue.DistributedQueue(opts.amqp, ['webhook', 'rhel', 'public', 'statistics']) as dq:
         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/work/bots/task/distributed_queue.py", line 110, in __init__
    self.connection = pika.BlockingConnection(params)
                      ~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^
  File "/usr/lib/python3.13/site-packages/pika/adapters/blocking_connection.py", line 360, in __init__
    self._impl = self._create_connection(parameters, _impl_class)
                 ~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.13/site-packages/pika/adapters/blocking_connection.py", line 451, in _create_connection
    raise self._reap_last_connection_workflow_error(error)
  File "/usr/lib/python3.13/site-packages/pika/adapters/utils/io_services_utils.py", line 636, in _do_ssl_handshake
    self._sock.do_handshake()
    ~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/lib64/python3.13/ssl.py", line 1372, in do_handshake
    self._sslobj.do_handshake()
    ~~~~~~~~~~~~~~~~~~~~~~~~~^^
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier (_ssl.c:1020)

I'll revert :latest and restart them until I figure this out.

@martinpitt
Copy link
Member Author

queue bots reverted to tag 2024-12-14 for the time being, so there's no 🔥 any more. I'll land the lot, and look into how to update our certificates or adjust to openssl 3.

@martinpitt martinpitt merged commit d038033 into main Dec 16, 2024
6 checks passed
@martinpitt martinpitt deleted the tasks-f41 branch December 16, 2024 10:22
@martinpitt
Copy link
Member Author

martinpitt commented Dec 16, 2024
edited
Loading

For the record: Refreshing the AMQP client and server certificate (building it with OpenSSL 3) did not work. But in pytest with fresh certificates, secrets/webhook/amqp-server.pem does have both "Subject Key Identifier" and "Authority Key Identifier", and ca.pem has the Subject KI.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jelly jelly jelly approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@martinpitt @jelly