Bugzilla and the art of package maintenance
The first part of 2020 (in addition to all the horrible things happening in the world) was pretty heads down in our datacenter move. Now that that is over, and Fedora 33 is out the door (hurray!), I'm slowly trying to catch up on other things I normally do that are now a bit backlogged. This weekend, I decided to try and catch up (at least some) on my package maintaining and bugzilla bugs.
In the distant past (before 2020) I basically tried to work on this stuff mostly as it came in. Update packages when release monitoring let me know there was a release, ask questions of bug reporters as they reported and try and get something actionable. Of course now I'm behind, so lets try a different process to catch up.
First, some of you may be aware that there is a python module for bugzilla (python-bugzilla), but did you know that it also includes a handy command line interface?
Lets try some initial queries and see if we can triage things to work on things in (hopefully) some semblance of their priority.
% bugzilla query -a kevin@scrye.com -s NEW,ASSIGNED | wc -l
102
So, 102 bugs. Not bad at all! Oh, but wait, those are only the ones I am directly assigned to, I am in a number of groups that get assignment and I am just CCed. How bad are those:
% bugzilla query --cc kevin@scrye.com -s NEW,ASSIGNED | wc -l
412
Well, thats not great. But some of these might be bugs that are since solved or someone else is busy working on them or they have been made moot somehow. So, I will dump that query into a text file (The default output is to give you bugnumber, state (NEW,ASSIGNED), and the summary of the bug. Amusingly, I see the oldest bug I am assigned to was filed in 2011. :) So, I have those to look through and do something with, but perhaps we can make some smaller lists:
bugzilla query -a kevin@scrye.com -s NEW,ASSIGNED | grep CVE | wc -l
3
Cool, Only 3 CVE's are assigned to me directly. 2 of those are tracking (fedora,epel) for a ansible bug thats not fixed yet and one is for a libntlm bug. Hurray, a CVE I can check on.
So, what I usually do is read the CVE bug, looking in particular for versions (this one affects versions through 1.5). I then look on https://src.fedoraproject.org/rpms/libntlm to see what versions are in what releases. All 1.5 here. Next, I look at other libntlm bugs by going to the handy: https://bugz.fedoraproject.org/libntlm In addition to the 2 CVE tracking bugs (fedora,epel), I see there's a release monitoring bug about 1.6 being available. Great. Time to do some packaging work.
So, this is a library, so we need to be carefull about changes and what might depend on it. Looking at the NEWS file for 1.6 however, we see: "** API and ABI modifications. No changes since last version." Great. Thats an update and 3 less bugs. :)
ok, on to messing with a few packages/components that more 'system wide'. epel-release, distribution, etc.
Then, lets look at packages that are needing updates:
bugzilla query --cc kevin@scrye.com -s NEW,ASSIGNED --outputformat '%{id}: %{component}: %{summary}' |sed -e 's|^\#||' | sort -n | grep 'is available'
1271027: python-stevedore: python-stevedore-3.2.2 is available
1757650: python-feedparser: python-feedparser-6.0.2 is available
1771091: python-mechanize: python-mechanize-0.4.5 is available
1801531: awscli: awscli-2.0.61 is available
1813734: hiredis: hiredis-1.0.0 is available
1815307: bodhi: bodhi-5.5.0 is available
1829595: python-redis: python-redis-3.5.3 is available
1839836: blueberry: blueberry-1.3.9 is available
1846161: iperf3: iperf3-3.9 is available
1848739: ansible: ansible-2.10.1 is available
1862178: python-eventlet: python-eventlet-0.29.1 is available
1862531: python-vcrpy: python-vcrpy-4.1.1 is available
1880754: calibre: calibre-5.4.2 is available
1881455: python-greenlet: python-greenlet-0.4.17 is available
1886993: mxml: mxml-3.2 is available
1888249: python-pygal: python-pygal-3.0.0.dev1 is available
1890435: koji: koji-1.23.0 is available
1890954: GitPython: GitPython-3.1.11 is available
1891597: libnftnl: libnftnl-1.1.8 is available
1891769: nftables: nftables-0.9.7 is available
1893366: wordpress: wordpress-5.5.3 is available
1893453: iptables: iptables-1.8.6 is available
Some of those are blocked (calibre needs sip5 packaged, ansible needs 2.10.x packaged (which I have done, but need to clean up and submit)), but some of the others should be pretty easy. :) Lets see how far I can get today!
A few hours later...
% bugzilla query --cc kevin@scrye.com -s NEW,ASSIGNED | wc -l
380
Dealt with 32 bugs. Not a bad afternoon I guess. :) I hope the command line bugzilla use and triage helps others deal with bugs as well.