-
Notifications
You must be signed in to change notification settings - Fork 685
Standup Notes 2020 11 25
Participants (alphabetical): Allie, Conor, Erik, John, Kevin, Kushal, Mickael, Nina, Ro
(Allie) This is similar to issue we saw previously w/ widget creation in repolish event. We don't know root cause yet. The previous one would cause segfault; this one doesn't. Poking at debug logs. Seems like other versions of PyQt don't have this bug, specific to OS build of this package.
- Investigating workaround vs. installing a different version. Want to avoid unverified wheels; may have to build our own wheel.
(Kushal) I started poking at it as well. Note that https://github.com/freedomofpress/securedrop-client/issues/273 no longer segfaults on Debian Buster. After fighting with Qt/PyQt, I'm at a step where we can set a breakpoint in any C++ part of the code. Rebuilding Debian Buster's Qt so we can install that & see the specific backtrace/error. Aiming to write a blog post describing this in more detail.
(Allie) Awesome news. We also have docs PR that would be useful to get in. https://github.com/freedomofpress/securedrop-client/pull/1089
(Kushal) I started from that. But even with Debian debug symbols we're still missing source code. I think rebuilding Debian upstream package will be easier than wheels. Regarding pyside2, note that Micah has already migrated OnionShare. Two main things: import statements, Signal names.
(Mickael) Would hold off on pyside2 given the relative complexity of the SecureDrop Client.
(Allie) I think it would be a complex migration; a spike could make sense. Why would we want to do it?
(Kushal) It's the official bindings by the Qt folks.
(Allie) The bug is that when we're applying the stylesheet to the source widget on update, it doesn't apply correctly. Need to consider different workarounds, could get messy (e.g., widget duplication).
(Kushal) If you can give me exact STR, I can see if I can reproduce in local build (on Debian Buster, using Debian-provided PyQt with debug symbols).
Yesterday:
-
Investigating the PyQt issue
-
UX review of source widget restyling
-
Note that this PR is ready: https://github.com/freedomofpress/securedrop-client/pull/1192
- Kev will take a look
Today: Cont'd on ^^
Blockers or Asks: None
Yesterday:
- spike on reproducible wheels, notes in https://github.com/freedomofpress/securedrop-debian-packaging/issues/196#issuecomment-733417904
Today:
- bugcrowd ticket reopened (was closed last week)
Blockers or Asks:
- mickael let's pair on bugcrowd response
Yesterday:
-
Tested Ro's OSSEC PR, LGTM (though am not able to reproduce original issue in staging).
-
Added a docs PR for "Too many authentication failures" issue with upgrade scenario https://github.com/freedomofpress/securedrop-docs/pull/110
-
Filed an issue for v3 token not being in the expected location https://github.com/freedomofpress/securedrop/issues/5652
-
-
More accounting/payroll fun
Today:
- ^^
- May refactor pytest refactor into an independent SDK PR
Blockers or Asks: Mickael, would be good to book a bit of your time before I apply updates to live threat model
Yesterday:
- Reviewing John's PR for QA loader w/ Allie; we found a couple of issues that were more due to not understanding expected behavior. One outstanding issue: DB should probably be reset as part of load procedure. Otherwise looking good.
- Looked at DrG's PR for updating journalist-key route in Source UI. Put in a change request for adding a redirect from old path.
Today:
- Staying in review land! Poking at docs PRs
- May look at playbook behavior we just discussed to provide more useful info.
Blockers or Asks: None
Today:
- Qt/GDB
Tomorrow:
- ^^
Blockers or Asks: None
Yesterday:
- ossec + pyqt debugging w/ allie and kushal
- Reviewed https://github.com/freedomofpress/securedrop/pull/5647 for UA detection on macOS
- bugcrowd
- client ux review
Today:
- look at https://github.com/freedomofpress/securedrop/issues/5642
- re-write based on some investigations w/ kushal, using debian tooling will likely be - significantly easier for the pyqt component
Blockers or Asks: There was some quay.io errors (502) but looks resolved
Yesterday:
Today:
Blockers or Asks:
Yesterday:
- Support comms, Redmine cleanup comms
- #5265
- molecule learning
Today:
- Molecule/ansible/qubes-staging learning
- A little stuck trying to understand when certain files are pulled in/used during testinfra (it looks like there are both .j2 app-staging iptables rules and also hardcoded app-staging iptables rules in /testinfra/vars/app-staging.yml). I may take a break from this and revisit later
- Usual support comms, also closed out some old/unused Redmine projects per yesterday's comms
- After standup: Workstation provisioning walkthrough (my own)
Blockers or Asks:
- Blocker: probably just need to spend some more time on molecule
- Kev: let's check in on Wire to solidify upcoming workstation provisioning date/people