Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

URT:Agenda-2018-01-22

From EGIWiki
Revision as of 16:13, 19 January 2018 by Ellert (talk | contribs) (→‎AOB)
Jump to navigation Jump to search

Meeting

News

  • UMD3 deprecation
    • WMS dismission plan presented at OMB
    • in parallel, UMD team will test upgrading the umd-release package from UMD3/SL6 to UMD4/SL6 to make usre everything works properly
    • plan will be arranged and agreed with PTs in January/February
    • at some point UMD3 will be "freezed" (no more updates of any kind, either security ones)
      • OMB suggested to remove it completely so that it's not used anymore
      • probably we will establish a period of 2-4 weeks during which sites get progressively aware that the old repos won't work anymore and switch to UMD4/SL6
      • if any security issue comes out during that period, we will ask to shut down the repository


  • CMD-OS update still in preparation
  • CMD-ONE first release to be fixed adding site BDII

UMD4

In Verification

Under Staged Rollout

Ready to be Released

CMD-OS

In Verification

In Staged Rollout

Ready to be released

CMD-ONE

In verification

In Staged Rollout

Ready to be released

Report from WLCG MW Officer

Singularity (http://singularity.lbl.gov/) is planned to be used in production by CMS and ATLAS next year.

Should we start include it also in UMD? (also as part of WN)

Updates from Technical Providers

APEL

Frontier

Indigo-DataCloud

dCache

DPM/LFC

DPM 1.9.2 released and we plan to push it to EPEL stable tomorrow.

as it fixes as well a vulnerability, it would be good to add it ASAP to UMD ( when we are back from holidays)

Data management clients

NTR

FTS

NTR

ARC

ARC bugfix update 15.03u18 ARC 5.4.2 is out. In epel:

https://bodhi.fedoraproject.org/updates/?search=nordugrid-arc

Already running on ce01 in Oslo, and on two Slovenian grid sites (Rebula, Pikolit).


Working with Pablo related to the testing of ARC releases.

QCG

Globus

xrootd

xrootd 4.8.0 is available in EPEL stable since 2018-01-02.

caNl

Preview

AOB

bouncycastle update in EPEL

There is an update coming to EPEL 6 involving some Java components.

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-71db8f6f28

There are updated packages for:

  • bouncycastle-1.58-2.el6
    • The new package uses the new bouncycastle package build mechanism used in the Fedora bouncycastle package, building all bouncycastle binary packages from the same source RPM:
      • bouncycastle-1.58-2.el6.noarch.rpm
      • bouncycastle-mail-1.58-2.el6.noarch.rpm
      • bouncycastle-pg-1.58-2.el6.noarch.rpm
      • bouncycastle-pkix-1.58-2.el6.noarch.rpm
      • bouncycastle-tls-1.58-2.el6.noarch.rpm
    • Previously, only bouncycastle itself was in EPEL 6. This update adds the others to the EPEL 6 repository.
    • A bouncycastle-mail package (matching the old bouncycastle version i EPEL 6) was provided in the UMD repo.
  • jglobus-2.1.0-4.el6 (I guess noone is using this...)
  • voms-api-java-3.2.0-7.el6

The update also adds packages previously not in EPEL 6 due to missing bouncycastle dependencies:

  • canl-java-2.5.0-1.el6
  • voms-clients-java-3.0.7-6.el6

With this update there are some changes w.r.t. the packages currently in UMD:

  • Since voms-api-java is updated to version 3, the voms-api-java3 currently in UMD becomes obsolete, so references to /usr/share/java/voms-api-java3.jar should be changed to /usr/share/java/voms-api-java.jar
  • In the new bouncycastle version some classes have moved between the different bouncycastle packages.
    • The new canl-java depends on bouncycastle and bouncycastle-pkix.
    • The new voms-api-java depends on canl-java (and hence on bouncycastle and bouncycastle-pkix), but no longer on bouncycastle-mail.
  • The class org.bouncycastle.openssl.PasswordFinder is deprecated in the new bouncycastle and canl-java 2.5.0 provides a replacement eu.emi.security.authn.x509.helpers.PasswordSupplier.

Providers of products depending on these components should investigate compatibility and see what changes are needed to code and configuration.

Packages declaring dependencies on the affected packages in the UMD repo are:

  • glite-ce-common-java
  • glite-ce-cream-api-java
  • argus-pap
  • argus-pdp
  • argus-pep-server

These are the directly declared dependencies, some recursive dependencies might be affected too.

The packages glite-security-trustmanager and glite-security-util-java in EPEL 6 have been retired.

There is also an update for EPEL 7:

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-50d69f64bd

Of the issues listed above only the PasswordFinder vs. PasswordSupplier issue should be relevant here.

The corresponding Fedora updates do not update bouncycastle, only update canl-java (and rebuilds the existing versions of voms-api-java and voms-clients-java for the PasswordFinder vs. PasswordSupplier change in canl-java). These are already in stable:

other AOB