ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2020-04-22T18:41:44Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/1096thread sanitizer reporting unit test in lib process2020-04-22T18:41:44ZWlodzimierz Wencelthread sanitizer reporting unit test in lib processhttps://jenkins.isc.org/job/kea-1.7/job/ut-thread/3/testReport/
DStubControllerTest.ioSignals
```
Error Message
d_controller_unittests.cc:307
Expected: 3
To be equal to: signals.size()
Which is: 0
Stacktrace
d_controller_un...https://jenkins.isc.org/job/kea-1.7/job/ut-thread/3/testReport/
DStubControllerTest.ioSignals
```
Error Message
d_controller_unittests.cc:307
Expected: 3
To be equal to: signals.size()
Which is: 0
Stacktrace
d_controller_unittests.cc:307
Expected: 3
To be equal to: signals.size()
Which is: 0
```
failing on freebsd 12 and ubuntu 19.10
IOSignalTest.mixedSignals
```
Error Message
io_service_signal_unittests.cc:126
Failed
Test Time: 1000 expired
Stacktrace
io_service_signal_unittests.cc:126
Failed
Test Time: 1000 expired
```
failing on freebsd 12kea1.7.7Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/stork/-/issues/233Create data model for daemons2020-04-22T11:57:33ZMarcin SiodelskiCreate data model for daemonsOur UI seems to become "daemon centric". The lists we're aiming to present in the dashboard contain daemons and their statuses rather than apps and their statuses. When clicking on the given app the user is taken to the view where we hav...Our UI seems to become "daemon centric". The lists we're aiming to present in the dashboard contain daemons and their statuses rather than apps and their statuses. When clicking on the given app the user is taken to the view where we have multiple tabs, each one for each daemon. Configurations are per daemon, rather than per app and so forth.
This all implies that daemons already deserve their own SQL table(s) so as the daemon specific information (e.g. LPS stats) can be associated with them. In fact, the HA status is also presented per daemons. This ticket should introduce the new tables and fill them in with the daemon specific information upon adding a new app or refreshing an existing app. It should also handle deletion of the app. The service tables should be adopted to provide the relations to the daemon table(s) rather than app tables.0.7Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/stork/-/issues/226fill dashboard with some content2020-04-22T11:05:16ZMichal Nowikowskifill dashboard with some content0.7Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/stork/-/issues/247update stork deps (for backend in go and for webui)2020-04-22T10:09:03ZMichal Nowikowskiupdate stork deps (for backend in go and for webui)deps for update:
- angular to 9.1
- and moredeps for update:
- angular to 9.1
- and more0.7Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/kea/-/issues/779Missing 17.3.14 server-tag-get2020-04-22T08:53:39ZFrancis DupontMissing 17.3.14 server-tag-get#470 added the new server-tag-get command and obviously was merged when sphinx transition was performed so it is missing. BTW as the author of #470 I can help...
Missing also in the 8.9 alphabetic ordered list of DHCPv4 server commands ...#470 added the new server-tag-get command and obviously was merged when sphinx transition was performed so it is missing. BTW as the author of #470 I can help...
Missing also in the 8.9 alphabetic ordered list of DHCPv4 server commands and 9.14 for DHCPv6.
Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/1190compilation issue in flexid on ubuntu16042020-04-22T07:51:27ZWlodzimierz Wencelcompilation issue in flexid on ubuntu1604```
01:09:52.882 /usr/bin/ld: flex_id_unittests-load_unload_unittests.o: undefined reference to symbol '_ZN3isc7process6Daemon11setProcNameERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE'
01:09:52.882 /usr/bin/ld: /home/jenkins...```
01:09:52.882 /usr/bin/ld: flex_id_unittests-load_unload_unittests.o: undefined reference to symbol '_ZN3isc7process6Daemon11setProcNameERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE'
01:09:52.882 /usr/bin/ld: /home/jenkins/workspace/kea-1.7/ut-basic/src/lib/process/.libs/libkea-process.so.8: error adding symbols: DSO missing from command line
01:09:52.882 collect2: error: ld returned 1 exit status
```
link https://jenkins.isc.org/job/kea-1.7/job/ut-basic/162/execution/node/160/log/kea1.7.7https://gitlab.isc.org/isc-projects/stork/-/issues/246Display the source of information for hosts in the UI2020-04-21T10:25:12ZMarcin SiodelskiDisplay the source of information for hosts in the UIWe do record in the database whether the host reservation comes from the config file or from the hosts_cmds hooks library. We want to display that in the UI next to each reservation.We do record in the database whether the host reservation comes from the config file or from the hosts_cmds hooks library. We want to display that in the UI next to each reservation.0.7Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/967Bind 9.11 Windows still requires msvcr110.dll for Bind to run2020-04-21T08:20:18ZGhost UserBind 9.11 Windows still requires msvcr110.dll for Bind to run<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [security-officer@isc.org](security-officer@isc.org).
-->
### Summary
I noticed this on two of my servers details below. After installing Bind which also installs the Redistribute C++ 2017 x64.
named.exe would fail to start any of the exe files in the bin directory. It would popup saying msvcr110.dll was missing.
To fix this issue requires install of Visual C++ Redistribute for Visual Studio 2012 Update 4
### BIND version used
BIND 9.11.5-P4 (Extended Support Version)
### Steps to reproduce
Windows 2012 R2 Standard 64bit
### What is the current *bug* behavior?
named.exe doesn't run popups with a dialog saying MSVCR110.dll is missing
This occurs with any of the exe files in the bin folder when clicked on.
Example event viewer log
```
Faulting application name: named.exe, version: 0.0.0.0, time stamp: 0x5c58e77f
Faulting module name: MSVCR110.dll, version: 6.3.9600.19304, time stamp: 0x5c7f684f
Exception code: 0xc0000135
Fault offset: 0x00000000000ecf30
Faulting process id: 0x1528
Faulting application start time: 0x01d4e5dd7aa5623c
Faulting application path: c:\dns\bin\named.exe
Faulting module path: MSVCR110.dll
Report Id: b8604015-51d0-11e9-80e4-00163c261937
Faulting package full name:
Faulting package-relative application ID:
```
### What is the expected *correct* behavior?
Either make the build not require MSVCR110.dll or make the redistribute package for 2011 for Visual C++ be checked for/installed
### Relevant configuration files
(Paste any relevant configuration files - please use code blocks (```)
to format console output. If submitting the contents of your
configuration file in a non-confidential Issue, it is advisable to
obscure key secrets: this can be done automatically by using
`named-checkconf -px`.)
### Relevant logs and/or screenshots
(Paste any relevant logs - please use code blocks (```) to format console
output, logs, and code, as it's very hard to read otherwise.)
### Possible fixes
(If you can, link to the line of code that might be responsible for the
problem.)February 2020 (9.11.16, 9.14.11, 9.16.0, 9.16.0-S)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1062Possible Windows packaging problem ("MSVCR110.dll was not found")2020-04-21T08:20:17ZMichael McNallyPossible Windows packaging problem ("MSVCR110.dll was not found")A Windows user reports:
>>>
I get this when trying to run the 64-bit version of Bind 9.14.2 or 9.15.0
under Win 10 X64 build 1903.
```
---------------------------
named.exe - System Error
---------------------------
The code execution c...A Windows user reports:
>>>
I get this when trying to run the 64-bit version of Bind 9.14.2 or 9.15.0
under Win 10 X64 build 1903.
```
---------------------------
named.exe - System Error
---------------------------
The code execution cannot proceed because MSVCR110.dll was not found. Reinstalling the program may fix this problem.
---------------------------
OK
---------------------------
```
I believe you ship it with the 2017 C redist package, but this DLL is from the 2012 redist. Installing that allows the 64-bit version to work. I never saw the problem when I was in 32-bit, but I had all of the redist packages installed. I just thought you would want to know.
>>>
Would somebody knowledgeable about the Windows builds please have a look and see whether this is a problem specific to this user's environment or an oversight in our packaging of Windows binaries?https://gitlab.isc.org/isc-projects/stork/-/issues/217add help system to widgets2020-04-21T07:03:12ZMichal Nowikowskiadd help system to widgetsNext to widgets like input or button, or anywhere on a screen there could be placed a help icon. When it is hovered or clicked then a box with help text should appear. This help text should explain how given widget is working.
It could ...Next to widgets like input or button, or anywhere on a screen there could be placed a help icon. When it is hovered or clicked then a box with help text should appear. This help text should explain how given widget is working.
It could use OverlayPanel: https://www.primefaces.org/primeng-8.1.5/#/overlaypanel0.7https://gitlab.isc.org/isc-projects/stork/-/issues/241improve presenting kea daemons on app page2020-04-20T09:58:05ZMichal Nowikowskiimprove presenting kea daemons on app pageInstead presenting subnets table there should be just links to subnets page with filtering set to given app id. The same for shared networks and hosts reservations.Instead presenting subnets table there should be just links to subnets page with filtering set to given app id. The same for shared networks and hosts reservations.0.7Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/stork/-/issues/171UI tweak: pagination/total entries layout should be unified2020-04-20T09:44:05ZTomek MrugalskiUI tweak: pagination/total entries layout should be unifiedA minor UI usability improvement.
When viewing Kea services, BIND services or Machines, the bar with X of Y pages/show Z per page line is above the content. The subnets and networks views has it below the content. This should be unified...A minor UI usability improvement.
When viewing Kea services, BIND services or Machines, the bar with X of Y pages/show Z per page line is above the content. The subnets and networks views has it below the content. This should be unified.
I think the standard is to keep it at the bottom.0.7Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/1228[DNSSEC] [OpenSSL] Make it possible to use key-by-reference to sign zones2020-04-18T16:19:06ZStanislav Levin[DNSSEC] [OpenSSL] Make it possible to use key-by-reference to sign zones### Description
Bind being packaged in ALTLinux is configured with `openssl`, but without any `pkcs11` options (uses defaults).
Bind version:
```
named -version
BIND 9.11.10 (Extended Support Version) <id:9390ecc>
```
But, to ...### Description
Bind being packaged in ALTLinux is configured with `openssl`, but without any `pkcs11` options (uses defaults).
Bind version:
```
named -version
BIND 9.11.10 (Extended Support Version) <id:9390ecc>
```
But, to be integrated into FreeIPA (with support for DNSSEC) some sort of pkcs11 stuff is required. This project
utilizes SoftHSM to store signing keys within a token and OpenDNSSEC (with custom services) for keeping track of DNSSEC keys.
There are several pkcs11 ops:
* creation of a key pair of files that referencing a key object stored in a cryptographic HSM.
This is being done by `dnssec-keyfromlabel`.
* signing zones inline.
Partially, this could be achieved by OpenSSL engine `pkcs11` ( engine plugin for the OpenSSL library allows accessing PKCS#11 modules in a semi-transparent way) https://github.com/OpenSC/libp11
For example,
using a specific OpenSSL engine `pkcs11`:
```
dnssec-keyfromlabel -E pkcs11 -a RSASHA1 -l "token=dns;object=robie-rsa-zsk1;pin-source=/test/pin" example.test
```
This works as expected. Nice.
But manual signing fails.
Without key name provided:
```
dnssec-signzone -E pkcs11 -v 10 -a -P -g -r /dev/random -o example.test example.test
dnssec-signzone: using 8 cpus
C_Initialize
IN: pInitArgs = NULL
C_Initialize = CKR_OK
C_GetSlotList
IN: tokenPresent = CK_FALSE
IN: pulCount = 0x7FFF87EF4B28 = 15880584
OUT: pSlotList = (0) NO-VALUES
C_GetSlotList = CKR_OK
dnssec-signzone: debug 1: delete_node(): 0x7fadb4072010 example.test (bucket 4)
dnssec-signzone: debug 1: calling free_rbtdb(.)
dnssec-signzone: debug 1: done free_rbtdb(.)
dnssec-signzone: no existing signatures for example.test/NSEC
dnssec-signzone: example.test/NSEC:
dnssec-signzone: no existing signatures for example.test/DNSKEY
dnssec-signzone: example.test/DNSKEY:
dnssec-signzone: no existing signatures for example.test/SOA
dnssec-signzone: example.test/SOA:
dnssec-signzone: no existing signatures for example.test/NS
dnssec-signzone: example.test/NS:
dnssec-signzone: no existing signatures for txt.example.test/NSEC
dnssec-signzone: txt.example.test/NSEC:
dnssec-signzone: no existing signatures for txt.example.test/TXT
dnssec-signzone: txt.example.test/TXT:
dnssec-signzone: no existing signatures for ns.example.test/NSEC
dnssec-signzone: ns.example.test/NSEC:
dnssec-signzone: no existing signatures for ns.example.test/A
dnssec-signzone: ns.example.test/A:
example.test.signed
dnssec-signzone: debug 1: calling free_rbtdb(example.test)
dnssec-signzone: debug 1: done free_rbtdb(example.test)
```
```
grep RRSIG example.test.signed
3600 NSEC ns.example.test. NS SOA RRSIG NSEC DNSKEY
3600 NSEC example.test. TXT RRSIG NSEC
3600 NSEC txt.example.test. A RRSIG NSEC
```
And with explicit key name:
```
dnssec-signzone -E pkcs11 -v 10 -a -P -g -r /dev/random -o example.test example.test Kexample.test.+005+38895
dnssec-signzone: using 8 cpus
C_Initialize
IN: pInitArgs = NULL
C_Initialize = CKR_OK
C_GetSlotList
IN: tokenPresent = CK_FALSE
IN: pulCount = 0x7FFD8C748688 = 10563256
OUT: pSlotList = (0) NO-VALUES
C_GetSlotList = CKR_OK
dnssec-signzone: fatal: cannot sign zone with non-private dnskey Kexample.test.+005+38895
```
```
2579 if (result != ISC_R_SUCCESS)
(gdb)
2583 if (!dns_name_equal(gorigin, dst_key_name(newkey)))
(gdb)
2586 if (!dst_key_isprivate(newkey))
(gdb)
2587 fatal("cannot sign zone with non-private dnskey %s",
(gdb) p *newkey
$2 = {magic = 1146311755, refs = {refs = 1}, key_name = 0x7ffff75ea1f0, key_size = 2048,
key_proto = 3, key_alg = 5, key_flags = 256, key_id = 38895, key_rid = 39023, key_bits = 0,
key_class = 1, key_ttl = 0, mctx = 0x41d920, engine = 0x7ffff75f7008 "pkcs11",
label = 0x7ffff75e9180 "pkcs11:token=dns;object=robie-rsa-zsk1;pin-source=/test/pin",
keydata = {generic = 0x4a3838, gssctx = 0x4a3838, rsa = 0x4a3838, dsa = 0x4a3838,
dh = 0x4a3838, pkey = 0x4a3838, hmacmd5 = 0x4a3838, hmacsha1 = 0x4a3838,
hmacsha224 = 0x4a3838, hmacsha256 = 0x4a3838, hmacsha384 = 0x4a3838,
hmacsha512 = 0x4a3838}, times = {1568496680, 1568496680, 1568496680, 0, 0, 0, 0, 0, 0},
timeset = {true, true, true, false, false, false, false, false, false}, nums = {0, 0, 0,
0}, numset = {false, false, false, false}, inactive = false, external = false,
fmt_major = 1, fmt_minor = 3, func = 0x7ffff7fc1f00 <opensslrsa_functions>,
key_tkeytoken = 0x0}
(gdb) p *newkey->keydata->pkey->pkey->rsa
$4 = {pad = 0, version = 0, meth = 0x4546a8, engine = 0x0, n = 0x4a3f48, e = 0x4a4298,
d = 0x0, p = 0x0, q = 0x0, dmp1 = 0x0, dmq1 = 0x0, iqmp = 0x0, prime_infos = 0x0,
pss = 0x0, ex_data = {sk = 0x4a34b8}, references = 1, flags = 6, _method_mod_n = 0x0,
_method_mod_p = 0x0, _method_mod_q = 0x0, bignum_data = 0x0, blinding = 0x0,
mt_blinding = 0x0, lock = 0x4a33e8}
(gdb) bt
#0 loadexplicitkeys (keyfiles=keyfiles@entry=0x7fffffffec90, n=n@entry=1,
setksk=setksk@entry=false) at ./dnssec-signzone.c:2587
#1 0x0000000000407025 in main (argc=1, argv=0x7fffffffec90) at ./dnssec-signzone.c:3649
```
PKCS11 Flags for private key: CKA_PRIVATE; CKA_EXTRACTABLE; CKA_SENSITIVE;
Actually, BIND loads private key:
https://gitlab.isc.org/isc-projects/bind9/blob/v9_11/lib/dns/opensslrsa_link.c#L1553
```
if (label != NULL) {
#if !defined(OPENSSL_NO_ENGINE)
if (engine == NULL)
DST_RET(DST_R_NOENGINE);
ep = dst__openssl_getengine(engine);
if (ep == NULL)
DST_RET(DST_R_NOENGINE);
pkey = ENGINE_load_private_key(ep, label, NULL, NULL);
```
But later fails on checking this key:
https://gitlab.isc.org/isc-projects/bind9/blob/v9_11/lib/dns/opensslrsa_link.c#L1146
```
static bool
opensslrsa_isprivate(const dst_key_t *key) {
const BIGNUM *d = NULL;
#if USE_EVP
RSA *rsa = EVP_PKEY_get1_RSA(key->keydata.pkey);
INSIST(rsa != NULL);
RSA_free(rsa);
/* key->keydata.pkey still has a reference so rsa is still valid. */
#else
RSA *rsa = key->keydata.rsa;
#endif
if (rsa != NULL && RSA_test_flags(rsa, RSA_FLAG_EXT_PKEY) != 0)
return (true);
RSA_get0_key(rsa, NULL, NULL, &d);
return (rsa != NULL && d != NULL);
}
```
As we can see the presence of `RSA_FLAG_EXT_PKEY` is checked first and then `d` (private exponent).
For example, `RSA_FLAG_EXT_PKEY` RSA flag is set in BIND PKCS11 patch for OpenSSL:
https://gitlab.isc.org/isc-projects/bind9/blob/v9_11/bin/pkcs11/openssl-1.0.2h-patch#L6939
According to OpenSSL RSA:
```
This flag means the private key operations will be handled by rsa_mod_exp
and that they do not depend on the private key components being present:
for example a key stored in external hardware. Without this flag
bn_mod_exp gets called when private key components are absent.
```
So, signing doesn't happen in the case where the private key is a reference to HSM object because of the missing
`RSA_FLAG_EXT_PKEY`, which should be set by used OpenSSL engine (`pkcs11`).
### Known solution
For example, Fedora provides two Binds (with native pkcs11 or with OpenSSL). But in my opinion, it makes things harder.
It's preferred to have one build on a system.
### Request
Make it possible to use key-by-reference to sign zones in OpenSSL clause.
https://gitlab.isc.org/isc-projects/kea/-/issues/1187MapElement::equals is suboptimal2020-04-17T18:01:34ZRazvan BecheriuMapElement::equals is suboptimalcheck for equality between elements
but after that
// quickly walk through the other map too, to see if there's
// anything in there that we don't have. We don't need to
// compare those elements; if one of them is missing we
// differ...check for equality between elements
but after that
// quickly walk through the other map too, to see if there's
// anything in there that we don't have. We don't need to
// compare those elements; if one of them is missing we
// differ (and if it's not missing the loop above has checked
// it)
which is nonsense
should just checking that the sizes are equal before checking elements
also must fix isEquivalent which is similarkea1.7.7Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/stork/-/issues/240Remote HA partner link is not displayed in docker demo2020-04-17T12:13:14ZMarcin SiodelskiRemote HA partner link is not displayed in docker demoSteps to reproduce:
- rake docker_up cache=false
- Open UI
- Add two machines: agent-kea-ha1 and agent-kea-ha2
- Click on one of the Kea apps added
The HA status shows two boxes, one for local server, one for remote. In the title of the...Steps to reproduce:
- rake docker_up cache=false
- Open UI
- Add two machines: agent-kea-ha1 and agent-kea-ha2
- Click on one of the Kea apps added
The HA status shows two boxes, one for local server, one for remote. In the title of the remote partner's box there should be a link to the partner, but it is not shown.
The reason for it seems to be that Storks ends up creating two HA services for the two apps, rather than one. I suspect that the reason for it is that their configs slightly differ. Strictly speaking they differ by the following url:
```
"url": "http://172.20.0.102:8002/"
```
vs
```
"url": "http://172.20.0.102:8002"
```
We could make the URLs comparison slightly less fragile but I think it should come in some other issue that looks at more aspects of HA configuration matching than URLs. Here, we should really just make it work with the minimal effort given the time constraints.0.7https://gitlab.isc.org/isc-projects/bind9/-/issues/1765create empty release notes for 9.17.2, 9.16.3, 9.11.192020-04-17T06:30:38ZMark Andrewscreate empty release notes for 9.17.2, 9.16.3, 9.11.19May 2020 (9.11.19, 9.11.19-S1, 9.14.12, 9.16.3)https://gitlab.isc.org/isc-projects/bind9/-/issues/1735Release Checklist for BIND 9.11.18, BIND 9.11.18-S1, BIND 9.16.2, BIND 9.17.12020-04-16T21:29:03ZMichal NowakRelease Checklist for BIND 9.11.18, BIND 9.11.18-S1, BIND 9.16.2, BIND 9.17.1## Release Schedule
**Tagging Deadline:** Wednesday, April 8th, 2020
**Public Release:** Wednesday, April 15th, 2020
## Release Checklist
## 2 Working Days Before the Tagging Deadline
- [x] ***(QA)*** Check whether all issues assig...## Release Schedule
**Tagging Deadline:** Wednesday, April 8th, 2020
**Public Release:** Wednesday, April 15th, 2020
## Release Checklist
## 2 Working Days Before the Tagging Deadline
- [x] ***(QA)*** Check whether all issues assigned to the release milestone are resolved[^1].
- [x] ***(QA)*** Ensure that there are no outstanding merge requests in the private repository[^1] (Subscription Edition only).
- [x] ***(QA)*** Ensure all merge requests marked for backporting have been indeed backported.
## Before the Tagging Deadline
- [x] ***(QA)*** Inform Support/Marketing of impending release (and give estimated release dates).
- [x] ***(QA)*** Check Perflab to ensure there has been no unexplained drop in performance for the versions being released.
- [x] ***(SwEng)*** Update API files for libraries with new version information.
- [x] ***(SwEng)*** Change software version and library versions in `configure.ac` (new major release only).
- [x] ***(SwEng)*** Rebuild `configure` using Autoconf on `docs.isc.org`.
- [x] ***(SwEng)*** Update `CHANGES`.
- [x] ***(SwEng)*** Update `CHANGES.SE` (Subscription Edition only).
- [x] ***(SwEng)*** Update `README.md`.
- [x] ***(SwEng)*** Update `version`.
- [x] ***(SwEng)*** Build documentation on `docs.isc.org`.
- [x] ***(QA)*** Check that all the above steps were performed correctly.
- [x] ***(QA)*** Check that the contents of release notes match the merge requests comprising the releases.
- [x] ***(QA)*** Check that the formatting is correct for text, PDF, and HTML versions of release notes.
- [x] ***(SwEng)*** Tag the releases[^2]. (Tags may only be pushed to the public repository for releases which are *not* security releases.)
- [x] ***(SwEng)*** If this is the first tag for a release (e.g. beta), create a release branch named `release_v9_X_Y` to allow development to continue on the maintenance branch whilst release engineering continues.
## Before the ASN Deadline (for ASN Releases) or the Public Release Date (for Regular Releases)
- [x] ***(QA)*** Verify GitLab CI results for the tags created and prepare a QA report for the releases to be published.
- [x] ***(QA)*** Request signatures for the tarballs, providing their location and checksums.
- [x] ***(Signers)*** Validate tarball checksums, sign tarballs, and upload signatures.
- [x] ***(QA)*** Verify tarball signatures and check tarball checksums again.
- [x] ***(Support)*** Pre-publish ASN and/or Subscription Edition tarballs so that packages can be built.
- [x] ***(QA)*** Build and test ASN and/or Subscription Edition packages.
- [x] ***(QA)*** Notify Support that the releases have been prepared.
- [x] ***(Support)*** Send out ASNs (if applicable).
## On the Day of Public Release
- [x] ***(Support)*** Wait for clearance from Security Officer to proceed with the public release (if applicable).
- [x] ***(Support)*** Place tarballs in public location on FTP site.
- [x] ***(Support)*** Publish links to downloads on ISC website.
- [x] ***(Support)*** Write release email to *bind-announce*.
- [x] ***(Support)*** Write email to *bind-users* (if a major release).
- [x] ***(Support)*** Update tickets in case of waiting support customers.
- [x] ***(QA)*** Build and test any outstanding private packages.
- [x] ***(QA)*** Build public packages (`*.deb`, RPMs).
- [x] ***(QA)*** Inform Marketing of the release.
- [x] ***(QA)*** Update the internal [BIND release dates wiki page](https://wiki.isc.org/bin/view/Main/BindReleaseDates) when public announcement has been made.
- [x] ***(Marketing)*** Post short note to Twitter.
- [x] ***(Marketing)*** Update [Wikipedia entry for BIND](https://en.wikipedia.org/wiki/BIND).
- [x] ***(Marketing)*** Write blog article (if a major release).
- [x] ***(QA)*** Ensure all new tags are annotated and signed.
- [x] ***(SwEng)*** Push tags for the published releases to the public repository.
- [x] ***(SwEng)*** Merge the automatically prepared `prep 9.X.Y` commit which updates `version` and documentation on the release branch into the relevant maintenance branch (`v9_X`).
- [x] ***(QA)*** For each maintained branch, update the `BIND_BASELINE_VERSION` variable for the `abi-check:sid:amd64` job in `.gitlab-ci.yml` to the latest published BIND version tag for a given branch.
[^1]: If not, use the time remaining until the tagging deadline to ensure all outstanding issues are either resolved or moved to a different milestone.
[^2]: Preferred command line: `git tag -u <DEVELOPER_KEYID> -a -s -m "BIND 9.X.Y[alphatag]" v9_X_Y[alphatag]`, where `[alphatag]` is an optional string such as `b1`, `rc1`, etc.April 2020 (9.11.18, 9.16.2, 9.17.1)Michał KępieńMichał Kępień2020-04-15https://gitlab.isc.org/isc-projects/stork/-/issues/231Links to Grafana2020-04-16T19:55:33ZTomek MrugalskiLinks to GrafanaWe need a better intergration with Grafana. For the time being we could add the following:
- [x] ~~ability to open Grafana in iframe. This is lightweight and would look as visually integrated solution. (I've attached a mockup of how thi...We need a better intergration with Grafana. For the time being we could add the following:
- [x] ~~ability to open Grafana in iframe. This is lightweight and would look as visually integrated solution. (I've attached a mockup of how this could look like).~~ @godfryd tried this and it was infeasible due to XSS protections. WE opted to go with dedicated links on stork pages.
- [ ] for the demo in April, the link could be hardcoded
- [x] for the 0.7 release, we could have the Grafana (and Prometheus) links configurable in the db.0.7Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/stork/-/issues/239settings can be broken when -1 is entered as interval2020-04-16T15:54:35ZMichal Nowikowskisettings can be broken when -1 is entered as interval@tomek:
I misconfigured data pulling intervals. One of them was configured to 0 and another one to -1.
When I clicked Save settings, it was accepted. But something snapped internally and now Stork doesn't let fix my "mistake". When I t...@tomek:
I misconfigured data pulling intervals. One of them was configured to 0 and another one to -1.
When I clicked Save settings, it was accepted. But something snapped internally and now Stork doesn't let fix my "mistake". When I try to view the seetings, there's error message popping up: "Getting settings erred: Unknown Error" and the form is empty. Also, the grafana link disappeared after that.
Anyway, this is almost malicious negligence on the user side, so I'm very much ok if you want to push this to separate ticket and put it in the backlog category...https://gitlab.isc.org/isc-projects/stork/-/issues/203Handle incorrect DB credentials better.2020-04-16T15:51:04ZTomek MrugalskiHandle incorrect DB credentials better.The following discussion from !87 should be addressed:
- [ ] @tomek started a [discussion](https://gitlab.isc.org/isc-projects/stork/-/merge_requests/87#note_116349): (+1 comment)
> Install server using DEB on ubuntu 19.10. I did ...The following discussion from !87 should be addressed:
- [ ] @tomek started a [discussion](https://gitlab.isc.org/isc-projects/stork/-/merge_requests/87#note_116349): (+1 comment)
> Install server using DEB on ubuntu 19.10. I did not modify server.env yet. Here's what I saw:
>
> ```
> mar 13 12:34:10 billabong stork-server[13274]: INFO[2020-03-13 12:34:10] main.go:18 Starting Stork Server, version 0.4.0, build date 2020-03-13 10:13
> mar 13 12:34:10 billabong stork-server[13274]: database password:
> mar 13 12:34:10 billabong stork-server[13274]: 2020/03/13 12:34:10 inappropriate ioctl for device
> ```
>
> Two comments:
>
> 1. printing database password must go away.
> 2. the "inappropriate ioctl for device" message is confusing. I suspect the reason is that I haven't set values in server.env, but the error message should be more meaningful. Maybe some check if those are not defined or empty? Some empty params are ok (e.g. password).0.7Michal NowikowskiMichal Nowikowski