Skip to content

Standup Notes 2020 11 25

Jump to bottom
Erik Moeller edited this page Nov 26, 2020 · 2 revisions

Participants (alphabetical): Allie, Conor, Erik, John, Kevin, Kushal, Mickael, Nina, Ro

Topics and Call-outs

SecureDrop Client / Qt issue

(Allie) This is similar to issue we saw previously w/ widget creation in repolish event. We don't know root cause yet. The previous one would cause segfault; this one doesn't. Poking at debug logs. Seems like other versions of PyQt don't have this bug, specific to OS build of this package.

  • Investigating workaround vs. installing a different version. Want to avoid unverified wheels; may have to build our own wheel.

(Kushal) I started poking at it as well. Note that https://github.com/freedomofpress/securedrop-client/issues/273 no longer segfaults on Debian Buster. After fighting with Qt/PyQt, I'm at a step where we can set a breakpoint in any C++ part of the code. Rebuilding Debian Buster's Qt so we can install that & see the specific backtrace/error. Aiming to write a blog post describing this in more detail.

(Allie) Awesome news. We also have docs PR that would be useful to get in. https://github.com/freedomofpress/securedrop-client/pull/1089

(Kushal) I started from that. But even with Debian debug symbols we're still missing source code. I think rebuilding Debian upstream package will be easier than wheels. Regarding pyside2, note that Micah has already migrated OnionShare. Two main things: import statements, Signal names.

(Mickael) Would hold off on pyside2 given the relative complexity of the SecureDrop Client.

(Allie) I think it would be a complex migration; a spike could make sense. Why would we want to do it?

(Kushal) It's the official bindings by the Qt folks.

(Allie) The bug is that when we're applying the stylesheet to the source widget on update, it doesn't apply correctly. Need to consider different workarounds, could get messy (e.g., widget duplication).

(Kushal) If you can give me exact STR, I can see if I can reproduce in local build (on Debian Buster, using Debian-provided PyQt with debug symbols).

Allie

Yesterday:

Today: Cont'd on ^^

Blockers or Asks: None

Conor

Yesterday:

Today:

  • bugcrowd ticket reopened (was closed last week)

Blockers or Asks:

  • mickael let's pair on bugcrowd response

Erik

Yesterday:

Today:

  • ^^
  • May refactor pytest refactor into an independent SDK PR

Blockers or Asks: Mickael, would be good to book a bit of your time before I apply updates to live threat model

Kev

Yesterday:

  • Reviewing John's PR for QA loader w/ Allie; we found a couple of issues that were more due to not understanding expected behavior. One outstanding issue: DB should probably be reset as part of load procedure. Otherwise looking good.
  • Looked at DrG's PR for updating journalist-key route in Source UI. Put in a change request for adding a redirect from old path.

Today:

  • Staying in review land! Poking at docs PRs
  • May look at playbook behavior we just discussed to provide more useful info.

Blockers or Asks: None

Kushal

Today:

  • Qt/GDB

Tomorrow:

  • ^^

Blockers or Asks: None

Mickael

Yesterday:

Today:

Blockers or Asks: There was some quay.io errors (502) but looks resolved

Nina

Yesterday:

Today:

Blockers or Asks:

Ro

Yesterday:

  • Support comms, Redmine cleanup comms
  • #5265
  • molecule learning

Today:

  • Molecule/ansible/qubes-staging learning
    • A little stuck trying to understand when certain files are pulled in/used during testinfra (it looks like there are both .j2 app-staging iptables rules and also hardcoded app-staging iptables rules in /testinfra/vars/app-staging.yml). I may take a break from this and revisit later
  • Usual support comms, also closed out some old/unused Redmine projects per yesterday's comms
  • After standup: Workstation provisioning walkthrough (my own)

Blockers or Asks:

  • Blocker: probably just need to spend some more time on molecule
  • Kev: let's check in on Wire to solidify upcoming workstation provisioning date/people
Clone this wiki locally