#26 EPEL should enforce erratum title length
Opened 4 years ago by stbenjam. Modified 2 years ago

There are errata in both EPEL6 and EPEL6 that have very long erratum titles (basically the entire package list). This causes issues with Katello (www.katello.org), as we only alot 255 varchar to the title:

{{{
PGError: ERROR: value too long for type character varying(255) : UPDATE "katello_errata" SET "title" = 'trytond-account-1.8.0-3.el6,trytond-account-be-1.8.0-3.el6,trytond-account-de-skr03-1.8.0-3.el6,trytond-account-invoice-1.8.0-3.el6,trytond-account-invoice-history-1.8.0-3.el6,trytond-account-invoice-line-standalone-1.8.0-3.el6,trytond-account-product-1.8.0-3.el6,trytond-account-statement-1.8.0-3.el6,trytond-analytic-account-1.8.0-3.el6
}}}

Pulp also encounters similar issues for some errata, where the name is too long for Mongo:

{{{
Dec 17 12:03:14 satellite pulp: nectar.downloaders.threaded:ERROR: Download of http://dl.fedoraproject.org/pub/epel/6Server/x86_64/treeinfo failed with code 404: Not Found
Dec 17 12:03:15 satellite pulp: pulp.plugins.conduits.mixins:ERROR: Content unit association failed [Unit [key={'id': 'FEDORA-EPEL-2014-3700'}] [type=erratum] [id=None]]
}}}


Can't you simply use the FEDORA-EPEL-YYYY-NNNN ?

ie:

https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-0250

In any case, wouldn't this be better to discuss with bodhi upstream rather than ask epel to change anything?

Thanks for the quick reply!

Both pulp and katello store the entire erratum, so we do have FEDORA-EPEL-YYYY-NNNN as well.

In both projects, we still have to allocate a database column for the title, the description is a blob/text, not sure the title should be. It seems reasonable to expect the title to be, well, some typical title size.

Looking through the updateinfo.xml for EPEL6 and 7, there's a number of these.

Do you have any suggestions about how we can get them corrected?

Well, to clarify, I meant that bodhi uses the identifier and the list of updates in there is just for a handy way for qa folks to see whats in the update. As requested by them years ago when we setup this method.

‚Äčhttps://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-0250/anything-you-want-to-type

will still get the same update.

So, you could make the title the FEDORA-EPEL-YYYY-NNN always?

as for "corrected" note that EPEL and Fedora use the same instance of bodhi. ANY change to titles and behaviors needs to get run by Fedora QA and Bodhi upstream developers. You are proposing we truncate them at 255 chars?

Not sure I understand your suggestion to use the erratum ID - we already store this, but we're not going to drop the title in favor of display the ID to users. We need a useful title, it's displayed in Katello and Pulp UI/CLI, email reports, etc.

For Red Hat itself, we don't find they've ever issued an errata with a title longer than 255, so I think it would make sense to set some kind of standard for the length upstream.

In the interim is there any way for us to get the existing errata in updateinfo.xml to have the right length - would it take issuing updates for each erratum in Bodhi?

The issue is that it is coming across that you are asking is that Fedora and EPEL change how they have been doing titles for 8->10 years because you have a 255 character limit. So while RHEL fits into that, its upstream does not and has not. Getting it changed will be a lot more yak shaving and politics than using a quick fix.

A quick fix could be to have if the title is larger than 255 characters to use the shorter erratum ID, a longer fix would be to change the title from 255 to something larger. A third fix would be to recommend not using Katello for Fedora or EPEL.

I think it's useful to have the long descriptive strings in Bodhi, personally. It's nice to glance at the links (in Bugzilla or wherever) and know what packages are in that update.

Can Katello truncate the string value at 255 characters before inserting it into postgres? (Or alternatively, use a larger database field?)

Sorry, that is totally backwards. A list of dozens of packages isn't a "title" - a title should be a short description to know why I would want to apply an erratum - e.g. "openssl updates to fix heartbleed", not a package list, which already belongs in <pkglist>!

{{{
The issue is that it is coming across that you are asking is
that Fedora and EPEL change how they have been doing titles
for 8->10 years because you have a 255 character limit. So
while RHEL fits into that, its upstream does not and has not.
Getting it changed will be a lot more yak shaving and politics
than using a quick fix.
}}}

No, I'm asking EPEL and Fedora to change how they do things to make sense. I have no problem making sure we handle long titles in Katello in a sensible way instead of failing, and we will do that. I have no control over Pulp, and I hope they do the same. But I don't see how you think it's valid for EPEL and Fedora to abuse title to display something that's not particularly useful to users, and a duplication of data that's already in an erratum.

Really I know I don't have a leg to stand on - there's no defined schema for updatainfo.xml that I know of, so if you want to make the titles the complete works of Shakespeare, you're not breaking any rules.

That doesn't mean it's not ridiculous.

Does the Fedora policy change process also apply to EPEL (http://fedoraproject.org/wiki/Changes/Policy)?

I can file a change request there, if you think that anyone would consider it useful.

It would be that either Bodhi require helpful (and limited length) titles for errata, or truncate the existing package list (even if that's only in the yum metadata title) to a length that anybody working with it can rely on.

stbenjam, yes it is a trickle down effect. Most of our updates, changes etc roll out of Fedora so if they change how they do things, then EPEL will get those changes. If they don't change then we won't see any change.

It might also help to have the communication in long form with exactly what you are seeing and using in case people are talking past each other on terms. EG you are using a field which we call title that you expect to be used for a short thing but we use a field called SHORT for that and we have been argueing over semantics versus constructive dialog.

Hi, perhaps I can shed some light from Pulp's perspective. When we sync an errata from a repository (such as epel), we parse all the properties of the errata. To facilitate searching we index the "id", "title", "version", "release", "type", "status", "updated", "issued", "severity", and "references" fields. Since Pulp uses Mongo internally we have a hard limit on index keys of 1024 bytes (http://docs.mongodb.org/manual/reference/limits/).

Most of the time erratum titles are along the lines of "NetworkManager bug fix and enhancement update". This bug was opened because in a few cases we have found the entire package list used for the title, eg. <title>"trytond-account-1.8.0-3.el6,trytond-account-be-1.8.0-3.el6,trytond-account-de-skr03-1.8.0-3.el6,trytond-account-invoice-1.8.0-3.el6,trytond-account-invoice-history-1.8.0-3.el6,trytond-account-invoice-line-standalone-1.8.0-3.el6,trytond-account-product-1.8.0-3.el6,trytond-account-statement-1.8.0-3.el6,trytond-analytic-account-1.8.0-3.el6,...</title>

As smooge said, this could ban an issue with a misunderstanding of terminology. What is the intended purpose of the <title> element within a given <update>?

Bodhi's way of working is entirely targeted towards packages maintainers, every erratum title is just the package list with some additional info on the end (e.g. 'enhancement update'). I didn't realize that at first...

Most are just one package though so it generally doesn't cause an issue and looks like the example you gave (NetworkManager bug fix update), but others have dozens and dozens of packages. When Bodhi generates the metadata as part of the repo mashing process, it's just dumping the title used there into the updateinfo.xml title tag.

Is Pulp going to truncate the title now, or are you wanting this to get changed on the Fedora side?

For Fedora to use descriptive short titles in Bodhi is going to be a big change, and a political one. Although, Bodhi could truncate the package list in the XML during the mashing process probably without any ill effects (does anyone else consume the data?)...
https://git.fedorahosted.org/cgit/bodhi.git/tree/bodhi/metadata.py#n251

It would be nice if yum-security specified a schema so that we could definitively point to it and say <title> must be < 256 characters...

I'll confess I too would love a valid schema for yum-security.

I've reverse engineered(1) things I've seen in the wild, but a specific schema from the plugin would be very helpful.

(1) https://cdcvs.fnal.gov/redmine/projects/python-updateinfo/repository/revisions/master/entry/docs/updateinfo.xsd

I've made a request to Bodhi: https://fedorahosted.org/bodhi/ticket/771

In the end this is really a Bodhi technical issue and/or a Fedora political one, and not limited to EPEL so this issue itself can be closed if you want.

Thanks for the feedback...

Login to comment on this ticket.

Metadata