Bodhi 4.0.0 released

This is a major release with many backwards incompatible changes.

Backwards incompatible changes

• Values NULL and 0 are not allowed in update's stable_karma and unstable_karma (#1029).
• Updates no longer have a title attribute. This affects many elements of Bodhi's REST API,
  including URLs (update titles can no longer be used to reference updates, only aliases), REST API
  data structures, and Bodhi's messages (#186, #1542, #1714, and #1946).
• The prefer_ssl setting has been renamed to libravatar_prefer_tls and now defaults to
  True instead of None (#1921).
• Integration with pkgdb is no longer supported (#1970).
• The /admin/ API has been removed (#1985).
• The relationship between Packages and Users was dropped. As a result, the packages
  parameter in users query API has also been removed (#1997).
• Support for CVE tracking was dropped. It was technically not possible to use the feature, so it
  is unlikely to affect any deployments (#1998).
• The processing update status has been removed (#1999).
• The /masher API has been removed (#2024).
• Default sqlalchemy.url setting points to PostgreSQL instead of SQLite (#2040).
• The Masher was renamed to Composer. As a result, the bodhi-clean-old-mashes
  script was renamed to bodhi-clean-old-composes, notification topics mashtask.start,
  mashtask.mashing, mashtask.complete, mashtask.sync.wait and
  mashtask.sync.done was renamed to compose.start, compose.composing,
  compose.complete, compose.sync.wait and compose.sync.done, configuration
  settings mash_dir, mash_stage_dir and max_concurrent_mashes was renamed to
  compose_dir, compose_stage_dir and max_concurrent_composes (#2151).
• The bodhi-monitor-composes script has been removed (#2171).
• The stacks feature has been removed (#2241).
• The bodhi-manage-releases script has been removed (#2420).
• Support for anonymous comments was dropped. As a result, the anonymous field on the Comment
  object was removed and comments query API parameter anonymous was dropped. All
  captcha.* settings were removed (#2700).
• Bodhi client and server no longer support Python 2. Python 3.6+ are the only supported Python
  releases (#2759).
• Support for the ci_url on the Build object was dropped (#2782).
• Support for active_releases parameter in updates query API was dropped (#2815).
• Support for fedmsg has been dropped (#2838).
• The /updates/ALIAS/TITLE API has been removed (#2869).
• Support for update's old_updateid was dropped (#2903).
• The UI no longer has fedmsg integrations to show events happening elsewhere in Bodhi
  (#2913).
• Support for update's greenwave_unsatisfied_requirements was dropped (#2958).
• The batching feature was dropped, and thus updates can no longer be in the batched request state.
  As a result, the bodhi-dequeue-stable CLI has also been removed (#2977).
• Support for obsolete scripts in tools folder was dropped (#2980).
• Support for update's greenwave_summary_string has been dropped (#1339 and #2988).
• Bug objects no longer include a private field (#3016).
• The CLI now defaults to the --wait flag when creating or editing buildroot overrides. The
  old behavior can be achieved with the --no-wait flag (#3006).
• All messages and API responses that serialize updates no longer have a submitter field. This
  was redundant with the included user.name field, and was only in place for compatibility
  with Bodhi 1 which was EOL many years ago (#3144).
• All of Bodhi's fedmsgs have been changed. A new bodhi.messages packages has been added with new
  published message schemas. Note that only the fields listed in the documented schemas are
  supported in Bodhi 4, even though Bodhi still sends messages similar to the messages it sent in
  the past. Message consumers should not rely on any undocumented fields in these messages. If you
  need information that is not included in the supported schema, please work with the Bodhi project
  to get the schema adjusted accordingly. Bodhi's messages are now documented.

Dependency changes

• pkgdb is no longer required (#1970).
• cryptography is no longer required (#2700).
• Fonts are no longer required for the captcha (Bodhi previously defaulted to using
  liberation-mono-fonts, but this wasn't a strict requirement since the font was configurable)
  (#2700).
• pillow is no longer required (#2700).
• six is no longer required for the client or server (#2759).
• bodhi-server now depends on bodhi-messages.
• kitchen is no longer required (#3094).
• hawkey is no longer required.
• PyYAML is now a required dependency (#3174).
• Bodhi now requires Python 3.6 or greater (#2856).
• Bodhi no longer uses or works with fedmsg.
• Backoff is now a required dependency (#3237).

Server upgrade instructions

The Bodhi server must be upgraded from Bodhi 3.13.0 or newer to 4.0.0 (i.e., it is not supported to
upgrade a server older than 3.13.0 directly to 4.0.0 as 4.0.0 has trimmed database migrations from
the older releases.

This release contains database migrations. To apply them, run:

$ sudo -u apache /usr/bin/alembic -c /etc/bodhi/alembic.ini upgrade head

Features

• Bodhi now provides a RateLimiter log filter and documents how to use it. Together with
  pyramid_sawing it is now possible to get rate limited e-mail tracebacks from the web server
  (#969).
• All updates in a release are set to obsolete status when the release is archived (#2204).
• Bodhi will now comment on updates when their test gating status changes (#2210).
• bodhi-push now blocks composing retired releases (#2555).
• A new bodhi.messages Python package has been added as a convenience for Python consumers
  who wish to subscribe to Bodhi's messages (#2842).
• Bodhi can now create zchunked updateinfo.xml files (#2904).
• The server has a new warm_cache_on_start setting, defaulting to True. It is mostly
  useful when developing Bodhi and controls whether the Bodhi initialization should build caches or
  not (#2942).
• The compose states are now documented (#2974).
• Added a database index on build.update_id, which sped up some common queries
  (#3038).
• Log messages are emitted when buildroot overrides are expired to explain why they were expired
  (#3060).
• A missing database index was discovered on comments.update_id. Adding it improved
  performance of a common query by about 99.7% and as a result many Bodhi operations are much faster
  now, including update retrieval in the API, CLI, and web UI (#3062 and #3201).
• The CLI now allows users to add and remove builds from updates with --addbuilds and
  --removebuilds flags (#3125).
• Users can now use markdown to easily reference GCC and Sourceware tickets (#3129).
• A new log message is emitted when an update is blocked due to test gating (#3143).
• The CLI can now download debuginfo with the new --debuginfo flag (#3148).

Bug fixes

• Since the active_releases query parameter was dropped, an issue causing strange pagination
  results is no longer present (#2316).
• Waiver details are now displayed in the web UI (#2365).
• The JavaScript will no longer crash when run in Fedora's staging environment (#2523).
• Fixed a crash in Bodhi's error handler (#2588).
• Fixed a crash on the HTML rendering of /composes/ when composes were in a particular state
  (#2826).
• Correctly handle ConnectionResetError in the Composer (#2850).
• The CLI's composes info subcommand is now documented in its man page (#2927).
• The mail.templates_basepath setting is now documented (#2931).
• Fixed pipeline results showing with heading 'undefined' (#2969).
• Compare enum values instead of descriptions (#3012 and #3119).
• The bodhi-approve-testing script is a lot less chatty (#3021).
• Bodhi's API can now serialize internal server errors as JSON so that the clients can properly
  display error messages (#3035).
• The --composed-by-bodhi flag is now documented in the bodhi man page (#3085).
• A variety of spelling and grammatical errors were fixed (#3131).
• Bodhi's markdown now uses TLS for links to pear in its markdown (#3173).
• Stop using an API that dnf removed (#3198).
• Do not crash on invalid RSS requests (#3227).

Development improvements

• Removed flash_log, since it didn't make sense (#1165).
• Removed some useless assert statements (#1200, #2848, and #2888).
• An unused enum value was removed (#1999).
• The integration tests now run against all supported Fedora releases (#2824).
• Bodhi's release process is now documented (#2918).
• met_testing_requirements() got a much needed rename and refactor (#3158).
• The Vagrant box now uses the same number of CPUs as the host (#3197).
• Numerous docblock corrections and improvements.
• Introduced type annotation to a few modules and added CI enforcement on them with mypy.
• Numerous improvements have been made to Bodhi's CI tests, including expanded test coverage.
• The Vagrant environment now uses unsafe IO for a small speed boost.
• The integration tests run more efficiently now.

Contributors

The following developers contributed to Bodhi 4.0.0:

• Adam Williamson
• Anatoli Babenia
• Aurélien Bompard
• Clement Verna
• Jeremy Cline
• Jonathan Dieter
• Josh Soref
• Mattia Verga
• Miro Hrončok
• Nils Philippsen
• Owen W. Taylor
• Patrick Uiterwijk
• Sebastian Wojciechowski
• Troy Dawson
• Randy Barlow

Bodhi 3.14.0 released

This is a feature release.

Features

• Use flatpaks/ namespace for Flatpaks, and make it configurable.
  (#2924, #3052).
• Add json response handler for server internal errors (#3035).

Bug fixes

• Fix HTTP 500 errors when viewing composes (#2826).
• Set log level to ERROR in bodhi-approve-testing (#3021).

Development improvements

• Log why buildroot overrides are expired (#3060).

Bodhi 3.13.3 released

This is a bugfix release.

Server upgrade instructions

This release contains database migrations. To apply them, run::

$ sudo -u apache /usr/bin/alembic -c /etc/bodhi/alembic.ini upgrade head

Bug fixes

• Mark updates as "tests ignored" if Greenwave fails to respond (#3044).

Bodhi 3.13.2 released

This is a bugfix release.

Server upgrade instructions

This release contains database migrations. To apply them, run:

$ sudo -u apache /usr/bin/alembic -c /etc/bodhi/alembic.ini upgrade head

Bug fixes

• Allow the bugs.private database column to be NULL (#3024).
• Remove misplaced variable in the update template (#3025).

Contributors

The following developers contributed to Bodhi 3.13.2:

• Aurélien Bompard
• Randy Barlow

Bodhi 3.13.1 released

Server upgrade instructions

No special instructions are needed for this release.

Bug fix

This is a bugfix release, addressing an issue that was introduced in
3.13.0:

• Gracefully handle private bugs via a different approach than was used
  in 3.13.0 (#3016 and #344).

Bodhi 3.13.0 released

This is a feature release.

Deprecations

• Authentication with OpenID is deprecated (#1180).
• bodhi-untag-branched is deprecated (#1197).
• The Update's title field is deprecated (#1542).
• Integration with pkgdb is deprecated (#1970).
• Support for Python 2 is deprecated (#1871 and #2856).
• The /masher/ view is deprecated (#2024).
• bodhi-monitor-composes is deprecated (#2171).
• The stacks feature is deprecated (#2241).
• bodhi-manage-releases is deprecated (#2420).
• Anonymous comments are deprecated (#2700).
• The ci_url attribute on Builds is deprecated (#2782).
• The active_releases query parameter on the Updates query URL is deprecated (#2815).
• Support for fedmsg is deprecated (#2838).
• Support for Bodhi 1's URL scheme is deprecated (#2869 and #2903).
• The /admin/ API is deprecated (#2899).
• The fedmsg UI integration is deprecated (#2913).
• CVE support is deprecated (#2915).

Dependency changes

• Bodhi no longer requires iniparse (a910b61).
• Bodhi now requires fedora_messaging (e30c5f2).

Server upgrade instructions

This release contains database migrations. To apply them, run:

$ sudo -u apache /usr/bin/alembic -c /etc/bodhi/alembic.ini upgrade head

Features

• A new bodhi-shell CLI is included with the server package that initialized a Python shell
  with some handy aliases that are useful for debugging Bodhi (#1792).
• Updates that obsolete security updates will now be set as security updates themselves
  (#1798)
• The CLI no longer crashes when creating multiple buildroot overrides in one command
  (#2031).
• The CLI can now display information about waivers (#2267).
• Releases can now be marked as not being composed by Bodhi, which will be useful if we want to use
  Bodhi to tag builds into releases without composing those releases, e.g., Fedora Rawhide
  (#2317).
• BuildrootOverrides are now prevented for builds that fail the test gating status (#2537).
• The web interface now displays instructions for installing updates (#2799).
• The CLI now has flags that allow users to override the OpenID API URL to use. This is useful
  for deployments that aren't for Fedora and also for developers, who can use it to authenticate
  against a different OpenID server than Fedora's production instance (Fedora's staging instance is
  nice to use for this) (#2820).
• The web UI search box uses a slightly longer delay before issuing the search request
  (51c2fa8).
• Messages can now be published by fedora_messaging, a replacement for fedmsg
  (e30c5f2).
• Associating updates with private Bugzilla tickets is now handled gracefully (7ac316a).

Bug fixes

• The bodhi-approve-testing CLI script is now more resilient against failures (#1016).
• The update edit page will return a HTTP 403 instead of a HTTP 400 if a user tries to edit an
  update they don't have permissions to edit (#1737).
• The bodhi CLI now has a --wait flag when creating BuildrootOverrides that will cause
  bodhi to wait on Koji to finish adding the override to the buildroot before exiting
  (#1807).
• The waive button is now displayed on locked updates (#2271).
• Editing an update with the CLI no longer sets the type back to the default of bugfix
  (#2528).
• bodhi-approve-testing now sets up a log handler (#2698).
• Some missing commands were added to the bodhi man page (1e6c259).
• A formatting issue was fixed in the command line client (996b4ec).

Development improvements

• bodhi-ci now has an integration test suite that launches a live Bodhi server, some of its
  network dependencies, and tests it with some web and CLI requests (2430433).
• bodhi-ci's status report now displays the run time for finished tasks (26af5ef).
• bodhi-ci now prints a continuous status report, which is helpful in knowing what it is
  currently doing (f3ca62a).
• We now do type checking enforcement on bodhi-ci (2c07005).

Contributors

The following developers contributed to Bodhi 3.13.0:

• Aurélien Bompard
• Jeremy Cline
• Mattia Verga
• Ryan Lerch
• Sebastian Wojciechowski
• Vismay Golwala
• Randy Barlow

Bodhi 3.12.0 released

This is a small feature release.

Server upgrade instructions

No special actions are needed when applying this update.

Features

• Add a new bugzilla_api_key setting so that Bodhi can authenticate with an API key instead of
  a username and password. It is hoped that this will solve an issue Bodhi has been experiencing
  with Red Hat's Bugzilla instance since it upgraded to version 5, where Bodhi is often told it
  needs to log in to Bugzilla when making changes to issues (#2827).
• Logging around Bodhi's use of the Bugzilla API is expanded (#2831).

Contributors

The following developers contributed to Bodhi 3.12.0:

• Randy Barlow

Bodhi 3.11.3 released

This is a bugfix release.

Server upgrade instructions

No special actions are needed when applying this update.

Bug fixes

• Correctly handle multiple builds with the search form in the new update JavaScript web UI code
  (#2791).

Contributors

The following developers contributed to Bodhi 3.11.3:

• Mattia Verga

Bodhi 3.11.2 released

This is a bugfix release, addressing an issue that was solved incorrectly with 3.11.1.

Server upgrade instructions

No special actions are needed when applying this update.

Bug fixes

• Correctly catch http.client.IncompleteRead while Composing and retry (#2758).

Contributors

The following developers contributed to Bodhi 3.11.2:

• Randy Barlow

Bodhi 3.11.1 released

This is a bugfix release, addressing a few issues with running Bodhi under Python 3.

Server upgrade instructions

No special actions are needed when applying this update.

Bug fixes

• Pass the correct type, str, to smtplib.SMTP.sendmail() for its to and from address
  parameters (#2756).
• Allow EnumSymbols to be sorted (#2757).
• Catch http.client.IncompleteRead while Composing and retry (#2758).
• Correctly handle timestamps from Koji (#2768).
• Do not reverse the logout/reboot options in the web UI on Python 3 (#2778).
• The captcha now works under Python 3 (#2786).

Contributors

The following developers contributed to Bodhi 3.11.1:

• Patrick Uiterwijk
• Randy Barlow