You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by Szalay-Bekő Máté <sz...@gmail.com> on 2022/12/16 12:28:19 UTC
[VOTE] Apache ZooKeeper release 3.6.4 candidate 1
This is a bugfix release candidate for 3.6.4. It fixes 41 issues, including
CVE fixes,
log4j1 removal (using reload4j from now) and various other bug fixes
(thread leaks, data
corruption, snapshotting and SASL related fixes).
Please note, that based on our Release Strategy (
https://zookeeper.apache.org/releases.html#release-strategy) branch 3.6
should become end-of-life and most likely 3.6.4 will be our last 3.6
release.
The full release notes is available at:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12350076
*** Please download, test and vote by December 28th 2022, 23:59 UTC+0. ***
Source files:
https://people.apache.org/~symat/zookeeper-3.6.4-rc1/
Maven staging repo:
https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.6.4/
The release candidate tag in git to be voted upon: release-3.6.4-1
https://github.com/apache/zookeeper/commits/release-3.6.4-1
(please note, branch-3.6.4 will move here only after the vote)
ZooKeeper's KEYS file containing PGP keys we use to sign the release:
https://www.apache.org/dist/zookeeper/KEYS
The staging version of the website is:
https://people.apache.org/~symat/zookeeper-3.6.4-rc1/website/
Should we release this candidate?
Best regards,
Máté
Re: [VOTE] Apache ZooKeeper release 3.6.4 candidate 1
Posted by Szalay-Bekő Máté <sz...@gmail.com>.
I think it is best to fix this issue before doing the release, especially
as Chris already provided the fix. Thank you for working on it!! Also
thanks Enrico for the quick review!
I merged ZOOKEEPER-4654
<https://issues.apache.org/jira/browse/ZOOKEEPER-4654> to all branches and
will include it also to RC 2.
I am cancelling this VOTE and will send a new one soon.
Best regards,
Máté
On Sat, Dec 17, 2022 at 3:03 PM Szalay-Bekő Máté <sz...@gmail.com>
wrote:
> Hello Chris,
>
> I tried to reproduce the test build problem locally on docker, but was not
> able to do so. I used ubuntu 22.04 (which uses gcc 11 by default),
> installing gcc-12 (version: 12.1.0) and openssl (version: 3.0.2 15 Mar
> 2022).
>
> My steps were:
>
> docker run --volume ~/git:/git -it --rm ubuntu:22.04 /bin/bash
>
> apt update && apt install -y libcppunit-dev maven default-jdk-headless
> autoconf libtool gcc-12 g++-12 make software-properties-common pkg-config
> wget git python-setuptools openssl libssl-dev ant
> libsasl2-modules-gssapi-mit libsasl2-modules libsasl2-dev
> export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64
> update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 10
> update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-12 10
> g++ -v
> openssl version
> cd /git/apache-zookeeper-3.6.4/
> mvn clean install -DskipTests -Pfull-build
> cd zookeeper-client/
> mvn clean install -Pfull-build
>
> the C client compiled and all the tests compiled too. A single test
> continuously fails (I see the same test failing in CI), but I don't know if
> this is related to the gcc/library versions or (more likely) related to the
> test being executed in docker (because the test works for me on my host
> machine).
>
> [exec] what(): equality assertion failed
> [exec] - Expected: -101
> [exec] - Actual : -4
> [exec]
> [exec] Zookeeper_simpleSystem::testAsyncWatcherAutoResetFAIL:
> zktest-mt
>
> So the tests compiled for me, at least with gcc 12.1.0, and I saw no error
> message related to the fix you created in
> https://github.com/apache/zookeeper/pull/1967
> Or maybe I'm missing something.
>
> I'm OK to create a new RC with the proposed fix. But I am a bit
> uncomfortable with not being able to reproduce this problem locally. Also I
> would rather like to have some well defined gcc / library version
> combinations (maybe some widely used LTS linux distro / docker images)
> which we commit to support.
>
> Maybe I should test with your exact gcc version (12.2.0 instead of 12.1.0)
> or openssl version (3.0.7 instead of 3.0.2)? Or maybe this problem can be
> also caused by mismatch of the stdlib we use? or maybe make or libsasl?
>
> What do you think?
>
> Máté
>
>
>
> On Fri, Dec 16, 2022 at 10:15 PM Chris Nauroth <cn...@apache.org>
> wrote:
>
>> Unfortunately, I discovered one more problem: a similar compilation error
>> in C client test code. I filed this issue and pull request:
>>
>> https://issues.apache.org/jira/browse/ZOOKEEPER-4654
>> https://github.com/apache/zookeeper/pull/1967
>>
>> I must have been compiling only the product code and not the test code
>> when
>> I did my confirmation of branch-3.6 yesterday. Sorry about that.
>>
>> Since this is only test code, the argument is weaker for canceling the
>> vote
>> and creating a new RC with the fix. What do others think? I'd be fine
>> either way. (I haven't found any other issues with RC1.)
>>
>> Chris Nauroth
>>
>>
>> On Fri, Dec 16, 2022 at 4:31 AM Szalay-Bekő Máté <
>> szalay.beko.mate@gmail.com>
>> wrote:
>>
>> > +1 (binding)
>> >
>> > I did the following tests for the release candidate:
>> > - verified checksum and gpg signature of the artifacts
>> > - I built the source code (incl. the C-client, using -Pfull-build) on
>> > Ubuntu 20.04.5 using OpenJDK 8u352, maven 3.6.3 and GCC version 9.4.0
>> > - all the unit tests passed (both Java and C-client)
>> > - I also built and executed unit tests for zkpython
>> > - I also built the java code (without -Pfull-build) using other JDK
>> > versions: 11.0.15, 17.0.3, 18.0.1, 19.0.1 (but didn't run the tests this
>> > time, just used 'clean install -DskipTests')
>> > - checkstyle and spotbugs passed
>> > - apache-rat passed
>> > - owasp (CVE check) passed
>> > - fatjar built
>> > - I executed quick rolling-upgrade tests (using
>> > https://github.com/symat/zk-rolling-upgrade-test):
>> > - rolling upgrade from 3.5.10 to 3.6.4
>> > - rolling upgrade from 3.6.3 to 3.6.4
>> > - rolling upgrade from 3.6.4 to 3.7.1
>> > - rolling upgrade from 3.6.4 to 3.8.0
>> > - checked the generated documentation (zookeeper-docs/target/html)
>> > - compared generated release notes (
>> >
>> >
>> https://people.apache.org/~symat/zookeeper-3.6.4-rc1/website/releasenotes.html
>> > )
>> > with Jira (
>> >
>> >
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12350076
>> > )
>> >
>> > Best regards,
>> > Máté
>> >
>> > On Fri, Dec 16, 2022 at 1:28 PM Szalay-Bekő Máté <
>> > szalay.beko.mate@gmail.com>
>> > wrote:
>> >
>> > > This is a bugfix release candidate for 3.6.4. It fixes 41 issues,
>> > > including CVE fixes,
>> > > log4j1 removal (using reload4j from now) and various other bug fixes
>> > > (thread leaks, data
>> > > corruption, snapshotting and SASL related fixes).
>> > >
>> > > Please note, that based on our Release Strategy (
>> > > https://zookeeper.apache.org/releases.html#release-strategy) branch
>> 3.6
>> > > should become end-of-life and most likely 3.6.4 will be our last 3.6
>> > > release.
>> > >
>> > > The full release notes is available at:
>> > >
>> > >
>> >
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12350076
>> > >
>> > > *** Please download, test and vote by December 28th 2022, 23:59 UTC+0.
>> > ***
>> > >
>> > >
>> > > Source files:
>> > > https://people.apache.org/~symat/zookeeper-3.6.4-rc1/
>> > >
>> > > Maven staging repo:
>> > >
>> > >
>> >
>> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.6.4/
>> > >
>> > > The release candidate tag in git to be voted upon: release-3.6.4-1
>> > > https://github.com/apache/zookeeper/commits/release-3.6.4-1
>> > > (please note, branch-3.6.4 will move here only after the vote)
>> > >
>> > > ZooKeeper's KEYS file containing PGP keys we use to sign the release:
>> > > https://www.apache.org/dist/zookeeper/KEYS
>> > >
>> > > The staging version of the website is:
>> > > https://people.apache.org/~symat/zookeeper-3.6.4-rc1/website/
>> > >
>> > >
>> > > Should we release this candidate?
>> > >
>> > >
>> > > Best regards,
>> > > Máté
>> > >
>> >
>>
>
Re: [VOTE] Apache ZooKeeper release 3.6.4 candidate 1
Posted by Szalay-Bekő Máté <sz...@gmail.com>.
Hello Chris,
I tried to reproduce the test build problem locally on docker, but was not
able to do so. I used ubuntu 22.04 (which uses gcc 11 by default),
installing gcc-12 (version: 12.1.0) and openssl (version: 3.0.2 15 Mar
2022).
My steps were:
docker run --volume ~/git:/git -it --rm ubuntu:22.04 /bin/bash
apt update && apt install -y libcppunit-dev maven default-jdk-headless
autoconf libtool gcc-12 g++-12 make software-properties-common pkg-config
wget git python-setuptools openssl libssl-dev ant
libsasl2-modules-gssapi-mit libsasl2-modules libsasl2-dev
export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 10
update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-12 10
g++ -v
openssl version
cd /git/apache-zookeeper-3.6.4/
mvn clean install -DskipTests -Pfull-build
cd zookeeper-client/
mvn clean install -Pfull-build
the C client compiled and all the tests compiled too. A single test
continuously fails (I see the same test failing in CI), but I don't know if
this is related to the gcc/library versions or (more likely) related to the
test being executed in docker (because the test works for me on my host
machine).
[exec] what(): equality assertion failed
[exec] - Expected: -101
[exec] - Actual : -4
[exec]
[exec] Zookeeper_simpleSystem::testAsyncWatcherAutoResetFAIL: zktest-mt
So the tests compiled for me, at least with gcc 12.1.0, and I saw no error
message related to the fix you created in
https://github.com/apache/zookeeper/pull/1967
Or maybe I'm missing something.
I'm OK to create a new RC with the proposed fix. But I am a bit
uncomfortable with not being able to reproduce this problem locally. Also I
would rather like to have some well defined gcc / library version
combinations (maybe some widely used LTS linux distro / docker images)
which we commit to support.
Maybe I should test with your exact gcc version (12.2.0 instead of 12.1.0)
or openssl version (3.0.7 instead of 3.0.2)? Or maybe this problem can be
also caused by mismatch of the stdlib we use? or maybe make or libsasl?
What do you think?
Máté
On Fri, Dec 16, 2022 at 10:15 PM Chris Nauroth <cn...@apache.org> wrote:
> Unfortunately, I discovered one more problem: a similar compilation error
> in C client test code. I filed this issue and pull request:
>
> https://issues.apache.org/jira/browse/ZOOKEEPER-4654
> https://github.com/apache/zookeeper/pull/1967
>
> I must have been compiling only the product code and not the test code when
> I did my confirmation of branch-3.6 yesterday. Sorry about that.
>
> Since this is only test code, the argument is weaker for canceling the vote
> and creating a new RC with the fix. What do others think? I'd be fine
> either way. (I haven't found any other issues with RC1.)
>
> Chris Nauroth
>
>
> On Fri, Dec 16, 2022 at 4:31 AM Szalay-Bekő Máté <
> szalay.beko.mate@gmail.com>
> wrote:
>
> > +1 (binding)
> >
> > I did the following tests for the release candidate:
> > - verified checksum and gpg signature of the artifacts
> > - I built the source code (incl. the C-client, using -Pfull-build) on
> > Ubuntu 20.04.5 using OpenJDK 8u352, maven 3.6.3 and GCC version 9.4.0
> > - all the unit tests passed (both Java and C-client)
> > - I also built and executed unit tests for zkpython
> > - I also built the java code (without -Pfull-build) using other JDK
> > versions: 11.0.15, 17.0.3, 18.0.1, 19.0.1 (but didn't run the tests this
> > time, just used 'clean install -DskipTests')
> > - checkstyle and spotbugs passed
> > - apache-rat passed
> > - owasp (CVE check) passed
> > - fatjar built
> > - I executed quick rolling-upgrade tests (using
> > https://github.com/symat/zk-rolling-upgrade-test):
> > - rolling upgrade from 3.5.10 to 3.6.4
> > - rolling upgrade from 3.6.3 to 3.6.4
> > - rolling upgrade from 3.6.4 to 3.7.1
> > - rolling upgrade from 3.6.4 to 3.8.0
> > - checked the generated documentation (zookeeper-docs/target/html)
> > - compared generated release notes (
> >
> >
> https://people.apache.org/~symat/zookeeper-3.6.4-rc1/website/releasenotes.html
> > )
> > with Jira (
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12350076
> > )
> >
> > Best regards,
> > Máté
> >
> > On Fri, Dec 16, 2022 at 1:28 PM Szalay-Bekő Máté <
> > szalay.beko.mate@gmail.com>
> > wrote:
> >
> > > This is a bugfix release candidate for 3.6.4. It fixes 41 issues,
> > > including CVE fixes,
> > > log4j1 removal (using reload4j from now) and various other bug fixes
> > > (thread leaks, data
> > > corruption, snapshotting and SASL related fixes).
> > >
> > > Please note, that based on our Release Strategy (
> > > https://zookeeper.apache.org/releases.html#release-strategy) branch
> 3.6
> > > should become end-of-life and most likely 3.6.4 will be our last 3.6
> > > release.
> > >
> > > The full release notes is available at:
> > >
> > >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12350076
> > >
> > > *** Please download, test and vote by December 28th 2022, 23:59 UTC+0.
> > ***
> > >
> > >
> > > Source files:
> > > https://people.apache.org/~symat/zookeeper-3.6.4-rc1/
> > >
> > > Maven staging repo:
> > >
> > >
> >
> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.6.4/
> > >
> > > The release candidate tag in git to be voted upon: release-3.6.4-1
> > > https://github.com/apache/zookeeper/commits/release-3.6.4-1
> > > (please note, branch-3.6.4 will move here only after the vote)
> > >
> > > ZooKeeper's KEYS file containing PGP keys we use to sign the release:
> > > https://www.apache.org/dist/zookeeper/KEYS
> > >
> > > The staging version of the website is:
> > > https://people.apache.org/~symat/zookeeper-3.6.4-rc1/website/
> > >
> > >
> > > Should we release this candidate?
> > >
> > >
> > > Best regards,
> > > Máté
> > >
> >
>
Re: [VOTE] Apache ZooKeeper release 3.6.4 candidate 1
Posted by Chris Nauroth <cn...@apache.org>.
Unfortunately, I discovered one more problem: a similar compilation error
in C client test code. I filed this issue and pull request:
https://issues.apache.org/jira/browse/ZOOKEEPER-4654
https://github.com/apache/zookeeper/pull/1967
I must have been compiling only the product code and not the test code when
I did my confirmation of branch-3.6 yesterday. Sorry about that.
Since this is only test code, the argument is weaker for canceling the vote
and creating a new RC with the fix. What do others think? I'd be fine
either way. (I haven't found any other issues with RC1.)
Chris Nauroth
On Fri, Dec 16, 2022 at 4:31 AM Szalay-Bekő Máté <sz...@gmail.com>
wrote:
> +1 (binding)
>
> I did the following tests for the release candidate:
> - verified checksum and gpg signature of the artifacts
> - I built the source code (incl. the C-client, using -Pfull-build) on
> Ubuntu 20.04.5 using OpenJDK 8u352, maven 3.6.3 and GCC version 9.4.0
> - all the unit tests passed (both Java and C-client)
> - I also built and executed unit tests for zkpython
> - I also built the java code (without -Pfull-build) using other JDK
> versions: 11.0.15, 17.0.3, 18.0.1, 19.0.1 (but didn't run the tests this
> time, just used 'clean install -DskipTests')
> - checkstyle and spotbugs passed
> - apache-rat passed
> - owasp (CVE check) passed
> - fatjar built
> - I executed quick rolling-upgrade tests (using
> https://github.com/symat/zk-rolling-upgrade-test):
> - rolling upgrade from 3.5.10 to 3.6.4
> - rolling upgrade from 3.6.3 to 3.6.4
> - rolling upgrade from 3.6.4 to 3.7.1
> - rolling upgrade from 3.6.4 to 3.8.0
> - checked the generated documentation (zookeeper-docs/target/html)
> - compared generated release notes (
>
> https://people.apache.org/~symat/zookeeper-3.6.4-rc1/website/releasenotes.html
> )
> with Jira (
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12350076
> )
>
> Best regards,
> Máté
>
> On Fri, Dec 16, 2022 at 1:28 PM Szalay-Bekő Máté <
> szalay.beko.mate@gmail.com>
> wrote:
>
> > This is a bugfix release candidate for 3.6.4. It fixes 41 issues,
> > including CVE fixes,
> > log4j1 removal (using reload4j from now) and various other bug fixes
> > (thread leaks, data
> > corruption, snapshotting and SASL related fixes).
> >
> > Please note, that based on our Release Strategy (
> > https://zookeeper.apache.org/releases.html#release-strategy) branch 3.6
> > should become end-of-life and most likely 3.6.4 will be our last 3.6
> > release.
> >
> > The full release notes is available at:
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12350076
> >
> > *** Please download, test and vote by December 28th 2022, 23:59 UTC+0.
> ***
> >
> >
> > Source files:
> > https://people.apache.org/~symat/zookeeper-3.6.4-rc1/
> >
> > Maven staging repo:
> >
> >
> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.6.4/
> >
> > The release candidate tag in git to be voted upon: release-3.6.4-1
> > https://github.com/apache/zookeeper/commits/release-3.6.4-1
> > (please note, branch-3.6.4 will move here only after the vote)
> >
> > ZooKeeper's KEYS file containing PGP keys we use to sign the release:
> > https://www.apache.org/dist/zookeeper/KEYS
> >
> > The staging version of the website is:
> > https://people.apache.org/~symat/zookeeper-3.6.4-rc1/website/
> >
> >
> > Should we release this candidate?
> >
> >
> > Best regards,
> > Máté
> >
>
Re: [VOTE] Apache ZooKeeper release 3.6.4 candidate 1
Posted by Szalay-Bekő Máté <sz...@gmail.com>.
+1 (binding)
I did the following tests for the release candidate:
- verified checksum and gpg signature of the artifacts
- I built the source code (incl. the C-client, using -Pfull-build) on
Ubuntu 20.04.5 using OpenJDK 8u352, maven 3.6.3 and GCC version 9.4.0
- all the unit tests passed (both Java and C-client)
- I also built and executed unit tests for zkpython
- I also built the java code (without -Pfull-build) using other JDK
versions: 11.0.15, 17.0.3, 18.0.1, 19.0.1 (but didn't run the tests this
time, just used 'clean install -DskipTests')
- checkstyle and spotbugs passed
- apache-rat passed
- owasp (CVE check) passed
- fatjar built
- I executed quick rolling-upgrade tests (using
https://github.com/symat/zk-rolling-upgrade-test):
- rolling upgrade from 3.5.10 to 3.6.4
- rolling upgrade from 3.6.3 to 3.6.4
- rolling upgrade from 3.6.4 to 3.7.1
- rolling upgrade from 3.6.4 to 3.8.0
- checked the generated documentation (zookeeper-docs/target/html)
- compared generated release notes (
https://people.apache.org/~symat/zookeeper-3.6.4-rc1/website/releasenotes.html)
with Jira (
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12350076
)
Best regards,
Máté
On Fri, Dec 16, 2022 at 1:28 PM Szalay-Bekő Máté <sz...@gmail.com>
wrote:
> This is a bugfix release candidate for 3.6.4. It fixes 41 issues,
> including CVE fixes,
> log4j1 removal (using reload4j from now) and various other bug fixes
> (thread leaks, data
> corruption, snapshotting and SASL related fixes).
>
> Please note, that based on our Release Strategy (
> https://zookeeper.apache.org/releases.html#release-strategy) branch 3.6
> should become end-of-life and most likely 3.6.4 will be our last 3.6
> release.
>
> The full release notes is available at:
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12350076
>
> *** Please download, test and vote by December 28th 2022, 23:59 UTC+0. ***
>
>
> Source files:
> https://people.apache.org/~symat/zookeeper-3.6.4-rc1/
>
> Maven staging repo:
>
> https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.6.4/
>
> The release candidate tag in git to be voted upon: release-3.6.4-1
> https://github.com/apache/zookeeper/commits/release-3.6.4-1
> (please note, branch-3.6.4 will move here only after the vote)
>
> ZooKeeper's KEYS file containing PGP keys we use to sign the release:
> https://www.apache.org/dist/zookeeper/KEYS
>
> The staging version of the website is:
> https://people.apache.org/~symat/zookeeper-3.6.4-rc1/website/
>
>
> Should we release this candidate?
>
>
> Best regards,
> Máté
>