| JoKalliauer | |
| May 14 2021, 12:09 PM |
| F34453891: Screenshot_2021-05-14 stretch-wikimedia - component thumbor.png | |
| May 14 2021, 12:09 PM |
List of steps to reproduce
What happens?:
What should have happened instead?:
according to T276684#7087894 we are using librsvg 2.40.21
Wikimedia Commons renders as 2.40.21 https://commons.wikimedia.org/wiki/File:Librsvg_bug_nested_use.svg
SVG-Checker on toolforge renders as 2.40.21 https://commons.wikimedia.org/wiki/Commons:Commons_SVG_Checker?withJS=MediaWiki:CommonsSvgChecker.js&checkSVG=File%3ALibrsvg_bug_nested_use.svg
thumbor* and mwmaint* servers in production have: 2.40.21-0+deb9u1
regular mediawiki appservers and all other servers production have: 2.44.10-2.1
(source: debmonitor.wikimedia.org)
can't speak for toolforge though
It looks like everything is working as intended here, though there is a potential for confusion. The last version of librsvg available in Debian Stretch was, for a while, 2.40.16. We were able to backport and run 2.40.20, which was packaged in the stretch-wikimedia/component/thumbor/binary-amd64 APT repo. Debian has now released 2.40.21-0+deb9u1 as a security backport, and Wikimedia servers were updated accordingly.
The version in stretch-wikimedia/component/thumbor/binary-amd64 used to be the most recent version, but now no longer is. Right now, that repo doesn't even provide librsvg2-2, librsvg2-common or librsvg2-bin, just some outdated debugging symbols, documentation, and development libraries. The important packages were removed, but the other packages were left behind.
*gir1.2-rsvg-2.0: 2.40.20-3+wmf1+stretch1 now stretch-security, doesn't appear in rOPUP Wikimedia Puppet
*librsvg2-2-dbgsym: 2.40.20-3+wmf1+stretch1 packaged only in Sid, doesn't appear in rOPUP Wikimedia Puppet
*librsvg2-bin-dbgsym: 2.40.20-3+wmf1+stretch1 ditto
*librsvg2-common-dbgsym: 2.40.20-3+wmf1+stretch1 ditto
*librsvg2-dev: 2.40.20-3+wmf1+stretch1 now stretch-security, used on the Toolforge grid (but I don't think it pulled from this repo anyway)
*librsvg2-doc: 2.40.20-3+wmf1+stretch1 now stretch-security, doesn't appear in rOPUP Wikimedia Puppet
It looks to me like it would be safe to remove the rest of the outdated packages. It's not like they would work with the current stretch-security version of librsvg anyway.
AIUI from https://wikitech.wikimedia.org/wiki/Thumbor since July 2022 we no longer use stretch for Thumbor.
@Jdforrester-WMF : Please update the description at T216815 which currently states:
Upgade Thumbor from Debian stretch to Debian bullseye
Yes, unfortunately that task went from "get off Stretch" (presumably, to Buster) to "get onto Bullseye", which is further work. Hopefully that task will get reconciled soon.
Please check https://packages.debian.org/search?searchon=sourcenames&keywords=librsvg
stretch: c-librsvg2.40.21 (last version of c-librsvg, deapreciated by the maintainer since 2017 [1,2a,2b] )
buster: rust-librsvg2.44.10
rust-librsvg2.41.0 was released on January 2017
rust-librsvg2.42.0 was released on January 2018
rust-librsvg2.44.0 was released on August 2018
rust-librsvg2.44.10 was released on December 2018
buster was released on July 2019
AIUI c-librsvg2.40.21 was never packed for buster and I'm pretty shure that the initial release of Buster had some rust-librsvg2.44.x (most likely 2.44.10, which was released 1,5 years before the Buster-release)
Conclusion: Because Wikimedia still uses c-librsvg2.40.x[3,4], and WMF does not have the resources to pack c-librsvg2.40 to pack for Buster, Thumbor, which is currently (as today) is in-use on Wikimedia, is still running on stretch.
@Vlad.shapik: Please revert your edits that Thumbor Migration to Buster already happened. Thanks
References
[1] https://commons.wikimedia.org/wiki/Librsvg_bugs
[2a] https://web.archive.org/web/20210514114610/https://people.gnome.org/~federico/blog/do-not-use-librsvg-2.40.x.html
[2b] https://mail.gnome.org/archives/desktop-devel-list/2017-December/msg00072.html
[3] I tried purging svg-files that will be rendered correctly at rust-librsvg2.41.0 and later and they still don't render correctly, for more bugs look at https://commons.wikimedia.org/wiki/Librsvg_bugs or T265549
[4] 28 Bugs in Wikimedia-SVG-rendering would be solved by updating to librsvg2.44 see https://www.mediawiki.org/wiki/User:JoKalliauer/phab/wikimedia-svg-rendering, and none of them are resolved, so we are running still c-librsvg2.40
librsvg which runs on Thumbor is still on strech
Regardless of what version of SVG
What do you mean with version SVG, which svg-file?
specific request here is Invalid.
Why is this request invalid? The given arguments are prooven wrong.
apt-browser displays which packages are available with a given component, and that's working correctly. It does *not* display which packages have been installed on a specific host.
T216815 is incorrectly phrased - we will be going from Stretch to Buster in the immediate future, and then Bullseye after this. I've updated it to reflect this.
Thank you for your explantation. And sorry for reopening it.
The intention of this post was: How can I find out which packages are currently used on Thumbor , without reverse-engineering (i.e. checking which Redneringbugs are included and which not). I know all reported Rendering-bugs pretty well, but I do not know on the top of my head in which version the Bug was introduced and in which version it was resolved, and that's often not reported in the bug-reports.
No worries!
The intention of this post was: How can I find out which packages are currently used on Thumbor , without reverse-engineering (i.e. checking which Redneringbugs are included and which not). I know all reported Rendering-bugs pretty well, but I do not know on the top of my head in which version the Bug was introduced and in which version it was resolved, and that's often not reported in the bug-reports.
Information about which specific packages are installed where is tracked on a separate internal system (debmonitor), unfortunately that tool is not available to the public due to some security concerns. If you have specific packages in mind I or others can get that information for you if you ask.
For librsvg2-2 specifically: