Closed Bug 1081712 Opened 10 years ago Closed 9 years ago

Upgrade Semantic extensions

Categories

(Websites :: wiki.mozilla.org, defect)

Product:
Websites
Component:
wiki.mozilla.org
Version:
Production
Platform:
All
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
2015-Q1

People

(Reporter: GPHemsley, Assigned: jd)

References

Details

(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/177] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15]) 

A lot of our existing sec bugs are due to problems in the Semantic extensions. However, we don't appear to be running the latest versions of them.

* Semantic MediaWiki
  https://semantic-mediawiki.org/
* Semantic Forms
  https://www.mediawiki.org/wiki/Extension:Semantic_Forms
* Semantic Watchlist
  https://www.mediawiki.org/wiki/Extension:Semantic_Watchlist
* SMWAskAPI
  http://sourceforge.net/projects/smwaskapi/

It's possible that upgrading them would eliminate some of our sec bugs.
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1592]
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1592] → [kanban:https://kanbanize.com/ctrl_board/4/1593]
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-16]
Target Milestone: --- → 2014-Q4
Assignee: nobody → gphemsley
This is something webops has to do.
Assignee: gphemsley → nobody
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-16] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-23]
Blocks: 801027
Blocks: 801638
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-23] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30]
Hey C, can you elaborate on what pushed this out?
Flags: needinfo?(cliang)
Too many things on the plate to get it done last week.  Doing an import of the DB into dev takes roughly 30 minutes and, during that time, we can't do anything *else* to dev.
Flags: needinfo?(cliang)
I have upgraded these in dev. We get these from:
https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Semantic*
and the version 2.0 for SemanticMediawiki is not there yet so I have set it to track the 1.9.x branch.

The versions are set as follows:
Semantic MediaWiki
1.9.x
Semantic_Forms
2.8
Semantic Watchlist
0.2.2

nb: SemanticMediawiki can not track the HEAD^ of REL1_23 brnach as it breaks the site.
Assignee: nobody → jcrowe
(In reply to C. Liang [:cyliang] from comment #4)
> Too many things on the plate to get it done last week.  Doing an import of
> the DB into dev takes roughly 30 minutes and, during that time, we can't do
> anything *else* to dev.

That's cool. I'm just an idiot and didn't notice you were pushing out from last week rather than from this week.

(In reply to Jason Crowe [:jd] from comment #5)
> nb: SemanticMediawiki can not track the HEAD^ of REL1_23 brnach as it breaks
> the site.

Can you elaborate as to why? By design, that's not supposed to happen.
Flags: needinfo?(jcrowe)
(In reply to Gordon P. Hemsley [:GPHemsley] from comment #6)
> > nb: SemanticMediawiki can not track the HEAD^ of REL1_23 brnach as it breaks
> > the site.
> 
> Can you elaborate as to why? By design, that's not supposed to happen.

Unfortunately I did not save the error message, however when I set it to track HEAD the site would not load and had an error. If you want the error I can change it to track HEAD and collect the actual error.

Let me know
Flags: needinfo?(jcrowe)
(In reply to Jason Crowe [:jd] from comment #7)
> (In reply to Gordon P. Hemsley [:GPHemsley] from comment #6)
> > > nb: SemanticMediawiki can not track the HEAD^ of REL1_23 brnach as it breaks
> > > the site.
> > 
> > Can you elaborate as to why? By design, that's not supposed to happen.
> 
> Unfortunately I did not save the error message, however when I set it to
> track HEAD the site would not load and had an error. If you want the error I
> can change it to track HEAD and collect the actual error.
> 
> Let me know

Sure, might as well. It's only dev. :)
(In reply to Jason Crowe [:jd] from comment #5)
> I have upgraded these in dev. We get these from:
> https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Semantic*
> and the version 2.0 for SemanticMediawiki is not there yet so I have set it
> to track the 1.9.x branch.

Why the source listed above for SemanticMediaWiki and not this one, which is listed by maintainers as canonical?
https://github.com/SemanticMediaWiki/SemanticMediaWiki/releases/tag/2.0

I can't quite tell what's supposed to be at the gerrit.wikimedia.org link since no results are listed.
(In reply to Christie Koehler [:ckoehler] from comment #9)
> (In reply to Jason Crowe [:jd] from comment #5)
> > I have upgraded these in dev. We get these from:
> > https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Semantic*
> > and the version 2.0 for SemanticMediawiki is not there yet so I have set it
> > to track the 1.9.x branch.
> 
> Why the source listed above for SemanticMediaWiki and not this one, which is
> listed by maintainers as canonical?
> https://github.com/SemanticMediaWiki/SemanticMediaWiki/releases/tag/2.0
> 
> I can't quite tell what's supposed to be at the gerrit.wikimedia.org link
> since no results are listed.

Beats me. I am happy to switch them to something else if you like. As long as it is git based and web accessible. Just give me the URLs you want me to use and I will switch things around.
(In reply to Jason Crowe [:jd] from comment #10)
> (In reply to Christie Koehler [:ckoehler] from comment #9)
> > (In reply to Jason Crowe [:jd] from comment #5)
> > > I have upgraded these in dev. We get these from:
> > > https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Semantic*
> > > and the version 2.0 for SemanticMediawiki is not there yet so I have set it
> > > to track the 1.9.x branch.
> > 
> > Why the source listed above for SemanticMediaWiki and not this one, which is
> > listed by maintainers as canonical?
> > https://github.com/SemanticMediaWiki/SemanticMediaWiki/releases/tag/2.0
> > 
> > I can't quite tell what's supposed to be at the gerrit.wikimedia.org link
> > since no results are listed.
> 
> Beats me. I am happy to switch them to something else if you like. As long
> as it is git based and web accessible. Just give me the URLs you want me to
> use and I will switch things around.

Indeed, Gerrit is Wikimedia's code review tool. I don't think it is intended to be the canonical repository for anything.

This SHOULD be where it's safe to pull from:
https://git.wikimedia.org/log/mediawiki%2Fextensions%2FSemanticMediaWiki.git/refs%2Fheads%2FREL1_23

However, it seems SMW has decided to buck the trend and live outside the MediaWiki ecosystem. I think the GitHub link that Christie provided is the latest available. Nevertheless, proceed with caution.
For reference, this query is necessary for this update:
ALTER TABLE swl_groups ADD COLUMN group_custom_texts BLOB NULL;

As noted here:
http://www.mediawiki.org/wiki/Extension:Semantic_Watchlist#Updating_from_version_0.1
Blocks: 928470
Blocks: 928466
FWIW, I just discovered Semantic Bundle, which packages all these related extensions (and more?) together:

https://www.mediawiki.org/wiki/Semantic_Bundle

Regardless, we should push whatever we can through the pipeline ASAP. If we can't get SMW updated to the latest version, we should file a separate bug for it and follow up later.
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30] [stage=2014-11-13]
I pulled it in from the github location. I am hoping to get some time tomorrow to hopefully finish the dev site restructuring and once that works this will follow.
(In reply to Jason Crowe [:jd] from comment #14)
> I pulled it in from the github location. I am hoping to get some time
> tomorrow to hopefully finish the dev site restructuring and once that works
> this will follow.

Good to know, especially because I just noticed that roughly half of our (known) security bugs will be fixed by these upgrades.
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30] [stage=2014-11-13] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30] [stage=2014-11-20]
This is pending JDs re-work of deployment configuration. Rescheduling for next week.
This is wrapped up in the new deployment model and is going out as part of that deployment process.

Dev is already updated. If all goes well stage will be updated tomorrow with prod to follow in one week.
Depends on: 1118972, 1118973, 1118976
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2014-10-30] [stage=2014-11-20] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-07] [stage=2015-01-07] [prod=2015-01-14]]
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-07] [stage=2015-01-07] [prod=2015-01-14]] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15]]
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15]] → [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15]
Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/1593] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15] → [kanban:https://webops.kanbanize.com/ctrl_board/2/177] [dev=2015-01-08] [stage=2015-01-08] [prod=2015-01-15]
Depends on: 1118970
This has been deployed to production.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: 2014-Q4 → 2015-Q1
Group: websites-security
You need to log in before you can comment on or make changes to this bug.