- Issue created by @quietone
- π¬π§United Kingdom catch
With https://www.drupal.org/blog/drupal-10-will-be-supported-until-the-releas... β I am not sure the best release to add these warnings to any more. 10.3 or 10.4 seems too soon given the longer support cycle, maybe 10.5 or 10.6?
- Status changed to Active
7 months ago 10:00pm 25 May 2024 - πΊπΈUnited States xjm
Moving to beta2.
There's another issue somewhere to make this less ooglay, but for D10 we really should just get the EOL dates in there, so de-uglification can happen in D11+.
Based on an August release of 11.0.0 which is now locked in barring some horrible catastrophe, there are two possible paths forward. Both include:
- Dec. 2024: 10.4.0 and 11.1.0
- June 2025: 10.5.0 and 11.2.0
- Dec. 2025: 10.6.0 and 11.3.0
If 12.0.0 comes out in June or August, we don't create a 10.7.0 because we don't want to issue releases for three branches at once; we can simply make a best-effort extension of 10.5.0's security coverage through to November 2026 when Symfony 6 goes EOL.
If we miss the April-May-ish deadline for an August release of 12.0.0, there might be some case for creating a 10.7.0 with backported APIs. However, I think this would be a bad idea since it'd only be supported for six months and would mean managing all of the following branches at once in the spring:
- 12.0.x
- 11.5.x
- 11.4.x
- 10.7.x
- 10.6.x
- 10.5.x
So, even in a December 12.0.0 release scenario, I think we should avoid issuing a 10.7.0. Besides, it's always better to warn site owners too early over too late.
So I agree that 10.5 and 10.6 are the branches to deal with here.
- Status changed to Needs review
7 months ago 10:14pm 25 May 2024 - Status changed to Needs work
7 months ago 10:48pm 25 May 2024 - πΊπΈUnited States xjm
Right, this is actually tested:
---- Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest ---- Status Group Filename Line Function -------------------------------------------------------------------------------- Fail Other phpunit-5.xml 0 Drupal\Tests\update\Functional\Upda PHPUnit Test failed to complete; Error: PHPUnit 9.6.19 by Sebastian Bergmann and contributors. Testing Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest .........FFFFFFFFF. 19 / 19 (100%) Time: 02:08.966, Memory: 6.00 MB There were 9 failures: 1) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "9.4.0, supported" ('9.4.0', 'sec.9.5.0', 'Checked', 'Covered until 2023-Jun-21 Vis...eases.', '2022-12-13') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:53 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 2) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "9.4.0, supported, 6 months warn" ('9.4.0', 'sec.9.5.0', 'Warnings found', 'Covered until 2023-Jun-21 Upd...eases.', '2022-12-14') Failed asserting that two strings are equal. --- Expected +++ Actual @@ @@ -'Covered until 2023-Jun-21 Update to a supported minor version soon to continue receiving security updates. Visit the release cycle overview for more information on supported releases.' +'Covered until 9.6.0 Update to 9.5 or higher soon to continue receiving security updates. Visit the release cycle overview for more information on supported releases.' /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Equality/IsEqual.php:95 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:56 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 3) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "9.4.0, supported, last day warn" ('9.4.0', 'sec.9.5.0', 'Warnings found', 'Covered until 2023-Jun-21 Upd...eases.', '2023-06-20') Failed asserting that two strings are equal. --- Expected +++ Actual @@ @@ -'Covered until 2023-Jun-21 Update to a supported minor version soon to continue receiving security updates. Visit the release cycle overview for more information on supported releases.' +'Covered until 9.6.0 Update to 9.5 or higher soon to continue receiving security updates. Visit the release cycle overview for more information on supported releases.' /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Equality/IsEqual.php:95 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:56 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 4) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "9.4.0, support over" ('9.4.0', 'sec.9.5.0', 'Errors found', 'Coverage has ended Update to ...eases.', '2023-06-22') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:53 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 5) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "9.5.0, supported" ('9.5.0', 'sec.9.5.0', 'Checked', 'Covered until 2023-Nov Visit ...eases.', '2023-01-01') Failed asserting that two strings are equal. --- Expected +++ Actual @@ @@ -'Covered until 2023-Nov Visit the release cycle overview for more information on supported releases.' +'Covered until 9.7.0 Visit the release cycle overview for more information on supported releases.' /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Equality/IsEqual.php:95 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:56 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 6) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "9.5.0, supported, 6 months warn" ('9.5.0', 'sec.9.5.0', 'Warnings found', 'Covered until 2023-Nov Update...eases.', '2023-05-15') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:53 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 7) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "9.5.0, supported, last day warn" ('9.5.0', 'sec.9.5.0', 'Warnings found', 'Covered until 2023-Nov Update...eases.', '2023-10-31') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:53 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 8) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "9.5.0, support over" ('9.5.0', 'sec.9.5.0', 'Errors found', 'Coverage has ended Update to ...eases.', '2023-11-01') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:53 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 9) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.5.0" ('10.5.0', 'sec.10.5.0', 'Checked', 'Covered until 10.7.0 Visit th...eases.', '') Failed asserting that two strings are equal. --- Expected +++ Actual @@ @@ -'Covered until 10.7.0 Visit the release cycle overview for more information on supported releases.' +'Covered until 2026-Jun-17 Visit the release cycle overview for more information on supported releases.' /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Equality/IsEqual.php:95 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:56 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 FAILURES! Tests: 19, Assertions: 212, Failures: 9.
- πΊπΈUnited States xjm
Also I realized my dates for 10.6 are actually wrong; we're not constrained by the Symfony 7 EOL at all.
- Status changed to Needs review
7 months ago 11:26pm 25 May 2024 - Status changed to Needs work
7 months ago 3:01am 26 May 2024 - πΊπΈUnited States xjm
Still failing for some reason:
1) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.5.0, supported" ('10.5.0', 'sec.10.6.0', 'Checked', 'Covered until 2026-Jun-17 Vis...eases.', '2024-06-25') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 2) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.5.0, supported, 6 months warn" ('10.5.0', 'sec.10.6.0', 'Warnings found', 'Covered until 2026-Jun-17 Upd...eases.', '2025-12-10') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 3) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.5.0, supported, last day warn" ('10.5.0', 'sec.10.6.0', 'Warnings found', 'Covered until 2026-Jun-17 Upd...eases.', '2026-06-17') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 4) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.5.0, support over" ('10.5.0', 'sec.10.6.0', 'Errors found', 'Coverage has ended Update to ...eases.', '2026-06-18') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 5) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.6.0, supported" ('10.6.0', 'sec.10.6.0', 'Checked', 'Covered until 2026-12-09 Visi...eases.', '2026-01-01') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 6) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.6.0, supported, 6 months warn" ('10.6.0', 'sec.10.6.0', 'Warnings found', 'Covered until 2026-12-09 Upda...eases.', '2026-06-10') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 7) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.6.0, supported, last day warn" ('10.6.0', 'sec.10.6.0', 'Warnings found', 'Covered until 2026-12-09 Upda...eases.', '2026-12-09') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 8) Drupal\Tests\update\Functional\UpdateSemverCoreSecurityCoverageTest::testSecurityCoverageMessage with data set "10.6.0, support over" ('10.6.0', 'sec.10.6.0', 'Errors found', 'Coverage has ended Update to ...eases.', '2026-12-10') Failed asserting that actual size 0 matches expected size 1. /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:122 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/Constraint/Constraint.php:56 /builds/project/drupal/core/modules/update/tests/src/Functional/UpdateSemverCoreSecurityCoverageTest.php:48 /builds/project/drupal/vendor/phpunit/phpunit/src/Framework/TestResult.php:729 FAILURES! Tests: 19, Assertions: 198, Failures: 8.
- π³πΏNew Zealand quietone
I've spent too much time on this today, partially due to having problems with debugging not working.
All failing tests are all using the fixture 'sec.10.6.0'. Locally I get a 'No data available' warning. It seems that when getting the data from KeyValueExpirable, the data is already expired so nothing is returned. If I workaround that and run the test, the display shows "Out of date (version 10.6.0 available)" still not the correct message though.
- π³πΏNew Zealand quietone
It looks like the calculation of the expired time changed in #2991207: Drupal core should inform the user of the security coverage for the site's installed minor version including final 8.x LTS releases β . If I revert the changes that commit made to UpdateProcessor.php then the one test case I am testing with passes. That is '10.5.0, supported'
- Status changed to Needs review
7 months ago 3:09pm 30 May 2024 - π³πΏNew Zealand quietone
This was calculating the date difference using the mock date and the current time. With the mock date in the future the time difference was always great enough for the update data in keyvalueexpirable was always expired. When the test got that data it would return an empty array and thus tests were failing when mock dates were used. The solution here is to add a test version of getCurrentTime that will return the mock date.
Tests were failing for the test of the messages on the last day of security coverage. According to the test on the last day of security coverage there should be a warning message. I took that as the intention and changed the relevant if statement in \Drupal\update\ProjectSecurityRequirement::getDateEndRequirement to allow that.
- πΊπΈUnited States smustgrave
So still not 100% how to test this one
I applied a script that @xjm was kind enough to share
php -r "include 'vendor/autoload.php'; \Drupal\Composer\Composer::setDrupalVersion('.', '10.whichever.whatever');"And set to 10.5.0
I altered the variables SECURITY_COVERAGE_END_DATE_10_5 and SECURITY_COVERAGE_ENDING_WARN_DATE_10_5 to go back 1 year.
But with or without the patch the page on /admin/reports/updates remains the same
- πΊπΈUnited States xjm
Sorry, I didn't do a very good job of explaining that there are two different ways of testing this. One involves faking the release data (both in core itself and also what it would get from Drupal.org), the way that the Update module does in its tests. The other method is to install production versions of core, and hack the constants and dates so that those production versions (say, 10.1 and 10.2) are the ones with specific end-of-life dates (rather than 10.5 and 10.6). The messages won't show up if Drupal thinks you're on an unsupported/invalid release; with the current logic, being on an unsupported release supercedes providing any info about security coverage. (I don't agree with this, FWIW, but it is out of scope just as it was the first time around).
So here's testing it the second way which is probably easier to understand if you haven't worked with the Update module before, the way I suggested in the IS:
Before patch
git checkout 10.2.7; composer install
php core/scripts/drupal quick-start standard
- Navigate to
/admin/reports/status
. - Observe the following default message:
With modified patch (pretending 10.2 is what 10.6 will be, and adjusting constants accordingly
git checkout 10.4.x
(so that the patch will apply)-
php -r "include 'vendor/autoload.php'; \Drupal\Composer\Composer::setDrupalVersion('.', '10.2.7');"
curl https://git.drupalcode.org/project/drupal/-/merge_requests/8184.diff | git apply --index -
rm -rf vendor; composer install
- Modify the patch with the following diff, to pretend our faux-10.2.7 is behaving as we expect 10.6.7 to (as per the IS suggestion):
diff --git a/core/modules/update/src/ProjectSecurityData.php b/core/modules/update/src/ProjectSecurityData.php index 472e408f2b..e5776ad2c1 100644 --- a/core/modules/update/src/ProjectSecurityData.php +++ b/core/modules/update/src/ProjectSecurityData.php @@ -44,9 +44,9 @@ final class ProjectSecurityData { const SECURITY_COVERAGE_ENDING_WARN_DATE_10_5 = '2025-12-10'; - const SECURITY_COVERAGE_END_DATE_10_6 = '2026-12-09'; + const SECURITY_COVERAGE_END_DATE_10_2 = '2024-12-09'; - const SECURITY_COVERAGE_ENDING_WARN_DATE_10_6 = '2026-06-17'; + const SECURITY_COVERAGE_ENDING_WARN_DATE_10_2 = '2024-06-17'; /** * The existing (currently installed) version of the project
With the current date, we now expect a warning about 10.2's encroaching EOL.
php core/scripts/drupal quick-start standard
- Navigate to
/admin/reports/status
. - Observe the following warning:
Covered until 2024-Dec-09. Update to a supported minor version soon to continue receiving security updates. Visit the release cycle overview for more information on supported releases." />
You can continue to adjust dates and versions from there to see what the messages would look like before the warning date, or after the EOL date. It "just works" with the appropriately named constants and appropriate dates.
- πΊπΈUnited States xjm
Oh also note that this has nothing to do with
admin/reports/updates
. It affects a status report message shown for stable, known core versions. - Status changed to Needs work
2 months ago 10:03am 9 October 2024 The Needs Review Queue Bot β tested this issue. It no longer applies to Drupal core. Therefore, this issue status is now "Needs work".
This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.
Consult the Drupal Contributor Guide β to find step-by-step guides for working with issues.
The Needs Review Queue Bot β tested this issue. It no longer applies to Drupal core. Therefore, this issue status is now "Needs work".
This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.
Consult the Drupal Contributor Guide β to find step-by-step guides for working with issues.
- π³πΏNew Zealand quietone
I think the bot is is mistaken. Anyway, I rebased and there were no conflicts.
- πΊπΈUnited States dww
Thanks for working on this! These tests and the logic they're testing are pretty confusing and weird. I tried to review as best I could. I think there are some errors in the MR as currently written. Although I'll quickly grant I could be confused myself. π Anyway, I think this needs another look before it's RTBC. Bare minimum there's a faulty comment to remove (nit). But in addition to changing the dates, the MR is also currently changing the behavior of the requirements messages, and I'm not sure it should be doing that. Locally, by fixing a few of the mock dates in
UpdateSemverCoreSecurityCoverageTest
, everything passes with no logic change incore/modules/update/src/ProjectSecurityRequirement.php
... - πΊπΈUnited States dww
After having only looked at the MR, I've now read the issue and comments, and see that my concern about the logic change was explained in #17. I'm on the fence if I agree with it. But I don't want to die on that hill. If we want to start showing the "Coverage has ended" error as soon as you hit the "coverage ends on" date, that seems fairly reasonable, even if it is a bit of scope creep.
Thanks for #17 also explaining why we're adding
TestTime:: getCurrentTime()
. I started down the path of re-debugging why that was needed, but got distracted by the other changes and forgot to open a thread about it. π It might be nice to add a comment about it, but I certainly wouldn't require it here. Could always be a follow-up if we're anxious to get this committed ASAP.Thanks again,
-Derek The Needs Review Queue Bot β tested this issue. It no longer applies to Drupal core. Therefore, this issue status is now "Needs work".
This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.
Consult the Drupal Contributor Guide β to find step-by-step guides for working with issues.
The Needs Review Queue Bot β tested this issue. It no longer applies to Drupal core. Therefore, this issue status is now "Needs work".
This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.
Consult the Drupal Contributor Guide β to find step-by-step guides for working with issues.
- π¬π§United Kingdom longwave UK
I feel like there should be an easier way of doing this, where we just set a constant for "last minor" and the code can calculate everything else by itself from there, which would then be unit testable, but that can wait for next time around I guess.
Otherwise this looks correct to me for Drupal 10 so let's ship this with 10.4.
- π¬π§United Kingdom catch
Committed/pushed to 10.5.x and cherry-picked to 10.4.x, thanks!
Automatically closed - issue fixed for 2 weeks with no activity.