search

ubuntu / authd

Authentication daemon for external Brokers
GNU Lesser General Public License v3.0
114 stars 10 forks source link

Support sending bug reports via ubuntu-bug / apport #474

Open adombeck opened 2 months ago

adombeck commented 2 months ago

That would make it easier to collect all the system information which is useful for debugging issues. See https://github.com/ubuntu/authd/issues/470#issuecomment-2296014042.

adombeck commented 2 months ago

I'm not 100% sure that apport is the right tool for our use case. There are a few things which I think a GitHub issue template with a copy-pastable command to produce the system information would be better at:

Privacy

In both cases, information from the user's system ends up in a public GitHub issue. That information could include sensitive data if we're not careful, especially with the logs of the various authd components. Those could easily include personally identifiable information like the username of the host or the OIDC provider, or secrets like the local password or the ID/access token, if we're not very careful with what we include in our (debug) log messages.

In the case that the user copy/pastes the information into a GitHub issue template, it's more obvious to the user that this information is being made public, and we have the checkbox which reminds the user to redact any sensitive information from the logs.

Bug description

Apport just creates a bug with a generic title and shows that issue in a browser, but it doesn't tell the user to edit that issue to describe the bug that they encountered. I expect that to result in less useful bug reports.

Formatting

Unfortunately, apport doesn't allow customizing the formatting of the GitHub issue. The formatting is done here. In https://github.com/ubuntu/authd/issues/475 we can see that some of the file contents included in the issue body are interpreted as markdown, which results in a broken format. We could try to work around that by escaping the file contents in our apport hook, but the current apport implementation clearly doesn't allow for such a well-formatted GitHub issue as the GitHub issue template.

All in all, I'm leaning towards using the GitHub issue template with a copy-pastable command as I proposed in https://github.com/ubuntu/authd/issues/470#issue-2470237939. @ubuntu/enterprise-desktop-team what do you think?

3v1n0 commented 2 months ago

I guess this is something we'll have to support one day when the package will hit the archive anyways, for getting automatic reports too (via whoopsie), but not sure if it's a priority for now.

adombeck commented 2 months ago

I guess this is something we'll have to support one day when the package will hit the archive anyways, for getting automatic reports too (via whoopsie), but not sure if it's a priority for now.

Yes, but whoopsie sends crash reports to a private server, right? So the privacy concerns don't apply. The concerns about bad bug descriptions also don't really apply, because we should see error messages about the crash in the logs (while a user filing a GitHub issue might experience other issues than a crash, which need more explanation).

adombeck commented 2 months ago

From https://github.com/ubuntu/authd/issues/470#issuecomment-2302379044 (posting it here as well because it's also relevant for this issue):

Today we decided:

  1. we want to improve the GitHub issue template and point users to creating issues on GitHub
  2. we want to support apport as well, but mainly to send crash reports via whoopsie