Hello, here is this month's iRODS news and developments!

First post from Buttondown! I've moved over all the subscribers manually, so if I have accidentally included you when you believe you had unsubscribed, or were part of a different list, please accept my apologies and you can unsubscribe here.

Click here to read this email on the web.

My Medium/LinkedIn Posts

I've started doing a regular 1/week post to LinkedIn which I then share on Medium. As most of them are iRODS or Research computing related, I will link them here;

• HPC systems process some of the world’s most sensitive data, yet security guidance is sparse

• Real talk iRODS admins; there are a number of ways your iRODS infrastructure can have issues that inhibit its ability to provide your researchers with the data they need, that have absolutely nothing to do with iRODS itself.

• iRODS Configuration Verification

• Coders! How are you protecting yourself from the Terminator?

• baton 5.0.0 release

• Are you the 3%? It’s unlikely… What The Parisian Natural History Museum Breach means for you (if you’re supporting research institutions)

• Lets try out iRODS 5.0.1! (5.0.2 post coming shortly)

• What’s in my Workstation Setup

And yes, they're both big corporations, I plan to move to Ghost eventually...

iRODS News

RENCI's Mastodon Toots

• iRODS Java client library irods4j v0.5.0 is released!

  https://github.com/irods/irods4j/releases/tag/0.5.0

  #irods
  #java

  Card: Release 0.5.0 · irods/irods4j
  Description: This release makes it so that users can retrieve the checksum of a data object while iterating over a collection.

• iRODS 5.0.2 is released!

  This release adds support for Enterprise Linux 10 and Debian 13. Also included
  are bug fixes and improvements for irsync, GenQuery2, unattended
  installation, physical quotas, and more.

  https://irods.org/2025/10/irods-5-0-2-is-released/

  #irods
  #cplusplus
  #opensource
  #datamanagement
  #rockylinux
  #almalinux
  #debian

  Card: iRODS

• Added KU Leuven's new Go iRODS Client Library "iron" to Clients page

  https://irods.org/clients/ https://github.com/kuleuven/iron

  Card: iRODS

• iRODS Development Update: September 2025

  [https://irods.org/2025/09/irods-development-update-
  september-2025/](https://irods.org/2025/09/irods-development-update-
  september-2025/)

  #irods
  #fips
  #docker
  #el10
  #deb13

  Card: iRODS

• iRODS Java Client Library irods4j v0.4.0 is released!

  https://github.com/irods/irods4j/releases/tag/0.4.0

  #irods
  #java

  Card: Release 0.4.0 · irods/irods4j
  Description:

This is a patch release. No changes have been made to the public API.

GitHub Activity

Main Repository (irods/irods)

Open Issues – irods/irods

• Multiple group quotas on same resource are applied improperly

Issue Summary:

In iRODS, when a user belongs to two groups that both have quotas set on the
same resource, the system should enforce the lower of the two quota limits.
However, it incorrectly allows the user to exceed the lower quota limit.

Details:

• Affected Versions: main, 4-3-stable

• Observed Behavior: User alice is added to two groups with different quotas on demoResc (5000 and 10000 bytes). Despite the expectation that the 5000 bytes limit should be enforced, alice can still upload data objects even after reaching 6000 bytes.

Discussion:

A comment in the issue thread suggests a correction in the description of the
observed behavior, pointing out that it should state "enforce the higher quota"
instead of "enforce the lower quota." This indicates a misunderstanding or typo
in the initial report.

• Remove MySQL/MariaDB client package dependencies

  State: open

  Labels: packaging

  Description:
  MySQL/MariaDB client package dependencies should be able to be removed as they are no longer used.

Closed Issues – irods/irods

• Closed on 2025-09-29:

  setup_irods.py fails on Debian 13 with MySQL 8.4

• Closed on 2025-09-29:

  Package upgrade invokes SysV init commands leading to error message

• Closed on 2025-09-23:

  Remove resolveRodsTargetDryRun from public API

• Closed on 2025-09-22:

  Downgrading iRODS generates stacktrace

• Closed on 2025-09-22:

  itouch help text needs to explain default resource behavior better

• Closed on 2025-09-16:

  server_config.json: Is an empty database stanza in server_config.json acceptable for a catalog service consumer

• Closed on 2025-09-19:

  test_irsync_with_all_keyword__issue_8613 fails in topology when run from a Catalog Consumer

• Closed on 2025-09-19:

  test_irsync_with_all_keyword_does_not_fail_on_overwrite__issue_8295 fails in topology when run from a Catalog Consumer

• Closed on 2025-10-01:

  Release activities for 5.0.2

• Closed on 2025-10-01:

  Physical quotas can sometimes produce incorrect totals

• Closed on 2025-09-29:

  The calls to mysql/mariadb client binaries can be converted to ODBC

• Closed on 2025-07-25:

  iadmin help text is 'off by one'

• Closed on 2025-09-19:

  irsync will not overwrite target with no good replicas

• Closed on 2025-09-22:

  iadmin help messages are offset by one for all entries after "ls"

• Closed on 2025-10-01:

  msiExecCmd_bin directory is owned by root:root after force-reinstalling packages via rpm

Python iRODS Client (irods/python-irodsclient)

Open Issues – irods/python-irodsclient

• Store project metadata in pyproject.toml

Store Project Metadata in pyproject.toml

The Python iRODS Client (PRC) project needs to transition from setup.py to
pyproject.toml for project metadata management, in alignment with PEP
621. This change is driven by upcoming
deprecation warnings in pip version 25.3, which will enforce new packaging
standards.

Key requirements include:

• Migrate project configuration to pyproject.toml

• Find an alternative installation method for the progressbar module

• Reconsider the -e flag in pip install commands for testing workflows

The deprecation notices highlight two primary concerns:

1. Legacy setup.py build mechanisms for dependencies like progressbar will be removed

2. Editable installations using traditional methods will no longer be supported

Recommended actions:

• Implement standardized build interfaces

• Add pyproject.toml to the project

• Use --use-pep517 option during package installation

• Update to setuptools version 64 or higher

Additional reference: [Packaging.python.org pyproject.toml
specification](https://packaging.python.org/en/latest/specifications/pyproject-
toml/#pyproject-toml-spec)

• Rename github workflow to better express its intent

Workflow Naming Improvement for Python-iRODS Client

A proposal to rename the current main.yml GitHub workflow to a more
descriptive filename that clearly indicates its purpose of performing Python
type checking. The current generic name lacks specificity, which may cause
confusion as more workflow files are added to the project.

Suggested improvements include:

• Renaming main.yml to something like python-type-check.yml

• Ensuring workflow filenames reflect their specific function

• Enhancing code repository clarity and maintainability

Recommended action is to update the workflow filename to provide immediate
context about its role in the continuous integration process.

Closed Issues – irods/python-irodsclient

• Closed on 2025-10-03:

  Make sure all logging is appropriately namespaced

HTTP API Client (irods/irods_client_http_api)

Open Issues – irods/irods_client_http_api

• Not working offset and count parameters while using genquery2

Issue Summary:

A user encountered a discrepancy in the number of result rows when using
genquery1 and genquery2 parsers in an iRODS genquery executed via a Python
script. With genquery1, the parameters offset and count functioned as
expected, allowing control over the number of rows returned and their offset.
However, switching to genquery2, these parameters no longer had any effect,
with the count seemingly capped at 256 rows regardless of the settings.
Adjustments to max_number_of_rows_per_catalog_query in the configuration did
not resolve this issue. The environment details include iRODS Server 5.0.1 and
HTTP API 0.6.0.

Discussion in Comments:

It was pointed out that genquery2 inherently supports offset and limit but
ignores these parameters if specified outside the query string. The
recommendation is to include limit and offset directly in the query string
as per the iRODS documentation on genquery. Further, an update to the
documentation is planned to clarify this distinction between genquery1 and
genquery2.

Closed Issues – irods/irods_client_http_api

PAM Interactive Auth Plugin (irods/irods_auth_plugin_pam_interactive)

Open Issues – irods/irods_auth_plugin_pam_interactive

Closed Issues – irods/irods_auth_plugin_pam_interactive

Demo Repository (irods/irods_demo)

Open Issues – irods/irods_demo

• Demo uses unsupported version of PostgreSQL

PostgreSQL Support Update for Demo Environment

A GitHub issue highlights two key updates for the demo configuration:

1. PostgreSQL Version Upgrade

• Current PostgreSQL 12 is no longer supported

• Recommended upgrade path to PostgreSQL 17

2. Database Initialization Script Enhancement

• Identified missing ALTER DATABASE instruction in init-user-db.sh

• Recommended complete database setup script:

CREATE USER irods WITH PASSWORD 'testpassword';
CREATE DATABASE "ICAT";
GRANT ALL PRIVILEGES ON DATABASE "ICAT" TO irods;
ALTER DATABASE "ICAT" OWNER TO irods;

These changes ensure compatibility and proper database configuration for the
demo environment.

Closed Issues – irods/irods_demo

• Closed on 2025-09-18: delay server not starting in 5.0.1

Java Client Library (irods/irods4j)

Open Issues – irods/irods4j

Closed Issues – irods/irods4j

• Closed on 2025-10-15:

  Release activities for 0.5.0

• Closed on 2025-10-15:

  Expose checksum through CollectionEntry class

• Closed on 2025-09-17:

  Release activities for 0.4.0

Testing Environment (irods/irods_testing_environment)

Open Issues – irods/irods_testing_environment

• Investigate ODBC driver text encoding

ODBC Driver Text Encoding Investigation for EL10

The current PostgreSQL ODBC driver configuration in the iRODS testing
environment uses the wide-character version of the driver while performing ODBC
operations in ANSI mode. Despite this potentially conflicting setup, the system
currently functions without apparent issues.

Key investigation points:

• Verify compatibility between wide-character driver and ANSI mode operations

• Determine potential encoding conversion mechanisms

• Assess whether the current approach requires modification

A comment references Postel's Law (robustness principle), suggesting the
system's current behavior might be a result of graceful handling of different
text encoding scenarios. Further technical analysis is recommended to confirm
the long-term reliability of this configuration.

Recommended next steps:

• Conduct comprehensive encoding compatibility tests

• Document observed behavior and potential edge cases

• Evaluate potential risks of mixed encoding modes

Closed Issues – irods/irods_testing_environment

• Closed on 2025-10-01:

  Debian 13 restricts modification of system packages via pip

• Closed on 2025-09-24:

  Postgres ODBC driver name change in EL10

YODA (UtrechtUniversity/yoda)

Open Issues – UtrechtUniversity/yoda

• Metadata schema - Ability to minimize array fields

Summary of GitHub Issue: Metadata schema - Ability to minimize array fields

Amsterdam UMC has implemented an elaborate metadata schema based on the national
consensus metadata model by Health-RI. They have identified a feature gap in the
Yoda environment concerning user experience enhancements that are available in
the React JSON Schema Form (RJSF) library but not currently enabled in Yoda.
Specifically, the ability to minimize array fields in the UI is missing. This
feature is important as it helps manage the visibility of complex nested
structures within the metadata forms, making navigation and data entry more
efficient.

The proposed solution involves introducing UI controls similar to those found in
the RJSF library, where array fields can be minimized or collapsed. This feature
is illustrated with an example from the RJSF playground, highlighting its
utility in managing extensive nested data structures efficiently.

An alternative solution considered involves using dependency drop-down fields
with "yes/no" options to control the visibility of certain fields. However, this
could further complicate the form due to the addition of more fields to an
already large form.

The acceptance criteria for implementing this feature are centered around
improving the ease of navigation and interaction with large metadata forms for
end-users.

No comments have been summarized as they either do not add additional
information or were not provided.

• Inconsistent 'Modified date' in search results

Yoda Search: Inconsistent 'Modified Date' Reporting

A bug has been identified in Yoda's search functionality where the 'Modified
date' displayed in search results does not consistently reflect recent changes
within folder substructures.

Issue Details

• Current Behavior**: Modified dates in search results do not always update when subfolders are modified

• Specific Observations:

• arch results show a modification date that may not match actual recent changes

• Parent folder modification timestamps do not reflect updates to subfolders

Reproduction Steps

1. Search for an existing folder

2. Compare modified date in search results with Research space

3. Upload a new file to a subfolder

4. Verify discrepancy in modification timestamps

Environment

• Yoda version: v1.9.5, v2.0.0-rc.3

Discussion

Developers confirmed the expected behavior is to display the last modified date
of the collection in the research space. Initial investigation suggests the
issue persists across multiple recent versions, with reproducibility verified in
v2.0.0-rc.3.

Further investigation is needed to understand the root cause of the timestamp
inconsistency.

• Deleting a locked file

Yoda File Locking Vulnerability in Version 1.9.5

A critical issue has been identified in Yoda's file locking mechanism where administrators can delete locked folders, contrary to expected data protection behavior.

Detailed Findings

• Locked folders can be deleted by administrators with rodsadmin privileges

• The lock symbol remains visible in the web portal after deletion

• Current implementation allows complete file/folder removal despite active locks

Reproduction Steps

1. Create a new folder in Yoda web portal

2. Lock the folder

3. Delete the folder from the Research area

Environment Details

• Yoda version: 1.9.5

• Platform: Windows 11 (version 23H2)

• Browser: Firefox 143.0.1

Discussion Insights

• e issue may be specific to rodsadmin users, who can bypass standard locking policies

• Regular rodsuser accounts appear to maintain expected locking restrictions

• Potential design mirrors Microsoft Teams' file check-out/check-in model

Recommended Action

Implement stricter file locking policies that prevent deletion, even for
administrative users, to ensure data integrity.

• Add Deltares to the list of affiliations

Affiliation Update Request for Deltares

A contributor proposed adding Deltares to the project's affiliations list,
providing:

• ROR identifier: https://ror.org/01deh9c76

• Organization name: "Deltares"

The specific update targets the affiliations.json file in the yoda-ruleset
repository's development branch. The proposed JSON entry follows the existing
schema for organizational affiliations.

No further discussion or comments were present at the time of review.

Closed Issues – UtrechtUniversity/yoda

• Closed on 2025-09-26:

  metadata validation not complete for affiliation, causing errors at publication stage

• Closed on 2025-10-03:

  [FEATURE] Data Access Password lifespan too short depending on the Yoda configuration of an institution

If you think someone else would appreciate this newsletter, they can sign up.

If you don't want to get these emails any more, you can unsubscribe here.

Four Yaks were shaved in the making of this newsletter, at least two of which turned out to be robot's when shaved. Pesky AI is hiding everywhere!