14:01:14 <pwhalen> #startmeeting Fedora IoT Working Group Meeting 14:01:14 <zodbot> Meeting started Wed Apr 29 14:01:14 2020 UTC. 14:01:14 <zodbot> This meeting is logged and archived in a public location. 14:01:14 <zodbot> The chair is pwhalen. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:01:14 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 14:01:14 <zodbot> The meeting name has been set to 'fedora_iot_working_group_meeting' 14:01:14 <pwhalen> #chair pwhalen pbrobinson bcotton tdawson puiterwijk 14:01:14 <pwhalen> #topic roll call 14:01:14 <zodbot> Current chairs: bcotton pbrobinson puiterwijk pwhalen tdawson 14:01:42 <pwhalen> Good morning, who's here today? 14:02:16 <bcotton> .hello2 14:02:18 <zodbot> bcotton: bcotton 'Ben Cotton' <bcotton@redhat.com> 14:02:23 * pbrobinson is here 14:02:33 <pwhalen> howdy bcotton pbrobinson 14:02:36 <puiterwijk> .hello2 14:02:37 <zodbot> puiterwijk: puiterwijk 'Patrick "パトリック" Uiterwijk' <puiterwijk@redhat.com> 14:03:10 * pwhalen gives it another minute 14:03:43 <dawud> hi, first time attending, interested in IoT in general, Fedora and sec in particular 14:04:15 <pwhalen> welcome dawud! 14:04:25 <dawud> o/ 14:04:51 <pwhalen> Alright, lets get started... 14:04:57 <pwhalen> #topic 1) ==== Working Group process and admin ==== 14:05:40 <pwhalen> Last week we had some action items to update our docs, I made an initial pass on documenting Zezere, not sure if it got merged though 14:05:55 <pbrobinson> I need to read through that, will do it after the meeting 14:06:03 <pwhalen> thanks! 14:06:03 <pbrobinson> I made some updates on Friday 14:07:13 <pwhalen> I also need to update the release criteria, remove all references to initial-setup, add zezere, greenboot and clevis. If anyone thinks of something we should be testing in F33 and expect to work, please let us 14:07:31 <pwhalen> er, know 14:07:51 <pwhalen> We'll need release criteria for it 14:08:13 <pbrobinson> pwhalen: yes, probably f33 topic not admin ;-) 14:08:29 <pwhalen> sure, could be both.. we're talking docs here too 14:09:41 <pwhalen> if folks can review the docs that would be greatly appreciated. 14:09:44 <pwhalen> Anything else? 14:10:36 <pwhalen> #link https://docs.fedoraproject.org/en-US/iot/ 14:10:53 <pwhalen> #topic 2) ==== Fedora 31 status ==== 14:11:42 <pwhalen> #info Latest compose available for testing 14:11:42 <pwhalen> #link https://kojipkgs.fedoraproject.org/compose//iot/Fedora-IoT-31-20200422.0 14:12:03 <pwhalen> Any issues reported in F31? 14:14:15 <pwhalen> #info No issues reported. 14:14:30 <pwhalen> #topic 3) ==== Fedora 32 status ==== 14:14:30 <pwhalen> #info Fedora 32 IoT Edition Released April 28 14:15:19 <pwhalen> #info Fedora 32 IoT Testing 14:15:23 <pwhalen> #link https://fedoraproject.org/wiki/User:Pwhalen/QA/IoT/Fedora-IoT-32-20200423.1 14:15:45 <pbrobinson> F-32 is now the stable branch, it's all on the site 14:16:00 <pbrobinson> link: https://iot.fedoraproject.org/ 14:16:28 <pwhalen> oh, and those links get updated to the latest? 14:16:30 <tdawson> Right off the front page too. :) 14:16:44 <pwhalen> links to todays compose 14:17:00 <pbrobinson> pwhalen: when I push a new compose stable it updates automatically in ~30 mins from mem 14:17:30 <pwhalen> well, i guess I better make sure that works then :/ 14:17:39 <pwhalen> Did that happen yesterday too? 14:17:45 <pwhalen> eek 14:18:00 <pbrobinson> eventually, something had to be poked somewhere 14:19:43 <pwhalen> #info Latest compose available for testing 14:19:43 <pwhalen> #link https://kojipkgs.fedoraproject.org/compose/iot/Fedora-IoT-32-20200429.0/compose/ 14:20:42 <pwhalen> Anything else for F32? 14:21:12 <pbrobinson> #undo 14:21:12 <zodbot> Removing item from minutes: <MeetBot.items.Link object at 0x7f4720f94350> 14:21:18 <pbrobinson> #link https://dl.fedoraproject.org/pub/alt/iot/32/IoT/ 14:21:30 <pbrobinson> nothing else 14:21:42 <pbrobinson> please test and provide feedback 14:22:04 <pwhalen> #link https://fedoraproject.org/wiki/User:Pwhalen/QA/IoT/Fedora-IoT-32-20200429.0 14:22:22 <pwhalen> #info Please test and add results to the wiki. 14:22:45 <pwhalen> #topic 4) ==== Fedora 33 status ==== 14:23:16 <pwhalen> I dont have anything for F33, will begin testing this week. 14:23:40 <tdawson> Feature I'd like to see for 33 (or maybe 34) ... local zezer 14:24:00 <pbrobinson> tdawson: what's "local zezer"? 14:24:14 <tdawson> Sorry, zezere 14:24:26 <pbrobinson> what do you mean by local though? 14:24:30 <puiterwijk> tdawson: again, what's a local zezere? 14:24:32 <puiterwijk> Yeah, that 14:24:45 <pwhalen> todays rawhide compose looks ok at a glance. Podman failed, will look and file a bz if needed. 14:24:52 <tdawson> Right now there is one central server (run by fedora) that you have to log into for initial setup. It seems like a single point of failure. 14:25:18 <puiterwijk> tdawson: "docker run quay.io/fedora-iot/zezere" will get you your own 14:25:28 <puiterwijk> (I might misremember the URL, but it's on quay.io) 14:25:36 <tdawson> Ha ... cool 14:26:11 <puiterwijk> Okay, nope, that should be the correct URL actually 14:26:25 <tdawson> Then ... it's already a feature :) ... although I'm sure you have to set some things up, but that's just documentation. 14:26:46 <puiterwijk> Yeah, right now you'd need to put in a /etc/zezere-ignition-url to your local setup on the system. 14:26:55 <pbrobinson> tdawson: yea, so you can run your own container, and it's packaged in Fedora so you can "dnf install" if you want to run it not in a container 14:26:56 <puiterwijk> There are issues for upstream Zezere to ask for other methods 14:26:59 <tdawson> Cool 14:27:09 <tdawson> Well then ... I take back my feature request. 14:27:24 <pbrobinson> tdawson: closed "current release" ;-) 14:27:31 <tdawson> *laughs* 14:27:44 <pbrobinson> I'm going to be looking at IMA and a ima-policy for f-33 14:28:02 <pbrobinson> we'll also be very likely revamping the compose process to use osbuild 14:28:35 <dawud> is IMA pre-signed ostree something in the scope at all? 14:29:21 <pbrobinson> dawud: it's being worked upon, likely not in scope for f33, possibly f34 14:29:32 <dawud> fantastic 14:29:42 <pbrobinson> dawud: we already sign the ostree 14:30:06 <puiterwijk> pbrobinson: I guess he means IMA signatures though. Which is probably actually in scope for f33 14:30:46 <dawud> yes, I mean shipping the OS with IMA signatures 14:31:11 <pbrobinson> there's a bunch of work around IMA, for example we can do a signed IMA policy with the Fedora key, but ATM it's impossible to enrol another key without breaking secure boot, so people can't do custom policies 14:31:36 <puiterwijk> pbrobinson: the question was about the actual IMA file signatures though I think. And that was my answer :) 14:31:52 <puiterwijk> But yeah, the policy needs fixes, to be able to work with customer-provided policies 14:32:12 <pbrobinson> sure 14:32:20 <dawud> signed IMA would be EVM 14:32:32 <puiterwijk> dawud: not per se. 14:32:40 <puiterwijk> IMA also has the imasig and modsig schemes. 14:32:57 <puiterwijk> Anyway, probably better for discussion outside of meeting. 14:33:16 <pwhalen> I have nothing else, next is open floor.. 14:33:22 <puiterwijk> and/or more discussion when the f33 stuff is being selected. 14:33:48 <pwhalen> #topic 5) ==== Open Floor ==== 14:33:57 <pwhalen> Anything else for today? 14:34:05 <pbrobinson> not from me 14:34:15 <tdawson> Nothing else from me 14:34:30 <pwhalen> #endmeeting