18:01:05 <sgallagh> #startmeeting FESCO (2022-01-25)
18:01:05 <zodbot> Meeting started Tue Jan 25 18:01:05 2022 UTC.
18:01:05 <zodbot> This meeting is logged and archived in a public location.
18:01:05 <zodbot> The chair is sgallagh. Information about MeetBot at https://fedoraproject.org/wiki/Zodbot#Meeting_Functions.
18:01:05 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
18:01:05 <zodbot> The meeting name has been set to 'fesco_(2022-01-25)'
18:01:05 <sgallagh> #meetingname fesco
18:01:05 <sgallagh> #chair nirik, decathorpe, zbyszek, sgallagh, mhroncok, dcantrell, mboddu, tstellar, Conan_Kudo, Pharaoh_Atem, Son_Goku, King_InuYasha, Sir_Gallantmon, Eighth_Doctor
18:01:05 <sgallagh> #topic init process
18:01:05 <zodbot> The meeting name has been set to 'fesco'
18:01:05 <zodbot> Current chairs: Conan_Kudo Eighth_Doctor King_InuYasha Pharaoh_Atem Sir_Gallantmon Son_Goku dcantrell decathorpe mboddu mhroncok nirik sgallagh tstellar zbyszek
18:01:10 <sgallagh> .hello2
18:01:11 <zodbot> sgallagh: sgallagh 'Stephen Gallagher' <sgallagh@redhat.com>
18:01:13 <dcantrell> .hello2
18:01:14 <Eighth_Doctor> .hello ngompa
18:01:14 <zodbot> dcantrell: dcantrell 'David Cantrell' <dcantrell@redhat.com>
18:01:17 <zodbot> Eighth_Doctor: ngompa 'Neal Gompa' <ngompa13@gmail.com>
18:01:22 <bcotton> .hello2
18:01:23 <zodbot> bcotton: bcotton 'Ben Cotton' <bcotton@redhat.com>
18:01:42 <mhroncok> .hello churchyard
18:01:43 <decathorpe> .hello2
18:01:43 <zodbot> mhroncok: churchyard 'Miro Hrončok' <mhroncok@redhat.com>
18:01:45 <tstellar> .hello tstellar
18:01:46 <zodbot> decathorpe: decathorpe 'Fabio Valentini' <decathorpe@gmail.com>
18:01:49 <zodbot> tstellar: tstellar 'Tom Stellard' <tstellar@redhat.com>
18:02:12 <zbyszek_> .hello2
18:02:13 <nirik> morning
18:02:13 <zodbot> zbyszek_: Sorry, but user 'zbyszek_' does not exist
18:02:21 <zbyszek> .hello2
18:02:22 <zodbot> zbyszek: zbyszek 'Zbigniew Jędrzejewski-Szmek' <zbyszek@in.waw.pl>
18:02:26 <dcantrell> you exist!
18:02:39 <zbyszek> Only 50% of the time
18:02:42 <nirik> I may have to step away at some point here as I have some folks coming by the house to do some work and I have to talk to them about it first...
18:02:47 <sgallagh> Don't worry, I believe in you
18:03:21 <zbyszek> I believe in myself, therefore I exist. At other times, I don't, so I don't.
18:04:04 <sgallagh> I think we have enough people to get started
18:04:12 <sgallagh> #topic F36 Change: Enable fs-verity in RPM
18:04:12 <sgallagh> .fesco 2711
18:04:13 <zodbot> sgallagh: Issue #2711: F36 Change: Enable fs-verity in RPM - fesco - Pagure.io - https://pagure.io/fesco/issue/2711
18:04:22 <sgallagh> Has anything changed here since last week?
18:05:28 <robertosassu> hi everyone
18:05:31 <robertosassu> not too much
18:05:42 <robertosassu> (from my side)
18:06:16 <robertosassu> I actually enhanced rpmsign to produce PGP signatures
18:06:21 <zbyszek> Hi Roberto
18:06:53 <robertosassu> hi Zbyszek
18:06:59 <robertosassu> https://github.com/robertosassu/rpm/commits/fsverity-gpg-v1
18:07:18 <robertosassu> there are also some bug fixes (for memory leaks)
18:07:44 <robertosassu> with this patch set you could use the same GPG key for both the RPM header and fsverity signatures
18:07:48 <decathorpe> Have any of these changes been accepted by upstream projects yet?
18:07:52 <mhroncok> doesn't this require the mass rebuild to be useful?
18:08:06 <robertosassu> yes, it would require a mass rebuild
18:08:17 <robertosassu> too late for F36 I guess
18:08:30 <robertosassu> however, I cannot experiment with Copr
18:08:42 <zbyszek> F36 was never realistic.
18:08:45 <robertosassu> Copr uses OBS signer
18:08:54 <zbyszek> That patch is surprisingly small.
18:09:08 <robertosassu> I would probably need some access to the Fedora infrastructure, to use Sigul
18:09:12 <robertosassu> yes, it is!
18:09:19 <robertosassu> it is very simple
18:09:51 <nirik> well, can you setup your own? I suppose we could look at testing in staging, but our stg signing is not very functional right now.
18:10:16 <robertosassu> if possible yes, I don't know if I need additional permissions
18:10:42 <Eighth_Doctor> our sigul package is broken
18:10:45 <Eighth_Doctor> nobody can currently set it up
18:10:45 <robertosassu> I was thinking that the impact of enabling this for executable content, kernel modules and firmware is not too much
18:10:59 <nirik> no, it's working on epel8
18:11:05 <nirik> it's broken in fedora
18:11:22 <robertosassu> I basically need to replace the original rpmsign with my version
18:12:08 <robertosassu> and provide some simple options
18:12:19 <Eighth_Doctor> nirik: it's not in epel8 at all, iirc
18:12:53 <nirik> yeah, you are right, it's in our epel8-infra tag.
18:12:57 <mhroncok> .el8.infra
18:13:27 * mboddu is here
18:13:46 <nirik> anyhow....I can try and help test this in stg, time permitting. But... I really wish we had some kind of plan or roadmap here aside from "lets enable all this stuff and perhaps our users will like to use it".
18:15:07 <robertosassu> I would still like to use DIGLIM for integrity protection, but seeing also the alternative solution with file/fsverity signatures would be great
18:16:00 <robertosassu> for the plan, probably the authors of this change can provide more details
18:16:06 <robertosassu> I can help with implementation, testing
18:16:35 * nirik thinks of http://www.islinuxaboutchoice.com/
18:17:02 <mboddu> nirik: Let me know if you need any help with testing in stg
18:17:18 <nirik> I can post to the thread and yea, perhaps change owners cna expand on what they want to use it for?
18:17:27 <Eighth_Doctor> I think we can do that
18:17:41 <zbyszek> That'd be helpful.
18:17:48 <robertosassu> https://src.fedoraproject.org/fork/robertosassu/rpms/rpm
18:18:10 <robertosassu> this is the project with rpm modifications
18:18:37 <robertosassu> f35 branch
18:20:09 <robertosassu> (still need to test better)
18:21:46 <mhroncok> should we formally reject this for f36?
18:21:47 <sgallagh> I think so, yes
18:22:02 <Eighth_Doctor> I'd prefer to punt it to F37 with the proviso it gets upstreamed first
18:22:03 <sgallagh> It's too late for the mass rebuild in any case
18:22:13 <mhroncok> we seem to spend a lot of time on this change during meetings
18:22:20 <zbyszek> Yeah, I don't think we need to "reject" it. Just reassign.
18:22:28 <Eighth_Doctor> mainly to make upstream folks consider prioritizing review
18:22:35 <robertosassu> ok for me
18:22:45 <mhroncok> I mean, saying "this will not happen in f36" without saying what will happen in f37
18:22:46 <Eighth_Doctor> same for the fsverity one
18:23:14 <zbyszek> mhroncok: I think we can just do it
18:23:40 <nirik> yeah, moving to 37 seems better than rejecting, if we are still wanting to discuss more and get things upstreamed
18:23:56 <mboddu> +1 to move to f37
18:23:56 <sgallagh> I agree
18:24:05 <robertosassu> yes, also the kernel is not ready to enforce yet
18:24:26 <tstellar> Does "move to f37" mean we approve this change for f37 or does it mean we will reconsider it for f37?
18:24:27 <mhroncok> +1 to move this to f37, if that does not mean actually approving it for f37
18:24:39 <sgallagh> Reconsider in F37
18:24:40 <mhroncok> reconsider +1, approve -1
18:24:44 <mboddu> Reconsider for f37
18:25:28 <zbyszek> Reconsider for f37
18:25:40 <nirik> right. just move it to pending for 37... still under discussion
18:25:41 <dcantrell> reconsider for F37
18:26:01 <decathorpe> Reconsider for f37 bandwagon
18:26:10 <tstellar> +1 To reconsider this for f37.
18:26:22 <Eighth_Doctor> +1
18:27:16 <sgallagh> #agreed FESCo will reconsider this Change for F37 at a later date. (+9, 0, -0)
18:27:24 <sgallagh> #topic F36 Change: DIGLIM
18:27:24 <sgallagh> .fesco 2721
18:27:25 <zodbot> sgallagh: Issue #2721: F36 Change: DIGLIM - fesco - Pagure.io - https://pagure.io/fesco/issue/2721
18:27:28 <sgallagh> Same here?
18:27:31 <zbyszek> +1
18:27:46 <mhroncok> Same here
18:27:59 <mboddu> Same
18:28:09 <dcantrell> same
18:28:13 <decathorpe> Same here.
18:28:21 <nirik> yeah. +1
18:28:26 <Eighth_Doctor> same
18:28:44 <sgallagh> #agreed FESCo will reconsider this Change for F37 at a later date. (+8, 0, -0)
18:28:59 <sgallagh> On to new business:
18:29:00 <sgallagh> #topic F36 Change: No ifcfg by default
18:29:00 <sgallagh> .fesco 2732
18:29:01 <zodbot> sgallagh: Issue #2732: F36 Change: No ifcfg by default - fesco - Pagure.io - https://pagure.io/fesco/issue/2732
18:29:26 <zbyszek> Do we have any of the NM folks here?
18:29:58 <decathorpe> Uh, I am inclined to say "same here" for this change as well. I don't think the cloud-init stuff can be ported in time for F36
18:30:40 <nirik> decathorpe: good point
18:30:42 <sgallagh> Yeah, my -1 on the ticket was not a blanket rejection, it's "Bring this back to us when it doesn't break cloud-init"
18:31:05 <zbyszek> Wouldn't it be worthwhile to deprecate the functionality already in F36? Gives people more time to react.
18:31:34 <decathorpe> deprecate, yes, remove, no. though the change proposal is kinda confusing wrt. that point after I read it again.
18:32:00 <mhroncok> "Do not include NetworkManager support for legacy network configuration files by in new installations. "
18:32:06 <mhroncok> cloud init could require that, no?
18:32:08 <Eighth_Doctor> it's been deprecated for a few releases now
18:32:33 <mhroncok> "Split the ifcfg plugin into a subpackage package. "
18:32:37 <Eighth_Doctor> mhroncok: the problem is that if they remove it, the code is almost certainly getting deleted and not being maintained
18:32:40 <mhroncok> we can include that package in cloud only for now
18:32:58 <zbyszek> mhroncok: indeed, Requires:<new-package> would be enough on cloud-init
18:33:08 <mhroncok> "For the time being the ifcfg plugin is kept around, albeit in a sub-package that's not included in new installations."
18:33:25 <zbyszek> Sure, it's reasonable not to install it by default.
18:33:30 <mhroncok> this sound like a non-issue to me, but maybe I cherry-pick only some parts of the change
18:34:18 <mhroncok> +1 providing that cloud-init requires this new package
18:34:22 <nirik> that sounds like a nice solution.
18:34:28 <zbyszek> +1 to mhroncok
18:34:30 <nirik> unless we are missing something.
18:34:35 <Eighth_Doctor> it's only nice as long as it doesn't go away
18:34:45 <sgallagh> I'm happy to switch to a +1 if we're not breaking cloud-init
18:34:50 <nirik> yeah, until it can.
18:34:54 <sgallagh> Conan Kudo: Ever?
18:34:56 <mhroncok> (I assume cloud-init is installed on the same system and not on some "host")
18:34:57 <nirik> +1 mhroncok
18:35:03 <Eighth_Doctor> Stephen Gallagher: until they port it
18:35:20 <mhroncok> cloud-init maintainers can maintain this forever or port cloud-init
18:35:46 <decathorpe> yeah, assuming we don't break cloud-init in F36, I'm fine with removing it from the default install everywhere that's not affected by that.
18:35:49 <Eighth_Doctor> mhroncok: cloud-init maintainers are not maintainers in NM codebase
18:36:03 <mhroncok> so they port it instead
18:36:18 <Eighth_Doctor> I'm fine with that, there's a BZ asking for it
18:36:23 <mhroncok> I am sure they can communicate iwth each other ert time frame
18:36:24 <tstellar> I think for something like this, we need to make a firm decission that we are goiong to do it in a future release, otherwise there is nothing motivating legacy users to update the code.
18:36:27 <Eighth_Doctor> I want it to be a precondition for them deleting the package
18:36:33 <mhroncok> s/ert/wrt/
18:36:50 <Eighth_Doctor> mhroncok: I am very doubtful that they can communicate with each other
18:37:02 <mhroncok> well, than something is broken, isn't it?
18:37:08 <mhroncok> *then
18:37:30 <mhroncok> the bugzilla exists. if cloud-init maintainers don't respond... it si probably not that importan tot keep cloud-init
18:37:46 * Eighth_Doctor sighs
18:37:51 <mhroncok> we cannot expect NM maintaers to port cloud-init themselves
18:38:11 <mhroncok> this change is about spliting it to a subpackage that can be installed and can be required
18:38:17 <mhroncok> +1 to that
18:38:20 <sgallagh> Proposal: request that the Change is updated to include a specific Fedora release (F37?) that will drop the ifcfg support entirely.
18:38:32 <mhroncok> if they plan to remove it entirely later, good for them, but that's another change
18:38:50 <zbyszek> Yeah, I don't think we should be putting words in the Change owners' mouths
18:38:51 <mhroncok> Stephen Gallagher: -1
18:39:28 <Eighth_Doctor> they're the NM developers, we can definitely ask them to commit to that
18:39:29 <mhroncok> we can recommend the change owners to approach cloud-init maintainers and communicate the time frame with them
18:39:32 <nirik> yeah, I'd hope someone could port it... and that NM folks will keep the old one around until that happens
18:39:41 <Eighth_Doctor> let's not kid ourselves here
18:40:13 <Eighth_Doctor> once network-scripts and ifcfg-rh are both dropped, there is no backend for us to configure with
18:40:20 <zbyszek> Eighth_Doctor: I expect that a person knowlegable in both projects could do it a day or two, including tests.
18:40:27 <mhroncok> (I am not comfortable telling them to ditch it in f37 if that was not their plan)
18:41:16 <mhroncok> (I'd support them if that's what they want)
18:41:17 <sgallagh> Sorry, the F37 piece was a suggestion, not a demand.
18:41:33 <sgallagh> The important part of that proposal was the definitive timeframe
18:41:36 <tstellar> What exactly does "Not included in new installs mean" ?  Can an f36 install the package if they want to ?
18:41:52 <tstellar> *f36 user
18:41:53 <mhroncok> tstellar: comps
18:41:55 <Eighth_Doctor> I interpret that as "no we can't"
18:41:59 <mhroncok> yes, they can
18:42:05 <Eighth_Doctor> as in, we're not supposed to as Fedora composes
18:42:12 <zbyszek> yes, they can. It's split out to a subpackage so that you can install it on demand.
18:42:13 <nirik> yes, just none of our composed images will use it except the cloud image
18:42:31 <mhroncok> Proposal: ...
18:42:50 <mboddu> Except the cloud images, it wont be shipped in another images, but the users can install it if they want to
18:43:01 <Eighth_Doctor> nirik: the change states we shouldn't
18:43:18 <mhroncok> change is approved. cloud-init will gain requires for the new subpackage, change owners to communicate in https://bugzilla.redhat.com/show_bug.cgi?id=2014701 wrt complete removal time frame
18:43:46 <zbyszek> .bug 2014701
18:43:48 <zodbot> zbyszek: 2014701 – cloud-init cannot configure networking using NM keyfiles - https://bugzilla.redhat.com/2014701
18:43:55 <zbyszek> mhroncok: +1
18:44:32 <Eighth_Doctor> mhroncok: +0 (leaning -1)
18:45:02 <nirik> perhaps we should add ... and will not break cloud-init until it's ported?
18:45:14 <sgallagh> mhroncok: +1
18:45:16 <Eighth_Doctor> nirik: adding that would make me +1
18:45:30 <mhroncok> nirik: that gives cloud-init a get out of jail free card
18:45:38 <sgallagh> nirik: I'm opposed to that.
18:46:08 <sgallagh> We would be essentially telling the NM folks that they have to retain ancient and crufty code indefinitely to avoid inconveniencing one package.
18:46:08 <Eighth_Doctor> mhroncok: the people removing the implementation should be responsible for making it not needed anymore, that's generally how these things have gone
18:46:11 <zbyszek> nirik: yeah, I don't think we ask for "communication", so let's not try to predict the outcome.
18:46:34 <Eighth_Doctor> Stephen Gallagher: it's the package that makes cloud images work for Fedora, RHEL, and everyone else
18:46:38 <zbyszek> nirik: sorry, we *ask* for communication, so let's not try to predict the outcome
18:46:42 <tstellar> sgallagh: But this proposal as written does not allow them to drop old code.
18:46:45 <nirik> well, we would be telling them to get it ported... convince them to do it, hire someone, find a person, etc?
18:46:57 <mhroncok> Conan Kudo: I disagree. we would have never "removed" python2 if that was true
18:47:35 <zbyszek> I'm very much with mhroncok here. This feet-dragging on part of cloud-init is their problem, not NMs.
18:47:37 <mhroncok> I don'T expect the change owners to silently drop the subpackage in F36 after they split it
18:47:39 <nirik> well, I do want them to communicate... I just don't want us to be in a position where cloud images break and the two sides point at each other... if we say 'don't break this, but we don't care how you fix it' isn't that enough?
18:47:46 <Eighth_Doctor> mhroncok:  you _did_ help with porting hundreds of Python packages
18:47:47 <mhroncok> if that was their intention, they would say so
18:48:03 <Eighth_Doctor> as did I and several others in the SIG
18:48:19 <tstellar> I think they either need to update the proposal with a long-term removal plan for us to vote on or plan to submit another proposal when they want to completely remove the old functionality.
18:48:35 <mhroncok> I helped, but I would not be very happy if fesco demanded I port everything
18:48:44 <dcantrell> tstellar: I agree with that
18:49:10 <mhroncok> I am completely Ok if we say "removal will be coordinated by another change"
18:49:24 <zbyszek> Yeah.
18:49:31 <mhroncok> it feels unnecessary to me, but I am OK with that
18:49:51 <mhroncok> let me put a full proposal...
18:49:55 <sgallagh> A removal is honestly the only part of this that would justify a Change
18:50:05 <sgallagh> Otherwise, it's just basic package maintenance
18:50:20 <zbyszek> sgallagh: a Change is very good for visibility and announcing intent.
18:50:22 <mhroncok> change is approved. cloud-init will gain requires for the new subpackage, change owners to communicate in https://bugzilla.redhat.com/show_bug.cgi?id=2014701 wrt complete removal time frame. complete removal of the subpackage/code will be coordinated by another change in the future
18:50:32 <Eighth_Doctor> mhroncok: +1
18:50:34 <zbyszek> +1
18:50:34 <nirik> mhroncok: +1
18:50:44 <tstellar> sgallagh: Yeah, it took me a few times of reading the proposal to understand that it's just package maintenance.
18:51:05 <dcantrell> mhroncok: +1
18:51:11 <mhroncok> it also changes the defaults, so not just package maintanence
18:51:27 <sgallagh> mhroncok: Ok, I can get on board with that. +1
18:51:39 <mhroncok> +1 myself FTR
18:51:48 <tstellar> mhroncok: +1
18:52:24 <decathorpe> +1
18:52:43 <sgallagh> I count +8... mboddu ?
18:53:21 <tstellar> mhroncok: Which default, you mean the comps?
18:53:42 <mhroncok> tstellar: yes, basically "won't be installed by default"
18:54:03 <mhroncok> (which is spelled out in the name and summary)
18:55:04 <sgallagh> #agreed change is approved. cloud-init will gain requires for the new subpackage, change owners to communicate in https://bugzilla.redhat.com/show_bug.cgi?id=2014701 wrt complete removal time frame. complete removal of the subpackage/code will be coordinated by another change in the future (+8, 0, -0)
18:55:05 <tstellar> mhroncok: Yeah Ok.
18:55:17 <sgallagh> #topic Next week's chair
18:55:25 * sgallagh lobs the grenade
18:55:34 <sgallagh> Who's going to jump on it?
18:56:13 * zbyszek has the school spring break and is not sure if he'll be there.
18:57:18 <decathorpe> I'll be in the middle of exam season, but I can run more meetings again after that's done :/
18:57:33 * mhroncok can do it
18:57:50 <tstellar> I can do it, but I would need someone to walk me through the process.
18:58:15 <zbyszek> tstellar: https://fedoraproject.org/wiki/FESCo_meeting_process is pretty helpful
18:58:39 * mhroncok can walk tstellar through the process
18:59:25 <sgallagh> #action tstellar to chair next week with mhroncok 's guidance
18:59:32 <sgallagh> #topic Open Floor
18:59:37 <sgallagh> Thanks, mhroncok , tstellar
19:00:05 <zbyszek> Q for nirik:
19:00:18 <zbyszek> what about the mass rebuild and the ppc64le issues?
19:00:29 <zbyszek> Is another mini-rebuild planned after gcc is updated?
19:00:41 <nirik> yes, I sent an email with status before the fesco meeting. :)
19:00:44 <mhroncok> yes, see devel-announce
19:00:46 <nirik> we plan another pass on failed ones.
19:00:56 <nirik> hopefully that will fix the ppc64le ones.
19:01:01 <mhroncok> when can we expect the bugzillas?
19:01:34 <mboddu> sgallagh: Sorry, need to step out for a bit, but yeah, +1
19:01:59 <zbyszek> mhroncok: I think the bugzillas are already being filed, I got at least one.
19:02:15 <mhroncok> it stopped
19:02:17 <zbyszek> nirik: thanks. I somehow missed the second page of your announcement.
19:02:19 <nirik> I think jednorozec was working on fixing the filing script today, so tomorrow?
19:02:19 <nirik> I hope signing will be done by then. ;(
19:02:47 <nirik> yeah, it hit the bz 20 limit thing... needs fixing for that
19:03:24 * mhroncok is happy to help fixing that thing, done it several times already
19:03:31 <mhroncok> (but not today)
19:03:46 <tstellar> nirik: Is there a page that lists all the current failing packages?
19:04:06 <zbyszek> tstellar: https://kojipkgs.fedoraproject.org/mass-rebuild/f36-failures.html
19:04:49 <nirik> yep. ^
19:06:41 <sgallagh> Anything else for today?
19:06:44 <mhroncok> nope
19:09:29 <mhroncok> ?
19:09:42 <mboddu> None from me
19:11:32 * nirik has nothing
19:11:35 <sgallagh> #endmeeting