fedora-coreos-meeting
LOGS
<@jbtrystram:matrix.org>
16:32:54
!startmeeting fedora_coreos_meeting
<@jbtrystram:matrix.org>
16:32:59
!topic roll call
<@meetbot:fedora.im>
16:32:59
Meeting started at 2024-09-04 16:32:54 UTC
<@meetbot:fedora.im>
16:32:59
The Meeting name is 'fedora_coreos_meeting'
<@aaradhak:matrix.org>
16:33:19
!hi aaradhak
<@zodbot:fedora.im>
16:33:22
Aashish Radhakrishnan (aaradhak)
<@siosm:matrix.org>
16:33:30
!hi
<@zodbot:fedora.im>
16:33:37
Timothée Ravier (siosm) - he / him / his
<@gurssing:matrix.org>
16:33:39
!hi gursewak
<@zodbot:fedora.im>
16:33:43
Gursewak Singh (gursewak)
<@marmijo:fedora.im>
16:33:48
!hi
<@zodbot:fedora.im>
16:33:49
Michael Armijo (marmijo)
<@jbtrystram:matrix.org>
16:33:53
!hi
<@zodbot:fedora.im>
16:33:55
Jean-Baptiste Trystram (jbtrystram) - he / him / his
<@dustymabe:matrix.org>
16:33:59
!hi
<@zodbot:fedora.im>
16:34:01
Dusty Mabe (dustymabe) - he / him / his
<@jbrooks:matrix.org>
16:34:34
!hi jasonbrooks
<@zodbot:fedora.im>
16:34:37
Jason Brooks (jasonbrooks) - he / him / his
<@jlebon:fedora.im>
16:35:38
!hi
<@zodbot:fedora.im>
16:35:39
None (jlebon)
<@jbtrystram:matrix.org>
16:35:55
i'll wait another minute and get started :)
<@dustymabe:matrix.org>
16:35:59
I'll need to drop at some point to pick up kids from school
<@ravanelli:matrix.org>
16:36:12
!hi ravanelli
<@zodbot:fedora.im>
16:36:19
Renata Ravanelli (ravanelli)
<@jbtrystram:matrix.org>
16:36:28
There were no actions items from the last meeting, so let's go into the topics
<@jbtrystram:matrix.org>
16:36:40
!topic /boot/efiisunlabeled_t since version 40.20240504.3.0
<@jbtrystram:matrix.org>
16:36:49
<@jbtrystram:matrix.org>
16:37:21
Jonathan Lebon: added the meeting label on this
<@jbtrystram:matrix.org>
16:37:45
ohh it was discussed last week but the label was not removed
<@jbtrystram:matrix.org>
16:38:39
I don't think there were new development, let's move on
<@jbtrystram:matrix.org>
16:39:39
well, same thing for the second scheduled topic, so we have no topics today !
<@jbtrystram:matrix.org>
16:39:53
!topic Open Floor
<@siosm:matrix.org>
16:40:15
we still need to talk about it
<@dustymabe:matrix.org>
16:40:16
jbtrystram: in that case: reminder to add the `meeting` label to tickets you think warrant group discussion
<@dustymabe:matrix.org>
16:40:27
jbtrystram: in that case: reminder to all to add the `meeting` label to tickets you think warrant group discussion
<@siosm:matrix.org>
16:40:39
we also have https://github.com/coreos/fedora-coreos-tracker/issues/1708
<@siosm:matrix.org>
16:40:58
(the meeting action does not picks up late-tag tickets)
<@dustymabe:matrix.org>
16:41:04
any takers to implement adding the `lspci` owning package? https://github.com/coreos/fedora-coreos-tracker/issues/1778
<@siosm:matrix.org>
16:41:09
(the meeting action does not pick up late-tag tickets)
<@jbtrystram:matrix.org>
16:41:38
dustymabe: yeah sorry i realized very late it was my turn to host the meeting so i did not really prep
<@jbtrystram:matrix.org>
16:41:46
!topic add pciutils
<@jbtrystram:matrix.org>
16:41:54
<@jbtrystram:matrix.org>
16:42:15
The previous agreement was to add this package in FCOS but no-one actually did it
<@dustymabe:matrix.org>
16:42:27
jbtrystram: :) - I was mostly just throwing that out there for Open Floor to see if anyone wanted to pick up implementing it (should be pretty easy)
<@jbtrystram:matrix.org>
16:43:11
I have a friend interested to get started to contribute on FCOS so i'm happy to mentor him through that if there is no takers
<@siosm:matrix.org>
16:43:32
sounds like a good plan
<@jbtrystram:matrix.org>
16:43:47
cool, voluntered ! :D
<@jbtrystram:matrix.org>
16:44:27
!action jbtrystram to add lspci package to FCOS manifests
<@jlebon:fedora.im>
16:45:04
yeah, would like to discuss https://github.com/coreos/fedora-coreos-tracker/issues/1708
<@jbtrystram:matrix.org>
16:45:46
!topic New Package Request: s390utils.base
<@jbtrystram:matrix.org>
16:46:19
<@jbtrystram:matrix.org>
16:46:46
who want to introduce it ?
<@jlebon:fedora.im>
16:47:13
there's a new feature in Ignition: using the CEX card on s390x when doing LUKS
<@jlebon:fedora.im>
16:47:13
CEX is basically cryptography hardware
<@jlebon:fedora.im>
16:47:50
it requires zkey, which is currently in s390utils-base
<@jbtrystram:matrix.org>
16:48:56
so the plan is to split that into a subpackage ?
<@jlebon:fedora.im>
16:49:20
i don't actually expect anyone interested in running FCOS with this, but for testing purposes, currently the written tests only work on RHCOS because of this
<@jlebon:fedora.im>
16:50:06
jbtrystram: that'd be the ideal, but the maintainer didn't answer the ping there, and in the past hasn't been very responsive unfortunately
<@jlebon:fedora.im>
16:51:03
worth trying a different medium perhaps. though also, this is s390x so i'm more ok if it e.g. pulls in Perl there personally
<@siosm:matrix.org>
16:51:34
I was going to say that, but that does not help us down the line
<@dustymabe:matrix.org>
16:51:47
ehh. I'd really prefer not - python is one thing, perl is another
<@jbtrystram:matrix.org>
16:51:59
are the countme stats reporting the architecture ?
<@dustymabe:matrix.org>
16:52:11
jbtrystram: yes.
<@dustymabe:matrix.org>
16:52:31
and yes. basically no one uses it, which could be argument for us just not building it
<@siosm:matrix.org>
16:53:02
ppc64le & s390x are single digit
<@jlebon:fedora.im>
16:53:10
totally fine to keep trying to reach the maintainer. but if that fails/there's no agreement, i don't think we should block on it
<@dustymabe:matrix.org>
16:53:25
I feel like this is an IBM problem TBH
<@siosm:matrix.org>
16:53:30
(but it helps us catch issues early for downstream builds)
<@dustymabe:matrix.org>
16:53:39
IBM wants CEX, IBM maintains that package
<@siosm:matrix.org>
16:53:52
agree, we should pu pressure there
<@siosm:matrix.org>
16:53:57
agree, we should put pressure there
<@dustymabe:matrix.org>
16:54:50
of course we could just include perl in our s390x artifacts, but then s390x really starts to become it's own thing very much unlike the rest of our architectures (things are mostly uniform right now)
<@jlebon:fedora.im>
16:55:40
end of topic for me
<@dustymabe:matrix.org>
16:55:58
same - going to go grab kids from school 👋
<@jbtrystram:matrix.org>
16:57:07
travier: do you want to take on the action on trying to contact the maintainer ?
<@siosm:matrix.org>
16:57:26
I asked Madhu to do it in the ticket
<@jbtrystram:matrix.org>
16:57:32
nice
<@jbtrystram:matrix.org>
16:58:04
!action madhu to contact the maintainer to see if agreement is reachable to split the package
<@jbtrystram:matrix.org>
16:58:32
Any other topics to discuss ?
<@siosm:matrix.org>
16:58:53
We should talk about again https://github.com/coreos/fedora-coreos-tracker/issues/1771
<@siosm:matrix.org>
16:59:03
We should talk about https://github.com/coreos/fedora-coreos-tracker/issues/1771 again
<@jbtrystram:matrix.org>
17:00:45
!topic /boot/efi is unlabeled_t since version 40.20240504.3.0
<@jbtrystram:matrix.org>
17:00:51
<@jlebon:fedora.im>
17:02:08
this isn't correct AFAIK. the maintainer works at red hatter (so yes... IBM, but i don't think what you meant :) )
<@siosm:matrix.org>
17:02:18
AFAIK, we don't have any update test for bootup so does not show up a test failure yet: https://github.com/coreos/fedora-coreos-tracker/issues/1788
<@siosm:matrix.org>
17:02:56
I'm pushing fixes for bootupd updates in the selinux policy in https://github.com/coreos/bootupd/issues/694
<@siosm:matrix.org>
17:03:29
and asking for freeze exceptions for F41: https://bugzilla.redhat.com/show_bug.cgi?id=2309742
<@siosm:matrix.org>
17:03:43
but that won't help us here as it won't give us access to unlabeled files
<@siosm:matrix.org>
17:04:15
so we need a fix / workaround for this one for F41 or we will have issues the next time we need to do a bootloader update
<@siosm:matrix.org>
17:04:55
We're also pushing for always on bootloader updates in https://github.com/coreos/bootupd/pull/716
<@siosm:matrix.org>
17:05:13
but that does not work yet with RAID setups in FCOS
<@siosm:matrix.org>
17:06:13
So it's more of a status update as we have to be careful otherwise this might become an urgency the next time we need to update the bootloader
<@siosm:matrix.org>
17:08:39
One option until we get this sorted out is to turn back the domain in permissive mode, not at the upstream level, but just for us
<@jlebon:fedora.im>
17:09:05
travier: we did this already in https://github.com/coreos/fedora-coreos-config/commit/40e9f23bb9322b97f6593cb3569b3d951aa7619f
<@jlebon:fedora.im>
17:09:20
travier: we did that option already in https://github.com/coreos/fedora-coreos-config/commit/40e9f23bb9322b97f6593cb3569b3d951aa7619f
<@siosm:matrix.org>
17:09:48
great, I had missed that
<@siosm:matrix.org>
17:10:07
ok, it's less of a concern then
<@jlebon:fedora.im>
17:10:13
but yeah, clearly we need to fix the labels. i think it's already on the radar but not sure yet who's picking it up
<@siosm:matrix.org>
17:10:19
let's move on
<@jlebon:fedora.im>
17:10:26
dustymabe was looking at it
<@jbtrystram:matrix.org>
17:11:39
We agreed to have a chat about that with dusty tomorrow :)
<@jbtrystram:matrix.org>
17:12:33
do we have any other topics folks want to discuss ?
<@jlebon:fedora.im>
17:13:36
this isn't correct AFAIK. the maintainer is a red hatter (so yes... IBM, but i don't think what you meant :) )
<@siosm:matrix.org>
17:14:00
ok for me
<@dustymabe:matrix.org>
17:16:42
yeah. we wanted to get our pipelines back green without a ton of overrides or denylist entries.. will try to unfurl all the selinux denials over time with the maintainer
<@jbtrystram:matrix.org>
17:18:43
Should we communicate this change somewhere or wait so the story is more fleshed out ?
<@jbtrystram:matrix.org>
17:18:43
I have a small topic : we recently started publishing build tags for our bootable container images. Which allow people to properly consume them and revert back if needed. However zincati does not support that, so it exists but can't be supported in that state.
<@jbtrystram:matrix.org>
17:19:13
It's on my list to bring that discussion back to the table :)
<@siosm:matrix.org>
17:21:19
Unfortunately, once we start advertising our container images, we will get users, and then that means that we'll double the amount of things to look at until we move things to containers
<@jlebon:fedora.im>
17:21:43
jbtrystram: this is part of the much larger discussion of "layering + updates"
<@siosm:matrix.org>
17:21:43
so I'm more for a "one step at a time" approach
<@jlebon:fedora.im>
17:23:07
which, we had put on pause for a bit but we need to resume as part of the "roadmap to bootable containers"
<@jlebon:fedora.im>
17:24:10
jbtrystram: i vaguely recall you were interested in that part of the story? (zincati and layering) or am i misremembering?
<@jbtrystram:matrix.org>
17:24:44
I am ! That's why i want to bring that story out of the limbo it's been for a year
<@jlebon:fedora.im>
17:25:37
jbtrystram: maybe let's set up a meeting to chat :)
<@jbtrystram:matrix.org>
17:25:53
But okay, let's not brag about the container until this is more fleshed out
<@jbtrystram:matrix.org>
17:26:00
But okay, let's not brag about the containers tags until this is more fleshed out
<@siosm:matrix.org>
17:27:38
Ideally, we start bragging about them once we are ready to transition everybody to them
<@siosm:matrix.org>
17:28:31
composefs is one part, zincati support another, the tags were another bit as well
<@siosm:matrix.org>
17:29:49
we kind of derived into open floor. Anything for open floor?
<@siosm:matrix.org>
17:30:03
(we're almost at time)
<@siosm:matrix.org>
17:30:12
(we're <del>almost</del> at time)
<@jlebon:fedora.im>
17:30:51
nothing on my side!
<@dustymabe:matrix.org>
17:32:02
time for some food
<@jbtrystram:matrix.org>
17:32:15
thanks for attending everyone !
<@jbtrystram:matrix.org>
17:32:23
I'm closing here
<@jbtrystram:matrix.org>
17:32:31
!endmeeting