Meeting started at 2025-01-28 15:00:43 UTC

The Meeting name is 'fedora_bootc_initiative'

!hi

!hi

Dusty Mabe (dustymabe) - he / him / his

Hristo Marinov (hricky) - he / him / his

!hi

None (rsturla)

!hi

Joseph Marrero (jmarrero)

!hi

Paul Whalen (pwhalen)

!hi jasonbrooks

Jason Brooks (jasonbrooks) - he / him / his

!hi

Timothée Ravier (siosm) - he / him / his

!hi

None (jlebon)

!hi

John Eckersberg (jeckersb)

!hi

Jean-Baptiste Trystram (jbtrystram) - he / him / his

I think there was only one action item, which was mine, which was to file an issue talking about the question of what this initiative might become, where to continue the work, once it has run its course, in May.

I haven't done that yet

Are there other topics that folks here want to discuss?

I think last time we said we would discuss one issue further.. let me grab the link

Right, Colin's container native builds issue

I think you were going to ponder that further, right, Dusty?

ahh yes, i missed the convo around that ticket last week

We discussed this in the FCOS community last week: https://github.com/coreos/fedora-coreos-tracker/issues/1861#issuecomment-2608134063

AGREED: FCOS is generally on board with changing FCOS builds to use podman

```

```

build with multi-stage builds in the future. (@dustymabe:matrix.org, 17:30:05)

Cool, is there a game plan for making that switch?

As mentioned in our ticket - there is still some nuance on whether we go directly to a derived build or we continue to build from scratch esssentially

Jason Brooks: FCOS rawhide today is already inheriting from bootc base-images repo. I think we could start experimenting there. Jonathan Lebon would know more about any potential blockers

I'm curious about the "look like a base image" comment in there

i'm going to prototype building FCOS as a derived container using the recent work that landed in rpm-ostree

Does fcos rawhide derive from tier-x?

"inherit" would be a better word

we inherit manifest definitions, but otherwise build from scratch

Ah, ok, I see vs derive, and does that relate to this comment about more efficient images?

Does that change with the effort we have on the custom base images, a lot of the manifests are being reworked here: https://gitlab.com/fedora/bootc/base-images/-/tree/wip-baseimage-rework?ref_type=heads

Does that change with the effort we have on the custom base images?, a lot of the manifests are being reworked here: https://gitlab.com/fedora/bootc/base-images/-/tree/wip-baseimage-rework?ref\_type=heads

yeah exactly. doing a "simple derive" where we just `RUN dnf install -y big list of packages` would give suboptimal results

From an end-user perspective, doing this is far more simple than forcing people to deal with git submodules

I've been playing around with the new build-chunked-oci, and while I've not (yet) been able to make it work, I do really like the flow of adding 10ish lines to the bottom of a Containerfile and forgetting about it.

From an ~~end-user~~ builder/developer's perspective, doing this is far more simple than forcing people to deal with git submodules

I've been playing around with the new build-chunked-oci, and while I've not (yet) been able to make it work, I do really like the flow of adding 10ish lines to the bottom of a Containerfile and forgetting about it.

jmarrero: i haven't looked at that work closely yet

Robert Sturla: yeah, to be clear, the git submodule approach in FCOS at least was never meant to be permanent. but it's a good preparatory step

Is there more to discuss on this? I suppose it'd be good to have Colin Walters

I think that re-work is a big part of the effort in the base images MR to make the build more container native not just for bootc but also for others that want to have custom base images and hopefully provide a base(base) image others can easily start with and then just rechunk at the end.

Are there any blockers in fedora infra, like, we don't need konflux for this, do we?

Jason Brooks: FCOS specifically doesn't need konflux because we already know how to do container builds across architectures

other variants/editions might need it?

Jason Brooks: FCOS specifically doesn't need konflux because we already know how to do container builds across architectures in our existing pipeline

dustymabe: though eventually we do build FCOS in Konflux as well. though yeah, we're not blocked by it

Jonathan Lebon: I can't remember -- would this change require `podman build` running as `root` ? right now our container builds in FCOS are done as a normal user

I think I did a bootc build recently as a normal user

Jason Brooks: it's the overall mechanisms currently used to build the base images. there's ongoing work to stand that up in the Fedora Konflux instance, so it should fit in with that

dustymabe: it does not

Any action items related to this?

that said, i usually use at least `--security-opt label=disable` so i don't have to relabel the contextdir

Jonathan Lebon: would that also mean we could get away from using supermin for unpriv builds in openshift ?

Jason Brooks: maybe not for now? i think as FCOS and others explore that new workflow, gaps will emerge

I guess that also depends on running podman itself in openshift

anyway - this is off topic - we can move on

What should we discuss next time?

dustymabe: yeah, that won't work with the default restricted SCC i think

I may not be here, I'm going to the fedora council hackfest next week

Jason Brooks: maybe the base-images rework that joseph pointed to earlier

Well, maybe I'll bug Colin in the main room to come up w/ a topic 🙂

assuming Colin is present

I'll poke him after the meeting

All right, should we wrap it up?

we could also talk about sysexts at some point :)

Yeah, that's an interesting one, I haven't even tried it yet

yeah. there a few use cases from the FCOS side we need to discuss I think - i.e. features in bootc we want to see

I added a comment on an existing issue RE sysexts and generic overlays inbootc, but I'm not too sure if it belongs there or a separate issue

https://github.com/containers/bootc/issues/7#issuecomment-2591390476

(like Jason Brooks I'll be away next week, doing training)

Ok, I'm wrapping it up