Meeting started at 2025-02-19 16:34:17 UTC

The Meeting name is 'fedora_coreos_meeting'

!hi

Timothée Ravier (siosm) - he / him / his

Hey, sorry. My internet desconnected for a while here.

!hi

Joe Doss (jdoss)

!hi

No Fedora Accounts users have the @ydesouza:matrix.org Matrix Account defined

👋

!hi

Pragyan Poudyal (pragyan-poudyal)

Yasmin de Souza: 👋 Feel free to host it if you want

!hi

Hristo Marinov (hricky) - he / him / his

!hi

Dusty Mabe (dustymabe) - he / him / his

!hi

No Fedora Accounts users have the @ydesouza:matrix.org Matrix Account defined

!hi

Jean-Baptiste Trystram (jbtrystram) - he / him / his

I am not sure why zodbot is giving this message. 👀

!hi

Michael Armijo (marmijo)

You can set your matrix account at https://accounts.fedoraproject.org/

to link it to your Fedora account

!hi

Adam Piasecki (c4rt0) - he / him / his

marmijo: could you run this while I am fixing this? Sorry about it.

Absolutely!

Thanks! Sorry about it

Good morning/afternoon/evening everyone. Looks like we have most people here. I'll give it another minute

Alright, let's start

I see only one action from the last meeting:

jdoss to organize high bandwidth meeting with jlebon travier spresti and bri to discuss next steps for ignition/afterburn and proxmox static networking

Heck yeahhhh!

it is going to be a very proxmox time. Very exciting. Let me tell you.

I was out of the loop on this one. Did the meeting happen?

the meeting is Tomorrow if you want to join DM me your email.

perfect, I'll do that!

Thursday, February 20⋅11:00am – 12:00pm Central US

5PM UTC

!hi

None (jlebon)

That's great. I actually have another meeting at that time, but I could try to catch up afterwards.

But if anyone else is interested, DM jdoss!

moving on

We just passed the beta freeze event

Correct. Which means we need to pay close attention to know when beta will get released

Current target is Tue 2025-03-11

The GO/No-GO meeting determines if the Beta is Go

it happens on Thursdays if I'm not mistaken

Correct.

Maybe we should find volunteers each week to attend (or at least keep an eye one it)

Early target is 2025-03-11

Some dates from the schedule:

while "Target Date 1" is a week later: 2025-03-18

Anyone want to volunteer to watch the go/no-go meeting as we move closer to beta release?

At the point we think we have probably shipped the last F41 based `next` then we should enable `next-devel` and disable `branched`

marmijo: if no one else volunteers I can, but would encourage others to volunteer too

I can plan to watch those meetings also 👍️

I will warn you - some of it is really dry.. They discuss lots of details about bugs we often don't care about.. but it's just something to keep an eye on in the background while you do other things

i am curious !

if that's a time i am around i'll join

sometimes the bugs are ones we do care a bout and suggested as blockers or freeze exceptions

jbtrystram: unfortunately I think it's usually at a time that would be inconvenient for you :(

yeah, most of the time we don't care about most of the topics discussed, but it's a good place to bring our topics if we have any

:(

I think I sat in on one or two during the last release cycle

if we have bugs that we want to highlight then it's the place

more than attending, I think it would be good if we make sure each week that the list of bugs we care about is correctly reflected in the list of blocking bugs

https://qa.fedoraproject.org/blockerbugs/

so if there are no bugs we care about, the person can skip the meeting. If there are some, someone should attend

That's fair

Anything else about this topic? We have some new F42 change considerations to discuss if we ant to move to that topic

Looking at the list today I don't see any that we would care about.

dustymabe: are you talking about bugs or F42 changes?

proposed blocker bugs

gotcha! moving on

I updated the list this morning, but I did it a little fast. So there might be some "notes" missing from certain items that I'll update later.

More importantly, there are new change considerations

Change 129

As we don't use the Anaconda installer to install FCOS we can ignore this one 👍️

great!

I think we also already use GPT everywhere? (would need to be confirmed)

The last one for system wide changes is 130

We don't suport FIPS mode in FCOS right now

I use FIPS mode in my appliance builds.

Does this mean it will get removed?

I think this change is just removing tooling to change an existing system.. basically if you want FIPS you needed to know from creation time

yes

See https://fedoraproject.org/wiki/Changes/RemoveFipsModeSetup#Detailed_Description

https://github.com/coreos/fedora-coreos-tracker/issues/302#issuecomment-1460506911 is what I do basically.

Yeah this is gonna break my bacon I think. Not good.

As it's been said multiple times, FIPS mode is not supported in Fedora in general

[https://github.com/coreos/fedora-coreos-tracker/issues/302 & ](https://github.com/coreos/fedora-coreos-tracker/issues/302#issuecomment-2518741080)

https://github.com/coreos/fedora-coreos-tracker/issues/302#issuecomment-2518741080

https://fedoraproject.org/wiki/Changes/RemoveFipsModeSetup#Context_information_on_FIPS

Right my Enterprise customers need FIPS and since I can't buy RHCOS licenses I have to make due and enable it using what I linked above. So this means I will need to figure out a different path if the tooling is being removed.

(it's not a technical question but a policy one)

The tooling is not being removed

jdoss: the canonical enablement flag is the karg now

What you are doing will still work

it's just not FIPS compliant

> it's just not FIPS compliant

And never was, because Fedora doesn't submit things for review (which is apparently a requirement)

Trust me I would not bother with it but I have security people that require FIPS mode be enabled.

well maybe that's all they need then :)

I am with you, I don't think it makes anything more secure but Banks for some reason want the FIPS.

do they need "compliance" or do they need "FIPS mode enabled" - notably they aren't the same thing :)

jdoss: basically i htink the only change to your flow is to drop the `fips-mode-setup` call in your Containerfile

jdoss: basically i think the only change to your flow is to drop the `fips-mode-setup` call in your Containerfile

I don't want the FIPS. Please god save me from the FIPS.

Thanks guys. Sorry for the noise.

on the openshift/os side, this is tracked at https://github.com/openshift/os/issues/1665

We can move on as this change does not impact FCOS directly and as Jonathan linked, we'll update RHCOS for it

232.

There are a lot of changes in the "Self Contained" section. 229-245. It's probably not worth going through each one individually.

agree, most of them do not apply to us

We are a bit late for the 232 one so I posted a status update at https://pagure.io/fesco/issue/3364#comment-956339 to let people now that it's still on track

Are there any we want to discuss in more detail?

An update for 243 would be good to have as well

243:

I think it's tracked on our side in https://github.com/coreos/fedora-coreos-tracker/issues/1852

And Dusty added a comment to the "notify users" tracker https://github.com/coreos/fedora-coreos-tracker/issues/1863#issuecomment-2666677485

yes. I'll update the issue. but the TL;DR is that this is now implemented for rawhide/branched/next-devel

we found (earlier today) that ppc64le ISOs are failing tests. So that would be our final gap I think

Nemric: reported yesterday that a test system on Branched running kubernetes off of live PXE worked well

Great! Can someone comment in the BZ to mention that this is on track for F42?

https://bugzilla.redhat.com/show_bug.cgi?id=2346259

yep, but I'll mention I'm only one half of that change request

so I'll ask Conan Kudo to do the update for the other half

I will merge the PR momentarily

https://pagure.io/fedora-kiwi-descriptions/pull-request/105

Conan Kudo: FYI we found some issues with ppc64le - so you might see the same.. we'll get an issue opened for it later today or tomorrow morning

I'm annoyed that now I have ignore CI because Fedora CI is busted

every run is stalled and timing out after 6 hours

it's been this way for weeks

I don't know what happened to break the infrastructure

and now it's frozen!

have you reported it in https://pagure.io/fedora-ci/general/issues ?

marmijo: we can move on

Conan Kudo:

Have we you tried turning it _off_ then back _on_ again Conan Kudo ??? /s

Have you tried turning it _off_ then back _on_ again Conan Kudo ??? /s

Sounds good. Are there any other changes that we want to discuss? 237 looked interesting

I will do this later today

I would say that this should be transparent to us from the description but I'm not 100% sure

seems like it

do we ship `hwcaps-loader` package?

doesnt look like it

oh. I see. The proposal is that Fedora packages that up and makes it available

but I don't know if that package is required in order to take advantage of the change

> This is where hwcaps-loader comes in. hwcaps-loader is a very small program which only has a single purpose: execute the best binary supported by the machine.

so yeah. I think we'd need to include that in CoreOS if we wanted it. I guess we can ask some clarifying questions to the proposal owner

We've only got a few minutes left. We can move on to open floor now.

i suppose that if a maintainer found interest in supporting multiples feature flags they would add hwcaps-loader as a dependency to their packages

perhaps

Reminder that the CfP for DevConf.cz (https://www.devconf.info/cz/) ends on March 2nd, if folks wants to submit something FCOS related

i think it probably makes sense to ship, but it depends on size/deps

I think I'm going to try to submit something

Our Hands on labs are always popular too - so we should try to submit one of those

to both flock and devconf

probably would be a good opportunity to update our hands on lab - especially with our switch to OCI for update payload coming up

i'd like to as well to discuss image mode stuff, but not sure yet if i can make it

Jonathan Lebon: yeah. You can probably have a co-presenter and hopefully one of you can make it :)

Thanks for joining today everyone. I'll go ahead and close the meeting