<@gurssing:matrix.org>
16:30:05
!startmeeting fedora_coreos_meeting
<@gurssing:matrix.org>
16:30:07
!topic roll call
<@meetbot:fedora.im>
16:30:08
Meeting started at 2024-05-01 16:30:05 UTC
<@meetbot:fedora.im>
16:30:08
The Meeting name is 'fedora_coreos_meeting'
<@aaradhak:matrix.org>
16:31:26
!hi aaradhak
<@zodbot:fedora.im>
16:31:28
Aashish Radhakrishnan (aaradhak)
<@gurssing:matrix.org>
16:31:40
!hi gursewak
<@zodbot:fedora.im>
16:31:42
Gursewak Singh (gursewak)
<@dustymabe:matrix.org>
16:31:56
!hi
<@zodbot:fedora.im>
16:32:04
Dusty Mabe (dustymabe) - he / him / his
<@marmijo:fedora.im>
16:32:13
!hi
<@zodbot:fedora.im>
16:32:16
Michael Armijo (marmijo)
<@hricky:fedora.im>
16:32:22
!hi
<@zodbot:fedora.im>
16:32:25
Hristo Marinov (hricky) - he / him / his
<@gurssing:matrix.org>
16:33:42
!topic Action items from last meeting
<@jlebon:fedora.im>
16:33:59
!hi
<@zodbot:fedora.im>
16:34:01
None (jlebon)
<@gurssing:matrix.org>
16:34:34
!topic Action items from last meeting
<@gurssing:matrix.org>
16:36:30
No action item from last meeting.
<@gurssing:matrix.org>
16:36:48
!topic Consider dropping moby-engine from the base image
<@gurssing:matrix.org>
16:37:01
!link https://github.com/coreos/fedora-coreos-tracker/issues/1723
<@dustymabe:matrix.org>
16:38:17
This one is fun :)
<@dustymabe:matrix.org>
16:40:14
when we started building Fedora CoreOS one of the things we wanted to do was keep Container Linux users happy. Users who wanted to coninue to use `docker` could do so without issue. We've held to that principle for a long time.
<@dustymabe:matrix.org>
16:40:49
I would like to continue to ship it because I know there are good number of people who do use it
<@dustymabe:matrix.org>
16:41:46
From the ticket:
I think the `moby-engine` packages have these two problems:
1. There's a lack of activity from current maintainers. For example, there were CVEs fixed in upstream `24.0.7` (6 months old), but the CoreOS package is still on `24.0.5` (9 months old).
2. Users don't have control over version, which is made more noticeable by the lack of maintenance. Major version updates (like `20.10.x` to `24.0.x` in F39) happen intermittently and unpredictably; on regular Fedora you have a grace period to stay on current Fedora until EOL, but you can't on CoreOS.
<@dustymabe:matrix.org>
16:42:04
I'm much more concerned with `1.` than I am with `2.`
<@jlebon:fedora.im>
16:42:44
looks like dustymabe tagged it in. do you want to introduce it?
<@dustymabe:matrix.org>
16:43:01
Jonathan Lebon: are my messages not coming through?
<@gurssing:matrix.org>
16:43:45
dustymabe: they are coming through(at least for me)
<@jlebon:fedora.im>
16:44:07
oh weird, no it all came at once
<@marmijo:fedora.im>
16:44:10
they were delayed I think, but I see them now
<@dustymabe:matrix.org>
16:44:37
`#networking`
<@dustymabe:matrix.org>
16:45:16
So ideally the package maintenance of `moby-engine` would just right itself and become more maintained
<@jlebon:fedora.im>
16:45:17
yeah, package maintenance has been an issue for a while now
<@dustymabe:matrix.org>
16:46:14
there are a few things I think we can do here
<@jlebon:fedora.im>
16:46:35
can we get in touch with the maintainers to provide more context on the situation?
<@dustymabe:matrix.org>
16:47:07
1. reach out to see if the maintenance issue can be improved. I think there was a thread somewhere not long ago about abandoning the "must have every go dep packaged" and just vendoring for certain hard to package go projects.
<@dustymabe:matrix.org>
16:48:27
2. if the security issues don't get resolved soon we could force people to take some action in order to run docker containers. i.e. `systemctl unmask docker.service` along with a FAQ entry about the issues. (Only for new installs, not upgrades)
<@dustymabe:matrix.org>
16:49:04
then only after some long time would I consider removing `moby-engine`. it would be super disruptive to our users IMO
<@hricky:fedora.im>
16:50:40
Is this the thread? https://lists.fedoraproject.org/archives/list/golang@lists.fedoraproject.org/thread/K5P6P2MGEE3SCPF4SZFWOIUGHQHJ6GGG/
<@dustymabe:matrix.org>
16:50:55
Hristo Marinov: I think so
<@dustymabe:matrix.org>
16:51:07
FTR we can email `<package>-maintainers@fedoraproject.org`
<@jlebon:fedora.im>
16:52:24
we should probably also document how to install upstream docker
<@dustymabe:matrix.org>
16:52:52
looks like some progress on updating in https://src.fedoraproject.org/rpms/moby-engine/pull-request/21
<@dustymabe:matrix.org>
16:54:08
but then they are breaking out the docker cli into a separate package? https://bugzilla.redhat.com/show_bug.cgi?id=2274561
<@dustymabe:matrix.org>
16:55:32
thoughts on next steps?
<@gurssing:matrix.org>
16:55:53
proposed: Reach out to `moby-engine` maintainers and see if the maintenance can be improved. And if the security issues don't get resolved soon we could ask people to take some action in order to run docker containers.
<@dustymabe:matrix.org>
16:56:58
gursewak: we probably also want to mention something about documenting how to install upstream docker
<@dustymabe:matrix.org>
16:57:26
fifofonix: Hristo Marinov do either of you use docker CE versus just the docker that is in FCOS?
<@jlebon:fedora.im>
16:59:07
overall seems sane to me. there's not a lot we can do here unless we also step up and help maintain the package, though that's not a trivial task
<@gurssing:matrix.org>
17:00:02
proposed: Reach out to moby-engine maintainers and see if the maintenance can be improved. And if the security issues don't get resolved soon we could ask people to take some action in order to run docker containers. Additionally, ensure documentation detailing the installation process for upstream Docker is provided.
<@mikelolasagasti:matrix.org>
17:00:20
the problem is that maintaining moby-engine unvendored as Fedora documentation says it should be done has been a challenge due to lack of maintainer time.
<@dustymabe:matrix.org>
17:00:41
mikelolasagasti: yep. very aware
<@hricky:fedora.im>
17:00:44
When I have an explicit need for Docker (learning and testing), I just use it in an Ubuntu VM on a Fedora host.
<@mikelolasagasti:matrix.org>
17:00:52
In the PR linked it can be seen gotmax is trying to move to a vendored build…
<@mikelolasagasti:matrix.org>
17:01:42
but that has it’s own issues, as vendoring causes dependant packages to fail and would break half of go-sig
<@dustymabe:matrix.org>
17:01:57
yep. hoping that improves the maintainer's experience/burden
<@dustymabe:matrix.org>
17:02:37
mikelolasagasti: so are you saying the vendoring should be blocked?
<@mikelolasagasti:matrix.org>
17:02:46
no
<@mikelolasagasti:matrix.org>
17:02:59
but just by vendoring everything ls not solved
<@dustymabe:matrix.org>
17:04:19
yeah, tough problem for sure
<@mikelolasagasti:matrix.org>
17:04:38
vendored packages don't create -devel packages and half of go packages have transient dependencies in moby
<@dustymabe:matrix.org>
17:04:40
what does everyone think about the Proposed?
<@gotmax:matrix.org>
17:05:16
I am just waiting on reviews to get the package updated
<@gotmax:matrix.org>
17:05:25
Help with that would be very welcome
<@gotmax:matrix.org>
17:05:36
And I'd be happy to accept co-maintainers
<@dustymabe:matrix.org>
17:05:40
gotmax23: help with package reviews or PR reviews?
<@jlebon:fedora.im>
17:05:45
gotmax23++
<@gotmax:matrix.org>
17:05:47
New package reviews
<@zodbot:fedora.im>
17:05:48
jlebon gave a cookie to gotmax23. They now have 31 cookies, 1 of which were obtained in the Fedora 40 release cycle
<@hricky:fedora.im>
17:06:05
I don't think maintaining packages is an easy task, at least for me at this point, but I can probably learn and want to be involved, especially for packages that are related to FCOS and OSTree systems in general.
<@dustymabe:matrix.org>
17:06:42
gotmax23: question on the `docker-cli` package
1. didn't we rename `docker` -> `moby-engine` because of legal issues - so we probably can't use the docker name in a package now?
2. what are we really splitting out here?
<@gotmax:matrix.org>
17:07:33
The docker daemon and docker cli are separate upstream projects. I am splitting them up into two packages to make the situation less complicated.
<@gotmax:matrix.org>
17:08:02
s/situation/packging
<@gotmax:matrix.org>
17:08:07
The plan is to keep the engine/daemon package (github.com/moby/moby) but keep the docker cli stuff with the docker- prefix
<@gotmax:matrix.org>
17:08:14
We already have docker-compose in the distribution
<@gotmax:matrix.org>
17:09:05
I think at one point there was discussion about renaming the `docker` cli command to `moby`, but that never happened
<@gotmax:matrix.org>
17:09:26
The plan is to keep the engine/daemon package (github.com/moby/moby) as moby-engine but keep the docker cli stuff with the docker- prefix
<@dustymabe:matrix.org>
17:10:09
ok sounds good to me - though maybe on the legal front we should shoot off an email to the legal list (just so we don't have to do a bunch of work later to rename)
not sure if `docker-compose` slipped in without legal review or not
<@dustymabe:matrix.org>
17:10:36
ok so that sounds good. I didn't realize they were different upstream projects
<@gotmax:matrix.org>
17:10:51
Yeah
<@dustymabe:matrix.org>
17:12:03
!info the docker* package maintainers could use help with package reviews: https://bugzilla.redhat.com/show_bug.cgi?id=2274561 https://bugzilla.redhat.com/show_bug.cgi?id=2274654 https://bugzilla.redhat.com/show_bug.cgi?id=2274656
<@gotmax:matrix.org>
17:12:36
I'll pop out now, but let me know if you have other questions :)
<@dustymabe:matrix.org>
17:12:40
ok so we've now been in contact with the package maintainers :)
<@dustymabe:matrix.org>
17:12:50
should we update the proposed?
<@gotmax:matrix.org>
17:13:35
The new model should make maintenance and updates a lot simpler, so hopefully we shouldn't have issues like this in the future
<@gurssing:matrix.org>
17:16:08
Should I add proposal to work on the documentation since the initial two things are addressed.
<@jlebon:fedora.im>
17:16:11
i'd say let's just no-op for now on the FCOS side (or help with reviews if we can) until the changes are pushed through
<@jlebon:fedora.im>
17:16:46
yeah, documenting how to install upstream still seems useful
<@dustymabe:matrix.org>
17:16:50
agree
<@jlebon:fedora.im>
17:16:58
i swear i thought this was suggested before and filed, but i can't find anything
<@dustymabe:matrix.org>
17:17:07
it's still useful from the "I need to use a different version" perspective - for whatever reason
<@gurssing:matrix.org>
17:17:26
proposed: Add documentation on how to install upstream docker.
<@dustymabe:matrix.org>
17:17:33
Jonathan Lebon: would this be in the FAQ or a separate page?
<@dustymabe:matrix.org>
17:18:17
👍️ to the proposed
<@aaradhak:matrix.org>
17:18:28
+1
<@hricky:fedora.im>
17:19:02
+1
<@jlebon:fedora.im>
17:20:05
filed https://github.com/coreos/fedora-coreos-docs/issues/639
<@gurssing:matrix.org>
17:20:09
!agreed : Add documentation on how to install upstream docker.
<@jlebon:fedora.im>
17:20:47
dustymabe: not sure, depends how much instructions we need to give?
<@gurssing:matrix.org>
17:22:41
Anything additional to be added before I move to open floor?
<@jlebon:fedora.im>
17:22:53
the main differences from the upstream docs are basically s/dnf install/rpm-ostree install/ and adding the repo file
<@jlebon:fedora.im>
17:23:05
the main differences from the upstream docs should be s/dnf install/rpm-ostree install/ and adding the repo file
<@dustymabe:matrix.org>
17:24:47
and also the "override remove" part
<@dustymabe:matrix.org>
17:26:02
none from my side
<@gurssing:matrix.org>
17:26:14
!topic Open Floor
<@dustymabe:matrix.org>
17:27:31
!info we met this week and made progress on a design for https://github.com/coreos/fedora-coreos-tracker/issues/99
<@dustymabe:matrix.org>
17:27:56
do we have anyone working on https://github.com/coreos/fedora-coreos-tracker/issues/1722 ?
<@dustymabe:matrix.org>
17:29:36
that's all from me
<@gurssing:matrix.org>
17:30:27
Out of time, will close the meeting:)
<@gurssing:matrix.org>
17:30:42
!endmeeting