#fedora-meeting-1 log

16:00:14 <geppetto> #startmeeting fpc
16:00:14 <zodbot> Meeting started Thu Oct 27 16:00:14 2016 UTC.  The chair is geppetto. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:14 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:00:14 <zodbot> The meeting name has been set to 'fpc'
16:00:14 <geppetto> #meetingname fpc
16:00:14 <geppetto> #topic Roll Call
16:00:14 <zodbot> The meeting name has been set to 'fpc'
16:00:28 <orionp> hello
16:00:29 <geppetto> #chair tibbs
16:00:29 <zodbot> Current chairs: geppetto tibbs
16:00:31 <geppetto> #chair orionp
16:00:31 <zodbot> Current chairs: geppetto orionp tibbs
16:00:35 <geppetto> #chair limburgher
16:00:35 <zodbot> Current chairs: geppetto limburgher orionp tibbs
16:00:51 <tibbs> I can't believe it's Thursday again.  Feels like it's been three days at most.  I really should sleep occasionally.
16:01:03 * geppetto nods
16:02:42 <tibbs> Lost a day's worth of edits to the versioning draft when I logged out without ever actually clicking the save button on the page.
16:02:45 <geppetto> tibbs: On the upside, no new tickets
16:02:53 <geppetto> tibbs: :(
16:02:53 <limburgher> Oh $_DEITY. . .
16:03:12 <geppetto> tibbs: I thought you'd changed to writing in a text file and pasting when done now?
16:03:14 <tibbs> And spent four hours yesterday which I intended to spend on FPC stuff instead tracking down four separate anaconda backtraces.
16:03:29 <geppetto> Ouch
16:03:39 <tibbs> I really should do that consistently.  Sometimes you think you're just going to make a minor change.
16:03:51 * geppetto nods
16:04:22 <tibbs> But then you have to think about how best to word something.  And then a line of people show up at the office.  And then somehow it's 9PM and it's either leave or fall asleep in the office.
16:04:43 * geppetto nods
16:05:40 <warren> Haven't attended these meetings for maybe 8 years.  Just curious who participates these days as I need to raise a weird exception to the rules sometime in the next few months.
16:06:02 * limburgher squints
16:06:07 <limburgher> hey stranger!
16:06:32 <tibbs> warren: Well I'm still here for some weird reason.
16:06:53 <warren> Is there an agenda for today's meeting?
16:07:22 <geppetto> yeh, but no 5 yet
16:07:32 <warren> for quorum I'm guessing?
16:07:34 <geppetto> warren: https://lists.fedoraproject.org/archives/list/packaging@lists.fedoraproject.org/message/6NKPOVP7KSISKH4HRPLLNOECKX2CQ5DW/
16:07:40 <geppetto> warren: Yeh
16:10:08 <limburgher> warren: bitcoin?
16:11:10 <warren> limburgher: yes, but more specifically related topics like Deterministic/Reproducible Builds and alternative build toolchains
16:12:15 <limburgher> warren: Cool.  Should be interesting.
16:13:34 <geppetto> #chair racor
16:13:34 <zodbot> Current chairs: geppetto limburgher orionp racor tibbs
16:13:50 <geppetto> #topic Schedule
16:13:53 <geppetto> https://lists.fedoraproject.org/archives/list/packaging@lists.fedoraproject.org/message/6NKPOVP7KSISKH4HRPLLNOECKX2CQ5DW/
16:14:17 <warren> Not going into a lot of detail now, but the motivation here is security sensitive software where the bounty for compromising an Linux distro's build infrastructure could be billions of dollars.  There's a way to take away the incentive of an attacker to compromise the distro's infrastructure as reproducible builds made by a reproducible alternative toolchain would make such an attack infeasible.  Only it's a gigantic and weird thing that wo
16:14:17 <warren> uld give FPC heartburn in how weird it is.
16:14:25 <warren> I'll bring this up in a later meeting.
16:14:41 <geppetto> #topic Deterministic/Reproducible Builds and alternative build toolchains
16:14:58 <tibbs> I don't think this is really an FPC issue.
16:15:03 <warren> err, not prepared to explain this now
16:15:14 <tibbs> If someone wants to package a toolchain needed to build something, I welcome them to do it.
16:15:24 * limburgher helps warren down off of hook
16:15:37 <tibbs> I'd think that there's more of an infrastructure or releng issue involve, from the sound of things.
16:15:50 <geppetto> Yeh, there are a lot of people looking at what Debian is doing
16:15:54 <warren> It's a FPC issue in that it also bundles a lot of redundant stuff that is already shipped in Fedora.
16:16:13 <tibbs> It doesn't have to bundle it.
16:16:15 <geppetto> But from what I've seen rel-eng people don't seem convinced, on either side
16:16:17 <warren> It also cannot avoid static building lots of stuff.
16:16:26 <limburgher> tibbs: I actually sort of does some times.
16:16:32 * limburgher drinks
16:16:40 <tibbs> Bundling isn't even our call any more, so....
16:16:56 <geppetto> Yeh, and esp. build time bundling.
16:17:04 <warren> When did the bundling policy change?
16:17:14 <geppetto> warren: 6 months ago, or so?
16:17:17 <limburgher> I forget. . .a year maybe?
16:17:18 <geppetto> maybe a bit longer
16:17:19 <tibbs> While back, fesco did a big override.
16:17:29 <limburgher> *cough*chromium*cough*
16:17:29 <tibbs> Their prerogative.
16:18:06 <limburgher> Thank you ever so much for the earworm.
16:18:07 <warren> So I guess FPC is only a small part of this, need to talk to FESCO and rel-eng for most of this.
16:18:15 <warren> There's two separate but related pieces here.
16:18:27 <limburgher> It sounds like it should be FESCO for yes/no, then if yes, FPC for how.
16:18:34 <tibbs> Yeah, basically, don't involve FPC if you don't have to.
16:18:49 <warren> 1. changes to buildsystems to do deterministic builds of everything, which Debian is proving is possible on a grand scale
16:18:50 <limburgher> I mean, even I avoid me.
16:19:09 <warren> 2. changes to the toolchains to prove that they aren't compromised
16:19:35 <warren> As this is clearly off-topic and I didn't intend to raise here, it's time to move on. =)
16:19:38 <tibbs> Unless there's something you just know is going to conflict, which I'm not really seeing as a thing.
16:20:02 <tibbs> Of course since what you're trying to do is completely impossible anyway, I'm happy not to think about it.
16:20:04 <warren> It's a strict security upgrade to the entire distro to achieve these goals.
16:20:18 <warren> completely impossible? =)
16:20:46 <tibbs> What's in that SMM code inside the CPU which built the thing you believe is provably.. anything?
16:21:09 <tibbs> You can't see it without so many NDAs and lawyers involved.
16:21:53 <tibbs> But don't let me stop you from trying, of course.
16:21:54 <warren> That's a good point, you can' t trust hardware these days at all.  There is OpenPower and RISC-V with their entirely open source, binary blob-free hardware though .. just they are too expensive for most people.
16:22:30 <geppetto> That's kind of the point of reproducible builds, right? You can't trust anyone, so you build N times on different configurations and make sure they match
16:22:51 <warren> It is possible however to achieve bit-for-bit identical toolchains, bootstrapped from ancient x86 machines and compilers from long ago
16:23:10 <warren> if you can reach the same endpoint from different lineages then they're probably ok
16:24:01 <warren> anyway, off-topic, I would appreciate your folks advice on who to approach in other teams/committees, but outside of this meeting.
16:24:04 * geppetto nods … but speak to rel-en and/or FESCo :)
16:24:34 <jwboyer> warren, i think you would be wasting your time.
16:25:06 <warren> jwboyer: I'm glad to hear why, but not in this meeting where it's in the weeds?
16:25:55 * geppetto nods … ok, moving on?
16:26:30 <warren> In any case, I realize convincing Fedora to build the entire distro this way is going to be difficult.  But it sounds like policy would be a lot easier these days to allow an alternative toolchain for specific packages, so I'm glad to hear that.
16:27:31 <geppetto> #topic #647     No mention of macros for systemd scriptlets for user units
16:27:35 <geppetto> .fpc 647
16:27:37 <zodbot> geppetto: #647 (No mention of macros for systemd scriptlets for user units) – fpc - https://fedorahosted.org/fpc/ticket/647
16:28:40 <orionp> Are there any examples of these?
16:28:53 <tibbs> I still understand very little about this.  Is the thing in comment 4 the actual draft?  It seems reasonable to me but with no knowledge it's hard to say.
16:29:23 <geppetto> I think that's most of the draft in comment 4
16:29:54 <orionp> yeah, that seems to be the suggestion
16:30:09 <orionp> seems fine by my I guess
16:30:25 <orionp> looks like bluez on my system has one
16:30:26 <geppetto> Yeh, I'm fine with it … but would have prefered a diff.
16:30:45 <tibbs> A diff for that would basically just tell me where to put it.
16:31:05 * geppetto nods
16:31:22 <tibbs> Just noticed that https://fedoraproject.org/wiki/Packaging:Systemd is kind of out of date.
16:31:55 <tibbs> It says to use BuildRequires: systemd-units but on F18 and newer to just use BuildRequires: systemd
16:32:22 <geppetto> F18 was a bit ago :)
16:32:51 <orionp> for #647, I'd insert between the mention of Fedora preset policy and "For details"
16:32:51 <tibbs> OK, fixed that up at least.
16:33:04 <tibbs> Assuming that BuildRequires: systemd is actually what we're supposed to do.
16:33:20 <orionp> yes, it is
16:33:31 <geppetto> tibbs: that's what is in 647 too
16:33:55 <tibbs> So this new bit would go in https://fedoraproject.org/wiki/Packaging:Scriptlets#Systemd
16:34:19 <tibbs> Which also prompts me to ask if we can get rid of the bit about " Packages migrating to a systemd unit file from a SysV initscript" yet.
16:34:52 <orionp> probably
16:35:57 <geppetto> yeh
16:36:26 <limburgher> Yeah, I seem to recall the last few initscripts being migrated or retired.
16:36:35 <tibbs> I thought we had blocked all of the packages which hadn't converted some time ago.  And even if there are a couple, it should still be safe to drop that bit as I'd expect those packages to be pretty much impervious to policy anyway.
16:37:21 <tibbs> OK, I nuked the section.
16:39:47 <orionp> looks like systemtap and tetrinetx are the last holdouts
16:40:21 <tibbs> Yep, impervious to policy.  I thought that fesco was going to force-retire them, but anyway....
16:43:22 <limburgher> It'll still be great telling the tale one day.  "Grandma, what's /etc/rc.d/init.d?" "Well, Timmy, let me tell you a story. . ."
16:43:52 <tibbs> Well, crap, I'm editing the page and I realize that I can't show what it looks like without saving it because I'm dumb and didn't make a copy in my user page first.
16:44:20 <limburgher> Can't you preview, or am I misunderstanding?
16:44:32 <racor> How about initscripts? I still see /etc/rc.d/init.d/network and /etc/rc.d/init.d/netconsole in fc25
16:44:51 <tibbs> I think that those are "special".
16:44:59 <tibbs> limburgher: I can preview; I can't show you the preview.
16:45:31 <limburgher> tibbs: /me pouts
16:46:00 <warren> I'm guessing network is still there because people want ifcfg scripts to work without NetworkManager, and it really isn't a service, and nobody wants to risk changing those old scripts?
16:46:56 <tibbs> https://fedoraproject.org/wiki/User:Tibbs/systemdscriptlets
16:46:58 <limburgher> Whatever happened to a couple of glasses of wine, sed, and a sense of adventure?
16:47:33 <tibbs> Sadly I slightly screwed up so the diff shows that I deleted an entire section, but I'm not really intending to delete that section.
16:47:34 <limburgher> tibbs:  Ooh, it looks so clean! :)
16:47:56 <orionp> +1
16:48:15 <tibbs> Basically I just pasted in his draft, stuck it in a separate section (===== is to many, though) and stick the bit about the source of the macros in its own sesction.
16:48:50 <tibbs> Personally I'd just delete that last section, though; people have --showrc and the actual macro files on their systems if they want to see them.
16:49:25 <limburgher> I dunno, I forget about --showrc all the time, and sometimes people like a clicky.
16:50:43 <tibbs> Right, but this is perhaps the only place in the guidelines where we give people a link to the source of the macros.
16:52:06 <limburgher> True.
16:52:52 <tibbs> Anyway, not worth wasting time over.  Eventually that whole document will get much shorter.
16:53:05 <orionp> Interesting that there are macros for these scriptlets, but not almost any of the others
16:53:17 <tibbs> Historical reasons, I think.
16:53:31 <orionp> true, our new filetrigger future awaits..
16:53:44 <limburgher> It's like how sudo dnf install cvs still does something.
16:54:11 <tibbs> I think we will probably end up doing additional macroization because of the whole issue with epel not having file triggers.
16:54:19 <geppetto> limburgher: ? There is a cvs package, so I'm not sure I understand
16:54:33 <tibbs> Anyway, https://fedoraproject.org/w/index.php?title=User%3ATibbs%2Fsystemdscriptlets&diff=478095&oldid=478094 is the diff.
16:54:40 <limburgher> geppetto: Yes, but do you use it? :)
16:54:47 <warren> file triggers is something added by rpm recently?
16:54:50 <tibbs> Ignore the fact that a whole section is missing, because I pasted the wrong thing initially.
16:55:20 <tibbs> warren: Yeah.  Look up %transfiletriggerin; that should give you a description of them all.
16:55:34 <tomspur> Hi
16:55:38 <tibbs> We'll probably get back around to the glibc file triggers eventually.
16:55:44 <tibbs> tomspur: Howdy.
16:55:49 <geppetto> #chair tomspur
16:55:49 <zodbot> Current chairs: geppetto limburgher orionp racor tibbs tomspur
16:56:02 <geppetto> tibbs: Did you remove the bit about sysv scripts?
16:56:18 <geppetto> But, yeh, +1 for line 22 onwards
16:56:21 <tibbs> Anyway, I think that diff is the thing to vote on for #647.
16:56:32 <tibbs> geppetto: I did that earlier.
16:56:38 * geppetto nods
16:56:44 <limburgher> I'm +1.
16:59:23 <geppetto> So that's only +3 … orionp racor tomspur: vote?
16:59:33 <orionp> I'm still +1
16:59:45 <tibbs> +1
17:00:25 <tibbs> I still don't know _why_ you'd use these, but if this is what the systemd folks say should be used then I'm not going to argue.
17:01:15 <tomspur> +1
17:01:16 <geppetto> user services are like gnome-session type stuff … except outside the GUI
17:01:27 <racor> +1
17:01:31 <tibbs> Basically my understanding is that when you log in, systemd fires up a user session.
17:01:58 <tibbs> The thing that loginctl shows, and the thing that gets totally screwed up if you ever kill the user-specific systemd process.
17:02:08 <geppetto> #action No mention of macros for systemd scriptlets for user units (+1:6, 0:0, -1:0)
17:02:24 <geppetto> tibbs: yeh
17:02:27 <tibbs> Systemd can have special units that it starts inside of user sessions.
17:03:13 * geppetto nods
17:03:25 <tibbs> BTW, somehow we never set the topic
17:03:34 <geppetto> yeh, I'm confused about that
17:03:43 <geppetto> was hoping it was just my xchat
17:04:01 <geppetto> hopefully the bot didn't die, or we'll have no meeting minutes
17:04:17 <tibbs> .ping
17:04:17 <zodbot> pong
17:04:17 <geppetto> #topic Open Floor
17:04:21 <limburgher> I still see Deterministic
17:04:24 <limburgher> And you changed it.
17:04:27 <geppetto> Yeh
17:04:53 <tibbs> So I believe I did what I can for the glibc file triggers.
17:04:54 <warren> Looking at https://lists.fedoraproject.org/archives/list/packaging@lists.fedoraproject.org/message/6NKPOVP7KSISKH4HRPLLNOECKX2CQ5DW/   were a few of those topics skipped?
17:05:22 <tibbs> warren: It's sort of autogenerated; sometimes there just isn't anything to say about those.
17:05:24 <geppetto> Yeh, I looked at all of them … maybe talk about 650? Nothing seems to hve happened on any of them though
17:06:01 <tibbs> Well, 654 did have some movement.
17:06:15 <warren> I'm not a FPC member, but I wrote most of https://fedoraproject.org/wiki/Packaging:Versioning#Pre-Release_packages  maybe 13 years ago ... I think the diff in #656 goes too far in "simplification" and should instead add only git examples.
17:06:37 <geppetto> tibbs: Not in the ticket … you want to talk about it?
17:06:53 <tibbs> But I think I've done all that I can there, without actually just committing the extra check to redhat-rpm-config.
17:07:00 * geppetto nods
17:07:21 <tibbs> I mean, they stopped talking so I guess I pissed them off or they lost interest.
17:07:30 <geppetto> :(
17:07:52 <tibbs> I think I divined the proper way to check these things and did all of the implementation there.
17:08:16 <warren> I'm surprised to learn that the tilde thing was added to Fedora, and even more surprised that it was backported to RHEL6.
17:08:21 <tibbs> I could of course just push it to redhat-rpm-config bit I'm sure that would piss someone off somewhere (and not just because it might break one or two things).
17:08:32 <tibbs> warren: RPM works in mysterious ways.
17:09:01 <tibbs> Doesn't mean we're going to use it, though; I don't believe that proposal is going to pass.
17:09:26 <tibbs> And in any case I am rewriting the Versioning document to try and make it less confusing to people.
17:09:50 <warren> The reasons for it don't seem compelling to me, and that automagic example that somebody wrote is bullshit.  Anything that isn't a number you can't assume is a pre-release.
17:10:16 <tibbs> And once I manage to finish that and get something that doesn't anger someone, somewhere, then I get to do the same transform to the tilde draft, and then, well, it probably won't pass.
17:10:48 <tibbs> But we discussed that draft for probably twelve solid hours so far, and....
17:11:01 <warren> I'm sorry.
17:11:28 <tibbs> geppetto: So if you have any hints about how to progress with the glibc thing?  I'm just going to leave it alone for now.
17:11:41 <tibbs> Maybe we can target some other source of scriptlets, like texinvo.
17:11:44 <tibbs> texinfo.
17:12:13 <tibbs> Also, I already wrote up 647 since I just had to paste and save.
17:12:30 <warren> how will you handle compat where packagers want to maintain identical specs with EPEL?
17:12:45 <tibbs> Not care.
17:12:54 <tibbs> EPEL guidelines can get those scriptlets.
17:13:05 <tibbs> Packagers, if they like the junk, can wrap it all in a big %if
17:13:10 <warren> RHEL rpm supports file triggers?
17:13:25 <tibbs> Never said it did.
17:13:32 <warren> ok, %if's
17:13:54 <geppetto> tibbs: yeh, leave it for a bit … they might just be busy/etc. … will ping them if it goes too long
17:14:25 <tibbs> We could macroize some of it, with macros that expand to %nil on Fedora and to the whole scriptlet thing including the "%post" on epel, but... I'd really just prefer not to see them.
17:14:50 <warren> Would be helpful if the agenda URL were auto-appended to the current meeting topic, something the bot could do in the future.
17:14:57 <tibbs> And if people keep them in their rawhide specs, well, they're going to get some email about it because I will eventually do a big bunch of reports and an auto-removal.
17:15:35 * geppetto nods … seems fine
17:16:50 <tibbs> Did fesco ever hand us anything back on 650 (the alternate python interpreter thing)?
17:17:14 * geppetto looks at https://pagure.io/fesco/issue/1634
17:17:59 <tibbs> Interesting; that sort of mutated.
17:18:59 <tibbs> It doesn't appear they're going to hand down any guidance on whether packages should be allowed to depend on those.
17:19:24 <tibbs> I do still think we need a general way to say that a package can exist but nothing is permitted to depend upon it.
17:19:26 <geppetto> It looks like they can
17:19:42 <geppetto> Given the wording about the packager taking over security updates from upstream etc.
17:20:13 <tibbs> I think that the python people who were packaging these did actually want to make sure that nobody would depend on them, though.
17:20:59 <geppetto> Well FESCo sure didn't say that
17:21:12 <geppetto> If anything it looks like you can, to me
17:21:22 <tomspur> "If it is too much burden" one is "encouraged" to orphan it. So one can still just ignore it and go ahead. Or am I reading that wrong?
17:21:24 * geppetto shrugs
17:21:52 <geppetto> yeh
17:22:50 <tibbs> But lets assume that fesco allows this in general.
17:23:43 <tibbs> The python folks came to us asking to write something into the guidelines banning dependencies on the alternative python packages they want to add.
17:25:15 <orionp> I have to go now..
17:25:25 <tibbs> Take care.
17:26:02 <geppetto> See ya
17:26:10 <tibbs> Anyway, we will still have to consider their request, but I guess it can wait until we have to do so.
17:27:07 <geppetto> maybe
17:27:24 <geppetto> Anyway … is there anything else, or we good until next week?
17:27:31 <tibbs> Yeah, I'm done.
17:27:35 <geppetto> I will note that two weeks from now I won't be here
17:27:47 <geppetto> Probably just for one week
17:28:00 <limburgher> Nothing here.
17:28:09 * geppetto nods
17:28:14 <tibbs> Panic.
17:28:49 <warren> add "INSECURE" to the release tag? =)
17:29:25 <warren> "DONOTUSEINPRODUCTION"
17:31:02 <geppetto> #endmeeting