14:01:14 <pwhalen> #startmeeting Fedora IoT Working Group Meeting
14:01:14 <zodbot> Meeting started Wed Apr 29 14:01:14 2020 UTC.
14:01:14 <zodbot> This meeting is logged and archived in a public location.
14:01:14 <zodbot> The chair is pwhalen. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:01:14 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
14:01:14 <zodbot> The meeting name has been set to 'fedora_iot_working_group_meeting'
14:01:14 <pwhalen> #chair pwhalen pbrobinson bcotton tdawson puiterwijk
14:01:14 <pwhalen> #topic roll call
14:01:14 <zodbot> Current chairs: bcotton pbrobinson puiterwijk pwhalen tdawson
14:01:42 <pwhalen> Good morning, who's here today?
14:02:16 <bcotton> .hello2
14:02:18 <zodbot> bcotton: bcotton 'Ben Cotton' <bcotton@redhat.com>
14:02:23 * pbrobinson is here
14:02:33 <pwhalen> howdy bcotton pbrobinson
14:02:36 <puiterwijk> .hello2
14:02:37 <zodbot> puiterwijk: puiterwijk 'Patrick "パトリック" Uiterwijk' <puiterwijk@redhat.com>
14:03:10 * pwhalen gives it another minute
14:03:43 <dawud> hi, first time attending, interested in IoT in general, Fedora and sec in particular
14:04:15 <pwhalen> welcome dawud!
14:04:25 <dawud> o/
14:04:51 <pwhalen> Alright, lets get started...
14:04:57 <pwhalen> #topic 1) ==== Working Group process and admin  ====
14:05:40 <pwhalen> Last week we had some action items to update our docs, I made an initial pass on documenting Zezere, not sure if it got merged though
14:05:55 <pbrobinson> I need to read through that, will do it after the meeting
14:06:03 <pwhalen> thanks!
14:06:03 <pbrobinson> I made some updates on Friday
14:07:13 <pwhalen> I also need to update the release criteria, remove all references to initial-setup, add zezere, greenboot and clevis. If anyone thinks of something we should be testing in F33 and expect to work, please let us
14:07:31 <pwhalen> er, know
14:07:51 <pwhalen> We'll need release criteria for it
14:08:13 <pbrobinson> pwhalen: yes, probably f33 topic not admin ;-)
14:08:29 <pwhalen> sure, could be both.. we're talking docs here too
14:09:41 <pwhalen> if folks can review the docs that would be greatly appreciated.
14:09:44 <pwhalen> Anything else?
14:10:36 <pwhalen> #link https://docs.fedoraproject.org/en-US/iot/
14:10:53 <pwhalen> #topic 2) ==== Fedora 31 status ====
14:11:42 <pwhalen> #info Latest compose available for testing
14:11:42 <pwhalen> #link https://kojipkgs.fedoraproject.org/compose//iot/Fedora-IoT-31-20200422.0
14:12:03 <pwhalen> Any issues reported in F31?
14:14:15 <pwhalen> #info No issues reported.
14:14:30 <pwhalen> #topic 3) ==== Fedora 32 status ====
14:14:30 <pwhalen> #info Fedora 32 IoT Edition Released April 28
14:15:19 <pwhalen> #info Fedora 32 IoT Testing
14:15:23 <pwhalen> #link https://fedoraproject.org/wiki/User:Pwhalen/QA/IoT/Fedora-IoT-32-20200423.1
14:15:45 <pbrobinson> F-32 is now the stable branch, it's all on the site
14:16:00 <pbrobinson> link: https://iot.fedoraproject.org/
14:16:28 <pwhalen> oh, and those links get updated to the latest?
14:16:30 <tdawson> Right off the front page too. :)
14:16:44 <pwhalen> links to todays compose
14:17:00 <pbrobinson> pwhalen: when I push a new compose stable it updates automatically in ~30 mins from mem
14:17:30 <pwhalen> well, i guess I better make sure that works then :/
14:17:39 <pwhalen> Did that happen yesterday too?
14:17:45 <pwhalen> eek
14:18:00 <pbrobinson> eventually, something had to be poked somewhere
14:19:43 <pwhalen> #info Latest compose available for testing
14:19:43 <pwhalen> #link https://kojipkgs.fedoraproject.org/compose/iot/Fedora-IoT-32-20200429.0/compose/
14:20:42 <pwhalen> Anything else for F32?
14:21:12 <pbrobinson> #undo
14:21:12 <zodbot> Removing item from minutes: <MeetBot.items.Link object at 0x7f4720f94350>
14:21:18 <pbrobinson> #link https://dl.fedoraproject.org/pub/alt/iot/32/IoT/
14:21:30 <pbrobinson> nothing else
14:21:42 <pbrobinson> please test and provide feedback
14:22:04 <pwhalen> #link https://fedoraproject.org/wiki/User:Pwhalen/QA/IoT/Fedora-IoT-32-20200429.0
14:22:22 <pwhalen> #info Please test and add results to the wiki.
14:22:45 <pwhalen> #topic 4) ==== Fedora 33 status ====
14:23:16 <pwhalen> I dont have anything for F33, will begin testing this week.
14:23:40 <tdawson> Feature I'd like to see for 33 (or maybe 34) ... local zezer
14:24:00 <pbrobinson> tdawson: what's "local zezer"?
14:24:14 <tdawson> Sorry, zezere
14:24:26 <pbrobinson> what do you mean by local though?
14:24:30 <puiterwijk> tdawson: again, what's a local zezere?
14:24:32 <puiterwijk> Yeah, that
14:24:45 <pwhalen> todays rawhide compose looks ok at a glance. Podman failed, will look and file a bz if needed.
14:24:52 <tdawson> Right now there is one central server (run by fedora) that you have to log into for initial setup.  It seems like a single point of failure.
14:25:18 <puiterwijk> tdawson: "docker run quay.io/fedora-iot/zezere" will get you your own
14:25:28 <puiterwijk> (I might misremember the URL, but it's on quay.io)
14:25:36 <tdawson> Ha ... cool
14:26:11 <puiterwijk> Okay, nope, that should be the correct URL actually
14:26:25 <tdawson> Then ... it's already a feature :) ... although I'm sure you have to set some things up, but that's just documentation.
14:26:46 <puiterwijk> Yeah, right now you'd need to put in a /etc/zezere-ignition-url to your local setup on the system.
14:26:55 <pbrobinson> tdawson: yea, so you can run your own container, and it's packaged in Fedora so you can "dnf install" if you want to run it not in a container
14:26:56 <puiterwijk> There are issues for upstream Zezere to ask for other methods
14:26:59 <tdawson> Cool
14:27:09 <tdawson> Well then ... I take back my feature request.
14:27:24 <pbrobinson> tdawson: closed "current release" ;-)
14:27:31 <tdawson> *laughs*
14:27:44 <pbrobinson> I'm going to be looking at IMA and a ima-policy for f-33
14:28:02 <pbrobinson> we'll also be very likely revamping the compose process to use osbuild
14:28:35 <dawud> is IMA pre-signed ostree something in the scope at all?
14:29:21 <pbrobinson> dawud: it's being worked upon, likely not in scope for f33, possibly f34
14:29:32 <dawud> fantastic
14:29:42 <pbrobinson> dawud: we already sign the ostree
14:30:06 <puiterwijk> pbrobinson: I guess he means IMA signatures though. Which is probably actually in scope for f33
14:30:46 <dawud> yes, I mean shipping the OS with IMA signatures
14:31:11 <pbrobinson> there's a bunch of work around IMA, for example we can do a signed IMA policy with the Fedora key, but ATM it's impossible to enrol another key without breaking secure boot, so people can't do custom policies
14:31:36 <puiterwijk> pbrobinson: the question was about the actual IMA file signatures though I think. And that was my answer :)
14:31:52 <puiterwijk> But yeah, the policy needs fixes, to be able to work with customer-provided policies
14:32:12 <pbrobinson> sure
14:32:20 <dawud> signed IMA would be EVM
14:32:32 <puiterwijk> dawud: not per se.
14:32:40 <puiterwijk> IMA also has the imasig and modsig schemes.
14:32:57 <puiterwijk> Anyway, probably better for discussion outside of meeting.
14:33:16 <pwhalen> I have nothing else, next is open floor..
14:33:22 <puiterwijk> and/or more discussion when the f33 stuff is being selected.
14:33:48 <pwhalen> #topic 5) ==== Open Floor ====
14:33:57 <pwhalen> Anything else for today?
14:34:05 <pbrobinson> not from me
14:34:15 <tdawson> Nothing else from me
14:34:30 <pwhalen> #endmeeting