2024-07-03 16:30:59 <@jlebon:fedora.im> !startmeeting fedora_coreos_meeting
2024-07-03 16:31:01 <@meetbot:fedora.im> Meeting started at 2024-07-03 16:30:59 UTC
2024-07-03 16:31:01 <@meetbot:fedora.im> The Meeting name is 'fedora_coreos_meeting'
2024-07-03 16:31:08 <@jlebon:fedora.im> !topic roll call
2024-07-03 16:31:17 <@apiaseck:matrix.org> !hi
2024-07-03 16:31:19 <@zodbot:fedora.im> Adam Piasecki (c4rt0) - he / him / his
2024-07-03 16:32:10 <@hricky:fedora.im> !hi
2024-07-03 16:32:11 <@zodbot:fedora.im> Hristo Marinov (hricky) - he / him / his
2024-07-03 16:32:27 <@marmijo:fedora.im> !hi
2024-07-03 16:32:27 <@jmarrero:matrix.org> !hi
2024-07-03 16:32:28 <@zodbot:fedora.im> Michael Armijo (marmijo)
2024-07-03 16:32:30 <@zodbot:fedora.im> Joseph Marrero (jmarrero)
2024-07-03 16:34:01 <@jlebon:fedora.im> small crowd today, but i think we can at least go through the f41 changes
2024-07-03 16:34:01 <@jlebon:fedora.im> let's wait a minute or two more
2024-07-03 16:34:56 <@siosm:matrix.org> !hi
2024-07-03 16:34:58 <@zodbot:fedora.im> Timothée Ravier (siosm) - he / him / his
2024-07-03 16:36:29 <@jlebon:fedora.im> ok, let's get started!
2024-07-03 16:36:37 <@jlebon:fedora.im> !topic Action items from last meeting
2024-07-03 16:36:43 <@jlebon:fedora.im> - jbtrystram to follow-up on `qed-firmware` removal
2024-07-03 16:36:57 <@jlebon:fedora.im> i think this is resolved. we've added qed-firmware back
2024-07-03 16:37:11 <@ravanelli:matrix.org> .hi ravanelli
2024-07-03 16:37:26 <@ravanelli:matrix.org> !hi ravanelli
2024-07-03 16:37:27 <@zodbot:fedora.im> Renata Ravanelli (ravanelli)
2024-07-03 16:37:29 <@jlebon:fedora.im> !topic tracker: Fedora 41 changes considerations 
2024-07-03 16:37:38 <@jlebon:fedora.im> !link https://github.com/coreos/fedora-coreos-tracker/issues/1714
2024-07-03 16:37:38 <@jlebon:fedora.im> 
2024-07-03 16:37:45 <@jlebon:fedora.im> we have a few more changes to look at
2024-07-03 16:38:01 <@marmijo:fedora.im> I reran the fedora changes script yesterday and there were no new additions since last week.
2024-07-03 16:38:20 <@jlebon:fedora.im> nice, was checking just that :)
2024-07-03 16:38:33 <@jlebon:fedora.im> i'll just run through it real quick
2024-07-03 16:38:52 <@jlebon:fedora.im> - Golang 1.23
2024-07-03 16:39:10 <@jlebon:fedora.im> will affect some packages, but should be transparent otherwise
2024-07-03 16:39:18 <@jlebon:fedora.im> - Removing network-scripts package
2024-07-03 16:40:00 <@jlebon:fedora.im> we haven't shipped that package for a while (possibly ever? don't quite recall)
2024-07-03 16:40:46 <@jlebon:fedora.im> - DNF and bootc in Image Mode Fedora variants
2024-07-03 16:41:02 <@jlebon:fedora.im> we are involved in this and this is already tracked separately
2024-07-03 16:41:11 <@jlebon:fedora.im> - Make Tuned the Default Power Profile Management Daemon
2024-07-03 16:42:26 <@jlebon:fedora.im> we don't ship tuned
2024-07-03 16:42:33 <@jlebon:fedora.im> - LLVM 19
2024-07-03 16:43:13 <@jlebon:fedora.im> not sure if any CoreOS packages use LLVM currently, but should be transparent if so
2024-07-03 16:43:20 <@jlebon:fedora.im> - Replace Redis with Valkey
2024-07-03 16:43:27 <@jlebon:fedora.im> FCOS doesn't ship either
2024-07-03 16:43:43 <@jlebon:fedora.im> - IBus Chewing for Traditional Chinese (Taiwan) Desktop by Default
2024-07-03 16:43:57 <@jlebon:fedora.im> we don't ship ibus
2024-07-03 16:44:09 <@jlebon:fedora.im> and that's all!
2024-07-03 16:44:27 <@marmijo:fedora.im> I'll update the list with those notes. thanks Jonathan Lebon 
2024-07-03 16:44:35 <@jlebon:fedora.im> marmijo: thanks!
2024-07-03 16:44:53 <@siosm:matrix.org> We have https://fedoraproject.org/wiki/Changes/ComposefsAtomicCoreOSIoT coming "soon" and it's already tracked on our side
2024-07-03 16:45:54 <@jlebon:fedora.im> the only other topic now is firewalld, but now we have travier but not dustymabe who is also very interested in this
2024-07-03 16:47:25 <@jlebon:fedora.im> travier: should we discuss the composefs work since we don't have other large topics?
2024-07-03 16:47:42 <@siosm:matrix.org> works for me
2024-07-03 16:47:47 <@jlebon:fedora.im> !topic Complete composefs integration in Fedora CoreOS
2024-07-03 16:47:54 <@jlebon:fedora.im> !link https://github.com/coreos/fedora-coreos-tracker/issues/1718
2024-07-03 16:48:45 <@siosm:matrix.org> !link https://fedoraproject.org/wiki/Changes/ComposefsAtomicCoreOSIoT
2024-07-03 16:49:12 <@siosm:matrix.org> We are looking at enabling composefs by default for Fedora 41.
2024-07-03 16:49:26 <@jlebon:fedora.im> so i think it's worth discussing how we'll roll this out exactly
2024-07-03 16:50:11 <@siosm:matrix.org> I was thinking enabling it in the Rawhide stream, then branched, beta, etc
2024-07-03 16:50:21 <@siosm:matrix.org> Do you expect any issues?
2024-07-03 16:50:32 <@jlebon:fedora.im> thinking more about once this gets to production
2024-07-03 16:51:15 <@jlebon:fedora.im> i think we should migrate existing nodes, but maybe we can do a phased rollout where at first we don't migrate and wait a few months 
2024-07-03 16:51:21 <@siosm:matrix.org> Note that this initial support does not enable a full integrity chain in that it does not chain the integrity guarantee from a UKI/Secure Boot
2024-07-03 16:51:54 <@siosm:matrix.org> That's not possible with the way it's planned to be enabled
2024-07-03 16:52:00 <@jlebon:fedora.im> so e.g. it would hit stable together with f41 but for new installs only. and then in e.g. 3 months, we add a barrier to migrate them
2024-07-03 16:52:17 <@siosm:matrix.org> https://gitlab.com/fedora/bootc/base-images/-/blob/main/tier-0/ostree.yaml?ref_type=heads#L14
2024-07-03 16:52:57 <@jlebon:fedora.im> ahh right, forgot about that detail
2024-07-03 16:53:16 <@siosm:matrix.org> https://ostreedev.github.io/ostree/composefs/#composefs > we can use the repo option however if we want to do that
2024-07-03 16:53:43 <@siosm:matrix.org> but I vaguely remember Colin saying that we should not
2024-07-03 16:54:02 <@jlebon:fedora.im> yeah, not sure if those docs are fully up to date
2024-07-03 16:54:06 <@jbtrystram:matrix.org> 1hui
2024-07-03 16:54:08 <@jbtrystram:matrix.org> !hi
2024-07-03 16:54:09 <@zodbot:fedora.im> Jean-Baptiste Trystram (jbtrystram) - he / him / his
2024-07-03 16:55:07 <@jlebon:fedora.im> hmm OK, i think that's fine but we'll want to message this as soon as it hits next. we know at least one case that will not work (toplevel mount points)
2024-07-03 16:55:46 <@siosm:matrix.org> I think we should redirect users of top level mount points to `rpm-ostree usroverlay` for now
2024-07-03 16:55:59 <@siosm:matrix.org> ah no, that's only for `/usr`
2024-07-03 16:56:20 <@jlebon:fedora.im> they could mount an overlay on / themselves i guess
2024-07-03 16:56:29 <@siosm:matrix.org> that's trickier
2024-07-03 16:56:45 <@jlebon:fedora.im> that'd be closer to the root overlay feature in ostree
2024-07-03 16:57:05 <@jlebon:fedora.im> https://github.com/ostreedev/ostree/pull/3114
2024-07-03 16:57:16 <@jbtrystram:matrix.org> right now there is still a kdump issue with composeFS enabled
2024-07-03 16:57:39 <@jlebon:fedora.im> but that's a *huge* delta of course
2024-07-03 16:58:59 <@siosm:matrix.org> yep, we'll have to investigate that one, but I don't think it's a fundamental incompatibility
2024-07-03 16:59:14 <@jlebon:fedora.im> i think i'd be more comfortable if it'd hit stable for new installs only and only later we migrate older hosts, but we have to evaluate how to do this without too much complexity
2024-07-03 16:59:35 <@jlebon:fedora.im> AFAIK, this will be the first time composefs hits a large install base (right?)
2024-07-03 17:00:01 <@jbtrystram:matrix.org> yeah probably
2024-07-03 17:00:52 <@jbtrystram:matrix.org> Because in fedora you hit the `ostree-grub2` issue 
2024-07-03 17:01:16 <@jlebon:fedora.im> travier, jbtrystram: maybe let's bring this up in the next bootc community meeting and see what folks there think
2024-07-03 17:01:21 <@jbtrystram:matrix.org> the only people enabling this would have done it manually
2024-07-03 17:01:45 <@siosm:matrix.org> works for me
2024-07-03 17:02:11 <@siosm:matrix.org> I'm looking at enabling it only for the Atomic Desktops container images for F41, so Universal Blue users will get it
2024-07-03 17:02:21 <@siosm:matrix.org> but not the classic ostree ones
2024-07-03 17:03:02 <@jbtrystram:matrix.org> Jonathan Lebon: what do you mean by `huge delta` for the transient overlay on `/` ? 
2024-07-03 17:04:07 <@siosm:matrix.org> the root.transient option in ostree has a lot of implications
2024-07-03 17:04:12 <@jlebon:fedora.im> jbtrystram: it makes everything writable, which is ironically in the opposite direction from where we are and where composefs takes us (locking things down even more)
2024-07-03 17:05:04 <@jlebon:fedora.im> it's useful when you need it, but it changes the semantics entirely
2024-07-03 17:05:12 <@siosm:matrix.org> I wonder how this option interacts with composefs
2024-07-03 17:05:57 <@jlebon:fedora.im> travier: it's basically a rw overlay on top of composefs
2024-07-03 17:06:12 <@siosm:matrix.org> OK, so full RW
2024-07-03 17:06:27 <@jlebon:fedora.im> yup
2024-07-03 17:06:33 <@siosm:matrix.org> yeah, that's a big change
2024-07-03 17:07:20 <@jlebon:fedora.im> for most toplevel mountpoints, the alternative is to create them in a container build. though some like podman may not be able to do that if they're dynamically named
2024-07-03 17:07:24 <@siosm:matrix.org> Podman machine will have to disable composefs however
2024-07-03 17:07:36 <@siosm:matrix.org> yep
2024-07-03 17:08:16 <@jlebon:fedora.im> longer-term we definitely need a solution there
2024-07-03 17:08:31 <@jlebon:fedora.im> ok cool, we can move on
2024-07-03 17:08:55 <@siosm:matrix.org> arbitrary top level mount points on RO / feels impossible
2024-07-03 17:09:44 <@siosm:matrix.org> outside of the turn off everything and make it fully RW option of transient
2024-07-03 17:10:01 <@jlebon:fedora.im> let's bring that up in the bootc community meeting.
2024-07-03 17:10:01 <@jlebon:fedora.im> i guess you could have the initrd do a rw overlay, create the mountpoints, then remount the overlay ro
2024-07-03 17:10:13 <@siosm:matrix.org> Maybe we can make something like sys-ext?
2024-07-03 17:10:48 <@siosm:matrix.org> but that's not good for runtime mount points
2024-07-03 17:11:02 <@siosm:matrix.org> (initrd option) but that's not good for runtime mount points
2024-07-03 17:13:05 <@jlebon:fedora.im> travier: doesn't podman know what mountpoints it needs at machine boot time?
2024-07-03 17:13:07 <@siosm:matrix.org> If we want to talk about that in the next bootc meeting then we should file an issue on the tracker
2024-07-03 17:13:18 <@siosm:matrix.org> no it does not AFAIK
2024-07-03 17:13:26 <@siosm:matrix.org> it's "user controlled"
2024-07-03 17:14:01 <@siosm:matrix.org> we would have to ask Brent
2024-07-03 17:14:02 <@jbtrystram:matrix.org> is there an issue with some more context on that ? I want to understand why people need to have dynamic mountpoints on /
2024-07-03 17:14:17 <@jlebon:fedora.im> gotcha. i guess it might work to remount rw in a private namespace to create it
2024-07-03 17:14:56 <@jlebon:fedora.im> jbtrystram: i'm not sure if there's a dedicated issue for this (yet)
2024-07-03 17:15:00 <@siosm:matrix.org> indeed, sneak a layer with the folder and switch_root
2024-07-03 17:15:11 <@jbtrystram:matrix.org> https://github.com/coreos/rpm-ostree/issues/337
2024-07-03 17:15:52 <@jlebon:fedora.im> that's the generic issue for toplevel mounts. we should probably have one for the podman case
2024-07-03 17:16:01 <@jlebon:fedora.im> ok, let's switch to open floor?
2024-07-03 17:16:55 <@siosm:matrix.org> 👍️
2024-07-03 17:16:58 <@jlebon:fedora.im> !topic Open Floor
2024-07-03 17:17:16 <@jlebon:fedora.im> anything anyone wants to bring up?
2024-07-03 17:20:30 <@jlebon:fedora.im> will end meeting in 60s
2024-07-03 17:20:39 <@siosm:matrix.org> !link https://gitlab.com/fedora/bootc/tracker/-/issues/26
2024-07-03 17:20:42 <@siosm:matrix.org> I filed an issue
2024-07-03 17:21:20 <@jbtrystram:matrix.org> thanks for running Jonathan Lebon  ! 
2024-07-03 17:21:32 <@jlebon:fedora.im> !endmeeting