#meeting-1:fedoraproject.org log

<@siosm:matrix.org>

16:30:54

!startmeeting fedora_coreos_meeting

<@meetbot:fedora.im>

16:30:57

Meeting started at 2025-01-15 16:30:54 UTC

<@meetbot:fedora.im>

16:30:58

The Meeting name is 'fedora_coreos_meeting'

<@siosm:matrix.org>

16:31:03

!topic roll call

<@dustymabe:matrix.org>

16:31:39

!hi

<@zodbot:fedora.im>

16:31:41

Dusty Mabe (dustymabe) - he / him / his

<@hricky:fedora.im>

16:32:00

!hi

<@zodbot:fedora.im>

16:32:02

Hristo Marinov (hricky) - he / him / his

<@siosm:matrix.org>

16:32:03

!hi

<@zodbot:fedora.im>

16:32:05

Timothée Ravier (siosm) - he / him / his

<@romanepo:fedora.im>

16:32:28

Please share meeting URL

<@siosm:matrix.org>

16:33:34

Roman Epo: There is not meeting URL, the meeting is happening here on Matrix

<@siosm:matrix.org>

16:33:44

Roman Epo: There is no meeting URL, the meeting is happening here on Matrix

<@apiaseck:matrix.org>

16:33:50

!hi

<@zodbot:fedora.im>

16:33:52

Adam Piasecki (c4rt0) - he / him / his

<@siosm:matrix.org>

16:33:53

Roman Epo: There is no meeting URL, the meeting is happening here in this Matrix channel

<@mnguyen:fedora.im>

16:34:13

!hi mnguyen

<@dustymabe:matrix.org>

16:34:14

Roman Epo: In other words.. you are in the meeting.. Welcome!

<@zodbot:fedora.im>

16:34:16

Michael Nguyen (mnguyen)

<@jbtrystram:matrix.org>

16:34:57

!hi

<@zodbot:fedora.im>

16:34:59

Jean-Baptiste Trystram (jbtrystram) - he / him / his

<@siosm:matrix.org>

16:35:17

!topic Action items from last meeting

<@siosm:matrix.org>

16:35:23

!link https://discussion.fedoraproject.org/t/fedora-coreos-community-meeting-minutes-2025-01-08/141819

<@siosm:matrix.org>

16:35:36

!info there are no actions from last meeting

<@siosm:matrix.org>

16:36:08

!topic tracker: Fedora 42 changes considerations

<@siosm:matrix.org>

16:36:36

Thanks marmijo for the update. Let's go over the new ones

<@siosm:matrix.org>

16:37:30

!info 116: KTLS implementation for GnuTLS

<@siosm:matrix.org>

16:37:37

!link https://fedoraproject.org/wiki/Changes/KTLSSupportForGnuTLS

<@siosm:matrix.org>

16:38:58

The change explicitly notes that it will be disabled by default, it should not impact us

<@dustymabe:matrix.org>

16:39:03

seems like originally this was going to be enabled by default

<@dustymabe:matrix.org>

16:39:25

right. I wonder if they will later switch back to the original plan of enabling by default if the feature exists

<@dustymabe:matrix.org>

16:39:32

either way: should not impact us

<@siosm:matrix.org>

16:40:31

even if they switch to enabled, I don't think we will have to take any action

<@siosm:matrix.org>

16:40:39

maybe document disabling/enabling

<@jlebon:fedora.im>

16:41:14

!hello

<@zodbot:fedora.im>

16:41:16

None (jlebon)

<@siosm:matrix.org>

16:41:27

!info RPM Support For Systemd Sysusers.d

<@siosm:matrix.org>

16:41:30

!link https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers

<@siosm:matrix.org>

16:43:07

Hopefully this one is transparent to us as well but we will have to watch out for fallouts in composes when this lands in rawhide

<@dustymabe:matrix.org>

16:44:43

do we have any RPMs that would need updating?

<@siosm:matrix.org>

16:46:08

we might have to update zincati

<@siosm:matrix.org>

16:46:19

It's not clear to me what changes have to be done for this one

<@dustymabe:matrix.org>

16:47:20

is zincati the only user we create for all of our related coreos software? if so should we open an issue there to do any needed migration?

<@dustymabe:matrix.org>

16:47:50

I know us changing our RPM wouldn't be required for this change, but would be nice to get on board and not forget later.

<@siosm:matrix.org>

16:48:32

Details are in https://github.com/rpm-software-management/rpm/blob/master/docs/manual/users_and_groups.md#users-and-groups%7C

<@siosm:matrix.org>

16:48:50

Let's open an issue to track it

<@siosm:matrix.org>

16:49:03

(i'll do it)

<@siosm:matrix.org>

16:49:20

!info 118 Automated onboarding to Packit release automation for new packages

<@siosm:matrix.org>

16:49:26

!link https://fedoraproject.org/wiki/Changes/AutomatedPackitOnboarding

<@dustymabe:matrix.org>

16:49:41

!action travier to open zincati issue to track migrating to sysusers.d in RPM

<@siosm:matrix.org>

16:49:51

We are already in the process of on-boarding our packages to packit so there is nothing more to do.

<@jlebon:fedora.im>

16:49:58

dustymabe: offhand, i can't think of another package where we ship a separate user

<@dustymabe:matrix.org>

16:50:14

👍️ - I know we had started the process.

<@siosm:matrix.org>

16:50:39

!info 119 Golang 1.24

<@siosm:matrix.org>

16:50:44

!link https://fedoraproject.org/wiki/Changes/golang1.24

<@siosm:matrix.org>

16:51:13

We generally mostly keep up with golang versions upstream so that should be fine

<@dustymabe:matrix.org>

16:51:20

1.23 is in `rawhide` right now - so the change hasn't landed yet

<@siosm:matrix.org>

16:51:51

!info 120. Tcl/Tk 9.0

<@siosm:matrix.org>

16:51:57

!link https://fedoraproject.org/wiki/Changes/TclTk9.0

<@siosm:matrix.org>

16:52:32

We don't ship that so should not be impacted

<@siosm:matrix.org>

16:52:59

!info 121 Managing expired PGP keys in DNF5

<@siosm:matrix.org>

16:53:03

!link https://fedoraproject.org/wiki/Changes/Dnf5ExpiredPGPKeys

<@siosm:matrix.org>

16:54:07

That should not impact us

<@siosm:matrix.org>

16:54:48

I asked in https://discussion.fedoraproject.org/t/f42-change-proposal-dnf5-expired-keys-system-wide/138978/4 about removing the old keys

<@dustymabe:matrix.org>

16:54:51

hmm

<@dustymabe:matrix.org>

16:55:22

I wonder why we couldn't just have keys managed by RPMs themselves?

<@dustymabe:matrix.org>

16:55:34

i.e. they are just files on the system and they are dynamically loaded

<@siosm:matrix.org>

16:55:54

you need them before installing the RPM usually

<@dustymabe:matrix.org>

16:56:00

so if we wanted to obsolete a key then the file would just stop being delivered by the owning RPM

<@siosm:matrix.org>

16:56:02

it's a chicken egg issue

<@dustymabe:matrix.org>

16:56:18

ehh, I think the installer would handle that (as it does today)

<@siosm:matrix.org>

16:56:58

it's the same issue when you ship repo files as part of an RPM: https://rpmfusion.org/Howto/OSTree?highlight=%28%5CbCategoryHowto%5Cb%29

<@siosm:matrix.org>

16:57:52

Not sure I understand. Are you thinking about Anaconda?

<@dustymabe:matrix.org>

16:58:06

What's the problem that rpmfusion link is supposed to highlight?

<@dustymabe:matrix.org>

16:58:22

travier: yeah, anaconda, or whatever you are using to install your system?

<@siosm:matrix.org>

16:59:34

if you ship the keys needed to validate the signature of an RPM inside the RPM that you are trying to validate then you can not validate it without either parsing the (for now) untrusted RPM or installing the keys from another process

<@jlebon:fedora.im>

16:59:39

dustymabe: worth mentioning there's a delta here AFAIK between how dnf and rpm-ostree work. you're right for rpm-ostree, but for dnf the keys get imported into the rpmdb

<@siosm:matrix.org>

16:59:40

it's the same with the repo configs

<@jlebon:fedora.im>

17:00:22

rpm-ostree notably currently imports all the keys in `/etc/pki/rpm-gpg` (but not into the rpmdb)

<@dustymabe:matrix.org>

17:00:31

Jonathan Lebon: right. there is a differing behavior between rpm-ostree and dnf, but I think dnf could behave differently and then the more elegant solution could win

<@siosm:matrix.org>

17:01:08

overall this should not impact us so let's skip this one? (we can discuss this point async?)

<@dustymabe:matrix.org>

17:01:09

right, but this is how all installers work.. you start with a blank filesystem and you `--installroot` into it from an environment that is able to verify the signatures

<@dustymabe:matrix.org>

17:01:29

agree. sorry for going down the rabbit hole on this one

<@siosm:matrix.org>

17:01:43

👍️

<@siosm:matrix.org>

17:02:06

!info 122 LLVM 20

<@siosm:matrix.org>

17:02:13

!link https://fedoraproject.org/wiki/Changes/LLVM-20

<@siosm:matrix.org>

17:02:27

General update that should not impact us

<@dustymabe:matrix.org>

17:02:34

<@siosm:matrix.org>

17:02:46

!info 123 Firewalld IPv6_rpfilter default to loose on Workstations

<@siosm:matrix.org>

17:02:53

!link https://fedoraproject.org/wiki/Changes/Firewalld_IPv6_rpfilter_Default_Loose

<@siosm:matrix.org>

17:03:10

This is for the Workstation edition only apparently and we don't ship firewalld

<@siosm:matrix.org>

17:04:11

!info 124 GNU Toolchain Update (gcc 15, binutils 2.44, glibc 2.41, gdb 15+)

<@siosm:matrix.org>

17:04:16

!link https://fedoraproject.org/wiki/Changes/GNUToolchainF42

<@siosm:matrix.org>

17:04:28

General toolchain update that should not be an issue

<@siosm:matrix.org>

17:05:02

!info 218 Fedora COSMIC Spin

<@siosm:matrix.org>

17:05:06

!link https://fedoraproject.org/wiki/Changes/FedoraCOSMIC

<@siosm:matrix.org>

17:05:16

A new Spin, should not impact us

<@siosm:matrix.org>

17:06:12

!info 219 Retire python3.8

<@siosm:matrix.org>

17:06:18

!link https://fedoraproject.org/wiki/Changes/RetirePython3.8

<@siosm:matrix.org>

17:07:08

We don't (yet) ship Python :)

<@siosm:matrix.org>

17:07:22

!info 220 Deprecate gtk3-rs

<@siosm:matrix.org>

17:07:29

!link https://fedoraproject.org/wiki/Changes/Deprecate_gtk3-rs

<@siosm:matrix.org>

17:07:35

We don't ship those packages

<@siosm:matrix.org>

17:07:49

!info 221 Intel Compute Runtime - Upgrade with HW cut-off

<@siosm:matrix.org>

17:08:01

!link https://fedoraproject.org/wiki/Changes/IntelCompute2025

<@dustymabe:matrix.org>

17:09:09

I think this one got some publicity when it was originally proposed

<@siosm:matrix.org>

17:09:32

I don't see a list of packages so I don't know if we are impacted

<@romanepo:matrix.org>

17:10:27

is this meeting room ?

<@dustymabe:matrix.org>

17:11:15

Without understanding this ecosystem more it's hard to understand what is really impacted, but if I parse the tea leaves a bit I think GPU (like driving monitor/VGA/HDMI output) isn't being affected, but what is is a library/framework (openCL) to run GPU workloads on those GPU cards.

<@jlebon:fedora.im>

17:11:27

it'd be intel-compute-runtime. FCOS doesn't ship it

<@siosm:matrix.org>

17:11:47

<@siosm:matrix.org>

17:11:53

to jlebon

<@jlebon:fedora.im>

17:12:01

dustymabe: that's my understanding as well

<@siosm:matrix.org>

17:12:46

From my understanding, one should be able to run a previous version from a container

<@siosm:matrix.org>

17:13:05

so I would vote for "not impacting us directly"

<@siosm:matrix.org>

17:13:36

!info 222 Stop building Atomic Desktops for PPC64LE

<@siosm:matrix.org>

17:13:40

!link https://fedoraproject.org/wiki/Changes/AtomicDesktopsNoPpc64le

<@siosm:matrix.org>

17:14:01

This is only for Atomic Desktops so should not impact us

<@siosm:matrix.org>

17:14:13

!info 223 Remove pam-ssh-agent component

<@siosm:matrix.org>

17:14:19

!info https://fedoraproject.org/wiki/Changes/Remove_pam-ssh-agent_component

<@siosm:matrix.org>

17:14:26

!link https://fedoraproject.org/wiki/Changes/Remove_pam-ssh-agent_component

<@siosm:matrix.org>

17:15:13

We don't ship the package but I'm wondering about those who layer it

<@dustymabe:matrix.org>

17:15:54

travier: i.e. if there are any that do layer it?

<@siosm:matrix.org>

17:16:07

yeah, what happens for those folks

<@jlebon:fedora.im>

17:16:39

huh, hadn't heard of this before

<@jlebon:fedora.im>

17:16:49

they would not be able to upgrade until they unlayer it

<@siosm:matrix.org>

17:16:50

we might want to mention it in our F42 release notes?

<@dustymabe:matrix.org>

17:17:04

travier: I think it's kind of out of our control - i'm sure it's happened before where packages go away on major updates

<@siosm:matrix.org>

17:17:44

sure, it's a bit like the other packages potentially layered where we added a note

<@siosm:matrix.org>

17:17:52

not saying that we should do more

<@siosm:matrix.org>

17:18:25

!info Let's add a short note to our F43 release notes for this one

<@siosm:matrix.org>

17:18:39

!info 224 Create Fedora Windows Subsystem for Linux Images

<@siosm:matrix.org>

17:18:48

!link https://fedoraproject.org/wiki/Changes/FedoraWSL

<@siosm:matrix.org>

17:19:43

Should not impact us

<@siosm:matrix.org>

17:20:06

That's it

<@siosm:matrix.org>

17:20:22

We have https://github.com/coreos/fedora-coreos-tracker/issues/1823 on the agenda but we are short on time

<@dustymabe:matrix.org>

17:20:41

We need to create the F43 communications tracker issue and then we can add this as a comment in there so we don't forget.

<@dustymabe:matrix.org>

17:20:49

We need to create the F42 communications tracker issue and then we can add this as a comment in there so we don't forget.

<@siosm:matrix.org>

17:21:45

Let's keep https://github.com/coreos/fedora-coreos-tracker/issues/1823 for next week and move to open floor?

<@jlebon:fedora.im>

17:22:33

sounds good. probably by then, it'll have been announced anyway so it'll show up in the other tracker :)

<@siosm:matrix.org>

17:22:33

If folks are interested, taking a look at the change request and discussing it there would be appreciated!

<@siosm:matrix.org>

17:23:14

(only accepted changes are in the tracker :))

<@siosm:matrix.org>

17:23:50

!topic Open Floor

<@dustymabe:matrix.org>

17:23:55

Do we have any updates on https://github.com/coreos/fedora-coreos-tracker/issues/1829 - should we close it?

<@siosm:matrix.org>

17:24:27

We will be doing a talk with Allison on the work related to composefs

<@siosm:matrix.org>

17:25:21

https://fosdem.org/2025/schedule/event/fosdem-2025-5191--signed-sealed-and-delivered-with-ukis-and-composefs/

<@siosm:matrix.org>

17:26:37

Make sure to reach out to me if you want to chat at FOSDEM!

<@jbtrystram:matrix.org>

17:27:40

I have to drop. Thanks everyone !

<@dustymabe:matrix.org>

17:28:27

Thanks travier - thanks all!

<@siosm:matrix.org>

17:30:33

!endmeeting