2025-04-22 15:00:59 <@jbrooks:matrix.org> !startmeeting fedora_bootc_initiative
2025-04-22 15:01:03 <@meetbot:fedora.im> Meeting started at 2025-04-22 15:00:59 UTC
2025-04-22 15:01:04 <@meetbot:fedora.im> The Meeting name is 'fedora_bootc_initiative'
2025-04-22 15:01:52 <@jeckersb:fedora.im> !hi
2025-04-22 15:01:54 <@zodbot:fedora.im> John Eckersberg (jeckersb)
2025-04-22 15:02:15 <@jbrooks:matrix.org> !topic roll call
2025-04-22 15:02:44 <@dustymabe:matrix.org> !hi
2025-04-22 15:02:51 <@zodbot:fedora.im> Dusty Mabe (dustymabe) - he / him / his
2025-04-22 15:02:58 <@jlebon:fedora.im> !hi
2025-04-22 15:02:59 <@zodbot:fedora.im> None (jlebon)
2025-04-22 15:03:01 <@jmarrero:matrix.org> !hi
2025-04-22 15:03:03 <@zodbot:fedora.im> Joseph Marrero (jmarrero)
2025-04-22 15:03:17 <@snthrailkill:matrix.org> !hi
2025-04-22 15:03:22 <@zodbot:fedora.im> Sean Thrailkill (snthrailkill)
2025-04-22 15:03:35 <@jeckersb:fedora.im> (fyi Colin Walters is out today)
2025-04-22 15:03:36 <@rsturla:fedora.im> !hi
2025-04-22 15:03:37 <@zodbot:fedora.im> None (rsturla)
2025-04-22 15:03:39 <@rriemann:kde.org> !hi
2025-04-22 15:03:41 <@zodbot:fedora.im> Robert Riemann (rriemann) - he / him / his
2025-04-22 15:05:21 <@jbrooks:matrix.org> Dusty said he has a topic
2025-04-22 15:06:04 <@dustymabe:matrix.org> It's small :) 
2025-04-22 15:06:37 <@jbrooks:matrix.org> I forget, with this new zodbot, do I need to make ppl chair?
2025-04-22 15:07:09 <@dustymabe:matrix.org> !topic develop tooling for browsing "stream" history
2025-04-22 15:07:26 <@dustymabe:matrix.org> !link https://gitlab.com/fedora/bootc/tracker/-/issues/65
2025-04-22 15:07:56 <@dustymabe:matrix.org> and now we have our answer :) 
2025-04-22 15:09:23 <@dustymabe:matrix.org> 
2025-04-22 15:09:23 <@dustymabe:matrix.org> It would be nice if we had some way to browse the history and see what changes came in with each update.
2025-04-22 15:09:23 <@dustymabe:matrix.org> So this one is simple. With containers it's not super easy to see the meaningful history for a moving tag in a registry.
2025-04-22 15:09:46 <@dustymabe:matrix.org> This problem isn't specific to bootable containers, I think it would be useful for app containers too. 
2025-04-22 15:10:34 <@dustymabe:matrix.org> I'm not necessarily suggesting that the container registry is no longer the source of truth. It just would be nice to have some other way to access the relevant information 
2025-04-22 15:10:39 <@rsturla:fedora.im> Existing issues that could be somewhat related:
2025-04-22 15:10:39 <@rsturla:fedora.im> - https://github.com/bootc-dev/bootc/issues/932
2025-04-22 15:10:39 <@rsturla:fedora.im> - https://github.com/bootc-dev/bootc/issues/1004
2025-04-22 15:10:55 <@jbrooks:matrix.org> Did Valentin give a talk about something like this at the containerization guild?
2025-04-22 15:12:15 <@snthrailkill:matrix.org> I love the idea. Are you targeting a specific registry or anything first?
2025-04-22 15:12:16 <@dustymabe:matrix.org> Robert Sturla: nice
2025-04-22 15:12:35 <@dustymabe:matrix.org> Sean Thrailkill: not in particular
2025-04-22 15:13:34 <@jlebon:fedora.im> one random idea I had is that if you push versioned tags as well, then you can build a "history" by having each build reference as a LABEL the parent version
2025-04-22 15:14:01 <@jlebon:fedora.im> so that you're not constrained to a registry-specific API for querying tag information
2025-04-22 15:14:05 <@jlebon:fedora.im> so that you're not constrained to a registry-specific API for querying tag history information
2025-04-22 15:15:37 <@dustymabe:matrix.org> Yeah. Maybe that can be an optimization, but not a requirement? 
2025-04-22 15:16:10 <@jbrooks:matrix.org> this was the Valentin talk I was thinking of: https://www.youtube.com/watch?v=GT8bNaeHuy8&t=1255s
2025-04-22 15:17:54 <@snthrailkill:matrix.org> Is this something that exists in any other form currently? I almost feel like container chnagelog is the first step that tools like renovate can pick up on. It would be able to create something like you have mocked out easily
2025-04-22 15:19:31 <@dustymabe:matrix.org> Jason Brooks: changelogs I think are not exactly what I was talking about, but do overlap heavily 
2025-04-22 15:19:51 <@dustymabe:matrix.org> when I think of changelog I think of human readable text about the changes in the packages 
2025-04-22 15:20:09 <@dustymabe:matrix.org> this is more of a "report about embedded content", which is very similar, but not exactly the same
2025-04-22 15:20:52 <@dustymabe:matrix.org> so for example. in FCOS today we have them combined (release notes & changed content) in:
2025-04-22 15:20:52 <@dustymabe:matrix.org> https://fedoraproject.org/coreos/release-notes?arch=x86_64&stream=stable
2025-04-22 15:20:52 <@dustymabe:matrix.org> 
2025-04-22 15:21:32 <@dustymabe:matrix.org> but the "builds browser" has a little more dry information (and also more links to useful things): 
2025-04-22 15:21:32 <@dustymabe:matrix.org> 
2025-04-22 15:21:32 <@dustymabe:matrix.org> https://builds.coreos.fedoraproject.org/browser?stream=stable&arch=x86_64
2025-04-22 15:22:36 <@dustymabe:matrix.org> but yeah. if there is some automated way we can get changelog content (i.e. rpm change logs would be easiest) then we could display them too.
2025-04-22 15:22:41 <@rsturla:fedora.im> These SBOMs would be "attached" to each OCI image based on the image digest and you can compare the two JSON file contents to see the diffs.
2025-04-22 15:22:41 <@rsturla:fedora.im> 
2025-04-22 15:22:41 <@rsturla:fedora.im> There's not any decent tooling that exist currently for this sort of thing, but by comparing information extracted from SBOMs, you can receive the before and after information on a package level, including some non-packaged content (such as ELF binaries).
2025-04-22 15:23:05 <@rsturla:fedora.im> I'm not sure from the information from these SBOMs, if you can match them up with the RPM DB changelogs
2025-04-22 15:23:50 <@jlebon:fedora.im> Robert Sturla: i think the problem isn't necessarily the extracting of the metadata from the images, but getting that history perspective of what changed over time. basically: there is no git branch equivalent in the OCI world
2025-04-22 15:24:16 <@rriemann:kde.org> Producing consistently SBOM would also serve the compliance with NIS2. Unfortunately, the tooling is not very robust. Not all containerised OS are supported. Fedora is not for example.
2025-04-22 15:24:47 <@snthrailkill:matrix.org> Yeah Robert that's what I'm thinking. If we tie a SBOM through a label or something to an image then comparing the difference between them becomes feasible
2025-04-22 15:24:52 <@rsturla:fedora.im> Ah, understood.  So the problem is more knowing that the image tagged with 20250422 was released before 20250423 (but also accounting for when the tagging standard isn't trivial)
2025-04-22 15:26:08 <@rsturla:fedora.im> Ah, understood.  So the problem is more knowing that the image tagged with 20250422 was released before 20250423 (while also accounting for when the tagging standard isn't trivial)
2025-04-22 15:26:46 <@jlebon:fedora.im> yeah, this is why i mentioned https://matrix.to/#/!YWqcsiUQiCaqimYdQT:fedoraproject.org/$rg8pieVbdJH4PUCIyKP4bWUU25394CHD7IpB1eHXToc?via=fedoraproject.org&via=fedora.im&via=matrix.org
2025-04-22 15:27:13 <@jlebon:fedora.im> basically, you can have a moving tag and versioned tags, and the tooling doesn't actually have to understand your particular versioning scheme. it just follows LABELs
2025-04-22 15:27:32 <@dustymabe:matrix.org> ehh. it's not even that.
2025-04-22 15:27:32 <@dustymabe:matrix.org> 
2025-04-22 15:27:32 <@dustymabe:matrix.org> it's that trying to find out what changed in the latest build is kind of hard to do right now
2025-04-22 15:27:37 <@snthrailkill:matrix.org> Hmm. Maybe a label thats ISO-8601 compliant to say when it was published? Then we make a tool that knows what tag to look for between 2 images and periodically checks a registry?
2025-04-22 15:27:41 <@dustymabe:matrix.org> first you have to find what the previous build was
2025-04-22 15:27:51 <@dustymabe:matrix.org> then you have to grab the images from n-1 and n
2025-04-22 15:27:57 <@dustymabe:matrix.org> and then do your own inspection between the two
2025-04-22 15:28:09 <@dustymabe:matrix.org> it'd be easier if all of that was browsable 
2025-04-22 15:29:06 <@snthrailkill:matrix.org> Hmm. Maybe a label thats ISO-8601 compliant to say when it was published? Then we make a tool that knows what tag to look for between 2 images and periodically checks a tag you specify for a given regisry
2025-04-22 15:29:09 <@dustymabe:matrix.org> so you could browse to a build that say "had the version XYZ-A of systemd" and copy the pullspec and test against it 
2025-04-22 15:29:42 <@dustymabe:matrix.org> all of this is doable today.. I just want to make it easier 
2025-04-22 15:30:05 <@dustymabe:matrix.org> mostly because I'm spoiled (see https://builds.coreos.fedoraproject.org/browser?stream=stable&arch=x86_64)
2025-04-22 15:31:07 <@dustymabe:matrix.org> also, with this build history accessible we can do things like [bisect](https://github.com/coreos/fedora-coreos-config/blob/d0b035279041708b169fdf274ece64dc399ed0ef/tests/manual/coreos-builds-bisect.py#L58-L61) the history to find out when a regression occurred
2025-04-22 15:31:30 <@jbrooks:matrix.org> Yeah, that's cool
2025-04-22 15:32:40 <@snthrailkill:matrix.org> I like how Dusty said it would be a small topic 😅
2025-04-22 15:33:27 <@dustymabe:matrix.org> Sean Thrailkill: I was surprised by the level of interest, but I think that's a good thing :) 
2025-04-22 15:33:59 <@jbrooks:matrix.org> OK, other topics?
2025-04-22 15:34:17 <@dustymabe:matrix.org> Jason Brooks: so what are the takeaways from this discussion? should we try to summarize and put something in the ticket? 
2025-04-22 15:34:46 <@jbrooks:matrix.org> Yeah, I think we should do that -- I was thinking, for me, I need to digest
2025-04-22 15:35:14 <@jbrooks:matrix.org> Would anyone like to summarize and add to the ticket? If not, I'll do it 🙂
2025-04-22 15:35:35 <@snthrailkill:matrix.org> I'll do it
2025-04-22 15:35:42 <@jbrooks:matrix.org> Sweet
2025-04-22 15:36:04 <@jbrooks:matrix.org> !action Sean Thrailkill to summarize our chat and add to Dusty's ticket
2025-04-22 15:37:16 <@jbrooks:matrix.org> the zodbot lag is killing me
2025-04-22 15:37:35 <@jbrooks:matrix.org> Do we have any other topics, or should we close this one off?
2025-04-22 15:38:11 <@dustymabe:matrix.org> I've got an open floor item
2025-04-22 15:38:27 <@jeckersb:fedora.im> yeah i have one small note too
2025-04-22 15:39:11 <@jbrooks:matrix.org> !topic open floor
2025-04-22 15:39:20 <@jbrooks:matrix.org> go ahead, Dusty
2025-04-22 15:40:24 <@dustymabe:matrix.org> and that URL can be found from https://calendar.fedoraproject.org/SIGs/#m10982
2025-04-22 15:40:24 <@dustymabe:matrix.org> 
2025-04-22 15:40:24 <@dustymabe:matrix.org> The URL is `https://calendar.fedoraproject.org/ical/calendar/meeting/10982/` 
2025-04-22 15:40:24 <@dustymabe:matrix.org> 
2025-04-22 15:40:24 <@dustymabe:matrix.org> If anyone else uses google calendar (like I do). You can add this meetings cal entry to it by URL
2025-04-22 15:40:40 <@dustymabe:matrix.org> just a little nugget for anyone who might find that useful 
2025-04-22 15:41:14 <@dustymabe:matrix.org> oh also I did a little hobby time this past weekend and got Fedora CoreOS building for riscv64 
2025-04-22 15:41:32 <@dustymabe:matrix.org> which included some necessary changes to the bootc base images manifests. 
2025-04-22 15:41:32 <@dustymabe:matrix.org> 
2025-04-22 15:41:32 <@dustymabe:matrix.org> I'll PR those later today
2025-04-22 15:42:38 <@snthrailkill:matrix.org> Very cool
2025-04-22 15:44:18 <@jbrooks:matrix.org> Awesome, we might have riscv hw at the Fedora booth at RH Summit, it'd be cool to run bootc on it
2025-04-22 15:45:25 <@jbrooks:matrix.org> Any other open floor items?
2025-04-22 15:46:00 <@jbrooks:matrix.org> OK, I'm closing it off, thanks everyone!
2025-04-22 15:46:03 <@jeckersb:fedora.im> Just a quick note, as of ~1hr ago we have updated `latest`/`42` fedora-bootc images - https://quay.io/repository/fedora/fedora-bootc?tab=history
2025-04-22 15:46:04 <@jbrooks:matrix.org> !endmeeting