#meeting-1:fedoraproject.org log

<@jbrooks:matrix.org>

15:00:24

!startmeeting fedora_bootc_initiative

<@meetbot:fedora.im>

15:00:27

Meeting started at 2025-05-27 15:00:24 UTC

<@meetbot:fedora.im>

15:00:27

The Meeting name is 'fedora_bootc_initiative'

<@jeckersb:fedora.im>

15:00:39

!hi

<@zodbot:fedora.im>

15:00:40

John Eckersberg (jeckersb)

<@rsturla:fedora.im>

15:00:45

!hi rsturla

<@zodbot:fedora.im>

15:00:46

None (rsturla)

<@walters:fedora.im>

15:01:15

!hi

<@zodbot:fedora.im>

15:01:16

Colin Walters (walters)

<@hricky:fedora.im>

15:01:32

!hi

<@zodbot:fedora.im>

15:01:33

Hristo Marinov (hricky) - he / him / his

<@jbrooks:matrix.org>

15:01:57

!topic roll call

<@jbrooks:matrix.org>

15:02:02

!hi jasonbrooks

<@zodbot:fedora.im>

15:02:04

Jason Brooks (jasonbrooks) - he / him / his

<@jlebon:fedora.im>

15:02:17

!hi

<@zodbot:fedora.im>

15:02:18

None (jlebon)

<@jmarrero:matrix.org>

15:02:35

!hi

<@walters:fedora.im>

15:02:35

Did we have an agenda for this one? A fair bit going on; some activity on the base image and bootc/rpm-ostree side among other things

<@zodbot:fedora.im>

15:02:38

Joseph Marrero (jmarrero)

<@jbrooks:matrix.org>

15:02:59

We have a requested topic from jlebon

<@jbrooks:matrix.org>

15:03:14

!topic https://gitlab.com/fedora/bootc/tracker/-/issues/34

<@jlebon:fedora.im>

15:03:40

i think we discussed it in the past, but mostly highlighting: https://gitlab.com/fedora/bootc/tracker/-/issues/34#note_2515657013

<@jlebon:fedora.im>

15:04:09

I mentioned this this morning and Colin said that this is something building with Konflux would automatically fix

<@jlebon:fedora.im>

15:04:20

so maybe there's nothing explicit that needs to happen there

<@walters:fedora.im>

15:04:35

Yeah there was a recent update in https://gitlab.com/fedora/bootc/base-images/-/issues/51

<@siosm:matrix.org>

15:04:48

!hi

<@zodbot:fedora.im>

15:04:51

Timothée Ravier (siosm) - he / him / his

<@jbrooks:matrix.org>

15:05:03

I think this points to wider q's about: what are our goals and parameters for our deliverable -- the base images, what should ppl expect, etc

<@miabbott:fedora.im>

15:05:32

!hi

<@zodbot:fedora.im>

15:05:33

Micah Abbott (miabbott)

<@jbrooks:matrix.org>

15:06:19

But, Jonathan Lebonare we all set for this? Is there something to be hashed out?

<@jlebon:fedora.im>

15:06:30

ok nice, and looking at e.g. https://quay.io/repository/bootc-devel/fedora-bootc-rawhide-minimal-plus?tab=tags&tag=latest i do see some timestamp-based tags

<@jlebon:fedora.im>

15:06:45

(though it seems to be building less frequently than I expected)

<@dustymabe:matrix.org>

15:07:08

!hi

<@zodbot:fedora.im>

15:07:10

Dusty Mabe (dustymabe) - he / him / his

<@miabbott:fedora.im>

15:07:30

The base image building via Konflux just landed recently; with the Renovate work that Miguel has been working on, we should see base images more frequently

<@jlebon:fedora.im>

15:08:01

how long are the tags kept for?

<@walters:fedora.im>

15:08:03

I think by far the biggest thing here is to land the konflux rework which fixes multiple things, especially https://gitlab.com/fedora/bootc/base-images/-/issues/44

<@jlebon:fedora.im>

15:08:20

the oldest one looks like 13 days old, which is not very long

<@miabbott:fedora.im>

15:08:25

> how long are the tags kept for?

<@miabbott:fedora.im>

15:08:25

i think that is a Quay repo setting?

<@miabbott:fedora.im>

15:08:25

<@jlebon:fedora.im>

15:08:39

is konflux using the quay expiry thing or is it a separate GC?

<@walters:fedora.im>

15:09:11

no quay doesn't prune tags

<@jlebon:fedora.im>

15:09:30

but anyway, assuming we can tweak that window length, i think we can get to something that works

<@jlebon:fedora.im>

15:09:48

ahh, i thought the expiry API did exactly that

<@jbrooks:matrix.org>

15:10:22

What would we like the window to be?

<@walters:fedora.im>

15:10:32

Oh yes sorry I think it does

<@walters:fedora.im>

15:11:05

Jason Brooks: The current tracker https://gitlab.com/fedora/bootc/tracker/-/issues/34 has 2-3 months, I'm sure we could do 6. Past that though I think the onus is on the consumer to copy if that's what they want

<@jbrooks:matrix.org>

15:11:24

And then, is it every day for 6 months?

<@jlebon:fedora.im>

15:11:55

i think even 3 months would be good enough

<@jlebon:fedora.im>

15:12:32

Jason Brooks: it would have to be for every release that passed through the versionless tag because someone might've pinned to its digest

<@jbrooks:matrix.org>

15:13:29

This is where I think so should clarify expectations -- would one expect images to stick around for the whole life of a fedora release, for instance?

<@miabbott:fedora.im>

15:13:39

fyi, tag expiry docs - https://docs.redhat.com/en/documentation/red_hat_quay/3.14/html-single/about_quay_io/index#setting-tag-expirations-v2-ui

<@dustymabe:matrix.org>

15:14:18

Jason Brooks: i.e the "release day" bootc for F42 - yeah I could see it being an interesting reference point for testing

<@dustymabe:matrix.org>

15:15:12

I think for Fedora CoreOS the stream model where we only release every 2 weeks makes this a little more manageable. because we only have to keep the production stream builds and not all the nightly builds

<@dustymabe:matrix.org>

15:15:48

Sorry. That was a bit off topic

<@walters:fedora.im>

15:15:59

Fedora CoreOS has a plethora of disk images though, with OCI layering and deduplication it's a lot cheaper

<@walters:fedora.im>

15:16:09

Fedora CoreOS has a plethora of disk images though, with OCI layering and deduplication it's a lot cheaper for just the bootc container image

<@dustymabe:matrix.org>

15:16:35

I just meant that making a decision about what to keep, was easier

<@walters:fedora.im>

15:17:07

Anyways I think the main person that'd be nice to have here is Miguel who is working on the buildsystem rework, hopefully he can update next time or async, as we want that to make progress here

<@jbrooks:matrix.org>

15:17:25

We can schedule a deeper dive

<@miabbott:fedora.im>

15:17:52

I'll let him know that he is wanted for more details in an upcoming meeting; this is pretty late for his usual day though

<@jbrooks:matrix.org>

15:18:11

We can do a one-off time

<@walters:fedora.im>

15:19:16

It's ok we can find another time to sync in a smaller group hopefully too

<@jbrooks:matrix.org>

15:20:21

OK, any more on this topic?

<@jlebon:fedora.im>

15:20:22

especially whether there's things others (including me) could do to help. it's amazing really all he's working through

<@jlebon:fedora.im>

15:21:53

Micah Abbott: is the plan to also build f42 in rawhide or only starting from f43?

<@jlebon:fedora.im>

15:21:57

Micah Abbott: is the plan to also build f42 in Konflux or only starting from f43?

<@miabbott:fedora.im>

15:23:19

Jonathan Lebon: i don't know if we have a solid plan for that. 😆

<@miabbott:fedora.im>

15:23:19

<@miabbott:fedora.im>

15:23:19

i think with the existing scaffolding in place, we could probably extend the builds to include f42. something to discuss with miguel, for sure

<@jlebon:fedora.im>

15:24:16

that'd be nice. i'm working on landing the container native path in FCOS and it'd be good if it's not just buildable in rawhide (even though that's where we'll turn it on to start with)

<@jlebon:fedora.im>

15:28:23

just to surface this (i guess docs should be added for it), but it's now possible to extend the list of packages as part of the base image compose: https://gitlab.com/fedora/bootc/base-images/-/merge_requests/178. which just adds a bit of quality of life improvements i think rather than unlocking entirely new features

<@jlebon:fedora.im>

15:30:30

on an unrelated note, how did Edge/IoT deal with the uid/gid drift issue as part of moving to fedora-bootc/rhel-bootc?

<@jlebon:fedora.im>

15:30:30

i know iot-specific manifests were added and i expected to see a separate passwd/group file there but didn't find it

<@walters:fedora.im>

15:31:38

Jonathan Lebon: There wasn't one specific change but probably the biggest is that openvswitch added a ExecStartPre=chown

<@walters:fedora.im>

15:32:04

https://github.com/ovsrobot/ovs/commit/35a4aa68f8ec1015e6d082e9a6a10bdecd87d52b

<@jlebon:fedora.im>

15:33:19

hmm interesting. we do hacks related to this on the OCP side in the node image build. i need to see if that simplifies things there too

<@jlebon:fedora.im>

15:33:28

but the main thing we hitting though in

<@jlebon:fedora.im>

15:34:02

but the main thing we're hitting though in FCOS is that we have a sysusers dropin, which before was added before scriptlets run, but now we add it (manually) after

<@siosm:matrix.org>

15:34:33

we (I) should dust off the moving off nss-altfiles proposal and work on it

<@jlebon:fedora.im>

15:34:55

and that has all sorts of consequences, including changed uids/gids

<@jlebon:fedora.im>

15:35:14

i guess we're out of time. there's a lot of details there; i'll open a new issue i think to discuss

<@jlebon:fedora.im>

15:36:09

but basically here's the hack I came up with for now: https://github.com/jlebon/fedora-coreos-config/blob/1ee6ffd245859b72beb00d76c852f937a1e16cd3/build-rootfs#L75-L81

<@walters:fedora.im>

15:36:09

Moving fully off nss-altfiles would indeed be nice but quite complex. I think https://github.com/bootc-dev/bootc/issues/1263 would likely be the biggest win

<@walters:fedora.im>

15:37:16

But yes indeed over time, so we should probably call this and then continue async.

<@walters:fedora.im>

15:37:47

Thanks all for coming!

<@walters:fedora.im>

15:37:50

!endmeeting