2025-05-27 15:00:24 <@jbrooks:matrix.org> !startmeeting fedora_bootc_initiative
2025-05-27 15:00:27 <@meetbot:fedora.im> Meeting started at 2025-05-27 15:00:24 UTC
2025-05-27 15:00:27 <@meetbot:fedora.im> The Meeting name is 'fedora_bootc_initiative'
2025-05-27 15:00:39 <@jeckersb:fedora.im> !hi
2025-05-27 15:00:40 <@zodbot:fedora.im> John Eckersberg (jeckersb)
2025-05-27 15:00:45 <@rsturla:fedora.im> !hi rsturla
2025-05-27 15:00:46 <@zodbot:fedora.im> None (rsturla)
2025-05-27 15:01:15 <@walters:fedora.im> !hi
2025-05-27 15:01:16 <@zodbot:fedora.im> Colin Walters (walters)
2025-05-27 15:01:32 <@hricky:fedora.im> !hi
2025-05-27 15:01:33 <@zodbot:fedora.im> Hristo Marinov (hricky) - he / him / his
2025-05-27 15:01:57 <@jbrooks:matrix.org> !topic roll call
2025-05-27 15:02:02 <@jbrooks:matrix.org> !hi jasonbrooks
2025-05-27 15:02:04 <@zodbot:fedora.im> Jason Brooks (jasonbrooks) - he / him / his
2025-05-27 15:02:17 <@jlebon:fedora.im> !hi
2025-05-27 15:02:18 <@zodbot:fedora.im> None (jlebon)
2025-05-27 15:02:35 <@jmarrero:matrix.org> !hi
2025-05-27 15:02:35 <@walters:fedora.im> Did we have an agenda for this one? A fair bit going on; some activity on the base image and bootc/rpm-ostree side among other things
2025-05-27 15:02:38 <@zodbot:fedora.im> Joseph Marrero (jmarrero)
2025-05-27 15:02:59 <@jbrooks:matrix.org> We have a requested topic from jlebon
2025-05-27 15:03:14 <@jbrooks:matrix.org> !topic https://gitlab.com/fedora/bootc/tracker/-/issues/34
2025-05-27 15:03:40 <@jlebon:fedora.im> i think we discussed it in the past, but mostly highlighting: https://gitlab.com/fedora/bootc/tracker/-/issues/34#note_2515657013
2025-05-27 15:04:09 <@jlebon:fedora.im> I mentioned this this morning and Colin said that this is something building with Konflux would automatically fix
2025-05-27 15:04:20 <@jlebon:fedora.im> so maybe there's nothing explicit that needs to happen there
2025-05-27 15:04:35 <@walters:fedora.im> Yeah there was a recent update in https://gitlab.com/fedora/bootc/base-images/-/issues/51
2025-05-27 15:04:48 <@siosm:matrix.org> !hi
2025-05-27 15:04:51 <@zodbot:fedora.im> Timothée Ravier (siosm) - he / him / his
2025-05-27 15:05:03 <@jbrooks:matrix.org> I think this points to wider q's about: what are our goals and parameters for our deliverable -- the base images, what should ppl expect, etc
2025-05-27 15:05:32 <@miabbott:fedora.im> !hi
2025-05-27 15:05:33 <@zodbot:fedora.im> Micah Abbott (miabbott)
2025-05-27 15:06:19 <@jbrooks:matrix.org> But, Jonathan Lebonare we all set for this? Is there something to be hashed out?
2025-05-27 15:06:30 <@jlebon:fedora.im> ok nice, and looking at e.g. https://quay.io/repository/bootc-devel/fedora-bootc-rawhide-minimal-plus?tab=tags&tag=latest i do see some timestamp-based tags
2025-05-27 15:06:45 <@jlebon:fedora.im> (though it seems to be building less frequently than I expected)
2025-05-27 15:07:08 <@dustymabe:matrix.org> !hi
2025-05-27 15:07:10 <@zodbot:fedora.im> Dusty Mabe (dustymabe) - he / him / his
2025-05-27 15:07:30 <@miabbott:fedora.im> The base image building via Konflux just landed recently; with the Renovate work that Miguel has been working on, we should see base images more frequently
2025-05-27 15:08:01 <@jlebon:fedora.im> how long are the tags kept for?
2025-05-27 15:08:03 <@walters:fedora.im> I think by far the biggest thing here is to land the konflux rework which fixes multiple things, especially https://gitlab.com/fedora/bootc/base-images/-/issues/44
2025-05-27 15:08:20 <@jlebon:fedora.im> the oldest one looks like 13 days old, which is not very long
2025-05-27 15:08:25 <@miabbott:fedora.im> > how long are the tags kept for?
2025-05-27 15:08:25 <@miabbott:fedora.im> i think that is a Quay repo setting?
2025-05-27 15:08:25 <@miabbott:fedora.im> 
2025-05-27 15:08:39 <@jlebon:fedora.im> is konflux using the quay expiry thing or is it a separate GC?
2025-05-27 15:09:11 <@walters:fedora.im> no quay doesn't prune tags
2025-05-27 15:09:30 <@jlebon:fedora.im> but anyway, assuming we can tweak that window length, i think we can get to something that works
2025-05-27 15:09:48 <@jlebon:fedora.im> ahh, i thought the expiry API did exactly that
2025-05-27 15:10:22 <@jbrooks:matrix.org> What would we like the window to be?
2025-05-27 15:10:32 <@walters:fedora.im> Oh yes sorry I think it does
2025-05-27 15:11:05 <@walters:fedora.im> Jason Brooks: The current tracker https://gitlab.com/fedora/bootc/tracker/-/issues/34 has 2-3 months, I'm sure we could do 6. Past that though I think the onus is on the consumer to copy if that's what they want
2025-05-27 15:11:24 <@jbrooks:matrix.org> And then, is it every day for 6 months?
2025-05-27 15:11:55 <@jlebon:fedora.im> i think even 3 months would be good enough
2025-05-27 15:12:32 <@jlebon:fedora.im> Jason Brooks: it would have to be for every release that passed through the versionless tag because someone might've pinned to its digest
2025-05-27 15:13:29 <@jbrooks:matrix.org> This is where I think so should clarify expectations -- would one expect images to stick around for the whole life of a fedora release, for instance?
2025-05-27 15:13:39 <@miabbott:fedora.im> fyi, tag expiry docs - https://docs.redhat.com/en/documentation/red_hat_quay/3.14/html-single/about_quay_io/index#setting-tag-expirations-v2-ui
2025-05-27 15:14:18 <@dustymabe:matrix.org> Jason Brooks: i.e the "release day" bootc for F42 - yeah I could see it being an interesting reference point for testing 
2025-05-27 15:15:12 <@dustymabe:matrix.org> I think for Fedora CoreOS the stream model where we only release every 2 weeks makes this a little more manageable. because we only have to keep the production stream builds and not all the nightly builds 
2025-05-27 15:15:48 <@dustymabe:matrix.org> Sorry. That was a bit off topic
2025-05-27 15:15:59 <@walters:fedora.im> Fedora CoreOS has a plethora of disk images though, with OCI layering and deduplication it's a lot cheaper
2025-05-27 15:16:09 <@walters:fedora.im> Fedora CoreOS has a plethora of disk images though, with OCI layering and deduplication it's a lot cheaper for just the bootc container image
2025-05-27 15:16:35 <@dustymabe:matrix.org> I just meant that making a decision about what to keep, was easier 
2025-05-27 15:17:07 <@walters:fedora.im> Anyways I think the main person that'd be nice to have here is Miguel who is working on the buildsystem rework, hopefully he can update next time or async, as we want that to make progress here
2025-05-27 15:17:25 <@jbrooks:matrix.org> We can schedule a deeper dive
2025-05-27 15:17:52 <@miabbott:fedora.im> I'll let him know that he is wanted for more details in an upcoming meeting; this is pretty late for his usual day though
2025-05-27 15:18:11 <@jbrooks:matrix.org> We can do a one-off time
2025-05-27 15:19:16 <@walters:fedora.im> It's ok we can find another time to sync in a smaller group hopefully too
2025-05-27 15:20:21 <@jbrooks:matrix.org> OK, any more on this topic?
2025-05-27 15:20:22 <@jlebon:fedora.im> especially whether there's things others (including me) could do to help. it's amazing really all he's working through
2025-05-27 15:21:53 <@jlebon:fedora.im> Micah Abbott: is the plan to also build f42 in rawhide or only starting from f43?
2025-05-27 15:21:57 <@jlebon:fedora.im> Micah Abbott: is the plan to also build f42 in Konflux or only starting from f43?
2025-05-27 15:23:19 <@miabbott:fedora.im> Jonathan Lebon: i don't know if we have a solid plan for that. 😆
2025-05-27 15:23:19 <@miabbott:fedora.im> 
2025-05-27 15:23:19 <@miabbott:fedora.im> i think with the existing scaffolding in place, we could probably extend the builds to include f42.  something to discuss with miguel, for sure
2025-05-27 15:24:16 <@jlebon:fedora.im> that'd be nice. i'm working on landing the container native path in FCOS and it'd be good if it's not just buildable in rawhide (even though that's where we'll turn it on to start with)
2025-05-27 15:28:23 <@jlebon:fedora.im> just to surface this (i guess docs should be added for it), but it's now possible to extend the list of packages as part of the base image compose: https://gitlab.com/fedora/bootc/base-images/-/merge_requests/178. which just adds a bit of quality of life improvements i think rather than unlocking entirely new features
2025-05-27 15:30:30 <@jlebon:fedora.im> on an unrelated note, how did Edge/IoT deal with the uid/gid drift issue as part of moving to fedora-bootc/rhel-bootc?
2025-05-27 15:30:30 <@jlebon:fedora.im> i know iot-specific manifests were added and i expected to see a separate passwd/group file there but didn't find it
2025-05-27 15:31:38 <@walters:fedora.im> Jonathan Lebon: There wasn't one specific change but probably the biggest is that openvswitch added a ExecStartPre=chown
2025-05-27 15:32:04 <@walters:fedora.im> https://github.com/ovsrobot/ovs/commit/35a4aa68f8ec1015e6d082e9a6a10bdecd87d52b
2025-05-27 15:33:19 <@jlebon:fedora.im> hmm interesting. we do hacks related to this on the OCP side in the node image build. i need to see if that simplifies things there too
2025-05-27 15:33:28 <@jlebon:fedora.im> but the main thing we hitting though in
2025-05-27 15:34:02 <@jlebon:fedora.im> but the main thing we're hitting though in FCOS is that we have a sysusers dropin, which before was added before scriptlets run, but now we add it (manually) after
2025-05-27 15:34:33 <@siosm:matrix.org> we (I) should dust off the moving off nss-altfiles proposal and work on it
2025-05-27 15:34:55 <@jlebon:fedora.im> and that has all sorts of consequences, including changed uids/gids
2025-05-27 15:35:14 <@jlebon:fedora.im> i guess we're out of time. there's a lot of details there; i'll open a new issue i think to discuss
2025-05-27 15:36:09 <@jlebon:fedora.im> but basically here's the hack I came up with for now: https://github.com/jlebon/fedora-coreos-config/blob/1ee6ffd245859b72beb00d76c852f937a1e16cd3/build-rootfs#L75-L81
2025-05-27 15:36:09 <@walters:fedora.im> Moving fully off nss-altfiles would indeed be nice but quite complex. I think https://github.com/bootc-dev/bootc/issues/1263 would likely be the biggest win
2025-05-27 15:37:16 <@walters:fedora.im> But yes indeed over time, so we should probably call this and then continue async.
2025-05-27 15:37:47 <@walters:fedora.im> Thanks all for coming!
2025-05-27 15:37:50 <@walters:fedora.im> !endmeeting