2025-03-11 15:00:24 <@jbrooks:matrix.org> !startmeeting fedora_bootc_meeting
2025-03-11 15:00:27 <@meetbot:fedora.im> Meeting started at 2025-03-11 15:00:24 UTC
2025-03-11 15:00:27 <@meetbot:fedora.im> The Meeting name is 'fedora_bootc_meeting'
2025-03-11 15:00:36 <@jbrooks:matrix.org> !topic roll call
2025-03-11 15:00:44 <@rsturla:fedora.im> !hi
2025-03-11 15:00:46 <@zodbot:fedora.im> None (rsturla)
2025-03-11 15:01:00 <@hricky:fedora.im> !hi
2025-03-11 15:01:02 <@zodbot:fedora.im> Hristo Marinov (hricky) - he / him / his
2025-03-11 15:01:04 <@walters:fedora.im> !hi
2025-03-11 15:01:06 <@zodbot:fedora.im> Colin Walters (walters)
2025-03-11 15:01:09 <@jeckersb:fedora.im> !hi
2025-03-11 15:01:12 <@zodbot:fedora.im> John Eckersberg (jeckersb)
2025-03-11 15:01:30 <@mmartinv:matrix.org> !hi
2025-03-11 15:01:34 <@zodbot:fedora.im> Miguel Martin (mmartinv)
2025-03-11 15:01:40 <@sean:thrailkill.cloud> !hi
2025-03-11 15:01:42 <@zodbot:fedora.im> Sean Thrailkill (snthrailkill)
2025-03-11 15:01:49 <@miabbott:fedora.im> !hi
2025-03-11 15:01:50 <@zodbot:fedora.im> Micah Abbott (miabbott)
2025-03-11 15:02:14 <@pwhalen:fedora.im> !hi
2025-03-11 15:02:16 <@zodbot:fedora.im> Paul Whalen (pwhalen)
2025-03-11 15:02:26 <@jlebon:fedora.im> !hi
2025-03-11 15:02:28 <@zodbot:fedora.im> None (jlebon)
2025-03-11 15:02:47 <@jbrooks:matrix.org> How's everyone doing today?
2025-03-11 15:03:20 <@walters:fedora.im> The agenda is https://etherpad.opensuse.org/p/bootc-initiative-meetings and it looks like we have something from mmartinv ?
2025-03-11 15:04:12 <@siosm:matrix.org> !hi
2025-03-11 15:04:28 <@zodbot:fedora.im> Timothée Ravier (siosm) - he / him / his
2025-03-11 15:04:30 <@jbrooks:matrix.org> For topics today, should we continue talking about the local layering issue? Or are there other topics on our minds?
2025-03-11 15:05:28 <@jbrooks:matrix.org> !topic Update from Miguel Martin on building Fedora bootc in the community Konflux cluster
2025-03-11 15:06:51 <@walters:fedora.im> cc gursewak re ⬆️
2025-03-11 15:06:53 <@mmartinv:matrix.org> I have updated the https://gitlab.com/fedora/bootc/base-images/-/merge_requests/70 with the latest proposal
2025-03-11 15:07:55 <@mmartinv:matrix.org> Waiting on https://github.com/konflux-ci/build-definitions/pull/1998 so we can refer the upstream pipeline instead of the patched one
2025-03-11 15:08:26 <@mmartinv:matrix.org> Not sure if it will get accepted though, maybe we need to add the pipeline to the repo
2025-03-11 15:08:42 <@walters:fedora.im> Thanks so much for doing this! A lot to build on top of this, including especially things like keeping this pipeline in sync with what we have for centos stream, etc.
2025-03-11 15:08:50 <@walters:fedora.im> Can we get in sync on the subthread from https://gitlab.com/fedora/bootc/base-images/-/merge_requests/70#note_2385156856 ?
2025-03-11 15:09:49 <@walters:fedora.im> This whole effort started before I did work on the customizable base images; I think my preference here would be to start with the konflux build of what is now `standard` and also `minimal`
2025-03-11 15:11:24 <@walters:fedora.im> This also relates t ohttps://github.com/coreos/fedora-coreos-tracker/issues/1861
2025-03-11 15:11:27 <@walters:fedora.im> *relates to
2025-03-11 15:11:34 <@siosm:matrix.org> It would be good if we could figure out a way to make the build pipeline logs public (I don't have access as far as I can see). But that can happen later.
2025-03-11 15:11:37 <@walters:fedora.im> This also relates to https://github.com/coreos/fedora-coreos-tracker/issues/1861
2025-03-11 15:12:44 <@jlebon:fedora.im> Colin Walters: do you perceive a high cost from building three instead of two?
2025-03-11 15:12:53 <@jlebon:fedora.im> at least for the time being until we have a clearer story around CI
2025-03-11 15:12:58 <@walters:fedora.im> Yeah, the FCOS Jenkins has the same issue still right?; but by "public" you mean "unauthenticated" specifically right? They're available to anyone with a FAS account AFAIK
2025-03-11 15:13:51 <@siosm:matrix.org> I logged in with my FAS and could not access the logs
2025-03-11 15:13:53 <@walters:fedora.im> No, I wouldn't call it a high cost. But it's more a question of priorities and ordering I think
2025-03-11 15:14:10 <@siosm:matrix.org> If I go to koji right now in the Fedora Infra, everything is public
2025-03-11 15:15:14 <@jlebon:fedora.im> it's also not just about packages I would emphasize. any glue code/workarounds/etc... related to the packages in that list can be more easily shared if it's a separate target and not intermingled with e.g. `standard`
2025-03-11 15:15:16 <@siosm:matrix.org> FAS gated would be OK for me, but ideally we should not re-create the Jenkins situation that we have in FCOS, which is mainly because we don't want to expose Jenkins which has a terrible security track record
2025-03-11 15:15:24 <@walters:fedora.im> But I guess to ask directly, since it's not explained in the commit message but I can infer it: was the idea here that Fedora IoT would be `FROM quay.io/fedora/fedora-bootc:tierx` or so? Is there a tracker for that?
2025-03-11 15:15:30 <@jlebon:fedora.im> so it's about maintenance of that package set
2025-03-11 15:16:04 <@mmartinv:matrix.org> travier: you need to create an MR to get permissions granted, see https://gitlab.com/fedora/infrastructure/konflux/tenants-config/-/merge_requests/9/diffs for reference
2025-03-11 15:16:05 <@jlebon:fedora.im> Colin Walters: that was what i expected (and similar for FCOS and Atomic Workstations eventually)
2025-03-11 15:16:15 <@walters:fedora.im> But it is the case currently AFAIK that there are no workarounds for anything not in minimal, right?
2025-03-11 15:16:19 <@siosm:matrix.org> mmartinv: Yes, the idea is that I shouldn't have to do that
2025-03-11 15:17:02 <@jlebon:fedora.im> Colin Walters: currently, yes. but tier-x/minimal-plus ships openssh, NM, rpm-ostree, polkit, and a few other biggies
2025-03-11 15:17:06 <@rsturla:fedora.im> Unless you can use a wildcard the user field to provide all Konflux users access?
2025-03-11 15:17:09 <@jlebon:fedora.im> one can easily imagine things needed for those
2025-03-11 15:17:27 <@miabbott:fedora.im> travier: i think we'd have to ask the Konflux folks if that restriction could be relaxed
2025-03-11 15:17:31 <@rsturla:fedora.im> Unless you can use a wildcard the user field to provide all Konflux users access to a particular ro role?
2025-03-11 15:18:15 <@miabbott:fedora.im> maybe an issue on https://gitlab.com/fedora/infrastructure/konflux
2025-03-11 15:18:30 <@jbrooks:matrix.org> there's https://matrix.to/#/#konflux:fedora.im as well
2025-03-11 15:18:35 <@rsturla:fedora.im> Unless you can use a wildcard the user field to provide all Konflux users access to a particular ro role?
2025-03-11 15:18:35 <@rsturla:fedora.im> Oh, it's Kubernetes native permissions, not something Konflux specific
2025-03-11 15:18:38 <@jlebon:fedora.im> Colin Walters:  anyway, not strongly against not having it to be clear, but it just seems a much cleaner story to me to have an actual image variants build on top
2025-03-11 15:18:51 <@siosm:matrix.org> https://gitlab.com/fedora/infrastructure/konflux/tenants-config/-/issues/3
2025-03-11 15:19:00 <@walters:fedora.im> I put this somewhere but one possible middle ground here is to ship `quay.io/fedora-ci/fedora-bootc-minimal-plus:rawhide` e.g. (note `fedora-ci` i.e. it's "fedora internal")
2025-03-11 15:19:10 <@mmartinv:matrix.org> Yeah, that was the idea, not sure if we have a tracker though, Micah Abbott ?
2025-03-11 15:19:23 <@jlebon:fedora.im> that WFM
2025-03-11 15:19:44 <@jlebon:fedora.im> it seems fine to me if this is only for variants use
2025-03-11 15:19:53 <@walters:fedora.im> I still lean towards trimming down `standard` in the medium term
2025-03-11 15:20:25 <@walters:fedora.im> (Although it's quite complex because some things may need to be added there eventually...like `firewalld`)
2025-03-11 15:20:33 <@miabbott:fedora.im> It probably needs to be updated to reflect reality
2025-03-11 15:20:33 <@miabbott:fedora.im> I think the closest we have is https://github.com/fedora-iot/iot-distro/issues/53
2025-03-11 15:20:33 <@miabbott:fedora.im> 
2025-03-11 15:21:28 <@pwhalen:fedora.im> @micah I'll try to update that this week. 
2025-03-11 15:21:52 <@jbrooks:matrix.org> Let's log some action items on these
2025-03-11 15:24:17 <@miabbott:fedora.im> 
2025-03-11 15:24:17 <@miabbott:fedora.im> ?
2025-03-11 15:24:17 <@miabbott:fedora.im> For actions, i see something like "building quay.io/fedora-ci/fedora-bootc-minimal-plus:rawhide" and "updating https://github.com/fedora-iot/iot-distro/issues/53 with reality"
2025-03-11 15:24:50 <@miabbott:fedora.im> 
2025-03-11 15:24:50 <@miabbott:fedora.im> For actions, i see something like "building quay.io/fedora-ci/fedora-bootc-minimal-plus:rawhide" and "updating https://github.com/fedora-iot/iot-distro/issues/53 with reality"
2025-03-11 15:24:50 <@miabbott:fedora.im> anything else?
2025-03-11 15:24:58 <@jbrooks:matrix.org> !action pwhalen to update https://github.com/fedora-iot/iot-distro/issues/53 to reflect reality
2025-03-11 15:25:15 <@jlebon:fedora.im> quay.io/fedora-ci is not a thing currently. i guess it could be under quay.io/fedora but just not in the main fedora-bootc repo
2025-03-11 15:25:29 <@walters:fedora.im> I edited the description of https://gitlab.com/fedora/bootc/base-images/-/issues/25
2025-03-11 15:25:51 <@walters:fedora.im> Ah sorry I meant https://quay.io/organization/fedoraci which is where ELN is 
2025-03-11 15:26:01 <@walters:fedora.im> https://quay.io/repository/fedoraci/fedora?tab=tags
2025-03-11 15:26:16 <@jlebon:fedora.im> gotcha
2025-03-11 15:26:40 <@walters:fedora.im> Oh or at least it *was*...looks like it moved https://docs.fedoraproject.org/en-US/eln/deliverables/#_container_image
2025-03-11 15:28:23 <@walters:fedora.im> OK so we're hopefully closing in on different projects deriving from bootc base images finally
2025-03-11 15:28:50 <@jbrooks:matrix.org> OK, is there more on this topic?
2025-03-11 15:29:44 <@jbrooks:matrix.org> Do we have other items to discuss today?
2025-03-11 15:30:18 <@jlebon:fedora.im> not sure if i surfaced this in this meeting yet, but i did have a rough PR in https://github.com/coreos/fedora-coreos-config/pull/3348 of rebasing FCOS on top of minimal-plus
2025-03-11 15:30:18 <@jlebon:fedora.im> there's some work needed on the tooling side to enable this
2025-03-11 15:30:39 <@jbrooks:matrix.org> !topic open floor
2025-03-11 15:31:24 <@jbrooks:matrix.org> Is minimal plus the same as tier-x?
2025-03-11 15:31:48 <@jlebon:fedora.im> what you'll notice in that PR that's neat is that there's not much actually going on in the `Containerfile`. we're reusing all the manifests we already have, just applied at container build time
2025-03-11 15:32:02 <@jlebon:fedora.im> Jason Brooks: yeah, that's the proposed new name
2025-03-11 15:32:34 <@jbrooks:matrix.org> That's cool w/ the reused manifests
2025-03-11 15:33:56 <@jbrooks:matrix.org> All right, anything else? Should we draw this episode to a close?
2025-03-11 15:34:37 <@jbrooks:matrix.org> OK, we'll follow up w/ anything else in the bootc room
2025-03-11 15:34:41 <@jbrooks:matrix.org> !endmeeting