2024-08-28 16:26:50 <@ydesouza:fedora.im> !startmeeting fedora_coreos_meeting
2024-08-28 16:26:52 <@meetbot:fedora.im> Meeting started at 2024-08-28 16:26:50 UTC
2024-08-28 16:26:52 <@meetbot:fedora.im> The Meeting name is 'fedora_coreos_meeting'
2024-08-28 16:27:00 <@siosm:matrix.org> !hi
2024-08-28 16:27:02 <@zodbot:fedora.im> Timothée Ravier (siosm) - he / him / his
2024-08-28 16:27:17 <@siosm:matrix.org> we're 5 minutes early so let's give some time for people to join
2024-08-28 16:27:19 <@ydesouza:fedora.im> !topic roll call
2024-08-28 16:27:36 <@ydesouza:fedora.im> Sure! I will be waiting for people to join!
2024-08-28 16:27:40 <@siosm:matrix.org> we're ~5~ 3 minutes early so let's give some time for people to join
2024-08-28 16:27:45 <@jbtrystram:matrix.org> !hi
2024-08-28 16:27:46 <@zodbot:fedora.im> Jean-Baptiste Trystram (jbtrystram) - he / him / his
2024-08-28 16:27:47 <@siosm:matrix.org> we're ~~5~~ 3 minutes early so let's give some time for people to join
2024-08-28 16:28:00 <@siosm:matrix.org> we're 3 minutes early so let's give some time for people to join
2024-08-28 16:28:08 <@hricky:fedora.im> !hi
2024-08-28 16:28:08 <@zodbot:fedora.im> Hristo Marinov (hricky) - he / him / his
2024-08-28 16:29:19 <@jlebon:fedora.im> !hi
2024-08-28 16:29:20 <@zodbot:fedora.im> None (jlebon)
2024-08-28 16:29:41 <@jlebon:fedora.im> note: i will have to drop in half an hour today
2024-08-28 16:31:49 <@dustymabe:matrix.org> !hi
2024-08-28 16:31:54 <@zodbot:fedora.im> Dusty Mabe (dustymabe) - he / him / his
2024-08-28 16:32:11 <@marmijo:fedora.im> !hi
2024-08-28 16:32:11 <@zodbot:fedora.im> Michael Armijo (marmijo)
2024-08-28 16:32:48 <@ydesouza:fedora.im> !topic Action items from last meeting
2024-08-28 16:32:57 <@davdunc:fedora.im> !HI
2024-08-28 16:33:04 <@davdunc:fedora.im> !hi
2024-08-28 16:33:05 <@zodbot:fedora.im> David Duncan (davdunc) - he / him / his
2024-08-28 16:33:46 <@ydesouza:fedora.im> I don't think we have any action items for the last meeting so lets cover the topics from the tracker repository.
2024-08-28 16:34:18 <@ydesouza:fedora.im> !topic New Package Request: pciutils
2024-08-28 16:34:18 <@ydesouza:fedora.im> !link https://github.com/coreos/fedora-coreos-tracker/issues/1778
2024-08-28 16:35:27 <@dustymabe:matrix.org> some prior discussion on this in https://github.com/coreos/fedora-coreos-tracker/issues/628 
2024-08-28 16:36:15 <@jbtrystram:matrix.org> i don't think the person that opened the issue is here today
2024-08-28 16:36:40 <@siosm:matrix.org> So this is about including `lspci` in the base imge
2024-08-28 16:36:48 <@siosm:matrix.org> So this is about including `lspci` in the base image
2024-08-28 16:36:54 <@aaradhak:matrix.org> !hi aaradhak
2024-08-28 16:36:57 <@zodbot:fedora.im> Aashish Radhakrishnan (aaradhak)
2024-08-28 16:39:06 <@dustymabe:matrix.org> i have to admit `lspci` is pretty basic functionality 
2024-08-28 16:39:11 <@dustymabe:matrix.org> IMO
2024-08-28 16:39:21 <@jbtrystram:matrix.org> to summarize the discussion on the issue, lspci works from a privileged container but is very tiny, and could be useful to debug networking issues (which could prevent running said container)
2024-08-28 16:39:31 <@siosm:matrix.org> It feels to me that this would be useful but there isn't a strong case to include it by default
2024-08-28 16:40:30 <@jlebon:fedora.im> no strong opinion either way. probably worth adding
2024-08-28 16:40:48 <@siosm:matrix.org> Looks like Container Linux used to have it: https://github.com/coreos/bugs/issues/2578
2024-08-28 16:42:07 <@siosm:matrix.org> and it looks like it's in Flatcar right now
2024-08-28 16:42:21 <@dustymabe:matrix.org> +1 for inclusion from me
2024-08-28 16:43:19 <@ydesouza:fedora.im> Should we make a voting for this?
2024-08-28 16:43:35 <@siosm:matrix.org> yes!
2024-08-28 16:43:59 <@ydesouza:fedora.im> Looks like would be a nice thing to have in the base image. So +1
2024-08-28 16:44:11 <@hricky:fedora.im> +1
2024-08-28 16:44:12 <@aaradhak:matrix.org> +1 for inclusion
2024-08-28 16:44:31 <@dustymabe:matrix.org> +1
2024-08-28 16:44:37 <@marmijo:fedora.im> +1
2024-08-28 16:45:09 <@siosm:matrix.org> +1
2024-08-28 16:45:33 <@ydesouza:fedora.im> I think we all agree so lets take note on this. 
2024-08-28 16:45:35 <@siosm:matrix.org> It's less than 200KB on the disk
2024-08-28 16:46:47 <@jlebon:fedora.im> +1
2024-08-28 16:47:09 <@ydesouza:fedora.im> !agreed: Include  pciutils  package
2024-08-28 16:47:25 <@ydesouza:fedora.im> !agreed: Include  pciutils  package
2024-08-28 16:47:31 <@jlebon:fedora.im> i think without the colon
2024-08-28 16:47:36 <@dustymabe:matrix.org> 🎉
2024-08-28 16:47:39 <@siosm:matrix.org> no ":"
2024-08-28 16:47:50 <@ydesouza:fedora.im> !agreed  Include  pciutils  package
2024-08-28 16:47:55 <@ydesouza:fedora.im> Nice, thank you :)
2024-08-28 16:48:18 <@ydesouza:fedora.im> Next topic
2024-08-28 16:48:29 <@ydesouza:fedora.im> !topic /boot/efiisunlabeled_t since version 40.20240504.3.0
2024-08-28 16:48:29 <@ydesouza:fedora.im> !link https://github.com/coreos/fedora-coreos-tracker/issues/1771
2024-08-28 16:49:13 <@siosm:matrix.org> With the switch to building our disk images via osbuild, some files are not labeled correctly
2024-08-28 16:50:03 <@siosm:matrix.org> This is silent right now as the SELinux policy has bootupd in permissive mode
2024-08-28 16:50:08 <@siosm:matrix.org> but this will break in F41
2024-08-28 16:50:23 <@siosm:matrix.org> so we need to fix this (and fix existing nodes) before F41
2024-08-28 16:50:39 <@siosm:matrix.org> or on the F41 barrier
2024-08-28 16:51:08 <@jlebon:fedora.im> i wrote a summary in https://github.com/coreos/fedora-coreos-tracker/issues/1771#issuecomment-2305618100
2024-08-28 16:51:21 <@siosm:matrix.org> https://github.com/coreos/fedora-coreos-tracker/issues/1772 is related as well
2024-08-28 16:51:25 <@siosm:matrix.org> !link https://github.com/coreos/fedora-coreos-tracker/issues/1772
2024-08-28 16:51:41 <@jlebon:fedora.im> hmm, it's weird that CI didn't catch this. we do have bootupd tests
2024-08-28 16:52:06 <@jlebon:fedora.im> definitely as part of this, we should check why CI didn't fail and strengthen it as needed
2024-08-28 16:52:23 <@dustymabe:matrix.org> do we catch selinux denials (even permissive ones) in CI? 
2024-08-28 16:52:37 <@jlebon:fedora.im> in f41+ it's not permissive
2024-08-28 16:52:58 <@dustymabe:matrix.org> cc Michael Nguyen 
2024-08-28 16:52:58 <@dustymabe:matrix.org> 
2024-08-28 16:52:58 <@dustymabe:matrix.org> i know at one point we were making progress to having a test for that, but I forget if we ever enabled it or completed it
2024-08-28 16:53:19 <@jlebon:fedora.im> yeah, i filed https://github.com/coreos/coreos-assembler/issues/3837 related to that
2024-08-28 16:56:06 <@dustymabe:matrix.org> so Jonathan Lebon does that cover the "we should check why CI didn't fail and strengthen it as needed" ? 
2024-08-28 16:56:07 <@siosm:matrix.org> So it looks like we are missing something in our osbuild pipeline but I could not see what from a quick look
2024-08-28 16:56:10 <@dustymabe:matrix.org> or are you referring to something else? 
2024-08-28 16:56:44 <@jlebon:fedora.im> dustymabe: something else :)
2024-08-28 16:56:44 <@jlebon:fedora.im> i'm wondering why our bootupd tests didn't fail when it was no longer permissive in rawhide
2024-08-28 16:56:48 <@jlebon:fedora.im> when rawhide was f41
2024-08-28 16:56:55 <@dustymabe:matrix.org> travier: I think achileas hints at it in https://github.com/coreos/fedora-coreos-tracker/issues/1771#issuecomment-2263260317 
2024-08-28 16:57:34 <@dustymabe:matrix.org> how recently did the selinux policy land that made them not permissive?
2024-08-28 16:58:14 <@siosm:matrix.org> https://github.com/fedora-selinux/selinux-policy/commit/0cbc7da8130fd7cf030ab61f68a3eb449a8d6391
2024-08-28 16:58:50 <@siosm:matrix.org> https://github.com/fedora-selinux/selinux-policy/pull/2153
2024-08-28 16:58:55 <@dustymabe:matrix.org> ok, and in f42 bootupd tests are failing? 
2024-08-28 17:00:11 <@siosm:matrix.org> not failing as far as I know
2024-08-28 17:00:37 <@jlebon:fedora.im> right, it hasn't been failing this whole time, including now
2024-08-28 17:01:07 <@jlebon:fedora.im> travier: thanks for linking https://github.com/coreos/fedora-coreos-tracker/issues/1772, i had missed that. seems like we should fix them together
2024-08-28 17:01:13 <@siosm:matrix.org> https://github.com/coreos/fedora-coreos-config/blob/testing-devel/tests/kola/boot/bootupd
2024-08-28 17:01:25 <@siosm:matrix.org> we only have a basic test as far as I can see
2024-08-28 17:01:28 <@dustymabe:matrix.org> ok, then yes.. when we fix this we should make sure we have a test in place that fails when it is not yet fixed first
2024-08-28 17:02:15 <@jlebon:fedora.im> travier: where you saw this, was it `bootupctl status` failing, or actually updating the bootloader?
2024-08-28 17:02:46 <@jlebon:fedora.im> ahhh, https://bugzilla.redhat.com/show_bug.cgi?id=2300306 does a bootloader update, which is probably the determining factor
2024-08-28 17:03:00 <@siosm:matrix.org> in https://github.com/coreos/bootupd/issues/694
2024-08-28 17:03:01 <@jlebon:fedora.im> we don't have a test for that currently
2024-08-28 17:04:18 <@siosm:matrix.org> I'm filling an issue
2024-08-28 17:04:28 <@jlebon:fedora.im> yeah, clearly we should also check that the output of `bootupctl status` makes sense :)
2024-08-28 17:05:20 <@siosm:matrix.org> !link https://github.com/coreos/fedora-coreos-tracker/issues/1788
2024-08-28 17:05:44 <@dustymabe:matrix.org> we run `bootupctl status` in the upgrade test: https://github.com/coreos/fedora-coreos-config/blob/f5ea8ce3c5b2fcc23aca646885ceaae134936e48/tests/kola/upgrade/extended/test.sh#L148 
2024-08-28 17:06:52 <@jlebon:fedora.im> yeah, we run it too in the bootupd test, but only that the command succeeds, not what it prints
2024-08-28 17:08:16 <@jlebon:fedora.im> e.g. in the context this test is run, it would work to add e.g. `| grep $(rpm -q grub)` on applicable arches
2024-08-28 17:08:20 <@siosm:matrix.org> I don't think there is more to discuss about this one. It "just" needs work
2024-08-28 17:08:35 <@ydesouza:fedora.im> Nice, lets go for the next one.
2024-08-28 17:08:59 <@ydesouza:fedora.im> !link https://github.com/coreos/fedora-coreos-tracker/issues/1714
2024-08-28 17:08:59 <@ydesouza:fedora.im>  !topic tracker: Fedora 41 changes considerations
2024-08-28 17:09:25 <@marmijo:fedora.im> I ran the script this morning and there were no new changes
2024-08-28 17:09:57 <@siosm:matrix.org> a few changes are about to be dropped / moved to F42
2024-08-28 17:10:14 <@siosm:matrix.org> !link https://pagure.io/fesco/issue/3264
2024-08-28 17:10:19 <@siosm:matrix.org> but nothing that should impact us
2024-08-28 17:10:40 <@jlebon:fedora.im> we should talk about composefs
2024-08-28 17:10:41 <@dustymabe:matrix.org> have to step away 
2024-08-28 17:11:01 <@ydesouza:fedora.im> See you, Dusty!
2024-08-28 17:11:21 <@jlebon:fedora.im> it's being pulled back for atomic desktops, but i'm hopeful we can land it in f41 for coreos
2024-08-28 17:12:04 <@jlebon:fedora.im> reviewed https://github.com/coreos/fedora-coreos-config/pull/3009 yesterday. it looks sane overall to me
2024-08-28 17:12:49 <@jlebon:fedora.im> does anyone have concerns with trying to land it in f41?
2024-08-28 17:13:53 <@siosm:matrix.org> I've been running Fedora Kinoite with composefs enabled approximately 2 months now without issues. It's not the same as Fedora CoreOS, but close.
2024-08-28 17:14:07 <@siosm:matrix.org> I've been running Fedora Kinoite with composefs enabled for approximately 2 months now without issues. It's not the same as Fedora CoreOS, but close.
2024-08-28 17:14:24 <@jbtrystram:matrix.org> i'll  update this PR and open it agains testing-devel tomorow morning to get a fresh CI run on it
2024-08-28 17:14:48 <@jlebon:fedora.im> travier: that's good to hear. i still need to migrate my silverblue
2024-08-28 17:15:02 <@jbtrystram:matrix.org> we also need to write a bit of documentation on how to turn it off (necessary to the kdump case)
2024-08-28 17:15:12 <@siosm:matrix.org> Jonathan Lebon: Note that is comes with risks for Atomic Desktops
2024-08-28 17:15:23 <@jbtrystram:matrix.org> Jonathan Lebon:  be warry, I had to reinstall my machine ! 
2024-08-28 17:15:27 <@jlebon:fedora.im> jbtrystram: sounds good. update PR, let rawhide CI run to validate, then change PR base to testing-devel
2024-08-28 17:15:51 <@ydesouza:fedora.im> Can we go to the next topic?
2024-08-28 17:15:54 <@siosm:matrix.org> https://gitlab.com/fedora/ostree/sig/-/issues/35#note_1986555833
2024-08-28 17:16:20 <@jlebon:fedora.im> yeah, saw that. thanks!
2024-08-28 17:16:46 <@jlebon:fedora.im> we should definitely be ready to pull it out though if once it hits next there are other issues that can't be fixed in time
2024-08-28 17:17:33 <@ydesouza:fedora.im>  !topic tracker: Rebase onto Fedora 41
2024-08-28 17:17:33 <@ydesouza:fedora.im> !link https://github.com/coreos/fedora-coreos-tracker/issues/1695
2024-08-28 17:18:08 <@siosm:matrix.org> How are we doing on branched?
2024-08-28 17:18:58 <@siosm:matrix.org> looks like https://github.com/coreos/fedora-coreos-tracker/issues/1779 is still an issue
2024-08-28 17:19:30 <@jlebon:fedora.im> i think that has been fixed
2024-08-28 17:19:57 <@marmijo:fedora.im> There hasnt been any response on the BZ that i've seen.
2024-08-28 17:20:13 <@siosm:matrix.org> !link https://bugzilla.redhat.com/show_bug.cgi?id=2305385
2024-08-28 17:21:11 <@jlebon:fedora.im> hmm, but testiso tests are passing in the pipeline?
2024-08-28 17:21:19 <@siosm:matrix.org> I'm a bit disappointed by the "turn everyone off 1 months before the freeze" of the selinux maintainers
2024-08-28 17:21:34 <@siosm:matrix.org> I'm a bit disappointed by the "turn everyone off permissive 1 months before the freeze" of the selinux maintainers
2024-08-28 17:21:41 <@siosm:matrix.org> I'm a bit disappointed by the "turn everyone off permissive 1 months before the freeze" of the SELinux maintainers
2024-08-28 17:21:49 <@jlebon:fedora.im> travier: yeah, i personally feel like a fedora change was needed there
2024-08-28 17:22:08 <@siosm:matrix.org> Feels to me those are prime candidates for a local override that turn them back to permissive until we have the time to investigate
2024-08-28 17:22:13 <@jbtrystram:matrix.org> unrelated: i think we should file GH issues for selinux stuff, as mentionned in https://github.com/fedora-selinux/selinux-policy?tab=readme-ov-file#how-to-report-issues
2024-08-28 17:22:14 <@siosm:matrix.org> there is no security benefits here
2024-08-28 17:22:19 <@jlebon:fedora.im> this flew totally under the radar
2024-08-28 17:22:31 <@marmijo:fedora.im> The affected tests are denylisted in rawhide and branched still. I can try to run them locally to see if they are still failing.
2024-08-28 17:22:31 <@marmijo:fedora.im> > hmm, but testiso tests are passing in the pipeline?
2024-08-28 17:22:31 <@marmijo:fedora.im> 
2024-08-28 17:23:19 <@jlebon:fedora.im> marmijo: oh wow, missed that
2024-08-28 17:23:45 <@siosm:matrix.org> It's far worse if we regress on functionality here for those tests so I think we should do the permissive change asap
2024-08-28 17:24:02 <@jlebon:fedora.im> but hey, at least we're on systemd v256 now. the only fallout so far has been https://github.com/coreos/fedora-coreos-tracker/issues/1786 (which is also selinux-policy related)
2024-08-28 17:24:12 <@marmijo:fedora.im> Sorry about that. Everyone was on PTO when I did it: https://github.com/coreos/fedora-coreos-config/pull/3100
2024-08-28 17:24:24 <@siosm:matrix.org> marmijo: no fault of yours
2024-08-28 17:24:34 <@siosm:matrix.org> I have https://github.com/fedora-selinux/selinux-policy/pull/2257 ready
2024-08-28 17:24:34 <@jlebon:fedora.im> travier: agreed
2024-08-28 17:24:47 <@jbtrystram:matrix.org> @travier how can we turn permissive for certain policy only and not the whole system ?
2024-08-28 17:25:12 <@jbtrystram:matrix.org> ah, it's just there. Thanks
2024-08-28 17:25:22 <@siosm:matrix.org> Jonathan Lebon: recently did it for SCOS: https://github.com/openshift/os/pull/1568
2024-08-28 17:25:28 <@siosm:matrix.org> Jonathan Lebon recently did it for SCOS: https://github.com/openshift/os/pull/1568
2024-08-28 17:26:32 <@jlebon:fedora.im> travier: we can do that, but let's try to reach out to the selinux-policy maintainers first to try to do this the proper way (either fixing the bug, or merging your PR)
2024-08-28 17:26:50 <@siosm:matrix.org> marmijo: could you make a PR with something similar to https://github.com/openshift/os/pull/1568 but for the domains in https://github.com/fedora-selinux/selinux-policy/pull/2257
2024-08-28 17:26:56 <@siosm:matrix.org> marmijo: could you make a PR with something similar to https://github.com/openshift/os/pull/1568 but for the domains in https://github.com/fedora-selinux/selinux-policy/pull/2257 instead?
2024-08-28 17:27:35 <@marmijo:fedora.im> Sure thing! I'll get started on that after the meeting
2024-08-28 17:28:55 <@ydesouza:fedora.im> We have only a few minutes, should we discuss the last topic from the tracker repository or have a quick open floor before finish the meeting?
2024-08-28 17:29:19 <@siosm:matrix.org> let's go to open floor
2024-08-28 17:29:31 <@ydesouza:fedora.im> !topic Open Floor
2024-08-28 17:31:08 <@ydesouza:fedora.im> Well, anyone has anything to say? If not, its already ending time.
2024-08-28 17:31:22 <@siosm:matrix.org> https://github.com/coreos/fedora-coreos-tracker/issues/1553 looks like this one has been fixed but is waiting for an afterburn release
2024-08-28 17:33:11 <@jlebon:fedora.im> looks like https://github.com/coreos/afterburn/issues/1095 was filed, but not yet actioned. Yasmin Valim de Souza is that planned to be done soon?
2024-08-28 17:33:12 <@marmijo:fedora.im> Yup! I think there's a new release issue in the afterburn repo
2024-08-28 17:34:16 <@ydesouza:fedora.im> Yes, it is! 
2024-08-28 17:34:28 <@ydesouza:fedora.im> Thanks, folks!
2024-08-28 17:34:35 <@ydesouza:fedora.im>  !endmeeting #105
2024-08-28 17:35:35 <@jbtrystram:matrix.org> Thanks everyone ! and Thanks Yasmin Valim de Souza  for running :) 
2024-08-28 17:35:48 <@siosm:matrix.org> Thanks all!
2024-08-28 17:36:01 <@siosm:matrix.org> careful, the meeting is not ended
2024-08-28 17:36:03 <@siosm:matrix.org> !endmeeting