16:30:38 #startmeeting fedora_coreos_meeting 16:30:38 Meeting started Wed Aug 23 16:30:38 2023 UTC. 16:30:38 This meeting is logged and archived in a public location. 16:30:38 The chair is spresti. Information about MeetBot at https://fedoraproject.org/wiki/Zodbot#Meeting_Functions. 16:30:38 Useful Commands: #action #agreed #halp #info #idea #link #topic. 16:30:38 The meeting name has been set to 'fedora_coreos_meeting' 16:31:02 #topic roll call 16:31:32 .hello siosm 16:31:34 travier: siosm 'Timothée Ravier' 16:31:35 .hi 16:31:37 dustymabe: dustymabe 'Dusty Mabe' 16:31:46 .hello marmijo 16:31:47 marmijo: marmijo 'Michael Armijo' 16:31:52 #chair siosm 16:31:52 Current chairs: siosm spresti 16:32:00 #chair dustymabe 16:32:00 Current chairs: dustymabe siosm spresti 16:32:07 .hi 16:32:08 ravanelli: ravanelli 'Renata Ravanelli' 16:32:12 #chair marmijo 16:32:12 Current chairs: dustymabe marmijo siosm spresti 16:32:20 #chair ravanelli 16:32:20 Current chairs: dustymabe marmijo ravanelli siosm spresti 16:32:31 You need to #chair travier, not siosm :) 16:32:38 #chair travier 16:32:38 Current chairs: dustymabe marmijo ravanelli siosm spresti travier 16:32:43 👍 16:32:43 sorry about that lol 16:32:54 all good, that's confusing 😅 16:33:39 .hello2 16:33:40 davdunc: davdunc 'David Duncan' 16:33:49 .hello aaradhak 16:33:50 aaradhak: aaradhak 'Aashish Radhakrishnan' 16:33:56 Ok we have a lot of items on our plate today. So I am going to start kicking us off 16:34:05 #chair aaradhak 16:34:05 Current chairs: aaradhak dustymabe marmijo ravanelli siosm spresti travier 16:34:14 #chair davdunc 16:34:14 Current chairs: aaradhak davdunc dustymabe marmijo ravanelli siosm spresti travier 16:34:25 Which one should we start with? 16:34:29 #topic Action items from last meeting 16:34:33 which one is the most important? 16:34:40 #info there were no action items from last meeting 16:34:50 Uh I figured we could start with the f39 changes 16:35:12 wdyt? 16:35:17 +1 16:35:17 let's do those later 16:35:20 ah ok 16:35:25 Ok 16:35:26 i'm running a script now to update it 16:35:35 #topic ConditionNeedsUpdate= (systemd unit) will never trigger 16:35:35 maybe moby then 16:35:43 that works too :) 16:35:45 #link https://github.com/coreos/fedora-coreos-tracker/issues/1538 16:36:55 I can introduce that 16:37:06 Thank you 16:37:22 The idea is that the ConditionNeedsUpdate= condition in systemd units will never trigger on rpm-ostree base systems 16:37:24 based* 16:38:06 We haven't seen issues from that yet, but it would require more investigation to figure out if this is a issue or simplify something we should document 16:38:19 spoiler: it's not easy to "fix" 16:39:02 if folks are interested in investigating, this would be a good ticket :) 16:39:09 Nothing more to do right now I'd say 16:39:22 is there any way for us to make this work or it's just a fundamental thing with rpm-ostree that won't 16:40:19 I /think/ that there should be options to keep some timestamp but I'm not sure 16:40:46 If I remember correctly, our images used to ship some files with their timestamps from the repo (from overlays) 16:41:21 I wonder if walters has hit this particular problem with ConditionNeedsUpdate= in the past 16:41:27 it has to have come up, right? 16:41:58 Given that we do image based updates and run scripts there, usually we don't have the issues that those conditions work around 16:42:50 take the first one for example: 16:42:55 /usr/lib/systemd/system/ldconfig.service 16:43:33 /etc/ld.so.cache is part of the image, and if you don't modify it, then it's updated alonside image updates 16:43:56 So essentially this service is "unused" on rpm-ostree systems 16:44:27 This is more an issue for user created units that expect this to work from the documentation 16:45:38 Let's move on? 16:46:01 Thank you for the input. Yeah lets switch over. It sounds like further investigation is needed. 16:46:31 Are there any additional steps to get that ball moving? 16:46:52 i.e reaching out to cwalters or updates team? 16:47:23 bringing that to them would be good 16:48:42 #action travier will bring that issue to the rpm-ostree / ostree team 16:48:46 let's move on 16:48:50 Thank you 16:49:01 #topic Ship moby-engine 23.0.x in Fedora CoreOS 16:49:13 ok I added the meeting label to this one. 16:49:21 #link https://github.com/coreos/fedora-coreos-tracker/issues/1476 16:49:36 dustymabe: could you introduce it ? 16:49:53 yep 16:50:30 basically the maintainership of moby was in question about 4-5 months ago. a new group of maintainers took over and got a new build of moby out 16:50:37 but it wasn't fully complete 16:51:06 they did builds - the build for f38 sat in bodhi updates-testing 16:51:11 and won't get promoted 16:51:25 but the rawhide build (which is now part of f39) did make it through because there is no gating 16:51:56 It appears it has most features but some subset is missing 16:52:10 see https://bugzilla.redhat.com/show_bug.cgi?id=2093501#c71 16:52:25 the open question is: what do we do about this? 16:52:51 passively pick up the new moby-engine build let users report issues? 16:52:53 Can we revert back / pin old version? 16:53:27 spresti: we can but it's not great because obviously no one is building that version and it's not getting any updates of any kind 16:53:31 I don't think we should do anything specific here. We pick packages from Fedora as they come. We can help improve them, but we don't have to 16:53:50 travier: normally for most any other package I would agree with you 16:54:08 but I believe one of our two container runtimes might deserve some special consideration 16:54:18 If we pin to an older version then it open a lot of indirect problem, notably that we'll be the only ones using this combinaison of packages 16:54:32 travier: agree. I don't desire to pin to the older version 16:55:06 I think fifofonix already reported some success with the new package - so there is at least some success 16:55:52 I think my proposal is to pick up the new package in the f39 update 16:56:05 reallisticaly, the only options I see are 16:56:05 A) drop moby 16:56:05 B) help with packaging 16:56:05 C) do nothing and ship as is 16:56:06 but... should we warn users? should we say antyhing? 16:56:31 We know that A is not a great option 16:57:06 We can add a note to the update notes / coreos status post that we send for updates. 16:57:15 It will also be in next for a while for users to test 16:57:25 yes. 16:57:45 if they do find "blockers" what do we do about them? 16:59:18 #proposed we will pick up the moby-engine update when our streams transition to Fedora 39. We will add a note to our f39 release communication about the update and any considerations that need to be made. 17:00:32 They submit to Fedora as blockers? 17:00:40 If there are blockers we can attempt to fix them right (depending on severity and difficulty)? 17:01:02 we are an edition, we can suggest them as release blocker, fedora can decide if it blocks the release 17:01:33 We want to be more upstream in Fedora. Let's engage / use the mecanisms that we have there 17:01:43 travier: ehh. we've generally held a slightly different process to fedora's on "release blocking" type stuff 17:02:14 I'm suggesting we move closer to what Fedora does right now 17:02:15 but yes, participating more in that process is desirable 17:02:41 if we really want something to block we'll need to get to work proposing new release criteria 17:02:45 They can't know something is breaking FCOS if we don't report it there 17:03:12 thoughts on current #proposed ? 17:03:18 dustymabe: +1 17:03:21 + 17:03:23 +1 17:03:24 + 17:03:26 +1 17:03:30 +1 17:03:49 #agreed we will pick up the moby-engine update when our streams transition to Fedora 39. We will add a note to our f39 release communication about the update and any considerations that need to be made. 17:04:16 #topic New Package Request: audit 17:04:29 #link https://github.com/coreos/fedora-coreos-tracker/issues/1362 17:05:26 Well it looks like this one has been going on for a while 17:05:42 I've added the meeting label to this one to propose shipping it in F39 17:06:25 We would have to remove the service binary / move it as a recommend and document how to use audit via auditctl commands instead of service ones 17:06:59 EOP 17:07:46 hmm 17:08:43 travier: there had been linked an upstream PR https://github.com/linux-audit/audit-userspace/commit/39802bffbfc62501461c916d9ccf748afdff7d94 17:08:50 that's definitely in Fedora's RPMs now 17:09:44 yes 17:10:07 travier: but the rpm still requires the old initscripts? 17:10:12 package 17:10:14 ? 17:10:17 excepted for the service dependency, it could be added now 17:10:23 the service one only 17:10:28 https://src.fedoraproject.org/rpms/audit/blob/rawhide/f/audit.spec#_20 17:11:48 wow 17:12:01 https://src.fedoraproject.org/rpms/audit/blob/rawhide/f/audit.spec#_152 17:12:28 could the RPM just be modified now to call auditctl instead? 17:13:10 https://github.com/coreos/fedora-coreos-tracker/issues/1362#issuecomment-1690335372 17:13:15 the proposed steps 17:13:27 To make that happen, we need to replace the calls to `service` with the new auditctl commands in: 17:13:27 - https://src.fedoraproject.org/rpms/audit/blob/rawhide/f/audit.spec#_152 17:13:27 - https://src.fedoraproject.org/rpms/audit/blob/rawhide/f/audit.spec#_157 17:13:27 Then move `initscripts-service` to a `Recommends`: 17:13:27 - https://src.fedoraproject.org/rpms/audit/blob/rawhide/f/audit.spec#_19 17:13:27 Then document in Fedora / FCOS how to manage audit with the new `auditctl` command from: 17:13:30 - https://github.com/linux-audit/audit-userspace/commit/39802bffbfc62501461c916d9ccf748afdff7d94 17:13:46 that sounds like a great plan! 17:14:35 honestly the dep on `initscripts-service` is only named for preun and postun - so maybe we don't even need it as a recommend? 17:14:58 There is unfortunately a lot of docs that rely on that command out there 17:15:05 yeah, that's fine 17:15:31 #proposed We'll fix the remaning issues in the audit package and we'll include it in Fedora CoreOS once ready 17:15:39 +1 17:15:43 +1 17:15:52 I had suggested F39 but we can do earlier 17:16:02 no preference 17:16:23 it might be later :) - /me notes some periods of "freeze" coming up 17:16:33 i'll be happy to have this one behind us 17:16:54 We still need 2 more votes >.> 17:17:01 +1 17:17:09 +1 17:17:40 #agreed We'll fix the remaining issues in the audit package and we'll include it in Fedora CoreOS once ready 17:18:17 #topic Handling of default users/groups 17:18:28 this is a long one, let's keep it for another meeting 17:18:43 ok sounds good 17:18:59 Lastly we just have the f39 changes are we up for them? 17:20:02 let's punt - I have something else I need to bring up anyway 17:20:12 I am taking silence as a yes 17:20:17 #topic tracker: Fedora 39 changes considerations 17:20:28 #link https://github.com/coreos/fedora-coreos-tracker/issues/1491 17:21:06 subtopic 220 Clean Systemd-boot installs 17:21:13 I was trying to update the copy in the description, but between talking here and my screen flicker I wasn't able to get around to it 17:21:26 dustymabe: do you want to bring up another topic? 17:22:05 I think we've looked at those already. The issue is not up to date 17:22:09 spresti: i'm sorry - yes let's go to open floor (i'll update the copy for next time) 17:22:20 dustymabe: no worries thank you :) 17:22:29 #topic Open Floor 17:22:47 I wanted to bring up the Fedora 39 test day for FCOS 17:23:21 which we still need to make an issue for (see the checklist item from https://github.com/coreos/fedora-coreos-tracker/issues/1490) 17:23:28 beta is coming out soonish 17:23:46 https://fedorapeople.org/groups/schedule/f-39/f-39-key-tasks.html 17:24:19 I have two questions: 17:24:28 1. does anyone want to volunteer to organize the test day? 17:24:51 2. do we want to try to find a target week for the testing (we can discuss this next week too) 17:25:53 I think we have fairly low attendance today so I would certainly ask next week as well. 17:26:23 yep - can do 17:28:02 Well since it seems fairly silent, I dont know if we have any volunteer's on our hands. 17:28:27 Any other topics? 17:28:37 That's all from me 17:29:08 Well since we are near the end of time. I am going to go ahead and close us out 17:29:14 #endmeeting