17:00:01 <geppetto> #startmeeting fpc
17:00:01 <zodbot> Meeting started Thu Dec  7 17:00:01 2023 UTC.
17:00:01 <zodbot> This meeting is logged and archived in a public location.
17:00:01 <zodbot> The chair is geppetto. Information about MeetBot at https://fedoraproject.org/wiki/Zodbot#Meeting_Functions.
17:00:01 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
17:00:01 <zodbot> The meeting name has been set to 'fpc'
17:00:01 <geppetto> #meetingname fpc
17:00:01 <zodbot> The meeting name has been set to 'fpc'
17:00:01 <geppetto> #topic Roll Call
17:00:18 <tibbs> Hey
17:01:22 <geppetto> #chair tibbs
17:01:22 <zodbot> Current chairs: geppetto tibbs
17:01:24 <geppetto> Hey
17:02:29 <michel-slm> .hello salimma
17:02:30 <zodbot> michel-slm: salimma 'Michel Lind' <michel@michel-slm.name>
17:02:32 <dcavalca> .hi
17:02:33 <zodbot> dcavalca: dcavalca 'Davide Cavalca' <davide@cavalca.name>
17:02:38 * carlwgeorge waves
17:02:52 <geppetto> #chair carlwgeorge
17:02:52 <zodbot> Current chairs: carlwgeorge geppetto tibbs
17:05:46 * dcavalca has a thing to bring up when we have space in the agenda
17:06:16 <tibbs> No reason not to say what it is while we wait to see if we get quorum.
17:06:26 <geppetto> Yeh, no time like the present
17:06:55 <dcavalca> sure, I wanted to ask if we have a policy around numbering sysctl.d dropins that packages install
17:07:05 <dcavalca> and if not discuss coming up with one
17:07:38 <dcavalca> https://www.freedesktop.org/software/systemd/man/latest/sysctl.d.html for context
17:07:49 <tibbs> I don't think we do.  I'm not entirely sure we need one, but if you think so then feel free to open a ticket with a proposal.
17:09:07 <geppetto> dcavalca: Do we need more/different documentation than what is given upstream?
17:09:21 <dcavalca> yeah, I'm not entirely sure either tbh; this came up because folks at work were confused by the fact that dropins in /etc/sysctl.d can get overridden by ones in /usr depending on the naming
17:10:09 <dcavalca> upstream documents how this is supposed to work, but doesn't really set a standard for numbering (say, "dropins from packages should all be numbered and in the <60 range or something like that)
17:10:16 <michel-slm> so basically -- if distros have an explicit preference that /etc should always override /usr, that can be additional weight behind asking upstream devs to change the way this works
17:10:23 <dcavalca> my gut feeling is that this is more distro policy than upstream policy
17:13:30 <geppetto> Don't the overrides work in the same way as systemd etc. … so files of the same name in /etc are used instead of the ones by the same name in /usr … but the configuration can changed based on the sorting order?
17:13:38 * geppetto is far from an expert
17:13:55 <tibbs> Yes, that's how it works.
17:14:41 <dcavalca> that's how it works, but it's ordered lexically
17:14:50 <michel-slm> ah, so you can shadow something in /usr by using exactly the same name
17:15:02 <michel-slm> but apart from shadowing, later named files win
17:15:07 <dcavalca> so if you drop e.g. /usr/lib/sysctl.d/foo.conf, that always wins over any numbered entries (regardless of where they are)
17:15:24 <carlwgeorge> i can see how that would be an issue
17:15:25 <dcavalca> so at the very least, we probably should require packages to drop numbered entries
17:15:42 <michel-slm> nods
17:19:24 <geppetto> I'm not sure I understand … but if you open an issue with a description, that might help. Or esp. if you know where you want to put something then a PR with an example would probably get this fixed quickly.
17:19:28 <tibbs> The thing is, the behavior we would want is that anything the user drops into /etc will always override.
17:19:52 <tibbs> And that behavior is not possible given the way systemd has been designed to work.
17:20:34 <tibbs> So the best we could really do is require that any system sysctl.d files be named so that they sort really early in the sequence.
17:20:56 <dcavalca> from a quick soucegraph query, most packages seem to use numbered entries, but not all
17:21:18 <carlwgeorge> just out of curiosity, can you share that sourcegraph query link
17:21:25 <dcavalca> https://sourcegraph.com/search?q=context:global+repo:^src.fedoraproject.org/+%25{_sysctldir}/|sysctl.d/&patternType=regexp&sm=0&groupBy=repo
17:21:36 <dcavalca> note that this times out quite a bit, so you might need to run it several times
17:21:39 <carlwgeorge> i'm very lightly familiar with it but want to get better at querying
17:22:08 <carlwgeorge> thanks
17:22:16 <michel-slm> yeah for more expensive queries I've had better luck downloading rpm-specs tarball and grepping locally
17:22:29 <geppetto> Wouldn't it be better to require that 99 be added to the prefix of any upstream file that isn't numbered?
17:22:56 <dcavalca> https://src.fedoraproject.org/rpms/ga is an example of one that is dropping an unnumbered entry
17:23:15 <dcavalca> geppetto: yeah, that's an option
17:23:18 <carlwgeorge> my first thought was to construct a repoquery, but yeah grepping through the rpm-specs-latest tarball files would probably be better
17:24:09 <carlwgeorge> while i'm in support of having all package shipped files be numbered for consistency, that doesn't actually solve the underlying problem
17:24:47 <carlwgeorge> you still have to match the name exactly to override, or use a local naming scheme that sorts later than every package file
17:25:01 <carlwgeorge> `/etc/sysctl.d/zzz-mystuff.conf`
17:25:46 <tibbs> As I wrote earlier, all we could do is to require that system-supplied files sort very early.
17:25:47 <dcavalca> yeah, thinking about it there's probably two parts to this: 1) a policy for distro-shipped dropins 2) a recommendation for the user/sysadmin on how to name their overrides
17:26:00 <tibbs> So require them to at least start with '0' or something like that.
17:26:03 <dcavalca> the latter probably belongs in systemd upstream
17:26:10 <dcavalca> the former is something that we can do on the distro side
17:26:32 <tibbs> There's really not much more we could possibly do given the systemd behavior.
17:27:35 <michel-slm> dcavalca: one thing that might be nice to propose to upstream:
17:27:46 <michel-slm> make it possible to implement a policy to filter out rules
17:28:03 <dcavalca> michel-slm: how would you envison that working?
17:28:19 <michel-slm> e.g. "filter out files in /usr that does not start with numbers"
17:28:29 <michel-slm> make it support a regex
17:28:34 <dcavalca> oh I see
17:28:45 <dcavalca> that's an interesting idea
17:29:00 <michel-slm> then distros can just set this if they want and the violating rules will just not be applied, but systemd does not have to implement a policy
17:29:01 <dcavalca> we'd probably want to log a warning or something when skipping entries though
17:29:06 <michel-slm> right
17:31:21 <dcavalca> alright, I think we can follow up with systemd upstream and then put together a proposal for further discussion in a ticket
17:31:26 <dcavalca> thanks folks, this was very helpful
17:32:59 <geppetto> Eh, seems easier to have something check at rpmbuild time and error out if there are any files in /usr that don't start with numbers
17:33:44 <michel-slm> if we can get that in Fedora and thus it bubbles up to CentOS that would be great too
17:35:40 <geppetto> #topic Open Floor
17:35:48 <geppetto> Anything else anyone wants to talk about?
17:38:49 <geppetto> Okay, see you next week.
17:38:51 <geppetto> #endmeeting