From a3eafa6a85e0c39118111e1a9476b5befd047881 Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Tue, 27 Oct 2020 11:41:17 -0400 Subject: [PATCH 001/167] instructions for requesting new packages An initial set of instructions on how to request a new package be added to FCOS. This can be folded into a chooser option for new issues, if desired. Closes #641 --- NEWPACKAGE.md | 19 +++++++++++++++++++ README.md | 11 +++++++++++ 2 files changed, 30 insertions(+) create mode 100644 NEWPACKAGE.md diff --git a/NEWPACKAGE.md b/NEWPACKAGE.md new file mode 100644 index 0000000..ba54c03 --- /dev/null +++ b/NEWPACKAGE.md @@ -0,0 +1,19 @@ +# Request to Include a New Package in Fedora CoreOS + +If you would like to propose the inclusion of a new package into the base +content set of Fedora CoreOS, please open a [new issue](https://github.com/coreos/fedora-coreos-tracker/issues/new) +with the following questions answered. The more detail provided for each +question, the better informed everyone will be. + +Please title the new issue: `Package Request: ` + +1. What, if any, are the additional dependencies on the package? (i.e. does it pull in Python, Perl, etc) +2. What is the size of the package and its dependencies? +3. What problem are you trying to solve with this package? Or what functionality does the package provide? +4. Can the software provided by the package be run from a container? Explain why or why not. +5. Can the tool(s) provided by the package be helpful in debugging container runtime issues? +6. Can the tool(s) provided by the package be helpful in debugging networking issues? +7. Is it possible to layer the package onto the base OS as a day 2 operation? Explain why or why not. +8. In the case of packages providing services and binaries, can the packaging be adjusted to just deliver binaries? +9. Can the tool(s) provided by the package be used to do things we’d rather users not be able to do in FCOS? (e.g. can it be abused as a Turing complete interpreter?) +10. Does the software provided by the package have a history of CVEs? \ No newline at end of file diff --git a/README.md b/README.md index d9068a9..c921936 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,17 @@ Fedora CoreOS is available for general use and no longer in preview. We're continuing to add more platforms and functionality, fix bugs, and write documentation. Please try out Fedora CoreOS and give us feedback! +# Adding Packages to Fedora CoreOS + +We often find people asking for a particular package to be added to the base set of +packages included in Fedora CoreOS. One of the goals of Fedora CoreOS is to +remain as lean as possible, without impacting overall usability for our users. +Thus, new package requests are carefully scrutinized to weigh the benefits and +drawbacks of adding an additional package. + +If you would like to propose the inclusion of a new package in the base set of packages, +please follow the instructions for [requesting a new package](NEWPACKAGE.md). + # Releases See [RELEASES.md](RELEASES.md). From 9a35f5df1076814dacb087bba7178b69567dcd0a Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Wed, 28 Oct 2020 15:55:25 -0400 Subject: [PATCH 002/167] Bug Report + New Package templates (#656) * Bug Report + New Package templates I took a guess at what would be good for the bug report template. The new package template is taken from #655. Co-authored-by: Dusty Mabe --- .github/ISSUE_TEMPLATE/bug-report.md | 30 +++++++++++++++++++ .../ISSUE_TEMPLATE/requesting-new-package.md | 30 +++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug-report.md create mode 100644 .github/ISSUE_TEMPLATE/requesting-new-package.md diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md new file mode 100644 index 0000000..e0e2d3f --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug-report.md @@ -0,0 +1,30 @@ +--- +name: Bug Report +about: Report issues/problems with Fedora CoreOS +title: '' +labels: '' +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. +2. +3. + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**System Details:** + - Bare Metal/QEMU/AWS/GCP/etc + - Fedora CoreOS version + +**Ignition Configuration** +Please attach your FCCT or Ignition configuration used to provision your system. If not using FCCT to generate your Ignition config, does the Ignition config pass validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation)? + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/requesting-new-package.md b/.github/ISSUE_TEMPLATE/requesting-new-package.md new file mode 100644 index 0000000..77ba564 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/requesting-new-package.md @@ -0,0 +1,30 @@ +--- +name: Requesting New Package +about: Request a new package be added to Fedora CoreOS +title: 'New Package Request: ' +labels: '' +assignees: '' + +--- + +Please try to answer the following questions about the package you are requesting: + +1. What, if any, are the additional dependencies on the package? (i.e. does it pull in Python, Perl, etc) + +2. What is the size of the package and its dependencies? + +3. What problem are you trying to solve with this package? Or what functionality does the package provide? + +4. Can the software provided by the package be run from a container? Explain why or why not. + +5. Can the tool(s) provided by the package be helpful in debugging container runtime issues? + +6. Can the tool(s) provided by the package be helpful in debugging networking issues? + +7. Is it possible to layer the package onto the base OS as a day 2 operation? Explain why or why not. + +8. In the case of packages providing services and binaries, can the packaging be adjusted to just deliver binaries? + +9. Can the tool(s) provided by the package be used to do things we’d rather users not be able to do in FCOS? (e.g. can it be abused as a Turing complete interpreter?) + +10. Does the software provided by the package have a history of CVEs? From 80aca9496c97a2f5f7c6be31d1f6ad6ebe229426 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 29 Oct 2020 10:34:54 -0400 Subject: [PATCH 003/167] Clean up issue templates (#658) * templates: textual cleanups * templates: add enhancement template It doesn't really have anything in it, but it'd be good to have an enhancement button in the template picker. * templates: add issue labels * templates: fix typo in legacy template * Drop redundant new package checklist --- .github/ISSUE_TEMPLATE.md | 2 +- .github/ISSUE_TEMPLATE/bug-report.md | 23 +++++++++++-------- .github/ISSUE_TEMPLATE/enhancement.md | 18 +++++++++++++++ ...questing-new-package.md => new-package.md} | 6 ++--- NEWPACKAGE.md | 19 --------------- README.md | 2 +- 6 files changed, 36 insertions(+), 34 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/enhancement.md rename .github/ISSUE_TEMPLATE/{requesting-new-package.md => new-package.md} (91%) delete mode 100644 NEWPACKAGE.md diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index 7e6d2f3..ef46026 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -1,4 +1,4 @@ diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md index e0e2d3f..9460b43 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.md +++ b/.github/ISSUE_TEMPLATE/bug-report.md @@ -1,8 +1,8 @@ --- -name: Bug Report -about: Report issues/problems with Fedora CoreOS +name: Report a bug +about: Report an issue with Fedora CoreOS title: '' -labels: '' +labels: 'kind/bug' assignees: '' --- @@ -10,7 +10,7 @@ assignees: '' **Describe the bug** A clear and concise description of what the bug is. -**To Reproduce** +**Reproduction steps** Steps to reproduce the behavior: 1. 2. @@ -19,12 +19,15 @@ Steps to reproduce the behavior: **Expected behavior** A clear and concise description of what you expected to happen. -**System Details:** - - Bare Metal/QEMU/AWS/GCP/etc +**Actual behavior** +A clear and concise description of what actually happened. + +**System details** + - Bare Metal/QEMU/AWS/GCP/etc. - Fedora CoreOS version -**Ignition Configuration** -Please attach your FCCT or Ignition configuration used to provision your system. If not using FCCT to generate your Ignition config, does the Ignition config pass validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation)? +**Ignition config** +Please attach your FCC or Ignition config used to provision your system. Be sure to sanitize any private data. If not using FCCT to generate your Ignition config, does the Ignition config pass validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation)? -**Additional context** -Add any other context about the problem here. +**Additional information** +Add any other information about the problem here. diff --git a/.github/ISSUE_TEMPLATE/enhancement.md b/.github/ISSUE_TEMPLATE/enhancement.md new file mode 100644 index 0000000..f89404b --- /dev/null +++ b/.github/ISSUE_TEMPLATE/enhancement.md @@ -0,0 +1,18 @@ +--- +name: Request an enhancement +about: Request a new feature in Fedora CoreOS +title: '' +labels: 'kind/enhancement' +assignees: '' + +--- + +**Describe the enhancement** +A clear and concise description of the desired feature. + +**System details** + - Bare Metal/QEMU/AWS/GCP/etc. + - Fedora CoreOS version + +**Additional information** +Add any other information here. diff --git a/.github/ISSUE_TEMPLATE/requesting-new-package.md b/.github/ISSUE_TEMPLATE/new-package.md similarity index 91% rename from .github/ISSUE_TEMPLATE/requesting-new-package.md rename to .github/ISSUE_TEMPLATE/new-package.md index 77ba564..1c2baa3 100644 --- a/.github/ISSUE_TEMPLATE/requesting-new-package.md +++ b/.github/ISSUE_TEMPLATE/new-package.md @@ -1,8 +1,8 @@ --- -name: Requesting New Package -about: Request a new package be added to Fedora CoreOS +name: Request a new package +about: Ask for a new package to be added to Fedora CoreOS title: 'New Package Request: ' -labels: '' +labels: 'kind/enhancement' assignees: '' --- diff --git a/NEWPACKAGE.md b/NEWPACKAGE.md deleted file mode 100644 index ba54c03..0000000 --- a/NEWPACKAGE.md +++ /dev/null @@ -1,19 +0,0 @@ -# Request to Include a New Package in Fedora CoreOS - -If you would like to propose the inclusion of a new package into the base -content set of Fedora CoreOS, please open a [new issue](https://github.com/coreos/fedora-coreos-tracker/issues/new) -with the following questions answered. The more detail provided for each -question, the better informed everyone will be. - -Please title the new issue: `Package Request: ` - -1. What, if any, are the additional dependencies on the package? (i.e. does it pull in Python, Perl, etc) -2. What is the size of the package and its dependencies? -3. What problem are you trying to solve with this package? Or what functionality does the package provide? -4. Can the software provided by the package be run from a container? Explain why or why not. -5. Can the tool(s) provided by the package be helpful in debugging container runtime issues? -6. Can the tool(s) provided by the package be helpful in debugging networking issues? -7. Is it possible to layer the package onto the base OS as a day 2 operation? Explain why or why not. -8. In the case of packages providing services and binaries, can the packaging be adjusted to just deliver binaries? -9. Can the tool(s) provided by the package be used to do things we’d rather users not be able to do in FCOS? (e.g. can it be abused as a Turing complete interpreter?) -10. Does the software provided by the package have a history of CVEs? \ No newline at end of file diff --git a/README.md b/README.md index c921936..568e924 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ Thus, new package requests are carefully scrutinized to weigh the benefits and drawbacks of adding an additional package. If you would like to propose the inclusion of a new package in the base set of packages, -please follow the instructions for [requesting a new package](NEWPACKAGE.md). +please file a [new package request](https://github.com/coreos/fedora-coreos-tracker/issues/new?labels=kind/enhancement&template=new-package.md&title=New+Package+Request%3A+%3Cpackage+name%3E). # Releases From 4a4917ac70e5a6994ab56f56ea1e5042c9f6e931 Mon Sep 17 00:00:00 2001 From: Jason Brooks Date: Wed, 18 Nov 2020 08:37:03 -0800 Subject: [PATCH 004/167] add jbrooks --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 9c3bb8e..7920c12 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -11,3 +11,4 @@ lorbus miabbott nasirhm skunkerk +jbrooks From 5dc8b22654e1da4a79f7b45fc11711f3456c73ea Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 18 Nov 2020 11:39:10 -0500 Subject: [PATCH 005/167] meeting-people: sort --- meeting-people.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index 7920c12..a294159 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -5,10 +5,10 @@ exit 0 darkmuggle davdunc dustymabe +jbrooks jdoss jlebon lorbus miabbott nasirhm skunkerk -jbrooks From eafdd40cad84d51df7e909a2a7be94e5f54718b2 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 18 Nov 2020 19:51:37 -0500 Subject: [PATCH 006/167] templates: add template for requesting a new platform Requestors are unlikely to have all this information up front, but it'd be good to document what information we need and have a centralized place to collect it. --- .github/ISSUE_TEMPLATE/new-platform.md | 32 ++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/new-platform.md diff --git a/.github/ISSUE_TEMPLATE/new-platform.md b/.github/ISSUE_TEMPLATE/new-platform.md new file mode 100644 index 0000000..c484e47 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/new-platform.md @@ -0,0 +1,32 @@ +--- +name: Request a new platform +about: Ask for Fedora CoreOS to support a new cloud environment +title: 'Platform Request: ' +labels: 'area/platforms, kind/enhancement' +assignees: '' + +--- + +In order to implement support for a new cloud platform in Fedora CoreOS, we need to know several things about the platform. Please try to answer as many questions as you can. + +- [ ] Why is the platform important? Who uses it? + +- [ ] What is the official name of the platform? Is there a short name that's commonly used in client API implementations? + +- [ ] How can the OS retrieve instance userdata? What happens if no userdata is provided? + +- [ ] Does the platform provide a way to configure SSH keys for the instance? How can the OS retrieve them? What happens if none are provided? + +- [ ] How can the OS retrieve network configuration? Is DHCP sufficient, or is there some other network-accessible metadata service? + +- [ ] In particular, how can the OS retrieve the system hostname? + +- [ ] Does the platform require the OS to have a specific console configuration? + +- [ ] Is there a mechanism for the OS to report to the platform that it has successfully booted? Is the mechanism required? + +- [ ] Does the platform have an agent that runs inside the instance? Is it required? What does it do? What language is it implemented in, and where is the source code repository? + +- [ ] How are VM images uploaded to the platform and published to other users? Is there an API? What disk image format is expected? + +- [ ] Are there any other platform quirks we should know about? From 101993494092b1c9a920e921568e6942b7cf29ea Mon Sep 17 00:00:00 2001 From: Kelvin Fan Date: Mon, 23 Nov 2020 14:23:07 -0500 Subject: [PATCH 007/167] internals: Document new `coreos-boot-edit.service` --- internals/README-initramfs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md index dd0e28b..2e06768 100644 --- a/internals/README-initramfs.md +++ b/internals/README-initramfs.md @@ -58,7 +58,7 @@ There are multiple services which access the `/boot` partition in the initramfs. - `ignition-setup-user.service`: mounts `/boot` read-only to look for a user Ignition config. This is the first Ignition service to run (in parallel with the `-base` service). - `coreos-copy-firstboot-network.service`: mounts `/boot` read-only to look for NetworkManager keyfiles. This unit runs after Ignition's `ignition-fetch-offline.service` but before networking is optionally brought up as part of `dracut-initqueue.service`. - (on RHCOS) `rhcos-fips.service`: mounts `/boot` read-write to append `fips=1` to the BLS configs and reboot if FIPS mode is requested. This unit runs after `ignition-fetch.service` but before `ignition-disks.service`. -- `coreos-inject-rootmap.service`: mounts `/boot` read-write to append rootmap kargs to the BLS configs. This unit runs near the end of the initrd process, after `ignition-files.service. +- `coreos-boot-edit.service`: mounts `/boot` read-write late in the initramfs process after `ignition-files.service` to make final edits (e.g. remove firstboot networking configuration files if necessary, append rootmap kargs to the BLS configs). # SELinux in the initramfs From b656bdba4069bed90e49e8bebf75e37c08a76983 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 2 Dec 2020 17:16:21 -0500 Subject: [PATCH 008/167] README-initramfs.md: add section about networking This documents the design in #460 with some more implementation details. This came up in discussions today while talking about #689, so let's write it down somewhere so it's easier to reference in the future. Closes: #460 --- internals/README-initramfs.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md index 2e06768..3234475 100644 --- a/internals/README-initramfs.md +++ b/internals/README-initramfs.md @@ -64,6 +64,14 @@ There are multiple services which access the `/boot` partition in the initramfs. SELinux policy is loaded in the real root. This means that every file we create in the initramfs must be relabeled. See this code: https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-relabel +# Networking + +By default, the initramfs does not try to enable networking if it's not needed. This is important in the live ISO case. Software may request networking if they require it. For example, if Ignition detects a config which requires the network, it writes a stamp file at `/run/ignition/neednet` which we then detect and translate into `rd.neednet=1` via `coreos-enable-network.service`. For any other situation in which FCOS needs networking, we should add a triggering condition to that service. In the future if more cases are added, we may provide a cleaner API which does not require continuously expanding this list. + +For more details of the design, see https://github.com/coreos/fedora-coreos-tracker/issues/460. + +Actually configuring the network in the initramfs is discussed in depth in the project [documentation](https://docs.fedoraproject.org/en-US/fedora-coreos/sysconfig-network-configuration/). + # Reprovisioning the root A big recent effort is [reprovisioning the root filesystem](https://github.com/coreos/fedora-coreos-tracker/issues/94). This will make the "subsequent" boot path work differently based on configuration. From 2df81d4032a4139e101db238903671f1ef89cd62 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 12 Jan 2021 21:35:12 +0000 Subject: [PATCH 009/167] metadata: Link to projects/code, also note coreos-assembler Let's make it easier to piece together the awesome Rube Goldberg series of JSON transformations that take a cosa build to a stream. --- metadata/README.md | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/metadata/README.md b/metadata/README.md index f08f5a1..91c84aa 100644 --- a/metadata/README.md +++ b/metadata/README.md @@ -8,13 +8,15 @@ The following types of metadata exist: * updates metadata * release index * release metadata + * coreos-assembler builds ## Stream metadata This document contains details about latest available artifacts, on each stream. * URL: `https://builds.coreos.fedoraproject.org/streams/${stream}.json` - * Usage: consumed by the [getfedora.org download page](https://getfedora.org/en/coreos/download/) + * Usage: Primary entrypoint for users. Documented at https://docs.fedoraproject.org/en-US/fedora-coreos/getting-started/ + and e.g. consumed by the [getfedora.org download page](https://getfedora.org/en/coreos/download/) * (TODO) stream metadata JSON schema * [stream metadata sample][stream-sample] * [comments and rationale][stream-rationale] @@ -22,6 +24,11 @@ This document contains details about latest available artifacts, on each stream. [stream-sample]: ./stream/sample.json [stream-rationale]: ./stream/rationale.yaml +Projects/Code: + + - https://github.com/coreos/stream-metadata-go + - https://github.com/coreos/fedora-coreos-stream-generator/ + ## Updates metadata This document contains details about updates and rollouts, on each stream. @@ -50,6 +57,10 @@ This piece of metadata is meant to list all existing releases, on each stream. [release-index-sample]: ./release-index/sample.json [release-index-specs]: ./release-index/specifications.md +Projects/Code: + + - https://github.com/coreos/coreos-assembler/blob/master/mantle/cmd/plume/release.go + ## Release metadata This document contains details about artifacts belonging to each release. @@ -60,3 +71,13 @@ This document contains details about artifacts belonging to each release. * [release metadata sample][release-sample] [release-sample]: ./release/sample.json + +## CoreOS Assembler builds + +This is the primary artifact of coreos-assembler, which turns +RPMs and our configuration into images and ostree commits. + +Projects: + + - https://github.com/coreos/coreos-assembler + - https://github.com/coreos/fedora-coreos-releng-automation/blob/master/coreos-meta-translator/trans.py From 827734ba36d1047c5b76ddb378722ac4e452bb07 Mon Sep 17 00:00:00 2001 From: Jaime Magiera <39681031+JaimeMagiera@users.noreply.github.com> Date: Wed, 13 Jan 2021 11:34:48 -0500 Subject: [PATCH 010/167] Add PanGoat Add PanGoat --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index a294159..8ca669d 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -12,3 +12,4 @@ lorbus miabbott nasirhm skunkerk +PanGoat From 46f06a77dc7bb8df258b484af25d2974a249e54e Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 13 Jan 2021 13:04:28 -0500 Subject: [PATCH 011/167] meeting-people: sort alphabetically --- meeting-people.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index 8ca669d..7b3f40a 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -11,5 +11,5 @@ jlebon lorbus miabbott nasirhm -skunkerk PanGoat +skunkerk From 493362b0f20b1346e759ad4b46ee295cbc84208d Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Thu, 4 Feb 2021 14:36:53 -0500 Subject: [PATCH 012/167] add minutes from FCOS community sessions During the CoreOS Virtual F2F, we held two sessions open to the community to discuss: - Growing the Fedora CoreOS Community - Making Fedora CoreOS an Official Fedora Edition This captures the HackMD contents from those two sessions. --- docs/20210204_fcos_official_edition.md | 62 ++++++++++++++++++++ docs/20210204_growing_fcos_community.md | 76 +++++++++++++++++++++++++ 2 files changed, 138 insertions(+) create mode 100644 docs/20210204_fcos_official_edition.md create mode 100644 docs/20210204_growing_fcos_community.md diff --git a/docs/20210204_fcos_official_edition.md b/docs/20210204_fcos_official_edition.md new file mode 100644 index 0000000..d53ae88 --- /dev/null +++ b/docs/20210204_fcos_official_edition.md @@ -0,0 +1,62 @@ +# Fedora CoreOS Meetup - Fedora CoreOS as an Official Edition + +Fedora Change : https://fedoraproject.org/wiki/Changes/FedoraCoreOS + +Key concepts : +* There is no Fedora CoreOS 33 or 34, I don't think we want to align with the 6 months release cadence of other Fedora Editions. +* How can we integrate within Fedora's process, keeping our fortnigthly release cycle. + + +General Feedback was how do we integrate with the Fedora process + +Fedora's [Edition promotion policy](https://docs.fedoraproject.org/en-US/council/policy/edition-promotion-policy/) +* Development and how we integrate with Fedora's change proposal process ? (Review, Propose Changes) +* Go/No Go process ? Release Blockers +* Release Criteria ? +* When do we switch streams to the latest Fedora base (F33 -> F34, etc...)? +* How do we coordinate with other teams + * Docs + * Marketing + * Translation + * Magazine + * Web +* How much effort do we want to put into making FCOS an edition ? What are the benefits ? +* Have you asked anyone who has gone through this process if it was useful to them? + +## Notes + +- [miabbott/cverna] Short introduction +- [mattdm] how does "we don't have releases" work with the release blocker process? +- [bgilbert] we ship the stable stream later than major Fedora releases for this reason; may not be desirable in all cases. if there is a blocker that only affects FCOS, we may not want to hold the other releases. +- [mattdm] publicity is a factor of concern here +- [bcotton] user perspective on release day is problematic; "why am i getting older Fedora bits?" +- [walters] we think we can address all these concerns over time. i.e. ubuntu has similar issues with software upater/apt - https://www.reddit.com/r/Ubuntu/comments/aofv57/software_updater_lags_behind_apt/ +- [sumantro] Blocker Bugs for Fedora tracked in BZ; FCOS tracks issues in GH +- [bgilbert] FCOS is an appliance, uses automatic updates. Breaking updates incentivizes users to turn off auto-updates. Streams exist towards this goal. +- [mattdm] automatic updates are a selling point; we should use it to our advantage +- [travier/bcotton/mattdm] +- [jligon] e.g. If I want to remove Docker from FCOS, do I submit a change to FCOS only, Fedora proper, somewhere on GH? +- [mattdm] feels like a self-contained change; would be discussed by stakeholders and publicized appropriately (picked up by LWN, Phoronix, etc) +- [mattdm] FCOS changes being part of existing Fedora change process is desirable +- [walters] bootupd should have been a change request; but sometimes we need to ship something downstream faster than Fedora allows +- [bgilbert] prefer not stacking big changes around major release; easier for change management +- [bcotton] window between self-contained change proposal and GA is only 3months +- [cglombek] there are still usecases where Fedora Server is better suited (firewall, RPM modules, etc) +- [mattdm] FCOS will likely sit alongside Fedora Server for a while +- [walters] I don't think it's a good idea overall to chain FCOS Edition status into Server's edition status +- [mattdm] should develop an async process for ??? +- [cverna] promoting between streams is gated on testing; what does the formalized process look like +- [cglombek] https://github.com/coreos/enhancements that are going to affect the rest of Fedora, we should "upstream" those enhancements to proper Fedora Change Requests. conversely, Fedora Chagne Requests that affect FCOS should get better review by FCOS +- [walters] we could use an arbitrary component in BZ to capture problems for FCOS +- [dmabe] there is an FCOS component, but it directs folks to use GH issue tracker +- [sumantro] get some basic criteria around stream promotion; can't catch everything in CI; https://fedoraproject.org/wiki/Fedora_Release_Criteria +- [walters] A good example of not-CI currently for us is multi-arch +- [bgilbert] our decision process so far has been case-by-case and consensus-driven +- [jlebon] we should be doing more talking/communication on Fedora devel around change requests that affect FCOS +- [jligon] is there a tradeoff where becoming an official top-level edition where some decision making is surrendered? +- [bcotton] there is some latitude for editions for change proposals; there is marketing/UX benefits to be closer to the rest of Fedora. tl;dr - case by case basis +- [travier] our release criteria exists in CI; we do evaluate each update that we ship is safe to use. when issues are found, we have more options to prevent those issues from being released (i.e downgrades, pinned packages, etc) +- [bgilbert] we snapshot bodhi stable that gets promoted into the testing stream; pkgs are not pinned for an extended amount of time. we do more post-processing than most of Fedora. +- [mattdm] it would be beneficial to check in with mindshare team regularly +- **[sumantro] would like to volunteer to be mindshare rep for FCOS** + diff --git a/docs/20210204_growing_fcos_community.md b/docs/20210204_growing_fcos_community.md new file mode 100644 index 0000000..a1a086c --- /dev/null +++ b/docs/20210204_growing_fcos_community.md @@ -0,0 +1,76 @@ +# 20210204_Growing-FCOS-Community + +- Execution + - Stability: we might lose users if we have instability and "manual intervention" + - Availability in more cloud providers + +- Freely available information/resources + - Publishing release notes + - https://github.com/coreos/fedora-coreos-tracker/issues/194 + - More comprehensive documentation + +- Outreach + - Community event coordination + - especially at conferences we don’t normally have representation + - but also making sure we are present at our regular conferences + - Working with more upstream projects that integrate Fedora CoreOS + - Typhoon has picked us up on their own + - Have others tried and had trouble? + - GSoC/Outreachy FCOS projects + +- Staying in the conversation + - More articles/posts about Fedora CoreOS + - Fedora Magazine, opensource.com, personal blogs, etc + - Podcasts, etc.. + - Boosting our Twitter presence + +- Indirect Progress + - Promoting containerized workflows + - Helping to containerize the world + - If it's not easy to run XYZ workflow in containers people can't use FCOS + +## Running Notes + +Recurring Fedora Events: +- Nest with Fedora/Flock to Fedora +- Release Parties (2 per year) +- Fedora Women's Day +- Video Council Meetings +- Social Hours + +Fedora Content outlets: +- Community Blog: https://communityblog.fedoraproject.org/writing-community-blog-article/ +- Fedora Magazine: https://docs.fedoraproject.org/en-US/fedora-magazine/contributing/ +- Fedora Planet: http://fedoraplanet.org/ +- Podcast: https://x3mboy.fedorapeople.org/podcast/ +- Fedora Classroom: https://fedoraproject.org/wiki/Classroom +- Fedora Youtube: https://www.youtube.com/channel/UCnIfca4LPFVn8-FjpPVc1ow + + +Fedora Resources: +- Request swag: https://docs.fedoraproject.org/en-US/mindshare-committee/procedures/swag/ +- HopIn is accessible to Fedora. A formal process is currently being documented by Mindshare. You can request this resource here: https://pagure.io/mindshare/issues +- Community surveys are accessible to Fedora. There is a drop down template in the Mindshare repo for this request. https://pagure.io/mindshare/issues +- IRL Events (someday): https://docs.fedoraproject.org/en-US/mindshare-committee/small-events/ +- Design requests: https://pagure.io/design/issues +- Fedora Badges: https://badges.fedoraproject.org/ + - https://pagure.io/fedora-badges/issues +- How Do You Fedora? interviews: https://fedoramagazine.org/series/how-do-you-fedora/ + + + +[cverna] What is our messaging to other conferences? +[jbrooks] We can produce a slide deck that can be reused/customized for talks/presentation +[walters] Fedora very RPM-centric; would love to push us towards more pure containers +[travier] tried to run Fedora images for containerizing Matrix and hit issues; having trusted container images outside Dockerhub would be great +[cglombek] not producing enough Fedora containers; maintaining containers in Fedora has high requirements (i.e. must be packagers). also facing problem of where to publish community operators in OKD space. +[jbrooks/dmabe] identified a problem that we don't have the applications people want in our sphere of control (i.e don't have trusted containers for all apps). how can we improve the Fedora container story? +[cverna] need to have a better idea of who we are targeting with our content +[mperez] have connections with linux unplugged, can get FCOS discussed there; interested in producing more video content for communities (i.e. https://ceph.io/community/meetings/). working on templates for hosting this style of content. +[mnordin] FCOS has access to all the Fedora community tools above; willing to help move tickets along in various community resources +[sumantro] Fedora Classrooms would be a good outreach point +[sumantro] Adding FCOS to https://whatcanidoforfedora.org/ will be great. +[vipul] A bit different thing: opening a few GSoC/Outreachy projects can also bring a lot of eyes on the project. They are often not the best but it can help and also identify close all gaps in "How can I get started with FCOS" documentation +[dmabe/mperez] measuring stats for MLs, forums, GH tracker may be informative +[mnordin] would recommend starting with a user survey to gather a baseline from where to start from +[mperez] example survey - https://tracker.ceph.com/attachments/download/5323/Ceph%20User%20Survey%202020%20(3).pdf From 2186487dac48338be6f892c69cd0b4cb9b8579ef Mon Sep 17 00:00:00 2001 From: Clement Verna Date: Mon, 8 Feb 2021 13:17:37 +0100 Subject: [PATCH 013/167] Add the recording link for both sessions Signed-off-by: Clement Verna --- docs/20210204_fcos_official_edition.md | 2 ++ docs/20210204_growing_fcos_community.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/docs/20210204_fcos_official_edition.md b/docs/20210204_fcos_official_edition.md index d53ae88..164c423 100644 --- a/docs/20210204_fcos_official_edition.md +++ b/docs/20210204_fcos_official_edition.md @@ -1,5 +1,7 @@ # Fedora CoreOS Meetup - Fedora CoreOS as an Official Edition +recording : https://www.youtube.com/watch?v=t5VAw8NRXNc + Fedora Change : https://fedoraproject.org/wiki/Changes/FedoraCoreOS Key concepts : diff --git a/docs/20210204_growing_fcos_community.md b/docs/20210204_growing_fcos_community.md index a1a086c..4955ff3 100644 --- a/docs/20210204_growing_fcos_community.md +++ b/docs/20210204_growing_fcos_community.md @@ -1,5 +1,7 @@ # 20210204_Growing-FCOS-Community +recording: https://www.youtube.com/watch?v=HSuBWeosAvQ + - Execution - Stability: we might lose users if we have instability and "manual intervention" - Availability in more cloud providers From cf31fb09921428e6a7cae43c9c937799d6e8570d Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 18 Mar 2021 10:30:19 -0400 Subject: [PATCH 014/167] internals/initramfs: add more details about networking This was missing the bit about how Afterburn fits into the picture. --- internals/README-initramfs.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md index 3234475..ebc2d64 100644 --- a/internals/README-initramfs.md +++ b/internals/README-initramfs.md @@ -68,9 +68,9 @@ SELinux policy is loaded in the real root. This means that every file we create By default, the initramfs does not try to enable networking if it's not needed. This is important in the live ISO case. Software may request networking if they require it. For example, if Ignition detects a config which requires the network, it writes a stamp file at `/run/ignition/neednet` which we then detect and translate into `rd.neednet=1` via `coreos-enable-network.service`. For any other situation in which FCOS needs networking, we should add a triggering condition to that service. In the future if more cases are added, we may provide a cleaner API which does not require continuously expanding this list. -For more details of the design, see https://github.com/coreos/fedora-coreos-tracker/issues/460. +Network *enablement* is separate from network *configuration*. Afterburn handles rendering of network kernel arguments via [`afterburn-network-kargs.service`](https://github.com/coreos/afterburn/blob/7835d7cd316668e9dcddfa16d2f8f8b3fcbcdd2e/dracut/30afterburn/afterburn-network-kargs.service). On some platforms, it may use a backchannel to fetch the network kargs. By default, it will use `AFTERBURN_NETWORK_KARGS_DEFAULT`, which is defined in [the fedora-coreos-config repo](https://github.com/coreos/fedora-coreos-config/blob/10ebedac9628273a738872bdcac730bdb0bf1385/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf) to be `ip=dhcp,dhcp6`. -Actually configuring the network in the initramfs is discussed in depth in the project [documentation](https://docs.fedoraproject.org/en-US/fedora-coreos/sysconfig-network-configuration/). +For more details of the design, see https://github.com/coreos/fedora-coreos-tracker/issues/460 as well as the project [documentation](https://docs.fedoraproject.org/en-US/fedora-coreos/sysconfig-network-configuration/). # Reprovisioning the root From e631565e1c7a021b47742e7b46cddb657a036f5c Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 25 Mar 2021 19:03:33 +0000 Subject: [PATCH 015/167] docs/ci-and-builds.md: Overview of CI and FCOS pipeline Trying to migrate content from https://github.com/coreos/fedora-coreos-tracker/issues/764 which is a proposal into a "how it works" that we can maintain over time. --- docs/ci-and-builds.md | 65 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 docs/ci-and-builds.md diff --git a/docs/ci-and-builds.md b/docs/ci-and-builds.md new file mode 100644 index 0000000..a14cec4 --- /dev/null +++ b/docs/ci-and-builds.md @@ -0,0 +1,65 @@ +# CoreOS CI+build systems overview + +Fedora CoreOS is tied/related to 3 major things: + + - Upstream git repositores like github.com/coreos/ignition, github.com/coreos/rpm-ostree, github.com/coreos/fedora-coreos-config, etc. + - Actual releases of Fedora CoreOS via [the pipeline](https://github.com/coreos/fedora-coreos-pipeline) + - Downstream [RHEL CoreOS](https://github.com/openshift/os) + +## Infrastructure + +- Github (specifically [the coreos namespace](https://github.com/coreos/)) +- [quay.io](https://quay.io), specifically the [coreos-assembler](https://quay.io/coreos/coreos-assembler) namespace +- [CoreOS CI Jenkins](https://github.com/coreos/coreos-ci) +- [Fedora infrastructure](https://fedoraproject.org/wiki/Infrastructure) +- [OpenShift Prow](https://docs.ci.openshift.org/) + +--- + +## Upstream CI + +Most active repositories in the `coreos/` project are hooked up to at least one of 3 CI systems, being CoreOS CI Jenkins, Github Actions, or OpenShift Prow. These 3 are the ones we are focusing on. + +### CoreOS CI Jenkins + +It is what we use on various repositories, and is how FCOS is released today via [the pipeline](https://github.com/coreos/fedora-coreos-pipeline). +We have a lot of institutional knowledge around this and it gives us a place where we can easily control the end-to-end interactions. Jenkins is a well understood tool. + +This is deployed in [CentOS CI](https://wiki.centos.org/QaWiki/CI) which is a bare metal OpenShift cluster where nested virt is enabled. + +Also of key relevance is the [coreos-ci-lib](https://github.com/coreos/coreos-ci-lib) repository. + +### OpenShift Prow + +Prow is heavily oriented towards testing OpenShift *container* components. However, as of recently we enabled nested virt on the `build02` GCP cluster, which means we can create "container native" flows that still test the OS with [coreos-assembler](https://github.com/coreos/coreos-assembler/). + +A specific reason to include Prow is that it contains tight integration with OpenShift which we need for RHCOS, and it is also maintained and staffed by a team that e.g. also contains a budget and secrets for running infrastructure in public clouds. + +Examples can be found in the [openshift/release coreos/ folder](https://github.com/openshift/release/tree/master/ci-operator/config/coreos). + +### GitHub Actions + +Free for small scale, nice to use. This is a good option for per-repository specific things that don't need centralization. + +A good use case is e.g. validating rustfmt. + +Examples: + + - https://github.com/coreos/rpm-ostree/blob/master/.github/workflows/rust-lints.yml + +--- + +## quay.io/coreos-assembler namespace + +A key aspect of Fedora CoreOS as well as RHEL CoreOS is [coreos-assembler](https://github.com/coreos/coreos-assembler). As of today, we build it in quay.io and deliver it that way in the `quay.io/coreos-assembler` namespace. The list of administrators for this namespace is managed independently of anything else. If you think you need administrator access, file a ticket or ask on #fedora-coreos IRC. + +### The buildroot container: quay.io/coreos-assembler/fcos-buildroot:testing-devel + +Since [this pull request](https://github.com/coreos/fedora-coreos-config/pull/740), there is also a FCOS-oriented "buildroot" container that can be used in all CI systems. + +## Fedora Infrastructure + +Maintained by a distinct team. FCOS and our container images include most content derived from Koji/Bodhi etc. + +It would potentially make sense to have some of our containers built in Fedora too, such as coreos-assembler. That would give us e.g. multi-arch. But that is not being pursued currently. + From b1673bfc90a96d72d504a82101200d84c40371ad Mon Sep 17 00:00:00 2001 From: Jaime Magiera <39681031+JaimeMagiera@users.noreply.github.com> Date: Wed, 7 Apr 2021 14:34:09 -0400 Subject: [PATCH 016/167] switched to jaimelm --- meeting-people.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index 7b3f40a..ccd26e3 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -5,11 +5,11 @@ exit 0 darkmuggle davdunc dustymabe +jaimelm jbrooks jdoss jlebon lorbus miabbott nasirhm -PanGoat skunkerk From c1d51bcf2d0ee4923dd17bc5865f10dfce6c4924 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 26 Apr 2021 16:50:22 -0400 Subject: [PATCH 017/167] Design: some updates based on practice Let's delete some content and fixup some wording based on what we've been doing rather than what we planned to do in the past. --- Design.md | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/Design.md b/Design.md index 194bafb..abd535b 100644 --- a/Design.md +++ b/Design.md @@ -46,9 +46,7 @@ Fedora CoreOS will have several refs for use on production machines. At any giv - `testing`: Periodic snapshot of the current Fedora release plus Bodhi `updates`. - `stable`: Promotion of a `testing` release, including any needed fixes. -- `next`: - 1. After Bodhi is enabled for the upcoming Fedora release, tracks that release; before then, tracks `testing`. - 2. After the upcoming kernel release has reached rc6 and before it goes final, tracks the rawhide kernel. After the kernel goes final and before it is included in the tracked Fedora release, tracks the kernel from Bodhi `updates-testing`. +- `next`: The `next` stream represents the future. It will often be used to experiment with new features and also test out rebases of our platform on top of the next major version of Fedora. All of these refs will be unversioned, in the sense that their names will not include the current Fedora major version. The stream cadences are not contractual, but will initially have two weeks between releases. The stream maintenance policies are also not contractual and may evolve from those described above, but changes will preserve the use cases and intended stability of each stream. @@ -67,17 +65,14 @@ There will also be some additional unversioned refs for the convenience of Fedor - `rawhide`: Nightly snapshot of rawhide. - `branched`: Nightly snapshot of the upcoming Fedora release after it is branched. -- `bodhi-updates`: Nightly snapshot of Bodhi `updates` for the Fedora release currently tracked by `testing`. -- `bodhi-updates-testing`: Nightly snapshot of Bodhi `updates-testing` for the Fedora release currently tracked by `testing`. ### Out-of-Cycle Releases Due to the promotion structure described above, `stable` can contain packages that are as much as four weeks out of date. Sometimes, however, there will be an important bugfix or security fix that cannot wait a month to reach `stable` (or two weeks to reach `next` or `testing`). In that case, the fix will be incorporated into out-of-cycle releases on affected streams. These releases will not affect the regular promotion schedules; for example, a fix might sit in `testing` for only a few days before it is promoted to `stable`. -A fix can take one of two forms: +If a fix is important enough for an out-of-cycle `stable` release, other affected release streams should be updated as well. -1. An updated package taken directly from Fedora -2. A minimal fix applied to the package version already present in the affected stream +In some cases it may make sense to apply a fix to `testing` but not issue an out-of-cycle release, allowing the fix to be picked up automatically when `testing` promotes to `stable`. We'll need infrastructure for both approaches, and the ability to choose between them on a case-by-case basis. Option 1 is cleaner and easier, but may not always be safe. Option 2 is especially useful for the kernel, where we'll want to fix individual bugs without pushing an entire stable kernel update directly to the `stable` stream. From 152989e30052208cd658d57fc9833dcc6e80f44e Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 26 Apr 2021 16:52:56 -0400 Subject: [PATCH 018/167] Design: major version rebasing strategy Add some details about how we approaching Fedora major version rebases. Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/785 --- Design.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/Design.md b/Design.md index abd535b..4b86d8a 100644 --- a/Design.md +++ b/Design.md @@ -46,7 +46,7 @@ Fedora CoreOS will have several refs for use on production machines. At any giv - `testing`: Periodic snapshot of the current Fedora release plus Bodhi `updates`. - `stable`: Promotion of a `testing` release, including any needed fixes. -- `next`: The `next` stream represents the future. It will often be used to experiment with new features and also test out rebases of our platform on top of the next major version of Fedora. +- `next`: The `next` stream represents the future. It will often be used to experiment with new features and also test out rebases of our platform on top of the next major version of Fedora. See [Major Fedora Version Rebases](#major-fedora-version-rebases) for more info. All of these refs will be unversioned, in the sense that their names will not include the current Fedora major version. The stream cadences are not contractual, but will initially have two weeks between releases. The stream maintenance policies are also not contractual and may evolve from those described above, but changes will preserve the use cases and intended stability of each stream. @@ -74,11 +74,19 @@ If a fix is important enough for an out-of-cycle `stable` release, other affecte In some cases it may make sense to apply a fix to `testing` but not issue an out-of-cycle release, allowing the fix to be picked up automatically when `testing` promotes to `stable`. -We'll need infrastructure for both approaches, and the ability to choose between them on a case-by-case basis. Option 1 is cleaner and easier, but may not always be safe. Option 2 is especially useful for the kernel, where we'll want to fix individual bugs without pushing an entire stable kernel update directly to the `stable` stream. +### Major Fedora Version Rebases -If a fix is important enough for an out-of-cycle `stable` release, other affected release streams should be updated as well. +The release process integrates with Fedora's release milestones in the following ways: -In some cases it may make sense to apply a fix to `testing` but not issue an out-of-cycle release, allowing the fix to be picked up automatically when `testing` promotes to `stable`. +- Fedora Beta Release + - The `next` stream is switched over to the new release. +- Fedora Final Freeze + - The `next` stream switches to weekly releases to closely track the GA content set. +- Fedora General Availability + - Fedora CoreOS re-orients its release schedule in the following way: + - Week 0 (GA release): triple release;`next` with latest Fedora N content + - Week 1: triple release; `testing` release promoted from previous `next` + - Week 3: triple release; `stable` release promoted from previous `testing`, now fully rebased to Fedora N. `next` and `testing` are now in sync. ### Deprecation From 1abb0bfa7d99875deae080038a072082cd8ac843 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 29 Apr 2021 01:21:59 -0400 Subject: [PATCH 019/167] templates: add checklist for rebasing to a new version of Fedora Based on https://github.com/coreos/fedora-coreos-config/blob/da55a2e50c2d/README.md#moving-to-a-new-major-version-n-of-fedora --- .github/ISSUE_TEMPLATE/rebase.md | 69 ++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/rebase.md diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md new file mode 100644 index 0000000..5ad0637 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -0,0 +1,69 @@ +# Rebase to a new version of Fedora (N) + +## Release engineering changes + +- [ ] Verify that a few tags have been created. These should have been created by releng scripts on branching: + +- `f${releasever}-coreos-signing-pending` +- `f${releasever}-coreos-continuous` + +- [ ] The tag info for the coreos-pool tag has the new release (N) and next release (N+1) signing keys (just to stay ahead of the curve) and removes the old release (N-2) signing key. The following commands view the current settings and then update the list to 32/33/34 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). + +- `koji taginfo coreos-pool` +- `koji edit-tag coreos-pool -x tag2distrepo.keys="12c944d0 9570ff31 45719a39"` + +- [ ] `koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 31 key and untags them. + +``` +f31key=3c3359c4 +key=$f31key +untaglist='' +for build in $(koji list-tagged --quiet coreos-pool | cut -f1 -d' '); do + if koji buildinfo $build | grep $key 1>/dev/null; then + untaglist+="${build} " + echo "Adding $build to untag list" + fi +done + +# After verifying the list looks good: +# - koji untag-build coreos-pool $untaglist +``` + +## coreos-installer changes + +- [ ] Update coreos-installer to know about the signing key used for the future new major version of Fedora (N+1). Note that the signing keys for N+1 may not be created until releng branches and rawhide becomes N+1. + +## Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `next-devel` + +- [ ] Bump `releasever` in `manifest.yaml` +- [ ] Update the repos in `manifest.yaml` if needed +- [ ] Run `cosa fetch --update-lockfile` +- [ ] PR the result + +## Ship rebased `next` + +- [ ] Ship `next` +- [ ] Set a new update barrier for N-2 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). + +## Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` + +- [ ] Bump `releasever` in `manifest.yaml` +- [ ] Update the repos in `manifest.yaml` if needed +- [ ] Run `cosa fetch --update-lockfile` +- [ ] Bump the base Fedora version in `ci/buildroot/Dockerfile` +- [ ] PR the result + +## Ship rebased `testing` + +- [ ] Ship `testing` +- [ ] Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). + +## Ship rebased `stable` + +- [ ] Ship `stable` +- [ ] Set a new update barrier for N-2 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). + +## Miscellaneous container updates + +- [ ] Rebase the coreos-assembler Dockerfile onto the new release +- [ ] Rebase the coreos-installer Dockerfile onto the new release From 9c7571e3695887ab8db6f52d6afa4ae2f90a7126 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Thu, 29 Apr 2021 14:28:20 -0400 Subject: [PATCH 020/167] Extra instructions for removing builds from coreos-pool --- .github/ISSUE_TEMPLATE/rebase.md | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 5ad0637..5bf2f24 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -12,11 +12,13 @@ - `koji taginfo coreos-pool` - `koji edit-tag coreos-pool -x tag2distrepo.keys="12c944d0 9570ff31 45719a39"` -- [ ] `koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 31 key and untags them. +- [ ] `koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 32 key and untags them. + +Find the key short hash. Usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2). Then: ``` -f31key=3c3359c4 -key=$f31key +f32key=12c944d0 +key=$f32key untaglist='' for build in $(koji list-tagged --quiet coreos-pool | cut -f1 -d' '); do if koji buildinfo $build | grep $key 1>/dev/null; then @@ -24,10 +26,25 @@ for build in $(koji list-tagged --quiet coreos-pool | cut -f1 -d' '); do echo "Adding $build to untag list" fi done +``` + +Now we have a list of builds to untag. But we need one more sanity check. Let's make sure none of those are actually being used. Fire up the latest FCOS `testing-devel` and run: + +``` +f32key=12c944d0 +key=$f32key +rpm -qai | grep -B 8 $key +``` + +If there are any RPMs signed by the old key they'll need to be investigated. Maybe they shouldn't be used any longer. Or maybe they're still needed. + +After verifying the list looks good: -# After verifying the list looks good: -# - koji untag-build coreos-pool $untaglist ``` +koji untag-build coreos-pool $untaglist +``` + +Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit. ## coreos-installer changes From 9bef81d012e59d325e45e33913a29e599d3f82fb Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 29 Apr 2021 15:24:59 -0400 Subject: [PATCH 021/167] templates: create sub-list for pool untagging --- .github/ISSUE_TEMPLATE/rebase.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 5bf2f24..6d48d68 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -12,9 +12,11 @@ - `koji taginfo coreos-pool` - `koji edit-tag coreos-pool -x tag2distrepo.keys="12c944d0 9570ff31 45719a39"` -- [ ] `koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 32 key and untags them. +### Untag old packages -Find the key short hash. Usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2). Then: +`koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 32 key and untags them. Use this process: + +- [ ] Find the key short hash. Usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2). Then: ``` f32key=12c944d0 @@ -28,7 +30,7 @@ for build in $(koji list-tagged --quiet coreos-pool | cut -f1 -d' '); do done ``` -Now we have a list of builds to untag. But we need one more sanity check. Let's make sure none of those are actually being used. Fire up the latest FCOS `testing-devel` and run: +- [ ] Now we have a list of builds to untag. But we need one more sanity check. Let's make sure none of those are actually being used. Fire up the latest FCOS `testing-devel` and run: ``` f32key=12c944d0 @@ -38,13 +40,13 @@ rpm -qai | grep -B 8 $key If there are any RPMs signed by the old key they'll need to be investigated. Maybe they shouldn't be used any longer. Or maybe they're still needed. -After verifying the list looks good: +- [ ] After verifying the list looks good: ``` koji untag-build coreos-pool $untaglist ``` -Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit. +- [ ] Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit. ## coreos-installer changes From 43c43c823b30ff7fb8f2ac07057cd49f089f7e73 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 29 Apr 2021 15:25:25 -0400 Subject: [PATCH 022/167] templates: skip update barriers for now https://github.com/coreos/fedora-coreos-tracker/issues/749#issuecomment-781449178 --- .github/ISSUE_TEMPLATE/rebase.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 6d48d68..6a6c5a7 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -62,7 +62,7 @@ koji untag-build coreos-pool $untaglist ## Ship rebased `next` - [ ] Ship `next` -- [ ] Set a new update barrier for N-2 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). +- ~Set a new update barrier for N-2 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629).~ _(Skip for now, see https://github.com/coreos/fedora-coreos-tracker/issues/749#issuecomment-781449178)_ ## Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` @@ -75,12 +75,12 @@ koji untag-build coreos-pool $untaglist ## Ship rebased `testing` - [ ] Ship `testing` -- [ ] Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). +- ~Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/).~ ## Ship rebased `stable` - [ ] Ship `stable` -- [ ] Set a new update barrier for N-2 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). +- ~Set a new update barrier for N-2 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/).~ ## Miscellaneous container updates From 714e32d67bd79fcdb79d3bf9b5c5998668250671 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 20 Jan 2021 20:22:16 +0000 Subject: [PATCH 023/167] metadata: Update example stream data to latest stable (including uncompressed-sha256) See https://github.com/coreos/stream-metadata-go/pull/11 This demonstrates that we now have `uncompressed-sha256`. --- metadata/stream/rationale.yaml | 17 +- metadata/stream/sample.json | 405 +++++++++++++++++++++++---------- 2 files changed, 302 insertions(+), 120 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index d2b7518..d354a38 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -22,7 +22,7 @@ architectures: location: https://artifacts.example.com/dsB2fnzP7KhqzQ5a.vmdk.xz signature: https://artifacts.example.com/dsB2fnzP7KhqzQ5a.vmdk.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - # Could also include artifact size/uncompressed-size/uncompressed-sha256 from meta.json + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 azure: release: 30.1.2.3 formats: @@ -31,6 +31,7 @@ architectures: location: https://artifacts.example.com/aeng0xah6vaaVosh.vdi.xz signature: https://artifacts.example.com/aeng0xah6vaaVosh.vdi.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 digitalocean: release: 30.1.2.3 formats: @@ -39,6 +40,7 @@ architectures: location: https://artifacts.example.com/ichaloomuHax9ahR.raw.xz signature: https://artifacts.example.com/ichaloomuHax9ahR.raw.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 gcp: release: 30.1.2.3 formats: @@ -47,6 +49,7 @@ architectures: location: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz signature: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 metal: release: 30.1.2.3 formats: @@ -55,34 +58,41 @@ architectures: location: https://artifacts.example.com/xTqYJZKCPNvoNs6B.raw.xz signature: https://artifacts.example.com/xTqYJZKCPNvoNs6B.raw.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 iso: disk: location: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso signature: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 pxe: kernel: location: https://artifacts.example.com/hkIj8FkCydT3lV9h signature: https://artifacts.example.com/hkIj8FkCydT3lV9h.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 initramfs: location: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz signature: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 "installer.iso": disk: location: https://artifacts.example.com/KwKye6YW4SIIPrhY.iso signature: https://artifacts.example.com/KwKye6YW4SIIPrhY.iso.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 installer-pxe: kernel: location: https://artifacts.example.com/EtqI0KsLIwZOHlCx signature: https://artifacts.example.com/EtqI0KsLIwZOHlCx.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 initramfs: location: https://artifacts.example.com/EhoS1x66RVA2k8y6.cpio.gz signature: https://artifacts.example.com/EhoS1x66RVA2k8y6.cpio.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 openstack: release: 30.1.2.3 formats: @@ -91,6 +101,7 @@ architectures: location: https://artifacts.example.com/oKooheogobofai8l.qcow.xz signature: https://artifacts.example.com/oKooheogobofai8l.qcow.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 packet: release: 30.1.2.3 formats: @@ -99,6 +110,7 @@ architectures: location: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz signature: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 qemu: release: 30.1.2.3 formats: @@ -107,6 +119,7 @@ architectures: location: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow.xz signature: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 virtualbox: release: 30.1.2.3 formats: @@ -115,6 +128,7 @@ architectures: location: https://artifacts.example.com/yohsh2haiquaeYah.ova signature: https://artifacts.example.com/yohsh2haiquaeYah.ova.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 vmware: release: 30.1.2.3 formats: @@ -123,6 +137,7 @@ architectures: location: https://artifacts.example.com/quohgh8ei0uzaD5a.ova signature: https://artifacts.example.com/quohgh8ei0uzaD5a.ova.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 images: # Cloud images to be launched directly by users. These are in a diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index d1a2b41..5c1bc8e 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -1,125 +1,292 @@ { - "stream": "testing", - "metadata": { - "last-modified": "2019-09-06T16:01:35Z" - }, - "architectures": { - "x86_64": { - "artifacts": { - "aws": { - "release": "30.20190905.0", - "formats": { - "vmdk.xz": { - "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-aws.vmdk.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-aws.vmdk.xz.sig", - "sha256": "561c9011718e8524978160ebff50842ec91f9fdec2a26b93e258715d2e6c825b" - } - } - } - }, - "metal": { - "release": "30.20190905.0", - "formats": { - "installer-pxe": { - "kernel": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer-kernel", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer-kernel.sig", - "sha256": "db1a31d08b41bad712311d64436c51ea44ea8620f2044c23ff80b25caeb42b2c" - }, - "initramfs": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer-initramfs.img", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer-initramfs.img.sig", - "sha256": "ccb84e9ad2d6e49192f63edf05b2888f0006c8f561ba2e139774437b24536605" - } - }, - "installer.iso": { - "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer.iso", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-installer.iso.sig", - "sha256": "838d38a733aaac4f53304bde19889008366da5316619ee4f47b46dd82c512437" - } + "stream": "stable", + "metadata": { + "last-modified": "2021-04-28T13:46:31Z" + }, + "architectures": { + "x86_64": { + "artifacts": { + "aliyun": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-aliyun.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-aliyun.x86_64.qcow2.xz.sig", + "sha256": "35e80ce08915e58459537b46e75236f4eec7c2974933d9a32de6922fbce84eea", + "uncompressed-sha256": "e23666a4e8c15bb80d2cbe2eff254037df0052d486c3841892c50025d40547a7" + } + } + } + }, + "aws": { + "release": "33.20210412.3.0", + "formats": { + "vmdk.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-aws.x86_64.vmdk.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-aws.x86_64.vmdk.xz.sig", + "sha256": "2dc2bd028edd52213c9a3a2ecc818307c2c5a0a13165747cbfeead4b8391e25b", + "uncompressed-sha256": "cc7f0061511bb9949e81aa4d8678ad8eed2b0a3ced956fa64b851502be7dfbbd" + } + } + } + }, + "azure": { + "release": "33.20210412.3.0", + "formats": { + "vhd.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-azure.x86_64.vhd.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-azure.x86_64.vhd.xz.sig", + "sha256": "9eaa0504ba6c33bd5baf21335ada861b5e01e8628ba40bc04050a436b3626a05", + "uncompressed-sha256": "2593ac3d4e152fbbde9d7a5b1f0f69746a807148e1dbf64aa4f657da170dcece" + } + } + } + }, + "digitalocean": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.gz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-digitalocean.x86_64.qcow2.gz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-digitalocean.x86_64.qcow2.gz.sig", + "sha256": "2b0c7a697005f00bd99edd2c3bae80f258287843de6dc4e5d79b6ec1b6afb863" + } + } + } + }, + "exoscale": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-exoscale.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-exoscale.x86_64.qcow2.xz.sig", + "sha256": "4acb935fb4ef51c971172f4c71c81ba5fdf659aaad25be6fee83b83a6387cc32", + "uncompressed-sha256": "459ace6388d56fc90281de7ee97dd4cc4cfa61143a894d24d3cf0ccf235ff07e" + } + } + } + }, + "gcp": { + "release": "33.20210412.3.0", + "formats": { + "tar.gz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-gcp.x86_64.tar.gz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-gcp.x86_64.tar.gz.sig", + "sha256": "76fcc10bbba4517678217a81f95095702e83dc8ed3a2bc2d10062de214b55396" + } + } + } + }, + "ibmcloud": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-ibmcloud.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-ibmcloud.x86_64.qcow2.xz.sig", + "sha256": "aa1db0898fb88aae956343b99ca70975bd821050f274a79f63d18a2e2a489e26", + "uncompressed-sha256": "cd7d5b979e15336e4c9b44f25cf86927fe4780b5775c2d02fe4f71827d820d4c" + } + } + } + }, + "metal": { + "release": "33.20210412.3.0", + "formats": { + "4k.raw.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-metal4k.x86_64.raw.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-metal4k.x86_64.raw.xz.sig", + "sha256": "c99e07bbdcb72615830985ddd1d63ab21779b874248952f15fd937ade5593c1c", + "uncompressed-sha256": "8d6508b36095b78c6d306b0857a4a6272f5c25515a5c2f591f434290d63d88e1" + } + }, + "iso": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-live.x86_64.iso", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-live.x86_64.iso.sig", + "sha256": "97b7aed0086509c2187a4a9f91199aba7c430a5f9aface4e7b06cbcc664a0b4d" + } + }, + "pxe": { + "kernel": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-live-kernel-x86_64", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-live-kernel-x86_64.sig", + "sha256": "28314d6a50610dd342684d6edd19f386b8b8ee150f924775d81408be1987c3d8" + }, + "initramfs": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-live-initramfs.x86_64.img", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-live-initramfs.x86_64.img.sig", + "sha256": "5c7c0cc0a8c5d7a1894599ea1d1f5311a1cba0c8530decf9481d7e6cfc1873b7" + }, + "rootfs": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-live-rootfs.x86_64.img", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-live-rootfs.x86_64.img.sig", + "sha256": "50e63eddc657b24b86d53fbc267441d5e7e7c43eaac58ad9998dadd6141dc0b6" + } + }, + "raw.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-metal.x86_64.raw.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-metal.x86_64.raw.xz.sig", + "sha256": "6d18380dad77b8670767bb082bb6f55ae4381b2b1d4a7405d8a9cdb6e6678263", + "uncompressed-sha256": "c8335d11257d33f7c68ce9720fd35ce0dfd008695348b58c7882d504eed974ed" + } + } + } + }, + "openstack": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-openstack.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-openstack.x86_64.qcow2.xz.sig", + "sha256": "2270ae870cb036d650bb496c94c3fc815126daaa6bebf5b43c348da00e788dab", + "uncompressed-sha256": "5c7e9e072ed6adc4f70ee78deaf5bde76426afcc35f620dad31d8b3eb697e16d" + } + } + } + }, + "qemu": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-qemu.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-qemu.x86_64.qcow2.xz.sig", + "sha256": "8dce159f743c777fe9c429648e8a16928b55d0c1bc8e599a82ba71870fdc5e5a", + "uncompressed-sha256": "a21be448bb0ceee7a373cae232c4cadd979c3db844521d3c10888e42c405c684" + } + } + } + }, + "vmware": { + "release": "33.20210412.3.0", + "formats": { + "ova": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-vmware.x86_64.ova", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-vmware.x86_64.ova.sig", + "sha256": "0a6c622006e2a13444fc1145970b8a54f52901817165c74b9d265d8ccfc9135d" + } + } + } + }, + "vultr": { + "release": "33.20210412.3.0", + "formats": { + "raw.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-vultr.x86_64.raw.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-vultr.x86_64.raw.xz.sig", + "sha256": "6c6a42c8399881e1ecb0ba088b389b4e20a394dacc3dab91f221fe18e5006557", + "uncompressed-sha256": "835f97b63f18031f0eb830ee8766c6be8fec1e52f689156e761a92cd3573f4bb" + } + } + } + } }, - "raw.xz": { - "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-metal.raw.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-metal.raw.xz.sig", - "sha256": "018c0d5d2f9310608aea5fa4e62e6b22ed8df874fd13ecadc39db16e4706edd8" - } - } - } - }, - "openstack": { - "release": "30.20190905.0", - "formats": { - "qcow2.xz": { - "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-openstack.qcow2.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-openstack.qcow2.xz.sig", - "sha256": "7b6608f03bcf98f41494c0a71fa518256798065c2516ff757e6bdd766f870ede" - } - } - } - }, - "azure": { - "release": "30.20190905.0", - "formats": { - "vhd.xz": { - "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azure.vhd.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azure.vhd.xz.sig", - "sha256": "4bb0e1595f66f344c1cc084e163c4352235b2accf3a1385b9eb4b3e4ca5b1d24" - } - } - } - }, - "aliyun": { - "release": "30.20190905.0", - "formats": { - "qcow2.xz": { - "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aliyun.qcow2.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aliyun.qcow2.xz.sig", - "sha256": "8f1492f1e9e94ec3f3ecef188c4a2da52348c4b830f6365181bd03e1d969f161" - } - } - } - }, - "qemu": { - "release": "30.20190905.0", - "formats": { - "qcow2.xz": { - "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-qemu.qcow2.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-qemu.qcow2.xz.sig", - "sha256": "ed5a960dde75ed25607765eaf3f4988110424e2293fad4731332b6496eadbaed" - } - } - } - }, - "vmware": { - "release": "30.20190905.0", - "formats": { - "ova": { - "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-vmware.ova", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190905.0/x86_64/fedora-coreos-30.20190905.0-vmware.ova.sig", - "sha256": "1f9af0eecdbbab216576143970826bef7de308298a94cd723b47be30288ad0a1" - } - } - } - } - }, - "images": { - "aws": { - "regions": { - "us-east-1": { - "release": "30.20190905.0", - "image": "ami-0cdf885a13ed855fc" + "images": { + "aws": { + "regions": { + "af-south-1": { + "release": "33.20210412.3.0", + "image": "ami-09d422b66ac91ab2a" + }, + "ap-east-1": { + "release": "33.20210412.3.0", + "image": "ami-05fdddb8ebfcdbbbd" + }, + "ap-northeast-1": { + "release": "33.20210412.3.0", + "image": "ami-0ecf122c9a4ec0c2f" + }, + "ap-northeast-2": { + "release": "33.20210412.3.0", + "image": "ami-08fd2b5b39b93b5ff" + }, + "ap-northeast-3": { + "release": "33.20210412.3.0", + "image": "ami-023a068f639e4d9dc" + }, + "ap-south-1": { + "release": "33.20210412.3.0", + "image": "ami-0bc108bb69dab2855" + }, + "ap-southeast-1": { + "release": "33.20210412.3.0", + "image": "ami-025fce39a4b9582a8" + }, + "ap-southeast-2": { + "release": "33.20210412.3.0", + "image": "ami-09186d20538071e92" + }, + "ca-central-1": { + "release": "33.20210412.3.0", + "image": "ami-0a186cd7e55176be2" + }, + "eu-central-1": { + "release": "33.20210412.3.0", + "image": "ami-06a0c31e4cba0c54d" + }, + "eu-north-1": { + "release": "33.20210412.3.0", + "image": "ami-01f6afff2c77bc11c" + }, + "eu-south-1": { + "release": "33.20210412.3.0", + "image": "ami-083a448ad9aff02c2" + }, + "eu-west-1": { + "release": "33.20210412.3.0", + "image": "ami-05b16c9ca91b37d57" + }, + "eu-west-2": { + "release": "33.20210412.3.0", + "image": "ami-0a5a690659a4e53bb" + }, + "eu-west-3": { + "release": "33.20210412.3.0", + "image": "ami-0ca82f640eae28513" + }, + "me-south-1": { + "release": "33.20210412.3.0", + "image": "ami-0f4a9bb1ea0c84082" + }, + "sa-east-1": { + "release": "33.20210412.3.0", + "image": "ami-0194168b04da77dfa" + }, + "us-east-1": { + "release": "33.20210412.3.0", + "image": "ami-09e2e5104f310ffb5" + }, + "us-east-2": { + "release": "33.20210412.3.0", + "image": "ami-02e593ebdf420390c" + }, + "us-west-1": { + "release": "33.20210412.3.0", + "image": "ami-0cb601c6edd617238" + }, + "us-west-2": { + "release": "33.20210412.3.0", + "image": "ami-0fcfe7120a4492fb9" + } + } + }, + "gcp": { + "project": "fedora-coreos-cloud", + "family": "fedora-coreos-stable", + "name": "fedora-coreos-33-20210412-3-0-gcp-x86-64" + } } - } } - } } - } } From 88511a68dba342b13f613224f287f6efff1d3454 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 29 Apr 2021 17:37:45 -0400 Subject: [PATCH 024/167] stream/rationale: fix format name for DigitalOcean --- metadata/stream/rationale.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index d354a38..73e7e84 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -35,10 +35,10 @@ architectures: digitalocean: release: 30.1.2.3 formats: - "raw.xz": + "raw.gz": disk: - location: https://artifacts.example.com/ichaloomuHax9ahR.raw.xz - signature: https://artifacts.example.com/ichaloomuHax9ahR.raw.xz.sig + location: https://artifacts.example.com/ichaloomuHax9ahR.raw.gz + signature: https://artifacts.example.com/ichaloomuHax9ahR.raw.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 gcp: From 997493a48cb3821fbec045c9854a52df0597dc32 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 29 Apr 2021 17:40:03 -0400 Subject: [PATCH 025/167] stream/rationale: drop invalid image formats We've never shipped installer images or VirtualBox images. --- metadata/stream/rationale.yaml | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 73e7e84..432b298 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -76,23 +76,6 @@ architectures: signature: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 - "installer.iso": - disk: - location: https://artifacts.example.com/KwKye6YW4SIIPrhY.iso - signature: https://artifacts.example.com/KwKye6YW4SIIPrhY.iso.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 - installer-pxe: - kernel: - location: https://artifacts.example.com/EtqI0KsLIwZOHlCx - signature: https://artifacts.example.com/EtqI0KsLIwZOHlCx.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 - initramfs: - location: https://artifacts.example.com/EhoS1x66RVA2k8y6.cpio.gz - signature: https://artifacts.example.com/EhoS1x66RVA2k8y6.cpio.gz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 openstack: release: 30.1.2.3 formats: @@ -120,15 +103,6 @@ architectures: signature: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 - virtualbox: - release: 30.1.2.3 - formats: - ova: - disk: - location: https://artifacts.example.com/yohsh2haiquaeYah.ova - signature: https://artifacts.example.com/yohsh2haiquaeYah.ova.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 vmware: release: 30.1.2.3 formats: From c6d25e4746efa24ef4bf6ae1fbeed5a97ad98b73 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 29 Apr 2021 17:41:22 -0400 Subject: [PATCH 026/167] stream/rationale: drop uncompressed-sha256 for non-xz artifacts The ISO and PXE images shouldn't have it, and the .gz images currently don't. --- metadata/stream/rationale.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 432b298..e04ded9 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -40,7 +40,6 @@ architectures: location: https://artifacts.example.com/ichaloomuHax9ahR.raw.gz signature: https://artifacts.example.com/ichaloomuHax9ahR.raw.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 gcp: release: 30.1.2.3 formats: @@ -49,7 +48,6 @@ architectures: location: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz signature: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 metal: release: 30.1.2.3 formats: @@ -64,18 +62,15 @@ architectures: location: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso signature: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 pxe: kernel: location: https://artifacts.example.com/hkIj8FkCydT3lV9h signature: https://artifacts.example.com/hkIj8FkCydT3lV9h.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 initramfs: location: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz signature: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 openstack: release: 30.1.2.3 formats: @@ -111,7 +106,6 @@ architectures: location: https://artifacts.example.com/quohgh8ei0uzaD5a.ova signature: https://artifacts.example.com/quohgh8ei0uzaD5a.ova.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 images: # Cloud images to be launched directly by users. These are in a From 4efb24b1276693c508c74c44188e083e801dc401 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 29 Apr 2021 17:42:01 -0400 Subject: [PATCH 027/167] stream/rationale: add rootfs image; fix up initramfs filename --- metadata/stream/rationale.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index e04ded9..bf3b850 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -68,8 +68,12 @@ architectures: signature: https://artifacts.example.com/hkIj8FkCydT3lV9h.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 initramfs: - location: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz - signature: https://artifacts.example.com/a9ytS8yB4cGZpca1.cpio.gz.sig + location: https://artifacts.example.com/a9ytS8yB4cGZpca1.img + signature: https://artifacts.example.com/a9ytS8yB4cGZpca1.img.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + rootfs: + location: https://artifacts.example.com/Seb8em4QU9p6wEFr.img + signature: https://artifacts.example.com/Seb8em4QU9p6wEFr.img.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 openstack: release: 30.1.2.3 From 5f8c79a8c16b6409059d9d4a2d1bc43a1e9926ec Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 30 Apr 2021 14:15:06 -0400 Subject: [PATCH 028/167] stream/rationale: re-add digitalocean uncompressed-sha256 It's added by https://github.com/coreos/coreos-assembler/pull/2144. --- metadata/stream/rationale.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index bf3b850..d7b739a 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -40,6 +40,7 @@ architectures: location: https://artifacts.example.com/ichaloomuHax9ahR.raw.gz signature: https://artifacts.example.com/ichaloomuHax9ahR.raw.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 gcp: release: 30.1.2.3 formats: From d86810adb0acb11e025556a0fa2377809cbfff4a Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 30 Apr 2021 14:16:34 -0400 Subject: [PATCH 029/167] stream/rationale: fix digitalocean artifact format --- metadata/stream/rationale.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index d7b739a..c08bf5c 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -35,10 +35,10 @@ architectures: digitalocean: release: 30.1.2.3 formats: - "raw.gz": + "qcow2.gz": disk: - location: https://artifacts.example.com/ichaloomuHax9ahR.raw.gz - signature: https://artifacts.example.com/ichaloomuHax9ahR.raw.gz.sig + location: https://artifacts.example.com/ichaloomuHax9ahR.qcow2.gz + signature: https://artifacts.example.com/ichaloomuHax9ahR.qcow2.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 gcp: From e18de2c4890c6aa29ad52fbd817a7d9715eaeaef Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 5 May 2021 14:36:09 -0400 Subject: [PATCH 030/167] Updates for master -> main branch renamings --- PRD.txt | 2 +- README.md | 4 ++-- docs/ci-and-builds.md | 4 ++-- internals/README-initramfs.md | 4 ++-- meeting-people.txt | 2 +- metadata/README.md | 4 ++-- stream-tooling.md | 4 ++-- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/PRD.txt b/PRD.txt index 7bcce17..1cd5a63 100644 --- a/PRD.txt +++ b/PRD.txt @@ -1,4 +1,4 @@ -The source for this document lives at https://github.com/coreos/fedora-coreos-tracker/blob/master/PRD.txt +The source for this document lives at https://github.com/coreos/fedora-coreos-tracker/blob/main/PRD.txt The rendered document lives on the Fedora wiki at https://fedoraproject.org/wiki/CoreOS/PRD diff --git a/README.md b/README.md index 568e924..8e39203 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ Currently, meetings are at `16:30 UTC` on Wednesdays. ## Steps to run the meeting - `cd` to a local checkout of this repo and `git pull` -- Ping [meeting people](https://github.com/coreos/fedora-coreos-tracker/blob/master/meeting-people.txt) in `#fedora-coreos` on freenode +- Ping [meeting people](https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt) in `#fedora-coreos` on freenode - `bash meeting-people.txt` - copy lines of output and paste into `#fedora-coreos` channel - Navigate to `#fedora-meeting-1` on freenode @@ -159,4 +159,4 @@ Working days: non-holiday weekdays. Relevant holidays are the national holidays # Working Group Members and Points of Contact -Please see [meeting-people.txt](https://github.com/coreos/fedora-coreos-tracker/blob/master/meeting-people.txt). +Please see [meeting-people.txt](https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt). diff --git a/docs/ci-and-builds.md b/docs/ci-and-builds.md index a14cec4..e06f704 100644 --- a/docs/ci-and-builds.md +++ b/docs/ci-and-builds.md @@ -35,7 +35,7 @@ Prow is heavily oriented towards testing OpenShift *container* components. Howe A specific reason to include Prow is that it contains tight integration with OpenShift which we need for RHCOS, and it is also maintained and staffed by a team that e.g. also contains a budget and secrets for running infrastructure in public clouds. -Examples can be found in the [openshift/release coreos/ folder](https://github.com/openshift/release/tree/master/ci-operator/config/coreos). +Examples can be found in the [openshift/release coreos/ folder](https://github.com/openshift/release/tree/main/ci-operator/config/coreos). ### GitHub Actions @@ -45,7 +45,7 @@ A good use case is e.g. validating rustfmt. Examples: - - https://github.com/coreos/rpm-ostree/blob/master/.github/workflows/rust-lints.yml + - https://github.com/coreos/rpm-ostree/blob/main/.github/workflows/rust-lints.yml --- diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md index ebc2d64..70ce6f8 100644 --- a/internals/README-initramfs.md +++ b/internals/README-initramfs.md @@ -17,8 +17,8 @@ We use [dracut](https://github.com/dracutdevs/dracut/) the same as a number of o Modern systemd has a very clean design for both the initramfs and the real boot. See the ["man bootup"](https://www.freedesktop.org/software/systemd/man/bootup.html) documentation. The software involved implements these abstract `.target` units. There are 3 important pieces of software involved in the initramfs: -- [30ignition](https://github.com/coreos/ignition/tree/master/dracut/30ignition) (Part of Ignition) -- [ostree-prepare-root](https://github.com/ostreedev/ostree/blob/master/src/switchroot/ostree-prepare-root.c) (Part of OSTree) +- [30ignition](https://github.com/coreos/ignition/tree/main/dracut/30ignition) (Part of Ignition) +- [ostree-prepare-root](https://github.com/ostreedev/ostree/blob/main/src/switchroot/ostree-prepare-root.c) (Part of OSTree) - [40ignition-ostree dracut module](https://github.com/coreos/fedora-coreos-config/tree/testing-devel/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree) (fedora-coreos-config) Note that Ignition and OSTree are both independent projects consumed by other distributions in addition to Fedora CoreOS. This means that we want to support using each independently. The `40ignition-ostree` dracut module *ties those two together* - it's the place where you will find systemd units that have direct ordering relationship around the two projects. diff --git a/meeting-people.txt b/meeting-people.txt index ccd26e3..09b6cda 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -1,5 +1,5 @@ # List of people to ping before the Fedora CoreOS community meetings -tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #fedora-meeting-1' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/master/meeting-people.txt" +tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #fedora-meeting-1' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt" exit 0 darkmuggle diff --git a/metadata/README.md b/metadata/README.md index 91c84aa..495495d 100644 --- a/metadata/README.md +++ b/metadata/README.md @@ -59,7 +59,7 @@ This piece of metadata is meant to list all existing releases, on each stream. Projects/Code: - - https://github.com/coreos/coreos-assembler/blob/master/mantle/cmd/plume/release.go + - https://github.com/coreos/coreos-assembler/blob/main/mantle/cmd/plume/release.go ## Release metadata @@ -80,4 +80,4 @@ RPMs and our configuration into images and ostree commits. Projects: - https://github.com/coreos/coreos-assembler - - https://github.com/coreos/fedora-coreos-releng-automation/blob/master/coreos-meta-translator/trans.py + - https://github.com/coreos/fedora-coreos-releng-automation/blob/main/coreos-meta-translator/trans.py diff --git a/stream-tooling.md b/stream-tooling.md index 0e5fe92..c0e1a06 100644 --- a/stream-tooling.md +++ b/stream-tooling.md @@ -22,7 +22,7 @@ We need a way to both (1) fix the content set for a particular stream release, a ## Current tools at our disposal - git -- rpm-ostree treefiles: manifest fed to rpm-ostree that contains the list of packages to use during a compose. [Example](https://github.com/coreos/fedora-coreos-config/blob/master/fedora-coreos-base.yaml). +- rpm-ostree treefiles: manifest fed to rpm-ostree that contains the list of packages to use during a compose. [Example](https://github.com/coreos/fedora-coreos-config/blob/main/fedora-coreos-base.yaml). - rpm-ostree treefile locks: [pending rpm-ostree patch]( https://github.com/projectatomic/rpm-ostree/pull/1745) adding "lockfile" functionality similar to Cargo.lock/Gopkg.lock. This essentially means that the rpm-ostree compose is guaranteed to use specific package versions (or fail) as described in the lockfile. (To be clear, all of the below could probably be done without a lock file, since the treefile supports fully specifying the NEVRA, but having a separate lockfile allows for more sophisticated tooling and a cleaner treefile.) - Koji tags: a way to track packages built in Koji. Koji is capable of creating yum repos from such tags. RPM builds may be "tagged" in so that the next repo regeneration includes it. - [dist-git](http://src.fedoraproject.org/): git where RPM spec files are kept and Koji builds source from. @@ -50,7 +50,7 @@ There is also a second Koji tag, `coreos-release`, for packages which have been ### How will the package list be maintained? -We maintain a git repository containing the rpm-ostree treefile and lockfiles. This could be [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config). We have one branch for each stream, and no master branch. +We maintain a git repository containing the rpm-ostree treefile and lockfiles. This could be [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config). We have one branch for each stream, and no main branch. For the mechanical streams, a nightly job will run the compose from the corresponding yum repos and SCM refs. This job will output a lockfile for each CPU architecture. Those lockfiles will be committed to Git to preserve a record of the build's contents, and the builds will be pushed to the corresponding ostree refs. The {bodhi-updates, branched} lockfile will also be PR'd to the {testing-devel, next-devel} branch, the latter only during the part of the cycle where next-devel is maintained. We want to keep the development branches ready to release, so those PRs are not merged unless green. From 57d2a2f0ae930a1c7500e04c1e2b13387d98d90d Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 7 May 2021 14:07:12 -0400 Subject: [PATCH 031/167] stream/rationale: re-add gcp uncompressed-sha256 It's added by https://github.com/coreos/coreos-assembler/pull/2158. --- metadata/stream/rationale.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index c08bf5c..9452850 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -49,6 +49,7 @@ architectures: location: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz signature: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 metal: release: 30.1.2.3 formats: From d81fa8d95f6974919175580587edb7554ad520f6 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 12 May 2021 16:26:26 -0400 Subject: [PATCH 032/167] internals: Talk about ignition.platform.id I want to link to this from https://github.com/cgwalters/coreos-diskimage-rehydrator --- internals/README-internals.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/internals/README-internals.md b/internals/README-internals.md index 8045364..eb697e8 100644 --- a/internals/README-internals.md +++ b/internals/README-internals.md @@ -40,3 +40,31 @@ See also DHCP propagation: https://github.com/coreos/fedora-coreos-config/pull/4 See [this pull request](https://github.com/coreos/coreos-assembler/pull/768/commits/2701e91838e18d3eac0694fd0a5f003befcfb218) which added `/sysroot/.coreos-aleph-version.json` that can be used to track the version of that data. +# ignition.platform.id + +The design we have today is that each CoreOS system is the same OS content - the same OSTree commit, +and beyond that the exact same bootloader version, etc. + +There are differences per platform on the image formats (VHD versus qcow2 vs raw, etc). However, +what's *inside* the disk image for each platform is almost the same. + +A key difference between each image is the `ignition.platform.id` kernel argument. From the +moment the system boots and the kernel loads the initramfs, our userspace code uses this +to reliably know its target platform. As could be guessed from the name, [https://github.com/coreos/ignition/](ignition) +uses this, and it runs early on. + +But there's other code which dynamically dispatches on the platform ID: + +- https://github.com/coreos/afterburn/ +- [The time sync setup code](https://github.com/coreos/fedora-coreos-config/blob/d87b52bc6a90b53e1afeab2731b52612d5e3bbc0/tests/kola/chrony/coreos-platform-chrony-generator#L9) +- [network requirement detection](https://github.com/coreos/fedora-coreos-config/blob/d87b52bc6a90b53e1afeab2731b52612d5e3bbc0/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service#L13) + +Notice in particular how the time synchronization code ends up reconfiguring chrony dynamically. +For other operating systems which do "per cloud" disk images, it would have been more +natural to just change `/etc/chrony.conf` per platform. But that would mean we have a different +ostree commit checksum per platform, breaking our "image based" update model. + +It's very unlikely that we will change the platform IDs in the future. However, FCOS users are recommended +to avoid parsing `ignition.platform.id`. Generally, higher level code that needs to be +platform aware will have more platform-specific ways to find this information. + From b16d82382e3d66be38eb13b4f37d3f6ecbd2453f Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 14 May 2021 10:48:25 -0400 Subject: [PATCH 033/167] internals: Talk about multipath Let's collate information on this. --- internals/README-internals.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/internals/README-internals.md b/internals/README-internals.md index eb697e8..07dce6a 100644 --- a/internals/README-internals.md +++ b/internals/README-internals.md @@ -68,3 +68,32 @@ It's very unlikely that we will change the platform IDs in the future. However, to avoid parsing `ignition.platform.id`. Generally, higher level code that needs to be platform aware will have more platform-specific ways to find this information. +# multipath + +A lot of history here. A TL;DR is that nontrivial multipath setups conceptually conflict +a bit with the "CoreOS model" of booting into the desired configuration from the start. +There's also a long related issue in that we want to use a "pristine" initramfs in +general, and nontrivial multipath configuration needs to be in the initramfs. + +What we ended up with is adding an `rd.multipath=default` kernel argument which +triggers dracut to do "basic" automatic multipath setup in the stock initramfs: +https://github.com/dracutdevs/dracut/pull/780 + +So we still have a model then where the host boots up in a non-multipath +configuration, Ignition runs and the kernel arguments are applied, then we reboot into the +final configuration. + +We don't yet document multipath for FCOS, but we do document this setup for +OpenShift that has a kola test: + +- https://github.com/coreos/coreos-assembler/blob/60f675ec5037b84c01f17192d773a14166dc6a14/mantle/kola/tests/misc/multipath.go#L57 + +More links: + +- https://github.com/coreos/ignition-dracut/issues/154 +- https://bugzilla.redhat.com/show_bug.cgi?id=1944660 + + +An example issue seems to be rooted in our use of labels to find `boot` +and `root`. The labels seem to be racy in our current code because +`multipathd.service` may take over the block devices. From 77602c301bcc4e60d2cb95e12f09cb5408a9b769 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Tue, 18 May 2021 15:42:18 -0400 Subject: [PATCH 034/167] templates: add more steps for container updates to rebase template --- .github/ISSUE_TEMPLATE/rebase.md | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 6a6c5a7..52e7802 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -84,5 +84,21 @@ koji untag-build coreos-pool $untaglist ## Miscellaneous container updates -- [ ] Rebase the coreos-assembler Dockerfile onto the new release -- [ ] Rebase the coreos-installer Dockerfile onto the new release +These are various containers in use throughout our ecosystem. We should update or open a ticket to track updating them once a new Fedora release is out. If you open a ticket instead of doing the update add a link to the ticket as comment. + +- [ ] Update coreos-assembler or open ticket to update: + - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/Dockerfile) +- [ ] Update coreos-installer + - [Dockerfile](https://github.com/coreos/coreos-installer/blob/main/Dockerfile) +- [ ] Update fedora-coreos-cincinnati + - [Dockerfile](https://github.com/coreos/fedora-coreos-cincinnati/blob/main/dist/fedora-infra/Dockerfile) +- [ ] Update config-bot + - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/config-bot/Dockerfile) +- [ ] Update coreos-koji-tagger + - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/coreos-koji-tagger/Dockerfile) + - [ImageStream](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-koji-tagger/templates/imagestream.yml) + - [BuildConfig](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-koji-tagger/templates/buildconfig.yml) +- [ ] Update coreos-ostree-importer + - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/coreos-ostree-importer/Dockerfile) + - [ImageStream](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-ostree-importer/templates/imagestream.yml) + - [BuildConfig](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-ostree-importer/templates/buildconfig.yml) From 5f937231a66af92c23aa12c8b736198526851692 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Tue, 18 May 2021 17:38:48 -0400 Subject: [PATCH 035/167] templates: replace tabs with spaces in rebase template This fixes up the formatting a bit. --- .github/ISSUE_TEMPLATE/rebase.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 52e7802..e73ed44 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -87,11 +87,11 @@ koji untag-build coreos-pool $untaglist These are various containers in use throughout our ecosystem. We should update or open a ticket to track updating them once a new Fedora release is out. If you open a ticket instead of doing the update add a link to the ticket as comment. - [ ] Update coreos-assembler or open ticket to update: - - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/Dockerfile) + - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/Dockerfile) - [ ] Update coreos-installer - - [Dockerfile](https://github.com/coreos/coreos-installer/blob/main/Dockerfile) + - [Dockerfile](https://github.com/coreos/coreos-installer/blob/main/Dockerfile) - [ ] Update fedora-coreos-cincinnati - - [Dockerfile](https://github.com/coreos/fedora-coreos-cincinnati/blob/main/dist/fedora-infra/Dockerfile) + - [Dockerfile](https://github.com/coreos/fedora-coreos-cincinnati/blob/main/dist/fedora-infra/Dockerfile) - [ ] Update config-bot - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/config-bot/Dockerfile) - [ ] Update coreos-koji-tagger From ce09ace81ad257db034639b47eec979b7a8155db Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 17 May 2021 08:55:52 -0400 Subject: [PATCH 036/167] docs/internals: Link to main docs for ignition.platform.id Came up in post-commit review that we do support user units dispatching on this. --- internals/README-internals.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/internals/README-internals.md b/internals/README-internals.md index 07dce6a..1b91265 100644 --- a/internals/README-internals.md +++ b/internals/README-internals.md @@ -42,6 +42,8 @@ See [this pull request](https://github.com/coreos/coreos-assembler/pull/768/comm # ignition.platform.id +See https://docs.fedoraproject.org/en-US/fedora-coreos/platforms/ + The design we have today is that each CoreOS system is the same OS content - the same OSTree commit, and beyond that the exact same bootloader version, etc. @@ -64,10 +66,6 @@ For other operating systems which do "per cloud" disk images, it would have been natural to just change `/etc/chrony.conf` per platform. But that would mean we have a different ostree commit checksum per platform, breaking our "image based" update model. -It's very unlikely that we will change the platform IDs in the future. However, FCOS users are recommended -to avoid parsing `ignition.platform.id`. Generally, higher level code that needs to be -platform aware will have more platform-specific ways to find this information. - # multipath A lot of history here. A TL;DR is that nontrivial multipath setups conceptually conflict From 1f3b8ee08078d77bb498fc8ac0d9461b6cafd269 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Tue, 25 May 2021 16:11:35 -0400 Subject: [PATCH 037/167] templates: rebase: add notes for disabling next-devel stream --- .github/ISSUE_TEMPLATE/rebase.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index e73ed44..028d13b 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -77,6 +77,13 @@ koji untag-build coreos-pool $untaglist - [ ] Ship `testing` - ~Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/).~ +## Disable `next-devel` stream + +We prefer to disable `next-devel` when there is no difference between `testing-devel` and `next-devel`. This allows us to prevent wasting a bunch of resources (bandwidth, storage, compute) for no reason. After the switch to N if `next-devel` and `testing-devel` are in lockstep, then disable `next-devel`. + +- [ ] Remove `next-devel` from the list of "development streams" in [the pipeline](https://github.com/coreos/fedora-coreos-pipeline/blob/main/streams.groovy). [Example PR.](https://github.com/coreos/fedora-coreos-pipeline/pull/343) +- [ ] Update the [promote-config job](https://github.com/coreos/fedora-coreos-streams/blob/main/.github/workflows/promote-config.yml) to promote `next` from `testing-devel`. [Example PR.](https://github.com/coreos/fedora-coreos-streams/pull/322) + ## Ship rebased `stable` - [ ] Ship `stable` From d605b2531d1d375fdb6423dd046f467e780ca379 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 26 May 2021 09:50:28 -0400 Subject: [PATCH 038/167] templates: rebase: add back in steps for adding barrier releases We decided to continue to do this even though it's broken right now. We have a plan to fix it in the future so let's leave the process in place. xref: https://github.com/coreos/fedora-coreos-tracker/issues/749#issuecomment-848290710 --- .github/ISSUE_TEMPLATE/rebase.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 028d13b..b9aa299 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -62,7 +62,7 @@ koji untag-build coreos-pool $untaglist ## Ship rebased `next` - [ ] Ship `next` -- ~Set a new update barrier for N-2 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629).~ _(Skip for now, see https://github.com/coreos/fedora-coreos-tracker/issues/749#issuecomment-781449178)_ +- Set a new update barrier for N-2 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). ## Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` @@ -75,7 +75,7 @@ koji untag-build coreos-pool $untaglist ## Ship rebased `testing` - [ ] Ship `testing` -- ~Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/).~ +- Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). ## Disable `next-devel` stream @@ -87,7 +87,7 @@ We prefer to disable `next-devel` when there is no difference between `testing-d ## Ship rebased `stable` - [ ] Ship `stable` -- ~Set a new update barrier for N-2 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/).~ +- Set a new update barrier for N-2 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). ## Miscellaneous container updates From d4444bdb2baf4ce1a7c1b211192089e7865cfce4 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 27 May 2021 16:30:17 -0500 Subject: [PATCH 039/167] README: move to libera.chat The Fedora project as a whole is moving: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org/message/GGGSZ6NAASOQ3R5XYQ5KLG63HMMXY7GH/ --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 8e39203..44bf8a4 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ technologies and produce Fedora CoreOS. - main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) -- `#fedora-coreos` on IRC (Freenode) +- IRC: [`#fedora-coreos` on Libera.Chat](ircs://irc.libera.chat:6697/#fedora-coreos) - forum at [https://discussion.fedoraproject.org/c/server/coreos](https://discussion.fedoraproject.org/c/server/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) @@ -58,17 +58,17 @@ See [RELEASES.md](RELEASES.md). # Meetings The Fedora CoreOS Working Group has a weekly meeting. The meeting usually -happens in `#fedora-meeting-1` on irc.freenode.net and the schedule for the +happens in `#fedora-meeting-1` on irc.libera.chat and the schedule for the meeting can be found here: https://apps.fedoraproject.org/calendar/CoreOS Currently, meetings are at `16:30 UTC` on Wednesdays. ## Steps to run the meeting - `cd` to a local checkout of this repo and `git pull` -- Ping [meeting people](https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt) in `#fedora-coreos` on freenode +- Ping [meeting people](https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt) in `#fedora-coreos` on libera.chat - `bash meeting-people.txt` - copy lines of output and paste into `#fedora-coreos` channel -- Navigate to `#fedora-meeting-1` on freenode +- Navigate to `#fedora-meeting-1` on libera.chat - Type `#startmeeting fedora_coreos_meeting` - `#topic roll call` From 2f18f075b81e75856cdcf8e64da22d680ead7f00 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 10 Jun 2021 17:03:43 -0400 Subject: [PATCH 040/167] templates/rebase: add Ignition and Butane containers --- .github/ISSUE_TEMPLATE/rebase.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index b9aa299..f7bf0e1 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -97,6 +97,10 @@ These are various containers in use throughout our ecosystem. We should update o - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/Dockerfile) - [ ] Update coreos-installer - [Dockerfile](https://github.com/coreos/coreos-installer/blob/main/Dockerfile) +- [ ] Update Ignition + - [Dockerfile.validate](https://github.com/coreos/ignition/blob/main/Dockerfile.validate) +- [ ] Update Butane + - [Dockerfile](https://github.com/coreos/butane/blob/main/Dockerfile) - [ ] Update fedora-coreos-cincinnati - [Dockerfile](https://github.com/coreos/fedora-coreos-cincinnati/blob/main/dist/fedora-infra/Dockerfile) - [ ] Update config-bot From 3e5aff3cfca59e187fbe4127877d0e56ae2c1d3b Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 9 Jul 2021 00:01:35 -0400 Subject: [PATCH 041/167] internals/initramfs: update for coreos-ignition-setup-user ignition-setup-base is gone (Ignition handles it internally now) and ignition-setup-user has moved to fedora-coreos-config and renamed to coreos-ignition-setup-user. --- internals/README-initramfs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md index 70ce6f8..0dc511b 100644 --- a/internals/README-initramfs.md +++ b/internals/README-initramfs.md @@ -55,7 +55,7 @@ In contrast for PXE the squashfs is in the `live-initramfs` directly. # /boot in the initramfs There are multiple services which access the `/boot` partition in the initramfs. They are (in running order): -- `ignition-setup-user.service`: mounts `/boot` read-only to look for a user Ignition config. This is the first Ignition service to run (in parallel with the `-base` service). +- `coreos-ignition-setup-user.service`: mounts `/boot` read-only to look for a user Ignition config. This is the first Ignition-related service to run. - `coreos-copy-firstboot-network.service`: mounts `/boot` read-only to look for NetworkManager keyfiles. This unit runs after Ignition's `ignition-fetch-offline.service` but before networking is optionally brought up as part of `dracut-initqueue.service`. - (on RHCOS) `rhcos-fips.service`: mounts `/boot` read-write to append `fips=1` to the BLS configs and reboot if FIPS mode is requested. This unit runs after `ignition-fetch.service` but before `ignition-disks.service`. - `coreos-boot-edit.service`: mounts `/boot` read-write late in the initramfs process after `ignition-files.service` to make final edits (e.g. remove firstboot networking configuration files if necessary, append rootmap kargs to the BLS configs). From e9b47f8384f328d3aafd8a40c237d414cfdef0c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Tue, 20 Jul 2021 17:59:22 +0200 Subject: [PATCH 042/167] docs: Add instructions to help test project documentation changes --- docs/testing-project-documentation-changes.md | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 docs/testing-project-documentation-changes.md diff --git a/docs/testing-project-documentation-changes.md b/docs/testing-project-documentation-changes.md new file mode 100644 index 0000000..946b0ae --- /dev/null +++ b/docs/testing-project-documentation-changes.md @@ -0,0 +1,52 @@ +# Testing changes for GitHub Pages hosted project documentation + +The first option makes it easy to link to rendered changes for code review but +is slower for rapid changes or iteration where the second option is faster. + +## Option 1: Deploying to your own GitHub Pages sub domain + +- Replace `coreos` with your GitHub username in `docs/_config.yml` on top of + your other changes: + ``` + docs/_config.yml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + + diff --git a/docs/_config.yml b/docs/_config.yml + index 3ab720a0..801cbb9d 100644 + --- a/docs/_config.yml + +++ b/docs/_config.yml + @@ -1,7 +1,7 @@ + title: coreos/coreos-installer + description: CoreOS Installer documentation + baseurl: "/coreos-installer" + -url: "https://coreos.github.io" + +url: "https://your_github_username.github.io" + # Comment above and use below for local development + # url: "http://localhost:4000" + permalink: /:title/ + ``` +- Push the full changes to the main branch of your GitHub repo fork +- Enable GitHub Pages for the main branch, using `/` as root +- Wait for approximately 1 min for the changes to be deployed +- Access the rendered pages under your username as domain: + + +## Option 2: Local testing + +- In `docs/_config.yml`, replace the line + ``` + url: "https://coreos.github.io" + ``` + by + ``` + url: "http://localhost:4000" + ``` +- Use the following commands to install the Ruby gems and start a local + development server: + ``` + export JEKYLL_ENV="production" + bundle install --path=./vendor/gems/ + bundle exec jekyll serve --livereload --strict_front_matter + ``` +- Access the documentaion by pointing your browser to + From 5714ad90b00debd28e2a748954f95b4002b973f7 Mon Sep 17 00:00:00 2001 From: rugk Date: Wed, 21 Jul 2021 21:24:18 +0200 Subject: [PATCH 043/167] Add missing line break I guess you've got the Markdown syntax "wrong" here and want a line break here. :slightly_smiling_face: --- internals/README-initramfs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md index 0dc511b..81f9e2c 100644 --- a/internals/README-initramfs.md +++ b/internals/README-initramfs.md @@ -27,7 +27,7 @@ Note that Ignition and OSTree are both independent projects consumed by other di Ignition runs only on the first boot. To account for this, ignition-dracut ships two targets: -`ignition-complete.target`: Enabled on first boot +`ignition-complete.target`: Enabled on first boot `ignition-subsequent.target`: Enabled on every boot **except** the first `-complete` will pull in a lot of units, such as `ignition-fetch.service` and `ignition-disks.service` From ea58eeb213bcf658d281fe1d3bdae3a454f9c10e Mon Sep 17 00:00:00 2001 From: Ben Howard Date: Wed, 11 Aug 2021 11:52:47 -0600 Subject: [PATCH 044/167] s/darkmuggle// --- meeting-people.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index 09b6cda..2441c0b 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -2,7 +2,6 @@ tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #fedora-meeting-1' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt" exit 0 -darkmuggle davdunc dustymabe jaimelm From f012dfb67429ed51adbaca47940988c6ae47324d Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Tue, 17 Aug 2021 22:40:35 -0400 Subject: [PATCH 045/167] templates/rebase: drop image signing key for previous release from coreos-installer. --- .github/ISSUE_TEMPLATE/rebase.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index f7bf0e1..d3ce086 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -50,7 +50,7 @@ koji untag-build coreos-pool $untaglist ## coreos-installer changes -- [ ] Update coreos-installer to know about the signing key used for the future new major version of Fedora (N+1). Note that the signing keys for N+1 may not be created until releng branches and rawhide becomes N+1. +- [ ] Update coreos-installer to know about the signing key used for the future new major version of Fedora (N+1). Note that the signing keys for N+1 may not be created until releng branches and rawhide becomes N+1. Drop the signing key for the obsolete stable release (N-1). ## Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `next-devel` From 3f575f04202963f8e75a258d4e15a2627baf0d60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20=C4=8Cajka?= Date: Wed, 1 Sep 2021 19:00:01 +0200 Subject: [PATCH 046/167] meeting-people: Add jcajka --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 2441c0b..d1c323a 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -6,6 +6,7 @@ davdunc dustymabe jaimelm jbrooks +jcajka jdoss jlebon lorbus From 42ee37767c9902855bdbb2cb9103e5c7eb10c511 Mon Sep 17 00:00:00 2001 From: Saqib Ali Date: Wed, 1 Sep 2021 12:56:43 -0400 Subject: [PATCH 047/167] meeting-people.txt: add saqali --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 2441c0b..b213e17 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -11,4 +11,5 @@ jlebon lorbus miabbott nasirhm +saqali skunkerk From aa4f7ee40bd48e6115660a73c626418d3b921b14 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 1 Sep 2021 13:56:28 -0400 Subject: [PATCH 048/167] workflows: verify that meeting-people.txt is sorted Robots reviewing code > humans reviewing code. --- .github/workflows/checks.yml | 18 ++++++++++++++++++ meeting-people.txt | 3 ++- 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/checks.yml diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml new file mode 100644 index 0000000..74e699d --- /dev/null +++ b/.github/workflows/checks.yml @@ -0,0 +1,18 @@ +--- +name: Checks + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + checks: + name: Checks + runs-on: ubuntu-latest + steps: + - name: Check out repository + uses: actions/checkout@v2 + - name: Verify meeting-people.txt is sorted + run: awk '!/^$/ {if (name) print} /^exit 0$/ { name = 1 }' meeting-people.txt | sort -c diff --git a/meeting-people.txt b/meeting-people.txt index f5ca950..df163e0 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -1,4 +1,5 @@ -# List of people to ping before the Fedora CoreOS community meetings +# List of people to ping before the Fedora CoreOS community meetings. +# Please keep this list in alphabetical order. tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #fedora-meeting-1' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt" exit 0 From 082ad44c5c6770e89bac12ad1ee5e4664221bf7b Mon Sep 17 00:00:00 2001 From: gursewak1997 Date: Wed, 1 Sep 2021 18:09:40 +0000 Subject: [PATCH 049/167] meeting-people.txt: Add gurssing --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index f5ca950..45fc693 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -4,6 +4,7 @@ exit 0 davdunc dustymabe +gurssing jaimelm jbrooks jcajka From a622312b68874eebc082a5f9c0152b36fdc8b8fc Mon Sep 17 00:00:00 2001 From: Renata Ravanelli Date: Wed, 1 Sep 2021 14:34:17 -0300 Subject: [PATCH 050/167] meeting-people: Add ravanelli --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index fb4a030..4ab5085 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -14,5 +14,6 @@ jlebon lorbus miabbott nasirhm +ravanelli saqali skunkerk From 3445549ac896d9b98c906268cf840cc8ebd739c9 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 15 Sep 2021 21:39:43 -0400 Subject: [PATCH 051/167] metadata/stream: add metadata.generator field It's useful to record the exact software version that generated an instance of stream metadata. --- metadata/stream/rationale.yaml | 1 + metadata/stream/sample.json | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 9452850..6353e94 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -4,6 +4,7 @@ stream: stable metadata: last-modified: "2019-06-04T16:18:34Z" + generator: "fedora-coreos-stream-generator v0.1.0" architectures: x86_64: artifacts: diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index 5c1bc8e..d3b2e68 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -1,7 +1,8 @@ { "stream": "stable", "metadata": { - "last-modified": "2021-04-28T13:46:31Z" + "last-modified": "2021-04-28T13:46:31Z", + "generator": "fedora-coreos-stream-generator v0.1.0" }, "architectures": { "x86_64": { From 4988ecab5d2f0324332bea2c28f84400bba229ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Tue, 21 Sep 2021 15:58:07 +0200 Subject: [PATCH 052/167] README: Add link to 'Matrix/Element as IRC client' --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 44bf8a4..b48c52d 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ technologies and produce Fedora CoreOS. - main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) -- IRC: [`#fedora-coreos` on Libera.Chat](ircs://irc.libera.chat:6697/#fedora-coreos) +- IRC/Matrix: [`#fedora-coreos` on Libera.Chat](ircs://irc.libera.chat:6697/#fedora-coreos) (For Matrix see [How to use Element as an IRC client](https://meta.wikimedia.org/wiki/Matrix.org#Using_Element_as_an_IRC_client)) - forum at [https://discussion.fedoraproject.org/c/server/coreos](https://discussion.fedoraproject.org/c/server/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) From b0aa94e464e76598e1687a91329bc469fc7f0b69 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 6 Oct 2021 13:23:23 -0400 Subject: [PATCH 053/167] meeting-people.txt: Add walters MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit That's me 👋 --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 4ab5085..323a840 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -17,3 +17,4 @@ nasirhm ravanelli saqali skunkerk +walters From 7e0912da9455dba8e21c4d274a663e3b3bf7f9ce Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 7 Oct 2021 10:18:33 -0400 Subject: [PATCH 054/167] README-internals: add more multipath documentation This is a complex topic, so let's add more docs. --- internals/README-internals.md | 58 ++++++++++++++++++++++++++--------- 1 file changed, 43 insertions(+), 15 deletions(-) diff --git a/internals/README-internals.md b/internals/README-internals.md index 1b91265..05fe7ee 100644 --- a/internals/README-internals.md +++ b/internals/README-internals.md @@ -66,32 +66,60 @@ For other operating systems which do "per cloud" disk images, it would have been natural to just change `/etc/chrony.conf` per platform. But that would mean we have a different ostree commit checksum per platform, breaking our "image based" update model. -# multipath +# Multipath -A lot of history here. A TL;DR is that nontrivial multipath setups conceptually conflict -a bit with the "CoreOS model" of booting into the desired configuration from the start. -There's also a long related issue in that we want to use a "pristine" initramfs in -general, and nontrivial multipath configuration needs to be in the initramfs. +Multipath differs from other storage configurations by a major aspect: it is usually not +configured by Ignition. If we mount an individual path for e.g. `/sysroot`, multipathd will +not be able to take ownership afterwards. Furthermore, directly accessing individual paths +before `multipathd` takes over is unsafe (e.g. it could be a non-optimized path). And since +we need to mount `/boot` very early on, this naturally pushes multipath configuration into +kernel arguments (and ideally soon, initramfs overlays). -What we ended up with is adding an `rd.multipath=default` kernel argument which +What we ended up with is adding an `rd.multipath=default` kernel argument which triggers dracut to do "basic" automatic multipath setup in the stock initramfs: https://github.com/dracutdevs/dracut/pull/780 -So we still have a model then where the host boots up in a non-multipath -configuration, Ignition runs and the kernel arguments are applied, then we reboot into the -final configuration. +By the nature of multipath, a tricky aspect is that e.g. the `by-label/root` symlink is +valid both *before* and *after* multipathd takes ownership. In order to safely wait for the +multipathed rootfs to show up, we have these udev rules which create, for example, +`by-label/dm-mpath-root`: + +https://github.com/coreos/fedora-coreos-config/blob/94e0daa567a658f023d48ac5929c72ed910792bd/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules#L1 + +This is why we require the `root=/dev/disk/by-label/dm-mpath-root` kernel argument; so that +the mount generated by `systemd-fstab-generator` waits for the the multipath version to show +up and doesn't just mount an individual path. + +Firstboot (day-1) support is usually done at coreos-installer time by doing: + +``` +coreos-installer install \ + --append-karg rd.multipath=default \ + --append-karg root=/dev/disk/by-label/dm-mpath-root \ + --append-karg rw + ... +``` + +The `rw` bit is necessary because `systemd-fstab-generator` will create a read-only mount by +default (usually, `rw` is injected by `rdcore rootmap` for subsequent boots, but this does +not happen if there is already a `root` karg). + +That said, turning on multipath on a subsequent (day-2) boot is still supported if the +multipath setup itself is compatible with this. This is done by appending the same kargs as +above using e.g. `rpm-ostree kargs`. (Appending the kargs can also be done via +`ignition-kargs`, though this still counts as "day-2" since on first boot we'd still access +the boot partition directly.) We don't yet document multipath for FCOS, but we do document this setup for OpenShift that has a kola test: -- https://github.com/coreos/coreos-assembler/blob/60f675ec5037b84c01f17192d773a14166dc6a14/mantle/kola/tests/misc/multipath.go#L57 +- https://github.com/coreos/coreos-assembler/blob/f5d003d2ebb81283c3e071ce2ac268884aa7232b/mantle/kola/tests/misc/multipath.go + +We also support multipath on an individual non-root partition. See the test above for how +this works. More links: - https://github.com/coreos/ignition-dracut/issues/154 - https://bugzilla.redhat.com/show_bug.cgi?id=1944660 - - -An example issue seems to be rooted in our use of labels to find `boot` -and `root`. The labels seem to be racy in our current code because -`multipathd.service` may take over the block devices. +- https://github.com/coreos/fedora-coreos-config/pull/1011 From 83c10d24aac255292209e7bb10a558a70e3f5f79 Mon Sep 17 00:00:00 2001 From: Nick Bebout Date: Fri, 8 Oct 2021 11:33:44 -0500 Subject: [PATCH 055/167] Update Matrix info --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b48c52d..b55fb39 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ technologies and produce Fedora CoreOS. - main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) -- IRC/Matrix: [`#fedora-coreos` on Libera.Chat](ircs://irc.libera.chat:6697/#fedora-coreos) (For Matrix see [How to use Element as an IRC client](https://meta.wikimedia.org/wiki/Matrix.org#Using_Element_as_an_IRC_client)) +- IRC/Matrix: [`#fedora-coreos` on Libera.Chat](ircs://irc.libera.chat:6697/#fedora-coreos) #coreos:fedoraproject.org on Matrix - forum at [https://discussion.fedoraproject.org/c/server/coreos](https://discussion.fedoraproject.org/c/server/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) From c11789c4560237b13125e56e17f1cb3aa6eaf9ca Mon Sep 17 00:00:00 2001 From: Nick Bebout Date: Fri, 8 Oct 2021 11:34:29 -0500 Subject: [PATCH 056/167] Change formatting --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b55fb39..d4f6046 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ technologies and produce Fedora CoreOS. - main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) -- IRC/Matrix: [`#fedora-coreos` on Libera.Chat](ircs://irc.libera.chat:6697/#fedora-coreos) #coreos:fedoraproject.org on Matrix +- IRC/Matrix: [`#fedora-coreos` on Libera.Chat](ircs://irc.libera.chat:6697/#fedora-coreos) or `#coreos:fedoraproject.org` on Matrix - forum at [https://discussion.fedoraproject.org/c/server/coreos](https://discussion.fedoraproject.org/c/server/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) From d2dfde5d7aa7513e5200125d36a4e23e58cbb3af Mon Sep 17 00:00:00 2001 From: Joseph Marrero Date: Tue, 19 Oct 2021 17:17:41 -0400 Subject: [PATCH 057/167] meeting-people.txt: Add jmarrero --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 323a840..72ca3d3 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -11,6 +11,7 @@ jbrooks jcajka jdoss jlebon +jmarrero lorbus miabbott nasirhm From be0bdce755df0dee78f85caa19423f588227cd09 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Tue, 2 Nov 2021 01:59:41 -0400 Subject: [PATCH 058/167] metadata/stream/sample: add release field for GCP For https://github.com/coreos/stream-metadata-go/pull/36. --- metadata/stream/sample.json | 1 + 1 file changed, 1 insertion(+) diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index d3b2e68..6d863b1 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -283,6 +283,7 @@ } }, "gcp": { + "release": "33.20210412.3.0", "project": "fedora-coreos-cloud", "family": "fedora-coreos-stable", "name": "fedora-coreos-33-20210412-3-0-gcp-x86-64" From a5e921ef18714ddbc36dfdda69494cd74c207f32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Sun, 7 Nov 2021 17:47:43 +0100 Subject: [PATCH 059/167] README: Update IRC URL & add matrix.to link for Matrix GitHub does not render non-HTTP URLs so use Libera.Chat webchat instead. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d4f6046..186596a 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ technologies and produce Fedora CoreOS. - main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) -- IRC/Matrix: [`#fedora-coreos` on Libera.Chat](ircs://irc.libera.chat:6697/#fedora-coreos) or `#coreos:fedoraproject.org` on Matrix +- IRC/Matrix: [`#fedora-coreos` on Libera.Chat](https://web.libera.chat/#fedora-coreos) (ircs://irc.libera.chat:6697/#fedora-coreos) or [`#coreos:fedoraproject.org` on Matrix](https://matrix.to/#/#coreos:fedoraproject.org) - forum at [https://discussion.fedoraproject.org/c/server/coreos](https://discussion.fedoraproject.org/c/server/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) From 3027e0779ff54c0f8683d18c918726041e3d4c00 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Tue, 9 Nov 2021 11:37:17 -0500 Subject: [PATCH 060/167] templates: update link to buildroot Dockerfile --- .github/ISSUE_TEMPLATE/rebase.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index d3ce086..ba2139c 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -94,7 +94,7 @@ We prefer to disable `next-devel` when there is no difference between `testing-d These are various containers in use throughout our ecosystem. We should update or open a ticket to track updating them once a new Fedora release is out. If you open a ticket instead of doing the update add a link to the ticket as comment. - [ ] Update coreos-assembler or open ticket to update: - - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/Dockerfile) + - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/ci/Dockerfile) - [ ] Update coreos-installer - [Dockerfile](https://github.com/coreos/coreos-installer/blob/main/Dockerfile) - [ ] Update Ignition From eaf592f0da16da6ba3588e511494f1579826b709 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Tue, 9 Nov 2021 13:19:35 -0500 Subject: [PATCH 061/167] Revert "templates: update link to buildroot Dockerfile" It's going away in https://github.com/coreos/coreos-assembler/pull/2550. This reverts commit 3027e0779ff54c0f8683d18c918726041e3d4c00. --- .github/ISSUE_TEMPLATE/rebase.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index ba2139c..d3ce086 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -94,7 +94,7 @@ We prefer to disable `next-devel` when there is no difference between `testing-d These are various containers in use throughout our ecosystem. We should update or open a ticket to track updating them once a new Fedora release is out. If you open a ticket instead of doing the update add a link to the ticket as comment. - [ ] Update coreos-assembler or open ticket to update: - - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/ci/Dockerfile) + - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/Dockerfile) - [ ] Update coreos-installer - [Dockerfile](https://github.com/coreos/coreos-installer/blob/main/Dockerfile) - [ ] Update Ignition From 978f731f6335aa71578db9a38ad159ef73c1400e Mon Sep 17 00:00:00 2001 From: Aashish Radhakrishnan Date: Wed, 8 Dec 2021 17:47:59 -0500 Subject: [PATCH 062/167] Update meeting-people.txt --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 72ca3d3..955c7f0 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -3,6 +3,7 @@ tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #fedora-meeting-1' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt" exit 0 +aaradhak davdunc dustymabe gurssing From 1259c95c8c3819d246e678f4f16d73ccc785d162 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Mon, 20 Dec 2021 19:37:59 -0500 Subject: [PATCH 063/167] templates/rebase: disable next-devel using pipeline metadata https://github.com/coreos/fedora-coreos-pipeline/pull/451 added a centralized mechanism for disabling the next-devel stream. Use it during a rebase. --- .github/ISSUE_TEMPLATE/rebase.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index d3ce086..68846ee 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -81,8 +81,7 @@ koji untag-build coreos-pool $untaglist We prefer to disable `next-devel` when there is no difference between `testing-devel` and `next-devel`. This allows us to prevent wasting a bunch of resources (bandwidth, storage, compute) for no reason. After the switch to N if `next-devel` and `testing-devel` are in lockstep, then disable `next-devel`. -- [ ] Remove `next-devel` from the list of "development streams" in [the pipeline](https://github.com/coreos/fedora-coreos-pipeline/blob/main/streams.groovy). [Example PR.](https://github.com/coreos/fedora-coreos-pipeline/pull/343) -- [ ] Update the [promote-config job](https://github.com/coreos/fedora-coreos-streams/blob/main/.github/workflows/promote-config.yml) to promote `next` from `testing-devel`. [Example PR.](https://github.com/coreos/fedora-coreos-streams/pull/322) +- [ ] Follow the instructions [here](https://github.com/coreos/fedora-coreos-pipeline/tree/main/next-devel) to disable `next-devel` ## Ship rebased `stable` From b14e99daa27455cceea2c2fad5cfa783d45745dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Thu, 6 Jan 2022 13:50:37 +0100 Subject: [PATCH 064/167] README: Update forum URL See: https://discussion.fedoraproject.org/t/fedora-discussion-2022-whats-new/35558 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 186596a..1c30219 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ technologies and produce Fedora CoreOS. - main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) - IRC/Matrix: [`#fedora-coreos` on Libera.Chat](https://web.libera.chat/#fedora-coreos) (ircs://irc.libera.chat:6697/#fedora-coreos) or [`#coreos:fedoraproject.org` on Matrix](https://matrix.to/#/#coreos:fedoraproject.org) -- forum at [https://discussion.fedoraproject.org/c/server/coreos](https://discussion.fedoraproject.org/c/server/coreos) +- forum at [https://discussion.fedoraproject.org/tag/coreos](https://discussion.fedoraproject.org/tag/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) - documentation at [https://docs.fedoraproject.org/en-US/fedora-coreos/](https://docs.fedoraproject.org/en-US/fedora-coreos/) From fb0086a5f1bda1a6c22a954e5b16fcd9b0e9f6e1 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Wed, 26 Jan 2022 16:05:29 -0500 Subject: [PATCH 065/167] Design.md: tweak Fedora GA rebase schedule Make `testing` release with GA content on week 0 as discussed in https://github.com/coreos/fedora-coreos-tracker/issues/1024. Closes: #1024 --- Design.md | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/Design.md b/Design.md index 4b86d8a..af85d0c 100644 --- a/Design.md +++ b/Design.md @@ -84,9 +84,16 @@ The release process integrates with Fedora's release milestones in the following - The `next` stream switches to weekly releases to closely track the GA content set. - Fedora General Availability - Fedora CoreOS re-orients its release schedule in the following way: - - Week 0 (GA release): triple release;`next` with latest Fedora N content - - Week 1: triple release; `testing` release promoted from previous `next` - - Week 3: triple release; `stable` release promoted from previous `testing`, now fully rebased to Fedora N. `next` and `testing` are now in sync. + - Week -1 (Fedora "Go" Decision): `next` release: + - `next` release with final Fedora GA content + - Week 0 (GA release): triple release: + - `testing` release promoted from previous `next` + - `next` release contains latest Fedora N content, including Bodhi updates + - Week 2: triple release: + - `stable` release promoted from previous `testing`, now fully rebased to Fedora N + - `testing` and `next` are now in sync + +We have [a checklist](https://github.com/coreos/fedora-coreos-tracker/blob/main/.github/ISSUE_TEMPLATE/rebase.md) to track the exact steps followed during a rebase. ### Deprecation From 202be254ae625a2984cb8825b78153268aa9b00d Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 9 Feb 2022 21:51:23 -0500 Subject: [PATCH 066/167] template: update rebase issue template This reorganizes the structure a bit so that items are organized more based on when they should happen. It also adds various elements that were missing before that happened to come to me as I was re-organizing things. --- .github/ISSUE_TEMPLATE/rebase.md | 107 ++++++++++++++++++++----------- 1 file changed, 71 insertions(+), 36 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 68846ee..ba1bd79 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -1,16 +1,71 @@ # Rebase to a new version of Fedora (N) -## Release engineering changes +## At Branching -- [ ] Verify that a few tags have been created. These should have been created by releng scripts on branching: +Branching is when a new stream is "branched" off of `rawhide`. This eventually becomes the next major Fedora (N). -- `f${releasever}-coreos-signing-pending` -- `f${releasever}-coreos-continuous` +### Release engineering changes -- [ ] The tag info for the coreos-pool tag has the new release (N) and next release (N+1) signing keys (just to stay ahead of the curve) and removes the old release (N-2) signing key. The following commands view the current settings and then update the list to 32/33/34 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). +- [ ] Verify that a few tags were created when branching occurred: -- `koji taginfo coreos-pool` -- `koji edit-tag coreos-pool -x tag2distrepo.keys="12c944d0 9570ff31 45719a39"` +- `f${N+1}-coreos-signing-pending` +- `f${N+1}-coreos-continuous` + +- [ ] Add the N+1 signing key short hash (usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2)) to the tag info for the coreos-pool tag. The following commands view the current settings and then update the list to the 32/33/34/35 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). + - `koji taginfo coreos-pool` + - `koji edit-tag coreos-pool -x tag2distrepo.keys="12c944d0 9570ff31 45719a39 9867c58f"` + +### coreos-installer changes + +- [ ] Update coreos-installer to know about the signing key used for the future new major version of Fedora (N+1). +- [ ] Drop the signing key for the obsolete stable release (N-2). + +### Update `rawhide` stream + +- [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/rawhide/manifest.yaml) to list N+1 as the releasever. + +### Enable `branched` stream + +- [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/branched/manifest.yaml) to list N as the releasever. +- [ ] Update [streams.groovy](https://github.com/coreos/fedora-coreos-pipeline/blob/main/streams.groovy) to include the `branched` stream in the list of mechanical refs. + + +## At Fedora (N) Beta + +### Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `next-devel` + +- [ ] Bump `releasever` in `manifest.yaml` +- [ ] Update the repos in `manifest.yaml` if needed +- [ ] Run `cosa fetch --update-lockfile` +- [ ] PR the result + +### Ship rebased `next` + +- [ ] Ship `next` +- Set a new update barrier for N-2 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). + + +## Preparing for Fedora (N) GA + +### Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` + +- [ ] Bump `releasever` in `manifest.yaml` +- [ ] Update the repos in `manifest.yaml` if needed +- [ ] Run `cosa fetch --update-lockfile` +- [ ] Bump the base Fedora version in `ci/buildroot/Dockerfile` +- [ ] PR the result + + +## At Fedora (N) GA + +### Ship rebased `testing` + +- [ ] Ship `testing` +- Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). + +### Disable `branched` stream + +- [ ] Update [streams.groovy](https://github.com/coreos/fedora-coreos-pipeline/blob/main/streams.groovy) to remove the `branched` stream in the list of mechanical refs. ### Untag old packages @@ -48,46 +103,26 @@ koji untag-build coreos-pool $untaglist - [ ] Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit. -## coreos-installer changes - -- [ ] Update coreos-installer to know about the signing key used for the future new major version of Fedora (N+1). Note that the signing keys for N+1 may not be created until releng branches and rawhide becomes N+1. Drop the signing key for the obsolete stable release (N-1). - -## Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `next-devel` - -- [ ] Bump `releasever` in `manifest.yaml` -- [ ] Update the repos in `manifest.yaml` if needed -- [ ] Run `cosa fetch --update-lockfile` -- [ ] PR the result - -## Ship rebased `next` - -- [ ] Ship `next` -- Set a new update barrier for N-2 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). +- [ ] Remove the N-2 signing key from the tag info for the coreos-pool tag. The following commands view the current settings and then update the list to the 33/34/35 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). + - `koji taginfo coreos-pool` + - `koji edit-tag coreos-pool -x tag2distrepo.keys="9570ff31 45719a39 9867c58f"` -## Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` - -- [ ] Bump `releasever` in `manifest.yaml` -- [ ] Update the repos in `manifest.yaml` if needed -- [ ] Run `cosa fetch --update-lockfile` -- [ ] Bump the base Fedora version in `ci/buildroot/Dockerfile` -- [ ] PR the result -## Ship rebased `testing` - -- [ ] Ship `testing` -- Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). - -## Disable `next-devel` stream +### Disable `next-devel` stream We prefer to disable `next-devel` when there is no difference between `testing-devel` and `next-devel`. This allows us to prevent wasting a bunch of resources (bandwidth, storage, compute) for no reason. After the switch to N if `next-devel` and `testing-devel` are in lockstep, then disable `next-devel`. - [ ] Follow the instructions [here](https://github.com/coreos/fedora-coreos-pipeline/tree/main/next-devel) to disable `next-devel` -## Ship rebased `stable` + +## After Fedora (N) GA + +### Ship rebased `stable` - [ ] Ship `stable` - Set a new update barrier for N-2 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). + ## Miscellaneous container updates These are various containers in use throughout our ecosystem. We should update or open a ticket to track updating them once a new Fedora release is out. If you open a ticket instead of doing the update add a link to the ticket as comment. From 3a3b15433e4949d3152aaf60b355c2ccffed3f91 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 11 Feb 2022 14:48:15 -0500 Subject: [PATCH 067/167] internals/initramfs: update the new defaults for networking kargs This was updated in https://github.com/coreos/fedora-coreos-config/commit/59ebaba. --- internals/README-initramfs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md index 81f9e2c..66638c0 100644 --- a/internals/README-initramfs.md +++ b/internals/README-initramfs.md @@ -68,7 +68,7 @@ SELinux policy is loaded in the real root. This means that every file we create By default, the initramfs does not try to enable networking if it's not needed. This is important in the live ISO case. Software may request networking if they require it. For example, if Ignition detects a config which requires the network, it writes a stamp file at `/run/ignition/neednet` which we then detect and translate into `rd.neednet=1` via `coreos-enable-network.service`. For any other situation in which FCOS needs networking, we should add a triggering condition to that service. In the future if more cases are added, we may provide a cleaner API which does not require continuously expanding this list. -Network *enablement* is separate from network *configuration*. Afterburn handles rendering of network kernel arguments via [`afterburn-network-kargs.service`](https://github.com/coreos/afterburn/blob/7835d7cd316668e9dcddfa16d2f8f8b3fcbcdd2e/dracut/30afterburn/afterburn-network-kargs.service). On some platforms, it may use a backchannel to fetch the network kargs. By default, it will use `AFTERBURN_NETWORK_KARGS_DEFAULT`, which is defined in [the fedora-coreos-config repo](https://github.com/coreos/fedora-coreos-config/blob/10ebedac9628273a738872bdcac730bdb0bf1385/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf) to be `ip=dhcp,dhcp6`. +Network *enablement* is separate from network *configuration*. Afterburn handles rendering of network kernel arguments via [`afterburn-network-kargs.service`](https://github.com/coreos/afterburn/blob/e0c46db33ece0e003d278be73f2c83e237b315d0/dracut/30afterburn/afterburn-network-kargs.service). On some platforms, it may use a backchannel to fetch the network kargs. By default, it will use `AFTERBURN_NETWORK_KARGS_DEFAULT`, which is defined in [the fedora-coreos-config repo](https://github.com/coreos/fedora-coreos-config/blob/82f22f92620b60b009e94872a7b44fade8e782e1/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf) to be `ip=auto`. For more details of the design, see https://github.com/coreos/fedora-coreos-tracker/issues/460 as well as the project [documentation](https://docs.fedoraproject.org/en-US/fedora-coreos/sysconfig-network-configuration/). From dc9cabf5cf3ab74edf12670bcaebcb15280fefef Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Tue, 22 Feb 2022 04:10:58 -0500 Subject: [PATCH 068/167] templates: s/FCCT/Butane/ --- .github/ISSUE_TEMPLATE/bug-report.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md index 9460b43..94e2abf 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.md +++ b/.github/ISSUE_TEMPLATE/bug-report.md @@ -27,7 +27,7 @@ A clear and concise description of what actually happened. - Fedora CoreOS version **Ignition config** -Please attach your FCC or Ignition config used to provision your system. Be sure to sanitize any private data. If not using FCCT to generate your Ignition config, does the Ignition config pass validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation)? +Please attach the Butane config or Ignition config used to provision your system. Be sure to sanitize any private data. If not using Butane to generate your Ignition config, does the Ignition config pass validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation)? **Additional information** Add any other information about the problem here. From f8a63b55c8b8839c6876c3ec28e08fa9f83bdcce Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 23 Feb 2022 20:56:03 -0500 Subject: [PATCH 069/167] templates/rebase: creating initial f${N+1}-coreos-continuous yum repo Let's tag in a package into the continuous tag so that the initial distrepo task will kick off and the yum repo will exist when the first brave souls try to build COSA against the next major version of Fedora. --- .github/ISSUE_TEMPLATE/rebase.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index ba1bd79..1a89258 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -11,6 +11,14 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b - `f${N+1}-coreos-signing-pending` - `f${N+1}-coreos-continuous` +- [ ] Add and tag a package (any package) which is in the stable repos into the continuous tag. This will create the initial yum repo that's used as input for building the COSA container. + +- `koji add-pkg --owner ${FAS_USERNAME} f${N+1}-coreos-continuous $PKG` + - example: `koji add-pkg --owner dustymabe f36-coreos-continuous fedora-release` + - This example uses the [`fedora-release`](https://src.fedoraproject.org/rpms/fedora-release) RPM, but it could be any other. +- `koji tag-build f${N+1}-coreos-continuous $BUILD` + - example: `koji tag-build f36-coreos-continuous fedora-release-36-0.16` + - [ ] Add the N+1 signing key short hash (usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2)) to the tag info for the coreos-pool tag. The following commands view the current settings and then update the list to the 32/33/34/35 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). - `koji taginfo coreos-pool` - `koji edit-tag coreos-pool -x tag2distrepo.keys="12c944d0 9570ff31 45719a39 9867c58f"` From f8bcfaeceae7293e1e5428b7180d566f3748c372 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 18 Mar 2022 14:37:48 -0400 Subject: [PATCH 070/167] Add notes for how to do a kernel bisect --- docs/fedora-coreos-kernel-bisect.md | 194 ++++++++++++++++++++++++++++ 1 file changed, 194 insertions(+) create mode 100644 docs/fedora-coreos-kernel-bisect.md diff --git a/docs/fedora-coreos-kernel-bisect.md b/docs/fedora-coreos-kernel-bisect.md new file mode 100644 index 0000000..9f7de5c --- /dev/null +++ b/docs/fedora-coreos-kernel-bisect.md @@ -0,0 +1,194 @@ + +# Kernel regressions need bisecting + +Sometimes we encounter kernel regressions and it is valuable to +identify the exact commit where a regression was introduced. An example +of this would be +[this issue for nodes booting in AWS](https://github.com/coreos/fedora-coreos-tracker/issues/1066#issuecomment-1019560658). + +There are various strategies for how to determine the exact kernel +commit where a regression was introduced. Which strategy is most +efficient depends on the problem. Here they are: + +1. directly building and installing the kernel from kernel source git repo +2. directly building and creating an RPM from the kernel source git repo + +For `1.`, it only works if you can reproduce the problem on the +traditional `yum`/`dnf` based Fedora (like Fedora Cloud). If, however, +the problem only presents itself on Fedora CoreOS or is much easier to +reproduce on Fedora CoreOS (i.e. a `kola` test) then you'll want to +build the `rpm` (`2.`) and consume it that way. + +## Kernel Source git Repos + +There are a few kernel source git repositories to know about: + +- `git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git` + - Where the latest upstream development happens +- `git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/` + - Where stable/LTS tags are handled (backports to stable branches happen here) +- `https://gitlab.com/cki-project/kernel-ark.git` + - The `kernel-ark` repo where Red Hat patches/branches are maintained + +The `kernel-ark` repo contains various branches used for feeding into +the [Fedora dist-git repo](https://src.fedoraproject.org/rpms/kernel). +Here's a summary of what those branches are used for: + + +- `os-build` + - The latest bits that track the under development yet to be release kernel. +- `fedora-5.16` + - Follows a particular released kernel stream. This is where things are + merged before they are fed into dist-git. If you want a commit reverted + this is where it will land first. +- `ark-infa` + - This branch contains all the Red Hat bits and nothing else. It can be merged + on top of any other branch and then a SRPM can be created (`make dist-srpm`) + for building using `rpmbuild --rebuild /path/to/srpm`. + +## Creating a Kernel Build Environment + +If running the kernel builds on a Fedora Cloud base machine where you +can install the kernel directly then you can set up the kernel build +environment directly in the VM. If not you'll probably want to use a +container for your kernel builds. Here's how to start up a container: + +``` +podman run -it --name=kbuild -v /path/to/kernel/git/:/path/to/kernel/git/ registry.fedoraproject.org/fedora:35 +``` + +NOTE: try to use the same Fedora Cloud or Fedora container version as + the version of Fedora you are targetting. + +Once inside the VM or container we need to install some software to build the kernel: + +``` +sudo dnf update -y && \ +sudo dnf install -y rpm-build rsync 'dnf-command(builddep)' && \ +sudo dnf builddep -y kernel +# reboot here if in a VM +``` + +We can now make changes to the git repo (revert commits, etc) and run a few +commands to build the kernel. Before building we need to copy down the config +from the kernel dist-git repo and disable DEBUG symbols if they were enabled +(makes very large files): + +``` +cd /path/to/kernel/git/ +curl https://src.fedoraproject.org/rpms/kernel/raw/f35/f/kernel-x86_64-fedora.config > .config +sed -i 's/CONFIG_DEBUG_INFO=y/CONFIG_DEBUG_INFO=n/' .config +``` + +## 1. Directly Building and Installing the Kernel from Kernel Source git repo + +To build and install the kernel directly on the system (i.e. on Fedora Cloud Base) +you can run the following: + +``` +make olddefconfig +make -j$(nproc) bzImage +make -j$(nproc) modules +sudo make modules_install +sudo make install +``` + +On a Fedora Cloud base system the /boot partition is low on extra +space. In order to iterate (i.e. when running a `git bisect`) you can +restore the system back to it's old state before continuing. First, +modify the Makefile and set `EXTRAVERSION = bisect` and also +take a backup of the grub config: + +``` +sudo cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.bak +``` + +Then run the following script to build and install the kernel: + +``` +cat build.sh +#!/bin/bash +set -eux -o pipefail +make -j$(nproc) bzImage +make -j$(nproc) modules +sudo make modules_install +sudo make install +``` + +After testing and before running the next build I would restore and +free space with this clean script: + +``` +cat clean.sh +#!/bin/bash +set -eux -o pipefail +sudo cp /boot/grub2/grub.cfg.bak /boot/grub2/grub.cfg +sudo rm -vf /boot/initramfs*bisect* /boot/vmlinuz-*bisect* /boot/System.map-*bisect* +sudo rm -rf /lib/modules/*bisect* +``` + +## 2. Directly Building and Creating an RPM from the Kernel Source git repo + +In this scenario we're creating an RPM that can either then be package +layered on an existing FCOS system or used as input to a `cosa build`. + +The commands here are: + +``` +make olddefconfig +make -j$(nproc) binrpm-pkg +``` + +### Package Layering the Kernel RPM + +After copying the built kernel to the target machine you can install it with an override. +Example: + +``` +sudo rpm-ostree override replace ./kernel-5.17.0_rc8-1.x86_64.rpm --remove=kernel-core --remove=kernel-modules +``` + +### Doing a Build with COSA + +Then copy the built RPM into the `overrides/rpm` folder under the COSA build directory. +Update the `manifest-lock.overrides.yaml` to specify the kernel and also update the manifest +to not specify `kernel-core` and `kernel-modules`. Here is an example: + + +```diff +diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml +index 62cfbe5..81de60f 100644 +--- a/manifest-lock.overrides.yaml ++++ b/manifest-lock.overrides.yaml +@@ -8,4 +8,6 @@ + # in the `metadata.reason` key, though it's acceptable to omit a `reason` + # for FCOS-specific packages (ignition, afterburn, etc.). + +-packages: {} ++packages: ++ kernel: ++ evr: 5.17.0_rc8+-2 +diff --git a/manifests/bootable-rpm-ostree.yaml b/manifests/bootable-rpm-ostree.yaml +index 784acd4..734f374 100644 +--- a/manifests/bootable-rpm-ostree.yaml ++++ b/manifests/bootable-rpm-ostree.yaml +@@ -7,7 +7,8 @@ + packages: + # Kernel + systemd. Note we explicitly specify kernel-{core,modules} + # because otherwise depsolving could bring in kernel-debug. +- - kernel kernel-core kernel-modules systemd ++ - kernel systemd + # linux-firmware now a recommends so let's explicitly include it + # https://gitlab.com/cki-project/kernel-ark/-/commit/32271d0cd9bd52d386eb35497c4876a8f041f70b + # https://src.fedoraproject.org/rpms/kernel/c/f55c3e9ed8605ff28cb9a922efbab1055947e213?branch=rawhide +``` + +After that you should be able to `cosa fetch --with-cosa-overrides && cosa build` like normal. + + +## Performing a Kernel Bisect + +Now that we know how to build and use a kernel in various ways the bisect is +the easy part. Just follow the +[upstream kernel documentation](https://www.kernel.org/doc/html/latest/admin-guide/bug-bisect.html) +for doing a `git bisect` and repeat the build/test steps in between each step. From d10c006b6aa4a7ac19ad5f3818c2043ecc683297 Mon Sep 17 00:00:00 2001 From: Roman Mohr Date: Mon, 28 Mar 2022 14:42:30 +0200 Subject: [PATCH 071/167] Add KubeVirt to rationale.yaml Signed-off-by: Roman Mohr --- metadata/stream/rationale.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 6353e94..b7b57e2 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -87,6 +87,15 @@ architectures: signature: https://artifacts.example.com/oKooheogobofai8l.qcow.xz.sig sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + kubevirt: + release: 30.1.2.3 + formats: + "qcow.xz": + disk: + location: https://artifacts.example.com/Kiejeeb6ohpu8Eel.qcow.xz + signature: https://artifacts.example.com/Kiejeeb6ohpu8Eel.qcow.xz.sig + sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 packet: release: 30.1.2.3 formats: @@ -143,6 +152,10 @@ architectures: # We don't control platform ingest, so an image slug is probably # the best we can do. image: fedora-coreos-stable + kubevirt: + release: 30.1.2.3 + # ContainerDisk in a container registry + image: exampleregistry.io/fcos/fcos@sha256:67a81539946ec0397196c145394553b8e0241acf27b14ae9de43bc56e167f773 packet: # Images don't have addressable versions, so an operating system # slug is the best we can do. From f6a05aa3e3fb5f24a8c110389212e3e802e97331 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 30 Mar 2022 17:27:12 -0400 Subject: [PATCH 072/167] metadata/stream/rationale: update GCP to match current metadata We ended up splitting the image reference into its parts, and including both the image family name and the specific image it currently points to. --- metadata/stream/rationale.yaml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 6353e94..eb6eea6 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -135,10 +135,14 @@ architectures: # change. image: Fedora:CoreOS:stable:latest gcp: - # We could give a specific image name here, but we probably want - # users to always use an image family. So this is a static string, - # and represents advice rather than a value we might change. - image: projects/fedora-cloud/global/images/family/fedora-coreos-stable + # Ideally users use the project + family. These are static strings, + # and represent advice rather than a value we might change. + project: fedora-coreos-cloud + family: fedora-coreos-stable + # As an alternative, we also list the currently recommended image + # and its release. + release: 30.1.2.3 + name: fedora-coreos-30-1-2-3-gcp-x86-64 digitalocean: # We don't control platform ingest, so an image slug is probably # the best we can do. From 846928aa397b3ad0660492a91ea1734d75599879 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 30 Mar 2022 17:29:38 -0400 Subject: [PATCH 073/167] metadata/stream/rationale: drop semi-stale comment We might recommend AWS images with a different OS version than images for other platforms, so it's important that we list the versions of AMIs. Remove comment implying otherwise. --- metadata/stream/rationale.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index eb6eea6..618ad6f 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -121,8 +121,6 @@ architectures: aws: regions: us-east-1: - # We know the release because we uploaded it, so might as well - # list it. release: 30.1.2.3 image: ami-0123456789abcdef us-east-2: From 06a09961db38cda693c0c821b72bade310b13f54 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 14 Apr 2022 23:34:20 -0400 Subject: [PATCH 074/167] metadata/stream: add digest reference to KubeVirt image description In the current design, the KubeVirt image is presumed to be a pull spec with an image digest. That implies that the user should reference the image by digest, when we'd prefer that they reference it by a stream-specific floating tag. Define the existing "image" field to contain a pull spec with a floating tag for the stream. We should still record the unique identifier of the current image (as we do for GCP images), so add a "digest-ref" field which always contains a fully-qualified pull spec with digest. --- metadata/stream/rationale.yaml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 52e5f88..033892f 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -155,9 +155,14 @@ architectures: # the best we can do. image: fedora-coreos-stable kubevirt: - release: 30.1.2.3 # ContainerDisk in a container registry - image: exampleregistry.io/fcos/fcos@sha256:67a81539946ec0397196c145394553b8e0241acf27b14ae9de43bc56e167f773 + # Ideally users use this pull spec, which specifies a floating tag. + # This value is expected to be stable over time. + image: exampleregistry.io/fcos/fcos:stable + # As an alternative, we also list a digest-based pull spec for the + # currently recommended image, and its release. + release: 30.1.2.3 + digest-ref: exampleregistry.io/fcos/fcos@sha256:67a81539946ec0397196c145394553b8e0241acf27b14ae9de43bc56e167f773 packet: # Images don't have addressable versions, so an operating system # slug is the best we can do. From cd240d28642e58120646f3a0474e2c2e5c8f1b58 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 21 Apr 2022 11:00:24 -0400 Subject: [PATCH 075/167] README: update calendar link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1c30219..d01c229 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,7 @@ See [RELEASES.md](RELEASES.md). The Fedora CoreOS Working Group has a weekly meeting. The meeting usually happens in `#fedora-meeting-1` on irc.libera.chat and the schedule for the -meeting can be found here: https://apps.fedoraproject.org/calendar/CoreOS +meeting can be found here: https://calendar.fedoraproject.org/CoreOS/ Currently, meetings are at `16:30 UTC` on Wednesdays. ## Steps to run the meeting From 2d2c5b370d85fd9e6ef8b9a327d870e3bf62e902 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 2 May 2022 16:51:39 -0400 Subject: [PATCH 076/167] internals/README-initramfs: add some info about multipath This came up in discussion today. Let's document some of the internal details because multipath support is not straightforward. --- internals/README-initramfs.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/internals/README-initramfs.md b/internals/README-initramfs.md index 66638c0..962763b 100644 --- a/internals/README-initramfs.md +++ b/internals/README-initramfs.md @@ -60,6 +60,14 @@ There are multiple services which access the `/boot` partition in the initramfs. - (on RHCOS) `rhcos-fips.service`: mounts `/boot` read-write to append `fips=1` to the BLS configs and reboot if FIPS mode is requested. This unit runs after `ignition-fetch.service` but before `ignition-disks.service`. - `coreos-boot-edit.service`: mounts `/boot` read-write late in the initramfs process after `ignition-files.service` to make final edits (e.g. remove firstboot networking configuration files if necessary, append rootmap kargs to the BLS configs). +# Multipath handling + +Currently, the way multipath is supported is to add `rd.multipath=default` and `root=/dev/disk/by-label/dm-mpath-root` to the kernel command-line. They can be added day-1 or day-2, but the former is recommended. These kargs play different roles. The `root` karg ensures that systemd-fstab-generator will wait until multipathd has assembled the device and the symlink shows up (rather than trying to mount a single path). The `rd.multipath=default` karg will cause [the multipath dracut module to generate a default configuration](https://github.com/dracutdevs/dracut/blob/ab798f6785513c33f9a71371ceea65bd782973d5/modules.d/90multipath/multipathd-configure.service#L10) that `multipathd` will then act on. + +Crucially, `rd.multipath` on first boot also makes us assume that the `boot` filesystem is multipathed and wait for `/dev/disk/by-label/dm-mpath-boot` to show up. As seen in the previous section, many things need access to the bootfs on first boot. But we can't do any I/O to the boot device if it's multipathed because it's undefined which of the single paths will win the `by-label/boot` race, and it may be a path that is non-optimized (see [this PR](https://github.com/coreos/fedora-coreos-config/pull/1011) and linked RHBZ for details). Instead of trying to automatically determine if the bootfs is on multipath and whether we should wait for `multipathd` to assemble it (which is subject to race conditions), we decide on whether `rd.multipath` is provided (see also [this discussion](https://github.com/coreos/fedora-coreos-config/pull/1022#discussion_r634631063)). + +The `dm-mpath-$label` symlinks are created by [a udev rule we ship](https://github.com/coreos/fedora-coreos-config/blob/8fc657ebb9617a1ab9f1b513123d19ea7775ac68/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules#L24). + # SELinux in the initramfs SELinux policy is loaded in the real root. This means that every file we create in the initramfs must be relabeled. See this code: https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-relabel From 554d045cc7eb02713edc824779e760c3b07e9d42 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 6 Jun 2022 14:55:36 -0400 Subject: [PATCH 077/167] templates/rebase: add instructions for creating tracker tickets These tickets help us stay up on various release processes and changes. Let's formalize them in our toplevel rebase tracker template. --- .github/ISSUE_TEMPLATE/rebase.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 1a89258..167e0a1 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -1,5 +1,13 @@ # Rebase to a new version of Fedora (N) +## At previous Fedora major release + +### Open tickets to track related work for this release + +- [ ] Fedora Changes Considerations ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1222)) +- [ ] Package Additions/Removals ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1221)) +- [ ] Test Week ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1123)) + ## At Branching Branching is when a new stream is "branched" off of `rawhide`. This eventually becomes the next major Fedora (N). @@ -130,6 +138,11 @@ We prefer to disable `next-devel` when there is no difference between `testing-d - [ ] Ship `stable` - Set a new update barrier for N-2 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). +### Open ticket for the next Fedora rebase + +- [ ] Create a new ticket from the [rebase template](https://github.com/coreos/fedora-coreos-tracker/issues/new?assignees=&labels=area%2Fplatforms%2C+kind%2Fenhancement&template=rebase.md&title=tracker:+Rebase+onto+Fedora+N) + - label with `FN` label where `N` is the Fedora version. + ## Miscellaneous container updates From 7e92f4ad911a5090de92b71d5ac3bffaf71b5ef6 Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Tue, 17 May 2022 15:52:08 -0400 Subject: [PATCH 078/167] new template for organizing a Test Week --- .github/ISSUE_TEMPLATE/test-week.md | 56 +++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/test-week.md diff --git a/.github/ISSUE_TEMPLATE/test-week.md b/.github/ISSUE_TEMPLATE/test-week.md new file mode 100644 index 0000000..b5001b9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/test-week.md @@ -0,0 +1,56 @@ +--- +name: Schedule a Fedora Test Week +about: Schedule a Fedora Test Week for a new Fedora major release +title: '' +labels: 'community', 'meeting' +assignees: '' +--- + +## Initial Tasks (to be done at least one week before test week) + +- [ ] Open this ticket in the `fedora-coreos-tracker` repo +- [ ] Open a ticket with [Fedora QA](https://pagure.io/fedora-qa/issues). + - [F36 example](https://pagure.io/fedora-qa/issue/695) + +To be done after the Fedora QA folks have taken action on the QA ticket: + +- [ ] Confirm the Test Day page is created on the Fedora Wiki. + - For example: +- [ ] Confirm the Test Day results app is created. + - For example: +- [ ] Choose a day during the Test Week to host a video session for live debug help +- [ ] Setup a Google Meet or other video conference session +- [ ] Create a HackMD doc for capturing notes during live video session +- [ ] Find volunteers to enumerate new documentation + test cases required for Test Week + - Best done via dedicated video session +- [ ] File an issue on `fedora-coreos-tracker` with TODO items. + - For example: +- [ ] File a ticket requesting a Fedora badge is created + - For example: + +## Announcing Test Week + +Should be completed after the Initial Tasks are done + +- [ ] Draft an email to announcing the Test Week + - [ ] Include a link to the Fedora Wiki + - [ ] Include a link to the Test Day results app + - [ ] Include a link to `fedora-coreos-tracker` for Test Week + - [ ] Include a link to the video conference + - [ ] Include a link to the HackMD doc +- [ ] Cross-post announcement email to discussion.fedoraproject.org with `#coreos` tag + +- Example format: + +## During Test Week + +- Monitor `fedora-coreos-tracker` for new issues reported as part of Test Week +- Monitor #fedora-coreos on IRC for new issues reported as part of Test Week +- Ensure there is one or more representatives of Fedora CoreOS team present for live video session + +## After Test Week + +- [ ] Update `fedora-coreos-tracker` ticket with any issues found +- [ ] Update `fedora-coreos-tracker` ticket with any documentation updates made +- [ ] Review Test Day results app and follow-up on any errors reported, if possible +- [ ] Follow up with the Fedora Badges ticket with Fedora Account System (FAS) usernames that participated in Test Week From c810851d93a7adec062b5c47e146e4fc6ac9c244 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 8 Jun 2022 16:00:05 -0400 Subject: [PATCH 079/167] templates: update Test Week link in rebase template --- .github/ISSUE_TEMPLATE/rebase.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 167e0a1..cfb9a80 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -6,7 +6,7 @@ - [ ] Fedora Changes Considerations ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1222)) - [ ] Package Additions/Removals ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1221)) -- [ ] Test Week ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1123)) +- [ ] Test Week ([template](https://github.com/coreos/fedora-coreos-tracker/issues/new?template=test-week.md&title=tracker:+FN+Test+Week)) ## At Branching From ca4ad34599cb3bc1637b433f3d811249a46a9e07 Mon Sep 17 00:00:00 2001 From: Aashish Radhakrishnan Date: Tue, 31 May 2022 15:50:21 -0400 Subject: [PATCH 080/167] Updated FCOS stream metadata sample/rationale/release To have a complete representation of the artifacts we support in the stream metadata sample, rationale & release, the FCOS stream metadata sample/rationale/release have been updated with the missing platforms. Resolves https://issues.redhat.com/browse/COS-1364 --- metadata/release/sample.json | 159 +++++++++++++++++++++++++++------ metadata/stream/rationale.yaml | 135 +++++++++++++++++++++------- metadata/stream/sample.json | 50 +++++++++++ 3 files changed, 287 insertions(+), 57 deletions(-) diff --git a/metadata/release/sample.json b/metadata/release/sample.json index 874aebd..2a1c1d8 100644 --- a/metadata/release/sample.json +++ b/metadata/release/sample.json @@ -4,6 +4,22 @@ "architectures": { "x86_64": { "media": { + "aliyun": { + "artifacts": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aliyun.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aliyun.qcow2.xz.sig", + "sha256": "8f1492f1e9e94ec3f3ecef188c4a2da52348c4b830f6365181bd03e1d969f161" + } + } + }, + "images": { + "us-east-1": { + "image": "m-6wedcb2rfmhkcl2bsbz5" + } + } + }, "aws": { "artifacts": { "vmdk.xz": { @@ -20,13 +36,79 @@ } } }, - "qemu": { + "azure": { + "artifacts": { + "vhd.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azure.vhd.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azure.vhd.xz.sig", + "sha256": "4bb0e1595f66f344c1cc084e163c4352235b2accf3a1385b9eb4b3e4ca5b1d24" + } + } + } + }, + "azurestack": { + "artifacts": { + "vhd.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azurestack.vhd.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azurestack.vhd.xz.sig", + "sha256": "344c1cc084e163c4352235b2accf34d24bb0e1595f66fa1385b9eb4b3e4ca5b1" + } + } + } + }, + "digitalocean": { + "artifacts": { + "qcow2.gz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-digitalocean.qcow2.gz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-digitalocean.qcow2.gz.sig", + "sha256": "435224bb0e1595f344c1cc05b1d2484e163c66f35b2accf3a1385b9eb4b3e4ca" + } + } + } + }, + "exoscale": { "artifacts": { "qcow2.xz": { "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-qemu.qcow2.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-qemu.qcow2.xz.sig", - "sha256": "4dcc04bd43f48bc74a16bd7d20b47829591a2a2fbe3ee8d59fedef2b1ddd1264" + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-exoscale.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-exoscale.qcow2.xz.sig", + "sha256": "435224bb0e1595f344c1cc05b1d2484e163c66f35b2accf3a1385b9eb4b3e4ca" + } + } + } + }, + "gcp": { + "artifacts": { + "tar.gz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-gcp.tar.gz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-gcp.tar.gz.sig", + "sha256": "344c1cc05b1d2484e163c66f35b2accf3a1385b9eb435224bb0e1595f4b3e4ca" + } + } + } + }, + "ibmcloud": { + "artifacts": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-ibmcloud.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-ibmcloud.qcow2.xz.sig", + "sha256": "344c1cc05b1d2484e163c66f35b2accf3a1385b9eb435224bb0e1595f4b3e4ca" + } + } + } + }, + "kubevirt": { + "artifacts": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-kubevirt.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-kubevirt.qcow2.xz.sig", + "sha256": "2accf3a1385b9eb435224bb0e1595f4b3e4344c1cc05b1d2484e163c66f35bca" } } } @@ -40,56 +122,72 @@ "sha256": "881178a4794816e623b02012a84b11d59a96dd59035508a0986a5b6c6be074ed" } }, - "installer.iso": { + "iso": { "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer.iso", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer.iso.sig", + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-live.iso", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-live.iso.sig", "sha256": "aab20fcafc240fa03f7e43370f8be8c14b99b045eca156a0f5e77286b2e9e8c4" } }, - "installer-pxe": { + "pxe": { "kernel": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer-kernel", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer-kernel.sig", + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-live-kernel", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-live-kernel.sig", "sha256": "bb493370b3716a009628197b7fce41107f1f5349f1a7ef67a8ecc7eebb3d2183" }, "initramfs": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer-initramfs.img", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-installer-initramfs.img.sig", + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-live-initramfs.img", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-live-initramfs.img.sig", "sha256": "04dde273b9e5d1b361beb44fde337f915509ad8e128fb408f793fdd0ae84c17d" + }, + "rootfs": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-live-rootfs.img", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-live-rootfs.img.sig", + "sha256": "509ad8e128fb408f793fdd0ae84c17d04dde273b9e5d1b361beb44fde337f915" } } } }, - "azure": { + "nutanix": { "artifacts": { - "vhd.xz": { + "qcow2": { "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azure.vhd.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-azure.vhd.xz.sig", - "sha256": "4bb0e1595f66f344c1cc084e163c4352235b2accf3a1385b9eb4b3e4ca5b1d24" + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-nutanix.qcow2", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-nutanix.qcow2.sig", + "sha256": "1b3e4ca5b1d2463c4352235b2accf95f66f344c1cc084e3a1385b9eb4bb0e154" } } } }, - "aliyun": { + "openstack": { "artifacts": { "qcow2.xz": { "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aliyun.qcow2.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-aliyun.qcow2.xz.sig", - "sha256": "8f1492f1e9e94ec3f3ecef188c4a2da52348c4b830f6365181bd03e1d969f161" + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-openstack.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-openstack.qcow2.xz.sig", + "sha256": "b2cab76cb2038826cb8de99f34d192bda4e805a4eb51be2979ba984424e72501" } } } }, - "openstack": { + "qemu": { "artifacts": { "qcow2.xz": { "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-openstack.qcow2.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-openstack.qcow2.xz.sig", - "sha256": "b2cab76cb2038826cb8de99f34d192bda4e805a4eb51be2979ba984424e72501" + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-qemu.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-qemu.qcow2.xz.sig", + "sha256": "4dcc04bd43f48bc74a16bd7d20b47829591a2a2fbe3ee8d59fedef2b1ddd1264" + } + } + } + }, + "virtualbox": { + "artifacts": { + "ova": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-virtualbox.ova", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-virtualbox.ova.sig", + "sha256": "54729f458c1552c19aa2f2b905860fadbe0a714df45d1d49731725038895094c" } } } @@ -104,6 +202,17 @@ } } } + }, + "vultr": { + "artifacts": { + "raw.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-vultr.raw.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-vultr.raw.xz.sig", + "sha256": "d7d20b47829591a2a2fbe3ee8d59fe4dcc04bd43f48bc74a16bdef2b1ddd1264" + } + } + } } }, "commit": "a9c8d66d3628d1b9b4c4690777e8b730d08329b4359410cb410a2003296af1ca" diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 033892f..54e8567 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -12,6 +12,15 @@ architectures: # openstack. Some will likely only be useful for cloud operators, # such as digitalocean or packet. Some, such as aws, are useful # for users in special situations. + aliyun: + release: 30.1.2.3 + formats: + "qcow2.xz": + disk: + location: https://artifacts.example.com/g0xah6aenvaaVosh.qcow2.xz + signature: https://artifacts.example.com/g0xah6aenvaaVosh.qcow2.xz.sig + sha256: 149afbf4c8996fb92427ae3b0c44298fc1ce41e4649b934ca495991b7852b855 + uncompressed-sha256: d02d5ac0f2a2789602e9df950c38acb15380d2799b4bdb59394e4eeabdd3a662 aws: release: 30.1.2.3 formats: @@ -27,11 +36,20 @@ architectures: azure: release: 30.1.2.3 formats: - "vdi.xz": + "vhd.xz": disk: - location: https://artifacts.example.com/aeng0xah6vaaVosh.vdi.xz - signature: https://artifacts.example.com/aeng0xah6vaaVosh.vdi.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + location: https://artifacts.example.com/6vaaVoshaeng0xah.vhd.xz + signature: https://artifacts.example.com/6vaaVoshaeng0xah.vhd.xz.sig + sha256: f4c8996fb92427ae41e4e3b0c44298fc1c149afb649b934ca495991b7852b855 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + azurestack: + release: 30.1.2.3 + formats: + "vhd.xz": + disk: + location: https://artifacts.example.com/ng0xahos6aevaaVh.vhd.xz + signature: https://artifacts.example.com/ng0xahos6aevaaVh.vhd.xz.sig + sha256: ae41e4649b934ca495991b7852b855e3b0c44298fc1c149afbf4c8996fb92427 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 digitalocean: release: 30.1.2.3 @@ -40,8 +58,17 @@ architectures: disk: location: https://artifacts.example.com/ichaloomuHax9ahR.qcow2.gz signature: https://artifacts.example.com/ichaloomuHax9ahR.qcow2.gz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + sha256: 427ae41e4649b934ca495991b7852b855e3b0c44298fc1c149afbf4c8996fb92 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + exoscale: + release: 30.1.2.3 + formats: + "qcow2.xz": + disk: + location: https://artifacts.example.com/aeng0xah6vaaVosh.qcow2.xz + signature: https://artifacts.example.com/aeng0xah6vaaVosh.qcow2.xz.sig + sha256: 49afbf4c8996fb92427ae41e464e3b0c44298fc1c19b934ca495991b7852b855 + uncompressed-sha256: f2a2789602e9df950c380d2738acb15d02d5ac099b4bdb59394e4eeabdd3a662 gcp: release: 30.1.2.3 formats: @@ -49,7 +76,25 @@ architectures: disk: location: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz signature: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + sha256: 96fb92427ae41e4649b934ca495991b7852b85e3b0c44298fc1c149afbf4c895 + uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + ibmcloud: + release: 30.1.2.3 + formats: + "qcow2.xz": + disk: + location: https://artifacts.example.com/0xah6vaaenVoshga.qcow2.xz + signature: https://artifacts.example.com/0xah6vaaenVoshga.qcow2.xz.sig + sha256: ae3b0c44298fc1ce41e4649b149afbf4c8996fb92427934ca495991b7852b855 + uncompressed-sha256: 02e9df950c38acb1538d02d5ac0f2a278960d2799b4bdb59394e4eeabdd3a662 + kubevirt: + release: 30.1.2.3 + formats: + "qcow2.xz": + disk: + location: https://artifacts.example.com/Kiejeeb6ohpu8Eel.qcow2.xz + signature: https://artifacts.example.com/Kiejeeb6ohpu8Eel.qcow2.xz.sig + sha256: 2427ae41e4649b934ca495991b7852b85e3b0c44298fc1c149afbf4c8996fb95 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 metal: release: 30.1.2.3 @@ -58,43 +103,42 @@ architectures: disk: location: https://artifacts.example.com/xTqYJZKCPNvoNs6B.raw.xz signature: https://artifacts.example.com/xTqYJZKCPNvoNs6B.raw.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + sha256: 6fb92427ae41e4649b934ca49e3b0c44298fc1c149afbf4c8995991b7852b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 iso: disk: location: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso signature: https://artifacts.example.com/ADE5GO3bjAXeDcLO.iso.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + sha256: 8996fb92427ae41e4649b934ca495991b78e3b0c44298fc1c149afbf4c52b855 pxe: kernel: location: https://artifacts.example.com/hkIj8FkCydT3lV9h signature: https://artifacts.example.com/hkIj8FkCydT3lV9h.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + sha256: 27ae41e4649b934ca495991b7852be3b0c44298fc1c149afbf4c8996fb924855 initramfs: location: https://artifacts.example.com/a9ytS8yB4cGZpca1.img signature: https://artifacts.example.com/a9ytS8yB4cGZpca1.img.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + sha256: ae41e4649b934ca495991b7852be3b0c44298fc1c149afbf4c8996fb92427855 rootfs: location: https://artifacts.example.com/Seb8em4QU9p6wEFr.img signature: https://artifacts.example.com/Seb8em4QU9p6wEFr.img.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - openstack: + sha256: fb92427ae41e4649b93e3b0c44298fc1c149afbf4c89964ca495991b7852b855 + nutanix: release: 30.1.2.3 formats: - "qcow.xz": + "qcow2": disk: - location: https://artifacts.example.com/oKooheogobofai8l.qcow.xz - signature: https://artifacts.example.com/oKooheogobofai8l.qcow.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 - kubevirt: + location: https://artifacts.example.com/xah6vaaVaeng0osh.qcow2 + signature: https://artifacts.example.com/xah6vaaVaeng0osh.qcow2.sig + sha256: 991b7852b85b0c44298fc1c149afbfe36fb92427ae41e4649b934ca4954c8995 + openstack: release: 30.1.2.3 formats: - "qcow.xz": + "qcow2.xz": disk: - location: https://artifacts.example.com/Kiejeeb6ohpu8Eel.qcow.xz - signature: https://artifacts.example.com/Kiejeeb6ohpu8Eel.qcow.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + location: https://artifacts.example.com/oKooheogobofai8l.qcow2.xz + signature: https://artifacts.example.com/oKooheogobofai8l.qcow2.xz.sig + sha256: ae41e4649b934ca495991b785e3b0c44298fc1c149afbf4c8996fb924272b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 packet: release: 30.1.2.3 @@ -103,17 +147,25 @@ architectures: disk: location: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz signature: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + sha256: e41e4649b934ca495991b7852b85e3b0c44298fc1c149afbf4c8996fb92427a5 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 qemu: release: 30.1.2.3 formats: - "qcow.xz": + "qcow2.xz": disk: - location: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow.xz - signature: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow.xz.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + location: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow2.xz + signature: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow2.xz.sig + sha256: b0c44298fc1c149afbf4c8996fb9242e37ae41e4649991b7852b855b934ca495 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + virtualbox: + release: 30.1.2.3 + formats: + ova: + disk: + location: https://artifacts.example.com/quohgh8ei0uzaD5a.ova + signature: https://artifacts.example.com/quohgh8ei0uzaD5a.ova.sig + sha256: 4c8996fb92427ae41e4649b934ca4e3b0c44298fc1c149afbf95991b7852b855 vmware: release: 30.1.2.3 formats: @@ -121,12 +173,29 @@ architectures: disk: location: https://artifacts.example.com/quohgh8ei0uzaD5a.ova signature: https://artifacts.example.com/quohgh8ei0uzaD5a.ova.sig - sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + sha256: 96fb92427ae41e4649b934cae3b0c44298fc1c149afbf4c89495991b7852b855 + vultr: + release: 30.1.2.3 + formats: + "raw.xz": + disk: + location: https://artifacts.example.com/ah6vaaVaeng0xosh.raw.xz + signature: https://artifacts.example.com/ah6vaaVaeng0xosh.raw.xz.sig + sha256: ae3b0c44298fc1ce41e4649b149afbf4c8996fb92427934ca495991b7852b855 + uncompressed-sha256: 02e9df950c38acb1538d02d5ac0f2a278960d2799b4bdb59394e4eeabdd3a662 images: # Cloud images to be launched directly by users. These are in a # separate section because they might not always in sync with the # release artifacts above. + aliyun: + regions: + ap-northeast-1: + release: 30.1.2.3 + image: m-cb2rfmhkcl2b6wedsbz5 + ap-south-1: + release: 30.1.2.3 + image: m-ef3e19la2d35aftwxz5p aws: regions: us-east-1: @@ -141,6 +210,12 @@ architectures: # string, and represents advice rather than a value we might # change. image: Fedora:CoreOS:stable:latest + digitalocean: + # We don't control platform ingest, so an image slug is probably + # the best we can do. + image: fedora-coreos-stable + exoscale: + image: Linux Fedora CoreOS 64-bit gcp: # Ideally users use the project + family. These are static strings, # and represent advice rather than a value we might change. @@ -150,10 +225,6 @@ architectures: # and its release. release: 30.1.2.3 name: fedora-coreos-30-1-2-3-gcp-x86-64 - digitalocean: - # We don't control platform ingest, so an image slug is probably - # the best we can do. - image: fedora-coreos-stable kubevirt: # ContainerDisk in a container registry # Ideally users use this pull spec, which specifies a floating tag. diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index 6d863b1..81c3dd0 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -46,6 +46,19 @@ } } }, + "azurestack": { + "release": "33.20210412.3.0", + "formats": { + "vhd.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-azurestack.x86_64.vhd.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-azurestack.x86_64.vhd.xz.sig", + "sha256": "3bd5baf21335ada861b5e01e8628ba40bc04050a436b9eaa0504ba6c33626a05", + "uncompressed-sha256": "de9d7a5b1f0f69746a807148e1dbf64aa2593ac3d4e152fbb4f657da170dcece" + } + } + } + }, "digitalocean": { "release": "33.20210412.3.0", "formats": { @@ -96,6 +109,19 @@ } } }, + "kubevirt": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-kubevirt.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-kubevirt.x86_64.qcow2.xz.sig", + "sha256": "6343b99ca70975bd821050f274aa1db0898fb88aae95a79f63d18a2e2a489e26", + "uncompressed-sha256": "744f25cf86927fe4780b57cd75c2d5b979e15336e4c9bd02fe4f71827d820d4c" + } + } + } + }, "metal": { "release": "33.20210412.3.0", "formats": { @@ -141,6 +167,18 @@ } } }, + "nutanix": { + "release": "33.20210412.3.0", + "formats": { + "qcow2": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-nutanix.x86_64.qcow2", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-nutanix.x86_64.qcow2.sig", + "sha256": "650bb496c94c3fc815126daaa6beb2270ae870cb036df5b43c348da00e788dab" + } + } + } + }, "openstack": { "release": "33.20210412.3.0", "formats": { @@ -167,6 +205,18 @@ } } }, + "virtualbox": { + "release": "33.20210412.3.0", + "formats": { + "ova": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-virtualbox.x86_64.ova", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-virtualbox.x86_64.ova.sig", + "sha256": "a54f52901817165c74b9d265d8ccf0a6c622006e2a13444fc1145970b8c9135d" + } + } + } + }, "vmware": { "release": "33.20210412.3.0", "formats": { From c3e6b8687d50867b416562dca3da9b9b126cd5a1 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Mon, 27 Jun 2022 20:22:17 -0400 Subject: [PATCH 081/167] templates/rebase: add step to update Fedora release in repo-templates --- .github/ISSUE_TEMPLATE/rebase.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index cfb9a80..865a5af 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -130,6 +130,10 @@ We prefer to disable `next-devel` when there is no difference between `testing-d - [ ] Follow the instructions [here](https://github.com/coreos/fedora-coreos-pipeline/tree/main/next-devel) to disable `next-devel` +### Switch upstream packages to shipping release binaries from Fedora (N) + +- [ ] Update [repo-templates](https://github.com/coreos/repo-templates) [config.yaml](https://github.com/coreos/repo-templates/blob/main/config.yaml) with the version number and GPG key ID for Fedora (N). + ## After Fedora (N) GA From 281b447975fc206a4e4916327bca4b9a3ef14acf Mon Sep 17 00:00:00 2001 From: Gursewak Mangat Date: Wed, 13 Jul 2022 11:39:23 -0700 Subject: [PATCH 082/167] meeting-people.txt: Update gursewak username --- meeting-people.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index 955c7f0..e554da5 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -6,7 +6,7 @@ exit 0 aaradhak davdunc dustymabe -gurssing +gursewak jaimelm jbrooks jcajka From 74ce3fce4a1da05d11e11dec7515124ff42dcccd Mon Sep 17 00:00:00 2001 From: Steven Presti Date: Thu, 14 Apr 2022 14:06:33 -0400 Subject: [PATCH 083/167] add documentation for adding a new platform --- .../implementing-new-platform.md | 88 +++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/implementing-new-platform.md diff --git a/.github/ISSUE_TEMPLATE/implementing-new-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-platform.md new file mode 100644 index 0000000..ea51af7 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/implementing-new-platform.md @@ -0,0 +1,88 @@ +# Implementing a new supported platform + + ## During Development + Create PR's addressing the following: + + - [ ] [stream-metadata-go](https://github.com/coreos/stream-metadata-go) + - [Example PR](https://github.com/coreos/stream-metadata-go/pull/45/) + - [ ] Add platform to the `Media` struct in `release/release.go` + - [ ] Add supporting code for new platform to `toStreamArch` func in `release/translate.go` + - [ ] (Cloud Only) Cloud Images need to have an `Images` field + + - [ ] (Cloud Only) [stream-metadata-rust](https://github.com/coreos/stream-metadata-rust/) + - [Example PR](https://github.com/coreos/stream-metadata-rust/pull/16) + + - [ ] [fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker/) + - [Example PR](https://github.com/coreos/fedora-coreos-tracker/pull/1213/) + - [ ] Update the metadata for the new platform + + - [ ] [coreos-assembler](https://github.com/coreos/coreos-assembler) + - [Example PR](https://github.com/coreos/coreos-assembler/pull/2489) + - [ ] Implement required functionality to support new platform + + - [ ] [fedora-web](https://pagure.io/fedora-web/websites) + - [Example PR](https://pagure.io/fedora-web/websites/pull-request/221#request_diff) + - [ ] Add platform to `sites/static/js/coreos-download.js` + +- [ ] [fedora-coreos-browser](https://github.com/coreos/fedora-coreos-browser) + - [Example PR](https://github.com/coreos/fedora-coreos-browser/pull/35) + - [ ] Add a list element for new platform in `browser/index.html` + +- [ ] [build pipeline](https://github.com/coreos/fedora-coreos-pipeline) + - [Example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/500) + - [ ] Add platform to the list found in `jobs/build.Jenkinsfile` for building the new artifact + + - [ ] [fedora-coreos-docs](https://github.com/coreos/fedora-coreos-docs) + - [Example PR](https://github.com/coreos/fedora-coreos-docs/pull/377) + - [ ] Add a `provisioning-.adoc` that walks through how to setup the new platform + - [ ] Add an entry in the `modules/ROOT/nav.adoc` that points to new documentation + + + + ## At Release + +1. Merge metadata changes: + + - [ ] stream-metadata-go + - [ ] stream-metadata-rust + - [ ] fedora-coreos-tracker + - [ ] fedora website + - [ ] fedora-coreos-browser + + +2. Create and push signed tags with appropriate versions + + ``` + # Ensure gpg key for signing in github settings that is associated to redhat email. + # Verify you are on the upstream repo's main branch. + + git status + + RELEASE_VER=vx.y.z + # Replace 'x.y.z' with the appropriate numbers. + + git tag -s ${RELEASE_VER} + # Give appropriate detail to tag, check previous tags with 'git show ${RELEASE_VER}' + + git push git@github.com:coreos/targeted-repo.git ${RELEASE_VER} + # Navigate to the targeted-repo's tag section to ensure a valid signed tag is listed. + # e.g. https://github.com/...repo/tags + ``` + + 1. [ ] Tag stream-metadata-go following the above steps. After tagging, ensure that dependabot has picked up latest version, and merged it into fedora-coreos-stream-generator && coreos-assembler. + - These can be triggered manually by navigating to [fedora-coreos-stream-generator's Dependabot](https://github.com/coreos/fedora-coreos-stream-generator/network/updates/) and [coreos-assembler's Dependabot](https://github.com/coreos/coreos-assembler/network/updates) respectively; then, clicking "Check for updates". + - This might need to be done a few times, as the Dependabot might not pickup tag changes for a few attempts after initial tagging. + + 2. [ ] Tag fedora-coreos-stream-generator following the above steps. + +3. Merge the following changes: + - [ ] coreos-assembler + +4. Wait for updates made to coreos-assembler to be propagated to latest container + - [ ] Download latest version of coreos-assembler container. Verify platform support functionality. + +5. Merge changes for: + - [ ] Build pipeline + +6. Wait for new images to reach stable then merge documentation. + - [ ] fedora-coreos-docs merged \ No newline at end of file From 6c0772350e52dbc95ca7feba854ab6f83e919ed9 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 26 Aug 2022 16:51:16 -0400 Subject: [PATCH 084/167] docs: updates for kernel bisect docs --- docs/fedora-coreos-kernel-bisect.md | 67 +++++++++++++---------------- 1 file changed, 30 insertions(+), 37 deletions(-) diff --git a/docs/fedora-coreos-kernel-bisect.md b/docs/fedora-coreos-kernel-bisect.md index 9f7de5c..040555b 100644 --- a/docs/fedora-coreos-kernel-bisect.md +++ b/docs/fedora-coreos-kernel-bisect.md @@ -54,7 +54,7 @@ environment directly in the VM. If not you'll probably want to use a container for your kernel builds. Here's how to start up a container: ``` -podman run -it --name=kbuild -v /path/to/kernel/git/:/path/to/kernel/git/ registry.fedoraproject.org/fedora:35 +podman run -it --name=kbuild -v /path/to/kernel/git/:/path/to/kernel/git/ registry.fedoraproject.org/fedora:37 ``` NOTE: try to use the same Fedora Cloud or Fedora container version as @@ -71,13 +71,13 @@ sudo dnf builddep -y kernel We can now make changes to the git repo (revert commits, etc) and run a few commands to build the kernel. Before building we need to copy down the config -from the kernel dist-git repo and disable DEBUG symbols if they were enabled -(makes very large files): +from the kernel dist-git repo and disable making a DEBUG kernel if it was enabled, +which makes very large files: ``` cd /path/to/kernel/git/ -curl https://src.fedoraproject.org/rpms/kernel/raw/f35/f/kernel-x86_64-fedora.config > .config -sed -i 's/CONFIG_DEBUG_INFO=y/CONFIG_DEBUG_INFO=n/' .config +curl https://src.fedoraproject.org/rpms/kernel/raw/f37/f/kernel-x86_64-fedora.config > .config +sed -i 's/CONFIG_DEBUG_KERNEL=y/CONFIG_DEBUG_KERNEL=n/' .config ``` ## 1. Directly Building and Installing the Kernel from Kernel Source git repo @@ -151,40 +151,11 @@ sudo rpm-ostree override replace ./kernel-5.17.0_rc8-1.x86_64.rpm --remove=kerne ### Doing a Build with COSA Then copy the built RPM into the `overrides/rpm` folder under the COSA build directory. -Update the `manifest-lock.overrides.yaml` to specify the kernel and also update the manifest -to not specify `kernel-core` and `kernel-modules`. Here is an example: - - -```diff -diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml -index 62cfbe5..81de60f 100644 ---- a/manifest-lock.overrides.yaml -+++ b/manifest-lock.overrides.yaml -@@ -8,4 +8,6 @@ - # in the `metadata.reason` key, though it's acceptable to omit a `reason` - # for FCOS-specific packages (ignition, afterburn, etc.). - --packages: {} -+packages: -+ kernel: -+ evr: 5.17.0_rc8+-2 -diff --git a/manifests/bootable-rpm-ostree.yaml b/manifests/bootable-rpm-ostree.yaml -index 784acd4..734f374 100644 ---- a/manifests/bootable-rpm-ostree.yaml -+++ b/manifests/bootable-rpm-ostree.yaml -@@ -7,7 +7,8 @@ - packages: - # Kernel + systemd. Note we explicitly specify kernel-{core,modules} - # because otherwise depsolving could bring in kernel-debug. -- - kernel kernel-core kernel-modules systemd -+ - kernel systemd - # linux-firmware now a recommends so let's explicitly include it - # https://gitlab.com/cki-project/kernel-ark/-/commit/32271d0cd9bd52d386eb35497c4876a8f041f70b - # https://src.fedoraproject.org/rpms/kernel/c/f55c3e9ed8605ff28cb9a922efbab1055947e213?branch=rawhide -``` - After that you should be able to `cosa fetch --with-cosa-overrides && cosa build` like normal. +While iterating you should be able to skip the `cosa fetch` step. Just delete the old +RPM out of `overrides/rpm`, put the new one in place and then `cosa build`. + ## Performing a Kernel Bisect @@ -192,3 +163,25 @@ Now that we know how to build and use a kernel in various ways the bisect is the easy part. Just follow the [upstream kernel documentation](https://www.kernel.org/doc/html/latest/admin-guide/bug-bisect.html) for doing a `git bisect` and repeat the build/test steps in between each step. + +## Reporting issues upstream + +Unfortunately the kernel doesn't have any git forge structure. It's +mostly email and mailing lists. If you want to report an issue +upstream you can run a command to give you what people/lists to email: + +``` +commit=abcdef +git format-patch --stdout "${commit}^..${commit}" | \ + ./scripts/get_maintainer.pl --norolestats +``` + +example: + +``` +$ commit=a09b314 +$ git format-patch --stdout "${commit}^..${commit}" | ./scripts/get_maintainer.pl --norolestats +Jens Axboe +linux-block@vger.kernel.org +linux-kernel@vger.kernel.org +``` From 8653c42477202d3857e8b16ab78f273d98a97fdc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Mon, 17 Oct 2022 13:55:35 +0200 Subject: [PATCH 085/167] GitHub templates: Convert some templates to issue forms See https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema --- .github/ISSUE_TEMPLATE.md | 4 -- .github/ISSUE_TEMPLATE/bug-report.md | 33 ---------- .github/ISSUE_TEMPLATE/bug-report.yml | 70 ++++++++++++++++++++ .github/ISSUE_TEMPLATE/enhancement.md | 18 ----- .github/ISSUE_TEMPLATE/enhancement.yml | 32 +++++++++ .github/ISSUE_TEMPLATE/new-package.md | 30 --------- .github/ISSUE_TEMPLATE/new-package.yml | 84 ++++++++++++++++++++++++ .github/ISSUE_TEMPLATE/new-platform.md | 32 --------- .github/ISSUE_TEMPLATE/new-platform.yml | 87 +++++++++++++++++++++++++ 9 files changed, 273 insertions(+), 117 deletions(-) delete mode 100644 .github/ISSUE_TEMPLATE.md delete mode 100644 .github/ISSUE_TEMPLATE/bug-report.md create mode 100644 .github/ISSUE_TEMPLATE/bug-report.yml delete mode 100644 .github/ISSUE_TEMPLATE/enhancement.md create mode 100644 .github/ISSUE_TEMPLATE/enhancement.yml delete mode 100644 .github/ISSUE_TEMPLATE/new-package.md create mode 100644 .github/ISSUE_TEMPLATE/new-package.yml delete mode 100644 .github/ISSUE_TEMPLATE/new-platform.md create mode 100644 .github/ISSUE_TEMPLATE/new-platform.yml diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md deleted file mode 100644 index ef46026..0000000 --- a/.github/ISSUE_TEMPLATE.md +++ /dev/null @@ -1,4 +0,0 @@ - diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md deleted file mode 100644 index 94e2abf..0000000 --- a/.github/ISSUE_TEMPLATE/bug-report.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -name: Report a bug -about: Report an issue with Fedora CoreOS -title: '' -labels: 'kind/bug' -assignees: '' - ---- - -**Describe the bug** -A clear and concise description of what the bug is. - -**Reproduction steps** -Steps to reproduce the behavior: -1. -2. -3. - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Actual behavior** -A clear and concise description of what actually happened. - -**System details** - - Bare Metal/QEMU/AWS/GCP/etc. - - Fedora CoreOS version - -**Ignition config** -Please attach the Butane config or Ignition config used to provision your system. Be sure to sanitize any private data. If not using Butane to generate your Ignition config, does the Ignition config pass validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation)? - -**Additional information** -Add any other information about the problem here. diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml new file mode 100644 index 0000000..b83ff6e --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -0,0 +1,70 @@ +name: Report a bug +description: Report an issue with Fedora CoreOS +labels: ["kind/bug"] +assignees: [] +body: + - type: textarea + id: bug-description + attributes: + label: Describe the bug + description: A clear and concise description of what the bug is. + placeholder: I'm using foo on bar and it fails with foobar. + validations: + required: true + + - type: textarea + id: bug-reproduction + attributes: + label: Reproduction steps + description: Steps to reproduce the behavior. + placeholder: | + 1. + 2. + 3. + validations: + required: true + + - type: textarea + id: bug-expected + attributes: + label: Expected behavior + description: A clear and concise description of what you expected to happen. + placeholder: Foo should succeed without errors. + validations: + required: true + + - type: textarea + id: bug-actual + attributes: + label: Actual behavior + description: A clear and concise description of what actually happened. + placeholder: Foo failed with ... + validations: + required: true + + - type: textarea + id: bug-system + attributes: + label: System details + description: Version (`rpm-ostree status -b`) and platform (Bare Metal/QEMU/AWS/GCP/etc.) where you've seen the issue. + placeholder: | + - Bare Metal/QEMU/AWS/GCP/etc. + - Fedora CoreOS version + validations: + required: true + + - type: textarea + id: bug-ignition + attributes: + label: Ignition config + description: The Butane config or Ignition config used to provision your system. Be sure to sanitize any private data. If not using Butane to generate your Ignition config, does the Ignition config pass validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation)? + validations: + required: false + + - type: textarea + id: bug-additional + attributes: + label: Additional information + description: Add any other information about the problem here. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/enhancement.md b/.github/ISSUE_TEMPLATE/enhancement.md deleted file mode 100644 index f89404b..0000000 --- a/.github/ISSUE_TEMPLATE/enhancement.md +++ /dev/null @@ -1,18 +0,0 @@ ---- -name: Request an enhancement -about: Request a new feature in Fedora CoreOS -title: '' -labels: 'kind/enhancement' -assignees: '' - ---- - -**Describe the enhancement** -A clear and concise description of the desired feature. - -**System details** - - Bare Metal/QEMU/AWS/GCP/etc. - - Fedora CoreOS version - -**Additional information** -Add any other information here. diff --git a/.github/ISSUE_TEMPLATE/enhancement.yml b/.github/ISSUE_TEMPLATE/enhancement.yml new file mode 100644 index 0000000..47a4bb0 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/enhancement.yml @@ -0,0 +1,32 @@ +name: Request an enhancement +description: Request a new feature in Fedora CoreOS +labels: ["kind/enhancement"] +assignees: [] +body: + - type: textarea + id: enhancement-description + attributes: + label: Describe the enhancement + description: A clear and concise description of the desired feature. + placeholder: I want to use foo with bar on Fedora CoreOS. + validations: + required: true + + - type: textarea + id: enhancement-system + attributes: + label: System details + description: Platform (Bare Metal/QEMU/AWS/GCP/etc.) where you'd want to see this feature. Version you've tried that does not have it. + placeholder: | + - Bare Metal/QEMU/AWS/GCP/etc. + - Fedora CoreOS version + validations: + required: false + + - type: textarea + id: enhancement-additional + attributes: + label: Additional information + description: Add any other information about the problem here. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/new-package.md b/.github/ISSUE_TEMPLATE/new-package.md deleted file mode 100644 index 1c2baa3..0000000 --- a/.github/ISSUE_TEMPLATE/new-package.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -name: Request a new package -about: Ask for a new package to be added to Fedora CoreOS -title: 'New Package Request: ' -labels: 'kind/enhancement' -assignees: '' - ---- - -Please try to answer the following questions about the package you are requesting: - -1. What, if any, are the additional dependencies on the package? (i.e. does it pull in Python, Perl, etc) - -2. What is the size of the package and its dependencies? - -3. What problem are you trying to solve with this package? Or what functionality does the package provide? - -4. Can the software provided by the package be run from a container? Explain why or why not. - -5. Can the tool(s) provided by the package be helpful in debugging container runtime issues? - -6. Can the tool(s) provided by the package be helpful in debugging networking issues? - -7. Is it possible to layer the package onto the base OS as a day 2 operation? Explain why or why not. - -8. In the case of packages providing services and binaries, can the packaging be adjusted to just deliver binaries? - -9. Can the tool(s) provided by the package be used to do things we’d rather users not be able to do in FCOS? (e.g. can it be abused as a Turing complete interpreter?) - -10. Does the software provided by the package have a history of CVEs? diff --git a/.github/ISSUE_TEMPLATE/new-package.yml b/.github/ISSUE_TEMPLATE/new-package.yml new file mode 100644 index 0000000..f545e01 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/new-package.yml @@ -0,0 +1,84 @@ +name: Request a new package +description: Ask for a new package to be added to Fedora CoreOS +title: "New Package Request: " +labels: ["kind/enhancement"] +assignees: [] +body: + - type: markdown + attributes: + value: | + Please try to answer the following questions about the package you are requesting. + + - type: textarea + id: newpackage-dependencies + attributes: + label: What, if any, are the additional dependencies on the package? (i.e. does it pull in Python, Perl, etc) + description: Paste here the output of `rpm-ostree install --dry-run ` from a fresh Fedora CoreOS node. + validations: + required: true + + - type: textarea + id: newpackage-size + attributes: + label: What is the size of the package and its dependencies? + description: Paste here the output of `rpm -qi ` for each package mentioned above. + validations: + required: true + + - type: textarea + id: newpackage-solution + attributes: + label: What problem are you trying to solve with this package? Or what functionality does the package provide? + validations: + required: true + + - type: textarea + id: newpackage-container + attributes: + label: Can the software provided by the package be run from a container? Explain why or why not. + validations: + required: true + + - type: textarea + id: newpackage-debug-container + attributes: + label: Can the tool(s) provided by the package be helpful in debugging container runtime issues? + validations: + required: true + + - type: textarea + id: newpackage-debug-network + attributes: + label: Can the tool(s) provided by the package be helpful in debugging networking issues? + validations: + required: true + + - type: textarea + id: newpackage-day2 + attributes: + label: Is it possible to layer the package onto the base OS as a day 2 operation? Explain why or why not. + description: Can the package be installed on first boot or later with `rpm-ostree install `? + validations: + required: true + + - type: textarea + id: newpackage-service + attributes: + label: In the case of packages providing services and binaries, can the packaging be adjusted to just deliver binaries? + validations: + required: true + + - type: textarea + id: newpackage-interpreter + attributes: + label: Can the tool(s) provided by the package be used to do things we’d rather users not be able to do in FCOS? + description: E.g. can it be abused as a Turing complete interpreter? + validations: + required: true + + - type: textarea + id: newpackage- + attributes: + label: Does the software provided by the package have a history of CVEs? + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/new-platform.md b/.github/ISSUE_TEMPLATE/new-platform.md deleted file mode 100644 index c484e47..0000000 --- a/.github/ISSUE_TEMPLATE/new-platform.md +++ /dev/null @@ -1,32 +0,0 @@ ---- -name: Request a new platform -about: Ask for Fedora CoreOS to support a new cloud environment -title: 'Platform Request: ' -labels: 'area/platforms, kind/enhancement' -assignees: '' - ---- - -In order to implement support for a new cloud platform in Fedora CoreOS, we need to know several things about the platform. Please try to answer as many questions as you can. - -- [ ] Why is the platform important? Who uses it? - -- [ ] What is the official name of the platform? Is there a short name that's commonly used in client API implementations? - -- [ ] How can the OS retrieve instance userdata? What happens if no userdata is provided? - -- [ ] Does the platform provide a way to configure SSH keys for the instance? How can the OS retrieve them? What happens if none are provided? - -- [ ] How can the OS retrieve network configuration? Is DHCP sufficient, or is there some other network-accessible metadata service? - -- [ ] In particular, how can the OS retrieve the system hostname? - -- [ ] Does the platform require the OS to have a specific console configuration? - -- [ ] Is there a mechanism for the OS to report to the platform that it has successfully booted? Is the mechanism required? - -- [ ] Does the platform have an agent that runs inside the instance? Is it required? What does it do? What language is it implemented in, and where is the source code repository? - -- [ ] How are VM images uploaded to the platform and published to other users? Is there an API? What disk image format is expected? - -- [ ] Are there any other platform quirks we should know about? diff --git a/.github/ISSUE_TEMPLATE/new-platform.yml b/.github/ISSUE_TEMPLATE/new-platform.yml new file mode 100644 index 0000000..35ad0ac --- /dev/null +++ b/.github/ISSUE_TEMPLATE/new-platform.yml @@ -0,0 +1,87 @@ +name: Request a new platform +description: Ask for Fedora CoreOS to support a new cloud environment +title: "Platform Request: " +labels: ["area/platforms", "kind/enhancement"] +assignees: [] +body: + - type: markdown + attributes: + value: | + In order to implement support for a new cloud platform in Fedora CoreOS, we need to know several things about the platform. Please try to answer as many questions as you can. + + - type: textarea + id: newplatform-user + attributes: + label: Why is the platform important? Who uses it? + validations: + required: false + + - type: textarea + id: newplatform-name + attributes: + label: What is the official name of the platform? Is there a short name that's commonly used in client API implementations? + validations: + required: false + + - type: textarea + id: newplatform-userdata + attributes: + label: How can the OS retrieve instance userdata? What happens if no userdata is provided? + validations: + required: false + + - type: textarea + id: newplatform-sshkeys + attributes: + label: Does the platform provide a way to configure SSH keys for the instance? How can the OS retrieve them? What happens if none are provided? + validations: + required: false + + - type: textarea + id: newplatform-network + attributes: + label: How can the OS retrieve network configuration? Is DHCP sufficient, or is there some other network-accessible metadata service? + validations: + required: false + + - type: textarea + id: newplatform-hostname + attributes: + label: In particular, how can the OS retrieve the system hostname? + validations: + required: false + + - type: textarea + id: newplatform-console + attributes: + label: Does the platform require the OS to have a specific console configuration? + validations: + required: false + + - type: textarea + id: newplatform-boot-success + attributes: + label: Is there a mechanism for the OS to report to the platform that it has successfully booted? Is the mechanism required? + validations: + required: false + + - type: textarea + id: newplatform-agent + attributes: + label: Does the platform have an agent that runs inside the instance? Is it required? What does it do? What language is it implemented in, and where is the source code repository? + validations: + required: false + + - type: textarea + id: newplatform-image-upload + attributes: + label: How are VM images uploaded to the platform and published to other users? Is there an API? What disk image format is expected? + validations: + required: false + + - type: textarea + id: newplatform-quirks + attributes: + label: Are there any other platform quirks we should know about? + validations: + required: false From e06aafbfe0aa9123324ad15ef861f0b1d3d6331a Mon Sep 17 00:00:00 2001 From: Anthony Rabbito Date: Mon, 21 Nov 2022 15:41:33 -0500 Subject: [PATCH 086/167] Add anthr76 to meeting-people.txt --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index e554da5..a5dc430 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -4,6 +4,7 @@ tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #fedora-meet exit 0 aaradhak +anthr76 davdunc dustymabe gursewak From fd62a94ac753783132d195e6336e15dbe49c418b Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 28 Oct 2022 17:24:32 -0400 Subject: [PATCH 087/167] rebase checklist updates A few things I noticed that could be improved or needed to be different while I was executing the Fedora 37 rebase. --- .github/ISSUE_TEMPLATE/rebase.md | 47 ++++++++++++++++++++++++-------- 1 file changed, 35 insertions(+), 12 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 865a5af..e8615ad 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -43,7 +43,7 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b ### Enable `branched` stream - [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/branched/manifest.yaml) to list N as the releasever. -- [ ] Update [streams.groovy](https://github.com/coreos/fedora-coreos-pipeline/blob/main/streams.groovy) to include the `branched` stream in the list of mechanical refs. +- [ ] Update [config.yaml](https://github.com/coreos/fedora-coreos-pipeline/blob/main/config.yaml) to un-comment out the `branched` stream definition. ## At Fedora (N) Beta @@ -52,13 +52,19 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b - [ ] Bump `releasever` in `manifest.yaml` - [ ] Update the repos in `manifest.yaml` if needed -- [ ] Run `cosa fetch --update-lockfile` +- [ ] Run `cosa fetch --dry-run --update-lockfile` + - this updates the x86_64 lockfile - the others will get updated when `bump-lockfile` runs. + - in the future we may support [this](https://github.com/coreos/coreos-assembler/issues/3088) in `cosa fetch` directly - [ ] PR the result +- [ ] Re-enable `next-devel` if needed ([docs](https://github.com/coreos/fedora-coreos-pipeline/tree/main/next-devel)) +- [ ] Disable `branched` stream since it is no longer needed. + - Update [config.yaml](https://github.com/coreos/fedora-coreos-pipeline/blob/main/config.yaml) to comment out the `branched` stream definition. + ### Ship rebased `next` - [ ] Ship `next` -- Set a new update barrier for N-2 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). +- [ ] Set a new update barrier for the final release of N-1 on `next`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) ## Preparing for Fedora (N) GA @@ -67,7 +73,7 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b - [ ] Bump `releasever` in `manifest.yaml` - [ ] Update the repos in `manifest.yaml` if needed -- [ ] Run `cosa fetch --update-lockfile` +- [ ] Sync the lockfiles for all arches from `next-devel` - [ ] Bump the base Fedora version in `ci/buildroot/Dockerfile` - [ ] PR the result @@ -77,7 +83,7 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b ### Ship rebased `testing` - [ ] Ship `testing` -- Set a new update barrier for N-2 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). +- [ ] Set a new update barrier for the final release of N-1 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) ### Disable `branched` stream @@ -92,29 +98,46 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b ``` f32key=12c944d0 key=$f32key -untaglist='' +echo > untaglist # create or empty out file for build in $(koji list-tagged --quiet coreos-pool | cut -f1 -d' '); do if koji buildinfo $build | grep $key 1>/dev/null; then - untaglist+="${build} " echo "Adding $build to untag list" + echo "${build}" >> untaglist fi done ``` -- [ ] Now we have a list of builds to untag. But we need one more sanity check. Let's make sure none of those are actually being used. Fire up the latest FCOS `testing-devel` and run: +Now we have a list of builds to untag. But we need a few more sanity checks. + +- [ ] Make sure none of the builds are used in `N` based FCOS. Check by running: ``` f32key=12c944d0 key=$f32key -rpm -qai | grep -B 8 $key +podman run -it --rm quay.io/fedora/fedora-coreos:testing-devel rpm -qai | grep -B 9 $key +podman rmi quay.io/fedora/fedora-coreos:testing-devel ``` If there are any RPMs signed by the old key they'll need to be investigated. Maybe they shouldn't be used any longer. Or maybe they're still needed. -- [ ] After verifying the list looks good: +- [ ] For any RPMS still used by `N-1` based FCOS let's remove them from the untaglist. Check by running: + +``` +f32key=12c944d0 +key=$f32key +podman run -it --rm quay.io/fedora/fedora-coreos:stable rpm -qai | grep -B 9 $key +podman rmi quay.io/fedora/fedora-coreos:stable +``` + +NOTE: This assumes `stable` is still on `N-1`. + +Remove any entries from the `untaglist` file that are still being used. + +- [ ] After verifying the list looks good, untag: ``` -koji untag-build coreos-pool $untaglist +# use xargs so we don't exhaust bash string limit +cat untaglist | xargs -L50 koji untag-build coreos-pool ``` - [ ] Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit. @@ -140,7 +163,7 @@ We prefer to disable `next-devel` when there is no difference between `testing-d ### Ship rebased `stable` - [ ] Ship `stable` -- Set a new update barrier for N-2 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629). +- [ ] Set a new update barrier for the final release of N-1 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) ### Open ticket for the next Fedora rebase From a1eccbb2e1fa8bd2a88f60fe3cd99227e441e315 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Tue, 3 Jan 2023 15:50:44 -0500 Subject: [PATCH 088/167] workflows: update actions to current major versions Fixes deprecation warnings for Node.js 12: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/ --- .github/workflows/checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 74e699d..0439425 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -13,6 +13,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Verify meeting-people.txt is sorted run: awk '!/^$/ {if (name) print} /^exit 0$/ { name = 1 }' meeting-people.txt | sort -c From 63933d707cd50ce7bc872860a312f3686c0e995c Mon Sep 17 00:00:00 2001 From: Michael Nguyen Date: Mon, 30 Jan 2023 16:02:19 -0500 Subject: [PATCH 089/167] Update stream metadata sample/rationale for secure execution Add the secure execution artifact to the stream and release examples. --- metadata/release/sample.json | 11 +++++++++++ metadata/stream/rationale.yaml | 9 +++++++++ metadata/stream/sample.json | 13 +++++++++++++ 3 files changed, 33 insertions(+) diff --git a/metadata/release/sample.json b/metadata/release/sample.json index 2a1c1d8..fad5ba1 100644 --- a/metadata/release/sample.json +++ b/metadata/release/sample.json @@ -181,6 +181,17 @@ } } }, + "qemu-secex": { + "artifacts": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-qemu-secex.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-qemu-secex.qcow2.xz.sig", + "sha256": "2afbb0ac4a19f58a55db35db0a690d488f065664e9bcba1b802966f0ae6aad57" + } + } + } + }, "virtualbox": { "artifacts": { "ova": { diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 54e8567..8bcf65f 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -158,6 +158,15 @@ architectures: signature: https://artifacts.example.com/Siejeeb6ohpu8Eel.qcow2.xz.sig sha256: b0c44298fc1c149afbf4c8996fb9242e37ae41e4649991b7852b855b934ca495 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + qemu-secex: + release: 30.1.2.3 + formats: + "qcow2.xz": + disk: + location: https://artifacts.example.com/6d5814250381013f.qcow2.xz + signature: https://artifacts.example.com/6d5814250381013f.qcow2.xz.sig + sha256: 2afbb0ac4a19f58a55db35db0a690d488f065664e9bcba1b802966f0ae6aad57 + uncompressed-sha256: 2b1cb667f3468ef7b462e5ec8395fcd2982e424d1727336e95f74c611d8bbd53 virtualbox: release: 30.1.2.3 formats: diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index 81c3dd0..58f25ae 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -205,6 +205,19 @@ } } }, + "qemu-secex": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-qemu-secex.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-qemu-secex.x86_64.qcow2.xz.sig", + "sha256": "2afbb0ac4a19f58a55db35db0a690d488f065664e9bcba1b802966f0ae6aad57", + "uncompressed-sha256": "2b1cb667f3468ef7b462e5ec8395fcd2982e424d1727336e95f74c611d8bbd53" + } + } + } + }, "virtualbox": { "release": "33.20210412.3.0", "formats": { From e01009346d982beaac14b31cf509bc8d2926237d Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Sat, 4 Feb 2023 22:41:29 -0500 Subject: [PATCH 090/167] templates: format bug-report Ignition config as YAML Users often post Butane configs rather than Ignition configs, and JSON is upward-compatible with YAML, so cover our bases by calling it YAML. This prevents the user from having to manually add a code block. Also reword the description to avoid asking a question that the field can no longer hold an answer for. --- .github/ISSUE_TEMPLATE/bug-report.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index b83ff6e..c8759cf 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -57,7 +57,10 @@ body: id: bug-ignition attributes: label: Ignition config - description: The Butane config or Ignition config used to provision your system. Be sure to sanitize any private data. If not using Butane to generate your Ignition config, does the Ignition config pass validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation)? + description: The Butane config or Ignition config used to provision your system. Be sure to sanitize any private data. If not using Butane to generate your Ignition config, ensure the Ignition config passes validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation). + # Might be Butane YAML or Ignition JSON, which is upward-compatible + # with YAML + render: yaml validations: required: false From e19d799ab3e347cf6e3538d5a1168ae75a39053b Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Mon, 6 Feb 2023 12:11:58 -0500 Subject: [PATCH 091/167] templates: reword Ignition config field to "Butane or Ignition config" We usually get Butane configs anyway. --- .github/ISSUE_TEMPLATE/bug-report.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index c8759cf..c0699a7 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -54,9 +54,9 @@ body: required: true - type: textarea - id: bug-ignition + id: bug-config attributes: - label: Ignition config + label: Butane or Ignition config description: The Butane config or Ignition config used to provision your system. Be sure to sanitize any private data. If not using Butane to generate your Ignition config, ensure the Ignition config passes validation using [ignition-validate](https://coreos.github.io/ignition/getting-started/#config-validation). # Might be Butane YAML or Ignition JSON, which is upward-compatible # with YAML From 5ace893f8e684ca0123e82690d1b5c942a8abf44 Mon Sep 17 00:00:00 2001 From: Adam Piasecki Date: Wed, 22 Feb 2023 17:00:56 +0000 Subject: [PATCH 092/167] meeting-people.txt: Add apiaseck --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index a5dc430..216425c 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -5,6 +5,7 @@ exit 0 aaradhak anthr76 +apiaseck davdunc dustymabe gursewak From 26cb9218132bc3ce5ec1c71197bcd199edec6090 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 10 Mar 2023 15:39:48 -0500 Subject: [PATCH 093/167] templates/implementing-new-platform: formatting cleanups Remove newlines between items to increase the density of the rendered Markdown. No textual changes. --- .../implementing-new-platform.md | 150 ++++++++---------- 1 file changed, 66 insertions(+), 84 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/implementing-new-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-platform.md index ea51af7..ceee4be 100644 --- a/.github/ISSUE_TEMPLATE/implementing-new-platform.md +++ b/.github/ISSUE_TEMPLATE/implementing-new-platform.md @@ -1,88 +1,70 @@ # Implementing a new supported platform - ## During Development - Create PR's addressing the following: - - - [ ] [stream-metadata-go](https://github.com/coreos/stream-metadata-go) - - [Example PR](https://github.com/coreos/stream-metadata-go/pull/45/) - - [ ] Add platform to the `Media` struct in `release/release.go` - - [ ] Add supporting code for new platform to `toStreamArch` func in `release/translate.go` - - [ ] (Cloud Only) Cloud Images need to have an `Images` field - - - [ ] (Cloud Only) [stream-metadata-rust](https://github.com/coreos/stream-metadata-rust/) - - [Example PR](https://github.com/coreos/stream-metadata-rust/pull/16) - - - [ ] [fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker/) - - [Example PR](https://github.com/coreos/fedora-coreos-tracker/pull/1213/) - - [ ] Update the metadata for the new platform - - - [ ] [coreos-assembler](https://github.com/coreos/coreos-assembler) - - [Example PR](https://github.com/coreos/coreos-assembler/pull/2489) - - [ ] Implement required functionality to support new platform - - - [ ] [fedora-web](https://pagure.io/fedora-web/websites) - - [Example PR](https://pagure.io/fedora-web/websites/pull-request/221#request_diff) - - [ ] Add platform to `sites/static/js/coreos-download.js` - +## During Development + +Create PR's addressing the following: + +- [ ] [stream-metadata-go](https://github.com/coreos/stream-metadata-go) + - [Example PR](https://github.com/coreos/stream-metadata-go/pull/45/) + - [ ] Add platform to the `Media` struct in `release/release.go` + - [ ] Add supporting code for new platform to `toStreamArch` func in `release/translate.go` + - [ ] (Cloud Only) Cloud Images need to have an `Images` field +- [ ] (Cloud Only) [stream-metadata-rust](https://github.com/coreos/stream-metadata-rust/) + - [Example PR](https://github.com/coreos/stream-metadata-rust/pull/16) +- [ ] [fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker/) + - [Example PR](https://github.com/coreos/fedora-coreos-tracker/pull/1213/) + - [ ] Update the metadata for the new platform +- [ ] [coreos-assembler](https://github.com/coreos/coreos-assembler) + - [Example PR](https://github.com/coreos/coreos-assembler/pull/2489) + - [ ] Implement required functionality to support new platform +- [ ] [fedora-web](https://pagure.io/fedora-web/websites) + - [Example PR](https://pagure.io/fedora-web/websites/pull-request/221#request_diff) + - [ ] Add platform to `sites/static/js/coreos-download.js` - [ ] [fedora-coreos-browser](https://github.com/coreos/fedora-coreos-browser) - - [Example PR](https://github.com/coreos/fedora-coreos-browser/pull/35) - - [ ] Add a list element for new platform in `browser/index.html` - + - [Example PR](https://github.com/coreos/fedora-coreos-browser/pull/35) + - [ ] Add a list element for new platform in `browser/index.html` - [ ] [build pipeline](https://github.com/coreos/fedora-coreos-pipeline) - - [Example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/500) - - [ ] Add platform to the list found in `jobs/build.Jenkinsfile` for building the new artifact - - - [ ] [fedora-coreos-docs](https://github.com/coreos/fedora-coreos-docs) - - [Example PR](https://github.com/coreos/fedora-coreos-docs/pull/377) - - [ ] Add a `provisioning-.adoc` that walks through how to setup the new platform - - [ ] Add an entry in the `modules/ROOT/nav.adoc` that points to new documentation - - - - ## At Release - -1. Merge metadata changes: - - - [ ] stream-metadata-go - - [ ] stream-metadata-rust - - [ ] fedora-coreos-tracker - - [ ] fedora website - - [ ] fedora-coreos-browser - - -2. Create and push signed tags with appropriate versions - - ``` - # Ensure gpg key for signing in github settings that is associated to redhat email. - # Verify you are on the upstream repo's main branch. - - git status - - RELEASE_VER=vx.y.z - # Replace 'x.y.z' with the appropriate numbers. - - git tag -s ${RELEASE_VER} - # Give appropriate detail to tag, check previous tags with 'git show ${RELEASE_VER}' - - git push git@github.com:coreos/targeted-repo.git ${RELEASE_VER} - # Navigate to the targeted-repo's tag section to ensure a valid signed tag is listed. - # e.g. https://github.com/...repo/tags - ``` - - 1. [ ] Tag stream-metadata-go following the above steps. After tagging, ensure that dependabot has picked up latest version, and merged it into fedora-coreos-stream-generator && coreos-assembler. - - These can be triggered manually by navigating to [fedora-coreos-stream-generator's Dependabot](https://github.com/coreos/fedora-coreos-stream-generator/network/updates/) and [coreos-assembler's Dependabot](https://github.com/coreos/coreos-assembler/network/updates) respectively; then, clicking "Check for updates". - - This might need to be done a few times, as the Dependabot might not pickup tag changes for a few attempts after initial tagging. - - 2. [ ] Tag fedora-coreos-stream-generator following the above steps. - -3. Merge the following changes: - - [ ] coreos-assembler - -4. Wait for updates made to coreos-assembler to be propagated to latest container - - [ ] Download latest version of coreos-assembler container. Verify platform support functionality. - -5. Merge changes for: - - [ ] Build pipeline - -6. Wait for new images to reach stable then merge documentation. - - [ ] fedora-coreos-docs merged \ No newline at end of file + - [Example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/500) + - [ ] Add platform to the list found in `jobs/build.Jenkinsfile` for building the new artifact +- [ ] [fedora-coreos-docs](https://github.com/coreos/fedora-coreos-docs) + - [Example PR](https://github.com/coreos/fedora-coreos-docs/pull/377) + - [ ] Add a `provisioning-.adoc` that walks through how to setup the new platform + - [ ] Add an entry in the `modules/ROOT/nav.adoc` that points to new documentation + +## At Release + +1. Merge metadata changes: + - [ ] stream-metadata-go + - [ ] stream-metadata-rust + - [ ] fedora-coreos-tracker + - [ ] fedora website + - [ ] fedora-coreos-browser +1. Create and push signed tags with appropriate versions + ``` + # Ensure gpg key for signing in github settings that is associated to redhat email. + # Verify you are on the upstream repo's main branch. + + git status + + RELEASE_VER=vx.y.z + # Replace 'x.y.z' with the appropriate numbers. + + git tag -s ${RELEASE_VER} + # Give appropriate detail to tag, check previous tags with 'git show ${RELEASE_VER}' + + git push git@github.com:coreos/targeted-repo.git ${RELEASE_VER} + # Navigate to the targeted-repo's tag section to ensure a valid signed tag is listed. + # e.g. https://github.com/...repo/tags + ``` + 1. [ ] Tag stream-metadata-go following the above steps. After tagging, ensure that dependabot has picked up latest version, and merged it into fedora-coreos-stream-generator && coreos-assembler. + - These can be triggered manually by navigating to [fedora-coreos-stream-generator's Dependabot](https://github.com/coreos/fedora-coreos-stream-generator/network/updates/) and [coreos-assembler's Dependabot](https://github.com/coreos/coreos-assembler/network/updates) respectively; then, clicking "Check for updates". + - This might need to be done a few times, as the Dependabot might not pickup tag changes for a few attempts after initial tagging. + 2. [ ] Tag fedora-coreos-stream-generator following the above steps. +1. Merge the following changes: + - [ ] coreos-assembler +1. Wait for updates made to coreos-assembler to be propagated to latest container + - [ ] Download latest version of coreos-assembler container. Verify platform support functionality. +1. Merge changes for: + - [ ] Build pipeline +1. Wait for new images to reach stable then merge documentation. + - [ ] fedora-coreos-docs merged From 4ca76edfbe0558b02aa67aa32b284f4005331cea Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 10 Mar 2023 15:48:56 -0500 Subject: [PATCH 094/167] templates/implementing-new-platform: move example PRs to same line as repo They're not checklist items, so it's confusing to put them next to those. --- .../implementing-new-platform.md | 24 +++++++------------ 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/implementing-new-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-platform.md index ceee4be..58b54d5 100644 --- a/.github/ISSUE_TEMPLATE/implementing-new-platform.md +++ b/.github/ISSUE_TEMPLATE/implementing-new-platform.md @@ -4,30 +4,22 @@ Create PR's addressing the following: -- [ ] [stream-metadata-go](https://github.com/coreos/stream-metadata-go) - - [Example PR](https://github.com/coreos/stream-metadata-go/pull/45/) +- [ ] [stream-metadata-go](https://github.com/coreos/stream-metadata-go) ([example PR](https://github.com/coreos/stream-metadata-go/pull/45/)) - [ ] Add platform to the `Media` struct in `release/release.go` - [ ] Add supporting code for new platform to `toStreamArch` func in `release/translate.go` - [ ] (Cloud Only) Cloud Images need to have an `Images` field -- [ ] (Cloud Only) [stream-metadata-rust](https://github.com/coreos/stream-metadata-rust/) - - [Example PR](https://github.com/coreos/stream-metadata-rust/pull/16) -- [ ] [fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker/) - - [Example PR](https://github.com/coreos/fedora-coreos-tracker/pull/1213/) +- [ ] (Cloud Only) [stream-metadata-rust](https://github.com/coreos/stream-metadata-rust/) ([example PR](https://github.com/coreos/stream-metadata-rust/pull/16)) +- [ ] [fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker/) ([example PR](https://github.com/coreos/fedora-coreos-tracker/pull/1213)) - [ ] Update the metadata for the new platform -- [ ] [coreos-assembler](https://github.com/coreos/coreos-assembler) - - [Example PR](https://github.com/coreos/coreos-assembler/pull/2489) +- [ ] [coreos-assembler](https://github.com/coreos/coreos-assembler) ([example PR](https://github.com/coreos/coreos-assembler/pull/2489)) - [ ] Implement required functionality to support new platform -- [ ] [fedora-web](https://pagure.io/fedora-web/websites) - - [Example PR](https://pagure.io/fedora-web/websites/pull-request/221#request_diff) +- [ ] [fedora-web](https://pagure.io/fedora-web/websites) ([example PR](https://pagure.io/fedora-web/websites/pull-request/221#request_diff)) - [ ] Add platform to `sites/static/js/coreos-download.js` -- [ ] [fedora-coreos-browser](https://github.com/coreos/fedora-coreos-browser) - - [Example PR](https://github.com/coreos/fedora-coreos-browser/pull/35) +- [ ] [fedora-coreos-browser](https://github.com/coreos/fedora-coreos-browser) ([example PR](https://github.com/coreos/fedora-coreos-browser/pull/35)) - [ ] Add a list element for new platform in `browser/index.html` -- [ ] [build pipeline](https://github.com/coreos/fedora-coreos-pipeline) - - [Example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/500) +- [ ] [build pipeline](https://github.com/coreos/fedora-coreos-pipeline) ([example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/500)) - [ ] Add platform to the list found in `jobs/build.Jenkinsfile` for building the new artifact -- [ ] [fedora-coreos-docs](https://github.com/coreos/fedora-coreos-docs) - - [Example PR](https://github.com/coreos/fedora-coreos-docs/pull/377) +- [ ] [fedora-coreos-docs](https://github.com/coreos/fedora-coreos-docs) ([example PR](https://github.com/coreos/fedora-coreos-docs/pull/377)) - [ ] Add a `provisioning-.adoc` that walks through how to setup the new platform - [ ] Add an entry in the `modules/ROOT/nav.adoc` that points to new documentation From 1f4db02b60f3914b8d12a7af370de4d6f91cd95d Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 10 Mar 2023 16:12:00 -0500 Subject: [PATCH 095/167] templates/implementing-new-platform: updates Mention Ignition, Afterburn, and platforms.yaml. Update the build pipeline step for pipeline changes. --- .../ISSUE_TEMPLATE/implementing-new-platform.md | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/implementing-new-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-platform.md index 58b54d5..a3b3d0c 100644 --- a/.github/ISSUE_TEMPLATE/implementing-new-platform.md +++ b/.github/ISSUE_TEMPLATE/implementing-new-platform.md @@ -4,6 +4,14 @@ Create PR's addressing the following: +- [ ] [Ignition](https://github.com/coreos/ignition/) ([example PR](https://github.com/coreos/ignition/pull/918)) + - [ ] Add userdata fetch + - [ ] If the platform supports it (unlikely), add userdata deletion +- [ ] [Afterburn](https://github.com/coreos/afterburn/) ([example PR](https://github.com/coreos/afterburn/pull/451)) + - [ ] (Cloud Only) Add relevant attributes + - [ ] (Cloud Only) Add SSH key support if available + - [ ] (Cloud Only) Add hostname support if available + - [ ] (Cloud Only) Add check-in if needed (unlikely) - [ ] [stream-metadata-go](https://github.com/coreos/stream-metadata-go) ([example PR](https://github.com/coreos/stream-metadata-go/pull/45/)) - [ ] Add platform to the `Media` struct in `release/release.go` - [ ] Add supporting code for new platform to `toStreamArch` func in `release/translate.go` @@ -13,18 +21,23 @@ Create PR's addressing the following: - [ ] Update the metadata for the new platform - [ ] [coreos-assembler](https://github.com/coreos/coreos-assembler) ([example PR](https://github.com/coreos/coreos-assembler/pull/2489)) - [ ] Implement required functionality to support new platform +- [ ] [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) + - [ ] Add a stanza to `platforms.yaml` if the system should use a serial console, or both serial and graphical consoles - [ ] [fedora-web](https://pagure.io/fedora-web/websites) ([example PR](https://pagure.io/fedora-web/websites/pull-request/221#request_diff)) - [ ] Add platform to `sites/static/js/coreos-download.js` - [ ] [fedora-coreos-browser](https://github.com/coreos/fedora-coreos-browser) ([example PR](https://github.com/coreos/fedora-coreos-browser/pull/35)) - [ ] Add a list element for new platform in `browser/index.html` -- [ ] [build pipeline](https://github.com/coreos/fedora-coreos-pipeline) ([example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/500)) - - [ ] Add platform to the list found in `jobs/build.Jenkinsfile` for building the new artifact +- [ ] [build pipeline](https://github.com/coreos/fedora-coreos-pipeline) ([example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/815)) + - [ ] Add platform to the list found in `config.yaml` for building the new artifact - [ ] [fedora-coreos-docs](https://github.com/coreos/fedora-coreos-docs) ([example PR](https://github.com/coreos/fedora-coreos-docs/pull/377)) - [ ] Add a `provisioning-.adoc` that walks through how to setup the new platform - [ ] Add an entry in the `modules/ROOT/nav.adoc` that points to new documentation ## At Release +1. Merge upstream changes and put out a release: + - [ ] Ignition + - [ ] Afterburn 1. Merge metadata changes: - [ ] stream-metadata-go - [ ] stream-metadata-rust From 13f217d19eb4cd6dd9eda1bde9431e5173e0eb68 Mon Sep 17 00:00:00 2001 From: gursewak1997 Date: Fri, 17 Mar 2023 14:43:00 -0700 Subject: [PATCH 096/167] Update kubevirt artifact's format Updating the format for kubevirt artifacts in rationale.yaml and sample.json for streams and releases. --- metadata/release/sample.json | 6 +++--- metadata/stream/rationale.yaml | 7 +++---- metadata/stream/sample.json | 9 ++++----- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/metadata/release/sample.json b/metadata/release/sample.json index fad5ba1..5de39b8 100644 --- a/metadata/release/sample.json +++ b/metadata/release/sample.json @@ -104,10 +104,10 @@ }, "kubevirt": { "artifacts": { - "qcow2.xz": { + "ociarchive": { "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-kubevirt.qcow2.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-kubevirt.qcow2.xz.sig", + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-kubevirt.ociarchive", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-kubevirt.ociarchive.sig", "sha256": "2accf3a1385b9eb435224bb0e1595f4b3e4344c1cc05b1d2484e163c66f35bca" } } diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 8bcf65f..4a7c2f0 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -90,12 +90,11 @@ architectures: kubevirt: release: 30.1.2.3 formats: - "qcow2.xz": + "ociarchive": disk: - location: https://artifacts.example.com/Kiejeeb6ohpu8Eel.qcow2.xz - signature: https://artifacts.example.com/Kiejeeb6ohpu8Eel.qcow2.xz.sig + location: https://artifacts.example.com/Kiejeeb6ohpu8Eel.ociarchive + signature: https://artifacts.example.com/Kiejeeb6ohpu8Eel.ociarchive.sig sha256: 2427ae41e4649b934ca495991b7852b85e3b0c44298fc1c149afbf4c8996fb95 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 metal: release: 30.1.2.3 formats: diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index 58f25ae..47105ad 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -112,12 +112,11 @@ "kubevirt": { "release": "33.20210412.3.0", "formats": { - "qcow2.xz": { + "ociarchive": { "disk": { - "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-kubevirt.x86_64.qcow2.xz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-kubevirt.x86_64.qcow2.xz.sig", - "sha256": "6343b99ca70975bd821050f274aa1db0898fb88aae95a79f63d18a2e2a489e26", - "uncompressed-sha256": "744f25cf86927fe4780b57cd75c2d5b979e15336e4c9bd02fe4f71827d820d4c" + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-kubevirt.x86_64.ociarchive", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-kubevirt.x86_64.ociarchive.sig", + "sha256": "6343b99ca70975bd821050f274aa1db0898fb88aae95a79f63d18a2e2a489e26" } } } From db43d25c5df8d2a674597bb4e4e76091236141b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Tue, 11 Apr 2023 09:59:10 +0200 Subject: [PATCH 097/167] README: Update link to new package request issue See: https://github.com/coreos/fedora-coreos-tracker/pull/1322 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d01c229..db92e0a 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ Thus, new package requests are carefully scrutinized to weigh the benefits and drawbacks of adding an additional package. If you would like to propose the inclusion of a new package in the base set of packages, -please file a [new package request](https://github.com/coreos/fedora-coreos-tracker/issues/new?labels=kind/enhancement&template=new-package.md&title=New+Package+Request%3A+%3Cpackage+name%3E). +please file a [new package request](https://github.com/coreos/fedora-coreos-tracker/issues/new/choose). # Releases From 8033a43c945b657e593e8893f79e9db830c0ff97 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Mon, 17 Apr 2023 16:58:43 -0400 Subject: [PATCH 098/167] meeting-people: remove skunkerk Per skunkerk. --- meeting-people.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index 216425c..d155e80 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -20,5 +20,4 @@ miabbott nasirhm ravanelli saqali -skunkerk walters From d8fc25040e18dfeef926173fbabac293f61bae85 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 3 May 2023 14:39:45 -0400 Subject: [PATCH 099/167] templates/rebase: Remove 'Disable `branched` stream' section This should have been removed in fd62a94 when a step for this was added to another section. --- .github/ISSUE_TEMPLATE/rebase.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index e8615ad..4fb5eb6 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -85,10 +85,6 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b - [ ] Ship `testing` - [ ] Set a new update barrier for the final release of N-1 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) -### Disable `branched` stream - -- [ ] Update [streams.groovy](https://github.com/coreos/fedora-coreos-pipeline/blob/main/streams.groovy) to remove the `branched` stream in the list of mechanical refs. - ### Untag old packages `koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 32 key and untags them. Use this process: From 30d09e3b55c55a7f5b16a55c60114a8b6901e50d Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 3 May 2023 14:56:54 -0400 Subject: [PATCH 100/167] templates/rebase: move "Untag old packages" section later This doesn't need to happen until the end which is usually the best place for cleanups anyway. Let's move it later. --- .github/ISSUE_TEMPLATE/rebase.md | 37 ++++++++++++++++---------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 4fb5eb6..6f9e4ea 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -85,6 +85,24 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b - [ ] Ship `testing` - [ ] Set a new update barrier for the final release of N-1 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) +### Disable `next-devel` stream + +We prefer to disable `next-devel` when there is no difference between `testing-devel` and `next-devel`. This allows us to prevent wasting a bunch of resources (bandwidth, storage, compute) for no reason. After the switch to N if `next-devel` and `testing-devel` are in lockstep, then disable `next-devel`. + +- [ ] Follow the instructions [here](https://github.com/coreos/fedora-coreos-pipeline/tree/main/next-devel) to disable `next-devel` + +### Switch upstream packages to shipping release binaries from Fedora (N) + +- [ ] Update [repo-templates](https://github.com/coreos/repo-templates) [config.yaml](https://github.com/coreos/repo-templates/blob/main/config.yaml) with the version number and GPG key ID for Fedora (N). + + +## After Fedora (N) GA + +### Ship rebased `stable` + +- [ ] Ship `stable` +- [ ] Set a new update barrier for the final release of N-1 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) + ### Untag old packages `koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 32 key and untags them. Use this process: @@ -142,25 +160,6 @@ cat untaglist | xargs -L50 koji untag-build coreos-pool - `koji taginfo coreos-pool` - `koji edit-tag coreos-pool -x tag2distrepo.keys="9570ff31 45719a39 9867c58f"` - -### Disable `next-devel` stream - -We prefer to disable `next-devel` when there is no difference between `testing-devel` and `next-devel`. This allows us to prevent wasting a bunch of resources (bandwidth, storage, compute) for no reason. After the switch to N if `next-devel` and `testing-devel` are in lockstep, then disable `next-devel`. - -- [ ] Follow the instructions [here](https://github.com/coreos/fedora-coreos-pipeline/tree/main/next-devel) to disable `next-devel` - -### Switch upstream packages to shipping release binaries from Fedora (N) - -- [ ] Update [repo-templates](https://github.com/coreos/repo-templates) [config.yaml](https://github.com/coreos/repo-templates/blob/main/config.yaml) with the version number and GPG key ID for Fedora (N). - - -## After Fedora (N) GA - -### Ship rebased `stable` - -- [ ] Ship `stable` -- [ ] Set a new update barrier for the final release of N-1 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) - ### Open ticket for the next Fedora rebase - [ ] Create a new ticket from the [rebase template](https://github.com/coreos/fedora-coreos-tracker/issues/new?assignees=&labels=area%2Fplatforms%2C+kind%2Fenhancement&template=rebase.md&title=tracker:+Rebase+onto+Fedora+N) From 55854e656ff6e880e821d1fd29bae736e654f3a1 Mon Sep 17 00:00:00 2001 From: Quentin Vallin Date: Mon, 8 May 2023 11:19:04 -0400 Subject: [PATCH 101/167] feat: Adds quentin9696 to notification list --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index d155e80..093c1db 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -18,6 +18,7 @@ jmarrero lorbus miabbott nasirhm +quentin9696[m] ravanelli saqali walters From adb3cfddb345e1c8c8c1cac6f740c980ec9b2c5e Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 22 May 2023 10:14:56 -0400 Subject: [PATCH 102/167] templates/rebase: drop some tagging steps; add comments for clarity I found some of these steps unnecessary, but also needed more context for one problem I ran into during this cycle so I added it here. --- .github/ISSUE_TEMPLATE/rebase.md | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 6f9e4ea..d83cffd 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -132,20 +132,9 @@ podman run -it --rm quay.io/fedora/fedora-coreos:testing-devel rpm -qai | grep - podman rmi quay.io/fedora/fedora-coreos:testing-devel ``` -If there are any RPMs signed by the old key they'll need to be investigated. Maybe they shouldn't be used any longer. Or maybe they're still needed. +If there are any RPMs signed by the old key they'll need to be investigated. Maybe they shouldn't be used any longer. Or maybe they're still needed. One example of this is the shim RPM where the same build could be used for many Fedora releases. In this case you'll need to untag the RPM from `coreos-pool`, run a `koji distrepo`, which will remove that RPM from the repo metadata, and then re-tag it into the pool. The RPM in the repo will now be signed with a newer signing key. -- [ ] For any RPMS still used by `N-1` based FCOS let's remove them from the untaglist. Check by running: -``` -f32key=12c944d0 -key=$f32key -podman run -it --rm quay.io/fedora/fedora-coreos:stable rpm -qai | grep -B 9 $key -podman rmi quay.io/fedora/fedora-coreos:stable -``` - -NOTE: This assumes `stable` is still on `N-1`. - -Remove any entries from the `untaglist` file that are still being used. - [ ] After verifying the list looks good, untag: From ebdfe21b72bad5bacfc981e5834775c81c727097 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 22 May 2023 10:15:58 -0400 Subject: [PATCH 103/167] templates/rebase: add -v to `koji untag-build` This will give you some status updates to the screen while it's running. Otherwise there's not much feedback to the user and you aren't sure if it's working or not. --- .github/ISSUE_TEMPLATE/rebase.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index d83cffd..a0bd86c 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -140,7 +140,7 @@ If there are any RPMs signed by the old key they'll need to be investigated. May ``` # use xargs so we don't exhaust bash string limit -cat untaglist | xargs -L50 koji untag-build coreos-pool +cat untaglist | xargs -L50 koji untag-build -v coreos-pool ``` - [ ] Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit. From eb71df4d55cb9c7ca0564b015f2b938068f1a3ac Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 22 May 2023 10:16:52 -0400 Subject: [PATCH 104/167] templates/rebase: additional container update steps - We refactored coreos-cincinnati a bit to look more like the other Apps so let's add steps here for updating it. - Add fedora-ostree-pruner to the list since that's now running in production too. --- .github/ISSUE_TEMPLATE/rebase.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index a0bd86c..6e6cca0 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -169,6 +169,9 @@ These are various containers in use throughout our ecosystem. We should update o - [Dockerfile](https://github.com/coreos/butane/blob/main/Dockerfile) - [ ] Update fedora-coreos-cincinnati - [Dockerfile](https://github.com/coreos/fedora-coreos-cincinnati/blob/main/dist/fedora-infra/Dockerfile) + - [ImageStream](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-cincinnati/templates/imagestream.yml) + - [BuildConfig](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-cincinnati/templates/buildconfig.yml) + - [Git Hash Variables (Optional)](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-cincinnati/vars) - [ ] Update config-bot - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/config-bot/Dockerfile) - [ ] Update coreos-koji-tagger @@ -179,3 +182,7 @@ These are various containers in use throughout our ecosystem. We should update o - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/coreos-ostree-importer/Dockerfile) - [ImageStream](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-ostree-importer/templates/imagestream.yml) - [BuildConfig](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/coreos-ostree-importer/templates/buildconfig.yml) +- [ ] Update fedora-ostree-pruner + - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/fedora-ostree-pruner/Dockerfile) + - [ImageStream](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/fedora-ostree-pruner/templates/imagestream.yml) + - [BuildConfig](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/fedora-ostree-pruner/templates/buildconfig.yml) From 11495a13acaa963590aa4c8860c6b345a1a0de91 Mon Sep 17 00:00:00 2001 From: Guillaume Date: Wed, 7 Jun 2023 12:04:46 -0400 Subject: [PATCH 105/167] meeting-people: add guidon --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 093c1db..7f175d8 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -8,6 +8,7 @@ anthr76 apiaseck davdunc dustymabe +guidon gursewak jaimelm jbrooks From 79286a93fd0d91db2eb698b40cf0a1dd91d41008 Mon Sep 17 00:00:00 2001 From: sumantrom Date: Sat, 24 Jun 2023 09:23:20 +0530 Subject: [PATCH 106/167] update version bump --- docs/fedora-coreos-kernel-bisect.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/fedora-coreos-kernel-bisect.md b/docs/fedora-coreos-kernel-bisect.md index 040555b..507d902 100644 --- a/docs/fedora-coreos-kernel-bisect.md +++ b/docs/fedora-coreos-kernel-bisect.md @@ -37,7 +37,7 @@ Here's a summary of what those branches are used for: - `os-build` - The latest bits that track the under development yet to be release kernel. -- `fedora-5.16` +- `fedora-6.3` - Follows a particular released kernel stream. This is where things are merged before they are fed into dist-git. If you want a commit reverted this is where it will land first. @@ -54,7 +54,7 @@ environment directly in the VM. If not you'll probably want to use a container for your kernel builds. Here's how to start up a container: ``` -podman run -it --name=kbuild -v /path/to/kernel/git/:/path/to/kernel/git/ registry.fedoraproject.org/fedora:37 +podman run -it --name=kbuild -v /path/to/kernel/git/:/path/to/kernel/git/ registry.fedoraproject.org/fedora:38 ``` NOTE: try to use the same Fedora Cloud or Fedora container version as From 447ed11f36d6562057e25a534456edfac842e2bf Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 28 Jun 2023 09:07:12 -0400 Subject: [PATCH 107/167] templates/implementing-new-platform: update for website revamp --- .github/ISSUE_TEMPLATE/implementing-new-platform.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/implementing-new-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-platform.md index a3b3d0c..fab2e6d 100644 --- a/.github/ISSUE_TEMPLATE/implementing-new-platform.md +++ b/.github/ISSUE_TEMPLATE/implementing-new-platform.md @@ -23,8 +23,10 @@ Create PR's addressing the following: - [ ] Implement required functionality to support new platform - [ ] [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) - [ ] Add a stanza to `platforms.yaml` if the system should use a serial console, or both serial and graphical consoles -- [ ] [fedora-web](https://pagure.io/fedora-web/websites) ([example PR](https://pagure.io/fedora-web/websites/pull-request/221#request_diff)) - - [ ] Add platform to `sites/static/js/coreos-download.js` +- [ ] [fedora-websites-3.0](https://gitlab.com/fedora/websites-apps/fedora-websites/fedora-websites-3.0/) + - [ ] Add friendly name for platform to `components/utilities/FpDownloadItem.vue` + - [ ] Add artifact to `pages/coreos/download.vue` + - [ ] Possibly add logo to `content/editions/coreos/home.yml` - [ ] [fedora-coreos-browser](https://github.com/coreos/fedora-coreos-browser) ([example PR](https://github.com/coreos/fedora-coreos-browser/pull/35)) - [ ] Add a list element for new platform in `browser/index.html` - [ ] [build pipeline](https://github.com/coreos/fedora-coreos-pipeline) ([example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/815)) From 62c8aac92a11bdd14c4fdcdd1ed249d939c4b626 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 28 Jun 2023 09:15:35 -0400 Subject: [PATCH 108/167] templates/implementing-new-platform: manual tagging -> checklists stream-metadata-go and fedora-coreos-stream-generator have release checklists now. Use those instead of providing manual tagging instructions. --- .../implementing-new-platform.md | 27 +++++-------------- 1 file changed, 6 insertions(+), 21 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/implementing-new-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-platform.md index fab2e6d..861ad1c 100644 --- a/.github/ISSUE_TEMPLATE/implementing-new-platform.md +++ b/.github/ISSUE_TEMPLATE/implementing-new-platform.md @@ -46,27 +46,12 @@ Create PR's addressing the following: - [ ] fedora-coreos-tracker - [ ] fedora website - [ ] fedora-coreos-browser -1. Create and push signed tags with appropriate versions - ``` - # Ensure gpg key for signing in github settings that is associated to redhat email. - # Verify you are on the upstream repo's main branch. - - git status - - RELEASE_VER=vx.y.z - # Replace 'x.y.z' with the appropriate numbers. - - git tag -s ${RELEASE_VER} - # Give appropriate detail to tag, check previous tags with 'git show ${RELEASE_VER}' - - git push git@github.com:coreos/targeted-repo.git ${RELEASE_VER} - # Navigate to the targeted-repo's tag section to ensure a valid signed tag is listed. - # e.g. https://github.com/...repo/tags - ``` - 1. [ ] Tag stream-metadata-go following the above steps. After tagging, ensure that dependabot has picked up latest version, and merged it into fedora-coreos-stream-generator && coreos-assembler. - - These can be triggered manually by navigating to [fedora-coreos-stream-generator's Dependabot](https://github.com/coreos/fedora-coreos-stream-generator/network/updates/) and [coreos-assembler's Dependabot](https://github.com/coreos/coreos-assembler/network/updates) respectively; then, clicking "Check for updates". - - This might need to be done a few times, as the Dependabot might not pickup tag changes for a few attempts after initial tagging. - 2. [ ] Tag fedora-coreos-stream-generator following the above steps. +1. Release updated components + - [ ] Create and follow release checklist for [stream-metadata-go](https://github.com/coreos/stream-metadata-go/blob/main/docs/development.md#release-process) + - [ ] Ensure that Dependabot has PRed stream-metadata-go into fedora-coreos-stream-generator and coreos-assembler. Merge the update PRs. + - This can be triggered manually by navigating to [fedora-coreos-stream-generator's Dependabot](https://github.com/coreos/fedora-coreos-stream-generator/network/updates/) and [coreos-assembler's Dependabot](https://github.com/coreos/coreos-assembler/network/updates) respectively, then clicking "Check for updates". + - This might need to be done a few times, as Dependabot might not pick up tag changes for a few attempts after initial tagging. + - [ ] Create and follow release checklist for [fedora-coreos-stream-generator](https://github.com/coreos/fedora-coreos-stream-generator/blob/main/docs/development.md#release-process) 1. Merge the following changes: - [ ] coreos-assembler 1. Wait for updates made to coreos-assembler to be propagated to latest container From d33efd9fa6938521667d038223d3128240ba925e Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 28 Jun 2023 11:43:02 -0400 Subject: [PATCH 109/167] Add Hyper-V metadata Add example metadata for hyperv platform. This supports: * https://github.com/coreos/fedora-coreos-tracker/issues/1411 * https://github.com/coreos/fedora-coreos-tracker/issues/1424 Co-authored-by: Brent Baude --- metadata/release/sample.json | 11 +++++++++++ metadata/stream/rationale.yaml | 8 ++++++++ metadata/stream/sample.json | 12 ++++++++++++ 3 files changed, 31 insertions(+) diff --git a/metadata/release/sample.json b/metadata/release/sample.json index 5de39b8..4b46161 100644 --- a/metadata/release/sample.json +++ b/metadata/release/sample.json @@ -91,6 +91,17 @@ } } }, + "hyperv": { + "artifacts": { + "vhdx.zip": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-hyperv.vhdx.zip", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-hyperv.vhdx.zip.sig", + "sha256": "a889159d661339e635372b807f0a98bb93c64aabfaf89a801b2f03491488f0ef" + } + } + } + }, "ibmcloud": { "artifacts": { "qcow2.xz": { diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 4a7c2f0..fb81a66 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -78,6 +78,14 @@ architectures: signature: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz.sig sha256: 96fb92427ae41e4649b934ca495991b7852b85e3b0c44298fc1c149afbf4c895 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + hyperv: + release: 30.1.2.3 + formats: + "vhdx.zip": + disk: + location: https://artifacts.example.com/quohgh8ei0uzaD5a.vhdx.zip + signature: https://artifacts.example.com/quohgh8ei0uzaD5a.vhdx.zip.sig + sha256: 4c8996fb92427ae41e4649b934ca4e3b0c44298fc1c149afbf95991b7852b855 ibmcloud: release: 30.1.2.3 formats: diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index 47105ad..63dc7b6 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -96,6 +96,18 @@ } } }, + "hyperv": { + "release": "33.20210412.3.0", + "formats": { + "vhdx.zip": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-hyperv.x86_64.vhdx.zip", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-hyperv.x86_64.vhdx.zip.sig", + "sha256": "728e876d87ec71de27fc1d882840e6877346423433339a2b8606fa28e57413fd" + } + } + } + }, "ibmcloud": { "release": "33.20210412.3.0", "formats": { From d5b8877ce9e54d740017234e8693080b151ca7c5 Mon Sep 17 00:00:00 2001 From: Michael Armijo Date: Mon, 17 Jul 2023 23:17:11 -0400 Subject: [PATCH 110/167] meeting-people: add marmijo --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 7f175d8..9e898e5 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -17,6 +17,7 @@ jdoss jlebon jmarrero lorbus +marmijo miabbott nasirhm quentin9696[m] From 607189076246dd5cb8334f18061c09160787aa89 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Tue, 1 Aug 2023 16:15:08 -0400 Subject: [PATCH 111/167] templates: add new-feature template Propose a process checklist for implementing a new feature, along with an initial list of potential complications to think about. This may not be universally accepted or widely used. But, I had some process notes sitting around, and maybe they'll be useful as a starting point. --- .github/ISSUE_TEMPLATE/new-feature.md | 59 +++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/new-feature.md diff --git a/.github/ISSUE_TEMPLATE/new-feature.md b/.github/ISSUE_TEMPLATE/new-feature.md new file mode 100644 index 0000000..808e7b6 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/new-feature.md @@ -0,0 +1,59 @@ +--- +name: Implement a feature +about: Propose a design for a new feature +--- + +# Feature proposal + +## Description + + + +## Implementation PRs + + + +## Did you consider? + + + +- Storage + - [ ] Disk space usage + - [ ] Behavior on 4Kn disks + - [ ] Compatibility with multiple ESPs (Butane `boot_device.mirror`) +- First boot + - [ ] Behavior on first boot vs. second boot + - [ ] initrd networking requirements + - [ ] Reprovisioned systems that reused existing storage devices +- OS update + - [ ] Behavior after an OS rollback + - [ ] Compatibility with old bootloaders +- Architectures + - aarch64 + - [ ] Compatibility with non-UEFI boot + - ppc64le + - [ ] Whether new GRUB directives are supported by petitboot + - s390x + - [ ] Endianness issues + - [ ] Need to rerun `zipl` to update kernel or kargs + - [ ] ECKD/MBR lack of partition labels + - [ ] ECKD maximum partition count +- Implementation + - [ ] How interlocking PRs will be ratcheted into repos + +## Implementation steps + +- [ ] Create tracker ticket with initial design (above) +- [ ] Initial discussion and refinement in the ticket +- [ ] Add `meeting` label +- [ ] Discuss at community meeting +- [ ] Further refinement + - [ ] Post draft [fedora-coreos-docs](https://github.com/coreos/fedora-coreos-docs/) PR, ideally before doing any implementation, to help identify design problems. +- [ ] Update issue description with final proposal and post a comment saying that you did +- [ ] Verify that rough consensus exists +- [ ] Implement. Post PR links in the section above. In the description of each PR, link to this issue and specify the prerequisites for merging. + - [ ] Add kola test(s) for new feature +- [ ] Land implementation PRs, in order +- [ ] Wait for the functionality to reach FCOS stable +- [ ] Land docs PR +- [ ] Remove any ratcheting glue (e.g. workarounds in coreos-assembler) From bf33033bdc0b226bbd7e45798188130691f4d349 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Wed, 9 Aug 2023 18:41:38 +0200 Subject: [PATCH 112/167] README: Add direct IRC webchat link for meetings --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index db92e0a..84429d9 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,8 @@ See [RELEASES.md](RELEASES.md). # Meetings The Fedora CoreOS Working Group has a weekly meeting. The meeting usually -happens in `#fedora-meeting-1` on irc.libera.chat and the schedule for the +happens in `#fedora-meeting-1` on irc.libera.chat +([Webchat](https://web.libera.chat/#fedora-meeting-1)) and the schedule for the meeting can be found here: https://calendar.fedoraproject.org/CoreOS/ Currently, meetings are at `16:30 UTC` on Wednesdays. From 695200b4c1c47a7f51a8b0759f1931b82acb8697 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 11 Aug 2023 22:31:36 -0400 Subject: [PATCH 113/167] docs: updates for kernel bisect docs Every time I run this I come across more to add. --- docs/fedora-coreos-kernel-bisect.md | 50 ++++++++++++++++++++++++++--- 1 file changed, 46 insertions(+), 4 deletions(-) diff --git a/docs/fedora-coreos-kernel-bisect.md b/docs/fedora-coreos-kernel-bisect.md index 507d902..0742cfc 100644 --- a/docs/fedora-coreos-kernel-bisect.md +++ b/docs/fedora-coreos-kernel-bisect.md @@ -64,7 +64,7 @@ Once inside the VM or container we need to install some software to build the ke ``` sudo dnf update -y && \ -sudo dnf install -y rpm-build rsync 'dnf-command(builddep)' && \ +sudo dnf install -y make rpm-build rsync 'dnf-command(builddep)' && \ sudo dnf builddep -y kernel # reboot here if in a VM ``` @@ -76,7 +76,9 @@ which makes very large files: ``` cd /path/to/kernel/git/ -curl https://src.fedoraproject.org/rpms/kernel/raw/f37/f/kernel-x86_64-fedora.config > .config +RELEASE=f38 # or RELEASE=rawhide +curl "https://src.fedoraproject.org/rpms/kernel/raw/${RELEASE}/f/kernel-x86_64-fedora.config" > .config.fedora +cp .config.fedora .config sed -i 's/CONFIG_DEBUG_KERNEL=y/CONFIG_DEBUG_KERNEL=n/' .config ``` @@ -86,8 +88,10 @@ To build and install the kernel directly on the system (i.e. on Fedora Cloud Bas you can run the following: ``` +# Set make target. See https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel.spec +make_target=bzImage # for x86_64 or vmlinux(ppc64le) or vmlinuz.efi(aarch64) make olddefconfig -make -j$(nproc) bzImage +make -j$(nproc) $make_target make -j$(nproc) modules sudo make modules_install sudo make install @@ -109,7 +113,12 @@ Then run the following script to build and install the kernel: cat build.sh #!/bin/bash set -eux -o pipefail -make -j$(nproc) bzImage +cp .config.fedora .config +sed -i 's/CONFIG_DEBUG_KERNEL=y/CONFIG_DEBUG_KERNEL=n/' .config +# Set make target. See https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel.spec +make_target=bzImage # for x86_64 or vmlinux(ppc64le) or vmlinuz.efi(aarch64) +make olddefconfig +make -j$(nproc) $make_target make -j$(nproc) modules sudo make modules_install sudo make install @@ -127,6 +136,12 @@ sudo rm -vf /boot/initramfs*bisect* /boot/vmlinuz-*bisect* /boot/System.map-*bis sudo rm -rf /lib/modules/*bisect* ``` +Then you can automate with: + +``` +bash clean.sh && bash build.sh +``` + ## 2. Directly Building and Creating an RPM from the Kernel Source git repo In this scenario we're creating an RPM that can either then be package @@ -185,3 +200,30 @@ Jens Axboe linux-block@vger.kernel.org linux-kernel@vger.kernel.org ``` + +## Testing out fixes with Fedora's kernel + +Once you have a proposed fix/patch you can easily build a Fedora kernel RPM by +adding your patch to the [`linux-kernel-test.patch` file](https://docs.fedoraproject.org/en-US/quick-docs/kernel/testing-patches/#_applying_the_patch) +in the [kernel distgit repo](https://src.fedoraproject.org/rpms/kernel). + +After adding your patch you can then use `fedpkg` to build a new +kernel for your target architecture. For example: + +``` +fedpkg scratch-build --srpm --arch=x86_64 +``` + +Once the build is complete you can grab the RPMs using the `koji` CLI: + +``` +koji download-task +``` + +Placing these RPMs into the `overrides/rpm` directory and do a new COSA build +will give you a CoreOS build with the patched kernel. + +After the tested patch looks good you can then open a PR to the `fedora-X.Y` +branch in the `kernel-ark` repo. See the above +[Kernel Source git Repos](#kernel-source-git-repos) +section for more details. From 58f95196be9e7806d7967e3153a8436682ce1b68 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 11 Aug 2023 22:38:53 -0400 Subject: [PATCH 114/167] docs: add docs for doing a systemd git bisect --- docs/fedora-coreos-systemd-bisect.md | 66 ++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 docs/fedora-coreos-systemd-bisect.md diff --git a/docs/fedora-coreos-systemd-bisect.md b/docs/fedora-coreos-systemd-bisect.md new file mode 100644 index 0000000..673804a --- /dev/null +++ b/docs/fedora-coreos-systemd-bisect.md @@ -0,0 +1,66 @@ + +# Systemd regressions need bisecting + +Similar to the kernel, systemd is often a core component of our +stack that has regressions that aren't easy to identify just by +inspecting a changelog. + +## Systemd Source git Repos + +There are a few kernel source git repositories to know about: + +- `https://github.com/systemd/systemd.git` + - Where the latest upstream development happens +- `https://github.com/systemd/systemd-stable.git` + - Where stable/LTS tags are handled (backports to stable branches happen here) + +There is also the [Fedora dist-git repo](https://src.fedoraproject.org/rpms/systemd). + +## Creating a Kernel Build Environment + +You can use a container to build systemd from upstream. + +``` +SHARED=/path/to/shared/directory/ +RELEASE=38 +podman run -it --name=systemdbuild -v "${SHARED}:${SHARED}" "registry.fedoraproject.org/fedora:${RELEASE}" +``` + +``` +sudo dnf update -y && \ +sudo dnf install -y make rpm-build rsync 'dnf-command(builddep)' && \ +sudo dnf builddep -y systemd +``` + +We can now make changes to the git repo (revert commits, etc) and run a few +commands to build systemd. If doing a +[`git` bisect](https://www.kernel.org/doc/html/latest/admin-guide/bug-bisect.html) +run the commands needed to start the bisect. + +## Doing the systemd build/test + +To build systemd you can run the following commands. These commands +were adapted from the notes in the +[Systemd README](https://github.com/systemd/systemd/blob/579fbe5b789cbee10546f6274c39be311e71e49c/README#L233-L247). + + +``` +meson setup build/ +``` + +And then the following can be iterated upon for each commit to test: + +``` +export DESTDIR=/path/to/shared/directory/fcos/overrides/rootfs/ +ninja -C build && ninja -C build install +``` + +NOTE: If you run into `permission denied` errors when copying the files around check for SELinux denails. + +Now you can run COSA to build/test. From the COSA directory: + +``` +cosa build && cosa kola run mytest +``` + +Now you can iterate until you find the problematic commit. From 43184b292d45203a80bd1d4405a4aaee2160fea0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Mon, 14 Aug 2023 11:43:33 +0200 Subject: [PATCH 115/167] README: Update for Matrix/IRC bridge down --- README.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 84429d9..acdb56e 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,15 @@ technologies and produce Fedora CoreOS. - main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) -- IRC/Matrix: [`#fedora-coreos` on Libera.Chat](https://web.libera.chat/#fedora-coreos) (ircs://irc.libera.chat:6697/#fedora-coreos) or [`#coreos:fedoraproject.org` on Matrix](https://matrix.to/#/#coreos:fedoraproject.org) +- Chat rooms: + - Matrix: [`#coreos:fedoraproject.org` on Matrix](https://matrix.to/#/#coreos:fedoraproject.org) + - IRC: [`#fedora-coreos` on Libera.Chat](https://web.libera.chat/#fedora-coreos) (ircs://irc.libera.chat:6697/#fedora-coreos) + - As of 2023-08-06 14UTC, the two rooms are not bridged together anymore thus + writing a message to IRC will not reach Matrix users (and vice versa). Note + that a lot of CoreOS developers have moved to Matrix thus the IRC channel + is likely to get less attention and we recommend joining via Matrix. See + [Matrix to libera.chat (IRC) bridge unavailable](https://communityblog.fedoraproject.org/matrix-to-libera-chat-irc-bridge-unavailable/). + The meetings still happen on IRC for now. - forum at [https://discussion.fedoraproject.org/tag/coreos](https://discussion.fedoraproject.org/tag/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) @@ -63,6 +71,13 @@ happens in `#fedora-meeting-1` on irc.libera.chat meeting can be found here: https://calendar.fedoraproject.org/CoreOS/ Currently, meetings are at `16:30 UTC` on Wednesdays. +As the +[Matrix/IRC bridge is down](https://communityblog.fedoraproject.org/matrix-to-libera-chat-irc-bridge-unavailable/), +it is currently not possible to attend the meeting from a Matrix account and +you have to join using IRC. You can use the +[Webchat](https://web.libera.chat/#fedora-meeting-1) to temporarily join the +meeting on IRC. + ## Steps to run the meeting - `cd` to a local checkout of this repo and `git pull` From 80d5f824b8d53b3f90821aed514b1435e34e1256 Mon Sep 17 00:00:00 2001 From: Yasmin Valim Date: Fri, 1 Sep 2023 09:49:45 -0300 Subject: [PATCH 116/167] meeting-people: add ydesouza Add myself in meeting-people.txt file to receive notifications about Fedora CoreOS community meetings --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 9e898e5..39bb15d 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -24,3 +24,4 @@ quentin9696[m] ravanelli saqali walters +ydesouza \ No newline at end of file From 6ec37033deb0f9daeaf0d170359556a855cbbd73 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 7 Sep 2023 11:54:22 -0400 Subject: [PATCH 117/167] Only mention Matrix channel as chat room We'd like to direct all communications to the Matrix channel going forward, so let's drop mentions of the IRC channel. Related: https://github.com/coreos/fedora-coreos-tracker/issues/1566 --- README.md | 11 ++--------- docs/ci-and-builds.md | 2 +- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index acdb56e..50a1380 100644 --- a/README.md +++ b/README.md @@ -27,15 +27,8 @@ technologies and produce Fedora CoreOS. - main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) -- Chat rooms: - - Matrix: [`#coreos:fedoraproject.org` on Matrix](https://matrix.to/#/#coreos:fedoraproject.org) - - IRC: [`#fedora-coreos` on Libera.Chat](https://web.libera.chat/#fedora-coreos) (ircs://irc.libera.chat:6697/#fedora-coreos) - - As of 2023-08-06 14UTC, the two rooms are not bridged together anymore thus - writing a message to IRC will not reach Matrix users (and vice versa). Note - that a lot of CoreOS developers have moved to Matrix thus the IRC channel - is likely to get less attention and we recommend joining via Matrix. See - [Matrix to libera.chat (IRC) bridge unavailable](https://communityblog.fedoraproject.org/matrix-to-libera-chat-irc-bridge-unavailable/). - The meetings still happen on IRC for now. +- Chat room: [`#coreos:fedoraproject.org` on Matrix](https://matrix.to/#/#coreos:fedoraproject.org) + - Note that meetings still happen on IRC for now (see below). - forum at [https://discussion.fedoraproject.org/tag/coreos](https://discussion.fedoraproject.org/tag/coreos) - feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) diff --git a/docs/ci-and-builds.md b/docs/ci-and-builds.md index e06f704..de0f206 100644 --- a/docs/ci-and-builds.md +++ b/docs/ci-and-builds.md @@ -51,7 +51,7 @@ Examples: ## quay.io/coreos-assembler namespace -A key aspect of Fedora CoreOS as well as RHEL CoreOS is [coreos-assembler](https://github.com/coreos/coreos-assembler). As of today, we build it in quay.io and deliver it that way in the `quay.io/coreos-assembler` namespace. The list of administrators for this namespace is managed independently of anything else. If you think you need administrator access, file a ticket or ask on #fedora-coreos IRC. +A key aspect of Fedora CoreOS as well as RHEL CoreOS is [coreos-assembler](https://github.com/coreos/coreos-assembler). As of today, we build it in quay.io and deliver it that way in the `quay.io/coreos-assembler` namespace. The list of administrators for this namespace is managed independently of anything else. If you think you need administrator access, file a ticket or ask on `#coreos:fedoraproject.org` on Matrix. ### The buildroot container: quay.io/coreos-assembler/fcos-buildroot:testing-devel From f4e9b3a8ee7fe6b20131c9668b9581f1c9e609a3 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 7 Sep 2023 11:55:39 -0400 Subject: [PATCH 118/167] README: capitalize bullet points in comms section --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 50a1380..eb03fa9 100644 --- a/README.md +++ b/README.md @@ -25,14 +25,14 @@ technologies and produce Fedora CoreOS. # Communication channels for Fedora CoreOS -- main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) -- status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) +- Main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) +- Status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) - Chat room: [`#coreos:fedoraproject.org` on Matrix](https://matrix.to/#/#coreos:fedoraproject.org) - Note that meetings still happen on IRC for now (see below). -- forum at [https://discussion.fedoraproject.org/tag/coreos](https://discussion.fedoraproject.org/tag/coreos) -- feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) -- website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) -- documentation at [https://docs.fedoraproject.org/en-US/fedora-coreos/](https://docs.fedoraproject.org/en-US/fedora-coreos/) +- Forum at [https://discussion.fedoraproject.org/tag/coreos](https://discussion.fedoraproject.org/tag/coreos) +- Feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) +- Website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) +- Documentation at [https://docs.fedoraproject.org/en-US/fedora-coreos/](https://docs.fedoraproject.org/en-US/fedora-coreos/) - Twitter: [@fedoracoreos](https://twitter.com/fedoracoreos) # Roadmap/Plans From 1297b8d04c851e4128994d6811cf467623d97650 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Thu, 7 Sep 2023 11:57:33 -0400 Subject: [PATCH 119/167] README: link to Fedora's Matrix server --- README.md | 2 +- docs/ci-and-builds.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index eb03fa9..75f3f51 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ technologies and produce Fedora CoreOS. - Main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - Status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) -- Chat room: [`#coreos:fedoraproject.org` on Matrix](https://matrix.to/#/#coreos:fedoraproject.org) +- Chat room: [`#coreos:fedoraproject.org` on Matrix](https://chat.fedoraproject.org/#/room/#coreos:fedoraproject.org) - Note that meetings still happen on IRC for now (see below). - Forum at [https://discussion.fedoraproject.org/tag/coreos](https://discussion.fedoraproject.org/tag/coreos) - Feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) diff --git a/docs/ci-and-builds.md b/docs/ci-and-builds.md index de0f206..aeffbf0 100644 --- a/docs/ci-and-builds.md +++ b/docs/ci-and-builds.md @@ -51,7 +51,7 @@ Examples: ## quay.io/coreos-assembler namespace -A key aspect of Fedora CoreOS as well as RHEL CoreOS is [coreos-assembler](https://github.com/coreos/coreos-assembler). As of today, we build it in quay.io and deliver it that way in the `quay.io/coreos-assembler` namespace. The list of administrators for this namespace is managed independently of anything else. If you think you need administrator access, file a ticket or ask on `#coreos:fedoraproject.org` on Matrix. +A key aspect of Fedora CoreOS as well as RHEL CoreOS is [coreos-assembler](https://github.com/coreos/coreos-assembler). As of today, we build it in quay.io and deliver it that way in the `quay.io/coreos-assembler` namespace. The list of administrators for this namespace is managed independently of anything else. If you think you need administrator access, file a ticket or ask on [`#coreos:fedoraproject.org` on Matrix](https://chat.fedoraproject.org/#/room/#coreos:fedoraproject.org). ### The buildroot container: quay.io/coreos-assembler/fcos-buildroot:testing-devel From ebef34bc1b011791545457920e0ae535f79fbd66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Mon, 4 Sep 2023 19:08:30 +0200 Subject: [PATCH 120/167] Issue template: Add "emerging platform" template Add a new template that does not include all the steps to generate boot images. We'll use that template for "emerging" platforms where we don't have full support yet. This will help adding new platforms to Fedora CoreOS without imposing an ever increasing burden on our release pipeline and cloud storage by creating more (mostly) duplicated boot images. --- .../implementing-new-emerging-platform.md | 41 +++++++++++++++++++ .../implementing-new-platform.md | 2 +- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 .github/ISSUE_TEMPLATE/implementing-new-emerging-platform.md diff --git a/.github/ISSUE_TEMPLATE/implementing-new-emerging-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-emerging-platform.md new file mode 100644 index 0000000..de334f4 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/implementing-new-emerging-platform.md @@ -0,0 +1,41 @@ +# Implementing a new emerging platform + +This template is a simplified version of the +[full template](https://github.com/coreos/fedora-coreos-tracker/blob/main/.github/ISSUE_TEMPLATE/implementing-new-platform.md) +that only includes what is strictly needed to get initial support for a new +platform in Fedora CoreOS. This simplified version notably does not include the +steps needed to add new boot images to the release process. + +Platforms added via this process are labelled "emerging" and users will have to +get boot images for them by converting existing images in the right format and +changing the `ignition.platform.id=` command line parameter. + +This process will be documented using `guestfish` as an example. + +## During Development + +Create PRs addressing the following: + +- [ ] [Ignition](https://github.com/coreos/ignition/) ([example PR](https://github.com/coreos/ignition/pull/918)) + - [ ] Add userdata fetch + - [ ] If the platform supports it (unlikely), add userdata deletion +- [ ] [Afterburn](https://github.com/coreos/afterburn/) ([example PR](https://github.com/coreos/afterburn/pull/451)) + - [ ] (Cloud Only) Add relevant attributes + - [ ] (Cloud Only) Add SSH key support if available + - [ ] (Cloud Only) Add hostname support if available + - [ ] (Cloud Only) Add check-in if needed (unlikely) +- [ ] [fedora-coreos-docs](https://github.com/coreos/fedora-coreos-docs) ([example PR](https://github.com/coreos/fedora-coreos-docs/pull/377)) + - [ ] Add a `provisioning-.adoc` that walks through how to setup the new platform + - [ ] Add an entry in the `modules/ROOT/nav.adoc` that points to new documentation +- [ ] (Optional but recommended) Add support for the platform to [kola](https://github.com/coreos/coreos-assembler) to simplify testing +- Create or ask for a new upstream releases for: + - [ ] Ignition + - [ ] Afterburn +- Wait for new images with updated Ignition and Afterburn to reach stable then + merge documentation with `guestfish` commands: + - [ ] fedora-coreos-docs + +## At Release + +There are no "At Release" steps as we do not produce new boot images for +emerging platforms/ diff --git a/.github/ISSUE_TEMPLATE/implementing-new-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-platform.md index 861ad1c..d297c74 100644 --- a/.github/ISSUE_TEMPLATE/implementing-new-platform.md +++ b/.github/ISSUE_TEMPLATE/implementing-new-platform.md @@ -2,7 +2,7 @@ ## During Development -Create PR's addressing the following: +Create PRs addressing the following: - [ ] [Ignition](https://github.com/coreos/ignition/) ([example PR](https://github.com/coreos/ignition/pull/918)) - [ ] Add userdata fetch From 71b7807c2fa24018da87868864809d2ea78f42a2 Mon Sep 17 00:00:00 2001 From: Steven Presti Date: Wed, 4 Oct 2023 16:57:41 -0400 Subject: [PATCH 121/167] readme: update meeting notes With the addition of the new repo for creating dynamic fcos meeting checklists, update readme to mention its location, and make old meeting notes legacy, and minimized. --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index 75f3f51..38b4355 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,14 @@ meeting on IRC. ## Steps to run the meeting +The fedora meeting host can follow the guide which is curated by the [fcos-meeting-action](https://github.com/coreos/fcos-meeting-action) repo. +Every Wednesday a new checklist will be available in the form of a issue in the fcos-meeting-action repo, which can be used to run the meeting. + +If the action meeting repo is not available for some reason, the host can follow the below steps to run the meeting. +
+Legacy Meeting steps +## Steps to run the meeting + - `cd` to a local checkout of this repo and `git pull` - Ping [meeting people](https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt) in `#fedora-coreos` on libera.chat - `bash meeting-people.txt` @@ -134,6 +142,7 @@ Log: ``` +
# Voting From 45030379f317e704868f22f0d0b8ed1093e5ecae Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 3 Nov 2023 09:41:37 -0400 Subject: [PATCH 122/167] templates/rebase: document adding/removing `fedora-candidate-compose` repo This is a repo that we only want during the Beta period. Make sure we remove it otherwise. Closes: #1602 --- .github/ISSUE_TEMPLATE/rebase.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 6e6cca0..0aad580 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -51,6 +51,7 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b ### Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `next-devel` - [ ] Bump `releasever` in `manifest.yaml` +- [ ] Add the `fedora-candidate-compose` repo in `manifest.yaml` ([example PR](https://github.com/coreos/fedora-coreos-config/pull/2706)) - [ ] Update the repos in `manifest.yaml` if needed - [ ] Run `cosa fetch --dry-run --update-lockfile` - this updates the x86_64 lockfile - the others will get updated when `bump-lockfile` runs. @@ -95,6 +96,9 @@ We prefer to disable `next-devel` when there is no difference between `testing-d - [ ] Update [repo-templates](https://github.com/coreos/repo-templates) [config.yaml](https://github.com/coreos/repo-templates/blob/main/config.yaml) with the version number and GPG key ID for Fedora (N). +### Disable the `fedora-candidate-compose` repo + +- [ ] Remove from the `manifest.yaml` of `next-devel` the `fedora-candidate-compose` repo ## After Fedora (N) GA From ef2261863e904688e41ca751f2b8b097b4ddafea Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 3 Nov 2023 09:46:21 -0400 Subject: [PATCH 123/167] templates/rebase: document final `next` release before GA This is what we do in practice but it wasn't documented. --- .github/ISSUE_TEMPLATE/rebase.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 0aad580..599c53f 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -70,6 +70,12 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b ## Preparing for Fedora (N) GA +### Ship a final `next` release + +If the packages in `next-devel` don't exactly match the last `next` release that was done, we need to do a release with the final GA content. This ensures that what we'll promote to `testing` has the exact content in GA (plus version fast-tracks). This usually happens on the Thursday of the announcement of Go. + +- [ ] Ensure final `next` release has GA content + ### Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` - [ ] Bump `releasever` in `manifest.yaml` From d7d4db53e22c3a4b203b4e2e5e8b4f5bb050a5b4 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 3 Nov 2023 13:59:47 -0400 Subject: [PATCH 124/167] templates/rebase: mention that testing GA release is promoted from next --- .github/ISSUE_TEMPLATE/rebase.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 599c53f..9abcafd 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -89,7 +89,7 @@ If the packages in `next-devel` don't exactly match the last `next` release that ### Ship rebased `testing` -- [ ] Ship `testing` +- [ ] Ship `testing`; promote it from the `next` branch instead of `testing-devel` - [ ] Set a new update barrier for the final release of N-1 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) ### Disable `next-devel` stream From 5f1d0ebc551ac8306968875ad91f87523d9b4cba Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 3 Nov 2023 14:01:44 -0400 Subject: [PATCH 125/167] templates/rebase: clarify `testing` release staging Make a separate step for staging the `testing` build and releasing it since that's what we actually do in practice. --- .github/ISSUE_TEMPLATE/rebase.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 9abcafd..ee3fb56 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -70,12 +70,18 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b ## Preparing for Fedora (N) GA +Do these steps as soon as we have a Go confirmation for GA, usually the Thursday of the week before GA. + ### Ship a final `next` release If the packages in `next-devel` don't exactly match the last `next` release that was done, we need to do a release with the final GA content. This ensures that what we'll promote to `testing` has the exact content in GA (plus version fast-tracks). This usually happens on the Thursday of the announcement of Go. - [ ] Ensure final `next` release has GA content +### Build rebased `testing` + +- [ ] Build `testing`; promote it from the `next` branch instead of `testing-devel`. Don't release it yet (i.e. don't run the `release` job). + ### Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` - [ ] Bump `releasever` in `manifest.yaml` @@ -87,12 +93,14 @@ If the packages in `next-devel` don't exactly match the last `next` release that ## At Fedora (N) GA -### Ship rebased `testing` +Do these steps on GA day. + +### Release rebased `testing` -- [ ] Ship `testing`; promote it from the `next` branch instead of `testing-devel` +- [ ] Run the `release` job and start rollout. - [ ] Set a new update barrier for the final release of N-1 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) -### Disable `next-devel` stream +### Disable `next-devel` stream if not needed We prefer to disable `next-devel` when there is no difference between `testing-devel` and `next-devel`. This allows us to prevent wasting a bunch of resources (bandwidth, storage, compute) for no reason. After the switch to N if `next-devel` and `testing-devel` are in lockstep, then disable `next-devel`. From 7e2ec97cd86962539c099668cd1c744d43ba818a Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 6 Nov 2023 15:18:28 -0500 Subject: [PATCH 126/167] templates/rebase: mention the final stable N-1 release Reflects reality, as described in https://github.com/coreos/fedora-coreos-tracker/blob/main/Design.md#major-fedora-version-rebases --- .github/ISSUE_TEMPLATE/rebase.md | 7 ++++--- Design.md | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index ee3fb56..7475c41 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -78,8 +78,9 @@ If the packages in `next-devel` don't exactly match the last `next` release that - [ ] Ensure final `next` release has GA content -### Build rebased `testing` +### Build rebased `testing` and final `stable` release on N-1 +- [ ] Build `stable`; promote it from the `testing` branch, which should still be on N-1. Don't release it yet (i.e. don't run the `release` job). - [ ] Build `testing`; promote it from the `next` branch instead of `testing-devel`. Don't release it yet (i.e. don't run the `release` job). ### Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` @@ -95,9 +96,9 @@ If the packages in `next-devel` don't exactly match the last `next` release that Do these steps on GA day. -### Release rebased `testing` +### Release rebased `testing` and final `stable` release on N-1 -- [ ] Run the `release` job and start rollout. +- [ ] Run the `release` job for the staged `testing` and `stable` builds and start rollout. - [ ] Set a new update barrier for the final release of N-1 on `testing`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) ### Disable `next-devel` stream if not needed diff --git a/Design.md b/Design.md index af85d0c..71add3d 100644 --- a/Design.md +++ b/Design.md @@ -87,6 +87,7 @@ The release process integrates with Fedora's release milestones in the following - Week -1 (Fedora "Go" Decision): `next` release: - `next` release with final Fedora GA content - Week 0 (GA release): triple release: + - `stable` release promoted from previous `testing` (on N-1) - `testing` release promoted from previous `next` - `next` release contains latest Fedora N content, including Bodhi updates - Week 2: triple release: From 7d03050619949f7fc4e9e826fe63720e4db292ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Wed, 22 Nov 2023 19:17:01 +0100 Subject: [PATCH 127/167] README: Update for Matrix based meetings Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/1616 --- README.md | 50 +++++++++++++++++++++++----------------------- meeting-people.txt | 4 ++-- 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 38b4355..c80bfda 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,6 @@ technologies and produce Fedora CoreOS. - Main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - Status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) - Chat room: [`#coreos:fedoraproject.org` on Matrix](https://chat.fedoraproject.org/#/room/#coreos:fedoraproject.org) - - Note that meetings still happen on IRC for now (see below). - Forum at [https://discussion.fedoraproject.org/tag/coreos](https://discussion.fedoraproject.org/tag/coreos) - Feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - Website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) @@ -59,17 +58,16 @@ See [RELEASES.md](RELEASES.md). # Meetings The Fedora CoreOS Working Group has a weekly meeting. The meeting usually -happens in `#fedora-meeting-1` on irc.libera.chat -([Webchat](https://web.libera.chat/#fedora-meeting-1)) and the schedule for the -meeting can be found here: https://calendar.fedoraproject.org/CoreOS/ -Currently, meetings are at `16:30 UTC` on Wednesdays. +happens in +[#meeting-1:fedoraproject.org](https://matrix.to/#/#meeting-1:fedoraproject.org) +on Matrix and the schedule for the meeting can be found here: +https://calendar.fedoraproject.org/CoreOS/ Currently, meetings are at `16:30 +UTC` on Wednesdays. As the [Matrix/IRC bridge is down](https://communityblog.fedoraproject.org/matrix-to-libera-chat-irc-bridge-unavailable/), -it is currently not possible to attend the meeting from a Matrix account and -you have to join using IRC. You can use the -[Webchat](https://web.libera.chat/#fedora-meeting-1) to temporarily join the -meeting on IRC. +it is currently not possible to attend the meeting from IRC and you have to +join using Matrix. ## Steps to run the meeting @@ -84,47 +82,49 @@ If the action meeting repo is not available for some reason, the host can follow - `cd` to a local checkout of this repo and `git pull` - Ping [meeting people](https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt) in `#fedora-coreos` on libera.chat - `bash meeting-people.txt` - - copy lines of output and paste into `#fedora-coreos` channel -- Navigate to `#fedora-meeting-1` on libera.chat -- Type `#startmeeting fedora_coreos_meeting` -- `#topic roll call` + - copy lines of output and paste into + [`#coreos:fedoraproject.org`](https://chat.fedoraproject.org/#/room/#coreos:fedoraproject.org) + on Matrix +- Navigate to + [`#meeting-1:fedoraproject.org`](https://matrix.to/#/#meeting-1:fedoraproject.org) + on Matrix +- Type: + - `!startmeeting fedora_coreos_meeting` + - `!topic roll call` Wait for 2-4 minutes for people to check in for the roll call. -- `#chair` all the people present for the meeting -- `#topic Action items from last meeting` +- `!topic Action items from last meeting` -Find the last meeting log from -[meetbot](https://meetbot-raw.fedoraproject.org/teams/fedora_coreos_meeting) -and post the action items in the meeting for people to -update the status of. +Find the last meeting log from [meetbot](https://meetbot.fedoraproject.org/) +and post the action items in the meeting for people to update the status of. - After they are done move to each `meeting` ticket from [this tracker](https://github.com/coreos/fedora-coreos-tracker/labels/meeting) Do the following for each ticket -- `#topic` Ticket subject -- `#link` link\_to\_the\_ticket +- `!topic` Ticket subject +- `!link ` During the meeting, you can give people action items for them to complete: -- `#action ` description of what needs to be done +- `!action ` description of what needs to be done When all topics are over, go for open floor: -- `#topic Open Floor` +- `!topic Open Floor` After open floor, end the meeting. -- `#endmeeting` +- `!endmeeting` Then, when convenient: - Remove `meeting` labels from [tickets that were discussed](https://github.com/coreos/fedora-coreos-tracker/labels/meeting) - Send an email to [coreos@lists.fedoraproject.org](mailto:coreos@lists.fedoraproject.org) with the -details of the meeting from [meetbot page](https://meetbot.fedoraproject.org/sresults/?group_id=fedora_coreos_meeting&type=team). +details of the meeting from [meetbot page](https://meetbot.fedoraproject.org/). Minutes in textual format are directly available using `.txt` as URL extension. It's easiest to get the Minutes/Minutes (text)/Log URLs by copying the footer that Meetbot prints after `#endmeeting`. You can see examples in the diff --git a/meeting-people.txt b/meeting-people.txt index 39bb15d..0de0a31 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -1,6 +1,6 @@ # List of people to ping before the Fedora CoreOS community meetings. # Please keep this list in alphabetical order. -tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #fedora-meeting-1' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt" +tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #meeting-1:fedoraproject.org' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt" exit 0 aaradhak @@ -24,4 +24,4 @@ quentin9696[m] ravanelli saqali walters -ydesouza \ No newline at end of file +ydesouza From 97c9a3e3144de7e1f0d3a93bc809d8b55232b4af Mon Sep 17 00:00:00 2001 From: Brent Baude Date: Wed, 16 Aug 2023 14:23:51 +0000 Subject: [PATCH 128/167] Update FCOS stream metadata for Apple Hypervisor Add new platform (applehv) for the Apple Hypervisor which uses the raw disk format. See coreos/fedora-coreos-tracker#1533 and coreos/fedora-coreos-tracker#1548 Signed-off-by: Brent Baude --- metadata/release/sample.json | 11 +++++++++++ metadata/stream/rationale.yaml | 8 ++++++++ metadata/stream/sample.json | 12 ++++++++++++ 3 files changed, 31 insertions(+) diff --git a/metadata/release/sample.json b/metadata/release/sample.json index 4b46161..78ee2fa 100644 --- a/metadata/release/sample.json +++ b/metadata/release/sample.json @@ -36,6 +36,17 @@ } } }, + "applehv": { + "artifacts": { + "raw.gz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-applehv.raw.gz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-applehv.raw.gz.sig", + "sha256": "a889159d661339e635372b807f0a98bb93c64aabfaf89a801b2f03491488f0ef" + } + } + } + }, "azure": { "artifacts": { "vhd.xz": { diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index fb81a66..90535d2 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -21,6 +21,14 @@ architectures: signature: https://artifacts.example.com/g0xah6aenvaaVosh.qcow2.xz.sig sha256: 149afbf4c8996fb92427ae3b0c44298fc1ce41e4649b934ca495991b7852b855 uncompressed-sha256: d02d5ac0f2a2789602e9df950c38acb15380d2799b4bdb59394e4eeabdd3a662 + applehv: + release: 30.1.2.3 + formats: + "raw.gz": + disk: + location: https://artifacts.example.com/quohgh8ei0uzaD5a.raw.gz + signature: https://artifacts.example.com/quohgh8ei0uzaD5a.raw.gz.sig + sha256: 4c8996fb92427ae41e4649b934ca4e3b0c44298fc1c149afbf95991b7852b855 aws: release: 30.1.2.3 formats: diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index 63dc7b6..a00f325 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -20,6 +20,18 @@ } } }, + "applehv": { + "release": "33.20210412.3.0", + "formats": { + "raw.gz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-applehv.x86_64.raw.gz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-hyperv.x86_64.raw.gz.sig", + "sha256": "728e876d87ec71de27fc1d882840e6877346423433339a2b8606fa28e57413fd" + } + } + } + }, "aws": { "release": "33.20210412.3.0", "formats": { From fe29ffc877c504482dc9bd6e17a1ed9a79eeb628 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Wed, 29 Nov 2023 10:37:57 +0100 Subject: [PATCH 129/167] README: Matrix to Libera Chat bridge shutdown --- README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index c80bfda..bcdbc5a 100644 --- a/README.md +++ b/README.md @@ -65,9 +65,8 @@ https://calendar.fedoraproject.org/CoreOS/ Currently, meetings are at `16:30 UTC` on Wednesdays. As the -[Matrix/IRC bridge is down](https://communityblog.fedoraproject.org/matrix-to-libera-chat-irc-bridge-unavailable/), -it is currently not possible to attend the meeting from IRC and you have to -join using Matrix. +[Matrix bridge to Libera Chat is shutdown](https://matrix.org/blog/2023/11/28/shutting-down-bridge-to-libera-chat/), +you can not attend the meeting from IRC and you have to join using Matrix. ## Steps to run the meeting @@ -75,9 +74,9 @@ The fedora meeting host can follow the guide which is curated by the [fcos-meeti Every Wednesday a new checklist will be available in the form of a issue in the fcos-meeting-action repo, which can be used to run the meeting. If the action meeting repo is not available for some reason, the host can follow the below steps to run the meeting. +
Legacy Meeting steps -## Steps to run the meeting - `cd` to a local checkout of this repo and `git pull` - Ping [meeting people](https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt) in `#fedora-coreos` on libera.chat From a107f0385cdb734a056f86ff9ee6857dca75f60b Mon Sep 17 00:00:00 2001 From: jbtrystram Date: Fri, 9 Feb 2024 11:20:52 +0100 Subject: [PATCH 130/167] Add jbtrystram to meeting people list --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 0de0a31..9458ac7 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -12,6 +12,7 @@ guidon gursewak jaimelm jbrooks +jbtrystram jcajka jdoss jlebon From 08665f0533ec7a42ed4d140604747a6baaf7389f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Tue, 13 Feb 2024 18:16:18 +0100 Subject: [PATCH 131/167] README: Link meeting time to a dynamic time website --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bcdbc5a..95d3ccd 100644 --- a/README.md +++ b/README.md @@ -61,8 +61,8 @@ The Fedora CoreOS Working Group has a weekly meeting. The meeting usually happens in [#meeting-1:fedoraproject.org](https://matrix.to/#/#meeting-1:fedoraproject.org) on Matrix and the schedule for the meeting can be found here: -https://calendar.fedoraproject.org/CoreOS/ Currently, meetings are at `16:30 -UTC` on Wednesdays. +https://calendar.fedoraproject.org/CoreOS/ Currently, meetings are at +[`16:30 UTC`](https://time.is/16:30+UTC) on Wednesdays. As the [Matrix bridge to Libera Chat is shutdown](https://matrix.org/blog/2023/11/28/shutting-down-bridge-to-libera-chat/), From bfda76b8c387397d96edbd52e264b15149b984e6 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 20 Feb 2024 10:06:59 -0500 Subject: [PATCH 132/167] template/rebase: add a bunch more example PR links This will help people going through this see what the change should look like. --- .github/ISSUE_TEMPLATE/rebase.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 7475c41..5398429 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -36,15 +36,16 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b - [ ] Update coreos-installer to know about the signing key used for the future new major version of Fedora (N+1). - [ ] Drop the signing key for the obsolete stable release (N-2). +Example PR: https://github.com/coreos/coreos-installer/pull/1113 + ### Update `rawhide` stream -- [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/rawhide/manifest.yaml) to list N+1 as the releasever. +- [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/rawhide/manifest.yaml) to list N+1 as the releasever ([example PR](https://github.com/coreos/fedora-coreos-config/pull/2855)) ### Enable `branched` stream -- [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/branched/manifest.yaml) to list N as the releasever. -- [ ] Update [config.yaml](https://github.com/coreos/fedora-coreos-pipeline/blob/main/config.yaml) to un-comment out the `branched` stream definition. - +- [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/branched/manifest.yaml) to list N as the releasever ([example PR](https://github.com/coreos/fedora-coreos-config/pull/2549)) +- [ ] Update [config.yaml](https://github.com/coreos/fedora-coreos-pipeline/blob/main/config.yaml) to un-comment out the `branched` stream definition ([example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/904)) ## At Fedora (N) Beta From e787b3e7aaf6682f3512e55a89a192cc4c971296 Mon Sep 17 00:00:00 2001 From: Michael Armijo Date: Tue, 20 Feb 2024 10:53:04 -0700 Subject: [PATCH 133/167] template/rebase: add more info about updating signing keys Add some useful links to locate the Fedora (N+1) signing keys to assist with this step in the future. --- .github/ISSUE_TEMPLATE/rebase.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 5398429..c0884c1 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -34,6 +34,8 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b ### coreos-installer changes - [ ] Update coreos-installer to know about the signing key used for the future new major version of Fedora (N+1). + - The current set of trusted signing keys is available at https://fedoraproject.org/security/. + - If the Fedora (N+1) signing key isn't available yet at that site, you can also get it from https://src.fedoraproject.org/rpms/fedora-repos/tree/rawhide. - [ ] Drop the signing key for the obsolete stable release (N-2). Example PR: https://github.com/coreos/coreos-installer/pull/1113 From a8bb54fb4cc5a0f58b64df4c304fb49bb3c05d69 Mon Sep 17 00:00:00 2001 From: Jason Brooks Date: Wed, 17 Apr 2024 09:20:14 -0700 Subject: [PATCH 134/167] Update meeting-people.txt to use Matrix usernames --- meeting-people.txt | 41 ++++++++++++++++++----------------------- 1 file changed, 18 insertions(+), 23 deletions(-) diff --git a/meeting-people.txt b/meeting-people.txt index 9458ac7..f830984 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -3,26 +3,21 @@ tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #meeting-1:fedoraproject.org' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt" exit 0 -aaradhak -anthr76 -apiaseck -davdunc -dustymabe -guidon -gursewak -jaimelm -jbrooks -jbtrystram -jcajka -jdoss -jlebon -jmarrero -lorbus -marmijo -miabbott -nasirhm -quentin9696[m] -ravanelli -saqali -walters -ydesouza +@aaradhak:matrix.org +@apiaseck:matrix.org +@davdunc:fedora.im +@dustymabe:matrix.org +@guidon:guidon.ems.host +@gurssing:matrix.org +@jaimelm:fedora.im +@jbrooks:matrix.org +@jdoss:fedora.im +@jlebon:fedora.im +@jmarrero:matrix.org +@lorbus:matrix.org +@marmijo:fedora.im +@miabbott:fedora.im +@quentin9696:matrix.org +@ravanelli:fedora.im +@walters:fedora.im +@ydesouza:fedora.im From 0a303d0dc82fcbac4c9cac17549abdab68426b1e Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Thu, 18 Apr 2024 09:27:18 -0400 Subject: [PATCH 135/167] Remove command from meeting-people.txt We are automating this now with https://github.com/coreos/fcos-meeting-action/pull/83 so we have no need for the instructions. --- meeting-people.txt | 3 --- 1 file changed, 3 deletions(-) diff --git a/meeting-people.txt b/meeting-people.txt index f830984..cc109cf 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -1,8 +1,5 @@ # List of people to ping before the Fedora CoreOS community meetings. # Please keep this list in alphabetical order. -tail -n +5 $0 | tr '\n' ' ' && echo -e '\nFCOS community meeting in #meeting-1:fedoraproject.org' && echo "If you don't want to be pinged remove your name from this file: https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt" -exit 0 - @aaradhak:matrix.org @apiaseck:matrix.org @davdunc:fedora.im From 144378b918663f4f9f135a53b65cafe08a83ad5f Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Tue, 23 Apr 2024 16:09:18 -0400 Subject: [PATCH 136/167] templates/rebase: Add Communications Tracker to rebase template --- .github/ISSUE_TEMPLATE/rebase.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index c0884c1..c052d93 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -7,6 +7,7 @@ - [ ] Fedora Changes Considerations ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1222)) - [ ] Package Additions/Removals ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1221)) - [ ] Test Week ([template](https://github.com/coreos/fedora-coreos-tracker/issues/new?template=test-week.md&title=tracker:+FN+Test+Week)) +- [ ] Communications Tracker ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1655)) ## At Branching From b38adf28b17541bf85fb8a0420d7be78f2a6ba32 Mon Sep 17 00:00:00 2001 From: jbtrystram Date: Wed, 24 Apr 2024 17:19:00 +0200 Subject: [PATCH 137/167] Rebase checklist: add Containerfiles for kola containers Since we moved some containers that kola relied on to the coreOS pipeline, let's update the base image as well --- .github/ISSUE_TEMPLATE/rebase.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index c0884c1..8a398ed 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -183,6 +183,7 @@ These are various containers in use throughout our ecosystem. We should update o - [ ] Update coreos-assembler or open ticket to update: - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/Dockerfile) + - [Dockerfiles for kola test containers](https://github.com/coreos/coreos-assembler/tree/main/tests/containers) - [ ] Update coreos-installer - [Dockerfile](https://github.com/coreos/coreos-installer/blob/main/Dockerfile) - [ ] Update Ignition From 0cc6db6ecdf6960f931114c0d4df8aaa32cffa54 Mon Sep 17 00:00:00 2001 From: jbtrystram Date: Wed, 15 May 2024 18:22:40 +0200 Subject: [PATCH 138/167] add jbtrystram to meeting people --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index cc109cf..487970e 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -7,6 +7,7 @@ @guidon:guidon.ems.host @gurssing:matrix.org @jaimelm:fedora.im +@jbtrystram:matrix.org @jbrooks:matrix.org @jdoss:fedora.im @jlebon:fedora.im From 4bf4d832f130d5edefd3694ead67eb209652fcc9 Mon Sep 17 00:00:00 2001 From: jbtrystram Date: Wed, 22 May 2024 10:45:44 +0200 Subject: [PATCH 139/167] Docs: scrub bodhi-updates references We are not using the bodhi-updates streams, remove it from the docs See https://github.com/coreos/fedora-coreos-tracker/issues/1734 --- Design.md | 12 ++++-------- stream-tooling.md | 8 ++------ 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/Design.md b/Design.md index 71add3d..c458776 100644 --- a/Design.md +++ b/Design.md @@ -18,7 +18,7 @@ conclusion should be summarized here with a link to the issue. ## OSTree Delivery Format -- Originally discussed in issue [#23](https://github.com/coreos/fedora-coreos-tracker/issues/23). +- Originally discussed in issue [#23](https://github.com/coreos/fedora-coreos-tracker/issues/23). ### Summary: @@ -29,7 +29,7 @@ end user systems: repo) on a server and fetched via HTTP requests. - rojig: uses a special rojig RPM and re-assembles OSTree commit from RPMs already on mirrors. -- OCI: OSTree commits are packaged up in OCI container images and delivered +- OCI: OSTree commits are packaged up in OCI container images and delivered via a container registry. Currently the plan in Fedora CoreOS is to deliver content via a plain @@ -102,7 +102,7 @@ Because production refs are unversioned, users will seamlessly upgrade between F ## Disk Layout -- Originally discussed in issue [#18](https://github.com/coreos/fedora-coreos-tracker/issues/18). +- Originally discussed in issue [#18](https://github.com/coreos/fedora-coreos-tracker/issues/18). See also [dustymabe's comment](https://github.com/coreos/fedora-coreos-tracker/issues/18#issuecomment-409668929) summarizing the discussion in the FCOS meeting. - Filesystem details were discussed in [#33](https://github.com/coreos/fedora-coreos-tracker/issues/33). @@ -228,7 +228,7 @@ Originally discussed in [#71](https://github.com/coreos/fedora-coreos-tracker/is Originally discussed in [#68](https://github.com/coreos/fedora-coreos-tracker/issues/68). - OpenStack environments do not require a cloud agent -- We will provide any base level of functionality with ignition and coreos-metadata +- We will provide any base level of functionality with ignition and coreos-metadata ### Packet: @@ -345,8 +345,6 @@ next-devel | 10 testing-devel | 20 rawhide | 91 branched | 92 -bodhi-updates-testing | 93 -bodhi-updates | 94 For developer builds (those not produced by the official pipeline), Z is always `dev`. @@ -365,8 +363,6 @@ next-devel | 31.20191018.10.10 | 11th build of the day testing-devel | 31.20191018.20.0 | rawhide | 33.20191018.91.0 | F33-based, first build of the day branched | 32.20191018.92.0 | -bodhi-updates-testing | 31.20191018.93.0 | -bodhi-updates | 31.20191018.94.0 | (any developer build) | 31.20191018.dev.2 | Third build of the day We are not committing to this version scheme indefinitely, and may change it in future if it proves unworkable. A new Fedora major release (X bump) would be a good time to make such a change. We don't intend Fedora CoreOS version numbers to be parsed by machine; they're meant to help humans quickly determine the salient properties of a release. diff --git a/stream-tooling.md b/stream-tooling.md index c0e1a06..f8455b8 100644 --- a/stream-tooling.md +++ b/stream-tooling.md @@ -13,8 +13,6 @@ FCOS will have multiple streams: | Development | next-devel | annex | | Mechanical | rawhide | annex | | Mechanical | branched | annex | -| Mechanical | bodhi-updates | annex | -| Mechanical | bodhi-updates-testing | annex | Development and mechanical streams are subject to change. @@ -32,8 +30,6 @@ We need a way to both (1) fix the content set for a particular stream release, a **Mechanical** streams are not curated; they're automated nightly snapshots of the underlying repos. They source their RPMs from the regular Fedora repos (using 30 here to mean `$currentrelease`): 1. **rawhide** <- f32 2. **branched** <- f31 when a branch exists, otherwise tracks **rawhide** -3. **bodhi-updates** <- f30-stable + f30-updates -4. **bodhi-updates-testing** <- f30-stable + f30-updates + f30-updates-testing **Production** streams are intended for production use. They source their RPMs from a _single_ Koji tag, `coreos-pool`, from which we create a yum repo: 1. **next** <- coreos-pool @@ -52,7 +48,7 @@ There is also a second Koji tag, `coreos-release`, for packages which have been We maintain a git repository containing the rpm-ostree treefile and lockfiles. This could be [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config). We have one branch for each stream, and no main branch. -For the mechanical streams, a nightly job will run the compose from the corresponding yum repos and SCM refs. This job will output a lockfile for each CPU architecture. Those lockfiles will be committed to Git to preserve a record of the build's contents, and the builds will be pushed to the corresponding ostree refs. The {bodhi-updates, branched} lockfile will also be PR'd to the {testing-devel, next-devel} branch, the latter only during the part of the cycle where next-devel is maintained. We want to keep the development branches ready to release, so those PRs are not merged unless green. +For the mechanical streams, a nightly job will run the compose from the corresponding yum repos and SCM refs. This job will output a lockfile for each CPU architecture. Those lockfiles will be committed to Git to preserve a record of the build's contents, and the builds will be pushed to the corresponding ostree refs. The branched lockfile will also be PR'd to the {testing-devel, next-devel} branch, the latter only during the part of the cycle where next-devel is maintained. We want to keep the development branches ready to release, so those PRs are not merged unless green. The lockfiles produced from the automatic snapshot will never be hand-modified, and in the next/testing/stable branches will never be modified at all except during promotions. Instead, pins (to older NEVRAs) and updates (to newer ones) will be hand-maintained in the Git branches in a separate lockfile that overrides the autogenerated ones. These overrides will be the major distinction between the mechanical refs and the "curated" (development/production) refs. Each curated branch will have one override file, which can carry both CPU-architecture-independent and architecture-specific overrides. @@ -74,7 +70,7 @@ Update the development treefile as usual. On the next bot push, the lockfile wil To focus development effort, there will be one base treefile shared across all branches, whose canonical copy will live in the testing-devel branch. Changes will automatically be mirrored to next-devel and to the mechanical branches. To address divergence across Fedora releases, each branch will also have an overlay treefile (possibly empty): -- **testing-devel** -> automatically mirrored to bodhi-updates and bodhi-updates-testing +- **testing-devel** - **next-devel** -> automatically mirrored to branched - **rawhide** From 00c926f749414cc97c5f77680c1897261796e305 Mon Sep 17 00:00:00 2001 From: Guspan Tanadi <36249910+guspan-tanadi@users.noreply.github.com> Date: Wed, 26 Jun 2024 10:33:25 +0700 Subject: [PATCH 140/167] metadata/README: drop dead link to meta translator This was merged into cosa a while ago. --- metadata/README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/metadata/README.md b/metadata/README.md index 495495d..8fd7f1d 100644 --- a/metadata/README.md +++ b/metadata/README.md @@ -80,4 +80,3 @@ RPMs and our configuration into images and ostree commits. Projects: - https://github.com/coreos/coreos-assembler - - https://github.com/coreos/fedora-coreos-releng-automation/blob/main/coreos-meta-translator/trans.py From 360a8794aad543b62aadbbfe54d39842f10420b5 Mon Sep 17 00:00:00 2001 From: Michael Armijo Date: Wed, 17 Jul 2024 16:00:46 -0600 Subject: [PATCH 141/167] templates/rebase: add rhcos extensions container update step Add a step to update the Fedora version in the RHCOS extensions container Dockerfile. --- .github/ISSUE_TEMPLATE/rebase.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 7f9a055..ab8526f 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -210,3 +210,5 @@ These are various containers in use throughout our ecosystem. We should update o - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/fedora-ostree-pruner/Dockerfile) - [ImageStream](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/fedora-ostree-pruner/templates/imagestream.yml) - [BuildConfig](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/fedora-ostree-pruner/templates/buildconfig.yml) +- [ ] Update RHCOS extensions container + - [Dockerfile](https://github.com/openshift/os/blob/master/extensions/Dockerfile) From 7e830244b0af64f29011703aaa96835612a37a9b Mon Sep 17 00:00:00 2001 From: Yves Siegrist Date: Sat, 20 Jul 2024 15:27:23 +0200 Subject: [PATCH 142/167] Add yves:siegrist.io to be notified when meetings happen --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 487970e..4f67fbf 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -19,3 +19,4 @@ @ravanelli:fedora.im @walters:fedora.im @ydesouza:fedora.im +@yves:siegrist.io From 4720d447d7a654b900fe295e2a3a25c07b4f8014 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 6 Dec 2024 12:16:19 -0500 Subject: [PATCH 143/167] add container bump step to rebase tracker This will ensure our test containers that get used are updated to latest Fedora N regularly. --- .github/ISSUE_TEMPLATE/rebase.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index ab8526f..4434ea7 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -93,6 +93,7 @@ If the packages in `next-devel` don't exactly match the last `next` release that - [ ] Update the repos in `manifest.yaml` if needed - [ ] Sync the lockfiles for all arches from `next-devel` - [ ] Bump the base Fedora version in `ci/buildroot/Dockerfile` +- [ ] Bump the Fedora version for the test containers in `tests/kola/data/commonlib.sh` - [ ] PR the result From 8166d2249f5f41fe859b3c5af3c7a2c71f60ae74 Mon Sep 17 00:00:00 2001 From: bri <284789+b-@users.noreply.github.com> Date: Wed, 5 Feb 2025 21:51:44 -0500 Subject: [PATCH 144/167] Add @bri:transfem.dev to meeting-people.txt --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index 4f67fbf..b24358c 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -2,6 +2,7 @@ # Please keep this list in alphabetical order. @aaradhak:matrix.org @apiaseck:matrix.org +@bri:transfem.dev @davdunc:fedora.im @dustymabe:matrix.org @guidon:guidon.ems.host From d3934516bd2ce919911e59d4de177fa426658be5 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 12 Feb 2025 09:55:02 -0500 Subject: [PATCH 145/167] metadata: fix applehv example Copy/Paste left hyperv in the entry for applehv. --- metadata/stream/sample.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index a00f325..23c6665 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -26,7 +26,7 @@ "raw.gz": { "disk": { "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-applehv.x86_64.raw.gz", - "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-hyperv.x86_64.raw.gz.sig", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-applehv.x86_64.raw.gz.sig", "sha256": "728e876d87ec71de27fc1d882840e6877346423433339a2b8606fa28e57413fd" } } From 2728cdce2db60d1adc0a877ffb9183de5a7244f8 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 12 Feb 2025 09:57:09 -0500 Subject: [PATCH 146/167] metadata: add examples for hetzner https://github.com/coreos/fedora-coreos-tracker/issues/1874 --- metadata/release/sample.json | 11 +++++++++++ metadata/stream/rationale.yaml | 8 ++++++++ metadata/stream/sample.json | 12 ++++++++++++ 3 files changed, 31 insertions(+) diff --git a/metadata/release/sample.json b/metadata/release/sample.json index 78ee2fa..ac02a1c 100644 --- a/metadata/release/sample.json +++ b/metadata/release/sample.json @@ -102,6 +102,17 @@ } } }, + "hetzner": { + "artifacts": { + "raw.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-hetzner.raw.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-hetzner.raw.xz.sig", + "sha256": "a889159d661339e635372b807f0a98bb93c64aabfaf89a801b2f03491488f0ef" + } + } + } + }, "hyperv": { "artifacts": { "vhdx.zip": { diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 90535d2..4f61dab 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -86,6 +86,14 @@ architectures: signature: https://artifacts.example.com/ais7tah1aa7Ahvei.tar.gz.sig sha256: 96fb92427ae41e4649b934ca495991b7852b85e3b0c44298fc1c149afbf4c895 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + hetzner: + release: 30.1.2.3 + formats: + "raw.xz": + disk: + location: https://artifacts.example.com/quohgh8ei0uzaD5a.raw.xz + signature: https://artifacts.example.com/quohgh8ei0uzaD5a.raw.xz.sig + sha256: 4c8996fb92427ae41e4649b934ca4e3b0c44298fc1c149afbf95991b7852b855 hyperv: release: 30.1.2.3 formats: diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index 23c6665..7eafcf9 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -108,6 +108,18 @@ } } }, + "hetzner": { + "release": "33.20210412.3.0", + "formats": { + "raw.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-hetzner.x86_64.raw.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-hetzner.x86_64.raw.xz.sig", + "sha256": "728e876d87ec71de27fc1d882840e6877346423433339a2b8606fa28e57413fd" + } + } + } + }, "hyperv": { "release": "33.20210412.3.0", "formats": { From a5092b82bb2382dd6305fb2449fec518b7f2d2bd Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Wed, 2 Apr 2025 09:27:04 -0400 Subject: [PATCH 147/167] templates/rebase: add a few more steps for COSA update --- .github/ISSUE_TEMPLATE/implementing-new-platform.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/implementing-new-platform.md b/.github/ISSUE_TEMPLATE/implementing-new-platform.md index d297c74..4ede3f2 100644 --- a/.github/ISSUE_TEMPLATE/implementing-new-platform.md +++ b/.github/ISSUE_TEMPLATE/implementing-new-platform.md @@ -20,7 +20,8 @@ Create PRs addressing the following: - [ ] [fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker/) ([example PR](https://github.com/coreos/fedora-coreos-tracker/pull/1213)) - [ ] Update the metadata for the new platform - [ ] [coreos-assembler](https://github.com/coreos/coreos-assembler) ([example PR](https://github.com/coreos/coreos-assembler/pull/2489)) - - [ ] Implement required functionality to support new platform + - [ ] Updated `cmd-generate-release-meta` + - [ ] `cosa osbuild ` works - [ ] [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) - [ ] Add a stanza to `platforms.yaml` if the system should use a serial console, or both serial and graphical consoles - [ ] [fedora-websites-3.0](https://gitlab.com/fedora/websites-apps/fedora-websites/fedora-websites-3.0/) From 2a7e6dab83f162e4f9c0c127eaaebd77c3641db8 Mon Sep 17 00:00:00 2001 From: Tiago Bueno <49003339+tlbueno@users.noreply.github.com> Date: Wed, 9 Apr 2025 14:08:41 -0300 Subject: [PATCH 148/167] Add @tlbueno:fedora.im to meeting-people.txt Signed-off-by: Tiago Bueno <49003339+tlbueno@users.noreply.github.com> --- meeting-people.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/meeting-people.txt b/meeting-people.txt index b24358c..652c440 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -8,8 +8,8 @@ @guidon:guidon.ems.host @gurssing:matrix.org @jaimelm:fedora.im -@jbtrystram:matrix.org @jbrooks:matrix.org +@jbtrystram:matrix.org @jdoss:fedora.im @jlebon:fedora.im @jmarrero:matrix.org @@ -18,6 +18,7 @@ @miabbott:fedora.im @quentin9696:matrix.org @ravanelli:fedora.im +@tlbueno:fedora.im @walters:fedora.im @ydesouza:fedora.im -@yves:siegrist.io +@yves:siegrist.io \ No newline at end of file From 7f43ba627071750abe9552c3911c8874e4c554f3 Mon Sep 17 00:00:00 2001 From: Bipin B Narayan Date: Thu, 8 May 2025 13:43:53 +0530 Subject: [PATCH 149/167] Add Bipin to CoreOS meeting notification list --- meeting-people.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index 652c440..be3e97c 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -21,4 +21,5 @@ @tlbueno:fedora.im @walters:fedora.im @ydesouza:fedora.im -@yves:siegrist.io \ No newline at end of file +@yves:siegrist.io +@bipinbn:fedora.im From 8c5a98b0fb242003f989ade860d49ab333bdcdc5 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Mon, 12 May 2025 17:08:43 -0400 Subject: [PATCH 150/167] add info on how to view metrics And also generate charts using a tool called sqlitevis. --- README.md | 20 + metrics/README.md | 2 + metrics/fcos-sqlitevis.json | 711 ++++++++++++++++++++++++++++++++++++ 3 files changed, 733 insertions(+) create mode 100644 metrics/README.md create mode 100644 metrics/fcos-sqlitevis.json diff --git a/README.md b/README.md index 95d3ccd..3d8a930 100644 --- a/README.md +++ b/README.md @@ -177,3 +177,23 @@ Working days: non-holiday weekdays. Relevant holidays are the national holidays # Working Group Members and Points of Contact Please see [meeting-people.txt](https://github.com/coreos/fedora-coreos-tracker/blob/main/meeting-people.txt). + +# Metrics + +To view CountME stats you can use a tool called +[sqlitevis](https://sqliteviz.com/) to view the +CountME database and make graphs. This can easily be done with a +single URL but due to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS) +you have to run your browser in a specific mode to allow the +application to download the database and the inquiries file: + +``` +chromium-browser --disable-web-security --user-data-dir ~/chrome-disable-web-security/ +# OR +google-chrome-stable --disable-web-security --user-data-dir ~/chrome-disable-web-security/ +``` + +Now navigate to +[this](https://sqliteviz.com/app/#/load?data_url=https%3A%2F%2Fdata-analysis.fedoraproject.org%2Fcsv-reports%2Fcountme%2Ftotals-countme.db&data_format=sqlite&inquiry_url=https%3A%2F%2Fraw.githubusercontent.com%2Fcoreos%2Ffedora-coreos-tracker%2Frefs%2Fheads%2Fmain%2Fmetrics%2Ffcos-sqlitevis.json) +URL in the browser and it should autoload the database and the inquiries. This +URL was generated from the [sqlitevis docs](https://sqliteviz.com/docs/sharing/). diff --git a/metrics/README.md b/metrics/README.md new file mode 100644 index 0000000..24a4941 --- /dev/null +++ b/metrics/README.md @@ -0,0 +1,2 @@ + +See [README.md](../README.md#metrics). diff --git a/metrics/fcos-sqlitevis.json b/metrics/fcos-sqlitevis.json new file mode 100644 index 0000000..1c3c311 --- /dev/null +++ b/metrics/fcos-sqlitevis.json @@ -0,0 +1,711 @@ +{ + "version": 2, + "inquiries": [ + { + "id": "WUPD4gZdu-j4mFgxjHG0P", + "query": "SELECT os_variant FROM countme_totals \n WHERE weeknum = (SELECT MAX(weeknum) FROM countme_totals)\n AND os_variant REGEXP ''\n GROUP BY os_variant;", + "viewType": "chart", + "viewOptions": { + "data": [], + "layout": { + "autosize": true, + "xaxis": { + "range": [ + -1, + 6 + ], + "autorange": true + }, + "yaxis": { + "range": [ + -1, + 4 + ], + "autorange": true + } + }, + "frames": [] + }, + "name": "All OS Variants", + "createdAt": "2025-05-12T20:54:27.120Z" + }, + { + "id": "tcIRiJz5gn5ci4DJyHgqU", + "query": "SELECT date(julianday('1970-01-05')+weeknum*7 + 6) AS date, weeknum, os_variant, repo_arch, SUM(hits) FROM countme_totals \n WHERE os_variant IS 'coreos'\n AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' \n AND weeknum = (SELECT MAX(weeknum) FROM countme_totals)\n GROUP BY repo_arch;", + "viewType": "chart", + "viewOptions": { + "data": [ + { + "type": "pie", + "mode": "markers", + "values": null, + "valuessrc": "SUM(hits)", + "meta": { + "columnNames": { + "values": "SUM(hits)", + "labels": "repo_arch", + "text": "" + } + }, + "labels": null, + "labelssrc": "repo_arch", + "opacity": 1, + "textinfo": "label+value+percent", + "textfont": { + "size": 26, + "family": "sans-serif" + }, + "hoverinfo": "percent+label+value", + "hoverlabel": { + "align": "auto" + }, + "direction": "counterclockwise", + "rotation": 0, + "hole": 0.52, + "pull": 0, + "marker": { + "line": { + "width": 1 + } + }, + "insidetextorientation": "radial" + } + ], + "layout": { + "xaxis": { + "range": [ + -1, + 6 + ], + "autorange": true + }, + "yaxis": { + "range": [ + -1, + 4 + ], + "autorange": true + }, + "autosize": true, + "mapbox": { + "style": "open-street-map" + }, + "title": { + "text": "Fedora CoreOS Node Architecture Breakdown Week of 2025-05-04", + "font": { + "size": 25 + } + }, + "hiddenlabels": [ + "ppc64le", + "s390x" + ], + "legend": { + "x": 0.7407924239291469, + "y": 0.8257272143643333, + "font": { + "size": 20 + }, + "yanchor": "middle" + }, + "annotations": [], + "meta": [ + "2023-10-08", + "2023-10-08", + "2023-10-08", + "2023-10-08" + ], + "metasrc": "date", + "extendpiecolors": true + }, + "frames": [] + }, + "name": "FCOS Architectures", + "createdAt": "2025-05-12T20:55:12.622Z" + }, + { + "id": "wEj338NrufIRE-3UBDXPK", + "query": "SELECT date(julianday('1970-01-05')+weeknum*7 + 6) AS date, weeknum, SUM(transient_hits), SUM(static_hits), SUM(transient_hits + static_hits) FROM (\n SELECT weeknum, SUM(hits) AS transient_hits, 0 AS static_hits FROM countme_totals WHERE os_variant IS 'coreos' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' AND sys_age = 1 GROUP BY weeknum\n UNION\n SELECT weeknum, 0 AS transient_hits, SUM(hits) AS static_hits FROM countme_totals WHERE os_variant IS 'coreos' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' AND sys_age > 1 GROUP BY weeknum\n) WHERE date > '2020-01-01' GROUP BY weeknum", + "viewType": "chart", + "viewOptions": { + "data": [ + { + "type": "scatter", + "mode": "lines", + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(static_hits)" + } + }, + "y": null, + "ysrc": "SUM(static_hits)", + "stackgroup": 1, + "name": "Static Nodes", + "hoveron": "points" + }, + { + "type": "scatter", + "mode": "lines", + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(transient_hits)" + } + }, + "y": null, + "ysrc": "SUM(transient_hits)", + "stackgroup": 1, + "name": "Transient Nodes", + "fillcolor": "rgba(205, 96, 52, 0.5)", + "line": { + "color": "rgb(180, 38, 5)" + } + }, + { + "type": "scatter", + "mode": "lines", + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(transient_hits + static_hits)", + "text": "" + } + }, + "y": null, + "ysrc": "SUM(transient_hits + static_hits)", + "name": "Total Nodes", + "line": { + "width": 3, + "color": "rgb(95, 100, 96)" + }, + "hovertemplate": "", + "error_x": { + "_template": null, + "visible": false, + "type": "percent", + "symmetric": true, + "value": 10, + "color": "rgb(95, 100, 96)", + "thickness": 2, + "width": 4 + } + } + ], + "layout": { + "xaxis": { + "range": [ + "2021-09-19 23:38:29.3717", + "2025-05-22 01:49:05.1712" + ], + "autorange": false, + "rangeselector": { + "visible": false, + "buttons": [ + {} + ] + }, + "showspikes": false, + "rangeslider": { + "visible": false, + "yaxis": {}, + "autorange": true, + "range": [ + "2020-05-03", + "2023-11-28 23:10:02.9513" + ] + }, + "type": "date", + "tickfont": { + "size": 28 + }, + "title": { + "font": { + "size": 17 + } + } + }, + "yaxis": { + "range": [ + -1419.2166576673771, + 123989.902612791 + ], + "autorange": false, + "ticks": "", + "showspikes": false, + "showline": false, + "zeroline": true, + "type": "linear", + "tickfont": { + "size": 28 + } + }, + "autosize": true, + "mapbox": { + "style": "open-street-map" + }, + "dragmode": "pan", + "title": { + "text": "Fedora CoreOS Node Count", + "font": { + "size": 33 + } + }, + "legend": { + "font": { + "size": 28 + }, + "orientation": "h", + "x": 0.2471859552265083, + "y": 0.9623782823483056 + } + }, + "frames": [] + }, + "name": "FCOS Node Count", + "createdAt": "2025-05-12T20:55:20.874Z" + }, + { + "id": "rcnNNlpFRfhIaX27ownZa", + "query": "SELECT date(julianday('1970-01-05')+weeknum*7 + 6) AS date, upper(trim(repo_tag, 'updates-releaseed-')) as repo_tag, os_variant, SUM(hits) FROM countme_totals\n WHERE os_variant IS 'coreos'\n AND repo_tag REGEXP 'updates-released-f[3-4][0-9]'\n AND weeknum = (SELECT MAX(weeknum) FROM countme_totals)\n GROUP BY repo_tag;", + "viewType": "chart", + "viewOptions": { + "data": [ + { + "type": "pie", + "mode": "markers", + "values": null, + "valuessrc": "SUM(hits)", + "meta": { + "columnNames": { + "values": "SUM(hits)", + "labels": "repo_tag" + } + }, + "labels": null, + "labelssrc": "repo_tag", + "hole": 0.5, + "pull": 0, + "marker": { + "line": { + "width": 2 + } + }, + "textinfo": "label", + "textfont": { + "size": 25 + }, + "sort": false, + "direction": "clockwise", + "rotation": -90, + "legendgroup": 1, + "showlegend": true, + "hoverinfo": "percent+label+value", + "opacity": 1, + "textposition": "inside" + } + ], + "layout": { + "xaxis": { + "range": [ + -1, + 6 + ], + "autorange": true + }, + "yaxis": { + "range": [ + -1, + 4 + ], + "autorange": true + }, + "autosize": true, + "mapbox": { + "style": "open-street-map" + }, + "title": { + "text": "Fedora CoreOS Release Breakdown", + "x": 0.5, + "font": { + "size": 31 + } + }, + "showlegend": true, + "legend": { + "font": { + "family": "monospace", + "size": 22 + }, + "title": { + "text": "
", + "font": { + "size": 34 + } + }, + "y": 0.04329087951849141, + "x": 0.20084040421902638, + "yanchor": "bottom", + "orientation": "v" + }, + "hiddenlabels": [], + "hoverlabel": { + "align": "auto" + }, + "uniformtext": { + "mode": false + }, + "modebar": { + "orientation": "h" + }, + "margin": { + "pad": 0, + "r": 80 + }, + "extendpiecolors": true, + "piecolorway": [ + "#1b9e77", + "#d95f02", + "#7570b3", + "#e7298a", + "#66a61e", + "#e6ab02", + "#a6761d", + "#666666" + ] + }, + "frames": [] + }, + "name": "FCOS Release Breakdown", + "createdAt": "2025-05-12T20:55:31.761Z" + }, + { + "id": "BZlflOgPAYGoaKwjBpIe8", + "query": "SELECT date(julianday('1970-01-05')+weeknum*7 + 6) AS date, weeknum, SUM(coreos_hits), SUM(cloud_hits), SUM(server_hits) FROM (\n SELECT weeknum, 0 AS server_hits, 0 AS cloud_hits, SUM(hits) AS coreos_hits FROM countme_totals WHERE os_variant IS 'coreos' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' AND sys_age > 1 GROUP BY weeknum\n UNION\n SELECT weeknum, 0 AS server_hits, SUM(hits) AS cloud_hits, 0 AS coreos_hits FROM countme_totals WHERE os_variant IS 'cloud' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' AND sys_age > 1 GROUP BY weeknum\n UNION\n SELECT weeknum, SUM(hits) AS server_hits, 0 AS cloud_hits, 0 AS coreos_hits FROM countme_totals WHERE os_variant IS 'server' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' AND sys_age > 1 GROUP BY weeknum\n) WHERE date > '2022-01-01' GROUP BY weeknum", + "viewType": "chart", + "viewOptions": { + "data": [ + { + "type": "scatter", + "mode": "lines", + "stackgroup": null, + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(cloud_hits)" + } + }, + "y": null, + "ysrc": "SUM(cloud_hits)", + "name": "Cloud", + "line": { + "width": 5 + } + }, + { + "type": "scatter", + "mode": "lines", + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(coreos_hits)" + } + }, + "y": null, + "ysrc": "SUM(coreos_hits)", + "name": "CoreOS", + "line": { + "width": 5 + } + }, + { + "type": "scatter", + "mode": "lines", + "stackgroup": null, + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(server_hits)" + } + }, + "y": null, + "ysrc": "SUM(server_hits)", + "name": "Server", + "line": { + "width": 5 + } + } + ], + "layout": { + "xaxis": { + "range": [ + "2023-05-18 21:13:31.5607", + "2025-05-04" + ], + "autorange": false, + "type": "date", + "tickfont": { + "size": 22 + } + }, + "yaxis": { + "range": [ + -4149.444444444446, + 85743.15981948335 + ], + "autorange": false, + "type": "linear", + "tickfont": { + "size": 22 + } + }, + "autosize": true, + "mapbox": { + "style": "open-street-map" + }, + "title": { + "text": "Static Node Count for Fedora Cloud/CoreOS/Server" + }, + "dragmode": "zoom", + "legend": { + "font": { + "size": 28 + }, + "orientation": "h", + "x": 0.4185161699429296, + "y": 0.988780487804878 + } + }, + "frames": [] + }, + "name": "Static Node Count By Edition", + "createdAt": "2025-05-12T20:56:19.303Z" + }, + { + "id": "r6KJ-g1sxjbqtOYuWRJoK", + "query": "SELECT date(julianday('1970-01-05')+weeknum*7 + 6) AS date, weeknum, SUM(coreos_hits), SUM(cloud_hits), SUM(server_hits) FROM (\n SELECT weeknum, 0 AS server_hits, 0 AS cloud_hits, SUM(hits) AS coreos_hits FROM countme_totals WHERE os_variant IS 'coreos' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' AND sys_age = 1 GROUP BY weeknum\n UNION\n SELECT weeknum, 0 AS server_hits, SUM(hits) AS cloud_hits, 0 AS coreos_hits FROM countme_totals WHERE os_variant IS 'cloud' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' AND sys_age = 1 GROUP BY weeknum\n UNION\n SELECT weeknum, SUM(hits) AS server_hits, 0 AS cloud_hits, 0 AS coreos_hits FROM countme_totals WHERE os_variant IS 'server' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' AND sys_age = 1 GROUP BY weeknum\n) WHERE date > '2022-01-01' GROUP BY weeknum", + "viewType": "chart", + "viewOptions": { + "data": [ + { + "type": "scatter", + "mode": "lines", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(cloud_hits)" + } + }, + "x": null, + "xsrc": "date", + "name": "Cloud", + "y": null, + "ysrc": "SUM(cloud_hits)", + "line": { + "width": 5 + } + }, + { + "type": "scatter", + "mode": "lines", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(coreos_hits)" + } + }, + "x": null, + "xsrc": "date", + "y": null, + "ysrc": "SUM(coreos_hits)", + "name": "CoreOS", + "line": { + "width": 5 + } + }, + { + "type": "scatter", + "mode": "lines", + "stackgroup": null, + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(server_hits)" + } + }, + "y": null, + "ysrc": "SUM(server_hits)", + "x": null, + "xsrc": "date", + "name": "Server", + "line": { + "width": 5 + } + } + ], + "layout": { + "xaxis": { + "range": [ + "2023-05-14 20:40:13.8728", + "2025-05-04" + ], + "autorange": false, + "type": "date", + "tickfont": { + "size": 22 + } + }, + "yaxis": { + "range": [ + -7660.833333333334, + 155839.15818339647 + ], + "autorange": false, + "type": "linear", + "tickfont": { + "size": 22 + } + }, + "autosize": true, + "mapbox": { + "style": "open-street-map" + }, + "title": { + "text": "Transient Node Count for Fedora Cloud/CoreOS/Server" + }, + "dragmode": "zoom", + "legend": { + "font": { + "size": 28 + }, + "orientation": "h", + "x": 0.388712745719721, + "y": 1.0030674846625767 + } + }, + "frames": [] + }, + "name": "Transient Node Count By Edition", + "createdAt": "2025-05-12T20:56:34.411Z" + }, + { + "id": "8C93FoFqg3Zpw4wcxyS2e", + "query": "SELECT date(julianday('1970-01-05')+weeknum*7 + 6) AS date, weeknum, SUM(coreos_hits), SUM(cloud_hits), SUM(server_hits) FROM (\n SELECT weeknum, 0 AS server_hits, 0 AS cloud_hits, SUM(hits) AS coreos_hits FROM countme_totals WHERE os_variant IS 'coreos' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' GROUP BY weeknum\n UNION\n SELECT weeknum, 0 AS server_hits, SUM(hits) AS cloud_hits, 0 AS coreos_hits FROM countme_totals WHERE os_variant IS 'cloud' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' GROUP BY weeknum\n UNION\n SELECT weeknum, SUM(hits) AS server_hits, 0 AS cloud_hits, 0 AS coreos_hits FROM countme_totals WHERE os_variant IS 'server' AND repo_tag REGEXP 'updates-released-f[3-4][0-9]' GROUP BY weeknum\n) WHERE date > '2022-01-01' GROUP BY weeknum", + "viewType": "chart", + "viewOptions": { + "data": [ + { + "type": "scatter", + "mode": "lines", + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(cloud_hits)" + } + }, + "y": null, + "ysrc": "SUM(cloud_hits)", + "name": "Cloud", + "line": { + "width": 5 + } + }, + { + "type": "scatter", + "mode": "lines", + "stackgroup": null, + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(coreos_hits)" + } + }, + "y": null, + "ysrc": "SUM(coreos_hits)", + "name": "CoreOS", + "line": { + "width": 5 + } + }, + { + "type": "scatter", + "mode": "lines", + "stackgroup": null, + "x": null, + "xsrc": "date", + "meta": { + "columnNames": { + "x": "date", + "y": "SUM(server_hits)" + } + }, + "y": null, + "ysrc": "SUM(server_hits)", + "name": "Server", + "line": { + "width": 5 + } + } + ], + "layout": { + "xaxis": { + "range": [ + "2023-05-17 21:05:12.1387", + "2025-05-04" + ], + "autorange": false, + "type": "date", + "tickfont": { + "size": 22 + } + }, + "yaxis": { + "range": [ + -10802.38888888889, + 229205.70535714284 + ], + "autorange": false, + "type": "linear", + "tickfont": { + "size": 22 + } + }, + "autosize": true, + "mapbox": { + "style": "open-street-map" + }, + "title": { + "text": "Total Node Count for Fedora Cloud/CoreOS/Server" + }, + "legend": { + "orientation": "h", + "x": 0.4578313253012048, + "y": 0.9863986313088109, + "font": { + "size": 28 + } + } + }, + "frames": [] + }, + "name": "Total Node Count for Fedora Cloud/CoreOS/Server", + "createdAt": "2025-05-12T20:56:53.783Z" + } + ] +} \ No newline at end of file From 84ffe2606fff4db77a0b8c6bbbcf89caf8c8bd31 Mon Sep 17 00:00:00 2001 From: mikyll Date: Thu, 22 May 2025 11:52:39 +0200 Subject: [PATCH 151/167] style: sort meeting-people --- meeting-people.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index be3e97c..b1e89cd 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -2,6 +2,7 @@ # Please keep this list in alphabetical order. @aaradhak:matrix.org @apiaseck:matrix.org +@bipinbn:fedora.im @bri:transfem.dev @davdunc:fedora.im @dustymabe:matrix.org @@ -22,4 +23,3 @@ @walters:fedora.im @ydesouza:fedora.im @yves:siegrist.io -@bipinbn:fedora.im From 2ff0880b380d1213ae1f8dbff2792a06758a6e30 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Tue, 27 May 2025 09:17:05 -0400 Subject: [PATCH 152/167] README: fix chrome commands The --user-data-dir command requires the `=` I guess because otherwise it tries to launch ~/chrome-disable-web-security/ in the browser upon running. Fixes 8c5a98b. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3d8a930..5eb6f5a 100644 --- a/README.md +++ b/README.md @@ -188,9 +188,9 @@ you have to run your browser in a specific mode to allow the application to download the database and the inquiries file: ``` -chromium-browser --disable-web-security --user-data-dir ~/chrome-disable-web-security/ +chromium-browser --disable-web-security --user-data-dir=~/chrome-disable-web-security/ # OR -google-chrome-stable --disable-web-security --user-data-dir ~/chrome-disable-web-security/ +google-chrome-stable --disable-web-security --user-data-dir=~/chrome-disable-web-security/ ``` Now navigate to From 6bb6743383d4eafacfa051b4cb5f5f1bc1487f36 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Sat, 14 Jun 2025 10:15:58 -0400 Subject: [PATCH 153/167] Clean up references to the Packet platform Packet is now dead and so we can drop any mentions of it. --- Design.md | 11 +---------- PRD.txt | 2 +- metadata/stream/rationale.yaml | 17 ++--------------- 3 files changed, 4 insertions(+), 26 deletions(-) diff --git a/Design.md b/Design.md index c458776..6b83bb1 100644 --- a/Design.md +++ b/Design.md @@ -230,15 +230,6 @@ Originally discussed in [#68](https://github.com/coreos/fedora-coreos-tracker/is - OpenStack environments do not require a cloud agent - We will provide any base level of functionality with ignition and coreos-metadata -### Packet: - -Originally discussed in [#69](https://github.com/coreos/fedora-coreos-tracker/issues/69). - -- On the first boot, Packet requires the machine to phone home to report a successful boot. This will be [handled by coreos-metadata](https://github.com/coreos/coreos-metadata/issues/120). -- Packet provides the IPv4 public address via DHCP, allowing a machine to acquire network via standard mechanisms. However, to obtain a private IPv4 address or a public IPv6 address (on the same interface), networking must be configured using metadata from an HTTP metadata service. This can be handled by coreos-metadata in the initramfs, but it [may need to learn to configure NetworkManager or nm-state](https://github.com/coreos/fedora-coreos-tracker/issues/111) depending on the outcome of [#24](https://github.com/coreos/fedora-coreos-tracker/issues/24). -- Packet needs the serial console on x86 to be directed to `ttyS1`, not `ttyS0`, requiring [cloud-specific bootloader configuration](https://github.com/coreos/fedora-coreos-tracker/issues/110). A different serial console configuration is required on ARM64. -- On many Linux OSes, Packet sets a randomized root password which is then available from the Packet console for 24 hours. This allows the serial (SOS) console to be used for interactive debugging. Container Linux, instead, enables autologin on the console by default. To avoid surprising users, Fedora CoreOS will do neither. For interactive console access, users can use Ignition to enable autologin or to set a password on the `core` account, and we'll document how to do that. - ### Open questions: - What do we do about VMware, which has a very involved and intrusive "agent"? @@ -275,7 +266,7 @@ This means: Originally discussed in [#114](https://github.com/coreos/fedora-coreos-tracker/issues/114). -We will not enable autologin on serial or VGA consoles by default, even on platforms (e.g. Azure, DigitalOcean, GCP, Packet) which provide authenticated console access. Doing so would provide an access vector that could surprise users unfamiliar with their platform's console access mechanism and access control policy. For users who wish to use the console for debugging, we will provide documentation for using Ignition to enable autologin or to set a user password. +We will not enable autologin on serial or VGA consoles by default, even on platforms (e.g. Azure, DigitalOcean, GCP) which provide authenticated console access. Doing so would provide an access vector that could surprise users unfamiliar with their platform's console access mechanism and access control policy. For users who wish to use the console for debugging, we will provide documentation for using Ignition to enable autologin or to set a user password. ### Automatically disable SMT when needed to address vulnerabilities diff --git a/PRD.txt b/PRD.txt index 1cd5a63..a09dd46 100644 --- a/PRD.txt +++ b/PRD.txt @@ -117,7 +117,7 @@ All artifacts will be downloadable from the getfedora.org website. Similarly, fo === Delivery Format === -Artifacts will be delivered as cloud images on Amazon EC2, Azure, DigitalOcean, Google Compute Engine, and Packet; as downloadable images for OpenStack, QEMU, VirtualBox, and VMware; and as ISO images, netboot images, and installable raw images for bare metal systems. We may add other public cloud images and downloadable formats to meet demand or anticipated need. +Artifacts will be delivered as cloud images on Amazon EC2, Azure, DigitalOcean, and Google Compute Engine; as downloadable images for OpenStack, QEMU, VirtualBox, and VMware; and as ISO images, netboot images, and installable raw images for bare metal systems. We may add other public cloud images and downloadable formats to meet demand or anticipated need. === Architectures === diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 4f61dab..0f6859f 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -10,8 +10,8 @@ architectures: artifacts: # Some of these will be useful for many users, such as qemu or # openstack. Some will likely only be useful for cloud operators, - # such as digitalocean or packet. Some, such as aws, are useful - # for users in special situations. + # such as digitalocean. Some, such as aws, are useful for users + # in special situations. aliyun: release: 30.1.2.3 formats: @@ -163,15 +163,6 @@ architectures: signature: https://artifacts.example.com/oKooheogobofai8l.qcow2.xz.sig sha256: ae41e4649b934ca495991b785e3b0c44298fc1c149afbf4c8996fb924272b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 - packet: - release: 30.1.2.3 - formats: - "raw.xz": - disk: - location: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz - signature: https://artifacts.example.com/Oofohng0xo2phai5.raw.xz.sig - sha256: e41e4649b934ca495991b7852b85e3b0c44298fc1c149afbf4c8996fb92427a5 - uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 qemu: release: 30.1.2.3 formats: @@ -266,7 +257,3 @@ architectures: # currently recommended image, and its release. release: 30.1.2.3 digest-ref: exampleregistry.io/fcos/fcos@sha256:67a81539946ec0397196c145394553b8e0241acf27b14ae9de43bc56e167f773 - packet: - # Images don't have addressable versions, so an operating system - # slug is the best we can do. - image: fedora_coreos_stable From 835cb02346fca2f175ad99f333c048987b135cde Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Sat, 14 Jun 2025 10:20:26 -0400 Subject: [PATCH 154/167] metadata: add examples for proxmoxve https://github.com/coreos/fedora-coreos-tracker/issues/1652 --- metadata/release/sample.json | 11 +++++++++++ metadata/stream/rationale.yaml | 8 ++++++++ metadata/stream/sample.json | 12 ++++++++++++ 3 files changed, 31 insertions(+) diff --git a/metadata/release/sample.json b/metadata/release/sample.json index ac02a1c..4556778 100644 --- a/metadata/release/sample.json +++ b/metadata/release/sample.json @@ -203,6 +203,17 @@ } } }, + "proxmoxve": { + "artifacts": { + "raw.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-proxmoxve.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-proxmoxve.qcow2.xz.sig", + "sha256": "394cd6431b19c82a46a7215ebead15960faf9814092203456d56960a1b4d8777" + } + } + } + }, "qemu": { "artifacts": { "qcow2.xz": { diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 0f6859f..2922fda 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -163,6 +163,14 @@ architectures: signature: https://artifacts.example.com/oKooheogobofai8l.qcow2.xz.sig sha256: ae41e4649b934ca495991b785e3b0c44298fc1c149afbf4c8996fb924272b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + proxmoxve: + release: 30.1.2.3 + formats: + "qcow2.xz": + disk: + location: https://artifacts.example.com/TieshohWah0aewai/.qcow2.xz + signature: https://artifacts.example.com/TieshohWah0aewai/.qcow2.xz.sig + sha256: 394cd6431b19c82a46a7215ebead15960faf9814092203456d56960a1b4d8777 qemu: release: 30.1.2.3 formats: diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index 7eafcf9..fedcc6c 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -227,6 +227,18 @@ } } }, + "proxmoxve": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-proxmoxve.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-proxmoxve.x86_64.qcow2.xz.sig", + "sha256": "394cd6431b19c82a46a7215ebead15960faf9814092203456d56960a1b4d8777" + } + } + } + }, "qemu": { "release": "33.20210412.3.0", "formats": { From 28b58fb50fe5ff3286d53f2bc40f7ded0b59174e Mon Sep 17 00:00:00 2001 From: Michael Armijo Date: Wed, 25 Jun 2025 10:53:07 -0600 Subject: [PATCH 155/167] README: update the Fedora CoreOS Community Meeting time It was decided in the community meeting on 2025-06-25 to move the meeting time one hour earlier to accomodate more members. See: https://github.com/coreos/fedora-coreos-tracker/issues/1972 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5eb6f5a..6a188e3 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ happens in [#meeting-1:fedoraproject.org](https://matrix.to/#/#meeting-1:fedoraproject.org) on Matrix and the schedule for the meeting can be found here: https://calendar.fedoraproject.org/CoreOS/ Currently, meetings are at -[`16:30 UTC`](https://time.is/16:30+UTC) on Wednesdays. +[`15:30 UTC`](https://time.is/15:30+UTC) on Wednesdays. As the [Matrix bridge to Libera Chat is shutdown](https://matrix.org/blog/2023/11/28/shutting-down-bridge-to-libera-chat/), From a3626c613a378df036e0845ab934397ae28150f0 Mon Sep 17 00:00:00 2001 From: Clement Verna Date: Wed, 2 Jul 2025 09:11:56 +0200 Subject: [PATCH 156/167] Update Discourse tag the coreos tag in discourse is not used anymore. Instead we are using the coreos-wg tag Signed-off-by: Clement Verna --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6a188e3..decca97 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,7 @@ technologies and produce Fedora CoreOS. - Main mailing list: [coreos@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/) - Status mailing list: [coreos-status@lists.fedoraproject.org](https://lists.fedoraproject.org/archives/list/coreos-status@lists.fedoraproject.org/) (announcements/important messages) - Chat room: [`#coreos:fedoraproject.org` on Matrix](https://chat.fedoraproject.org/#/room/#coreos:fedoraproject.org) -- Forum at [https://discussion.fedoraproject.org/tag/coreos](https://discussion.fedoraproject.org/tag/coreos) +- Forum at [https://discussion.fedoraproject.org/tag/coreos-wg](https://discussion.fedoraproject.org/tag/coreos-wg) - Feature planning and important issue tracking at [github.com/coreos/fedora-coreos-tracker](https://github.com/coreos/fedora-coreos-tracker) - Website at [https://getfedora.org/coreos/](https://getfedora.org/coreos/) - Documentation at [https://docs.fedoraproject.org/en-US/fedora-coreos/](https://docs.fedoraproject.org/en-US/fedora-coreos/) From 2be92966706d2d3e66592912ec594fe3b9f85e91 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 18 Jul 2025 14:17:46 -0400 Subject: [PATCH 157/167] metadata: add examples for oraclecloud https://github.com/coreos/fedora-coreos-tracker/issues/1967 --- metadata/release/sample.json | 11 +++++++++++ metadata/stream/rationale.yaml | 9 +++++++++ metadata/stream/sample.json | 13 +++++++++++++ 3 files changed, 33 insertions(+) diff --git a/metadata/release/sample.json b/metadata/release/sample.json index 4556778..23818b4 100644 --- a/metadata/release/sample.json +++ b/metadata/release/sample.json @@ -203,6 +203,17 @@ } } }, + "oraclecloud": { + "artifacts": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-oraclecloud.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/testing/builds/30.20190801.0/x86_64/fedora-coreos-30.20190801.0-oracecloud.qcow2.xz.sig", + "sha256": "868da197ae9179aded982ea6445d7d5e30acf8d03cdcdc32acfe2003d2c65491" + } + } + } + }, "proxmoxve": { "artifacts": { "raw.xz": { diff --git a/metadata/stream/rationale.yaml b/metadata/stream/rationale.yaml index 2922fda..4072f34 100644 --- a/metadata/stream/rationale.yaml +++ b/metadata/stream/rationale.yaml @@ -163,6 +163,15 @@ architectures: signature: https://artifacts.example.com/oKooheogobofai8l.qcow2.xz.sig sha256: ae41e4649b934ca495991b785e3b0c44298fc1c149afbf4c8996fb924272b855 uncompressed-sha256: 38acb15d02d5ac0f2a2789602e9df950c380d2799b4bdb59394e4eeabdd3a662 + oraclecloud: + release: 30.1.2.3 + formats: + "qcow2.xz": + disk: + location: https://artifacts.example.com/oKooheogobofai8l.qcow2.xz + signature: https://artifacts.example.com/oKooheogobofai8l.qcow2.xz.sig + sha256: 868da197ae9179aded982ea6445d7d5e30acf8d03cdcdc32acfe2003d2c65491" + uncompressed-sha256: 75a5c30bf84a605cc9fa617e856d9523d8d4c50607837a7d33e4d81e9809891a proxmoxve: release: 30.1.2.3 formats: diff --git a/metadata/stream/sample.json b/metadata/stream/sample.json index fedcc6c..134ebb0 100644 --- a/metadata/stream/sample.json +++ b/metadata/stream/sample.json @@ -227,6 +227,19 @@ } } }, + "oraclecloud": { + "release": "33.20210412.3.0", + "formats": { + "qcow2.xz": { + "disk": { + "location": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-oraclecloud.x86_64.qcow2.xz", + "signature": "https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/33.20210412.3.0/x86_64/fedora-coreos-33.20210412.3.0-oraclecloud.x86_64.qcow2.xz.sig", + "sha256": "868da197ae9179aded982ea6445d7d5e30acf8d03cdcdc32acfe2003d2c65491", + "uncompressed-sha256": "75a5c30bf84a605cc9fa617e856d9523d8d4c50607837a7d33e4d81e9809891a" + } + } + } + }, "proxmoxve": { "release": "33.20210412.3.0", "formats": { From 5623cd963b5fb1d018c460a0ffad07e8395f7160 Mon Sep 17 00:00:00 2001 From: Michael Armijo Date: Wed, 8 Oct 2025 11:26:55 -0600 Subject: [PATCH 158/167] templates/rebase: untag old pkgs at first change checkpoint instead of GA Move the 'untag old packages' steps up to be performed at at the first change checkpoint instead of after Fedora (N) GA. --- .github/ISSUE_TEMPLATE/rebase.md | 94 ++++++++++++++++---------------- 1 file changed, 48 insertions(+), 46 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 4434ea7..666ef64 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -9,6 +9,54 @@ - [ ] Test Week ([template](https://github.com/coreos/fedora-coreos-tracker/issues/new?template=test-week.md&title=tracker:+FN+Test+Week)) - [ ] Communications Tracker ([example](https://github.com/coreos/fedora-coreos-tracker/issues/1655)) +## At the first change checkpoint + +### Untag old packages + +`koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 32 key and untags them. Use this process: + +- [ ] Find the key short hash. Usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2). Then: + +``` +f32key=12c944d0 +key=$f32key +echo > untaglist # create or empty out file +for build in $(koji list-tagged --quiet coreos-pool | cut -f1 -d' '); do + if koji buildinfo $build | grep -i $key 1>/dev/null; then + echo "Adding $build to untag list" + echo "${build}" >> untaglist + fi +done +``` + +Now we have a list of builds to untag. But we need a few more sanity checks. + +- [ ] Make sure none of the builds are used in `N` based FCOS. Check by running: + +``` +f32key=12c944d0 +key=$f32key +podman run -it --rm quay.io/fedora/fedora-coreos:testing-devel rpm -qai | grep -i -B 9 $key +podman rmi quay.io/fedora/fedora-coreos:testing-devel +``` + +If there are any RPMs signed by the old key they'll need to be investigated. Maybe they shouldn't be used any longer. Or maybe they're still needed. One example of this is the shim RPM where the same build could be used for many Fedora releases. In this case you'll need to untag the RPM from `coreos-pool`, run a `koji distrepo`, which will remove that RPM from the repo metadata, and then re-tag it into the pool. The RPM in the repo will now be signed with a newer signing key. + + + +- [ ] After verifying the list looks good, untag: + +``` +# use xargs so we don't exhaust bash string limit +cat untaglist | xargs -L50 koji untag-build -v coreos-pool +``` + +- [ ] Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit. + +- [ ] Remove the N-2 signing key from the tag info for the coreos-pool tag. The following commands view the current settings and then update the list to the 33/34/35 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). + - `koji taginfo coreos-pool` + - `koji edit-tag coreos-pool -x tag2distrepo.keys="9570ff31 45719a39 9867c58f"` + ## At Branching Branching is when a new stream is "branched" off of `rawhide`. This eventually becomes the next major Fedora (N). @@ -127,52 +175,6 @@ We prefer to disable `next-devel` when there is no difference between `testing-d - [ ] Ship `stable` - [ ] Set a new update barrier for the final release of N-1 on `stable`. In the barrier entry set a link to [the docs](https://docs.fedoraproject.org/en-US/fedora-coreos/update-barrier-signing-keys/). See [discussion](https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-1247314065) -### Untag old packages - -`koji untag` N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 32 key and untags them. Use this process: - -- [ ] Find the key short hash. Usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2). Then: - -``` -f32key=12c944d0 -key=$f32key -echo > untaglist # create or empty out file -for build in $(koji list-tagged --quiet coreos-pool | cut -f1 -d' '); do - if koji buildinfo $build | grep $key 1>/dev/null; then - echo "Adding $build to untag list" - echo "${build}" >> untaglist - fi -done -``` - -Now we have a list of builds to untag. But we need a few more sanity checks. - -- [ ] Make sure none of the builds are used in `N` based FCOS. Check by running: - -``` -f32key=12c944d0 -key=$f32key -podman run -it --rm quay.io/fedora/fedora-coreos:testing-devel rpm -qai | grep -B 9 $key -podman rmi quay.io/fedora/fedora-coreos:testing-devel -``` - -If there are any RPMs signed by the old key they'll need to be investigated. Maybe they shouldn't be used any longer. Or maybe they're still needed. One example of this is the shim RPM where the same build could be used for many Fedora releases. In this case you'll need to untag the RPM from `coreos-pool`, run a `koji distrepo`, which will remove that RPM from the repo metadata, and then re-tag it into the pool. The RPM in the repo will now be signed with a newer signing key. - - - -- [ ] After verifying the list looks good, untag: - -``` -# use xargs so we don't exhaust bash string limit -cat untaglist | xargs -L50 koji untag-build -v coreos-pool -``` - -- [ ] Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit. - -- [ ] Remove the N-2 signing key from the tag info for the coreos-pool tag. The following commands view the current settings and then update the list to the 33/34/35 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). - - `koji taginfo coreos-pool` - - `koji edit-tag coreos-pool -x tag2distrepo.keys="9570ff31 45719a39 9867c58f"` - ### Open ticket for the next Fedora rebase - [ ] Create a new ticket from the [rebase template](https://github.com/coreos/fedora-coreos-tracker/issues/new?assignees=&labels=area%2Fplatforms%2C+kind%2Fenhancement&template=rebase.md&title=tracker:+Rebase+onto+Fedora+N) From 9e27b0eb0445dc20ba05ba07feffd4afb7485420 Mon Sep 17 00:00:00 2001 From: Michael Armijo Date: Fri, 24 Oct 2025 11:54:23 -0600 Subject: [PATCH 159/167] templates/rebase: add step to update build-args.conf This is a new file that needs to be updated with each rebase. Let's add steps to do that at the proper times. --- .github/ISSUE_TEMPLATE/rebase.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 666ef64..5f254fd 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -105,6 +105,7 @@ Example PR: https://github.com/coreos/coreos-installer/pull/1113 - [ ] Bump `releasever` in `manifest.yaml` - [ ] Add the `fedora-candidate-compose` repo in `manifest.yaml` ([example PR](https://github.com/coreos/fedora-coreos-config/pull/2706)) - [ ] Update the repos in `manifest.yaml` if needed +- [ ] Bump the Fedora version and `BUILDER_IMG` tag in `build-args.conf` - [ ] Run `cosa fetch --dry-run --update-lockfile` - this updates the x86_64 lockfile - the others will get updated when `bump-lockfile` runs. - in the future we may support [this](https://github.com/coreos/coreos-assembler/issues/3088) in `cosa fetch` directly @@ -142,6 +143,7 @@ If the packages in `next-devel` don't exactly match the last `next` release that - [ ] Sync the lockfiles for all arches from `next-devel` - [ ] Bump the base Fedora version in `ci/buildroot/Dockerfile` - [ ] Bump the Fedora version for the test containers in `tests/kola/data/commonlib.sh` +- [ ] Bump the Fedora version and `BUILDER_IMG` tag in `build-args.conf` - [ ] PR the result From 37c9a7511ba4595e7a2efc1b0c982795319fc7e4 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 31 Oct 2025 08:49:13 -0400 Subject: [PATCH 160/167] templates/rebase: add example link to step Examples are usually really useful so let's add one here. --- .github/ISSUE_TEMPLATE/rebase.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 5f254fd..c8af8da 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -76,7 +76,7 @@ Branching is when a new stream is "branched" off of `rawhide`. This eventually b - `koji tag-build f${N+1}-coreos-continuous $BUILD` - example: `koji tag-build f36-coreos-continuous fedora-release-36-0.16` -- [ ] Add the N+1 signing key short hash (usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2)) to the tag info for the coreos-pool tag. The following commands view the current settings and then update the list to the 32/33/34/35 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). +- [ ] Add the N+1 signing key short hash (usually found [here](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/backend/templates/pungi.rpm.conf.j2)) to the tag info for the coreos-pool tag. The following commands view the current settings and then update the list to the 32/33/34/35 keys. You'll most likely have to get someone from releng to run the second command (`edit-tag`). An example request looks [like this](https://pagure.io/releng/issue/10635). - `koji taginfo coreos-pool` - `koji edit-tag coreos-pool -x tag2distrepo.keys="12c944d0 9570ff31 45719a39 9867c58f"` From 517fc3f002e5c8c887c42c56499492d62051b1be Mon Sep 17 00:00:00 2001 From: Michael Armijo Date: Fri, 14 Nov 2025 11:15:44 -0700 Subject: [PATCH 161/167] templates/rebase: also update the cosa ci-operator buildroot image Document this step so we remember to update it with each fedora major release. --- .github/ISSUE_TEMPLATE/rebase.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index c8af8da..323d5e2 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -190,6 +190,7 @@ These are various containers in use throughout our ecosystem. We should update o - [ ] Update coreos-assembler or open ticket to update: - [Dockerfile](https://github.com/coreos/coreos-assembler/blob/main/Dockerfile) - [Dockerfiles for kola test containers](https://github.com/coreos/coreos-assembler/tree/main/tests/containers) + - [Dockerfile for the OpenShift CI buildroot image](https://github.com/openshift/release/blob/master/ci-operator/config/coreos/coreos-assembler/coreos-coreos-assembler-main.yaml) - [ ] Update coreos-installer - [Dockerfile](https://github.com/coreos/coreos-installer/blob/main/Dockerfile) - [ ] Update Ignition From e2976b3dfac0ac96e7eba40c549199ace6955b24 Mon Sep 17 00:00:00 2001 From: Michael Armijo Date: Fri, 21 Nov 2025 11:02:20 -0700 Subject: [PATCH 162/167] templates/rebase: rhcos extensions update no longer required The RHCOS extensions container was updated to use centos:stream9 instead of fedora:N as the builder[1]. Remove the step from the checklist since it's no longer required. [1]: https://github.com/openshift/os/commit/cdd91139ec030bbb3d8d8ba8436f5ee4c7711813 xref: https://github.com/coreos/fedora-coreos-tracker/issues/1935 --- .github/ISSUE_TEMPLATE/rebase.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 323d5e2..0523d72 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -216,5 +216,3 @@ These are various containers in use throughout our ecosystem. We should update o - [Dockerfile](https://github.com/coreos/fedora-coreos-releng-automation/blob/main/fedora-ostree-pruner/Dockerfile) - [ImageStream](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/fedora-ostree-pruner/templates/imagestream.yml) - [BuildConfig](https://pagure.io/fedora-infra/ansible/blob/main/f/roles/openshift-apps/fedora-ostree-pruner/templates/buildconfig.yml) -- [ ] Update RHCOS extensions container - - [Dockerfile](https://github.com/openshift/os/blob/master/extensions/Dockerfile) From bb3b71f890896d1af13ef194d704be456bf3ffa0 Mon Sep 17 00:00:00 2001 From: Michael Armijo Date: Fri, 21 Nov 2025 11:10:28 -0700 Subject: [PATCH 163/167] templates/rebase: add step to udpate fcos-meeting-action template We need to bump the "Review Fedora N+1 Release Schedule" schedule with each Fedora major release so we can start tracking it during the weekly community meeting. Add a step to do so when Fedora N goes GA. --- .github/ISSUE_TEMPLATE/rebase.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 0523d72..3b52bad 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -182,6 +182,12 @@ We prefer to disable `next-devel` when there is no difference between `testing-d - [ ] Create a new ticket from the [rebase template](https://github.com/coreos/fedora-coreos-tracker/issues/new?assignees=&labels=area%2Fplatforms%2C+kind%2Fenhancement&template=rebase.md&title=tracker:+Rebase+onto+Fedora+N) - label with `FN` label where `N` is the Fedora version. +### Update the FCOS Meeting-Action Template + +Now that Fedora N is GA, we need to start tracking the release schedule of Fedora N+1 during the weekly [Fedora CoreOS Community Meeting](https://github.com/coreos/fedora-coreos-tracker/blob/main/README.md#meetings). + +- [ ] Update the "Review Fedora N Release Schedule" topic and link to point to Fedora N+1 in the [FCOS meeting-action template](https://github.com/coreos/fcos-meeting-action/blob/main/static/meeting-template.md) + ## Miscellaneous container updates From 10cbb194162de2b4553312ebcc17682b29459e77 Mon Sep 17 00:00:00 2001 From: Rolv Apneseth Date: Wed, 7 Jan 2026 15:26:23 +0000 Subject: [PATCH 164/167] Add @rapneset:matrix.org to meeting-people.txt --- meeting-people.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/meeting-people.txt b/meeting-people.txt index b1e89cd..5ed1d2b 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -18,6 +18,7 @@ @marmijo:fedora.im @miabbott:fedora.im @quentin9696:matrix.org +@rapneset:matrix.org @ravanelli:fedora.im @tlbueno:fedora.im @walters:fedora.im From c78116bb71769201ebe224096da314b1c748d5fe Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Fri, 6 Feb 2026 15:38:41 -0500 Subject: [PATCH 165/167] templates/rebase: update steps to update build-args.conf We've moved more and more stuff into build-args.conf and we don't need to update the manifest for a lot of these steps now. --- .github/ISSUE_TEMPLATE/rebase.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 3b52bad..9659c8b 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -91,21 +91,20 @@ Example PR: https://github.com/coreos/coreos-installer/pull/1113 ### Update `rawhide` stream -- [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/rawhide/manifest.yaml) to list N+1 as the releasever ([example PR](https://github.com/coreos/fedora-coreos-config/pull/2855)) +- [ ] Update `VERSION`, `MUTATE_OS_RELEASE`, `BUILDER_IMG` in [build-args.conf](https://github.com/coreos/fedora-coreos-config/blob/rawhide/build-args.conf) ([example PR](https://github.com/coreos/fedora-coreos-config/pull/4003)) ### Enable `branched` stream -- [ ] Update [manifest.yaml](https://github.com/coreos/fedora-coreos-config/blob/branched/manifest.yaml) to list N as the releasever ([example PR](https://github.com/coreos/fedora-coreos-config/pull/2549)) +- [ ] Update `VERSION`, `MUTATE_OS_RELEASE`, `BUILDER_IMG` in [build-args.conf](https://github.com/coreos/fedora-coreos-config/blob/branched/build-args.conf) ([example PR](https://github.com/coreos/fedora-coreos-config/pull/4005)) - [ ] Update [config.yaml](https://github.com/coreos/fedora-coreos-pipeline/blob/main/config.yaml) to un-comment out the `branched` stream definition ([example PR](https://github.com/coreos/fedora-coreos-pipeline/pull/904)) ## At Fedora (N) Beta ### Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `next-devel` -- [ ] Bump `releasever` in `manifest.yaml` +- [ ] Bump `VERSION`, `MUTATE_OS_RELEASE`, `BUILDER_IMG` in `build-args.conf` - [ ] Add the `fedora-candidate-compose` repo in `manifest.yaml` ([example PR](https://github.com/coreos/fedora-coreos-config/pull/2706)) - [ ] Update the repos in `manifest.yaml` if needed -- [ ] Bump the Fedora version and `BUILDER_IMG` tag in `build-args.conf` - [ ] Run `cosa fetch --dry-run --update-lockfile` - this updates the x86_64 lockfile - the others will get updated when `bump-lockfile` runs. - in the future we may support [this](https://github.com/coreos/coreos-assembler/issues/3088) in `cosa fetch` directly @@ -138,12 +137,11 @@ If the packages in `next-devel` don't exactly match the last `next` release that ### Update [fedora-coreos-config](https://github.com/coreos/fedora-coreos-config/) `testing-devel` -- [ ] Bump `releasever` in `manifest.yaml` +- [ ] Bump `VERSION`, `MUTATE_OS_RELEASE`, `BUILDER_IMG` in `build-args.conf` - [ ] Update the repos in `manifest.yaml` if needed - [ ] Sync the lockfiles for all arches from `next-devel` - [ ] Bump the base Fedora version in `ci/buildroot/Dockerfile` - [ ] Bump the Fedora version for the test containers in `tests/kola/data/commonlib.sh` -- [ ] Bump the Fedora version and `BUILDER_IMG` tag in `build-args.conf` - [ ] PR the result From 462c046f6598b761899d3bb1e4e96adfac4e28fc Mon Sep 17 00:00:00 2001 From: Michael Armijo Date: Tue, 10 Mar 2026 11:20:41 -0600 Subject: [PATCH 166/167] templates/rebase: add step to draft communication at Beta Add a step to the rebase checklist to draft an announcement to users of Fedora CoreOS informing them of upcoming changes in the Beta. We do this every release, so let's add it to the rebase checklist so we are reminded to prepare this in advance of the Beta release. --- .github/ISSUE_TEMPLATE/rebase.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/rebase.md b/.github/ISSUE_TEMPLATE/rebase.md index 9659c8b..64ad4b4 100644 --- a/.github/ISSUE_TEMPLATE/rebase.md +++ b/.github/ISSUE_TEMPLATE/rebase.md @@ -114,6 +114,10 @@ Example PR: https://github.com/coreos/coreos-installer/pull/1113 - [ ] Disable `branched` stream since it is no longer needed. - Update [config.yaml](https://github.com/coreos/fedora-coreos-pipeline/blob/main/config.yaml) to comment out the `branched` stream definition. +### Prepare Fedora CoreOS (N) Beta announcement + +- [ ] Draft an announcement that contains information found in the "Communications Tracker", created in a step above, to inform users of Fedora CoreOS of upcoming changes in the Fedora (N) version. [(example)](https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/thread/GK4RMQ3UFMLJGKMBUVTTWGNFVFNNSH5E/) + ### Ship rebased `next` - [ ] Ship `next` From 69b48f1aab13ba0eb7d6b3abce19dab657a34b9a Mon Sep 17 00:00:00 2001 From: Christian Glombek Date: Mon, 6 Apr 2026 16:32:23 +0200 Subject: [PATCH 167/167] Remove @lorbus:matrix.org from meeting-people.txt Removed myself from the meeting notifications list. --- meeting-people.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/meeting-people.txt b/meeting-people.txt index 5ed1d2b..967e3cf 100644 --- a/meeting-people.txt +++ b/meeting-people.txt @@ -14,7 +14,6 @@ @jdoss:fedora.im @jlebon:fedora.im @jmarrero:matrix.org -@lorbus:matrix.org @marmijo:fedora.im @miabbott:fedora.im @quentin9696:matrix.org