ravanelli has quit [Remote host closed the connection]
ravanelli has joined #fedora-coreos
jcajka has quit [Quit: Leaving]
paragan has quit [Ping timeout: 272 seconds]
paragan has joined #fedora-coreos
<guesswhat>
Any idea how to set systemctl set-property init.scope AllowedCPUs=0-2 && systemctl set-property system.slice AllowedCPUs=0-2 && systemctl set-property user.slice AllowedCPUs=0-2 ?
<guesswhat>
Seems it wont be effective via Ignition storage file, can I set this as soon as possible ? maybe one shot systemd unit ?
paragan has quit [Ping timeout: 248 seconds]
paragan has joined #fedora-coreos
paragan has quit [Max SendQ exceeded]
paragan has joined #fedora-coreos
paragan has quit [Ping timeout: 246 seconds]
bgilbert has joined #fedora-coreos
c4rt0 has quit [Read error: Connection reset by peer]
<dustymabe>
jlebon: drop me a link when each FCOS pipeline PR is ready for another round of review. Ideally we'll tackle them in the order they are in in your local dev branch.
<bgilbert>
so the remaining OpenSSL container updates are coreos-installer and possibly Butane
<bgilbert>
recent Butane containers are based on fedora-minimal because of https://github.com/coreos/butane/pull/338, basically just so bash exists. Butane doesn't make any network requests, and is Go so it doesn't use OpenSSL. do folks think we should update the container anyway?
<bgilbert>
this is relevant because
<dustymabe>
bgilbert: if the assessment is that we should be safe then don't worry about it
<bgilbert>
2) how should we update the :release tags? I really don't want to do an upstream release for this. should we treat the most recent versioned tag as mutable and update it? or maybe re-push `release` but decouple it from the versioned tag?
<bgilbert>
^ for coreos-installer and potentially Butane
<bgilbert>
I might lean keeping the versioned tags immutable (for example, we're not going to go update old versioned tags with new OpenSSL), and just repushing `release`
<bgilbert>
`release` is what we actually tell people to use, and we have an established history of moving the tag
gursewak_ has joined #fedora-coreos
<dustymabe>
based on your assessment do we need to do anything for this issue. i.e. are you talking about what policy we should adopt in the future?
<bgilbert>
for coreos-installer we do need to update. it does HTTPS fetches using OpenSSL
<dustymabe>
ahh ok
<dustymabe>
yeah updating release is fine with me
<bgilbert>
a general policy decision wouldn't hurt, though. in principle Butane might support HTTPS and then we'd need to update for Go CVEs
<jlebon>
bgilbert: would it make sense to have a e.g. :v0.16.1-1 tag and alias :release to that?
<jlebon>
that way people who want to stay on a versioned tag don't have to fallback to :release
<bgilbert>
yeah, probably
<bgilbert>
but that wouldn't be a Git tag, right?
<jlebon>
i was thinking purely a quay.io tag thing
<jlebon>
but if it helps with ops, sure
<bgilbert>
I don't like adding a Git tag for it, but that'll require an actions-lib change
<bgilbert>
which is the Right Thing, sigh. okay, on it
hiredman has quit [Ping timeout: 246 seconds]
saroy has quit [Quit: Leaving]
gursewak_ has quit [Ping timeout: 268 seconds]
jpn has quit [Ping timeout: 276 seconds]
jpn has joined #fedora-coreos
gursewak has joined #fedora-coreos
jpn has quit [Ping timeout: 246 seconds]
jpn has joined #fedora-coreos
jpn has quit [Ping timeout: 248 seconds]
<dustymabe>
jlebon: the image build for COSA 4.10 is failing in various places in CI with
<dustymabe>
[2022-11-04T20:10:53.981Z] go: finding module for package gopkg.in/alecthomas/kingpin.v2
<jlebon>
dustymabe: hmm, it looks like network flake, but odd that it's consistent. i wonder if it could be f35 vs f36, e.g. maybe the go version somehow
<dustymabe>
it's definitely consistent
<dustymabe>
4.10 was last build on september 15
<jlebon>
would be interesting to see if build-cosa hits this too
<dustymabe>
yep it does
<dustymabe>
that's where I pulled the logs I pasted above
<dustymabe>
i'm doing some hackery to accelerate my testing of backports