14:43 <dustymabe> aobrien[m]: this is the new website repo: https://gitlab.com/fedora/websites-apps/fedora-websites/fedora-websites-3.0

14:43 <dustymabe> darknao: we need to add a new architecture to https://fedoraproject.org/coreos/download/?stream=stable - aobrien[m] is going to try to help us do that.. Any guidance you can give him would be appreciated

14:44 <aobrien[m]> Thank you! dustymabe

14:45 <dustymabe> apiaseck: for https://github.com/coreos/coreos-assembler/pull/3510 I think you just need to squash the 3rd commit into the first commit.

14:45 <dustymabe> i.e. let's get it down to just 2 commits in the PR

15:09 <dustymabe> spresti: can you update the title of the streams issues to include the version numbers of the builds? https://github.com/coreos/fedora-coreos-streams/issues

15:38 <darknao> dustymabe: ok, that should be quite straightforward, IIRC you just need to add it to https://gitlab.com/fedora/websites-apps/fedora-websites/fedora-websites-3.0/-/blob/develop/pages/coreos/download.vue#L128 and a button here https://gitlab.com/fedora/websites-apps/fedora-websites/fedora-websites-3.0/-/blob/develop/pages/coreos/download.vue#L428 and that's it

15:38 <dustymabe> cc aobrien[m] ^^

15:39 <darknao> the arch description can then be added in the CMS, or here https://gitlab.com/fedora/websites-apps/fedora-websites/fedora-websites-3.0/-/blob/develop/content/editions/coreos/download.yml#L26

15:40 <darknao> you can either open a new ticket in the repo, and I can implement that for you, or you can do it yourself if you want to

15:41 <darknao> and feel free to ask in the fedora-websites channel if you need any help

15:52 <dustymabe> thanks darknao!

15:53 <dustymabe> darknao: there was one other thing I thought about the other day, which was https://gitlab.com/fedora/websites-apps/fedora-websites/fedora-websites-3.0/-/issues/172 - wondering if we can get that fixed anytime soon

15:56 <aobrien[m]> <darknao> "dustymabe: ok, that should be..." <- thanks for the pointers!

15:56 <aobrien[m]> i just need to add the description in the download.yml and ill make the pr for the new Card!

16:10 <darknao> dustymabe: no one is assigned to it yet, but any help is welcome

16:11 <darknao> also, is there a documentation on the API available somewhere?

16:15 <dustymabe> darknao: hmm let me see

16:15 <dustymabe> I imagine the old code was just cracking open the meta.json files (https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/38.20230527.3.0/x86_64/meta.json)

16:19 <darknao> I don't think the website team was involved in the old code, and it can be a bit difficult for someone new to the team to work on that part without any clue about how it works and put everything together

16:20 <dustymabe> darknao: indeed - to be fair on our end we're not entirely familiar with the code either

16:20 <dustymabe> but maybe we can work together to figure out all the pieces

16:20 <dustymabe> ok I'm looking at the old website code locally, but weird..

16:20 <dustymabe> I don't see it in pagure any longer?

16:20 <dustymabe> https://pagure.io/fedora-web/websites

16:21 <dustymabe> Forbidden

16:21 <darknao> add a / at the end

16:22 <dustymabe> haha -- I clicked on https://pagure.io/fedora-web/websites.git (the git remote in my local repo) and it got redirected to https://pagure.io/fedora-web/websites with no slash

16:22 <dustymabe> guess that's part of why we're moving to gitlab :)

16:23 <dustymabe> here is the old code: https://pagure.io/fedora-web/websites/blob/master/f/sites/static/js/coreos-release-notes.js#_267

16:23 <dustymabe> so it says it pulls the information from meta.json and commitmeta.json

16:26 <dustymabe> there is a schema for some of this in https://github.com/coreos/coreos-assembler/tree/main/schema

16:33 <darknao> I'm still not sure why we should have an arch selection for each single release instead of globally on that page. Last time I used this page on the old website, I was only interrested on the arm release and found it very tedious and unnecessary to click 2 times on each release to get the information I was looking for

16:35 <darknao> I was tracking some packages version across multiple releases, but maybe that was not the intended use case

16:40 <dustymabe> darknao: usually i'm interested in a specific package diff for a specific build so I'm already dialed in on that build and having the arch select close by is useful

16:41 <dustymabe> maybe we can keep the global selector and have one more locally too?

16:41 <dustymabe> or maybe to start we leave the global selector in place, but add the package diffs and see how that goes

16:45 <darknao> could there be a case where packages version are actually not the same between arches for the same build? or that is a common scenario

16:47 <dustymabe> if a package exists in all architectures it will be the same.. but there are architecture specific packages (i.e. s390x utils on s390x) that make it such that the package list isn't the exact same across all architectures. Which is why we have it broken out.

16:47 <apiaseck> dustymabe: I squashed it to two commits, but only now realized some of the ammendments were included in the first one.

16:48 <dustymabe> apiaseck: need help?

16:48 <apiaseck> I'm curious if the build succeeds.

16:49 <dustymabe> you can run the flake8 stuff locally to check to see if that part passes

16:49 <apiaseck> Will do that. Regarding help - will ping you in case I'm stuck.

16:49 <apiaseck> Thanks

16:56 <dustymabe> fifofonix[m]: i'm going through the release notes for this weeks releases. wondering if the CIFS issue is sufficiently fixed to mark it as such or if there are still things to be worked out

16:57 <fifofonix[m]> I think we may have three separate things going on here and two of them are worth mentioning I think.

16:58 <dustymabe> fifofonix[m]: so there was the original bug, but now there are follow on things?

16:58 <fifofonix[m]> Thing 1: newly occurring kerberos selinux denials (affects all kerberos ticket based mounts I think), embedded in the same BZ you're well aware of.

16:59 <fifofonix[m]> Thing 2: DFS related cifs mount issue in the same BZ. Issues still present. Either apply the targeted SELinux weakening or change from DFS to non-DFS name/mount.

17:02 <dustymabe> got ya. For some reason I thought thing2 was fixed (at least in rawhide)

17:19 <fifofonix[m]> Thing 3: the separate git issue i've created for crashes on testing/next associated with cifs/smb mounts. i had a separate re-occurrence of this this week. infrequent, and perhaps triggered by an issue with mounted storage or network reachability. no one else has reported this so perhaps specific to my environment so can't suggest you add to release notes.

17:37 <fifofonix[m]> dustymabe: thing2 not fixed in rawhide yet either as of test earlier this week or maybe late last (git issue and BZ updated)

17:49 <jdoss> is there a correct way to add a system user to a FCOS container layer?

17:50 <jdoss> or will adduser be fine like doing in a Containerfile that isn't a FCOS layer

17:58 <dustymabe> cc jmarrero ^^

18:27 <dustymabe> spresti: for next time we'll enable the upgrade tests for ppc64le: https://github.com/coreos/fedora-coreos-pipeline/pull/877/files

18:45 <dustymabe> release notes updates (needs two reviewers): https://github.com/coreos/fedora-coreos-streams/pull/724

19:34 <jmarrero> jdoss: I don't think we have a recommended way at the moment to do this with layering, other than use ignition on first boot. We expect /var to be empty and calling useradd tries to create: `/var/lib/sss/db/config.ldb`. We an issue about enabling creating system users https://github.com/ostreedev/ostree-rs-ext/issues/383 but I could not find any plans or issues to support "human users" atm.

19:37 <jdoss> jmarrero: thanks for the context. As a short term fix, I was able to use vector.dev's DNF repo to install the package which seems to have solved my user problem instead of fetching the binary and useradding the vector user manually. Enabling system users would be great down the road.

19:55 <dustymabe> jmarrero: bgilbert: could I get a release notes reivew on https://github.com/coreos/fedora-coreos-streams/pull/724 ?

20:02 <walters> jdoss: there is also https://systemd.io/USER_RECORD/ which has some support for storing users in `/usr` too

20:02 <jdoss> If I add users with USER_RECORD in the layer FCOS will respect them?

20:02 <jdoss> because that is pretty awesome

20:07 <jdoss> hmmmm I remember looking into adding systems with USER_RECORD a while back but I couldn't find anything with an example on doing it correct. Using homectl doesn't seem like the right place to start.

20:09 <jdoss> missed the link to this https://www.freedesktop.org/software/systemd/man/nss-systemd.html in the above URL. This seems to be what I was looking for.

20:12 <jmarrero> dustymabe:

20:13 <walters> jdoss: backing up though, if you're not intending to do human users I'd recommend units with `DynamicUser=yes`

20:13 <jmarrero> dustymabe: lgtm

20:14 <dustymabe> many thanks :)

20:15 <jdoss> walters: yeah good point. Then I could use the dynamic directories too for vector. Part of the issue I am working on is vector needs a data dir and the default one is in /var/lib/vector and I can't ship that in the layer. I'd run vector in a container but I want it to access the systemd journal on the FCOS host node to ship logs to a central point

20:15 <walters> you can, just bind mount in /var/log/journal

20:33 <dustymabe> FYI there is a planned Fedora infra network outage going on right now: https://pagure.io/fedora-infrastructure/issue/11365

20:35 <jdoss> https://imgs.xkcd.com/comics/compiling.png

20:42 <dustymabe> haha