# CentOS Hyperscale SIG meetup @ Dojo/DevConf.US 2022 This is a live document for the CentOS Hyperscale SIG meetup [event](https://www.eventbrite.com/e/centos-hyperscale-sig-meetup-dojodevconfus-2022-tickets-384259589777) co-located with Dojo and DevConf.US 2022. ## Venue When: Aug 16 9am-5pm EDT Where: - in person: Boston University, George Sherman Union, conference room GSU 310 on the 3rd floor - online: [Zoom invite](https://us06web.zoom.us/j/88941044761?pwd=SUdVUkJ3a0ZxWEN4MW9PK2VVNjc5dz09), meeting id is 889 4104 4761 and passcode is 771994 ## Topics Add things here that you want to discuss; conversely, we'll add topics that come up as the meetup progresses. ### systemd - selinux stuff - currently broken: https://pagure.io/centos-sig-hyperscale/package-bugs/issue/15 - need CI for regression testing: spin up a VM, install our package, check that is works; probably wait for the duffy replacement thing - we need cloud-init support first - generally in good shape, Meta committed to long term support ### cloud-init - missing selinux support, davdunc interested in adding it: https://pagure.io/centos-sig-hyperscale/sig/issue/126 ### kernel - need to unfuck build process for el8, Neal will look into it: https://pagure.io/centos-sig-hyperscale/package-bugs/issue/19 - will keep supporting el8 up to the EOL - still stuck in experimental until we have secure boot - follow up to see if anyone is actually using the aarch64 stuff ### Image builds - need kiwi support in cbs: https://pagure.io/centos-infra/issue/696 - open to moving to osbuild long term if/when it becomes viable - work with alternate images sig #### Live media - C8 needs livemedia-tools; we will keep C8 images as "experimental" going forward, not worth porting to kiwi at this point - will use kiwi for C9 #### Cloud image builds - should already work with kiwi - we'll just do C9 unless someone asks for C8 and volunteers to do the work - need e2e testing, look into avocado: https://avocado-framework.readthedocs.io - large: openstack, ec2, gcp, azure - small: linode, digital ocean, vultr, hetzner, operate first - vsphere? build images, need to figure out testing - oracle? need OSS client tools first - ibm: need OSS client tools first ### mkosi - reproducible support in progress - need a koji plugin to be used in image build flows - Daan, Neal to scope this - Meta will look into doing this as an intern project ### OpenShift - start engaging with cloud sig and okd - need ability to swap OS variants without a rebuild - davdunc to write a plan/position document to start engagement ### btrfs transactional updates - postponed after dnf5 - planning to backport dnf5 around/after F39 ### SIG housekeeping - go over open issues and discuss status/prioritiation/etc - comms: what is working, what isn't, what should we change ### reproducible builds - rpm already has knobs for this ``` %source_date_epoch_from_changelog 1 %clamp_mtime_to_source_date_epoch 1 %use_source_date_epoch_as_buildtime 1 %_buildhost fedorabuilder ``` - most of the build process in Fedora is already there, bitwise needs work - stuff to do - build host is currently embedded in the package header - timestamps - randomness seeds (would require VM builders support in koji) - something to test whether things are actually reproducible - suse has something for this, Neal to talk to them - write Change for F38 to get rpm macros turned on - davdunc will write this ### CI improvements - scratch builds for automate package update notifications - e2e tests spinning up VMs - will-it: https://pagure.io/centos-sig-hyperscale/sig/issue/119 ### vendor packaging best practices - rpminspect/rpmlint ruleset - fedora packaging guideline - sha256 - gpg sign not from a random person - need an equivalent for yum repos too (check for signed metadata, etc) - "in a box solution" for testing and building (container, VM, etc) that we can give the vendor