-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tracker: Rebase onto Fedora 41 #1695
Comments
|
Fedora Releng ticket requesting permissions for @marmijo to perform the "add and tag package into |
Fedora Releng ticket to add the F42 signing key short hash to the |
Add the Fedora 42 signing key: coreos/coreos-installer#1512 |
Package diff initial investigation in coreos/fedora-coreos-config#3092 (comment): Copying the diff here for reference:
Downgrade is https://bugzilla.redhat.com/show_bug.cgi?id=2297094 which we should directly make a PR to fix as it's really minor and maybe we should just ignore it. Removed:
Added:
|
Fixing the json-glib pin in https://src.fedoraproject.org/rpms/json-glib/pull-request/4 |
We've discussed this topic in today's community meeting. The priority is resolving the issues that we ave with systemd 256 to be able to unpin it. Then looking at the status of composefs and kdump. |
We've discussed this topic in today's community meeting. |
Enabling next-devel for the Fedora 41 release process. See: coreos/fedora-coreos-tracker#1695
now that testing-devel has been enabled, we can disable the branched stream. coreos#1035 See: coreos/fedora-coreos-tracker#1695
now that next-devel has been enabled, we can disable the branched stream. coreos#1035 See: coreos/fedora-coreos-tracker#1695
|
Enabling next-devel for the Fedora 41 release process. See: coreos/fedora-coreos-tracker#1695
As we have done in the past we will be fast-tracking packages in |
F41 is now in beta freeze. This means that some packages in F41 will sort as newer than packages in F40. We'll prevent downgrades by fast-tracking any packages that would violate this "no downgrade" rule. see: coreos/fedora-coreos-tracker#1695 (comment)
F41 is now in beta freeze. This means that some packages in F41 will sort as newer than packages in F40. We'll prevent downgrades by fast-tracking any packages that would violate this "no downgrade" rule. see: coreos/fedora-coreos-tracker#1695 (comment)
F41 is now in beta freeze. This means that some packages in F40 will sort as newer than packages in F41. We'll prevent downgrades by fast-tracking any packages that would violate this "no downgrade" rule. see: coreos/fedora-coreos-tracker#1695 (comment)
now that next-devel has been enabled, we can disable the branched stream. #1035 See: coreos/fedora-coreos-tracker#1695
F41 is now in beta freeze. This means that some packages in F40 will sort as newer than packages in F41. We'll prevent downgrades by fast-tracking any packages that would violate this "no downgrade" rule. see: coreos/fedora-coreos-tracker#1695 (comment)
F41 is now in beta freeze. This means that some packages in F40 will sort as newer than packages in F41. We'll prevent downgrades by fast-tracking any packages that would violate this "no downgrade" rule. see: coreos/fedora-coreos-tracker#1695 (comment)
got Kevin Fenzi to run this for me:
|
all 709 F39 RPMs were removed from |
Done in coreos/coreos-assembler#3975 |
Container updates:
|
|
The rebase to Fedora 41 is complete. |
Rebase to a new version of Fedora (N=41)
At previous Fedora major release
Open tickets to track related work for this release
At Branching
Branching is when a new stream is "branched" off of
rawhide
. This eventually becomes the next major Fedora (N).Release engineering changes
Verify that a few tags were created when branching occurred:
f${N+1}-coreos-signing-pending
f${N+1}-coreos-continuous
Add and tag a package (any package) which is in the stable repos into the continuous tag. This will create the initial yum repo that's used as input for building the COSA container.
koji add-pkg --owner ${FAS_USERNAME} f${N+1}-coreos-continuous $PKG
koji add-pkg --owner dustymabe f36-coreos-continuous fedora-release
fedora-release
RPM, but it could be any other.koji tag-build f${N+1}-coreos-continuous $BUILD
koji tag-build f36-coreos-continuous fedora-release-36-0.16
Add the N+1 signing key short hash (usually found here) to the tag info for the coreos-pool tag. The following commands view the current settings and then update the list to the 32/33/34/35 keys. You'll most likely have to get someone from releng to run the second command (
edit-tag
).koji taginfo coreos-pool
koji edit-tag coreos-pool -x tag2distrepo.keys="12c944d0 9570ff31 45719a39 9867c58f"
See update tag2distrepo.keys for coreos-pool with f42 key: https://pagure.io/releng/issue/12264
coreos-installer changes
Example PR: coreos/coreos-installer#1113
Update
rawhide
streamEnable
branched
streambranched
stream definition (example PR)Misc
meeting
label to rediscuss it.At Fedora (N) Beta
Update fedora-coreos-config
next-devel
Bump
releasever
inmanifest.yaml
([next-devel] Start tracking fedora 41 fedora-coreos-config#3159)Add the
fedora-candidate-compose
repo inmanifest.yaml
([next-devel] Start tracking fedora 41 fedora-coreos-config#3159)Update the repos in
manifest.yaml
if neededRun
cosa fetch --dry-run --update-lockfile
bump-lockfile
runs.cosa fetch
directlyPR the result ([next-devel] Start tracking fedora 41 fedora-coreos-config#3159)
Re-enable
next-devel
if needed (docs)Disable
branched
stream since it is no longer needed. (config: disable branched stream fedora-coreos-pipeline#1036)branched
stream definition.Ship rebased
next
next
next
. In the barrier entry set a link to the docs. See discussionPreparing for Fedora (N) GA
Do these steps as soon as we have a Go confirmation for GA, usually the Thursday of the week before GA.
Ship a final
next
releaseIf the packages in
next-devel
don't exactly match the lastnext
release that was done, we need to do a release with the final GA content. This ensures that what we'll promote totesting
has the exact content in GA (plus version fast-tracks). This usually happens on the Thursday of the announcement of Go.next
release has GA contentBuild rebased
testing
and finalstable
release on N-1stable
; promote it from thetesting
branch, which should still be on N-1. Don't release it yet (i.e. don't run therelease
job).testing
; promote it from thenext
branch instead oftesting-devel
. Don't release it yet (i.e. don't run therelease
job).Update fedora-coreos-config
testing-devel
releasever
inmanifest.yaml
manifest.yaml
if needednext-devel
ci/buildroot/Dockerfile
At Fedora (N) GA
Do these steps on GA day.
Release rebased
testing
and finalstable
release on N-1release
job for the stagedtesting
andstable
builds and start rollout.testing
. In the barrier entry set a link to the docs. See discussionDisable
next-devel
stream if not neededWe prefer to disable
next-devel
when there is no difference betweentesting-devel
andnext-devel
. This allows us to prevent wasting a bunch of resources (bandwidth, storage, compute) for no reason. After the switch to N ifnext-devel
andtesting-devel
are in lockstep, then disablenext-devel
.next-devel
Switch upstream packages to shipping release binaries from Fedora (N)
Disable the
fedora-candidate-compose
repomanifest.yaml
ofnext-devel
thefedora-candidate-compose
repoAfter Fedora (N) GA
Ship rebased
stable
stable
stable
. In the barrier entry set a link to the docs. See discussionUntag old packages
koji untag
N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 32 key and untags them. Use this process:Now we have a list of builds to untag. But we need a few more sanity checks.
N
based FCOS. Check by running:If there are any RPMs signed by the old key they'll need to be investigated. Maybe they shouldn't be used any longer. Or maybe they're still needed. One example of this is the shim RPM where the same build could be used for many Fedora releases. In this case you'll need to untag the RPM from
coreos-pool
, run akoji distrepo
, which will remove that RPM from the repo metadata, and then re-tag it into the pool. The RPM in the repo will now be signed with a newer signing key.Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit.
Remove the N-2 signing key from the tag info for the coreos-pool tag. The following commands view the current settings and then update the list to the 33/34/35 keys. You'll most likely have to get someone from releng to run the second command (
edit-tag
).koji taginfo coreos-pool
koji edit-tag coreos-pool -x tag2distrepo.keys="9570ff31 45719a39 9867c58f"
Open ticket for the next Fedora rebase
FN
label whereN
is the Fedora version.Miscellaneous container updates
These are various containers in use throughout our ecosystem. We should update or open a ticket to track updating them once a new Fedora release is out. If you open a ticket instead of doing the update add a link to the ticket as comment.
fedora:41
coreos-installer#1566)fedora:41
ignition#1982)The text was updated successfully, but these errors were encountered: