-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rebase to a new version of Fedora (34) #808
Comments
coreos/fedora-coreos-config#997 > Testing moved to F34 |
We skipped the update barriers since updating from older releases was broken for now, but maybe we should go ahead and put them in place just for consistency? |
|
Looks like F34-based coreos-installer container builds still fail in Quay. The tracking issue is PROJQUAY-2006. |
The cluster on fedora-infra seems to have the same problem (EPERM/ENOSYS mismatch) possibly due to an outdated container runtime stack. It's tracked at https://pagure.io/fedora-infrastructure/issue/10111. |
It looks like Quay is fixed now. Submitted coreos/coreos-installer#617. |
fedora-coreos-cincinnati was reverted in coreos/fedora-coreos-cincinnati#49. |
We are moving to F35 now. How are we here? |
Yup, this is clearly done. Good catch @travier! |
We were holding it open for the fedora-coreos-cincinnati Dockerfile bump, but that can equally well be covered by the F35 ticket. |
Rebase to a new version of Fedora (34)
Release engineering changes
Verify that a few tags have been created. These should have been created by releng scripts on branching:
f${releasever}-coreos-signing-pending
f${releasever}-coreos-continuous
The tag info for the coreos-pool tag has the new release (N) and next release (N+1) signing keys (just to stay ahead of the curve) and removes the old release (N-2) signing key. The following commands view the current settings and then update the list to 32/33/34 keys. You'll most likely have to get someone from releng to run the second command (
edit-tag
).koji taginfo coreos-pool
koji edit-tag coreos-pool -x tag2distrepo.keys="12c944d0 9570ff31 45719a39"
koji untag
N-2 packages from the pool (at some point we'll have GC in place to do this for us, but for now we must remember to do this manually or otherwise distRepo will fail once the signed packages are GC'ed). For example the following snippet finds all RPMs signed by the Fedora 32 key and untags them.Find the key short hash. Usually found here. Then:
Now we have a list of builds to untag. But we need one more sanity check. Let's make sure none of those are actually being used. Fire up the latest FCOS
testing-devel
and run:If there are any RPMs signed by the old key they'll need to be investigated. Maybe they shouldn't be used any longer. Or maybe they're still needed.
After verifying the list looks good:
Now that untagging is done, give a heads up to rpm-ostree developers that N-2 packages have been untagged and that they may need to update their CI compose tests to freeze on a newer FCOS commit.
coreos-installer changes
Update fedora-coreos-config
next-devel
releasever
inmanifest.yaml
manifest.yaml
if neededcosa fetch --update-lockfile
Ship rebased
next
next
next
. In the barrier entry set a link to the docs. See discussion.Update fedora-coreos-config
testing-devel
releasever
inmanifest.yaml
manifest.yaml
if neededcosa fetch --update-lockfile
ci/buildroot/Dockerfile
Ship rebased
testing
testing
testing
. In the barrier entry set a link to the docs.Ship rebased
stable
stable
stable
. In the barrier entry set a link to the docs.Miscellaneous container updates
These are various containers in use throughout our ecosystem. We should update or open a ticket to track updating them once a new Fedora release is out. If you open a ticket instead of doing the update add a link to the ticket as comment.
The text was updated successfully, but these errors were encountered: