Postings by Colin Walters

rpm-ostree 2018.6 (and updates since 2018.3)

This is one of a semi-regular "rollup"/"highlights" post of what's happening
in the rpm-ostree project, used by Fedora Atomic Host, as well as Silverblue[1],
and planned to be used by the converged [Fedora CoreOS](<a href="" title=""></a>)
We release approximately once a month.
The last post here in February[2] was for 2018.3.

We just released 2018.6:

<a href="" title=""></a>

Releases happen approximately once a month, and quite a lot has happened
since Feburary. One of the major aims is to fully flesh out support for automatic

rpm-ostree v2018.3 and ostree v2018.2

A new release of rpm-ostree, a hybrid transactional image/package system is now available:

<a href="" title=""></a>

Direct link to main release notes:
<a href="" title=""></a>

In this release we also updated the with ASCII-art to clarify some
how rpm-ostree links to both libdnf and libostree:
<a href="" title=""></a>

rpm-ostree v2018.1

Hi, a quick thing I want to highlight about this release here:
<a href="" title=""></a>

On the flip side, we have made a mostly-compatible change to drop
most Linux "capabilities" during RPM script invocation. For example,
it is no longer supported to e.g. load a kernel module as part of a

CentOS Atomic Host: considering rpm-ostree jigdo ♲

Hi Jason (and anyone else interested in the CentOS community):

I am starting to socialize this option for rpm-ostree (and hence Atomic Host):

<a href="" title=""></a>

See also my Fedora releng discussion proposal:
<a href=" ... at lists dot" title=" ... at lists dot"> ... at lists dot fedoraprojec...</a>

Any thoughts about whether this would help CentOS AH delivery?

I'm also interested in whether anyone who is doing "custom AH" builds
using CentOS would want to use this approach.

Why Atomic Host should be built using Modularity

There was a discussion today in the Atomic WG about using Modules.
Meeting log: <a href="" title=""></a>
Agenda discussion: <a href="" title=""></a>
(Side note; this doc was originally stored at <>)

This post is the "why" that I'd written earlier.

atomic7-testing repo content vanished?

<a href="" title=""></a>

used to have content, but no longer does. I tried doing a
new build:
<a href="" title=""></a>

But it hasn't shown up there.

Increasing compatibility with rpm-ostree for host packages


rpm-ostree is the underlying hybrid image/package system for the Fedora Atomic Host edition.
The layering functionality however requires some potential changes
in your packages.

<a href="" title=""></a>

is a recent bug that shows one example. You can find more information
in the current bugzilla tracker:

<a href="" title=""></a>

If your software makes sense directly on the host (as opposed to always
in a container), please take a look.

keeping Extras in sync with Core

So right now following the instructions on:
<a href="" title=""></a>
results in a non-working Docker because the
version in Extras hasn't been rebuilt yet, and
there's a strong dependency on selinux policy.

I'm still trying to wade through the pile of
virt7* repos to find something working,
right now hitting a requirement on `skopeo-containers`.

In the future, can we ensure that there's a "CR" version
of Extras[1] that is built at the same time, and they're all released at once?

We also need to figure out how CR interacts with the CBS
content better.

[1] And ideally other thing

Using pungi for CentOS (AH specifically)

Hey, so upstream Fedora has been working on this:
<a href="" title=""></a>

And I'd like to discuss trying to use it for Atomic Host
work. The concept of a "compose" that ties together
the ISO and cloud images is nice for example. It's
going to need to gain some more sophistication
around OSTree, and there'd likely be some details
that need changing such as how signing happens.

But having a common codebase here would be nice,
and I think we could also stop doing this in Jenkins
for <a href="" title=""></a>

Switching to NetworkManager dhcp=internal

Hey, so as part of the discussion about NetworkManager vs systemd-networkd,
one thing that happened is networkd started exposing its DHCP code as
a shared library, and NetworkManager learned to use it if one specifies


in /etc/NetworkManager/NetworkManager.conf.

adopting the Docker base image into Atomic WG

Now that Cloud -> Atomic and will be focusing on Project Atomic, can we move the
Docker base image into this group from the "Fedora Base" group?

It never really made sense to me in Base; in:

$ git log --format='%ae' fedora-docker-base.ks | sort -u
<a href="mailto: ... at redhat dot com"> ... at redhat dot com</a>
<a href="mailto: ... at ausil dot us"> ... at ausil dot us</a>
<a href="mailto: ... at redhat dot com"> ... at redhat dot com</a>
<a href="mailto: ... at fedoraproject dot org"> ... at fedoraproject dot org</a>
<a href="mailto: ... at gmail dot com"> ... at gmail dot com</a>
<a href="mailto: ... at mattdm dot org"> ... at mattdm dot org</a>
<a href="mailto: ... at fedoraproject dot org"> ... at fedoraproject dot org</a>
<a href="mailto: ... at gmail dot com"> ... at gmail dot com</a>
<a href="mailto: ... at redhat dot com"> ... at redhat dot com</a>
<a href="mailto: ... at verbum dot org"> ... at verbum dot org</a>

Most of the recent committers are outside of the Base group.

And it makes sense to me to have synchronized landing pages/information
for At

rpm-ostree 2016.4 now with package layering

rpm-ostree 2016.4:

<a href="" title=""></a>

is now in Bodhi:

<a href="" title=""></a>
<a href="" title=""></a>

Remember, to try it, you can rebase an existing Atomic Host system using:
<a href="" title=""></a>

(Also in our CentOS devel stream: <a href="" title=""></a> )

This release has a number of changes, but as the git tag says, I think
the package layering that we have now finally brings into focus
a long-held go

Migrating into CentOS namespace


I'm working on a "devel/continuous" Atomic Host stream[1] and we were pulling in `centos-release` via deps which I think is wrong. Also, I needed to fix a bug[2].

Can we migrate:
<a href="" title=""></a>
into the CentOS namespace?

Re: [CentOS-devel] numbering and building the CentOS Atomic story

Thanks for posting this!

On Wed, Jul 15, 2015, at 06:18 AM, Karanbir Singh wrote:


For a long time, Red Hat engineers have dropped public RPMs onto

Time sync


Since <a href="" title=""></a>
systemd-timesyncd can be enabled in more places. (That change isn't in F22 now
but could be backported easily). Looking at the state
of things here, there was a previous discussion on the desktop list:
<a href="" title=""></a>

From an Atomic Host perspective,
systemd-timesyncd now looks fairly equivalent to chrony, and is 140k
that's already shipped.

consolidating some of the Atomic changes

Right now we have:

<a href="" title=""></a>

Which I think encompasses:

<a href="" title=""></a>
<a href="" title=""></a>

Any objections to consolidating?

New wiki page:

Recently, I've ended up interacting with Fedora packages that use several different "higher order" or "layered" tools on top of fedpkg.

I created this page:

<a href="" title=""></a>

which attempts to enumerate the ones I know of. It's certainly non-exhaustive,
so if you maintain a tool that's not listed there, please add it!

Note: polkit daemon now optional (notably with NM)

I pushed: <a href="" title=""></a>
Built as: <a href="" title=""></a>

Which makes polkit optional if NM (or anything else that links to libpolkit) is used. This is a follow up to <a href="" title=""></a>

I suspect for most people this is a "duh, finally" thing. Upgrades should work fine (polkit gains a new dep on polkit-libs).

Request to join the Atomic SIG


I'd like to join the Atomic SIG. I am upstream author of one of the
components (rpm-ostree), and have contributed to others like systemd,
and SELinux, as well as work on packaging Kubernetes in
<a href="" title=""></a>.

I'm particularly interested in how we maintain the atomic host ostree
composes and integrating it with the CentOS infrastructure.

maintenance of "setup" and


I was looking at user/group stuff more as part of the other thread on
<a href="" title=""></a> - but let's
ignore that for a second.

So on
<a href="" title=""></a>
- I followed the link to the "uidgid" section, and noticed "Hey, we have
another uid/gid listing here".

Scanning that list, I saw "polkituser"...which:
1) Doesn't exist - the polkit package allocates a user named "polkit"
2) Isn't used even if it did: polkit allocates a dynamic uid/gid.

Now Mirek and I currently maintain polkit, and at least

New Fedora 22 Change proposal: systemd-sysusers

Hi, for Atomic I'd like to investigate the new systemd-sysusers, so I
wrote up a Change:

<a href="" title=""></a>

Note: for Fedora 22.

The main motivation for me is it would allow Atomic to not be a Remix
due to the not-in-Fedora shadow-utils patch[1] Further, it would
potentially allow us to migrate away from /usr/lib/passwd and
nss-altfiles which would be really nice. Though I'm still exploring

[1] <a href="" title=""></a>

new dbus-1.8.4-1.fc21


I finally rebased dbus to the latest stable release in rawhide. I
tested it lightly by upgrading a F20 cloud image to rawhide, but didn't
get a chance to play around with it on a desktop system. If you see any
issues, don't hesitate to file a bug. Thanks!

updated rpm-ostree composes running again

Hi, just a quick note for those of you tracking the rpm-ostree rawhide
composes from:
<a href="" title=""></a>

The tree composes are running again now, they'd been broken for a week
or so.

The reason the compose broke was due to this bug causing a cascade:
<a href="" title=""></a>

And then fedora-release being in the bootstrap set was problematic
since we wanted to install generic-release later (because of
shadow-utils, which has a not-in-Fedora patch).

fedora-atomic discussion point: /usr/lib/passwd

For the fedora-atomic work, the only not-in-Fedora package is
shadow-utils because it requires a patch, that still lives in my
walters/rpm-ostree COPR.

Patch is linked from my post here:
<a href="" title=""></a>

Also, some discussion in the glibc bug:
<a href="" title=""></a>

What I'd like to open is a discussion about whether /usr/lib/passwd is
the right thing long term.

Fedora Atomic Initiative (rpm-ostree 2014.5)


I'm happy to announce a new version of rpm-ostree - v2014.5:
<a href="" title=""></a>

With this new release, there is now a new overarching name/brand for
the project formerly known as "rpm-ostree":

Fedora Atomic Initiative
The new website replaces the old one:

<a href="" title=""></a>

The website is hopefully more informative now.

Announce: fedostree/rpm-ostree v2014.3

Hello devel@,

I'm excited to announce the first public release (v2014.3) of the
fedostree/rpm-ostree project.

The web page is here:

<a href="" title=""></a>

rpm-ostree is a quite new, raw, and also quite unofficial project (the instance
above is in the Fedora private scratch cloud). It is suitable for
evaluation primarily by engineers who are working on
build/packaging/deployment tooling in Fedora, and advanced testers.

mozjs17 porting


For the next GNOME 3.10 cycle I'd like to port our dependencies to
mozjs17, the new Spidermonkey release.

<a href="" title=""></a>
<a href="" title=""></a>

gjs is already ported and hard-depends on it, and I will be working with
Tim Lunn (and hopefully others) on porting other GNOME dependencies such
as polkit.

Omitting those then, in the Fedora package collection, these would also
need to be ported.

(actually I meant f15 branched)

Just for reference, I meant Fedora 15, old habit made me say "rawhide".