[CentOS-devel] CPE Weekly Update – Week 19 2022

Fri May 13 10:33:24 UTC 2022
Michal Konecny <mkonecny at redhat.com>

Hi everyone,

This is a weekly report from the CPE (Community Platform Engineering) 
Team. If you have any questions or feedback, please respond to this 
report or contact us on #redhat-cpe channel on libera.chat 
(https://libera.chat/).

Week: 09th May - 13th May 2022

If you wish to read this in form of a blog post, check the post on 
Fedora community blog:
https://communityblog.fedoraproject.org/cpe-weekly-update---week-19-2022/

# Highlights of the week

## Infrastructure & Release Engineering
Goal of this Initiative
-----------------------
Purpose of this team is to take care of day to day business regarding 
CentOS and Fedora Infrastructure and Fedora release engineering work.
It’s responsible for services running in Fedora and CentOS 
infrastructure and preparing things for the new Fedora release (mirrors, 
mass branching, new namespaces etc.).
The ARC (which is a subset of the team) investigates possible 
initiatives that CPE might take on.
Link to planning board: https://zlopez.fedorapeople.org/I&R-2022-05-11.pdf

Update
------

### Fedora Infra
* F34/F35 container builds failing due to 32bit arm ( 
https://bugzilla.redhat.com/show_bug.cgi?id=2077680 )
* git -core change broke koji. Downgraded git and upstream koji already 
has a fix.
* Got a FMW macos build fully signed and notarized! Unfortunately, now 
need to find out how to build it to be able to run on older macos. ;(
* Fedora 36 release went pretty smoothly, we are now out of Freeze
* Business as usual, misc tickets, etc.


### CentOS Infra including CentOS CI
* CentOS Stream storage migration spike (Netapp for nfs/iscsi)
* Duffy fixes and tests
* Investigating hardware issue on CI pool
* Investigating ci.centos.org decommission steps
* Git.centos.org pagure upgrade/migration (blocked, waiting on internal 
Red Hat Team)
* Updated sshd host key signing (sha1 issue for el9 ssh clients)
* Bussiness as usual (mirrors, tags)



### Release Engineering
* F36 is out
* Firmware win binaries signed
* Bussiness as usual - stalled epel packages, package unretirements



## CentOS Stream
Goal of this Initiative
-----------------------
This initiative is working on CentOS Stream/Emerging RHEL to make this 
new distribution a reality. The goal of this initiative is to prepare 
the ecosystem for the new CentOS Stream.

Updates
-------
* Finished the RPM import for c8s to Stream Koji
* Business as usual otherwise


## CentOS Duffy CI
Goal of this Initiative
-----------------------
Duffy is a system within CentOS CI Infra which allows tenants to 
provision and access bare metal resources of multiple architectures for 
the purposes of CI testing.
We need to add the ability to checkout VMs in CentOS CI in Duffy. We 
have OpenNebula hypervisor available, and have started developing 
playbooks which can be used to create VMs using the OpenNebula API, but 
due to the current state of how Duffy is deployed, we are blocked with 
new dev work to add the VM checkout functionality.

Updates
-------
* More deployment tests
* Per tenant session lifetimes
* Some bug fixes

## Package Automation (Packit Service)
Goal of this initiative
-----------------------
Automate RPM packaging of infra apps/packages

Updates
-------
* The team is hitting lots of dependency and sub dependency issues, 
working through them but its slow
* fasjson-client is our first package to be fully automated
     * upstream release -> src.fp.o PR -> koji -> bodhi
* Thanks to Nils, Aurelien and Kevin for their help/advice
* fedora-messaging, datagrepper, fasjson currently being worked on (all 
have deps issues)
* spec files will be staying downstream, packit has a way to facilitate this




## Flask-oidc: oauth2client replacement
Goal of this initiative
-----------------------
Flask-oidc is a library used across the Fedora infrastructure and is the 
client for ipsilon for its authentication. flask-oidc uses oauth2client. 
This library is now deprecated and no longer maintained. This will need 
to be replaced with authlib.

Updates:
--------
* Setup dev environment (Work In Progress!)
* Starting to implement flask-oidc api using authlib.


## EPEL
Goal of this initiative
-----------------------
Extra Packages for Enterprise Linux (or EPEL) is a Fedora Special 
Interest Group that creates, maintains, and manages a high quality set 
of additional packages for Enterprise Linux, including, but not limited 
to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), 
Oracle Linux (OL).

EPEL packages are usually based on their Fedora counterparts and will 
never conflict with or replace packages in the base Enterprise Linux 
distributions. EPEL uses much of the same infrastructure as Fedora, 
including buildsystem, bugzilla instance, updates manager, mirror 
manager and more.

Updates
-------
* epel9 up to 2568 source packages (increase of 113 from last week).
* Added rhel+epel-9 mock configs to mock-core-configs.
* Updated slurm in epel7 and epel8 to fix CVE-2022-29500 and CVE-2022-29501.
* Retired swtpm and libtpms from epel8 because they were added to RHEL8.6.
* Added python-texttable to epel9 to allow c8s maintainers (Johnny) to 
run c9s as a workstation.
* Added missing devel packages for cogl, clutter, and clutter-gtk to 
epel9 to unblock other epel9 requests.


Kindest regards,
CPE Team