-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
updates: add barrier releases as part of f33 bump SOP #201
updates: add barrier releases as part of f33 bump SOP #201
Conversation
As part of the procedure to move to the next major Fedora release we are adding a barrier for the last release of Fedora CoreOS based on Fedora 31 content. This is a guarantee that systems have the appropriate keys to validate the commits signed by the latest builds. Note: there were no F31 releases on the `next` stream so skip adding the barrier release there. See: - coreos/fedora-coreos-tracker#480 (comment) - https://github.com/coreos/fedora-coreos-config#moving-to-a-new-major-version-n-of-fedora
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense to me!
"version": "31.20200517.3.0", | ||
"metadata": { | ||
"barrier": { | ||
"reason": "https://github.com/coreos/fedora-coreos-tracker/issues/480#issuecomment-631724629" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Going on, do we want to have an explicit ticket or discourse entry to explain what is the effect of this specific kind of barriers? That is, something easier to read for users and explaining that there signing keys embedded in the OS that needs to be rotated/refreshed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I was thinking it would be nice to have that. Would you mind creating that (maybe a FAQ entry) and I can update this PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes I can, but I didn't want block this PR on that, we can always retroactively update the URL.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good! I'll update the URL when that's ready. Thanks for offering to do that!
I was trying to write a doc-page with an example based on this, and I ended up being confused by what I see. Taking the
@jlebong @dustymabe did I misunderstand something? |
As part of the procedure to move to the next major Fedora release
we are adding a barrier for the last release of Fedora CoreOS based
on Fedora 31 content. This is a guarantee that systems have the
appropriate keys to validate the commits signed by the latest builds.
Note: there were no F31 releases on the
next
stream so skip addingthe barrier release there.
See: