Closed c4rt0 closed 3 months ago
This will be a barrier release due to https://github.com/coreos/fedora-coreos-tracker/issues/1752. See the checklist in: https://github.com/coreos/fedora-coreos-tracker/issues/1752#issuecomment-2192287249.
Promotion PR: https://github.com/coreos/fedora-coreos-config/pull/3044
We're restarting the next
release process to include a fix for: CVE-2024-6387: OpenSSH 9.8: regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems
First, verify that you meet all the prerequisites
Edit the issue title to include today's date. Once the pipeline spits out the new version ID, you can append it to the title e.g.
(31.20191117.1.0)
.Pre-release
Promote next-devel changes to next
ok-to-promote
label to the issuenext
branch on https://github.com/coreos/fedora-coreos-configManual alternative
Sometimes you need to run the process manually like if you need to add an extra commit to change something in `manifest.yaml`. The steps for this are: - `git fetch upstream` - `git checkout next` - `git reset --hard upstream/next` - `/path/to/fedora-coreos-releng-automation/scripts/promote-config.sh next-devel` - Open PR against the `next` branch on https://github.com/coreos/fedora-coreos-configBuild
next
, leave all other defaults). This will automatically run multi-arch builds.Sanity-check the build
Using the the build browser for the
next
stream:next
release (in the future, we'll want to integrate this check in the release job)⚠️ Release ⚠️
IMPORTANT: this is the point of no return here. Once the OSTree commit is imported into the unified repo, any machine that manually runs
rpm-ostree upgrade
will have the new update.Run the release job
next
and the new version IDAt this point, Cincinnati will see the new release on its next refresh and create a corresponding node in the graph without edges pointing to it yet.
Refresh metadata (stream and updates)
Rollout general guidelines
|Risk|Day of the week|Rollout Start Time|Time allocation| | -------- | ------- | ------- | ------- | |risky| Tuesday | 2PM UTC | 72H | |common| Tuesday | 2PM UTC | 48H | |rapid| Tuesday | 2PM UTC | 24H | When setting a rollout start time ask "when would be the best time to react to any errors or regressions from updates?". Commonly we select 2PM UTC so that the rollout's start at 10am EST(±1 for daylight savings), but these can be fluid and adjust after talking with the fedora-coreos IRC. Note, this is impacted by the day of the week and holidays. The later in the week the release gets held up due to unforeseen issues the more likely the rollout time allocation will need to shrink or the release will need to be deferred.Manual alternative
- Make sure your `fedora-coreos-stream-generator` binary is up-to-date. From a checkout of this repo: - Update stream metadata, by running: ``` fedora-coreos-stream-generator -releases=https://fcos-builds.s3.amazonaws.com/prod/streams/next/releases.json -output-file=streams/next.json -pretty-print ``` - Add a rollout. For example, for a 48-hour rollout starting at 10 AM ET the same day, run: ``` ./rollout.py add nextsync-stream-metadata
job syncs the contents to S3Update graph manual check
``` curl -H 'Accept: application/json' 'https://updates.coreos.fedoraproject.org/v1/graph?basearch=x86_64&stream=next&rollout_wariness=0' curl -H 'Accept: application/json' 'https://updates.coreos.fedoraproject.org/v1/graph?basearch=aarch64&stream=next&rollout_wariness=0' curl -H 'Accept: application/json' 'https://updates.coreos.fedoraproject.org/v1/graph?basearch=ppc64le&stream=next&rollout_wariness=0' curl -H 'Accept: application/json' 'https://updates.coreos.fedoraproject.org/v1/graph?basearch=s390x&stream=next&rollout_wariness=0' ```NOTE: In the future, most of these steps will be automated.
Housekeeping