With Allison, I presented at FOSDEM how we can combine UKI, composefs and containers to build a fully signed boot chain. The slides and the recording are now available: https://fosdem.org/2025/schedule/event/fosdem-2025-5191--signed-sealed-and-delivered-with-ukis-and-composefs/

This is how we are planning to bring boot chain integrity to Bootable Containers.

This is a follow up on the initial work that we presented last year at @allsystemsgo: https://cfp.all-systems-go.io/all-systems-go-2024/talk/HVEZQQ/

PSA on Fedora CoreOS cloud uploads that will be getting pruned. These are for uploads that are older than two years.

If you're using one of these versions, please consider updating!

https://discussion.fedoraproject.org/t/starting-to-prune-fedora-coreos-cloud-images/138927

Help us test Fedora IoT and Fedora CoreOS for the release of Fedora 41!

If you're familiar with Fedora Atomic Desktops, then these editions will not seem so different aside from the server use case.

Both test days are running from today, Oct 7 to Friday, Oct 11.

More details on how to participate: https://fedoramagazine.org/contribute-at-fedora-coreos-and-iot-test-week/

Update: Show will be rescheduled due to conflicts

Join us today at 5pm EDT (9pm UTC) for an update on the atomic world of Fedora on the Fedora Podcast! @siosm will be explaining what bootc is, how it relates to rpm-ostree, and how it relates to the *future of desktop Linux.*

Hint: image-based

Livestream: https://www.youtube.com/watch?v=zF7aTCoWoLQ

Bootc is basically the next generation of rpm-ostree. Here's an early look at bootc from someone who happened to start looking into Fedora CoreOS at the same time as bootc was announced. It's an organic exploration of both!

https://fedoramagazine.org/a-great-journey-towards-fedora-coreos-and-bootc/

"Due to a bug in rpm-ostree, the '/etc/[g]shadow[-]' files in Fedora CoreOS, Fedora IoT and Fedora Atomic Desktops have the world-readable bit set.

To fix impacted systems immediately, run the following command as root:
$ chmod --verbose 0000 /etc/shadow /etc/gshadow /etc/shadow- /etc/gshadow-

For more details, notably the full list of affected versions, see: https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6 "

- @siosm, Fedora maintainer

Due to a bug in rpm-ostree, the '/etc/[g]shadow[-]' files in Fedora CoreOS, Fedora IoT and Fedora Atomic Desktops have the world-readable bit set.

To fix impacted systems immediately, run the following command as root:
$ chmod --verbose 0000 /etc/shadow /etc/gshadow /etc/shadow- /etc/gshadow-

For more details, notably the full list of affected versions, see: https://github.com/coreos/rpm-ostree/security/advisories/GHSA-2m76-cwhg-7wv6

Starting tomorrow we have a series of Test Days coming for different projects. Maybe contribute with testing for the ones that pique your interest?

* Mar 20-26: @Podman_io Desktop (for Windows and macOS as well)
* Mar 21-26: Podman 5
* Mar 25 - Apr 1: Fedora CoreOS
* Mar 27: (Toolbx) @containertoolbx

Get started: https://fedoramagazine.org/contribute-at-fedora-coreos-podman-and-toolbx-test-days/

Say hello to @containertoolbx, the Mastodon account for Toolbx!

If you use Fedora Atomic Desktops or Fedora CoreOS, this may be a neat account to follow as it's what we use to manage containers - an important part of how to use this kind of system.

Last batch of sessions for the day! Watch LIVE. #Fedora #FlockToFedora #FlockIreland #AlmaLinux #CentOS #RHEL #RockyLinux #FedoraCoreOS

Panel: Upstream collaboration & cooperation in the Enterprise Linux ecosystem: https://sched.co/1Or6Q

Design Clinic with the Community Design Team: https://sched.co/1Or7O

Autotesting in Fedora: https://sched.co/1PSs5

Hands with CoreOS Assembler: https://sched.co/1PbMy