BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//cfp.all-systems-go.io//all-systems-go-2025//UK8EUJ BEGIN:VTIMEZONE TZID:CET BEGIN:STANDARD DTSTART:20001029T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-all-systems-go-2025-DCVQLK@cfp.all-systems-go.io DTSTART;TZID=CET:20250930T142000 DTEND;TZID=CET:20250930T144500 DESCRIPTION:On image based desktops distributions such as Fedora Atomic des ktops and Universal Blue\, users are expected to run their graphical appli cations using Flatpaks and their command line ones using containers. But t hat approach does not work well for some applications that require more pr ivileges\, direct access to devices or kernel interfaces.\n\nWith systemd system extensions (sysexts)\, it is possible to extend an image based syst em on demand. Sysexts come with a lot of advantages: they can be created o ut of arbitrary content (not only packages)\, are quickly enabled or disab led and can be built and shared independently of the main distribution cha nnels.\n\nWe will demonstrate how the Atomic Desktops can take benefit of sysexts to provide extensions such as virtual machine management (libvirt) \, alternative container runtimes (moby-engine or docker)\, IDE (VS Code) or debugging (gdb).\n\nWe will also look at important details when buildin g sysexts\, the current limits when deploying them (SELinux policy modules \, service management\, RPM database update)\, what is currently blocking us from using it for more complex cases (kernel modules) and what we would need to properly manage and update them. DTSTAMP:20260315T023303Z LOCATION:Loft SUMMARY:Extending Fedora Atomic Desktops using systemd system extensions - Timothée Ravier URL:https://cfp.all-systems-go.io/all-systems-go-2025/talk/DCVQLK/ END:VEVENT BEGIN:VEVENT UID:pretalx-all-systems-go-2025-87TFB7@cfp.all-systems-go.io DTSTART;TZID=CET:20251001T152000 DTEND;TZID=CET:20251001T154500 DESCRIPTION:In last year's ASG!\, bootc and bootable containers were introd uced. In this talk\, we'll go over what changed since last year\, and how Fedora CoreOS and RHEL CoreOS are leveraging bootable containers to reduce maintenance and increase sharing. DTSTAMP:20260315T023303Z LOCATION:Loft SUMMARY:Leveraging bootable OCI images in Fedora CoreOS and RHEL CoreOS - T imothée Ravier\, Jonathan Lebon URL:https://cfp.all-systems-go.io/all-systems-go-2025/talk/87TFB7/ END:VEVENT BEGIN:VEVENT UID:pretalx-all-systems-go-2025-TNKPQS@cfp.all-systems-go.io DTSTART;TZID=CET:20251001T160000 DTEND;TZID=CET:20251001T164000 DESCRIPTION:With Bootable Containers (bootc)\, we can place the operating s ystem files inside a standard OCI container. This lets users modify the co ntent of the operating system using familiar container tools and the Conta inerfile pattern. They can then share those container images using contain er registries and sign them using cosign.\n\nUsing composefs and fs-verity \, we can link a UKI to a complete read only filesystem tree\, guaranteein g that every system file is verified on load. We integrate this in bootc b y creating a reliable way to turn container images into composefs filesyst em trees\, and then including the UKI in the container image.\n\nWe will s hare the progress on the integration of UKI and composefs in bootc and how we are going to enable remote attestation for those systems using trustee \, notably for Confidential Computing use cases. DTSTAMP:20260315T023303Z LOCATION:Loft SUMMARY:UKI\, composefs and remote attestation for Bootable Containers - Ti mothée Ravier\, Pragyan\, Vitaly Kuznetsov URL:https://cfp.all-systems-go.io/all-systems-go-2025/talk/TNKPQS/ END:VEVENT END:VCALENDAR