I'm not sure if we have some criteria for podman, honestly, but perhaps I missed some. There's this criterion:
https://fedoraproject.org/wiki/Fedora_38_Beta_Release_Criteria#Podman_container_runtime
but in general you can deploy an image, you just won't be able to update the image for packages with certain file capabilities, like shadow-utils. Also, I'm not sure what the after-effects of a failed dnf transactions are.
I thought that Workstation has some release criteria regarding toolbox, or Server/Cloud/CoreOS regarding podman, but I don't see any at the moment.

Container registry images don't seem to be release blocking so we can't beat on one of the updating software requirements to fit. I don't really see anything else that fits.

FinalBlocker -1

FinalBlocker -1

Workstation group has agreed to make toolbox release blocking and consider toolbox as a default app in iso. CoreOS images have toolbx in them as well.
@petersen and @rishi both suggested/inclined to block on this kinda stuff for sometime before.

FinalBlocker +1

FinalBlocker -1

I didn't skim through the criteria, but, I can create, enter, and use "boxes" created with toolbox just fine.

@sumantrom Have you found an applicable release criterion?

@frantisekz Are you saying you can reinstall/update shadow-utils and similar packages in your toolbox just fine (when running on F38 host)? Please mention that in the bugzilla, so that we can debug that further, thanks.

@sumantrom Have you found an applicable release criterion?

Nope, I can write something down fast. The GNOME folks have this https://pagure.io/fedora-workstation/issue/337 . The WG is good with it but they also want the registry image should also be blockable. I am the one to push for this one and I should probably propose this to test (ASAP) and get all of this in-line. WDYT?

There's even our own ticket:
https://pagure.io/fedora-qa/issue/716

Note that @rishi says:

I think that eventually we need to expand the scope to have working Toolbx, beyond having an updated fedora-toolbox image

So the first step was probably supposed just to ensure the image is built. Still, yes, there's clearly a desire to have this covered in release criteria. The timing is not great, though :-/

@frantisekz Are you saying you can reinstall/update shadow-utils and similar packages in your toolbox just fine (when running on F38 host)?

No, let me re-quote myself.

I can create, enter, and use "boxes" created with toolbox just fine.

Is all I am saying, nothing about updates, shadow-utils, etc.

To elaborate a tiny bit more, if you'd prefer, the fact that you can create and enter toolboxes makes me feel -1 about the blocker status.

I have updated the bugzilla. The concerning part is that if this problem happens for shadow-utils (i.e. when there's a new update of this package and you update it), it will prevent you from entering the toolbox again, once it is stopped (e.g. after a reboot).

The more positive part is that this doesn't seem to happen to everyone. I still haven't found the deciding factor, why it affects just some systems.

AGREED RejectedFinalBlocker
AGREED AcceptedFinalFE

Discussed during the 2023-04-03 blocker review meeting: [0]

The decision to classify this bug as a "RejectedBlocker (Final)" and an "AcceptedFreezeException (Final)" was made as we really do not have the framework in place to treat toolbox as release blocking for now (see tickets). It's accepted as an FE though, as it would definitely be good to have it working at release for the increasingly popular immutable editions.

[0] https://meetbot.fedoraproject.org/fedora-blocker-review/2023-04-03/f38-blocker-review.2023-04-03-16.01.txt

The following votes have been closed:

• Rejected FinalBlocker (+1, 0, -3)
  • +1 by sumantrom
  • -1 by nielsenb, geraldosimiao, frantisekz
• Accepted FinalFreezeException (+0, 0, -0)

Release F38 is no longer tracked by BlockerBugs, closing this ticket.