OpenCHAMI Weekly Digest

A strong release week with five tags shipping, the first ever gpg-signing-manager PR, and an OpenAPI discovery RFD on the table.

Highlights#

• gpg-signing-manager opens up: gpg-signing-manager PR #1 — the first PR on this repo — from synackd switches to separate repo keys instead of subkeys. A meaningful change to the signing trust model used by the release pipeline.
• boot-service expansion: boot-service PR #11 from synackd adds openapi API routes, and PR #7 from alexlovelltroy upgrades the underlying fabrica. boot-service v0.1.2 ships at end of week, accompanied by ochami’s bump to boot-service v0.1.1 earlier in the week.
• OpenAPI Discovery RFD opened: roadmap #124 from alexlovelltroy — a standardized OpenAPI discovery endpoint across OpenCHAMI services. Pairs naturally with the ochami #78 ask for choosing API versions of fabrica services.
• aarch64 release issues close: release #42 (local-ca aarch64) and release #43 (broader aarch64) — both from middelkoopt — closed this week. The aarch64 arc that started in March is winding down.
• Cloud-init networking inject closes: boot-service #6 from travisbcotton — inject cloud-init networking from boot-service — closed this week, along with boot-service PR #2 (ethernet interface unmarshal fix from davidallendj).
• Release pipeline tightens: release PR #49 streamlines the ephemeral GPG key generation and signing process; PR #48 bumps bss, smd, and local-ca versions; PR #40 from erl-hpe adds :ro,Z to coresmd-coredns container volume specs (selinux-friendly).
• fabrica v0.4.1 + reconciler guardrails: fabrica v0.4.1 ships. New PR #46 from bmcdonald3 throws when reconcilers are configured without events and lowers default worker count to 1 — guardrails against subtle misconfigurations.
• Container instructions for tutorial: openchami.org PR #95 from green-br adds optional container instructions.

New & Notable PRs#

• Separate repo keys instead of subkeys (gpg-signing-manager #1) by synackd
• openapi API routes (boot-service #11) by synackd
• Upgrade fabrica (boot-service #7) by alexlovelltroy
• Streamline ephemeral GPG signing (release #49) by alexlovelltroy
• Reconciler/event guardrails (fabrica #46) by bmcdonald3

Issues to Watch#

• Standardized OpenAPI Discovery Endpoint (roadmap #124) — new RFD; foundational for client tooling.
• Choose API version for fabrica services (ochami #78) — companion to the discovery RFD.

Releases#

• boot-service v0.1.2
• fabrica v0.4.1
• release v0.1.4
• release v0.1.3
• ochami v0.7.2

Contributor Thanks#

• synackd — gpg-signing-manager first commit + boot-service openapi routes + release pipeline GPG cleanup.
• alexlovelltroy — boot-service fabrica upgrade, OpenAPI discovery RFD, release-pipeline GPG streamlining.
• bmcdonald3 — fabrica reconciler guardrails.
• middelkoopt — drove the aarch64 release issues to closure.
• mithileshreddy04, erl-hpe, green-br, darkmatterdawn — deployment-recipes, release, and tutorial polish.

What’s next?#

• Land fabrica #46 reconciler guardrails and continue using fabrica through more services.
• Move discussion forward on roadmap #124 OpenAPI discovery endpoint.
• Prepare for the UCL 2026 Summit — most of the content scaffolding is now in.

Proposed Blog Titles#

1. “Separate Repo Keys: A Cleaner Signing Trust Model in OpenCHAMI”
2. “Standardized OpenAPI Discovery: An Early Look at the RFD”
3. “Five Releases in a Week: OpenCHAMI’s Release Cadence”
4. “Cloud-Init Networking from boot-service: How It Came Together”