/srv/irclogs.ubuntu.com/2013/07/03/#ubuntu-devel.txt

=== luist_ is now known as luist
=== mnepton is now known as mneptok
=== LordOfTime is now known as LordOfTime\|EC2
=== TheMuso` is now known as TheMuso
=== iulian is now known as Guest48666
=== _salem is now known as salem_
adie	jamesh :O	02:29
jamesh	hmm?	02:29
adie	I had a question, and I was referred to you to ask about it, you got a minute?	02:30
jamesh	sure	02:30
adie	Okay ^_^	02:31
adie	I am working on a simple script for IRC client hexchat which keeps track of unread message count in the unity launcher count	02:31
adie	simple script: http://pastebin.com/GigD0P4t	02:32
adie	My issue is that it works completely fine the first time, but I am unable to unload and reload the script; a reload causes an error, and just breaks	02:32
adie	I have to restart hexchat commpletely to reload the script	02:32
adie	do you know of anything that I need to/can reset that would allow me to reload the script without killing the hexchat?	02:32
jamesh	what is the error?	02:33
adie	upon unloading and reloading the script, I get this error: http://pastebin.com/raw.php?i=dzSafTK4	02:34
adie	If I were to guess, it would have something to do with hexchat's unnity launcher icon having already been hooked once or something, and it crashes if you try to do it a second time	02:35
adie	not sure though	02:35
jamesh	that is a bit weird.	02:35
adie	Additional, when I unload the script the last unity count number remains on the icon	02:36
jamesh	I don't have much experience with xchat/hexchat's Python support, but when you say you are reloading it, does that mean the entire Python runtime, or just the script	02:36
jamesh	?	02:36
adie	just the script I think	02:36
jamesh	it seems a bit surprising that those modules would be initialised a second time then	02:37
jamesh	i.e. after the first time you import gi.repository.Unity, future imports should just pick the module object from sys.modules['gi.repository.Unity']	02:40
adie	hm	02:42
adie	brb a second	02:42
jamesh	also, it isn't obvious how your script would know when it is being unloaded, which might indicate why the read count doesn't change then.	02:51
adie	hm.	02:52
* adie huggles		02:53
adie	yeah jamesh, I guess I misunderstood what the issue was	02:57
adie	I thought it was an issue with the unity launcher API, but apparently I cant "from gi.repository import Unity, Gio, GObject, Dbusmenu" twice for whatever reason	02:57
adie	strippingn it down to just importinng those modules prevents it fromm loading a second time	02:58
adie	so I guess I was wastinng your time :< sorry	03:00
jamesh	adie: it certainly sounds like hexchat is doing something weird when you try to reload your script then.	03:05
=== Kk2 is now known as kk2
=== salem_ is now known as _salem
=== udienz__ is now known as udienz
pitti	infinity: my recipe? I'm using mk-sbuild + apt-cacher-ng + some symlinks to /tmp in /var/lib/schroot (I have /tmp on tmpfs), nothing that fancy	04:45
pitti	infinity: but downloading sbuild schroots does sound like a nice idea	04:45
infinity	pitti: Oh, it wasn't you who was using distro chroots, then. Hrm. I wonder who that was.	04:45
=== halfie\|zzz is now known as halfie
sarnold	infinity: security team has distro schroots...	04:48
infinity	sarnold: Backed by the LP tarballs, I mean.	04:48
sarnold	infinity: is that tarballs of the distros pre-installed?	04:49
infinity	sarnold: No, the tarballs used by LP buildds.	04:49
infinity	sarnold: eg: https://api.launchpad.net/1.0/ubuntu/raring/amd64	04:49
TheMuso	c	05:43
* ScottK looks at lamont` and wonders what happened to the weekend.		06:01
rsalveti	stgraber: xnox: ogra_: slangasek: seems there's sort of a regression with the latest upstart	06:11
rsalveti	ofonod was started fine with mako before, and upstart-file-bridge is also running just fine	06:12
rsalveti	after update, ofonod is never started (it works fine with maguro though, might be a race somehow), and upstart-file-bridge starts but dies later on	06:12
rsalveti	from logs: upstart-file-bridge:string.c:396: Assertion failed in nih_str_split: str != NULL	06:17
=== geser_ is now known as geser
dholbach	good morning	06:42
=== Guest48666 is now known as iulian
=== elmo__ is now known as elmo
xnox	rsalveti: is it reproducible with a grouper device?	08:20
seb128	pitti, hey, could you put https://code.launchpad.net/~peter.ahlgren/ubuntu/raring/obconf/fix-for-1179969/+merge/170065 as work in progress/needs work/rejected?	08:20
xnox	rsalveti: as a work around it should be possible to change upstart job (with an override file) to run upstart-file-bridge in foreground (remove expect stanzas & --daemon)	08:21
pitti	seb128: sounds like "rejected", done	08:26
seb128	pitti, danke	08:26
ogra_	rsalveti, bah	08:26
* Laney just got a crash report for u-f-b in dist-upgrade ;-)		08:27
infinity	Yeah, lots of us did, there are a few dupe bugs for that already.	08:27
Laney	yep, just checked	08:27
Laney	So probably not touch specific.	08:28
infinity	xnox: https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1197214	08:29
ubottu	Launchpad bug 1197214 in upstart (Ubuntu) "upstart-file-bridge crashed with SIGABRT in raise()" [Undecided,Confirmed]	08:29
jodh	infinity: just fixed it	08:30
infinity	jodh: That was quick. Thanks.	08:30
jodh	infinity: well, it's fixed upstream so next upload will include it.	08:30
seb128	is that worth an upload to backport it?	08:31
xnox	jodh: infinity: i have a workaround. On my system i was running upstart-file-bridge in foreground, switching to daemon triggered the bug.	08:32
infinity	I suspect it's worth someone pushing an upload soon, yeah.	08:32
xnox	seb128: infinity: I'll make one, after checking jodh's fix. I did TIL.	08:32
infinity	xnox: Thanks.	08:32
seb128	xnox, thanks	08:32
jodh	xnox: https://code.launchpad.net/~jamesodhunt/upstart/bug-1197225/+merge/172762	08:32
* xnox runs all of my bridges in foreground		08:41
seb128	xnox, just backport that fix and install the update :p	08:42
xnox	seb128: yeah, merged upstream, tested properly, now running full test-suite.... uploading soon.	08:42
=== yofel_ is now known as yofel
xnox	seb128: infinity: uploaded. Last night the delay between upload and migration to release was... 5 hours. I blame latency in reverse-testing of the $world via autopkgtests.	08:48
seb128	xnox, thanks	08:48
xnox	(as it only takes 30minutes to build upstart on armhf)	08:49
infinity	It's not hugely urgent, just an annoying apport dialog. But I could force it to skip rdep tests.	08:49
seb128	Laney, stgraber, jodh: do you have an opinion on https://code.launchpad.net/~ted/gnome-session/upstart-unity/+merge/172664 ?	09:09
Laney	not really; does it work?	09:10
seb128	Laney, I didn't try yet, it was on my inbox this morning	09:11
seb128	I didn't follow up the details on what processes are upstart started nowadays	09:11
Laney	and the gnome-session-foo commands continue to work?	09:13
Laney	In principle it seems ok to me	09:13
Laney	I think the user session jobs were otherwise jiggled to make this work	09:13
seb128	let me play with it here, I was mostly listing it for comments or in case you guys knew about any gotcha there	09:13
Laney	unity's one will need patching too but I guess there will eb an MP for that	09:13
Laney	no, lies, it will not	09:14
Laney	grr, not getting applications returned in the home lens	09:17
cjwatson	xnox: No, it wasn't genuine latency, it was false latency due to a known bug with virtual package handling	09:20
cjwatson	xnox: I noticed at some point and forced it	09:20
seb128	Laney, bug mhr3 about it on #ubuntu-unity please	09:20
cjwatson	xnox: The actual autopkgtest only took a few minutes	09:20
cjwatson	xnox: jibel is working on the underlying bug	09:20
seb128	Laney, he will likely want a bustle log	09:20
xnox	cjwatson: interesting. thanks.	09:20
Laney	second	09:20
Laney	oh wow, my PC hard locked	09:22
jibel	xnox, I'm testing a fix that will land today.	09:23
tseliot	pitti: sorry yesterday I forgot to ask you to approve nvidia-settings-319-updates (saucy, NEW, main) which goes together with the package you approved	09:38
=== fabo is now known as fabo_away
jodh	xnox/doko: any thoughts on https://code.launchpad.net/~jamesodhunt/upstart/fix-libupstart/+merge/172371 ? Possibly a gettext issue?	10:03
pitti	tseliot: oh, we need an -updates for the settings as well? looking	10:06
tseliot	yep	10:06
pitti	tseliot: why does nvidia-settings-319 and -updates have a different orig.tar.gz?	10:07
tseliot	pitti: well, it's the same code for now but it will change	10:07
pitti	yes, I mean nvidia-settings-319_319.32.orig.tar.gz and nvidia-settings-319-updates_319.32.orig.tar.gz differ (gz timestamp or so)	10:08
pitti	looks ok otherwise	10:08
ogra_	didrocks, any idea when i can expect a build of https://code.launchpad.net/~phablet-team/phablet-tools/trunk ? seems the merge went in 4h ago	10:09
tseliot	pitti: they are different tarballs yes. I didn't rename one adding -updates to it. I created the tarball again	10:09
didrocks	ogra_: should be in tomorrow's dailies, any urgency?	10:09
pitti	tseliot: hm, nvidia-settings-{304,319} are in main, -310 is in universe; is that really free software?	10:10
ogra_	didrocks, it is the one thing blocking us from switching to flipped by default (which was due on monday)	10:10
pitti	tseliot: I had assumed it was for restricted or multiverse	10:10
didrocks	ogra_: ok, let me rerun a daily with this one then	10:10
* ogra_ hugs didrocks		10:10
ogra_	thanks !	10:10
tseliot	pitti: -310 should be a transitional package which we still want in restricted	10:10
* didrocks hugs ogra_ back		10:11
cjwatson	jodh: Look into why libintl isn't being built with -fPIC, I guess	10:11
cjwatson	compiled, that is	10:11
pitti	tseliot: oh, seems -settings is indeed GPL?	10:11
tseliot	pitti: yes, settings is GPL	10:11
pitti	none of the .c files have a copyright header, but there's a GPL2 COPYING	10:12
tseliot	I thought you were referring to the drivers	10:12
pitti	tseliot: so -settings should go into main?	10:12
tseliot	pitti: yep	10:12
pitti	tseliot: done	10:12
tseliot	pitti: thanks a lot, now about 310	10:12
tseliot	pitti: is it nvidia-310?	10:12
pitti	tseliot: sorry, what?	10:13
pitti	tseliot: I was exclusively talking about nvidia-settings-* here	10:13
tseliot	pitti: ok, never mind then. Thanks again	10:13
pitti	tseliot: heh, yay confusion :) thanks	10:13
cjwatson	jodh: Can I see configure output for the 64-bit system in question?	10:15
jodh	cjwatson: http://paste.ubuntu.com/5839892/	10:18
marga	Hey all. I prepared some patches for the heimdal package and got reprimanded for not following SRU directions :-/. I understand most of the concerns except for one: "please could your review the versioning you are using". Could anybody here tell me what versioning I should use? https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/1191704	10:20
ubottu	Launchpad bug 1191704 in heimdal (Ubuntu) "KDCs complain about not having enough file handles for /var/lib/heimdal-kdc/heimdal" [Undecided,New]	10:20
xnox	marga: Under https://wiki.ubuntu.com/StableReleaseUpdates#Procedure, point 5.1. links to https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging with examples of version numbers.	10:21
xnox	marga: since heimdal is at the same version number in precise/quantal/raring, use the example that encodes ubuntu release version number from a debian version number	10:22
marga	ok, thanks.	10:23
marga	actually precise is different, quantal/raring are exactly the same and saucy has a different debian revision. Still, I'll read the guidelines and follow them. Sorry for not finding them myself.	10:23
xnox	marga: 1.6~git20120403+dfsg1-2ubuntu0.12.04.1 is probably gonna be the version number for precise SRU.	10:23
xnox	marga: precise is indeed different =) getting cross-eyed looking at those version numbers.	10:24
marga	So, should I leave it as it is for precise?	10:25
xnox	marga: so precise could use "ubuntu0.1" suffix, and quantal/raring need to use ubuntu0.13.04.1 / ubuntu0.13.10.1	10:25
marga	Ok, good.	10:25
marga	I'll do this. Thanks.	10:25
xnox	np	10:25
ogra_	didrocks, looking at the changelog at https://launchpad.net/ubuntu/saucy/+source/phablet-tools/0.14+13.10.20130703-0ubuntu1 ... does jenkins not use dch to append its "automatic snapshot" message ? looks a bit messy ..	10:51
ogra_	(not highly important indeed, but it looks a bit mangled)	10:52
didrocks	ogra_: it does	10:52
ogra_	weird	10:52
didrocks	it does that for every content	10:52
didrocks	every commit messages removes lines, one entry per commit	10:52
didrocks	ogra_: I bet sergiusens added in his commit message multiple *	10:53
ogra_	yes, since it were multiple commits merged into one	10:53
didrocks	ogra_: see: http://bazaar.launchpad.net/~phablet-team/phablet-tools/trunk/revision/119	10:53
didrocks	yep	10:53
didrocks	and as the decision was to take only commit messages to trunk, that's what we end up with :)	10:54
ogra_	right ... if i call dch here on such a file it simply appends to it	10:54
didrocks	yep, no magic reformatting	10:54
doko	jodh, why does it try to link with libintl.a, and not libintl.la (or the system one)? Maybe first check the config.log why the tests have different outcome on i386 and amd64	11:08
=== oSoMoN_ is now known as oSoMoN
jodh	doko: ok	11:09
=== MacSlow is now known as MacSlow\|lunch
cjwatson	jodh: That looks like configure was run with --with-included-gettext	11:33
cjwatson	TBH, for projects that use gettext where I'm upstream, I switched to AM_GNU_GETTEXT_EXTERNAL a while back, and people can install gettext if they're really using a system that lacks it	11:33
cjwatson	Way less hassle all round	11:33
jodh	cjwatson: I think it must be distcheck that is adding --with-included-gettext, but seemingly only on 64-bit.	11:47
cjwatson	Might just be something about the set of packages installed. However, do you ever care about building upstart on a system that lacks gettext?	11:48
cjwatson	I'd argue you don't and that sidestepping the whole issue with AM_GNU_GETTEXT_EXTERNAL is the right thing to do.	11:48
bain	Hi i am trying to compile gtk+3.0 source package on raring	12:06
bain	did build-dep install and apt-get source gtk+3.0	12:07
bain	./configure and make is resulting in these errors	12:07
bain	undefinged reference to <various ubuntumenuproxy module api's>	12:08
bain	can some one help did i miss a configure switch? i can see that the code exists in the gtk/ folder... just not getting compiled	12:08
cjwatson	the usual way to call the build system starts with 'debian/rules build', not ./configure and make	12:09
cjwatson	(you may want to remove the source directory and unpack it afresh now, though)	12:09
bain	ah ... ok will try and report ... thanks	12:09
=== MacSlow\|lunch is now known as MacSlow
=== ChrisTownsend1 is now known as ChrisTownsend
bain	cjwatson, it worked thanks...	12:34
=== greyback is now known as greyback\|lunch
rbasak	When we sync from Debian, do we run dep8 tests? I have a failing dep8 test in puppet AFAICT - which is holding me back from introducing an unrelated delta (another test).	12:51
=== oSoMoN_ is now known as oSoMoN
=== greyback\|lunch is now known as greyback
xnox	rbasak: talk to #ubuntu-release, it can be hinted to ignore dep8 failure.	13:11
xnox	rbasak: and yes, we run all autopkgtest =)	13:11
rbasak	xnox: so we do normally do it?	13:11
xnox	rbasak: no, but we do have facility to ignore autopkgtest failure and migrate packages to -release.	13:12
cjwatson	Running DEP-8 tests is unrelated to where the package came from.	13:12
rbasak	xnox: I wondered because I thought it might help me pin down the cause (ie. my environment vs. something broken elsewhere).	13:12
rbasak	So in general we always run dep8 tests when we sync from Debian, right?	13:12
cjwatson	It doesn't matter where the package came from.	13:12
rbasak	I actually found the cause since I asked that question, but it'd still be useful to understand in the future.	13:13
cjwatson	So "yes".	13:13
cjwatson	However, I don't see puppet on either http://people.canonical.com/~ubuntu-archive/proposed-migration/update_excuses.html or https://jenkins.qa.ubuntu.com/view/Saucy/view/AutoPkgTest/ .	13:13
rbasak	Here it was because apache2 is still on 2.2 in Ubuntu, and Debian have changed how it works in 2.4 and puppetmaster-passsenger won't work with the old one. It just so happens that zul did the merge yesterday but it hasn't gone through to saucy yet.	13:13
xnox	rbasak: you can run autopkg test exactly as in the jenkins lab using scripts from lp:auto-package-testing	13:13
cjwatson	Indeed, we're in the middle of the Apache 2.4 transition. If this is causing trouble, your best bet is really to help move the transition along faster, since it's likely to need a number of hands.	13:14
xnox	rbasak: apache2.4 is stuck in saucy-proposed with the rest of packages that are already using 2.4, until the remaining 2.2 ones are transitioned to 2.4 as well.	13:14
rbasak	Is there a report for outstanding work?	13:14
xnox	rbasak: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661958	13:15
ubottu	Debian bug 661958 in release.debian.org "transition: apache2 2.4" [Normal,Open]	13:15
xnox	see all the blocked bugs.	13:15
=== wedgwood_away is now known as wedgwood
rbasak	xnox: thanks. What do we need in Ubuntu to get apache2 2.4 into saucy? All of those fixed, or a selection?	13:19
cjwatson	Probably all	13:19
cjwatson	Although I expect some will be removed rather than fixed - would prefer that to be as agreed with Debian though	13:20
cjwatson	I plan to be following along with removals	13:20
xnox	rbasak: so for apache2.4 to migrate, we need to well satisfy http://people.canonical.com/~ubuntu-archive/proposed-migration/update_output.txt see the last try to migrate apache2 together with a bunch of fixed packages.	13:21
xnox	rbasak: that gives a concise list of packages that are blocking transition. Those that are in main, are probably betters targets to help write patches for in debian and/or ubuntu.	13:22
rbasak	xnox: thanks	13:23
* rbasak is struggling to understand that		13:27
rbasak	* i386: 389-admin, 389-admin-console, 389-ds...	13:28
xnox	rbasak: yeah britney output is criptic. Given a package, it checks how many package where uninstallable before and after introducing said package. The number should stay the same or go down. If it goes up, they are listed.	13:28
rbasak	Is that the list? Are all the packages in that list blocking migration, so it'll shrink as packages are fixed?	13:28
cjwatson	That means that promoting that set of packages (apache2 etc.) renders those packages uninstallable.	13:28
cjwatson	Fix them and that list will indeed shrink.	13:28
rbasak	Got it. Thanks!	13:29
=== _salem is now known as salem_
mterry	How does one download a package from debian NEW? I can't find the link	13:49
Laney	mterry: you can't, intentionally	13:50
Laney	See if there's a VCS listed	13:50
mterry	Laney, I thought that might be the case. OK	13:50
mterry	good idea	13:50
=== tkamppeter_ is now known as tkamppeter
rbasak	So the dep8 test for puppetmaster-passenger fails for me because it uses apache 2.2 out of saucy. But if it were to use -proposed, it'd work because it'll pull in apache 2.4, right? And go through to saucy?	14:32
rbasak	(assuming there aren't any other issues)	14:32
cjwatson	rbasak: you can always try it :) the tests on jenkins.qa.ubuntu.com should use -proposed	14:42
cjwatson	rbasak: indeed e.g. https://jenkins.qa.ubuntu.com/view/Saucy/view/AutoPkgTest/job/saucy-adt-apport/ARCH=amd64,label=adt/lastSuccessfulBuild/artifact/results/log shows it looking at -proposed	14:43
rbasak	Thanks. I'll test against -proposed locally, and if that works then I'll upload. Worst case is that it'll end up stuck in -proposed, and I can guess it's no worse to wait if that happens.	14:44
cjwatson	you're going to be waiting either way, it seems	14:45
=== freeflyi1g is now known as freeflying
sladen	ogra_: Flipped Root Image ... would be a more FRUITy name	15:08
sladen	ogra_: Flipped Root Ubuntu Image for Touch	15:09
=== wedgwood is now known as wedgwood_away
ogra_	sladen, haha	15:09
=== wedgwood_away is now known as wedgwood
tedg	cjwatson, click is telling me I don't have ubuntu-sdk-13.10. I swear I do. How to I tell it so? :-)	15:11
cjwatson	tedg: --force-missing-framework	15:12
cjwatson	tedg: I wasn't aware that any package delivered the necessary file in /usr/share/click/frameworks/ yet ...	15:12
tedg	Ah, I thought it was checking the debian package	15:13
tedg	ubuntu-sd	15:13
tedg	ubuntu-sdk	15:13
cjwatson	Nope	15:13
cjwatson	Can't load the system package database	15:14
tedg	Ah, okay.	15:14
cjwatson	Plus I'm not sure there's any guarantee that the current version is actually "13.10" yet	15:14
cjwatson	So for now, --force-missing-framework is rational	15:14
tedg	Yup, that's fine with me. I just thought it was user error :-)	15:14
=== Ursinha is now known as Ursinha-afk
tedg	cjwatson, Is there a way to know that camera-app.desktop is the desktop file?	15:47
tedg	cjwatson, I was expecting a manifest that'd either point to it, or a generic name.	15:48
cjwatson	tedg: Not hooked up yet, but I'm expecting the manifest to declare a hook (something like https://click-package.readthedocs.org/en/latest/hooks.html) naming the desktop file	15:49
cjwatson	So you might have "hooks": { "desktop": "camera-app.desktop" }	15:50
cjwatson	tedg: If you want to tell me where the file ought to be linked to, I could start on figuring out whether the current hooks interface can properly express that	15:51
cjwatson	(And whether any further actions need to be taken, or if it's just "make a symlink")	15:51
smartboyhw	Hey guys, where is the source code of the bot that you guys use to sign-in patch pilots?	15:51
tedg	cjwatson, I think we'll want to build a new desktop file. i.e. replace the Exec line with something like "click-launch" or something so that we can add the apparmor profiles automagically.	15:52
tedg	cjwatson, Where we wouldn't want applications doing that themselves.	15:52
cjwatson	tedg: Ah. I was hoping we wouldn't have to do that, but oh well	15:52
xnox	smartboyhw: ask on #ubuntu-irc or check IRC topics on wiki.u.c, it's linked there somewhere.	15:52
cjwatson	I've been trying to avoid having to build a templating language into click	15:52
cjwatson	But we could use Exec lines to run sed over things, I suppose	15:53
=== _ffio_ is now known as bsd_freak
tedg	cjwatson, I don't think we'd have to do that. I think we could just read the desktop format and modify it.	15:53
tedg	Exactly. Sed or a utility, or whatever.	15:53
cjwatson	tedg: I thought the point was to hook this into application.upstart and have that apply the profile	15:53
tedg	cjwatson, Sure that works for the Unity usecase, but I don't think we'll get other DE's doing that. And it'd be nice if they could use Click as well.	15:54
xnox	tedg: i would have hoped, that xdg-open file://*.desktop works which takes the desktop file, applies any necessory apparmor/upstartfication and launches the desktop file.	15:55
cjwatson	tedg: OK, so if I can get a path-and-file-format-level spec for what I'm supposed to do here, I can have a go at implementing it	15:55
xnox	tedg: and based on the current DE it could do less or more....	15:55
cjwatson	tedg: I'm expecting that the first couple of hooks we write here will need modifications to the core, since it's pretty minimal at the moment	15:55
xnox	tedg: cause inherently, launching a desktop file under upstart/apparmor is independent off using click package or .deb	15:55
=== kk2 is now known as Kk2
cjwatson	One problem is that the path to the executable is not known	15:56
cjwatson	So either we need to substitute the installation path into the Exec field (could be hairy) or we need something that sticks the app's unpack directory on the front of $PATH before executing	15:57
cjwatson	(which then means your executable has to be at the top level of the app)	15:57
tedg	Yeah, that's why I was thinking something like "click-launch com.ubuntu.foo"	15:57
cjwatson	Right, but that just moves the problem around	15:57
cjwatson	It still needs to know what the entry point is	15:57
jdstrand	tedg: couldn't this be a function of the sdk? iirc, it creates a desktop file. why can't it create it to use your launcher?	15:57
cjwatson	jdstrand: That means that an app can be manually created to ignore the launcher, ignore apparmor profiles, etc.	15:58
tedg	cjwatson, Yes, but it means that we do it in a place that is independent of the DE.	15:58
cjwatson	jdstrand: Pretty sure your team would be unhappy about that	15:58
tedg	It's all contained in "click packages"	15:58
tedg	We could figure out the path that is relative to the right directory for the right version, etc.	15:59
cjwatson	tedg: Even so, we'd still need something to hook that into the list of installed applications	15:59
jdstrand	cjwatson: sure, but we could have an automatic check for that	15:59
tedg	Sure, and that would be putting the desktop file in /usr/share/applications. So that desktop file would be a generated one that would call back into the click system.	16:00
jdstrand	well, manual check first, that is made automatic later	16:00
cjwatson	jdstrand: The server isn't going to have any checks for 13.10	16:00
cjwatson	jdstrand: So anything that can be mandated automatically rather than requiring checks is a very definite win	16:00
jdstrand	cjwatson: I realize that. everything is gated on manual review. there will be tools though for those reviewers, that would grow into automatic checks	16:00
cjwatson	tedg: Can't be /usr/share/applications/ - /usr will be read-only	16:00
cjwatson	jdstrand: Honestly, I would rather have a design that doesn't require checking	16:00
cjwatson	As a strong design principle	16:00
tedg	cjwatson, heh, okay, /opt/com.ubuntu.click/desktop-files :-)	16:01
cjwatson	tedg: Isn't there a ~/.local/share/applications/ or something?	16:01
jdstrand	I appreciate that point, but I thought that click was supposed to be generally reusable in other places	16:01
jdstrand	if it isn't, fine	16:01
tedg	cjwatson, yeah, we could do that as well.	16:01
cjwatson	tedg: We may end up having multiple click paths, so I'd like to avoid the dash/launcher/whatever having to know to look in click-specific paths	16:01
cjwatson	jdstrand: well, it is, but saying "click packages must be launched using 'click launch com.ubuntu.foo'" doesn't seem to impede that	16:02
tedg	cjwatson, Hmm, yeah. Seems like it shouldn't have to be per-user for some cases though.	16:02
cjwatson	jdstrand: And doing this kind of thing in the SDK means that it's hard to change	16:03
cjwatson	jdstrand: If we need to change some bit of the app/launcher glue (hopefully it would never change, but ...), then we have to rebuild all apps and it all gets very boring	16:03
tedg	cjwatson, I guess we could have the "installer" check to see if it's installed first. And perhaps some cases the install is just creating that desktop file.	16:03
tedg	cjwatson, What I worry about there though is that the hook effectively needs to run as the user then, not the click installer user.	16:04
cjwatson	I'm still thinking of how per-user apps ought to work	16:04
cjwatson	But I'm beginning to come round to the possibility that maybe most hooks actually want to run as the user	16:04
cjwatson	Because if the system partition is read-only, most system hooks can't do much anyway	16:04
tedg	Hmm, interesting.	16:04
cjwatson	However there's the matter of packages preinstalled on the system partition	16:05
tedg	Seems like those wouldn't be per-user, right?	16:05
cjwatson	One option is to have a "register" kind of step where you register the system-installed packages in a user's list	16:05
cjwatson	In bulk	16:05
jdstrand	cjwatson: er read-only> this is something sbeattie and I have been thinking about with apparmor profiles too. I had figured that they would be tucked in /opt somewhere as writable be the click package user	16:05
jdstrand	I don't have an implementation suggestion, but I'm not keen on loading user owned policy	16:06
cjwatson	OTOH I think I've heard people say that at least some core apps shouldn't be entirely removable (i.e. if you remove them it just means it flips back to the version in the system partition)	16:06
cjwatson	jdstrand: No, I agree on that part	16:06
cjwatson	So maybe we need both user and system hooks	16:06
cjwatson	Having to put things in /opt is annoying though, because /opt's layout is not really typically friendly to being loaded in bulk by the system. Do we have any subdirectory of /var or something that's guaranteed to be on the user-data partition?	16:08
cjwatson	(And that isn't transient, like something bind-mounted off /run)	16:08
jdstrand	maybe /var/cache? I've not been part of these image layout conversations though	16:08
tedg	I'm not sure, perhaps rsalveti has info there?	16:08
jdstrand	fwiw, I was not suggesting the sdk handle it, I was just tossing the idea out there. the 'click launch' seems fine (feels slightly out of scope though...)	16:12
ogra_	jdstrand, tedg, stgraber is the person defining the image layout	16:13
mterry	zul, for python-amqp, why run just that one test?	16:13
ogra_	as he implements the image based updates and readonly filesystem stuff now	16:13
zul	mterry: havent figured out how to run the rest of the tests in a buildd yet	16:13
cjwatson	I can see it as in scope; at least for demonstration purposes.	16:14
mterry	k	16:14
cjwatson	I could implement it without it necessarily having to be the way apps end up being launched.	16:14
cjwatson	That said, "click launch" would run as a user, and the apparmor profile still has to have been generated and stashed somewhere first, so I don't think I can implement it yet.	16:15
jdstrand	cjwatson: sbeattie will be starting on the click hook imminently	16:16
=== wedgwood is now known as wedgwood_away
=== wedgwood_away is now known as wedgwood
jdstrand	cjwatson: the first cut for the demo may very well be putting it in /etc/apparmor.d, but we recognize that will need to change	16:17
cjwatson	jdstrand: Incidentally, what's the specific reason why user-owned policy is bad? I get that we don't want an app to be able to modify its own policy, but that's not quite the same as being user-owned	16:17
cjwatson	My understanding of the security policy is that we're principally trying to defend the user against malicious apps	16:18
=== bsd_freak is now known as babaji
jdstrand	cjwatson: you're right that they are different. loading policy is a privileged operation currently. one example of why it would be bad is that an unprivileged non-admin user would be able to modify one of these files and override system policy	16:19
jdstrand	or write new system policy	16:20
jdstrand	it is thorny. we don't have user profiles yet. we just can't allow it now	16:20
cjwatson	If you can override system policy, I can understand the restriction	16:21
jdstrand	user profiles are planned, but it is not for 14.04	16:22
cjwatson	I just wanted to check that it wasn't actually a fig leaf - for example if you were trying to prevent the app from overwriting its own policy in the case of a policy leak, which could equally well be used to write a new desktop file for itself :)	16:22
cjwatson	sbeattie: For the record, don't worry too much about polishing the edge of your code that interfaces with click	16:23
jdstrand	it doesn't have to do with the app	16:23
cjwatson	jdstrand: OK, good, I understand correctly then	16:23
cjwatson	sbeattie: I more or less expect to have to munge the interface about a bit, and I'm happy to take a lump of code that does the policy-specific work and then deal with the integration	16:23
cjwatson	(In fact it's arguably easier for me to deal with it that way, just at the moment)	16:24
jdstrand	cjwatson: the desktop file is an interesting consideration though. where do we expect them to live? currently, we figure things in /opt will not be writable by the user (DAC would protect against that too, but this is another layer), and then app data is in XDG dirs.	16:25
jdstrand	but we don't want the .desktop file to be modifiable	16:26
cjwatson	jdstrand: This is one reason I'm hoping not to have to run any processing over them, because then the desktop file can just live in /opt	16:26
jdstrand	(by the app-- the user could if desired)	16:26
jdstrand	/opt is great by me :)	16:26
cjwatson	jdstrand: But, a desktop file in .local/share/applications/ wouldn't be modifiable by the app either, surely	16:26
cjwatson	(Or whatever)	16:26
jdstrand	.local/share/applications will not be allowed, and would be acceptable too	16:27
jdstrand	so long as it isn't in .local/share/<app id> :)	16:27
cjwatson	I am on board with the general principle that an app should not be able to modify itself. We may have to argue about the details :)	16:27
* jdstrand nods		16:27
cjwatson	Oh, indeed, no, that wouldn't buy us anything even if I thought it were a good idea	16:27
jdstrand	though I think we are in agreement :)	16:27
cjwatson	I want to avoid anything where elements of the system have to iterate over lots of app directories, as much as possible	16:28
cjwatson	That kind of code tends to be really tedious and doesn't usually fit well with existing facilities	16:28
jdstrand	I don't particularly care on the implementation detail as long as it is cleanly separated from the app's writable area	16:28
jdstrand	cjwatson: yep, cool	16:29
cjwatson	I prefer models where bits of the app get linked or copied into single system- or user-owned directories	16:29
cjwatson	Ideally linked	16:29
jdstrand	cjwatson: I might mention, and I don't think this conflicts with anything we've said, we are trying to make it so apps can't enumerate what other apps are installed	16:30
jdstrand	cjwatson: an app shouldn't need read access for /usr/share/applications, /opt/.../wherever or .local/share/applications anyway, but thought I'd mention the principle	16:31
cjwatson	I guess then you need them not to be able to list either /opt/click.ubuntu.com or whichever directory we put the per-user links in, and you need them not to be able to execute /usr/bin/click	16:31
cjwatson	Or talk to the relevant PackageKit API	16:31
jdstrand	that's correct	16:31
jdstrand	that is all handled by default	16:31
cjwatson	Assuming that you're doing positive permissions rather than negative permissions, and I assume that because I believe you're generally sane :-), that shouldn't be a problem	16:31
jdstrand	that's accurate	16:32
jdstrand	well, sane is probably for discussion, but...	16:32
=== Ursinha-afk is now known as Ursinha
cjwatson	Just remember that the ability to list any directory that's used as the target of a hook might permit implicitly enumerating at least a subset of apps	16:32
jdstrand	I'm not up on "any directory that's used as the target of a hook"	16:34
jdstrand	our current templates will do things like /opt/click.ubuntu.com/@{APPNAME}/@{APPVERSION}/	16:35
jdstrand	where @{APPNAME} and @{APPVERSION} are declared in the manifest	16:35
jdstrand	I also understand that the exact path may change, based on earlier discussions	16:35
mdeslaur	we can't use .local/share/applications...it needs to be outside the home directory	16:36
jdstrand	mdeslaur: why, I feel like I missed something?	16:36
mdeslaur	since the home directory can be encrypted, click packages needs to be able to clean out unused versions of packages	16:36
mdeslaur	to do that, it needs to be able to enumerate what each user has	16:37
jdstrand	(ok, not the app confinement concern :)	16:37
jdstrand	s/the/a/	16:37
mdeslaur	no, not an app confinement concern	16:37
mdeslaur	also, the launcher list is outside the home directory, and it presumably needs to fetch icons and stuff from the desktop files	16:38
mdeslaur	because the lock screen launcher needs to work	16:38
cjwatson	target of a hook> What I mean is that if there's a system-provided hook that says "apps which provide the 'foo' facility get a named file symlinked into this directory", then enumerating that directory gives you a partial list of installed apps	16:38
jdstrand	mdeslaur: so, this is probably just chalked up to 'that will be handled via a system security update', but I hadn't really considered crafted/malicious icons	16:39
cjwatson	mdeslaur: .local/share/applications/ won't be the registry of what each user has	16:39
jdstrand	that could trigger stuff outside of confinement	16:39
mdeslaur	jdstrand: meh, no different than anything else the app could provice	16:40
mdeslaur	provide	16:40
mdeslaur	cjwatson: oh, sorry, I misunderstood then	16:40
cjwatson	mdeslaur: It seems unfortunate that encrypting one's home directory wouldn't imply encrypting the list of which apps one has installed	16:40
cjwatson	mdeslaur: Existence proof: "pornview"	16:41
mdeslaur	cjwatson: quite...but I'm not the one who decided to put your list of installed apps on the lock screen :P	16:41
jdstrand	mdeslaur: well, yes and know. taking the kernel out of it, the app is providing an image that is displayed outside of confinement by unity. most of what an app can do is within confinement	16:41
jdstrand	s/know/no/	16:41
jdstrand	(weird typo)	16:41
cjwatson	mdeslaur: Although I suppose the actual app is in /opt/ anyway	16:41
cjwatson	mdeslaur: So I guess it should be somewhere outside /home, but in user-owned mode 700 directories, to at least discourage casual snooping	16:42
cjwatson	mdeslaur: Then click running as root can still prune things	16:43
mdeslaur	cjwatson: yes...I believe the plan at some point was to use accountsservice to store that	16:43
cjwatson	mdeslaur: Huh, nobody told me. Reference?	16:43
mdeslaur	tedg: ?	16:43
mdeslaur	^	16:43
cjwatson	I'd been planning something really high-tech like, you know, a directory	16:43
mdeslaur	cjwatson: I blame either a rumour from ted, or my faulty memory :P	16:44
cjwatson	And actually it would be a right pain to have to go and talk to some other service for click's registry of installed apps	16:44
mdeslaur	cjwatson: oh, I was referring to the launcher items, not the list of installed apps	16:44
cjwatson	Oh, right. This is why I keep trying to get a spec out of Ted ;-)	16:44
ogra_	squeeze harder :)	16:45
mdeslaur	hehe	16:45
cjwatson	mdeslaur: (Your ideal lock screen makes the device invisible, right?)	16:45
mdeslaur	cjwatson: hehe, well, I think the launcher on the lock screen is cool....as long as the paranoid/enterprise users can enable a "safe" lock screen in the settings somewhere	16:46
mdeslaur	I don't include myself in the list of paranoid people :P	16:46
slangasek	cjwatson: so I can't think of any reason not to put MokManager in the existing shim binary package; can you?	17:05
sergiusens	cjwatson: from the above conversation, the how to launch a click installed app from a DE is not solved, right? Do you know who owns that if so?	17:10
cjwatson	slangasek: seems fair to me; I guess it needs a separately-signed EFI binary	17:13
slangasek	yep	17:13
slangasek	should the signed binary go to shim-signed?	17:13
slangasek	implies we need to consistently get both binaries signed in a timely manner, I guess	17:13
cjwatson	sergiusens: I think I own it, although it may involve me continuing to have lively debate with Ted ;-)	17:14
cjwatson	sergiusens: It's a demo blocker so a high priority for me	17:15
cjwatson	slangasek: Is there a reason we might want to handle them on different schedules, such as one changing much more frequently than the other?	17:15
slangasek	cjwatson: given that they come from the same source, and updating the source will render any -signed package non-rebuildable until a new signed binary is available, I don't think so	17:16
slangasek	I'm only (mildly) concerned about the prospect of one binary getting stuck in the SysDev submission queue	17:16
cjwatson	Oh, because we take care that we're shipping signatures for current binaries	17:17
slangasek	oh, but now I'm confused	17:17
slangasek	the MokManager.efi in http://www.codon.org.uk/~mjg59/shim-signed/shim-signed-0.2.tgz isn't signed by Microsoft	17:17
* slangasek rewinds and looks to see how this is actually being validated		17:18
stgraber	slangasek: any reason we can't have MokManager.efi signed by the Ubuntu key and started by shim/grub instead?	17:18
slangasek	stgraber: well, it looks like that might actually be how it's meant to work	17:18
cjwatson	http://www.techrepublic.com/blog/australia/shim-delivered-to-allow-small-linux-distros-to-boot/1579 seems to imply that there's a separate ephemeral private key	17:18
slangasek	yes	17:18
slangasek	I know that there /is/ such an ephemeral private key, I just forgot how it was being used	17:19
slangasek	so I guess the only thing is to make sure MokManager.efi ends up in the right place on the disk	17:19
cjwatson	So have shim spit out a raw-uefi object in its build and suck the signed object into shim-signed, I guess	17:19
stgraber	ah, ephemeral private key used to sign MokManager.efi with the public half in the valid key list in shim would do the trick too, then we don't need to do anything with the resulting .efi	17:19
sergiusens	cjwatson: well if you own it I'm confident I can track the blueprint for click... not worried on who actually ends up doing the grunt work, just where I'm supposed to be looking at	17:19
slangasek	stgraber: right, that seems to be how it's already wired up	17:20
cjwatson	Unless it must be a separate key rather than the Ubuntu one	17:20
slangasek	cjwatson: it doesn't /have/ to be a separate key, but the shim build already spits it out signed by the ephemeral key, so maybe that's simpler than resigning with the Ubuntu key?	17:20
cjwatson	slangasek: Oh, right, even easier than	17:21
cjwatson	*then	17:21
cjwatson	sergiusens: I plan to get it done this coming week, one way or another	17:21
=== jelmer_ is now known as jelmer
=== wedgwood is now known as wedgwood_away
=== wedgwood_away is now known as wedgwood
* tedg is back		18:43
tedg	cjwatson, mdeslaur, yeah the apps on the launcher would be in account service.	18:43
tedg	But I'm not sure that means you need the desktop files if they were created in the user's home directory.	18:44
tedg	For instance, we could pull the data out of /opt	18:44
=== roaksoax_ is now known as roaksaox
=== roaksaox is now known as roaksoax
=== chiluk` is now known as chiluk
Kaleo	Trevinho: any news on https://bugs.launchpad.net/ubuntu-ui-toolkit/+bug/1180402 ?	19:33
ubottu	Launchpad bug 1180402 in Ubuntu UI Toolkit "qmlscene based apps are not recognised as separate apps by Unity (launcher and alt-tab)" [High,Confirmed]	19:33
=== seb128_ is now known as seb128
=== bschaefer_ is now known as bschaefer
apachelogger	are there any plans to push alsa* 1.0.27 into saucy?	21:01
jdstrand	sbeattie: what are your thoughts on moving /etc/apparmor.d/abstractions/ubuntu-sdk-base out of apparmor and into apparor-easyprof-ubuntu?	21:38
jdstrand	sbeattie: (I would do it, just wondering what you think)	21:39
jdstrand	sbeattie: another thought is to remove /etc/apparmor.d/abstractions/ubuntu-sdk-base and support abstractions in easyprof	21:40
sbeattie	jdstrand: what do you mean by support abstractions in easyprof?	21:41
jdstrand	sbeattie: I think in the short term moving the abstraction out to apparmor-easyprof-ubuntu makes some sense. I think easyprof support for abstractions needs thought	21:41
sbeattie	I'm okay with moving it.	21:41
jdstrand	sbeattie: something like /usr/share/apparmor/easyprof/abstractions(\|vendor/version)	21:42
jdstrand	sbeattie: the other option is to just treat policygroups like abstractions	21:42
jdstrand	sbeattie: I'm just thinking that the ubuntu-sdk-base abstraction will likely needed frequent updates	21:43
sbeattie	ah, that was the question I was just forming, was how you see them as different...	21:43
jdstrand	maybe it is easier to shove them all into a policygroup and be done with it	21:43
jdstrand	we'll get versioning for free then	21:44
sbeattie	hrm, so that's a lifecycle question. as we iterate on policygroups and other easyprof bits, the generated policies will need to be updated.	21:44
sbeattie	not just when the click package is initially installed	21:44
jdstrand	sbeattie: yes, but that is different from what I am asking	21:44
jdstrand	I added a work item to figure that out	21:44
jdstrand	oh, I see what you mean	21:45
jdstrand	if it is in an abstraction, we get reload for free	21:45
sbeattie	well, almost for free, but yes.	21:45
jdstrand	hmm	21:45
sbeattie	(modulo when policy is reloaded versus the easyprof package upgrade)	21:46
jdstrand	so, I figured we would have some sort of a hook that when apparmor-easyprof-ubuntu is updated, it would regenerate the policy	21:47
jdstrand	(so we would have similar behavior as with apparmor upgrades)	21:47
jdstrand	that is actually somewhat complicated	21:48
jdstrand	cause of the readonly image	21:48
sbeattie	yeah. hrm.	21:49
jdstrand	well, I knew that was a complicated question, which is why I added a work item	21:49
jdstrand	let's punt for now	21:49
jdstrand	we can assume we have to be able to regenerate policy	21:49
jdstrand	for when we update policy groups, etc	21:49
jdstrand	so, pretend we are in a magical land where we have that	21:50
sbeattie	alright. anyway, I have no issue with moving the abstraction to the ubuntu-easyprof package in the short term.	21:50
jdstrand	sbeattie: right, but considering the magical land, does it make sense to just put it in a policygroup and remove the ubuntu-sdk-base abstraction?	21:51
jdstrand	I think it does	21:51
sbeattie	does easyprof support having a template incorporate a policygroup automatically?	21:52
sbeattie	(I don't think so, but I'm not that versed in the details)	21:52
sbeattie	It would be nice to have all the ubuntu-sdk templates (assuming qml, html5, etc get different templates) get a common base level of ubuntu-sdk policy without having to repeat themselves.	21:54
jdstrand	sbeattie: not in the way you are thinking. but there are two ways of dealing with that: use a non-magicpath #include and just having the sdk pre-fill in templates	21:55
jdstrand	sbeattie: s/templates/policygroups/	21:55
jdstrand	ie, user doesn't pick those	21:55
sbeattie	yeah, fair point.	21:56
jdstrand	sbeattie: so, right now, I was thinking put all of ubuntu-sdk-base into qmlscene	21:56
jdstrand	but I could also just add a sdk-base policy group	21:56
jdstrand	sbeattie: this all came about because I was thinking about how fast I am updating this policy	21:57
jdstrand	sbeattie: then it occurred to me, we will have versioned policy for templates and policygroups, but it will depend on non-versioned abstractions	21:58
jdstrand	and that seemed like it would get messy quickly	21:58
jdstrand	I'm not super-keen on an absolute path for an #include	21:59
jdstrand	cause while unlikely to be a maintenance problem, it seems possible	21:59
sbeattie	yeah. I think when I drew up the sdk-base abstraction, I was trying to leave open the possibility that we moved to a different interpreter than qmlscene, but I probably wasn't very fastidious about that.	22:00
jdstrand	sbeattie: but as it is witht he email I sent to the SDK team/ubuntu-devel@, I recommended the sdk just add qmlscene to the manifest file automatically	22:00
sbeattie	and I think the stuff I had pulled out was common to qmlscene and the other interpreter I was playing with.	22:01
jdstrand	sbeattie: well, I think your instinct was correct-- it is how we profile after all and I certainly didn't think anything of it until recently	22:01
jdstrand	I see	22:01
jdstrand	well, so we can have an sdk-base policy group, and the SDK can add both sdk-base and qmlscene	22:01
sbeattie	that works for me.	22:02
jdstrand	I figure the SDK will do that sort of thing a lot once it gets smart	22:02
jdstrand	it will pick qmlscene-sqlite automatically for regular QML apps and qmlscene-webview for html5	22:02
jdstrand	ok, I'll do that then	22:03
jdstrand	sbeattie: (add sdk-base as a policy group)	22:03
sbeattie	jdstrand: excellent, thanks!	22:03
jdstrand	I'll update the man pages/docs/etc too	22:03
=== salem_ is now known as _salem

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!