fgimenezgood morning08:07
Sam_First time to be here, hello everyone.08:36
=== joc|away is now known as joc_
clobranogood morning09:26
clobranois there any snap available for the network manager?09:26
JamesTaitGood morning all; happy Tuesday, and happy Sandwich Day! 😃10:18
=== fgimenez__ is now known as fgimenez
mvojdstrand: I started with the snappy policygen --compare branch, just a quick question about apparmor_profile - p - I understand that I need to take the old policy, write the new policy to a tempfile and then run both of them via apparmor_profile -p and compare if they are still identical?11:29
=== chihchun_afk is now known as chihchun
=== lool- is now known as lool
=== rickspencer3_ is now known as rickspencer3
=== Guest42341 is now known as QUESTION
=== QUESTION is now known as omgCATS
balloonselopio, fgimenez all ready for http://summit.ubuntu.com/uos-1511/meeting/22623/testing-snappy/?14:11
elopioballoons: all ready.14:12
fgimenezballoons, elopio yep, ready :)14:12
balloonselopio, fgimenez and you know how to setup the hangout and everything right14:16
=== mwenning is now known as mwenning-wfh
elopioballoons: yes, no problem with that.14:42
mvojdstrand: I looked at apparmor_parser -p again and I think I need a hand. it seems in order for this to work I would have to store something (hash?) of the flattended profile at profile generation time. and then compare the stored hash with a hash of apparmor_profile -p tmp_new_profile (?)14:58
ogra_http://summit.ubuntu.com/uos-1511/meeting/22623/testing-snappy/ will soon be  on air ....15:10
jdstrandmvo: re apparmor_parser -p, yes you are right. I don't think we want to do anything expensive though-- perhaps just apparmor_parser -p after install and save that off somewhere, then we can do a diff /saved/off /tmp/new || updateStuff15:23
jdstrandmvo: we should probably think about that a bit15:24
mvojdstrand: ok, easy enough to add later I assume15:26
jdstrandmvo: well, yes and no. we have to deal with the apparmor package updates that have changes to the abstractions.15:27
jdstrandwe could just unconditionally invalidate everything15:28
jdstrandwhich is basically what happens now, but that has always been a pain point15:28
mvojdstrand: I mean we can add it later this week :)15:28
jdstrandmvo: fyi, I looked at your first patch yesterday and I thought it looked good. I didn't do more than read it yet15:29
mvojdstrand: or next week, I mean when you have time to guide me15:29
jdstrandmvo: the main thing is I want it clean and it needs to be a cheap check15:29
jdstrandmvo: on personal people easily have 100 profiles15:30
jdstrandmvo: but, we do have a cheap check by storing off the version-- if the version didn't change, avoid everything15:31
jdstrandif it did change, then we try the regenerated policy, then if that is the same, try the -p15:31
mvojdstrand: hm, what exactly is "version"?15:33
mvoin this context15:33
mvojdstrand: tell me if you don't have time, we can talk later of course15:33
jdstrandmvo: sorry, I got pulled away. in a meeting now, but will respond16:46
mvojdstrand: thanks16:46
jdstrandmvo: cheap check for storing off the version> I was talking about in the card where I talk about saving the version of apparmor and ubuntu-core-security* that are installed16:46
jdstrandmvo: if none of them change, do nothing16:47
mvojdstrand: I pushed a --regenerate-all branch now too, some feedbcak would be great, need to add some tests, then it should be good to know and I'm keen to hear what is missing before we can replace the current aa-clickhook16:47
mvojdstrand: aha, storing the package versions? that makes sense16:47
jdstrandmvo: if they do change, do the --compare16:47
jdstrandmvo: and then update the 'versions file'16:47
mvojdstrand: I thought we would do the --regenerate-all on each boot, no?16:47
jdstrandmvo: well, it depends on what it does. these things can affect boot speed and we have a number of checks today to not affect boot speed unless we have to16:48
jdstrandmvo: so I didn't want to regress on that16:49
jdstrandmvo: without looking at your branch, if it were smart enough, '--regenerate-all --compare' could be done on every boot16:49
mvojdstrand: right, so it will create a temp profile for each snap, cmpare with the installed one and re-generate for real if they are different16:49
jdstrandmvo: right16:50
mvonot sure how slow that is though16:50
jdstrandmvo: we need to be thinking about potentially hundreds of profiles16:50
jdstrandmvo: which is why I wanted that cheap check too16:50
jdstrandmvo: only run --regenerate-all --compare only if the system policy changed16:51
mvojdstrand: right, so i can add this and only call --regen is the versions of apparmor and ubuntu-core-security** change16:51
jdstrandthat sounds good16:51
mvojdstrand: that is what you mean I assume?16:51
mvojdstrand: cool, I will work on this next16:51
jdstrandmvo: btw, thanks you so much for helping out with all this :)16:51
mvojdstrand: oh, thank you! and I can't wait to hear what else is missing before we can enter the brave-new-world16:52
jdstrandmvo: I'm finding it difficult to review these in a timely fashion between the sprint and UOS, but know I will get to it :)16:53
jdstrandmvo: (or put another way, the patches are coming in faster than I can review them atm, but I will get to them :)16:55
mvojdstrand: no worries, I know how it is16:55
mvojdstrand: even tiny reviews (like general direction looks valid) are useful. or your suggestion to use the version-compare to speed stuff up. and of course what else is missing :)16:56
mvojdstrand: I can ask other people like Chipaca (sorry!) to do the in-depth code review16:56
jdstrandmvo: ok, cool. keep firing questions at me and I'll respond as quickly as I can :)16:56
mvojdstrand: anyway, I get dinner now, thanks for your help and keep me updated about your findings16:57
jdstrandmvo: unfortunately I had a meeting conflict with the frameworks UOS session17:36
=== Ursinha is now known as Ursinha-afk
tedgmterry: we were talking a bit about manifest.txt and the packages in there, where is that list from? Just the ubuntu-core packages?19:00
tedgWe were thinking it made sense to reduce the set some.19:00
tedgSpecifically to drop libstdc++, but perhaps others as well.19:00
ogra_tedg, http://cdimage.ubuntu.com/ubuntu-core/daily-preinstalled/current/ ?19:01
tedgogra_: very close: https://github.com/ubuntu-core/snapcraft/blob/master/snapcraft/manifest.txt19:02
tedgmterry: Not sure if you saw my ping (or were trying to avoid it ;-) )19:03
mterrytedg, no I didn't see it!19:03
tedgmterry: we were talking a bit about manifest.txt and the packages in there, where is that list from? Just the ubuntu-core packages?19:03
tedgWe were thinking it made sense to reduce the set some.19:04
tedgSpecifically to drop libstdc++, but perhaps others as well.19:04
mterrytedg, you're talking in terms of deb2snap?19:04
tedgmterry: Initially, but today snapcraft: https://github.com/ubuntu-core/snapcraft/blob/master/snapcraft/manifest.txt19:05
mterrytedg, my IRC connection is crap today.  "you're talking in terms of deb2snap?"19:07
tedgmterry: Initially, but today snapcraft: https://github.com/ubuntu-core/snapcraft/blob/master/snapcraft/manifest.txt19:07
mterrytedg, oh yeah!  That was just a copy of ubuntu-core at the time.  It was a shortcut to a more dynamic solution19:08
tedgmterry: Do you have a specific reason for particular packages?19:08
mterrytedg, I don't *think* I edited the list19:09
tedgmterry: Okay, we didn't know how much experience and pain was involved :-)19:09
mterrytedg, no, and my intent was eventually to make it targetted (like if snapcraft can say "make me a snap for 15.04" we'd get the manifest for 15.04).  But yeah, short term I just copied the manifest.txt19:10
tedgmterry: I think that long term it shouldn't matter, the only thing you pull in is bash and libc, eh?19:11
mterrytedg, well if my snap uses libudev1 and snappy 16.10 uses libudev2, snapcraft needs to know that it can't depend on it from the system anymore and bundle it19:12
mterry(or just build for libudev2)19:12
mterry(or just always bundle it)19:13
tedgmterry: I think we want it to bundle always19:13
mterrytedg, OK then you want to probably modify manifest.txt to the actual promised "always-there" libraries that Snappy promises19:13
tedgmterry: Okay, I don't think we've explicitly said which, but I think generally it's "not much"19:14
mterrytedg, which is not something I was aware we had a list of -- what sort of promises we make to snaps19:14
tedgThe one that is killing today is the GCC migration.19:14
tedgFor C++19:14
mterrytedg, well exactly -- even stuff we would have though would never change sometimes change  :)19:14
tedgelopio: is there a way to build all the examples?20:22
tedg(in snapcraft)20:22
asacstgraber: i vaguely recall seeing a busybox image you put out when I tested lxd ... do you have pointer to that again? how is that build?20:28
stgraberlxd-images import busybox --alias busybox20:29
stgraberassuming that you do have the busybox binary on your system as it builds it from your local system20:29
ogra_that will likely only get you the initramfs busybox20:29
ogra_(which is cut down)20:30
stgraberit's looking for /bin/busybox specifically so if it doesn't exist, it'll fail to create the busybox image20:31
stgrabernote that we only really have this for our own testsuite's use and it's going away in 16.04, so not something we really support (busybox hardly counts as a Linux distro) :)20:31
ogra_oh, i know embedded people that would disagree with that statement :)20:32
stgraberI guess you can turn it into some kind of distro with a fair amount of shell script added on top, but with just the busybox binary, you get a mostly broken init system (doesn't handle all signals properly) which doesn't even bring up network for you20:33
asacstgraber: oh... thought you had an image for download20:33
stgrabernah, busybox is specifically used in environments where we can't download stuff or where we shouldn't (our testsuite)20:34
asachmm. lxd wasnt SRUed to 14.04 yet it seems :)20:35
ogra_yeah, i noticed that today too :(20:36
asachah ... so i am not alone running LTS :)20:36
ogra_my desktop always runs lts ... my laptop always latest release20:36
stgraberit's in backports20:38
stgraberapt-get -t trusty-backports install lxd20:38
ogra_who uses that !20:38
asacyeah thats kind of same as ppa20:38
asacdoes it work on 3.13?20:38
stgraberit does20:38
ogra_sigh ... i wasted my whole day trying to get live-build to behave20:38
ogra_another build failure and i'm out of ideas20:38
asacogra_: its not wasted... now you know what you tried did not work :)20:39
ogra_asac, i'm poking in the dark here20:39
asacogra_: do you have a busybox image? :)20:39
ogra_if i do exactly the same steps in a local chroot everything is fine ... if i run them under live-build the env is somehow so garbled up that the kernel package doesnt generate its initrd20:40
ogra_asac, heh, no20:40
ogra_stgraber, what do you use for these lxd images ?20:40
ogra_to create them i mean20:41
stgraberogra_: "import ubuntu" uses cloud images. "import busybox" just takes your local busybox and dumps it into a tarball along with a few symlinks20:41
ogra_and how are these cloud images created ?20:42
* ogra_ is desparately looking for a way away from live-build ... its such a pain20:42
ogra_oh man !21:03
* ogra_ slaps forehead21:04
elopiotedg: the examples plainbox suite is doing that. But in the end is a for calling snapcraft build on each dir.21:53
tedgelopio: Oh, I just added a shell script21:54
elopiotedg: that might be useful.21:55
elopiotedg: Take a look at ./runtests.sh plainbox examples21:55
tedgelopio: Ah, basically the same thing.21:57
tedgI like to say mine thinks outside the box though ;-)21:57
elopiotedg: of course, yours is unique and special ;)21:58

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!