| === JanC_ is now known as JanC | ||
| ccfiel | hello | 02:02 |
|---|---|---|
| ccfiel | silence :) | 02:02 |
| kyrofa | ccfiel, hey there :) | 02:03 |
| ccfiel | hello kyrofa! :) | 02:03 |
| ccfiel | kyrofa, have you used snappy? :) | 02:03 |
| kyrofa | ccfiel, indeed I have | 02:03 |
| ccfiel | kyrofa, in what application? if you dont mind :) | 02:04 |
| kyrofa | ccfiel, of course not. Well, first of all, I work on it. Snapcraft in particular. I've also packaged a few different things, such as a PiGlow service for the raspberry pi 2 and ownCloud | 02:06 |
| ccfiel | kyrofa, I am still a newbe here still teting the example. I just wondering is ubuntu core read only OS and you snap application on it? | 02:08 |
| kyrofa | ccfiel, not really, things are just really confined. Parts of it are read-only since snaps are packaged with squashfs | 02:09 |
| kyrofa | ccfiel, each snap has a few different directories where they can write | 02:10 |
| kyrofa | Those directories are specific to that snap and no other snap can write to/read from them | 02:11 |
| ccfiel | kyrofa, oh i see because for now I have a raspberry pi with raspbian on it and monitoring some sensors. Its running great but one issue I encounter is if there is a power outage sometime the system corrupt I have to get a monitor and keyboard to fix it. | 02:11 |
| ccfiel | kyrofa, would it solve this in ubuntu core? :) | 02:12 |
| ccfiel | kyrofa, am i in the right track? | 02:12 |
| kyrofa | ccfiel, I guess that depends on what exactly the problem is. What is getting corrupted? How do you go about fixing it? | 02:12 |
| ccfiel | kyrofa, just a simple fsck and done | 02:13 |
| kyrofa | ccfiel, ah, so the filesystem itself. Honestly I'm not sure if that's a problem you'd run into with ubuntu core | 02:13 |
| kyrofa | ccfiel, I know the guy I'd ask, but he's in germany and is thus likely asleep | 02:14 |
| ccfiel | kyrofa, I was reading the site and documents it claims ubuntu core/snappy is for loT so if you have a device that is loT it should be like an appliance and should behave like one :) | 02:15 |
| kyrofa | ccfiel, indeed. Such checks may be run on boot, but I'm not sure | 02:16 |
| ccfiel | kyrofa, if ubuntu core is like our phone that the main OS core is readonly and the application is sandbox then this will be my solution :) | 02:18 |
| ccfiel | kyrofa, I tried the sample snapcraft i tried "snapcraft stage" it works successfully but there no .snap file. I tried "snapcraft assemble" it always says FileExistsError: [Errno 17] File exists: '/home/ccfiel/snappy/snapcraft/examples/mosquitto/snap/meta/' | 02:44 |
| ccfiel | any ideas? | 02:44 |
| kyrofa | ccfiel, try `snapcraft clean` and then simply run `snapcraft` | 02:45 |
| ccfiel | kyrofa, still the same error :( | 02:48 |
| kyrofa | ccfiel, so when you run `snapcraft clean` that entire `snap` folder should be gone, yes? | 02:49 |
| ccfiel | kyrofa, yes it has | 02:50 |
| kyrofa | ccfiel, pastebin the log for me | 02:50 |
| ccfiel | kyrofa, http://pastebin.com/hqMxhiUX | 02:53 |
| stgraber | jdstrand: can you review the lxd I uploaded in the store this morning when you have a moment? thanks | 02:54 |
| ccfiel | kyrofa, what version snapcraft are you using? | 03:11 |
| kyrofa | ccfiel, 2.5 here, the example works for me. How about you? | 03:12 |
| ccfiel | kyrofa, my version 1 I think this is the problem | 03:14 |
| ccfiel | kyrofa, what ppa did you used? :) | 03:15 |
| ccfiel | and version of your ubuntu? | 03:15 |
| kyrofa | ccfiel, perhaps you're running on too new of an example. Make sure you're using the ones from here: https://github.com/ubuntu-core/snapcraft/tree/1.x/examples | 03:15 |
| kyrofa | Or apt-get install snapcraft-examples and use those | 03:15 |
| kyrofa | ccfiel, xenial, no PPA necessary | 03:15 |
| ccfiel | kyrofa, is xenial stable to used? | 03:16 |
| kyrofa | ccfiel, I actually run trusty. My xenial stuff is all lxc | 03:16 |
| ccfiel | kyrofa, thanks for tips :) | 03:18 |
| kyrofa | ccfiel, sure thing :) | 03:18 |
| kyrofa | ccfiel, bed time for me, so good luck! | 03:19 |
| ccfiel | kyrofa, thanks! | 03:20 |
| === chihchun_afk is now known as chihchun | ||
| === chihchun is now known as chihchun_afk | ||
| === chihchun_afk is now known as chihchun | ||
| === chihchun is now known as chihchun_afk | ||
| === chihchun_afk is now known as chihchun | ||
| === chihchun is now known as chihchun_afk | ||
| === chihchun_afk is now known as chihchun | ||
| dholbach | good morning | 08:11 |
| asac | ogra_: did you ever snapcraftify a simple ftp server? | 08:27 |
| asac | ogra_: or even better a postfix/procmail/fetchmail/some-imap solution :) | 08:28 |
| noizer | Good morning | 08:33 |
| ogra_ | asac, nothing that needs user management yet, since that needs special setup (a db or something) | 09:40 |
| ogra_ | (also snappy is changing way to much still, i cant re-do my mailserver every two weeks because the scurity model changed) | 09:41 |
| asac | ogra_: i would be happy with unconfined for my personal vendor pi2 :P | 09:42 |
| asac | for now | 09:42 |
| asac | anyway, let me put my webserver and ftp server in one snap for now | 09:42 |
| ogra_ | even unconfined you have the issue that you need user mgmt | 09:42 |
| asac | so i can use my scanner again :) | 09:42 |
| asac | whats a good ftpd that is easy to run? | 09:42 |
| ogra_ | vsftpd ? | 09:42 |
| asac | saw most use xinetd | 09:42 |
| asac | is that a simple daemon? | 09:42 |
| ogra_ | nah, most of them *can* use inetd :) | 09:42 |
| asac | hmm. dont think my scanner can do sftp | 09:42 |
| asac | ok so guess i have to put inetd in and put special config up | 09:43 |
| ogra_ | (doesnt mean you need to) | 09:43 |
| asac | well, they dont have daemon commands... at least the ones i tried just exited | 09:43 |
| ogra_ | feel free to grab some ideas from http://bazaar.launchpad.net/~ogra/+junk/upnp-server/files | 09:43 |
| asac | guess if there is non i can just get the most simplest i can find | 09:44 |
| ogra_ | (not up to date wrt interfaces) | 09:44 |
| asac | non that can run daemon itself | 09:44 |
| * asac checks | 09:44 | |
| asac | lighthttp is surely in the mix for my goal | 09:44 |
| ogra_ | see the readme | 09:45 |
| asac | wow, serious copy plugin usage | 09:46 |
| ogra_ | sqlite needs some special treatment ... either you patch it (like i do there) or you allow all of fchown in the security settings | 09:46 |
| asac | thats the fchown pathc? | 09:47 |
| asac | yeah. can we land that in archive? | 09:47 |
| asac | at least the one gave to a partner back then felt just right (TM) | 09:48 |
| ogra_ | well, jamie wanted that upstream fixes it | 09:48 |
| ogra_ | (there was a ML discussion) | 09:48 |
| asac | so we rather keep sqlite not working for snaps from archive? | 09:48 |
| asac | well, he didnt see the patch | 09:48 |
| asac | do you have yours? | 09:48 |
| ogra_ | well, i thinnk the long term plan was to simply allow fchown | 09:48 |
| asac | want to see if its the same | 09:48 |
| asac | sure, long term is not 16 | 09:48 |
| kyrofa | Good morning | 09:49 |
| asac | and sqlite definitely should just work from archvie imo | 09:49 |
| ogra_ | it in the tree ;) | 09:49 |
| asac | too many folks use it | 09:49 |
| ogra_ | http://bazaar.launchpad.net/~ogra/+junk/upnp-server/view/head:/sqlite.patch | 09:49 |
| asac | ah ok | 09:49 |
| asac | yours is ugly | 09:49 |
| asac | let me find mine :) | 09:49 |
| asac | that is safe | 09:49 |
| ogra_ | heh, i really didnt care :) | 09:49 |
| ogra_ | it works :) | 09:49 |
| asac | right. i am sure noone will resist from landing my just in archive | 09:49 |
| ogra_ | yeah, i never wanted to do something archive worthy :) | 09:50 |
| asac | right my patch is not in patch form, but its: | 09:50 |
| asac | return osGeteuid() ? 0 : osFchown(fd,uid,gid); -> return osGeteuid() || osGeteuid() == uid ? 0 : osFchown(fd,uid,gid); | 09:50 |
| asac | which is simply correct | 09:51 |
| asac | e.g. if you are already root, no need to try to become root | 09:51 |
| * asac creates a real patch | 09:51 | |
| ogra_ | right, yu kill the function, i kill the executions | 09:51 |
| asac | well, i fix the logic to avoid a no-op call | 09:52 |
| asac | which triggers our confinement barrier | 09:52 |
| asac | and all is clean and fine | 09:52 |
| asac | for everyeone with this | 09:52 |
| ogra_ | sumbit it then :) | 09:52 |
| asac | yet producing it now | 09:52 |
| ogra_ | (though we are in hard freeze atm, might take a while to land) | 09:53 |
| * asac installs quilt | 09:53 | |
| asac | yeah, better late than never | 09:53 |
| ogra_ | ppisati, sooo ... thats where i ended yesterday ... http://paste.ubuntu.com/15473201/ | 09:54 |
| asac | ogra_: do we have a bug? | 09:54 |
| asac | that i can ref in the patchname | 09:54 |
| ppisati | ogra_: that doesn't look good :) | 09:54 |
| ogra_ | ppisati, it stops there, heartbeat stops after a while, but funnily my cursor keeps blinking ... | 09:55 |
| ppisati | ogra_: uhm | 09:55 |
| ogra_ | (usually the cursor freezes along with the board) | 09:55 |
| ppisati | ogra_: yep | 09:55 |
| ppisati | ogra_: i'm thinkg about the serial changes they made on the raspi3 | 09:55 |
| ogra_ | i have some suspicion that the initrd overwrites the dtb at 0x02000000 | 09:55 |
| ogra_ | hmm | 09:55 |
| ogra_ | wouldnt it keep booting if it was just the serial ? | 09:56 |
| ppisati | ogra_: yes, indeed you say heartbeat goes on for a bit | 09:56 |
| ppisati | ogra_: maybe it hangs later on | 09:56 |
| ppisati | ogra_: i would try first without initrd | 09:56 |
| ogra_ | while uboot runs | 09:56 |
| ogra_ | how would i do that ... its snappy :P | 09:57 |
| ogra_ | ah, well, i could see some kernel output indeed | 09:57 |
| ppisati | ogra_: manually, stop uboot and try to load manually kernel and point the dtb | 09:57 |
| ppisati | just to see if serial is ok | 09:57 |
| ppisati | right | 09:57 |
| ogra_ | there is something not right with serial in general ... uboot copy/paste ends up with garbage | 09:58 |
| ogra_ | whilch makes editing long lines really hard (and indeed the snappy scripts are all long lines :P) | 09:58 |
| ppisati | ogra_: are you aware of the changes they made to the serial in the raspi3? | 09:58 |
| ogra_ | i only saw the changelog entry | 09:59 |
| ppisati | ogra_: they connected the only real serial to the blueooth dongle | 09:59 |
| ogra_ | ouch | 09:59 |
| ppisati | ogra_: ok, let me give you some background info | 09:59 |
| ppisati | ogra_: by defaukt the serial is a sw serial that is affected by the frequency of core | 09:59 |
| ogra_ | ah, thats why you force the 250 in your config.txt ? | 10:00 |
| ppisati | ogra_: yep | 10:01 |
| ogra_ | btw ... no change without inittrd, so my theory doesnt fly | 10:01 |
| ppisati | ogra_: and i did some other changes | 10:01 |
| ppisati | ogra_: let me check my board | 10:01 |
| ogra_ | ppisati, just to make sure, i'm using the latest raspi2 4.4 kernel from the archive here | 10:13 |
| ppisati | ogra_: i'm doing an upgrade on my raspi3 as we speak | 10:13 |
| ogra_ | oh, you had an older kernel in use ? | 10:14 |
| kyrofa | ogra_, is there any way to generate an image with swap enabled? | 10:17 |
| FJKong | /join #ubuntu-sdk | 10:17 |
| ppisati | ogra_: no, actually i had a newer :) | 10:18 |
| ogra_ | kyrofa, nope, that would need some hackery (at least in the initrd when we generate the fstab) ... file a bug, we can make it a cmdline option ;) | 10:19 |
| ogra_ | (thought perhaps we should have a mail discussion first ... if we want to allow swap at all) | 10:19 |
| ogra_ | ppisati, hah ! | 10:20 |
| kyrofa | ogra_, alright I'll shoot one out, thanks! To be clear, when you say cmdline option, which component are you referring to? | 10:21 |
| ogra_ | kernel cmdline | 10:21 |
| kyrofa | Ah okay | 10:21 |
| ogra_ | swapdevice=/dev/foobar0p1 | 10:21 |
| kyrofa | Gotcha | 10:21 |
| ogra_ | and perhaps "swapfile=/path/to/file" | 10:21 |
| ogra_ | that would get you a long first boot though | 10:22 |
| ogra_ | (cant create swapfiles fast) | 10:22 |
| kyrofa | Does it create the swapfile? | 10:22 |
| kyrofa | Ah, no fallocate eh? | 10:22 |
| ogra_ | well, it needs to be filled with actual zeros ... you cant create a sparse file | 10:22 |
| ogra_ | if we have swapfile we also need swapfilesize | 10:23 |
| kyrofa | ogra_, I've used that successfully in the past for a swapfile. Did I just get lucky? | 10:23 |
| ogra_ | oh ? | 10:23 |
| ogra_ | perhaps mkswap got clever ... usually you cant create a file with holes | 10:23 |
| kyrofa | ogra_, yeah, fallocate, mkswap, swapon. Works for me | 10:24 |
| kyrofa | Now I'm curious about that | 10:24 |
| ogra_ | oh | 10:24 |
| ogra_ | i didnt know about fallocate ! | 10:24 |
| ogra_ | how could i not ! | 10:25 |
| * kyrofa taught ogra_ something. I'm calling it a day | 10:25 | |
| * ogra_ is hardcore dd user if it comes to img files :P | 10:25 | |
| asac | ogra_: how do i go about propsing https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1560899 aws something considerable for landing after beta freeze? | 10:25 |
| ubottu | Launchpad bug 1560899 in sqlite3 (Ubuntu) "sqlite triggers syscall error if run as root in snappy default confinement (fchown not allowed)" [Undecided,New] | 10:25 |
| * asac forgot the process, who to subscribe etc. | 10:25 | |
| asac | :( | 10:26 |
| * asac old guy | 10:26 | |
| ogra_ | https://wiki.ubuntu.com/FreezeExceptionProcess | 10:26 |
| ppisati | ogra_: nope, it works... | 10:26 |
| ppisati | ogra_: do you have an image that i can dd and debug here? | 10:26 |
| ogra_ | ppisati, what exactlöy ? | 10:26 |
| ppisati | ppisati: the latest raspi2 kernel | 10:26 |
| ogra_ | hmpf ... my SD is 128GB ... and already resized (and i'm working on the SD) | 10:27 |
| ogra_ | but technically you shoudl be fine with the boot partition ... one sec | 10:28 |
| ppisati | ogra_: so, the difference might be in cmdline.txt / bootargs | 10:28 |
| ppisati | or what else? /me thinking... | 10:29 |
| asac | ogra_: subscribed release... lets see if someone will pick it up | 10:29 |
| asac | i will assign it to you for now :P | 10:29 |
| asac | j.k. | 10:29 |
| ogra_ | ppisati, http://people.canonical.com/~ogra/snappy/snappy-boot.img.xz and http://paste.ubuntu.com/15478441/ | 10:33 |
| * zyga looks at apparmor again | 10:54 | |
| ogra_ | ppisati, woah ... | 10:57 |
| ppisati | ogra_: ??? | 10:57 |
| ogra_ | it boots (totally broken, but i have output ) | 10:57 |
| ogra_ | i swear i have copied the same dtb ten times in place and it didnt work | 10:58 |
| ogra_ | ubuntu@localhost:~$ uname -a | 10:58 |
| ogra_ | Linux localhost.localdomain 4.4.0-1004-raspi2 #5-Ubuntu SMP Mon Mar 14 22:27:12 UTC 2016 armv7l armv7l armv7l GNU/Linux | 10:58 |
| ppisati | ogra_: your image indeed doesn't boot here | 10:58 |
| ppisati | ogra_: weird | 10:58 |
| ppisati | ogra_: bad sd maybe? | 10:58 |
| ogra_ | ppisati, copy the dtb from system-boot/canonical-pi2-linux.sideload_IPOcSSWBccOI.snap/dtbs/bcm2710-rpi-3-b.dtb to system-boot/ | 10:59 |
| ogra_ | then try again | 10:59 |
| ogra_ | but i have honestly done that ten times before and it didnt work | 10:59 |
| ppisati | md5 are indeed different | 11:01 |
| ogra_ | yes, i was switching between the upstream one and ours | 11:01 |
| ogra_ | hmm, reboot doesnt work | 11:01 |
| ogra_ | lets see if it boots again :) | 11:02 |
| ppisati | ahaha | 11:02 |
| ogra_ | it does ! | 11:03 |
| ogra_ | looks like we have an rpi3 image ;) | 11:03 |
| ppisati | cool | 11:03 |
| ogra_ | no wifi though :/ | 11:04 |
| ppisati | that something to investigate | 11:04 |
| ogra_ | i see the brcmfmac, cfg80211 and bcm2835_wdt modules loaded though | 11:05 |
| ogra_ | butu no device in /proc/net/dev | 11:05 |
| ogra_ | ppisati, we really need to quieten that FS2F driver ... that looks so scary | 11:07 |
| ogra_ | wo | 11:07 |
| ogra_ | w | 11:07 |
| ogra_ | ubuntu@localhost:~$ dmesg | 11:08 |
| ogra_ | dmesg: read kernel buffer failed: Operation not permitted | 11:08 |
| ppisati | nope, no wifi even on a normal ubuntu image | 11:08 |
| ppisati | i need to check upstream | 11:08 |
| ogra_ | brcmfmac_sdio mmc1:0001:1: Direct firmware load for brcm/brcmfmac43430-sdio.bin failed with error -2 | 11:08 |
| ogra_ | there you go | 11:08 |
| ogra_ | https://github.com/RPi-Distro/firmware-nonfree/blob/master/brcm80211/defines | 11:10 |
| ppisati | uri: http://git.kernel.org/?p=linux/kernel/git/firmware/linux-firmware.git | 11:11 |
| ppisati | sounds like it should be part of linux-firmware | 11:11 |
| ogra_ | yeah ... but /lib/firmware/brcm/ actually doesnt have that file | 11:12 |
| ogra_ | heh | 11:13 |
| ogra_ | http://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree/brcm doesnt either :P | 11:13 |
| ogra_ | lies ! | 11:13 |
| ogra_ | ah, well https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm has it ... says "added 27 days ago" | 11:14 |
| ogra_ | so its actually pretty new | 11:15 |
| ogra_ | wired network works well btw | 11:15 |
| * ogra_ installs webdm | 11:16 | |
| * ogra_ wonders what "shadowsocks" is | 11:17 | |
| ogra_ | oh, now reboot works too (from ssh this time ... seems the serial connection held it back last time) | 11:21 |
| ogra_ | pitti, :( | 12:11 |
| ogra_ | Mar 23 11:56:08 localhost systemd[1]: Starting Create Volatile Files and Directories... | 12:11 |
| ogra_ | Mar 23 11:56:08 localhost systemd[1]: Failed to start Create Volatile Files and Directories. | 12:11 |
| ogra_ | ubuntu@localhost:~$ ls -lh /etc/mtab | 12:11 |
| ogra_ | lrwxrwxrwx 1 root root 17 Mar 23 05:11 /etc/mtab -> /proc/self/mounts | 12:11 |
| ogra_ | so that didnt help | 12:11 |
| ogra_ | ppisati, yay ... and it boots fine on the pi2 too ! | 12:28 |
| ogra_ | i get no serial login prompt on the pi2 though ... thats a bit weird | 12:29 |
| ogra_ | mvo, please approve https://myapps.developer.ubuntu.com/dev/click-apps/4194/rev/5/ ... (gets us rpi3 support) | 12:33 |
| kyrofa | ogra_, are you going to merge rpi3 support into the rpi2 gadget in snappy-systems? | 12:53 |
| ogra_ | kyrofa, yes | 12:54 |
| ogra_ | (it just a newer uboot and firmware) | 12:54 |
| kyrofa | Awesome :) . Do you anticipate that landing soonish, or is there more work to be done on it? | 12:55 |
| ogra_ | i want to find out why i dont get a serial tty on the pi2 currently | 12:55 |
| ogra_ | once i have that fixed we'Re good to go i think | 12:56 |
| kyrofa | ogra_, ppisati great work you two! :) | 12:56 |
| ogra_ | kyrofa, http://people.canonical.com/~ogra/snappy/all-snaps/rpi3/gadget-snap.tgz for the imaptient ;) | 12:57 |
| ogra_ | *impatient | 12:57 |
| kyrofa | ogra_, nah, I'm not impatient. Just curious ;) | 12:58 |
| ogra_ | ah, i thougth you wanted to update the owncloud thingie | 12:58 |
| mvo | ogra_: approved | 12:58 |
| * ogra_ hugs mvo | 12:59 | |
| * mvo hugs ogra_ | 13:00 | |
| ogra_ | hmm, no serial console even if i completely drop console=tty1 | 13:01 |
| ogra_ | this is weird | 13:02 |
| ogra_ | really strange | 13:03 |
| kyrofa | ogra_, I do, but I don't want to jump the gun. It needs to work well on the rpi2 as well | 13:03 |
| kyrofa | ogra_, although as soon as the u-d-f --install thing works again, I'll probably stop using the owncloud gadget fork anyway | 13:04 |
| kyrofa | Which I guess is just waiting on the new ubuntu-core to make it to stable | 13:04 |
| ogra_ | yeah | 13:06 |
| ogra_ | ppisati, any idea abotu that serial thing ? | 13:08 |
| ogra_ | (i dont think it is critical, but a nice to have) | 13:11 |
| ppisati | ogra_: is the serial console the only missing piece? i mean, do you see the system booting? | 13:11 |
| ogra_ | ppisati, system boots fine i just dont get anything after "Starting kernel ..." ,,, if i set console=tty1 i get proper output on the monitor ... just nothing at all on serial (no login prompt) | 13:12 |
| === chihchun is now known as chihchun_afk | ||
| ppisati | ogra_: ok, then no output when kernel start | 13:13 |
| ogra_ | right | 13:13 |
| * ppisati thinks | 13:13 | |
| ogra_ | argh | 13:15 |
| ogra_ | now i accidentially dropped all console= args :P | 13:15 |
| ogra_ | heh | 13:15 |
| ogra_ | and it defaults to tty1 | 13:15 |
| ppisati | ogra_: might be uboot that is tailored for the raspi3, or (but i don't think so) the "core_freq=250" in config.txt | 13:16 |
| ogra_ | [ 0.103026] Serial: AMBA PL011 UART driver | 13:17 |
| ogra_ | [ 0.103379] 3f201000.uart: ttyAMA0 at MMIO 0x3f201000 (irq = 87, base_baud = 0) is a PL011 rev2 | 13:17 |
| ogra_ | the driver is fine at least | 13:17 |
| ppisati | first try to remove the core_freq option from config.txt | 13:18 |
| ppisati | if that doesn't fix it, i would try with a uboot.bin + uboot.env from the rpi2 image | 13:19 |
| ogra_ | well, but thats not what i'm after :) | 13:20 |
| ogra_ | same uboot for both boards :) | 13:20 |
| ppisati | ogra_: yeah, i know | 13:20 |
| ppisati | ogra_: but at least we find where the problem is | 13:20 |
| ppisati | ogra_: remebr that we are using a version of uboot that is not published by upstream anymore | 13:21 |
| ogra_ | well, it is clear that the difference is in uboot.bin | 13:21 |
| ogra_ | i dont get why systemd doesnt start a console ... | 13:21 |
| ogra_ | i think we can live without boot log output on serial | 13:22 |
| ogra_ | but a login console needs to work | 13:22 |
| ppisati | i think we should get both working | 13:22 |
| ogra_ | yes, but login is more important | 13:22 |
| ogra_ | err | 13:23 |
| ogra_ | Mar 23 13:21:18 localhost systemd[1]: Started Serial Getty on ttyAMA0. | 13:23 |
| ogra_ | Mar 23 13:21:18 localhost systemd[1]: Started Getty on tty1. | 13:23 |
| ogra_ | Mar 23 13:21:18 localhost systemd[1]: Reached target Login Prompts. | 13:23 |
| ogra_ | ubuntu@localhost:~$ ps ax|grep getty | 13:24 |
| ogra_ | 963 ? Ss+ 0:00 /sbin/agetty --keep-baud 115200 38400 9600 ttyAMA0 vt220 | 13:24 |
| ogra_ | 964 tty1 Ss+ 0:00 /sbin/agetty --noclear tty1 linux | 13:24 |
| ogra_ | ... | 13:25 |
| ogra_ | ubuntu@localhost:~$ ls -l /dev/ttyAMA0 | 13:25 |
| ogra_ | crw--w---- 1 root tty 204, 64 Mar 23 13:21 /dev/ttyAMA0 | 13:25 |
| ogra_ | btw, dropping the the option from config.txt doesnt change anything | 13:26 |
| ogra_ | hmm | 13:27 |
| ogra_ | <ogra_> [ 0.103026] Serial: AMBA PL011 UART driver | 13:27 |
| ogra_ | err | 13:27 |
| ogra_ | ppisati, did you try booting your image on a pi2 yet ? | 13:28 |
| ppisati | ogra_: i think i tried but i hit some problems | 13:35 |
| ppisati | ogra_: don't remember exctly | 13:35 |
| ppisati | let me try | 13:35 |
| * ogra_ sees init_uart_clock and init_uart_baud as config.txt options | 13:36 | |
| qengho | Have any of you had trouble with the dynamic linker inside a snap? I'm getting this. If I run the same code in the same place without the launcher wrapping it, it runs as expected. | 13:37 |
| qengho | """Inconsistency detected by ld.so: dl-open.c: 691: _dl_open: Assertion `_dl_debug_initialize (0, args.nsid)->r_state == RT_CONSISTENT' failed!""" | 13:37 |
| jdstrand | zyga: hey, note while you are looking at apparmor again, can you pull in the latest updates to ubuntu-core-security from trunk? | 13:37 |
| jdstrand | zyga: r209 for the default policy, but also the others if you already pulled them in somewhere (home, unity7, x, etc) | 13:39 |
| jdstrand | zyga: r209 is critical for landing | 13:39 |
| zyga | jdstrand: yep, can you file a bug on snappy and assign it to me so that we don't lose thise | 13:40 |
| jdstrand | zyga: is the default template change landed already? do you have the other interfaces landed? | 13:41 |
| zyga | what do you mean by default template change? | 13:41 |
| jdstrand | the apparmor generator that produces the default policy | 13:41 |
| jdstrand | did that land? | 13:41 |
| zyga | the answer is no, I guess, I will propose apparmor (and everything else) as soon as 702 lands | 13:42 |
| zyga | partially | 13:42 |
| zyga | I evolved that to the point where it's different ;) | 13:42 |
| jdstrand | does the partially part involve the actual policy? | 13:42 |
| jdstrand | I reviewed a PR for that, I don't know if it landed | 13:42 |
| zyga | jdstrand: yes but that has changed since | 13:42 |
| zyga | jdstrand: well, not the actual content there | 13:42 |
| zyga | jdstrand: so in any case, we'll have to sync that | 13:42 |
| jdstrand | zyga: what I'm getting at is if you just add me to a PR that touches that file, I'll remember. or I could do a PR, or a bug | 13:43 |
| jdstrand | tell me what is easiest for you and I'll do it | 13:43 |
| zyga | jdstrand: wait then | 13:43 |
| zyga | jdstrand: I'd love if you work on a PR instead but please wait for something else to land to do it, ok? | 13:44 |
| jdstrand | zyga: sure that's fine. note that if policy generation starts happening on the image without r209, apps won't start | 13:44 |
| zyga | jdstrand: (we're talking today) | 13:44 |
| zyga | jdstrand: with all the changes today I would be surprised if they did | 13:45 |
| jdstrand | heh | 13:45 |
| zyga | jdstrand: chipaca is landing snap revisions and snap IDs | 13:45 |
| zyga | jdstrand: we're aiming at end of the week/after long weekend for everything working again | 13:45 |
| zyga | jdstrand: (including interfaces) | 13:45 |
| jdstrand | well, I'd prefer my little corner wasn't the reason for that :) | 13:45 |
| jdstrand | just ping me and I'll do a PR | 13:45 |
| zyga | jdstrand: thanks, understood | 13:46 |
| ppisati | ogra_: same here | 13:56 |
| ppisati | ogra_: boots fine, but no output after uboot | 13:56 |
| ogra_ | k | 13:57 |
| ogra_ | ohm crap | 13:58 |
| ogra_ | i see it | 13:58 |
| ogra_ | 99 #ifdef CONFIG_BCM2837 | 13:58 |
| ogra_ | 100 #define CONFIG_BCM283X_MU_SERIAL | 13:58 |
| ogra_ | 101 #else | 13:58 |
| ogra_ | 102 #define CONFIG_PL01X_SERIAL | 13:58 |
| ogra_ | 103 #endif | 13:58 |
| ogra_ | pi2 uses the latter | 13:58 |
| ogra_ | i wonder if it explodes if i enable both | 13:59 |
| ppisati | uboot | 14:00 |
| ppisati | yeah, saw that | 14:00 |
| ogra_ | doesnt explode on the pi2 ... still boots | 14:01 |
| ogra_ | but no login prompt | 14:02 |
| ogra_ | bug 1556241 | 14:05 |
| ubottu | bug 1556241 in debian-installer (Ubuntu) "installer sets "iface encf5f0 inet dhcp" although a static IP address was preseeded" [High,Confirmed] https://launchpad.net/bugs/1556241 | 14:05 |
| AnInstanceOfMe | Hello all ... I've followed instructions here https://developer.ubuntu.com/en/snappy/build-apps/get-started/ to the letter (I'm running 16.04), but just get "Unable to locate package snappy-tools". I added the ppa as per that page - it complained about a weak digest. Any pointers? | 14:11 |
| kyrofa | AnInstanceOfMe, I'm afraid those docs are still a bit of a mix regarding 15.04/16.04 | 14:33 |
| kyrofa | AnInstanceOfMe, you don't need the PPA for xenial, and you should just install, say, snapcraft directory (e.g. sudo apt-get install snapcraft) | 14:33 |
| kyrofa | directly rather. Too many directories today | 14:33 |
| elopio | kyrofa: ping, meeting. | 14:34 |
| kyrofa | elopio, on my way, sorry | 14:35 |
| ogra_ | ppisati, no matter what i do or try i cant get the kernel spit out anything on serial (and i heavily mangled the uboot build config by now ... funnily i also dont seem to be abe to break it either :) | 14:36 |
| ogra_ | ppisati, i have a slight suspicion it is the dtb or kernel itself | 14:36 |
| AnInstanceOfMe | Right, thanks for that, no probs. | 14:37 |
| ppisati | ogra_: actually if i swap out the raspi2 uboot, it works | 14:42 |
| ogra_ | swap in you mean :) | 14:42 |
| ppisati | ogra_: yeah | 14:42 |
| ppisati | ogra_: seems like the serial is left in a incosistent state, and the kernel doesn't recover it | 14:42 |
| ppisati | let's dig some more | 14:43 |
| ogra_ | yeah | 14:43 |
| lool | jdstrand: heya | 14:55 |
| lool | jdstrand: we're trying to run /bin/ip from a snap and get a permission denied; I tried with security-template: unconfined and that didn't help, now I'm trying with read-paths: [/bin/ip], but surprizingly it didn't help either | 14:55 |
| lool | [Wed Mar 23 14:54:36 2016] audit: type=1400 audit(1458744876.069:79): apparmor=" | 14:56 |
| lool | STATUS" operation="profile_load" profile="unconfined" name="openswitch.sideload_ | 14:56 |
| lool | start-openswitch_IPUAXRQSfQNe" pid=1810 comm="apparmor_parser" | 14:56 |
| lool | [Wed Mar 23 14:54:40 2016] audit: type=1400 audit(1458744880.129:80): apparmor=" | 14:56 |
| lool | DENIED" operation="open" profile="openswitch.sideload_start-openswitch_IPUAXRQSf | 14:56 |
| lool | QNe" name="/bin/ip" pid=1826 comm="ops-init" requested_mask="r" denied_mask="r" | 14:56 |
| lool | fsuid=0 ouid=0 | 14:56 |
| lool | jdstrand: https://github.com/ops-snappy/ops-snappy/blob/master/snapcraft.yaml is the snapcraft def and I tried adding caps: [] and replacing security-template with read-paths, to no luck | 14:57 |
| joc_ | elopio: good morning leo, all the tests passed at last :) https://github.com/ubuntu-core/snapcraft/pull/364 | 14:58 |
| ogra_ | ppisati, http://paste.ubuntu.com/15480016/ (pi3) ... vs http://paste.ubuntu.com/15479995/ (pi2) | 14:58 |
| ogra_ | and in fact there is actually a ttyS0 device on the pi3 | 14:59 |
| * ogra_ wonders about "base_baud = 0" on the pi2 | 14:59 | |
| ppisati | ogra_: i've something different | 15:00 |
| ppisati | http://pastebin.ubuntu.com/15479739/ | 15:00 |
| ogra_ | well but you compare two different images | 15:01 |
| ppisati | ogra_: the difference is just in uboot at this point | 15:01 |
| ogra_ | i use the same image and compare it on both boards | 15:02 |
| ppisati | same bcm-bootloader and same kernel | 15:02 |
| ogra_ | right | 15:02 |
| ogra_ | nontheless, the pi3 expects a ttyS0 | 15:02 |
| ogra_ | http://paste.ubuntu.com/15480016/ | 15:02 |
| ogra_ | about 6 seconds into the boot it also enables the ttyAMA0 one | 15:03 |
| ogra_ | [ 6.967253] 3f201000.uart: ttyAMA0 at MMIO 0x3f201000 (irq = 87, base_baud = 0) is a PL011 rev2 | 15:03 |
| ogra_ | well, 7 rather | 15:03 |
| ogra_ | but the actual serial console seems to be on ttyS0 ... initialized around 4 sec | 15:04 |
| ppisati | iirc the console was being rewritten by the firmware | 15:04 |
| * ogra_ does a fresh clone ... lets see | 15:06 | |
| elopio | joc_: awesome! | 15:06 |
| elopio | sergiusens_, kyrofa: joc_'s pr is ready for a review. | 15:06 |
| ogra_ | iirc our issue with the upstream uboot was that we forgot sudo for mkknlimg | 15:06 |
| ogra_ | bah ... and the missing defconfig | 15:09 |
| kyrofa | elopio, this has happened twice now: http://162.213.35.179:8080/job/github-snapcraft-autopkgtest-cloud/244/console | 15:12 |
| kyrofa | (quota) | 15:12 |
| kyrofa | elopio, should I just keep trying, or is there a problem? | 15:13 |
| elopio | kyrofa: no, I need to delete the instances manually. | 15:13 |
| elopio | when scalingstack is having a hard day, it takes a long time to build the instances. So we send the delete command while they are still building, and they are kept around. | 15:14 |
| kyrofa | Oh, okay | 15:14 |
| jdstrand | lool: is openvswitch using a fs namespace? | 15:14 |
| lool | jdstrand: netns | 15:15 |
| jdstrand | lool: a perhaps better first question is-- what are the contents of your /var/lib/snappy/apparmor/profiles/openswitch_start-openswitch_... file | 15:16 |
| lool | jdstrand: dont know about fs namespace | 15:16 |
| zyga | jdstrand: so the prerequisite lanted, I'll iterate for a sec but I can now propose apparmor configurator (terrible name) and you can target policy changes there | 15:16 |
| lool | jdstrand: http://paste.ubuntu.com/15480149/ | 15:16 |
| zyga | jdstrand: I'll keep you posted | 15:16 |
| zyga | *landed* | 15:16 |
| lool | jdstrand: oh sorry | 15:16 |
| jdstrand | yeah, I don't think that is what you meant to paste :) | 15:17 |
| jdstrand | zyga: ack | 15:17 |
| lool | jdstrand: http://paste.ubuntu.com/15480172/ | 15:19 |
| lool | no bin/ip there | 15:19 |
| jdstrand | lool: more importantly, that isn't unconfied | 15:20 |
| jdstrand | unconfined | 15:20 |
| lool | no | 15:20 |
| lool | well I had removed it in the last attempt | 15:20 |
| lool | to not mix both | 15:20 |
| lool | but unconfined doesn't work either | 15:20 |
| elopio | kyrofa: you can try now. | 15:20 |
| kyrofa | Thanks elopio | 15:21 |
| lool | jdstrand: trying with unconfined again | 15:21 |
| jdstrand | lool: the caps you want is network-management btw | 15:21 |
| jdstrand | lool: but yes, let's see what happens with unconfined | 15:22 |
| jdstrand | lool: please remove and purge the snap and then install | 15:22 |
| lool | jdstrand: ah! I did remove but not purge | 15:23 |
| lool | http://paste.ubuntu.com/15480195/ | 15:23 |
| lool | no unconfined again | 15:23 |
| asac | sergiusens_: FAQ i guess... how do i use a ppa? | 15:24 |
| lool | jdstrand: still no luck, http://paste.ubuntu.com/15480203/ | 15:24 |
| lool | despite a snappy purge openswitch | 15:25 |
| jdstrand | lool: I don't know how new your snappy is. I wonder if security-template is no longer being honored | 15:25 |
| lool | the apparmor stuff is regenerated | 15:25 |
| code1o6 | lool, Hey, I'm new is that a snapcraft.yaml? | 15:25 |
| lool | jdstrand: ah it's the mvo image, but updates might not be applied | 15:25 |
| lool | let's see with latest snappy | 15:25 |
| jdstrand | lool: well, another thing to try is: | 15:25 |
| jdstrand | plugs: | 15:25 |
| jdstrand | networking: | 15:25 |
| jdstrand | interface: old-security | 15:25 |
| jdstrand | caps: [network-client, network-management] | 15:26 |
| jdstrand | err, caps shouldn't be indented that far | 15:26 |
| jospoortvliet | kyrofa: any chance you could join some Pi drive ppl in #techandme ?? | 15:28 |
| code1o6 | lool, jdstrand, I'm making a very simple snappy package that uses nmap and a bash script. Kinda like the one from getting started however I'm having issues is the getting started tutorial I believe is for snappy 16.04. Any help would be highly appreciated | 15:29 |
| code1o6 | *not getting started. build your first snap tutorial | 15:30 |
| asac | sergiusens_: FAQ i guess... how do i use a ppa for stage-packages? | 15:32 |
| code1o6 | here is my yaml http://paste.ubuntu.com/15480263/ | 15:33 |
| sergiusens_ | asac, that's only for plugins; why do you need this? | 15:33 |
| lool | jdstrand: of course after updating snappy, things work | 15:33 |
| asac | because i have a patch to apply to a package | 15:33 |
| lool | jdstrand: sorry | 15:33 |
| asac | that i want to use | 15:33 |
| code1o6 | Here is my bash script http://paste.ubuntu.com/15480269/ | 15:33 |
| asac | sergiusens_: why wouldnt we allow to add-repositories for apt? | 15:34 |
| asac | globally | 15:34 |
| sergiusens_ | asac, or if added to your host system and using this variable that is about to go away LOCAL_SOURCES | 15:34 |
| lool | code1o6: I'd suggest starting from a snapcraft checkout | 15:34 |
| lool | code1o6: and reading through the examples | 15:34 |
| code1o6 | I did | 15:34 |
| sergiusens_ | asac, you don't have the master plan in your head; trust me :-) | 15:34 |
| asac | sergiusens_: hmm. doesnt sound good | 15:34 |
| code1o6 | I did exactly from the tutorial | 15:34 |
| asac | sergiusens_: is there a trick coming to make what i want to do easy? | 15:35 |
| asac | without ppa? | 15:35 |
| sergiusens_ | asac, create a bug about stage-package's and ppa's I guess; but the original idea was that stage packages would come from the archive | 15:36 |
| asac | like deb-source plugin that builds something from a debsource? | 15:36 |
| code1o6 | The only difference is that I changed "$SNAP_DATA" to "$SNAP_APP_DATA_PATH" because it was for 16.04 | 15:36 |
| asac | they come fromt he archive, but there might be need to do stuff different :) | 15:36 |
| asac | i actually think the dpkg-buildpackage plugin might be neat :P | 15:36 |
| jdstrand | zyga: erf, how to you unrequest a PR? | 15:36 |
| zyga | jdstrand: close it! | 15:36 |
| asac | i could apt-get source, hack away and jkust use that | 15:36 |
| sergiusens_ | asac, that will be horrible ;-) | 15:36 |
| jdstrand | how do I close it? :) | 15:36 |
| zyga | jdstrand: there's a button at the bottom of the page | 15:36 |
| asac | sergiusens_: maybe from how it would need doing with pbuilder and friends? | 15:37 |
| jdstrand | ah there it is | 15:37 |
| asac | but from the feel it woudl be nice | 15:37 |
| asac | have a bug in an archive package | 15:37 |
| jdstrand | thanks | 15:37 |
| asac | just take the source, patch it and build it nicely | 15:37 |
| sergiusens_ | asac, if there's a bug in an archive package it should ideally be fixed | 15:37 |
| code1o6 | lool, when i try to run the bash script in /apps/unisys-test/whatever I believe it fails to run since it doesn't have the right folder permissions. | 15:37 |
| asac | i have never been a fan of such idealistic statements when something doesnt work | 15:38 |
| asac | yes, the world should all be clean and upstream | 15:38 |
| asac | but realitity is i need to get something done now :P | 15:38 |
| lool | code1o6: which folder are you trying to open? | 15:38 |
| asac | and we have beta freeze even | 15:38 |
| asac | and i dont even know if my patch is great and want to first test it by using it :) | 15:38 |
| asac | in snapcraft | 15:38 |
| asac | anyway, i will figure | 15:38 |
| code1o6 | http://paste.ubuntu.com/15480269/ | 15:38 |
| === sergiusens_ is now known as sergiusens | ||
| code1o6 | lool, it just pipes the output of nmap to test.out | 15:39 |
| sergiusens | asac, well bottom line is it is not supported today | 15:39 |
| code1o6 | then golang static websever should display that folder | 15:39 |
| ogra_ | ppisati, hmm https://github.com/swarren/u-boot/commit/97e783304448f240b33ab308cd9e18df5d8f69ca | 15:39 |
| code1o6 | just like the tutorial does it for the webcam | 15:39 |
| asac | right. i can file a bug and then wait till that feature is there :) | 15:39 |
| asac | guess i cant setup my home ftp server on snappy then :) | 15:40 |
| code1o6 | instead of creating pictures from fswebcam i use nmap | 15:40 |
| code1o6 | lool, I'm still quite understand how filesets work. This is how I did it http://paste.ubuntu.com/15480263/ | 15:41 |
| code1o6 | I'm guessing that the issue in my snapcraft.yaml | 15:41 |
| asac | sergiusens: https://bugs.launchpad.net/snapcraft/+bug/1561068 | 15:42 |
| ubottu | Launchpad bug 1561068 in Snapcraft "cannot use ppa or deb source packages conveniently" [Undecided,New] | 15:42 |
| code1o6 | brb, going to get coffee | 15:43 |
| asac | hmm. vsftpd doesnt even have a git tree from what i see | 15:45 |
| jdstrand | zyga: https://github.com/ubuntu-core/snappy/pull/718 | 15:45 |
| asac | lets go for tarball mess then :/ | 15:45 |
| ogra_ | asac, its probably so small that the maintainer just types it in from memory before building ;) | 15:45 |
| code1o6 | back | 15:45 |
| lool | code1o6: sorry I need to focus on something else for a while, if you dont get help here I'll be back with you reading the backlog | 15:46 |
| zyga | jdstrand: thanks | 15:46 |
| asac | haha ... /me joins #vsftpd | 15:46 |
| zyga | jdstrand: I've chaged the patch summary, we just indicated the package, not a particular file | 15:46 |
| zyga | jdstrand: if you have more I'll gladly take them :) | 15:46 |
| zyga | jdstrand: I'm working on some final bits that put all security stuff on disk and in memory | 15:47 |
| jdstrand | zyga: what does 'whitelist this please' mean? | 15:47 |
| zyga | jdstrand: just iterating to make it pretty and robust | 15:47 |
| ogra_ | ppisati, any idea what the dtb names are in that commit ? they dont seem to match any rpi dtb i have ever seen | 15:47 |
| ogra_ | (like: none of them) | 15:47 |
| zyga | jdstrand: it's a command to one of the bots that says that this pull request is trusted, it triggers tests to run when a non-member of the ubuntu-core organization proposes a pull request | 15:48 |
| asac | ogra_: so in your example you have the sqlite hacked binary in the source tree | 15:48 |
| asac | because its not easy to just use ppas? | 15:48 |
| ogra_ | asac, yeah, and have a copy line | 15:48 |
| asac | or do you build sqlite completely? | 15:48 |
| asac | right | 15:48 |
| jdstrand | zyga: I see | 15:48 |
| asac | awful | 15:48 |
| ogra_ | sure :) | 15:48 |
| asac | i feel super resistant against such things | 15:48 |
| ogra_ | its a demo snap ... | 15:48 |
| ogra_ | feel free to make it better ;) | 15:48 |
| * ogra_ only cares about having working binaries | 15:49 | |
| asac | i am ... files a bug | 15:49 |
| asac | https://bugs.launchpad.net/snapcraft/+bug/1561068 | 15:49 |
| ubottu | Launchpad bug 1561068 in Snapcraft "cannot use ppa or deb source packages conveniently" [Undecided,New] | 15:49 |
| jdstrand | zyga: so, the next step from my perspective is adding all the existing ubuntu-core-security (from trunk!) caps as interfaces | 15:49 |
| asac | ppa is good, deb-soure plugin woudl be even more awesome | 15:49 |
| zyga | jdstrand: I think we are ready-ish for that now | 15:49 |
| jdstrand | zyga: so I'll wait for you to do that before I make other policy change PRs | 15:49 |
| * ogra_ would just like to have patches auto-applied :) | 15:49 | |
| zyga | jdstrand: if you can, just add them | 15:49 |
| asac | ogra_: not sure why i need snapcraft if i have to build the binaries elsewhere | 15:49 |
| zyga | jdstrand: one pull request per interface | 15:49 |
| asac | and then copy them in my tree :P | 15:49 |
| asac | could just do the old way of doing it somehow then | 15:50 |
| jdstrand | zyga: I'm not sure how... | 15:50 |
| zyga | jdstrand: look at interfaces/builtin/network.go | 15:50 |
| zyga | jdstrand: just copy-paste | 15:50 |
| ogra_ | asac, to r9oll the snap ... this snap is from early 15.04 days and was always just carriesd along | 15:50 |
| zyga | jdstrand: 99% of the file is the security content or generic boilerplate | 15:50 |
| ogra_ | back then there was no such thing as snapcraft | 15:50 |
| jdstrand | oh, I didn't know you did one already | 15:50 |
| asac | ogra_: but it is snapcraft :) | 15:50 |
| zyga | jdstrand: just paste the right security content and the right profile name | 15:50 |
| ogra_ | asac, now it is | 15:50 |
| asac | soyou could have just kept it manual | 15:50 |
| ogra_ | no | 15:50 |
| ogra_ | snappy build will be gone soon | 15:50 |
| asac | well just mksquashfs | 15:51 |
| asac | :) | 15:51 |
| zyga | jdstrand: I can help you out with this but it would be much faster and might align with having interfaces really work by the end of the week | 15:51 |
| ogra_ | and i still use the copy plugin | 15:51 |
| asac | i did that a few times | 15:51 |
| roadmr | hey snappers! my snap is having trouble accessing the network (it's a server thingy): http://paste.ubuntu.com/15479495/ I have the old-security plug stuff from the gopaste example but still I see this. What am I missing? | 15:51 |
| asac | roadmr: how does your snapy.yaml look? | 15:51 |
| zyga | roadmr: hey | 15:52 |
| roadmr | asac: like crap :) let me paste it | 15:52 |
| roadmr | zyga: hello! | 15:52 |
| asac | roadmr: thsoe are not really network ones | 15:52 |
| asac | at least they dont look like it | 15:52 |
| asac | but who am i :) ... maybe seeing you have a syntax error in you snap.yaml will explain it | 15:53 |
| zyga | with everything that happens this week I'd imagine it could be broken, not sure how away latest devel images are from git master | 15:53 |
| roadmr | asac: http://paste.ubuntu.com/15480423/ this is just the apps and plugs | 15:53 |
| roadmr | asac: blatantly copied from the gopaste example really :/ | 15:53 |
| zyga | jdstrand: merged | 15:54 |
| zyga | roadmr: it looks good, I'd wait for after easter though | 15:54 |
| zyga | roadmr: 90% of snappy is upside down this week | 15:54 |
| zyga | roadmr: with major changes landing | 15:54 |
| ogra_ | just do a handstand | 15:55 |
| zyga | roadmr: and next week I'd use network interface | 15:55 |
| zyga | roadmr: not old security | 15:55 |
| roadmr | zyga: yay!! | 15:55 |
| ogra_ | though typing is hard in that position | 15:55 |
| zyga | (I suspect that next week old-security is the only interface that will not work) | 15:55 |
| zyga | (while everything else will) | 15:55 |
| roadmr | ogra_: haha :) a handstand sounds like a skill, rather than an interface :) | 15:55 |
| ogra_ | heh | 15:55 |
| zyga | I'll get o-s to work too but after | 15:55 |
| elopio | fgimenez: git push --set-upstream origin bug/mkdir_gnupg | 15:55 |
| elopio | sorry | 15:55 |
| elopio | fgimenez: https://github.com/ubuntu-core/snappy-jenkins/pull/114 | 15:56 |
| asac | roadmr: dunno... i never had problems, but didnt use override | 15:57 |
| jdstrand | zyga: fyi, we need old-security/seccurity-override and old-security/security-policy to work at least (the other two can go away afaic) | 15:57 |
| jdstrand | zyga: next week is fine, just saying, we should plan on those working. we can chat at some point when it makes sense about what those should be doing and how the interact with interfaces | 15:57 |
| asac | roadmr: so its different for me | 15:57 |
| asac | interface: old-security | 15:58 |
| zyga | jdstrand: wooot | 15:58 |
| zyga | jdstrand: wait, what about system calls? | 15:58 |
| zyga | jdstrand: security-policy -- that's the "different template" support, right? | 15:58 |
| asac | roadmr: http://paste.ubuntu.com/15480453/ | 15:58 |
| asac | thats what i would try | 15:58 |
| zyga | jdstrand: and security-override is like a custom snippet, right? | 15:58 |
| fgimenez | elopio, ok thx! | 15:58 |
| jdstrand | zyga: regarding the other caps, I'm on it. I didn't realize network was already there | 15:58 |
| jdstrand | zyga: security-policy is 'use my custom raw policy and don't use interfaces/apparmor.go and interfaces/seccomp.go" | 15:59 |
| zyga | jdstrand: thanks, I'm sure we can land them quickly | 16:00 |
| zyga | jdstrand: I see, that's okay, this should be supported with what I'm hacking on now | 16:00 |
| jdstrand | zyga: security-override is 'use interfaces like normal, but add these few extra things I specified' | 16:00 |
| zyga | jdstrand: perfect | 16:00 |
| zyga | jdstrand: I'm 100% confident we'll get all of this to work now | 16:00 |
| jdstrand | nice | 16:00 |
| roadmr | asac: thanks! I'll try that right now... | 16:00 |
| zyga | jdstrand: (it works now but I need to rebase on top of what mvo did first) | 16:01 |
| zyga | jdstrand: and there's a looong review ahead :) | 16:01 |
| asac | roadmr: but as said not sure about -override part | 16:02 |
| roadmr | asac: ok, we'll know soon enough :) | 16:03 |
| jdstrand | zyga: why doesn't git reset --hard origin/master pull in the change you just merged? | 16:05 |
| zyga | jdstrand: git is offline except for "pull" and "fetch" | 16:06 |
| zyga | jdstrand: git fetch --all | 16:06 |
| jdstrand | zyga: that didn't do it either | 16:06 |
| asac | git fetch origin | 16:06 |
| jdstrand | I already trid git pull | 16:07 |
| asac | then do the checkout / reset | 16:07 |
| zyga | jdstrand: I'd normally pull instead | 16:07 |
| zyga | jdstrand: git pull origin master | 16:07 |
| jdstrand | I tried a pull before I asked the question | 16:07 |
| zyga | jdstrand: safer than reset --hard | 16:07 |
| zyga | ^^ like that | 16:07 |
| roadmr | asac: so it didn't work :/ I still see the same apparmor DENIED stuff :/ I'm OK to wait until next week if things are wobbly right now | 16:07 |
| jdstrand | zyga: it says I am up to date, but I am clearly not. I don't have 718 | 16:08 |
| asac | guess so | 16:08 |
| * jdstrand sighs | 16:09 | |
| asac | jdstrand: git branch | 16:09 |
| asac | git log -l1 | 16:09 |
| asac | i think you might be on different head\ | 16:10 |
| jdstrand | that's what I'm saying | 16:10 |
| asac | then you think | 16:10 |
| jdstrand | I have Merge pull request #717 | 16:10 |
| jdstrand | I do not have 718 which github says is committed | 16:10 |
| asac | do you see it in the fetched branches? | 16:10 |
| asac | e.g. git log origin/master ? | 16:10 |
| asac | if not its a caching prob | 16:11 |
| asac | of course only after doign git fetch origin first | 16:11 |
| jdstrand | git log origin/master doesn't show it either | 16:11 |
| jdstrand | I did git fetch origin | 16:11 |
| asac | and git remote show origin | 16:11 |
| jdstrand | maybe I'm confused by what github is saying | 16:11 |
| asac | shows the right origin? | 16:11 |
| asac | on master on github there is 718 | 16:12 |
| asac | no confusion on that front | 16:12 |
| jdstrand | maybe I cloned it wrong? | 16:12 |
| asac | yes, check git remote show origin | 16:12 |
| asac | maybe that points to your own tree | 16:12 |
| jdstrand | http://paste.ubuntu.com/15480553/ | 16:12 |
| jdstrand | it seems to | 16:13 |
| jdstrand | I don't know why | 16:13 |
| asac | you probably jus started with that | 16:13 |
| asac | its not problem | 16:13 |
| asac | just add the upstream origin | 16:13 |
| asac | like git remote add upstream https://github.com/ubuntu-core/snappy | 16:13 |
| asac | git fetch upstream | 16:13 |
| asac | and then you can checkout upstream/master | 16:13 |
| jdstrand | is that the normal way or is it a workaround because I cloned wrong? | 16:14 |
| asac | well. its certainly not abnormal to have your own repo as origin and the upstream repo as something else | 16:14 |
| asac | depends on the perspective | 16:14 |
| asac | :) | 16:14 |
| jdstrand | my perspective is I just want to have something that I trip on *every* time | 16:15 |
| jdstrand | :P | 16:15 |
| asac | lol | 16:15 |
| asac | you have to learn this then | 16:15 |
| zyga | jdstrand: yeah, I have origin as myself and upstream as upstream :) | 16:15 |
| asac | no way around it :) | 16:15 |
| zyga | jdstrand: it's all personal | 16:15 |
| asac | git is not bzr | 16:15 |
| jdstrand | I git that (see what I did there! :) | 16:15 |
| zyga | ... | 16:15 |
| zyga | ... | 16:15 |
| jdstrand | but I'm trying to figure out what the git flow is | 16:15 |
| zyga | we see (see what I did here) | 16:15 |
| zyga | (except it took a while) | 16:15 |
| asac | jdstrand: git flow is really very freeform... do what you want :) | 16:16 |
| zyga | jdstrand: I typically git fetch once a day or when something I care about lands | 16:16 |
| asac | you add the repos you care about with some name (origin, upstream, doesnt matter) | 16:16 |
| jdstrand | assamaybe that is the issue | 16:16 |
| asac | and then make local working branches for whatever youw eant to work on | 16:16 |
| asac | :) | 16:16 |
| asac | and push to wherever you want to push | 16:16 |
| zyga | yep | 16:16 |
| zyga | it's the hippygit workflow | 16:16 |
| asac | i try to avoid magic stuff... becuase i dont understand what it doesn :) | 16:17 |
| asac | so just do it old way :) | 16:17 |
| asac | jdstrand: so if you do git branch -a you see all the branches you ahve fetched from remote repos | 16:18 |
| jdstrand | I know what happened | 16:18 |
| asac | that you ahve configured in snappy remote | 16:18 |
| asac | and all that doesnt have ORIGIN./ is just local | 16:18 |
| jdstrand | it is the combination of github and git | 16:18 |
| asac | you can always just delete all that if you are confused | 16:18 |
| jdstrand | ie, I forked ubuntu-core/snappy.git | 16:18 |
| asac | and checkout whhatever you want as master from all those things available from upstream repo | 16:18 |
| jdstrand | that gave me jdstrand/snappy.git | 16:18 |
| jdstrand | I cloned jdstrand/snappy.git | 16:18 |
| asac | yes | 16:19 |
| jdstrand | I was thinking that github would do something magic there | 16:19 |
| jdstrand | but now the upstream bit makes sense | 16:19 |
| jdstrand | ok | 16:19 |
| jdstrand | thanks! | 16:19 |
| asac | thats how you usually end up with your own repo on github :) | 16:19 |
| asac | hehe | 16:19 |
| asac | so the security-override in the plug thing is not really the way to do that right? | 16:21 |
| asac | e.g. to allow syscalls | 16:21 |
| asac | for me the network caps work, but not the syscall whitelist | 16:21 |
| asac | http://paste.ubuntu.com/15480672/ | 16:21 |
| sergiusens | elopio, help here would be nice http://162.213.35.179:8080/job/github-snapcraft-autopkgtest-cloud/243/console | 16:21 |
| asac | jdstrand: do you know? | 16:21 |
| zyga | jdstrand: related to asac's question, do you think we need to support "syscalls" as thing in old-security | 16:22 |
| zyga | (I know the custom snippet think is sufficient for that) | 16:22 |
| elopio | sergiusens: I think I already solved that. We had a lot of slow scalingstack instances hanging around. | 16:22 |
| asac | hmm. i think it actually worked | 16:22 |
| asac | i get now a complain about missing cap setgid | 16:23 |
| asac | security-override: | 16:23 |
| asac | syscalls: [setgroups] | 16:23 |
| asac | caps: [setgid] | 16:23 |
| asac | that doesnt feel right :) | 16:23 |
| asac | let me add that to the other caps | 16:23 |
| asac | where i have network-listener | 16:24 |
| asac | ok that was clearly wrong :) | 16:24 |
| * ogra_ takes a break | 16:24 | |
| asac | jdstrand: its odd... i now have http://paste.ubuntu.com/15480726/ and i managed to get rid of setgid capabilityt complain and setgroups syscalls complain, but this doesnt fix the sys_admin complains | 16:27 |
| asac | zyga: ^ | 16:27 |
| zyga | no idea :-( | 16:27 |
| zyga | I haven't tried using old-security much and I don't really follow the magic behind it | 16:28 |
| asac | http://paste.ubuntu.com/15480738/ | 16:28 |
| zyga | asac: but I can promise you to support this next week | 16:28 |
| asac | thats the complains i got before | 16:28 |
| asac | now i only get the sys_admin one | 16:28 |
| zyga | asac: when I know what happens inside | 16:28 |
| sergiusens | elopio, hm | 16:28 |
| asac | jdstrand: nevermind i got rid of all complains.... was just confused by scanlog | 16:30 |
| sergiusens | morphis, btw https://github.com/ubuntu-core/snapcraft/pull/397 | 16:30 |
| asac | still have troubles | 16:30 |
| sergiusens | and lool ^ | 16:30 |
| morphis | sergiusens: yeah! | 16:30 |
| mvip | asac is most of the Snappy team in Paris now? | 16:32 |
| asac | mvip: no most are distributed | 16:33 |
| * asac does the ogra now :) | 16:34 | |
| asac | copies hacked binaries into snapcraft sourc etree | 16:35 |
| asac | and i must admit once you have done it once it doesnt feel that bad anymore :) | 16:35 |
| ogra_ | haha | 16:36 |
| mvip | asac yeah i know, but i thought Didier, Rircardo and Maarten were there so i just thought you had an event or something. | 16:36 |
| mvip | *Ricardo | 16:36 |
| ogra_ | thats the tie and suit guys :) | 16:36 |
| mvip | ogra_ ;) | 16:37 |
| mvip | While i have seen Maarten in suit, i haven't seen Ricardo or Didier in one ;) | 16:37 |
| ogra_ | they have a party budget to take out customers, so they can have in-person meetings ... us poor developers have to stay at home ;) | 16:37 |
| mvip | ogra_ hahaha | 16:38 |
| asac | ricardo and didier did an important one day thing there :) | 16:38 |
| mvip | ah ok | 16:38 |
| asac | mectors wanst there afaik, but you newver know :_) | 16:38 |
| mvip | asac i've been chasing Ricardo by email but he appears to be MIA | 16:38 |
| asac | he is vac | 16:38 |
| ogra_ | back next week | 16:39 |
| asac | back mon | 16:39 |
| mvip | ah ok. | 16:39 |
| asac | if you need urgent help let me know :) | 16:39 |
| mvip | asac nah we talked at MWC about doing a pre-16.04 Hangout for my devs to avoid common pitfalls | 16:39 |
| mvip | but now we're halfway there already | 16:39 |
| mvip | but thanks for the offer | 16:40 |
| asac | mvip: half way where? | 16:40 |
| mvip | asac: yeah we've ported most of the code from 15.04, but there were a few changes that they're still working on | 16:41 |
| asac | ic | 16:41 |
| asac | ok sounds good. just remember there are still changes happening on trunk | 16:41 |
| mvip | yeah i know | 16:41 |
| asac | team will probably improve stuff till very shortly before release | 16:41 |
| asac | goodie | 16:41 |
| mvip | yeah but we want to open up the beta with some beta customers asap, and since there is no migration plan from 15.04 (w/out re-flashing), we kinda have to bite the bullet with 16.04 | 16:42 |
| asac | zyga: where is the old-secureity code? | 16:42 |
| asac | i cannot find it | 16:42 |
| asac | need to know if the field is called capabilities | 16:42 |
| zyga | asac: snappy/* | 16:42 |
| zyga | asac: mostly security.go | 16:42 |
| zyga | asac: but it's not easy to follow IMHO | 16:42 |
| zyga | (e.g. compare to interfaces/builtin/$iface_name.go | 16:42 |
| zyga | asac: :-( | 16:42 |
| asac | indeed | 16:43 |
| asac | jdstrand: really would love to know where i can put stuff like sys_chroot | 16:44 |
| asac | i tried putting it in old-security -> caps | 16:44 |
| asac | doesnt work | 16:44 |
| asac | then in override -> capabilities, but the code doesnt seem to suggest such field exists | 16:44 |
| ogra_ | even if it did you'd most likely have to change it again next week :P | 16:44 |
| asac | its odd | 16:45 |
| * ogra_ waits til someone actually calls the stuff stable ... i gave up forward porting my snaps every week | 16:45 | |
| asac | i get complain that syscall chroot is missing | 16:45 |
| asac | then i add that and then it complains about missing cap sys_chroot | 16:45 |
| asac | wonder why we always have both | 16:45 |
| ogra_ | i doubt you will be able to implement that sanely at all | 16:45 |
| asac | ogra_: how can i make it unconfined? | 16:45 |
| ogra_ | turn off chrooting in your daemon | 16:46 |
| asac | my machien crashed s i have to get this working today | 16:46 |
| asac | no matter what | 16:46 |
| zyga | asac: unconfined is going away, developer mode is replacing that | 16:46 |
| ogra_ | zyga, on a pre-snap basis ? | 16:46 |
| asac | yes, but i need it working today | 16:46 |
| zyga | yep | 16:46 |
| ogra_ | *per-snap | 16:46 |
| asac | doesnt matter what goes away | 16:46 |
| zyga | asac: sure, just FYI | 16:46 |
| stgraber | jdstrand: hey, any chance you can look at that lxd upload? | 16:46 |
| asac | soo how to do unconfined these days? | 16:46 |
| asac | :) | 16:46 |
| ogra_ | asac, http://bazaar.launchpad.net/~ogra/+junk/htop-unconfined/files that worked two weeks ago | 16:47 |
| ogra_ | (obsolete again though) | 16:47 |
| asac | yep great | 16:47 |
| * asac tries the equiv | 16:47 | |
| === kickinz1 is now known as kickinz1|eod | ||
| sergiusens | mvo, hey, how is meta/gui defined? | 16:56 |
| sergiusens | mvo, or what lives in it? | 16:56 |
| mvo | sergiusens: I'm off for dinner now, lets talk later or tomorrow. its just icon in there and desktop files for now | 17:01 |
| jdstrand | stgraber: done | 17:11 |
| stgraber | jdstrand: thanks | 17:11 |
| === olli_ is now known as olli | ||
| elopio | ogra_: the package on the ppa build successfully today. If you can trigger a snap build, that would be nice. | 17:43 |
| code1o6 | Hey guys, can someone take a look at my snapcraft.yaml to see if there is anything wrong with it. I'm not sure if I'm doing the filesets part right http://paste.ubuntu.com/15480263/ | 17:53 |
| sxj | installed snappy on VirtualBox-4.3.36-105129, have tried ubuntu/ubuntu for username/password | 18:05 |
| sxj | get "login incorrect" | 18:05 |
| sxj | have typed them carefully but still the same error | 18:06 |
| jdstrand | zyga: not sure if you are still around, but how do I list available interfaces? I'm on trunk and wanted to se how that part workeed | 18:11 |
| zyga | ther'es no way to do that | 18:12 |
| zyga | jdstrand: just add a test in all_test.go | 18:12 |
| jdstrand | today or ever? | 18:12 |
| zyga | today, we haven't designed anything that needs it yet | 18:12 |
| zyga | jdstrand: one thing I'd envison was the developer mode debug checker | 18:12 |
| zyga | jdstrand: but it's not implemented in any way | 18:12 |
| jdstrand | zyga: ok, so, the debugging tool I need to write will need some of this | 18:13 |
| jdstrand | but let's not worry about that now | 18:13 |
| zyga | jdstrand: it should be trivial to expose this on CLI | 18:13 |
| zyga | jdstrand: one day | 18:13 |
| sxj | downloaded the ova image from http://cloud-images.ubuntu.com/ubuntu-core/15.04/core/stable/current/core-stable-amd64-cloud.ova | 18:18 |
| ogra_ | elopio, building | 18:33 |
| elopio | thank you! | 18:40 |
| jdstrand | zyga: sorry to keep bothering you: ./run-tests | 18:46 |
| jdstrand | can't load package: package _/home/jamie/bzr-pulls/snappy.jdstrand/arch: cannot find package "_/home/jamie/bzr-pulls/snappy.jdstrand/arch" in any of: | 18:46 |
| jdstrand | /usr/lib/go/src/_/home/jamie/bzr-pulls/snappy.jdstrand/arch (from $GOROOT) | 18:46 |
| jdstrand | /home/jamie/src/gopath/src/_/home/jamie/bzr-pulls/snappy.jdstrand/arch (from $GOPATH) | 18:47 |
| zyga | jdstrand: don't be sorry | 18:47 |
| zyga | jdstrand: first of all, forget about run tests for a sec | 18:47 |
| jdstrand | I did ./get-deps.sh | 18:47 |
| zyga | jdstrand: go to interfaces/builtin | 18:47 |
| zyga | jdstrand: and run "go test" | 18:47 |
| zyga | jdstrand: that's 99% of what matters | 18:47 |
| jdstrand | ./bool_file_test.go:126: undefined: builtin.MockEvalSymlinks | 18:47 |
| zyga | hmmm | 18:47 |
| zyga | ok | 18:47 |
| zyga | quick sanity check | 18:47 |
| zyga | your code should be in $GOPATH/src/ubuntu-core/snappy | 18:48 |
| zyga | that is | 18:48 |
| zyga | after get-deps | 18:48 |
| zyga | your snappy fork should be exactly there | 18:48 |
| zyga | otherwise nothing works | 18:48 |
| jdstrand | zyga: that worked | 18:49 |
| jdstrand | zyga: I use a symlink from $GOPATH/src/ubuntu-core/snappy to somewhere else | 18:49 |
| jdstrand | 13:49 < jdstrand> zyga: that worked | 18:50 |
| jdstrand | 13:49 < jdstrand> zyga: I use a symlink from $GOPATH/src/ubuntu-core/snappy to somewhere else | 18:50 |
| jdstrand | zyga: I was 'somewhere else' | 18:50 |
| zyga | mmm | 18:50 |
| jdstrand | doi | 18:50 |
| jdstrand | I'm doing too much at once :) | 18:50 |
| zyga | I'd suggest the other way around (have real stuff in $GOPATH and a symlink to reach faster but I'm glad that this works as well | 18:50 |
| zyga | jdstrand: thanks for asking :) | 18:51 |
| zyga | jdstrand: quick tip from my back of commands: | 18:53 |
| zyga | go test . -cover -coverprofile $GOPATH/src/github.com/ubuntu-core/snappy/cover.out && go tool cover -html $GOPATH/src/github.com/ubuntu-core/snappy/cover.out -o $GOPATH/src/github.com/ubuntu-core/snappy/coverage.html | 18:53 |
| zyga | xdg-open $GOPATH/src/github.com/ubuntu-core/snappy/coverage.html | 18:53 |
| === chihchun_afk is now known as chihchun | ||
| === ubott2 is now known as ubottu | ||
| sergiusens | mvo, kyrofa https://github.com/ubuntu-core/snapcraft/pull/399 | 19:14 |
| code1o6 | sjx, I recommend using kvm, aka virtual machine manager | 19:19 |
| code1o6 | works great | 19:19 |
| === daker_ is now known as daker | ||
| === tedg_ is now known as tedg | ||
| === inaddy_ is now known as inaddy | ||
| code1o6 | Can anyone take a look at my snapcraft.yaml | 19:20 |
| code1o6 | Is anyone running snappy core 16.04 | 19:23 |
| zyga | code1o6: I'd suggest just asking the question | 19:24 |
| zyga | code1o6: aka, don't ask to ask, just ask | 19:24 |
| zyga | code1o6: "I have a problem $DESCRIPTION_OF_PROBLEM with my snapcraft.yaml -- $PASTEBIN_OF_SNAPCRAFT_YAML" | 19:25 |
| code1o6 | Zyga, I have several time on multiple days | 19:25 |
| code1o6 | ey guys, can someone take a look at my snapcraft.yaml to see if there is anything wrong with it. I'm not sure if I'm doing the filesets part right http://paste.ubuntu.com/15480263/ | 19:25 |
| code1o6 | So, it builds but my bash script doesn't create test.out file. When I try running nmap binary it fails /apps/unisys-test/blah/nmap | 19:26 |
| code1o6 | http://paste.ubuntu.com/15480269/ | 19:27 |
| code1o6 | that's the bash scripts the should run using glue from snapcraft.yaml | 19:27 |
| code1o6 | The webserver gets started but I believe that the permission in the directory are not correct since the test.out file does not get created | 19:28 |
| code1o6 | I tested my bash script in ubuntu and works perfectly. So, the problem is that the Build your first snap tutorial from canonical is outdated. The example source they provide is for 16.04 | 19:30 |
| code1o6 | So there is something I must be missing or that I have extra | 19:30 |
| code1o6 | zyga, ^^ | 19:31 |
| zyga | code1o6: unfortunately I cannot help you out, I'm not familiar with filesets, perhaps sergiusens can answer; if not I'd suggest sending that same question to snappy-app-devel mailing list | 19:32 |
| code1o6 | I'm just following the tutorial from here https://developer.ubuntu.com/en/snappy/build-apps/your-first-snap/. Look at the last two sections. It doesn't make any sense | 19:34 |
| code1o6 | filesets, and extending metadata | 19:35 |
| code1o6 | at the end they says edit snapcraft.yaml one more time and then it says again but if you look at the code for both of them they are completely different | 19:36 |
| zyga | code1o6: developer docs are somewhat out of date between what's in 15.04 and 16.04 | 19:36 |
| zyga | code1o6: I haven't used filesets at all so I cannot say if that's affected | 19:36 |
| code1o6 | I understand that zyga, I even have friends at canonical but unfortunately they don't work in snappy core project. So I'd appreciate any help from the developers. | 19:37 |
| zyga | I'd suggest looking for dholbah, he should be able to help with the docs and perhaps point you at the right person | 19:39 |
| sergiusens | zyga, code1o6 there have been no changes for filesets though | 19:40 |
| sergiusens | where does this project live? and I hope you are on xenial | 19:40 |
| code1o6 | sergiusens, its 15.04 | 19:50 |
| code1o6 | The project where I build the snap package its 15.10 | 19:51 |
| sergiusens | code1o6, why are you doing stuff on 15.04? | 19:51 |
| sergiusens | all the great stuff is in 16.04 | 19:52 |
| code1o6 | I wish I could upgrade but its part of Dell IOT device and it's shipping with 15.04 | 19:55 |
| code1o6 | sergiusens, ^^ | 19:55 |
| sergiusens | code1o6, ah, valid reason :-) | 19:56 |
| sergiusens | code1o6, is you project anywhere to look at? | 19:56 |
| sergiusens | code1o6, I'm almost sure you call to ip -4 addr show eth0 fails | 19:57 |
| sergiusens | code1o6, can you install snappy-debug | 19:57 |
| sergiusens | and run sudo snappy-debug scanlogs | 19:58 |
| code1o6 | sergiusens, it's not in github but here are all the files that are in my project folder. Snapcraft.yaml http://paste.ubuntu.com/15480263/ my webui http://paste.ubuntu.com/15480269/ and webui.go http://paste.ubuntu.com/15482363/ | 20:00 |
| code1o6 | I can post it in github if you'd like | 20:00 |
| code1o6 | Why are you sure sergiusens ? | 20:00 |
| code1o6 | It works in ubuntu and I thought ip should be built into snappy | 20:00 |
| code1o6 | let me try it right now | 20:00 |
| sergiusens | code1o6, because if the `ip` comes from the system you are probably missing some security allowances | 20:01 |
| sergiusens | snappy-debug will confirm | 20:01 |
| code1o6 | snappy-debug is not found | 20:02 |
| code1o6 | Is it a snap? | 20:03 |
| code1o6 | sergiusens, do you run that in snappy or my project folder? | 20:04 |
| jdstrand | network-management is the cap you would use on 16.04, network-admin on 15.04 | 20:05 |
| jdstrand | zyga: sorry, another question: https://travis-ci.org/ubuntu-core/snappy/jobs/118065075 | 20:05 |
| jdstrand | zyga: you said go test was enough, but travis says otherwise | 20:06 |
| code1o6 | guys how do you run snappy-debug | 20:08 |
| jdstrand | sudo snappy install snappy-debug | 20:08 |
| jdstrand | sudo snappy-debug.security scanlog | 20:08 |
| code1o6 | nvm | 20:09 |
| code1o6 | thanks | 20:09 |
| code1o6 | serguisens, was right http://i.imgur.com/q9W5hKT.png | 20:14 |
| code1o6 | can someone take a look at it? | 20:14 |
| code1o6 | it says to add 'capability net_admin' | 20:15 |
| jdstrand | did you see what I said above? | 20:15 |
| jdstrand | network-management is the cap you would use on 16.04, network-admin on 15.04 | 20:15 |
| code1o6 | oic | 20:15 |
| code1o6 | so just change that | 20:15 |
| code1o6 | what is cap? capability? | 20:16 |
| jdstrand | or add it, yes | 20:16 |
| code1o6 | jdstrand, thank you so much. | 20:16 |
| code1o6 | plugs: | 20:18 |
| code1o6 | listener: | 20:18 |
| code1o6 | interface: old-security | 20:18 |
| code1o6 | caps: [network-listener] | 20:18 |
| code1o6 | [network-admin] | 20:18 |
| code1o6 | like this? | 20:18 |
| jdstrand | caps: [network-listener, network-management] | 20:18 |
| code1o6 | I thought you said network-admin | 20:18 |
| jdstrand | since you specified network-listener, this is 16.04, so use network-management, plus, I'm assuming you still want network-listener | 20:18 |
| jdstrand | it is currently network-management on 16.04, changed from network-admin | 20:19 |
| code1o6 | jdstrand, [network-admin, network-listener] | 20:20 |
| jdstrand | no | 20:20 |
| jdstrand | [network-listener, network-management] | 20:21 |
| code1o6 | <jdstrand> network-management is the cap you would use on 16.04, network-admin on 15.04???? | 20:21 |
| jdstrand | yes | 20:21 |
| jdstrand | you are on 16.04, use network-management | 20:21 |
| code1o6 | no i'm in 15.04 | 20:21 |
| jdstrand | not if you are using 'plus' | 20:21 |
| jdstrand | plugs* | 20:22 |
| code1o6 | Well I have to use 15.04. How would I make it compatible then | 20:22 |
| jdstrand | if you are on 15.04, drop all the 'plugs' stuff and simply use: caps: [network-client, network-admin] | 20:22 |
| jdstrand | code1o6: eg: | 20:23 |
| jdstrand | services: | 20:23 |
| jdstrand | foo: | 20:23 |
| jdstrand | caps: [network-client, network-admin] | 20:23 |
| jdstrand | code1o6: fyi, you need to make sure you are using the right snapcraft for 15.04 | 20:24 |
| code1o6 | jdstrand, does it look okay? http://paste.ubuntu.com/15482558/ | 20:27 |
| jdstrand | code1o6: the services bit does, yes. I am not a snapcraft expert though | 20:28 |
| jdstrand | so I can't comment on the other parts | 20:28 |
| jdstrand | I mean, it looks ok otoh | 20:28 |
| * ogra_ is still curious if you will in the end be able to make nmap work within the confinement boundaries | 20:33 | |
| ogra_ | i mean ... it needs quite some system access to collect the info (switching the NIC into promiscous mode for example) | 20:33 |
| jdstrand | it will cause apparmor doesn't have fine-grained network mediation yet | 20:34 |
| code1o6 | it doesn't need to be in promscous mode | 20:34 |
| jdstrand | CAP_NET_ADMIN is essentially all that is needed | 20:34 |
| code1o6 | jdstrand, I guess it progress http://paste.ubuntu.com/15482674/ | 20:42 |
| zyga | jdstrand: looking | 20:43 |
| jdstrand | zyga: ./run-tests passed here locally | 20:44 |
| zyga | jdstrand: hmm, travis merges AFAIR | 20:44 |
| jdstrand | code1o6: yes, notice the timestamp, your network-admin worked | 20:44 |
| zyga | jdstrand: can you rebase / merge master | 20:44 |
| zyga | jdstrand: and see if that fixes it | 20:44 |
| zyga | jdstrand: looks like pre native plug/slot info branch | 20:44 |
| jdstrand | code1o6: File: /apps/unisys-test.sideload/IPUTNKTTWKUK/test.out. use $SNAP_DATA_PATH/test.out instead | 20:45 |
| jdstrand | zyga: erf, I forked from https://github.com/ubuntu-core/snappy.git and am up to date | 20:45 |
| zyga | jdstrand: ok, let me have another look | 20:46 |
| zyga | jdstrand: you are not | 20:47 |
| zyga | jdstrand: https://github.com/ubuntu-core/snappy/pull/720/files#diff-aa51e80575985c01c3fa42dabdd454ddR40 | 20:47 |
| zyga | jdstrand: this is before 702 landed | 20:47 |
| jdstrand | it said I had 718 though | 20:47 |
| zyga | jdstrand: 702 changed Plug/Slot API | 20:47 |
| ogra_ | code1o6, ah, you would only do higher level stuff ? | 20:47 |
| * jdstrand shakes fist at git | 20:47 | |
| zyga | jdstrand: (landing order != proposal order) | 20:47 |
| ogra_ | yeah, i guess that works | 20:47 |
| zyga | jdstrand: fetch / rebase | 20:47 |
| zyga | jdstrand: and see what happens | 20:47 |
| jdstrand | meh, I just did several of these | 20:48 |
| zyga | jdstrand: tests will fail for you locally then, I suggest doing a quick vimdiff on your new _test file and other interface _test file to see how to change that | 20:48 |
| zyga | jdstrand: the change is totally automatic | 20:48 |
| zyga | jdstrand: git fetch upstream | 20:48 |
| zyga | jdstrand: git rebase upstream/master | 20:48 |
| jdstrand | I don't see how git clone gave me the wrong thing | 20:48 |
| zyga | jdstrand: assuming upstream remote is github.com/ubuntu-core/snappy | 20:48 |
| zyga | jdstrand: what is wrong? | 20:49 |
| code1o6 | jdstrand, like this http://paste.ubuntu.com/15482722/? | 20:49 |
| * jdstrand has been struggling getting a git workflow going only to find he had the wrong branch | 20:49 | |
| code1o6 | ogra_, what are you talking about? | 20:49 |
| ogra_ | nmap | 20:49 |
| jdstrand | code1o6: seems fine | 20:49 |
| ogra_ | doesnt that usually also do arp scans and such ? | 20:49 |
| code1o6 | well I wanted to do -sS but that requires sudo | 20:50 |
| jdstrand | zyga: git fetch upstream is up to date | 20:50 |
| zyga | k | 20:50 |
| code1o6 | for now I'll try getting it working first | 20:50 |
| ogra_ | code1o6, right, thats what i mean ... | 20:50 |
| zyga | jdstrand: do you see ea2f84a3362ba4b7757f178a6da82f5938181f1b | 20:50 |
| zyga | jdstrand: you have to have it in your branch | 20:50 |
| jdstrand | commit ea2f84a3362ba4b7757f178a6da82f5938181f1b | 20:51 |
| jdstrand | Merge: c887a47 813c112 | 20:51 |
| jdstrand | Author: Zygmunt Krynicki <me@zygoon.pl> | 20:51 |
| jdstrand | Date: Wed Mar 23 18:00:44 2016 +0100 | 20:51 |
| jdstrand | Merge pull request #702 from zyga/use-std-plugs-and-slots | 20:51 |
| jdstrand | 20:51 | |
| jdstrand | interfaces, daemon, overlord: use snap.{Plug,Slot}Info natively | 20:51 |
| zyga | jdstrand: is that in the branch you are on? | 20:51 |
| jdstrand | yes | 20:51 |
| zyga | jdstrand: can you check that your firewall test looks the same to network test (for example) | 20:51 |
| zyga | jdstrand: and that it looks like this: | 20:52 |
| zyga | https://github.com/ubuntu-core/snappy/blob/master/interfaces/builtin/network_test.go#L38 | 20:52 |
| zyga | jdstrand: ^^ | 20:52 |
| zyga | jdstrand: git status | 20:52 |
| zyga | jdstrand: git branch | 20:52 |
| zyga | jdstrand: maybe your are in some weird place | 20:52 |
| zyga | jdstrand: or you are pushing to some weird location so tests locally pass but you pushed something else earlier | 20:53 |
| jdstrand | zyga: it is in everything except my firewall-controll branch | 20:53 |
| zyga | jdstrand: there you go | 20:53 |
| zyga | jdstrand: git rebase upstream/master | 20:53 |
| jdstrand | zyga: apparently I forked and started working before that was merged | 20:53 |
| zyga | :-) | 20:53 |
| * jdstrand wonders why zyga said to work on these with that change not landed :) | 20:53 | |
| zyga | jdstrand: AFAIR at that time it *has* landed :D | 20:54 |
| zyga | jdstrand: you just didn't fetch | 20:54 |
| zyga | jdstrand: look at the timestamps | 20:54 |
| jdstrand | so, https://github.com/ubuntu-core/snappy/pull/721 passed travis | 20:54 |
| jdstrand | and the other two I started will have had that | 20:54 |
| jdstrand | I'll update firewall-control | 20:54 |
| code1o6 | jdstrand, I'm still getting adjust program to not write to SNAP_APP_PATH | 20:57 |
| jdstrand | it isn't SNAP_APP_PATH | 20:57 |
| jdstrand | it is SNAP_DATA_PATH | 20:58 |
| code1o6 | http://i.imgur.com/GxJrEA6.png | 20:58 |
| jdstrand | code1o6: I suggest: sudo snappy install hello-world ; hello-world.env | grep SNAP | 20:58 |
| jdstrand | code1o6: whoops | 20:58 |
| jdstrand | code1o6: SNAP_DATA, not SNAP_DATA_PATH | 20:59 |
| code1o6 | jdstrand, yes that what I did SNAP_DATA_PATH | 20:59 |
| jdstrand | I know, I said it wrong | 20:59 |
| jdstrand | SNAP_DAT | 20:59 |
| jdstrand | erf | 20:59 |
| jdstrand | SNAP_DATA | 20:59 |
| code1o6 | jdstrand, testing | 20:59 |
| code1o6 | jdstrand, Same error message | 21:03 |
| code1o6 | I though SNAP_DATA was for 16.04 | 21:03 |
| jdstrand | oh sigh | 21:04 |
| jdstrand | SNAP_APP_DATA_PATH | 21:05 |
| jdstrand | sorry, that should work | 21:05 |
| code1o6 | https://github.com/ubuntu-core/snapcraft/commit/04b1a13bc03305bc3180e71ede2f39b3183482d9 | 21:05 |
| jdstrand | note, hello-world.env is awfully handy | 21:05 |
| code1o6 | jdstrand, I get the same result | 21:11 |
| code1o6 | jdstrand, wait | 21:12 |
| code1o6 | jdstrand, it works so where is $SNAP_DATA_PATH ? | 21:19 |
| zyga | code1o6: look at launcher (in $PATH) to see | 21:19 |
| zyga | ls /snaps/bin | 21:19 |
| code1o6 | you mean /apps/bin? | 21:20 |
| zyga | yes, sorry :) | 21:21 |
| zyga | (I didn't know it changed already, I know it was supposed to change) | 21:21 |
| code1o6 | I found the bash script but it not in the same directory | 21:22 |
| code1o6 | zyga, I'm having now luck | 21:24 |
| zyga | code1o6: cool :) | 21:25 |
| code1o6 | zyga, oops *no | 21:25 |
| zyga | code1o6: well, all I wanted to say is that you can look at the scripts | 21:27 |
| code1o6 | Found it but it's empty | 21:27 |
| zyga | code1o6: and see what variables are set | 21:27 |
| zyga | code1o6: then something is wrong, it should not be empty | 21:27 |
| jdstrand | SNAP_DATA_PATH isn't a thing (I said it was, I was wrong). SNAP_DATA is 16.04 and SNAP_APP_DATA_PATH is 15.04. both are in /var/lib/snaps/... | 21:27 |
| code1o6 | it was /var/lib/apps/ | 21:27 |
| jdstrand | erf | 21:28 |
| jdstrand | 15.04 is /var/lib/apps/... | 21:28 |
| jdstrand | ETOOMANYCHANGES :) | 21:28 |
| code1o6 | yes | 21:28 |
| code1o6 | jdstrand, I know :( | 21:28 |
| code1o6 | jdstrand, can I try to run nmap from /apps/blah/bin/nmap | 21:29 |
| jdstrand | code1o6: not easily. I suggest adding something to 'binaries' like so: | 21:30 |
| jdstrand | binaries: | 21:30 |
| jdstrand | - name: sh | 21:30 |
| jdstrand | caps: [network-client, network-admin] | 21:30 |
| jdstrand | let's change that | 21:31 |
| jdstrand | binaries: | 21:31 |
| jdstrand | - name: bin/myshell | 21:31 |
| jdstrand | caps: [network-client, network-admin] | 21:31 |
| jdstrand | then create bin/myshell to be: | 21:31 |
| jdstrand | #!/bin/sh | 21:31 |
| jdstrand | sh | 21:32 |
| jdstrand | then you can do: appname.myshell | 21:32 |
| jdstrand | and get a shell where you can play around with equivalent confinement, run nmap, etc | 21:32 |
| jdstrand | code1o6: I'm going to have to step away. good luck! | 21:33 |
| code1o6 | okay, just add binaries section to snapcraft.yaml | 21:33 |
| code1o6 | jdstrand, thanks for all help :D | 21:33 |
| jdstrand | yeah | 21:34 |
| zyga | jdstrand: https://github.com/ubuntu-core/snappy/pull/733/ | 23:45 |
| zyga | jdstrand: just FYI, you don't have to review it yet | 23:45 |
| zyga | jdstrand: this *makes it happen* :-) | 23:45 |
| zyga | ogra_: ^^ :-) | 23:45 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!
