/srv/irclogs.ubuntu.com/2016/10/30/#snappy.txt

=== JanC is now known as Guest84922
=== JanC_ is now known as JanC
mup	PR snapcraft#868 closed: Parametrize call args for pluginhandler <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/868>	07:36
zyga	Son_Goku: hey	13:23
zyga	Son_Goku: greetings from bucharest	13:23
zyga	Son_Goku: how's stuff?	13:23
Son_Goku	you're alive!	13:23
Son_Goku	\o/	13:23
zyga	gee, dude, shave ;-)	13:23
zyga	this is the last week of my journes	13:24
zyga	I saw some warnings that snap-confine doesn't build in master	13:24
zyga	Son_Goku: how are you doing?	13:25
Son_Goku	I'm alright	13:26
Son_Goku	I've been getting pings about snapd for Fedora though	13:26
Son_Goku	and you missed me getting the policy working	13:26
zyga	Son_Goku: \o/	13:27
zyga	Son_Goku: wooot, what's next?	13:27
* zyga hugs Son_Goku :)		13:27
Son_Goku	https://github.com/zyga/snapcore-fedora/pull/10	13:27
mup	PR zyga/snapcore-fedora#10: Refresh patches for snapd spec <Created by Conan-Kudo> <https://github.com/zyga/snapcore-fedora/pull/10>	13:27
Son_Goku	first, merge that	13:27
zyga	Son_Goku: I was broken during wekeend and partially last week, trying to get some health back	13:27
zyga	checking that out now :)	13:28
Son_Goku	then update https://bugzilla.redhat.com/show_bug.cgi?id=1367825 with a new spec	13:28
Son_Goku	and SRPM	13:28
zyga	yep, with pleasure!	13:28
Son_Goku	and since the service files have changed a bit, check to be sure if additional services need to be requested for the preset: https://bugzilla.redhat.com/show_bug.cgi?id=1367932	13:29
zyga	Son_Goku: yeah, I was just thinking about that	13:29
Son_Goku	I think snapd.autoimport.service needs to be enabled as well	13:29
zyga	Son_Goku: no, not really, it's just for core AFAIK	13:29
zyga	Son_Goku: I need to check with mvo when he's here today but I don't think we need it	13:29
zyga	well. think :)	13:29
zyga	Did you get it to work all the way?	13:30
zyga	with snaps installing and stuff?	13:30
zyga	`+2.8.4 (Apple Git-73)	13:30
Son_Goku	well, I need to retest on a fresh VM to be certain, but yes	13:30
zyga	was that you or me? :)	13:30
Son_Goku	https://github.com/snapcore/snapd/blob/master/debian/rules#L66	13:30
zyga	that's amazing :)	13:30
Son_Goku	that's where I checked to see the services that should be enabled	13:31
zyga	yeah, I know we run them everywhere	13:31
zyga	but I think this was just us hurrying with image readiness	13:31
zyga	I'll double check with mvo	13:31
Son_Goku	ah	13:31
zyga	I'd rather not enable that service unless we have to	13:31
Son_Goku	right	13:31
Son_Goku	if it's not necessary, then leave it be	13:31
Son_Goku	I've already updated the patches to have new versions of the services :)	13:32
Son_Goku	O.o	13:34
Son_Goku	ffs	13:34
Son_Goku	the store doesn't work now!	13:34
Son_Goku	because it uses port 53	13:34
Son_Goku	nowhere was that documented :(	13:34
zyga	Son_Goku: what's the .foo syntax in %patchN	13:34
=== pedronis` is now known as pedronis
zyga	what?!?	13:35
Son_Goku	zyga, if the patch fails, the buildroot maintains a backup copy of the original with that prefix	13:35
zyga	port 53?	13:35
zyga	ah, nice	13:35
Son_Goku	makes it easier for rediffing	13:35
Son_Goku	wtf is it using port 53 for?!	13:35
zyga	Son_Goku: DNS?	13:36
zyga	Son_Goku: can you point me to some code that does this?	13:36
Son_Goku	I just tried to do "sudo snap install hello"	13:36
Son_Goku	try it in a Fedora VM with the package and latest stuff	13:36
Son_Goku	ah, I think it is DNS lookup	13:36
Son_Goku	why is snapd doing its own DNS lookup?	13:37
zyga	Son_Goku: probably because it's golang but I'm checking	13:37
zyga	Son_Goku: yes, internal DNS	13:39
zyga	Son_Goku: does that need selinxu tweaks?	13:39
Son_Goku	yes	13:39
Son_Goku	are there any other TCP/UDP things that I need to do as well?	13:39
zyga	I don't know of any	13:41
zyga	just https and DNS	13:41
zyga	Son_Goku: as a side comment, working on confinement of any kind makes you re-learn how the stack _really_ works	13:42
zyga	Son_Goku: I find that refreshing	13:42
zyga	Son_Goku: merged	13:46
Son_Goku	I'm working on adding rules for dns and http cache ports	13:46
Son_Goku	I have a feeling it'd be a good idea to add cache ports too	13:46
zyga	Son_Goku: http cache?	13:47
* zyga is starving, had u-breakfast only		13:47
Son_Goku	ports like 8080, etc.	13:47
Son_Goku	often used by proxies and stuff	13:48
zyga	ah, I understand	13:48
zyga	sure	13:48
zyga	Son_Goku: ok, we don't want autoimport	13:51
zyga	Son_Goku: I'll ript it out (both the service and udev)	13:51
Son_Goku	okay	13:51
zyga	Son_Goku: this means the approvals are okay now	13:51
Son_Goku	just don't install the files, but leave the patches alone	13:51
zyga	Son_Goku: I'll do this and redo the SRPM :)	13:51
zyga	OK	13:51
Son_Goku	what are they used for, btw?	13:51
zyga	they are used to claim a headless device	13:52
zyga	plug a drive with stuff you made elsewhere	13:52
Son_Goku	ah	13:52
Son_Goku	useless then	13:52
zyga	it sucks assertions	13:52
zyga	yes	13:52
zyga	and "acks" them	13:52
Son_Goku	but yeah, leave the patch alone	13:52
zyga	(imports and checks signatures and cross-signatures and stuff)	13:52
Son_Goku	as it can eventually be applied to snapd once the debian packaging is gutted from the package	13:52
Son_Goku	technically, it could be applied now, as it doesn't conflict	13:53
Son_Goku	but... meh	13:53
zyga	Son_Goku: pushed a small patch, please look at it	13:57
zyga	Son_Goku: this week I'll try to merge snap-confine into snapd and we _may_ finally get dist tarballs	13:59
Son_Goku	neh	14:00
Son_Goku	not particularly enthused about that shrugs	14:00
zyga	well, it will simplify a lot though	14:00
zyga	one package	14:00
Son_Goku	at least from my point of view, not really	14:01
Son_Goku	if we really wanted to build everything as one thing, we could have, since rpmspec supports multiple sources	14:01
Son_Goku	technically, so does dsc built debian packages	14:02
zyga	Son_Goku: yeah, that's true, this is more of an upstream change though, it will make changes easier	14:02
zyga	close coupling between the two packages	14:02
Son_Goku	zyga, you know, I'm surprised you guys don't just use systemd presets in the packaging of snapd for Debian/Ubuntu	14:08
Son_Goku	it makes things a lot simpler	14:08
Son_Goku	then you don't even need dh-systemd to do much	14:08
zyga	Son_Goku: I suspect because those are not used in debian but I don't know	14:09
zyga	Son_Goku: the first time I even realized this feature existed was when I started working with fedora	14:10
zyga	Son_Goku: I'm building everything locally for testing	14:11
zyga	Son_Goku: I'll do a small release of snap-confine to fix some issues and integrate patches with packaging, probably 1.0.44.1	14:11
zyga	Son_Goku: but only after this works :)	14:11
zyga	Son_Goku: I think we should do f24+ only for now	14:11
zyga	Son_Goku: until 23 is resolved	14:11
zyga	Son_Goku: right now I think I broke 23 because of older libc (trivial patch already merged into master)	14:12
zyga	Son_Goku: and we need to update something (still unsure what) to get store interaction to work	14:13
Son_Goku	well, Fedora 23 is EOL in December	14:13
zyga	Son_Goku: but again, I'll focus on 23 when 24+ is done	14:13
zyga	Son_Goku: are there any stats available to know how many users moved to 24 already?	14:13
* Son_Goku shrugs		14:13
zyga	OK	14:13
zyga	well, I think 23 shoudl be easy-ish	14:14
zyga	fingers crossed :)	14:14
zyga	Son_Goku: what should I say for bodhi type= when there's just a new upstream release?	14:16
Son_Goku	use bugfix as the type unless it's an enhancement	14:16
zyga	Son_Goku: I want to update snap-confine in f24 with the new patches and snap runtime layout	14:16
Son_Goku	or a security fix	14:16
Son_Goku	bugfix	14:16
Son_Goku	use bugfix	14:16
zyga	Son_Goku: is there a bug? I think we can only refer to snapd tracking bug itself (/snap change)	14:16
Son_Goku	bugfix doesn't require a bug	14:17
zyga	Son_Goku: do I need a bug number or will it ignore it?	14:17
zyga	ah, OK	14:17
Son_Goku	it'll ignore it if no bugs are listed	14:17
zyga	Son_Goku: any karma tweaks I should apply?	14:17
Son_Goku	change the positive karma version from 3 to 1	14:17
zyga	thanks, done	14:18
Son_Goku	though I hadn't been pushing snap-confine updates through bodhi because I figured we'd want to ship snap-confine and snapd in the same update	14:18
zyga	https://bodhi.fedoraproject.org/updates/FEDORA-2016-c579dae0b4	14:18
zyga	well, not today :)	14:19
zyga	today I just want both out	14:19
Son_Goku	well, fortunately, we can edit an existing update :)	14:20
zyga	and this is 25	14:21
zyga	https://bodhi.fedoraproject.org/updates/FEDORA-2016-f3b947ec5d	14:21
* zyga reboots with enforcing policy :)		14:21
zyga	"make selinux enforcing again"	14:21
zyga	I'll bump snap-confine dependeny to .44	14:24
zyga	Son_Goku: more selinxu denials	14:25
zyga	paź 30 15:25:38 fedora24 setroubleshoot[3400]: SELinux is preventing snapd from read access on the directory /etc/systemd/system. For complete SELinux messages. run sealert -l 3dc56126-a462-4305-8495-d9bb54be3740	14:26
zyga	Son_Goku: can you please include that in the policy?	14:26
Son_Goku	why does it need to read /etc/systemd/system?	14:26
zyga	Son_Goku: you made it :)	14:26
zyga	ah	14:26
zyga	well, sorry	14:26
zyga	my bad :)	14:26
zyga	it needs to because it looks there for systemd units	14:26
zyga	and knows which one to make and which to remove	14:27
zyga	(snap specific untis)	14:27
Son_Goku	so it needs read/write access to /etc/systemd/system	14:27
zyga	Son_Goku: correct	14:27
zyga	Son_Goku: one more denial	14:27
zyga	paź 30 15:25:29 fedora24 setroubleshoot[3400]: SELinux is preventing snapd from node_bind access on the tcp_socket port None. For complete SELinux messages. run sealert -l 73e31352-953f-4156-8ab0-7b67ce1db019	14:27
zyga	paź 30 15:25:29 fedora24 python3[3400]: SELinux is preventing snapd from node_bind access on the tcp_socket port None.	14:28
zyga	that's internal golang thing that probes for ipv6	14:28
zyga	Son_Goku: does this look ok? http://paste.ubuntu.com/23402604/	14:35
Son_Goku	that's fine	14:35
zyga	(I switched to ubuntu pastebin as the one on fedora didn't work for some reason)	14:35
zyga	Son_Goku: pushed	14:36
zyga	Son_Goku: if you fix the policy I think we can get this in now :)	14:36
zyga	Son_Goku: can I help you in any way?	14:36
Son_Goku	hmm	14:39
Son_Goku	this is annoying	14:39
Son_Goku	I may have to grant access to unlabeled files because snaps don't have the label applied to them :(	14:39
zyga	Son_Goku: can you be more specifc?	14:40
zyga	Son_Goku: snapd doesn't touch (I think) snap files, just systemd units it creates, udev rules it creates and a few other similar things (dbus xml stuff)	14:40
zyga	Son_Goku: can those inherit the label from snapd somehow?	14:40
Son_Goku	not sure	14:41
Son_Goku	I wonder if systemd mounts can be set up to mount with a label?	14:41
zyga	Son_Goku: maybe, let me look	14:41
zyga	Son_Goku: nothing in systemd.mount	14:42
zyga	er, systemd.unit	14:42
zyga	morphis: hey	14:47
zyga	morphis: are you working today?	14:47
* zyga inspects failures on f26 and ppc64		14:50
zyga	DEBUG util.py:421: Error: nothing provides kernel-headers >= 2.2.1 needed by glibc-headers-2.24.90-13.fc26.ppc64.	14:51
zyga	DEBUG util.py:421: nothing provides kernel-headers >= 2.2.1 needed by glibc-headers-2.24.90-13.fc26.ppc64	14:51
zyga	looks like something that's more general	14:51
zyga	Son_Goku: I'll step outside to have a snack	14:53
=== chihchun_afk is now known as chihchun
Son_Goku	urgh	16:01
Son_Goku	Ubuntu Core does way too much	16:01
linuxhiker	I am trying to figure out how to get the following to happen: ./configure; make world	17:13
linuxhiker	I have configure working just fine	17:14
linuxhiker	and make without world just fine	17:14
linuxhiker	I figured out that if I use the make plugin, I can use a parent make file that can call world	17:14
linuxhiker	but that is outside of the source tree as it is part of the snapcraft build system, not the software I am actually trying to build	17:14
qengho	linuxhiker: Is that "configure" autoconf?	17:47
qengho	linuxhiker: That "world" bit seems weird. Does it have a "install" target?	17:49
linuxhiker	qengho: yes the configure is autoconf (that part works) and in fact the basic build works fine	17:53
linuxhiker	qengho: but "world" is needed to build a secondary part of the source tree that only builds with either "world" or something like make -C contrib/Makefile	17:54
zyga	Son_Goku: hey	19:24
zyga	Son_Goku: so what did you manage to do with the policy?	19:24
Son_Goku	I hate Ubuntu Core	19:24
Son_Goku	I got enough for snapd, but apparently ubuntu-core wants to stick its fingers everywhere	19:25
zyga	Son_Goku: can you be more specific and less dramatic	19:26
Son_Goku	also, is ~/snap a directory created by snapd?	19:26
zyga	indirectly, through snap run or snap-confine	19:26
Son_Goku	zyga, ubuntu-core installs udev rules, etc.	19:26
zyga	(currently both do)	19:26
Son_Goku	okay, so I need to define a snap_home_t	19:26
zyga	Son_Goku: yes, it manages the system	19:26
* zyga pats Son_Goku on the back		19:27
zyga	you can do it :)	19:27
* Son_Goku sighs		19:27
Son_Goku	also, apparently something wants to talk to NetworkManager	19:27
* Son_Goku is tired		19:28
Son_Goku	I'm taking a break from playing whack-a-mole	19:29
Son_Goku	zyga, are there any specific directories I need to know about for the home directory?	19:29
zyga	Son_Goku: no, just ~/snap	19:32
=== JanC_ is now known as JanC

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!