=== JanC is now known as Guest84922 | ||
=== JanC_ is now known as JanC | ||
mup | PR snapcraft#868 closed: Parametrize call args for pluginhandler <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/868> | 07:36 |
---|---|---|
zyga | Son_Goku: hey | 13:23 |
zyga | Son_Goku: greetings from bucharest | 13:23 |
zyga | Son_Goku: how's stuff? | 13:23 |
Son_Goku | you're alive! | 13:23 |
Son_Goku | *\o/* | 13:23 |
zyga | gee, dude, shave ;-) | 13:23 |
zyga | this is the last week of my journes | 13:24 |
zyga | I saw some warnings that snap-confine doesn't build in master | 13:24 |
zyga | Son_Goku: how are you doing? | 13:25 |
Son_Goku | I'm alright | 13:26 |
Son_Goku | I've been getting pings about snapd for Fedora though | 13:26 |
Son_Goku | and you missed me getting the policy working | 13:26 |
zyga | Son_Goku: \o/ | 13:27 |
zyga | Son_Goku: wooot, what's next? | 13:27 |
* zyga hugs Son_Goku :) | 13:27 | |
Son_Goku | https://github.com/zyga/snapcore-fedora/pull/10 | 13:27 |
mup | PR zyga/snapcore-fedora#10: Refresh patches for snapd spec <Created by Conan-Kudo> <https://github.com/zyga/snapcore-fedora/pull/10> | 13:27 |
Son_Goku | first, merge that | 13:27 |
zyga | Son_Goku: I was broken during wekeend and partially last week, trying to get some health back | 13:27 |
zyga | checking that out now :) | 13:28 |
Son_Goku | then update https://bugzilla.redhat.com/show_bug.cgi?id=1367825 with a new spec | 13:28 |
Son_Goku | and SRPM | 13:28 |
zyga | yep, with pleasure! | 13:28 |
Son_Goku | and since the service files have changed a bit, check to be sure if additional services need to be requested for the preset: https://bugzilla.redhat.com/show_bug.cgi?id=1367932 | 13:29 |
zyga | Son_Goku: yeah, I was just thinking about that | 13:29 |
Son_Goku | I think snapd.autoimport.service needs to be enabled as well | 13:29 |
zyga | Son_Goku: no, not really, it's just for core AFAIK | 13:29 |
zyga | Son_Goku: I need to check with mvo when he's here today but I don't think we need it | 13:29 |
zyga | well. think :) | 13:29 |
zyga | Did you get it to work all the way? | 13:30 |
zyga | with snaps installing and stuff? | 13:30 |
zyga | `+2.8.4 (Apple Git-73) | 13:30 |
Son_Goku | well, I need to retest on a fresh VM to be certain, but yes | 13:30 |
zyga | was that you or me? :) | 13:30 |
Son_Goku | https://github.com/snapcore/snapd/blob/master/debian/rules#L66 | 13:30 |
zyga | that's amazing :) | 13:30 |
Son_Goku | that's where I checked to see the services that should be enabled | 13:31 |
zyga | yeah, I know we run them everywhere | 13:31 |
zyga | but I think this was just us hurrying with image readiness | 13:31 |
zyga | I'll double check with mvo | 13:31 |
Son_Goku | ah | 13:31 |
zyga | I'd rather not enable that service unless we have to | 13:31 |
Son_Goku | right | 13:31 |
Son_Goku | if it's not necessary, then leave it be | 13:31 |
Son_Goku | I've already updated the patches to have new versions of the services :) | 13:32 |
Son_Goku | O.o | 13:34 |
Son_Goku | ffs | 13:34 |
Son_Goku | the store doesn't work now! | 13:34 |
Son_Goku | because it uses port 53 | 13:34 |
Son_Goku | nowhere was that documented :( | 13:34 |
zyga | Son_Goku: what's the .foo syntax in %patchN | 13:34 |
=== pedronis` is now known as pedronis | ||
zyga | what?!? | 13:35 |
Son_Goku | zyga, if the patch fails, the buildroot maintains a backup copy of the original with that prefix | 13:35 |
zyga | port 53? | 13:35 |
zyga | ah, nice | 13:35 |
Son_Goku | makes it easier for rediffing | 13:35 |
Son_Goku | wtf is it using port 53 for?! | 13:35 |
zyga | Son_Goku: DNS? | 13:36 |
zyga | Son_Goku: can you point me to some code that does this? | 13:36 |
Son_Goku | I just tried to do "sudo snap install hello" | 13:36 |
Son_Goku | try it in a Fedora VM with the package and latest stuff | 13:36 |
Son_Goku | ah, I think it is DNS lookup | 13:36 |
Son_Goku | why is snapd doing its own DNS lookup? | 13:37 |
zyga | Son_Goku: probably because it's golang but I'm checking | 13:37 |
zyga | Son_Goku: yes, internal DNS | 13:39 |
zyga | Son_Goku: does that need selinxu tweaks? | 13:39 |
Son_Goku | yes | 13:39 |
Son_Goku | are there any other TCP/UDP things that I need to do as well? | 13:39 |
zyga | I don't know of any | 13:41 |
zyga | just https and DNS | 13:41 |
zyga | Son_Goku: as a side comment, working on confinement of any kind makes you re-learn how the stack _really_ works | 13:42 |
zyga | Son_Goku: I find that refreshing | 13:42 |
zyga | Son_Goku: merged | 13:46 |
Son_Goku | I'm working on adding rules for dns and http cache ports | 13:46 |
Son_Goku | I have a feeling it'd be a good idea to add cache ports too | 13:46 |
zyga | Son_Goku: http cache? | 13:47 |
* zyga is starving, had u-breakfast only | 13:47 | |
Son_Goku | ports like 8080, etc. | 13:47 |
Son_Goku | often used by proxies and stuff | 13:48 |
zyga | ah, I understand | 13:48 |
zyga | sure | 13:48 |
zyga | Son_Goku: ok, we don't want autoimport | 13:51 |
zyga | Son_Goku: I'll ript it out (both the service and udev) | 13:51 |
Son_Goku | okay | 13:51 |
zyga | Son_Goku: this means the approvals are okay now | 13:51 |
Son_Goku | just don't install the files, but leave the patches alone | 13:51 |
zyga | Son_Goku: I'll do this and redo the SRPM :) | 13:51 |
zyga | OK | 13:51 |
Son_Goku | what are they used for, btw? | 13:51 |
zyga | they are used to claim a headless device | 13:52 |
zyga | plug a drive with stuff you made elsewhere | 13:52 |
Son_Goku | ah | 13:52 |
Son_Goku | useless then | 13:52 |
zyga | it sucks assertions | 13:52 |
zyga | yes | 13:52 |
zyga | and "acks" them | 13:52 |
Son_Goku | but yeah, leave the patch alone | 13:52 |
zyga | (imports and checks signatures and cross-signatures and stuff) | 13:52 |
Son_Goku | as it can eventually be applied to snapd once the debian packaging is gutted from the package | 13:52 |
Son_Goku | technically, it could be applied now, as it doesn't conflict | 13:53 |
Son_Goku | but... meh | 13:53 |
zyga | Son_Goku: pushed a small patch, please look at it | 13:57 |
zyga | Son_Goku: this week I'll try to merge snap-confine into snapd and we _may_ finally get dist tarballs | 13:59 |
Son_Goku | neh | 14:00 |
Son_Goku | not particularly enthused about that *shrugs* | 14:00 |
zyga | well, it will simplify a lot though | 14:00 |
zyga | one package | 14:00 |
Son_Goku | at least from my point of view, not really | 14:01 |
Son_Goku | if we really wanted to build everything as one thing, we could have, since rpmspec supports multiple sources | 14:01 |
Son_Goku | technically, so does dsc built debian packages | 14:02 |
zyga | Son_Goku: yeah, that's true, this is more of an upstream change though, it will make changes easier | 14:02 |
zyga | close coupling between the two packages | 14:02 |
Son_Goku | zyga, you know, I'm surprised you guys don't just use systemd presets in the packaging of snapd for Debian/Ubuntu | 14:08 |
Son_Goku | it makes things a lot simpler | 14:08 |
Son_Goku | then you don't even *need* dh-systemd to do much | 14:08 |
zyga | Son_Goku: I suspect because those are not used in debian but I don't know | 14:09 |
zyga | Son_Goku: the first time I even realized this feature existed was when I started working with fedora | 14:10 |
zyga | Son_Goku: I'm building everything locally for testing | 14:11 |
zyga | Son_Goku: I'll do a small release of snap-confine to fix some issues and integrate patches with packaging, probably 1.0.44.1 | 14:11 |
zyga | Son_Goku: but only after this works :) | 14:11 |
zyga | Son_Goku: I think we should do f24+ only for now | 14:11 |
zyga | Son_Goku: until 23 is resolved | 14:11 |
zyga | Son_Goku: right now I think I broke 23 because of older libc (trivial patch already merged into master) | 14:12 |
zyga | Son_Goku: and we need to update something (still unsure what) to get store interaction to work | 14:13 |
Son_Goku | well, Fedora 23 is EOL in December | 14:13 |
zyga | Son_Goku: but again, I'll focus on 23 when 24+ is done | 14:13 |
zyga | Son_Goku: are there any stats available to know how many users moved to 24 already? | 14:13 |
* Son_Goku shrugs | 14:13 | |
zyga | OK | 14:13 |
zyga | well, I think 23 shoudl be easy-ish | 14:14 |
zyga | fingers crossed :) | 14:14 |
zyga | Son_Goku: what should I say for bodhi type= when there's just a new upstream release? | 14:16 |
Son_Goku | use bugfix as the type unless it's an enhancement | 14:16 |
zyga | Son_Goku: I want to update snap-confine in f24 with the new patches and snap runtime layout | 14:16 |
Son_Goku | or a security fix | 14:16 |
Son_Goku | bugfix | 14:16 |
Son_Goku | use bugfix | 14:16 |
zyga | Son_Goku: is there a bug? I think we can only refer to snapd tracking bug itself (/snap change) | 14:16 |
Son_Goku | bugfix doesn't require a bug | 14:17 |
zyga | Son_Goku: do I need a bug number or will it ignore it? | 14:17 |
zyga | ah, OK | 14:17 |
Son_Goku | it'll ignore it if no bugs are listed | 14:17 |
zyga | Son_Goku: any karma tweaks I should apply? | 14:17 |
Son_Goku | change the positive karma version from 3 to 1 | 14:17 |
zyga | thanks, done | 14:18 |
Son_Goku | though I hadn't been pushing snap-confine updates through bodhi because I figured we'd want to ship snap-confine and snapd in the same update | 14:18 |
zyga | https://bodhi.fedoraproject.org/updates/FEDORA-2016-c579dae0b4 | 14:18 |
zyga | well, not today :) | 14:19 |
zyga | today I just want both out | 14:19 |
Son_Goku | well, fortunately, we can edit an existing update :) | 14:20 |
zyga | and this is 25 | 14:21 |
zyga | https://bodhi.fedoraproject.org/updates/FEDORA-2016-f3b947ec5d | 14:21 |
* zyga reboots with enforcing policy :) | 14:21 | |
zyga | "make selinux enforcing again" | 14:21 |
zyga | I'll bump snap-confine dependeny to .44 | 14:24 |
zyga | Son_Goku: more selinxu denials | 14:25 |
zyga | paź 30 15:25:38 fedora24 setroubleshoot[3400]: SELinux is preventing snapd from read access on the directory /etc/systemd/system. For complete SELinux messages. run sealert -l 3dc56126-a462-4305-8495-d9bb54be3740 | 14:26 |
zyga | Son_Goku: can you please include that in the policy? | 14:26 |
Son_Goku | why does it need to read /etc/systemd/system? | 14:26 |
zyga | Son_Goku: you made it :) | 14:26 |
zyga | ah | 14:26 |
zyga | well, sorry | 14:26 |
zyga | my bad :) | 14:26 |
zyga | it needs to because it looks there for systemd units | 14:26 |
zyga | and knows which one to make and which to remove | 14:27 |
zyga | (snap specific untis) | 14:27 |
Son_Goku | so it needs read/write access to /etc/systemd/system | 14:27 |
zyga | Son_Goku: correct | 14:27 |
zyga | Son_Goku: one more denial | 14:27 |
zyga | paź 30 15:25:29 fedora24 setroubleshoot[3400]: SELinux is preventing snapd from node_bind access on the tcp_socket port None. For complete SELinux messages. run sealert -l 73e31352-953f-4156-8ab0-7b67ce1db019 | 14:27 |
zyga | paź 30 15:25:29 fedora24 python3[3400]: SELinux is preventing snapd from node_bind access on the tcp_socket port None. | 14:28 |
zyga | that's internal golang thing that probes for ipv6 | 14:28 |
zyga | Son_Goku: does this look ok? http://paste.ubuntu.com/23402604/ | 14:35 |
Son_Goku | that's fine | 14:35 |
zyga | (I switched to ubuntu pastebin as the one on fedora didn't work for some reason) | 14:35 |
zyga | Son_Goku: pushed | 14:36 |
zyga | Son_Goku: if you fix the policy I think we can get this in now :) | 14:36 |
zyga | Son_Goku: can I help you in any way? | 14:36 |
Son_Goku | hmm | 14:39 |
Son_Goku | this is annoying | 14:39 |
Son_Goku | I may have to grant access to unlabeled files because snaps don't have the label applied to them :( | 14:39 |
zyga | Son_Goku: can you be more specifc? | 14:40 |
zyga | Son_Goku: snapd doesn't touch (I think) snap files, just systemd units it creates, udev rules it creates and a few other similar things (dbus xml stuff) | 14:40 |
zyga | Son_Goku: can those inherit the label from snapd somehow? | 14:40 |
Son_Goku | not sure | 14:41 |
Son_Goku | I wonder if systemd mounts can be set up to mount with a label? | 14:41 |
zyga | Son_Goku: maybe, let me look | 14:41 |
zyga | Son_Goku: nothing in systemd.mount | 14:42 |
zyga | er, systemd.unit | 14:42 |
zyga | morphis: hey | 14:47 |
zyga | morphis: are you working today? | 14:47 |
* zyga inspects failures on f26 and ppc64 | 14:50 | |
zyga | DEBUG util.py:421: Error: nothing provides kernel-headers >= 2.2.1 needed by glibc-headers-2.24.90-13.fc26.ppc64. | 14:51 |
zyga | DEBUG util.py:421: nothing provides kernel-headers >= 2.2.1 needed by glibc-headers-2.24.90-13.fc26.ppc64 | 14:51 |
zyga | looks like something that's more general | 14:51 |
zyga | Son_Goku: I'll step outside to have a snack | 14:53 |
=== chihchun_afk is now known as chihchun | ||
Son_Goku | urgh | 16:01 |
Son_Goku | Ubuntu Core does way too much | 16:01 |
linuxhiker | I am trying to figure out how to get the following to happen: ./configure; make world | 17:13 |
linuxhiker | I have configure working just fine | 17:14 |
linuxhiker | and make without world just fine | 17:14 |
linuxhiker | I figured out that if I use the make plugin, I can use a parent make file that can call world | 17:14 |
linuxhiker | but that is outside of the source tree as it is part of the snapcraft build system, not the software I am actually trying to build | 17:14 |
qengho | linuxhiker: Is that "configure" autoconf? | 17:47 |
qengho | linuxhiker: That "world" bit seems weird. Does it have a "install" target? | 17:49 |
linuxhiker | qengho: yes the configure is autoconf (that part works) and in fact the basic build works fine | 17:53 |
linuxhiker | qengho: but "world" is needed to build a secondary part of the source tree that only builds with either "world" or something like make -C contrib/Makefile | 17:54 |
zyga | Son_Goku: hey | 19:24 |
zyga | Son_Goku: so what did you manage to do with the policy? | 19:24 |
Son_Goku | I hate Ubuntu Core | 19:24 |
Son_Goku | I got enough for snapd, but apparently ubuntu-core wants to stick its fingers everywhere | 19:25 |
zyga | Son_Goku: can you be more specific and less dramatic | 19:26 |
Son_Goku | also, is ~/snap a directory created by snapd? | 19:26 |
zyga | indirectly, through snap run or snap-confine | 19:26 |
Son_Goku | zyga, ubuntu-core installs udev rules, etc. | 19:26 |
zyga | (currently both do) | 19:26 |
Son_Goku | okay, so I need to define a snap_home_t | 19:26 |
zyga | Son_Goku: yes, it manages the system | 19:26 |
* zyga pats Son_Goku on the back | 19:27 | |
zyga | you can do it :) | 19:27 |
* Son_Goku sighs | 19:27 | |
Son_Goku | also, apparently something wants to talk to NetworkManager | 19:27 |
* Son_Goku is tired | 19:28 | |
Son_Goku | I'm taking a break from playing whack-a-mole | 19:29 |
Son_Goku | zyga, are there any specific directories I need to know about for the home directory? | 19:29 |
zyga | Son_Goku: no, just ~/snap | 19:32 |
=== JanC_ is now known as JanC |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!