[07:36] <mup> PR snapcraft#868 closed: Parametrize call args for pluginhandler <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/868>
[13:23] <zyga> Son_Goku: hey
[13:23] <zyga> Son_Goku: greetings from bucharest
[13:23] <zyga> Son_Goku: how's stuff?
[13:23] <Son_Goku> you're alive!
[13:23] <Son_Goku> *\o/*
[13:23] <zyga> gee, dude, shave ;-)
[13:24] <zyga> this is the last week of my journes
[13:24] <zyga> I saw some warnings that snap-confine doesn't build in master
[13:25] <zyga> Son_Goku: how are you doing?
[13:26] <Son_Goku> I'm alright
[13:26] <Son_Goku> I've been getting pings about snapd for Fedora though
[13:26] <Son_Goku> and you missed me getting the policy working
[13:27] <zyga> Son_Goku: \o/
[13:27] <zyga> Son_Goku: wooot, what's next?
[13:27]  * zyga hugs Son_Goku :)
[13:27] <Son_Goku> https://github.com/zyga/snapcore-fedora/pull/10
[13:27] <mup> PR zyga/snapcore-fedora#10: Refresh patches for snapd spec <Created by Conan-Kudo> <https://github.com/zyga/snapcore-fedora/pull/10>
[13:27] <Son_Goku> first, merge that
[13:27] <zyga> Son_Goku: I was broken during wekeend and partially last week, trying to get some health back
[13:28] <zyga> checking that out now :)
[13:28] <Son_Goku> then update https://bugzilla.redhat.com/show_bug.cgi?id=1367825 with a new spec
[13:28] <Son_Goku> and SRPM
[13:28] <zyga> yep, with pleasure!
[13:29] <Son_Goku> and since the service files have changed a bit, check to be sure if additional services need to be requested for the preset: https://bugzilla.redhat.com/show_bug.cgi?id=1367932
[13:29] <zyga> Son_Goku: yeah, I was just thinking about that
[13:29] <Son_Goku> I think snapd.autoimport.service needs to be enabled as well
[13:29] <zyga> Son_Goku: no, not really, it's just for core AFAIK
[13:29] <zyga> Son_Goku: I need to check with mvo when he's here today but I don't think we need it
[13:29] <zyga> well. think :)
[13:30] <zyga> Did you get it to work all the way?
[13:30] <zyga> with snaps installing and stuff?
[13:30] <zyga> `+2.8.4 (Apple Git-73)
[13:30] <Son_Goku> well, I need to retest on a fresh VM to be certain, but yes
[13:30] <zyga> was that you or me? :)
[13:30] <Son_Goku> https://github.com/snapcore/snapd/blob/master/debian/rules#L66
[13:30] <zyga> that's amazing :)
[13:31] <Son_Goku> that's where I checked to see the services that should be enabled
[13:31] <zyga> yeah, I know we run them everywhere
[13:31] <zyga> but I think this was just us hurrying with image readiness
[13:31] <zyga> I'll double check with mvo
[13:31] <Son_Goku> ah
[13:31] <zyga> I'd rather not enable that service unless we have to
[13:31] <Son_Goku> right
[13:31] <Son_Goku> if it's not necessary, then leave it be
[13:32] <Son_Goku> I've already updated the patches to have new versions of the services :)
[13:34] <Son_Goku> O.o
[13:34] <Son_Goku> ffs
[13:34] <Son_Goku> the store doesn't work now!
[13:34] <Son_Goku> because it uses port 53
[13:34] <Son_Goku> nowhere was that documented :(
[13:34] <zyga> Son_Goku: what's the .foo syntax in %patchN
[13:35] <zyga> what?!?
[13:35] <Son_Goku> zyga, if the patch fails, the buildroot maintains a backup copy of the original with that prefix
[13:35] <zyga> port 53?
[13:35] <zyga> ah, nice
[13:35] <Son_Goku> makes it easier for rediffing
[13:35] <Son_Goku> wtf is it using port 53 for?!
[13:36] <zyga> Son_Goku: DNS?
[13:36] <zyga> Son_Goku: can you point me to some code that does this?
[13:36] <Son_Goku> I just tried to do "sudo snap install hello"
[13:36] <Son_Goku> try it in a Fedora VM with the package and latest stuff
[13:36] <Son_Goku> ah, I think it is DNS lookup
[13:37] <Son_Goku> why is snapd doing its own DNS lookup?
[13:37] <zyga> Son_Goku: probably because it's golang but I'm checking
[13:39] <zyga> Son_Goku: yes, internal DNS
[13:39] <zyga> Son_Goku: does that need selinxu tweaks?
[13:39] <Son_Goku> yes
[13:39] <Son_Goku> are there any other TCP/UDP things that I need to do as well?
[13:41] <zyga> I don't know of any
[13:41] <zyga> just https and DNS
[13:42] <zyga> Son_Goku: as a side comment, working on confinement of any kind makes you re-learn how the stack _really_ works
[13:42] <zyga> Son_Goku: I find that refreshing
[13:46] <zyga> Son_Goku: merged
[13:46] <Son_Goku> I'm working on adding rules for dns and http cache ports
[13:46] <Son_Goku> I have a feeling it'd be a good idea to add cache ports too
[13:47] <zyga> Son_Goku: http cache?
[13:47]  * zyga is starving, had u-breakfast only 
[13:47] <Son_Goku> ports like 8080, etc.
[13:48] <Son_Goku> often used by proxies and stuff
[13:48] <zyga> ah, I understand
[13:48] <zyga> sure
[13:51] <zyga> Son_Goku: ok, we don't want autoimport
[13:51] <zyga> Son_Goku: I'll ript it out (both the service and udev)
[13:51] <Son_Goku> okay
[13:51] <zyga> Son_Goku: this means the approvals are okay now
[13:51] <Son_Goku> just don't install the files, but leave the patches alone
[13:51] <zyga> Son_Goku: I'll do this and redo the SRPM :)
[13:51] <zyga> OK
[13:51] <Son_Goku> what are they used for, btw?
[13:52] <zyga> they are used to claim a headless device
[13:52] <zyga> plug a drive with stuff you made elsewhere
[13:52] <Son_Goku> ah
[13:52] <Son_Goku> useless then
[13:52] <zyga> it sucks assertions
[13:52] <zyga> yes
[13:52] <zyga> and "acks" them
[13:52] <Son_Goku> but yeah, leave the patch alone
[13:52] <zyga> (imports and checks signatures and cross-signatures and stuff)
[13:52] <Son_Goku> as it can eventually be applied to snapd once the debian packaging is gutted from the package
[13:53] <Son_Goku> technically, it could be applied now, as it doesn't conflict
[13:53] <Son_Goku> but... meh
[13:57] <zyga> Son_Goku: pushed a small patch, please look at it
[13:59] <zyga> Son_Goku: this week I'll try to merge snap-confine into snapd and we _may_ finally get dist tarballs
[14:00] <Son_Goku> neh
[14:00] <Son_Goku> not particularly enthused about that *shrugs*
[14:00] <zyga> well, it will simplify a lot though
[14:00] <zyga> one package
[14:01] <Son_Goku> at least from my point of view, not really
[14:01] <Son_Goku> if we really wanted to build everything as one thing, we could have, since rpmspec supports multiple sources
[14:02] <Son_Goku> technically, so does dsc built debian packages
[14:02] <zyga> Son_Goku: yeah, that's true, this is more of an upstream change though, it will make changes easier
[14:02] <zyga> close coupling between the two packages
[14:08] <Son_Goku> zyga, you know, I'm surprised you guys don't just use systemd presets in the packaging of snapd for Debian/Ubuntu
[14:08] <Son_Goku> it makes things a lot simpler
[14:08] <Son_Goku> then you don't even *need* dh-systemd to do much
[14:09] <zyga> Son_Goku: I suspect because those are not used in debian but I don't know
[14:10] <zyga> Son_Goku: the first time I even realized this feature existed was when I started working with fedora
[14:11] <zyga> Son_Goku: I'm building everything locally for testing
[14:11] <zyga> Son_Goku: I'll do a small release of snap-confine to fix some issues and integrate patches with packaging, probably 1.0.44.1
[14:11] <zyga> Son_Goku: but only after this works :)
[14:11] <zyga> Son_Goku: I think we should do f24+ only for now
[14:11] <zyga> Son_Goku: until 23 is resolved
[14:12] <zyga> Son_Goku: right now I think I broke 23 because of older libc (trivial patch already merged into master)
[14:13] <zyga> Son_Goku: and we need to update something (still unsure what) to get store interaction to work
[14:13] <Son_Goku> well, Fedora 23 is EOL in December
[14:13] <zyga> Son_Goku: but again, I'll focus on 23 when 24+ is done
[14:13] <zyga> Son_Goku: are there any stats available to know how many users moved to 24 already?
[14:13]  * Son_Goku shrugs
[14:13] <zyga> OK
[14:14] <zyga> well, I think 23 shoudl be easy-ish
[14:14] <zyga> fingers crossed :)
[14:16] <zyga> Son_Goku: what should I say for bodhi type= when there's just a new upstream release?
[14:16] <Son_Goku> use bugfix as the type unless it's an enhancement
[14:16] <zyga> Son_Goku: I want to update snap-confine in f24 with the new patches and snap runtime layout
[14:16] <Son_Goku> or a security fix
[14:16] <Son_Goku> bugfix
[14:16] <Son_Goku> use bugfix
[14:16] <zyga> Son_Goku: is there a bug? I think we can only refer to snapd tracking bug itself (/snap change)
[14:17] <Son_Goku> bugfix doesn't require a bug
[14:17] <zyga> Son_Goku: do I need a bug number or will it ignore it?
[14:17] <zyga> ah, OK
[14:17] <Son_Goku> it'll ignore it if no bugs are listed
[14:17] <zyga> Son_Goku: any karma tweaks I should apply?
[14:17] <Son_Goku> change the positive karma version from 3 to 1
[14:18] <zyga> thanks, done
[14:18] <Son_Goku> though I hadn't been pushing snap-confine updates through bodhi because I figured we'd want to ship snap-confine and snapd in the same update
[14:18] <zyga>   https://bodhi.fedoraproject.org/updates/FEDORA-2016-c579dae0b4
[14:19] <zyga> well, not today :)
[14:19] <zyga> today I just want both out
[14:20] <Son_Goku> well, fortunately, we can edit an existing update :)
[14:21] <zyga> and this is 25
[14:21] <zyga>   https://bodhi.fedoraproject.org/updates/FEDORA-2016-f3b947ec5d
[14:21]  * zyga reboots with enforcing policy :)
[14:21] <zyga> "make selinux enforcing again"
[14:24] <zyga> I'll bump snap-confine dependeny to .44
[14:25] <zyga> Son_Goku: more selinxu denials
[14:26] <zyga> paź 30 15:25:38 fedora24 setroubleshoot[3400]: SELinux is preventing snapd from read access on the directory /etc/systemd/system. For complete SELinux messages. run sealert -l 3dc56126-a462-4305-8495-d9bb54be3740
[14:26] <zyga> Son_Goku: can you please include that in the policy?
[14:26] <Son_Goku> why does it need to read /etc/systemd/system?
[14:26] <zyga> Son_Goku: you made it :)
[14:26] <zyga> ah
[14:26] <zyga> well, sorry
[14:26] <zyga> my bad :)
[14:26] <zyga> it needs to because it looks there for systemd units
[14:27] <zyga> and knows which one to make and which to remove
[14:27] <zyga> (snap specific untis)
[14:27] <Son_Goku> so it needs read/write access to /etc/systemd/system
[14:27] <zyga> Son_Goku: correct
[14:27] <zyga> Son_Goku: one more denial
[14:27] <zyga> paź 30 15:25:29 fedora24 setroubleshoot[3400]: SELinux is preventing snapd from node_bind access on the tcp_socket port None. For complete SELinux messages. run sealert -l 73e31352-953f-4156-8ab0-7b67ce1db019
[14:28] <zyga> paź 30 15:25:29 fedora24 python3[3400]: SELinux is preventing snapd from node_bind access on the tcp_socket port None.
[14:28] <zyga> that's internal golang thing that probes for ipv6
[14:35] <zyga> Son_Goku: does this look ok? http://paste.ubuntu.com/23402604/
[14:35] <Son_Goku> that's fine
[14:35] <zyga> (I switched to ubuntu pastebin as the one on fedora didn't work for some reason)
[14:36] <zyga> Son_Goku: pushed
[14:36] <zyga> Son_Goku: if you fix the policy I think we can get this in now :)
[14:36] <zyga> Son_Goku: can I help you in any way?
[14:39] <Son_Goku> hmm
[14:39] <Son_Goku> this is annoying
[14:39] <Son_Goku> I may have to grant access to unlabeled files because snaps don't have the label applied to them :(
[14:40] <zyga> Son_Goku: can you be more specifc?
[14:40] <zyga> Son_Goku: snapd doesn't touch (I think) snap files, just systemd units it creates, udev rules it creates and a few other similar things (dbus xml stuff)
[14:40] <zyga> Son_Goku: can those inherit the label from snapd somehow?
[14:41] <Son_Goku> not sure
[14:41] <Son_Goku> I wonder if systemd mounts can be set up to mount with a label?
[14:41] <zyga> Son_Goku: maybe, let me look
[14:42] <zyga> Son_Goku: nothing in systemd.mount
[14:42] <zyga> er, systemd.unit
[14:47] <zyga> morphis: hey
[14:47] <zyga> morphis: are you working today?
[14:50]  * zyga inspects failures on f26 and ppc64
[14:51] <zyga> DEBUG util.py:421:  Error: nothing provides kernel-headers >= 2.2.1 needed by glibc-headers-2.24.90-13.fc26.ppc64.
[14:51] <zyga> DEBUG util.py:421:  nothing provides kernel-headers >= 2.2.1 needed by glibc-headers-2.24.90-13.fc26.ppc64
[14:51] <zyga> looks like something that's more general
[14:53] <zyga> Son_Goku: I'll step outside to have a snack
[16:01] <Son_Goku> urgh
[16:01] <Son_Goku> Ubuntu Core does way too much
[17:13] <linuxhiker> I am trying to figure out how to get the following to happen: ./configure; make world
[17:14] <linuxhiker> I have configure working just fine
[17:14] <linuxhiker> and make without world just fine
[17:14] <linuxhiker> I figured out that if I use the make plugin, I can use a parent make file that can call world
[17:14] <linuxhiker> but that is outside of the source tree as it is part of the snapcraft build system, not the software I am actually trying to build
[17:47] <qengho> linuxhiker: Is that "configure" autoconf?
[17:49] <qengho> linuxhiker: That "world" bit seems weird. Does it have a "install" target?
[17:53] <linuxhiker> qengho: yes the configure is autoconf (that part works) and in fact the basic build works fine
[17:54] <linuxhiker> qengho: but "world" is needed to build a secondary part of the source tree that only builds with either "world" or something like make -C contrib/Makefile
[19:24] <zyga> Son_Goku: hey
[19:24] <zyga> Son_Goku: so what did you manage to do with the policy?
[19:24] <Son_Goku> I hate Ubuntu Core
[19:25] <Son_Goku> I got enough for snapd, but apparently ubuntu-core wants to stick its fingers everywhere
[19:26] <zyga> Son_Goku: can you be more specific and less dramatic
[19:26] <Son_Goku> also, is ~/snap a directory created by snapd?
[19:26] <zyga> indirectly, through snap run or snap-confine
[19:26] <Son_Goku> zyga, ubuntu-core installs udev rules, etc.
[19:26] <zyga> (currently both do)
[19:26] <Son_Goku> okay, so I need to define a snap_home_t
[19:26] <zyga> Son_Goku: yes, it manages the system
[19:27]  * zyga pats Son_Goku on the back
[19:27] <zyga> you can do it :)
[19:27]  * Son_Goku sighs
[19:27] <Son_Goku> also, apparently something wants to talk to NetworkManager
[19:28]  * Son_Goku is tired
[19:29] <Son_Goku> I'm taking a break from playing whack-a-mole
[19:29] <Son_Goku> zyga, are there any specific directories I need to know about for the home directory?
[19:32] <zyga> Son_Goku: no, just ~/snap