dot-tobias | morning everyone | 06:00 |
---|---|---|
zyga | good morning | 06:33 |
amurray | hey zyga :) | 06:39 |
zyga | amurray, oh hi :) | 06:39 |
zyga | amurray, back from xmas break? | 06:39 |
zyga | (carry-over burned?) | 06:39 |
amurray | yep, about to take my kids to the pool for swimming lessons so will relocate to the wifi there :) - hows things? | 06:40 |
zyga | amurray, pool, swimming - I keep getting surprised by the other hemisphere thing :) | 06:45 |
zyga | amurray, good, just winter kicking in finally | 06:45 |
zyga | amurray, prepping my FOSDEM talk | 06:46 |
jamesh | amurray: by the way, have you had a chance to look at the snapd security reviews? Till has been asking for status on the snapctl one. | 06:52 |
mborzecki | morning | 06:53 |
zyga | hey mborzecki | 06:54 |
mborzecki | zyga: hey | 06:55 |
mborzecki | zyga: on friday i preapred an update for the snapd package in opensuse, i'll be opening a request to system:snappy in a bit | 07:33 |
zyga | mborzecki, thank you! | 07:34 |
zyga | good morning mvo | 07:40 |
amurray | jamesh: ficfdjcnggefhgnnrbdivicircgiffth | 07:42 |
amurray | ugh.. sorry mashed my yubikey by mistake | 07:42 |
amurray | jamesh: no not yet, I was tied up doing snap reviews last week, so hopefully this week (although with sprint prep etc it's looking a bit dicey...) - apologies | 07:42 |
jamesh | amurray: okay, thanks. | 07:42 |
mvo | good morning zyga | 07:42 |
amurray | jamesh: it's still on my todo list so I'm still hopeful | 07:43 |
mborzecki | mvo: hey | 07:44 |
mvo | hey mborzecki | 07:44 |
mup | PR snapd#9818 closed: cmd/libsnap-confine-private: make unit tests execute happily in a container <Simple ๐> <Skip spread> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/9818> | 07:52 |
mborzecki | jamesh: hi, do you remember whether your fix for launching xwayland in mutter landed? | 07:59 |
mborzecki | hm something is broken on opensuse: | 08:14 |
mborzecki | type=AVC msg=audit(1610352782.280:380): apparmor="DENIED" operation="create" profile="snap.ohmygiraffe.ohmygiraffe" pid=7486 comm="love-0.9" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" | 08:14 |
jamesh | mborzecki: it was fixed in groovy-updates, and upstream in Mutter 3.38.2. | 08:15 |
mborzecki | ofc connecting to x does not work at this point | 08:15 |
mborzecki | jamesh: thanks! | 08:15 |
jamesh | mborzecki: the change wasn't merged to mutter master, so GNOME 4.0 will require the snapd side fix | 08:16 |
mborzecki | next one is 4.0 already? | 08:16 |
jamesh | yeah | 08:16 |
jamesh | at least, that's the plan right now | 08:17 |
jamesh | It's still an incremental release rather than a big shake up like GNOME 2.0 or 3.0 | 08:17 |
mborzecki | amurray: still around? do you know whether socket(AF_UNIX, .. , 0) would be covered by some apparmor abstraction by default, or is there an explicit rule needed? | 08:21 |
mborzecki | ha i see `unix (create),` in /etc/apparmor.d/abstractions/base so wth happens there? | 08:23 |
pstolowski | morning | 08:27 |
mvo | good morning pstolowski | 08:27 |
mborzecki | pstolowski: hey | 08:44 |
mborzecki | anyone can access https://bugs.launchpad.net/snapd/+bug/1901489 ? | 09:12 |
mborzecki | it's refrenced in our apparmor profiles but appears to be private | 09:12 |
jamesh | mborzecki: I can subscribe you to it, if you want | 09:14 |
mborzecki | jamesh: please do, thanks! | 09:14 |
jamesh | mborzecki: done | 09:14 |
mborzecki | jamesh: thank you! | 09:15 |
jamesh | mborzecki: the decision seemed to be that it wasn't a security bug, so perhaps it could be made public | 09:18 |
jamesh | (and it was fixed in the previous release of snapd) | 09:19 |
mborzecki | tbh it needs to be public as we refer to that bug in every apparmor profile that plugs x11 | 09:19 |
mvo | mborzecki: hey, are you blocked on anything for finishing the kernel commandline update resealing? | 09:51 |
mborzecki | mvo: no, i need to get back to the brach and update it | 09:51 |
mborzecki | mvo: trying to deal with pacakge updates in other distros atm | 09:52 |
mborzecki | fedora is done, but there's trouble in opensuse land | 09:52 |
pstolowski | zyga: i've addressed your suggestion re ini section handling, doing some testing and will push soon | 09:52 |
mvo | mborzecki: ta | 09:52 |
zyga | pstolowski, cool, just ping me for review any time please | 10:28 |
zyga | working on FOSDEM talk | 10:29 |
zyga | mvo, zmk moved up the review ladder, should be through NEW soon | 10:29 |
mvo | zyga: nice | 10:29 |
mup | PR snapcraft#3408 opened: elf: extract defined symbol versions <Created by jhenstridge> <https://github.com/snapcore/snapcraft/pull/3408> | 11:49 |
zyga | pstolowski, https://github.com/snapcore/snapd/pull/9817#pullrequestreview-565298574 | 12:17 |
mup | PR #9817: cmd/snapd-generator: don't create mount overrides for snap-try snaps inside lxc <Bug> <Needs security review> <Created by stolowski> <https://github.com/snapcore/snapd/pull/9817> | 12:17 |
zyga | pstolowski, the comment feature is definitely a separate pass | 12:17 |
zyga | cmatsuoka, hey claudio :) | 12:18 |
zyga | long time no see | 12:18 |
zyga | pstolowski, mborzecki: btw; did you guys see the new C and C++ error definitions? | 12:23 |
zyga | finally sane error handling in C++ | 12:23 |
zyga | and finally nice error handling in C | 12:24 |
zyga | and it's one spec! :) | 12:24 |
zyga | not error prone, well defined, easily usable | 12:24 |
mborzecki | zyga: got link? | 12:24 |
zyga | pstolowski, as a quick comment, my earlier code had two functions that would let you do per-line processing | 12:24 |
zyga | and have ini-file and key=value file things more clealry | 12:25 |
zyga | *clearly and cleanly perhaps | 12:25 |
zyga | mborzecki, one sec | 12:25 |
zyga | it's still in the history of the PR i believe | 12:25 |
zyga | mborzecki, offtopic: getpolarized is a nice way to store scientific & research documents | 12:26 |
zyga | mborzecki, http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2289.pdf | 12:27 |
zyga | mborzecki, I'm going to adopt that for my own projects for sure | 12:29 |
mborzecki | zyga: coming to your production compiler in 5-10 yrs xD | 12:29 |
zyga | nah, you don't need anything new | 12:29 |
zyga | read the spec | 12:29 |
zyga | it's really a way to return an union | 12:29 |
zyga | and know if the error path or success path was taken | 12:29 |
zyga | suspect it will be in gcc/clang instantly and backported as library to older compilers | 12:30 |
* zyga returns to FOSDEM stuff | 12:31 | |
zyga | pedronis, good morning | 12:37 |
mborzecki | is there a userspace tool to parse the binary apparmor profile? | 12:40 |
zyga | mborzecki, no | 12:40 |
pstolowski | zyga: haven't seen that c/c++ spec. sounds cool but it's a pitty it will always be a mixed bag of styles & legacy stuff when you are interacting with 3rd party APIs, the adoption of new features is terribly slow | 12:40 |
zyga | mborzecki, I looked at this a while and there's only kernel code | 12:40 |
zyga | pstolowski, I agree, any susccessful tech has some legacy | 12:41 |
zyga | mborzecki, I wrote a part of the parser for the binary profile myself | 12:41 |
zyga | mborzecki, I got stuck on a section that involved decoding the state machine that seems to include things that are standard and I'm familiar with (DFA/NFA) | 12:41 |
pedronis | zyga: hi | 12:41 |
zyga | mborzecki, as well as some now concepts that I had to decode via code journeys | 12:41 |
zyga | mborzecki, I can find that code but it's partial and doesn't show all the bits yet | 12:42 |
mborzecki | maybe i can dump something with -D at least, the broken profile is rather small now | 12:42 |
zyga | mborzecki, nope, not that I recall | 12:43 |
zyga | I mean, I can show you the kernel side | 12:43 |
zyga | I think that would be very useful | 12:43 |
zyga | I would re-start that in go (I originally used python) | 12:43 |
zyga | interested? | 12:43 |
zyga | a parser and (perhaps, though not sure it is possible) decompiler | 12:44 |
zyga | (not sure because DFA optimization and even basic processing makes irreversible changes so perfect source reconstruction is impossible | 12:44 |
mborzecki | zyga: nah, i hoped there's some ready tool i could try and compare the outputs with, but i don't want to spend too much time on it | 12:47 |
cachio | pstolowski, hi | 13:19 |
cachio | pstolowski, could you run preseed test' | 13:19 |
cachio | ? | 13:19 |
pstolowski | cachio: hi! sorry, i haven't tried yet since Friday, busy with other things, will do later today | 13:20 |
cachio | pstolowski, ok, current 21.04 image is still broken | 13:24 |
pstolowski | cachio: ack, thanks | 13:40 |
zyga | cachio, FYI, I've created the repo for our spread for at https://git.ostc-eu.org/OSTC/tools/oh-spread | 13:59 |
zyga | it's sadly crossing the github/gitlab boundary | 14:00 |
zyga | so no github actions, for example | 14:00 |
zyga | I'll push the code in a moment | 14:00 |
mup | PR snapcraft#3409 opened: Fix a few licenses in ros-related test files <Created by artivis> <https://github.com/snapcore/snapcraft/pull/3409> | 14:24 |
* pstolowski lunch | 14:38 | |
zyga | cachio, I'm setting up a pipeline for spread | 14:42 |
zyga | cachio, I've seen some errors from go vet | 14:43 |
zyga | cachio, https://git.ostc-eu.org/OSTC/tools/oh-spread/-/jobs/1048 | 14:43 |
zyga | cachio, have you seen those or fixed those in your fork? | 14:43 |
zyga | I'll fix those shortly in case they were under the radar before | 14:43 |
zyga | niemeyer, ^ | 14:43 |
mup | PR snapcraft#3410 opened: project: enable experimental target-arch support for core20 <Created by cjp256> <https://github.com/snapcore/snapcraft/pull/3410> | 14:54 |
cachio | zyga, hi | 14:56 |
cachio | let me check | 14:56 |
zyga | cachio, the dead code bits are due to a change in the go compilre | 14:57 |
zyga | *compiler | 14:57 |
zyga | and seem harmless, just need fixing | 14:57 |
zyga | the mutex corruption is real | 14:57 |
cachio | zyga, which go compiler are you using there? | 14:58 |
zyga | latest, let me check | 14:59 |
zyga | cachio, 1.15.6 | 15:00 |
cachio | we use 1.10.4 | 15:01 |
cachio | by default | 15:01 |
cachio | zyga, it is quite old the current one | 15:02 |
zyga | yeah, that's a bit old now | 15:02 |
cachio | zyga, so, which is the idea for testing in gitlab? | 15:03 |
cachio | because currently tests are executed on gce | 15:03 |
zyga | cachio, we use gitlab for everything | 15:03 |
zyga | cachio, including for project tracking | 15:03 |
cachio | zyga, so the testing of spread will be done in qemu or lxd? | 15:03 |
zyga | cachio, gitlab pipelines let you run whatever you want | 15:04 |
zyga | cachio, right now I want unit tests | 15:04 |
zyga | cachio, and then self-test via spread | 15:04 |
cachio | zyga, ok | 15:04 |
zyga | cachio, though I don't have a GCE token yet, I'm okay with that | 15:04 |
zyga | cachio, the main usage. for me, will be qemu | 15:04 |
zyga | so I'll definitely run those | 15:04 |
cachio | zyga, perfect | 15:04 |
zyga | cachio, but my first concern are unit tests | 15:05 |
zyga | cachio, as all the upcoming changes just need those | 15:05 |
cachio | zyga, yes | 15:05 |
cachio | there are not many unit tests | 15:06 |
zyga | cachio, yeah, but I plan to add those with the changes I make | 15:06 |
cachio | it is mostly tested by spread tests | 15:06 |
zyga | it's just something easier tested at this level | 15:06 |
cachio | zyga, agree | 15:06 |
* cachio lunch | 15:35 | |
zyga | ijohnson, classy response there! | 15:35 |
ijohnson | haha thanks | 15:35 |
zyga | I was carried away | 15:35 |
ijohnson | haha no worries, thanks for responding! I appreciate your prompt responses to comments on bugs :-) | 15:36 |
zyga | well, to some of them | 15:36 |
zyga | I need to improve my inbox filtering | 15:37 |
ijohnson | I really miss the "bundles" that google inbox used to provide | 15:37 |
ijohnson | that simple little UI element made it so much more manageable to me, like I can see when a kind of email is new as the bundle bubbles up, but if there are many such kinds of emails I don't get distracted by all of those | 15:38 |
ijohnson | now I just have a bunch of labels and "skip the inbox" kind of filtering setup so I have to remember to go check the label folders manually rather than have them naturally bubble up to the top | 15:38 |
ijohnson | oh well | 15:38 |
zyga | I think I need to switch to folder-per-project | 15:38 |
zyga | I just didn't set that up yet | 15:38 |
zyga | and move from gmail off to fastmail with my launchpad traffic | 15:39 |
mup | PR snapd#9820 opened: o/snapshotstate: handle conflicts between snapshot forget, export and import <Created by stolowski> <https://github.com/snapcore/snapd/pull/9820> | 16:09 |
zyga | cachio, first patch :) | 16:30 |
zyga | niemeyer, cachio: https://github.com/snapcore/spread/pull/111 | 16:35 |
mup | PR spread#111: Do not copy log.Logger and the contained sync.Mutex <Created by zyga> <https://github.com/snapcore/spread/pull/111> | 16:35 |
* zyga notices the typo in the branch name | 16:36 | |
zyga | oh well | 16:36 |
ijohnson | ooof is master broken | 17:30 |
ijohnson | https://pastebin.ubuntu.com/p/RPBhtSQYXK/ | 17:31 |
zyga | ijohnson, oh | 17:42 |
zyga | weird, older library? | 17:43 |
zyga | ijohnson, how did that happen? | 17:43 |
zyga | cachio, I think spread CI is a bit broken | 17:46 |
zyga | https://travis-ci.org/github/snapcore/spread/builds/753973306 | 17:46 |
zyga | it's testing with old go vet perhaps | 17:47 |
zyga | and _aix is not a feature flag | 17:47 |
ijohnson | zyga: no idea I'll have to look at it in a bit, it was from a spread runner | 17:47 |
zyga | ijohnson, let me know if you have a PR up | 17:47 |
ijohnson | zyga: you mean to see the error or one that fixes it? | 17:48 |
cachio | zyga, checking | 17:48 |
ijohnson | I don't have a fix up but will probably look at it after my lunch | 17:48 |
zyga | ijohnson, if you get stuck ping me, I'll gladly look | 17:49 |
ijohnson | sure thanks for the offer, hopefully it's something silly | 17:50 |
=== ijohnson is now known as ijohnson|lunch | ||
zyga | cachio, term_unix_aix is being compiled together with term_unix_linux | 17:55 |
zyga | cachio, can you bump go version used there? | 17:56 |
cachio | "1.10" | 17:56 |
cachio | zyga, this is declared in .travis | 17:57 |
zyga | ah, | 17:57 |
zyga | should I bump it? | 17:57 |
cachio | well, we could use same versio we have for snapd | 17:57 |
cachio | zyga, it needs a new PR | 17:58 |
zyga | cachio, what's the version used for snapd? | 17:59 |
zyga | cachio, though I suspect some chicken and egg will happen | 17:59 |
cachio | 1.10 :) | 17:59 |
zyga | new vet will pick up the issues I ran into | 17:59 |
zyga | hmm, but that's the version used now? | 17:59 |
zyga | ah, wait | 17:59 |
cachio | best_golang=golang-1.10 | 18:00 |
cachio | zyga, this is version we use for testing | 18:00 |
zyga | this is using 1.10 | 18:00 |
zyga | cachio, ok, can you suggest a way out of the situation | 18:00 |
zyga | disable go vet? bump base go version, pin old go dependencies | 18:01 |
zyga | the problem here is that spread itself is not self-sufficient but pulls dependcies | 18:01 |
zyga | but those dependencies have abandoned old go | 18:01 |
zyga | so it's not passing | 18:01 |
zyga | what's the solution? | 18:01 |
cachio | I think we could bump go | 18:02 |
zyga | perhaps to 1.13 from focal? | 18:02 |
cachio | seems to be the more correct thing to do | 18:02 |
zyga | 1.13.8 | 18:02 |
zyga | I would love to introduce module support so that we can pin the right versions of dependencies | 18:02 |
zyga | right now it's all a moving target | 18:02 |
cachio | zyga, did you arleady tried 1.13.8? | 18:02 |
cachio | we can try that | 18:03 |
cachio | I'll create a PR and see if that works well | 18:03 |
zyga | yes, go vet is okay there | 18:03 |
zyga | but I also have more patches in my tree (mainly go.mod support) | 18:03 |
zyga | but I _suspect_ that's fine | 18:03 |
cachio | zyga, ok, so lets bump to 13.8 | 18:03 |
cachio | zyga, do you want to create the PRยก | 18:04 |
cachio | ? | 18:04 |
cachio | just need to update the .travis.yml file with the desired version | 18:04 |
zyga | cachio, yeah, | 18:04 |
zyga | cachio, I'll do that later today though that version will pick up other errors and fail as well | 18:05 |
cachio | also update the spread.yaml | 18:05 |
zyga | we'll iterate | 18:05 |
zyga | at some point we need all the fixes together | 18:05 |
cachio | GOVERSION: 1.10.4 -> GOVERSION: 1.13.8 | 18:05 |
cachio | and also we need to update hte system which is used for testing | 18:05 |
cachio | ubuntu-18.04-64 -> ubuntu-20.04-64: | 18:06 |
zyga | there's one more issue in humbox | 18:06 |
zyga | yeah | 18:06 |
zyga | I think that's a good start | 18:06 |
zyga | cool, I'll get back to that :) | 18:07 |
cachio | zyga, nice, thanks | 18:07 |
ijohnson|lunch | zyga: I see the issue with that snap-confine unit test failure, it was only on trusty, and trusty's glib is too old to use g_autofree | 18:35 |
ijohnson|lunch | I'll file a pr after I verify my fix works via spread | 18:36 |
ijohnson|lunch | see also https://github.com/snapcore/snapd/pull/9818 | 18:36 |
mup | PR #9818: cmd/libsnap-confine-private: make unit tests execute happily in a container <Simple ๐> <Skip spread> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/9818> | 18:36 |
zyga | ijohnson|lunch, ahh | 18:41 |
zyga | nice | 18:41 |
zyga | ijohnson|lunch, current status: playing talisman :) | 18:42 |
ijohnson|lunch | Nice! Enjoy | 18:43 |
* ijohnson|lunch is getting groceries over lunch, not quite as entertaining | 18:43 | |
mup | PR snapd#9821 opened: tests: skip interfaces-openvswitch spread test on debian sid <Simple ๐> <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/9821> | 18:55 |
mup | PR snapd#9822 opened: tests: new actions workflow to autotically tag a PR with "Run Nested" <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/9822> | 19:40 |
* cachio afk | 20:06 | |
=== ijohnson|lunch is now known as ijohnson | ||
ijohnson | zyga: hey if you're around, I have a fix https://github.com/snapcore/snapd/pull/9823 | 20:26 |
mup | PR #9823: cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree usage <Simple ๐> <โ Critical> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9823> | 20:26 |
ijohnson | cachio: ^ | 20:26 |
zyga-mbp | yeah | 20:26 |
zyga-mbp | around just fixing uplink at home (back on backup) | 20:26 |
ijohnson | nice, thanks! | 20:28 |
zyga-mbp | ijohnson reviewed | 20:28 |
ijohnson | thanks! | 20:29 |
mup | PR snapd#9823 opened: cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree usage <Simple ๐> <โ Critical> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9823> | 20:30 |
zyga | ijohnson back on other link | 20:31 |
mup | PR snapd#9824 opened: interfaces/greengrass-support: back-port interface changes to 2.48 <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9824> | 20:45 |
mup | PR snapcraft#3408 closed: elf: extract defined symbol versions <Created by jhenstridge> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3408> | 21:30 |
mup | PR snapd#9825 opened: tests: using labeler action to add automatically a label to run nested tests <โ Blocked> <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/9825> | 21:36 |
mup | PR snapcraft#3360 closed: project loader: advanced grammar support for lists <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3360> | 21:45 |
mup | Bug #1911066 opened: snapctl get fails to get all the config <Snappy:New> <https://launchpad.net/bugs/1911066> | 22:26 |
mup | PR snapd#9823 closed: cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree usage <Simple ๐> <โ Critical> <Created by anonymouse64> <Merged by anonymouse64> <https://github.com/snapcore/snapd/pull/9823> | 23:46 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!