[06:00] <dot-tobias> morning everyone
[06:33] <zyga> good morning
[06:39] <amurray> hey zyga :)
[06:39] <zyga> amurray, oh hi :)
[06:39] <zyga> amurray, back from xmas break?
[06:39] <zyga> (carry-over burned?)
[06:40] <amurray> yep, about to take my kids to the pool for swimming lessons so will relocate to the wifi there :) - hows things?
[06:45] <zyga> amurray, pool, swimming - I keep getting surprised by the other hemisphere thing :)
[06:45] <zyga> amurray, good, just winter kicking in finally
[06:46] <zyga> amurray, prepping my FOSDEM talk
[06:52] <jamesh> amurray: by the way, have you had a chance to look at the snapd security reviews?  Till has been asking for status on the snapctl one.
[06:53] <mborzecki> morning
[06:54] <zyga> hey mborzecki
[06:55] <mborzecki> zyga: hey
[07:33] <mborzecki> zyga: on friday i preapred an update for the snapd package in opensuse, i'll be opening a request to system:snappy in a bit
[07:34] <zyga> mborzecki, thank you!
[07:40] <zyga> good morning mvo
[07:42] <amurray> jamesh: ficfdjcnggefhgnnrbdivicircgiffth
[07:42] <amurray> ugh.. sorry mashed my yubikey by mistake
[07:42] <amurray> jamesh: no not yet, I was tied up doing snap reviews last week, so hopefully this week (although with sprint prep etc it's looking a bit dicey...) - apologies
[07:42] <jamesh> amurray: okay, thanks.
[07:42] <mvo> good morning zyga
[07:43] <amurray> jamesh: it's still on my todo list so I'm still hopeful
[07:44] <mborzecki> mvo: hey
[07:44] <mvo> hey mborzecki
[07:52] <mup> PR snapd#9818 closed: cmd/libsnap-confine-private: make unit tests execute happily in a container <Simple 😃> <Skip spread> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/9818>
[07:59] <mborzecki> jamesh: hi, do you remember whether your fix for launching xwayland in mutter landed?
[08:14] <mborzecki> hm something is broken on opensuse:
[08:14] <mborzecki> type=AVC msg=audit(1610352782.280:380): apparmor="DENIED" operation="create" profile="snap.ohmygiraffe.ohmygiraffe" pid=7486 comm="love-0.9" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create"
[08:15] <jamesh> mborzecki: it was fixed in groovy-updates, and upstream in Mutter 3.38.2.
[08:15] <mborzecki> ofc connecting to x does not work at this point
[08:15] <mborzecki> jamesh: thanks!
[08:16] <jamesh> mborzecki: the change wasn't merged to mutter master, so GNOME 4.0 will require the snapd side fix
[08:16] <mborzecki> next one is 4.0 already?
[08:16] <jamesh> yeah
[08:17] <jamesh> at least, that's the plan right now
[08:17] <jamesh> It's still an incremental release rather than a big shake up like GNOME 2.0 or 3.0
[08:21] <mborzecki> amurray: still around? do you know whether socket(AF_UNIX, .. , 0) would be covered by some apparmor abstraction by default, or is there an explicit rule needed?
[08:23] <mborzecki> ha i see `unix (create),` in /etc/apparmor.d/abstractions/base so wth happens there?
[08:27] <pstolowski> morning
[08:27] <mvo> good morning pstolowski
[08:44] <mborzecki> pstolowski: hey
[09:12] <mborzecki> anyone can access https://bugs.launchpad.net/snapd/+bug/1901489 ?
[09:12] <mborzecki> it's refrenced in our apparmor profiles but appears to be private
[09:14] <jamesh> mborzecki: I can subscribe you to it, if you want
[09:14] <mborzecki> jamesh: please do, thanks!
[09:14] <jamesh> mborzecki: done
[09:15] <mborzecki> jamesh: thank you!
[09:18] <jamesh> mborzecki: the decision seemed to be that it wasn't a security bug, so perhaps it could be made public
[09:19] <jamesh> (and it was fixed in the previous release of snapd)
[09:19] <mborzecki> tbh it needs to be public as we refer to that bug in every apparmor profile that plugs x11
[09:51] <mvo> mborzecki: hey, are you blocked on anything for finishing the kernel commandline update resealing?
[09:51] <mborzecki> mvo: no, i need to get back to the brach and update it
[09:52] <mborzecki> mvo: trying to deal with pacakge updates in other distros atm
[09:52] <mborzecki> fedora is done, but there's trouble in opensuse land
[09:52] <pstolowski> zyga: i've addressed your suggestion re ini section handling, doing some testing and will push soon
[09:52] <mvo> mborzecki: ta
[10:28] <zyga> pstolowski, cool, just ping me for review any time please
[10:29] <zyga> working on FOSDEM talk
[10:29] <zyga> mvo, zmk moved up the review ladder, should be through NEW soon
[10:29] <mvo> zyga: nice
[11:49] <mup> PR snapcraft#3408 opened: elf: extract defined symbol versions <Created by jhenstridge> <https://github.com/snapcore/snapcraft/pull/3408>
[12:17] <zyga> pstolowski, https://github.com/snapcore/snapd/pull/9817#pullrequestreview-565298574
[12:17] <mup> PR #9817: cmd/snapd-generator: don't create mount overrides for snap-try snaps inside lxc <Bug> <Needs security review> <Created by stolowski> <https://github.com/snapcore/snapd/pull/9817>
[12:17] <zyga> pstolowski, the comment feature is definitely a separate pass
[12:18] <zyga> cmatsuoka, hey claudio :)
[12:18] <zyga> long time no see
[12:23] <zyga> pstolowski, mborzecki: btw; did you guys see the new C and C++ error definitions?
[12:23] <zyga> finally sane error handling in C++
[12:24] <zyga> and finally nice error handling in C
[12:24] <zyga> and it's one spec! :)
[12:24] <zyga> not error prone, well defined, easily usable
[12:24] <mborzecki> zyga: got link?
[12:24] <zyga> pstolowski, as a quick comment, my earlier code had two functions that would let you do per-line processing
[12:25] <zyga> and have ini-file and key=value file things more clealry
[12:25] <zyga> *clearly and cleanly perhaps
[12:25] <zyga> mborzecki, one sec
[12:25] <zyga> it's still in the history of the PR i believe
[12:26] <zyga> mborzecki, offtopic: getpolarized is a nice way to store scientific & research documents
[12:27] <zyga> mborzecki, http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2289.pdf
[12:29] <zyga> mborzecki, I'm going to adopt that for my own projects for sure
[12:29] <mborzecki> zyga: coming to your production compiler in 5-10 yrs xD
[12:29] <zyga> nah, you don't need anything new
[12:29] <zyga> read the spec
[12:29] <zyga> it's really a way to return an union
[12:29] <zyga> and know if the error path or success path was taken
[12:30] <zyga> suspect it will be in gcc/clang instantly and backported as library to older compilers
[12:31]  * zyga returns to FOSDEM stuff
[12:37] <zyga> pedronis, good morning
[12:40] <mborzecki> is there a userspace tool to parse the binary apparmor profile?
[12:40] <zyga> mborzecki, no
[12:40] <pstolowski> zyga: haven't seen that c/c++ spec. sounds cool but it's a pitty it will always be a mixed bag of styles & legacy stuff when you are interacting with 3rd party APIs, the adoption of new features is terribly slow
[12:40] <zyga> mborzecki, I looked at this a while and there's only kernel code
[12:41] <zyga> pstolowski, I agree, any susccessful tech has some legacy
[12:41] <zyga> mborzecki, I wrote a part of the parser for the binary profile myself
[12:41] <zyga> mborzecki, I got stuck on a section that involved decoding the state machine that seems to include things that are standard and I'm familiar with (DFA/NFA)
[12:41] <pedronis> zyga: hi
[12:41] <zyga> mborzecki, as well as some now concepts that I had to decode via code journeys
[12:42] <zyga> mborzecki, I can find that code but it's partial and doesn't show all the bits yet
[12:42] <mborzecki> maybe i can dump something with -D at least, the broken profile is rather small now
[12:43] <zyga> mborzecki, nope, not that I recall
[12:43] <zyga> I mean, I can show you the kernel side
[12:43] <zyga> I think that would be very useful
[12:43] <zyga> I would re-start that in go (I originally used python)
[12:43] <zyga> interested?
[12:44] <zyga> a parser and (perhaps, though not sure it is possible) decompiler
[12:44] <zyga> (not sure because DFA optimization and even basic processing makes irreversible changes so perfect source reconstruction is impossible
[12:47] <mborzecki> zyga: nah, i hoped there's some ready tool i could try and compare the outputs with, but i don't want to spend too much time on it
[13:19] <cachio> pstolowski, hi
[13:19] <cachio> pstolowski, could you run preseed test'
[13:19] <cachio> ?
[13:20] <pstolowski> cachio: hi! sorry, i haven't tried yet since Friday, busy with other things, will do later today
[13:24] <cachio> pstolowski, ok, current 21.04 image is still broken
[13:40] <pstolowski> cachio: ack, thanks
[13:59] <zyga> cachio, FYI, I've created the repo for our spread for at https://git.ostc-eu.org/OSTC/tools/oh-spread
[14:00] <zyga> it's sadly crossing the github/gitlab boundary
[14:00] <zyga> so no github actions, for example
[14:00] <zyga> I'll push the code in a moment
[14:24] <mup> PR snapcraft#3409 opened: Fix a few licenses in ros-related test files <Created by artivis> <https://github.com/snapcore/snapcraft/pull/3409>
[14:38]  * pstolowski lunch
[14:42] <zyga> cachio, I'm setting up a pipeline for spread
[14:43] <zyga> cachio, I've seen some errors from go vet
[14:43] <zyga> cachio, https://git.ostc-eu.org/OSTC/tools/oh-spread/-/jobs/1048
[14:43] <zyga> cachio, have you seen those or fixed those in your fork?
[14:43] <zyga> I'll fix those shortly in case they were under the radar before
[14:43] <zyga> niemeyer, ^
[14:54] <mup> PR snapcraft#3410 opened: project: enable experimental target-arch support for core20 <Created by cjp256> <https://github.com/snapcore/snapcraft/pull/3410>
[14:56] <cachio> zyga, hi
[14:56] <cachio> let me check
[14:57] <zyga> cachio, the dead code bits are due to a change in the go compilre
[14:57] <zyga> *compiler
[14:57] <zyga> and seem harmless, just need fixing
[14:57] <zyga> the mutex corruption is real
[14:58] <cachio> zyga, which go compiler are you using there?
[14:59] <zyga> latest, let me check
[15:00] <zyga> cachio, 1.15.6
[15:01] <cachio> we use 1.10.4
[15:01] <cachio> by default
[15:02] <cachio> zyga, it is quite old the current one
[15:02] <zyga> yeah, that's a bit old now
[15:03] <cachio> zyga, so, which is the idea for testing in gitlab?
[15:03] <cachio> because currently tests are executed on gce
[15:03] <zyga> cachio, we use gitlab for everything
[15:03] <zyga> cachio, including for project tracking
[15:03] <cachio> zyga, so the testing of spread will be done in qemu or lxd?
[15:04] <zyga> cachio, gitlab pipelines let you run whatever you want
[15:04] <zyga> cachio, right now I want unit tests
[15:04] <zyga> cachio, and then self-test via spread
[15:04] <cachio> zyga, ok
[15:04] <zyga> cachio, though I don't have a GCE token yet, I'm okay with that
[15:04] <zyga> cachio, the main usage. for me, will be qemu
[15:04] <zyga> so I'll definitely run those
[15:04] <cachio> zyga, perfect
[15:05] <zyga> cachio, but my first concern are unit tests
[15:05] <zyga> cachio, as all the upcoming changes just need those
[15:05] <cachio> zyga, yes
[15:06] <cachio> there are not many unit tests
[15:06] <zyga> cachio, yeah, but I plan to add those with the changes I make
[15:06] <cachio> it is mostly tested by spread tests
[15:06] <zyga> it's just something easier tested at this level
[15:06] <cachio> zyga, agree
[15:35]  * cachio lunch
[15:35] <zyga> ijohnson, classy response there!
[15:35] <ijohnson> haha thanks
[15:35] <zyga> I was carried away
[15:36] <ijohnson> haha no worries, thanks for responding! I appreciate your prompt responses to comments on bugs :-)
[15:36] <zyga> well, to some of them
[15:37] <zyga> I need to improve my inbox filtering
[15:37] <ijohnson> I really miss the "bundles" that google inbox used to provide
[15:38] <ijohnson> that simple little UI element made it so much more manageable to me, like I can see when a kind of email is new as the bundle bubbles up, but if there are many such kinds of emails I don't get distracted by all of those
[15:38] <ijohnson> now I just have a bunch of labels and "skip the inbox" kind of filtering setup so I have to remember to go check the label folders manually rather than have them naturally bubble up to the top
[15:38] <ijohnson> oh well
[15:38] <zyga> I think I need to switch to folder-per-project
[15:38] <zyga> I just didn't set that up yet
[15:39] <zyga> and move from gmail off to fastmail with my launchpad traffic
[16:09] <mup> PR snapd#9820 opened: o/snapshotstate: handle conflicts between snapshot forget, export and import <Created by stolowski> <https://github.com/snapcore/snapd/pull/9820>
[16:30] <zyga> cachio, first patch :)
[16:35] <zyga> niemeyer, cachio: https://github.com/snapcore/spread/pull/111
[16:35] <mup> PR spread#111: Do not copy log.Logger and the contained sync.Mutex <Created by zyga> <https://github.com/snapcore/spread/pull/111>
[16:36]  * zyga notices the typo in the branch name
[16:36] <zyga> oh well
[17:30] <ijohnson> ooof is master broken
[17:31] <ijohnson> https://pastebin.ubuntu.com/p/RPBhtSQYXK/
[17:42] <zyga> ijohnson, oh
[17:43] <zyga> weird, older library?
[17:43] <zyga> ijohnson, how did that happen?
[17:46] <zyga> cachio, I think spread CI is a bit broken
[17:46] <zyga> https://travis-ci.org/github/snapcore/spread/builds/753973306
[17:47] <zyga> it's testing with old go vet perhaps
[17:47] <zyga> and _aix is not a feature flag
[17:47] <ijohnson> zyga: no idea I'll have to look at it in a bit, it was from a spread runner
[17:47] <zyga> ijohnson, let me know if you have a PR up
[17:48] <ijohnson> zyga: you mean to see the error or one that fixes it?
[17:48] <cachio> zyga, checking
[17:48] <ijohnson> I don't have a fix up but will probably look at it after my lunch
[17:49] <zyga> ijohnson, if you get stuck ping me, I'll gladly look
[17:50] <ijohnson> sure thanks for the offer, hopefully it's something silly
[17:55] <zyga> cachio, term_unix_aix is being compiled together with term_unix_linux
[17:56] <zyga> cachio, can you bump go version used there?
[17:56] <cachio> "1.10"
[17:57] <cachio> zyga, this is declared in .travis
[17:57] <zyga> ah,
[17:57] <zyga> should I bump it?
[17:57] <cachio> well, we could use same versio we have for snapd
[17:58] <cachio> zyga, it needs a new PR
[17:59] <zyga> cachio, what's the version used for snapd?
[17:59] <zyga> cachio, though I suspect some chicken and egg will happen
[17:59] <cachio> 1.10 :)
[17:59] <zyga> new vet will pick up the issues I ran into
[17:59] <zyga> hmm, but that's the version used now?
[17:59] <zyga> ah, wait
[18:00] <cachio>  best_golang=golang-1.10
[18:00] <cachio> zyga, this is version we use for testing
[18:00] <zyga> this is using 1.10
[18:00] <zyga> cachio, ok, can you suggest a way out of the situation
[18:01] <zyga> disable go vet? bump base go version, pin old go dependencies
[18:01] <zyga> the problem here is that spread itself is not self-sufficient but pulls dependcies
[18:01] <zyga> but those dependencies have abandoned old go
[18:01] <zyga> so it's not passing
[18:01] <zyga> what's the solution?
[18:02] <cachio> I think we could bump go
[18:02] <zyga> perhaps to 1.13 from focal?
[18:02] <cachio> seems to be the more correct thing to do
[18:02] <zyga> 1.13.8
[18:02] <zyga> I would love to introduce module support so that we can pin the right versions of dependencies
[18:02] <zyga> right now it's all a moving target
[18:02] <cachio> zyga, did you arleady tried 1.13.8?
[18:03] <cachio> we can try that
[18:03] <cachio> I'll create a PR and see if that works well
[18:03] <zyga> yes, go vet is okay there
[18:03] <zyga> but I also have more patches in my tree (mainly go.mod support)
[18:03] <zyga> but I _suspect_ that's fine
[18:03] <cachio> zyga, ok, so lets bump to 13.8
[18:04] <cachio> zyga, do you want to create the PR¡
[18:04] <cachio> ?
[18:04] <cachio> just need to update the .travis.yml file with the desired version
[18:04] <zyga> cachio, yeah,
[18:05] <zyga> cachio, I'll do that later today though that version will pick up other errors and fail as well
[18:05] <cachio> also update the spread.yaml
[18:05] <zyga> we'll iterate
[18:05] <zyga> at some point we need all the fixes together
[18:05] <cachio> GOVERSION: 1.10.4 -> GOVERSION: 1.13.8
[18:05] <cachio> and also we need to update hte system which is used for testing
[18:06] <cachio> ubuntu-18.04-64 -> ubuntu-20.04-64:
[18:06] <zyga> there's one more issue in humbox
[18:06] <zyga> yeah
[18:06] <zyga> I think that's a good start
[18:07] <zyga> cool, I'll get back to that :)
[18:07] <cachio> zyga, nice, thanks
[18:35] <ijohnson|lunch> zyga: I see the issue with that snap-confine unit test failure, it was only on trusty, and trusty's glib is too old to use g_autofree
[18:36] <ijohnson|lunch> I'll file a pr after I verify my fix works via spread
[18:36] <ijohnson|lunch> see also https://github.com/snapcore/snapd/pull/9818
[18:36] <mup> PR #9818: cmd/libsnap-confine-private: make unit tests execute happily in a container <Simple 😃> <Skip spread> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/9818>
[18:41] <zyga> ijohnson|lunch, ahh
[18:41] <zyga> nice
[18:42] <zyga> ijohnson|lunch, current status: playing talisman :)
[18:43] <ijohnson|lunch> Nice! Enjoy
[18:43]  * ijohnson|lunch is getting groceries over lunch, not quite as entertaining
[18:55] <mup> PR snapd#9821 opened: tests: skip interfaces-openvswitch spread test on debian sid <Simple 😃> <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/9821>
[19:40] <mup> PR snapd#9822 opened: tests: new actions workflow to autotically tag a PR with "Run Nested" <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/9822>
[20:06]  * cachio afk
[20:26] <ijohnson> zyga: hey if you're around, I have a fix https://github.com/snapcore/snapd/pull/9823
[20:26] <mup> PR #9823: cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree usage <Simple 😃> <⚠ Critical> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9823>
[20:26] <ijohnson> cachio: ^
[20:26] <zyga-mbp> yeah
[20:26] <zyga-mbp> around just fixing uplink at home (back on backup)
[20:28] <ijohnson> nice, thanks!
[20:28] <zyga-mbp> ijohnson reviewed
[20:29] <ijohnson> thanks!
[20:30] <mup> PR snapd#9823 opened: cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree usage <Simple 😃> <⚠ Critical> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9823>
[20:31] <zyga> ijohnson back on other link
[20:45] <mup> PR snapd#9824 opened: interfaces/greengrass-support: back-port interface changes to 2.48 <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9824>
[21:30] <mup> PR snapcraft#3408 closed: elf: extract defined symbol versions <Created by jhenstridge> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3408>
[21:36] <mup> PR snapd#9825 opened: tests: using labeler action to add automatically a label to run nested tests <⛔ Blocked> <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/9825>
[21:45] <mup> PR snapcraft#3360 closed: project loader: advanced grammar support for lists <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3360>
[22:26] <mup> Bug #1911066 opened: snapctl get fails to get all the config <Snappy:New> <https://launchpad.net/bugs/1911066>
[23:46] <mup> PR snapd#9823 closed: cmd/libsnap-confine-private/cleanup-funcs-test.c: rm g_autofree usage <Simple 😃> <⚠ Critical> <Created by anonymouse64> <Merged by anonymouse64> <https://github.com/snapcore/snapd/pull/9823>