mup | PR snapcraft#3619 closed: ci: switch snapcraft to edge in action-build <Created by sergiusens> <Closed by sergiusens> <https://github.com/snapcore/snapcraft/pull/3619> | 01:29 |
---|---|---|
mup | PR snapd#11425 opened: tests/main/snap-run-devmode-classic: reinstall snapcraft to clean up <Simple 😃> <Test Robustness> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/11425> | 02:29 |
mup | PR snapd#11426 opened: Snap confine coverity fixes <Created by alexmurray> <https://github.com/snapcore/snapd/pull/11426> | 04:25 |
mborzecki | morning | 06:10 |
mup | PR snapd#11427 opened: data/selinux: allow the snap command to run systemctl <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/11427> | 06:50 |
zyga[m] | good morning :) | 07:29 |
pstolowski | morning | 08:04 |
zyga[m] | mvo: here? | 08:49 |
pstolowski | zyga[m]: he is off this week | 08:55 |
zyga[m] | oh, I see | 08:55 |
zyga[m] | thanks | 08:55 |
mup | PR snapd#11415 closed: gadget/update.go: add buildNewVolumeToDeviceMapping for existing devices <Needs Samuele review> <Created by anonymouse64> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/11415> | 10:31 |
mup | PR snapd#11425 closed: tests/main/snap-run-devmode-classic: reinstall snapcraft to clean up <Simple 😃> <Test Robustness> <Created by anonymouse64> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/11425> | 10:36 |
mup | PR snapd#11416 closed: data/env: more workarounds for even older fish shells, provide reasonable defaults <Created by bboozzoo> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/11416> | 10:47 |
mup | PR snapd#11428 opened: data/env: cosmetic tweak for fish <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/11428> | 10:52 |
mup | PR snapd#11429 opened: data/env: more workarounds for even older fish shells, provide reasonable defaults (2.54) <Created by pedronis> <https://github.com/snapcore/snapd/pull/11429> | 11:02 |
mup | PR snapd#11430 opened: cmd/snap-mgmt, packaging: trigger daemon reload after purging unit files <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/11430> | 11:07 |
pstolowski | abeato: hey, is https://github.com/snapcore/snapd/pull/11422 fixing the test failure on master/ | 12:40 |
mup | PR #11422: t/m/interfaces-network-manager: use different channel depending on system <Created by alfonsosanchezbeato> <https://github.com/snapcore/snapd/pull/11422> | 12:40 |
pstolowski | ? | 12:40 |
abeato | pstolowski, yes | 12:41 |
pstolowski | great | 12:42 |
mborzecki | heh go cache is fun | 12:59 |
ogra | zyga[m], seen this ? https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt | 14:04 |
zyga[m] | yes | 14:06 |
ogra | quite some praise to the original programmer between the lines 🙂 | 14:06 |
zyga[m] | (in a call) | 14:14 |
zyga[m] | back | 14:17 |
zyga[m] | yeah, I the article was really nice | 14:17 |
pstolowski | indeed | 14:18 |
zyga[m] | and nice team effort, that code would not be anything like it ended up beeing without the security team's review process | 14:18 |
ijohnson[m] | zyga: we had all kinds of fun with that security release, we realized that some devmode snaps are relying on being able to call `snap run ...`, which we ended up breaking since snap-confine now refuses to run in the inherited devmode confinement, and on top of that we also realized that just pushing out the fix wasn't enough to really resolve it, since the old snapd and core snap revisions are left around and are not mounted nosuid, so the | 14:23 |
ijohnson[m] | vulnerable suid snap-confines were left around and had to hack our way around that too | 14:23 |
zyga[m] | oh, that's an interesting point | 14:42 |
zyga[m] | old snap-confine's are indeed around | 14:43 |
zyga[m] | what did you end up doing for those? | 14:43 |
ijohnson[m] | well for the security release because the 14 day window had already started we just hacked snapd to remove known vulnerable revisions when it was refreshed to a fixed revision (one time only) | 14:43 |
ijohnson[m] | but we have ongoing patches to remount old snapd/core snaps as nosuid | 14:44 |
zyga[m] | nice | 14:44 |
mup | PR snapd#11205 closed: o/devicestate: pick system from seed systems/ for preseeding (1/N) <Preseeding 🍞> <Run nested> <Created by stolowski> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/11205> | 15:43 |
mup | PR snapd#11377 closed: asserts: add preseed assertion type <Needs Samuele review> <Preseeding 🍞> <Created by stolowski> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/11377> | 15:43 |
mup | PR snapd#11429 closed: data/env: more workarounds for even older fish shells, provide reasonable defaults (2.54) <Created by pedronis> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/11429> | 17:03 |
mup | PR snapcraft#3649 closed: parts,repo: integrate package-repositories (CRAFT-847) <Created by cmatsuoka> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3649> | 17:21 |
mup | PR snapcraft#3652 opened: parts: support for grammar parsing <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/3652> | 17:26 |
mup | PR snapd#11422 closed: t/m/interfaces-network-manager: use different channel depending on system <Created by alfonsosanchezbeato> <Merged by sergiocazzolato> <https://github.com/snapcore/snapd/pull/11422> | 18:04 |
mup | PR snapd#11431 opened: o/snapstate: add core22 migration logic <Created by MiguelPires> <https://github.com/snapcore/snapd/pull/11431> | 18:14 |
mup | PR snapcraft#3653 opened: tests: pass proper type to run for version <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/3653> | 19:36 |
mup | PR snapcraft#3653 closed: tests: pass proper type to run for version <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3653> | 21:16 |
mup | PR snapcraft#3652 closed: parts: support for grammar parsing <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3652> | 22:46 |
mup | PR snapd#11423 closed: tests: skip boot loader check during testing preparation on s390x <Created by sergiocazzolato> <Merged by sergiocazzolato> <https://github.com/snapcore/snapd/pull/11423> | 23:45 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!