/srv/irclogs.ubuntu.com/2022/02/23/#snappy.txt

mup	PR snapcraft#3619 closed: ci: switch snapcraft to edge in action-build <Created by sergiusens> <Closed by sergiusens> <https://github.com/snapcore/snapcraft/pull/3619>	01:29
mup	PR snapd#11425 opened: tests/main/snap-run-devmode-classic: reinstall snapcraft to clean up <Simple 😃> <Test Robustness> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/11425>	02:29
mup	PR snapd#11426 opened: Snap confine coverity fixes <Created by alexmurray> <https://github.com/snapcore/snapd/pull/11426>	04:25
mborzecki	morning	06:10
mup	PR snapd#11427 opened: data/selinux: allow the snap command to run systemctl <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/11427>	06:50
zyga[m]	good morning :)	07:29
pstolowski	morning	08:04
zyga[m]	mvo: here?	08:49
pstolowski	zyga[m]: he is off this week	08:55
zyga[m]	oh, I see	08:55
zyga[m]	thanks	08:55
mup	PR snapd#11415 closed: gadget/update.go: add buildNewVolumeToDeviceMapping for existing devices <Needs Samuele review> <Created by anonymouse64> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/11415>	10:31
mup	PR snapd#11425 closed: tests/main/snap-run-devmode-classic: reinstall snapcraft to clean up <Simple 😃> <Test Robustness> <Created by anonymouse64> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/11425>	10:36
mup	PR snapd#11416 closed: data/env: more workarounds for even older fish shells, provide reasonable defaults <Created by bboozzoo> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/11416>	10:47
mup	PR snapd#11428 opened: data/env: cosmetic tweak for fish <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/11428>	10:52
mup	PR snapd#11429 opened: data/env: more workarounds for even older fish shells, provide reasonable defaults (2.54) <Created by pedronis> <https://github.com/snapcore/snapd/pull/11429>	11:02
mup	PR snapd#11430 opened: cmd/snap-mgmt, packaging: trigger daemon reload after purging unit files <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/11430>	11:07
pstolowski	abeato: hey, is https://github.com/snapcore/snapd/pull/11422 fixing the test failure on master/	12:40
mup	PR #11422: t/m/interfaces-network-manager: use different channel depending on system <Created by alfonsosanchezbeato> <https://github.com/snapcore/snapd/pull/11422>	12:40
pstolowski	?	12:40
abeato	pstolowski, yes	12:41
pstolowski	great	12:42
mborzecki	heh go cache is fun	12:59
ogra	zyga[m], seen this ? https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt	14:04
zyga[m]	yes	14:06
ogra	quite some praise to the original programmer between the lines 🙂	14:06
zyga[m]	(in a call)	14:14
zyga[m]	back	14:17
zyga[m]	yeah, I the article was really nice	14:17
pstolowski	indeed	14:18
zyga[m]	and nice team effort, that code would not be anything like it ended up beeing without the security team's review process	14:18
ijohnson[m]	zyga: we had all kinds of fun with that security release, we realized that some devmode snaps are relying on being able to call `snap run ...`, which we ended up breaking since snap-confine now refuses to run in the inherited devmode confinement, and on top of that we also realized that just pushing out the fix wasn't enough to really resolve it, since the old snapd and core snap revisions are left around and are not mounted nosuid, so the	14:23
ijohnson[m]	vulnerable suid snap-confines were left around and had to hack our way around that too	14:23
zyga[m]	oh, that's an interesting point	14:42
zyga[m]	old snap-confine's are indeed around	14:43
zyga[m]	what did you end up doing for those?	14:43
ijohnson[m]	well for the security release because the 14 day window had already started we just hacked snapd to remove known vulnerable revisions when it was refreshed to a fixed revision (one time only)	14:43
ijohnson[m]	but we have ongoing patches to remount old snapd/core snaps as nosuid	14:44
zyga[m]	nice	14:44
mup	PR snapd#11205 closed: o/devicestate: pick system from seed systems/ for preseeding (1/N) <Preseeding 🍞> <Run nested> <Created by stolowski> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/11205>	15:43
mup	PR snapd#11377 closed: asserts: add preseed assertion type <Needs Samuele review> <Preseeding 🍞> <Created by stolowski> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/11377>	15:43
mup	PR snapd#11429 closed: data/env: more workarounds for even older fish shells, provide reasonable defaults (2.54) <Created by pedronis> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/11429>	17:03
mup	PR snapcraft#3649 closed: parts,repo: integrate package-repositories (CRAFT-847) <Created by cmatsuoka> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3649>	17:21
mup	PR snapcraft#3652 opened: parts: support for grammar parsing <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/3652>	17:26
mup	PR snapd#11422 closed: t/m/interfaces-network-manager: use different channel depending on system <Created by alfonsosanchezbeato> <Merged by sergiocazzolato> <https://github.com/snapcore/snapd/pull/11422>	18:04
mup	PR snapd#11431 opened: o/snapstate: add core22 migration logic <Created by MiguelPires> <https://github.com/snapcore/snapd/pull/11431>	18:14
mup	PR snapcraft#3653 opened: tests: pass proper type to run for version <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/3653>	19:36
mup	PR snapcraft#3653 closed: tests: pass proper type to run for version <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3653>	21:16
mup	PR snapcraft#3652 closed: parts: support for grammar parsing <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3652>	22:46
mup	PR snapd#11423 closed: tests: skip boot loader check during testing preparation on s390x <Created by sergiocazzolato> <Merged by sergiocazzolato> <https://github.com/snapcore/snapd/pull/11423>	23:45

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!