IRC logs for #baserock for Friday, 2015-03-27

persiaIn regards to using gerrit as a temporary repository: do we have any plans to implement the WIP flag, as was done in OpenStack?02:22
*** zoli__ has joined #baserock06:10
*** zoli__ has quit IRC08:18
*** zoli__ has joined #baserock08:18
*** gfinney has joined #baserock08:28
*** straycat has joined #baserock08:28
*** gary_perkins has joined #baserock08:36
*** mdizzle has joined #baserock09:04
* SotK wonders why the distbuild part of his partial build patches has been flagged as a merge conflict09:04
*** bashrc_ has joined #baserock09:07
* straycat suddenly realises that all his passwords have been in the clear09:12
*** rdale has joined #baserock09:13
straycatwe have an openid server that isn't using https?09:13
rjekOh dear, yes:
persiaYes.  We need to sort that immediately.  Until then, it isn't safe to use.09:13
* straycat changes all his passwords09:14
*** mdunford has joined #baserock09:14
* Kinnison is, once again, glad he uses different passwords for different sites :)09:15
* Kinnison does wish he could just use his own openid for gerrit though09:15
Kinnisonsince that one *does* use https09:15
*** ssam2 has joined #baserock09:16
*** ChanServ sets mode: +v ssam209:16
rjekssam2: Did you get all your Exim stuff sorted yesterday?09:23
ssam2seems to be working09:23
SotKIs there any likelihood of being able to sort changes on Gerrit by something other than most-recently-used in future OOI?09:24
ssam2wasn't too hard, with your help09:24
ssam2SotK: I'm not sure. It does surprise me that the front page is so limited09:24
ssam2we can create per-project 'dashboards', but I don't know much about that feature09:24
ssam2I think it lets you define your own queries, so we could come up with queries for 'oldest unmerged changes' and stuff like that09:25
ssam2but i'd like to just be able to click on the headers in the table on the front page09:25
SotKssam2: me too09:25
SotKclickable headers would be ideal09:25
rjekssam2: We noticed that the openid server lacks SSL (even with a self-signed certificate), making it totally unsafe to use.  Are there any immediate plans to fix that?09:26
ssam2rjek: yes. I'm waiting on Gary to procure an SSL certificate for baserock.org09:26
Kinnisonssam2: also gerrit keeps logging me out overnight -- any chance the cookie timeout can be extended by say a year?09:26
rjekgary_perkins: ?09:26
rjekgary_perkins: Any ETA?09:26
ssam2Kinnison: sure09:27
Kinnisonssam2: yay09:27
* rjek assumes you'll be getting a wildcarded one, which are cheap and shiny but have sad-making security implications.09:27
gary_perkinsrjek: The ones I've seen are not cheap!09:28
rjekgary_perkins: Oh, look at StartSSL if you want cheap.09:28
KinnisonI can make supercheap wildcarded certificates09:28
gary_perkinsI'll get on to that today.09:28
Kinnisonsadly they're in my name in all cases09:28
Kinnisonsupercheap as in zero cost each09:28
rjekI would recommend turning off openid in the mean time, but people are welcome to ignore this recommendation.09:28
Kinnisonsadly it's the only way to log into gerrit09:29
rjekThen that sounds like a great reason to prioritise getting the certificate :)09:29
ssam2rjek: what are the risks? I can add a self-signed cert if need be09:29
* Kinnison keeps meaning to write an openid provider which presents a statement which you have to GPG sign09:29
rjekssam2: Broadcasting everybody's credentials?  And I'm sure lots of people use the same password there as places even more sensitive.09:30
ssam2it doesn't send passwords in plaintext09:30
ssam2it uses django.auth09:30
rjekssam2: It sends them in plain text.09:30
Kinnisonbetween the browser and the server?09:30
bashrc_sadly I think all CA issued certificates have sad-making implications, but that's just how things work presently. or don't.09:30
ssam2perhaps it does send them in plain text09:31
ssam2once again, I am not a good sysadmin.09:31
rjekssam2: It's an HTML form.09:31
KinnisonOnce you have the SSL cert in place you can recommend people change their password :)09:31
rjekIt sends them in the clear.09:31
ssam2volunteers for the baserock ops team gratefully accepted.09:31
*** mdunford has quit IRC09:32
straycatssam2, can we just have a self-signed for now?09:32
ssam2yes, I'll do that09:32
straycatat least then we can continue to use it09:32
KinnisonAlso I keep meaning to set up a website which tells you if your GPG key is badly configured or not09:32
rjekself-signed for now would be better than nothing, yes09:32
ssam2fwiw, when implementing the OpenID provider I basically read through and thought "great, they've thought about all this for me so I don't have to"09:39
ssam2so I shall send a patch to Django to update that document with a big warning that none of this makes any difference unless you also force HTTPS09:39
tiagogomes_radiofree I think Moonshot built systemd in 10m when I checked09:41
*** mdunford has joined #baserock09:41
tlsaI see the nano update patch has a +2 now.  Is any more intervention from me needed to get it merged?  Or does Gerit do that itself?09:47
ssam2it needs someone in Mergers group to press 'submit'09:48
ssam2I didn't just because there was a comment from Fran still09:48
ssam2but anyway Fran is celebrating his birthday today so let's just merge it :)09:48
bashrc_who is in the mergers group?09:48
ssam2anyone who was previously in baserock-writers is welcome to join, just ask me, pedro, fran or gary09:49
ssam2anyone not previously in baserock-writers can mail baserock-dev asking for access, like before09:49
ssam2(baserock-writers being the group on that allows push access)09:50
Kinnisonssam2: amusingly I don't have permission to see that group09:54
tlsaneither do I09:54
ssam2oh, that's a bit silly09:54
ssam2I think there's a visible_to_all setting for groups, maybe that needs to be set09:55
*** mdunford has quit IRC09:56
ssam2yes, you should be able to see it now09:57
KinnisonYep, can see it now09:57
*** edcragg has joined #baserock09:59
*** gary_perkins has quit IRC10:10
bashrc_in firehose does anyone know the difference between baseref and myref. which is source and which is destination?10:11
*** gary_perkins has joined #baserock10:11
*** mdunford has joined #baserock10:11
*** gary_perkins has quit IRC10:11
KinnisonIf you're operating from the newer firehose code which hadn't been merged yet, then Lauren is your best bet for those questions10:11
Kinnisonperryl: ^^^10:12
*** gary_perkins has joined #baserock10:12
bashrc_it looks like baseref might be the source10:12
perryli don't believe i made any additions involving baseref and myref to what was there already but i'll have a quick look!10:13
Kinnisonperryl: even if not, you were there more recently than I :)10:14
SotKI'd guess baseref is source and myref is dest10:14
perrylindeed! :) i'm trying to cast my mind back10:14
perrylSotK: that would seem reasonable10:14
straycatsent a fix to the list, probably the last patch i'll send to the list10:15
perryli've been elbow deep in morph and distbuild lately so all the firehose knowledge i have has been displaced :(10:16
perrylhmm...actually, would baseref be the current SHA1 and myref be the new one that firehose looks to update with?10:18
ssam2openssl's user interface is like an avant-garde text adventure.10:20
rjekI thought it was much worse than that. :)10:21
Kinnisonssam2: it can be :)10:21
* Kinnison dances through it regularly though, so I know the xyzzy words10:21
rjekIt's like the Hitchhiker's text adventure: there's something you must do right at the beginning of the story, otherwise hours later you get eaten by a dog and have to start over.10:21
* radiofree checks pockets for fluff10:25
* Kinnison fortunately has never had a common-sense particle10:28
* rjek drops no tea.10:29
bashrc_actually I think my understanding was wrong. in firehose baseref appears to just refer to the master branch against which you could do rebases11:00
ssam2Kinnison: seems cherokee-admin does indeed always appear on port 9090, i must have been misremembering11:13
locallycompactgetting this with gerrit
Kinnisonlocallycompact: Have you followed the instructions to get the commit-msg hook into your repo?11:17
Kinnisontry git commit --amend11:18
Kinnisonand then re-push11:18
Kinnisonso the script gets a chance to insert the change id11:18
locallycompactah I see11:18
KinnisonIt's a tad awkward to begin with :)11:18
locallycompactwait so I have to recommit all of my branch history in order to submit to gerrit?11:19
Kinnisononly the commits you want pushed11:19
Kinnisoneach commit which you want as a proposed change in gerrit needs a change id11:19
straycatlocallycompact, ocaml! awesome :)11:19
locallycompactbut that's like a gazillion things11:19
Kinnisonlocallycompact: I'd rebase and compress them into fewer changes then11:20
Kinnisonlocallycompact: because if you submit a topic with a gazillion patches in it, someone will cry11:20
Kinnisonand that someone will be everybody who reviews patches on gerrit11:20
straycatyou can apparently do the merge yourself and submit the merge commit, allowing you to keep the linear history but only submit one change11:20
straycatof course this is no easier to review than squashing the whole thing, and i've not actually tried it so don't know whether it even works11:21
* locallycompact points out that he's never had a problem reviewing patches with a gazillion ^ gazillion commits on a mailing list11:24
Kinnisonlocallycompact: different approaches have different strengths11:25
Zaraare we collecting the gerrit vs ML pros/cons anywhere? might be useful to have a quick reference so we can see what's fixable and get a clearer overall picture.11:26
locallycompactThe obvious advantage here is that it's easier for johnny random to push to somewhere reviewable11:26
locallycompactBut it's definitely going to slow down my world11:27
straycatpremerge testing seems to be the main advantage11:30
* straycat probably ought to get on with other things11:31
persiastraycat: Why is a merge commit no easier to review?  How do you review?11:32
* persia mostly fetches the candidate branch into a local repo, and investigates locally11:32
straycatI tend to read through the series first, which clearly isn't possible if you've submitted the merge commit to gerrit11:33
*** tiagogomes_ has quit IRC11:33
persialocallycompact: The transition is annoying, but if you 1) add the hook so that you don't have to amend your commits, and 2) publish patches for review early and often, it ought be less bad.11:33
*** tiagogomes_ has joined #baserock11:33
persiastraycat: Ah, yes, if you want to read the series without doing local git stuff, the gerrit interfaces don't handle that case well at all.11:34
* persia generally tries not to use the gerrit web UI11:34
radiofreei wanted to try gerrty there's not https11:51
ssam2there will be https soon11:51
radiofreethere's also an inbuilt ui you can use over ssh11:51
ssam2also, there will be some infrastructure downtime today while I set up https. sorry11:53
* ssam2 disables the 'force everything through https' option again11:54
radiofreejjardon: regarding the kernel updates. It's obviously nice to have, but shouldn't be testing them?11:55
straycatradiofree, yes i've used that to do review, it's possible to fetch in your refs, review the git log and then comment using that12:01
straycatnot currently possible to do inline comments, but that's coming in 2.1112:01
*** zoli__ has quit IRC12:16
*** zoli__ has joined #baserock12:17
jjardonradiofree: sure, but I do not have hardware/time to test all the devices baserock support. Maybe I should resend the patch only for x86 and wait for the pre-commit build server to be running to send the rest12:47
ssam2the first iteration of that will also be x86 only12:48
ssam2as x86 is easiest to set up12:48
radiofreei think it should be up to anyone using/maintaining the other systems to upgrade the kernel12:49
jjardonok, will resend the patch12:49
radiofreepedroalvarez: you had a hack for state1-gcc when cross bootstrapping12:49
radiofreedo you have to be on a similar architecture to be able to cross-bootstrap?12:50
radiofreei seem to remember cross-bootstrapping to armv7b working when i tried it on an armv7lhf, however on x86_64 it's failing12:51
jjardonand BTW, when we get there,  Im of the opinnion that not in the CI = not supported and should be removed from definitions or moved to a non-supported folder12:51
radiofreeso you want to remove gtk3 from definitions?12:52
KinnisonI think he'd rather get it into CI :)12:52
radiofreecross-bootstrapping armv7lhf on x86_64 also fails12:53
radiofreei guess armv7*)   sed -i "s/--host=none/--host=armv7a/" o/Makefile is wrong there12:54
Kinnisonbaserock has a pastebin too y'know :)12:54
Kinnisonit's even in the /topic12:54
jjardonradiofree: I was talking about bs support, no strata12:54
jjardonnever remove gtk3! :P12:54
locallycompactwhat happened do the gitlab ci systems?12:55
KinnisonWe abandoned gitlab as a bad thing12:56
locallycompactWhy is it a bad thing12:56
KinnisonI think, for the engineers, it was too prescriptive, didn't really give us the control we were after, and yet didn't give us the flexibility we wanted either12:58
KinnisonIt wasa lot of overhead to admin the CI bit too IIRC12:58
SotKa lot of overhead and little/no benefit12:59
jjardonlocallycompact: about the reason for the removal, from the git history: "As far as I know, these are out of date, unmaintained and nobody is using them. It was definitely a useful learning process to integrate Gitlab into baserock, but I think this is now just taking up space in definitions.git needlessly."12:59
SotKthe state of GitLab CI back then was such that for our purposes it was not giving us anything a cronjob couldn't13:00
locallycompactI might investigate that later, I was curious about it as a sturdy box to help with the lifecycle of something non-baserock.13:02
Krinhmm, how do i give a +1 or -1 on gerrit?13:03
KinnisonKrin: You add any inline comments you want on the deltas13:03
KinnisonKrin: then press the 'reply' button near the top-middle on th summary page13:03
Kinnison(non-obvious UI :( )13:03
pedroalvarezradiofree: yes, the sed is wrong for cross-bootstrap13:04
Krinahh, yep that works. and yes that is a bit...13:04
radiofreepedroalvarez: what was your hack?13:06
Zarais there scope for us to improve our gerrit UI? I don't know much about how it's been put together behind the scenes13:06
pedroalvarezradiofree: get the cpu with uname -m and s/host=none/host=$cpu/13:09
radiofreealready tried that but it didn't work13:11
radiofree+      armv7*)   sed -i "s/--host=none/--host=x86_64/" o/Makefile13:11
pedroalvarezThat bit fixed building stage1 for me13:12
pedroalvarezBut without se13:12
pedroalvarezSed ing the target, it will fail when using this gcc13:12
straycatZara, it should be possible for us to write tools for/improve existing tools that interact with gerrit13:14
kejiahuhi, can anybody have a quick look at please?13:15
Zarastraycat: cool, that's a relief :)13:20
*** Stanto has joined #baserock13:33
Stanto seems to give a 50313:40
SotKhmm, as does
pedroalvarezStanto, SotK, thanks for poiting that out.13:44
pedroalvarezI'll take a look at it13:45
pedroalvarezkejiahu: I think we fixed that error in:
kejiahupedroalvarez: oh I see, thanks13:49
Zaraokay, so pedroalvarez discovered that my subunit weirdness last night was down to the version in defaulting to 0.0. In my system, ecdsa is also set to version 0.0.0, suggesting that ecdsa's might be doing the same thing. jic that's relevant to anyone here.13:54
pedroalvarezStanto, SotK, Identified the problem. Fixing now.13:54
SotKpedroalvarez: thanks!13:55
pedroalvarezStanto, SotK. Fixed.14:10
ssam2suddenly it's really annoying that OpenIDs contain the URL scheme.14:40
ssam2if redirects to, I think Gerrit will be confused.14:41
ssam2sorry for the temporary Gerrit breakage, will revert the http -> https redirection until I work out what to do about this14:43
ssam2gerrit seems to have broken now, I've no idea what's wrong. sorry14:47
ssam2service says it's running and there are no errors, but it's refusing connections14:47
ssam2oh, it was just taking even longer to start up than usual! never mind14:49
Kinnisonssam2: presumably you can poke the DB to shunt everyone's IDs to https though14:50
pedroalvarezyes, that is the plan :)14:51
radiofreee-mail from gerrit \o/15:03
radiofreeso polite15:03
ssam2 works now by the way15:04
ssam2but you can't use HTTPS for openids yet, still working on that15:04
* jjardon will buy beers to ssam2 tonigth15:04
jjardonShould I assume is the latest generated with latest definitions?15:25
KinnisonNo it'll be generated with whatever the definitions were the last time Pedro or Sam announced a release15:25
pedroalvarezindeed, currently 15.10 IIRC15:26
pedroalvarezbut yes, I'd be really cool to have a download link to the latest15:26
ssam2Kinnison: or anyone else. we don't have a defined release team.15:29
ssam2but Pedro seems to be the only one to do them15:29
* jjardon updating
Kinnisonssam2: :)15:30
Kinnisonpedroalvarez: how do you type that?15:30
locallycompactKinnison: It's a photograph15:31
bashrc_tls at last15:31
Kinnisonlocallycompact: :)15:31
jjardonI think the goal is to not need one: every commit is a valid release15:31
jjardon(not need a r-t)15:31
Kinnisonjjardon: once we have fully functional CI, that's quite possible yes15:31
ssam2that's a goal in the same way as world peace is a goal, though15:31
ssam2CI can never catch all the problems that might actually affect a user15:31
Kinnisonssam2: the problem with foolproof plans....15:32
jjardonssam2: I understand your point but not entirely agree, with the ci system we can test and verify more and better than what we currently do for releases15:36
jjardonssam2: FYI, I get "Internal Server Error" when trying to login in storyboard15:43
ssam2oh, storyboard breaks too!15:45
ssam2i'm going to concentrate on Gerrit first15:45
* pedroalvarez creates a story to fix storyboard15:47
straycatwoohoo https!16:07
ssam2the openid provider is full of surprises, I just got this message16:09
ssam2This request claims to be from but I have determined that it is a pack of lies. Beware, if you release information to them, they are likely to do unconscionable things with it, being the lying liars that they are.'16:09
ssam2hopefully updating gerrit's canonicalWebUrl setting will fix it16:09
straycatheheh, i just got that16:09
straycatredirection problem?16:10
radiofree503 on gerrit, known issue?16:11
ssam2everything is broken, sorry16:11
straycatwell, this seems like a good time to make tea16:15
straycatrdale, would it not be better to submit your openssh patch upstream?16:26
rdalea lot of the musl patches have got into later versions - our openssh isn't the latest16:27
rdalebut i can check to make sure16:27
pedroalvarezrdale: in that case we can upgrade to a newer version of openssh ?16:28
rdaleyes, although there might be security implications of moving to a newer version - ideally it would be better of course16:29
rdaleactually V_6_7 is the latest tag, and we're on that in the baserock/morph branch16:31
rdalein the master branch they've fixed 1/2 of my patches, but not 2/2 - so maybe i should submit 2/2 upstream16:34
*** Krin has quit IRC16:42
ssam2ok, storyboard and gerrit should both work again, everything should go over HTTPS now16:45
ssam2please let me know if anything doesn't work16:45 still uses a self-signed cert for now16:46
pedroalvarezbrilliant ssam2! thanks!!16:47
* radiofree hopes there's an appropriate "I know what i'm doing" cat image for ssam216:47
*** Krin has joined #baserock16:48
* radiofree slowclaps16:48
rdalewhat is swift - i assume it isn't the apple programming language16:50
radiofreeor taylor16:51
rjekrdale: A poorly-chosen name due to its ungoogability.16:51
rdalethat too16:51
* locallycompact wonders how to improve the data layout for those kinds of modifications16:51
jjardonrdale: I think16:52
locallycompactThe amount of devel-insert-bsp-here.morph systems is potentially limitless but each have desirably identical strata16:52
radiofreelocallycompact: yeah i've mentioned this before16:53
radiofreein most cases it's just the bsp that needs changing16:53
radiofreewould be good if you do do base-system.morph and an additional bsp.morph or something16:53
radiofreemorph build system base with this bsp.morph16:53
locallycompacttemplate systems or subsystems ro something16:53
straycatrdale, no it's a distributed object store used by openstack16:54
rdaleok thanks - i'm just looking at the docs16:54
straycatsorry, my next patch will go to gerrit i'm sure16:54
jjardonlocallycompact: yes, the same for every strata: now the compilation options are fixed, if there is a variant you have to duplicate all the strata on top16:54
jjardonThe idea is to solve that with conditional definitions16:55
straycatthere was no agreement on conditional definitions16:55
jjardonlocallycompact: some context:
straycatSotK, you can use topic:foo in the box at the top to filter16:57
straycatactually it's quite good16:57
jjardonstraycat: I do not think so, no. If I remember correctly one of the options the people like more is to adopt the ansible? syntax for this16:57
*** CTtpollard has quit IRC16:58
pedroalvarezjjardon: but richard_maw didn't like the idea17:00
pedroalvarezand we stopped thinking about it17:00
*** zoli__ has quit IRC17:08
*** zoli__ has joined #baserock17:09
*** zoli__ has quit IRC17:13
*** mdunford has quit IRC17:25
*** zoli__ has joined #baserock17:27
*** zoli__ has quit IRC17:31
*** zoli__ has joined #baserock17:31
*** mdunford has joined #baserock17:31
*** zoli__ has quit IRC17:35
*** zoli__ has joined #baserock17:36
*** zoli__ has quit IRC17:38
*** zoli__ has joined #baserock17:39
*** Krin has quit IRC17:41
*** bashrc_ has quit IRC17:53
*** CTtpollard has joined #baserock17:54
ssam2Kinnison: sorry, I don't see a way to increase the login cookie timeout for Gerrit17:56
ssam2 lists nothing that would do that. there is 'auth.maxOpenIdSessionAge' but that's not quite the same thing (and defaults to 'infinite')17:57
*** mdizzle has quit IRC17:57
Kinnisonmaybe it's the openid provider setting the timeout?18:14
ssam2I don't think so, because when you click 'sign in' it forwards you straight back to Gerrit18:14
ssam2so you are still signed in on the openid provider18:14
*** ssam2 has quit IRC18:15
*** CTtpollard has quit IRC18:23
*** rdale has quit IRC18:44
*** gary_perkins has quit IRC18:46
*** locallycompact has quit IRC18:49
*** edcragg has quit IRC18:52
*** tiagogomes_ has quit IRC19:06
*** gfinney has quit IRC19:10
*** zoli___ has joined #baserock19:59
*** zoli__ has quit IRC19:59
*** zoli___ has quit IRC19:59
*** zoli__ has joined #baserock19:59
*** zoli__ has quit IRC22:11
richard_mawpedroalvarez, jjardon: I didn't like the idea of textual substitution being how variants worked, also ansible-style interpolation is different from jinja2's normal process, as ansible's interpolation happens _after_ all the yaml has been loaded, and is applied to pre-defined fields23:10

Generated by 2.14.0 by Marius Gedminas - find it at!