IRC logs for #baserock for Monday, 2015-06-01

*** edcragg has quit IRC		00:12
*** seb__ has joined #baserock		01:13
*** seb__ has quit IRC		02:09
*** seb__ has joined #baserock		03:27
*** zoli__ has quit IRC		03:27
*** zoli__ has joined #baserock		03:28
*** seb__ has quit IRC		03:36
*** seb__ has joined #baserock		05:03
*** zoli__ has quit IRC		05:47
*** zoli__ has joined #baserock		05:48
*** zoli__ has quit IRC		05:54
*** seb__ has quit IRC		06:45
*** seb__ has joined #baserock		06:47
*** a1exhughe5 has joined #baserock		06:48
*** seb__ has quit IRC		06:52
*** mike has joined #baserock		06:57
*** mike is now known as Guest15731		06:57
*** paulw has joined #baserock		07:01
*** rdale has joined #baserock		07:21
*** zoli__ has joined #baserock		07:25
*** seb__ has joined #baserock		07:31
*** zoli__ has quit IRC		07:45
*** mariaderidder has joined #baserock		07:46
*** a1exhughe5 has quit IRC		07:50
*** seb__ has quit IRC		07:58
*** gary_perkins has joined #baserock		07:59
straycat	http://mako.cc/writing/hill-free_tools.html is compelling, i'd not really considered using bitbucket and the like as harmful, but that argument at least persuaded me that the savings i make by hosting on bitbucket aren't worth the potential costs to our freedom	08:02
* paulsher1ood agrees		08:04
paulsher1ood	but it'd be hard to give up googledocs, github etc...	08:04
rjek	<insert normal rjek cloud skepticism here>	08:05
*** zoli__ has joined #baserock		08:05
paulsher1ood	i've got that set as my global default now, rjek - no need to explicitly enable it here :)	08:06
rjek	:)	08:08
*** a1exhughe5 has joined #baserock		08:08
*** bashrc_ has joined #baserock		08:09
paulsher1ood	any thoughts on 15:24 < paulsher1ood> 'mount: only root can use "--types" option'... but i'm root!?	08:09
rjek	paulsher1ood: How did you become root?	08:10
paulsher1ood	sudu	08:11
paulsher1ood	sudo	08:11
rjek	If with login/su/sudo, then boggle. If via a chroot/container/fakeroot, then you may not have had the capability transfered.	08:11
* rjek would strace mount and see which system call is failing and with what error		08:11
paulsher1ood	that's beyond my skills	08:12
rjek	strace mount -t ...	08:12
rjek	Then you can paste the last bit of output and we can have a look	08:12
paulsher1ood	the problem is occuring during execution of one of the morph/ybd 'containerised' commands	08:14
paulsher1ood	s/one of/all of/	08:14
rjek	Ah, if it's containerised you may not /actually/ be root	08:14
rjek	containers have much finer-grained permissions	08:15
paulsher1ood	no, i'm sudo'd first. then running ybd	08:15
paulsher1ood	whoami tells me i'm root	08:15
rjek	And ybd then creates a container to run the build in, yeah?	08:15
paulsher1ood	s/container/magic long command line of doom/	08:15
rjek	If so, the container may not have all of root's privileges and capabilities, but the "whoami" command is ignorant of fine-grained capabilities.	08:15
*** jonathanmaw has joined #baserock		08:16
paulsher1ood	point is, this works in a baserock vm, not on ec2	08:16
rjek	That seems surprising.	08:17
rjek	linux-user-chroot should be doing the same thing in both a Baserock VM and EC2.	08:17
rjek	Because EC2 is just a Baserock VM :)	08:17
rjek	Anyway, my understanding is that linux-user-chroot throws away almost all capiabilities and things like mount probably won't work inside one.	08:18
rjek	(For good reason; you could mount something that lets you escape the container.)	08:18
jjardon	hopefully this will be a good alternative to Google docs: http://blog.documentfoundation.org/2015/03/25/libreoffice-to-become-the-cornerstone-of-the-worlds-first-universal-productivity-solution/ (owncloud has a app to edit docs but it doesnt work very well, a least the version I tested)	08:18
bashrc_	what about etherpad?	08:19
rjek	It's fine if you want a text editor. Less good if you want a spreadsheet.	08:20
paulsher1ood	http://paste.baserock.org	08:20
paulsher1ood	rjek: no, this EC2 is not baserock, it's whatever AWS does as default	08:21
bashrc_	ethercalc?	08:21
rjek	paulsher1ood: I have no idea what AWS does by default, sorry.	08:21
rjek	But it would not surprise me if the defaults for linux-user-chroot differed wildly between different Linux distributions.	08:21
paulsher1ood	Linux ip-172-31-27-107 3.14.35-28.38.amzn1.x86_64 #1 SMP Wed Mar 11 22:50:37 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux	08:22
rjek	But mounting things during builds should be really avoided.	08:22
paulsher1ood	agreed	08:22
rjek	There's a reproducability problem there too	08:22
paulsher1ood	where?	08:22
rjek	(Block allocation in modern file systems is not deterministic.)	08:22
jjardon	bashrc_: nice, I didnt know that one	08:23
rjek	(as they delay as long as they can before writing in order to minimise fragmentation and maximise write throughput, so what blocks get allocated where and when is hightly dependant an amount of RAM and other CPU load.)	08:23
paulsher1ood	rjek: why would that affect reproducibility?	08:25
rjek	paulsher1ood: One assumes the file system you're mounting has some input to your build, otherwise why would you be mounting it?	08:26
* paulsher1ood is not mounting it. just re-implementing what morph does		08:26
rjek	Regardless, the reason you can't mount is because linux-user-chroot has forbidden it.	08:26
rjek	(Probably)	08:26
*** ssam2 has joined #baserock		08:30
*** ChanServ sets mode: +v ssam2		08:30
jjardon	209466s in the last build in mason, I think that's a new record	08:47
pedroalvarez	jjardon: 2 days and a half	08:49
pedroalvarez	Is a bit worrying, isn't it?	08:49
tlsa	it doesn't have a distbuild network, does it?	08:50
*** CTtpollard has joined #baserock		08:50
rjek	And is it CPU, I/O, or task-bound?	08:50
ssam2	yes.	08:52
ssam2	and, no distbuild network	08:52
rjek	ah	08:53
mwilliams_ct	straycat: just to check, is there any more work you think I need to do on 729?	09:05
radiofree	i'm pretty sure it didn't take me 2 1/2 days to build a weston system on a jetson	09:06
radiofree	i know it's building devel + openstack as well, but something is happening there	09:06
rjek	radiofree: Your Jetson probably has better I/O than the mason systems	09:06
rjek	Last time I measured it, it was 10MB/sec with ~60ms latency	09:07
radiofree	:\	09:07
rjek	(The VMs have no local storage.)	09:08
*** Krin has joined #baserock		09:17
straycat	mwilliams_ct, biff	09:18
mwilliams_ct	straycat: you're a star, thanks :)	09:19
straycat	:)	09:20
pedroalvarez	err...	09:22
pedroalvarez	just realised that mason built twice some components	09:23
pedroalvarez	e.g. glibc	09:23
*** lachlanmackenzie has joined #baserock		09:23
*** seb__ has joined #baserock		09:23
paulsher1ood	because?	09:25
* richard_maw had heard of some race conditions in some versions of distbuild that would allow that to happen		09:26
*** mariaderidder has quit IRC		09:32
*** seb__ has quit IRC		09:34
*** edcragg has joined #baserock		09:36
straycat	richard_maw, are you by any chance planning to review stuff tomorrow?	09:41
*** mariaderidder has joined #baserock		09:47
*** zoli__ has quit IRC		10:04
richard_maw	straycat: I usually do my reviews on Wednesdays, not tuesdays, though there's a couple of things that may require I defer it further.	10:25
straycat	okay	10:25
straycat	i'll try and help clear the backlog tomorrow then	10:25
richard_maw	thanks straycat	10:25
straycat	np :)	10:26
tlsa	pedroalvarez: "Started building glibc on mason-x86-64:3434" occurs 4 times in https://mason-x86-64.baserock.org/log/6b14ff59f2acf6d6403f014f50e4ad475a36b381--2015-05-29%2004:10:44.log	10:38
tlsa	each time it takes over 10 mins and then transfers glibc-doc to shared artifact cache	10:40
pedroalvarez	ugh...	10:40
pedroalvarez	4 times	10:40
tlsa	4 times for zlib too	10:41
*** kejiahu_ has joined #baserock		10:41
pedroalvarez	also gcc, so I guess that everything else is also quadruplicated	10:41
tlsa	yeah	10:41
*** ssam2_ has joined #baserock		10:41
*** tpollard_ has joined #baserock		10:41
tlsa	and GCC takes half an hour each time	10:42
*** Zara_ has joined #baserock		10:43
*** kejiahu has quit IRC		10:43
*** CTtpollard has quit IRC		10:43
*** ssam2 has quit IRC		10:43
*** Zara has quit IRC		10:43
*** zoli__ has joined #baserock		10:54
*** pacon has joined #baserock		11:05
ssam2_	richard_maw: seems that you were right about linux-user-chroot, it does actually create a new mount namespace unconditionally	11:17
ssam2_	so the call to `unshare --mounts` in unshared_commandline is unneeded when linux-user-chroot is used	11:18
ssam2_	perhaps the reason it's there is for deployments, because we can't run all deployments inside linux-user-chroot, but still want to use a separate mount namespace...	11:18
ssam2_	and also because we can't tell linux-user-chroot to mount a devtmpfs or a tmpfs right now inside that namespace, I guess	11:21
paulsher1ood	does morph even use this stuff for deployment?	11:21
paulsher1ood	ssam2_: ^^	11:22
ssam2_	paulsher1ood: it uses the 'unshare' machinery (to create a new mount namespace) but not linux-user-chroot	11:26
ssam2_	it's nice to have a new mount namespace for deployments because then stale mounts get cleaned up no matter what	11:27
ssam2_	but deployment extensions can still delete the entire host system or whatever else, so we can't really say that we sandbox them at all	11:27
ssam2_	and it's hard to sandbox them because they each need different capabilities (e.g. to deploy to openstack you need to access the network; to deploy to a USB stick you need to access a block device as root, ...)	11:28
*** pacon has quit IRC		11:38
*** pacon has joined #baserock		11:40
*** Krin has quit IRC		11:40
*** pacon has quit IRC		11:43
*** pacon has joined #baserock		11:48
*** Krin has joined #baserock		12:00
richard_maw	ssam2_: the reason for the unshare was so that the mounts that weren't possible with linux-user-chroot could be done without affecting the mounts of the parent namespace	12:00
ssam2_	right	12:01
ssam2_	so adding support for tmpfs mounts to linux-user-chroot should be enough to remove the need for it?	12:01
*** gary_perkins has quit IRC		12:01
*** Krin has quit IRC		12:01
*** franred has quit IRC		12:01
*** ssam2_ has quit IRC		12:01
*** bashrc_ has quit IRC		12:01
*** tpollard_ has quit IRC		12:01
*** paulw has quit IRC		12:01
*** flatmush has quit IRC		12:01
*** edcragg_ has joined #baserock		12:01
*** mariaderidder_ has joined #baserock		12:01
*** paulw has joined #baserock		12:01
*** sherm_ has joined #baserock		12:01
*** Krin has joined #baserock		12:01
*** nowster_ has joined #baserock		12:01
*** franred has joined #baserock		12:02
*** ssam2_ has joined #baserock		12:02
*** tpollard_ has joined #baserock		12:02
*** jonathanmaw_ has joined #baserock		12:02
*** edcragg has quit IRC		12:02
*** jonathanmaw has quit IRC		12:02
*** Guest15731 has quit IRC		12:02
*** a1exhughe5 has quit IRC		12:02
*** bashrc_ has joined #baserock		12:02
*** mariaderidder has quit IRC		12:02
*** nowster has quit IRC		12:02
*** lachlanmackenzie has quit IRC		12:02
ssam2_	assuming we don't start to do anything with devtmpfs... maybe we'd need to add support for devtmpfs mounts to so we can avoid having to pre-create device nodes in the fhs-dirs chunk	12:02
richard_maw	possibly, I don't recall every mount that is attempted, but the overlayfs work also added a new mount that should be isolated	12:02
*** lachlanmackenzie has joined #baserock		12:02
ssam2_	hmm, that's true	12:02
*** gary_perkins has joined #baserock		12:02
*** a1exhughe5 has joined #baserock		12:03
ssam2_	i guess there's not much we can do except try to add those mount types to linux-user-chroot as we need to	12:03
*** flatmush has joined #baserock		12:03
ssam2_	anything else will continue to require the user to be 'root', which my goal is to avoid	12:03
richard_maw	yeah, since enabling unprivileged user namespaces in kernels is not a viable option, since we need to support chroots and distros don't enable unprivileged user namespaces because it's not considered to be secure yet	12:04
richard_maw	which means we also shouldn't use it in our kernels	12:04
SotK	Anyone know what the image-package-example directory and its contents are for in definitions?	12:19
richard_maw	SotK: I used to, let me refresh my memory.	12:21
*** zoli___ has joined #baserock		12:21
richard_maw	SotK: works with image-package.write	12:21
richard_maw	SotK: See clusters/image-package-example.morph	12:22
SotK	richard_maw: thanks	12:22
*** zoli__ has quit IRC		12:25
ssam2_	it's just an example, I'm not sure anyone uses it direclty	12:35
ssam2_	*directly	12:35
*** pacon has quit IRC		12:49
* SotK notes that the description field in "clusters/installer-build-system-x86_64.morph" says that it uses install-files when actually it doesn't		12:50
pedroalvarez	oops	12:52
pedroalvarez	I moved it to its own chunk :/	12:53
ssam2_	seems my proposal to talk about Baserock at EuroPython got accepted	13:19
ssam2_	anyone up for a trip to Bilbao ?	13:19
mwilliams_ct	ssam2_: congrats!	13:21
pedroalvarez	oh that's great	13:23
franred	ssam2_, congrats!! :)	13:23
Zara_	yay! :D	13:25
straycat	ssam2_, awesome :)	13:29
perryl	i'm currently looking at bit-for-bit build reproducibility with regards to morph/ybd, and using the tor project's approach as a kind of guideline of steps i may need to take; a couple of steps involved setting localisation and timezone as LC_ALL=C and TZ=UTC, would these be valid for morph/ybd and if so, where should they be set? i.e. in configuration, for each chunk/strata/system or elsewhere	13:36
ssam2_	they need to be set when you run all the configure/build/install commands	13:38
ssam2_	in ybd I think that's done in the clean_env() function	13:38
ssam2_	in Morph I think it's done in the buildenvironment module	13:38
perryl	ssam2_: thanks, i'll take a look at those now	13:39
pedroalvarez	I need a couple of lorries to fix pyeclib build https://gerrit.baserock.org/741	13:42
pedroalvarez	pyeclib builds a copy of them that embedded on its repo if their are not present at build time	13:43
pedroalvarez	and pyeclib does it really wrong	13:43
pedroalvarez	installing things in /pyeclib.inst/usr/local/lib	13:43
pedroalvarez	Also I found that wpa_supplicant is being installed in /usr/local/sbin :) I might fix that later	13:46
pedroalvarez	thanks franred ssam2_!	13:47
rdale	oh, by the time i had typed in my comment and given you a +1, it had already been merged	13:47
pedroalvarez	rdale: thank you anyway :)	13:50
rdale	np	13:51
Zara_	does the web editor on the baserock wiki work for anyone else? I think it hasn't been working for me for a while.	13:59
*** Zara_ is now known as Zara		14:00
jmacs	It did last time I tried...	14:00
ssam2_	zara: just worked for me now	14:01
jmacs	Yes, works for me	14:01
Zara	ah, the buttons had just moved to the bottom of my screen; I found them when I scrolled down.	14:03
SotK	q	14:12
SotK	this is not vim	14:12
*** paulw has quit IRC		14:14
SotK	Does anyone know why morph copies the contents of deployment extensions that are in definitions into a temporary file and runs that temporary file, rather than just running the script?	14:16
*** paulw has joined #baserock		14:17
Kinnison	i think it's to do with consistency	14:17
Kinnison	and ensuring that files have the right permissions	14:17
Kinnison	etc	14:17
* Kinnison hmms		14:18
Kinnison	Since last week was a short week, I shall not do my weekly trawl-through-old-patches this week	14:18
Kinnison	Enjoy the respite from harranguing	14:18
richard_maw	SotK: also because they were (possibly still are) loaded out of a repository without creating a checkout	14:18
SotK	they are loaded from the definitions checkout in the system branch now I think	14:20
SotK	yes, they are	14:21
SotK	thanks Kinnison, richard_maw	14:22
pedroalvarez	what people would appreciate to have tested before moving to new systemd 220?	14:34
pedroalvarez	My list would be:	14:34
pedroalvarez	- trove	14:34
pedroalvarez	- openstack	14:34
pedroalvarez	- jetson	14:34
Kinnison	devel system	14:36
Kinnison	upgrading and downgrading	14:36
Kinnison	verification that distbuild clusters still come up properly	14:36
Kinnison	and mason	14:36
Kinnison	pls.	14:36
pedroalvarez	good list, thanks Kinnison	14:38
SotK	hmm, what is version 4 of definitions?	14:53
SotK	I ask because morph claims to support it, but VERSION and the wiki say version 3 is the most recent	14:55
SotK	s/most recent/current/	14:55
Kinnison	yay for git diff	14:55
Kinnison	and git log	14:55
Kinnison	and git annotate	14:55
SotK	oh, its for a change in the install-files configure extension	14:58
Kinnison	heh	14:58
Kinnison	do the extensions get told what definitions version they get?	14:58
straycat	iirc, it's not really accessible outside of the source resolver	14:59
*** jonathanmaw_ is now known as jonathanmaw		14:59
SotK	I guess if I want to increment the version because of a change I'm making (moving deployment extensions into a subdirectory - which won't work without an updated morph) then I bump it straight from 3 to 5	14:59
pedroalvarez	SotK: you can't bump definitions version, until there is a release that supports that version of definitions	15:00
pedroalvarez	that's why definitions versions hasn't changed yert	15:01
pedroalvarez	yet*	15:01
pedroalvarez	but go ahead, and make sure that we don't merge the definitions change :)	15:01
pedroalvarez	SotK: also, I believe I moved configuration extensions to a subfolder in the past, and they worked	15:02
SotK	pedroalvarez: I see	15:03
SotK	hmm, I was under the impression that they wouldn't, I'll investigate :)	15:03
pedroalvarez	write exensions may fail, yes	15:03
SotK	afaict the code to locate and run them is the same for both kinds?	15:04
straycat	ssam2_, speaking of unshare the import tool seems to require root because it uses morphlib to run the extensions, do we really want this for the import tool?	15:05
ssam2_	it's not ideal	15:06
ssam2_	probably it's ok to not sandbox the import tool extensions for now	15:06
ssam2_	SotK: maybe moving .configure and .write extensions into definitions doesn't need to require an incompatible change to definitions	15:07
ssam2_	I guess the incompatible thing is moving them into a subdirectory, right?	15:07
SotK	yeah	15:08
Kinnison	SotK: OOI are you making it so that the deployment mechanisms take paths?	15:08
ssam2_	so maybe separate that task out. a patch to move all the .configure and .write extensions into the /root/ of definitions.git wouldn't be incompatible (although it would be ugly)	15:08
Kinnison	SotK: or automagically finding the extensions wherever they are?	15:08
SotK	Kinnison: at the moment automatically finding them wherever they are in definitions	15:09
straycat	ssam2_, nod i think so	15:09
SotK	and planning that they all live in definitions in a subdirectory	15:09
SotK	ssam2_: that will be doable, but it'll make definitions really messy :(	15:10
ssam2_	yes. I guess we'll have to decide whether we prefer to make a release, have messy definitions, or miss out on this feature	15:14
*** paulw has quit IRC		15:14
ssam2_	or give up on backwards compatibility again, but I think that would be dumb	15:15
Kinnison	Are releases hard?	15:15
ssam2_	they're not simple	15:16
*** paulw has joined #baserock		15:16
Kinnison	:-/	15:17
jjardon	Hi, anyone more have issues trying to log in the wiki? I'm getting this error: "Error: OpenID failure: naive_verify_failed_return: Direct contact invalidated ID provider response."	15:21
ssam2_	what openID URL and what wiki URL?	15:22
ssam2_	worked for me with 2 different openIDs	15:23
jjardon	ssam2_: https://launchpad.net/~jjardon	15:29
pedroalvarez	jjardon: nice hair	15:29
rjek	wow much hair	15:29
ssam2_	jjardon: has it worked in the past?	15:30
pedroalvarez	launchpad openID just worked for me	15:31
*** seb__ has joined #baserock		15:31
jjardon	ssam2_: I think so, not completely sure though.	15:32
jjardon	pedroalvarez: thanks :)	15:32
* SotK confirms that moving even configure extensions is incompatible with old morph :(		15:39
pedroalvarez	SotK: I promise I'm doing that in infrastrucutre.git	15:40
pedroalvarez	being this the system: http://git.baserock.org/cgi-bin/cgit.cgi/baserock/baserock/infrastructure.git/tree/baserock_irclogs/systems/irclogs-x86_64.morph	15:41
pedroalvarez	and having the configuration exts in "baserock_irclogs/irclogs.configure"	15:42
SotK	aha, by giving the relative path as the name	15:42
SotK	to move all the existing ones into a subdirectory I'd need to do that in every system for the extensions which are in definitions then	15:44
pedroalvarez	not sure if this is the right approach, although it doesn't look bad to me	15:45
SotK	I think I'd prefer to patch morph, but I wonder if other people think that the above method would be better?	15:47
ssam2_	the above method looks OK if it works	15:48
ssam2_	would be nasty for .write extensions though	15:48
richard_maw	I'd be perfectly happy with patching all our definitions to set subdirectory paths to the configuration extensions in the system definitions and subdirectory paths in clusters for the write extensions	15:50
straycat	seems reasonable to me too	15:51
SotK	I shall do that then	15:51
*** a1exhughe5 has quit IRC		15:53
jmacs	JDK6 requires JDK6 to bootstrap it, apparently. Neither jikes or GCJ come with JDKs later than 1.5. I think we'll have to live with the binary package.	15:53
rjek	:(	15:54
*** gary_perkins has quit IRC		15:59
perryl	i'm trying to build python-core with ybd and getting the following error, can anyone assist? http://paste.baserock.org/eposaqejal	16:09
paulsher1ood	does your machine have network?	16:10
paulsher1ood	perryl: ^^	16:10
* paulsher1ood notices that the error is very unhelpful		16:10
perryl	paulsher1ood: as far as i know, yes	16:11
straycat	perryl, if you can find the gitdir in the ybd cachedir, check whether the contents look sane	16:11
paulsher1ood	can you ping git.baserock.org from it?	16:11
straycat	(the gitdir for stage2-linux-api-headers)	16:11
ssam2_	perryl: did you ctrl+c a build while it was downloading a git repo? that can break ybd	16:11
perryl	paulsher1ood: yes, no packet loss	16:12
ssam2_	have a look in /src/cache/gits/git___git_baserock_org_delta_linux and see if it's a git repo, or some corrupt imitation of a git repo	16:12
straycat	indeed, it will only check for the existence of the directory	16:12
ssam2_	it might be in ~/.ybd/gits either	16:12
perryl	just checked in git__git_baserock_org_delta_linux and it's a tar file rather than a git directory, i assume that is the error	16:13
paulsher1ood	perryl: pls remove the directory and try again. in the meantime i've raised an issue, will fix it soonish unless someone else beats me to it	16:14
perryl	paulsher1ood: done, ybd seems to be working fine now, thanks all!	16:16
*** jonathanmaw has quit IRC		16:16
ssam2_	i've successfully managed to build past stage2-glibc as non-root using YBD	16:18
ssam2_	I had to add 'fakeroot' into the mix though	16:18
paulsher1ood	ssam2_: w00t! :)	16:19
ssam2_	i imagine it'll fail at stage2-fhs-dirs, or just past it, because it won't be able to create proper device nodes	16:19
paulsher1ood	ssam2_: i live in hope that you'll be wrong :)	16:20
ssam2_	if it doesn't, it'll fail at the first non-bootstrap chunk because it won't have 'fakeroot' in the staging area	16:22
ssam2_	this approach would require us to add 'fakeroot' into build-essential	16:22
ssam2_	but that probably isn't too hard	16:22
richard_maw	ssam2_: fakeroot also fakes up the device nodes AIUI	16:23
ssam2_	so it'll be fine up until something tries to actually use one	16:24
richard_maw	yeah	16:24
Kinnison	How are you using fakeroot?	16:24
Kinnison	i.e. where in the command chains	16:24
Kinnison	?	16:24
ssam2_	Kinnison: https://github.com/ssssam/ybd/commit/53b018f66e258a2b5463cf9d9ecb6cfda54fb66d	16:25
ssam2_	it might be possible to use it outside linux-user-chroot instead, actually	16:25
ssam2_	it didn't work when I tried it before, but that may have been because I still had '--unshare-net' (which breaks fakeroot either way)	16:26
Kinnison	ssam2_: and how are you managing the faked?	16:26
ssam2_	ignoring it completely	16:27
ssam2_	seems to be started by 'fakeroot'	16:27
Kinnison	and then shut down again after	16:27
Kinnison	so you'll lose session info	16:27
Kinnison	between the {pre-,,post-}install-commands	16:27
ssam2_	right, that's true	16:27
ssam2_	creating the tarball happens outside the sandbox, so I guess this won't work at all	16:28
Kinnison	yep	16:28
ssam2_	thanks for pointing that out!	16:28
Kinnison	Debian's approach is to fakeroot around the entire build process	16:28
straycat	speaking of running things as non-root, https://gerrit.baserock.org/#/c/751/ will allow us to run the import tool as non-root	16:29
paulsher1ood	cool!	16:31
*** mariaderidder_ has quit IRC		16:32
*** sebh- has joined #baserock		16:38
*** sebh has quit IRC		16:38
*** sebh- is now known as sebh		16:38
*** Krin has quit IRC		16:43
paulsher1ood	Kinnison: can fakeroot be used instead of linux-user-chroot, so drop linux-user-chroot entirely?	16:43
rjek	paulsher1ood: fakeroot won't solve your mount problem either; you're not root at all under fakeroot.	16:47
ssam2_	paulsher1ood: there is a 'fakechroot' program, which could be used instead of linux-user-chroot to provide a subset of the sandboxing linux-user-chroot does	16:48
ssam2_	it relies on LD_PRELOAD instead of linux namespacing. I think Linux namespaces are less fragile.	16:49
ssam2_	and fakechroot doesn't isolate the sandbox from the hosts network, PIDs, mounts, etc. so it'd be a step backwards	16:50
paulsher1ood	ack	16:52
*** bashrc_ has quit IRC		17:04
*** ssam2_ has quit IRC		17:15
*** franred has quit IRC		17:21
*** sherm_ has quit IRC		17:53
*** edcragg_ has quit IRC		18:03
*** lachlanmackenzie has quit IRC		18:20
*** zoli__ has joined #baserock		18:20
*** zoli___ has quit IRC		18:22
*** zoli__ has quit IRC		21:26
*** zoli__ has joined #baserock		21:46
*** seb__ has quit IRC		22:22
*** brlogger has joined #baserock		22:23
*** zoli__ has quit IRC		22:27
*** seb__ has joined #baserock		22:35
*** seb__ has quit IRC		22:48

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!