IRC logs for #baserock for Tuesday, 2016-08-23

*** jjardon_matrix has quit IRC04:00
*** jjardon_matrix has joined #baserock04:45
*** toscalix has joined #baserock06:57
*** anahuelamo has quit IRC07:07
*** anahuelamo has joined #baserock07:08
paulsherwoodleeming: i don't think anyone expressly maintains it currently07:35
*** paulwaters_ has joined #baserock07:42
*** rdale has joined #baserock07:54
*** CTtpollard has quit IRC08:31
*** CTtpollard has joined #baserock08:31
*** jonathanmaw has joined #baserock08:35
*** toscalix has quit IRC08:56
*** toscalix has joined #baserock08:57
leemingpaulsherwood, thought so. I might need to patch it later then =) just wondering who'd volunteer for code review/sanity check08:59
*** CTtpollard has quit IRC09:05
paulsherwoodi can review09:07
*** CTtpollard has joined #baserock09:08
leemingok cool, not promising anything yet though. just a possibility09:09
*** locallycompact has joined #baserock09:28
jjardonpaulsherwood: to calculate the cache key; does ybd take the ref: value directly or it takes the commit sha in case the ref: is a branch?10:00
locallycompactit takes the tree sha aiui10:01
paulsherwoodjjardon: tree sha, as locallycompact says10:04
paulsherwoodjjardon: so a tag, or a branch, or a rebase, or a squash can all point to the same tree, and no need for a rebuild10:04
jjardonmmm, Ive changed a commit for a branch name and I didnt get a rebuild, so I wonder what has happened (I built the same branch name before, but pointing to a different commit)10:06
paulsherwooddid the change in commit actually change the tree?10:07
paulsherwoodit's possible to get the same tree with different commits10:07
richard_mawit's very common to have the same tree with different commits (e.g. you reverted back to something you had already built, or you built a development branch that was then merged10:09
jjardonyeah, the contents of the repo are different from anything I built before10:14
jjardonwhat is the process to have images in ?10:16
paulsherwoodjjardon: if what you are saying is correct, this would be a serious bug... can i investigate somehow?10:16
jjardonpaulsherwood: sure, let me recheck to be sure10:16
pedroalvarezjjardon: the process is to give the images to some member of baserock-ops team10:17
jjardonpedroalvarez: right, who is in the baserock-ops team?10:18
pedroalvarezjjardon: listed here
pedroalvarezI can help you this time10:19
jjardonpedroalvarez: I do not have anything yet; I was only curious . Thanks for the info10:19
pedroalvarezI believe this has been asked before, so feel free to put some info wherever you would have expected it to be10:20
*** fay has joined #baserock10:48
*** fay is now known as Guest8607110:48
*** faybrocklebank has quit IRC10:51
jjardonpaulsherwood: here: Ive changed fhs-dirs to a branch wich contents  have not being built before but it doesn't get rebuild11:14
pedroalvarezjjardon: please, use personal branches when possible11:19
pedroalvarezand also, consider looking at!/story/1111:22
pedroalvarezwhich points at
jjardonoh, nice11:26
pedroalvarezI found that modifiying build-essentials was enough, given that the unpacking would put things in the new place once the symliks were present11:29
pedroalvarezthat is, a chunk that depends on build essential, and install things in /bin, will get its things unpacked in /usr/bin given that is unpacked after the symlinks are created (or fhs-dirs chunk unpacked)11:30
jjardonyeah, that was my plan11:31
jjardonId like to fix all the chunks properly tough, so everything gets directly installed in /usr/lib / /usr/bin11:32
pedroalvarezI found that some of them don't support that in their configuration/build steps11:35
*** Guest86071 has quit IRC11:35
*** Guest86071 has joined #baserock11:35
leemingI have a patch for sandboxlib, but cautious of
persialeeming: Which part of it?11:50
leemingI don't mind following though the steps, but most of it is unknowns for me11:50
leemingor is this only for official releases? :\11:50
persiaFor releases, you'll need someone who has done a release (at least to get you access, and they can probably walk you through the process)11:51
persiaFor some value of official, but if on pypi, anyone who runs `pip install sandboxlib` will get the new version.11:51
leemingI'm happy to just submit a patch on github though11:51
persiaThe test suite is something you should be able to run safely.  Doing stuff with tox is increasingly common, so if you haven't, it's worth learning the dance.11:52
persiaI have no suggestions or recommendations about app container spec compliance.11:52
leemingjust wanting to do things 'right' :)11:53
leemingtox is on my list of things to read up on11:53
leemingI'd like to learn the correct way of packaging up a python project, instead of just a hackjob :)11:53
persiaSadly, there are currently many correct ways, and new ones are introduced in PEPs regularly.  The PyPI process documented for sandboxlib is sufficiently current to be a reasonable target unless you want to forge new ground especially.11:55
leemingoh yes, well I know that python has many approaches. but finding one that sticks is better than not having anything11:56
leeminghmm running tox.. that was a massive load of fail X(11:59
leemingah, either I skipped over something, or linux-user-chroot not listed as a requirement12:02
* leeming has the pypy version installed12:02
leeminghmm.. I think I will add my PR and investigate some of these errors with tox... the master branch fails, so either mis-configured tox.ini or needs additional host setup12:08
leemingpersia, paulsherwood sanity check/code review please -
pedroalvarezleeming: can you trim the first line of your commit message and then add further explanations in the following lines?12:17
pedroalvarezcommit looks good to me12:18
leemingpedroalvarez, done commit amend12:20
pedroalvarezmuch better :) thanks12:22
leeming:) ta12:26
leemingunsure on the mystical powers of updating the pypy version, but at least it is added somewhere12:26
paulsherwoodi think ssam is required for that12:27
leemingyes, thought so12:27
* leeming pushes onto the stack of things to bug him about on his return12:27
*** fay has joined #baserock14:41
*** fay is now known as faybrocklebank14:41
*** Guest86071 has quit IRC14:43
*** fay has joined #baserock14:45
*** fay is now known as Guest7272514:46
* paulsherwood wonders whether running ybd under fakeroot would work14:46
persiaDepends on why the build needs root.  If it needs some capability not available to the user under fakeroot, things will fail.14:47
persiaMost software can be built under fakeroot, so it ought work for many things.14:47
paulsherwoodi think it all comes down to the device nodes14:48
paulsherwoodbut i may be wrong14:49
*** faybrocklebank has quit IRC14:49
rjekfakeroot can cope with device node creation14:49
*** Guest72725 is now known as faybrocklebank14:49
richard_mawdeployment definitely won't work because you'll need to make disk images which involves mounting14:50
richard_mawfakeroot and linux-user-chroot don't work together, so you can't have sandboxing14:50
richard_mawor at least didn't work together14:51
paulsherwoodthanks. i had to give up on l-u-c anyway, because of the 'too many mounts' problem14:52
rjek"deployment" using disc images is a problem14:52
rjekIn general14:52
rjekThere are non-rootly tools that can create drive images though if you really want that14:52
paulsherwoodbut it doesn't work for ordinary chroot either, it seems: 'RuntimeError: Unable to chroot: [Errno 1] Operation not permitted: '/''14:53
richard_mawabout 10 months ago I had another look at the mounts issue again, it is possible to do it with fewer if you bind-mount your staging area to somewhere in /14:53
richard_mawpaulsherwood: there's some LD_PRELOAD hacks that fakeroot-like programs could attempt to fake a chroot, I don't recall whether there's any software that does them, and in either case it would be unsafe to rely on since it would be trivial to thwart and access your host system14:55
leemingwhat is the issue against just requesting sudo/root ?14:55
paulsherwoodbuild tools shouldn't need root14:55
paulsherwoodother build tools don't need root14:56
richard_mawhard to get people to trust your build tool if it builds arbitrary code under root14:56
richard_mawpaulsherwood: unless you want to remove sandboxing (which would require changes to every component you want to build) you need linux-user-chroot/flatpak to do this without root14:57
rjekHmm, Debian and Ubuntu are entirely built unrootly, aren't they?14:58
rjekBut they do sometimes have extensive local patching because the majority of upstreams are mad14:59
paulsherwoodrichard_maw: i don't want to remove sandboxing15:00
paulsherwoodcould we achieve non-root with flatpak?15:00
richard_mawpossibly, I haven't investigated whether it inherited the goal of running without root from linux-user-chroot15:01
leemingthe sandboxlib uses linux-user-chroot?15:01
leemingless of a question than a statement actually :D15:02
paulsherwoodleeming: it falls back to chroot, if l-u-c is not found15:02
richard_mawbut the version of linux-user-chroot that is packaged is so old that it has an arbitrary limit to the number of mounts it supports15:02
leemingahright.. too far outside my knowledge15:02
paulsherwoodmine too15:02
rjekGoogle Bazel has some sort of sandbox thingy15:03
* rjek goes to dig it tout15:03
richard_mawthat doesn't require chrooting, but AIUI it uses seccomp and other rootly tricks to prevent builds from accessing files outside its build tree15:04
richard_mawpaulsherwood: an alternaive would be to compile your own setuid-root helper, but that requires root to install, and it's notoriously difficult to secure, hence the peer verification which has been done on linux-user-chroot15:05
* leeming thinks he should stop submitting trivial issues that turn into non-trivial ones :D15:07
paulsherwoodrichard_maw: thanks. unfortunately i  think i'm incapable of addressing any of this properly without significant help. a customer last week mistook me for a linux person15:07
paulsherwoodleeming: i appreciate you raising the trivial issue, and your suggestion is easy enough to add. but as you can see, the real issue is my lack of linux fu :)15:08
richard_mawwell, you know more than most CEOs of tech companies and know what you don't know15:19
paulsherwoodi'll take a crumb of comfort from that :)15:20
paulsherwoodin other news, ybd inside fakechroot inside fakeroot seems to be making headway :)15:21
richard_maweh? running ybd in a fake chroot? surely it's the builds ybd runs which need to be fake chrooted15:21
rjekfakeroot is nestable, IIRC15:22
paulsherwoodi think, but cannot be sure, that running fakechroot with no args has established its precedence for the actual calls to chroot that ybd is running15:23
paulsherwoodie i've done fakeroot ; fake chroot ; ybd target arch15:23
paulsherwoodie i've done fakeroot ; fakechroot ; ybd target arch15:24
jonathanmawhrm, I'm building a specific version of libical as specified by a source rpm, and it lists byacc as a dependency.15:27
jonathanmawlooking at the history of definitions, I don't think we've ever built byacc, although we've built libical before15:27
jonathanmawIs byacc provided by something else?15:27
jjardonabout sandboxing: ?15:27
jonathanmawah, wikipedia says bison is a replacement for yacc15:28
jonathanmawmystery solved15:29
paulsherwoodjjardon: yes, possibly15:29
richard_mawah, yes, bubblewrap is the bit of flatpak that evolved from linux-user-chroot15:42
* richard_maw had forgotten the distinction15:42
*** jonathanmaw has quit IRC17:05
*** jonathanmaw has joined #baserock17:05
*** jonathanmaw has quit IRC17:05
*** faybrocklebank has quit IRC17:06
*** locallycompact has quit IRC17:25
*** anahuelamo has quit IRC17:33
*** toscalix has quit IRC18:09

Generated by 2.15.3 by Marius Gedminas - find it at!