00:48:09 -GitHub[nikola]:#nikola- [nikola] ralsina created provide-snap (+1 new commit): https://git.io/vo0JI 00:48:09 -GitHub[nikola]:#nikola- nikola/provide-snap 421694d Roberto Alsina: INitial snapcraft packaging 00:48:34 -GitHub[nikola]:#nikola- [nikola] ralsina opened pull request #2375: WIP: Initial snapcraft packaging (master...provide-snap) https://git.io/vo0Jq 00:51:41 <ralsina> ChrisWar1ick: there seems to be something wrong with Nikola in PyPI, it shows 7.7.9 but the files say 7.7.4 :-P 00:53:14 -travis-ci:#nikola- getnikola/nikola#7180 (provide-snap - 421694d : Roberto Alsina): The build passed. 00:53:15 -travis-ci:#nikola- Change view: https://github.com/getnikola/nikola/commit/421694d3dbd3 00:53:15 -travis-ci:#nikola- Build details: https://travis-ci.org/getnikola/nikola/builds/137958882 01:57:43 <[Tritium]> ralsina: check pypi.io 01:58:15 <[Tritium]> pypi.python.org is backed by the same data as pypi.io... but pypi.python.org is falling down under the weight of its own technical debt 01:58:36 <ralsina> ok then 02:08:02 -GitHub[nikola]:#nikola- [nikola] ralsina pushed 2 new commits to provide-snap: https://git.io/vo0I7 02:08:02 -GitHub[nikola]:#nikola- nikola/provide-snap 1adbf5b Roberto Alsina: fix for charset issue 02:08:02 -GitHub[nikola]:#nikola- nikola/provide-snap 6ac8b50 Roberto Alsina: the exact version of the logo for the store 02:12:07 -travis-ci:#nikola- getnikola/nikola#7182 (provide-snap - 6ac8b50 : Roberto Alsina): The build passed. 02:12:08 -travis-ci:#nikola- Change view: https://github.com/getnikola/nikola/compare/421694d3dbd3...6ac8b5091db9 02:12:08 -travis-ci:#nikola- Build details: https://travis-ci.org/getnikola/nikola/builds/137968203 06:29:20 <ChrisWarrick> KwBot: ping 06:29:20 <KwBot> ChrisWarrick: pong 09:46:55 <KwBot> [nikola] re4lfl0w opened issue #2376: INDEX_TEASER = True is active? https://github.com/getnikola/nikola/issues/2376 10:17:59 <KwBot> [nikola] re4lfl0w closed issue #2376: Is INDEX_TEASER = True active correctly? https://github.com/getnikola/nikola/issues/2376 13:05:57 <KwBot> [nikola] re4lfl0w reopened issue #2376: Is INDEX_TEASER = True active correctly? https://github.com/getnikola/nikola/issues/2376 13:12:48 -GitHub[nikola]:#nikola- [nikola] ralsina pushed 2 new commits to provide-snap: https://git.io/voEJP 13:12:48 -GitHub[nikola]:#nikola- nikola/provide-snap 91858b7 Roberto Alsina: better instructions 13:12:48 -GitHub[nikola]:#nikola- nikola/provide-snap 09e22df Roberto Alsina: do confined snap 13:13:44 -GitHub[nikola]:#nikola- [nikola] ralsina pushed 1 new commit to provide-snap: https://git.io/voEJ7 13:13:44 -GitHub[nikola]:#nikola- nikola/provide-snap 3fb22e2 Roberto Alsina: updated 13:14:23 <KwBot> [nikola] ralsina closed issue #2376: How about to insert teaser end automatically? https://github.com/getnikola/nikola/issues/2376 13:18:10 -travis-ci:#nikola- getnikola/nikola#7184 (provide-snap - 09e22df : Roberto Alsina): The build passed. 13:18:11 -travis-ci:#nikola- Change view: https://github.com/getnikola/nikola/compare/6ac8b5091db9...09e22dffe8a4 13:18:11 -travis-ci:#nikola- Build details: https://travis-ci.org/getnikola/nikola/builds/138078816 13:26:36 -travis-ci:#nikola- getnikola/nikola#7186 (provide-snap - 3fb22e2 : Roberto Alsina): The build passed. 13:26:37 -travis-ci:#nikola- Change view: https://github.com/getnikola/nikola/compare/09e22dffe8a4...3fb22e2d8e2b 13:26:37 -travis-ci:#nikola- Build details: https://travis-ci.org/getnikola/nikola/builds/138079073 14:25:12 -GitHub[nikola]:#nikola- [nikola] ralsina pushed 1 new commit to provide-snap: https://git.io/voEGM 14:25:12 -GitHub[nikola]:#nikola- nikola/provide-snap 2b5e7dc Roberto Alsina: reminder 14:30:26 -travis-ci:#nikola- getnikola/nikola#7188 (provide-snap - 2b5e7dc : Roberto Alsina): The build passed. 14:30:27 -travis-ci:#nikola- Change view: https://github.com/getnikola/nikola/compare/3fb22e2d8e2b...2b5e7dcb2bcf 14:30:27 -travis-ci:#nikola- Build details: https://travis-ci.org/getnikola/nikola/builds/138098056 14:45:07 <ralsina> ChrisWarrick: if you want to give nikola-as-a-snap a try, you can do "snap install --devmode nikola" already and it should work :-) 14:45:13 <ralsina> With some minor caveats. 16:02:20 <ChrisWarrick> -> python-apt: found in the AUR 16:02:30 <ChrisWarrick> ralsina: why does snapcraft depend on that? 16:02:40 <ChrisWarrick> -> dpkg: found in the AUR 16:02:57 <ralsina> snapcraft can install debs inside the snap 16:03:05 <ralsina> that way you can do some things much faster 16:03:21 <ralsina> for example, the snap for links is "install the links deb and do these minor things to it" 16:07:43 <ChrisWarrick> well, at least we get to test how broken pkgbuilder (my pet project) is 16:19:13 <[Tritium]> so...snap is a portable wrapper around dpkg? 16:22:09 <ralsina> [Tritium]: not really 16:22:28 <ralsina> [Tritium]: once you have a snap, you don't use debs anymore, dpkg and debs are only used to build the snaps 16:22:49 <ralsina> [Tritium]: snaps are just squashfs images with most dependencies baked in 16:28:32 <[Tritium]> ahh ok 16:28:56 <ChrisWarrick> snapcraft vs docker? 16:29:37 <[Tritium]> deployed apps vs. development environments? 16:30:18 <ChrisWarrick> except many people do the first with docker 16:30:25 <ChrisWarrick> which I don’t get, because docker is crazy 16:31:04 <ralsina> I am not familiar enough with docker :) 16:31:18 <ralsina> But snaps can even use your X server, they just have to request permission to do it 16:31:28 <ralsina> thy are running in your system, just sandboxed 17:28:36 <ChrisWarrick> ralsina: translation, they’re actually sane 17:28:52 <ralsina> well, it's the intention :-) 17:29:26 <ChrisWarrick> wait, how do I use this thing again? 17:29:44 <ChrisWarrick> https://gist.github.com/8bb438a7450c3b736d7e62e5c8a05a44 17:31:55 <ralsina> ChrisWarrick: you don't need to build it, just "snap install nikola" :-) 17:32:04 <ralsina> gotta run for a few 17:32:08 <ChrisWarrick> zsh: command not found: snap 17:32:33 <ChrisWarrick> either there is no arch packge for that, or I’m using it wrong 17:33:11 <ChrisWarrick> ah, it’s supposed to be snapd 17:33:18 <ChrisWarrick> you really failed to name that thing 17:35:23 <ChrisWarrick> well, the package is snapd 17:52:52 <ChrisWarrick> ralsina: where is the snapd complaints department? 18:01:20 <ralsina> ChrisWarrick: bugs.launchpad.net I'll find th right page 18:02:02 <ralsina> if it's about the AUR packaging, @zygoon in twitter works 18:02:34 <ChrisWarrick> it’s more of a minor naming/description issue 18:02:42 <ralsina> https://bugs.launchpad.net/snappy/+filebug 18:04:04 <ChrisWarrick> `snap install nikola` seems to work 18:05:55 <ralsina> ChrisWarrick: that will give you a confined snap 18:06:12 <ralsina> ChrisWarrick: that means you can't write anywhere ouside ~/snap/nikola/x1 or something like that 18:06:33 <ralsina> if you don't have that directory, run "nikola help" once 18:07:22 <ChrisWarrick> does that help with security so much? 18:08:03 <ralsina> ChrisWarrick: well, it's the *only* place on disk you can touch :-) 18:08:18 <ralsina> so, you could install a very evil app and it would not be able to destroy your data 18:08:54 <ChrisWarrick> that very evil app could ask you to add one tiny parameter to your snap install command and call it a day 18:09:01 <ralsina> ChrisWarrick: yes 18:09:10 <ralsina> ChrisWarrick: so, let's not do that ;-) 18:09:29 <ralsina> I suspect at some point --devmode will go away from snap 18:09:42 <ralsina> or at least require a custom snapd or whatever 18:09:51 <ChrisWarrick> ralsina: well, it doesn’t work ? 18:10:03 <ralsina> ChrisWarrick: what doesn't? 18:10:12 <ralsina> ChrisWarrick: at this point, --devmode is ok 18:10:30 <ChrisWarrick> ralsina: https://gist.github.com/458a828a309e6549e397579e0757fe8c 18:10:56 <ralsina> hmmm interesting 18:11:26 <ralsina> I *think* /tmp may be special 18:11:38 <ChrisWarrick> why would ~ be though? 18:11:52 <ralsina> ok, so it seems to be confined anyway 18:12:46 <ralsina> I thought installing with --devmode was like setting the containment to devmode, appears it's not 18:14:33 <ChrisWarrick> https://mjg59.dreamwidth.org/42320.html 18:14:36 <ChrisWarrick> well, that was quick 18:16:15 <ChrisWarrick> does 'snap remove -h' on your side also talk about behavior changing in 16.04 final or is my copy outdated? 18:16:22 <ralsina> nah 18:16:30 <ralsina> that "circumvention" is stupid 18:16:50 <ralsina> it assumes you have access to X. Access to X is not allowed and triggers manual review of the snap 18:17:12 <ralsina> and no X app with X access is going to be allowed except from reliable sources 18:17:37 <ralsina> ChrisWarrick: the help message about remove is wrong 18:17:40 <ralsina> it's old 18:18:15 <ChrisWarrick> how do I purge? 18:18:33 <ralsina> just remove 18:18:38 <ralsina> remove is the new purge 18:25:25 <ChrisWarrick> ralsina: It looks like you need to remove it really nicely for it to work 18:25:41 <ChrisWarrick> ralsina: Or no. There’s something crazier going on here! 18:25:57 <ralsina> ChrisWarrick: I did manage to get snapd in a crazy state at some points yesterday 18:26:02 <ChrisWarrick> https://gist.github.com/d2644feb00773cc7b52dd36db0253e5c 18:26:45 <ralsina> that's indeed weird 18:26:56 <ralsina> you could check syslog for access restrictions 18:27:13 <ralsina> once I get the latest upload approved it would be much better (has full access to ~) 18:28:08 <ChrisWarrick> journalctl has nothing 18:28:39 <ralsina> I don't know journalctl 18:29:00 <ChrisWarrick> /var/log/syslog.log is empty over here 18:31:12 <ChrisWarrick> ralsina: write some snap that prints CWD 18:31:22 <ralsina> ChrisWarrick: it doesn't change CWD 18:31:37 <ralsina> you could strace it 18:34:04 <ChrisWarrick> snaps don’t like being straced 18:34:25 <ralsina> you need to use -f 18:34:35 <ralsina> because there is a wrapper shell script that execs nikola 18:35:03 <ChrisWarrick> that thing wants root 18:35:57 <ChrisWarrick> What if it tried to write to /snap/nikola/4/home/kwpolska? 18:39:06 <ralsina> who knows 18:39:33 <ralsina> ChrisWarrick: I can send you the snap that has access to home for sideloading 18:40:05 <ChrisWarrick> sure, we could try that 18:40:41 <ralsina> ok, uploading, will take a minute or five 18:41:31 <ChrisWarrick> idea: make a snap that runs `strace nikola init -qd foobar` inside the snap 18:42:20 <ralsina> nah, can't be done 18:42:27 <ralsina> or, can but it's a pain the ass 18:42:34 <ralsina> there is a debugging snap somewhere 18:42:54 <ralsina> snappy-debug 18:44:46 <ChrisWarrick> yeah, I’m pretty sure CWD is somewhere in the squashfs filesystem 18:46:47 <ChrisWarrick> /snap/bin/nikola build from my blog: ERROR: Nikola: This command needs to run inside an existing Nikola site. 18:47:10 <ralsina> ChrisWarrick: https://ralsina.me/static/nikola_7.7.9_amd64.snap 18:47:54 <ralsina> remove the ones you have (just in case) and install that one with nikola install nikola*snap 18:51:07 <ChrisWarrick> https://gist.github.com/391e4b2386127e76e108c74b028fce10 18:51:11 <ChrisWarrick> explodes when trying to build 18:51:43 <ChrisWarrick> we need at least en_US.utf-8 locales 18:52:00 <ralsina> there is a lot broken about locales in snap at this point 18:52:14 <ralsina> the shell wrapper does some evil things in that area 18:52:40 <ralsina> the only locale that's erally available for snaps is C.UTF8 and even that one has no charsets 18:52:56 <ralsina> so the wrapper creates that inside the writable area and sets envvars to find it 18:53:02 <ChrisWarrick> /snap/ubuntu-core/122/bin/ls: error while loading shared libraries: libselinux.so.1: cannot open shared object file: No such file or directory 18:53:05 <ChrisWarrick> you’re kidding me 18:53:32 <ralsina> you can't just launch stuff it needs to LD_PRELOAD things 18:54:06 <ChrisWarrick> I don’t want selinux anywhere near my system though 18:54:23 <ralsina> it's not anywhere that can do any harm :-) 18:54:28 <ralsina> it's not even active AFAIK 18:54:37 <ralsina> or rather, why the fuck is it there? I have no idea 18:54:49 <ChrisWarrick> ls -Z can display selinux (in)security contexts 18:56:53 <ralsina> ChrisWarrick: snap uses apparmor 18:57:03 <ralsina> which AFAIK has no selinux in it? 18:57:10 <ChrisWarrick> two different products 18:57:55 <ChrisWarrick> they are both experts in annoying unix admins though 18:58:07 <ralsina> indeed 18:58:22 <ralsina> and getting the apparmor bits just right is the hard part of packaging for snap 18:58:34 <ralsina> or, you can just give up and say "use --devmode" ;-) 18:58:52 <ChrisWarrick> setenforce 0 is one of the better things you can do to a RHEL/derivative server 19:01:01 <ChrisWarrick> snap is a great project, but could use some more polish, and more get-off-my-lawn unix admin love 19:01:11 <ChrisWarrick> anyway, football time 19:04:39 <gour> ChrisWarrick: good luck with Germans ;) 19:05:40 <ralsina> ChrisWarrick: yeah, it's still green 19:05:44 <ralsina> ChrisWarrick: have fun! 19:06:19 <ralsina> ChrisWarrick: if you feel like writing up the issues you found, I'm happy to hand-deliver to the right people