Monday, 2015-08-03

« Sunday, 2015-08-02 Index Tuesday, 2015-08-04 »
*** markvoelker has quit IRC00:02
*** tmcpeak has joined #openstack-security00:12
*** salv-orlando has joined #openstack-security00:46
*** salv-orlando has quit IRC00:55
*** bpokorny has joined #openstack-security01:06
*** jamielennox is now known as jamielennox|away01:08
*** tkelsey has joined #openstack-security01:25
*** tkelsey has quit IRC01:29
*** tjt263 has joined #openstack-security01:52
*** salv-orlando has joined #openstack-security01:54
*** markvoelker has joined #openstack-security01:59
*** markvoelker has quit IRC02:03
*** salv-orlando has quit IRC02:06
*** tmcpeak has quit IRC02:34
*** alejandrito has quit IRC03:12
*** SilkySloth has joined #openstack-security03:21
*** bpokorny has quit IRC03:41
*** bpokorny has joined #openstack-security03:42
*** bpokorny has quit IRC03:42
*** salv-orlando has joined #openstack-security03:52
*** salv-orlando has quit IRC03:58
*** Daviey has quit IRC03:59
*** salv-orl_ has joined #openstack-security04:00
*** markvoelker has joined #openstack-security04:00
*** salv-orl_ has quit IRC04:04
*** markvoelker has quit IRC04:04
*** jamielennox|away is now known as jamielennox04:38
openstackgerritStanislaw Pitucha proposed openstack/anchor: Allow configurable signing backends  https://review.openstack.org/20139404:39
*** Daviey has joined #openstack-security04:58
*** salv-orlando has joined #openstack-security05:03
*** salv-orlando has quit IRC05:06
*** salv-orlando has joined #openstack-security05:11
*** tkelsey has joined #openstack-security05:27
*** tkelsey has quit IRC05:31
*** ig0r_ has joined #openstack-security05:33
openstackgerritStanislaw Pitucha proposed openstack/anchor: Allow configurable signing backends  https://review.openstack.org/20139405:33
openstackgerritStanislaw Pitucha proposed openstack/anchor: Move all plugins to stevedore  https://review.openstack.org/20831105:39
openstackgerritStanislaw Pitucha proposed openstack/anchor: Move all plugins to stevedore  https://review.openstack.org/20831105:41
openstackgerritStanislaw Pitucha proposed openstack/anchor: Allow configurable signing backends  https://review.openstack.org/20139405:41
*** SilkySloth has left #openstack-security05:48
openstackgerritStanislaw Pitucha proposed openstack/anchor: Move all plugins to stevedore  https://review.openstack.org/20831105:51
*** ig0r_ has quit IRC05:53
*** ig0r_ has joined #openstack-security05:56
*** markvoelker has joined #openstack-security06:01
openstackgerritOpenStack Proposal Bot proposed openstack/security-doc: Imported Translations from Transifex  https://review.openstack.org/20832306:01
*** markvoelker has quit IRC06:05
*** pcaruana has quit IRC06:09
*** shohel has joined #openstack-security06:09
*** browne1 has quit IRC07:04
*** UnknownBoy has joined #openstack-security07:06
*** UnknownBoy has quit IRC07:11
*** salv-orlando has quit IRC07:22
*** tjt263 has quit IRC07:25
*** pcaruana has joined #openstack-security07:40
*** rmarathu has joined #openstack-security07:45
rmarathuHow to run bandit on python code which does not have python extension?07:46
*** shohel has quit IRC07:46
*** salv-orlando has joined #openstack-security07:48
*** jamielennox is now known as jamielennox|away07:57
*** markvoelker has joined #openstack-security08:02
*** markvoelker has quit IRC08:06
*** alex_klimov has joined #openstack-security08:16
*** tkelsey has joined #openstack-security08:29
*** mihero has joined #openstack-security08:32
openstackgerritTim Kelsey proposed openstack/bandit: Bug fix for SQL tests  https://review.openstack.org/20751308:54
*** tjt263 has joined #openstack-security08:56
openstackgerritMerged openstack/security-doc: Imported Translations from Transifex  https://review.openstack.org/20832309:03
*** tkelsey has quit IRC09:38
*** tkelsey has joined #openstack-security09:41
*** salv-orlando has quit IRC09:59
*** shohel has joined #openstack-security10:00
*** tkelsey has quit IRC10:02
*** markvoelker has joined #openstack-security10:02
*** markvoelker has quit IRC10:07
*** alex_klimov has quit IRC10:08
*** alex_klimov has joined #openstack-security10:09
*** pcaruana has quit IRC10:57
*** pcaruana has joined #openstack-security11:14
*** edmondsw has joined #openstack-security11:31
*** markvoelker has joined #openstack-security11:33
*** markvoelker has quit IRC11:38
*** markvoelker_ has joined #openstack-security11:54
*** viraptor has quit IRC12:06
*** tkelsey has joined #openstack-security12:17
*** shohel has quit IRC12:25
openstackgerritTim Kelsey proposed openstack/bandit: Adding assert_used documentation  https://review.openstack.org/20710412:28
openstackgerritTim Kelsey proposed openstack/bandit: Adding any_other_function_with_shell_equals_true documentation  https://review.openstack.org/20709912:33
*** daemontool_ has joined #openstack-security12:33
*** tmcpeak has joined #openstack-security12:38
openstackgerritTim Kelsey proposed openstack/bandit: Adding documentation for configuration  https://review.openstack.org/20550112:40
openstackgerritTim Kelsey proposed openstack/bandit: Bug fix for SQL tests  https://review.openstack.org/20751312:46
*** daemontool_ is now known as marzif12:46
tkelseytmcpeak: you about?12:46
*** browne has joined #openstack-security12:57
*** markvoelker_ has quit IRC13:02
openstackgerritTim Kelsey proposed openstack/bandit: Bug fix for SQL tests  https://review.openstack.org/20751313:02
*** markvoelker has joined #openstack-security13:04
openstackgerritTim Kelsey proposed openstack/bandit: Adding "execute_with_run_as_root_equals_true" documentation  https://review.openstack.org/20847013:12
*** browne has quit IRC13:13
*** zul has joined #openstack-security13:21
openstackgerritTim Kelsey proposed openstack/bandit: Adding "hardcoded_bind_all_interfaces" documentation  https://review.openstack.org/20847513:21
*** ig0r_ has quit IRC13:26
openstackgerritTim Kelsey proposed openstack/bandit: Adding "hardcoded_password" documentation  https://review.openstack.org/20847913:29
*** singlethink has joined #openstack-security13:32
*** ig0r__ has joined #openstack-security13:33
openstackgerritTim Kelsey proposed openstack/bandit: Adding "hardcoded_sql_expressions" documentation  https://review.openstack.org/20848013:35
*** sdake has joined #openstack-security13:41
*** ig0r__ has quit IRC13:44
openstackgerritTim Kelsey proposed openstack/bandit: Adding "hardcoded_tmp_directory" documentation  https://review.openstack.org/20848213:44
*** h00327910__ has quit IRC13:48
*** bknudson has quit IRC13:49
*** browne has joined #openstack-security13:50
*** singleth_ has joined #openstack-security13:52
*** sigmavirus24_awa is now known as sigmavirus2413:54
*** singlethink has quit IRC13:55
*** browne has quit IRC14:08
openstackgerritTim Kelsey proposed openstack/bandit: Adding "hardcoded_password" documentation  https://review.openstack.org/20847914:11
*** bknudson has joined #openstack-security14:13
*** ig0r__ has joined #openstack-security14:14
*** sdake has quit IRC14:16
*** sdake has joined #openstack-security14:24
*** elmiko_ has joined #openstack-security14:32
*** elmiko_ is now known as __elmiko14:32
*** __elmiko is now known as _el_miko14:32
*** _el_miko has left #openstack-security14:33
*** voodookid has joined #openstack-security14:33
tmcpeakDaviey: around?14:34
tmcpeakor elmiko14:34
Davieytmcpeak: here14:34
tmcpeakcool - saw there was something going on last Thurs/Friday about somebody wanting to submit a change?14:34
elmikotmcpeak: hey14:34
tmcpeakyo, just caught part of the logs from last week14:35
tmcpeakand also a pull request on my personal Bandit repo :)14:35
sigmavirus24yeah that was someone trying bandit out at their job14:35
tmcpeakawesome14:35
tmcpeakwe like that14:35
DavieyOh yeah14:36
sigmavirus24they wanted to add the right bug link to the README14:36
sigmavirus24but didn't want to sign the CLA etc14:36
tmcpeakahh ok14:36
DavieyIt was a trivial 2 line change saying "please use launchpad"14:36
sigmavirus24This is why the GitHub monoculture is really hurting OSS14:36
Daviey(a bit better than that, but YKWIM)14:36
tmcpeakyeah cool14:36
tmcpeakany idea what the company is?14:37
DavieyI asked the infra chaps if we could simply sponsor his commit from GH to Gerrit.. and it seems we need to talk to lawyers.. FML14:37
sigmavirus24Also they found what (I think might be a legitimate) bug in which when using bandit with -l{1,} and no issues are reported, it still exists with a non-zero status if lower issues were found14:37
tmcpeaklol14:37
tmcpeaksigmavirus24: oh, that's a good bug14:37
sigmavirus24yeah14:37
tmcpeakok cool, all that current on Launchpad?14:37
sigmavirus24they filed it for us14:37
tmcpeakgreat14:38
elmikoeven if you don't want to sign the CLA and submit the patch, the next best approach imo is to post on bugs.launchpad.net14:38
sigmavirus24https://bugs.launchpad.net/bandit/+bug/148001414:38
openstackLaunchpad bug 1480014 in Bandit "bandit does not respect -level for exit code" [Undecided,New]14:38
Davieybug 148001414:38
*** voodookid has quit IRC14:38
Davieygah, sigmavirus24 is faster14:38
tmcpeakelmiko: yeah, agree14:38
sigmavirus24Daviey: that's not always a good thing ;)14:38
tmcpeakcool ok14:38
tmcpeakso I'm hoping we can push Bandit 0.13 by Weds14:38
tmcpeakI have a simplish change I'd like to make to JSON output to include timestamp14:39
tmcpeakand then wrap up bugs14:39
tmcpeakand circle back on in flight reviews14:39
Davieysigmavirus24: BTW, I watched your pycon talk.. I found it really interesting.. Most of the requests mocking would have been useful to me last year when i was trying to do it.. but the vcr/betamax stuff was entirely new to me.14:39
tmcpeakI spoke with tkelsey earlier and we decided to punt on docs to 0.1414:39
tmcpeakDaviey: link?14:40
sigmavirus24Daviey: yeah betamax is still young in my mind14:40
tmcpeakI wanna watch :D14:40
sigmavirus24tmcpeak: google my name and "PyCon 2015"14:40
sigmavirus24=P14:40
tmcpeakhttps://us.pycon.org/2015/schedule/presentation/344/14:40
sigmavirus24yes that's it14:40
tmcpeakLMGTFY14:40
Davieyhttps://www.youtube.com/watch?v=YHbKxFcDltM14:40
tmcpeaksweet14:40
sigmavirus24Also14:40
sigmavirus24I love how the chatter between myself and the session chair was recorded14:41
tmcpeaklol yeah14:41
sigmavirus24If you didn't already know my opinions on Q&A at conference talks, you do now14:41
tmcpeak"A brief and opinionated view of testing applications"… opinionated? who Ian?14:42
DavieyOne of the larger talks I did i tripped on the stage and face planted.. The editing of the video hid this bit :)[C14:42
tmcpeakDaviey: lol, really? full faceplant?14:42
Davieytmcpeak: Yeah, i tripped on a cable... mid talk, walking across the stage.14:42
tmcpeakeek, bummer14:42
DavieyEveryone burst into laughter.14:42
tmcpeakstuff of nightmares bro14:43
sigmavirus24Daviey: and this is why I don't try to multitask during talks14:43
sigmavirus24I have a hard enough time controlling my nerves so I don't skip 5 slides ahead with content14:43
* sigmavirus24 skipped almost 7 slides at PyTennessee in front of a much smaller crowd than at PyCon14:43
tmcpeaklol damn sigmavirus24 projects much?14:43
sigmavirus24tmcpeak: that's like not many of them14:44
sigmavirus24I just like screwing with people is all14:44
sigmavirus24"I didn't know this dude maintained X. I use X all the time!"14:44
elmikowait, sigmavirus24 is on the Xorg team too?14:44
elmiko;)14:44
sigmavirus24no14:44
sigmavirus24not even funny14:45
elmikohahaha14:45
sigmavirus24wayland or bust14:45
sigmavirus24lol14:45
elmikofair...14:45
DavieyNot X Server, but X Files - this is sigmavirus24 - http://images.simplysyndicated.com/wp-content/uploads/2015/05/dirt-dave-and-gill.jpg14:45
sigmavirus24I need to get back to my C roots14:45
sigmavirus24also my chroots14:45
sigmavirus24*rimshot*14:45
elmikolol14:46
elmikoDaviey: nice14:46
sigmavirus24Daviey: why am I scully and molder?14:50
Davieysigmavirus24: "Not X Server, but X Files"14:51
*** voodookid has joined #openstack-security14:51
* sigmavirus24 suspects he needs more coffe14:51
sigmavirus24*coffee14:51
tmcpeaklol "because you don't sleep like a normal human being"14:55
*** barra204 has joined #openstack-security14:57
*** bpokorny has joined #openstack-security14:57
tmcpeaksigmavirus24: legit talk15:07
sigmavirus24tmcpeak: did I say "I don't sleep like a normal human being" in my talk?15:08
sigmavirus24I don't even remember anymore15:08
tmcpeakhaha yeah15:08
sigmavirus24I wasn't lieing15:08
sigmavirus24or lying15:08
tmcpeakwell you implied you don't ;)15:08
sigmavirus24or whatever15:08
* sigmavirus24 needs coffee15:08
sigmavirus24I legitimately will wake up in the middle of a night with a fix for a bug and write it down15:09
sigmavirus24That way I dont' forget15:09
*** ig0r__ has quit IRC15:09
tmcpeakthat's legit - way to use the sleep.  I usually don't write it down so that if I remember in the morning I determine it's good, and if I don't remember I decide it was probably crap15:09
*** barra204 has quit IRC15:09
*** tkelsey has quit IRC15:10
*** pcaruana has quit IRC15:13
*** shakamunyi has joined #openstack-security15:14
*** shakamunyi is now known as barra20415:16
*** barra204 has quit IRC15:26
tmcpeakquick poll (Daviey, sigmavirus24, browne, tkelsey): I'm planning to add a run timestamp to JSON Bandit output.  Should the timestamp be generated as part of main bandit and made available to all reports, or should it be part of the JSON reporting module?  I'm leaning towards making it available for all reports15:38
sigmavirus24+1 for all reports15:39
tmcpeakgreat - thought so also, just wanted a sanity check15:39
sigmavirus24Also please use a timezone agnostic timestamp?15:39
tmcpeakyeah, GMT15:39
sigmavirus24something like 2014-08-03T13:00:00Z15:39
tmcpeakok cool15:40
*** barra204 has joined #openstack-security15:40
sigmavirus24That's one of the more common ISO8601 datetime formats15:40
sigmavirus24please to be using it15:40
sigmavirus24I should have the strformat somewhere in github3.py15:40
sigmavirus24tmcpeak: https://github.com/sigmavirus24/github3.py/blob/develop/github3/models.py#L2215:41
sigmavirus24I really don't know why I thought that using a dunder variable for that was a good idea a few years ago15:41
sigmavirus24younger me was such an idiot15:41
tmcpeak:D15:43
tmcpeakI'll take any suggestions as long as they're prefaced with "pleased to be" :P15:43
tmcpeak*please15:43
Davieytmcpeak: +1 for all reports15:52
*** openstackgerrit_ has joined #openstack-security15:53
*** singleth_ has quit IRC16:01
tmcpeakcool16:02
*** ig0r_ has joined #openstack-security16:08
*** sdake has quit IRC16:16
openstackgerritTravis McPeak proposed openstack/bandit: Adding report timestamp  https://review.openstack.org/20854816:16
*** singlethink has joined #openstack-security16:17
*** alex_klimov has quit IRC16:20
sigmavirus24tmcpeak: added a comment/question16:20
tmcpeaksigmavirus24: great point16:20
tmcpeakmight as well just throw it in report16:20
* tmcpeak will update16:21
sigmavirus24or just "generated_at"16:21
sigmavirus24isntead of "results_generated_at"16:21
*** sdake has joined #openstack-security16:21
sigmavirus24redundancies.redundancy.redundancy_found_at16:21
*** browne has joined #openstack-security16:21
tmcpeaksigmavirus24: good call, much cleaner to add to the report16:29
tmcpeakDaviey: great point16:30
* sigmavirus24 responded to Daviey's point16:31
Davieysigmavirus24: Hmm, if a project is using their own bandit.yaml and developer A choose to add/change the default value of Timestamp format in the project bandit.yaml, it isn't our job to stop them.16:36
DavieyOh, two runs from two separate projects16:36
sigmavirus24Daviey: one CI system, two projects, two sets of developers16:36
DavieyWhy would you want to compare separate projects by time?16:36
sigmavirus24Who said anything about comparing them by time16:37
sigmavirus24One CI system that performs analysis on the output would need to then read the bandit.yaml16:37
sigmavirus24Or be totally dynamic in how it analyzes the output16:37
sigmavirus24Part of the reason for all of these different formats is so tools can be built around that16:37
Davieysigmavirus24: I'd expect openstack projects not to change the default.16:37
sigmavirus24Daviey: openstack isn't the only user of bandit16:38
Davieyexactly16:38
sigmavirus24It's not that this particular format is the best format ever, it's that not everything needs to be configurable16:38
DavieyAnd if Davie's-non-openstack-super-secret-project chooses to use GMT+1.. that should be a knob i can twiddle16:38
*** sdake has quit IRC16:43
* tmcpeak agrees - it should be configurable16:43
tmcpeakbut doesn't have to be16:43
tmcpeaksigmavirus24: some people won't like the format, some will want it more human readable16:44
tmcpeaketc16:44
Davieywell, i don't feel strongly enough to try and fight to the death over it.. but it does seem reasonable to allow format by user16:44
sigmavirus24This is a very common format, I don't see why relying on its popularity is a bad thing. When someone needs it to be configurable is when we can add it16:44
sigmavirus24We can only ever remove configuration options in big versions and that'll only be terrible16:45
sigmavirus24Let's merge this with a standard and see if anyone *needs* it to be configurable16:45
*** browne has quit IRC16:45
openstackgerritTravis McPeak proposed openstack/bandit: Adding report timestamp  https://review.openstack.org/20854816:45
sigmavirus24If we want something human readable for the txt output we can do that too but right now we're only adding this to JSON so, the human readable argument doesn't hold water for me16:45
*** sdake has joined #openstack-security16:47
tmcpeakin my mind there can be some uses for wanting a different format, and we are definitely not forcing anybody to configure it16:47
tmcpeakseems like win-win16:47
*** kutija has joined #openstack-security16:48
sigmavirus24tmcpeak: I can imagine usecases for lots of things in bandit (and other similar tools) it doesn't make them appropriate16:48
sigmavirus24And if you wanted, bandit could punt on all of this by generated_at being a datetime and letting formatters determine how to format the string16:48
tmcpeaksigmavirus24: that's also true16:49
*** ig0r_ has quit IRC16:49
tmcpeakhmm16:49
sigmavirus24I mean if we want to be flexible, let formatters figure it out16:50
tmcpeakactually I like that better16:50
sigmavirus24subunit may have an expected format, CSV may as well, same for XML16:50
tmcpeakyeah, this is true16:50
tmcpeakok I'm going to do that16:50
sigmavirus24XML's format may be <datetime><hour>12</hour><minute>23</minute>...</datetime>16:50
tmcpeakformatters don't get config, so there won't be any way to change it16:50
tmcpeakis that something we can live with?16:50
* sigmavirus24 is only being partially serious16:51
tmcpeakpartially serious or not I think that makes sense16:51
sigmavirus24tmcpeak: I think formats should generate consistent things personally so it doesn't bother me16:51
sigmavirus24*partially serious about xml formatting things like that16:51
tmcpeakallright well Daviey- since you initially suggested it, are you happy with this approach?16:51
tmcpeakformatters basically hardcode the output format?16:52
tmcpeakit makes sense to me16:52
sigmavirus24people can then write their own formatter with their own datetime format16:52
sigmavirus24so it's still configurable16:52
sigmavirus24it isn't yaml configurable, but then the format will always be deterministic16:52
tmcpeakwell writing their own formatter definitely raises the bar, but yeah, I see your point16:52
Davieytmcpeak: I think that makes more sense actually16:53
tmcpeakok cool16:53
* tmcpeak changes16:53
DavieyHaving, /some/ way of configuring it is what matters.. and it probably belongs less in yaml16:53
*** ig0r_ has joined #openstack-security16:54
*** ig0r_ has quit IRC16:55
elmikohey doc folks =)17:00
elmikoi know you're here Daviey, looks like on one else though...17:01
Davieyelmiko: Oh, yes - thanks for the poke.. I forgot the time.17:01
*** pdesai has joined #openstack-security17:02
elmikohi pdesai17:02
openstackgerritTravis McPeak proposed openstack/bandit: Adding report timestamp  https://review.openstack.org/20854817:03
pdesaiHi elmiko17:03
pdesaihi17:03
elmikook, well maybe just 3 of us17:04
elmikoany reports on the rst status?17:04
pdesaiaah17:04
*** ig0r_ has joined #openstack-security17:04
elmikoi see my bug got merged, do we have any others we should be pushing on?17:04
pdesaii read through identity, databases, and messaging17:04
openstackgerritTravis McPeak proposed openstack/bandit: Adding report timestamp  https://review.openstack.org/20854817:05
pdesaii had one, but havent checked its status17:05
DavieyOT for the meeting: tmcpeak, do you have a pastebin of the default output - ETOOLAZY to run it.17:05
pdesaii wanted to talk about, importing policy file in identity chapter17:05
elmikopdesai: yea, i see you marked some done. i need to do that with data processing17:05
tmcpeakDaviey: will get17:05
elmikopdesai: cool, what issue did you want to bring up about the policy file?17:06
*** pcaruana has joined #openstack-security17:06
pdesaii dont find a solution for importing json payload and marking it as the json source at the same time17:06
elmikodo you mean importing it to the doc?17:06
pdesaiyes,17:06
elmikohmm17:06
elmikoi wonder if we could get away with embedding the content in a ".. code: json" block?17:07
DavieyI can update about the RST theme, So we got the Contents on the left added.. but requires a release of 'openstackdocstheme'.. They are holding off cutting a release until this lands - https://review.openstack.org/#/c/208370/ .. Then RST appearance has everything we required.17:08
tmcpeakDaviey: relevant excerpt of JSON output: http://paste.openstack.org/show/406776/17:08
Davieytmcpeak: ta17:08
pdesaii checked admin guide in rst and they have pasted policy file content instead of linking it to a file17:08
elmikoDaviey: so, once we have a new openstackdocstheme release then we can incorporate that into our doc?17:08
elmikopdesai: yea, that's kinda what i was thinking17:09
pdesaiyeah17:09
Davieyelmiko: we'll get it automagically.. just by adding another commit.17:09
Davieyie, rebuild17:09
elmikoDaviey: awesome17:09
elmikopdesai: i'd say just embed the content directly in our rst file then17:09
pdesaifor now, we can live with copying content then, yup17:09
elmiko+117:09
pdesaithanks17:10
DavieyHow do we make sure it stays consistent ?17:10
elmikoconsistent between the docbook and rst version?17:11
DavieyOh sorry.. i thought this was about taking content from a project policy.json and putting it in RST17:11
pdesaiyup thats what it is :)17:11
DavieyYeah.. so, this feels like something that will suck trying to keep it consistent17:12
elmikoit is, but i think it's just our local policy information carried in the projet. not an external file, is that accurate pdesai ?17:12
pdesaiyeah its just an example of how policy file looks like, we are anyways not going to copy entire policy file17:12
DavieyIt isn't like it changes rarely, https://github.com/openstack/nova/commits/master/etc/nova/policy.json17:12
pdesaisome snippet17:12
pdesaiwill get into the guide17:12
DavieyOh17:13
DavieyOk, fair enough17:13
elmikoyea, it's just our sample17:13
pdesaiyup17:13
DavieyLGTM :)17:13
pdesaido we want to discuss, list of pressing bugs, from sicarie?17:13
elmikoso, i see that some of the bugs marked medium prio in the etherpad have reviews associated with them. i guess we should look through and make sure all the mediums are addressed17:14
elmikohehe, was just getting to that =)17:14
elmikoi think this is our next issue, clean up the medium prio bugs17:14
pdesai+1 to med bugs17:14
Davieyagreed17:15
elmikook, so i see a few that are still open. best thing would be for us each to grab one and just mark our name next to it17:15
elmikothen, when you have a review past the link there17:15
elmiko(standard stuff)17:15
pdesaisure, yup sounds good17:16
elmikoi'll go look at the ones sicarie posted and clean them up, if necessary17:16
elmikook, cool17:16
pdesaii am taking on identity from sicarie's list17:16
DavieyAre these issues considered blocking to RST switcher-over, or just stuff that needs to be done at some point?17:16
*** dwyde has joined #openstack-security17:16
elmikoi think sicaire wanted the medium ones cleaned up before we switched over17:16
elmikohe and i talked about making sure the bugs are clean while he is away17:17
Davieysicaire really is a stickler for detail, isn't he.17:17
elmikoi'm guessing we will wait to switch over completely until he returns17:17
pdesaiwhen will be sicarie back?17:17
elmikowell, the list of "very lows" is large hehe17:17
elmikohe'll be back in 2 weeks17:18
pdesai:)17:18
elmikobut i don't think the very lows are blockers17:18
pdesaino, i agree, very low can wait17:18
elmikook, so, main focus is cleanup the mediums. i think that's about it for this week.17:19
pdesaicool17:19
elmikoeither of you have topics to discuss?17:19
pdesainope17:19
Davieyjust a side note, i'm not quite sure how active i can be this week.17:19
elmikoDaviey: ack, thanks for the heads up17:20
elmikoi guess that's all for business this week. have a good one, and we'll stay in touch through the etherpad17:20
elmiko#link https://etherpad.openstack.org/p/sec-guide-rst17:20
elmiko;)17:20
pdesaiyup thanks guys17:20
Davieyelmiko: I'd rather stay in touch via gerrit reviews :)17:21
elmikoDaviey: that works too =)17:21
openstackgerritMichael McCune proposed openstack/security-doc: Adding file permissions section  https://review.openstack.org/20770717:23
*** ig0r_ has quit IRC17:25
*** salv-orlando has joined #openstack-security17:25
*** browne has joined #openstack-security17:30
*** ig0r_ has joined #openstack-security17:33
openstackgerritTravis McPeak proposed openstack/bandit: Adding report timestamp  https://review.openstack.org/20854817:39
tmcpeaksigmavirus24, browne, Daviey: ^ reviewsies?17:41
Davieytmcpeak: sorry, how do i customize the formatter?17:44
*** ig0r_ has quit IRC17:44
* Daviey goes afk, will be back later. o/17:46
brownetmcpeak: i'll take a look.  got a meeting coming up here, so may be in an hour or so17:48
tmcpeakok cool17:48
tmcpeakthank you17:48
*** rmarathu has quit IRC17:55
openstackgerritMichael McCune proposed openstack/security-doc: Trying to add numbers and orders to commands  https://review.openstack.org/20772117:58
*** salv-orl_ has joined #openstack-security17:59
*** salv-orlando has quit IRC18:01
openstackgerritMichael McCune proposed openstack/security-doc: Trying to add numbers and orders to commands  https://review.openstack.org/20772118:02
sigmavirus24tmcpeak: left a comment explaining why python3.4 is failing18:02
openstackgerritTravis McPeak proposed openstack/bandit: Adding report timestamp  https://review.openstack.org/20854818:02
*** elo1 has joined #openstack-security18:03
openstackgerritTravis McPeak proposed openstack/bandit: Adding report timestamp  https://review.openstack.org/20854818:03
tmcpeaksigmavirus24: yeah got it, thank you18:03
tmcpeaksigmavirus24: good catches (again)18:07
tmcpeakI should probably re-up on coffee before I push more code18:07
sigmavirus24no worries18:07
*** openstackgerrit_ has quit IRC18:07
sigmavirus24coffee is always a must18:07
* sigmavirus24 needs to figure out a way to have it such that a pot is always ready and fresh18:07
sigmavirus24like a way to automate making pots of coffee18:08
sigmavirus24probably need a weight sensor to detect when the pot's empty18:08
sigmavirus24a hose to hook up to the water pipes so no one needs to refill anything18:08
sigmavirus24something to dump/refill coffee grounds/filter18:08
tmcpeakhow about a caffeine pouch IV18:10
openstackgerritTravis McPeak proposed openstack/bandit: Adding report timestamp  https://review.openstack.org/20854818:10
elmikosigmavirus24: move in to a starbucks?18:11
tmcpeaknice stupid simple change now :) ^18:11
tmcpeakI'm glad I have nitty reviewers, that's how the crap code stays out18:11
sigmavirus24tmcpeak: sigmavirus24's razor =P18:11
tmcpeakhaha18:11
sigmavirus24each review removes a layer of skin and code18:11
tmcpeakI like it!18:12
sigmavirus24elmiko: the closest starbucks to me is 25minutes away18:12
sigmavirus24Also, they always have shit WiFi18:12
tmcpeakhence you should move :#18:13
elmikowow, you must be in the boonies!18:13
tmcpeakhaha18:13
sigmavirus24I am18:13
sigmavirus24Someone in the python users' group I run was removed from a Starbucks around here for using the bathroom too much18:13
sigmavirus24He had bought like 5 coffees over the course of 4 hours and used the bathroom a few times18:13
sigmavirus24So they called the cops and accused him of selling drugs18:13
tmcpeaklol18:13
elmikowtf...18:14
sigmavirus24Yeah18:14
sigmavirus24I mean, I'm trusting that he isn't just bullshitting me18:14
sigmavirus24But I find it kind of believable18:14
sigmavirus24These midwesterners don't like "coasties" much18:14
tmcpeak"nah man, you've got me all wrong.  I'm not selling drugs, I'm selling dreams!"18:14
sigmavirus24He and I are both "coasties" (West and East respectively)18:15
tmcpeakor something18:15
sigmavirus24tmcpeak: dreams that one day all software will be more secure18:15
sigmavirus24or something18:15
tmcpeak:P18:15
sigmavirus24"one day, giant hacks like what happened to the government won't happen" "So you're saying you hacked the government?!"18:15
tmcpeaka typical interpretation18:15
sigmavirus24Yep18:15
sigmavirus24This is why you don't talk to cops18:16
sigmavirus24Or I don't18:16
tmcpeakor sleep :)18:16
elmikoyea, one day those hacks won't happen.... an entirely new set of hacks will be happening ;)18:16
tmcpeakbtw goal is Bandit 0.13 by Weds, did I mention that?18:17
tmcpeakI'm planning to cruise through LP and fix the things18:17
tmcpeakI need this timestamp for some HP goodies I'm playing with ;)18:17
sigmavirus24mhm18:21
elmikopdesai: are you working on the identity page policy.json that didn't get fully migrated? (line 348 in the etherpad)18:25
openstackgerritMichael McCune proposed openstack/security-doc: Updating missing link in object storage section  https://review.openstack.org/20770618:28
pdesaielmiko: yup18:32
elmikopdesai: ack, thanks for marking it =)18:33
elmikoi think i've cleaned up the other reviews18:34
pdesaithanks18:34
tmcpeaksigmavirus24, browne, Daviey: for this https://bugs.launchpad.net/bandit/+bug/1480014  I'm thinking about an approach of filtering results before they get passed to reports18:38
openstackLaunchpad bug 1480014 in Bandit "bandit does not respect -level for exit code" [Medium,Confirmed] - Assigned to Travis McPeak (travis-mcpeak)18:38
tmcpeakobviously this means that reports won't get all the issues18:38
tmcpeakbut really I think that's what we want18:38
tmcpeakagrees?18:38
tmcpeakwhatever is set as a filter should be filtered at the highest level possible18:39
sigmavirus24tmcpeak: that makes sense to me18:39
tmcpeakgreat18:39
tmcpeaksigmavirus24: hmm, I think this conversation might have been had before18:43
tmcpeakwe do want to make all results available to formattesr18:44
tmcpeakdon't remember why...18:44
sigmavirus24lol18:44
sigmavirus24Not a problem with me18:44
tmcpeakok,, I'18:44
tmcpeakI'm just going to refilter for sttatus code18:44
sigmavirus24perhaps we should keep track of filtered results and only exit non-zero if total results > filtered results?18:44
*** shakamunyi has joined #openstack-security18:46
tmcpeakI was thinking of giving the result store a method to determine how many non-filtered results there are18:46
tmcpeakso pass it optional severity and confidence filter and return appropriate exit code based on that18:46
tmcpeakhmm browne18:47
sigmavirus24tmcpeak: I'm concerned about large result sets18:47
tmcpeaksigmavirus24: how so?18:47
sigmavirus24refiltering a second time could take a while and it'll slow down the tool18:47
tmcpeakyeah, true18:48
tmcpeakperformance-wise it sucks18:48
sigmavirus24although18:48
tmcpeakcould obviously exit on first finding18:48
tmcpeakbut still18:48
sigmavirus24it shouldn't be too terrible unless there are probably >10000 results18:48
sigmavirus24or 10000018:48
sigmavirus24the bulk of bandit's time right now is in the ast checking18:49
sigmavirus24(probably)18:49
* sigmavirus24 still wants to profile bandit18:49
sigmavirus24so it's probably not a bad start18:49
tmcpeakI think it is the easiest approach18:49
sigmavirus24yeah18:50
sigmavirus24my concerns lately have been computation complexity and relative performance of features in other places so I'm sorry they're bleeding over her18:52
tmcpeakno worries, always good to have somebody paying attention18:52
*** zul has quit IRC19:11
*** kutija_ has joined #openstack-security19:14
*** kutija has quit IRC19:16
*** singlethink has quit IRC19:19
*** sdake has quit IRC19:28
*** singlethink has joined #openstack-security19:35
*** jhfeng has joined #openstack-security19:56
openstackgerritTravis McPeak proposed openstack/bandit: Fixes exit code for filtered results  https://review.openstack.org/20862919:59
*** sdake has joined #openstack-security20:01
*** singleth_ has joined #openstack-security20:02
*** singlethink has quit IRC20:05
tmcpeakbrowne around?20:08
brownetmcpeak: hi20:10
*** sdake_ has joined #openstack-security20:10
tmcpeakbrowne: hey, so this bug: https://bugs.launchpad.net/bandit/+bug/147921620:10
openstackLaunchpad bug 1479216 in Bandit "InvocationError with no reason" [Undecided,New]20:10
tmcpeakI think is the exit code not working based on severity20:10
browneok, that makes sense i think20:10
tmcpeakcool20:10
tmcpeakI have a fix in for that20:10
tmcpeakready for review20:11
browneok, let me take a look20:11
*** pdesai has quit IRC20:11
tmcpeakbrowne: also your confidence filter work (when it's done) should use this function I've added20:11
browneok20:12
browneso is 1480014 a dup of 1479216?20:12
tmcpeakI think 1479216 is a side-effect of 148001420:13
*** sdake has quit IRC20:13
openstackgerritTravis McPeak proposed openstack/bandit: Rewording subprocess without shell finding  https://review.openstack.org/20863720:18
tmcpeakbrowne: blank line on 118 I did on purpose, helps readability IMO20:20
tmcpeakI'll nuke it if you hate it though20:20
Davieytmcpeak: Is it really "dangerous system calls" that are the primary concern?20:24
tmcpeakI think so, what other issue would there be with an escaped subprocess call?20:25
tmcpeakDaviey: ^20:25
openstackgerritTravis McPeak proposed openstack/bandit: Fixes exit code for filtered results  https://review.openstack.org/20862920:26
tmcpeakbrowne: fixed20:26
Davieytmcpeak: Obviously not command injection, but unfiltered execution of user input?20:26
*** pdesai has joined #openstack-security20:28
tmcpeakDaviey: sure, yeah, good point20:29
openstackgerritTravis McPeak proposed openstack/bandit: Rewording subprocess without shell finding  https://review.openstack.org/20863720:30
tmcpeakDaviey: done20:30
tmcpeaksigmavirus24, browne mergies on this one? https://review.openstack.org/20854820:31
brownesure, i'll merge20:31
browneunless there are any last minute objections20:31
tmcpeakI think everybody is universally in love with that change at this point :D20:32
browne:)20:32
browne+W20:32
tmcpeakso I think with these last two changes we should be good to go on 1320:32
DavieyIf i could marry a changeset, that wouldn't be it.. but it would be lover on the side.20:32
tmcpeakunless somebody is dying to get something else in20:33
tmcpeakDaviey: this means a lot20:33
Davieytmcpeak: hmm, i really, really want to get my config change in..20:33
openstackgerritMerged openstack/bandit: Adding report timestamp  https://review.openstack.org/20854820:33
tmcpeakDaviey: config change?20:34
tmcpeakoh, you mean moving everything out of banditl.yaml into sub configs?20:34
Davieyhttps://review.openstack.org/#/c/203451/20:34
Davieytmcpeak: no, not that20:34
tmcpeakoh yeah20:34
tmcpeakI thought this merged already :D20:34
DavieyYeah, i'd have liked to have.. but I was being lazy with my mocking and got called out on it.20:35
tmcpeakhaha ok20:35
brownesince so far i think everyone supplies their own bandit.yaml, it might not be urgent for 1320:35
DavieyAlthough, it isn't dire how it is.. Maybe I could suggest merging as is, and improving the mocking post release?20:36
tmcpeakI agree with that statement20:36
*** ig0r_ has joined #openstack-security20:36
Davieybrowne: Well, it is a problem for Debian20:36
browneDaviey: what's the issue on Debian?20:36
Davieybrowne: Unless you have a suggestion how i can work around it?20:36
tmcpeakhmmm, I'd like to get the Debian stuff squared away20:37
Davieybrowne: The Doc's we have say that we default to looking in /etc/bandit.yaml.. but in NO cirtucstamces do we ever look there.20:37
DavieyAnd on a site wide install, we use site-packages/bandit/bandit.yaml or whatever.20:37
Davieythe library directory20:37
DavieyThis isn't suitable for a distro really...20:37
browneok, so if they didn't supply their own bandit.yaml, it wouldn't load one at all on Debian, correct?20:38
DavieyYeah, errors out with no config found20:38
Daviey(as i don't install the one into the python library path)20:39
Davieybrowne: but --help says we look in /etc/.. so really confusing20:39
tmcpeakbknudson: you around?20:39
browneok, understood, would be a nice fix.  we need to decide how to handle the -120:39
bknudsontmcpeak: where else would I be?20:39
tmcpeakhaha20:40
sigmavirus24Daviey: are you part of the Debian OpenStack team or DPMT?20:40
tmcpeakso we're debating the comments on this: https://review.openstack.org/#/c/203451/4/tests/test_config.py20:40
Davieysigmavirus24: I am part of debian openstack team.. but i try not to be too involved.  Some hard to work with personalities there.20:40
tmcpeakin your opinion how important is the mocking changes, as in do you think it's worthwhile to hold this change up until we get the right mocking in place20:40
Davieysigmavirus24: I was going to go straight to Ubuntu, but i felt like being a good netizen20:41
sigmavirus24Daviey: I was going to ask how you snuck an openstack project into DPMT20:41
bknudsontmcpeak: the tests can always be fixed.20:41
bknudsontmcpeak: I could propose the changes.20:41
tmcpeakbknudson: ok great, specifically I'd like to propose getting 0.13.0 in like this and those improvements in next release20:41
Davieysigmavirus24: Well, i managed to sneak this past zigo. :)20:42
tmcpeakeverybody happy with that?20:42
sigmavirus24Daviey: also 90% sure zigo is going to be angry at openstack/searchlight20:42
bknudsonworks for me.20:42
Davieysigmavirus24: Good.20:42
tmcpeakcool, Daviey? you good with that?20:42
sigmavirus24Daviey: searchlight has a hard dependency on Elasticsearch which I somehow doubt Debian actually packages20:42
Davieybknudson: If i do the style things you picked up on.. Are you OK with the appdirs mocking coming later?20:43
bknudsonDaviey: sure20:43
tmcpeakok awesome, thanks bknudson and Daviey20:43
tmcpeak+A here please: https://review.openstack.org/#/c/207080/20:46
*** elo1 has quit IRC20:48
openstackgerritMerged openstack/bandit: Adding a more informative help message for "-l"  https://review.openstack.org/20708020:50
*** ig0r__ has joined #openstack-security20:50
*** dwyde has quit IRC20:50
openstackgerritMerged openstack/bandit: Bug fix for SQL tests  https://review.openstack.org/20751320:50
*** ig0r_ has quit IRC20:50
*** elo has joined #openstack-security20:56
elmikohey all, we've run into an issue with the comments on an rsa public key. i'm not seeing anything about comments in rfc3447, is this addressed somewhere?21:00
sigmavirus24elmiko: alternatively this could be discussed in #cryptography-dev because I bet there are people in there who know that RFC really well21:03
elmikoooh nice21:03
elmikothanks!21:03
*** singlethink has joined #openstack-security21:04
tmcpeakbrowne: reapprove here por favor? https://review.openstack.org/#/c/208629/21:06
tmcpeakalso browne, sigmavirus24: this one too please21:07
*** singleth_ has quit IRC21:08
*** dwyde has joined #openstack-security21:10
*** singleth_ has joined #openstack-security21:14
*** singlethink has quit IRC21:16
*** ig0r__ has quit IRC21:21
*** jhfeng has quit IRC21:28
openstackgerritDave Walker proposed openstack/bandit: Actually default to /etc/ rather than just claim  https://review.openstack.org/20345121:28
*** jhfeng has joined #openstack-security21:29
Davieybknudson: ^^21:29
Davieyelmiko: What comments issue are you looking at?21:29
elmikoDaviey: https://github.com/pyca/cryptography/issues/219921:33
Davieyelmiko: interesting, seen this in flight change - https://review.openstack.org/#/c/208661/ ?21:34
Davieyonly 5 mins old. :)21:34
elmikointeresting, i think that came out of a discussion that a fellow sahara dev started in -nova21:34
Davieyah21:36
Davieyelmiko: In a previous project, used conch.ssh.keys to do validation.  Maybe logic there is useful?21:37
*** singleth_ has quit IRC21:37
elmikoDaviey: not sure, maybe for the nova folks. we just generated the key with ssh-keygen, it just so happened that we were using `-C "Generated by Sahara"`21:40
elmikowho knew...21:40
Davieyah, i see21:41
Daviey"This SSH Key is Proudly brought to you by the folks at Sahara."21:42
brownethe blame is on me for introducing cryptography to Nova crypto and breaking Sahara21:43
elmikohaha21:47
elmikoi did file a bug against cryptography on reaperhulk's suggestion though21:47
browneelmiko: cool, it'll probably get fixed quickly21:47
elmikolooks like it already did lol21:48
elmikohttps://github.com/pyca/cryptography/pull/220021:48
brownedamn, those guys are quick21:48
elmikototally!21:48
tmcpeakDaviey: I think this is fairly tough to test the way things are currently set up21:51
*** pdesai has quit IRC21:51
openstackgerritDave Walker proposed openstack/bandit: Actually default to /etc/ rather than just claim  https://review.openstack.org/20345122:04
Davieybknudson: Fancy one last look pls? ^^22:05
Davieyelmiko / browne: Honestly, the responsiveness of that issue really does add weight to using crytpo'.io for the primitives in Anchor aswell IMO.22:06
Davieytmcpeak: Ok, fair enough22:07
tmcpeakDaviey: cool22:08
Davieybknudson: So should i use "def __str__(self):" and simply return my mangled string?22:11
bknudsonDaviey: no, call super's __init__ with the string ... that's what it was doing before.22:12
Davieyah22:12
tmcpeakDaviey: is this a typo? /Users/$PUSER}/Library/Application Support/bandit/bandit.yaml22:13
bknudsonI don't think you want to use __str__ due to unicode issues.22:13
browneDaviey: agree22:13
Davieytmcpeak: yeah22:13
*** pdesai has joined #openstack-security22:13
tmcpeakcoolio22:13
Davieytmcpeak: My fingers are too phat.22:14
tmcpeakthere is no too phat22:15
brownephat = pretty hot and tempting22:15
brownei don't think of fingers that way. :)22:15
tmcpeakinappropriate response successfully filtered22:16
tmcpeaksigmavirus24: +A here?22:17
tmcpeakhttps://review.openstack.org/20862922:17
tmcpeaksigmavirus24: thanks, I also tested it22:20
tmcpeakDaviey: I'm failing py27 unit tests on that22:21
openstackgerritMerged openstack/bandit: Fixes exit code for filtered results  https://review.openstack.org/20862922:21
sigmavirus24tmcpeak: I'm sure you did22:21
sigmavirus24I always like 2 or 3 factor verification tmcpeak22:21
Davieytmcpeak: huh?22:22
tmcpeakon mac22:23
tmcpeakhang on22:23
tmcpeakpasties22:23
tmcpeakhttp://paste.openstack.org/show/406799/22:23
Davieyoh fml22:23
tmcpeakseems I'm only getting 3 configs22:23
Davieytmcpeak: can you print me the 3 configs?22:24
Davieytmcpeak: I was really just checking it wasn't an empty set, and 4 seemed to the minimum.. but i guess on mac it is 3... i cn bump it down to that22:24
tmcpeakDaviey: sure, let me print the configs22:25
Davieyta22:25
Davieywow, i've had to rebase twice this evening... fast moving project! :)22:26
tmcpeakgaggga22:27
tmcpeakhow the f do I extract information from tox22:27
tmcpeakI can't print a list, I can't pdb22:27
tmcpeakwhat in the blue f do I need to do to debug? ;)22:27
tmcpeakI hate tox :'(22:27
tmcpeakwith a capital H22:27
openstackgerritDave Walker proposed openstack/bandit: Actually default to /etc/ rather than just claim  https://review.openstack.org/20345122:28
*** dwyde has quit IRC22:29
bknudsontmcpeak: keystone has a tox -e debug that makes debug easier.22:31
Davieytmcpeak: Actually.. don't worry22:32
tmcpeakbknudson: ahh22:32
Davieytmcpeak: elmiko ran a standalone snippet the other day for me on mac.. https://gist.github.com/Daviey/6edf198a996ba55a016722:32
tmcpeakbknudson: you know if that allows pdb?22:32
tmcpeakI'm lost without pdb22:33
bknudsontmcpeak: yes, that's what it's for22:33
Davieytox should really do more to help... --verbose should work out of the box imo22:34
tmcpeakDaviey: another paste coming22:35
tmcpeakhttp://paste.openstack.org/show/406802/22:35
tmcpeakDaviey: ^22:35
tmcpeakDaviey: this apparently needs to be added22:37
tmcpeakMacBook-Pro:bandit travismcpeak$ bandit -r ~/Documents/projects/OpenStack_projects/keystone22:37
tmcpeak[bandit]INFOusing config: /usr/local/lib/python2.7/site-packages/bandit/config/bandit.yaml22:37
Davieytmcpeak: Hmm, no - i think that is desired behaviour22:37
tmcpeakit most certainly isn't.. I installed Bandit and I have no config22:37
tmcpeakwhen I pip install it it goes to the /usr/local directory22:37
Davieytmcpeak: sudo pip install ?22:37
tmcpeakDaviey: I don't sudo pip install it normally, but yeah, same path22:39
tmcpeakI believe it's a homebrew thing22:39
Davieyugh22:39
Davieytmcpeak: if you pip uninstall bandit | grep bandit.yaml ?22:40
tmcpeaksec22:40
tmcpeakas expected: /usr/local/lib/python2.7/site-packages/bandit/config/bandit.yaml22:41
tmcpeakDaviey: so with brew it uses /usr/local instead of the mac directories22:41
tmcpeakI'm basically using the brew version of Python rather than the Mac version22:42
Davieytmcpeak: Well.. it isn't supposed to do that..22:42
Davieytmcpeak: It is supposed to treat that file differently... https://review.openstack.org/#/c/203451/7/setup.cfg22:42
Davieytmcpeak: site-packages is the bandit library path which is bad karma for configs..22:43
DavieyI'm quite naive with how Mac's handle config files22:43
tmcpeakDaviey: yeah, honestly I'm puzzled too22:45
Davieytmcpeak: if you run this gist, what do you get? https://gist.github.com/Daviey/6edf198a996ba55a016722:46
DavieyAny other mac people around?22:47
tmcpeaklemme see22:48
DavieyOh actually22:48
DavieyYour logging earler gives me that22:48
tmcpeak['./bandit.yaml', '/Users/travismcpeak/Library/Application Support/bandit/bandit.yaml', '/Library/Application Support/bandit/bandit.yaml']22:48
tmcpeakyeah, this is correct for what it's supposed to be by the appdir logic22:49
tmcpeakthe problem is that my setup isn't installing things there22:49
DavieyI'm doing the right thing according to pbr doc's.. http://docs.openstack.org/developer/pbr/22:50
DavieyI might have to see if lifeless has an idea.22:50
tmcpeakDaviey: yeah, an expert would be great on this. I'm not sure why my stuff is going to a different directory.  I suspect homebrew but I'm not sure22:51
*** shakamunyi has quit IRC22:51
Davieytmcpeak: I've sent him a PM, but he is /away.  It is nearly 9:00am for him, so hopefully he'll be around soon.22:55
*** bknudson has quit IRC22:56
tmcpeakDaviey: ok cool22:58
tmcpeakI'm curious :)22:58
DavieyOh bugger it, i'll dig into pbr code.22:59
DavieyWhy is it everytime i need to do something with pbr, i end up debugging it22:59
*** salv-orlando has joined #openstack-security22:59
tmcpeaklol23:00
Davieytmcpeak: Depending how interested you are... Do you want to try and validate that pbr's own unit tests pass on your platform?23:01
Daviey(i won't blame you if you say no)23:01
tmcpeaksure23:01
tmcpeakDaviey: you mean cover?23:02
*** salv-orl_ has quit IRC23:02
tmcpeakthis one: https://github.com/openstack-dev/pbr/blob/master/tox.ini#L2523:03
Davieyhmm23:04
tmcpeakDaviey: cover passes, py27 fails with some gbdm thing that has nothing to do with pbr23:04
Davieythat is surely just test coverage report23:04
tmcpeaksome strangeness on my system23:04
tmcpeak(most likely unrelated strangeness)23:04
tmcpeakas in I've seen it before23:04
tmcpeakwith things that don't care about my Python directory23:04
Davieytmcpeak: are you using a virtualenv?23:04
tmcpeaktox does that23:05
Davieytmcpeak: but when you use bandit it is outside venv, right?23:06
tmcpeakoh lol, I made a venv and unit tests worked23:06
tmcpeakerr py27 worked23:06
tmcpeakDaviey: yeah, I run Bandit outside venv23:07
Davieytmcpeak: and it works inside a venv?23:07
Davieytmcpeak: So, you are using non venv pbr to create the package of bandit for pip.... How old is your pbr?23:08
tmcpeak1.123:08
DavieyAh23:10
tmcpeakDaviey: ok so for me /usr/local/bin/python points to /usr/local/Cellar which is a homebrew directory23:12
tmcpeakI've symlinked python to the homebrew version23:13
DavieyI was just looking at pbr changelog, hoping that data_file support was added after 1.1... seems not23:13
Davieyoh interesting23:14
sigmavirus24Daviey: "data_files" you mean?23:14
Davieyyeah23:14
tmcpeakso this seems like an issue with appdirs and Homebrew to me23:14
sigmavirus24Daviey: pbr has supported data_files for a while afaik23:14
*** voodookid has quit IRC23:14
DavieyHmm23:14
Davieysigmavirus24: Yeah, 201323:14
Davieysigmavirus24: https://review.openstack.org/#/c/35730/1223:14
Davieytmcpeak: I don't think appdirs is related to this...23:15
Davieytmcpeak: The issue is that data_files isn't being respected for some reason23:15
sigmavirus24uh23:15
sigmavirus24tmcpeak: did you install a wheel?23:15
sigmavirus24If so data_files has different behaviour when pip installing from a wheel than when doing python setup.py install iirc23:15
sigmavirus24The wheel should put the config file in something like /usr/local/etc/bandit.yaml or something23:16
sigmavirus24setup.py maybe puts it in /etc/bandit.yaml23:16
sigmavirus24or somewhere else that's slightly better23:16
sigmavirus24I would also bet that appdirs doesn't think /usr/local/ is where it should be looking for things23:16
Davieysigmavirus24: Well both of those locations would be respected23:17
sigmavirus24(on OSX)23:17
Davieysigmavirus24: As in, my branch would DTRT if it installed there23:17
sigmavirus24Yeah23:17
sigmavirus24I'm about to head out anyway, I just noticed this and thought I'd give some half-remembered tidbits23:17
Davieysigmavirus24: The issue is that, without data_files support (prior to my branch) the config file is installed into the python site-packages along with the rest of the module.23:17
sigmavirus24I'm sure lifeless would be more helpful since he's awake23:17
DavieyAnd that is what we are seeing now23:17
tmcpeaksigmavirus24: I just 'pip install .' from the source dir23:17
sigmavirus24Daviey: I understand that23:17
sigmavirus24tmcpeak: globally?23:18
sigmavirus24with what version of pip?23:18
*** pdesai has quit IRC23:18
Davieylifeless responded... he seems to think it is wheels related i think23:18
tmcpeaksigmavirus24: pip 6.0.6 from /usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-6.0.6-py2.7.egg (python 2.7)23:18
sigmavirus24Daviey: my point exactly23:18
sigmavirus24tmcpeak: hm I think that's too old to do wheel building and then caching of the built wheel23:19
Davieysigmavirus24: hmm, "[Wheel] Support is offered in pip >= 1.4 and setuptools >= 0.8."23:19
sigmavirus24Daviey: that's not the relevant bit23:20
sigmavirus24pip 6.1.0 (or 7.1.0 i honestly forget which) builds a wheel and sticks that into your user-level cache23:20
DavieyOh, i see23:20
sigmavirus24when a wheel is installed there is different behaviour around data_files than when you install a tarball23:21
DavieyDoes anyone else here have a mac that can help validate if this is a tmcpeak oddity or general issue?23:21
Davieysigmavirus24: So tmcpeak should try updating his pip version, and try again?23:21
tmcpeakgmurphy does23:22
sigmavirus24Daviey: maybe, maybe not23:22
sigmavirus24Daviey: I don't know if that'll help to be honest23:23
tmcpeaktrying23:23
sigmavirus24I can check it out later. I have to run now23:23
* sigmavirus24 is on a mac23:23
tmcpeakcool23:23
*** sigmavirus24 is now known as sigmavirus24_awa23:24
Davieysigmavirus24_awa: thanks23:24
tmcpeaksame thing23:24
tmcpeak[bandit]ERRORno config found - tried: ./bandit.yaml, /Users/travismcpeak/Library/Application Support/bandit/bandit.yaml, /Library/Application Support/bandit/bandit.yaml23:24
tmcpeakso I'm telling you, my Bandit doesn't install to /Library/*23:24
tmcpeakit installs to /usr/local/*23:24
tmcpeakappdir needs to know about that23:25
Davieytmcpeak: well somewhere in the stack that is a bug.  I'd like to work out what is causing it.. if it is something to do with old versions of something, then I think we have little choice but to add that path to the search locations..23:26
tmcpeakyeah, that's ugly though, what if somebody is using python 3.x etc23:31
tmcpeakbut yeah, I agree23:31
tmcpeakmakes sense to figure this out23:31
Davieytmcpeak: Cellar is this, https://github.com/Psycojoker/cellar ?23:36
Davieysaltstack related?23:36
tmcpeak:')  — http://brew.sh/23:36
Davieyoh23:37
Davieyi'm pretty close to just adding the library path23:38
tmcpeakDaviey: yeah gmurphy got the same as me23:39
tmcpeakwith homebrew23:39
tmcpeakso it's not a weird tmcpeak env thing, it's a homebrew thing23:39
DavieyAh dammit23:39
tmcpeakI'm fairly sure this is a failure in appdir to take brew into account23:40
tmcpeakDaviey: I'm out for the day, we'll pick this back up tomorrow?23:42
Davieytmcpeak: Hmm.. the prior behaviour was to install the bandit.yaml along with the rest of bandit files.. which is the library path..  My branch changed it to use config locations23:42
Davieyappdirs is responding with the env config locations23:43
Davieyso i think it is brew sucking23:43
tmcpeakhaha23:43
Davieytmcpeak: sure.. I should probably go home.23:43
tmcpeakyou're a wildman Daviey ;)23:43
tmcpeakcool, catch you tomorrow23:43
DavieyYeeee-Haaaa!23:43
tmcpeakthanks for all the work on this23:43
Davieytmcpeak: Thanks for ruining my night23:43
Daviey:)23:43
tmcpeakit's what I do23:44
Davieytmcpeak: for your scrollback when you get back, https://bugs.launchpad.net/pbr/+bug/1481115  - feel free to add anything23:53
openstackLaunchpad bug 1481115 in PBR "data_files support seems non-functional with mac/homebrew" [Undecided,New]23:53
Davieysigmavirus24_awa: ^^23:54
« Sunday, 2015-08-02 Index Tuesday, 2015-08-04 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!