/srv/irclogs.ubuntu.com/2015/06/11/#snappy.txt

rsalvetitime to publish the new image :-)00:02
rsalvetiand finalize the release00:02
elopiorsalveti: I'll be here for another hour. Let me know when it's done, to try an update from stable -1.00:04
rsalvetielopio: great00:04
sergiusens\o/00:19
rsalvetigeneric_amd64 should have image 3 already00:20
rsalvetisergiusens: elopio: image 3 should be available for both archs now00:23
rsalvetiman, I hate this issue when using --install webdm00:25
rsalvetineed to open a bug for that00:26
elopiorsalveti: this one also references beta: https://developer.ubuntu.com/en/snappy/tutorials/build-snaps/00:26
elopioI'll update it, but it would be nice to somehow reference the ppa only from one page.00:26
rsalvetielopio: I already updated it00:27
rsalvetihit f500:27
elopiorsalveti: great.00:27
sergiusensrsalveti: weird, it should happen always (since oem snaps are also installed).00:28
rsalvetican only reproduce when using --install00:29
sergiusensrsalveti: right, --install just appends to the slice (as does --oem)00:29
sergiusensrsalveti: in any case, I think I may know what it is, and can solve it by serializing a bit instead of so much parallelism00:30
rsalvetiright00:30
elopiorsalveti: kvm happily updated, rolled back and updated again.00:32
elopiobeagle in progress...00:32
rsalvetiawesome, mine is still downloading00:33
* rsalveti kicks launchpad00:38
rsalvetigiving a lot of errors when copying packages around00:38
rsalvetisigh00:38
sergiusensrsalveti: use the python lp libs00:39
rsalvetisergiusens: that works, but then the interface says it failed00:39
rsalvetilike https://launchpad.net/~snappy-dev/+archive/ubuntu/beta/+packages00:39
rsalvetiLaunchpad encountered an internal error while copying this package. It was logged with id OOPS-c5d363b745138ca15db2f2fff68342c9. Sorry for the inconvenience.00:40
rsalvetifailed for 2 packages00:40
rsalvetigoget-ubuntu-touch and ubuntu-snappy, both for vivid00:40
sergiusensbummer00:40
rsalvetifor other series it all worked fine00:40
rsalvetiwell, at least we're killing this PPA00:41
rsalvetiso that's fine00:41
* rsalveti now kicks ubuntu-device-flash00:42
rsalvetitried 5 times, failed every single time00:42
rsalvetiwith --install00:42
rsalvetihahah00:42
rsalvetiand now store gave up on me00:46
rsalveti10k/s00:47
sergiusensrsalveti: did you copy package already?00:53
rsalvetisergiusens: yup00:54
rsalvetisergiusens: tools and tools-proposed are all in sync with latest00:54
rsalvetiand beta as well00:54
rsalvetisergiusens: are we missing anything?00:54
rsalveticrap, I can't using --install!00:54
sergiusensrsalveti: nope, but I'm going to update and build some images00:54
rsalveti*use00:54
sergiusensrsalveti: what if you --install hello-world instead of webdm?00:55
rsalvetisergiusens: any quick hack or workaround I can use?00:55
rsalvetilet me try00:55
rsalvetitrying: sudo ubuntu-device-flash core 15.04 --channel stable --oem beagleblack --install=hello-world --enable-ssh --output ubuntu-15.04-snappy-armhf-bbb.img00:56
rsalvetisergiusens: same issue00:56
rsalvetihttp://paste.ubuntu.com/11693333/00:56
rsalvetilet me open a bug00:56
sergiusensrsalveti: only with --install?00:57
rsalvetisergiusens: yup00:57
sergiusensrsalveti: if you don't it all works?00:57
rsalvetisergiusens: yup00:57
rsalvetino issue00:57
sergiusensrsalveti: the problem with that statement is that even if there isn't an --install, there is always at least one install called (and this is serialized)00:58
rsalvetisergiusens: https://bugs.launchpad.net/ubuntu/+source/goget-ubuntu-touch/+bug/146405400:59
ubottuUbuntu bug 1464054 in goget-ubuntu-touch (Ubuntu) "Fails to create a snappy image when using --install" [Undecided,New]00:59
rsalvetilet me try to create the image on another computer I have around01:00
rsalvetielopio: sergiusens: https://launchpad.net/snappy/+milestone/15.04.101:04
rsalvetitrying to update the pre-built images now, then upload and release to snappy-devel01:04
sergiusensrsalveti: oh wow, you can upload files directly to lp!01:06
rsalvetiyup, when making releases01:06
sergiusensrsalveti: I run in a loop and I get this over and over http://paste.ubuntu.com/11693360/01:06
sergiusensrsalveti: it might be a race and easy for you to trigger as your machine is faster... not sure01:07
rsalvetiinteresting01:07
rsalvetimaybe, also using vivid01:07
elopiorsalveti: nice.01:07
sergiusensrsalveti: in my xp, when talking go it usually doesn't matter; what is elopio using?01:07
rsalvetisergiusens: right, but I don't think go is the issue here01:08
elopiosergiusens: as in what distro? vivid.01:08
rsalvetimaybe the external environment is helping causing the race01:08
rsalvetioh, and he got the same machine01:08
sergiusenselopio: rsalveti and you guys have the same computer01:08
sergiusensrsalveti: yeah ;-)01:08
rsalvetielopio: mind trying to reproduce 1464054 ?01:08
rsalvetibug 146405401:08
ubottubug 1464054 in goget-ubuntu-touch (Ubuntu) "Fails to create a snappy image when using --install" [Undecided,Incomplete] https://launchpad.net/bugs/146405401:08
elopioon it...01:09
sergiusensrsalveti: can you remove the channel part from First stable release for the 15.04 channel. ?01:12
sergiusensMaking it "First stable release for 15.04"? since channels in the future represent something else01:12
rsalvetisure01:12
sergiusensoh, I think I can change that too :-P01:13
rsalvetisergiusens: yup01:13
rsalvetialready did01:13
sergiusensrsalveti: I can reproduce slowing down the download ;-)01:14
rsalvetisergiusens: hahaha01:15
elopiosergiusens: rsalveti: http://paste.ubuntu.com/11693402/01:15
rsalvetihttps://bugs.launchpad.net/ubuntu/+source/goget-ubuntu-touch/+bug/1464054/comments/301:15
ubottuUbuntu bug 1464054 in goget-ubuntu-touch (Ubuntu) "Fails to create a snappy image when using --install" [Undecided,Incomplete]01:15
rsalvetifor what you asked01:15
elopiothis is from my desktop.01:15
sergiusenswell not exactly reproduce, but something similar01:15
rsalvetiyeah, same issue01:15
rsalvetiat least it's consistent01:15
elopiohum, my beagle could update and rollback. But after the second update, I am now in emergency mode.01:16
sergiusensrsalveti: oh, it is the same issue01:16
elopiothis happened to me last week too. Not sure how.01:16
sergiusenselopio: not good01:16
rsalvetiyeah01:16
rsalvetiwe could really use some automated tests for beagle01:16
rsalvetito stress it01:17
sergiusensrsalveti: I slow down the download by installing a bigger package, there some semaphore missing somewhere01:17
rsalveticool01:17
sergiusensrsalveti: did you also forget to push the tag for lp:goget-ubuntu-touch?01:18
rsalvetisergiusens: did I?01:18
* rsalveti looks01:18
rsalvetisergiusens: maybe it's launchpad, hit f5 and it should show the correct rev :P01:19
sergiusensrsalveti: I'm bzr pulling01:20
rsalvetidamn01:20
elopiojournalctl -xb is not particularly easy to read, but can you make sense of any of these errors? http://paste.ubuntu.com/11693431/01:20
sergiusenselopio: fat partition is busted01:22
sergiusenselopio: how sane is your sdcard?01:22
elopiosergiusens: I got it in austin, that's like a month ago. I have flashed it less than 20 times.01:23
elopioI can switch to a different one to see if it happens again during the week.01:23
sergiusenselopio: hmm, then that's not it; something is writing incorrectly or unmounting uncleanly and just being bad01:23
elopiohttps://bugs.launchpad.net/snappy/+bug/146405701:30
ubottuUbuntu bug 1464057 in Snappy "snappy rebooted into emergency mode after update" [Undecided,New]01:30
elopioI attached the journal in there.01:30
sergiusenselopio: I think we already have a bug with this...01:31
sergiusensbut we can search for it tomorrow01:31
rsalvetislangasek: one interesting question, how to update something at releases.ubuntu.com?01:31
rsalvetiI thought it was also at nukasan01:31
rsalveti*nusakan01:32
elopiosergiusens: I found two similar, but the error messages they have don't appear in my journal.01:32
rsalvetisergiusens: yeah, also reproduced on trusty (my older machine)01:34
rsalvetiproblem is indeed the connection speed I guess01:34
=== devil is now known as Guest47334
elopioI'm going to the gym. bbl.01:37
slangasekrsalveti: releases.u.c is the /srv/cdimage.u.c/www/simple tree, as opposed to www/full01:53
rsalvetislangasek: oh, got it01:54
sergiusensrsalveti: so I'm seeing "install fails", returns an error, triggers the unmount path and for some reason the same process is still "using" it and blocking the unmount02:31
sergiusensI see it with docker only02:31
sergiusensdocker failed to install: unable to create /var/lib/snappy/apparmor/policygroups/docker_client: open /var/lib/snappy/apparmor/policygroups/docker_client: file exists02:32
rsalvetihm, here I don't get a failure when installing it02:32
rsalvetisergiusens: was able to create the images with the uk vpn02:32
sergiusensrsalveti: there is no chance to print it out02:32
rsalvetistore is a bit faster with the vpn02:32
sergiusensyeah, true02:32
sergiusensrsalveti: can you give this a quick try? https://code.launchpad.net/~sergiusens/goget-ubuntu-touch/BeLazy/+merge/26167903:14
rsalvetisergiusens: sure03:15
sergiusensrsalveti: no need to approve or anything, I've been playing a bit to get rid of my self induced panic call in the code03:15
sergiusensrsalveti: so far, now docker fails to install here and errors out correctly03:15
rsalvetigreat, let me check03:16
sergiusensgoing to sleep now to be able to get some prep work for webdm topics tomorrow03:16
rsalvetisergiusens: great03:17
rsalvetiwill put the feedback in the MR03:17
rsalvetijust waiting releases.ubuntu.com and cdimage to show my pre-built image and will send the announcement03:17
rsalvetisergiusens: ops, just found a bug =\03:22
rsalveti(amd64)ubuntu@localhost:~$ snappy info03:22
rsalvetirelease: ubuntu-core/15.04/stable03:22
rsalvetiarchitecture: amd6403:22
rsalvetiframeworks: webdm03:22
rsalvetiapps:03:22
rsalvetiwebdm as a framework03:22
elopiorsalveti: I see the same. Not a regression though, same output on #2.03:35
rsalvetiwonder if this is a tool issue03:35
elopiowe were testing only snappy list -v. One more reason to get the selftests extended.03:36
rsalvetieven when using snappy install it is still showing as framework03:37
rsalvetidid we change it to be a framework?03:37
rsalvetifailing to login now, weird03:38
rsalvetiafter installing webdm and rebooting03:39
elopiohttp://bazaar.launchpad.net/~snappy-dev/webdm/trunk/view/head:/pkg/meta/package.yaml#L503:39
rsalvetiyeah, then the doc is wrong03:39
elopioit is a framework. Now  I'm really confused about what are frameworks.03:39
rsalvetimaybe because it's exporting apis now03:39
rsalvetimight be replaced for an app once we implement the rest api03:40
elopioshouldn't we allow apt-cache policy ?03:40
elopiohow do I know the version of the snappy installed?03:41
rsalvetielopio: use /usr/bin/apt-cache03:42
elopiogood trick. But it says: Installed: (none)03:43
rsalveti/usr/bin/apt-cache policy ubuntu-snappy03:43
elopio:D03:43
elopiothat's right.03:44
rsalvetislangasek: how long does it usually take for something under /srv/cdimage.ubuntu.com/www/full to show up at http://cdimage.ubuntu.com ?03:45
rsalvetielopio: can you update https://developer.ubuntu.com/en/snappy/tutorials/using-snappy tomorrow with the proper output we get from image 3?03:47
elopiorsalveti: I can do it now.03:47
rsalvetielopio: great, thanks!03:48
elopionp03:48
rsalvetielopio: http://cdimage.ubuntu.com/ubuntu-snappy/15.04/stable/20150609/03:51
rsalvetielopio: http://releases.ubuntu.com/15.04/ was also updated03:52
elopioyep. Downloading because my sdcard got busted.03:53
elopioI should start keeping all the images, instead of overwriting them.03:54
rsalvetielopio: https://lists.ubuntu.com/archives/snappy-devel/2015-June/000789.html04:08
rsalveti\o\ |o| /o/04:08
elopiorsalveti: nice job.04:09
rsalvetias usual it took way more work than expected :-)04:09
rsalvetiguess we learned a lot as well04:09
elopioI'm sure I did.04:09
rsalvetiyeah04:10
elopioI will send a testing report now.04:10
rsalvetigreat04:15
rsalvetiutlemming: now just need your side to update the cloud images ^04:18
pittiogra_: avahi> I roughly know what it is for and what it's supposed to do, yes :)05:27
sarnoldwhat's the deal with the +generic and +bbb filenames here? http://releases.ubuntu.com/vivid/05:42
sarnoldahh just keep reading the list sars, just keep reading the list :)05:44
mikenheh, I was about to point you to https://lists.ubuntu.com/archives/snappy-devel/2015-June/000787.html , but sounds like you found it :)05:45
sarnoldindeed :) thanks05:50
seb128slangasek, "ubuntu-personal/rolling/edge" looks fine to me as well, but yeah willcooke should validate it I guess07:05
slangasekseb128: ok - can you check it with him today, perhaps?  I'm heading off to bed now; but if we have the channel name I can set it up in the morning07:10
seb128slangasek, sure, waiting for him to get online07:10
seb128slangasek, have a good night!07:10
slangasekthanks, have a good day :)07:10
seb128slangasek, I guess I should wait on that rather than try to hack an image build locally ;-)07:10
seb128thanks07:10
ogra_pitti, so do you have any clue how a avahi reply could return a real external IP ?07:11
ogra_<ogra_> ogra@anubis:~/datengrab/rpi$ ping webdm.local07:11
ogra_<ogra_> PING webdm.local (254.193.204.33) 56(84) bytes of data.07:11
ogra_i thought that was impossible07:11
pittiogra_: why? isn't that the point?07:12
pittiyou have a machine --> over there which offers a service, like ssh, or cups or whatnot07:12
ogra_pitti, you mean returning internet IPs in a lan ?07:12
pittior in this case, .local host names07:12
pittiisn't that a local LAN address?07:13
ogra_indeed not :)07:13
ogra_and at times i actually get 192.168.2.25 ... which is the right IP07:13
pitti169.254.* would also be plausible (ipv4ll), but I suppose we don't use that07:14
ogra_right07:14
ogra_it should either return a non-routable local IP or something in the reserved 169.254 range07:14
fgimenezgood morning07:15
ogra_s/non-routable/not externally routable/07:15
ogra_i'm very confused how it can return the above07:15
seb128hey willcooke07:46
willcookehey seb12807:46
seb128willcooke, sergiusens proposed to use "ubuntu-personal/rolling/edge" as the channel name for the personal image, slangasek asked for somebody to "ack the name product-wise" before setting that up ... can you do that? (or suggest something better if you have some other idea about that)07:47
willcookeseb128, sergiusens - name sounds fine to me.  I'll confirm with kgunn and report back asap07:51
seb128willcooke, thanks, slangasek went to bed and said he could set up the channel during his tomorrow, so I guess it let you the day to check with Kevin ;-)07:52
willcooke:)07:55
ogra_mvo, sergiusens http://paste.ubuntu.com/11694984/ i cant create images on trusty anymore with the recent u-d-f08:36
* ogra_ wanted to build a final image for the rpi from the stable channel08:36
Chipacaogra_: how does it fail?08:39
ogra_see the paste :)08:39
Chipacayou know what08:39
Chipacaif i didn't see the url in your question08:39
ogra_it seems to try to mount an already mounted disk image08:39
Chipacamaybe i should finish my coffee first08:39
ogra_err ... or rather ... it tries to unmount one that is in use08:40
Chipacaogra_: isn't that the partx race ?08:40
* ogra_ cant read today it seems08:40
mvoogra_: for some people it seems to help to remove the sd card when creating the image08:40
ogra_is there a workaround ?08:40
ogra_mvo, which sd card ?08:40
mvoogra_: oh, no sd card or anything else removable in your system :/ ?08:41
ogra_(my SD sits in the rpi ... i would only use it after i have an image :) )08:41
mvoogra_: meh, sorry, thats the best I have, maybe reboot :(08:41
ogra_sigh ... thats my work desktop ... takes me 30min to start all work scripts after a reboot ...08:41
* ogra_ would prefer to not have to :P08:42
ogra_i guess i'll do my monthly dist upgrade then :P08:42
ogra_mvo, u-d-f worked fine until the upgrade fwiw08:43
Chipacaogra_: silly quesiton08:43
mvoogra_: meh, best to talk to sergiusens then08:43
Chipacaogra_: does it happen every time?08:43
ogra_Chipaca, 3 out of three tries, yes08:43
Chipacadang08:43
ogra_and there is no loopback device left once it stopped08:43
ogra_err08:44
ogra_no, i'm lying08:44
ogra_/dev/mapper/loop0p2 on /tmp/diskimage643565256/system type ext4 (rw)08:44
ogra_/dev/mapper/loop0p3 on /tmp/diskimage643565256/system-b type ext4 (rw)08:44
ogra_/dev/mapper/loop0p4 on /tmp/diskimage643565256/writable type ext4 (rw)08:44
Chipacaa lying liar of lies!08:45
ogra_ogra@anubis:~/datengrab/rpi$ mount|grep loop08:47
ogra_ogra@anubis:~/datengrab/rpi$ sudo losetup -a08:47
ogra_/dev/loop0: [0811]:66982244 (pi2.img)08:47
ogra_ogra@anubis:~/datengrab/rpi$ sudo losetup -d /dev/loop008:47
ogra_ogra@anubis:~/datengrab/rpi$ sudo losetup -a08:47
ogra_/dev/loop0: [0811]:66982244 (pi2.img)08:47
ogra_hmm ...08:47
Chipacamvo: i've got more weirdness for you08:48
Chipacamvo: in case you're bored08:48
Chipacamvo: ubuntu-core-launcher failing to run because it can't find librt.so.1 on image 6908:48
Chipacano08:48
Chipacai mean ubuntu-core 6908:48
Chipacathis is on my wily image, which is rolling edge08:49
Chipacaand it's because of an apparmor denied?08:50
Chipaca[Thu Jun 11 08:47:20 2015] audit: type=1400 audit(1434012441.158:15): apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher" name="/lib/x86_64-linux-gnu/librt-2.21.so" pid=779 comm="ubuntu-core-lau" requested_mask="r" denied_mask="r" fsuid=0 ouid=008:51
Chipacaand indeed, that's not in the profile08:53
Chipaca... and it isn't using librt when i build it locally08:55
Chipacamaybe this is wily -specific?08:55
JamesTaitGood morning all; happy Ferris Bueller Day! 😃08:59
ogra_Bueller ... !!!!09:01
* ogra_ thinks he has 80s day today ... someone on G+ injected a huey lewis song in my brain that i cant get rid of and now *that* !09:03
mvoChipaca: oh, interessting. let me try to reproduce09:04
Chipacamvo: if you ldd /usr/bin/ubuntu-core-launcher on wily, it uses librt09:04
Chipacamvo: but not on vivid09:04
Chipacaadding librt to the profile fixes it09:05
Chipacabut, i don't see why we now need librt09:05
mvoChipaca: sounds a bit like a question for doko, but let me poke, I bet its gcc509:18
ogra_so the reboot was useless09:19
ogra_same error after fresh boot and dist-upgrade09:19
* ogra_ sighs09:22
mvoChipaca: ha! I blame libudev09:28
mvoChipaca: if I update that I get the new librt dependency09:29
* ogra_ downgrades to u-d-f 0.23-0ubuntu109:30
ogra_sigh ... same issue09:30
Chipacamvo: needing a commit message on https://code.launchpad.net/~mvo/snappy/snappy-remove-bin-path-compat/+merge/26159609:37
mvoChipaca: thanks a bunch09:39
mvoChipaca: I have some huge branches soon, but I think I get lunch first :)09:39
Chipacasounds good09:45
Chipacai'm figuring out what "other snappy" is running during boot, which is blocking regen from running09:45
* ogra_ looks at the u-d-f diff and finds ...09:46
ogra_ // create /boot/uboot09:46
ogra_-if err := os.MkdirAll(filepath.Join(img.System(), "boot", "uboot"), 755); err != nil {09:46
ogra_+if err := os.MkdirAll(filepath.Join(img.System(), "boot", "uboot"), 0755); err != nil {09:46
ogra_that seems to be the only change in core_uboot.go09:46
* ogra_ would just patch it and try it out, but obviously i cant fulfill even the build-deps on trusty :(09:48
Chipacawell... 755 is obviously wrong, so09:49
Chipaca:)09:50
conyooso guys, there is a noticeable lag 4-5s in webdm 0.9 (15.04 ubuntu core 3)09:54
ogra_conyoo, that is why the spinner was added to the page i guess09:55
conyoo:D09:57
conyoorollback worked ubuntu-core 3 -> ubuntu-core 2 \o/10:02
conyoonow how do i get back to 3? snappy update?10:03
ogra_yes10:03
conyoothanks ogra_ :D10:03
Chipacagrah, "booted" and "internal-run-hooks" run at the same time10:04
zygahey10:05
zygamorning10:05
zygaI just updated bb to -310:06
zygaand rebooted10:06
zygaand  http://pastebin.ubuntu.com/11695375/10:06
zyga(it doesn't boot, stops on nandboot not defined10:06
Chipacapitti: can a service unit file have an ExecStartPre and no ExecStart?10:07
pittiChipaca: I believe a Type=oneshot can; a Type={simple,forking,notify}, i. e. a real "service" needs to have an ExecStart10:07
Chipacayeah, this is a oneshot10:08
Chipacaand i have other things depending on it10:08
Chipacabut they'll start before the oneshot is done10:08
ogra_zyga, hold the user button down, thats not a snappy boot at all, looks like the board boots from eMMC10:08
pittiChipaca: yeah, then this only matters if you want to override parts of it with drop-ins10:08
zygaogra_: oh10:08
dpmseb128, quick question: will the snappy personal image be writable?10:08
zygaogra_: thanks, I'll wipe emmc10:08
Chipacadpm: no10:08
pittiChipaca: err, a Type=oneshot isn't "done" until after ExecStart* all have finished10:09
ogra_at least that kernel version doesnt look like any ubuntu kernel to me10:09
Chipacapitti: well then something's awry10:09
Chipacapitti: do you have five to look at it?10:09
pittiChipaca: does that other unit have a proper After= (directly or indirectly) on the oneshot?10:09
pittiChipaca: yes, sure10:10
* pitti just quickly finishes his open-iscsi fix10:10
Chipacapitti: oh10:10
Chipacapitti: it's got an After on the wrong one :)10:10
pittiChipaca: that might be related :)10:10
Chipacapitti: thanks :)10:10
dpmChipaca, so it's going to be the same in terms of writability as the phone, then?10:11
pittiChipaca: After=YKWIM.service !10:11
pittiJFDI=true10:11
Chipacapitti: i prefer After=YFDWIM.already10:11
pittiChipaca: computers are sooo picky10:12
Chipacapitti: inorite10:12
ogra_WOW ... http://paste.ubuntu.com/11695398/10:12
Chipacadpm: maybe. Do you consider the "writable" phone to be supported?10:12
dpmno10:12
ogra_since when does tar call mknod when extracting a tarball10:12
Chipacadpm: then yes :)10:12
* ogra_ has never seen such an error10:13
Chipacaogra_: whenever the tarball has special files in it?10:13
ogra_Chipaca, it doesnt just extract them ?10:13
ogra_i have never had something like this happen to me and i tend use chroot tarballs a lot ...10:14
zygaogra_: filesystem mounted with nodev?10:14
ogra_zyga, not on purpose at least :)10:14
* ogra_ checks 10:14
ogra_but still, why would tar call mkdnod instead of just blindly unpacking whats there10:14
Chipacaum10:15
zygaogra_: and besides, mknod is priviledged, no?10:15
zygaogra_: sudo10:15
Chipacaogra_: how would it unpack a special file?10:15
ogra_zyga, i know how to work around it10:15
ogra_i want to know why it suddenly happens10:15
Chipacaogra_: it creates files with open, directories with mkdir, ... etc10:15
ogra_Chipaca, and how did it do that before ?10:15
Chipacaogra_: same way?10:16
Chipacaogra_: i mean, there's no other way10:16
ogra_well, i usually only start using sudo when i enter my chroots10:16
zygaogra_: maybe fakeroot wrapper made mknod a fake mknod10:16
zygaogra_: and you just didn't notice (wild guess)10:16
ogra_hmm10:16
ogra_nops :P10:17
ogra_/dev/sdb1 on /home/ogra/datengrab type ext4 (rw,nodev,noatime,nodiratime,acl,user_xattr)10:17
ogra_WTF ...10:17
zygaogra_: systemd? :)10:17
ogra_trusty10:17
zygahmm!10:17
zygaindeed10:17
ogra_ogra@anubis:~/datengrab/rpi/udf/chroot$ grep /home/ogra/datengrab /etc/fstab10:18
ogra_UUID=a3818c99-93e5-4596-bc93-f058a2daa60d /home/ogra/datengrabext4user,acl,user_xattr,noatime,nodiratime,exec,suid 1210:18
ogra_and no "nodev" in fstab10:18
Chipacaogra_: blame sergiusens10:19
Chipacaogra_: works for me :-p10:20
zygaofftopic, I haven't tried yet so feel free to bash me, can I use docker to get a normal debian chroot with snappy10:20
Chipacazyga: aiui, yes10:21
* zyga erased emmc, boot still tries to go from it10:21
zygahmm10:21
zygajust boot from the sd card10:22
zygahttp://pastebin.ubuntu.com/11695445/10:23
zygahmm10:23
ogra_zyga, hmm, corrupt fat ?10:25
NorbellHello. :) I like to configure Ubuntu Snappy as a Router with some docker features. But I can't find any information which is the best way to install something like ufw or firewalld on snappy?10:25
zygabut http://pastebin.ubuntu.com/11695460/10:25
zygaogra_: I'll check on my host, I just love sd cards10:25
ChipacaNorbell: i don't know of a snap that does that yet, but it's doable10:34
Norbell@Chipaca Okay, thanks. Do you think it's possible to use something like deb2snap to convert firewalld into a snappy app?10:36
nothalNorbell: No such command!10:36
* ogra_ sighs ... no lick for me today ... 10:38
ogra_so running u-d-f in a wily chroot doesnt work either10:38
* ogra_ only wants this rpi image done ... dmaned10:38
ogra_*damned even10:38
ogra_s/lick/luck/10:39
ogra_what a wasted day :(10:39
ChipacaNorbell: I don't know, sorry10:39
* ogra_ decides to rather wait for sergiusens or rsalveti to make u-d-f work again10:40
NorbellSince a firewall is something you un only once on a linux installation. What is the appropriate snappy component for a firewall? There a frameworks and apps. But both app-types allow multiple instances of one app. In one news Canonical mentioned that some companies plan to install snappy on their routers.10:48
ChipacaNorbell: i'd expect it to be a regular snap10:49
ChipacaNorbell: ie an app, not a framework10:50
ChipacaNorbell: frameworks are for mediating access to hardware10:50
Norbell@Chipaca And what about applications that configure Wi-Fi?10:54
nothalNorbell: No such command!10:54
ChipacaNorbell: same10:54
NorbellChipaca: thank you. Now I have at least an idea of what I have to do :)10:56
ppisatiogra_: is modprobe still available on the snappy image?10:57
Chipacappisati: yes10:58
ogra_GRRR !10:58
ogra_exactly the same issue on my vivid laptop10:58
ogra_so u-d-f is officially completely broken for me :(10:58
Chipacaogra_: here, de-grrr with http://i.imgur.com/vXO0HyH.jpg11:05
Chipacait's my background image today (by random rotation), and has been making me smile all morning11:06
Chipacaogra_: that's “derelict at-at among the sierra nevada” by oliver wetter, fwiw11:06
ogra_lovely !11:11
Chipacapitti: FYI, running systemctl start from within the exec of a (oneshot) service hangs11:15
Chipacaso i guess generators are the only way forward for this11:16
rickspencer3rsalveti, ridiculously smooth update on my Beagle Bone11:26
rickspencer3nice work everyone11:26
zygaogra_: with some extra checks I'm sure the fat is working11:29
zygaogra_: any advice on what I can use to debug why it doesn't boot after upgrade?11:29
sergiusensogra_: yeah,  that no change rebuild caused a bunch of issues I'm trying to track down since last night11:43
seb128dpm, hey, base OS is a readonly image, then apps are snaps, a bit similar to the phone yes, ro fs and clicks in their own space11:45
dpmthanks seb128, that's what I was after11:47
seb128dpm, yw!11:47
dpmseb128, another question: I've seen some talk on the channel about how the final image will be delivered, but I haven't followed it up. Have you guys figured it out?11:48
dpmas an ISO, or as an image channel...11:48
seb128dpm, as a snappy image11:51
dpmseb128, as an image I can e.g. dd into a USB stick, such as the ones for BBB and RPi2?11:52
Chipacamvo: mostly +1 on https://code.launchpad.net/~mvo/snappy/snappy-improved-developer-mode2/+merge/261692 ; just a stray comment to fix11:53
Chipacamvo: a couple of non-blocking questions also :)11:53
seb128dpm, what's the difference?11:53
seb128dpm, the rpi can't be dd-ed?11:53
seb128oh, you meant those are dd-able11:54
dpmseb128, I'm not trying to point any differences, just trying to make sure I understand11:54
seb128dpm, not sure if there are several type of snappy images?11:54
seb128dpm, dunno, for me there was only one type of snappy images11:54
seb128and they can be dd-ed11:54
seb128but I didn't investigate much so maybe I'm wrong11:54
seb128others here can probably reply better to that11:55
dpmseb128, I'm not implying there are different types, I just wanted to figure out and understand how the initial installation would work11:55
seb128dpm, not figured yet11:56
seb128dpm, the snappy team has that in their backlog11:56
dpmack11:57
Chipacasnappy images are divided in: (a) signed by canonical, (b) deprecated, (c) working, (d) for quadcopters, (e) firewalls, (f) fabulous, (g) odds and ends, (h) included in this classification, (i) that break all the time, (j) innumerable, (k) maintained by ogra_, (1) etcetera, (m) that break the hardware when booted, (n) that look ok when squinting.11:57
sergiusenssounds about right11:58
sergiusensimages are like appliances11:58
sergiusensup to each product to define how to best install it11:58
seb128dpm, my understanding is that next steps for personnal are for willcooke to confirm the channel name11:58
seb128then sergiusens/slangasek to set up that image/channel11:59
seb128then we should be able to use u-d-f to build a personal image11:59
sergiusensseb128: the channel name I suggested is on par with 'core' and makes the transition to pure snaps easier11:59
dpmseb128, ok, I think that answers all of my questions, thanks12:00
sergiusensChipaca: you really prefer syscall.Mount?12:01
seb128dpm, yw!12:01
seb128sergiusens, great, waiting on willcooke to confirm with kgunn that the name is ok I think12:01
sergiusensChipaca: wasn't syscall in deprecation mode?12:01
Chipacasergiusens: moved elsewhere, but not deprecated per se12:02
Chipacasergiusens: I don't know if I prefer it or not. If it were C, would we still be exec'ing /bin/mount ?12:02
Chipacasergiusens: I don't know :)12:02
Chipaca/bin/mount does a bunch of things around mount(2), which might make it worth just exec'ing12:03
mvoChipaca: thanks a lot12:05
sergiusensChipaca: there is no syscall.Umount or it's too early for me12:06
Chipacasergiusens: https://golang.org/pkg/syscall/#Unmount12:07
Chipacasergiusens: they added a random n in there12:07
Chipaca:-p12:07
sergiusensChipaca: ah12:12
ppisatinice, the raspi2 modfies the dtb on the fly before passing it to the kernel to make the i2c devices visible12:15
ppisativery nice12:15
ppisatiexcept that since we use uboot to boot the syste,12:15
ppisatiand thus we pass the dtb file from the filesystem12:15
ppisatiwe don't give a sh*t about the modified dtb that start.elf is prepping for us12:16
ppisatibecuause uboot != kernel12:16
* Chipaca ~> lunch12:20
pittiChipaca: yes, never use systemctl start without --no-block in a systemd unit12:23
pittiChipaca: it's best to avoid calling systemctl altogether, it's usually a hack (you rather shold use Wants=, Requires=, etc.)12:24
pittiChipaca: calling systemctl start in an unit causes a deadlock12:24
ogra_sergiusens, let me know once you have something to test, i really want to get that final rpi2 imae out12:30
ogra_*imae12:30
ogra_bah12:30
* ogra_ needs new kbd12:30
rsalvetimorning folks12:30
rsalvetihow are we doing? did something explode because of the update? :-)12:30
sergiusensogra_: you can try the branch I told rsalveti to try12:30
sergiusensrsalveti: no, just the u-d-f rebuild12:30
sergiusens:-/12:30
ogra_sergiusens, how do i build it ? i cant even get the build-deps installed here12:31
sergiusensogra_: bzr bd --builder='sbuild -c wily ...'12:31
ogra_without deps ?12:32
sergiusenssbuild or pbuilder or what suits you12:32
ogra_a plain chroot ... or even better just my main system :)12:32
sergiusensogra_: on wily, mk-builddeps -i12:32
ogra_i dont run wily on any of my prod machines12:33
ogra_trusty and vivid are what i can offer12:33
rsalvetisergiusens: hm, that I tried but didn't help me at least12:33
rsalvetiunless you updated it again, let me check12:34
rsalvetisergiusens: will try it again in a few minutes12:34
sergiusensrsalveti: you got a different error due to something else12:36
rsalvetisergiusens: yup, still mount related, but will give it another shot soon12:37
zygaogra_: I frlashed the image from instructions on the website just now, clean card, clean emmc, it doesn't boot12:47
zygaogra_: something is wrong there12:48
ogra_zyga, well, QA tested it ...12:48
zygaogra_: well, is the thing they tested uploaded?12:48
* ogra_ hasnt tried the BBB, i'm focused on the rpi12:48
zygaogra_: I can sha the image (uncompressed) that I have12:48
ogra_well, compare the MD5 with the one on the server then12:49
ogra_uh, weird12:54
ogra_rsalveti, that cdimage fs structure is super confusing ... (for the actual img's)12:54
ogra_why is 15.04 snappy under preview and not under releases ...12:55
ogra_and there is also an ancient "alpha 3" in the scratch dir12:55
zygaogra_: is there anything on emmc that can influence the boot if I hold the user key?12:56
ogra_not if you hold the key, no12:56
ogra_then it should always boot from SD12:56
zygaogra_: I'm re-downloading from this URL http://releases.ubuntu.com/15.04/ubuntu-15.04-snappy-armhf-bbb.img.xz12:56
zygaogra_: what I see now is:12:56
zygahttp://pastebin.ubuntu.com/11696123/12:57
zygashouldnt it try mmc1?12:57
zygammc1 is sd, mmc0 is emmc12:57
zygaright?12:57
ogra_no idea12:58
* zyga wonders if qa images worked just because someone had good bits of bootloader on their board12:58
zygaand actual images don't work12:58
zygaogra_: I have a second bone with normal ubuntu and that's how it works there12:58
zygasd is on mmc112:58
ogra_well, then the above is right12:58
ogra_wait for elopio, he can surely tell you how he tested12:59
zygathanks12:59
* ogra_ grins about the latest mail to ubuntu-phone12:59
zygaogra_: from Linn Error? ;-)13:02
ogra_yeah :)13:02
ogra_\o/13:07
ogra_sergiusens, thanks so much, the MP helped13:07
sergiusensogra_: great13:07
sergiusensogra_: I don't like the MP though :-P13:08
ogra_yeah, its just hiding the prob13:08
* jdstrand didn't get to respond to Norbell on how he is going to have trouble with a firewall snap since the security policy doesn't allow it and the kernel isn't autoloading iptable_filter and ip6table_filter and probably other things13:08
jdstrandI'm trying to get ufw going in my spare time and collecting data that I will present to the architects group. I sorta think we need something like hw-assign but for net-admin13:09
sergiusensogra_: what I think is happening is that snappy.Install is returning but some thread is still running and so when I try to unmount I get a device under use unmount error and boom13:09
jdstrandbut we'll see13:09
ogra_sergiusens, well, then a sleep would do the same13:09
sergiusensI had some test code with fuser and the only process using the mount was u-d-f13:09
ogra_but with clean unmount13:09
sergiusensogra_: both ugly, but I can do some sort of sync and wait13:10
ogra_sergiusens, both ugly, but the sleep would prove that whatever holds the lock actually returns after a while13:10
ogra_the lazy unmount wont13:10
sergiusensogra_: yeah, will give it a go in a bit13:11
rsalvetiogra_: which path is the one containing alpha 3 and so on?13:12
rsalvetibut yeah, there is some duplication in there13:12
ogra_rsalveti, http://cdimage.ubuntu.com/ubuntu-core/scratch/13:12
rsalvetitoo a while to find out the right place to dump new images13:12
ogra_and there is http://cdimage.ubuntu.com/ubuntu-core/preview/13:12
rsalvetiogra_: right, but we're using http://cdimage.ubuntu.com/ubuntu-snappy/13:13
rsalveti:-)13:13
rsalvetijust to help causing more confusion13:13
ogra_lol13:13
sergiusensrsalveti: we should just upload to launchpad ;-)13:13
rsalvetisergiusens: yeah13:13
ogra_well, we should wipe the ubuntu-cpre ones13:13
ogra_old and useless anyway13:13
sergiusensrsalveti: zx'ing gives a 156MB image13:13
ogra_[    0.001750] Calibrating delay loop (skipped), value calculated using timer frequency.. 38.40 BogoMIPS (lpj=192000)13:14
ogra_heh13:14
ogra_i never noticed rpi had such a low BogoMIPS value13:15
rsalvetimaybe early boot only?13:15
ogra_yeah13:15
ogra_it surely doesnt act like 38.40 :)13:15
ogra_hmm13:15
ogra_even though ... cpuinfo has the same13:16
ogra_funny13:16
ogra_great, image seems to work13:17
* ogra_ installs a few snaps13:17
zygaogra_: tried again, yep, it's broken13:17
zygaogra_: md5sums match13:18
zygaogra_: user key pressed13:18
rsalvetiogra_: my problem with udf is only when using it with --install13:18
zygaogra_: shall I file a bug on lp:snappy?13:18
ogra_rsalveti, your prob with udf is with using grub ;)13:18
ogra_for me it fell over when enabling developer mode13:18
rsalvetiweird13:18
ogra_the MP from sergiusens fixes that bit here13:19
rsalvetiogra_: did you try sergiusens's mr?13:19
ogra_yes13:19
ogra_just commented on it13:19
ogra_this was my error this morning http://paste.ubuntu.com/11694984/13:19
ogra_k, now the ultimate test ...13:20
* ogra_ installs docker and owncloud ... (via webdm this time :) )13:20
ogra_once that passes i'll push the stable RPi image up13:21
zygaelopio: ping13:22
ogra_sergiusens, bladernr_, do we have any plans to refresh the store page when the user installed a framework package ?13:23
sergiusensogra_: installing docker fails for me13:23
sergiusensjust fyi13:23
ogra_sergiusens, works fine here13:23
sergiusensogra_: :(13:23
ogra_i'm just installing owncloud now13:24
sergiusensogra_: oh, on a prebuilt I mean13:24
ogra_well, at least webdm didnt spill any error13:24
ogra_oh, you mean via --install ... got it13:24
sergiusensogra_: yup13:25
sergiusensChipaca: fyi docker failed to install: unable to create /var/lib/snappy/apparmor/policygroups/docker_client: open /var/lib/snappy/apparmor/policygroups/docker_client: file exists13:25
sergiusensChipaca: that's the exit 1 we used to see ;-)13:25
zygaogra_, sergiusens: are you mostly working on hardware or qemu?13:26
sergiusenszyga: both13:26
mvoChipaca: thanks a lot for your review marathon! if you have further suggestion for improvements, I'm all ears, I will probably continue tomorrow or so, I'm a bit tired now :)13:26
ogra_zyga, only HW currently13:27
ogra_(myself that is)13:27
* zyga goes to try qemu image13:27
mvopitti: is it intentional that libudev now requires librt.so? just curious13:27
Chipacasergiusens: do you have the whole error output?13:27
mvoChipaca: I will add a apparmor ok rule for ubuntu-core-launcher if you don't have that already13:27
sergiusensChipaca: it's just that, it's the err returned from snappy.Install13:28
Chipacamvo: i don't13:28
Chipacasergiusens: lies! you've got a line number somewhere, surely?13:28
Chipacasergiusens: in syslog?13:28
rsalvetisergiusens: do we actually want webdm to be a framework?13:28
pittimvo: kind of -- new libudev is now internally using the sd-device library, and some bits in the internal systemd libs use mq_getattr and friends13:30
mvook13:31
mvosergiusens: sorry for nagging, you mentioned you already did a static grub.cfg (similar to uboot) is that available somewhere? I would love to look at it at some point13:32
rsalvetimvo: Chipaca: is there any major issue to be fixed still for wily?13:33
* rsalveti is checking the create wily/rolling images13:33
Chipacarsalveti: well, ubuntu-core-launcher doesn't13:34
Chipacarsalveti: so that's fairly major :)13:34
mvohttps://code.launchpad.net/~mvo/ubuntu-core-launcher/apparmor-plus-librt/+merge/26172613:34
mvorsalveti: -^13:34
rsalveti:D13:34
mvomaybe more, this blocks the testing right now, I need to check if the apparmor fix is in wily already13:34
rsalvetiright, awesome13:34
mvothe proper one  from john13:34
rsalvetimvo: one of the pending questions we have is how we're going to maintain the ubuntu-snappy package13:35
jdstrandmvo: I just now approved it13:35
rsalvetimvo: since we now have the desktop guys also creating the ubuntu-personal images13:35
mvojdstrand: \o/ should I cherry pick it into our ppa or will there be a upload soon(ish)?13:35
rsalvetiso in general I believe it would be good to land everything in the archive and avoid using the ppa13:35
mvorsalveti: meh, I really really the auto-build of that package :/13:35
rsalvetibut since we can't auto land in there, maybe we can do a weekly release in the archive or such13:36
jdstrandmvo: I wasn't planning on fixing it, but I can if you want. I was just rying to expedite the proces for you :)13:36
rsalvetimvo: yeah13:36
jdstrandie, just gave my blessing to upload13:36
mvojdstrand: its fine, I can do it, I just did not want to duplicate work13:36
rsalvetimvo: maybe syncing once a week is fine, what do you think?13:36
rsalvetisync ppa -> archive13:36
* jdstrand nods13:36
mvorsalveti: yeah, I guess.  Iwould love to automate this as much as possible (which is tricky, I understand that)13:37
mvorsalveti: I mean, if we have super strong auto-testing (and we are on a good way) I don't see why releasing would be manual, if all tests are good it should go in automatically13:38
mvojdstrand: where is that branch you just approved :) ?13:38
jdstrandhttps://code.launchpad.net/~mvo/ubuntu-core-launcher/apparmor-plus-librt/+merge/26172613:38
mvojdstrand: aha, thanks13:38
rsalvetimvo: yeah, the only tricky thing is uploading to the archive13:39
mvojdstrand: hm, maybe there is a misunderstanding, I was wondering if there was a plan for a new apparmor release with the fixes from john for https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/146015213:39
ubottuUbuntu bug 1460152 in Snappy "apparmor cache not updated when apparmor.d rules change (breaks 15.04/stable -> 15.04/edge updates)" [Critical,In progress]13:39
mvorsalveti: indeed13:40
rsalvetimvo: maybe we can convince the personal guys to also use our ppa?13:40
rsalvetiuntil we find a better way13:40
jdstrandmvo: oh that was a misunderstanding13:40
mvojdstrand: don't get me wrong, I don't want to give you work, just double check that I don't do stuff that is already in progress13:40
jdstrandmvo: let me check13:41
mvohappy to cherry pick it myself and push to the PPA for now13:41
jdstrandmvo: what is that bug number?13:41
mvorsalveti: +1 from me and we put it on the list of things to do13:41
mvojdstrand: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/146015213:41
ubottuUbuntu bug 1460152 in Snappy "apparmor cache not updated when apparmor.d rules change (breaks 15.04/stable -> 15.04/edge updates)" [Critical,In progress]13:41
mvo(this one?)13:41
jdstrandmvo: is the workaround in wily already?13:41
rsalvetimvo: sure13:41
mvojdstrand: I don't think so, iirc I did not upload it because I hoped for a better fix (and I was lucky :)13:42
mvodid not upload it to wily13:42
jdstrandmvo: ok, so, we are planning a new apparmor upstream release and a corresponding apparmor upload to wily. that won't happen for 2-3 weeks. do you need it in wily before then?13:42
mvojdstrand: so I could apply the two patches from john against the wily apparmor and upload to the PPA and your team can upload the real wily at your convinience?13:43
mvosounds ok?13:43
rsalvetiseb128: hey, regarding personal images, we're currently auto deploying ubuntu-snappy in our ppa and using that when creating the core images since we can't easily automate the upload to the archive13:43
jdstrandmvo: that does sound ok. it would also be ok for vivid. that said, before you upload can you double check with jjohansen that this is the final patch?13:44
mvoseb128: and our auto-deploy is awesome :P13:44
rsalvetiseb128: so there could be an out-of-sync issue with the version you guys end up using if you're also not using our ppa13:44
seb128rsalveti, hey, unsure how to parse that bit of info13:44
seb128ah ok13:44
jdstrandmvo: and if you do vivid, you would remove the workaround systemd unit?13:44
rsalvetiseb128: would you mind also adding our ppa to your builds at least for now?13:44
mvojdstrand: sure, will do. vivid is not super critical right now I'm ok with the worakaround there for now. but yeah, if vivid then the workaround will go13:44
rsalvetiuntil we find a better way to automate the publishing in the archive13:44
seb128rsalveti, mvo: I'm unsure to understand why you can't regularly land updates to wily?13:45
rsalvetiseb128: we can, but we're landing stuff more than daily in our ppa13:45
jdstrandok. I'm not super excited about the workaround (you may have gathered that from the bug comment), but so long as it gets there eventually, that's ok13:45
mvojjohansen: hi, jdstrand suggested to double check with you that the two patches for https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1460152 are the final ones or if there is more in your git repo that I should cherry pick?13:45
ubottuUbuntu bug 1460152 in Snappy "apparmor cache not updated when apparmor.d rules change (breaks 15.04/stable -> 15.04/edge updates)" [Critical,In progress]13:45
rsalvetiand we want to automate that to be something for every commit13:45
seb128rsalveti, you could land more than daily in the archive13:45
jdstrandmvo: thanks!13:45
rsalvetiwe want to always release our trunk13:45
mvoseb128: because its a manual bzr-buildpackage; dput that a bzr build recipe can also do13:45
ogra_seb128, not during freezes13:46
seb128ogra_, why not?13:46
rsalvetiyeah, but requires a manual step, and also not during freezes13:46
rsalvetiyeah13:46
seb128I though we didn't freeze proposed13:46
mvoif I can have my way each commit to trunk will be a upload :P automatically13:46
seb128even if we freezed migrations13:46
rsalvetibut we don't build from proposed13:46
ogra_seb128, we dont build images from proposed13:46
seb128do you need to use packages?13:46
seb128can't you just lp:ubuntu-snappy then?13:46
rsalvetiatm, yes13:47
ogra_live-build uses packages13:47
ogra_(and we need binaries indeed)13:47
seb128ogra_, you could make it branch & bzr bd & dpkg13:47
ogra_seb128, yeah, or just use a PPA :)13:48
rsalvetiSUBPROJECT=system-image EXTRA_PPAS=snappy-dev/image for-project ubuntu-core cron.daily-preinstalled --live13:48
rsalvetihow we're building our images13:48
ogra_right13:48
rsalvetiso I'd suggest you guys to use the same ppa for now when building the snappy personal one13:48
ogra_just needs the "EXTRA_PPAS" var set13:48
rsalvetiuntil we find a better way13:48
rsalvetiwe're working on it13:49
seb128I'm sure Laney isn't going to like that :p13:49
seb128divergence...13:49
seb128we should converge, not diverge13:49
ogra_nah, convergence13:49
seb128by not using our standard archive & infra13:49
ogra_you move closer to snappy :)13:49
seb128lol13:49
seb128I think that if nobody push back to reduce the divergence it never happens13:50
seb128let's keep personnal off that, it's going to create the motivation to resolve the issue13:50
rsalvetithe problem is the archive and having uploads for every commit13:50
rsalvetiif the solution is moving away from the archive13:50
rsalvetithen we're not going to converge *in* the archive13:50
seb128that's not a solution13:50
seb128our archive/infra should be fit for our needs13:50
seb128if it's not we need to fix/change it13:50
rsalvetiwell, following your suggestion to build the package in livebuild13:50
seb128yeah, that was a stupid workaround suggestion13:51
ogra_sergiusens, mvo, is the content in http://people.canonical.com/~platform/snappy/ used by anything or could i wipe it and create a RPi2 subdir13:51
rsalvetisure, we need to fix it, all I'm saying is that while it's not fixed, it's better to just using the ppa13:51
seb128what sort of issues do we have using the archive versions?13:52
seb128those should be usable now?13:52
jdstrandmvo: re Chipaca's comment on the apparmor rule. try: /lib/@{multiarch}/librt{,-[0-9]*}.so* mr,13:52
seb128even if they lag a bit behind13:52
ogra_you are behind on fixes13:52
rsalvetiseb128: it's usable, just lagging behind13:52
seb128that's fine13:52
ogra_it can be really bad13:52
seb128at least we experience what our users experience13:52
rsalvetiif that's fine, then fine :-)13:52
ogra_(see the recent u-d-f issues)13:52
mvojdstrand: ok, do you prefer that over librt-*.so* (same as libc?)13:52
seb128well, if the archive version is that bad, let's not have that package in the archive13:52
seb128so nobody uses it13:52
seb128let's keep it in a ppa where it's rolling13:52
rsalvetithe udf issue is a different one13:52
rsalvetiwe don't expect the archive one to be broken13:53
rsalvetisince we don't even want our package in the ppa to be broken13:53
ogra_sure, i'm just trying to point out that there can indeed be fatal bugs13:53
seb128in the ppa as well13:53
rsalvetisure, but that can happen for any package that gets uploaded13:53
ogra_right13:53
seb128you would expect a every commit snapshot to have more issues than one that is manually tested and uploaded to the archive13:54
ogra_but due to the extra iteration throuh the PPA it will take longer til it reaches the archive13:54
ogra_thats what i meant13:54
rsalvetiright13:54
rsalvetiit's fine, we're going to improve our automated testing to verify it better as we go13:54
rsalvetithe only issue is that you guys might end up using an older version13:54
mvoin my ideal world there is no need for manual testing everything that would be done manual is run automatic13:55
jdstrandmvo: either is ok. I see I did use -* before. if I were to do it again, I would use what I suggested for all13:55
rsalvetiyeah, the only missing piece in that ideal world is having a permission to upload to the archive13:55
seb128rsalveti, thanks for the heads up13:55
seb128we need to discuss it13:55
rsalvetibut, we're still uploading packages in a ftp server13:55
rsalvetiin 201513:55
mvojdstrand: ok, so I will uses the suggestion from john and update libc too for consitency(?)13:55
seb128but I would prefer to keep personnal on the archive13:55
rsalvetiseb128: sure13:56
seb128would it only because it helps to keep the motivation to fix our infra for our need13:56
seb128rather that paperover in a specific way13:56
jdstrandmvo: I don't understand that statement. I mean, I do, but I'm confused by it. if you are choosing to update all of them, please do:13:57
jdstrand/lib/@{multiarch}/librt{,-[0-9]*}.so* mr,13:57
jdstrand/lib/@{multiarch}/libc{,-[0-9]*}.so* mr,13:57
jdstrand/lib/@{multiarch}/libpthread{,-[0-9]*}.so* mr,13:57
jdstrandthat is more precise while still allowing for good maintenance13:57
elopiohola13:59
zygaelopio: hey14:00
zygaelopio: so you've tested the last beagle image?14:00
zygaelopio: I tried to install it today, it doesn't boot for me14:00
elopiozyga: hello. stable #3, yes.14:00
zygaelopio: maybe I did something terribly wrong14:00
elopiozyga: maybe. Can you connect to the serial console and see what it says?14:00
zygaelopio: do you think you can tell me what I might have done wrong14:00
zygaelopio: I did that14:00
zygaelopio: its says...14:00
zygahttp://pastebin.ubuntu.com/11696123/14:00
mvojdstrand: yeah, sorry, I'm not expressing myself well today. branch updated14:03
zygaelopio: it also failed on upgrade14:03
zygaelopio: I was running previous version14:03
jdstrandmvo: hehe, np. I probably made this harder than required14:03
zygaelopio: up until this morning when I updated14:03
mvojdstrand: :) all good14:03
zygaelopio: then tried a clean flash from ...14:03
jdstrandbut it's all good now :)14:03
jdstrandhehe14:03
zygaelopio: stuff listed here http://developer.ubuntu.com/en/snappy/start/14:03
zygaelopio: (md5sums match what I've downloaded)14:03
zygaelopio: one question, when you test a new image14:03
zygaelopio: do you have anything on emmc?14:03
elopiozyga: I'm about to start a meeting.14:05
elopioon the emmc I have debian.14:05
zygaelopio: is there any chance that is helping you to boot14:06
zygaelopio: otherwise, I'm not sure what happens to me14:06
zygaelopio: my emmc is wiped clean14:06
elopiozyga: I doubt it. But maybe...14:06
sabdflhiya14:06
sabdflhangout?14:06
zygaelopio: by default the boot order is nand > sd14:06
sabdflah, ww14:06
zygaelopio: so perhaps that would explain why it works for you14:06
ogra_sabdfl, wrong channel ?14:06
sabdflindeed :)14:06
zyga:-D14:07
elopiozyga: how did you wiped the emmc?14:07
zygaelopio: from uboot14:07
sabdflironically, an invitation to talk snappy though!14:07
zygaelopio: mmc erase ...14:07
ogra_haha14:07
zygaelopio: mmc dev 0 # or something like that to pick the right mmc14:08
zygaelopio: mmc erase something something # 0 size or the reverse,14:08
zygaelopio: without the sd card with the image (that fails to boot into the kernel) I just see 'C' on the serial line14:08
sergiusensmvo: the grub.cfg I use is just from the image, using a u-d-f branch I have with some modifications, I'll get it up as soon as all these criticals go away14:09
sergiusensChipaca: feel free to try yourself ;-)14:11
sergiusensrsalveti: webdm a framework was a requirement not imposed by me14:11
mvosergiusens: push now, or I will die from curiosity ;)14:12
zygaelopio: ao anyway, any help is appreciated14:12
zygaelopio, ogra_: https://bugs.launchpad.net/snappy/+bug/1464275 FYI14:16
ubottuUbuntu bug 1464275 in Snappy "Unable to boot beagle bone black from prebuilt image #3" [Undecided,New]14:16
sergiusensmvo: okie dokie14:17
mvosergiusens: lets talk after the meeting if you have a minute14:17
sergiusenssure14:17
ogra_sergiusens, mvo, is the content in http://people.canonical.com/~platform/snappy/ used by anything or could i wipe it and create a RPi2 subdir14:24
* ogra_ just re-cycles the last question :)14:24
mvoogra_: I have no idea14:25
ogra_sergiusens, ? ^^^14:25
willcookesergiusens, seb128 - kgunn is +1 on the name - let's roll!14:26
seb128willcooke, thanks14:26
seb128slangasek, ^14:26
slangasekseb128, willcooke: nice, thanks14:28
sergiusensogra_: mvo that's dead14:30
kgunnseb128: i tried to read thru scrollback, is the summary, we need to use core ppa to build on ? not archive, in order to stay in sync with core guys?14:30
ogra_sergiusens, awesome, deleting ... there are other snappy dirs that look dead as well one levelk up14:30
davmor2willcooke: WOT you got away with sheworeanitsybitsyteenyweenyyellowpokerdotbikini?14:30
sergiusensogra_: .NEW and .ORIG, yeah good to go as well14:31
ogra_sergiusens, http://people.canonical.com/~platform/snappy.NEW/ and http://people.canonical.com/~platform/snappy.ORIG/14:31
ogra_cool14:31
ogra_ogra@anubis:~/datengrab/rpi$ ssh people.canonical.com14:31
ogra_Agent admitted failure to sign using the key.14:31
ogra_Permission denied (publickey).14:31
ogra_ssh_exchange_identification: Connection closed by remote host14:31
ogra_oh come on !14:31
ogra_so mv'ing my ~/.ssh dir away and back in place gets me this ? ...14:32
ogra_funnily i can ssh localhos and then it works14:32
seb128kgunn, define "stay in sync", things keep changing, so depending on where you start your build and how often you build things are going to be slightly "out of sync" anyway14:33
seb128kgunn, if wily is *that outdated* then we have an issue14:34
* ogra_ wonders what caches the ssh key ... i cant find any process with ssh or agent in the name :/14:34
seb128ogra_, on what system?14:37
kgunnseb128: thanks...so the "how out of date is wily" is still an unknown14:37
kgunn?14:37
seb128kgunn, well, I don't know about that, rsalveti & mvo claim we should use ppa because wily is outdated14:38
slangasekseb128, sergiusens: what are the device types that we expect on personal? generic_$arch ?14:38
ogra_seb128, on my trusty desktop ... to create the rpi image i needs to create a fake ssh key ... for which is moved my .ssh dir out of the way ... moving it back gets me key errors (it works after i ssh localhost so i guess something in the UI session cached the wrong key somehow)14:38
seb128kgunn, but it wily is outdated/has versions our users should not use I say we have an issue, because our users are on wily and are going to get things from there14:38
kgunnslangasek: the intent is any/all devices that use the full shell14:38
seb128ogra_, likely gnome-keyring-agent14:38
ogra_-deamon ... but yeah14:39
seb128right, sorry14:39
* ogra_ hugs seb128 14:39
* seb128 hugs ogra_ back14:39
ogra_works, thanks :)14:39
slangasekkgunn: right, this is more a technical question of how the devices are named so that they can be consumed properly by whatever's being done on the udf side14:39
seb128slangasek, define "device types"? any i386/amd64/armhf config we can boot on?14:40
slangasekI would /assume/ that 'generic_armhf', 'generic_i386', [...] gives the right result, but I'd rather have it confirmed14:40
slangasekseb128: system-image has a channel, and within the channel are devices, and each device has a set of tarballs to deliver (rootfs, tarball, etc).  u-d-f does some wrapping of this to map it into the snappy design, I want to make sure the device names I work are going to be compatible with whatever udf and/or your gadget snap expect14:42
slangasekI work?  I use14:42
slangasekseb128: btw I see that only armhf and i386 are built so far, is amd64 ftbfs or not yet added?14:42
seb128slangasek, ftbfs, a do armhf14:42
seb128or, armhf built today14:43
seb128slangasek, amd64 fails with14:43
seb128"+ cp -ar boot/vmlinuz-3.19.0-20-generic boot/vmlinuz-3.19.0-20-generic.efi.signed /tmp/tmp.zew1ZPxIai/assets/vmlinuz14:43
seb128cp: target '/tmp/tmp.zew1ZPxIai/assets/vmlinuz' is not a directory14:43
seb128E: config/hooks/500-move-kernel-to-device-tar.binary failed (exit non-zero). You should check for errors."14:43
slangasekfun fun14:43
slangasekok14:43
ogra_rsalveti, so i moved the stable Pi image to http://people.canonical.com/~platform/snappy/raspberrypi2/ ... will announce it and update developer.ubuntu.com docs to point to that14:44
seb128slangasek, the code does " cp -ar boot/vmlinu?-* $TMPDIR/assets/vmlinuz"14:44
seb128slangasek, that regexp doesn't play nicely with the .signed14:44
slangasekyep14:44
seb128unsure how to change that though14:45
seb128do you have any suggestion? ;-)14:45
slangasekcheck for the presence of a .efi.signed first, if presence, use it; otherwise fall back to the current command14:45
slangasekpresent14:45
slangasekwords, today14:45
seb128I'm even unsure why we have a .signed here and why ubuntu-core doesn't14:45
sergiusensslangasek: I need to create the personal subcommand, but in the meantime using a full channel path with 'core' should work14:45
ogra_asac, just confirming twice before i write an announcement, http://people.canonical.com/~platform/snappy/raspberrypi2/ is ok as url for the Pi image ?14:46
slangasekseb128: I don't know why ubuntu-core doesn't currently have the .signed; but it should, so that's a separate bug14:46
slangaseksergiusens: ok, that doesn't tell me what device names I should use though14:46
kyrofaChipaca, ping14:48
sergiusensslangasek: generic_amd64 and so on or are we thinking phone targets here too?14:49
sergiusensI guess you are not the target for that question14:49
sergiusensand I can't decide on that either, what are the requirements? :-)14:49
slangaseksergiusens: just the generics for now14:50
kgunnslangasek: i see what you mean, and yeah, generics i think makes sense atm14:51
Chipacakyrofa: pong14:57
kyrofaChipaca, so I've been trying to use go-dbus, and I ran into a problem with it: anything dealing with messages is impossible to test because the serial numbers aren't exported14:59
Chipacakyrofa: yes, go-dbus sucks at testability14:59
elopiofgimenez: I didn't touch your branch yesterday, I'm sorry. That's the only thing I will do today.15:00
kyrofaChipaca, so I found github.com/godbus/dbus which is a lot more testable, but before I jumped to it I wanted to make sure I learned any lessons you learned-- is there a reason you didn't use that one?15:00
elopiofgimenez: can you please make the merge proposal, with status in progress, to nicely see the changes?15:00
elopiozyga: sorry, one more meeting. Thanks for reporting the bug.15:00
fgimenezelopio, np, it's already working now, ok i'll make the mp15:01
elopiozyga: I'm now afraid to reproduce it and break my beagle. But I guess I can always reflash debian in there.15:01
zygaelopio: :D15:01
zygaelopio: yeah15:02
zygaelopio: I have two15:02
zygaelopio: one runs ubuntu, the other snappy ubuntu core15:02
zygaelopio: it's a very useful arrangement15:02
zygaelopio: btw, when you do testing, do you boot with the user key pressed?15:02
zygaoh, and btw, elopio, we need to talk :D15:02
zyga(I didn't realize it was you)15:02
zygaelopio: about what you do for testing, so that we don't duplicate work in the cert process15:03
zygaelopio: and which tools you use15:03
elopiozyga: yes!15:03
zygaelopio: quick idea: get a different SD card15:03
zygaelopio: flash that15:03
elopiodo you want to emet in 30 minutes?15:03
zygaelopio: and hold the user key while booting15:03
zygaelopio: sure15:03
zygaelopio: just ping me, I'll be around15:03
elopiozyga: I don't press the button, my board doesn't require that. I can try.15:04
kyrofaChipaca, the only significant limitation (as far as I can tell) is its inability to use lower-case dbus method names15:05
zygaelopio: then the test process is wrong15:05
zygaelopio: as this means the test depends on what you have on emmc15:05
zygaelopio: and you really boot the emmc boot loader15:05
zygaelopio: not the one on the card15:05
elopioI see.15:05
zygaelopio: let's talk about that and everything else in a hangout15:05
zygaelopio: when you can15:05
sergiusenskyrofa: that looks nice (godbus)15:07
kyrofasergiusens, I've been really happy with my limited testing, but I wanted to see if there was a reason most Canonical projects were using go-dbus on launchpad (the similar naming is unfortunate, but I'm not sure what else I'd choose)15:08
sergiusenskyrofa: maintained by someone in Canonical was one of the reasons15:09
kyrofasergiusens, that makes sense15:09
sergiusenskyrofa: the other one I saw was the one coreos guys wrote, but I don't think we have any strong criteria15:09
kyrofasergiusens, I just... must write tests. I feel so dirty when I have a huge chunk of completely untested code15:10
kyrofasergiusens, Chipaca: If you were starting another go project that used dbus, would you use go-dbus again?15:15
sergiusenskyrofa: for that dbus code base?15:15
sergiusenskyrofa: I would try not to use dbus at all :-P15:15
kyrofasergiusens, ah, yes, that :P15:16
zygasergiusens: heh15:21
zygasergiusens: I know that from somewhere15:21
zygasergiusens: dbus is good, but ramps complexity a lot15:21
longsleepI just received my first set of bug reports for the ODRIDDC image builder - one is '"sudo: unable to resolve host odroid"' - is that a problem i can solve with some yaml options?15:22
Chipacaogra_: whine, whine, whine :-p15:29
sergiusenslongsleep: that's a snappy bug afaik as /etc/host is not updated15:29
seb128slangasek, in the vmlinuz .signed case, should that be "vmlinuz" or does the .signed matters in the naming?15:30
elopiozyga: fgimenez: the meeting is running late. Lets better do it tomorrow, I'll schedule it for 14:00 utc.15:36
elopiozyga: is it a good time for you?15:36
fgimenezelopio, fine with me15:36
longsleepsergiusens: All right thanks - i will add it to launchpad if not already there15:37
zygaelopio: let's see15:38
zygaelopio: yes15:38
zygaelopio: well15:39
zygaelopio: maybe not, I have a snappy meeting on 15:00 my time which is probably 14:00 utc15:39
zygaelopio: let's do it next week15:39
zygaelopio: I'll know more15:39
mvojdstrand: here is another approach I was remembering https://lists.debian.org/debian-dpkg/2014/08/msg00006.html about signatures15:39
zygaelopio: can you tell me where you have a list of tests to perform on new images?15:40
Chipacakyrofa: i'm not sure that dbus binding was there when we went looking for one15:40
zygaelopio: and I'll send a quick agenda for next week15:40
Chipacakyrofa: give it a try and let us know :)15:40
elopiozyga: this is what we are using as a starting poing.15:40
kyrofaChipaca, alright, good to know :)15:40
elopio*point15:40
jdstrandmvo: yes, ima is captured as well. that is an interesting idea for snaps15:41
elopiozyga: we can do the meeting on tuesday at 13:00, I'll just get up a little earlier. Otherwise your standup and our standup are in the way.15:41
* jdstrand updates doc15:41
elopiozyga: also, confirmed that when I boot with the button pressed, I get into debian.15:41
elopiowithout the button, snappy.15:41
zygaelopio: I can skip my standup15:42
zygaelopio: that's really weird, that should be entirely reverse15:42
Chipacakyrofa: places where dbus bindings struggle is in complicated variants (like some of the ones we use for menues and such), and services with dynamic paths15:42
zyga17:40 < elopio> zyga: this is what we are using as a starting poing.15:42
zygaelopio: ^^ what?15:42
Chipacakyrofa: so keep a look out for those15:42
elopiozyga: https://docs.google.com/document/d/1R_Tw0N0QbEpjFeYf9XnVV8Gp8ldT2Ig0PO6MfR-kuSM/edit#heading=h.2sakiuiw8x0b15:42
zygaelopio: thanks15:43
Chipacakyrofa: also, async is hard; look for races15:43
zygaelopio: I think we will cooperate on those a lot15:43
Chipacakyrofa: (on amd64, go build -race is your friend)15:43
mvojdstrand: cool, thanks. I only glanced over your doc so far (sorry) so I missed that its already covered15:43
elopiozyga: the idea is to get all of that and more automated here: http://bazaar.launchpad.net/~snappy-dev/snappy/snappy/files/head:/integration-tests/run-in-image/tests/15:43
zygaelopio: do you know about plainbox/checkbox?15:43
elopiozyga: moar hands! :)15:44
kyrofaChipaca, yeah I've been wanting to play with that race detector!15:44
elopiozyga: yes, you told me the basics about it some months ago.15:44
seb128slangasek, http://paste.ubuntu.com/11696900/ looks fine to you?15:44
zygaelopio: ok,15:44
Chipacakyrofa: keep in mind the race detector is racy :)15:44
kyrofaChipaca, thanks for the list of trouble-spots-- exactly what I was looking for :)15:44
elopiozyga: atm, we don't really have any tests that need manual intervention. This month we'll attempt at automating them and run them with adt-run.15:45
zygaelopio: ok, lots of things to check and think, let's talk next week, we'll definitely need to automate those tests too but in a way that runs with plainbox, let's think about how we can share those15:45
jdstrandmvo: no, that thread wasn't covered (I just added it now), but IMA in general was15:45
zygaelopio: adt-run over ssh against a deployed machine?15:45
jdstrandmvo: thanks for the link15:45
elopiozyga: yes.15:45
zygaelopio: ok15:45
elopiozyga: and +1. Lets share our ideas next week, and see how to join the effort.15:46
zygaelopio: ok15:46
mvojdstrand: cool, thank you15:46
jdstrandsergiusens: hey, you said you wanted some information for my bbb situation?15:46
* jdstrand reboots it15:47
jdstrandsomehow it keeps getting stuck15:47
elopiozyga: this is our playground: https://code.launchpad.net/~fgimenez/snappy/go-functional-tests. A wrapper that provisions a machine, then adt-run deploys the go end-to-end tests, runs them and collects the results.15:49
sergiusensjdstrand: snappy-system.txt in /boot/uboot and OS versions so if nothing works channel.ini from each partition15:49
elopiozyga: still a prototype, so any suggestions are welcome.15:49
zygaelopio: I sent out an invite15:50
zygaelopio: correct the time, I'm not sure what time suits you15:50
zygaelopio: should I look at the merge request or at the whole tree15:50
elopiozyga: it suits me but fgimenez EODs in the middle of the meeting.15:50
zygafgimenez: what time would work for you? earlier than stand up?15:51
fgimenezelopio, zyga here's the mp, maybe better to see the changes https://code.launchpad.net/~fgimenez/snappy/go-functional-tests/+merge/26174815:51
zygaelopio: I'm not faimilar with snappy codebase, I don't know where to look basically15:51
slangasekseb128: the .signed doesn't matter in the naming, it's just to disambiguate on the source filesystem when both are installed; and the tooling expects the filename of 'vmlinuz' so 'vmlinuz' it shall be15:51
slangasekseb128: yes that diff looks ok to me15:52
seb128slangasek, k, so that diff ... thanks15:52
fgimenezzyga, elopio yep, 14:00 utc would be fine15:52
jdstrandsergiusens: http://paste.ubuntu.com/11696954/ (I think that is what you need wrt /writable/cache/system)15:52
* zyga wonders how to show utc in google calendar15:53
jdstrandsergiusens: do not, this is not the 'some weird image issue' we discussed a week or two ago-- I reflashed after asking you if udf was new enough (and you said yes)15:54
jdstrands/do not/do note/15:54
elopiozyga: settings -> additional time zone.15:54
jdstrandsergiusens: so, snappy_ab=b but:15:55
jdstrand/dev/mmcblk0p2                 999320 553640    376868  60% /writable/cache/system15:55
jdstrand/dev/mmcblk0p1                  64511  39328     25183  61% /boot/uboot15:55
jdstrandit seems that 'a' booted? (guessing that p1 is 'a' and p2 is 'b')15:55
sergiusensp2 is a15:55
sergiusensp1 is boot ;-)15:56
jdstrandoh15:56
ogra_that doesnt look like mounted on "a"15:56
zygaelopio: thanks!15:56
jdstrandwell, /writable/cache/system/etc/system-image/channel.ini  has 'build_number: 82'15:56
jdstrandbut snappy list says I am on 7915:56
zygaelopio, fgimenez: ok, I think it's moved to 14:00 utc now15:57
jdstrandsergiusens: ^15:57
* jdstrand doesn't really know anything about this part of snappy15:57
jdstrandso, please advise15:57
sergiusensjdstrand: snappy list --verbose15:58
jdstrand/dev/disk/by-label/system-b    999320 462180    468328  50% /15:58
jdstrandsergiusens: http://paste.ubuntu.com/11697005/15:59
elopiozyga: what happens to you if you boot without holding the button?15:59
zygaelopio: the console just streams 'C' 'C' 'C'15:59
zygaelopio: probably boot-over-serial handshake15:59
zygaelopio: er, wait15:59
zygaelopio: without the card15:59
zygaelopio: holding the button has no effect for me15:59
ogra_thats the ROM then15:59
zygaelopio: as emmc is empty15:59
zygaogra_: right15:59
sergiusensjdstrand: if you manually run snappy update, before rebooting can you give me snappy-system.txt and reboot15:59
ogra_telling you it cant find a boot sector16:00
zygayep16:00
zygaogra_: with the card in I get uboot and the pastebin earlier (snappy_boot not defined)16:00
* jdstrand runs sudo shutdown -c16:00
jdstrandsergiusens: fyi, here is an updated paste that has df at the bottom: http://paste.ubuntu.com/11697009/16:01
jdstrandsergiusens: so the bottom of: http://paste.ubuntu.com/11697014/16:02
jdstrandsee*16:02
fgimenezelopio, the branch is under my user, maybe we can put it elsewhere so that the team can collaborate?16:03
elopiofgimenez: I16:04
elopiofgimenez: as you prefer. We can do the same proposing branches to merge against yours.16:04
zygaelopio, fgimenez: use git!16:04
zyga:)16:04
jdstrandsergiusens: I have not rebooted16:04
elopiofgimenez: the qa policy of the shared branch was nice, but not sure this team needs it.16:04
fgimenezzyga, yep :) elopio ok, merging of other branches sounds good16:06
elopiofgimenez: and from now until the game ends, we are enemies.16:10
elopioI might talk to you again when Navas is the goalkeeper of Real Madrid.16:10
ogra_oh, who plays ?16:11
elopioogra_: Costa Rica - Spain.16:11
ogra_something erious or just a freinds game ?16:11
ogra_*serious16:11
fgimenezelopio, casillas is free to be hired too i think :)16:11
* ogra_ guesses everthing will be better than ger - usa was :P16:12
sergiusensjdstrand: it seems consistent, so you updated, a is selected which has 8216:12
elopioit's friendly.16:12
ogra_ah, a relaxed one then :)16:13
sergiusensjdstrand: it would interesting to view what happens during the reboot (u-boot failing to find the files, corrupted, kernel crashing, systemd causing a reboot) and if that is the reason you get sent back to 'b' and 7916:13
fgimenezleaving, nice evening everyone, elopio don't be too worry about the result, maybe next time.. :D16:20
jdstrandsergiusens: how would I see that? I don't have a serial console16:21
sergiusensjdstrand: oh, yeah that makes it hard... /proc/last_kmsg for the kernel but not sure how to see anything else16:23
sergiusensjdstrand: oh, hdmi out from the bbb16:23
sergiusensbut you need one of those mini plugs16:24
jdstrandyeah, I don't have one16:24
jdstrandwell, I'll reboot and see what happens16:25
jdstrandsergiusens: is there a way that the logging can be improved for debugging this sort of thing?16:26
jdstrandsergiusens: it can up in 7916:28
sergiusensjdstrand: well you won't be able to see what happens at the bootloader level though16:28
sergiusensjdstrand: 'find /boot/uboot -ls' (and checksum maybe)16:29
jdstrandI don't have /proc/last_kmsg16:29
jdstrandseems I'm stuck16:29
sergiusensjdstrand: in theory /boot/uboot/a/* should be the same as /boot/uboot/b/*16:30
ogra_ppisati, ^^^^ could we enable the ram console for our arm builds ?16:30
* ogra_ wanted to ask that before ... now jdstrand reminded me :)16:30
jdstrand$ diff -Naur /boot/uboot/a/ /boot/uboot/b/ && echo yes16:30
jdstrandyes16:31
ogra_/proc/last_kmsg is one of the most helpful things16:31
jdstrand$ cat /proc/last_kmsg16:31
jdstrandcat: /proc/last_kmsg: No such file or directory16:31
ogra_yeah16:31
jdstrandis that the 'ram console' ?16:31
ogra_not enabled in the kernel16:31
jdstrandhmm16:32
ogra_i think it is called that in the kernel config16:32
sergiusensjdstrand: snappy-system.txt is back to snappy_ab=b and snappy_mode=regular, right?16:32
jdstrandso, I'm not sure autopilot has ever worked right on my device. every time I try to log into it it is either telling me it is going to reboot or is wedged somehow and I can't ssh in16:33
jdstrandsnappy_ab=b16:33
jdstrandsnappy_mode=regular16:33
jdstrandyes16:33
jdstrandsergiusens: as it happens, I have the image from Jun 1 that I used to flash the device16:35
jdstrandit was r7216:35
jdstrandI know I did a snappy update/reboot manually at least once16:35
sergiusensjdstrand: mind creating a new image with --revision=-1?16:36
jdstrandI'm not sure if autopilots worked or that did16:36
sergiusensjdstrand: autopilot is just something that runs snappy update16:36
jdstrandsergiusens: sure. I'm using this: sudo ubuntu-device-flash core --channel=edge --oem=beagleblack --enable-ssh --output=15.04-edge.bbb 15.0416:38
jdstrandsergiusens: with udf 0.23-0ubuntu216:38
jdstrandsergiusens: it will take me a while to flash the card16:38
jdstrandsergiusens: actually, I forget --revision=-1. so I'll use that. isn't that going to give me the lastest version?16:39
sergiusensjdstrand: latest minus 116:40
jdstrandah, cool16:44
jdstrandsergiusens: ok, I'll ping you16:46
sergiusensjdstrand: so  sudo ubuntu-device-flash --revision=-1 core --channel=edge --oem=beagleblack --enable-ssh --output=15.04-edge.bbb 15.0416:46
sergiusensjdstrand: and i'm going for lunch now :-)16:46
jdstrandthat is the command I run ftr16:47
jdstrandran*16:48
zygaelopio: if you want, I can pastebin the contents of my files on the boot partition17:00
zygaelopio: still not sure what's going on17:00
elopiozyga: please do that, but attach them in the bug.17:01
zygaelopio: k17:01
elopioI'm learning here, so I won't be able to make a lot of sense of the files.17:01
elopiosomebody else from the team will look at your bug and triage it.17:01
zygaelopio: updated, thanks for your help17:06
elopionp.17:06
jdstrandsergiusens: ok, the system is running r8117:50
jdstrandhttp://paste.ubuntu.com/11697548/17:51
jdstrandsergiusens: fyi, "snappy autopilot triggered a reboot to boot into an up to date system"18:01
jdstrandsergiusens: so waiting for that to happen automatically18:01
jdstrandsergiusens: also, just noticed a typo: "snappy autopilot triggered a reboot to boot into an up to date system-- temprorarily"18:02
jdstrandsergiusens: s/temprorarily/temporarily/18:02
elopiohum, now there's something wrong with the selftests from trunk.18:07
elopioit asks for password, and never connects to the ssh.18:07
elopionow it works. weird.18:21
jdstrandsergiusens: ok, ir upgraded and rebooted into 82 fine. for somereason I have a feeling it is the 2nd update. eg 80 -> 81 -> 82, but I have no evidence to support that18:22
sergiusensjdstrand: if it's the second update b would have 81 and you'd be on a with 8218:33
jdstrandsergiusens: well, I'll keep an eye out for what happens with 8318:36
jdstrandsergiusens: did you see the typo comment above?18:36
* zyga bought a new card to try18:39
jdstrandsergiusens: thanks for helping me with that. I wish we had a better resolution, but like I said, I'll keep an eye on it18:48
sergiusensjdstrand: yup, saw the typo :-)18:48
sergiusensjdstrand: and yes, we need to track the upgrades better, elopio raised a bug on something similar to what you saw (but different).18:49
jdstrandyeah, that prompted me to bring it up. wasn't sure if it was the same or not18:50
=== alexabreu is now known as alex-abreu
jdstrandNorbell: hey, fyi I in my spare time looked at packaging ufw as a snap18:56
jdstrandNorbell: there are several issues that prevent it from working correctly. I am jotting those down and will be filing bugs/bringing the issues up to the snappy architects18:57
Norbell@jdstrand Awesome. Thats realy realy cool. :)18:59
nothalNorbell: No such command!18:59
jdstrandNorbell: the two most major ones were that iptable_filter and ip6table_filter didn't autoload (so it can't work on reboot) and that extending privileges are needed to run it (eg, capability net-admin)18:59
jdstrandNorbell: since obviously routers, firewalls, etc are interesting to snappy, I'll be presenting the problems and propose a solution to the architects19:00
jdstrandthis won't be fixed really soon, but we'll get it to the point where it can be done19:00
Norbelljdstrand: Interesting. I thought Canonical had  Routers and Firewall in mind during the process of creating snappy. I mean, they advertise this feature19:02
jdstrandNorbell: however, these can be worked around now-- if you adjust /etc/modules to load iptable_filter and ip6table_filter you should then be able to use 'security-policy' in your app yaml for handcrafted policy and have something that works on your system19:02
jdstrandNorbell: well, yes, which is why I want to bring this up :)19:03
jdstrandI don't think it is a ton of work. the kernel module autoloading is just a bug and the other just needs a bit of design and small implementation19:05
Norbelljdstrand: Thank you. ;) Tomorrow i will try to get it running on my pi 2. This would be a great feature for my  bachelor thesis ;)19:06
jdstrandNorbell: actually, you could probably get away with adjusting /etc/modules and then use 'security-teamplte: unconfined' in you app yaml19:07
jdstrandNorbell: it won't be confined, but it should run until we get this bit worked out19:08
jdstrandNorbell: you can also look at the webdm packaging for how to use 'security-policy' if you wanted it to run confined with custom policy19:08
jdstrandnote: neither of those will be allowed in the snappy store, but it should unblock you19:09
jdstrandsergiusens: btw, did you ever update your seccomp policy in webdm?19:09
Norbelljdstrand: Okay. Thank you for the great advises. I will try it. for the first time its enough to get it running on my pi. Hopefully it will get available in the main release  ;)19:13
sergiusensjdstrand: no, not yet19:14
sergiusenssorry no easy link to link to :-)19:14
jdstrandsergiusens: is it in bzr?19:15
jdstrandsergiusens: I can give an MP19:16
jdstrandsergiusens: at least, the start of one :)19:16
sergiusensjdstrand: lp:webdm19:18
jdstrandsergiusens: is it known that removing an app via webdm fails with: ERROR: hook command /usr/bin/aa-clickhook failed with exit status 219:23
sergiusensjdstrand: no19:24
sergiusensjdstrand: and I wasn't seeing that with my testing yesterday19:24
jdstrandhmm19:24
sergiusensjdstrand: the only one that fails is the one I asked about yesterday (dbus fw and ReleaseName being allowed or not)19:25
jdstrandno seccomp denial, but ERROR snappy logger.go:199 hook command /usr/bin/aa-clickhook failed with exit status 219:25
sergiusensjdstrand: any specific app?19:26
jdstrandhello-dbus-app19:26
jdstrandbut running webdm under seccomp19:26
sergiusensjdstrand: hmm, that's the one I asked about yesterday19:26
sergiusensjdstrand: I guess my question got lost19:26
* sergiusens searches19:26
jdstranddid you ask me about it?19:26
jdstrandcause if yes, then yes, it got lost19:27
sergiusensirclogs/Freenode/#snappy.log:11:19 < sergiusens> jdstrand: not sure it's my image, but is ReleaseName allowed? [ 3993.417227] audit: type=1107 audit(1433945875.311:61): pid=604 uid=100 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="ReleaseName" mask="send" name="org.freedesktop.DBus" pid=1439 label="hello-dbus-fwk_srv_1.0.0" peer_lab19:27
sergiusensthere19:27
jdstrandinteresting19:27
sergiusensjdstrand: that happens when uninstalling and causes an error on remove (it ends up removing anyways in the end)19:28
jdstrandI wonder what changed that prompted that19:28
jdstrandsergiusens: which were you uninstalling?19:28
sergiusensjdstrand: hello dbus fwk19:29
jdstrandok, let me look into this19:29
jdstrandalright, so running under seccomp there was an issue, but no logging19:30
jdstrandI keep feeling like logging isn't fantastic on the bbb19:30
jdstrandas in, messages getting dropped19:31
jdstrandsergiusens: is hello-dbus-fwk removal via webdm?19:31
sergiusensjdstrand: yeah19:31
sergiusensjdstrand: let me setup; just finished tracking down an unreleased file descriptor that blocked unmounting and will get more details19:32
jdstrandsergiusens: I can confirm that19:32
jdstrandno need19:32
jdstrandsergiusens: I got it from here19:32
jdstrandI just need to decide how to fix it19:32
sergiusensChipaca: rsalveti: ogra_ I found the root cause of the unmounting issues https://code.launchpad.net/~sergiusens/snappy/releaseDaReadme/+merge/26177819:33
ogra_ha !19:33
Chipacasergiusens: how big is the dent in your forehead (after hitting the desk with it)?19:33
sergiusensChipaca: lol; bigger when figuring out lsof gives more information than fuser :-)19:34
sergiusensChipaca: this can explain why long running webdm instances can all of the sudden block too, so I'll need to rebuild webdm after this is out19:34
sergiusensChipaca: also http://paste.ubuntu.com/11698150/19:36
sergiusensChipaca: it's not logged, reason for no line number19:36
rsalvetisergiusens: nice19:36
rsalvetiwow, that's an interesting root cause19:36
sergiusensrsalveti: well it blocks an unmount; I'm making u-d-f not try to unmap if mounting fails and not obfuscate the real error now19:37
sergiusens*unmounting19:37
rsalvetiright19:37
rsalvetisergiusens: then guess we need another round of releases19:38
sergiusensrsalveti: well snappy in core doesn't use this19:38
rsalvetiI mean, tools releases19:38
sergiusensrsalveti: so it's not important; tools, yes19:38
rsalvetipush ubuntu-snappy and then rebuild udf19:38
sergiusensrsalveti: yup19:38
rsalvetigreat19:38
sergiusensrsalveti: and webdm, webdm does open (indirectly) that readme file19:39
rsalvetialright19:39
sergiusensso I'll push that to the store today too19:39
rsalvetiawesome19:39
sergiusensanother reason to kill that useless readme.md :-P19:39
jdstrandsergiusens: fyi, I'll have a fix for hello-dbus-fwk in a few minutes19:40
sergiusensjdstrand: oh, it's in hello-dbus-fwk itself?19:40
jdstrandyes19:40
jdstrandit is a framework so it ships its own policy19:40
sergiusensright19:40
jdstrandit RequestName()s to bind t the well-known connection name, but isn't allowed to ReleaseName() it19:41
sergiusensjdstrand: writing policies takes some iterating I've discovered :-)19:41
jdstrandit can, yes19:41
rsalvetisergiusens: going back to my previous question, what happend, or who asked for webdm to be a framework?19:44
rsalvetiand the following up question, would it just be an app once we provide the rest api?19:44
sergiusensrsalveti: mark; and I asked the same question you did19:45
rsalvetiright, guess we'll go over this again eventually19:46
sergiusensrsalveti: yeah, you can bring it up end of June or start of July ;-)19:47
rsalvetiright :-)19:47
kgunnjdstrand: hey, so i had a chance to toy with mir snap, i just changed the security-template to nondefault20:03
kgunnwhich i thot i could do to basically get networking groups....thot that might be enough to hit the next hurdle20:04
kgunnbut i'm failing to install20:04
kgunnthat was the only thing i changed20:04
kgunnany ideas ? or...how to debug? (i bascially know nothing :)20:05
jdstrandsergiusens: ok, hello-dbus-fwk 1.0.1 uploaded. there is no apparmor denial now (so I tink my part is done), but if I remove it via webdm 'Removing...' never goes away20:06
jdstrandsergiusens: now that is on a system where I was removing/adding/sideloading before removing and install again from the store20:06
jdstrandsergiusens: so not sure if there is another issue or if it is a local issue20:07
elopiogooooool!20:07
jdstrandkgunn: is there a bzr branch somewhere?20:07
kgunnjdstrand: lemme push....20:08
kgunnjdstrand: lp:~mir-team/mir/snappy-packaging20:11
kgunnjust cd into snappy-packaging and run make20:11
jdstrandsergiusens: it says 'Sorry something went wrong', but it is removed from the list if I reload20:12
jdstrandkgunn: there are 2 package.yamls. one in overlay/meta and one in snappy-packaging/overlay/meta20:14
jdstrandkgunn: I guess I should be looking at the one in snappy-packaging/overlay/meta ?20:15
kgunnjdstrand: should only be the one20:16
kgunnhttp://bazaar.launchpad.net/~mir-team/mir/snappy-packaging/files/head:/overlay/meta/20:16
jdstrandheh, well, I promise there are two :)20:16
kgunnwhat the heck20:16
jdstrandand they have different contents20:17
jdstrandone has your security-template change, and the other uses security-policy20:17
jdstrandso I don't really know what to comment on20:17
jdstrandexcept to say that the security-template change won't work. 'nondefault' isn't a valid template20:18
jdstrandon a device or in a kvm you can do 'snappy-security list' and see the available templates20:18
sergiusensjdstrand: let me check the logs20:18
jdstrandsergiusens: is that your logs or my logs?20:21
kgunnjdstrand: so  i just pulled a clean lp branch and i only see one yaml ?20:23
jdstrandkgunn: since you said you aren't familiar with this, you might want to read these:20:23
jdstrandhttps://developer.ubuntu.com/en/snappy/guides/security-policy/20:23
kgunnalso...wrt nondefault...20:23
jdstrandhttps://developer.ubuntu.com/en/snappy/guides/frameworks/20:23
sergiusensjdstrand: I'll setup20:23
kgunnjdstrand: so i did specifcally on20:23
kgunnhttps://developer.ubuntu.com/en/snappy/guides/security-policy/20:23
kgunnthere's an example there...20:23
kgunnwhich uses nondefault20:23
kgunnand indicated in the text it would get network-client20:23
kgunnam i just interpreting the example in the wiki incorrectly?20:24
jdstrandkgunn: yes, that is just trying to say 'anything else that is on the device that isn't 'default''20:24
jdstrandyou are20:24
kgunnk20:24
jdstrandkgunn: in the example yaml, 'qux' does get 'network-client' since 'caps' isn't specified for 'qux'20:25
kgunnjdstrand: so i see from the core i'm running it has network-client, network-services, networking20:25
kgunnso i can pick from those...20:25
jdstrandkgunn: but 'nondefault' isn't a usable template in real-life20:25
kgunnbut what do you do if you want some capability not in those 3 ?20:25
jdstrandthere is a trello card for the community team to get a tutorial going so people don't have to read thick guides20:26
jdstrandkgunn: to answer that question, you write your own policy (security-policy) or provide an override (security-override, which is akin to the click security manifest). but let's back up. what are you trying to accomplish here?20:27
jdstrandkgunn: note, framework snaps, which mir is, will almost use 'security-policy' since they are extending the system or need privileged access20:28
jdstrands/almost/almost always/20:28
jdstrandhttps://developer.ubuntu.com/en/snappy/guides/frameworks/20:28
jdstrand"Frameworks are tightly coupled with separately maintained security policies that extend the security policy available to apps consuming a framework"20:28
jdstrand"Frameworks are developed and iterated by parties that have a contractual relationship with Canonical"20:28
jdstrand"Unlike apps, frameworks have special permissions which allow them elevated access to the system. For the official Ubuntu store, a contract will include terms to ensure framework safety and maintenance"20:29
jdstrandkgunn: so an *app* developer focuses on simple templates and caps whereas a *framework* developer uses security-policy and provides framework-policy20:30
jdstrand(typically)20:30
jdstrandkgunn: ok, I think I see what happened to my bzr branch. I already had one and I accidentally moved the one I pulled today into the other one20:31
jdstrandheheh, funny20:32
jdstrandkgunn: so at some point in the past I guess someone was using security policy20:33
jdstrandsecurity-policy20:33
jdstrandbut it was removed20:33
jdstrandkgunn: this also is what I reviewed20:36
jdstranderr20:36
jdstrandkgunn: this also isn't what I reviewd in the store20:36
bladernr_can someone point me to some document that explains how to add things like python libraries to a snap?  The tutorials and such all seem based on stand alone apps and already included libararies, and I've not found an example yet that shows adding thigns like custom or externally created libraries to a snap20:37
jdstrandkgunn: so, what are you trying to achieve when you changed 'unconfined' to 'nondefault'20:44
jdstrandkgunn: fyi, I was wrong about it not being what I reviewed. I see now that what is in the store used the 'unconfined' template20:45
jdstrandjjohansen: hey, can you think of a reason what a process running under seccomp can't unload an apparmor profile?21:01
jdstrandjjohansen: I'm not getting a log message21:02
tedgbladernr_, We don't have something like that yet, we're working on a tool to help with it. But there's a lot of good information on mostly using the Python that is there today here: http://www.wefearchange.org/2015/04/creating-python-snaps.html21:06
jdstrandjjohansen: does it have something to do with MAC_ADMIN?21:06
jjohansenjdstrand: not that I know of21:07
jdstrandok, I'll keep investigating21:07
kgunnjdstrand: sorry, distracted, thanks for all that....so with a framework, i figure you need priviledges to access system stuff...and then capabilities to express what an app might want to use (in your fmwk)21:08
kgunnso the security-policy is the means for the fmwk to access system stuff ?21:08
kgunnjust making sure i got it right21:08
jdstrandkgunn: a framework is there to provide a service to apps. a framework most often needs privileged access to something on the system. that privileged access is *not* expressed with security-templates and caps because *apps* don't need that access21:10
jdstrandkgunn: therefore, "security-policy" exists for framework authors to write their own apparmor policy for their service21:10
jdstrandkgunn: framework-policy is what your framework app ships. that *will* ship one or more caps and zero or more templates that *apps* can use21:11
jdstrandkgunn: the framework-policy caps ans template give apps access to your framework service(s)21:12
kgunngot that...that part makes sense now, e.g. when we build a gui snap on top, it'll use that cap from that fmwk policy21:12
jdstrandexactly21:12
jdstrandso the bit you were fiddling with is the framework service21:12
jdstrandit was using the 'unconfined' template21:12
kgunnright...so i can "use what i want" :) on the system..."i" being the fmwk21:13
jdstrandthat is 'ok' for a demo, but it really should instead use "security-policy"21:13
kgunngot it21:13
jdstrandyes21:13
jdstrandsecuiryt-policy is where you say "here is my handcrafted apparmor policy, and here is my handcrafted seccomp policy"21:13
kgunnfor my fmwk...in order to access xyz on the system ?21:14
jdstrandyes21:14
kgunngot it now21:14
jdstrandso, you might go from this:21:14
jdstrandsecurity-template: unconfined21:14
jdstrandto this:21:14
jdstrandsecurity-policy:21:14
jdstrand  apparmor: meta/mir.apparmor21:14
jdstrand  seccomp: meta/mir.seccomp21:15
kgunnand those will contain a bunch of paths to bins and stuff ?21:15
jdstrandthen you write your apparmor rules in meta/mir.apparmor and put the syscalls you need in meta/mir.seccomp21:15
jdstrandright21:15
kgunnand examples in wikis of seccomp file ?21:15
kgunni think i kinda get the apparmor stuff21:16
jdstrandkgunn: kgunn you might want to see: https://wiki.ubuntu.com/SecurityTeam/Specifications/SnappyConfinement#Debugging21:16
* longsleep has fixed the system-boot fat corruption for ODROIDC by cherry-picking a bunch of U-Boot fixes21:17
=== dstokes_ is now known as dstokes
kgunnjdstrand: thanks...i'll go tinker21:17
jdstrandkgunn: the seccomp policy is just a text file that is a list of syscalls21:17
jdstrandkgunn: you might start by installing the hello-world.canonical snap, then looking at /var/lib/snappy/seccomp/profiles/hello-world.canonical_env_1.0.1721:18
jdstrandkgunn: that just uses what is in the default template21:18
kgunnk21:19
jdstrandkgunn: a fun quality of seccomp is that it will kill your the process if it violates policy21:19
kgunni saw that21:19
kgunnsigkill how great21:19
jdstrandkgunn: so watch your logs and see that Debugging page21:19
jdstrandit would be nice to do something different, but there isn't a safe way to do that21:19
jdstrand(eg, deny and log)21:20
kgunni think it's kinda awesome21:20
jdstrandannyhoo21:20
kgunnviolent21:20
jdstrandit is fun21:20
kgunn:)21:20
jdstrandand apparmor could do it too, but we choose not to :)21:20
jdstrandkgunn: so, couple of things--21:20
jdstrandkgunn: 1. do note that regular app developers aren't supposed to have to worry about apparmor rules and syscalls21:21
jdstrandkgunn: they just use templates and caps21:21
kgunnright21:22
kgunni'm special that way21:22
jdstrandkgunn: 2. frameworks are quite special since they mediate access to a shared resource. mir falls into this category-- it is supposed to mediate access to the graphics card21:22
jdstrandkgunn: (that said I know that things aren't perfect there, but that is ok-- I know tvoss said that is a longer term goal)21:22
jdstrandkgunn: 3. framework authors should engage with Canonical on framework policy. so please ask questions, have us review the policy21:23
jdstrandkgunn: (but depending on how many frameworks come in, this might have to move to another team)21:24
jdstrandkgunn: 4. the framework should be designed in a way that the access the it gives out to apps via its framework-policy is safe for all apps to use, potentially simultaneously. ie, the framework should provide the same isolation and protect the system from attack21:25
jdstrandkgunn: (which is why framework authors engage with us)21:25
jdstrandwe've been through all those talks wrt mir already for touch21:26
jdstrandbut just trying to give context21:26
jdstrandthat's it from my unless you have questions :)21:26
jdstrandoh, addendum to '4' - if the policy isn't safe for everyone, then the policy should include '# Usage: restricted' at the top of its framework-policy file21:27
jdstrandkgunn: hopefully this was useful to you :)21:29
kgunnvery jdstrand, thanks, sorry i'm very elementary atm21:30
jdstrandno worries. snappy is pretty new :)21:32
kgunnjdstrand: one last one, i wondered....what would constitute a "policy isn't safe for everyone" situtation ?21:36
jdstrandkgunn: that is kinda discretionary, but giving out access to files in /dev, write access to areas outside of the app's area, granting capabilities, etc21:43
jdstrandwhich now you may understand why I mentioned hw-assign/oem in the review21:44
jdstrandjjohansen: fyi, if I run aa-clickhook under its own seccomp profile, it is fine, so I don't think it is an interaction between seccomp and apparmor at this time21:45
=== j12t_ is now known as j12t
jdstrandsergiusens: I think what is happening is that snappy is running under the same seccomp policy that I am trying to give to webdm which is making it very grumpy. seccomp doesn't have the concept of an exec transition with a new profile21:52
=== utlemming is now known as utlemming_away
=== blahdeblah_ is now known as blahdeblah

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!