=== chihchun_afk is now known as chihchun
zygamorphis: hey06:55
morphiszyga: hey!06:56
fgimenezgood morning07:19
dholbachhello hello from mvo's place :-)08:03
=== bigcat_ is now known as bigcat
clobranomorning :)08:11
Odd_BlokeMorning all.08:26
Odd_BlokeWe have a fix for cloud-init for snappy on Azure; where in the normal Ubuntu development lifecycle does this have to get for edge builds to pick it up?  Will an upload to wily be sufficient?08:27
ogra_Odd_Bloke, stable pulls from the official vivid archive (incl. sercurity and updates) and from https://launchpad.net/~snappy-dev/+archive/ubuntu/image08:33
ogra_rolling pulls from wily08:34
Odd_Blokeogra_: Cool, thanks. :)08:37
* guest42315 they see me rollin' la la la08:39
ogra_my snapcraft build doesnt build anymore08:41
ogra_Branched 4 revisions.08:41
ogra_[1mIssues while validating snapcraft.yaml: [{'exec': 'usr/bin/bipmkpw', 'name': 'bipmkpw'}] is not of type 'object'[0m08:41
ogra_Traceback (most recent call last):08:41
ogra_what does that mean ?08:41
ogra_did the definition for "binaries"  change since yesterday ?08:45
mvoogra_: I think so :/08:48
ogra_where is that documented then ?08:48
mvoogra_: where is your project? could you push it somewhere?08:48
mvoogra_: I hope in the snapcraft docs of the branch08:48
* ogra_ is happy to make changes as long as he knows which :P08:48
ogra_mvo, not really, thats onle the generic stuff from the website08:49
mvoogra_: binaries:\n  name: foo -> changes to binaries:\n  foo:\n    exec: foo"08:49
mvoogra_: if you push your stuff I can have a look and help with the diff08:49
mvoogra_: if its not documented we need to fix that too :/08:50
ogra_well, the docs dir in the snapcraft tree has exactly the two pages we have on developer.u.c08:50
ogra_not sure there are other docs hidden anywhere08:50
ogra_bah, and the services description changed too it seems08:52
ogra_ah, got it by blindly poking around08:54
ogra_(and by looking at the schema file)08:54
ogra_and hello snappy-bip !08:56
JamesTaitGood morning all; happy Thursday, and happy Punctuation Day! 😃09:36
=== ogra2 is now known as ogra-snappy-test
ChipacaJamesTait: instead of punctuation day today I'm celebrating I've been a dad officially for 11 years and haven't killed anybody yet \o/10:36
ogra_congrats to the calmness !10:36
JamesTaitChipaca, that definitely is cause for celebration!10:36
JamesTaitIs there cake?10:36
Chipacathere is not. Because the boys are in France on a school trip.10:36
davmor2for the last 11 years no wonder you haven't killed them10:37
Chipacainstead i can stay hacking until 4am and not have to get up at 6 to kickstart their day :)10:37
Chipacadavmor2: har :)10:38
Chipacadavmor2: just this week :)10:38
Chipacadavmor2: for several of those years i couldn't afford the milk they needed, let alone fancy schmancy france :)10:38
Chipacawell. maybe it was a couple of months. felt like years :)10:39
davmor2Chipaca: hahaha10:39
Chipacakas1000, wherever you are, i hope your rabbits are all dead10:40
Chipacaclobrano: thanks to your branch we found we were misfiling the CLA emails, so double thanks for that :)10:41
clobrano:D, I find also bugs I am not even looking for10:42
Chipacaclobrano: reviewed!10:56
Chipacaclobrano: needs fixing, but good job10:56
Chipacaclobrano: (i wouldn't be surprised if you told me the code you're replacing suffers from the same problems i called out in your code, fwiw)10:56
=== chihchun is now known as chihchun_afk
Chipacaclobrano: another alternative would be to write a couple of variations of the AtomicWrite helper, one for append, one with a line-at-a-time interface11:10
Chipacaor maybe write a whole atomic-writable type that did the whole dance behind the scenes11:10
clobranoChipaca: I'll have a look at it ;)11:18
Chipacaclobrano: fwiw I think you should do as i suggested in the review11:19
Chipacaclobrano: the other things can be done in later branches11:19
clobranoChipaca: ook11:19
Chipacaclobrano: sorry if the "atomic-writable file type" sounded very exciting11:31
* Chipaca would be tempted too11:31
Chipacabut that's how branches get un-reviewable11:31
clobranowell, actually I thought about using AtomicWriteFile, but I misinterpreted the description and didn't look at the code well11:32
Chipacaasac: ricmm: http://chipaca.com/post/129773078277/talking-http-to-an-abstract-unix-socket fwiw11:35
Chipacaasac: ricmm: as people trying to use the rest api have stumbled on this a bit11:36
Chipacaclobrano: https://github.com/dchest/safefile fwiw :)11:52
Chipacapitti: when you have a bit of time, i've got a systemd question just for you11:54
Chipacapitti: not urgent, not work related11:54
Chipacatrying to start a user unit on a udev event; have gotten the device to show up, but the user unit doesn't11:54
pittiChipaca: what is your udev rule?11:57
pittiChipaca: we do that quite a lot, usually through something like ..., ENV{SYSTEMD_WANTS}+="my_unit.service"11:58
pittiChipaca: for those (SYSTEMD_WANTS) you need to add TAG+="systemd" so that systemd creates a .device unit for it11:58
pittiChipaca: or you can call systemctl start --no-block in a RUN rule directly too, of course11:58
Chipacapitti: sorry, xchat crashed and missed that, let me pastebin the bits i have12:01
Chipacapitti: this is 99-batteries.rule: http://pastebin.ubuntu.com/12541325/12:02
Chipacapitti: which results in12:02
Chipaca sys-devices-LNXSYSTM:00-LNXSYBUS:00-PNP0C0A:01-power_supply-BAT1.device                   loaded active plugged   /sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0A:01/power_supply/BAT112:02
Chipacapitti: and this is cbatticon@.service: http://pastebin.ubuntu.com/12541330/12:03
Chipacapitti: i tried with BindTo=%i.device also, and didn't have it work12:04
pittiChipaca: BindTo= doesn't exist, you probably mean BindsTo=12:04
pittiChipaca: but what is that supposed to do? the After= should already be implied12:05
Chipacapitti: the internets told me to do it!12:05
Chipacacouldn't find documentation that mentioned BindTo12:05
pittiChipaca: WantedBy= also seems redundant/unnecessary as you start this from an udev rule, not from a target12:05
pittiChipaca: man system.unit12:06
pittiChipaca: but aside from these nitpicks, what does it do? if you plug in the battery, what does systemctl status -l .. show?12:06
pittiChipaca: i. e. does it get activated and fail, or not activated at all, etc?12:06
Chipacapitti: it never shows up in systemctl --user status12:07
pittiChipaca: why would it be in --user?12:07
Chipacapitti: because SYSTEMD_USER_WANTS?12:07
pittiyou start it through udev, that's system12:07
pittiChipaca: oh sorry, I thought that's SYSTEMD_WANTS12:08
Chipacapitti: the device unit does show up, as above12:08
zygahey everyone12:11
guest42315QUESTION: what's the difference between snaps and clicks?12:11
zygawe're building a small experimental framework12:11
zygawe're (morphis and me) using bluez 5.3412:11
pittiChipaca: ok, then I don't have an off-hand answer, I'm afraid12:11
ogra_yay, bluez support !12:11
zygaif anyone is interested to follow us, the code is currently in https://git.launchpad.net/~zyga/+git/snap-manual-bluez5/tree/12:12
Chipacaguest42315: you can think of snaps as clicks v212:12
zygaask us questions about this anytime if you are interested12:12
pittiChipaca: "systemd-analyze set-log-level debug", and watching the journal while you plug in the battery might be insightful12:12
Chipacaguest42315: also, HELLO, why the QUESTION format? :)12:12
ogra_click is in "maintenance mode"12:12
ogra_snap is actively going forward12:12
zygamorphis: passing bt via -bt hci,host didn't work12:13
zygamorphis: I'll try -bt hci,null12:13
morphiszyga: for too12:13
zygamorphis: just to see if there's anything on the inside12:13
morphisfails with a: qemu: `hci0' not available12:13
zygamorphis: for too?12:13
guest42315Chipaca, oh, is not live yet?12:13
zygamorphis: oh, where did you see that12:13
Chipacapitti: found BindsTo, dunno why i was reading it as BindTo all the time (and unable to find it like that)12:13
zygamorphis: in my branch I have redirected qemu lots12:13
zygamorphis: so that they don't spam the terminal12:14
zygamorphis: but  Ididn't see anything about hci12:14
zyga(I think)12:14
Chipacaguest42315: 12:30 utc is in 17 minutes12:14
zygamorphis: trying now with: qemu-system-x86_64 -m 768 -nographic -snapshot -redir tcp:8022::22 -bt hci,null kvm.img >qemu-serial.log &12:14
guest42315oh, soon then12:15
guest42315so Chipaca  .. what would be the name for v3? v1 is clicks, v2 is snaps,12:15
zygaguest42315: claps ;)12:15
Chipacaguest42315: pops12:16
Chipacaguest42315: poofs12:16
guest42315no no no12:16
Chipacaguest42315: booms12:16
Chipacaguest42315: kapows12:16
Chipacaprobably not "no no nos", no12:16
guest42315^^ +112:16
JamesTaitAs in "I'm addicted to updating, I just have to have the latest Crack."12:17
zygaJamesTait: heh :)12:17
Chipacaor maybe we sell out and call it the Big CoproporationTM Asynchronous Atomic Secure Boring System And Package Maintenance Agent, or bcaasbsapma for short12:18
guest42315home edition?12:19
* Chipaca would not put any chits on that number12:19
Chipacaguest42315: the home edition would let you use more than one core at a time!12:19
Chipacaguest42315: for only 99 a month more12:19
guest4231510 min left12:19
dholbachyep :(12:19
morphiszyga: problem solved, do a sudo hciconfig hci0 up12:20
Chipacadholbach: you have people queueing up to see you. It's the price of fame I'm afraid.12:20
morphisbut before: systemctl stop bluetooth12:20
dholbachChipaca, they all want to see sergiusens12:20
Chipacadholbach: ah. So you're the bass player in the group, I see.12:20
JamesTaitDrummer. 😉12:21
zygaI'm such a dummie12:21
zygaI kept running the old snap :)12:21
zygamorphis: so what is that with host or null?12:21
morphiswith host12:21
morphispush a chnage in a minute12:21
Chipacapitti: do i have to "enable" the @.service, or is that automatic?12:21
dholbachChipaca, JamesTait: works for me - hip hip chin chin to the rhythm section12:21
* JamesTait is the roadie or something.12:22
morphiszyga: pull12:22
zygamorphis: nice!12:23
morphiswe could also use vhci support if we want12:23
zygamorphis: trying12:23
zygamorphis: what is vhci exactly?12:23
morphisqemu seems to have support for that12:23
morphisa virtual HCI device12:23
pittiChipaca: no, if you start it from udev you don't want/need to start it at boot (which is what enabling does -- you say that some target that is already started at boot pulls in that)12:23
zygamorphis: is it a totally virtual bt12:23
zygamorphis: or some sort of sharing from the real one12:24
zygamorphis: can we boot two qemu boxes12:24
morphisno, totally virtual12:24
zygamorphis: and have them talk over those virtual bts?12:24
morphisnever tried that12:24
zygaI'll check that passthrou works12:25
zygamorphis: what do we do next if this works?12:25
morphiszyga: verify if we find any available bluetooth devices :)12:25
zygamorphis: ok, let's see12:26
morphisdoing that already12:26
zygamorphis: mine stil boots12:26
morphiswhy doesn't the bluetooth device appear12:26
zygamorphis: is it possible that we need udev rule for something12:28
morphisit isn't in /sys12:29
morphisthat is where it should be12:29
morphisthere is no bt device in 7dev12:29
zygamorphis: where should it be in /sys/ ?12:30
zygasys/class/hci or somethingf?12:30
zyga(slow slow slow)12:30
morphis /sys/class/bluetooth12:30
guest42315QUESTION: can i install snappy on my home router?12:30
zygamorphis: yep, it is empty12:30
dholbachjust about to start12:31
zygamorphis: any modules we might be missing?12:31
zygamorphis: what does your systemctl status say? mine says degraded12:32
guest42315wave o/12:32
yashi_live :)12:32
guest42315install snappy on a toaster! live12:32
morphiszyga: rebooting ..12:32
zygamorphis: where do logs go? syslog or dedicated12:33
morphiszyga: that is what I am not sure about12:33
morphistrying to figure out how this bt forwarding works12:33
ogra_journalctrl or syslog12:33
ogra_(both atm)12:33
ogra_snapcraft is our start, yes12:34
morphiszyga: some documentations says only the M800, M810 qemu machine type has a emulated hci ctrl12:34
zygamorphis: I think the mistake is that we switch off bluez on the host12:34
zygamorphis:     (bluez only) The corresponding HCI passes commands / events to / from the physical HCI identified by the name id (default: hci0) on the computer running QEMU. Only available on bluez capable systems like Linux.12:34
morphis"The Transport Layer is decided by the machine          type.  Currently the machines "n800" and "n810" have one HCI and         all other machines have none."12:35
zygamorphis: it seems that the actual hardware says on the host, what happens is tha the gues just sees some events injected by qemu?12:35
zygamorphis: ok, let's try USB pass-thru12:35
morphisthe host interface needs to be on12:35
zygamorphis: that works for sure (we used it)12:35
morphisqemu will forward all HCI commands to the enabled host interface12:35
noizerIs there an gui for snappy?12:35
ogra_noizer, only a web gui for the store atm12:36
noizerWhen will there an release with a gui?12:36
morphiszyga: looks like the missing emulated device in qemu is the reason12:36
zygamorphis: I think you are right12:36
guest42315and a snap scope? on the phone?12:36
* zyga looks at how to identify the right bt device to use12:36
morphiszyga: so usb forwarding ..12:37
ogra_noizer, planned for the future, but the focus is currently headless ... once that is 100% solid there will be UI bits on top (essentially anything that can use Mir/XMir12:37
ogra_no ETA yet though12:37
ogra_guest42315, i thinnk that exists already (but doesnt do much, needs snap integration on the bottom layer)12:38
morphiszyga: look at /sys/class/bluetooth/hci0/device/uevent12:38
morphisgives you PRODUCT=12:38
zygamorphis: lsusb12:39
guest42315ogra_, yeah someone posted a video on youtube, if i remember correctly12:39
zygamorphis: for me that says Bus 004 Device 003: ID 0a5c:2145 Broadcom Corp. BCM2045B (BDC-2.1) [Bluetooth Controller]12:39
morphisor that way12:39
zygamorphis: then I just add     -usb -device usb-host,hostbus=4,hostaddr=3 \12:39
zygamorphis: testing now12:40
zygamorphis: needs sudo :)12:40
morphisis a bit more complex here12:40
morphisconnected over an internal hub12:40
zygamorphis: how?12:41
rbasakmvo wrote a God daemon? :)12:41
ogra_rbasak, to make snappy rule the world ;)12:41
ogra_it is confined though12:41
zygamorphis: I removed the hci up and service shut-down12:41
morphiszyga: do I have to leave the port number just out when setting up the forwarding?12:41
zygamorphis: not sure if that's needed12:41
morphiszyga: you need to unload the bluetooth driver your system has loaded12:42
zygamorphis: port number for tcp redirects?12:42
morphisbtusb normally12:42
morphis    |__ Port 11: Dev 13, If 0, Class=Wireless, Driver=btusb, 12M12:42
zyga(booting now, we'll see shortly)12:42
zygamorphis: for wifi we did not touch any modules12:42
zygamorphis: maybe bt is different, let's see what I get12:43
ogra_staging the stage12:44
sergiusensstaging phase12:44
willcookethanks dholbach12:45
carif_uoa question: are the sections/stanzas for the .yaml file described in detail somewhere?12:46
ogra_carif_, there si a schema file in the snapcraft source that is supposed to be turned into a proper doc12:47
zygamorphis: success12:47
zygamorphis: it worked!12:47
morphisdidn't get my usb device forwarded yet12:47
carif_ogra_, ty12:47
zygamorphis: I'll push my setup12:47
ogra_carif_, http://bazaar.launchpad.net/~snappy-dev/snapcraft/core/view/head:/schema/snapcraft.yaml12:47
ogra_there will be a proer example snapcraft.yaml based on that12:48
* guest42315 witchcraft12:48
yashi_uoa: it's very nice to see that snapcraft pulls all dependencies for you12:48
zygamorphis: but I can already see that confinement aside this really works12:48
morphiszyga: yeah!12:48
morphiszyga: next things:12:48
morphisrun bluetoothctl12:48
morphis> power on12:48
morphis> scan on12:48
morphiswaiting for devices being found12:48
zygamorphis: works12:49
zygamorphis: I see my speaker!12:49
zygamorphis: it works :D12:49
yashi_uoa: any reason why libgthread is not listed in snap: section?12:49
zygahow long did it took us?12:49
morphiszyga: you have some LE device?12:49
zygamorphis: no, I don't :-(12:49
morphiszyga: half a day :)12:49
morphiszyga: I have one12:49
zygamorphis: amazon links appreciated12:49
zygamorphis: test it!12:49
morphissearch for TI sensortag12:50
morphiszyga: let me get some lunch first12:50
prattQUESTION: do the asterisks at the end of the file names in the yaml file have significance?12:50
morphiszyga: would be great if you can help until I am back with how to forward my usb device the right way: http://paste.ubuntu.com/12541750/12:50
zygamorphis: ok12:51
morphisit's: |__ Port 11: Dev 13, If 0, Class=Wireless, Driver=btusb, 12M12:51
zygamorphis: lsusb?12:51
carif_UOA question: can I use language packages as parts, e.g. python pip packages?12:51
zygamorphis: you can try both12:51
morphisjust using bus=1 and addr=13 didn't worked12:51
zygamorphis: look at my branch, I used sudo as well12:51
ogra_carif_, i thnk you can12:52
morphiszyga: oh wonder12:52
morphiswith your changes it just seem to work12:53
morphislets wait until the device has booted12:53
morphiszyga: you have another BT Usb dongle?12:53
morphiszyga: or an Ubuntu phone?12:53
carif_yup, that answered it, ty12:54
zygamorphis: yes12:54
zygamorphis: both :)12:54
zygamorphis: what do you have on your mind?12:54
morphissetting up a GATT service12:54
zygamorphis: though the dongle I have is ancient, it's not 4.012:55
zygamorphis: my desktop has 4.0 though12:55
zygamorphis: it's pretty fresh12:55
zygamorphis: and I also have the phone12:55
morphisthat is the one used in the vm?12:55
zygamorphis: (all kinds)12:55
zygamorphis: no, the one in the VM is whatever my thinkpad x200 has12:55
zygamorphis: BCM2045B12:55
zygamorphis: though I can boot the KVM image on another machine12:56
zygamorphis: so what would be the best target to try12:58
morphiszyga: great12:58
morphiszyga: bluez-5.34/tools/gatt-service.c is the one you need to run there12:58
morphiswith bluetoothd running12:58
prattQUESTION: could you go into more detail about stage-packages?  i don't understand whether you have to have them or they are helpful but optional13:00
ogra_pratt, the stage dir is always there ... not always used for packages though, it is just the place wheer all bits are collected for later consumption13:01
zygamorphis: it's not built by the current config, trying to build it explicitly13:02
morphiszyga: http://paste.ubuntu.com/12541848/13:02
yashi_QUESTION: does `snapcraft run` can run ARM instance on amd64 host?13:03
ogra_not yet, no13:03
morphiszyga: that is my small LE key finder13:03
zygamorphis: let me try something like that13:03
ogra_snapcraft also can not cross build yet, you need to run it in an arm chroot or on arm HW13:03
morphisso, now its really time for lunch13:03
zygamorphis: later on you have to tell me what's the right comand sequence13:05
zygamorphis: pair vs connect13:05
zygamorphis: http://pastebin.ubuntu.com/12541867/13:05
zygamorphis: I had to fiddle with on/off button on the device to make it discoverable13:05
longsleepIs there any news for building multi-arch snaps with snapcraft?13:06
ogra_longsleep, not yet, nope13:06
yashi_QUESTION: .snap packages are mean to be self contained, meaning there shouldn't be any dependecies like .debs.  What is the current plan to support basic libraries like libc or libz for dependecies from existing C applications?  Are we gonna have API versions/levels like Android?13:11
rbasakDebian policy says "Packages must not require the existence of any files in /usr/share/doc/ in order to function [115]."13:12
rbasakSo perhaps it is acceptable for snappy to default to exclude that by default since it is guaranteed to not break anything.13:13
ogra_rbasak, well ...13:13
ogra_rbasak, debs often ship the copyright file in there ... if your snap includes deb binaries you will likely want at least the copyrigth to persist13:14
rbasakI imagine that maintaining copyright and licensing information should be part of a separate process13:15
ogra_why ?13:15
yashi_ah, ok.  so apps should target to an lts release?13:15
rbasakAs debs are only once source of files being delivered, and one that happens to embed this information. What about the others?13:16
ogra_if you have existing copyright files there is no need to re-write that or copy it around13:16
carif_uoa question: so to clarify, I make a .snap with snapcraft and i install a .snap with snappy. 'snapcraft run' fires up a container and 'snap install' s the snap, right?13:16
ogra_rbasak, well, for other projects the mechanism they actually use is used ... i.e. make install13:16
rbasakNeed to define some way to pull those in and present the information to the end user. When grabbing from debs grab the copyright file (only), when grabbing from other sources then use what is defined for that (or from the main yaml file or whatever). Then consolidate all of that into one place.13:17
ogra_rbasak, there are no plans to "present" it13:17
T-monHello! Is there a snapcraft part type for qmake-projects?13:17
ogra_rbasak, but we need to chip it in the snap13:18
rbasakIf shipping it in the snap is how you define "present" it, then that's fine.13:18
rbasakWiki parts seem like a really neat way to make it easy for snappers to share parts. Good job to whoever came up with that :)13:19
* ogra_ would like to see /usr/share/doc/ contents gone btw ... since its a waste of space ... 13:19
ogra_but we have to keep the copyright file there13:19
thibautrIs there a list of all the project types supported by snapcraft?13:20
rbasakMy point is that you don't have to keep it *there*. As long as you ship it.13:20
ogra_sure, but that would mean more modification13:20
rbasakForget usr/share/doc. It makes no sense to a snap consumer anyway, since they aren't seeing things on a per-package basis.13:20
ogra_(in the course of deleting content from the dir it could indeed copy the copyright file someweher else)13:20
carif_dholbach, mvo, sergiusens, ty for uoa tutorial13:21
dholbachthanks a bunch everyone!13:21
sergiusenscarif_, no problem, was a pleasure13:22
ogra_thibautr, there is a doc planned (not sure if early work exists already) ... sergiusens ?13:23
sergiusensthibautr, I intend to add this to snapcraft's cli, but for now all plugins are defined in /usr/share/snapcraft/plugins13:23
sergiusensogra_, yes there is a doc planned being written as we speak which will eventually go into developer.u.c13:23
sergiusenss/as we speak/as we write and read/13:24
ogra_moar docs !!13:24
ogra_do we have a qmake type yet ?13:25
mvothanks, yeah, it was a pleasure!13:25
ogra_(see T-mon''s question above)13:25
sergiusensogra_, I answered live about that13:26
* ogra_ missed that 13:26
sergiusensrepeating just in case, there is no qmake type for a part but we are glad to help you write one if you feel like it :-)13:26
yashi_sergiusens: about api level, is there anyway to specify which release an app is targetting to?13:32
ogra_well, in the sotre there is ... but not inside the snap13:34
beunoright, and the store makes sure the right release gets the right snap13:35
yashi_ogra_, beuno: i see13:35
=== fginther` is now known as fginther
yashi_how about dynamic load module?  many code specify absolute path for dlopen, does snappy has any trick for that?13:40
ogra_you would have to patch the source for that i fear13:42
ogra_to read the path from the execution env13:42
Saviqsergiusens, snapcraft tries to download from http://.archive.ubuntu.com here13:45
Saviqwhere does it try to take the country bit from?13:45
sergiusensSaviq, I fixed that, geoip13:45
sergiusensSaviq, just need to do an interim release :-/13:46
ogra_sergiusens, btw, i copied your 0.2 around in the daily PPA for the other releases, cjwatson needed that for LP13:47
sergiusensSaviq, already in trunk, will land soon in tools-proposed and makes it way to tools as soon as we go over validation; ftr bug #149915813:47
ubottubug 1499158 in Snapcraft "geoip does not work on launchpad servers" [Critical,New] https://launchpad.net/bugs/149915813:47
plarssergiusens: ah, I was just going to ask about the _get_geoip_country_code_prefix() failure, is there a quick workaround?13:47
sergiusensplars, build from trunk :-)13:47
plarssergiusens: I'll re-pull thanks13:47
Saviqerror while executing external command kpartx -ds 15.04.img: device-mapper: remove ioctl on loop0p5 failed: Device or resource busy13:52
Saviqloop deleted : /dev/loop013:52
Saviqany idea about ↑? this was snapcraft run, and AFAICT after that it's stuck trying to ssh in13:52
sergiusensSaviq, oh, not that again :-) bug report please; also provide me your working dir13:54
sergiusensSaviq, it's u-d-f failing to unmount the image; so it is either something missed closing it's file descriptor (seems to be trendy these days) or the kpartx unmount bug13:55
sergiusensalso mention the release please13:55
Saviqsergiusens, whole working dir? there's the image in there now, too13:55
Saviqwily, fwi13:56
sergiusensSaviq, k; yeah I don't need curdir/pwd13:56
* sergiusens needs a wily instance13:56
* sergiusens thinks of elopio triaging Saviq's bug :-)13:56
Saviqsergiusens, bug #149937613:57
ubottubug 1499376 in snapcraft (Ubuntu) "snapcraft run stuck after device busy error" [Undecided,New] https://launchpad.net/bugs/149937613:57
yashi_ogra_: thanks :-)14:01
T-monHello! Just a quick question...I hope! I'm using sqlite3 in my snapp and I save my db in $SNAP_APP_DATA_PATH14:20
T-monbut this works only if I use security-template: unconfined14:21
T-monwhich is not allowed for the store14:21
T-monwhich template do I have to use for sql?14:21
T-mondo I have to write my onw apparmor file?14:22
ogra_that shouldnt be depending on the template at all if whatever uses the db is in the same snap and knows the right path14:22
ogra_all your binaries should be able to read and write stuff underneath $SNAP_APP_DATA_PATH14:23
T-monyes, for the settings this works14:23
T-monmy service says:  LogEngine: Opening logging database "/var/lib/apps/guh.sideload/0.1.4/guhd.log"14:24
ogra_so drop the unconfined template and watch syslog/dmesg for the exact denials14:24
sergiusensT-mon, as ogra_ mentions it should all just work if in the right data paths, sqlite should just work14:25
ogra_unless some binary does calls outside of the snap env and seccomp blocks it or so14:26
ChipacaT-mon: emphasis on should :)14:26
ChipacaT-mon: logs, and we can fix it for you and/or for everyone14:26
T-monhmm...I'getting following error:audit: type=1326 audit(1443096021.115:672): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=1861 comm="guhd" exe="/apps/guh.sideload/0.1.4/usr/bin/guhd" sig=31 arch=40000028 syscall=207 compat=0 ip=0x7654e836 code=0x014:27
T-mon 14:27
sergiusensright, but sqlite has no magic last I saw; unless whatever wrapping lib wants to do something special14:27
sergiusensah, seccomp14:27
ogra_use sc-logresolve14:27
ogra_that translates it a bit :)14:27
ogra_(at least it lets you know what syscall=207 refers to in human speak)14:28
T-monok, I have to rebuild the snapp, just a moment :)14:28
ChipacaT-mon: sudo sc-logresolve /var/log/syslog14:29
ChipacaT-mon: should do it14:29
ogra_do you even need /var/log/syslog in that line ?14:30
jdstrandmvo: hey, I know you're busy, but if you could express an opinion on the bug in https://bugs.launchpad.net/snappy/+bug/1499109 it would help my doc writing14:30
ubottuLaunchpad bug 1499109 in Snappy "hw-assign and oem assign are inconsistent" [Undecided,New]14:30
Chipacaogra_: if no file specified, stdin14:30
Chipacaogra_: no :)14:31
jdstrandmvo: basically, they work differently. at one point, that was by design iirc, but then a commit came in that made me think they were supposed to be aligned14:31
Chipacaogra_: If <logfile> is unspecified, use '/var/log/syslog'. If <logfile> is '-', use <stdin>.14:31
ogra_i thinnk i ran it before without any option14:31
jdstrandmvo: I guess depending on what you say, there is a third option: "Won't Fix" :)14:32
T-monaudit: type=1326 audit(1443105156.359:695): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=3040 comm="guhd" exe="/apps/guh.sideload/0.1.4/usr/bin/guhd" sig=31 arch=40000028 syscall=207(fchown32) compat=0 ip=0x76592836 code=0x014:33
T-mononce I started the service with unconfined, and the log file exists14:34
T-monit worked even without the security template14:34
T-monthen I deleted the log file and I got the Bad system call again14:34
jdstrandT-mon: chown isn't allowed because there isn't a reliable uid to chown into14:34
sergiusenswell, unconfined is unconfined14:34
mvojdstrand: sure, I have a look, in a meeting right now14:35
jdstrandT-mon: at some point we will provide an optional uid to snaps14:35
jdstrandmvo: it isn't urgent-- just want to have the doc bits in place by eow/next week14:36
mvojdstrand: hm, " * adds a generic apparmor write-path for all devices (ie, /dev/**)" sounds wrong indeed14:36
T-monif the service creates the log file, why he has to change the ownership?14:38
jdstrandmvo: well, remember, the launcher looks for that 'needle' string. if it finds it, it uses cgroups for access to /dev, otherwise it uses apparmor14:38
jdstrand*only* apparmor14:39
jdstrandT-mon: logically, you are right, it shouldn't have to. you'll have to look at the code to see what it is try to do14:40
ogra_T-mon, does guhd have a config file where you can define a user ? perhaps set that to root14:40
ogra_(if it checks for ownership before the chwon that might be enough)14:41
jdstrandmvo: (so adding /dev/** to the override is correct if we want to use cgroups)14:41
mvojdstrand: yeah, I am remembering the details now14:41
T-monjdstrand: https://github.com/guh/guh/blob/master/server/logging/logengine.cpp#L4414:41
T-monogra_: guhd is a service, I checkd the userid and it will always be started as root14:42
ogra_ah, k14:42
jdstrandmvo: no worries-- I am pulling all that up from deep swap trying to document it :)14:45
mvojdstrand: right, I re-read this and I think we need to go with option (2), i.e. make it consitent with the oem snap.14:45
jdstrandmvo: btw, sorry for all the hw-assign bugs-- in documenting it I found a few things14:45
mvojdstrand: just the opposite, thanks a lot for finding the issues!14:46
jdstrandmvo: ok, well, think about it and respond whenever14:46
jdstrandI'll keep an eye out for it and adjust the doc accordingly14:46
elopiosergiusens: Saviq: I think it's the same as https://bugs.launchpad.net/ubuntu/+source/goget-ubuntu-touch/+bug/149648414:47
ubottuLaunchpad bug 1496484 in goget-ubuntu-touch (Ubuntu) "device-mapper: remove ioctl on loop0p5 failed: Device or resource busy" [Undecided,New]14:47
elopioit happens sometimes here. Less often than last week.14:47
sergiusenselopio, Saviq then I need to run u-d-f in a debug mode I have and see if the latest and greatest from snappy has a dangling fd14:48
sergiusenswe already had these issues14:48
elopiosergiusens: Saviq: and it is also https://bugs.launchpad.net/ubuntu/+source/goget-ubuntu-touch/+bug/147333314:53
ubottuLaunchpad bug 1473333 in goget-ubuntu-touch (Ubuntu) "exits with zero on error" [High,Confirmed]14:53
elopioif udf exits with != 0, snapcraft run wouldn't try to ssh into the vm.14:54
rickspencer3can anyone tell me where to find a list of existing plugins for snapcraft?15:11
T-monjdstrand: ok, I found out the QSqlQuery makes the "Bad system call" -> https://github.com/guh/guh/blob/master/server/logging/logengine.cpp#L24015:11
T-monthis makes no sense to me :(15:12
clobranoChipaca: after pushing new changes for your review, I've to go to "resubmit proposal"?15:12
Chipacaclobrano: nope15:12
Chipacaclobrano: just tell me you've pushed them in case i don't see the email15:12
clobranoChipaca: so... I pushed them :D15:12
T-monrickspencer3: ls -l /usr/share/snapcraft/plugins/15:12
rickspencer3thanks T-mon15:13
yashi_hmm... py3version returns list of versions on wily, and that isn't expected in snapcraft15:13
yashi_might be better to check the return val in Python3ProjectPlugin::python_version()?15:15
sergiusensrickspencer3, /usr/share/snapcraft/plugins (I'm going to spec a cli option for this)15:17
sergiusensyashi_, bug please :-)15:18
jdstrandT-mon: so, to unblock yourself for development until you figure out how to fix that in your app, you can add the missing syscall to /var/lib/snappy/seccomp/profiles/<your app>15:23
=== vrruiz_ is now known as rvr
T-monjdstrand: thx! though I have no idea how to create a db without a query...yet :) but I will do some experiments15:29
yashi_sergiusens: bug #149942915:33
ubottubug 1499429 in Snapcraft "snapcraft dies with "export: python3.5/dist-packages: bad variable name"" [Undecided,New] https://launchpad.net/bugs/149942915:33
jdstrandT-mon: I would imagine that code is triggering something else lower15:34
fgimenezelopio, i'm executing the suite in kvm rollling edge and flashing for bbb15:36
elopiofgimenez: cool. Let me know how it goes, but don't stay after your EOD. I have plenty of hours ahead of me today.15:39
elopiomvo: so, we wait on your fix for the ppp order?15:39
mvoelopio: I'm investigating it now15:41
fgimenezelopio, mvo should snappy config work for ppp in 181? i'm getting this http://paste.ubuntu.com/12543133/15:42
T-monjdstrand: It workes now (temporary) by uncomment the fchown32 in the /var/lib/snappy/seccomp/profiles/ ...thx for the hint! I'm trying now to find out whats going on in the query.15:44
mvofgimenez: hm, it should. I just tested it (with a upgraded image though) and it worked for me15:46
mvopitti: does it make sense to have a "Before=network.target" line in a systemd unit? sorry for the basic question?15:48
pittimvo: yes, under the right circumstances15:49
pittimvo: this woudl be the right thing for e. g. firewall services, which must be started before the first serfice on the network starts15:50
mvopitti: whats the difference between networking.service and network.target? so I want to ensure that my workaround that fixes some ppp files is run before the ppp daemon gets a chance to run15:50
pittimvo: and conversely on shutdown it means that services on the network (which must have After=n.t) get stopped before stopping firewalls and the like15:50
pittimvo: networking.service is just /etc/init.d/networking, i. e. bringup of "auto" ifupdown interfaces15:51
pittimvo: it's best not to depend on that unless you know what you are doing15:51
fgimenezelopio, i'm still hitting this http://paste.ubuntu.com/12543228/ only in the initrd failover test, we may need to update the partition.NextBootPartition function for that case15:51
pittimvo: (as this doesn't help you with NM or networkd)15:51
elopiofgimenez: we have not landed that change, or are you using my branch?15:51
mvopitti: so for my use-case network.target is the better one?15:51
pittimvo: ah, then I figure you might want Before=network-pre.target15:52
mvopitti: aha, great15:52
fgimenezelopio, i'm executing from trunk, is that fixed?15:52
pittimvo: as you don't just want to run before services on the network, but even before things like ifupdown which configure hte network15:52
pittimvo: see man systemd.special15:52
mvopitti: great15:52
pittimvo: sorry, need to leave for today, my better half just arrived15:52
elopiofgimenez: no. yesterday I could reproduce this https://code.launchpad.net/~elopio/snappy/new_kernel_file_name/+merge/271901/comments/68541515:53
elopioonly on 15.04. Didn't have time to understand why.15:53
elopioso it's not ready to land.15:53
elopiofgimenez: please report your config error.15:54
fgimenezelopio, it seems to be the same issue as the try mode, the mode is not set to try and systemab is not updated15:54
fgimenezelopio, it happens only for the zero size initrd failover test, the test is may be doing something wrong now in that case15:59
fgimenezelopio, https://bugs.launchpad.net/snappy/+bug/149944616:00
ubottuLaunchpad bug 1499446 in Snappy "snappy config fails for ppp" [Undecided,New]16:00
elopiofgimenez: you flashed a new 181, right?16:01
fgimenezelopio, yep16:01
elopiofgimenez: I just tried and it works here. I'll comment in there.16:01
fgimenezelopio, let me try again16:02
elopioit's weird. I'll try one more time.16:02
Chipacaclobrano: you still around?16:04
fgimenezelopio, yes, i still get it http://paste.ubuntu.com/12543356/16:06
elopiofgimenez: I still don't get it http://paste.ubuntu.com/12543383/16:08
elopiowe must be doing something different in here.16:08
elopiofgimenez: that's 15.04, right?16:09
elopiofgimenez: your ubuntu-core says it's from the 22nd. Mine is from today http://paste.ubuntu.com/12543396/16:10
fgimenezelopio, that's it, i'm on rolling :)16:10
elopiolet me get a rolling.16:10
mvoelopio: I uploaded a new ubuntu-core-config, once that is build i nthe ppa, maybe ogra_ can trigger a new image (or I can do it after dinner) and we can test if that is sufficient16:16
ogra_sure, i can16:16
elopiomvo: right, thanks.16:16
elopioogra_: can you teach me what is it that you touch to get a new edge image?16:17
ogra_elopio, not really, we havent gotten an accessible UI for that ready yet and manual building needs server access that requires you to be in ubuntu-cdimage16:18
elopioogra_: ok, then I'm glad I have you.16:18
ogra_i have getting it into the isotracker on my TODO (on low prio though) ... then you will be able to just trigger images from there16:19
elopioogra_: the lp:snappy recipe shows this: https://launchpadlibrarian.net/218712096/upload_992086_log.txt16:19
elopiocould it be the reason why we have an older ubuntu-core in rolling?16:19
ogra_why does it have the same old version ?16:20
ogra_https://launchpad.net/~snappy-dev/+archive/ubuntu/image has 1.6ubuntu1-1+714~ubuntu15.10.116:20
ogra_so it should be in the rolling/edge image16:21
elopioso many things about this that I don't yet understand.16:23
ogra_elopio, what do you mean exactly by "older ubuntu-core in rolling" ?16:23
elopioI don't get what's the difference between 15.04 and rolling that makes ppp config fail.16:24
elopioogra_: http://paste.ubuntu.com/12543356/16:24
elopioit shows ubuntu-core #181, but from the 22nd.16:24
elopioshouldn't it be one from yesterday or today?16:24
ogra_elopio, not on rolling, no16:25
ogra_http://system-image.ubuntu.com/ubuntu-core/rolling/edge/generic_amd64/ .... shows a timestamp from 22nd for 18116:26
ogra_looks like the nightly builds didnt run since16:26
elopiooh good. So in a new image it should just work (tm)16:27
ogra_elopio, because infinity commented out the whole crontab for freeze16:27
elopionow why the nightly didn't work?16:27
ogra_i'll trigger one for you16:27
elopioogra_: ah.16:27
ogra_and i enabled nightly builds again16:28
elopioogra_: please do one for 15.04 too. ubuntu-core-config is ready on the ppa.16:29
ogra_elopio, there were two builds after it landed in the PPA16:30
ogra_latest 15.04 should have all you need16:30
mvoelopio: just fyi, I triggered a new image for in 10min, so ~45min from now we should have something to test the ppp workaround issue you noticed16:31
ogra_(funnily 15.04 was not disabled ... and my manual build from last night should have it too)16:32
ogra_mvo, eeek16:32
* ogra_ hopes our builds dont clash mid-air now16:32
* elopio waits for the fireworks.16:36
ogra_elopio, mvo, sigh, so my rolling/edge build failed ... more /etc/passwd trouble16:46
ogra_bah and indeed the archive is frozen16:48
looljdstrand: ah I thought it was enough to set bus-name for simple dbus services, but it seems I need to set the apparmor and seccomp files too16:53
looljdstrand: should I copy the ones from hello-dbus, or is there some forward-compatible way of declaring just the dbus name?16:54
looltyhicks: ^16:55
tyhickslool: sorry, I'm not following - you have a service that is attempting to own a specific bus name and apparmor is denying that?16:58
looltyhicks: yes; hello-dbus example provides a .apparmor and .seccomp16:58
looltyhicks: am I supposed to copy these from hello-dbus?16:58
looltyhicks: I do declare bus-name16:58
looltyhicks: I have:16:59
lool- bus-name: org.freedesktop.NetworkManager name: networkmanager-service security-template: unconfined start: bin/network-manager.wrapper16:59
looltyhicks: but that's not sufficient it seems, I still get denials16:59
looltyhicks: so I intend to add a .apparmor and .seccomp, just not sure what to base them on16:59
loolthe hello-dbus one seems to include a lot of copy-pasted stuff that I fear will soon be out of date17:00
tyhickslool: hrm... I don't know the hello-dbus-fwk policy off the top of my head17:02
looltyhicks: http://bazaar.launchpad.net/~snappy-dev/snappy-hub/snappy-examples/files/head:/hello-dbus/17:02
tyhickslool: you'd need to change line 30 to match the name that you're binding to17:03
looltyhicks: yes, got it so far, it's the rest I'm worried about17:04
tyhickslool: right, line 35 and 36 need to be changed to match the path and interface that you're receiving messages on17:04
* tyhicks looks further down17:04
looltyhicks: I mean the whole rest of what seems to be not specific to my dbus service17:04
looltyhicks: I'd like to say "standard policy + dbus stuff that I know about"17:05
jdstrandlool, tyhicks: I'm here17:05
jdstrandlool: so, bus-name sets dbus bus policy for the service on the system bus17:05
jdstrandlool: an unconfined dbus service is then able to start a dbus service and listen17:06
looljdstrand: ok, that didn't work for me17:06
looljdstrand: with just bus-name that is17:06
jdstrandlool: however, apps can't connect to it without framework-policy. if the service is to be confined, then you also need dbus rules in its security-policy17:06
looljdstrand: perhaps I'm doing something wrong though17:06
tyhickslool: can you paste the denial?17:07
jdstrandlool: I suggest you look at both the framework-template and hello-dbus-fwk for inspiration17:07
looljdstrand: yes, I'm not that far though, right now I cant listen17:08
jdstrandlool: is the service confined?17:08
loolit says unconfined17:08
loolI cant find the denial though17:08
jdstrandthere may not be one17:09
jdstrandit might be you used the wrong bus-name17:09
jdstrandand you have a dbus bus policy denial17:09
jdstrand(ie, not security policy)17:09
jdstrandlool: do you have a file in /etc/dbus-1/system.d for your service?17:09
loolI'm getting:17:10
lool2015-09-24T16:51:19.422175Z NetworkManager <error> [1443113479.422051] [nm-dbus-manager.c:802] nm_dbus_manager_start_service(): Could not acquire the NetworkManager service. Error: 'Connection ":1.56" is not allowed to own the service "org.freedesktop.NetworkManager" due to security policies in the configuration file'17:10
loolfrom the app17:10
loolbut nothing in dmesg17:10
jdstrandlool: (also snappy service logs <snap> should give you logging info that I would think would include the bus policy)17:10
looljdstrand: I do not get a dbus system file17:10
jdstrandso your bus-name needs to be org.freedesktop.NetworkManager17:10
loolyes, I have: - bus-name: org.freedesktop.NetworkManager name: networkmanager-service17:10
loolin meta/package.yaml before snappy build17:11
looljdstrand: but somehow the dbus file isn't generated17:11
jdstrandlool: something is wrong. I suggest uninstalling the snap and trying again. when you specify bus-name snappy is supposed to give you wide open dbus bus policy via a file in /etc/dbus-1/system.d17:11
looljdstrand: I did uninstall, find / with anything looking like it, then installed again17:12
looljdstrand: when I run sudo aa-clickhook -f, I get a warning17:12
looljdstrand: Could not parse click manifest17:12
jdstrandlool: what happens if you 'click-review /path/to/snap'17:12
jdstrand(and why is that still not on by default?)17:13
loolwhen I run click-review, my CPU load rises17:14
jdstrandit is hard at work :)17:14
beunowe might be mining some bitcoins in there as well17:15
looljdstrand: one of the json files under /var/lib/apparmor is empty17:15
loolI need a faster laptop, click-review is still running17:15
jdstrandlool: how big is this snap?17:15
looljdstrand: http://paste.ubuntu.com/17:16
jdstrandlool: is the empty file something from this snap?17:16
tyhicksjdstrand: could this be the hyphen in the binary name issue again?17:16
looljdstrand: http://paste.ubuntu.com/12544050/17:16
jdstrandtyhicks: that is what I'm thinking17:16
elopiomvo: flashed #178, the ppp service doesn't start. updated to #182, reboot, the service starts. All good!17:16
loolI dont have any underscore17:17
loolis hyphen forbidden as well?17:17
jdstranddoesn't look like that is the issue17:17
jdstrandno, hyphen is fine17:17
jdstrandlool: fyi, use 'architecture'17:17
loolsnap is 64M17:17
loolround numbers are nice17:17
jdstrandlool: what version of snappy are you using to generate this?17:18
looljdstrand: oh wow, that's probably it; my snapcraft is from yesterday but I see my snappy is much older17:18
jdstrandlool: also, description has been required for services and binaries17:19
jdstrandbut yes, upgrade your snappy17:19
jdstrandthen come back17:19
jdstrandlool: also, clean out all the empty files in /var/lib/apparmor that you mentioned17:20
jdstrand(that cleaning is a snappy remove or a rm -f depending on if the snap is installed or not17:20
looljdstrand: Yeah, I have a big find + rm17:22
loolafter snappy remove17:22
mvoelopio: \o/17:23
mvoelopio: thank you so much for verifying17:23
elopiomvo: np, that was the easy part. I'll make a card to add a test to check that no service faild to load.17:24
looljdstrand: well I thought 1.5 from july was old17:25
looljdstrand: but it's still what's in wily; am I supposed to take 1.6 from proposed?17:25
jdstrandit should be ok17:25
jdstrandbus-name has been around for a while17:25
looljdstrand: then that's not it17:25
jdstrandbut the empty file has me concerned17:25
mvoelopio: nice17:25
jdstrandas in, snappy install might be bailing out early cause something went wrong17:26
looljdstrand: I had a bunch of cases where I ended up with a failed install and /apps having an app dir in it, but no files17:27
loolI did clean up religiously with remove+purge+find && rm -rf each time17:27
loolah I just reproduced this17:27
looljdstrand: empty file again17:28
jdstrandcan you give me the snap?17:29
jdstrandlool: which file is empty?17:29
looljdstrand: the /var/lib/apparmor/clicks/network-managerblah.json17:30
looljdstrand: and /apps/network-manager.sideload/blah as well17:30
loolin fact just /apps/network-manager.sideload got created17:30
looljdstrand: yes I can give you the snap17:30
jdstrandwell, /var/lib/apparmor/clicks/network-managerblah.json is surely empty because /apps/network-manager.sideload/blah is17:31
looljdstrand: I'll hand you the snapcraft yaml first, that's easier to upload and I have to go afk for a bit in some minutes17:31
jdstrandit didn't unpack right17:31
looljdstrand: yes, that's what I thought as well17:31
loolnot sure why though17:31
jdstranddisk space?17:31
jdstrandmight be easier to create a new vm17:31
loolhmm it's not impossible17:32
loolunpacked snap is 2xx MB, I have some 3xx MB free17:33
loolthat woudl be quite a stupid way to waste both our time (NB: didn't get an out of space error)17:33
loolawe_, jdstrand: lp:~snappy-dev/+junk/nm-snap I'll be back in ~3h or so17:35
loolit has some crude hacks still17:35
loolI've just did some untested renames to drop the hyphens and such17:35
elopiozyga: I've just added a card to check that no service has failed loading. Is that good enough for you?17:40
elopioif you want us to add more validations, this is your moment :)17:40
zygaelopio: yeah, that's a great sanity check17:40
ogra_elopio, you might have services that will be started manually or via a snappy-config option or so17:40
zygaelopio: no, for now that's okay, especially that TPM testing requires a hell lot of manual interaction, visits to BIOS and stuff17:40
ogra_i.e. watchdog was seeded last week, it wouldnt start17:41
zygaelopio: (and that is by desing)17:41
zygaelopio: we'll do more validation tomorrow on select devices17:41
ogra_(and shouldnt)17:41
zygaogra_: does it start now or is it still off by default?17:41
ogra_zyga, ricmm said there would be a script starting it17:41
zygaogra_: for testing ,yes17:42
ogra_the sysv generator doesnt work on watchdogs init script ... so it cant be started atm17:42
zygaogra_: for consumer projects, it would perhaps be good to tie it to snappy config as we go17:42
ogra_long term thats supposed to be fixed17:42
zygaogra_: do you think watchdog should become a service or can it have a config hook in the os snap?17:42
elopioogra_: we have opencryptoki.service loaded failed failed LSB: starts pkcsslotd17:42
ogra_what i meant to point out is that not all installed services will necessarily start17:43
elopiois that something you are working on?17:43
zygaogra_: right17:43
ogra_so just doing a broad test looking at the services might not be enough17:43
ogra_(due to false positives)17:43
rickspencer3so, I deployed a snap with snapcraft run, but I don't see where my print statements are going, they don't seem to be in journalctl17:44
loolmvo: not sure you saw there's a testsuite failure in the 1.6 wily upload: panic: can not set option description for "package name"17:44
loolrickspencer3: there's a new service logs command now17:44
loolawe_: so that's all I had for now; currently it fails in various ways, notably dbus, but that might be due to my vm having too little storage17:46
loolawe_: I'm playing with various hacks, and the app dir is not truly kep readonly, however plugin to load and startup fails while binding to dbus17:46
awe_lool, can you give me the snap, and any source code you have?  As mentioned, I've been working from the bottom up17:50
awe_lool, are you statically building NM??17:52
loolawe_: i"m using the debs17:52
awe_and extrating them into the snap?17:52
loolawe_: yes, snapcraft does it all17:52
awe_so you didn't get to the point where you were re-building NM?17:53
awe_to change rundir for instance?17:53
loolawe_: I'm uploading the snap to http://people.dooz.org/~lool/network-manager_1.0_amd64.snap but I've got to run now; it will be done in ~10mn17:53
loolhmm or maybe not17:54
* lool switches to LTE17:54
awe_do you have a branch for your networkmanager.patched?17:55
loolawe_: lp:~snappy-dev/+junk/nm-snap (as above)17:55
loolawe_: network-manager.patched is NetworkManager sed-ed17:55
loolI knew you'd love this17:56
awe_the binary?17:56
loolawe_: upload complete17:56
awe_cough, hack, why?17:56
awe_can't rebuild it?17:56
loolawe_: that was the quickest17:56
loolsed: 10s to write, 0s to run17:56
awe_and where's the sed script?17:57
awe_I assume we don't want to ship that17:57
awe_if so, please leave my name off17:57
* awe_ finishes his lunch17:58
zygalool: OMG, what did you sed?17:59
zygalool: I think you are close this not making sense as debs repackaged17:59
zygalool: "dear customer, our engineers _hand crafted_ this binary" ;)18:00
raynhello there. Um looking for apps and frameworks, like tomcat. Where are they?18:25
ogra_not there yet, but you can package them ;)18:28
ogra_elopio, rolling just finished building the rootfs ... should be there after the next system-image import18:31
Chipacaelopio: ogra_: http://www.commitstrip.com/wp-content/uploads/2015/08/Strip-Apr%C3%A8s-le-match-650-finalenglish.jpg18:34
Chipacajust for you18:34
=== j12t_ is now known as j12t
sergiusensrayn, you can develop locally with snapcraft and integrate tomcat into what you need18:38
raynsergiusens, ogra_, thanks. I figured that uot. Is there an official ubuntu repository for it?18:41
raynWhere can we find all the apps that have been made?18:43
sergiusensrayn, maybe start here https://developer.ubuntu.com/en/snappy/snapcraft/18:43
raynwhere this command searchs? "snappy search ..."18:45
sergiusensrayn, querying the store I guess https://uappexplorer.com/apps?sort=relevance&type=snappy18:45
sergiusensrayn, you need to run that on a snappy system (ubuntu-core)18:45
raynsergiusens. thanks. I hava ubuntu core installed but i dont know where are stored the apps18:48
sergiusensrayn, run 'snappy search' with no args18:52
sergiusensrayn, or install webdm (snappy install webdm)18:52
sergiusensand you can open a browser and look at them18:52
ogra_elopio, both images are done19:33
elopiothanks ogra_. Get some rest :)19:34
ogra_havent copied to alpha yet ...19:34
* ogra_ finishes dinner19:34
ogra_copy running ...19:37
rickspencer3sergiusens, so, I'm using snappy run19:38
rickspencer3what do you make of this?19:38
rickspencer32015-09-24T19:22:40.288952Z systemd Starting service hello for package python-snap...19:38
rickspencer32015-09-24T19:35:36.367400Z ubuntu-core-launcher starting service19:38
rickspencer3^ a 13 minute lag between systemd and ubuntu-core launcher?19:38
rickspencer3it seems to be consistent19:39
ogra_elopio, alpha images ready19:39
zygalool: still there?19:58
sergiusensrickspencer3, hey sorry, was on the phone and distracted; is that with your snap? And is that the output of snappy service logs [snap] ?20:35
loolzyga: yup22:14
zygalool: re :)22:16
zygalool: did you see what jdstrand found?22:16
loolzyga: yup, great22:16
zygalool: you were missing a framework type22:17
zygalool: but then more weirdness happens22:17
loolzyga: what happens next?22:17
zygalool: and the bottom line is we need to patch n-m source to get it fixed :/22:17
zygalool: !usr (that's not a typo)22:17
loolzyga: that's my sed22:17
zygalool: and some things that are not exposed as --option of any kind need to be patched22:17
zygalool: ah, I didn't know22:17
loolI picked an uncommon char I could use in a pathname22:17
zygalool: did you try to do a symlink from !usr ?22:18
loolzyga: exactly; !usr -> usr22:18
loolinstead of /usr22:18
zygadoes it work? jdstrand did't get it22:18
loole.g. /usr/lib/NM becomes !usr/lib/NM which because of the symlinks points at /apps/.../nm/usr/lib/NM22:18
loolzyga: it does!22:18
zygalool: neat!!22:19
* lool just typed sudo snappy reboot22:19
loolinstead of sudo reboot22:19
zygalool: today you will dream of snappy ;)22:19
zygalool: we have no such luck in bluez, everything uses string concatenation in the preprocessor22:20
zygalool: so we're patching bluez22:20
zygalool: but it's not terrible, without patches it seems to work to a good degree22:20
zygalool: we also have a real policy now, not just unconfined22:20
zygalool: but your idea with the simlink now made me think :)22:21
loolzyga: I'm pretty sure it would wokr with Bluez too22:21
loolzyga: but there are limits22:21
zygalool: I was thinking about a kernel module that expands $SNAP_APP_PATH22:21
zygalool: based on process environment22:21
zygalool: but this is easier to get to work today ;)22:21
loolzyga: the other crazy approach I did at a customer site was using LD_PRELOAD like in the early deb2snap stuff22:21
zygalool: well, I can configure for prefix /usr and do the sed as you did22:21
loolthat actually got us quite some way along22:21
loolbut it's too limiting and messy22:21
loolespecially with 32/64 bits libs22:22
zygalool: yeah, that's a somewhat saner bit22:22
loolwhich happened to be the case22:22
zygalool: like fakeroot22:22
loolzyga: exactly, it was the same thing22:22
loolbut selective fakechroot22:22
loolfakeroot => just uids, pretty good; fakechroot => all pathnames, pretty fragile22:22
zygalool: a symlink handled by the kernel would work in all cases (suid apps too)22:23
zygalool: I'll try to hack that next week, if time permits22:23
zygalool: /proc/snap22:23
zygalool: then --prefix=/proc/snap/ and we're "done" with relocatable apps22:24
loolzyga: might be possible with some kind of overlay rootfs22:24
zygabut this feel very ugly22:24
zygalool: apparently overlayfs breaks apparmour22:24
zygalool: did you hear about the /var $current symlink?22:25
zygalool: that could help in many things,22:25
zygalool: /var/$SNAP_NAME/current AFAIR22:25
loolzyga: I personally would like us to avoid hardcoding absolute pathnames as much as possible22:26
loolwhile it could become a required layout, I think it's nicer if we keep things relocatable, like on the phone for preinstalled apps22:26
=== LarreaMikel1 is now known as LarreaMikel
zygalool: to some degree I agree but what's the difference in expanding it in one spot vs another?22:26
sergiusenszyga, lool can you share the snapcraft project that breaks with c that you mentioned?22:27
zygalool: yes, I agree, though the only practical difficulity is that C tends to make this harder than languages that people use on the phone, and we have more incentive to allow existing projects (bluez) to work22:27
zygasergiusens: yes, that's the older bluez example22:28
zygasergiusens: it broke at 0.222:28
zygasergiusens: stopped configuring entirely22:28
zygasergiusens: the same configure line works without snapcraft22:28
zygasergiusens: the addition of -I in CFLAGS seems to cause this but I did not dig deeper22:28
zygasergiusens: do you need a link?22:28
zygasergiusens: https://code.launchpad.net/~zyga/+git/snap-example-bluez522:29
sergiusenszyga, yes please22:29
zygasergiusens: https://code.launchpad.net/~zyga/+git/snap-manual-bluez5 (without snapcraft)22:29
zygasergiusens: FYI https://git.launchpad.net/~zyga/+git/snap-manual-bluez5/tree/Makefile#n68 this has nice usability22:30
zygasergiusens: if you agree I'll patch that into snapcraft too22:30
zygasergiusens: and make reinstall, saves time on VM bootstrap a _lot_ (on my older laptop)22:30
zygasergiusens: usability == redirecting qemu output22:31
sergiusenssure , the qemu output is more of a, is it working thing I guess22:32
zygasergiusens: in python we could just pipe it and spin a spinner22:32
zygasergiusens: it "works" and the output can be pretty22:32
zygasergiusens: here I just log it (which is useful too)22:33
sergiusenszyga, if you want to make a spinner branch I am all for it!22:36
loolsergiusens: hmm I have a weird behavior with snapcraft; it looks like only the last symlink gets copied as a symlink22:37
zygasergiusens: cool, I'll be my pleasure :)22:37
zygasergiusens: I'd love if parts could start to use pkg_config sensibly22:38
zygasergiusens: perhaps we could set PKG_CONFIG_PATH?22:39
sergiusenszyga, it is set22:39
zygasergiusens: it seems that it's a cheaper way to cure cross-part usage than -I / -L22:39
zygasergiusens: oh? hmmm22:39
sergiusenszyga, PKG_CONFIG-PATH22:39
sergiusenszyga, let me get the MP that did that22:39
zygasergiusens: maybe I used it before22:39
zygasergiusens: then it still didn't work22:40
sergiusenszyga, or else the godd example wouldn't compile22:40
zygasergiusens: I can have a look at that later, today == plainbox22:40
sergiusenszyga, yeah, it works since less than 4 days ago at most22:40
zygasergiusens: I'd like to iterate on bluez / nm examples later to build more things inside the snap as parts22:40
sergiusenszyga, releasing the fix for Left overs? :-)22:40
sergiusenszyga, if those parts use the built in plugins, it would be awesome to have them on the wiki22:41
zygasergiusens: no, spineau is handling our releases, it will be done after QA22:41
zygasergiusens: I'm adding features22:41
zygasergiusens: I will certainly try, now I'm split between the flexibility and predictability of the makefile I wrote22:41
zygasergiusens: and the urge to fix core issues I see in snapcraft today (subprocess mess, some caching bugs)22:42
zygasergiusens: also, make has a working dependency engine, it makes a lot of difference when you iterate, just make and it's fresh instantly (*when upstream didn't f*** up)22:42
zygasergiusens: whereas snapcraft really needs some idea on how to remake parts during hacking and I kept ending up doing rm -rf  equivalent22:43
sergiusenszyga, right, we need to implement the 'detect' if dirty22:43
sergiusenszyga, you can force22:43
sergiusenszyga, snapcraft stage --force22:43
sergiusensbut that will walk down the pull phase too22:43
zygasergiusens: I tried building one part out of few22:43
zygasergiusens: and that didn't work either (look at the $secret snap in $secret project)22:44
zygasergiusens: so I just ended up rm -rf ing, maybe it's all fixed now, it was last week22:44
loolzyga: I personally echo the stage into the file22:45
zygalool: which file?22:46
loolzyga: the state file22:46
zygasergiusens: FYI, http://plainbox.readthedocs.org/en/latest/manpages/plainbox-job-units.html#job-flag-simple this will make all snapcraft tests faster22:46
loolzyga: under the part22:46
zygalool: ah, I see22:46
sergiusenszyga, \o/22:47
zygasergiusens: s/faster/easier/22:47
sergiusenszyga, better harness, makes for faster development22:47
sergiusenszyga, so it is in some way all your fault :-P22:47
zygasergiusens: hehe22:47
zygasergiusens: plainbox has come a long way, compare that simple job to this...22:48
loolroot       3489  0.1  1.4 460364 14152 ?        Sl   22:53   0:00  \_ NetworkManager.patched --state-file=/var/lib/apps/network-manager/IBYLbSAATUQC/NetworkManager.state --config-dir=/apps/network-manager/IBYLbSAATUQC/etc/NetworkManager --config=/apps/network-manager/IBYLbSAATUQC/etc/NetworkManager/NetworkManager.conf --log-level=DEBUG --no-daemon22:54
zygalool: cooool!22:55
zygalool: nmcli?22:55
zygalool: does it work?22:55
loolnot yet22:55
loolI mean NM seems happy22:55
loolnmcli not22:55
zygalool: right22:55
loolbut then I didn't open the dbus for nmcli yet22:55
loolI'd like to try it without confinment first though22:56
lool(amd64)ubuntu@localhost:/apps/network-manager/current$ LD_LIBRARY_PATH=$PWD/usr/lib/x86_64-linux-gnu usr/bin/nmcli general status22:57
loolconnected  full          enabled  enabled  enabled  enabled22:57
loolhmm this stuff depends on policykit, that wont be nice22:59
zygalool: uhhh22:59
zygalool: what do you think we should do about polkit?22:59
zygalool: remove it or put it into snappy itself?22:59
loolI dont know yet22:59
loollet's try whether it brings up eth023:00
loolthere are loads of errors in the logs23:00
zygalool: careful, eth0 is how you ssh into the box ;)23:00
zygalool: how do you test btw/23:00
loolI have a console on the box23:01
zygalool: KVM?23:01
loolok, so denials from dhclient23:02
loolbut the snap is unconfined hmmm23:03
zygalool: what kind?23:03
lool(amd64)ubuntu@localhost:/apps/network-manager/current$ LD_LIBRARY_PATH=$PWD/usr/lib/x86_64-linux-gnu usr/bin/nmcli general status23:04
loolconnected  full          enabled  enabled  enabled  enabled23:04
lool[ 2679.122645] audit: type=1400 audit(1443135850.522:61): apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/sbin/dhclient" name="run/systemd/journal/dev-log" pid=4476 comm="dhclient" requested_mask="w" denied_mask="w" fsuid=0 ouid=023:04
looltyhicks or jdstrand ^ so my service is policy-template: unconfined, but is getting this denial23:05
zygalool: I may be wrong but unconfined is not "all in", it's still restricted to some degree (more than the shell you have) but very very permissive23:05
loollooks like dhclient is trying to log, and somehow apparmor doesn't like not finding who owns that file?!23:06
jjohansenlool: right but the dhclient profile is the one that is failing because it doesn't have permission23:06
looljjohansen: so it's because of the /sbin/dhclient apparmor profile that we ship23:06
looljjohansen: shoudl I disable something to get it to work, or ship my own or...?23:06
looloh I already ship dhclient23:06
jjohansenlool: you can add the flag attach_disconnected to the dhclient profile as a work around23:07
jjohansenit will looks something like23:07
looljjohansen: where is this profile though?23:07
jjohansen  /sbin/dhclient flags=(attach_disconnected) { ... }23:08
jjohansenlool: probably in /etc/apparmor.d/sbin.dhclient23:08
looljjohansen: I see it's under /etc, but that's supposed to be read-only23:08
zygalool: at least it's not selinux23:09
jjohansenlool: to test you can copy it somewhere else, and then do23:09
jjohansen  sudo apparmor_parser -r edited_profile_file23:09
zygalool: it's been a decade and it's still something people turn off23:09
jjohansenzyga: people turn apparmor off as well, heck they will turn off passwords and any security inconvenience that they can23:10
looljjohansen: yeah; it's just I need to fix this properly; I'd rather avoid rootfs changes and I dont want to lose the security benefits23:10
loolperhaps NM launches dhclient in the wrong way23:10
looldhclient works when called from ifup23:11
looland probably works on the desktop too with the same apparmor profile23:11
loolso my NM must be doing something different23:11
jdstrandlool: I imagine that you'll want a child profile for dhclient in the network-manager security-policy which would avoid the binary attachment and that you could tailor to the snap's data dirs23:11
looljdstrand: yeah; that sounds good23:11
loolit does sound like a lot of work too though23:11
loolplus, keeping the dhclient policy in sync23:12
jdstrandlool: I wouldn't get hung up on dhclient. add attach_disconnected to the file in /etc/apparmor.d to unblock yourself, then we can adjust when its time to implement security-policy for this service23:12
jdstrandlool: you don't have to keep it in sync. it only has to work with your snap writable areas23:12
jdstrandlool: it isn't terribly much work. see the email I CC'd you on wrt bluez23:13
jdstrandok, really heading out23:14
looldo I need to run something?23:14
loolprobably apparmor_parser23:14
jdstrandlool: yes23:14
jdstrandapparmor_parser -r /etc/apparmor.d/sbin.dhclient23:15
jdstrand(under sudo)23:15
jdstrand-r is for reload23:15
jdstrandyour change will survive reboots, but don't forget we have to address dhclient before people consume this23:15
jdstrandok, really, really gone23:15
looloh no23:15
lool[ 3367.581854] audit: type=1400 audit(1443136539.036:81): apparmor="DENIED" operation="open" profile="/sbin/dhclient" name="/apps/network-manager/IBYLbSAATUQC/lib/x86_64-linux-gnu/libisccfg-export.so.90.1.0" pid=5446 comm="dhclient" requested_mask="r" denied_mask="r" fsuid=0 ouid=10123:16
loolI think I want to use my dhclient now23:16
* zyga pushes a plainbox feature up23:21
zygahttps://code.launchpad.net/~zyga/checkbox/no-resource-limits/+merge/272319 :)23:22
zygalaunchpad feels slow tonight23:26

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!