/srv/irclogs.ubuntu.com/2016/03/11/#snappy.txt

=== beuno_ is now known as beuno
=== devil is now known as Guest90181
=== chihchun_afk is now known as chihchun
=== Guest90181 is now known as devil_
dholbachgood morning07:34
didrocksGuten Morgen dholbach07:38
dholbachsalut didrocks07:46
dholbachkgunn, in your mir-snaps article I removed the references to the snappy tools ppa - it should be available everywhere in xenial07:54
pittizyga: sorry, this PR does not really say much to me -- except for two comments it doesn't seem udev related at all?07:58
zygagood mornign08:05
zygapitti: hey, thanks for looking at it08:06
zygapitti: this how snappy will reload udev rules when something security-related changes08:06
zygapitti: (we write or remove some udev rules)08:06
zygapitti: this is just a sanity check review08:06
noizerGood morning09:12
noizerI think i encountered an issue while making mine own apparmor profile09:12
noizerthe error looks like Mar 11 09:08:30 localhost kernel: [64990.973666] audit: type=1400 audit(1457687310.712:69): apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher" name="/home/ubuntu/snaps/ad.sideload/LScnlHLRglbn/snaps/" pid=4159 comm="ubuntu-core-lau" requested_mask="r" denied_mask="r" fsuid=1000 ouid=100009:13
dpmmvo, Trevinho, did the u7 .desktop file support land yesterday? I wasn't sure which package to look at09:55
mvodpm: it landed but stuck in xenial-proposed due to a build failure09:55
mvoon powerpc09:55
Trevinholinkedinyou: dpm the package is the snappy one though09:56
TrevinhoOuch... Autocompletion...09:57
dpmmvo, Trevinho, ok, thanks 'ubuntu-snappy', then?09:57
dpmmvo, While I have you here: I don't quite understand how upgrades for the ubuntu-core snap work on the desktop. Do they happen automatically or do I need to upgrade it manually?09:57
mvodpm: there is a systemd job that will auto-update ubuntu-core09:58
dpmaha!09:58
dpmI was getting confused09:58
dpmI had tried09:58
dpm$ sudo snappy update ubuntu-core09:58
dpmthe given snap is not installed09:58
mvodpm: hm, that is a bug, I think because we use channels now in some internal api10:04
dpmmvo, where is the best place to file bugs for snappy, as the one you've just mentioned?10:11
mvodpm: the launchpad https://bugs.launchpad.net/snappy10:12
dpmgreat, thanks10:12
mvodpm: and pining us also helps10:12
cr0nxHi Snappy users. I have a question about adding 3rd party kernel module to the snappy kernel. Is it an easy task or I have to rebuild the whole image?10:14
ogra_cr0nx, you have to rebuiold the kernel snap10:16
dpmmvo, ok, filed http://pad.lv/155601810:17
ubottuLaunchpad bug 1556018 in Snappy "Cannot manually update ubuntu-core snap" [Undecided,New]10:17
cr0nxogra_  do you have any recommeded document about how to rebuild kernel snap?10:18
ogra_cr0nx, snapcraft offers a kernel plugin ... though that builds completely from source10:21
ogra_if you want to add a binary module http://cdimage.ubuntu.com/ubuntu-core/daily-preinstalled/current/ has the device tarballs that are used as input for our kernel snaps ... they are all based on deb packages from the ubuntu archive ...10:22
ogra_https://launchpad.net/~mvo/snappy/mksnap-os-kernel has the scripts to turn a device tarball into a snap (note: requires xenial's snappy)10:23
cr0nxperfect! thank you for your help. These are my first steps with snappy, but it seems to me as a great option for dedicated appliance I am working on. Do you know if somebody using snappy in a production env/product ?10:26
ogra_dell seels its industrial gateways perinstalled with snappy10:27
ogra_*sells10:27
ogra_and there are several drone manufacturers shi9pping snappy based drones10:27
cr0nxwow, exciting! And also last question:  do you have any experience running snappy kernel with grsecurity patch ?10:33
ogra_nope, but note that we use seccomp, cgroups and apparmor massively in snappy ... not sure if the grsecurity patches change their behavior10:34
cr0nxbetter ASLR is always better10:35
cr0nxok ogra_10:35
cr0nxthank you very much for your help. I appreciate10:36
ogra_here is a snapcraft.yaml for use with the snapcraft kernel plugin https://github.com/sergiusens/snapcraft/blob/feature/1552168/kernel-plugin/examples/kernel/snapcraft.yaml10:36
ogra_(you'd just create a wrokdir, put that yaml file in there and run "snapcraft" ... the rest is automatic10:37
ogra_)10:37
cr0nxcoool!10:39
ogra_(though there is no concept of pathes i think, which means you might need your own git tree with your patch on top)10:39
ogra_*patches10:39
ali1234is there a click package for mythtv on ubuntu-core?10:45
ali1234where do i even go to find packages?10:45
ogra_click package ? this isnt #click :P10:48
ogra_https://uappexplorer.com/ offers a search option for snaps in the store10:48
ali1234well i specifically need a click package that works on snappy ubuntu core10:49
ali1234i'm not sure what the difference is10:49
ogra_that doesnt exist10:49
ali1234oh?10:49
ogra_click is deb based, snap is something completely new10:49
ogra_there is no compatibility10:49
ali1234https://myapps.developer.ubuntu.com/dev/click-apps/?format=snap10:50
ali1234what does this URL mean?10:50
ali1234this is where you end up at the end of the snappy tour10:50
ogra_that shows your snappy packages in the store if you have any ...10:51
ogra_and is the place to upload them if you produce any10:51
ali1234why does it contain "click"10:52
ogra_no idea, i never looked at the url10:52
ogra_it is what you get to when clicking on "Ubuntu Core" at the top menu on the page10:52
ali1234this is why i thought i needed a click package10:52
ali1234in snap format10:52
ogra_for actual click packages you'D go to "Ubuntu Personal" ...10:53
ali1234the tour doesn't actually explain any of this, which is why i am reduced to guessing based on urls10:53
ogra_well, the store UI is far from being complete ... i guess the web devs just re-used the click UIs for now10:54
ogra_ali1234, https://lists.ubuntu.com/archives/snappy-app-devel/2016-March/000636.html10:55
ogra_that is what you want when creating snaps nowadays ... i guess docs will updated on release day10:55
ogra_*will get10:56
ali1234i don't want to create a snap though10:56
ali1234i want someone else to have already done it for me10:56
ogra_heh10:56
ali1234according to the tour, it is recommended to use 14.04, but "this" version of snapcraft only works on 16.04 (what "this" version means is not explained)10:57
cr0nxogra_: BTW: why docker version is so old? are you using backporting or it is really 1.6.2 version ?10:57
ogra_ali1234, all older snapcrafts and older images will be obsolete with 16.0410:58
ogra_cr0nx, no idea, i dont maintain that snap10:58
ogra_(and have never used it)10:58
ogra_ali1234, 16.04 is essentially snappys "1.0" release10:59
ali1234great, but 1604 isn't released, therefore i am not running it10:59
ogra_well, you have to ... or at least have to use a chroot if you want to build snaps for 16.0411:00
ali1234i don't want to build snaps for 16.0411:00
ali1234i want to build snaps for the current release, because that is what i will be deploying11:00
ogra_well, then you have to use the old manual ways11:00
cr0nxok11:01
ogra_but that it will be EOL in 5 weeks11:01
ali1234but my main point is that the tour literally contradicts itself11:01
ogra_*note that11:01
ogra_yes, it will be overhauled for release, as i said11:01
popeyDo we support the Odroid devices (yet)? like http://www.hardkernel.com/main/products/prdt_info.php?g_code=G145457216438 ?11:13
ogra_popey, longsleep (from spreed) did maintain one ... not sure hw has a 16.04 version and he wasnt around for some days11:14
ogra_*not sure if11:14
popeyhm, okay.11:14
ali1234can i run snapcraft on snappy core? is there a snappy package for it?11:17
ogra_you can run: sudo snappy enable-classic; snappy shell classic11:18
ogra_and then just apt-get install snapcraft11:18
ali1234is that a good idea?11:19
ogra_that is the purpose of the classic mode, so yes11:19
ogra_(it runs a container on top of the readonly rootfs that just adds the missing pieces for a "normal" dpkg based rootfs)11:19
ali1234where can i get a snappy 16.04 image for raspberry pi 2?11:22
ogra_http://people.canonical.com/~mvo/all-snaps/11:22
ali1234what does "all" refer t in the filename?11:23
ogra_either grab the pre-made one ... (thats a few days old though) or grab ubuntu-device-flash from there to build your own11:23
ogra_thats the new "all-snaps" image format, it means that everythiong is now a snap11:23
ali1234does building my own require 16.04?11:23
ogra_(rootfs, kernel, gadget (which is bootloader and device definitions))11:24
ogra_no, ubuntu-device-flash is a static binary ... you should be able to use it on older releases11:25
ali1234if i have a pi3, is the arm64 version a good idea?11:25
ogra_(it probably makes sense to apt-get install ubuntu-devcie-flash first, there are some deps like kpartx)11:25
ogra_no11:25
ogra_the pi3 can not run arm64 code yet11:25
ogra_that waits for a binary blob update from broadcom11:25
ali1234oh yeah, i heard about that11:26
ogra_(the currtent bootloader initializes the board in 32bit mode yet)11:26
ogra_and for snappy i'm also waiting for a u-boot port ... thats also not completely done yet11:26
ali1234it can initialize in 64 bit mode, but the kernel will fail when it tries to talk to the 32 bit videocore code11:26
* ogra_ has 2 pi3's lying here but not all bits exist yet)11:26
ogra_right11:27
ali1234something to do with kernel pointers being passed through videocore11:27
ogra_i definitely plan to have an image for it ...11:27
ogra_and once arm64 works fully on it, even an arm64 image11:27
ogra_today the only arm64 board we support is the dragonboard though11:28
=== chihchun is now known as chihchun_afk
kyrofaGood morning12:02
techrafGood morning @21:22 in Osaka12:23
techrafhow can I get a .snap file of a snap from a store?12:24
techrafis it possible to get the URL of a snap?12:24
techraffor example to check where `snappy-debug` will be downloaded from?12:25
ogra_techraf, there is uappexplorer.com ... not sure if it provides download links though12:33
beerayhi, I am just hearing about snappy, just want to know the difference between it and docker12:36
techrafogra_, I'm not sure if these are the same apps that I was thinking of..12:37
techraf@ogra_, I'm not sure if these are the same apps that I was thinking of...12:37
nothaltechraf: No such command!12:37
ogra_snappy isnt a container system (you can use containers in it)12:37
ogra_techraf, there is a search option for snappy12:37
popeytechraf: there is an api for the store. you could poke that and get the url to the snaps12:37
ogra_https://uappexplorer.com/apps?sort=relevance&type=snappy12:37
popeytechraf: or you might find them in my mirror http://popey.mooo.com/mirror/clicks/2016/03/2016-03-11-050001/12:37
kyrofatechraf, you can use the store API from the terminal12:38
kyrofapopey, argh, you're too fast12:38
techrafoh, these _are_ the same apps and store indeed shows a direct link to https://public.apps.ubuntu.com/anon/download/canonical/docker.canonical/docker.canonical_1.6.2.005-16.04.1-1_all.snap12:39
popeythat's the one12:39
kyrofatechraf, curl http://search.apps.ubuntu.com/api/v1/package/snappy-debug12:39
kyrofabeeray, welcome!12:40
techrafdoes _all.snap mean all architectures? Actually I was looking for armhc12:40
kyrofabeeray, Docker and Snappy solve completely separate problems12:40
ogra_techraf, yes, all means all arches (that can mean it only contains scripts, but also that it ships binaries for all of them and switches according to the arch you run it on)12:41
kyrofabeeray, Docker is a virtualization technology, and Snappy/Ubuntu Core is an operating system12:41
kyrofabeeray, may I ask what you read that led you to believe they were similar?12:42
beerayok , thanks so much guyz12:42
beerayso that mean I can use it to develop app, and it means it can run docker container as well12:43
ogra_yeah12:43
kyrofabeeray, you got it12:43
beerayJust want to ask, is it faster than running docker on main ubuntu or other linux distros12:43
popeyali1234: I have snappy on a pi2 here, and have two ssh sessions to it, one in 'snappy' mode, and one in 'classic' mode. I use classic to build snaps using snapcraft, and then switch to the 'snappy' mode session to test install them, as they share the same $home12:44
ogra_most likely, since you can run apps in a securely confined way natively ... without having to have a container layer underneath12:44
ali1234popey: that sounds like what i need12:44
ogra_ali1234, see, we thought of you :)12:45
popeyalthough I did run out of space at one point12:45
popeydoes snappy auto expand to fill the sd card?12:45
ali1234i am going to use a 32Gb card12:45
ogra_it should, yes12:45
ogra_check with df, i heard recently that the auto-resize diidnt work for someone12:46
ogra_(i'm currently re-writing it though)12:46
popey/dev/mmcblk0p2  3.4G  3.2G   90M  98% /home12:46
popeyit's a 16GB sd card12:46
ogra_looks fine12:46
techrafthank you ogra_, popey, kyrofa - I got to do a homework with downloaded .snap now :)12:46
popeyso looks like it didn't12:47
ogra_oh12:47
ogra_yeah, then it didnt12:47
popey/dev/mmcblk0p2      270336 31250000 30979665 14.8G 83 Linux12:47
ogra_there should be logs in /run/initramfs12:47
popeyreported by fdisk12:47
popey1454620756: start12:48
popeywritable: clean, 41877/229824 files, 618695/917504 blocks12:48
popey1454620757: end12:48
popeydoes classic have a limited amount of space?12:48
ogra_nope12:48
popeyhmm12:48
ogra_but it can only use as much space as your writable partition has indeed12:49
popeymy other one running edge, seems to have worked /dev/mmcblk0p2   29G  947M   26G   4% /home12:49
ogra_please file a bug against initramfs-tools-ubuntu-core that the resize didnt work12:49
popey(32GB card in that one)12:49
popeySo i guess no bug needed if it's fixed in edge?12:49
ogra_not sure it is fixed in edge :)12:49
beeraycurrently working on virtualization with docker, just want to ask if I can install docker on it, and then run container through the docker. OR is it possible like I read to develop app test it and run it on snappy without the need for container12:50
popeyhm12:50
ogra_beeray, both is possible :)12:50
beeraypls explain, you know each app is independent in container , how do they work in docker12:51
ogra_there is a docker snap you can install an use if you want ... to just run your app in12:51
beerayand also regarding RPi , can snappy replace the raspian or debian or ubuntu that we do install in RPi. if so what are the benefits12:52
ogra_at the same time you can use snapcraft and just develop a snap for your app that runs it natively12:52
ogra_it is really up to you ...12:53
ogra_though by experience i'd not really run docker on something as underpowered as a rpi12:54
ali1234does the rpi2 image work on rpi3?12:58
ogra_transactional updates are surely a big benefit (of the OS as well as of the snaps) ...  the very high level of security and reliability are surely also putting it far above a deb based system (readonly filesystem apps are completely confined and cant just access stuff on the OS etc)12:58
ogra_ali1234, nope12:59
ogra_as i said, needs u-boot to be finished12:59
ogra_i know srwarren is on it, shouldnt take long til he has something stable12:59
ali1234is it expected that the SD activity led does not work?13:00
ali1234oh nvm, it does work, it's just really slow13:00
ogra_after the rootfs booted it works13:00
ogra_the first boot takes a while since it resizes the OS and does some basic setup via cloud-init13:00
ogra_subsequent boots are a lot faster13:01
beeraythanks guyz13:01
ali1234what is cloud-init? i don't like the sound of that13:01
ogra_ali1234, it creates ssh keys and sets up the default user (in snappys case, it can generally do a lot more we dont use)13:02
ali1234so it's basically oem-setup for the cloud?13:03
ogra_right13:03
ali1234okay, makes sense13:03
ogra_well, in actual cloud-setups it does a lot more (installing debs and such, partitioning the cloud instance etc etc)13:03
ogra_more like d-i13:03
ogra_but as i said, snappy only uses the user setup and ssh key generator13:03
techrafsorry to jump in13:09
beeraySo what is the difference between  snappy and main Ubuntu13:09
techraffor ubuntu-core on RPi - before "sudo snappy enable-classic; snappy shell classic"13:10
techrafdo I need to install ubuntu-classic?13:10
JamesTaitmvo, did you by chance see bug #1555569 - is there a human-readable name in snap.yaml equivalent to title in a Click manifest?  Would that be summary?13:11
ubottuError: Launchpad bug 1555569 could not be found13:11
techrafor it's not yet official?13:14
ogra_techraf, nope, it should work by default (in the 16.04 images)13:15
ogra_well, it needs to download the container content (which "sudo snappy enable-classic" does)13:16
techrafogra_, that explains why it does not work here on 15.10 :)13:22
ali1234okay it must have finished booting by now13:29
ali1234how do i log in?13:30
popeyubuntu/ubuntu13:34
ali1234what is the IP?13:34
popeydhcp13:34
popeyor plug into a display and keyboard and login locall of course13:34
ali1234okay i am logged in13:36
ali1234it doesn't have a hostname13:36
ali1234probably explains why avahi doesn't work13:36
ali1234ubuntu@localhost:~$13:36
ali1234/dev/mmcblk0p2  3.4G  158M  3.1G   5% /writable13:36
kyrofaali1234, if webdm is installed try webdm.local13:37
ali1234what is webdm13:37
ali1234i tried wemdb.local from the tour, but it does not work13:37
kyrofaali1234, a web-based package manager, if you will13:38
ali1234.local is avahi13:38
ali1234there is no avahi address associated with the IP13:38
ogra_kyrofa, webdm isnt ported to interfaces yet13:38
kyrofaali1234, .local is just a convention. avahi is one of many ways to get mdns13:38
kyrofaogra_, ahh13:39
* ogra_ is waiting for that too 13:39
ali1234so the writable partition didn't resize either13:39
ogra_kyrofa, btw, what abotu an owncloud update ? :)13:39
ogra_ali1234, yeah, thats a bug13:39
kyrofaogra_, amd64 has been rebuilt, but my rpi2 is crapping out on me13:40
ali1234can i just e2resize it?13:40
ogra_you can file it against initramfs-tools-ubuntu-core ... i'm working on fixing that though13:40
kyrofaogra_, I'm not sure if it's my SD card, the flash drive I'm using for swap, or a hardware issue13:40
ogra_:(13:40
kyrofaogra_, the video gets all weird, like the text is garbled. It works for another half hour or so, then it's just gone13:41
ogra_wow13:41
ogra_that sounds very broken13:41
kyrofaogra_, yeah, feels like hw13:41
ogra_ali1234, any logs in /run/initramfs/ ?13:42
kyrofaUnfortunately it's the only arm I have... so I'm crossing my fingers for LP to finish allowing internet access in its builders13:42
ali1234yes, resize-writable.log13:42
ogra_any errors in  there ?13:42
ali1234yes, e2fsck errors13:42
ogra_ah13:43
ali1234http://paste.ubuntu.com/15347369/13:43
ogra_k, that gives me some pointer what to look for13:43
ogra_well, but it finished fine ... lparted should have kicked in next ... weird that it didnt13:44
ogra_-l13:45
ali1234also these http://paste.ubuntu.com/15347403/13:47
ogra_hmm13:48
ogra_where does that BYT come from13:48
ali1234"i dunno lol"13:48
ali1234where does any of that output come from?13:49
ogra_initrd13:49
kyrofaogra_, rebooting the rpi2, I have evbug lines all over my syslog13:49
ogra_there is an awfully ugly resize script13:50
ogra_kyrofa, lovely ... sounds like kernel then13:50
mvoJamesTait: I think the best we have is indeed summary13:51
ogra_(well, awfully ugly for GPT disks ... pretty standard for mbr ones)13:51
kyrofaogra_, should I log a bug, then?13:51
ogra_kyrofa, yeah and attach the syslog ... against linux-raspi2 for the start13:51
ali1234would it help if i did it again with a serial console?13:52
ogra_no, all output is redirected to the log files ... you would only see some echos "resizing foo ..."13:52
ogra_as i said, i'm working on it13:53
ogra_since thats just an mbr disk you can easily resize it with gnome-disks or gparted in your PC for now .... to work around the bug13:53
techrafogra_ where can I get ubuntu core 16.04 for RPi?13:57
ali1234http://people.canonical.com/~mvo/all-snaps/13:57
ogra_techraf, http://people.canonical.com/~mvo/all-snaps/13:57
techrafthank you14:00
ali1234uh... something weird just happened14:05
ali1234http://paste.ubuntu.com/15347526/14:06
ali1234i didn't do anything14:06
ogra_ali1234, auto update notification :)14:06
ali1234so it just reboots any time by default?14:07
ogra_if autoupdate is enabled, yes14:07
ali1234i'll need to automatically defer that14:08
ogra_(which it is by default)14:08
ali1234if mythtv is recording something it should wait until the recording finishes, then reboot14:08
ogra_so you disable it with snappy config ubuntu-core ...14:10
ogra_echo -e "config:\n  ubuntu-core:\n    autoupdate: false\n" | sudo snappy config ubuntu-core -- -14:12
ogra_that should do14:12
ogra_(note the spaces are essential, it is yaml)14:12
ali1234i don't want to disable it though. i just want to make sure the system doesn't reboot while it is doing something important14:14
ogra_well, its an on/off thing currently14:14
ogra_i agree that tthere should be finer grained inhibition ... but thats not there yet14:15
ogra_(there migh be a way via the REST api though)14:18
kyrofaelopio, standup?14:33
elopiokyrofa: I'm trying to join.14:33
kyrofaOh google14:33
ysionneauHow am I supposed to debug a snap with gdbserver ?14:36
ogra_from the classic shell you can attach to the pid14:36
ysionneauthe program crashes at startup14:36
ysionneaus/program/snap/14:37
ogra_ah, then probably by using strace from your startup script or some such ...14:37
ysionneauand if I run gdbserver in the confined env, it is killed because of syscall 136 (personnality)14:37
ogra_(which indeed requires re-snapping)14:37
ogra_i think jdstrand had some clever way of using an overlayfs from classic, so you can dynamically hack your shell scripts in the snap dir etc14:39
ysionneaufrom the startup script I've put something like if [ "$DEBUG" = "1" ]; then exec gdbserver :1234 $SNAP/usr/bin/wifid; else exec $SNAP/usr/bin/wifid; fi14:39
ysionneaubut gdbserver does not like being sandboxed14:39
JamesTaitmvo, so we're currently discussing the removal of the tagline field from click packages - I had mistakenly thought it was a field that we parsed from the click manifest, when in fact the upoader has to enter it in the upload form.14:40
JamesTaitmvo, the intention originally was to finally split it out into a separate field, and parse summary from snap.yaml into there - it sounds like a better approach might be to drop tagline entirely and parse summary into what clicks call title.14:41
elopiofgimenez: I rewrote the dep8 test to use the test deps from source, but I still can't find them if I'm not inside the tests directory.14:47
elopioI don't understand what I'm doing wrong. This should be the same as when we compile the tests binary.14:48
elopiohuh, weird. It works if I first generate the binary.14:51
fgimenezelopio, mm we do this when building the binaries "command.Dir = filepath.Join(os.Getenv("GOPATH"), projectSrcPath)", are you using shell script for the dep8 test?14:51
elopioshell script.14:52
elopiobut it worked, I think I'm happy with this. Not as ugly as before.14:52
elopioI'll propose the branch for you to see.14:52
zygajdstrand: hey14:54
jdstrandzyga: hey14:54
jdstrandI saw the emails, I'm discussing it with the team14:55
zygajdstrand: thanks14:57
zygajdstrand: let's sync before EOD, I'd like to know what I stand on14:57
=== ahayzen_ is now known as ahayzen
jdstrandzyga: yes, that is why I started discussing it immediately after I came on :)15:05
=== chihchun_afk is now known as chihchun
elopiomvo: https://github.com/ubuntu-core/snappy/pull/64615:24
elopioautopkgtest.15:24
mvoelopio: thats wonderful, thanks a lot!15:24
jdstranddidrocks: hey, I can't help but comment since you sent the reminder-- the timing for surveying people on 16.04 snappy development is interesting since I imagine everyone is going to be incredibly frustrated since a ton of things are still in flight15:25
jdstrandand that is going to continue for at least a couple of weeks15:26
jdstrand2 cents15:26
ogra_are we re-defining interfaces again next week ?15:26
ogra_:P15:26
jdstrandnot plugs/slots/etc but yes in that now that that is settled, the actual interfaces are going to land15:27
kyrofajdstrand, yeah I'm prepared for angry responses :P15:27
didrocksjdstrand: yeah, that's what I first told to Daniel about the timing15:27
jdstrandand old-security/caps names are not going to be the same as the os slots15:28
didrocksbut at least, we can measure, reassess, progress15:28
didrocksyeah, I look forward to that, I lost a build because of a trailing "," in a json security.override15:28
didrocksand no angryness on install! :p15:28
jdstrandI guess in one sense you will have a nice baseline-- your next survey should have an overwhelmingly more positive response, so it'll look great then! :)15:29
kyrofaHahaha15:29
jdstranddidrocks: click-review whould've noticed that15:29
jdstrandshould've15:29
jdstranddidrocks: but security-override was literally *horrible* in 15.04 :)15:30
jdstranddidrocks: I think you are the only person who used it15:30
kyrofajdstrand, not so! I've used it now15:30
jdstrandyay?15:31
kyrofa:P15:31
jdstrand:)15:31
jdstrandI mean, it does stuff...15:31
didrocksit does somewhat worked yeah :)15:36
didrocksbut I'm happy we move to something more modern15:36
didrockskyrofa: speaking of which, you have an answer on http://askubuntu.com/questions/744696/how-to-create-snappy-nodejs-web-application :)15:37
kyrofadidrocks, heh15:39
stgraberjdstrand: any chance you can approve lxd 2.0.0 rc3?16:01
jdstrandogra_, ysionneau: fyi, this is in my notes: http://paste.ubuntu.com/15348328/16:01
jdstrandogra_, ysionneau: obviously the technique can be extended in various ways16:02
jdstrandstgraber: I thought I did?16:02
ogra_*if* yoour kernel has overlayfs16:02
ogra_:)16:02
jdstrandstgraber: is this a new one or from earlier this week?16:02
jdstrandogra_: indeed16:02
stgraberjdstrand: that was rc2, I pushed rc3 last night16:02
jdstrandah16:02
jdstrandyes, I can do that16:02
rajenHi Folks. I am experimenting with custom Snappy o/s image creation for our hardware. I was able to use "mk-snappy" scripts to create a custom kernel snap. I am picking up os snap from nightly builds. I used device-flash to create the .img file16:09
rajenBut I observe that ubuntu-core cannot be updated to newer versions as it is shown as sideloaded.16:10
rajenhttp://pastebin.com/wLehLKHZ16:10
rajenAny idea how we can overwrite sideload'ed apps with signed version from snappy store?16:10
ogra_you cant16:10
ogra_upload your snaps to the store ;)16:11
ogra_(and push your updates through it too)16:11
rajenokay..I am using the os snap provided.16:11
rajenBut it still shows up as sideloaded.16:11
ogra_you make ubuntu-device-flash use it from the store ?16:12
ogra_or did you download it locally16:12
rajenGot it. I am downloading the snaps and tar balls locally and creating the img file using device-flash.16:13
ogra_thats your issue :)16:13
rajenI see what you are saying, if I tell device-flash to use o/s snap directly from store it will allow me to upgrade it.16:13
ogra_you just want: --os ubuntu-core.canonical16:14
rajenYou see, we want our own customer kernel snap to be sideloaded. But ubuntu-core, we want it from the store.16:14
ogra_that will download the signed one from the store and it will not be marked as sideloaded16:14
rajenokay let me modify the scripts to do --os  ubuntu-core.canonical16:15
rajenThanks for the tip ogra_ !16:15
ogra_if you want to upgrade your kernels you should consider uploading them too though16:15
rajenW.r.t kernel, yeah we will get there soon.16:16
rajenogra_: What about gardget snap? canonical-pc?16:16
rajen--gadget  ???16:17
dholbachmvo, ogra_: do you know when snappy 16.04 images will live on cdimage.u.c?16:25
ogra_dholbach, no16:25
dholbachdo we know who's working on this?16:25
ogra_me if in doubt16:25
ogra_we have the fragments on http://cdimage.ubuntu.com/ubuntu-core/daily-preinstalled/current/ (kernel and os snap) but these need to be automatically pulled into the store .... and thnen we need some automated way to run u-d-f16:26
ogra_and as i just said in my mail we need the new all-snaps u-d-f to land first in the archive16:27
ogra_as i also said in my mail i could do an alpha release manually ... but since the interfaces are still not final i'm not sure thats such a good idea16:27
ogra_(people will have to re-do their snaps again once it is stable)16:28
dholbachmh16:28
ogra_mvo, when will the u-d-f for all-snaps land ? any reason to hold it back ?16:29
rajenogra_, Yes. Now I am able to see ubuntu-core snap installed with correct version and Developer.16:36
ogra_great :)16:36
rajenCool. But, I have question now.16:37
rajenThe reason why were doing custom o/s snap was to work around a problem in Snappy.16:37
ogra_a custom os snap is definitely the wrong way to work around any problems :)16:37
rajenOur C application residing inside our snap package is allergic to dash and wants bash as default shell.16:38
rajenNow is there a way in Snappy to specify /bin/sh to be bash for a Snap application.16:38
ogra_we might remove bash from the image at some point16:38
rajenI believe this is a feature that needs to be exported by the Snappy infrastructure.16:38
ogra_andf your snaps should realyl not rely on anything in the os snap16:38
rajenokay..here is the catch.16:39
rajen"/bin/sh" is hardcoded when system("") libc API is used.16:39
ogra_i think the right way would be to allow snapcraft to ship a /bin/sh override so you can ship your own shell insuide and the ubuntu-core-launcher would just point to whatever your snap ships16:39
rajenSo we do not want to hack libc to point to some other /bin/xxxx.16:39
ogra_jdstrand, ^^^16:40
argesHi. Does a golang client library exist for the snappy REST api? or should i just use net/http.16:40
ogra_jdstrand, and idea if it is possible to override /bin/sh from the launcher for a snap ?16:40
ogra_i could imagine people shipping ksh scripts or tcsh scripts in their snaps would want that too16:41
ysionneauis there a capability to allow a snap to use mount ?16:51
ogra_i dont think so16:52
ysionneauI'd like to have some rw directory accessible from several snaps16:52
ysionneauI wanted to mount -o bind some /writable/parrot directory in /tmp/parrot (the sandboxed /tmp)  for each snap16:53
ogra_i think the interfaces model will offer that (you would have a disk-provider snap or some such that your other snaps can consume) but thats not there yet16:53
ysionneaubut no luck :p16:53
ogra_probably zyga can tell where we stand with that16:54
ysionneauok thanks!16:54
ogra_i know he works on interfaces16:54
ogra_but i doubt you will be able to actually use mount :)16:54
ysionneauwell mount is not mandatory I just wanted some solution to share some files16:55
ysionneauand actually right now I want to share a named unix socket16:55
ogra_yeah16:55
* ogra_ usually just dumps all bits that need to share a dir into one snap 16:55
ogra_i.e. http://bazaar.launchpad.net/~ogra/+junk/upnp-server/files .... ships minidlna and lighttpd that share the same dir16:56
ysionneauyes that's one solution, but it's not something we can do for everything16:57
ysionneauthat would end up like : parrot-firmware.snap16:57
ysionneauinstead of having several snaps16:57
ogra_well, whats the advantage of having several snaps ?16:58
ysionneau+ we want to allow developers to do snaps which would be able to communicate with our autopilot running in another snap (a parrot snap)16:58
ogra_(apart from requiring a lot more maintenance)16:58
ysionneauand that means : shared memories, udp/tcp/unix sockets16:58
ysionneauand files16:58
ogra_yeah, the interfaces model will allow all that i think16:58
ysionneaugood :)16:59
ysionneauis there some text somewhere describing this idea? (even if it's not implemented at the moment, I get it)16:59
ysionneauso that I can grab the idea16:59
ogra_not sure ... since we collect all such stuff in google docs i lost the overbview16:59
ogra_i'm sure there is some doc *somewhere*17:00
jdstrandogra_: eek, yuck. /me notes system() is almost always unsafe.... I can't think of a way to do that in anyway that would be considered sane17:04
jdstrandthe scripts should be adjusted to be posix compliant or the system() calls should be replaced with something that does what they want17:05
ogra_well, you could have a special libc that allows an env var for /bin/sh to override the system one .... and force-seed that var to an in-snap binary17:05
ogra_but thats indeed very ugly17:05
ogra_jdstrand, would it be bad to make seccomp actually block system() ?17:06
jdstrandthis all gets back to us defaulting to dash which we did in 6.1017:06
ogra_(i assume this would make half the Sw non-functional)17:06
jdstrandwe can't block system(), that isn't a syscall17:06
ogra_yeah17:07
jdstrandlibc implements system() with execl which is ultimately the execve syscall17:07
* ogra_ sighs ... 3rd firefox crash out f the blue in 1h ... FF 45 is really not for 15.10 it seems :(17:07
ogra_hmm, doesnt libc actually respect the SHELL env var ?17:08
ogra_hmm, not according to http://www.scratchbox.org/documentation/general/tutorials/glibcenv.html17:11
rajenogra_, Jdstrand: I am reading your conversation. Interesting points!17:12
ogra_rajen, we have a porting doc to make shell scripts properly POSIX compliant btw https://wiki.ubuntu.com/DashAsBinSh ... perhaps that helps ?17:13
ysionneauhmmm even from the same snap, if I run 2 apps, each one will get a different /tmp, right?17:13
ysionneaubut I can share files with $SNAP_DATA :)17:13
ogra_ysionneau, yeah, i think there is a bug open for that17:13
ysionneauogra_: ok17:13
rajenOkay dash/bash for scripts. Yes we fixed all that.17:13
rajenThe issues are with our C application.17:13
ogra_/tmp should be per snap, not per app17:13
ysionneauagreed17:14
rajenjdstrand, ogra_: this is the actual problem we are trying to work around with http://stackoverflow.com/questions/35642734/ld-preload-not-applied-to-command-given-through-system-in-dash-but-working-wi17:14
jdstrandyou could maybe LD_PRELOAD system() so it uses bash17:18
ogra_that doesnt solve the general issue that snaps fully rely on the os shell though17:19
rajenI don't think that was possible.17:19
rajenjdstrand,       _IO_execl ("/bin/sh", "sh", "-c", command, (char *) 0);17:21
rajenglibc code does this. There is no escape from this I guess.17:21
rajen_IO_new_proc_open()17:22
mhall119hi all, where can I find documentation about the new "interfaces" in snappy and how to build a snappy that provides new ones?17:25
ogra_mhall119,  in someones brain :P17:26
mhall119who's brain to I need to extract? :)17:29
zygamhall119: mine17:30
zygamhall119: what do you need17:30
mhall119zyga: to learn more about snappy, but specifically I want to understand the best way of providing a single ubuntu-sdk-libs snap package that other snap application packages can depend on17:31
zyganiemeyer: oh, so code reuse17:32
zygaer17:32
zygamhall119: ^^17:32
mhall119yes17:32
zyganiemeyer: sorry, habbit :)17:32
niemeyer;)17:32
zygamhall119: we discussed that times and again and the bottom line is that right now we don't have an off-the shelf solution; I'm pretty confident we could make one but that's something we're not working on now17:33
mhall119zyga: with 16.04 desktop introducing snappy support, I'd like to make our new ecosystem of convergence apps available on it17:33
zygamhall119: the focus is to finish what we planned and that's very much what we are doing17:33
zygamhall119: I understand, it's just not ready yet17:33
zygamhall119: there's a few different ways we could do that, it's a bit complex around the edges17:34
mhall119ok, then where can I learn about snappy interfaces more generally?17:34
zygamhall119: and we don't want to get back to debs and dependency issues17:34
zygamhall119: the core idea is super simple, it's a way for two snaps to interact17:34
jdstrandmhall119: fyi, I think you are about 1 week early17:34
zygamhall119: using a well defined "protocol"17:34
zygamhall119: whatever that is (could be some actual protocol, could be just an agreement to write to a file, etc)17:35
jdstrandmhall119: in about that time, much of this will be landed and presumably docs/... updated17:35
zygamhall119: yep, jdstrand is right17:35
zygamhall119: I'm working on plugging it all together; next week we'll have that in trunk and we'll focus on docs, polish and tons of interfaces17:35
mhall119jdstrand: ok, who is working on landing that and writing those docs?17:35
zygamhall119: and to see what's the next focus for us17:35
zygamhall119: I suspect I'll work on that though I bet jdstrand will help me a lot in actual writing proper english :)17:36
mhall119zyga: ack, I will come annoy you about it next Friday then :)17:36
zygamhall119: gladly!17:36
zygamhall119: sorry, I wish I could give it to you and the world today17:36
zygamhall119: (about that, time for a coffee and another pull request)17:36
jdstrandzyga: I can say for sure after all that is there and the old-security/caps stuff is implemented, we should look hard at the existing frameworks (docker, lxd, mir, bluez, pulseaudio and nm)17:37
mhall119zyga: a week is not so bad, I can wait that long :)17:37
jdstrandzyga: each will likely present different challenges to work through. eg, sockets, dbus bus policy, etc17:37
zyga-phonejdstrand: totally agree17:42
zyga-phone(I cannot stand my office today, moved downstairs to see real living human beings)17:44
zyga-phonejdstrand: I'd like to land udev/apparmor branches that I posted17:44
zyga-phonejdstrand: while my attempt to reconcile snappy/security.go with interfaces failed miserably (everything is terrible ;-) I got a lot of things done17:45
jdstrandzyga-phone: hehe, I doubt everything is terrible. Things are coming along! be happy :)17:48
zyga-phonejdstrand: we parse the _name_ of the file with the apparmor profile in hw-assign, I tried to decouple that so we can rename the file but I gave up17:49
zyga-phonejdstrand: I'd rather implement interfaces and developer mode and burn hw-assign with fire17:50
jdstrandzyga-phone: hw-assign gone, sure. I am curious what we'll do for say, assigning /dev/video0 to a snap17:50
ogra_voodoo17:51
jdstrandie, what these interfaces will look like wrt the os and gadget slots17:51
ogra_(build a little camera out of straw ... ascrifice a chicken ... and hope the app works then)17:51
zyga-phonejdstrand: enable developer mode, work with us on a proper interface17:51
zyga-phonejdstrand: doing /dev/* assignment through interfaces is trivial (i have implemented this iface locally)17:51
zyga-phonejdstrand: doing hw-assign requires going through a maze of legacy code17:52
jdstrandok, so you implemented the hw-assign functionality as an interface (that's fine and it will probably be useful for devs in the early stages), I more meant what does a proper interface look like for these things17:53
jdstrandit is more pondering17:53
jdstrandI guess we'll see :)17:53
zyga-phonejdstrand: it would always depend on what is being assigned so that there's interoperability17:56
=== chihchun is now known as chihchun_afk
Ash___hi18:28
Ash___is it possible to use smartphone as a developement board for projects18:28
Ash___since...todays smartphones are built on SOC s ..18:29
Ash___pls post your views18:29
kyrofaAsh___, sure, but aren't the bootloaders pretty locked down in most cases?18:31
rajenIs anyone working on this issue? https://bugs.launchpad.net/snappy/+bug/155245818:31
ubottuLaunchpad bug 1552458 in Snappy "Sharing tmp directory across multiple commands in a snap app" [Undecided,New]18:31
rajenI hope this gets fixed soon so that we can prepare our snaps in time for 16.04 release18:31
Ash___hi kyrofa..18:31
Ash___can u just dive deeper ...to get better understanding18:32
kyrofaAsh___, I'm not sure how much deeper we can go there. If phones were that easy to use, you wouldn't need to hack them to root them etc.18:33
kyrofaAsh___, you're right, all the hardware is probably there (other than stuff like GPIO etc. that's on a typical dev board)18:34
Ash___yeah, we should leverage its power....18:35
Ash___Lets work together to use smarthone as a embedded system's heart18:36
kyrofaAsh___, honestly I'd rather use something a bit more open18:39
Ash___yeah, u r correct...even me too like to use in the same way....but as we see...the prices of smartphones are becoming cheap..in terms of prices and they are loaded with all sensors...processor....display...wifi...bluetooth....4G..3g..what not...18:42
=== devil is now known as Guest86684
=== Guest86684 is now known as devil_
=== devil_ is now known as devil__
=== JanC_ is now known as JanC
popeyI'd rather use something like an arm chromebook for dev / building as it has an integral screen and keyboard, and integrated IO ports20:57
popeyso easier to debug when it messes up20:57

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!