=== chihchun is now known as chihchun_afk === chihchun_afk is now known as chihchun [06:52] good morning [07:19] https://github.com/ubuntu-core/snappy/pull/734 [07:54] good morning [07:54] dholbach: morning :) [07:57] cześć zyga [07:57] davidcalle, dpm, popey: https://bugs.launchpad.net/snapcraft/+bug/1537786 :) [07:57] Launchpad bug 1537786 in Snapcraft "lifecycle: allow do clean rebuild of all/parts without having to pull all again" [Wishlist,Fix released] [07:57] tschus :-) [07:57] (if I recall correctly) [07:58] tschüss :) [07:58] but that's goodbye [07:58] morning dholbach, nice! [07:58] 'hallo' should work though :) [07:58] oohhh [07:58] then I remember poorly :) [07:58] thanks for correcting me [07:58] (that was over a decade ago when I last learned german) [07:59] dholbach: ooh [08:02] dholbach, do you happen to know which are the clean steps you can use? It seems the info is missing from 'snapcraft clean --help' [08:04] dpm, I don't - but I assumed that the bug fix would allow snapcraft to figure out itself what needs updating and what doesn't [08:06] dpm, ah now... [08:06] - pull [08:06] - build [08:06] - stage [08:06] - strip [08:06] - snap [08:06] ^ that's the steps (from: snapcraft help plugins) [08:21] dholbach, thanks. https://github.com/ubuntu-core/snapcraft/pull/403 [08:34] nice one [08:48] dholbach: excellent! [09:41] hi [09:41] have anyone here ported snappy for an arm device? [09:42] hey Ram_, yes, i have (multiple times) [09:42] i'm facing a lot of trouble to do so [09:43] well, lets go through them and fix them one by one then :) [09:43] hi ogra! it's ur blog i'm following to achieve that ;) [09:43] oh, thats very old [09:43] i will write an up to date entry for 16.04 once it is out [09:44] that is nice! [09:44] (there have been very massive changes and 15.04 will be EOL soon) [09:46] first of all I'm a beginner.. [09:46] we all were once ;) [09:46] i do things by following the blog to port ubuntu core [09:46] right, the new setup is not very well documented yet [09:47] but i would actually recommend to go for 16.04, despite that [09:48] okay! [09:49] now i'm using an arm based device, which is having support for kernel v3.14 [09:49] in the new setup everything is a snap package (no more tarballs, even rootfs, kernel and the bootloader some as a snap) [09:49] to do a port you need a gadget snap (bootloader) and a kernel snap for your device [09:50] for an arm board you need a working uboot bootloader [09:50] (we are preparing for boards that use grub too, but are not there yet) [09:50] i got the u-boot.bin, and uImage [09:51] did you build the uboot from source ? you will need some patches [09:52] here is an example of a gadget snap (for the raspberry pi2 in this case) http://bazaar.launchpad.net/~snappy-dev/snappy-hub/snappy-systems/files/head:/pi2 [09:53] here is the patch that we use (it is just a few config options) http://paste.ubuntu.com/15472180/ [09:53] so first of all, build your uboot with these options enabled [10:09] is there a best practice how to add a user needed for a snap on install? [10:09] i doubt you can [10:10] (and it would be nonsense, your services run as root and all files are chowned to root when building the snap) [10:10] (we use the --all-root option to mksquashfs) [10:12] hmm. so now i am wondering if this is a prob with my vm setup [10:12] i am binding 8021 to 21 [10:12] and ftp into it then causes stuff like [10:12] http://paste.ubuntu.com/15486216/ [10:13] * asac tries running on same port as the bound port on host [10:13] "Remote system type is UNIX." [10:13] just use Linux then it will work [10:14] *g* [10:14] how are the file permissions of the dirs you access there ? [10:14] those should be fine [10:14] i think its because ftp opens new ports [10:14] that then have no forward to the vm [10:14] but thought passive on would fix that [10:14] (seems also a bit odd that you end up in the toplevel dir of your snap ....) [10:14] seems passive also creates new ports? [10:15] !ls [10:15] The linux terminal or command-line interface is very powerful. Open a terminal via Applications -> Accessories -> Terminal (Gnome), K-menu -> System -> Konsole (KDE), or Menu -> Accessories -> LXTerminal (LXDE). Guide: https://help.ubuntu.com/community/UsingTheTerminal [10:15] hmm, no idea [10:15] !ls shows the local host dir [10:15] asac: I am only a bot, please don't think I'm intelligent :) [10:15] so thats fine [10:15] ok guess i should go for the pi2 then next :) [10:15] where i have proper network [10:15] and see [10:15] In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. When opening an FTP connection, the client opens two random unprivileged ports locally (N > 1023 and N+1). [10:16] http://www.slacksite.com/other/ftp.html [10:16] FTP server's port 21 from anywhere (Client initiates connection) [10:16] FTP server's port 21 to ports > 1023 (Server responds to client's control port) [10:16] FTP server's ports > 1023 from anywhere (Client initiates data connection to random port specified by server) [10:16] FTP server's ports > 1023 to remote ports > 1023 (Server sends ACKs (and data) to client's data port) [10:17] so you need more ports :) [10:17] ok i could force fix this by specifying max abnd min pasv port [10:17] saw those entries [10:17] well... guess iits time to go beagle or pi2 now anyway [10:17] just would love to not use ubuntu user for anonymous :) [10:17] but cant create one automatically on install [10:17] you cant see the ubuntu user from your snap [10:17] maybe we should have one user per snap that you can then use for services etc. [10:17] (i think) [10:17] it can [10:18] well it cant see the home [10:18] buut it can see that that user exists in /etc/passwd [10:18] it seems [10:18] and tahts all that is needed for this [10:18] i think jdstrand has a plan for system users in snaps ... but thats likely not 16.04 material [10:18] also i ended up unconfined now :) [10:19] you cant see the user in /etc/passwd, bhecause the user isnt in /etc/passwd ;) [10:19] nss-extrausers ... [10:19] i'm not sure how well getent() works ... might be possibel to use that [10:19] odd [10:19] but it works :) [10:19] think its using libc [10:19] *possible [10:19] and that figures it [10:20] i cant use a user that isnt avail [10:20] but i can use ubuntu :) [10:20] as my anon user [10:20] yeah, then getent likely works [10:20] which is good news... just would love to have my own user for that snap as i am using a dir somewhere in /var/lib anyway for the anon uploads [10:21] nobody didnt work [10:21] because /nonexistent doesnt exist [10:21] wodner if i should just hack vsftpd more so it doesnt refuse to use nobody [10:21] but *shrug* [10:22] * asac goes and turns the pi2 into a box that will go to living room [10:22] the orange box one [10:22] http://paste.ubuntu.com/15486252/ [10:22] thast my old server setup script ... there is also user creation in it [10:23] (ignore the chfn messages btw) [10:27] i must be that folks are stealing usb cables from me at events [10:27] i never forsaw that i had troulbes finding one [10:27] bought like 20 2-3 years back in a bundle ... [10:27] heh, thats SD cards for me :) [10:27] now i had to use a 20cm long one and the pi2 is hanging in the air [10:28] yeah sd cards i accept [10:28] but usb cables? wtf [10:28] * asac goes to amazon and orders more :) [10:30] hmm. my pi2 doesnt see new updates [10:30] guess i have to reflash [10:30] ubuntu-core 2016-02-03 16.04.0-7.armhf [10:30] ubuntu@localhost:~$ [10:30] that one [10:30] getting https://people.canonical.com/~mvo/all-snaps/rpi2-all-snap.img.xz [10:31] and a coffee [10:39] ogra_: downloaded your pi3 image and put on card, Booted up and the last thing I see on the console is "Started OpenBSD Secure Shell server" and if I ssh in, it asks for my password then hangs [10:39] (I had raspbian on this before, so I know the pi itself is fine) [10:40] popey, hmm, you should get a login prompt [10:40] i definitely do here [10:40] when does it do the partition resize? [10:40] it's a 32GB card [10:40] (i dont if i use the same image on a pi2 ... but thats a different issue) [10:40] from the initrd [10:40] ok [10:40] so earlier than this [10:41] takes about 15sec here for a 128G card [10:41] so i'd imagine 32G to be really fast [10:41] yeah, not that [10:41] there is definitely a shell on HDMI [10:41] yup [10:41] if you ahve a cable around [10:42] i am looking at the output from hdmi [10:42] oh, i thought you look at serial, sorry :) [10:43] any idea on how to "debug" this? http://paste.ubuntu.com/15486342/ [10:43] how can I understand what's going wrong? [10:43] http://i.imgur.com/g5a63oZ.jpg ogra_ [10:43] and ssh with ubuntu:ubuntu doesnt work ? [10:44] alan@homeserver:~$ ssh ubuntu@192.168.1.69 [10:44] ubuntu@192.168.1.69's password: [10:44] been sat there for minutes [10:44] yery weird [10:45] * popey reboots [10:45] * ogra_ does a fresh flash of his image [10:45] i just grabbed the pi xz image you linked to in your mail [10:46] ysionneau, where is your gadget source tree ? [10:46] popey, yeah, thats what i'm flashing now [10:47] hah, worked this time 😖 [10:47] i see a login prompt now, but didn't on first boot [10:47] * ogra_ will check that [10:47] ogra_: it's not published but here is the content : http://paste.ubuntu.com/15486365/ [10:47] note that cloud-init can take quite long on first boot [10:48] ysionneau, i guess it looks for a uboot binary somewhere [10:48] or for a uEnv.txt ... [10:49] mvo: is ubuntu-core 2016-02-03 16.04.0-7.armhf canonical [10:49] really the latest? [10:49] hm. trying to install a snap fails - just did "snap find owncloud" and it sees two results (one from kyrofa) and then if I "snap install owncloud" it just returns immediately and doesn't say anything [10:49] * asac apparently cleaned his previous SD for no reason [10:50] mvo: nevermind... found and update [10:50] mvo: are we doing diff downloads yet? [10:50] asac: if you use rolling/edge you get something newer, its been a while since we did a stable promotion [10:51] mvo: so one thing i noticed: http://paste.ubuntu.com/15486382/ [10:51] asac: no deltas yet will probably take a couple of weeks still [10:51] you guys spit out "reboot" before stuff is synced to disk [10:51] would have caused troubles i guess if i hard rebooted at that point [10:51] had to wait in sync for 20 secs [10:51] asac: oh, that is interessting. it did not occour to me that people would do hard reboots [10:51] could be its fixed in latest of course... thats the feb image in your peopl [10:51] asac: but of course this is a different world [10:52] people do everything :) [10:52] it is not fixed, thanks for bringing it up [10:52] no power switch on a pi :) [10:52] also who knows if they get impatient if reboot command hags for a bit [10:52] would be interesting to see how our tx update behaves [10:52] if its not fully synched [10:52] might try it sometimes when i want to have fun :) [10:53] popey, so first boot works fine here ... it properly clears the screen and offers me a ligon prompt [10:53] *login [10:54] mvo: i need to update classic by myself right? [10:54] hm, odd [10:54] or is that now done in backgrounrd? [10:54] ogra_: now I can't install any snaps on it [10:54] ogra@anubis:~/datengrab/rpi3$ md5sum rpi3-all-snap.img.xz [10:54] 07abd31a72f54cfa0c1ae8241073e3d0 rpi3-all-snap.img.xz [10:54] popey, yeah, thats normal :P [10:54] hah, ooookay [10:54] why? [10:54] snaps are only installable until the next security model renaming :P [10:54] 07abd31a72f54cfa0c1ae8241073e3d0 rpi3-all-snap.img.xz [10:55] * popey blinks [10:55] read: kyrofa neesd to update his owncloud snap again [10:55] interfaces landed yesterday [10:55] (the new security model) [10:56] also the rootfs snap is from yesterday morning ... i shoudl probably re-build it with todays rootfs (there might again be more changes) [11:01] ahhh === chihchun is now known as chihchun_afk [11:15] davidcalle, I created a branch with the examples for the doc [11:16] davidcalle, that might make it easier to keep them up to date and allow readers to get them all at once === chihchun_afk is now known as chihchun [11:20] Good morning [11:20] ogra_, ah, thanks for the heads up [11:21] ogra_, is that in edge? Or has it gone to stable? [11:22] not yet in stable [11:22] stable is weeks old [11:26] dholbach: yes of course, thanks :) [11:28] dholbach: how do I run a command on a source before starting eg. a cmake building? [11:28] davidcalle, can you elaborate? [11:28] or explain what you're trying to do? [11:29] dholbach: the source I'm trying should apparently use the autotools plugin, but before it runs ./configure (which is the first thing the autotools plugin does after getting the source), I need to run another command. [11:32] mh... no idea [11:33] kyrofa, ^ do you have a solution for such a case? [11:34] davidcalle, dholbach perhaps the simplest thing to do would be to ship a custom in-tree plugin that inherits from autotools and does what you want? [11:35] of course... :) [11:35] https://developer.ubuntu.com/en/snappy/build-apps/plugins/ [11:35] davidcalle, ^ [11:35] kyrofa, dholbach: alright, looking into this, thanks :) [11:37] davidcalle, are you hitting this? https://bugs.launchpad.net/snapcraft/+bug/1551716 [11:37] Launchpad bug 1551716 in Snapcraft "snapcraft does not allow vendor/platform patching of upstream sources (aka: add patch phase to lifecycle)" [Undecided,New] [11:39] kyrofa: nope, it's just an extra build command that is required by the source [11:39] davidcalle, ah, okay interesting. Yeah, the custom plugin is probably the way to go, but that doc sorely needs to be updated. Maybe I'll do that this morning [11:41] kyrofa: alright, nothing urgent, I can move on to snapping something else for now, thanks! [11:41] (unless I manage to find my way with the doc of course ;) ) [11:43] davidcalle, just don't worry about the `handle_source_options()` call [11:43] davidcalle, and the x-crafty.yaml is now done via the schema function [11:45] davidcalle, honestly you can mostly rip this off: https://github.com/ubuntu-core/snapcraft/blob/master/snapcraft/plugins/autotools.py [11:45] kyrofa: that's what I'm doing and adding the command I need [11:45] davidcalle, perfect [11:46] kyrofa: I'll probably look later into doing proper inheritance, though, but I want the build part out of the way for now [11:48] mvo, should "snappy install --allow-unauthenticated ..." work for os and kernel snaps (doesnt here, i got exclamation marks in snappy list after a reboot) [11:50] ogra_: hm, that should work, what does grub-editenv list output? [11:50] kyrofa: how do I define the name of my plugin, with the schema function? Do I still need to keep the plugin yaml file? [11:50] mvo, no grub on my rpi3 :P [11:50] davidcalle, it's determined from the file name [11:50] looking at serial i see it loading the right kernel on reboot though [11:51] kyrofa: alright :) [11:51] mvo, aha, after a second reboot it is fine [11:52] so there seems to be something wrong with the sequence [11:55] ogra_: fw_printenv iirc it is then :) [11:55] ogra_: but ok, if you rebooted the output will no longer be interessting === chihchun is now known as chihchun_afk [11:55] http://paste.ubuntu.com/15486754/ [11:56] right ... i'll try tomorrow again :P [12:07] oh, webdm works again (didnt yesterday) [12:08] hmm, the store UI changed [12:18] Does ubuntu core use ntp? [12:23] timedated iirc [12:25] Ah, I'm not familiar with that [12:28] kyrofa: part of systemd AFAIR [12:29] zyga, yeah seems so. Thanks guys! [12:35] zyga, ogra_ verified, and network time is on. Perfect [12:51] dpm, if you rebuild the clock app snap, can you still launch it? [12:51] I get: aa_change_onexec failed with -1. errmsg: Permission denied [12:51] kyrofa: one more question, pulling stage-packages is failing because of a silly "E:Unable to correct problems, you have held broken packages.", is there a container somewhere I can log into to fix this? [12:52] davidcalle, huh, no that stuff is way simpler than a container-- the packages are simply downloaded and unpacked. So there must be a dependency issue in the debs you're pulling? [12:52] dholbach, I don't know, I'll have to try next week. Preparing to leave now [12:52] dpm, ok, sounds good [12:52] dpm, have a great time! [12:53] kyrofa: oh ok, I was assuming it was somehwere special, sounds good [12:53] davidcalle, is it libubuntutoolkit5 vs libubuntutoolkit5-gles or something? [12:54] dholbach: nope, the list being awfully long, I haven't found which one exactly yet :) [12:54] ogra_, asac: "i think jdstrand has a plan for system users in snaps" - I don't. the only thought I had was that if we did optional uids for a snap, we'd need seccomp arg filtering [12:55] davidcalle, ok [12:55] jdstrand, ah, i thought you wanted to add them inside the snap somehow [12:56] I might've mentioned I could imagine yaml to opt-in [12:56] davidcalle, maybe fire up an lxc and try to install them all? [12:56] but I'm not driving it and there is no design [12:56] I did suggest it would be a nice feature [12:56] i surely dont think snap users should be added to the system passwd db though ... it would have to be some pre-snap overlay thing [12:56] *per-snap [12:57] thanks for clearifying though [13:13] So jdstrand sounds like interfaces finally landed in edge? If I'm using old-interface's network-listener, what does that become? [13:16] plugs: [network] [13:20] jdstrand, ah that simplifies things. And network-bind is the service side of it? [13:20] indeed [13:29] kyrofa: note, those are the only two right now. there are MPs for the other 12 [13:29] err, PRs [13:30] jdstrand, awesome [15:55] ogra_, say I want to ship a Snappy-powered device that will be on the open internet. Obviously I don't want to ship with the default ubuntu/ubuntu creds. What is the recommended way of dealing with this? [15:57] kyrofa: There shouldn't be a network listener, right? [15:57] kyrofa, we dont have any recommended way yet ... [15:57] qengho, well that's a little in flux right now. If running 16.04 edge, it's just the listener interface. If 16.04 stable, it's the network-listener thing [15:58] technically you shouldnt have ssh running ... practically all 16.04 images currently have it [15:58] so for now, change the password [15:58] ogra_, what if I actually DO want SSH running, but want to lock it down a little more? [15:59] kyrofa: I mean there should be no way for someone to use the default password One Day. [15:59] qengho, oh man I totally misunderstood you :P [16:00] kyrofa, copy a key in place and disable password auth completely in /etc/ssh/ssh_config [16:00] ogra_, is that something I can do in the image? [16:00] manually, yeah [16:01] ogra_, kpartx, modify, dd again? [16:01] nah, after first boot [16:02] i mean you could kapratx/dd it and all, but it would be the same key everywehere ... so thats a rather useless attempt [16:02] *kpartx [16:02] ogra_, right, duh. Hmm... [16:13] davidcalle, we should talk on tuesday and figure out how we finish this guide [16:13] first thing :) [16:14] dholbach: +1, I'm interested into reshaping - at least - the intended layout for examples, taking into account evan's email. [16:15] yep [16:16] dholbach: first thing coming to mind is a list of "I want to ... " bullet points and one example for each need we recognize. [16:17] +1 [16:36] Hi guys! It's Renat from Screenly=) [16:39] I'm trying to run our programs on the new built image and getting "seccomp_load failed with -22" error [16:39] jdstrand, ^ [16:40] renat: do your programs uses seccomp filters, inside? [16:40] I know the problem [16:41] renat: does it work if you uninstall the snap and then reinstall? [16:41] beuno, qengho, jdstrand, hello=) [16:41] hi :) [16:41] let me try to reinstall it [16:43] jdstrand, no. didn't help [16:43] Hi, Is there any 16.04 Snappy documentation available. All the documentation on https://developer.ubuntu.com/en/snappy/guides/ points to 15.04 model [16:43] renat: can you paste the output of 'cat /var/lib/snappy/seccomp/profiles/...' into paste.ubuntu.com? [16:43] qengho, yes. I set up it for other app using plugs system [16:44] jdstrand, sure. 3 min [16:45] jdstrand, https://paste.ubuntu.com/15488307/ [16:46] interesting, that isn't what I expected to see [16:46] renat: can you paste the output of 'grep audit /var/log/syslog' [16:46] It used to work with older image I built [16:48] jdstrand, https://paste.ubuntu.com/15488327/ [16:48] renat: those parts are stirred often, in development. [16:50] "brk" is a dangerous syscall? So, malloc doesn't work? [16:50] qengho: I think you misread that [16:51] # end dangerous syscalls [16:51] ... [16:51] brk [16:51] we allow brk [16:51] Yes, brk is allowed. [16:52] renat: if you do 'cat /var/lib/snappy/seccomp/profiles/...' is there a final newline? [16:52] jdstrand, 2 newlines=) [16:52] ok [16:52] let me try to reproduce locally [16:53] renat: can you paste the output of 'snappy info' [16:54] Oh! [16:54] jdstrand ubuntu@localhost:~$ sudo snappy info [16:54] release: core/rolling [16:54] architecture: armhf [16:54] frameworks: [16:54] apps: screenly-client.sideload [16:54] ubuntu@localhost:~$ sudo snappy info [16:54] release: core/rolling [16:54] architecture: armhf [16:54] frameworks: [16:54] apps: screenly-client.sideload [16:54] https://paste.ubuntu.com/15488370/ [16:54] Oh.... Sorry [16:54] no worries [16:54] what about snappy list? [16:55] https://paste.ubuntu.com/15488375/ [16:55] i think i saw such an error from the core launcher these days ... havent seen it again with newer images though [16:55] screenly-oem-pi2 is an image bult from canonical-pi2.canonical version 3.2 [16:56] Hello, ogra_! [16:56] hey [16:56] I added the uboot.env but it's still failing :x [16:56] I tried to read the strace results ... I could not get the reason clearly [16:56] I'm trying with older image. 10 min. [16:57] renat, canonical-pi2.canonical is a gadget snap ... i was talking about later ubuntu-core [16:57] renat: what is the output of sha256sum /usr/bin/ubuntu-core-launcher [16:58] ogra_, understood. I use ubuntu-core snap automatically downloaded during the build process. [16:59] right, thats a rather old one [17:00] (somewhere around feb.) [17:01] ogra_: hey, I have a core/rolling image, but it is using the os snap from monday. is there a newer os snap somewhere? how would I generate an image to use it? [17:01] renat: 11:57 < jdstrand> renat: what is the output of sha256sum /usr/bin/ubuntu-core-launcher [17:02] renat: (on the broken image) [17:02] ogra_: this is for qemu amd64 [17:02] jdstrand, 5 min please. I'm re-flashing an image=( [17:03] jdstrand, http://cdimage.ubuntu.com/ubuntu-core/daily-preinstalled/current/ :) [17:03] (indeed onyl for sideloading ... ) [17:06] ogra_: is xenial-preinstalled-core-amd64.tar.gz a qemu raw image? [17:06] jdstrand, no, http://cdimage.ubuntu.com/ubuntu-core/daily-preinstalled/current/xenial-preinstalled-core-amd64.os.snap is an ubuntu-core os snap :) [17:07] ogra_: I'm able to sideload that in a running image? [17:07] not sure if that works on one where it was initially not sideloaded ... [17:07] it works on my locally built one with a simple "sudo snappy install --allow-unatuthenticated ..." [17:08] ok [17:08] and same with the kernel? [17:08] yep [17:08] ok, let me try that [17:09] shoot it does't work [17:09] /tmp/xenial-preinstalled-core-amd64.os.snap failed to install: package "ubuntu-core" is already installed with developer "canonical" your developer is "sideload" [17:10] ogra_: how do I generate an image from those snaps? [17:10] sorry, I've not had to do this before [17:10] use mvo's u-d-f [17:10] jdstrand, aa74d0040f626c2d090ae99d1534924cf6d4e905f5939fbadf179eff3950f12a /usr/bin/ubuntu-core-launcher [17:11]