/srv/irclogs.ubuntu.com/2016/04/27/#snappy.txt

DomiHello, is it possible to use a package form pip in a snap?00:10
ogra_sergiusens: nobody reads my mails :(00:55
ogra_sergiusens: we are past release, we cant change seeds (unless we apply gross hacks)00:56
* ogra_ wrote a long mail about that topic, but nobody reacted00:56
ogra_i'm not sure how we should add something like nss beyond making up an artificial dep in one of the packages00:57
sergiusensogra_ false warning, not needed00:59
ogra_ok00:59
sergiusensAnd not my idea00:59
ogra_sergiusens: doesnt fix the base problem though ...00:59
ogra_i'm sure the next nss is around the corner :)00:59
sergiusensBut I did read your email. I wanted you to tell zyga what you just told me 😌01:00
sergiusensdesktop support landed too close to release01:00
ogra_i suspect we could make ubuntu-core-config kind of a meta package ... to get such deps in01:00
ogra_yeah, it did ...01:00
sergiusensAnd this is what we get01:01
ogra_and really broke to much of the IoT side01:01
sergiusensYou don't say01:01
ogra_heh01:01
ogra_well, we'll dig our butts out of this ... as we always do :)01:01
* sergiusens needs a telgram sticker now01:01
ogra_hah01:02
=== chihchun_afk is now known as chihchun
=== chihchun is now known as chihchun_afk
=== chihchun_afk is now known as chihchun
slvnHello, I am trying to create my first snap but have some issue. (I already read some doc, and tried the opencv example).07:02
slvnI build SDL2 example, with cmake. But it fails to execute as a snap07:03
slvnbecause some shared libs are missing. SDL2 tries to dlopen some libs, like mirclient.so, and probably some other ..07:03
slvnshould I put all those shared libs into the snap package ?07:04
slvn(I think CMake is putting the libSDL2 into the snap package, but not libmirclient.so for instance)07:05
dholbachgood morning07:05
dholbachmvo, wow, you're improving your bug karma :)07:06
zygagood morning07:36
stevebiscuithttps://code.launchpad.net/~stevenwilkin/webdm/use-snapcraft-to-snap/+merge/293053 # should get WebDM in shape to be put back on the store07:37
mvodholbach: hey, good morning. indeed, bug triage ftw!07:52
zygahttps://github.com/ubuntu-core/snappy/pull/108008:03
dpmhi all - does anyone know if there is a workaround for this error, other than wiping out the whole snap installation again? http://pastebin.ubuntu.com/1607590608:08
pedronisdpm: mvo is looking into those kind of issues, how theory is that Notes was running?  that issue is local to the snap so in principle it doesn't need wiping out everything08:14
pedroniss/how/our/08:14
dpmpedronis, yes, I think it was running at the time of install, but it was on a different workspace and I hadn't noticed it. However, even after closing it the uninstall error remains. If the issue is local to the snap, is there a way to fix it, though?08:16
slvnHello ! My snap package needs to access to X11. but it fails because of apparmor (?). (syslog: apparmor="DENIED" ... operation="connect" ... requested_mask="send receive connect" denied_mask="send connect" addr=none peer_addr="@/tmp/.X11-unix/X0" peer="unconfined"  )08:24
zygaslvn: hey, is the x11 interface connected? can you pastebin your snapcraft.yaml please08:26
slvnzyga, probably not since this is my first snap ... http://paste.ubuntu.com/16076031/08:28
zygaslvn: no worries, please add this uner "command:", "plugs: [unity7]"08:28
zygaslvn: and perhaps add opengl there (after unity7) if that doesn't work still08:29
zygaslvn: http://www.zygoon.pl/2016/04/snappy-interfaces-plugs-slots-connections.html08:29
slvnzyga, seems to work better ! (though I have another error now)08:31
zygaslvn: cool, what's the next error?08:32
slvnzyga, my first snap tries to use SDL2. but SDL2 can require libmirclient.so or libX11.so. or now libGL.so ... should I all add them to the snap, with cmake. or should I let the snap access the system lib ?08:32
zygaslvn: I think you should bundle them but I'm not 100% sure08:33
zygaslvn: there are some special provisions for opengl apps08:33
zygaslvn: what error do you see now?08:33
zygadholbach: ^^ do you know if those libs should be bundled?08:33
slvnzyga, SDL2, has started to communicate with x11. (through libX11.so), now it requires to load libGL.so.08:34
slvnit fails because it cannot dlopen libGL.so08:34
slvn(btw, cmake doesn't include by itself libX11.so, so I need to make a *fake* call to a x11 lib, so that the libGL.so is include in snap/ ) (maybe there is a correct command to tell cmake to include it ...)08:36
zygaslvn: try adding the package that has libgl.so to stage-packages08:37
dholbachzyga, I have no idea - dpm: ^ what's your experience?08:41
zygado we have any opengl apps?08:41
dpmzyga, dholbach, ubuntu-clock-app, ubuntu-calculator-app and notes all use the opengl interface08:42
dpmIIRC they install the required libraries via dependencies in stage-packages08:43
zygahttps://github.com/ubuntu-core/snappy/pull/108108:45
slvnzyga, now it looks for another lib :/  "libGL error: unable to load driver: swrast_dri.so", "libGL error: failed to load driver: swrast", "DEBUG: Could not create GL context: BadValue"08:53
zygaslvn: that tells you it cannot load software rendering for opengl, I think there's some magic you have to do to make it use system-wide opengl libraries (that snappy provides)08:55
zygaslvn: but I don't know how this works, sorry, I cannot help you08:55
slvnzyga, thanks anyway :) because you fixed me, in 5 min, a few issues I spent 2 hours yesterday08:58
zygaslvn: I'll look at SDL/opengl apps more closely soon (~ days)08:58
zygaslvn: I'll be blogging about how to snap them correctly08:58
slvnzyga, I'll send you my snap package if I can make it work correctly08:59
zygaslvn: sure08:59
=== JamesTait is now known as Guest50895
wesleymasonQuestion: is it possible to define post-install hooks in a snap? My problem: pkg_resources in python are incredibly dumb, and usually get generated with full paths in them..which means they end up with the "install" part path on my filesystem embedded at the point snapcraft runs, and completely fails when invoked in the installed snap09:02
=== Guest50895 is now known as JamesTait
pedroniswesleymason: no, it's something that snapcraft needs to learn/deal with, maybe a snapscraft bug report could help there09:05
wesleymasonpedronis: *nod*..might not be entirely possible for snapcraft to fix itself, as some of the pkg_resources import hooks rely on non-rel paths (it's why the --relative option to virtualenv is deprecated and used to break a lot)..and obviously you can't rely on knowing the path a snap will be installed at I don't think09:07
wesleymasonwill fil the bug09:07
popeydpm: did you get an answer to your problem of not being able to uninstall a snap if there was a process running, and leaving you in an inconsistent state?09:16
dpmpopey, I didn't, so I ran the "wipe out the world" script and filed bug 1575550 :)09:17
ubottubug 1575550 in Snappy "Snap removal while snap is running prevents subsequent removal or installation" [Undecided,New] https://launchpad.net/bugs/157555009:17
popeydpm: which wipe the world script did you use? I have seen a few09:17
dpmthe one you pasted a while ago09:18
dpmlet me re-paste09:18
* popey confirms the bug09:18
popeyit's worse if your app launches a binary which isn't even graphical09:18
popeyyou have no idea it's running without hunting it down with lsof and friends09:19
dpmoh, I see, so you don't notice easily if it's running or not09:19
popeyyeah09:19
dpmhttp://pastebin.ubuntu.com/16076306/ <- that wfm09:19
popeyi had a random binary called "--debug" running :)09:19
popeyta09:19
* popey saves as nuke_snap_from_orbit.sh09:19
zygadpm, popey: please don't use that09:28
zygause this instead: https://github.com/zyga/devtools/blob/master/reset-state09:28
zygarun this script as the pastebin above is incomplete and leaves some stuff behind09:28
zygafeel free to spread the link, I maintaing that script to work as snappy evolves09:28
dpmthanks zyga - does the system need to be rebooted after runing the script? E.g. for mounts and such09:30
zygadpm: I don't believe so09:33
zygadpm: though if you find a corner case do let me know09:33
zygadpm: and I will gladly take pull requests09:33
zygadpm: to improve on the wording, behavior, etc09:34
dpmthanks zyga09:38
pedroniszyga: though the goal is not to need the script :)09:39
zygapedronis: hehe :) I wonder if dpkg had a 'wipe.pl' script in the early days ;)09:39
zygapedronis: I fully agree though :)09:39
zygaafter the first sru the number of breaking bugs will certainly be much lower09:40
draglyzyga: You mentioned blogging about it when OpenGL apps are working properly. Where's your blog? I'd like to follow the progress on this :)09:46
zygadragly: zygoon.pl, also on planet.ubunt.com09:46
slvnzyga, just to let you know. snap package works when the SDL2 renderer is set as software (no GL libs). Using opengl renderer, libGL.so can't load libswards_dri.so. Verbose log http://paste.ubuntu.com/16076481/09:46
draglythanks09:46
zygaslvn: does it work when you install the snap with --devmode (remove it first please)09:47
zygaslvn: please report a bug on snappy with the log you see above and with syslog output (journalctl -n 1000,)09:48
zygaslvn: we won't "fix" it immediately but it will help us to track it09:48
zygaslvn: please include your snapcraft file / sources as well (as links or attachments)09:48
slvnAdding --devmode won't help09:50
slvnalso, I have the swarst_dri in the ./snap/  see : http://paste.ubuntu.com/16076518/09:51
slvnI'll report the issue ...09:51
zygaslvn: if --devmode doesn't help then you need to tweak your snap to have the right settings to intialize GL (I cannot help there unfortunately)09:58
zygaslvn: including, perhaps, more libraries09:59
seb128dholbach, is https://github.com/ubuntu-core/snapcraft/blob/master/docs/your-first-snap.md uptodate?09:59
slvnzyga, I continue investigating before reporting (or not) the issue. it seem dri/swrast.so is there, but libGL.so is not finding it :/10:00
slvnzyga, what does devmode does ?10:00
zygaslvn: http://www.zygoon.pl/2016/04/snap-install-devmode.html10:00
slvnzyga, ok! strange because with "--devmode" but no plug x11/opengl and no stage package libgl1-mesa-glx, it still cannot find libGL.so.10:07
pedronisthat's what subset of libs we mount, not a security one10:10
pedronisI suspect10:10
slvnzyga, still want me to enter a bug report ? (https://launchpad.net/snapcraft ?)10:13
zygaslvn: yes please10:13
dholbachseb128, it should be - if it's not, that's a bug10:15
seb128dholbach, ok, good, just checking before starting reading it ;-)10:15
seb128dholbach, thanks10:15
dholbachseb128, https://github.com/ubuntu-core/snapcraft/pull/454 is a pending change I know of10:16
seb128dholbach, danke10:16
dholbachkyrofa, ^ can we land this one soon?10:16
seb128dholbach, I started by reading https://github.com/ubuntu-core/snapcraft/blob/master/docs/get-started.md10:17
seb128which states10:17
seb128"This is the most important selection of tools you will get after installation:10:17
seb128snappy try          - try snaps from a .snap, the [stage] or [snap] dir"10:17
seb128but "snappy" is command-not-found10:17
seb128so I was wondering if the rest was updated10:18
seb128going to read more and see if I find issues10:18
seb128dholbach, k, that pending change address that one10:23
slvnzyga, there https://bugs.launchpad.net/snapcraft/+bug/157558210:24
ubottuLaunchpad bug 1575582 in Snapcraft "Snap package, using SDL2, needs access to libGL.so and DRI dependencies" [Undecided,New]10:24
zygaslvn: thanks, checking10:25
slvnzyga, the attachment is the SDL2 helloworld ..10:25
zygaslvn: the attachment looks good, thanks for reporting this10:26
=== chihchun is now known as chihchun_afk
=== chihchun_afk is now known as chihchun
slvnzyga, my opinion is that GL libs should not be provided in the snap package. But the SDL2 should require an access to a subset of system libs.10:45
slvnwhen I add the "plug"  unity7, I can get access to mirclient I guess?10:45
slvnbut when I add the plug "opengl" I dont get access to libGL !10:45
ogra_that would be unity8 :)10:45
ogra_(there is no expectation for mir on unity7 i thinnk)10:46
slvnto get access to libGL, I need to add the stage-package libgl1-mesa10:46
zygaslvn: that much is true but which *actual* libraries are provided by the snap and which are provided by the os is tricky10:47
zygaslvn: from a particular GL call in your code to, say, nvidia userspace blob doing something is a long path10:48
zygaslvn: a similar thing happens with openCL but there it, at least, was designed correctly up front10:48
slvnogra_, yep unity8 :) but that's probably a typo ..  btw, if I put unity8, I get an error at runtime "Bad system call".10:48
zygaslvn: so you can query available drivers and pick the right one10:48
zygaslvn: there is no unity8 interface yet10:49
DomiHello, how do I pack packages form pip in my snap?10:51
zygaDomi: hey, look at snapcraft examples, there are some pip-based python demos there10:52
slvnzyga, yep tricky choice of lib to include or not ... Best case: the snap contains only the Application. Worse case: it contains the whole distribution ...10:53
slvnhow can I know that the "plug" "opengl" do ?10:53
Domizyga: I just see the python example with spongeshaker and github10:54
Domihttps://github.com/ubuntu-core/snapcraft/blob/master/examples/py3-project/snapcraft.yaml10:54
zygaslvn: look at snappy source code, today there's little docs on interfaces10:54
zygaslvn: I'm writing some but they are not ready yet10:54
slvnzyga, np, I will have a look :)10:55
Domisnapcraft snap fails because the python installation. Her is the output http://pastebin.com/GmZB6v4D can anyone help me?11:25
seb128can snapcraft.yaml use a dynamic version?11:33
seb128like version: "version: `bzr revno`"11:39
zygaseb128: nope11:51
zygaseb128: not that I know of at least11:51
seb128:-(11:56
_morphiszyga: you saw my comment about moving the security label building code somewhere else where every interface implementation can consume it?12:01
zyga_morphis: no, not yet12:01
zyga_morphis: though I think it makes a lot of sense :)12:02
_morphisok12:02
_morphis:-)12:02
zyga_morphis: I was thinking if n-m would use it12:02
kyrofaGood morning12:02
_morphiszyga: for sure12:02
kyrofadholbach, I was hoping to wait until snappy was in sync across the desktop and ubuntu core, but perhaps that's not necessary12:03
=== chihchun is now known as chihchun_afk
loic_mhi there12:11
loic_mI work on a project where I'll have raspberryPis running various applications (deal with a central API, and run a chrome-browser in kiosk mode to display an html app displayed on a screen plugged-in by hdmi)12:13
loic_mI'm discovering Snappy and I wonder if it could be a great tool to manage my applications and their deployment accros all the devices12:14
loic_mcan I have "private" snaps on the store?12:16
=== chihchun_afk is now known as chihchun
zygaloic_m: I'm sure you can :-)12:22
zyga_morphis: I'm looking at one more thing and then I'll switch focus to n-m12:23
_morphiszyga: ok, just moving those bits into a specific function is enough for me, I can adjust the n-m interface implementation then12:25
sergiusenskyrofa I have another morning gift for you https://bugs.launchpad.net/bugs/157562812:45
ubottuLaunchpad bug 1575628 in Snapcraft ""copy" plugin symlinks whole snap folder when no source is given" [Undecided,New]12:45
kyrofasergiusens, yeah I'm discussing it now in another channel12:46
seb128did anyone looked at making snaps load locale .mo translations?12:46
seb128dpm, ^ do you know?12:46
kyrofasergiusens, the problem is that built snaps are copied if the source is '.'. Which is a problem with all plugins that accept the source keyword12:46
seb128also to get locales generated in the snap12:46
dpmseb128, tl;dr, I did, it didn't work12:47
seb128did you file a bug about it?12:47
dpmseb128, the clock app is an example:12:47
dpmit builds and ships the .mo files12:47
dpmbut the UI toolkit does not find them12:47
seb128well, non english locales are not even available right?12:48
seb128we would need to generate locales on the core image12:48
sergiusenskyrofa yeah, I am not a fan of source: '.'; we could be smarter about this and do a `bzr export`, `git whatever` and then default to a plain copy (depending on the plugin of course)12:48
seb128or to include locales in the snap12:48
seb128and generate those in some way12:48
dpmseb128, for the toolkit, apparently setting https://github.com/sergiusens/qt5conf/blob/master/qt5-launch#L55 should take care of it, but it didn't work. And yeah, good point, if they're not generated, they won't be recognized12:49
vilasergiusens: yeah, coverage is not such a big deal for me... as long as you don't block on that ;-) The integration tests cover the parts that the unit test don't12:49
vilasergiusens: this is ready to review though12:49
kyrofasergiusens, what does bzr export (or similar) get us?12:49
sergiusensvila well we do block on low unit test coverage ;-)12:49
sergiusenskyrofa exporting the pure sources without generated artifacts12:50
kyrofasergiusens, assuming the snap is in version control?12:50
kyrofasergiusens, what if we disallowed specifying '.' as the source? We could get rid of the build step's filtering that way12:50
vilasergiusens: well, you want me to require a dev setup including sso, sca, cpi and updown servers ? ;-)12:50
sergiusenskyrofa yeah, that's why I said, if nothing is possible, default to plain copy (depending on the plugin)12:51
kyrofaAh12:51
sergiusensvila I say talk to elopio; he's the master of test; but we mock server requests/responses for these cases in general12:51
kyrofasergiusens, that also means we can't run if one hasn't committed to git (or bzr, whatever)...12:51
vilasergiusens: the coverage decreased is caused by the implementation change and by replacing mocked tests by tests against real code12:52
vilamocked requests/response bitrot faster than the server evolves, especially here for macaroons12:52
zygahttp://www.zygoon.pl/2016/04/anatomy-of-snappy-interface.html12:52
ogra_heh, zyga playing doctor :)12:53
zyga:-)12:54
sergiusensvila so this is not specced? Chipaca are you testing the macaroons implementation with unit tests in snapd?12:54
sergiusensvila this is also why we need both in any case, integration tests and unit12:54
vilasergiusens: what do you mean by speceed ?12:56
sergiusensvila client/server interaction12:56
dholbachkyrofa, probably not12:56
kyrofadholbach, alright, I'll write it for the desktop, since that'll be valid soon for ubuntu core12:57
zygadholbach: note, I won't be able to attend the snappy community sync12:58
kyrofasergiusens, alright with you if we get https://github.com/ubuntu-core/snapcraft/pull/454 into the SRU as well?12:58
vilasergiusens: it is, that didn't mean there is no bugs (we've fixed several along the way)12:58
zygadholbach: unless you want me to dial-in from a classic mobile12:58
dholbachzyga, no worries12:58
dholbachdpm, ^ looks like zyga and niemeyer can't make it for the sync12:59
dholbachmaybe we should set up a separate meeting to discuss interfaces/playpen?12:59
zygaI could have otherwise just not today (I learned a moment ago)12:59
dpmniemeyer, zyga, would another day this week work better for you?12:59
zygadpm: any, sorry, I'm usually free at this time13:00
niemeyer_dpm: Not at this time13:01
niemeyer_dpm: I mean, not if the slot is at the same time of the day13:02
dpmdholbach, niemeyer, zyga, would tomorrow, 30 mins later than the original time work?13:07
dpmI'm looking at the calendars and I don't see any conflicting calls13:08
zygaearlier would work, I'm free at all times except for the stand-up call we have right now13:08
dpm1h earlier, then?13:09
sergiusenskyrofa yeah, it is fine13:09
seb128is plugs security enoug to let a snap access to the network?13:12
zygayes13:14
zyga'network' plug gives you client access13:14
dpmzyga, niemeyer, so would tomorrow, 13:30 UTC work for you, right after your standup?13:15
dpmdholbach, I'm otp atm, if that works for everyone, would you mind moving the meeting? ^13:16
niemeyer_dpm: Yeah, that works13:16
dpmexcellent13:16
dholbachdpm, hohum... that won't work for me13:16
dholbachI have an appointment from which I have to get back home13:16
dholbachI'd be late quite a bit13:17
dholbachmaybe I should make that clearer in my calendar13:17
niemeyer_dholbach, dpm: Done, thanks!13:17
dholbachor hang on13:17
dholbachUTC13:17
dholbachnevermind13:17
dholbachignore me13:17
dpmdholbach, ok, cool :)13:17
dholbachsorry, I didn't want to complicate things additionally :-)13:18
dpmall good now :)13:18
zygajdstrand: about x11, can we do anything about that untrusted client thing that mjg59 mentioned?13:43
sergiusensogra_ dholbach how would we SRU snapcraft when needed? We have some bug fixes around for a 2.8.5; and later on I'd like to get 2.9 with support for gulp to be able to build some node/electron apps13:49
ogra_sergiusens, well, through the normal SRU process13:54
ogra_have bugs ... subbscribe the SRU team ... upload to -proposed with the bugs mentioned in the changelog ...13:55
jdstrandzyga: its being discussed in another thread. there are options. untrusted isn't likely one of them since it doesn't actually block key sniffing (it only blocks one way to sniff)13:57
jdstrandzyga: all options require engineering effort13:57
jdstrandzyga: but the main thing is that this is a strategic decision and a transition, and messaging should reflect that13:58
jdstrandzyga: and messaging beyond what has been messaged is being discussed with olli, jamiebennett, etc14:00
dholbachsergiusens, get all fixes into yakkety first14:02
dholbachsergiusens, then file a bug report listing with the stuff that's fixed in the SRU, and add the https://wiki.ubuntu.com/StableReleaseUpdates description to the bug14:03
dholbachsergiusens, let me know if you need any help with that14:03
seb128jdstrand, hey, can you tell us how snap is blocking syscalls? seems to block "socketcall" on my i386 install for some reason14:10
ogra_seb128, via seccomp14:12
seb128ogra_, any idea about it blocking "socketcall" on i386?14:13
ogra_(there used to be ways to exclude syscalls from it ... not sure that still exists with the switch to interfaces though)14:13
ogra_well, it will most likely block creation of system sockets outside of the confined snap area14:13
ogra_(you should be able to create session related sockets in your rw space though)14:14
jdstrandseb128: via seccomp. the launcher sets up a list of allowed syscalls. you can use 'scmp_sys_resolver ##' on the target system to see what the syscall is14:17
jdstrandseb128: you can manually add them to the seccomp filter in /var/lib/snapd/seccomp/profiles/... to temporarily unblock yourself14:18
ogra_jdstrand, is there still a way via snap.yaml ?14:18
desrtjdstrand: the problem is that the syscalls for individual socket APIs are very new on i38614:18
desrtand glibc still doesn't implement them via the new calls14:18
desrtso on i386 we need to allow socketcall() for any network access14:19
desrtbut unfortunately that will also open up bind() listen() etc14:19
desrtthis is more or less why they introduced the new calls....14:19
jdstrandseb128: socketcall is included in the 'network' plug. add 'plugs: [ network ]' to your yaml14:19
desrt(for the sake of seccomp)14:19
desrtjdstrand: we already have that :/14:19
jdstrandseb128: it's possible you have that and it isn't autoconnecting. sergiusens saw that yesterday14:19
jdstranddesrt: ^14:19
jdstrandI think zyga is aware of the issue14:20
desrtreally, we need a new glibc...14:20
ogra_desrt, just ship it in your snap ;)14:20
jdstrandoh, no I lied14:21
jdstrandsocketcall is commented out14:21
jdstrandit is intentionally blocked14:21
desrtcould we at least get it with network-bind?14:21
jdstrandprobably14:22
desrtif we have network-bind then clearly the whole range of socket calls is OK...14:22
jdstrandlet me look into it14:22
desrtthx!14:22
jdstrandfor now, to unblock yourselves while I look at that, add it to /var/lib/snapd/seccomp/profiles/...14:22
desrtthanks for the help :)14:22
seb128jdstrand, thanks14:23
desrtyou might want to let socketcall() happen for 'network' if we're on x86....14:23
desrton account of the fact that that's probably more reasonable than listing network-bind in every app that uses the network and doesn't want to be aborted on 32bit14:23
desrtstrictly, it's a leak of additional privilege... but considering the alternative (ie: all apps effectively have to list network-bind everywhere) it seems fairly reasonable14:25
slvnquick question, my snap application needs images. I copy them directly in the "./snap" folder and open them with the path "$env(SNAP)/foo.png". Is there a better way to do that ?14:36
seb128jdstrand, is there a way to allow dbus communication between unity and confined softwares?14:37
sergiusensjdstrand desrt yes, after multiple install/uninstalls will eventually casuse this14:37
desrtspecifically, unity needs to make a method call, the app needs to reply, and then the app needs to be able to broadcast signals that unity can see14:39
ogra_slvn, sounds like an okayish way to me14:40
desrtapps also need to be able to own a specific bus name14:41
slvnogra_, ok :)14:41
slvnogra_, maybe a magic CMake instruction, to automate the copy of images to ./snap :/ ?14:42
* ogra_ would just use the copy plugin to copy the dir 14:43
slvnok!14:45
kyrofaslvn, indeed, that's what the copy plugin is for14:45
sergiusensdpm can I have comment permissions to your "Snap this!" doc?14:47
sergiusensdpm thanks!14:47
dpmsergiusens, done14:47
sergiusensdpm yeah, I said thanks when I saw I had access :-)14:55
sergiusensdpm fully commented, every bullet ;-)14:55
slvnogra_, kyrofa, in fact, I use "install(FILES ${IMAGES} DESTINATION .)"   because COPY copy in build/...15:02
Trevinhosergiusens: hey, how can I get snapcraft to be more verbose (or a plugin to be)?15:02
kyrofaslvn, ah, we meant the copy plugin in snapcraft15:03
kyrofaslvn, but doing it in cmake works as well :)15:03
sergiusensTrevinho --debug15:04
ogra_yeah, indeed15:04
slvnkyrofa, :) well .. since it's now written in the cmakefile .. I'll keep it there..15:04
sergiusensTrevinho we still have an action to add --verbose which would enable verbose builds for everything that supports it15:04
sergiusensslvn long term, doing it in the build system is the better option15:05
Trevinhosergiusens: ok, thanks15:05
Trevinhosergiusens: it would be cool15:05
jdstrandseb128: sorry, was in several meetings15:05
Trevinhosergiusens: also, what if a nodejs package needs to do npm i multiple dirs (like parent and child folder)? adding two parts does work?15:05
jdstrandseb128: so, what I told willcooke was that if you give me the snap, I can work through the policy issues and update the unity7 interface security policy15:06
sergiusensTrevinho two parts should work15:06
kyrofaslvn, great!15:06
sergiusensTrevinho what are you doing out of curiosity?15:06
Trevinhosergiusens: mh well... it almost does... but then I've an error in looking for files15:06
jdstrandseb128: in the meantime, you can temporarily adjust things in /var/lib/snapd/apparmor/profiles/... then add this rule in between the curly brackets:15:06
jdstrand  dbus,15:06
sergiusensTrevinho I have multiple additions for the nodejs plugin (among those, being able to use gulp as the driver)15:06
jdstrandsergiusens: then do: sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/...15:06
jdstranderr15:07
jdstrandseb128: ^15:07
sergiusenserr15:07
sergiusens:-)15:07
Trevinhosergiusens: as experiment https://github.com/Aluxian/Whatsie15:07
jdstrandseb128: that will allow all dbus calls until you reboot15:07
Trevinhojdstrand: the changes are http://paste.ubuntu.com/16081259/15:07
seb128jdstrand, thanks15:07
Trevinhojdstrand: very hacky though15:07
jdstrandseb128: actually, until snapd updates the file, which I think is on reboot but might happen every 12 hours15:07
Trevinhothere are hardcoded archs... or15:08
Trevinhocahce files with are not generated15:08
Trevinhocache*15:08
jdstrandoh, you are doing this on i386 and not amd64?15:08
seb128jdstrand, the pastebin from trevinho are our hacks from the day15:08
seb128I am15:08
seb128my laptop is 6 years old never reinstalled15:08
jdstrandI see15:08
jdstrandI could easily adjust locally15:08
sergiusensTrevinho you might want to wait for my gulp branch15:08
seb128but we have people who tried on amd6415:08
Trevinhowell, yeah... but also in a brandnew VM things do the same15:08
seb128right15:08
jdstrandTrevinho: that is a diff to my junk branch?15:09
seb128sergiusens, gulp?15:09
Trevinhosergiusens: ah, ok...15:09
Trevinhojdstrand: yes15:09
seb128jdstrand, yes15:09
jdstrandok, I have another meeting in a few minutes but will start playing with this after15:09
seb128sergiusens, are you telling us we shouldn't have started working on a gnome example because we dup work with you?15:09
sergiusensseb128 no, I am talking to Trevinho ;-)15:09
seb128jdstrand, k, we are mostly done for today here15:09
Trevinhojdstrand: this is for x86-64 http://paste.ubuntu.com/16082479/15:10
Trevinhojdstrand: and... you need to copy there /usr/share/mime/mime.cache15:10
sergiusensseb128 carry on with gtk :-)15:10
seb128sergiusens, well, Trevinho is with us at a team sprint where we collectively work together15:10
sergiusensseb128 oh, well he is looking at a nodejs project15:10
seb128ah ok15:10
* Trevinho too15:10
seb128so other thing :-)15:10
ogra_jdstrand, you should just declare it "notabug" and blame seb128 for skipping laptop refreshes twice already :P15:10
jdstrandah yes the loaders cache. I would've forgotten about that15:10
* Trevinho multi-tasking15:10
jdstrandTrevinho: thanks!15:10
jdstrandogra_: hehe15:11
sergiusensseb128 and I've just added gulp support (a nodejs build driver) to the nodejs plugin15:11
sergiusensstill missing grunt15:11
seb128jdstrand, we got gnome-calcultor to work including icons and exported menus and theme (unrestricted), in restricted menus are missing15:11
jdstrandseb128: willcooke said something about you guys pushing a branch somewhere at some point. can you ping me whenever that happens?15:11
sergiusensand the G is not related to glib, gtk or gnome :-)15:11
jdstrandsergiusens: that is great! I have some policy for menus but lacked an app to verify it15:12
seb128jdstrand, sure, I need to clean up the diff in the pastebin and replace the arch encoded bits15:12
jdstranddarn it15:12
jdstrandseb128: ^15:12
seb128k15:12
seb128great :-)15:12
seb128jdstrand, we hope that the "have to ship precompiled cache, pixbuf loaders, etc" is going to get replaced by proper solutions over time though15:13
ogra_be introducing postinst in snaps ?15:14
seb128that wouldn't help15:14
Trevinhosergiusens: however, in these cases, I should do a custom plugin or is there another way to run gulp? Actually it seems to build the src though15:15
seb128you don't want each app to ship the glib locales and have to do e.g locale-gen15:15
Trevinhosergiusens: the only thing I did was a simple http://pastebin.ubuntu.com/16082644/15:17
jdstrandseb128: oh for sure. that is rather icky. but one step at a time :)15:17
jdstrandseb128: curious if you think that means changes to gtk to support snaps (whether that is a plugin or something else)15:18
seb128jdstrand, are we going to recommend upstream to copy our hacks to include gio, etc caches?15:18
jdstrandseb128: no, I mean design a solution that can work with it15:18
jdstrandbasically, I'm curious if you have ideas on what the proper solution will be15:19
seb128well it's a design choice15:19
Trevinhosergiusens: but then I get something like15:19
Trevinhohttps://www.irccloud.com/pastebin/1tASMLIM/15:19
seb128I think e.g image loaders should be part of the core15:19
seb128not something appdevs are interested to have a custom copy of15:19
jdstrandseb128: I would tend to agree. ie, ubuntu personal has all these kinds of things, like how touch does15:20
seb128right15:20
seb128then things like schemas, etc we need to resolve15:20
ogra_seb128, i really dont want image loaders in my IoT device :P15:20
seb128that's why you would install core and not personal15:20
ogra_(unless its some camera IoT think perhaps)15:20
jdstrandseb128: now whether that is a separate os snap or a special snap that works with the os snap, idk. that is for the architects to decide15:20
seb128right15:21
jdstrandok15:21
ogra_i guess we need some low level library snap from canonical that provides the bits and pieces15:21
=== oparoz_ is now known as oparoz
Trevinhoand... with other files... Here's the deubg output15:21
* ogra_ would have it called a framework snap :P15:21
Trevinhohttps://www.irccloud.com/pastebin/1dNpAbUr/15:21
Trevinhoogra_: yeah, a framework for gtk/gnome is really needed...15:22
ogra_except that we killed frameworks with snappy 2.015:23
ogra_(thus the :P above )15:23
Trevinhoyeah, that's what I was worried about....15:23
Trevinhoso, we're going to ship a 66Mb snap for the calculator, and other hundreads of apps?15:23
Trevinhoogra_: ^15:24
ogra_and buy stocks of some SSD manufacturer, yeah15:24
Trevinhoal least if deduplication was still something we cared about...15:24
ogra_(i know the prob is known ... but the former solutions were abandoned .... not sure whats in the pipe for that in the future )15:25
oparozlibrary snap?15:25
ogra_that only helps within one namespace15:25
ogra_per definition15:26
oparozI thought the goal of the library snap was to offer common tools and space?15:27
slvn Got an apparmor issue "shm_open() failed" when initializing audio. Syslog: apparmor="DENIED" operation="open" name="/dev/shm/pulse-shm-426767320215:27
seb128jdstrand, sergiusens, ogra_, do we have a plug for sound?15:27
ogra_oparoz, withing your namespace, yes15:27
ogra_seb128, not yet ...15:27
oparozogra_, what do you call the namespace? dev ID?15:27
slvn:(15:27
ogra_oparoz, yes15:28
oparozogra_, makes sense15:28
kyrofaslvn, I don't think we have any audio interfaces yet. I think zyga is working on it15:28
slvnkyrofa, ok np, I will just skip the audio initialization for the moment ..15:29
jdstrandseb128: not yet. zyga and I discussed it a bit yesterday but need niemeyer_'s input15:30
ogra_just deliver some sheet music alongside your app ...15:30
seb128k15:30
jdstrandthis is again, due to not having a working snap15:30
seb128well no need of that for calculator15:30
seb128I've just been playing a bit more, including pulseaudio in a snap and trying paplay15:31
jdstrandseb128: is there an app that is using it?15:31
jdstrandI see15:31
jdstrandseb128: so there are two things at play here (fyi niemeyer_): 1) a pulseaudio snap that works on core proper and 2) pulseaudio access for snaps on classic15:32
jdstrandI foresee the policies to actually be different15:32
_morphisjdstrand, awe_: updated https://github.com/ubuntu-core/snappy/pull/1036 today, would be great if you guys can have another look15:33
jdstrandso we need to work out if for the transition perid of snaps on classic if pulseaudio should just be included in unity7 or maybe a new unity7-audio, and then have the pulseaudio interface for a pulseaudio snap15:33
jdstrandseb128, niemeyer_: ^15:33
seb128jdstrand, right15:33
jdstrandniemeyer_: perhaps you have other opinions. personally, I'm leaning towards unity/unity7-audio15:33
jdstrandniemeyer_: but I'm totally open to other options15:34
jdstrands#unity/unity7-audio#unity7/unity7-audio#15:34
seb128do we have an human-description of the current plugs?15:34
_morphisjdstrand: sounds good to me as we will use an actual "pulseaudio" interface for the real pulseaudio snap we're doing for core15:34
jdstrandseb128: in docs/interfaces.md. that will be updated on the website in the coming days15:35
seb128_morphis, how is that going to work? does it mean an app that needs audio is going to be able to depends on the pulseaudio one?15:35
* ogra_ wonders if such a setup can even work when pulse runs as a session thing (vs a system daemon)15:35
slvnalso .. SDL_Init(SDL_INIT_JOYSTICK) will say "Can't init SDL JOYSITCK:  Could not initialize UDEV:15:35
_morphisseb128: for ubuntu-core not desktop we're going to make an pulseaudio snap15:35
ogra_i assume the pulse snap will spawn a system process ...15:35
ogra_(have to)15:36
seb128_morphis, but can snaps have depends on other snaps/share resources?15:36
jdstrand_morphis: yes. are you guys planning on picking up diwic's work? /me notes that the pulseaudio discussion applies equally to network-manager and bluez15:36
_morphiswhich will use a "pulseaudio" itnerface to provide slots for other snaps to connect to15:36
seb128we start having frameworks then?15:36
jdstrandseb128: no, frameworks are dead15:36
_morphisjdstrand: we do but its the last item in the list15:36
ogra_we just abandoned them :)15:36
_morphisseb128: the only thing you need in your app is a plug using the "pulseaudio" interface15:36
seb128_morphis, then installation your application would install the other snap?15:37
_morphisand for sure a client lib inside your snap to connect to pulse15:37
seb128e.g sort of depends?15:37
ogra_no15:37
ogra_no depends15:37
ogra_the interface would simply not be there and you wouldnt get sound15:37
seb128so your users might get sound working or not15:38
ogra_yeah15:38
_morphisyes15:38
seb128"great"15:38
seb128:-)15:38
jdstrandseb128: instead there are interfaces. a pulseaudio interface can be used on the slot side (server) or the plugs side (client). a pulseaudio snap would declare it provides the pulseaudio slot for apps to connect to. clients declare to use the pulseaudio slot. then UX defines how to surface snaps that plug pulseaudio if you have the pulseaudio snap installed or not (ie, the slot is available for use)15:38
jdstrands/clients  declare to use the pulseaudio slot/clients declare to use the pulseaudio slot via 'plugs'/15:39
_morphisseb128: could be that we do different pulseaudio itnerface for different use cases if we have to limit certain aspects for security reasons or so15:39
seb128jdstrand, any dev/snap is going to be able to provide slot side?15:39
jdstrandseb128: that is a pure ubuntu core system. not sdoc15:39
ogra__morphis, well, i'm still curious about system daemon vs session daemon ...15:39
_morphisogra_: I suspect we will only have a system instance on core15:40
ogra_today every user has his own pulse daemon on a per session base15:40
jdstrandseb128: yes, but if you are declare a slot and the slot is deemed dangerous, then the snap will be flagged for manual review (eventually handled via assertions)15:40
jdstrandseb128: today, all snaps that declare slots are flagged. that will evolve15:40
awe_ogra_, sure and every user has it's own obexd15:42
jdstrandseb128 (and niemeyer_): as for pulseaudio on sdoc, you can see that there is an interplay there that we need to consider. the ubuntu-core os snap doesn't provide pulseaudio, but it is magically provided by how snappy on classic is implemented. and the pulseaudio on classic is different (and would certainly conflict with) a pulseaudio snap15:42
awe_ogra_, for snappy, this was changed to work on the system bus15:42
jdstrandso there are questions to be solved15:42
awe_ogra_, not saying it won't take work...15:42
jdstrandanswered*15:43
ogra_awe_, well, if i look at NM i have a proper split ... might make sense to have that everywhere15:43
awe_not sure what you mean?15:43
awe_by NM split?15:43
seb128jdstrand, thanks, direction looks good :-) it just feels weird that a dev can't declare that his app requires e.g an audio slot15:43
ogra_NM has a system process and a session process ...15:43
ogra_pulse currently doesnt allow that15:44
seb128jdstrand, it means device users might be able to install video player and not be able to get sound which makes the app looks buggy15:44
jdstrandslvn: as for joysticks-- that is going to need an interface. once you figure out what it is that need and perhaps how to get there, please file a bug against snappy and add the snapd-interface tag15:44
awe_ogra_, there's only one NM15:44
awe_and it's system15:44
jdstrandseb128: apps do declare it. eg, a game might 'plugs [ network, unity7, pulseaudio ]'15:44
ogra_awe_, but there is a system wide daemon and there are user-session clients using it15:45
awe_sure, and on snappy.. there'll be a system-wide daemon, and one or more snaps using it via interfaces15:45
jdstrandseb128 (and niemeyer_): in the pure ubuntu-core system. in the sdoc system, maybe that is 'plugs: [ network, unity7 ]', maybe 'plugs: [network, unity7, unity7-audio ]', maybe something else (that is the discussion15:45
ogra_awe_, right, but thats not how pulse works atm15:46
ogra_it hogs the device from userspace via a session daemon15:46
jdstrandniemeyer_: note, I'm effectively CCing you on the conversation but not because we need to have it this second, just so that you have context in the future conversation15:46
awe_jdstrand, can snaps be restricted from running on a sdoc system?15:46
seb128jdstrand, thanks15:46
awe_I don't see any possible use case for a NM snap to be installed there15:46
jdstrandawe_ (and niemeyer_): there is no mechanism for that atm afaik. I guess you are thinking about blocking network-manager from an sdoc system. that is something else to consider for sure (and I think niemeyer_ may be thinking about that already)15:47
jdstrandawe_ (and niemeyer_): it sorta feels like ubuntu-core os snap should only expose certain interfaces on sdoc (eg, unity7, x11) and filter other (network-manager, bluez, pulseaudio, etc). that needs to be worked through15:49
awe_yea, I've seen enough odd requests to make NM co-exist with other pseudo 'network-managers', but two NMs on the same device seems a super bad idea15:49
awe_jdstrand, +115:49
jdstrandindeed :)15:49
ogra_awe_, if you hide it and someone is insane enough to upload a wicd snap to the store you get into the same trouble though (and you might not have any control over the person providing the wicd one to sdoc)15:50
ogra_sounds like a very tricky problem15:51
jdstrandI think snappy could handle that15:51
jdstrandie, wicd would need an interface too15:51
jdstrandso if network-manager was installed, wicd would not be available15:51
ogra_well, some standard network-device-access thing15:51
jdstrandand vice versa15:51
jdstrandif neither were installed, both would15:52
ogra_jdstrand, i'm talking about hiding NM on sdoc15:52
awe_well... out interface is *very* specific to NM15:52
ogra_you wont block people from pushing other stuff that breaks this15:52
awe_I suppose a wicd snap might be able to use it15:52
awe_however if wicd provided a DBus API it wouldn't work15:53
awe_but in the end15:53
ogra_(and you wouldnt block me from providing a naetwork-manager.ogra either)15:53
slvnjdstrand, I'll debug the joystick (and fill a bug report if needed) another day  :)15:53
awe_if they do all the work to create a wicd iface15:53
awe_then they can upload right?15:53
awe_and we have the same conflict problem on an sdoc system15:53
ogra_thats my point :)15:53
awe_I think if any package is valid example15:54
awe_it's be commman15:54
awe_s/it's/it'd/15:54
jdstrandthe idea with interfaces is that they are a sort of contract15:54
awe_unfortunately bound a little too tight IMHOP15:54
jdstrandif something declares it provides the slor for network-manager, it is network-manager to any clients that connect to it15:54
jdstrandso if wicd can't do that, it needs its own interface15:55
awe_right, definitely not usable to any other package15:55
awe_...but to ogra's point15:55
awe_there's no reason why we wouldn't upload a connman snap at some point15:55
awe_and it would have the same issues on an sdoc system15:55
jdstrandyes15:55
ogra_right ... so how would you filter all of these snaps ... you cant just only forbid n-m on sdoc15:56
jdstrandthat will need to be discussed15:56
awe_the question is where's the line... do we assume people won't do such dumb things, or do we need to add a mechanism to prevent?15:56
jdstrandbut connman would have its own interface, so it could be added to the filter15:56
jdstrand(on an sdoc system)15:56
awe_right15:56
jdstrand(if that is how it is implemented)15:56
awe_I mean we are reviewing15:56
ogra_someone would have to maintain all these filter rules then15:56
ogra_that might become a huge thing15:56
jdstrandmaybe15:57
ogra_given that anyone can invent interfaces15:57
jdstrandno15:57
jdstrandall interfaces go through ubuntu core15:57
ogra_for the client side ?15:57
jdstranda snap can't ship an interface15:57
ogra_ah, i thought i can offer a foobar interface to others when i package foobar15:57
jdstrandit can only implement it (it slots) or consume it (it plugs)15:57
awe_but it's all in the one interface added to core15:58
jdstrandUbuntu Core controls the types15:58
ogra_ok15:58
jdstrandthe types are bluez, network-manager, wicd, connman, pulseaudio, etc15:58
awe_wicd??? really?15:58
jdstrandyou can p[rovide an implementation (slots) that uses that type15:58
jdstrandawe_: wicd isn't there now. I was just creating a list based on this conversation15:59
jdstrandok, I have a meeting15:59
awe_are we going to provide oss too?15:59
awe_thanks jdstrand15:59
awe_ttyl15:59
=== chihchun is now known as chihchun_afk
_morphisogra_, awe_: we can run pulseaudio easily as system daemon16:01
_morphispulseaudio --system is all you need16:01
ogra__morphis, i thought there were mutil-user reasons to do it the way we do it today16:01
_morphisogra_: sure16:02
ogra_like ... not freeing up the interface when you switch users etc16:02
_morphisogra_: on a multi user system you really don't want --system16:02
ogra_right16:02
_morphisbut on a ubuntu-core system you do16:02
_morphisas we don't have multiple users there anyway16:02
awe__morphis, that's what I said earlier16:02
awe_just like we do with obexd16:02
_morphisyeah16:03
_morphiswe will do this with all daemons we're putting on ubuntu-core16:03
_morphisno session bus16:03
awe_again, we may need to run things differently on core16:03
awe_this is all new ground16:03
jdstrand_morphis: you mentioned pulse as last on the list. what is the list? I know bluez nm and pulse16:03
_morphisjdstrand: nm, bluez, ofono, modemmanager, pulseaudio16:04
jdstrandcool16:04
jdstrandthanks!16:04
_morphisjdstrand: which includes interconnections between them16:04
awe_and possibley "rild"16:04
_morphislike we need the nm snap to work with both ofono and modemmanager16:04
awe_but we may just bundle as part of ofono16:04
_morphisjdstrand: ah not to forget location-service16:04
awe_still tbd16:04
seb128calling it a day here16:05
seb128good evening everyone16:05
seb128jdstrand, I'm going to clean up things and push tomorrow morning16:05
jdstrandseb128: thanks! hopefully once I'm done with my meetings today I can play with the paste16:06
jdstrandseb128: have a nice evening :)16:06
seb128cool, let me know tomorrow or it goes (or feel free to drop an email16:06
seb128thanks16:06
seb128see you tomorrow!16:06
ogra__morphis, user management is on the TODO for core ... so i wouldnt count on single-user-forever16:07
awe_for s16?16:07
awe_that's all we care about atm16:08
awe_can't worry about future problems yet16:08
awe_;)-16:08
ogra_i know mark is pushy to get rid of the ubuntu user16:08
ogra_but i dont know if for 1616:08
qenghoEr, should sound work from within a snap? Should one use pulseaudio client libraries?16:11
ogra_LOL !!!!16:11
ogra_looks like someone missed all the fun of the last 2h backlog in this channel :)16:11
ogra_qengho, no audio yet16:12
qenghoOh. I did. I saw "kodi" had new release, thought I'd try something ambitious.16:14
geneiosHi guys, I have a question about the python2 plugin. Is there a way to tell the setup.py to include a path? i.e I have a package that depends on a certain numpy version, which requires python-dev, but the path Python.h from python-dev isn't getting included.16:15
ogra_qengho, if you are really ambitious, try it with Mir as standalone snap ;)16:16
niemeyer_jdstrand: Sorry for not paying too much attention to the conversations this morning16:17
niemeyer_jdstrand: Have been in calls for the last several hours16:18
niemeyer_jdstrand: I think we want network-manager to be a slot offered by ubuntu-core itself in sdoc16:18
* niemeyer_ => late lunch16:19
slvnInstall a snap package once, it works fine. But twice (event with version increment), it says : /bin/sh: 0: Can't open /snap/myapp/100002/command-example.wrapper16:22
jdstrandniemeyer_: no worries at all, I was in calls all morning before that, so, I can relate. mostly I wanted you to be aware of the conversations16:27
jdstrandniemeyer_: I can say that if network-manager is a slot in sdoc, then we are going to want to consider different slot and plug policy depending on if running on sdoc or not16:28
jdstrandniemeyer_: in fact, we'll have to cause the security label for network-manager will be 'unconfined' on an sdoc system whereas on a pure core system it will be 'snap.network-manager...'. I know there will be different policy for pulseaudio too16:29
jdstrandniemeyer_: anyway, we can discuss at a more convenient time16:29
zygajdstrand: I wasn't aware of issues specific to i386, is there a bug open on this?16:35
wililupySo who is a good Snappy Kernel expert?17:02
niemeyer_wililupy: It's generally easier to shoot question and see who picks it than to fish for self-appointed experts :)17:07
wililupyThat's true. niemeyer_17:08
ogra_wililupy, ricmm or asac perhaps (asac wrote the basic plugin, and i know ricmm used it quite a lot in the past)17:08
wililupyI'm hitting a brick wall when my kernel snap. I can get it to build, but when I try to boot it fails.17:08
ogra_how does the boot fail17:09
wililupyI've made it work in the past, but since 2.5 I haven't been able to get one to boot.17:09
ogra_what are the symptoms then17:09
wililupyWhen I use it as the kernel in u-d-f it won't boot. It starts grub, I see writable, it tries to boot and I get error: not a regular file17:11
wililupyerror: disk 'loop' not found17:12
=== rcj` is now known as rcj
ogra_ohm that grub thing17:12
wililupyerror: you need to load the kernel first and then back to the grub menu17:12
=== rcj is now known as Guest12905
ogra_i remember ... but have not much more help to offer ... apart from ... make sure your kernel has all bits builtin the ubuntu kernel also uses17:12
ogra_the ubuntu kernel has loop device support built in17:13
wililupyIf I install the .snap in a working instance, it installs, but never boots to that.17:13
wililupyI verified that, it is a module.17:13
wililupyI'm basically using the 4.4.0-21-generic config17:13
ogra_ogra@styx:~$ grep DEV_LOOP /boot/config-4.4.0-21-generic17:14
ogra_CONFIG_BLK_DEV_LOOP=y17:14
ogra_CONFIG_BLK_DEV_LOOP_MIN_COUNT=817:14
ogra_CONFIG_AUFS_BDEV_LOOP=y17:14
ogra_not a module here17:14
ogra_so i'd start there :)17:15
wililupyThis is what I have.17:15
wililupyCONFIG_BLK_DEV_LOOP=y17:15
wililupyCONFIG_BLK_DEV_LOOP_MIN_COUNT=817:15
wililupyCONFIG_BLK_DEV_CRYPTOLOOP=m17:15
ogra_ok17:16
wililupyCONFIG_AUFS_BDEV_LOOP=y17:16
ogra_and you have the squashfs module in your initrd modules ?17:16
wililupyin my snapcraft.yaml yes.17:16
wililupyI tried adding loopback, but snapcraft failed to build with that option so I removed it.17:17
ogra_(and you also build it i assume )17:17
wililupyYep. Snapcraft builds successfully.17:17
wililupyI also have this in my config file for squashfs:17:19
wililupyCONFIG_SQUASHFS=m17:19
ogra_right, else snapcraft would fail17:19
wililupyCONFIG_SQUASHFS_FILE_DIRECT=y17:19
ogra_(trying to add a nonexisting module to the initrd)17:19
wililupyCONFIG_SQUASHFS_DECOMP_MULTI_PERCPU=y17:19
wililupyCONFIG_SQUASHFS_XATTR=y17:19
wililupyCONFIG_SQUASHFS_ZLIB=y17:19
wililupyCONFIG_SQUASHFS_LZ4=y17:19
wililupyCONFIG_SQUASHFS_LZO=y17:19
wililupyCONFIG_SQUASHFS_XZ=y17:19
jdstrandzyga: wrt i386> I didn't mean to refer to that. I meant the fact that autoconnect doesn't seem to always work. I noticed it, sergiusens did, seb128 did, kgunn may have, etc. I don't have a reproducer. sergiusens thought it might have to do with uninstalling/installing the same version over and over again17:20
=== Guest12905 is now known as rcj
zygahmmmmm17:20
zygainteresting17:20
zygathere is a mechanism that blacklists auto-connection17:20
zygaI'll add logging there so that at least we can know it is responsible17:20
jdstrandzyga: for example, I've had 3 different pings on things in the network policy that people were hitting, but they plugged network17:20
wililupyI've used this config in the past with this same kernel and it worked.17:21
zygajdstrand: there's a bug (now fixed) in 2.0.2 that makes upgrades 100% broken17:21
zygajdstrand: until we SRU we'll see plenty of intertwined bugs17:21
jdstrandperhaps its that17:21
ogra_wililupy, and you use the very latest u-d-f ?17:21
jdstrandzyga: though I think kgunn needs some help which looked like a locking issue. he sent an email last night17:22
zygajdstrand: oh? I need to check17:22
jdstrandzyga: note, I answered kgunn's final slots question in a hangout today17:23
wililupyogra_ yes.17:23
zygaok17:23
zygawas the hangout recorded?17:23
ogra_and also the canonical-pc gadget from the "16" series in the store ?17:23
wililupyI updated it yesterday just to be sure.17:24
wililupyyes, my u-d-f is sudo ./ubuntu-device-flash core 16 --channel=edge --kernel=my-kernal.snap --gadget=canonical-pc --os=ubuntu-core -o my-snappy.img17:25
ogra_yeah, that should be all fine17:25
zygajdstrand: I see his email now, I'll work on that next17:25
wililupyHowever, if I install the snap in the base snappy instance, it installs, I can go to /writable/snaps/my-kernel/ and everything is there, but the system never boots to it, it still says 4.4.0-18-generic instead of 4.4.6 when I do uname -r17:26
jdstrandzyga: cool. fyi, I think I finally have some time to do some policy updates. I have around 10. it would be easiest for my to group at least some of them in the same PR, but is there a commit policy where I need them all separate?17:27
zygajdstrand: that's up to you, a branch with 10 commits with descriptions is perfect for mew17:27
zygame*17:27
jdstrandthat'll work17:27
jdstrandthanks!17:27
zygajdstrand: but if you think it would be easier to review separate branches I'm fine with that as well17:27
wililupyAnd i do that with just scping the .snap to the system, and running sudo snap install my-kernel.snap and it shows up with snap list17:28
ogra_wililupy, well, you should see why it doesnt boot on the console ... does it actually attempt to boot and just fall back to the other kernel ... does it not attempt the new one at all etc17:28
wililupyIt doesn't even attempt the new one.17:28
wililupyNo rollback error or anything.17:28
ogra_right, not sure sideloading lkernel snaps still works with 2.x17:28
ogra_but it should definitely work with u-d-f17:29
ogra_i fear you need mvo ... i'm not really good with the grub mishmash we have on the images (it is quite a mess)17:29
wililupyThats fine ogra_, when does mvo come on?17:30
ogra_i think he ended his day (i'm not on the internal channel atm, see if you find him there perhaps)17:30
wililupyHe's not on the internal channel atm.17:31
ogra_yeah, thought so17:31
wililupyI'll send him a quick email and see if he has any pointers. I'm getting close to my deadline with this device and I want to be able to give them something besides a procedure that doesn't work.17:32
ogra_i think wed. is his hockey day17:32
zygakgunn: hey18:04
zygakgunn: I'm looking at your branch18:04
almejo_Hi.. someone has time for a question about packaging a snap app?18:06
MichaelTunnellalmejo_: wont know until you ask your question?18:07
* zyga was about to reply with the don't ask if you can ask, just ask18:08
MichaelTunnell:)18:08
zygakgunn: just FYI, you probably saw this already but just in case: http://www.zygoon.pl/2016/04/anatomy-of-snappy-interface.html18:08
kgunnzyga: nope, so i'll read that in a moment18:15
zyganothing revolutionary there :)18:15
ChrisTownsendHi!  I guess I need to get the security team's input on https://bugs.launchpad.net/snapcraft/+bug/1575188 ?18:26
ubottuLaunchpad bug 1575188 in Snapcraft "Fix for bug #1572664 had broken my snap package build" [Undecided,Incomplete]18:26
almejo_ haha.. thanks. I am trying to package a qml app. It is written in python for the phone. I am traying to figure out the dependencies and I can not find an example of how to do it.. i found something about a qml plugin but it is not listed in snapcraft list-plugins18:27
ChrisTownsendComment #5 hopefully explains my use case.18:27
almejo_My last output from starting my app is "qmlscene: could not find a Qt installation of ''"18:38
almejo_in stage-packages i have: qmlscene, libxcb1, libqtcore5a, libqtgui5, libqtgui5-gles, libpulse018:39
jdstrandbeuno: hey, can you have someone pull r638 of the review tools for opengl bug #157214018:40
ubottubug 1572140 in Canonical Click Reviewers tools "click-reviewers-tools don't know opengl interface" [Medium,Fix committed] https://launchpad.net/bugs/157214018:40
sergiusensjdstrand this is for you https://bugs.launchpad.net/snapcraft/+bug/157518818:44
ubottuLaunchpad bug 1575188 in Snapcraft "Fix for bug #1572664 had broken my snap package build" [Undecided,Incomplete]18:44
sergiusensjdstrand even thought it will eventually build, not sure it would be a good idea as the next step would be to block it18:44
sergiusensjdstrand as in for you, waiting for your input18:44
sergiusensalmejo_ look at dpm's clock app work18:45
beunojdstrand, sure. cc/ roadmr ^18:45
jdstrandsergiusens: yes, I added it to my list of things to look at this week18:45
roadmrbeuno, jdstrand : no problem, I'm on it18:45
jdstrandroadmr: thanks!18:46
jdstrandroadmr: fyi, that has no code changes, just a change to a data file for the store to consume (not sure how far back the store is at this point, so maybe it is a super fast pull-- up to you)18:46
almejo_sergiusens ¿dpm clock? the one in snap find? The phone clock?18:46
roadmrjdstrand: we're at 636, have been since Monday18:47
jdstrandoh yes18:47
almejo_I would love to see the snapcraft.yaml of the app18:47
jdstrandthen this is fast18:47
roadmrjdstrand: yes :) it's just a matter of negotiating the test -> land -> CI -> staging -> production pipeline18:47
jdstrandroadmr: not sure what your processes are, but extremely low risk18:47
jdstrandack18:48
jdstrandI'll leave it in your capable hands :)18:48
roadmrjdstrand: so I point a config file to the desired revno, commit, wait ~40 minutes for it to be on staging, test manually, if all is OK request a prod deployment18:48
jdstrandnice18:48
roadmrjdstrand: (btw, my manual test is just uploading a package and checking the c-r-t version reported is the expected one. If ever you want more detailed testing, let me know, I can check for more specifics if needed)18:49
jdstrandroadmr: ack, good to know18:49
sergiusensalmejo_ yeah, clock or calculator, I forget18:50
almejo_I know the apps and I can browse de app.. but I can not find the snapcraft.yaml. It seems that it is not part of the project...18:51
ogra_http://bazaar.launchpad.net/~snappers/snappy-desktop-examples/trunk/files/head:/ubuntu-clock-app/18:53
sergiusensalmejo_ this might be an abandoned branch, but here you go bzr+ssh://bazaar.launchpad.net/~dpm/ubuntu-clock-app/snap-all-things/18:53
almejo_thanks!!! exactly what i was looking for!18:53
almejo_thanks for your time :D18:54
sergiusensalmejo_ the `environment` part can probably replaced by an `after` like in https://github.com/dplanella/snappy-playpen/blob/master/notes/snapcraft.yaml18:54
almejo_thanks again18:55
sergiusensnp18:57
zygaroadmr: hey19:01
zygaroadmr: I'll be in canada next week19:01
roadmrhello zyga !19:01
zyganext +119:01
roadmrzyga: awesome! it's across the country from me19:02
zygaroadmr: yeah, I tried to have a 24 layover in montreal but no luck19:02
roadmrzyga: :( well bummer, but I've heard good things about where you're going :)19:03
roadmrzyga: (I've never been there - maybe some day)19:03
roadmrzyga just vanished haha19:03
* zyga always suspends with some darn shortcut when switching keyboards 19:04
zygaroadmr: are you sprinting anytime soon? I heard that some people from your team are going too19:04
roadmrzyga: yes! not me though, sorry :( recently-arrived baby means I have to stay here and help19:05
zygaah, the fantastic and terrible things that await you :)19:05
zygaI'm trying to convince my son to finish his english homework :-/19:05
roadmrzyga: yes, he's 3 months old and it's felt like 5 minutes... (underwater haha)19:05
zygahe loves spanish, doesn't digest english19:06
zygait gets easier after three years19:06
roadmrzyga: YEARS!?! NOOOO /o\19:06
zyga...after they move out ;-)19:06
zygaoops, weren't supposed to tell you so quickly ;)19:06
roadmrzyga: http://theoatmeal.com/pl/minor_differences4/kids19:07
zygaohhh yes19:07
zygaI know that by the URL :D19:07
roadmr:)19:07
zygareality is much worse19:07
zygamuch more subtle :)19:07
roadmryeah heh19:09
roadmrzyga: I didn't tell you - *I* was doing it wrong, that's why I couldn't build the image, remember I had that weird "0 partitions found" error?19:09
zygaroadmr: yeah, what was the problem?19:10
roadmrzyga: it's because I was trying it inside an lxc. Once I did it natively, it worked.19:10
zygaah, yes, I head that people bumped into this before19:10
zygalayers of layers of software19:10
roadmrzyga: I've also been unable to snap install inside an lxc, even with a privileged, nesting container. I wonder if we'll ever want snap to work inside containers, I imagine so :)19:10
zygaI wonder if it is because of older kernel or because of something that lxc does itself19:10
roadmrzyga: it's a xenial system so I don't think it's an old kernel :D19:11
zygaroadmr: I know this too, this will need lots of work on the kernel and snappy side first19:11
zygaroadmr: apparmor namespaces are required first (those are under way as the security savvy people tell me)19:11
roadmryay :)19:11
zygaroadmr: right now kvm works very well but lxc won't for 16.0419:12
roadmrzyga: yes, I'm running stuff under virtualbox and/or kvm for snap work19:12
zygaroadmr: running natively on xenial is also an option, it's usually not a disastrer if it breaks19:13
roadmrusually? /o\ haha :)19:13
zygano bank account interface yet ;)19:13
roadmr'show-me-the-money' as a plug?19:13
zygano, that's flashlight app 2.019:14
zyga"flashlight needs access to your bank account, allow or deny?"19:14
roadmrhaha :)19:15
zyganext to the "deny" button there is a nice animated icon saying "don't miss out on mr flashy"19:16
zyganah, that was android19:16
zygawe're better :)19:16
sergiusenszyga roadmr lxc and u-d-f might just probably fail due to kpartx and needing access to kernely things to map that19:22
jdstrandzyga and roadmr: fyi, a lot of work happened with what is called apparmor stacking to support just that. it didn't all land by 16.04 release, but we hope to have enough of it completed by 16.04.1 so that you can run one level deep. Ie, running a full system (ie Ubuntu Core) in lxd so you can install snaps. however, running lxd inside of lxd or snappy in lxd on ubuntu core will not be supported since those required 2 levels deep19:32
jdstrandtyhicks: please correct me ^19:32
roadmrjdstrand: cool!!19:32
jdstrandzyga and roadmr: when implemented nesting > 1 may be possible to backport to 16.04, at least with a backport kernel19:32
roadmrjdstrand: yes, I imagine if we're to push snaps as a format going forward, it makes sense to ensure they work inside lxd, which we're also pushing :)19:32
jdstrandyes19:33
roadmrjdstrand: not sure "all the way down" will be so useful, but at least one level deep should be19:33
jdstrandpeople will then want to run snappy in lxd on snappy, but that is a bit farther out. it requires upstream kernel changes and a few other things19:33
roadmrjdstrand: thanks for the info! at least I know this is known and I'm not crazy :)19:33
jdstrandit is very much known and you are not crazy19:34
jdstrandat least not because of this ;)19:34
tyhicksjdstrand: I think "snappy in lxd on ubuntu core" should only require 1 level deep container19:35
jdstrandtyhicks: well... remember, lxd will be running under a label that is not unconfined19:36
jdstrandtyhicks: I'm not sure how that plays into it, but snappy in lxd on snappy would certainly be nice to have in 16.0419:37
jdstrandtyhicks: I guess it would be one level though cause lxd is still in the global namespace19:37
tyhicksright19:37
jdstrandok, even better :)19:38
tyhicksonly one thing is stacking and that's lxd19:38
jdstrandroadmr: ^19:38
jdstrandtyhicks: thanks :)19:38
wililupyogra_ This is interresting, looking at my grubenv on sda2, I don't have a reference to snappy_kernel. I have one for snappy_os.19:38
tyhicksjdstrand: np - it is very confusing to think of the profile transitions and stacks involved there..19:38
ogra_wililupy, looks like u-d-f doesnt pick up your kernel snap properly then :/19:38
ogra_it should put that variable in place at image creation time19:39
wililupyogra_ I'm going to manually add it and see what that does...19:39
ogra_(probably u-d-f has an issue with your version string ? ... )19:40
jdstrandtyhicks: indeed. I need to focus on the policy namespaces involved and then I should be able to remember19:40
ogra_(wild guessing here)19:40
wililupyor possiably the name?19:40
ogra_did you use any unusual chards in the name ?19:40
ogra_**chars19:40
ogra_(writing it in arabic or chinese ? )19:41
ogra_:P19:41
wililupyno19:41
ogra_yeah, i thought so19:41
wililupywell, it finds my kernel and tries to boot now, but it hangs after running /scripts/local-premount ... grep: /proc/device-tree/model: no such file or direcotry19:45
pedronisogra_: u-d-f doesn't care much about the names,  it cares very much about being able to open the snaps and the type in them19:47
wililupyfindfs: unabled to resolve 'LABEL=writable'19:47
ogra_pedronis, well, it calls snap install ... and that has issues with certain version strings ... (like ... yu cant use colons for example)19:47
pedronisogra_: is this 15.04?19:48
ogra_wililupy, ignore the device-tree thing ...19:48
ogra_pedronis, nope19:48
pedroniswe don't care about versions anymore much in 2.019:48
ogra_wililupy, ext4 compiled in ?19:48
wililupyYeah, it just looked like it hung, it just popped up the latest error for findfs19:48
ogra_pedronis, ah, cool19:48
pedronisbecause the logic is about revisions now19:48
pedronisand from sideloaded stuff in u-d-f you just get revision==19:49
pedronis019:49
ogra_yeag19:49
wililupyogra_ yes19:49
pedronis(bit of a corner case that will be different with ubuntu-image)19:49
ogra_wililupy, you should have an initrd shell now19:49
wililupyCONFIG_EXT4_FS=y19:49
wililupyCONFIG_EXT4_USE_FOR_EXT2=y19:49
wililupyCONFIG_EXT4_FS_POSIX_ACL=y19:49
wililupyCONFIG_EXT4_FS_SECURITY=y19:49
wililupyCONFIG_EXT4_ENCRYPTION=m19:49
wililupyCONFIG_EXT4_FS_ENCRYPTION=y19:49
ogra_so you can inspect further19:49
wililupynow I'm bumped to busybox...19:50
ogra_yeah19:50
ogra_check /proc/modules and see if squashfs is loaded19:50
pedronisogra_: anyway getting one boot var set and not the other afaict is a bit of a corner case, staring at code you will need something like the kernel not having the right type set in snap.yaml19:50
pedronisor something like that19:50
pedronislooking it doesn't like u-d-f checks that the things have passed have the right types19:51
pedronisit will just skip setting the boot var though19:51
pedronisfor maximum confusion19:51
wililupycat /proc/modules:19:51
ogra_pedronis, well, wililupy uses snapcraft to roll the kernel snap ... i'D expect the snap.yaml to be fine19:51
wililupysquashfs 49152 0 - Live 0xffffffffc000000019:52
ogra_looks good19:52
pedronisthe other chance is that u-d-f does the right thing but firstboot unsets it19:53
ogra_nah19:53
ogra_the issue shows on freshly built imgs as i understand it19:54
pedronisit has logic to swap things around for crash fallbacks19:54
wililupypedronis, that is interresting, becuase after first boot, I get my error message, then it says that it is going to trial reboot and then it gives me the same error message.19:54
ogra_before firstboot ran19:54
pedronisah19:54
ogra_wililupy, huh ?19:54
pedronisbut I don't know what it does if there's no fallback19:54
ogra_wililupy, are we talking about the same thing then ?19:54
ogra_wililupy, i thought you use your kernel snap with u-d-f19:54
wililupyogra_ yes. After first boot after building with u-d-f I get my three error: messages, it then says it is going to trial reboot, and i get the three error: messages and then it takes me to the grub menu. After that, I just get the same three error messages, and that only happens after I do a fresh image using u-d-f19:55
ogra_(dont tinker with instaled systems and trying to sideload your kernel ... that might hit other issues which we wont really resolve)19:55
wililupyogra_ np. I'm just working with my u-d-f image now.19:56
kgunnzyga: hey, so i get the point of having plugs and slots in the same interface for a server/client...but just for development, i can just populate the slot side to get the server going right? (and just leave the plug stuff empty for the moment)19:56
pedronisthat's actually boot-ok to be precise, anyway this may be the bootloader part of that logic19:56
pedroniswhich I don't know about19:57
ogra_that part is pretty trivial actually19:57
ogra_(lives in https://code.launchpad.net/~snappy-dev/snappy-hub/snappy-systems in the grub.cfg or uboot.env.in files)19:57
wililupyI added snappy_kernel=im-kernel_0.snap in the (hd,1)/EFI/grub/grubenv19:58
wililupywhich now I get my kernel to load up, but now I get initramfs errors and dumped into busybox.19:59
wililupyI got this problem before due to now having squashfs in my initrd module in my snapcraft.yaml, but that is fixed now.19:59
ogra_yeah, but it obviously cant find the label for the writable partition20:00
ogra_which is a bit strange20:00
wililupyThe last error I got before this was findfs: unabled to resolve 'LABEL=writable'20:00
pedronisogra_: anyway I checked nothing except install (which would be u--d-f) sets those vars in snappy itself20:00
ChrisTownsendI have the home interface included in the plugs in my yaml and once I have the connection made.  However, the binary wrapper script that is used has $HOME re-exported to a different location.  How am I supposed to access things in ~/ ?20:00
ogra_wililupy, right ...20:01
ogra_it is like the label is missing or some such20:02
ogra_(which i dont belive)20:02
pedronisChrisTownsend: there's been a bit of discussion around that, atm home means that if you get a path to something there you can access it, doesn't quite mean you get a handle to it, unless you go from user id to its value20:03
ogra_wait-for-root "LABEL=$label" "${ROOTDELAY:-180}"20:03
ogra_thats the code we call ...20:04
ChrisTownsendpedronis: Ah, ok, well, I guess there is no way to map in the common XDG directories to the app in the snap.20:05
pedronisChrisTownsend: maybe there's already a bug that zyga knows about, otherwise we probably need one, there's  a bunch of requirements a bit colliding with each other at moment in that area20:06
ChrisTownsendpedronis: As the thing I'm working on would like to use ~/Documents, ~/Music, etc.20:06
ChrisTownsendpedronis: Ok, thanks.20:06
ogra_hmm20:07
zygakgunn: yes, just have the other unused methods return nil, nil20:09
kgunncool20:10
kgunnswamped today with manager stuff...but will get on this more tomorrow20:10
wililupyIs there a reason system-boot is fat32? Is it due to it being the EFI partition?20:20
ogra_yes20:20
ogra_it also guarantees to work with all bootloaders across the board20:21
wililupyogra_ gotcha. I'm looking at the partition layout right now. I have three partitions on /dev/sda sda1 is labeled grub unknown fs20:21
wililupysda1 is labeled system-boot fat3220:21
ogra_and writable20:21
ogra_thats about right20:22
wililupyand sda3 is writable20:22
wililupyext420:22
ogra_right20:22
wililupylabels are right20:23
ogra_well, but findfs doesnt find it20:23
wililupyThats funny, from my ubuntu rescue session on my device, findfs LABEL=writable, it finds /dev/sda320:25
almejo_Guys... another question if someone can help me. I need to run 'pip3 install hangups' in my snap. Is it possible in snapcraft right now?20:25
ogra_wililupy, tyr the same in the initrd shell on teh image ... perhaps yu get more interesting errors20:26
wililupyogra_ I'm booting it up right now, waiting for it to timeout...20:27
ogra_the fun thing is ...20:27
ogra_in the code we first call20:27
ogra_wait-for-root "LABEL=$label" "${ROOTDELAY:-180}"20:28
ogra_and then20:28
ogra_findfs LABEL=$label20:28
ogra_the first one doesnt seem to fail20:28
ogra_(since that would spit out a different error)20:28
sergiusenselopio for some reason I cannot see http://162.213.35.179:8080/job/github-snapcraft-autopkgtest-cloud/600/20:29
sergiusensmind giving me some crumbs to look at?20:29
geneiosalemjo, I think you can use the "python-packages:" keyword with "hangups" as the value20:30
almejo_thanks!!! :D20:30
geneiosI was able to use it to pip install some dependencies in my snap, but I am still struggling if python-dev is required20:31
almejo_and last question about the life cicle of snaps. If i build a snap, and then I add a new dependency, the only way to build the package again is to do a snap clean?20:31
almejo_I am a little tired of cleaning every time and wait for all the packages to download20:32
LinuxGuy2020Hello I was trying to follow the snapcraft tutorial online and got the snap to build but I'm wondering how to skip the publication step and just install it for personal use only or just to test it out before publishing. Is there a way?20:32
almejo_LinuxGuy2020, snap install app.snap20:32
niemeyer_jdstrand: About the networkmanager interface, where do we stand?20:32
niemeyer_jdstrand: I was a bit surprised by the comment that this should be black listed on 16.04.. why isn't it a slot on the os snap?20:33
ogra_niemeyer_, what do you do if someone installs the NM snap on a desktop ?20:34
jdstrandniemeyer_: the actual mp I think is blocked on you deciding the name and zyga refactoring the bluez code for the slot side dbus apparmor label. I do plan to also look at the latest comments regarding bus policy20:34
ogra_(where you already have NM running)20:34
wililupysame error, unable to resolve 'LABEL=writable'20:34
niemeyer_ogra_: See above.. the point isn't to install the snap on the desktop, but to make the interface available in the os snap20:34
jdstrandniemeyer_: then there is that question-- how to handle nm on classic vs nm on core+snap20:35
ogra_niemeyer_, ah, sorry, i thought it was the same "blacklisting" we talked about above20:35
ogra_now jamie brought it into the discussion :)20:35
* jamiebennett hides20:35
jamiebennettWhat did I do?20:35
jdstrandjamiebennett: me :)20:35
ogra_jamiebennett, the other one ;)20:36
* jamiebennett dodges another20:36
jdstrandniemeyer_: so, if we do as you suggest, then snapd needs to be adjusted to create different snippets if it is running on classic vs pure core20:36
LinuxGuy2020almejo_: Thats what I tried the other day but it attempted to download something first and failed.Maybe I didnt build the snap correctly or something. I'm just trying to make snaps for packages that are already available as debs. That way I can use store them on local drives more easily than a boat load of debs. Is there a better tutorial explaining just converting pre-existing debs to snaps?20:37
wililupyHere's a new error:20:37
niemeyer_jdstrand: Yeah, that seems appropriate20:37
jdstrandniemeyer_: cause at a minimum the labels will be wrong20:37
LinuxGuy2020Or should I just keep trying the way I was before.20:37
niemeyer_jdstrand: Well20:37
LinuxGuy2020I was following this https://developer.ubuntu.com/en/snappy/build-apps/your-first-snap/20:37
niemeyer_jdstrand: This is the same story we discussed for the bluez snap20:37
wililupyfindfs [   383.689847] random: nonblocking pool is initialized20:37
jdstrandniemeyer_: but I know for a fact we will have different actual policy for pulseaudio on classic vs core20:37
niemeyer_jdstrand: It's bogus to cook a snippet hardcoding the name of the snap20:37
LinuxGuy2020It seems very vague though.20:37
jdstrandniemeyer_: no, you misunderstand20:37
niemeyer_jdstrand: Ah..?20:38
ogra_wililupy, thats just mess-up of the console messages ...20:38
jdstrandniemeyer_: I'm assuming that patch will be committed20:38
ogra_wililupy, not an error20:38
wililupyogra_ ack20:38
niemeyer_jdstrand: Sorry, I don't understand the idea about the labels being wrong then?20:38
jdstrandniemeyer_: what I'm saying is that the label of the slot side on sdoc would be 'unconfined' but on pure core it will be the slot side snap (ie, snap.nm...)20:39
jdstrandniemeyer_: but beyond that, we will likely want different rulesets on sdoc vs pure core20:39
almejo_LinuxGuy2020: That tutorial is about dowloading a .deb form the archives and packaging it with other tools. is that what you want? I know other tutorial in www.zygoon.pl/2016/04/snappy-snapcraft-and-interfaces.html20:40
jdstrandniemeyer_: for example, on core, there is no policykit, on sdoc there is. this affects the policy. there will be cases where the rules aren't strictly additive so we need to consider that when deciding on this20:40
niemeyer_jdstrand: Well, I think on sdoc we don't even need a snippet at all, do we?20:40
niemeyer_jdstrand: On the slot side, that is20:41
jdstrandniemeyer_: if there is no snippet there is no access20:41
jdstrandthere is a slot side and a plug side20:41
niemeyer_jdstrand: nm is running already, unconfined20:41
wililupyogra_ I'm not seeing any sd* in /dev...20:41
LinuxGuy2020almejo_: I just need a tutorial to make a snap out of lets say the ardour3.deb thats in the repos already. But of course the snap would have all the dependencies included. Thats all Im looking for.20:41
jdstrandthe plug side needs the label of the slot side20:41
ogra_wililupy, aha20:42
ogra_wililupy, so still some kernnel config bit missing i guess20:42
niemeyer_jdstrand: So how would that work?20:42
niemeyer_jdstrand: nm is already running..20:42
ogra_wililupy, do you have devtmpfs enabled ?20:42
jdstrandniemeyer_: I'm not talking about nm being confined. I'm talking about the plug side snippet a) needed label=unconfined on sdoc vs label=snap.whatever on pure core and b) different apparmor rules on sdoc vs on pure core20:42
LinuxGuy2020almejo_: What would be the best tutorial for me to follow for that?20:43
wililupyCONFIG_DEVTMPFS=y20:43
wililupyCONFIG_DEVTMPFS_MOUNT=y20:43
ogra_wililupy, oooooh ! i know what it is !!!!20:43
jdstrandniemeyer_: sdoc and ubuntu core are radically different and the security policy is going to have to deal with that sort of thing20:43
wililupyogra_ please tell please tell please tell.....20:43
almejo_LinuxGuy2020 I followed the second one and it builds ok. Also, that one teaches you about plugs and slots, something absolutly necesary20:44
niemeyer_jdstrand: Yeah, absolutely20:44
ogra_wililupy, add ahci to your initrd modules (or compile it in)20:44
jdstrandon sdoc nm is unconfined and has one label, on pure core it is confined and has snap...., on sdoc it is compiled with polkit, on pure core not, etc, etc20:44
almejo_LinuxGuy2020, the firstone is also good. Read both :D20:44
niemeyer_jdstrand: So is "unconfined" a magic label to tell the process has no labels?20:44
ogra_wililupy, and perhaps also libahci20:44
wililupyogra_ I have this in my config:20:45
wililupyCONFIG_SATA_AHCI=m20:45
wililupyCONFIG_SATA_AHCI_PLATFORM=m20:45
wililupyCONFIG_SATA_INIC162X=m20:45
wililupyCONFIG_SATA_ACARD_AHCI=m20:45
wililupyCONFIG_SATA_SIL24=m20:45
jdstrandniemeyer_: if a process is launched without using aa_change_profile/aa_change_on_exec and there is no binary attach policy for it in /etc/apparmor.d, then it automatically defaults to have the unconfined label (and policy)20:45
wililupyCONFIG_ATA_SFF=y20:45
ogra_wililupy, right, it is a module ... and you need it in the initrd20:45
LinuxGuy2020almejo_: ok thanks. Should the system need to download any files before it actually installs the snap? Cause the ones I built were trying to download something like 64.64MB or something like that. No idea what it was.20:45
niemeyer_jdstrand: Gotcha20:45
ogra_wililupy, or compile it in20:45
jdstrandeg, most process on desktop are 'unconfined' (see ps auxZ)20:45
jdstrandmost on snappy are confined (well, depending how many snaps you have installed :)20:46
almejo_LinuxGuy2020, When you build a snap, it downloads all the dependecies specified in snapcraft.yaml. Then it build the snap using ALL the dependencies creating a really big .snap file20:46
wililupyI gotcha I see,so add ahci to the kernel_initrd_modules in snapcraft.yaml?20:46
niemeyer_Nice20:46
almejo_LinuxGuy2020, then, you have to install that snap. It will not dowload other files20:46
ogra_wililupy, right ...20:46
niemeyer_THe output, not the fact they're unconfined :)20:46
jdstrandniemeyer_: so, we can do it your way, but if we do, then snapd needs to make decisions about the system at runtime. in some ways that is nice, but in others it is pretty magical and adding complexity20:47
LinuxGuy2020almejo_: Right. Then I got the *.snap file and tried the sudo snap install *.snap whatever the name was. Ill just try again and see exactly what happens at that point.20:47
niemeyer_jdstrand: Well, I don't see it as magical, or even as adding relevant complexity20:47
almejo_LinuxGuy2020, yes. The snap will be installed in /snap/20:47
niemeyer_jdstrand: The whole point of the interface system is to enable snaps to interoperate in the different enviornments20:48
pedronisniemeyer_: it seems we need some internal blessed way to know if we are on sdoc vs other scenarios (we need to cleanup firstboot and friends also)20:48
almejo_LinuxGuy2020, you can go to /snap/bin and see the executable files20:48
jdstrandniemeyer_: an alternate approach would be what I was saying before-- implement nm, bluez, et al as pure core interfaces, then filter them out on sdoc systems. then adjust unity7(*) accordingly for common policy (since it is transition policy)20:48
niemeyer_jdstrand: having a network-manager interface that works only on devices would be super awkward20:48
jdstrandniemeyer_: I didn't think interfaces really solved anything with pure core vs sdoc. I thought it solved snaps slotting interfaces and connecting in arbitrary ways20:49
pedronisniemeyer_: we need *it* to cleanup firstboot20:49
wililupyogra_ I'll give it a shot and see what happens.20:49
niemeyer_pedronis: Hmm.. tell me more?20:49
niemeyer_jdstrand: Isn't that what we're talking about?20:49
pedronisniemeyer_:  we need to know to skip firstboot code etc when setting up from empty state20:49
jdstrandniemeyer_: I think it is a bit awkward that nm is considered part of the os snap on sdoc but it needs a snap on pure core20:50
niemeyer_jdstrand: We have a network manager process in the system, and a network-manager interface.. why would it work on one device and not the other20:50
niemeyer_?20:50
pedronisseems we need it now also to drive interface behavior20:50
jdstrandniemeyer_: sorta, but an area we never really explored20:50
niemeyer_jdstrand: That sounds like a misunderstanding about interfaces20:50
LinuxGuy2020almejo_: Ok im starting with a clean install on my laptop instead of using the live environment. Ill try again and come back if I have issues. Thanks.20:50
pedronisthe all point is that you don't need to know what providing the slot20:51
jdstrandniemeyer_: there is also the issue of not wanting to install the nm snap on an sdoc system. that is perhaps solved if snapd blocks installing multiple snaps that slot the network-manager type, and ths os snap is shown to slot that on sdoc20:51
almejo_LinuxGuy2020, great!!! But I am going home now.. I hope someone else can help you... or maybe tomorrow20:51
LinuxGuy2020almejo_: thats cool20:51
niemeyer_pedronis: Right, exactly20:51
niemeyer_jdstrand: That's a good idea20:52
jdstrandniemeyer_: I see where you are coming from, but the network-manager interface on sdoc will be different because it is on sdoc (ie, the security policy will be different). I thought that the interface provides a contract between the client and the slot20:52
niemeyer_jdstrand: The security policy is the implementation20:52
jdstrandniemeyer_: therefore a snap plugging nm may work on core but not on sdoc, or vice versa, because it is a different contract20:53
niemeyer_jdstrand: It's a bit like saying the bits on amd64 need to be different than on arm to provide the same CLI experience20:53
jdstrandI don't think that is an apt analogy20:53
niemeyer_jdstrand: Surely they must be different.. what we're trying to preserve is the paltform behaivor, not how it is implemented20:53
pedronisjdstrand: sounds more like it shouldn't be one interface then but needs more granularity, no?20:53
pedronisif it's really diverging that much20:53
jdstrandpedronis: that is another option, arguably also awkward20:53
jdstrandreally, all of the options have warts20:53
jdstrandcause we are shoehorning classic into the new world20:54
jdstrandor the new world onto classic20:54
niemeyer_What's the wart?  I couldn't see it yet20:54
niemeyer_Having different security policy to implement the same behavior is expected and not actually a wart20:54
jdstrandif we have one interface, but different policy on sdoc vs pure core, and a plugging app works on one and not the other because of the policy20:55
pedronisniemeyer_: I think jdstrand is saying that behavior will be different20:55
pedronisso my remark about granularity20:55
niemeyer_jdstrand: Why would a plugging app work differently?20:56
jdstrandone could argue that the policy should encompass everything, but that may not be appropriate-- it might be too wide on pure core since things in classic aren't designed for snappy20:56
jdstrandniemeyer_: the plugging app would try to work the same, but perhaps break in one20:56
niemeyer_pedronis: Yeah, I just didn't see the actual relevant difference as far as the snap perception is concerned20:56
jdstrandI have a feeling in the nm case in particular, we could probably make it work. nm is always going to be reserved since it offers a lot of privilege20:57
jdstrandbut, for pulseaudio we will have the same issue20:57
jdstrandand that one I know we want different policy20:57
jdstrandbecause desktop pulseaudio access is different than say Touch access20:58
niemeyer_jdstrand: How is it different?20:58
jdstrandTouch is much more limited (it uses the safe apis and apps may only use those), whereas on desktop apps, they will not20:58
jdstrandbecause desktop apps weren't designed for that-- they expect to be able to use everything20:59
jdstrandbut Touch apps are designed for that20:59
jdstrandso to be clear20:59
jdstrandwe *can* do this if we allow for different policies if snapd detects what can of system it is running on21:00
jdstrandthe question is then if we should or not21:00
niemeyer_jdstrand: That sounds like two different interfaces then21:00
jdstrandand I'm not convinced it is a good idea21:00
wililupyogra_ It's interresting, in the grubenv file, there is no value for snappy_kernel21:00
jdstrandniemeyer_: indeed. with pulseaudio in particular I was considering siply adding it to unity7. we could alternatively create unity7-audio (or similar)21:01
ogra_wililupy, right, that was the initial prob ... but it should now boot if you add the var21:01
niemeyer_jdstrand: We need to look into this in more detail, but if the protocol the applications use to communicate is actually different, then they're of course incompatible, which implies two interfaces rather than one21:01
ogra_i.e. the initrd bug should be gone21:01
niemeyer_jdstrand: We shoulld call it out for what it is21:02
jdstrandniemeyer_: right. so with nm, one is a subset of the other. the desktop nm is a superset of the pure core nm21:02
niemeyer_jdstrand:  If it is pulseaudio-simplified or similar, than that's what it is21:03
jdstrandniemeyer_: I think bluez is also going to fall into that category. what gets interesting again is Personal may have a different subset21:03
niemeyer_jdstrand: We can also start exploring interface attributes21:04
jdstrandniemeyer_: I don't disagree, but then that has warts too cause we have a bunch of different interfaces that people may not know what to use21:04
niemeyer_jdstrand: But I really need to understand more details before being able to recommend something sensible21:04
niemeyer_jdstrand: Well, we *will* have a bunch of different interfaces :)21:04
niemeyer_jdstrand: In fact, we do already21:04
niemeyer_jdstrand: Conveying what those are and when to use them is an important issue to address properly21:05
jdstrandniemeyer_: really it boils down to the characteristics of the device. sdoc has one set of characterists, pure core another and personal possibly another. depending on the device, the policy may or may not be different21:05
niemeyer_jdstrand: Yeah, and that's all okay21:06
niemeyer_jdstrand: Different policy just means a different implementation to the same result21:06
niemeyer_jdstrand: Different protocol means something else21:06
jdstrandniemeyer_: I think we should be striving for just enough interfaces and no more. we've seen other platforms make this mistake and developer's getting confused and asking for too much, etc. with user's connecting it then gets confusing, etc21:06
jdstrandI should rephrase21:07
jdstrandwe haven't made a mistake21:07
niemeyer_jdstrand: Just enough interfaces to do what..21:07
niemeyer_jdstrand: Of course we shouldn't be producing interfaces just because it's fun to do so :)21:07
jdstrandwe've seen other platforms offer too many similar choices...21:07
jdstrandniemeyer_: hehe21:07
jdstrandno21:07
jdstrandbut if we are in pulseaudio-simplified vs pulseaudio-complex, it makes me wonder21:08
jdstrandbecause complex would (possibly) always work so no one would choose pulseaudio-simplified, but pulseaudio-simplified is actually 'the good one'21:09
jdstrandit is an interesting problem21:09
wililupyogra_ I think I'm going to have to rebuild my whole snap. I tried just adding ahci to my snapcraft yaml, but cat /proc/modules doesn't show it.21:09
jdstrandI may be coming around to your thinking (I was never really opposed to it), but perhaps there is something with attributes there that I haven't considered that would make it really good21:09
wililupyI'll give it a run since it takes about 2 hours to complete and I'll update you tomorrow.21:10
wililupythanks for all your help ogra_21:10
niemeyer_Yeah, let's understand better how pulseaudio is organized so we can have a more informed position21:10
ogra_wililupy, you will need to run whatever step megres the modules into the initrd21:10
niemeyer_jdstrand: Need to step out now, but let's follow on later/tomorrow21:10
ogra_wililupy, good luck then, i'm sure the initrd side is fixed21:10
jdstrandniemeyer_: sure, np. I can fill you in on the pusleaudio differences tomorrow21:11
niemeyer_jdstrand: Thanks, and thanks for the chat21:11
jdstrandniemeyer_: my pleasure :)21:12
jdstrandniemeyer_: have a good evening :)21:12
elopiosergiusens: I can see it. Failed to clone the git repo.21:14
elopioI'd say retest.21:15
sergiusenselopio thanks21:23
* sergiusens is so tired of resetting snapd21:32
Laxmanwhere to find sources for raspberry pi 2 ubuntu snappy22:15
geneiosWhere should snapcraft issues be filed? At https://launchpad.net/snapcraft? I didn't see an issues section on the github repo.22:24
DomiHello snapcraft snap fails because the python installation. Her is the output http://pastebin.com/GmZB6v4D can anyone help me?22:58

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!