Domi | Hello, is it possible to use a package form pip in a snap? | 00:10 |
---|---|---|
ogra_ | sergiusens: nobody reads my mails :( | 00:55 |
ogra_ | sergiusens: we are past release, we cant change seeds (unless we apply gross hacks) | 00:56 |
* ogra_ wrote a long mail about that topic, but nobody reacted | 00:56 | |
ogra_ | i'm not sure how we should add something like nss beyond making up an artificial dep in one of the packages | 00:57 |
sergiusens | ogra_ false warning, not needed | 00:59 |
ogra_ | ok | 00:59 |
sergiusens | And not my idea | 00:59 |
ogra_ | sergiusens: doesnt fix the base problem though ... | 00:59 |
ogra_ | i'm sure the next nss is around the corner :) | 00:59 |
sergiusens | But I did read your email. I wanted you to tell zyga what you just told me 😌 | 01:00 |
sergiusens | desktop support landed too close to release | 01:00 |
ogra_ | i suspect we could make ubuntu-core-config kind of a meta package ... to get such deps in | 01:00 |
ogra_ | yeah, it did ... | 01:00 |
sergiusens | And this is what we get | 01:01 |
ogra_ | and really broke to much of the IoT side | 01:01 |
sergiusens | You don't say | 01:01 |
ogra_ | heh | 01:01 |
ogra_ | well, we'll dig our butts out of this ... as we always do :) | 01:01 |
* sergiusens needs a telgram sticker now | 01:01 | |
ogra_ | hah | 01:02 |
=== chihchun_afk is now known as chihchun | ||
=== chihchun is now known as chihchun_afk | ||
=== chihchun_afk is now known as chihchun | ||
slvn | Hello, I am trying to create my first snap but have some issue. (I already read some doc, and tried the opencv example). | 07:02 |
slvn | I build SDL2 example, with cmake. But it fails to execute as a snap | 07:03 |
slvn | because some shared libs are missing. SDL2 tries to dlopen some libs, like mirclient.so, and probably some other .. | 07:03 |
slvn | should I put all those shared libs into the snap package ? | 07:04 |
slvn | (I think CMake is putting the libSDL2 into the snap package, but not libmirclient.so for instance) | 07:05 |
dholbach | good morning | 07:05 |
dholbach | mvo, wow, you're improving your bug karma :) | 07:06 |
zyga | good morning | 07:36 |
stevebiscuit | https://code.launchpad.net/~stevenwilkin/webdm/use-snapcraft-to-snap/+merge/293053 # should get WebDM in shape to be put back on the store | 07:37 |
mvo | dholbach: hey, good morning. indeed, bug triage ftw! | 07:52 |
zyga | https://github.com/ubuntu-core/snappy/pull/1080 | 08:03 |
dpm | hi all - does anyone know if there is a workaround for this error, other than wiping out the whole snap installation again? http://pastebin.ubuntu.com/16075906 | 08:08 |
pedronis | dpm: mvo is looking into those kind of issues, how theory is that Notes was running? that issue is local to the snap so in principle it doesn't need wiping out everything | 08:14 |
pedronis | s/how/our/ | 08:14 |
dpm | pedronis, yes, I think it was running at the time of install, but it was on a different workspace and I hadn't noticed it. However, even after closing it the uninstall error remains. If the issue is local to the snap, is there a way to fix it, though? | 08:16 |
slvn | Hello ! My snap package needs to access to X11. but it fails because of apparmor (?). (syslog: apparmor="DENIED" ... operation="connect" ... requested_mask="send receive connect" denied_mask="send connect" addr=none peer_addr="@/tmp/.X11-unix/X0" peer="unconfined" ) | 08:24 |
zyga | slvn: hey, is the x11 interface connected? can you pastebin your snapcraft.yaml please | 08:26 |
slvn | zyga, probably not since this is my first snap ... http://paste.ubuntu.com/16076031/ | 08:28 |
zyga | slvn: no worries, please add this uner "command:", "plugs: [unity7]" | 08:28 |
zyga | slvn: and perhaps add opengl there (after unity7) if that doesn't work still | 08:29 |
zyga | slvn: http://www.zygoon.pl/2016/04/snappy-interfaces-plugs-slots-connections.html | 08:29 |
slvn | zyga, seems to work better ! (though I have another error now) | 08:31 |
zyga | slvn: cool, what's the next error? | 08:32 |
slvn | zyga, my first snap tries to use SDL2. but SDL2 can require libmirclient.so or libX11.so. or now libGL.so ... should I all add them to the snap, with cmake. or should I let the snap access the system lib ? | 08:32 |
zyga | slvn: I think you should bundle them but I'm not 100% sure | 08:33 |
zyga | slvn: there are some special provisions for opengl apps | 08:33 |
zyga | slvn: what error do you see now? | 08:33 |
zyga | dholbach: ^^ do you know if those libs should be bundled? | 08:33 |
slvn | zyga, SDL2, has started to communicate with x11. (through libX11.so), now it requires to load libGL.so. | 08:34 |
slvn | it fails because it cannot dlopen libGL.so | 08:34 |
slvn | (btw, cmake doesn't include by itself libX11.so, so I need to make a *fake* call to a x11 lib, so that the libGL.so is include in snap/ ) (maybe there is a correct command to tell cmake to include it ...) | 08:36 |
zyga | slvn: try adding the package that has libgl.so to stage-packages | 08:37 |
dholbach | zyga, I have no idea - dpm: ^ what's your experience? | 08:41 |
zyga | do we have any opengl apps? | 08:41 |
dpm | zyga, dholbach, ubuntu-clock-app, ubuntu-calculator-app and notes all use the opengl interface | 08:42 |
dpm | IIRC they install the required libraries via dependencies in stage-packages | 08:43 |
zyga | https://github.com/ubuntu-core/snappy/pull/1081 | 08:45 |
slvn | zyga, now it looks for another lib :/ "libGL error: unable to load driver: swrast_dri.so", "libGL error: failed to load driver: swrast", "DEBUG: Could not create GL context: BadValue" | 08:53 |
zyga | slvn: that tells you it cannot load software rendering for opengl, I think there's some magic you have to do to make it use system-wide opengl libraries (that snappy provides) | 08:55 |
zyga | slvn: but I don't know how this works, sorry, I cannot help you | 08:55 |
slvn | zyga, thanks anyway :) because you fixed me, in 5 min, a few issues I spent 2 hours yesterday | 08:58 |
zyga | slvn: I'll look at SDL/opengl apps more closely soon (~ days) | 08:58 |
zyga | slvn: I'll be blogging about how to snap them correctly | 08:58 |
slvn | zyga, I'll send you my snap package if I can make it work correctly | 08:59 |
zyga | slvn: sure | 08:59 |
=== JamesTait is now known as Guest50895 | ||
wesleymason | Question: is it possible to define post-install hooks in a snap? My problem: pkg_resources in python are incredibly dumb, and usually get generated with full paths in them..which means they end up with the "install" part path on my filesystem embedded at the point snapcraft runs, and completely fails when invoked in the installed snap | 09:02 |
=== Guest50895 is now known as JamesTait | ||
pedronis | wesleymason: no, it's something that snapcraft needs to learn/deal with, maybe a snapscraft bug report could help there | 09:05 |
wesleymason | pedronis: *nod*..might not be entirely possible for snapcraft to fix itself, as some of the pkg_resources import hooks rely on non-rel paths (it's why the --relative option to virtualenv is deprecated and used to break a lot)..and obviously you can't rely on knowing the path a snap will be installed at I don't think | 09:07 |
wesleymason | will fil the bug | 09:07 |
popey | dpm: did you get an answer to your problem of not being able to uninstall a snap if there was a process running, and leaving you in an inconsistent state? | 09:16 |
dpm | popey, I didn't, so I ran the "wipe out the world" script and filed bug 1575550 :) | 09:17 |
ubottu | bug 1575550 in Snappy "Snap removal while snap is running prevents subsequent removal or installation" [Undecided,New] https://launchpad.net/bugs/1575550 | 09:17 |
popey | dpm: which wipe the world script did you use? I have seen a few | 09:17 |
dpm | the one you pasted a while ago | 09:18 |
dpm | let me re-paste | 09:18 |
* popey confirms the bug | 09:18 | |
popey | it's worse if your app launches a binary which isn't even graphical | 09:18 |
popey | you have no idea it's running without hunting it down with lsof and friends | 09:19 |
dpm | oh, I see, so you don't notice easily if it's running or not | 09:19 |
popey | yeah | 09:19 |
dpm | http://pastebin.ubuntu.com/16076306/ <- that wfm | 09:19 |
popey | i had a random binary called "--debug" running :) | 09:19 |
popey | ta | 09:19 |
* popey saves as nuke_snap_from_orbit.sh | 09:19 | |
zyga | dpm, popey: please don't use that | 09:28 |
zyga | use this instead: https://github.com/zyga/devtools/blob/master/reset-state | 09:28 |
zyga | run this script as the pastebin above is incomplete and leaves some stuff behind | 09:28 |
zyga | feel free to spread the link, I maintaing that script to work as snappy evolves | 09:28 |
dpm | thanks zyga - does the system need to be rebooted after runing the script? E.g. for mounts and such | 09:30 |
zyga | dpm: I don't believe so | 09:33 |
zyga | dpm: though if you find a corner case do let me know | 09:33 |
zyga | dpm: and I will gladly take pull requests | 09:33 |
zyga | dpm: to improve on the wording, behavior, etc | 09:34 |
dpm | thanks zyga | 09:38 |
pedronis | zyga: though the goal is not to need the script :) | 09:39 |
zyga | pedronis: hehe :) I wonder if dpkg had a 'wipe.pl' script in the early days ;) | 09:39 |
zyga | pedronis: I fully agree though :) | 09:39 |
zyga | after the first sru the number of breaking bugs will certainly be much lower | 09:40 |
dragly | zyga: You mentioned blogging about it when OpenGL apps are working properly. Where's your blog? I'd like to follow the progress on this :) | 09:46 |
zyga | dragly: zygoon.pl, also on planet.ubunt.com | 09:46 |
slvn | zyga, just to let you know. snap package works when the SDL2 renderer is set as software (no GL libs). Using opengl renderer, libGL.so can't load libswards_dri.so. Verbose log http://paste.ubuntu.com/16076481/ | 09:46 |
dragly | thanks | 09:46 |
zyga | slvn: does it work when you install the snap with --devmode (remove it first please) | 09:47 |
zyga | slvn: please report a bug on snappy with the log you see above and with syslog output (journalctl -n 1000,) | 09:48 |
zyga | slvn: we won't "fix" it immediately but it will help us to track it | 09:48 |
zyga | slvn: please include your snapcraft file / sources as well (as links or attachments) | 09:48 |
slvn | Adding --devmode won't help | 09:50 |
slvn | also, I have the swarst_dri in the ./snap/ see : http://paste.ubuntu.com/16076518/ | 09:51 |
slvn | I'll report the issue ... | 09:51 |
zyga | slvn: if --devmode doesn't help then you need to tweak your snap to have the right settings to intialize GL (I cannot help there unfortunately) | 09:58 |
zyga | slvn: including, perhaps, more libraries | 09:59 |
seb128 | dholbach, is https://github.com/ubuntu-core/snapcraft/blob/master/docs/your-first-snap.md uptodate? | 09:59 |
slvn | zyga, I continue investigating before reporting (or not) the issue. it seem dri/swrast.so is there, but libGL.so is not finding it :/ | 10:00 |
slvn | zyga, what does devmode does ? | 10:00 |
zyga | slvn: http://www.zygoon.pl/2016/04/snap-install-devmode.html | 10:00 |
slvn | zyga, ok! strange because with "--devmode" but no plug x11/opengl and no stage package libgl1-mesa-glx, it still cannot find libGL.so. | 10:07 |
pedronis | that's what subset of libs we mount, not a security one | 10:10 |
pedronis | I suspect | 10:10 |
slvn | zyga, still want me to enter a bug report ? (https://launchpad.net/snapcraft ?) | 10:13 |
zyga | slvn: yes please | 10:13 |
dholbach | seb128, it should be - if it's not, that's a bug | 10:15 |
seb128 | dholbach, ok, good, just checking before starting reading it ;-) | 10:15 |
seb128 | dholbach, thanks | 10:15 |
dholbach | seb128, https://github.com/ubuntu-core/snapcraft/pull/454 is a pending change I know of | 10:16 |
seb128 | dholbach, danke | 10:16 |
dholbach | kyrofa, ^ can we land this one soon? | 10:16 |
seb128 | dholbach, I started by reading https://github.com/ubuntu-core/snapcraft/blob/master/docs/get-started.md | 10:17 |
seb128 | which states | 10:17 |
seb128 | "This is the most important selection of tools you will get after installation: | 10:17 |
seb128 | snappy try - try snaps from a .snap, the [stage] or [snap] dir" | 10:17 |
seb128 | but "snappy" is command-not-found | 10:17 |
seb128 | so I was wondering if the rest was updated | 10:18 |
seb128 | going to read more and see if I find issues | 10:18 |
seb128 | dholbach, k, that pending change address that one | 10:23 |
slvn | zyga, there https://bugs.launchpad.net/snapcraft/+bug/1575582 | 10:24 |
ubottu | Launchpad bug 1575582 in Snapcraft "Snap package, using SDL2, needs access to libGL.so and DRI dependencies" [Undecided,New] | 10:24 |
zyga | slvn: thanks, checking | 10:25 |
slvn | zyga, the attachment is the SDL2 helloworld .. | 10:25 |
zyga | slvn: the attachment looks good, thanks for reporting this | 10:26 |
=== chihchun is now known as chihchun_afk | ||
=== chihchun_afk is now known as chihchun | ||
slvn | zyga, my opinion is that GL libs should not be provided in the snap package. But the SDL2 should require an access to a subset of system libs. | 10:45 |
slvn | when I add the "plug" unity7, I can get access to mirclient I guess? | 10:45 |
slvn | but when I add the plug "opengl" I dont get access to libGL ! | 10:45 |
ogra_ | that would be unity8 :) | 10:45 |
ogra_ | (there is no expectation for mir on unity7 i thinnk) | 10:46 |
slvn | to get access to libGL, I need to add the stage-package libgl1-mesa | 10:46 |
zyga | slvn: that much is true but which *actual* libraries are provided by the snap and which are provided by the os is tricky | 10:47 |
zyga | slvn: from a particular GL call in your code to, say, nvidia userspace blob doing something is a long path | 10:48 |
zyga | slvn: a similar thing happens with openCL but there it, at least, was designed correctly up front | 10:48 |
slvn | ogra_, yep unity8 :) but that's probably a typo .. btw, if I put unity8, I get an error at runtime "Bad system call". | 10:48 |
zyga | slvn: so you can query available drivers and pick the right one | 10:48 |
zyga | slvn: there is no unity8 interface yet | 10:49 |
Domi | Hello, how do I pack packages form pip in my snap? | 10:51 |
zyga | Domi: hey, look at snapcraft examples, there are some pip-based python demos there | 10:52 |
slvn | zyga, yep tricky choice of lib to include or not ... Best case: the snap contains only the Application. Worse case: it contains the whole distribution ... | 10:53 |
slvn | how can I know that the "plug" "opengl" do ? | 10:53 |
Domi | zyga: I just see the python example with spongeshaker and github | 10:54 |
Domi | https://github.com/ubuntu-core/snapcraft/blob/master/examples/py3-project/snapcraft.yaml | 10:54 |
zyga | slvn: look at snappy source code, today there's little docs on interfaces | 10:54 |
zyga | slvn: I'm writing some but they are not ready yet | 10:54 |
slvn | zyga, np, I will have a look :) | 10:55 |
Domi | snapcraft snap fails because the python installation. Her is the output http://pastebin.com/GmZB6v4D can anyone help me? | 11:25 |
seb128 | can snapcraft.yaml use a dynamic version? | 11:33 |
seb128 | like version: "version: `bzr revno`" | 11:39 |
zyga | seb128: nope | 11:51 |
zyga | seb128: not that I know of at least | 11:51 |
seb128 | :-( | 11:56 |
_morphis | zyga: you saw my comment about moving the security label building code somewhere else where every interface implementation can consume it? | 12:01 |
zyga | _morphis: no, not yet | 12:01 |
zyga | _morphis: though I think it makes a lot of sense :) | 12:02 |
_morphis | ok | 12:02 |
_morphis | :-) | 12:02 |
zyga | _morphis: I was thinking if n-m would use it | 12:02 |
kyrofa | Good morning | 12:02 |
_morphis | zyga: for sure | 12:02 |
kyrofa | dholbach, I was hoping to wait until snappy was in sync across the desktop and ubuntu core, but perhaps that's not necessary | 12:03 |
=== chihchun is now known as chihchun_afk | ||
loic_m | hi there | 12:11 |
loic_m | I work on a project where I'll have raspberryPis running various applications (deal with a central API, and run a chrome-browser in kiosk mode to display an html app displayed on a screen plugged-in by hdmi) | 12:13 |
loic_m | I'm discovering Snappy and I wonder if it could be a great tool to manage my applications and their deployment accros all the devices | 12:14 |
loic_m | can I have "private" snaps on the store? | 12:16 |
=== chihchun_afk is now known as chihchun | ||
zyga | loic_m: I'm sure you can :-) | 12:22 |
zyga | _morphis: I'm looking at one more thing and then I'll switch focus to n-m | 12:23 |
_morphis | zyga: ok, just moving those bits into a specific function is enough for me, I can adjust the n-m interface implementation then | 12:25 |
sergiusens | kyrofa I have another morning gift for you https://bugs.launchpad.net/bugs/1575628 | 12:45 |
ubottu | Launchpad bug 1575628 in Snapcraft ""copy" plugin symlinks whole snap folder when no source is given" [Undecided,New] | 12:45 |
kyrofa | sergiusens, yeah I'm discussing it now in another channel | 12:46 |
seb128 | did anyone looked at making snaps load locale .mo translations? | 12:46 |
seb128 | dpm, ^ do you know? | 12:46 |
kyrofa | sergiusens, the problem is that built snaps are copied if the source is '.'. Which is a problem with all plugins that accept the source keyword | 12:46 |
seb128 | also to get locales generated in the snap | 12:46 |
dpm | seb128, tl;dr, I did, it didn't work | 12:47 |
seb128 | did you file a bug about it? | 12:47 |
dpm | seb128, the clock app is an example: | 12:47 |
dpm | it builds and ships the .mo files | 12:47 |
dpm | but the UI toolkit does not find them | 12:47 |
seb128 | well, non english locales are not even available right? | 12:48 |
seb128 | we would need to generate locales on the core image | 12:48 |
sergiusens | kyrofa yeah, I am not a fan of source: '.'; we could be smarter about this and do a `bzr export`, `git whatever` and then default to a plain copy (depending on the plugin of course) | 12:48 |
seb128 | or to include locales in the snap | 12:48 |
seb128 | and generate those in some way | 12:48 |
dpm | seb128, for the toolkit, apparently setting https://github.com/sergiusens/qt5conf/blob/master/qt5-launch#L55 should take care of it, but it didn't work. And yeah, good point, if they're not generated, they won't be recognized | 12:49 |
vila | sergiusens: yeah, coverage is not such a big deal for me... as long as you don't block on that ;-) The integration tests cover the parts that the unit test don't | 12:49 |
vila | sergiusens: this is ready to review though | 12:49 |
kyrofa | sergiusens, what does bzr export (or similar) get us? | 12:49 |
sergiusens | vila well we do block on low unit test coverage ;-) | 12:49 |
sergiusens | kyrofa exporting the pure sources without generated artifacts | 12:50 |
kyrofa | sergiusens, assuming the snap is in version control? | 12:50 |
kyrofa | sergiusens, what if we disallowed specifying '.' as the source? We could get rid of the build step's filtering that way | 12:50 |
vila | sergiusens: well, you want me to require a dev setup including sso, sca, cpi and updown servers ? ;-) | 12:50 |
sergiusens | kyrofa yeah, that's why I said, if nothing is possible, default to plain copy (depending on the plugin) | 12:51 |
kyrofa | Ah | 12:51 |
sergiusens | vila I say talk to elopio; he's the master of test; but we mock server requests/responses for these cases in general | 12:51 |
kyrofa | sergiusens, that also means we can't run if one hasn't committed to git (or bzr, whatever)... | 12:51 |
vila | sergiusens: the coverage decreased is caused by the implementation change and by replacing mocked tests by tests against real code | 12:52 |
vila | mocked requests/response bitrot faster than the server evolves, especially here for macaroons | 12:52 |
zyga | http://www.zygoon.pl/2016/04/anatomy-of-snappy-interface.html | 12:52 |
ogra_ | heh, zyga playing doctor :) | 12:53 |
zyga | :-) | 12:54 |
sergiusens | vila so this is not specced? Chipaca are you testing the macaroons implementation with unit tests in snapd? | 12:54 |
sergiusens | vila this is also why we need both in any case, integration tests and unit | 12:54 |
vila | sergiusens: what do you mean by speceed ? | 12:56 |
sergiusens | vila client/server interaction | 12:56 |
dholbach | kyrofa, probably not | 12:56 |
kyrofa | dholbach, alright, I'll write it for the desktop, since that'll be valid soon for ubuntu core | 12:57 |
zyga | dholbach: note, I won't be able to attend the snappy community sync | 12:58 |
kyrofa | sergiusens, alright with you if we get https://github.com/ubuntu-core/snapcraft/pull/454 into the SRU as well? | 12:58 |
vila | sergiusens: it is, that didn't mean there is no bugs (we've fixed several along the way) | 12:58 |
zyga | dholbach: unless you want me to dial-in from a classic mobile | 12:58 |
dholbach | zyga, no worries | 12:58 |
dholbach | dpm, ^ looks like zyga and niemeyer can't make it for the sync | 12:59 |
dholbach | maybe we should set up a separate meeting to discuss interfaces/playpen? | 12:59 |
zyga | I could have otherwise just not today (I learned a moment ago) | 12:59 |
dpm | niemeyer, zyga, would another day this week work better for you? | 12:59 |
zyga | dpm: any, sorry, I'm usually free at this time | 13:00 |
niemeyer_ | dpm: Not at this time | 13:01 |
niemeyer_ | dpm: I mean, not if the slot is at the same time of the day | 13:02 |
dpm | dholbach, niemeyer, zyga, would tomorrow, 30 mins later than the original time work? | 13:07 |
dpm | I'm looking at the calendars and I don't see any conflicting calls | 13:08 |
zyga | earlier would work, I'm free at all times except for the stand-up call we have right now | 13:08 |
dpm | 1h earlier, then? | 13:09 |
sergiusens | kyrofa yeah, it is fine | 13:09 |
seb128 | is plugs security enoug to let a snap access to the network? | 13:12 |
zyga | yes | 13:14 |
zyga | 'network' plug gives you client access | 13:14 |
dpm | zyga, niemeyer, so would tomorrow, 13:30 UTC work for you, right after your standup? | 13:15 |
dpm | dholbach, I'm otp atm, if that works for everyone, would you mind moving the meeting? ^ | 13:16 |
niemeyer_ | dpm: Yeah, that works | 13:16 |
dpm | excellent | 13:16 |
dholbach | dpm, hohum... that won't work for me | 13:16 |
dholbach | I have an appointment from which I have to get back home | 13:16 |
dholbach | I'd be late quite a bit | 13:17 |
dholbach | maybe I should make that clearer in my calendar | 13:17 |
niemeyer_ | dholbach, dpm: Done, thanks! | 13:17 |
dholbach | or hang on | 13:17 |
dholbach | UTC | 13:17 |
dholbach | nevermind | 13:17 |
dholbach | ignore me | 13:17 |
dpm | dholbach, ok, cool :) | 13:17 |
dholbach | sorry, I didn't want to complicate things additionally :-) | 13:18 |
dpm | all good now :) | 13:18 |
zyga | jdstrand: about x11, can we do anything about that untrusted client thing that mjg59 mentioned? | 13:43 |
sergiusens | ogra_ dholbach how would we SRU snapcraft when needed? We have some bug fixes around for a 2.8.5; and later on I'd like to get 2.9 with support for gulp to be able to build some node/electron apps | 13:49 |
ogra_ | sergiusens, well, through the normal SRU process | 13:54 |
ogra_ | have bugs ... subbscribe the SRU team ... upload to -proposed with the bugs mentioned in the changelog ... | 13:55 |
jdstrand | zyga: its being discussed in another thread. there are options. untrusted isn't likely one of them since it doesn't actually block key sniffing (it only blocks one way to sniff) | 13:57 |
jdstrand | zyga: all options require engineering effort | 13:57 |
jdstrand | zyga: but the main thing is that this is a strategic decision and a transition, and messaging should reflect that | 13:58 |
jdstrand | zyga: and messaging beyond what has been messaged is being discussed with olli, jamiebennett, etc | 14:00 |
dholbach | sergiusens, get all fixes into yakkety first | 14:02 |
dholbach | sergiusens, then file a bug report listing with the stuff that's fixed in the SRU, and add the https://wiki.ubuntu.com/StableReleaseUpdates description to the bug | 14:03 |
dholbach | sergiusens, let me know if you need any help with that | 14:03 |
seb128 | jdstrand, hey, can you tell us how snap is blocking syscalls? seems to block "socketcall" on my i386 install for some reason | 14:10 |
ogra_ | seb128, via seccomp | 14:12 |
seb128 | ogra_, any idea about it blocking "socketcall" on i386? | 14:13 |
ogra_ | (there used to be ways to exclude syscalls from it ... not sure that still exists with the switch to interfaces though) | 14:13 |
ogra_ | well, it will most likely block creation of system sockets outside of the confined snap area | 14:13 |
ogra_ | (you should be able to create session related sockets in your rw space though) | 14:14 |
jdstrand | seb128: via seccomp. the launcher sets up a list of allowed syscalls. you can use 'scmp_sys_resolver ##' on the target system to see what the syscall is | 14:17 |
jdstrand | seb128: you can manually add them to the seccomp filter in /var/lib/snapd/seccomp/profiles/... to temporarily unblock yourself | 14:18 |
ogra_ | jdstrand, is there still a way via snap.yaml ? | 14:18 |
desrt | jdstrand: the problem is that the syscalls for individual socket APIs are very new on i386 | 14:18 |
desrt | and glibc still doesn't implement them via the new calls | 14:18 |
desrt | so on i386 we need to allow socketcall() for any network access | 14:19 |
desrt | but unfortunately that will also open up bind() listen() etc | 14:19 |
desrt | this is more or less why they introduced the new calls.... | 14:19 |
jdstrand | seb128: socketcall is included in the 'network' plug. add 'plugs: [ network ]' to your yaml | 14:19 |
desrt | (for the sake of seccomp) | 14:19 |
desrt | jdstrand: we already have that :/ | 14:19 |
jdstrand | seb128: it's possible you have that and it isn't autoconnecting. sergiusens saw that yesterday | 14:19 |
jdstrand | desrt: ^ | 14:19 |
jdstrand | I think zyga is aware of the issue | 14:20 |
desrt | really, we need a new glibc... | 14:20 |
ogra_ | desrt, just ship it in your snap ;) | 14:20 |
jdstrand | oh, no I lied | 14:21 |
jdstrand | socketcall is commented out | 14:21 |
jdstrand | it is intentionally blocked | 14:21 |
desrt | could we at least get it with network-bind? | 14:21 |
jdstrand | probably | 14:22 |
desrt | if we have network-bind then clearly the whole range of socket calls is OK... | 14:22 |
jdstrand | let me look into it | 14:22 |
desrt | thx! | 14:22 |
jdstrand | for now, to unblock yourselves while I look at that, add it to /var/lib/snapd/seccomp/profiles/... | 14:22 |
desrt | thanks for the help :) | 14:22 |
seb128 | jdstrand, thanks | 14:23 |
desrt | you might want to let socketcall() happen for 'network' if we're on x86.... | 14:23 |
desrt | on account of the fact that that's probably more reasonable than listing network-bind in every app that uses the network and doesn't want to be aborted on 32bit | 14:23 |
desrt | strictly, it's a leak of additional privilege... but considering the alternative (ie: all apps effectively have to list network-bind everywhere) it seems fairly reasonable | 14:25 |
slvn | quick question, my snap application needs images. I copy them directly in the "./snap" folder and open them with the path "$env(SNAP)/foo.png". Is there a better way to do that ? | 14:36 |
seb128 | jdstrand, is there a way to allow dbus communication between unity and confined softwares? | 14:37 |
sergiusens | jdstrand desrt yes, after multiple install/uninstalls will eventually casuse this | 14:37 |
desrt | specifically, unity needs to make a method call, the app needs to reply, and then the app needs to be able to broadcast signals that unity can see | 14:39 |
ogra_ | slvn, sounds like an okayish way to me | 14:40 |
desrt | apps also need to be able to own a specific bus name | 14:41 |
slvn | ogra_, ok :) | 14:41 |
slvn | ogra_, maybe a magic CMake instruction, to automate the copy of images to ./snap :/ ? | 14:42 |
* ogra_ would just use the copy plugin to copy the dir | 14:43 | |
slvn | ok! | 14:45 |
kyrofa | slvn, indeed, that's what the copy plugin is for | 14:45 |
sergiusens | dpm can I have comment permissions to your "Snap this!" doc? | 14:47 |
sergiusens | dpm thanks! | 14:47 |
dpm | sergiusens, done | 14:47 |
sergiusens | dpm yeah, I said thanks when I saw I had access :-) | 14:55 |
sergiusens | dpm fully commented, every bullet ;-) | 14:55 |
slvn | ogra_, kyrofa, in fact, I use "install(FILES ${IMAGES} DESTINATION .)" because COPY copy in build/... | 15:02 |
Trevinho | sergiusens: hey, how can I get snapcraft to be more verbose (or a plugin to be)? | 15:02 |
kyrofa | slvn, ah, we meant the copy plugin in snapcraft | 15:03 |
kyrofa | slvn, but doing it in cmake works as well :) | 15:03 |
sergiusens | Trevinho --debug | 15:04 |
ogra_ | yeah, indeed | 15:04 |
slvn | kyrofa, :) well .. since it's now written in the cmakefile .. I'll keep it there.. | 15:04 |
sergiusens | Trevinho we still have an action to add --verbose which would enable verbose builds for everything that supports it | 15:04 |
sergiusens | slvn long term, doing it in the build system is the better option | 15:05 |
Trevinho | sergiusens: ok, thanks | 15:05 |
Trevinho | sergiusens: it would be cool | 15:05 |
jdstrand | seb128: sorry, was in several meetings | 15:05 |
Trevinho | sergiusens: also, what if a nodejs package needs to do npm i multiple dirs (like parent and child folder)? adding two parts does work? | 15:05 |
jdstrand | seb128: so, what I told willcooke was that if you give me the snap, I can work through the policy issues and update the unity7 interface security policy | 15:06 |
sergiusens | Trevinho two parts should work | 15:06 |
kyrofa | slvn, great! | 15:06 |
sergiusens | Trevinho what are you doing out of curiosity? | 15:06 |
Trevinho | sergiusens: mh well... it almost does... but then I've an error in looking for files | 15:06 |
jdstrand | seb128: in the meantime, you can temporarily adjust things in /var/lib/snapd/apparmor/profiles/... then add this rule in between the curly brackets: | 15:06 |
jdstrand | dbus, | 15:06 |
sergiusens | Trevinho I have multiple additions for the nodejs plugin (among those, being able to use gulp as the driver) | 15:06 |
jdstrand | sergiusens: then do: sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/... | 15:06 |
jdstrand | err | 15:07 |
jdstrand | seb128: ^ | 15:07 |
sergiusens | err | 15:07 |
sergiusens | :-) | 15:07 |
Trevinho | sergiusens: as experiment https://github.com/Aluxian/Whatsie | 15:07 |
jdstrand | seb128: that will allow all dbus calls until you reboot | 15:07 |
Trevinho | jdstrand: the changes are http://paste.ubuntu.com/16081259/ | 15:07 |
seb128 | jdstrand, thanks | 15:07 |
Trevinho | jdstrand: very hacky though | 15:07 |
jdstrand | seb128: actually, until snapd updates the file, which I think is on reboot but might happen every 12 hours | 15:07 |
Trevinho | there are hardcoded archs... or | 15:08 |
Trevinho | cahce files with are not generated | 15:08 |
Trevinho | cache* | 15:08 |
jdstrand | oh, you are doing this on i386 and not amd64? | 15:08 |
seb128 | jdstrand, the pastebin from trevinho are our hacks from the day | 15:08 |
seb128 | I am | 15:08 |
seb128 | my laptop is 6 years old never reinstalled | 15:08 |
jdstrand | I see | 15:08 |
jdstrand | I could easily adjust locally | 15:08 |
sergiusens | Trevinho you might want to wait for my gulp branch | 15:08 |
seb128 | but we have people who tried on amd64 | 15:08 |
Trevinho | well, yeah... but also in a brandnew VM things do the same | 15:08 |
seb128 | right | 15:08 |
jdstrand | Trevinho: that is a diff to my junk branch? | 15:09 |
seb128 | sergiusens, gulp? | 15:09 |
Trevinho | sergiusens: ah, ok... | 15:09 |
Trevinho | jdstrand: yes | 15:09 |
seb128 | jdstrand, yes | 15:09 |
jdstrand | ok, I have another meeting in a few minutes but will start playing with this after | 15:09 |
seb128 | sergiusens, are you telling us we shouldn't have started working on a gnome example because we dup work with you? | 15:09 |
sergiusens | seb128 no, I am talking to Trevinho ;-) | 15:09 |
seb128 | jdstrand, k, we are mostly done for today here | 15:09 |
Trevinho | jdstrand: this is for x86-64 http://paste.ubuntu.com/16082479/ | 15:10 |
Trevinho | jdstrand: and... you need to copy there /usr/share/mime/mime.cache | 15:10 |
sergiusens | seb128 carry on with gtk :-) | 15:10 |
seb128 | sergiusens, well, Trevinho is with us at a team sprint where we collectively work together | 15:10 |
sergiusens | seb128 oh, well he is looking at a nodejs project | 15:10 |
seb128 | ah ok | 15:10 |
* Trevinho too | 15:10 | |
seb128 | so other thing :-) | 15:10 |
ogra_ | jdstrand, you should just declare it "notabug" and blame seb128 for skipping laptop refreshes twice already :P | 15:10 |
jdstrand | ah yes the loaders cache. I would've forgotten about that | 15:10 |
* Trevinho multi-tasking | 15:10 | |
jdstrand | Trevinho: thanks! | 15:10 |
jdstrand | ogra_: hehe | 15:11 |
sergiusens | seb128 and I've just added gulp support (a nodejs build driver) to the nodejs plugin | 15:11 |
sergiusens | still missing grunt | 15:11 |
seb128 | jdstrand, we got gnome-calcultor to work including icons and exported menus and theme (unrestricted), in restricted menus are missing | 15:11 |
jdstrand | seb128: willcooke said something about you guys pushing a branch somewhere at some point. can you ping me whenever that happens? | 15:11 |
sergiusens | and the G is not related to glib, gtk or gnome :-) | 15:11 |
jdstrand | sergiusens: that is great! I have some policy for menus but lacked an app to verify it | 15:12 |
seb128 | jdstrand, sure, I need to clean up the diff in the pastebin and replace the arch encoded bits | 15:12 |
jdstrand | darn it | 15:12 |
jdstrand | seb128: ^ | 15:12 |
seb128 | k | 15:12 |
seb128 | great :-) | 15:12 |
seb128 | jdstrand, we hope that the "have to ship precompiled cache, pixbuf loaders, etc" is going to get replaced by proper solutions over time though | 15:13 |
ogra_ | be introducing postinst in snaps ? | 15:14 |
seb128 | that wouldn't help | 15:14 |
Trevinho | sergiusens: however, in these cases, I should do a custom plugin or is there another way to run gulp? Actually it seems to build the src though | 15:15 |
seb128 | you don't want each app to ship the glib locales and have to do e.g locale-gen | 15:15 |
Trevinho | sergiusens: the only thing I did was a simple http://pastebin.ubuntu.com/16082644/ | 15:17 |
jdstrand | seb128: oh for sure. that is rather icky. but one step at a time :) | 15:17 |
jdstrand | seb128: curious if you think that means changes to gtk to support snaps (whether that is a plugin or something else) | 15:18 |
seb128 | jdstrand, are we going to recommend upstream to copy our hacks to include gio, etc caches? | 15:18 |
jdstrand | seb128: no, I mean design a solution that can work with it | 15:18 |
jdstrand | basically, I'm curious if you have ideas on what the proper solution will be | 15:19 |
seb128 | well it's a design choice | 15:19 |
Trevinho | sergiusens: but then I get something like | 15:19 |
Trevinho | https://www.irccloud.com/pastebin/1tASMLIM/ | 15:19 |
seb128 | I think e.g image loaders should be part of the core | 15:19 |
seb128 | not something appdevs are interested to have a custom copy of | 15:19 |
jdstrand | seb128: I would tend to agree. ie, ubuntu personal has all these kinds of things, like how touch does | 15:20 |
seb128 | right | 15:20 |
seb128 | then things like schemas, etc we need to resolve | 15:20 |
ogra_ | seb128, i really dont want image loaders in my IoT device :P | 15:20 |
seb128 | that's why you would install core and not personal | 15:20 |
ogra_ | (unless its some camera IoT think perhaps) | 15:20 |
jdstrand | seb128: now whether that is a separate os snap or a special snap that works with the os snap, idk. that is for the architects to decide | 15:20 |
seb128 | right | 15:21 |
jdstrand | ok | 15:21 |
ogra_ | i guess we need some low level library snap from canonical that provides the bits and pieces | 15:21 |
=== oparoz_ is now known as oparoz | ||
Trevinho | and... with other files... Here's the deubg output | 15:21 |
* ogra_ would have it called a framework snap :P | 15:21 | |
Trevinho | https://www.irccloud.com/pastebin/1dNpAbUr/ | 15:21 |
Trevinho | ogra_: yeah, a framework for gtk/gnome is really needed... | 15:22 |
ogra_ | except that we killed frameworks with snappy 2.0 | 15:23 |
ogra_ | (thus the :P above ) | 15:23 |
Trevinho | yeah, that's what I was worried about.... | 15:23 |
Trevinho | so, we're going to ship a 66Mb snap for the calculator, and other hundreads of apps? | 15:23 |
Trevinho | ogra_: ^ | 15:24 |
ogra_ | and buy stocks of some SSD manufacturer, yeah | 15:24 |
Trevinho | al least if deduplication was still something we cared about... | 15:24 |
ogra_ | (i know the prob is known ... but the former solutions were abandoned .... not sure whats in the pipe for that in the future ) | 15:25 |
oparoz | library snap? | 15:25 |
ogra_ | that only helps within one namespace | 15:25 |
ogra_ | per definition | 15:26 |
oparoz | I thought the goal of the library snap was to offer common tools and space? | 15:27 |
slvn | Got an apparmor issue "shm_open() failed" when initializing audio. Syslog: apparmor="DENIED" operation="open" name="/dev/shm/pulse-shm-4267673202 | 15:27 |
seb128 | jdstrand, sergiusens, ogra_, do we have a plug for sound? | 15:27 |
ogra_ | oparoz, withing your namespace, yes | 15:27 |
ogra_ | seb128, not yet ... | 15:27 |
oparoz | ogra_, what do you call the namespace? dev ID? | 15:27 |
slvn | :( | 15:27 |
ogra_ | oparoz, yes | 15:28 |
oparoz | ogra_, makes sense | 15:28 |
kyrofa | slvn, I don't think we have any audio interfaces yet. I think zyga is working on it | 15:28 |
slvn | kyrofa, ok np, I will just skip the audio initialization for the moment .. | 15:29 |
jdstrand | seb128: not yet. zyga and I discussed it a bit yesterday but need niemeyer_'s input | 15:30 |
ogra_ | just deliver some sheet music alongside your app ... | 15:30 |
seb128 | k | 15:30 |
jdstrand | this is again, due to not having a working snap | 15:30 |
seb128 | well no need of that for calculator | 15:30 |
seb128 | I've just been playing a bit more, including pulseaudio in a snap and trying paplay | 15:31 |
jdstrand | seb128: is there an app that is using it? | 15:31 |
jdstrand | I see | 15:31 |
jdstrand | seb128: so there are two things at play here (fyi niemeyer_): 1) a pulseaudio snap that works on core proper and 2) pulseaudio access for snaps on classic | 15:32 |
jdstrand | I foresee the policies to actually be different | 15:32 |
_morphis | jdstrand, awe_: updated https://github.com/ubuntu-core/snappy/pull/1036 today, would be great if you guys can have another look | 15:33 |
jdstrand | so we need to work out if for the transition perid of snaps on classic if pulseaudio should just be included in unity7 or maybe a new unity7-audio, and then have the pulseaudio interface for a pulseaudio snap | 15:33 |
jdstrand | seb128, niemeyer_: ^ | 15:33 |
seb128 | jdstrand, right | 15:33 |
jdstrand | niemeyer_: perhaps you have other opinions. personally, I'm leaning towards unity/unity7-audio | 15:33 |
jdstrand | niemeyer_: but I'm totally open to other options | 15:34 |
jdstrand | s#unity/unity7-audio#unity7/unity7-audio# | 15:34 |
seb128 | do we have an human-description of the current plugs? | 15:34 |
_morphis | jdstrand: sounds good to me as we will use an actual "pulseaudio" interface for the real pulseaudio snap we're doing for core | 15:34 |
jdstrand | seb128: in docs/interfaces.md. that will be updated on the website in the coming days | 15:35 |
seb128 | _morphis, how is that going to work? does it mean an app that needs audio is going to be able to depends on the pulseaudio one? | 15:35 |
* ogra_ wonders if such a setup can even work when pulse runs as a session thing (vs a system daemon) | 15:35 | |
slvn | also .. SDL_Init(SDL_INIT_JOYSTICK) will say "Can't init SDL JOYSITCK: Could not initialize UDEV: | 15:35 |
_morphis | seb128: for ubuntu-core not desktop we're going to make an pulseaudio snap | 15:35 |
ogra_ | i assume the pulse snap will spawn a system process ... | 15:35 |
ogra_ | (have to) | 15:36 |
seb128 | _morphis, but can snaps have depends on other snaps/share resources? | 15:36 |
jdstrand | _morphis: yes. are you guys planning on picking up diwic's work? /me notes that the pulseaudio discussion applies equally to network-manager and bluez | 15:36 |
_morphis | which will use a "pulseaudio" itnerface to provide slots for other snaps to connect to | 15:36 |
seb128 | we start having frameworks then? | 15:36 |
jdstrand | seb128: no, frameworks are dead | 15:36 |
_morphis | jdstrand: we do but its the last item in the list | 15:36 |
ogra_ | we just abandoned them :) | 15:36 |
_morphis | seb128: the only thing you need in your app is a plug using the "pulseaudio" interface | 15:36 |
seb128 | _morphis, then installation your application would install the other snap? | 15:37 |
_morphis | and for sure a client lib inside your snap to connect to pulse | 15:37 |
seb128 | e.g sort of depends? | 15:37 |
ogra_ | no | 15:37 |
ogra_ | no depends | 15:37 |
ogra_ | the interface would simply not be there and you wouldnt get sound | 15:37 |
seb128 | so your users might get sound working or not | 15:38 |
ogra_ | yeah | 15:38 |
_morphis | yes | 15:38 |
seb128 | "great" | 15:38 |
seb128 | :-) | 15:38 |
jdstrand | seb128: instead there are interfaces. a pulseaudio interface can be used on the slot side (server) or the plugs side (client). a pulseaudio snap would declare it provides the pulseaudio slot for apps to connect to. clients declare to use the pulseaudio slot. then UX defines how to surface snaps that plug pulseaudio if you have the pulseaudio snap installed or not (ie, the slot is available for use) | 15:38 |
jdstrand | s/clients declare to use the pulseaudio slot/clients declare to use the pulseaudio slot via 'plugs'/ | 15:39 |
_morphis | seb128: could be that we do different pulseaudio itnerface for different use cases if we have to limit certain aspects for security reasons or so | 15:39 |
seb128 | jdstrand, any dev/snap is going to be able to provide slot side? | 15:39 |
jdstrand | seb128: that is a pure ubuntu core system. not sdoc | 15:39 |
ogra_ | _morphis, well, i'm still curious about system daemon vs session daemon ... | 15:39 |
_morphis | ogra_: I suspect we will only have a system instance on core | 15:40 |
ogra_ | today every user has his own pulse daemon on a per session base | 15:40 |
jdstrand | seb128: yes, but if you are declare a slot and the slot is deemed dangerous, then the snap will be flagged for manual review (eventually handled via assertions) | 15:40 |
jdstrand | seb128: today, all snaps that declare slots are flagged. that will evolve | 15:40 |
awe_ | ogra_, sure and every user has it's own obexd | 15:42 |
jdstrand | seb128 (and niemeyer_): as for pulseaudio on sdoc, you can see that there is an interplay there that we need to consider. the ubuntu-core os snap doesn't provide pulseaudio, but it is magically provided by how snappy on classic is implemented. and the pulseaudio on classic is different (and would certainly conflict with) a pulseaudio snap | 15:42 |
awe_ | ogra_, for snappy, this was changed to work on the system bus | 15:42 |
jdstrand | so there are questions to be solved | 15:42 |
awe_ | ogra_, not saying it won't take work... | 15:42 |
jdstrand | answered* | 15:43 |
ogra_ | awe_, well, if i look at NM i have a proper split ... might make sense to have that everywhere | 15:43 |
awe_ | not sure what you mean? | 15:43 |
awe_ | by NM split? | 15:43 |
seb128 | jdstrand, thanks, direction looks good :-) it just feels weird that a dev can't declare that his app requires e.g an audio slot | 15:43 |
ogra_ | NM has a system process and a session process ... | 15:43 |
ogra_ | pulse currently doesnt allow that | 15:44 |
seb128 | jdstrand, it means device users might be able to install video player and not be able to get sound which makes the app looks buggy | 15:44 |
jdstrand | slvn: as for joysticks-- that is going to need an interface. once you figure out what it is that need and perhaps how to get there, please file a bug against snappy and add the snapd-interface tag | 15:44 |
awe_ | ogra_, there's only one NM | 15:44 |
awe_ | and it's system | 15:44 |
jdstrand | seb128: apps do declare it. eg, a game might 'plugs [ network, unity7, pulseaudio ]' | 15:44 |
ogra_ | awe_, but there is a system wide daemon and there are user-session clients using it | 15:45 |
awe_ | sure, and on snappy.. there'll be a system-wide daemon, and one or more snaps using it via interfaces | 15:45 |
jdstrand | seb128 (and niemeyer_): in the pure ubuntu-core system. in the sdoc system, maybe that is 'plugs: [ network, unity7 ]', maybe 'plugs: [network, unity7, unity7-audio ]', maybe something else (that is the discussion | 15:45 |
ogra_ | awe_, right, but thats not how pulse works atm | 15:46 |
ogra_ | it hogs the device from userspace via a session daemon | 15:46 |
jdstrand | niemeyer_: note, I'm effectively CCing you on the conversation but not because we need to have it this second, just so that you have context in the future conversation | 15:46 |
awe_ | jdstrand, can snaps be restricted from running on a sdoc system? | 15:46 |
seb128 | jdstrand, thanks | 15:46 |
awe_ | I don't see any possible use case for a NM snap to be installed there | 15:46 |
jdstrand | awe_ (and niemeyer_): there is no mechanism for that atm afaik. I guess you are thinking about blocking network-manager from an sdoc system. that is something else to consider for sure (and I think niemeyer_ may be thinking about that already) | 15:47 |
jdstrand | awe_ (and niemeyer_): it sorta feels like ubuntu-core os snap should only expose certain interfaces on sdoc (eg, unity7, x11) and filter other (network-manager, bluez, pulseaudio, etc). that needs to be worked through | 15:49 |
awe_ | yea, I've seen enough odd requests to make NM co-exist with other pseudo 'network-managers', but two NMs on the same device seems a super bad idea | 15:49 |
awe_ | jdstrand, +1 | 15:49 |
jdstrand | indeed :) | 15:49 |
ogra_ | awe_, if you hide it and someone is insane enough to upload a wicd snap to the store you get into the same trouble though (and you might not have any control over the person providing the wicd one to sdoc) | 15:50 |
ogra_ | sounds like a very tricky problem | 15:51 |
jdstrand | I think snappy could handle that | 15:51 |
jdstrand | ie, wicd would need an interface too | 15:51 |
jdstrand | so if network-manager was installed, wicd would not be available | 15:51 |
ogra_ | well, some standard network-device-access thing | 15:51 |
jdstrand | and vice versa | 15:51 |
jdstrand | if neither were installed, both would | 15:52 |
ogra_ | jdstrand, i'm talking about hiding NM on sdoc | 15:52 |
awe_ | well... out interface is *very* specific to NM | 15:52 |
ogra_ | you wont block people from pushing other stuff that breaks this | 15:52 |
awe_ | I suppose a wicd snap might be able to use it | 15:52 |
awe_ | however if wicd provided a DBus API it wouldn't work | 15:53 |
awe_ | but in the end | 15:53 |
ogra_ | (and you wouldnt block me from providing a naetwork-manager.ogra either) | 15:53 |
slvn | jdstrand, I'll debug the joystick (and fill a bug report if needed) another day :) | 15:53 |
awe_ | if they do all the work to create a wicd iface | 15:53 |
awe_ | then they can upload right? | 15:53 |
awe_ | and we have the same conflict problem on an sdoc system | 15:53 |
ogra_ | thats my point :) | 15:53 |
awe_ | I think if any package is valid example | 15:54 |
awe_ | it's be commman | 15:54 |
awe_ | s/it's/it'd/ | 15:54 |
jdstrand | the idea with interfaces is that they are a sort of contract | 15:54 |
awe_ | unfortunately bound a little too tight IMHOP | 15:54 |
jdstrand | if something declares it provides the slor for network-manager, it is network-manager to any clients that connect to it | 15:54 |
jdstrand | so if wicd can't do that, it needs its own interface | 15:55 |
awe_ | right, definitely not usable to any other package | 15:55 |
awe_ | ...but to ogra's point | 15:55 |
awe_ | there's no reason why we wouldn't upload a connman snap at some point | 15:55 |
awe_ | and it would have the same issues on an sdoc system | 15:55 |
jdstrand | yes | 15:55 |
ogra_ | right ... so how would you filter all of these snaps ... you cant just only forbid n-m on sdoc | 15:56 |
jdstrand | that will need to be discussed | 15:56 |
awe_ | the question is where's the line... do we assume people won't do such dumb things, or do we need to add a mechanism to prevent? | 15:56 |
jdstrand | but connman would have its own interface, so it could be added to the filter | 15:56 |
jdstrand | (on an sdoc system) | 15:56 |
awe_ | right | 15:56 |
jdstrand | (if that is how it is implemented) | 15:56 |
awe_ | I mean we are reviewing | 15:56 |
ogra_ | someone would have to maintain all these filter rules then | 15:56 |
ogra_ | that might become a huge thing | 15:56 |
jdstrand | maybe | 15:57 |
ogra_ | given that anyone can invent interfaces | 15:57 |
jdstrand | no | 15:57 |
jdstrand | all interfaces go through ubuntu core | 15:57 |
ogra_ | for the client side ? | 15:57 |
jdstrand | a snap can't ship an interface | 15:57 |
ogra_ | ah, i thought i can offer a foobar interface to others when i package foobar | 15:57 |
jdstrand | it can only implement it (it slots) or consume it (it plugs) | 15:57 |
awe_ | but it's all in the one interface added to core | 15:58 |
jdstrand | Ubuntu Core controls the types | 15:58 |
ogra_ | ok | 15:58 |
jdstrand | the types are bluez, network-manager, wicd, connman, pulseaudio, etc | 15:58 |
awe_ | wicd??? really? | 15:58 |
jdstrand | you can p[rovide an implementation (slots) that uses that type | 15:58 |
jdstrand | awe_: wicd isn't there now. I was just creating a list based on this conversation | 15:59 |
jdstrand | ok, I have a meeting | 15:59 |
awe_ | are we going to provide oss too? | 15:59 |
awe_ | thanks jdstrand | 15:59 |
awe_ | ttyl | 15:59 |
=== chihchun is now known as chihchun_afk | ||
_morphis | ogra_, awe_: we can run pulseaudio easily as system daemon | 16:01 |
_morphis | pulseaudio --system is all you need | 16:01 |
ogra_ | _morphis, i thought there were mutil-user reasons to do it the way we do it today | 16:01 |
_morphis | ogra_: sure | 16:02 |
ogra_ | like ... not freeing up the interface when you switch users etc | 16:02 |
_morphis | ogra_: on a multi user system you really don't want --system | 16:02 |
ogra_ | right | 16:02 |
_morphis | but on a ubuntu-core system you do | 16:02 |
_morphis | as we don't have multiple users there anyway | 16:02 |
awe_ | _morphis, that's what I said earlier | 16:02 |
awe_ | just like we do with obexd | 16:02 |
_morphis | yeah | 16:03 |
_morphis | we will do this with all daemons we're putting on ubuntu-core | 16:03 |
_morphis | no session bus | 16:03 |
awe_ | again, we may need to run things differently on core | 16:03 |
awe_ | this is all new ground | 16:03 |
jdstrand | _morphis: you mentioned pulse as last on the list. what is the list? I know bluez nm and pulse | 16:03 |
_morphis | jdstrand: nm, bluez, ofono, modemmanager, pulseaudio | 16:04 |
jdstrand | cool | 16:04 |
jdstrand | thanks! | 16:04 |
_morphis | jdstrand: which includes interconnections between them | 16:04 |
awe_ | and possibley "rild" | 16:04 |
_morphis | like we need the nm snap to work with both ofono and modemmanager | 16:04 |
awe_ | but we may just bundle as part of ofono | 16:04 |
_morphis | jdstrand: ah not to forget location-service | 16:04 |
awe_ | still tbd | 16:04 |
seb128 | calling it a day here | 16:05 |
seb128 | good evening everyone | 16:05 |
seb128 | jdstrand, I'm going to clean up things and push tomorrow morning | 16:05 |
jdstrand | seb128: thanks! hopefully once I'm done with my meetings today I can play with the paste | 16:06 |
jdstrand | seb128: have a nice evening :) | 16:06 |
seb128 | cool, let me know tomorrow or it goes (or feel free to drop an email | 16:06 |
seb128 | thanks | 16:06 |
seb128 | see you tomorrow! | 16:06 |
ogra_ | _morphis, user management is on the TODO for core ... so i wouldnt count on single-user-forever | 16:07 |
awe_ | for s16? | 16:07 |
awe_ | that's all we care about atm | 16:08 |
awe_ | can't worry about future problems yet | 16:08 |
awe_ | ;)- | 16:08 |
ogra_ | i know mark is pushy to get rid of the ubuntu user | 16:08 |
ogra_ | but i dont know if for 16 | 16:08 |
qengho | Er, should sound work from within a snap? Should one use pulseaudio client libraries? | 16:11 |
ogra_ | LOL !!!! | 16:11 |
ogra_ | looks like someone missed all the fun of the last 2h backlog in this channel :) | 16:11 |
ogra_ | qengho, no audio yet | 16:12 |
qengho | Oh. I did. I saw "kodi" had new release, thought I'd try something ambitious. | 16:14 |
geneios | Hi guys, I have a question about the python2 plugin. Is there a way to tell the setup.py to include a path? i.e I have a package that depends on a certain numpy version, which requires python-dev, but the path Python.h from python-dev isn't getting included. | 16:15 |
ogra_ | qengho, if you are really ambitious, try it with Mir as standalone snap ;) | 16:16 |
niemeyer_ | jdstrand: Sorry for not paying too much attention to the conversations this morning | 16:17 |
niemeyer_ | jdstrand: Have been in calls for the last several hours | 16:18 |
niemeyer_ | jdstrand: I think we want network-manager to be a slot offered by ubuntu-core itself in sdoc | 16:18 |
* niemeyer_ => late lunch | 16:19 | |
slvn | Install a snap package once, it works fine. But twice (event with version increment), it says : /bin/sh: 0: Can't open /snap/myapp/100002/command-example.wrapper | 16:22 |
jdstrand | niemeyer_: no worries at all, I was in calls all morning before that, so, I can relate. mostly I wanted you to be aware of the conversations | 16:27 |
jdstrand | niemeyer_: I can say that if network-manager is a slot in sdoc, then we are going to want to consider different slot and plug policy depending on if running on sdoc or not | 16:28 |
jdstrand | niemeyer_: in fact, we'll have to cause the security label for network-manager will be 'unconfined' on an sdoc system whereas on a pure core system it will be 'snap.network-manager...'. I know there will be different policy for pulseaudio too | 16:29 |
jdstrand | niemeyer_: anyway, we can discuss at a more convenient time | 16:29 |
zyga | jdstrand: I wasn't aware of issues specific to i386, is there a bug open on this? | 16:35 |
wililupy | So who is a good Snappy Kernel expert? | 17:02 |
niemeyer_ | wililupy: It's generally easier to shoot question and see who picks it than to fish for self-appointed experts :) | 17:07 |
wililupy | That's true. niemeyer_ | 17:08 |
ogra_ | wililupy, ricmm or asac perhaps (asac wrote the basic plugin, and i know ricmm used it quite a lot in the past) | 17:08 |
wililupy | I'm hitting a brick wall when my kernel snap. I can get it to build, but when I try to boot it fails. | 17:08 |
ogra_ | how does the boot fail | 17:09 |
wililupy | I've made it work in the past, but since 2.5 I haven't been able to get one to boot. | 17:09 |
ogra_ | what are the symptoms then | 17:09 |
wililupy | When I use it as the kernel in u-d-f it won't boot. It starts grub, I see writable, it tries to boot and I get error: not a regular file | 17:11 |
wililupy | error: disk 'loop' not found | 17:12 |
=== rcj` is now known as rcj | ||
ogra_ | ohm that grub thing | 17:12 |
wililupy | error: you need to load the kernel first and then back to the grub menu | 17:12 |
=== rcj is now known as Guest12905 | ||
ogra_ | i remember ... but have not much more help to offer ... apart from ... make sure your kernel has all bits builtin the ubuntu kernel also uses | 17:12 |
ogra_ | the ubuntu kernel has loop device support built in | 17:13 |
wililupy | If I install the .snap in a working instance, it installs, but never boots to that. | 17:13 |
wililupy | I verified that, it is a module. | 17:13 |
wililupy | I'm basically using the 4.4.0-21-generic config | 17:13 |
ogra_ | ogra@styx:~$ grep DEV_LOOP /boot/config-4.4.0-21-generic | 17:14 |
ogra_ | CONFIG_BLK_DEV_LOOP=y | 17:14 |
ogra_ | CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 | 17:14 |
ogra_ | CONFIG_AUFS_BDEV_LOOP=y | 17:14 |
ogra_ | not a module here | 17:14 |
ogra_ | so i'd start there :) | 17:15 |
wililupy | This is what I have. | 17:15 |
wililupy | CONFIG_BLK_DEV_LOOP=y | 17:15 |
wililupy | CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 | 17:15 |
wililupy | CONFIG_BLK_DEV_CRYPTOLOOP=m | 17:15 |
ogra_ | ok | 17:16 |
wililupy | CONFIG_AUFS_BDEV_LOOP=y | 17:16 |
ogra_ | and you have the squashfs module in your initrd modules ? | 17:16 |
wililupy | in my snapcraft.yaml yes. | 17:16 |
wililupy | I tried adding loopback, but snapcraft failed to build with that option so I removed it. | 17:17 |
ogra_ | (and you also build it i assume ) | 17:17 |
wililupy | Yep. Snapcraft builds successfully. | 17:17 |
wililupy | I also have this in my config file for squashfs: | 17:19 |
wililupy | CONFIG_SQUASHFS=m | 17:19 |
ogra_ | right, else snapcraft would fail | 17:19 |
wililupy | CONFIG_SQUASHFS_FILE_DIRECT=y | 17:19 |
ogra_ | (trying to add a nonexisting module to the initrd) | 17:19 |
wililupy | CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU=y | 17:19 |
wililupy | CONFIG_SQUASHFS_XATTR=y | 17:19 |
wililupy | CONFIG_SQUASHFS_ZLIB=y | 17:19 |
wililupy | CONFIG_SQUASHFS_LZ4=y | 17:19 |
wililupy | CONFIG_SQUASHFS_LZO=y | 17:19 |
wililupy | CONFIG_SQUASHFS_XZ=y | 17:19 |
jdstrand | zyga: wrt i386> I didn't mean to refer to that. I meant the fact that autoconnect doesn't seem to always work. I noticed it, sergiusens did, seb128 did, kgunn may have, etc. I don't have a reproducer. sergiusens thought it might have to do with uninstalling/installing the same version over and over again | 17:20 |
=== Guest12905 is now known as rcj | ||
zyga | hmmmmm | 17:20 |
zyga | interesting | 17:20 |
zyga | there is a mechanism that blacklists auto-connection | 17:20 |
zyga | I'll add logging there so that at least we can know it is responsible | 17:20 |
jdstrand | zyga: for example, I've had 3 different pings on things in the network policy that people were hitting, but they plugged network | 17:20 |
wililupy | I've used this config in the past with this same kernel and it worked. | 17:21 |
zyga | jdstrand: there's a bug (now fixed) in 2.0.2 that makes upgrades 100% broken | 17:21 |
zyga | jdstrand: until we SRU we'll see plenty of intertwined bugs | 17:21 |
jdstrand | perhaps its that | 17:21 |
ogra_ | wililupy, and you use the very latest u-d-f ? | 17:21 |
jdstrand | zyga: though I think kgunn needs some help which looked like a locking issue. he sent an email last night | 17:22 |
zyga | jdstrand: oh? I need to check | 17:22 |
jdstrand | zyga: note, I answered kgunn's final slots question in a hangout today | 17:23 |
wililupy | ogra_ yes. | 17:23 |
zyga | ok | 17:23 |
zyga | was the hangout recorded? | 17:23 |
ogra_ | and also the canonical-pc gadget from the "16" series in the store ? | 17:23 |
wililupy | I updated it yesterday just to be sure. | 17:24 |
wililupy | yes, my u-d-f is sudo ./ubuntu-device-flash core 16 --channel=edge --kernel=my-kernal.snap --gadget=canonical-pc --os=ubuntu-core -o my-snappy.img | 17:25 |
ogra_ | yeah, that should be all fine | 17:25 |
zyga | jdstrand: I see his email now, I'll work on that next | 17:25 |
wililupy | However, if I install the snap in the base snappy instance, it installs, I can go to /writable/snaps/my-kernel/ and everything is there, but the system never boots to it, it still says 4.4.0-18-generic instead of 4.4.6 when I do uname -r | 17:26 |
jdstrand | zyga: cool. fyi, I think I finally have some time to do some policy updates. I have around 10. it would be easiest for my to group at least some of them in the same PR, but is there a commit policy where I need them all separate? | 17:27 |
zyga | jdstrand: that's up to you, a branch with 10 commits with descriptions is perfect for mew | 17:27 |
zyga | me* | 17:27 |
jdstrand | that'll work | 17:27 |
jdstrand | thanks! | 17:27 |
zyga | jdstrand: but if you think it would be easier to review separate branches I'm fine with that as well | 17:27 |
wililupy | And i do that with just scping the .snap to the system, and running sudo snap install my-kernel.snap and it shows up with snap list | 17:28 |
ogra_ | wililupy, well, you should see why it doesnt boot on the console ... does it actually attempt to boot and just fall back to the other kernel ... does it not attempt the new one at all etc | 17:28 |
wililupy | It doesn't even attempt the new one. | 17:28 |
wililupy | No rollback error or anything. | 17:28 |
ogra_ | right, not sure sideloading lkernel snaps still works with 2.x | 17:28 |
ogra_ | but it should definitely work with u-d-f | 17:29 |
ogra_ | i fear you need mvo ... i'm not really good with the grub mishmash we have on the images (it is quite a mess) | 17:29 |
wililupy | Thats fine ogra_, when does mvo come on? | 17:30 |
ogra_ | i think he ended his day (i'm not on the internal channel atm, see if you find him there perhaps) | 17:30 |
wililupy | He's not on the internal channel atm. | 17:31 |
ogra_ | yeah, thought so | 17:31 |
wililupy | I'll send him a quick email and see if he has any pointers. I'm getting close to my deadline with this device and I want to be able to give them something besides a procedure that doesn't work. | 17:32 |
ogra_ | i think wed. is his hockey day | 17:32 |
zyga | kgunn: hey | 18:04 |
zyga | kgunn: I'm looking at your branch | 18:04 |
almejo_ | Hi.. someone has time for a question about packaging a snap app? | 18:06 |
MichaelTunnell | almejo_: wont know until you ask your question? | 18:07 |
* zyga was about to reply with the don't ask if you can ask, just ask | 18:08 | |
MichaelTunnell | :) | 18:08 |
zyga | kgunn: just FYI, you probably saw this already but just in case: http://www.zygoon.pl/2016/04/anatomy-of-snappy-interface.html | 18:08 |
kgunn | zyga: nope, so i'll read that in a moment | 18:15 |
zyga | nothing revolutionary there :) | 18:15 |
ChrisTownsend | Hi! I guess I need to get the security team's input on https://bugs.launchpad.net/snapcraft/+bug/1575188 ? | 18:26 |
ubottu | Launchpad bug 1575188 in Snapcraft "Fix for bug #1572664 had broken my snap package build" [Undecided,Incomplete] | 18:26 |
almejo_ | haha.. thanks. I am trying to package a qml app. It is written in python for the phone. I am traying to figure out the dependencies and I can not find an example of how to do it.. i found something about a qml plugin but it is not listed in snapcraft list-plugins | 18:27 |
ChrisTownsend | Comment #5 hopefully explains my use case. | 18:27 |
almejo_ | My last output from starting my app is "qmlscene: could not find a Qt installation of ''" | 18:38 |
almejo_ | in stage-packages i have: qmlscene, libxcb1, libqtcore5a, libqtgui5, libqtgui5-gles, libpulse0 | 18:39 |
jdstrand | beuno: hey, can you have someone pull r638 of the review tools for opengl bug #1572140 | 18:40 |
ubottu | bug 1572140 in Canonical Click Reviewers tools "click-reviewers-tools don't know opengl interface" [Medium,Fix committed] https://launchpad.net/bugs/1572140 | 18:40 |
sergiusens | jdstrand this is for you https://bugs.launchpad.net/snapcraft/+bug/1575188 | 18:44 |
ubottu | Launchpad bug 1575188 in Snapcraft "Fix for bug #1572664 had broken my snap package build" [Undecided,Incomplete] | 18:44 |
sergiusens | jdstrand even thought it will eventually build, not sure it would be a good idea as the next step would be to block it | 18:44 |
sergiusens | jdstrand as in for you, waiting for your input | 18:44 |
sergiusens | almejo_ look at dpm's clock app work | 18:45 |
beuno | jdstrand, sure. cc/ roadmr ^ | 18:45 |
jdstrand | sergiusens: yes, I added it to my list of things to look at this week | 18:45 |
roadmr | beuno, jdstrand : no problem, I'm on it | 18:45 |
jdstrand | roadmr: thanks! | 18:46 |
jdstrand | roadmr: fyi, that has no code changes, just a change to a data file for the store to consume (not sure how far back the store is at this point, so maybe it is a super fast pull-- up to you) | 18:46 |
almejo_ | sergiusens ¿dpm clock? the one in snap find? The phone clock? | 18:46 |
roadmr | jdstrand: we're at 636, have been since Monday | 18:47 |
jdstrand | oh yes | 18:47 |
almejo_ | I would love to see the snapcraft.yaml of the app | 18:47 |
jdstrand | then this is fast | 18:47 |
roadmr | jdstrand: yes :) it's just a matter of negotiating the test -> land -> CI -> staging -> production pipeline | 18:47 |
jdstrand | roadmr: not sure what your processes are, but extremely low risk | 18:47 |
jdstrand | ack | 18:48 |
jdstrand | I'll leave it in your capable hands :) | 18:48 |
roadmr | jdstrand: so I point a config file to the desired revno, commit, wait ~40 minutes for it to be on staging, test manually, if all is OK request a prod deployment | 18:48 |
jdstrand | nice | 18:48 |
roadmr | jdstrand: (btw, my manual test is just uploading a package and checking the c-r-t version reported is the expected one. If ever you want more detailed testing, let me know, I can check for more specifics if needed) | 18:49 |
jdstrand | roadmr: ack, good to know | 18:49 |
sergiusens | almejo_ yeah, clock or calculator, I forget | 18:50 |
almejo_ | I know the apps and I can browse de app.. but I can not find the snapcraft.yaml. It seems that it is not part of the project... | 18:51 |
ogra_ | http://bazaar.launchpad.net/~snappers/snappy-desktop-examples/trunk/files/head:/ubuntu-clock-app/ | 18:53 |
sergiusens | almejo_ this might be an abandoned branch, but here you go bzr+ssh://bazaar.launchpad.net/~dpm/ubuntu-clock-app/snap-all-things/ | 18:53 |
almejo_ | thanks!!! exactly what i was looking for! | 18:53 |
almejo_ | thanks for your time :D | 18:54 |
sergiusens | almejo_ the `environment` part can probably replaced by an `after` like in https://github.com/dplanella/snappy-playpen/blob/master/notes/snapcraft.yaml | 18:54 |
almejo_ | thanks again | 18:55 |
sergiusens | np | 18:57 |
zyga | roadmr: hey | 19:01 |
zyga | roadmr: I'll be in canada next week | 19:01 |
roadmr | hello zyga ! | 19:01 |
zyga | next +1 | 19:01 |
roadmr | zyga: awesome! it's across the country from me | 19:02 |
zyga | roadmr: yeah, I tried to have a 24 layover in montreal but no luck | 19:02 |
roadmr | zyga: :( well bummer, but I've heard good things about where you're going :) | 19:03 |
roadmr | zyga: (I've never been there - maybe some day) | 19:03 |
roadmr | zyga just vanished haha | 19:03 |
* zyga always suspends with some darn shortcut when switching keyboards | 19:04 | |
zyga | roadmr: are you sprinting anytime soon? I heard that some people from your team are going too | 19:04 |
roadmr | zyga: yes! not me though, sorry :( recently-arrived baby means I have to stay here and help | 19:05 |
zyga | ah, the fantastic and terrible things that await you :) | 19:05 |
zyga | I'm trying to convince my son to finish his english homework :-/ | 19:05 |
roadmr | zyga: yes, he's 3 months old and it's felt like 5 minutes... (underwater haha) | 19:05 |
zyga | he loves spanish, doesn't digest english | 19:06 |
zyga | it gets easier after three years | 19:06 |
roadmr | zyga: YEARS!?! NOOOO /o\ | 19:06 |
zyga | ...after they move out ;-) | 19:06 |
zyga | oops, weren't supposed to tell you so quickly ;) | 19:06 |
roadmr | zyga: http://theoatmeal.com/pl/minor_differences4/kids | 19:07 |
zyga | ohhh yes | 19:07 |
zyga | I know that by the URL :D | 19:07 |
roadmr | :) | 19:07 |
zyga | reality is much worse | 19:07 |
zyga | much more subtle :) | 19:07 |
roadmr | yeah heh | 19:09 |
roadmr | zyga: I didn't tell you - *I* was doing it wrong, that's why I couldn't build the image, remember I had that weird "0 partitions found" error? | 19:09 |
zyga | roadmr: yeah, what was the problem? | 19:10 |
roadmr | zyga: it's because I was trying it inside an lxc. Once I did it natively, it worked. | 19:10 |
zyga | ah, yes, I head that people bumped into this before | 19:10 |
zyga | layers of layers of software | 19:10 |
roadmr | zyga: I've also been unable to snap install inside an lxc, even with a privileged, nesting container. I wonder if we'll ever want snap to work inside containers, I imagine so :) | 19:10 |
zyga | I wonder if it is because of older kernel or because of something that lxc does itself | 19:10 |
roadmr | zyga: it's a xenial system so I don't think it's an old kernel :D | 19:11 |
zyga | roadmr: I know this too, this will need lots of work on the kernel and snappy side first | 19:11 |
zyga | roadmr: apparmor namespaces are required first (those are under way as the security savvy people tell me) | 19:11 |
roadmr | yay :) | 19:11 |
zyga | roadmr: right now kvm works very well but lxc won't for 16.04 | 19:12 |
roadmr | zyga: yes, I'm running stuff under virtualbox and/or kvm for snap work | 19:12 |
zyga | roadmr: running natively on xenial is also an option, it's usually not a disastrer if it breaks | 19:13 |
roadmr | usually? /o\ haha :) | 19:13 |
zyga | no bank account interface yet ;) | 19:13 |
roadmr | 'show-me-the-money' as a plug? | 19:13 |
zyga | no, that's flashlight app 2.0 | 19:14 |
zyga | "flashlight needs access to your bank account, allow or deny?" | 19:14 |
roadmr | haha :) | 19:15 |
zyga | next to the "deny" button there is a nice animated icon saying "don't miss out on mr flashy" | 19:16 |
zyga | nah, that was android | 19:16 |
zyga | we're better :) | 19:16 |
sergiusens | zyga roadmr lxc and u-d-f might just probably fail due to kpartx and needing access to kernely things to map that | 19:22 |
jdstrand | zyga and roadmr: fyi, a lot of work happened with what is called apparmor stacking to support just that. it didn't all land by 16.04 release, but we hope to have enough of it completed by 16.04.1 so that you can run one level deep. Ie, running a full system (ie Ubuntu Core) in lxd so you can install snaps. however, running lxd inside of lxd or snappy in lxd on ubuntu core will not be supported since those required 2 levels deep | 19:32 |
jdstrand | tyhicks: please correct me ^ | 19:32 |
roadmr | jdstrand: cool!! | 19:32 |
jdstrand | zyga and roadmr: when implemented nesting > 1 may be possible to backport to 16.04, at least with a backport kernel | 19:32 |
roadmr | jdstrand: yes, I imagine if we're to push snaps as a format going forward, it makes sense to ensure they work inside lxd, which we're also pushing :) | 19:32 |
jdstrand | yes | 19:33 |
roadmr | jdstrand: not sure "all the way down" will be so useful, but at least one level deep should be | 19:33 |
jdstrand | people will then want to run snappy in lxd on snappy, but that is a bit farther out. it requires upstream kernel changes and a few other things | 19:33 |
roadmr | jdstrand: thanks for the info! at least I know this is known and I'm not crazy :) | 19:33 |
jdstrand | it is very much known and you are not crazy | 19:34 |
jdstrand | at least not because of this ;) | 19:34 |
tyhicks | jdstrand: I think "snappy in lxd on ubuntu core" should only require 1 level deep container | 19:35 |
jdstrand | tyhicks: well... remember, lxd will be running under a label that is not unconfined | 19:36 |
jdstrand | tyhicks: I'm not sure how that plays into it, but snappy in lxd on snappy would certainly be nice to have in 16.04 | 19:37 |
jdstrand | tyhicks: I guess it would be one level though cause lxd is still in the global namespace | 19:37 |
tyhicks | right | 19:37 |
jdstrand | ok, even better :) | 19:38 |
tyhicks | only one thing is stacking and that's lxd | 19:38 |
jdstrand | roadmr: ^ | 19:38 |
jdstrand | tyhicks: thanks :) | 19:38 |
wililupy | ogra_ This is interresting, looking at my grubenv on sda2, I don't have a reference to snappy_kernel. I have one for snappy_os. | 19:38 |
tyhicks | jdstrand: np - it is very confusing to think of the profile transitions and stacks involved there.. | 19:38 |
ogra_ | wililupy, looks like u-d-f doesnt pick up your kernel snap properly then :/ | 19:38 |
ogra_ | it should put that variable in place at image creation time | 19:39 |
wililupy | ogra_ I'm going to manually add it and see what that does... | 19:39 |
ogra_ | (probably u-d-f has an issue with your version string ? ... ) | 19:40 |
jdstrand | tyhicks: indeed. I need to focus on the policy namespaces involved and then I should be able to remember | 19:40 |
ogra_ | (wild guessing here) | 19:40 |
wililupy | or possiably the name? | 19:40 |
ogra_ | did you use any unusual chards in the name ? | 19:40 |
ogra_ | **chars | 19:40 |
ogra_ | (writing it in arabic or chinese ? ) | 19:41 |
ogra_ | :P | 19:41 |
wililupy | no | 19:41 |
ogra_ | yeah, i thought so | 19:41 |
wililupy | well, it finds my kernel and tries to boot now, but it hangs after running /scripts/local-premount ... grep: /proc/device-tree/model: no such file or direcotry | 19:45 |
pedronis | ogra_: u-d-f doesn't care much about the names, it cares very much about being able to open the snaps and the type in them | 19:47 |
wililupy | findfs: unabled to resolve 'LABEL=writable' | 19:47 |
ogra_ | pedronis, well, it calls snap install ... and that has issues with certain version strings ... (like ... yu cant use colons for example) | 19:47 |
pedronis | ogra_: is this 15.04? | 19:48 |
ogra_ | wililupy, ignore the device-tree thing ... | 19:48 |
ogra_ | pedronis, nope | 19:48 |
pedronis | we don't care about versions anymore much in 2.0 | 19:48 |
ogra_ | wililupy, ext4 compiled in ? | 19:48 |
wililupy | Yeah, it just looked like it hung, it just popped up the latest error for findfs | 19:48 |
ogra_ | pedronis, ah, cool | 19:48 |
pedronis | because the logic is about revisions now | 19:48 |
pedronis | and from sideloaded stuff in u-d-f you just get revision== | 19:49 |
pedronis | 0 | 19:49 |
ogra_ | yeag | 19:49 |
wililupy | ogra_ yes | 19:49 |
pedronis | (bit of a corner case that will be different with ubuntu-image) | 19:49 |
ogra_ | wililupy, you should have an initrd shell now | 19:49 |
wililupy | CONFIG_EXT4_FS=y | 19:49 |
wililupy | CONFIG_EXT4_USE_FOR_EXT2=y | 19:49 |
wililupy | CONFIG_EXT4_FS_POSIX_ACL=y | 19:49 |
wililupy | CONFIG_EXT4_FS_SECURITY=y | 19:49 |
wililupy | CONFIG_EXT4_ENCRYPTION=m | 19:49 |
wililupy | CONFIG_EXT4_FS_ENCRYPTION=y | 19:49 |
ogra_ | so you can inspect further | 19:49 |
wililupy | now I'm bumped to busybox... | 19:50 |
ogra_ | yeah | 19:50 |
ogra_ | check /proc/modules and see if squashfs is loaded | 19:50 |
pedronis | ogra_: anyway getting one boot var set and not the other afaict is a bit of a corner case, staring at code you will need something like the kernel not having the right type set in snap.yaml | 19:50 |
pedronis | or something like that | 19:50 |
pedronis | looking it doesn't like u-d-f checks that the things have passed have the right types | 19:51 |
pedronis | it will just skip setting the boot var though | 19:51 |
pedronis | for maximum confusion | 19:51 |
wililupy | cat /proc/modules: | 19:51 |
ogra_ | pedronis, well, wililupy uses snapcraft to roll the kernel snap ... i'D expect the snap.yaml to be fine | 19:51 |
wililupy | squashfs 49152 0 - Live 0xffffffffc0000000 | 19:52 |
ogra_ | looks good | 19:52 |
pedronis | the other chance is that u-d-f does the right thing but firstboot unsets it | 19:53 |
ogra_ | nah | 19:53 |
ogra_ | the issue shows on freshly built imgs as i understand it | 19:54 |
pedronis | it has logic to swap things around for crash fallbacks | 19:54 |
wililupy | pedronis, that is interresting, becuase after first boot, I get my error message, then it says that it is going to trial reboot and then it gives me the same error message. | 19:54 |
ogra_ | before firstboot ran | 19:54 |
pedronis | ah | 19:54 |
ogra_ | wililupy, huh ? | 19:54 |
pedronis | but IÂ don't know what it does if there's no fallback | 19:54 |
ogra_ | wililupy, are we talking about the same thing then ? | 19:54 |
ogra_ | wililupy, i thought you use your kernel snap with u-d-f | 19:54 |
wililupy | ogra_ yes. After first boot after building with u-d-f I get my three error: messages, it then says it is going to trial reboot, and i get the three error: messages and then it takes me to the grub menu. After that, I just get the same three error messages, and that only happens after I do a fresh image using u-d-f | 19:55 |
ogra_ | (dont tinker with instaled systems and trying to sideload your kernel ... that might hit other issues which we wont really resolve) | 19:55 |
wililupy | ogra_ np. I'm just working with my u-d-f image now. | 19:56 |
kgunn | zyga: hey, so i get the point of having plugs and slots in the same interface for a server/client...but just for development, i can just populate the slot side to get the server going right? (and just leave the plug stuff empty for the moment) | 19:56 |
pedronis | that's actually boot-ok to be precise, anyway this may be the bootloader part of that logic | 19:56 |
pedronis | which I don't know about | 19:57 |
ogra_ | that part is pretty trivial actually | 19:57 |
ogra_ | (lives in https://code.launchpad.net/~snappy-dev/snappy-hub/snappy-systems in the grub.cfg or uboot.env.in files) | 19:57 |
wililupy | I added snappy_kernel=im-kernel_0.snap in the (hd,1)/EFI/grub/grubenv | 19:58 |
wililupy | which now I get my kernel to load up, but now I get initramfs errors and dumped into busybox. | 19:59 |
wililupy | I got this problem before due to now having squashfs in my initrd module in my snapcraft.yaml, but that is fixed now. | 19:59 |
ogra_ | yeah, but it obviously cant find the label for the writable partition | 20:00 |
ogra_ | which is a bit strange | 20:00 |
wililupy | The last error I got before this was findfs: unabled to resolve 'LABEL=writable' | 20:00 |
pedronis | ogra_: anyway IÂ checked nothing except install (which would be u--d-f) sets those vars in snappy itself | 20:00 |
ChrisTownsend | I have the home interface included in the plugs in my yaml and once I have the connection made. However, the binary wrapper script that is used has $HOME re-exported to a different location. How am I supposed to access things in ~/ ? | 20:00 |
ogra_ | wililupy, right ... | 20:01 |
ogra_ | it is like the label is missing or some such | 20:02 |
ogra_ | (which i dont belive) | 20:02 |
pedronis | ChrisTownsend: there's been a bit of discussion around that, atm home means that if you get a path to something there you can access it, doesn't quite mean you get a handle to it, unless you go from user id to its value | 20:03 |
ogra_ | wait-for-root "LABEL=$label" "${ROOTDELAY:-180}" | 20:03 |
ogra_ | thats the code we call ... | 20:04 |
ChrisTownsend | pedronis: Ah, ok, well, I guess there is no way to map in the common XDG directories to the app in the snap. | 20:05 |
pedronis | ChrisTownsend: maybe there's already a bug that zyga knows about, otherwise we probably need one, there's a bunch of requirements a bit colliding with each other at moment in that area | 20:06 |
ChrisTownsend | pedronis: As the thing I'm working on would like to use ~/Documents, ~/Music, etc. | 20:06 |
ChrisTownsend | pedronis: Ok, thanks. | 20:06 |
ogra_ | hmm | 20:07 |
zyga | kgunn: yes, just have the other unused methods return nil, nil | 20:09 |
kgunn | cool | 20:10 |
kgunn | swamped today with manager stuff...but will get on this more tomorrow | 20:10 |
wililupy | Is there a reason system-boot is fat32? Is it due to it being the EFI partition? | 20:20 |
ogra_ | yes | 20:20 |
ogra_ | it also guarantees to work with all bootloaders across the board | 20:21 |
wililupy | ogra_ gotcha. I'm looking at the partition layout right now. I have three partitions on /dev/sda sda1 is labeled grub unknown fs | 20:21 |
wililupy | sda1 is labeled system-boot fat32 | 20:21 |
ogra_ | and writable | 20:21 |
ogra_ | thats about right | 20:22 |
wililupy | and sda3 is writable | 20:22 |
wililupy | ext4 | 20:22 |
ogra_ | right | 20:22 |
wililupy | labels are right | 20:23 |
ogra_ | well, but findfs doesnt find it | 20:23 |
wililupy | Thats funny, from my ubuntu rescue session on my device, findfs LABEL=writable, it finds /dev/sda3 | 20:25 |
almejo_ | Guys... another question if someone can help me. I need to run 'pip3 install hangups' in my snap. Is it possible in snapcraft right now? | 20:25 |
ogra_ | wililupy, tyr the same in the initrd shell on teh image ... perhaps yu get more interesting errors | 20:26 |
wililupy | ogra_ I'm booting it up right now, waiting for it to timeout... | 20:27 |
ogra_ | the fun thing is ... | 20:27 |
ogra_ | in the code we first call | 20:27 |
ogra_ | wait-for-root "LABEL=$label" "${ROOTDELAY:-180}" | 20:28 |
ogra_ | and then | 20:28 |
ogra_ | findfs LABEL=$label | 20:28 |
ogra_ | the first one doesnt seem to fail | 20:28 |
ogra_ | (since that would spit out a different error) | 20:28 |
sergiusens | elopio for some reason I cannot see http://162.213.35.179:8080/job/github-snapcraft-autopkgtest-cloud/600/ | 20:29 |
sergiusens | mind giving me some crumbs to look at? | 20:29 |
geneios | alemjo, I think you can use the "python-packages:" keyword with "hangups" as the value | 20:30 |
almejo_ | thanks!!! :D | 20:30 |
geneios | I was able to use it to pip install some dependencies in my snap, but I am still struggling if python-dev is required | 20:31 |
almejo_ | and last question about the life cicle of snaps. If i build a snap, and then I add a new dependency, the only way to build the package again is to do a snap clean? | 20:31 |
almejo_ | I am a little tired of cleaning every time and wait for all the packages to download | 20:32 |
LinuxGuy2020 | Hello I was trying to follow the snapcraft tutorial online and got the snap to build but I'm wondering how to skip the publication step and just install it for personal use only or just to test it out before publishing. Is there a way? | 20:32 |
almejo_ | LinuxGuy2020, snap install app.snap | 20:32 |
niemeyer_ | jdstrand: About the networkmanager interface, where do we stand? | 20:32 |
niemeyer_ | jdstrand: I was a bit surprised by the comment that this should be black listed on 16.04.. why isn't it a slot on the os snap? | 20:33 |
ogra_ | niemeyer_, what do you do if someone installs the NM snap on a desktop ? | 20:34 |
jdstrand | niemeyer_: the actual mp I think is blocked on you deciding the name and zyga refactoring the bluez code for the slot side dbus apparmor label. I do plan to also look at the latest comments regarding bus policy | 20:34 |
ogra_ | (where you already have NM running) | 20:34 |
wililupy | same error, unable to resolve 'LABEL=writable' | 20:34 |
niemeyer_ | ogra_: See above.. the point isn't to install the snap on the desktop, but to make the interface available in the os snap | 20:34 |
jdstrand | niemeyer_: then there is that question-- how to handle nm on classic vs nm on core+snap | 20:35 |
ogra_ | niemeyer_, ah, sorry, i thought it was the same "blacklisting" we talked about above | 20:35 |
ogra_ | now jamie brought it into the discussion :) | 20:35 |
* jamiebennett hides | 20:35 | |
jamiebennett | What did I do? | 20:35 |
jdstrand | jamiebennett: me :) | 20:35 |
ogra_ | jamiebennett, the other one ;) | 20:36 |
* jamiebennett dodges another | 20:36 | |
jdstrand | niemeyer_: so, if we do as you suggest, then snapd needs to be adjusted to create different snippets if it is running on classic vs pure core | 20:36 |
LinuxGuy2020 | almejo_: Thats what I tried the other day but it attempted to download something first and failed.Maybe I didnt build the snap correctly or something. I'm just trying to make snaps for packages that are already available as debs. That way I can use store them on local drives more easily than a boat load of debs. Is there a better tutorial explaining just converting pre-existing debs to snaps? | 20:37 |
wililupy | Here's a new error: | 20:37 |
niemeyer_ | jdstrand: Yeah, that seems appropriate | 20:37 |
jdstrand | niemeyer_: cause at a minimum the labels will be wrong | 20:37 |
LinuxGuy2020 | Or should I just keep trying the way I was before. | 20:37 |
niemeyer_ | jdstrand: Well | 20:37 |
LinuxGuy2020 | I was following this https://developer.ubuntu.com/en/snappy/build-apps/your-first-snap/ | 20:37 |
niemeyer_ | jdstrand: This is the same story we discussed for the bluez snap | 20:37 |
wililupy | findfs [ 383.689847] random: nonblocking pool is initialized | 20:37 |
jdstrand | niemeyer_: but I know for a fact we will have different actual policy for pulseaudio on classic vs core | 20:37 |
niemeyer_ | jdstrand: It's bogus to cook a snippet hardcoding the name of the snap | 20:37 |
LinuxGuy2020 | It seems very vague though. | 20:37 |
jdstrand | niemeyer_: no, you misunderstand | 20:37 |
niemeyer_ | jdstrand: Ah..? | 20:38 |
ogra_ | wililupy, thats just mess-up of the console messages ... | 20:38 |
jdstrand | niemeyer_: I'm assuming that patch will be committed | 20:38 |
ogra_ | wililupy, not an error | 20:38 |
wililupy | ogra_ ack | 20:38 |
niemeyer_ | jdstrand: Sorry, I don't understand the idea about the labels being wrong then? | 20:38 |
jdstrand | niemeyer_: what I'm saying is that the label of the slot side on sdoc would be 'unconfined' but on pure core it will be the slot side snap (ie, snap.nm...) | 20:39 |
jdstrand | niemeyer_: but beyond that, we will likely want different rulesets on sdoc vs pure core | 20:39 |
almejo_ | LinuxGuy2020: That tutorial is about dowloading a .deb form the archives and packaging it with other tools. is that what you want? I know other tutorial in www.zygoon.pl/2016/04/snappy-snapcraft-and-interfaces.html | 20:40 |
jdstrand | niemeyer_: for example, on core, there is no policykit, on sdoc there is. this affects the policy. there will be cases where the rules aren't strictly additive so we need to consider that when deciding on this | 20:40 |
niemeyer_ | jdstrand: Well, I think on sdoc we don't even need a snippet at all, do we? | 20:40 |
niemeyer_ | jdstrand: On the slot side, that is | 20:41 |
jdstrand | niemeyer_: if there is no snippet there is no access | 20:41 |
jdstrand | there is a slot side and a plug side | 20:41 |
niemeyer_ | jdstrand: nm is running already, unconfined | 20:41 |
wililupy | ogra_ I'm not seeing any sd* in /dev... | 20:41 |
LinuxGuy2020 | almejo_: I just need a tutorial to make a snap out of lets say the ardour3.deb thats in the repos already. But of course the snap would have all the dependencies included. Thats all Im looking for. | 20:41 |
jdstrand | the plug side needs the label of the slot side | 20:41 |
ogra_ | wililupy, aha | 20:42 |
ogra_ | wililupy, so still some kernnel config bit missing i guess | 20:42 |
niemeyer_ | jdstrand: So how would that work? | 20:42 |
niemeyer_ | jdstrand: nm is already running.. | 20:42 |
ogra_ | wililupy, do you have devtmpfs enabled ? | 20:42 |
jdstrand | niemeyer_: I'm not talking about nm being confined. I'm talking about the plug side snippet a) needed label=unconfined on sdoc vs label=snap.whatever on pure core and b) different apparmor rules on sdoc vs on pure core | 20:42 |
LinuxGuy2020 | almejo_: What would be the best tutorial for me to follow for that? | 20:43 |
wililupy | CONFIG_DEVTMPFS=y | 20:43 |
wililupy | CONFIG_DEVTMPFS_MOUNT=y | 20:43 |
ogra_ | wililupy, oooooh ! i know what it is !!!! | 20:43 |
jdstrand | niemeyer_: sdoc and ubuntu core are radically different and the security policy is going to have to deal with that sort of thing | 20:43 |
wililupy | ogra_ please tell please tell please tell..... | 20:43 |
almejo_ | LinuxGuy2020 I followed the second one and it builds ok. Also, that one teaches you about plugs and slots, something absolutly necesary | 20:44 |
niemeyer_ | jdstrand: Yeah, absolutely | 20:44 |
ogra_ | wililupy, add ahci to your initrd modules (or compile it in) | 20:44 |
jdstrand | on sdoc nm is unconfined and has one label, on pure core it is confined and has snap...., on sdoc it is compiled with polkit, on pure core not, etc, etc | 20:44 |
almejo_ | LinuxGuy2020, the firstone is also good. Read both :D | 20:44 |
niemeyer_ | jdstrand: So is "unconfined" a magic label to tell the process has no labels? | 20:44 |
ogra_ | wililupy, and perhaps also libahci | 20:44 |
wililupy | ogra_ I have this in my config: | 20:45 |
wililupy | CONFIG_SATA_AHCI=m | 20:45 |
wililupy | CONFIG_SATA_AHCI_PLATFORM=m | 20:45 |
wililupy | CONFIG_SATA_INIC162X=m | 20:45 |
wililupy | CONFIG_SATA_ACARD_AHCI=m | 20:45 |
wililupy | CONFIG_SATA_SIL24=m | 20:45 |
jdstrand | niemeyer_: if a process is launched without using aa_change_profile/aa_change_on_exec and there is no binary attach policy for it in /etc/apparmor.d, then it automatically defaults to have the unconfined label (and policy) | 20:45 |
wililupy | CONFIG_ATA_SFF=y | 20:45 |
ogra_ | wililupy, right, it is a module ... and you need it in the initrd | 20:45 |
LinuxGuy2020 | almejo_: ok thanks. Should the system need to download any files before it actually installs the snap? Cause the ones I built were trying to download something like 64.64MB or something like that. No idea what it was. | 20:45 |
niemeyer_ | jdstrand: Gotcha | 20:45 |
ogra_ | wililupy, or compile it in | 20:45 |
jdstrand | eg, most process on desktop are 'unconfined' (see ps auxZ) | 20:45 |
jdstrand | most on snappy are confined (well, depending how many snaps you have installed :) | 20:46 |
almejo_ | LinuxGuy2020, When you build a snap, it downloads all the dependecies specified in snapcraft.yaml. Then it build the snap using ALL the dependencies creating a really big .snap file | 20:46 |
wililupy | I gotcha I see,so add ahci to the kernel_initrd_modules in snapcraft.yaml? | 20:46 |
niemeyer_ | Nice | 20:46 |
almejo_ | LinuxGuy2020, then, you have to install that snap. It will not dowload other files | 20:46 |
ogra_ | wililupy, right ... | 20:46 |
niemeyer_ | THe output, not the fact they're unconfined :) | 20:46 |
jdstrand | niemeyer_: so, we can do it your way, but if we do, then snapd needs to make decisions about the system at runtime. in some ways that is nice, but in others it is pretty magical and adding complexity | 20:47 |
LinuxGuy2020 | almejo_: Right. Then I got the *.snap file and tried the sudo snap install *.snap whatever the name was. Ill just try again and see exactly what happens at that point. | 20:47 |
niemeyer_ | jdstrand: Well, I don't see it as magical, or even as adding relevant complexity | 20:47 |
almejo_ | LinuxGuy2020, yes. The snap will be installed in /snap/ | 20:47 |
niemeyer_ | jdstrand: The whole point of the interface system is to enable snaps to interoperate in the different enviornments | 20:48 |
pedronis | niemeyer_: it seems we need some internal blessed way to know if we are on sdoc vs other scenarios (we need to cleanup firstboot and friends also) | 20:48 |
almejo_ | LinuxGuy2020, you can go to /snap/bin and see the executable files | 20:48 |
jdstrand | niemeyer_: an alternate approach would be what I was saying before-- implement nm, bluez, et al as pure core interfaces, then filter them out on sdoc systems. then adjust unity7(*) accordingly for common policy (since it is transition policy) | 20:48 |
niemeyer_ | jdstrand: having a network-manager interface that works only on devices would be super awkward | 20:48 |
jdstrand | niemeyer_: I didn't think interfaces really solved anything with pure core vs sdoc. I thought it solved snaps slotting interfaces and connecting in arbitrary ways | 20:49 |
pedronis | niemeyer_: we need *it* to cleanup firstboot | 20:49 |
wililupy | ogra_ I'll give it a shot and see what happens. | 20:49 |
niemeyer_ | pedronis: Hmm.. tell me more? | 20:49 |
niemeyer_ | jdstrand: Isn't that what we're talking about? | 20:49 |
pedronis | niemeyer_: we need to know to skip firstboot code etc when setting up from empty state | 20:49 |
jdstrand | niemeyer_: I think it is a bit awkward that nm is considered part of the os snap on sdoc but it needs a snap on pure core | 20:50 |
niemeyer_ | jdstrand: We have a network manager process in the system, and a network-manager interface.. why would it work on one device and not the other | 20:50 |
niemeyer_ | ? | 20:50 |
pedronis | seems we need it now also to drive interface behavior | 20:50 |
jdstrand | niemeyer_: sorta, but an area we never really explored | 20:50 |
niemeyer_ | jdstrand: That sounds like a misunderstanding about interfaces | 20:50 |
LinuxGuy2020 | almejo_: Ok im starting with a clean install on my laptop instead of using the live environment. Ill try again and come back if I have issues. Thanks. | 20:50 |
pedronis | the all point is that you don't need to know what providing the slot | 20:51 |
jdstrand | niemeyer_: there is also the issue of not wanting to install the nm snap on an sdoc system. that is perhaps solved if snapd blocks installing multiple snaps that slot the network-manager type, and ths os snap is shown to slot that on sdoc | 20:51 |
almejo_ | LinuxGuy2020, great!!! But I am going home now.. I hope someone else can help you... or maybe tomorrow | 20:51 |
LinuxGuy2020 | almejo_: thats cool | 20:51 |
niemeyer_ | pedronis: Right, exactly | 20:51 |
niemeyer_ | jdstrand: That's a good idea | 20:52 |
jdstrand | niemeyer_: I see where you are coming from, but the network-manager interface on sdoc will be different because it is on sdoc (ie, the security policy will be different). I thought that the interface provides a contract between the client and the slot | 20:52 |
niemeyer_ | jdstrand: The security policy is the implementation | 20:52 |
jdstrand | niemeyer_: therefore a snap plugging nm may work on core but not on sdoc, or vice versa, because it is a different contract | 20:53 |
niemeyer_ | jdstrand: It's a bit like saying the bits on amd64 need to be different than on arm to provide the same CLI experience | 20:53 |
jdstrand | I don't think that is an apt analogy | 20:53 |
niemeyer_ | jdstrand: Surely they must be different.. what we're trying to preserve is the paltform behaivor, not how it is implemented | 20:53 |
pedronis | jdstrand: sounds more like it shouldn't be one interface then but needs more granularity, no? | 20:53 |
pedronis | if it's really diverging that much | 20:53 |
jdstrand | pedronis: that is another option, arguably also awkward | 20:53 |
jdstrand | really, all of the options have warts | 20:53 |
jdstrand | cause we are shoehorning classic into the new world | 20:54 |
jdstrand | or the new world onto classic | 20:54 |
niemeyer_ | What's the wart? I couldn't see it yet | 20:54 |
niemeyer_ | Having different security policy to implement the same behavior is expected and not actually a wart | 20:54 |
jdstrand | if we have one interface, but different policy on sdoc vs pure core, and a plugging app works on one and not the other because of the policy | 20:55 |
pedronis | niemeyer_: I think jdstrand is saying that behavior will be different | 20:55 |
pedronis | so my remark about granularity | 20:55 |
niemeyer_ | jdstrand: Why would a plugging app work differently? | 20:56 |
jdstrand | one could argue that the policy should encompass everything, but that may not be appropriate-- it might be too wide on pure core since things in classic aren't designed for snappy | 20:56 |
jdstrand | niemeyer_: the plugging app would try to work the same, but perhaps break in one | 20:56 |
niemeyer_ | pedronis: Yeah, I just didn't see the actual relevant difference as far as the snap perception is concerned | 20:56 |
jdstrand | I have a feeling in the nm case in particular, we could probably make it work. nm is always going to be reserved since it offers a lot of privilege | 20:57 |
jdstrand | but, for pulseaudio we will have the same issue | 20:57 |
jdstrand | and that one I know we want different policy | 20:57 |
jdstrand | because desktop pulseaudio access is different than say Touch access | 20:58 |
niemeyer_ | jdstrand: How is it different? | 20:58 |
jdstrand | Touch is much more limited (it uses the safe apis and apps may only use those), whereas on desktop apps, they will not | 20:58 |
jdstrand | because desktop apps weren't designed for that-- they expect to be able to use everything | 20:59 |
jdstrand | but Touch apps are designed for that | 20:59 |
jdstrand | so to be clear | 20:59 |
jdstrand | we *can* do this if we allow for different policies if snapd detects what can of system it is running on | 21:00 |
jdstrand | the question is then if we should or not | 21:00 |
niemeyer_ | jdstrand: That sounds like two different interfaces then | 21:00 |
jdstrand | and I'm not convinced it is a good idea | 21:00 |
wililupy | ogra_ It's interresting, in the grubenv file, there is no value for snappy_kernel | 21:00 |
jdstrand | niemeyer_: indeed. with pulseaudio in particular I was considering siply adding it to unity7. we could alternatively create unity7-audio (or similar) | 21:01 |
ogra_ | wililupy, right, that was the initial prob ... but it should now boot if you add the var | 21:01 |
niemeyer_ | jdstrand: We need to look into this in more detail, but if the protocol the applications use to communicate is actually different, then they're of course incompatible, which implies two interfaces rather than one | 21:01 |
ogra_ | i.e. the initrd bug should be gone | 21:01 |
niemeyer_ | jdstrand: We shoulld call it out for what it is | 21:02 |
jdstrand | niemeyer_: right. so with nm, one is a subset of the other. the desktop nm is a superset of the pure core nm | 21:02 |
niemeyer_ | jdstrand: If it is pulseaudio-simplified or similar, than that's what it is | 21:03 |
jdstrand | niemeyer_: I think bluez is also going to fall into that category. what gets interesting again is Personal may have a different subset | 21:03 |
niemeyer_ | jdstrand: We can also start exploring interface attributes | 21:04 |
jdstrand | niemeyer_: I don't disagree, but then that has warts too cause we have a bunch of different interfaces that people may not know what to use | 21:04 |
niemeyer_ | jdstrand: But I really need to understand more details before being able to recommend something sensible | 21:04 |
niemeyer_ | jdstrand: Well, we *will* have a bunch of different interfaces :) | 21:04 |
niemeyer_ | jdstrand: In fact, we do already | 21:04 |
niemeyer_ | jdstrand: Conveying what those are and when to use them is an important issue to address properly | 21:05 |
jdstrand | niemeyer_: really it boils down to the characteristics of the device. sdoc has one set of characterists, pure core another and personal possibly another. depending on the device, the policy may or may not be different | 21:05 |
niemeyer_ | jdstrand: Yeah, and that's all okay | 21:06 |
niemeyer_ | jdstrand: Different policy just means a different implementation to the same result | 21:06 |
niemeyer_ | jdstrand: Different protocol means something else | 21:06 |
jdstrand | niemeyer_: I think we should be striving for just enough interfaces and no more. we've seen other platforms make this mistake and developer's getting confused and asking for too much, etc. with user's connecting it then gets confusing, etc | 21:06 |
jdstrand | I should rephrase | 21:07 |
jdstrand | we haven't made a mistake | 21:07 |
niemeyer_ | jdstrand: Just enough interfaces to do what.. | 21:07 |
niemeyer_ | jdstrand: Of course we shouldn't be producing interfaces just because it's fun to do so :) | 21:07 |
jdstrand | we've seen other platforms offer too many similar choices... | 21:07 |
jdstrand | niemeyer_: hehe | 21:07 |
jdstrand | no | 21:07 |
jdstrand | but if we are in pulseaudio-simplified vs pulseaudio-complex, it makes me wonder | 21:08 |
jdstrand | because complex would (possibly) always work so no one would choose pulseaudio-simplified, but pulseaudio-simplified is actually 'the good one' | 21:09 |
jdstrand | it is an interesting problem | 21:09 |
wililupy | ogra_ I think I'm going to have to rebuild my whole snap. I tried just adding ahci to my snapcraft yaml, but cat /proc/modules doesn't show it. | 21:09 |
jdstrand | I may be coming around to your thinking (I was never really opposed to it), but perhaps there is something with attributes there that I haven't considered that would make it really good | 21:09 |
wililupy | I'll give it a run since it takes about 2 hours to complete and I'll update you tomorrow. | 21:10 |
wililupy | thanks for all your help ogra_ | 21:10 |
niemeyer_ | Yeah, let's understand better how pulseaudio is organized so we can have a more informed position | 21:10 |
ogra_ | wililupy, you will need to run whatever step megres the modules into the initrd | 21:10 |
niemeyer_ | jdstrand: Need to step out now, but let's follow on later/tomorrow | 21:10 |
ogra_ | wililupy, good luck then, i'm sure the initrd side is fixed | 21:10 |
jdstrand | niemeyer_: sure, np. I can fill you in on the pusleaudio differences tomorrow | 21:11 |
niemeyer_ | jdstrand: Thanks, and thanks for the chat | 21:11 |
jdstrand | niemeyer_: my pleasure :) | 21:12 |
jdstrand | niemeyer_: have a good evening :) | 21:12 |
elopio | sergiusens: I can see it. Failed to clone the git repo. | 21:14 |
elopio | I'd say retest. | 21:15 |
sergiusens | elopio thanks | 21:23 |
* sergiusens is so tired of resetting snapd | 21:32 | |
Laxman | where to find sources for raspberry pi 2 ubuntu snappy | 22:15 |
geneios | Where should snapcraft issues be filed? At https://launchpad.net/snapcraft? I didn't see an issues section on the github repo. | 22:24 |
Domi | Hello snapcraft snap fails because the python installation. Her is the output http://pastebin.com/GmZB6v4D can anyone help me? | 22:58 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!