/srv/irclogs.ubuntu.com/2016/05/06/#snappy.txt

=== chihchun is now known as chihchun_afk
=== chihchun_afk is now known as chihchun
zyga	o/	07:00
commander_	hi snappers	08:02
commander_	i need help	08:02
commander_	am trying to pack my qt app for snap store	08:03
commander_	anyone here ??	08:03
commander_	my app is precompiled with qmake can i snap it ??	08:09
commander_	who is on ??	08:09
commander_	i need help	08:09
didrocks	hey commander_! I don't think we have a qmake plugin, but kyrofa and sergiusens would be able to help you in a few hours (they are US-based)	08:11
didrocks	ah, snap	08:11
wsnipex	hi. I'm working on packaging kodi as snap package and have problems getting opengl to work	08:44
wsnipex	it trying to load the intel driver i965_dri.so, but claims the file doesn't exist, while it IS in the snap at the correct location	08:46
wsnipex	here is the console output with LIBGL_DEBUG=verbose: http://paste.ubuntu.com/16252748/	08:47
wsnipex	any pointers would be much appreciated	08:48
zyga	wsnipex: hey	09:39
zyga	wsnipex: looking at your output the thing that jumps at me is this:	09:40
zyga	libEGL warning: DRI2: failed to open i965 (search paths /usr/lib/x86_64-linux-gnu/dri:${ORIGIN}/dri:/usr/lib/dri)	09:40
zyga	libEGL warning: DRI2: failed to open swrast (search paths /usr/lib/x86_64-linux-gnu/dri:${ORIGIN}/dri:/usr/lib/dri)	09:40
wsnipex	yeah, the lib is there though	09:40
zyga	note that snaps do not chroot, so your search path has to understand $SNAP	09:40
zyga	also note (play with hello-world.sh) that snap apps don't see your normal /	09:40
zyga	as they get the ubuntu-core snap bind-mounted in various places	09:41
zyga	so you don't see your normal /usr	09:41
zyga	you see the very same ubuntu-core snap /usr	09:41
zyga	the same on desktop and "devices"	09:41
zyga	wsnipex: does this make sense? do you see what I mean?	09:41
wsnipex	thats what I thought. How can I modify the command wrapper that sets LD_LIBRARY_PATH? its always overwritten	09:41
zyga	wsnipex: you can just add one more wrapper	09:41
zyga	wsnipex: we also have SNAP_LIBRARY_PATH but we don't use it for intal AFAIR, it is used for nvidia	09:42
wsnipex	I'm completely new to snaps, so pleae bear with me	09:42
zyga	no worries, we all are :)	09:42
* zyga should publish the next article about snap runtime environment and confinement details		09:42
wsnipex	so, how/where do I add another wrapper?	09:43
zyga	wsnipex: add a new app, say 'sh' and run shell there	09:43
zyga	in that shell experiment with various LD_LIBRARY_PATH values	09:43
zyga	once you know what you want	09:43
wsnipex	albeit I can do it in our own wrapper script, I'd like to change as little in kodi as possible	09:43
zyga	add a new file in the build tree, make sure it gets copied with snapcraft.yaml (using the copy plugin)	09:43
zyga	and change the command of the app you were running originally to run the wrapper	09:44
wsnipex	ah, I see, thanks	09:44
zyga	wsnipex: but first experiment with just a shell, look at how the environment looks like there	09:45
wsnipex	so currently there is no way to directly influence the default wrapper	09:45
zyga	there are two "wrappers"	09:45
zyga	the one in /snap/bin/ made by snappy on install	09:45
zyga	you cannot influence that one	09:45
wsnipex	heh, yes. I mean command-kodi.wrapper	09:45
zyga	and one by snapcraft (command-foo.*)	09:45
zyga	you can freely change that one though that's something snapcraft makes	09:45
zyga	it's just part of snapcraft implementation detail	09:45
wsnipex	I tried that, but my changes were overwritten on snapcraft snap	09:46
zyga	yes, I know, the solution is to add your own wrapper :)	09:46
zyga	run it as the 3rd wrapper	09:46
zyga	sorry, we'll get it more streamlined over time	09:46
zyga	just didn't have the time for 16.04 :)	09:46
wsnipex	no worries	09:47
wsnipex	also the plugins could be more flexible, specially autotools and cmake ;)	09:47
zyga	those are extensible	09:48
zyga	you can have your own local plugins in your tree	09:48
zyga	and snapcraft picks them up	09:48
zyga	it's all python so it is pretty flexible	09:48
wsnipex	yeah, I saw that, just didn't have time to look further into it	09:49
wsnipex	zyga, http://paste.ubuntu.com/16254300/	09:56
zyga	libEGL warning: DRI2: failed to open i965 (search paths /usr/lib/x86_64-linux-gnu/dri:${ORIGIN}/dri:/usr/lib/dri)	09:57
zyga	same search path?	09:57
wsnipex	I've exported and printed LD_LIBRARY_PATH	09:57
wsnipex	first line, 1st entry	09:57
zyga	I saw that but look at the "search paths" part being indifferent	09:57
zyga	maybe something different	09:57
wsnipex	-rw-r--r-- 5 root root 6561728 Apr 14 21:08 /snap/kodi/100001/usr/lib/x86_64-linux-gnu/dri/i965_dri.so	09:57
zyga	EGL specific probably	09:58
zyga	nothing is looking at that directory	09:58
wsnipex	yeah, it seems to ignore the ld_library_path	09:58
zyga	there's no chroot /usr/lib/x86_64-linux-gnu/dri is _not_ the same as $SNAP/usr/lib/x86_64-linux-gnu/dri	09:58
wsnipex	sure, I get that	09:58
zyga	sorry, this is new ground to me	09:58
zyga	I wish I knew where this is hardcoded	09:59
wsnipex	might have to take this up with intel mesa devs	09:59
zyga	strace it, grep for PATH in sources, look at gdb, poke around	09:59
wsnipex	will do	10:00
wsnipex	and thanks for your help!	10:00
zyga	good luck, ping me back when you get it running	10:00
zyga	I think this should be handled better by the opengl interface	10:00
zyga	just not sure how exactly just yet	10:00
wsnipex	yeah, probably dlopen is not the optimal way	10:01
commander_	hi	10:21
commander_	i snapped a package but didn't got .snap file after successful compilation	10:22
commander_	am using ubuntu 14.04	10:22
commander_	anyone to help here ??	10:25
wsnipex	zyga, got a step further: LIBGL_DRIVERS_PATH: /snap/kodi/100001/usr/lib/x86_64-linux-gnu/dri	10:26
zyga	cooool	10:26
wsnipex	looking at the mesa code brought up this var	10:26
zyga	I'll write this down, perhaps something we should set in snapcraft/snappy by default	10:27
commander_	i snapped a package but didn't got .snap file after successful compilation'	10:27
commander_	guys	10:27
commander_	help me please	10:27
zyga	wsnipex: does it load now?	10:27
wsnipex	so, I now briefly see kodi starting... before it cores :)	10:27
zyga	commander_: please share the log/output in a pastebin	10:27
zyga	wsnipex: strace/gdb helps	10:27
commander_	okay zyga	10:27
zyga	wsnipex: add gdb,strace as parts to your snap	10:27
zyga	(and busybox)	10:27
zyga	shell inside and poke around	10:28
zyga	use: ulimit -c unlimited	10:28
zyga	and cd $HOME to make the core there	10:28
zyga	you can inspect that core later	10:28
zyga	I went through this experience yesterday	10:28
zyga	what helped a lot was fetching specifc libraries with apt-get source	10:28
zyga	and building them with DEB_BUILD_OPTIONS=nostrip	10:28
zyga	so that I would have symbols for gdb	10:28
zyga	this helped me zero on the issue	10:29
zyga	if you want I can also show you a trick that will let you skip snapcract snap part	10:29
zyga	and just work live	10:29
wsnipex	its still something with gfx	10:29
zyga	with a "writable" snap	10:29
zyga	wsnipex: after you install your snap the first time, unmount it (assuming there are no services runing)	10:29
commander_	zyga, http://pastebin.com/cEyUbB5R	10:29
wsnipex	that'd be cool	10:29
zyga	and sudo mount --bind /path/to/your/build/tree/snap /snap/$SNAP_NAME/10000* (the largest revision)	10:30
zyga	then you can run your snap and you can compile/edit/change stuff	10:30
zyga	a bit hacky but nice before we finish $ snap try	10:30
commander_	i got no .snap file	10:30
zyga	commander_: is this with snapcraft on ubuntu 16.04?	10:30
commander_	its on 14.04	10:30
zyga	commander_: can you do snapcraft clean; snapcraft \| pastebinit	10:31
commander_	okay wait	10:31
zyga	commander_: show that output to kyrofa or sergiusens though we're a bit busy with sprint prep (me included) so no promises	10:31
commander_	zyga, i cleaned and run snapcraft	10:32
* zyga has to dig out some ram from his 2nd PC, brb		10:32
commander_	okay	10:32
wsnipex	nice trick :)	10:32
commander_	zyga, it is downloading everything again	10:32
commander_	i mean libraries and other stuffs	10:33
commander_	please look and my yaml file once plz	10:33
commander_	zyga, here it is http://pastebin.com/kbpyv3Y1	10:34
popey	zyga: do we support it on 14.04?	10:34
zyga	popey: no	10:34
commander_	kyrofa, here is my yaml http://pastebin.com/kbpyv3Y1	10:34
commander_	popey,	10:35
popey	zyga: so.. the fact that commander_ is on 14.04....	10:35
commander_	am keshav bhatt @keshavmail68 from twitter	10:35
zyga	commander_: you need to use 16.04	10:35
commander_	i also unable to upgrade to 16.04 from ubuntu 14.04	10:35
zyga	sergiusens: it would be nice if we could SRU snapcraft to 14.04 that says "use xenial" if it sees plugs/slots	10:36
commander_	popey, i logged in to my dev account on developer portal and it said its disabled , whats the matter ???	10:36
zyga	or something similar to version snapcraft support properly	10:36
popey	commander_: I don't know.	10:36
commander_	zyga, what about my yaml file bro is it okay ???	10:36
commander_	popey, i mean why will they disable my account for no reason ??	10:37
zyga	commander_: on xenial it might build, the icon is no longer something you set in the yaml, put it in setup/gui	10:37
proteusguy	does snappy use systemd?	10:37
zyga	proteusguy: yes	10:37
proteusguy	zyga, thanx. I don't suppose there's any simple way to eliminate systemd from snappy and use something else?	10:38
commander_	zyga, i also noticed a bug in snapcraft	10:38
zyga	proteusguy: i don't know, you'd have to explore, I doubt that would be accepted upstream though	10:39
zyga	proteusguy: systemd is used for a number of things	10:39
commander_	zyga, it is unable to build example from launchpad , if it will try do download untrusted packages , i mean if gpg signature is missing for a package it will simply skip download with some apt-get errors .	10:40
zyga	proteusguy: look at the source, there's a lot of things happening there with various places	10:40
zyga	commander_: sorry I cannot help you with 14.04 and snapcraft issues	10:40
commander_	okay i will install ubuntu 16.04 tonight	10:41
commander_	i will talk to you later okay :) thanks for your time bro	10:41
commander_	zyga, bro snap file appeared this time	10:42
commander_	haha	10:42
commander_	its working now	10:42
commander_	thanks	10:42
proteusguy	zyga, that's what I figured. thanx for your reply.	10:42
commander_	it saying snapping \	10:43
commander_	my 2mb app is now 80mb wts that ???	10:47
commander_	is it okay ??	10:47
Chipaca	commander_, what libraries does it use?	10:48
commander_	qt libs	10:48
Chipaca	commander_, only 80mb? quite good	10:48
commander_	its a qt app uses qml and c++	10:48
Chipaca	:-)	10:48
commander_	what ! :D	10:49
Chipaca	commander_, so the 80mb is all of qt and c++ libs	10:49
davmor2	commander_: that's about right then, look at the clock and calculator apps and see how big they are :)	10:49
commander_	and whats the issue with debian packaging it make only a 2mb package	10:49
commander_	haha	10:50
commander_	guys here is my app www.ktechpit.com/ubuntu/ktechpit-com-released-ubuntu-play-store-ubuntu-14-04/	10:50
commander_	if you wana check it out you can download a trial version .	10:50
wsnipex	before I forget: it might be nice to document how to use snap behind a proxy somewhere, took me a bit to find that overriding systemd config with Environment=http_proxy	10:51
commander_	bye guys i will join later	10:56
zyga	wsnipex: there's an open bug about proxy support	11:01
zyga	wsnipex: we'll have to look at how that should work properly	11:01
wsnipex	well, go supports the http_proxy env var ootb	11:02
wsnipex	but systemd doesn't allow reading those	11:02
zyga	yes but it's tricky because this is the daemon that has to know this :)	11:02
zyga	exactly	11:02
wsnipex	so you have to set it in the systemd.service	11:03
wsnipex	the real issue with systemd is: you cannot have real variables in the systemd environmet	11:03
wsnipex	so you can't do: Environment=http_proxy=$http_proxy	11:03
wsnipex	which is a real pita	11:04
zyga	well that cannot obviously work	11:04
zyga	the reality is that proxy support is more complex than a single global settinhg	11:05
wsnipex	it could, if it was set in /etc/environment and systemd would read that	11:05
zyga	real proxies often require more elaborate setup, if we're fixing proxy we should really make it work	11:05
zyga	not just more work	11:05
wsnipex	best option might be to have snap read it and pass it on to the deamon, if thats possible	11:06
zyga	what if each user has different proxy?	11:06
wsnipex	if snap reads the users env, that'd be no issue	11:06
zyga	what if both users want a different proxy?	11:06
wsnipex	not snapd	11:06
zyga	one snapd services many users	11:07
zyga	anyway all I'm saying is that there's a bug and this is not a trivial thing to solve	11:07
wsnipex	yes, have snap (not snapd) read it	11:07
zyga	brb	11:07
Chipaca	wsnipex, whats the problem with proxies? without making me read all the backlog :-)	11:18
Chipaca	wsnipex, do you have a particular issue that needs addressing?	11:19
Chipaca	or is it a more generic "we should support this" thig	11:19
Chipaca	thing	11:19
wsnipex	snap won't use a system configured proxy	11:19
wsnipex	unless you override the snapd systemd service	11:20
Chipaca	wsnipex, i ask you again, are you having a problem you need solving, or is it an on-principle issue?	11:20
wsnipex	I solved it for me, so the latter	11:21
Chipaca	wsnipex, how did you solve it? editing the .service file?	11:21
wsnipex	I created /etc/systemd/system/snapd.service.d/proxy.conf	11:22
wsnipex	[Service]	11:22
wsnipex	Environment=http_proxy=....	11:22
Chipaca	wsnipex, question for you: would doing, instead, `EnvironmentFile=/etc/environment` solve it for you?	11:23
wsnipex	a little cleaner then editing the actual service file	11:23
wsnipex	that might actually work, let me try	11:23
Chipaca	ah, yes, copying to /etc/ is what i meant by editing (on a snappy core it's your only option)	11:23
Chipaca	wsnipex, followup question is whether instead of that, PassEnvironment=<space-separated list of proxy env vars> works for you	11:24
Chipaca	then we can talk about which approach is best of these two, if they both work	11:25
wsnipex	yes, works	11:25
wsnipex	could be a decent solution	11:25
Chipaca	ogra_, on snappy core is /etc/environment writable?	11:25
wsnipex	but it won't work for users having different proxies	11:26
ogra_	Chipaca, i dont think so ...	11:26
ogra_	(and we should find some other mechanism ... if you need global vars)	11:26
Chipaca	wsnipex, i hear you. Not sure there's much we can do for users with different proxies at this point.	11:27
Chipaca	I mean, passing the info from the user to the server is incredibly tricky	11:27
Chipaca	and most of the time is going to be the wrong thing to do anyway	11:28
wsnipex	PassEnvironment doesn't work	11:28
Chipaca	noted	11:28
Chipaca	ta	11:28
ogra_	per user stuff should come from /etc/profile.d	11:28
wsnipex	didn't even know this	11:28
wsnipex	where should PassEnvironment take the env from?	11:28
Chipaca	wsnipex, systemd	11:28
Chipaca	wsnipex, it's "pass these env vars from systemd to the child"	11:29
Chipaca	ogra_, isn't /etc/profile.d (ba)shist?	11:29
Chipaca	ogra_, ie not something like /etc/environ	11:29
ogra_	well, pam parses it iirc	11:30
ogra_	so it is "loginish" :)	11:30
ogra_	it is where per-user stuff should go :)	11:31
Chipaca	ogra_, /etc/profile.d is parsed by pam? things like /etc/profile.d/bash_completion.sh ?	11:31
Chipaca	that sounds wrong	11:31
ogra_	well, by shell logins	11:32
wsnipex	its parsed by the shell	11:33
wsnipex	uh, maybe pam_env reads them	11:35
ogra_	no, i think that reads ~/.pam_environment only	11:36
ogra_	thats probably the best place to use then :)	11:37
kyrofa	Good morning	11:38
wsnipex	how can I get around: Mount snap "kodi" (cannot find mounted snap "kodi" at revision 100001)	11:43
wsnipex	can I force install somehow?	11:43
ogra_	how did you build it ?	11:44
ogra_	snapcraft ?	11:45
wsnipex	yes, but I had it installed before already	11:45
wsnipex	then following zyga's advice to debug it, umounted it manually	11:46
wsnipex	now I cannot get it to install anymore	11:46
ogra_	hmm, zyga might know a way out then :)	11:46
ogra_	since he got you into this	11:46
wsnipex	where does snapd store its state?	11:46
wsnipex	it clearly thinks its already installed, so if I could purge this somehow..	11:47
kyrofa	wsnipex, may I suggest the reset-state script in https://github.com/zyga/devtools/ ?	11:52
wsnipex	kyrofa, thanks!	12:04
wsnipex	worked	12:04
kyrofa	wsnipex, hopefully once the next release makes it through the SRU process that won't be necessary anymore	12:05
wsnipex	nice	12:06
oparoz	Hey guys, can we use ZFS snapshots in Ubuntu Core to keep track of changes when doing updates/rollbacks?	12:26
ogra_	no	12:28
oparoz	;(	12:28
oparoz	Why ogra_ ? ZFS isn't available?	12:28
ogra_	Perhaps in the future....	12:28
kyrofa	ogra_, will ZFS be supported at all now that it's in xenial?	12:28
ogra_	right	12:28
kyrofa	Ah	12:28
ogra_	kyrofa, I still don't see it as a good default for embedded.... Beyond that we would indeed need to have support for that in all usespace tools	12:29
ogra_	*user	12:29
ogra_	(and it is only available on 64 bit arches afaik)	12:30
kyrofa	ogra_, ah, right, now I remember a conversation you had with someone else about this a few weeks back	12:30
oparoz	Ah yeah, I kind of forgot the memory requirements...	12:30
oparoz	ARC is super hungry	12:30
ogra_	I think it is a good idea to support it long term... Optionally	12:31
ogra_	but definitely out of scope for the first image	12:31
oparoz	Thanks ogra_	12:33
wsnipex	hmm, how can I disable binary stipping in snapcraft?	12:37
=== JanC is now known as Guest26117
=== JanC_ is now known as JanC
=== chihchun is now known as chihchun_afk
sergiusens	didrocks if commander comes back, tell him to watch the UOS workshop session :-)	13:08
kyrofa	wsnipex, what bad stuff is happening?	13:09
sergiusens	wsnipex we don't do binary stripping just yet	13:10
sergiusens	we will, we don't :-)	13:11
=== oparoz is now known as Guest66429
=== oparoz_ is now known as oparoz
wsnipex	right, I simply misinterpreted the snap output. Once I disabled stripping in the applikation build, its ok	13:18
wsnipex	now I at least get a gdb trace of my crash: http://paste.ubuntu.com/16258222/	13:18
kyrofa	wsnipex, indeed, as sergiusens mentioned, we will eventually strip (which is why it's named "strip"), so you didn't really misinterpret :)	13:19
wsnipex	is snap restricting access to set locale?	13:19
kyrofa	wsnipex, ah, I know that error!	13:19
kyrofa	wsnipex, are you running this in Ubuntu Core or the desktop?	13:20
wsnipex	desktop	13:20
kyrofa	wsnipex, I'm far from a locale expert so I don't actually know the problem, but one of my snaps had that problem as well and I ended up setting LC_ALL=C.UTF-8 in its wrapper to get around it. I couldn't use anything but C or C.UTF-8. I haven't investigated enough to know who to blame for it though-- the project I was snapping, or something to do with snappy	13:21
kyrofa	wsnipex, sergiusens might have some suggestions, though	13:21
kyrofa	wsnipex, note that ubuntu core _only_ has C and C.UTF-8 locales	13:22
wsnipex	I'm assuming its snappy, since this code is perfectly fine outside of it	13:22
kyrofa	wsnipex, any denials in the syslog?	13:22
wsnipex	I'm running in devmode	13:23
kyrofa	wsnipex, ah, then no :P	13:23
kyrofa	wsnipex, yeah wait for sergiusens. ogra_ might have some suggestions as well	13:23
wsnipex	otherwise it'd hang up way before that ;)	13:23
wsnipex	I'll try setting the locale in the meantime	13:24
didrocks	sergiusens: will do! :)	13:26
wsnipex	oh wow, setting the locale to LC_ALL=C.UTF-8 works :)	13:27
wsnipex	kodi now starts :D	13:27
wsnipex	thanks kyrofa	13:27
kyrofa	wsnipex, sure thing. Sorry for a workaround instead of a solution there-- I want one as well	13:28
wsnipex	yeah, this needs fixing of course, but its great to have it working for now	13:30
wsnipex	I still have a long road with app-armor...	13:30
vila	sergiusens, kyrofa: coverage fixed in the macaroons branch (using ~130 recorded responses), hope that address your concerns	14:33
jdstrand	elopio: hey-- I have a few ideas for integration tests and wanted to pass them along so they could end up on someone's queue somewhere? should I CC others?	14:35
jdstrand	s/somewhere?/somewhere./	14:36
plars	fgimenez: elopio: Hi, I have some more info about that issue I was seeing	14:54
plars	fgimenez: elopio: on that test that hits a kernel bug for me, but seems to work for you - I can make it work, but only if I run it by hand from outside the snap. When I try to run it from the snappy-tests snap that I built, I hit the problem. Maybe there's some permission/isolation issue here? (I did install with --devmode)	14:55
fgimenez	plars, elopio mmm not sure, you only hit the problem with one of the tests?	15:14
plars	fgimenez: so far, just that one. I haven't tried going further yet	15:14
fgimenez	plars, that tests exercises the home interface by creating and installing test snap with that plug defined, maybe when you try to install that snap from another one without the plug it might cause problems	15:18
plars	fgimenez: --devmode doesn't help me here?	15:19
fgimenez	plars, not sure, can you try the networkInterfaceSuite?	15:20
plars	fgimenez: some of them seemed to work, but then I got a bug here:	15:22
plars	sudo snap disconnect network-consumer:network ubuntu-core:network	15:23
plars	[82096.043981] BUG: unable to handle kernel NULL pointer dereference at 0000000000000038	15:23
plars	so as soon as it tried to disconnect it	15:23
fgimenez	plars, that's from the snappy-test snap, right?	15:24
plars	fgimenez: yes	15:24
plars	fgimenez: can I just connect somehow to everything once the snap is installed? or do I need to go rebuild with more plugs defined in my snapcraft yaml?	15:41
fgimenez	plars, maybe you can regenerate snappy-test defining all the plugs used by snaps created in the tests (currently home and network)	15:41
fgimenez	plars, yes, once it's generated afaik you cannot connect to additional slots	15:41
plars	fgimenez: I actually already have home defined - is that all the first one should have needed?	15:42
plars	- snappy-tests:home	15:43
fgimenez	plars, yes, the home-consumer snap only needs the home plug to be available, but i'm not sure of the behaviour calling it from another snap	15:43
plars	but I also see this in snap interfaces output:	15:43
plars	:home -	15:43
ogra_	i think you need to manually connect the interfaces	15:44
fgimenez	plars, if you have it already defined and it is failing then that's not the solution of course	15:44
fgimenez	plars, yes, home doesn't autoconnect	15:44
plars	ogra_: fgimenez: so something like: sudo snap connect snappy-tests:home ubuntu-core:home	15:45
ogra_	yeah	15:45
fgimenez	plars, ogra_ yes, that should do, you can check snap interfaces after	15:45
plars	let me retry homeInterfaceSuite.TestPlugDisconnectionDisablesCreate with that set up	15:46
plars	nope, still hit but on disconnect :(	15:46
plars	sudo snap disconnect home-consumer:home ubuntu-core:home	15:46
plars	[ 657.125253] BUG: unable to handle kernel NULL pointer dereference at 0000000000000038	15:46
* ogra_ guesses you are better off asking zyga or jdstrand here		15:48
fgimenez	plars, maybe zyga can help here ^	15:48
fgimenez	ogra_, yep :)	15:48
jdstrand	plars: can you paste the full trace?	15:48
plars	jdstrand: the original one was here: http://paste.ubuntu.com/16227643/	15:49
plars	jdstrand: but that looks slightly different from what I got now	15:49
plars	https://www.irccloud.com/pastebin/isX3KDXU/	15:49
jdstrand	plars: can you file a bug? jjohansen1, you may want to look at that ^	15:50
jdstrand	plars: in your bug report, can you tar up everything in /var/lib/snapd/apparmor/profiles and /var/cache/apparmor ?	15:51
plars	jdstrand: I'll have to reboot/retry - it's in a snapshotted qemu session right now, and it hangs when I hit this so hopefully there will be something useful there. Where's the best place to file this?	15:52
ogra_	interesting that systemctl doesnt complain about the autopilot stuff ... iirc we dont ship that anymore	15:52
jdstrand	plars: oh, and home-consumer_1.0_all.snap. if that has sensitive stuff in it, feel free to strip out the sensitive stuff (only need the yaml)	15:52
plars	jdstrand: that's all from the snappy integration tests	15:52
jdstrand	plars: https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug	15:53
fgimenez	jdstrand, home-consumer comes from here https://github.com/ubuntu-core/snappy/tree/master/integration-tests/data/snaps/home-consumer	15:53
* jdstrand hopes that /var/lib/snapd/apparmor/profiles has the snap.home-consumer.reader and .writer policy		15:55
plars	jdstrand: you want me to run this like I did before, or after connecting to ubuntu-core:home slot manually?	15:56
jdstrand	whatever gets the kernel bug	15:56
oparoz_	Does security-override works to give access to /proc ?	15:58
plars	jdstrand: they both do :)	15:59
plars	I'll do both	15:59
plars	!	16:00
plars	it's working now - every single time I've run it so far I hit that kernel bug, and now it works	16:00
plars	I wonder if running it as a snapshot made a difference	16:01
jdstrand	plars: its possible sometimes the bug is a crasher and sometimes not. it is clear there shouldn't be a bug and the bug if it doesn't crash now may cause instability and other problems	16:01
plars	ok, I got it to reproduce this time	16:02
plars	by running the whole suite	16:03
plars	jdstrand: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1579135	16:18
ubottu	Launchpad bug 1579135 in apparmor (Ubuntu) "kernel BUG on snap disconnect from within a snap" [Undecided,New]	16:18
plars	jjohansen1: also ^ https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1579135	16:18
jdstrand	plars: awesome, thanks!	16:18
jdstrand	plars: I left a couple of questions for you in the bug	17:24
jdstrand	(fyi)	17:24
ssweeny	jdstrand, any chance of a review for https://github.com/ubuntu-core/snappy/pull/1118 today? I'm going on holiday next week and I'd like to have this resolved if we can	17:36
jdstrand	ssweeny: I might be able to. I'm working on something else but I think I can get it done before eod. note, the snappy guys are sprinting next week and seem to be traveling today, so not sure how all that will impact your plans	17:44
ssweeny	jdstrand, fair enough	17:45
blackout24	I have snappy working on Arch Linux now. Kind of. The problem was that after implementing another check to see if snappy is used on a classic system it tries to do some bootloader stuff upon installing ubuntu-core. Since I didn't use grub it always just exited at that point. For simplicity I just installed grub without actually using it. Now it downloads and installs all the snaps.	18:45
blackout24	apparmor_status even shows that there are some profiles loaded now.	18:46
blackout24	Only problem is that a) for some reason /snap/bin isn't in my PATH despite installing apps-bin-path.sh in my profile.d and b) when I try to run ubuntu-calculator-app.calculator it wants root, while on a 16.04 test machine it doesn't. It also fails with "aa_change_onexec failed with -1. errmsg: No such file or directory"	18:48
blackout24	Adding support for systemd-boot is a little tricky since it's so minimalistic that it doesn't have an env file for variables. You'd probably have to implement a lot of string manipulation magic to essentially emulate that. Also the actual boot entry is a *.conf file in /boot/loader/entries. It can be named however you want. There is no sdboot.cfg for this or something.	18:50
blackout24	Ahh I see on 16.04 /usr/bin/ubuntu-core-launcher has different permissions	18:56
ssweeny	jdstrand, thanks for the review! I'm looking at adding the label=###PLUG_SECURITY_TAGS### string and it needs a new helper function. My question is what should that string look like at the end. The function for slots includes all the bound apps but that doesn't seem right to me for this	19:34
jdstrand	ssweeny: the plugs side gets all the connected slots. the slots side (what you are looking to add) are all the connected plugs	19:35
ssweeny	jdstrand, ok, so it would still be something like "snap.name.app" or "snap.name.{app1..appn}" or "snap.name.*"?	19:37
jdstrand	the actual format of that string should be like what ###SLOT_SECURITY_TAGS### is. if one snap/app, then no alternation, if all apps within a snap, then a glob (.*) and it multiple snaps, alternations with globs as needed	19:37
jdstrand	yes	19:37
jdstrand	but in this case you might end up with {snap.name1.{app1..appn},snap.name2.*,snap.name3.app}	19:38
jdstrand	does that make sense?	19:39
jdstrand	it is because multiple snaps can plug into a slot. the other way there was only the one slot provider	19:39
ssweeny	ah	19:40
ssweeny	ok	19:40
plars	jdstrand: I'm not sure I understand your comment - I'm not trying to simply install that snap, I'm trying to run one of the integration tests in snappy, which I've packaged in another snap. The integration test does install that home-consumer snap as part of it, but that's just one piece of what it's doing. And it doesn't seem to be the installation of the	19:41
plars	snap that's causing the problem	19:41
jdstrand	I was trying to get at a simple reproducer. perhaps it would help if jjohansen1 was involved	19:42
jjohansen1	blackout24: what is logged in dmesg?	19:43
jjohansen1	what kernel, and which apparmor patchset (if any)?	19:45
plars	jdstrand: I'll see if I can come up with something simpler	19:45
jjohansen1	a dump of apparmor/features would be good too	19:46
ssweeny	jdstrand, from what I can tell the ConnectedSlotSnippet only gets a reference to one plug, so I guess there will be multiple snippets, one for each attached plug?	19:46
jjohansen1	jdstrand: uhm which of the 3 issues did you want me to jump in on?	19:46
ssweeny	jdstrand, so each snippet will only have one snap with 1..n possible apps	19:46
blackout24	jjohansen1, I just rebuilt the stock ARCH kernel with CONFIG_AUDIT and and apparmor Kconfig flags. The version is 4.5.1 so it should be the latest upstream apparmor.	19:47
blackout24	I also packaged the latest upstream libapparmor and libseccomp	19:48
jjohansen1	blackout24: okay, I think there is a bug fix for change_profile that is needed for that kernel	19:49
* jjohansen1 goes digging		19:49
jdstrand	ssweeny: I'm not sure. I'm not sure this subtlety was considered	19:49
ssweeny	interesting	19:49
ssweeny	I can't see any difference in the way the snippets go into the FS	19:50
jdstrand	ssweeny: if it helps, you could treat it like ###SLOT_SECURITY_TAGS### for now and then ask the question in the PR for zyga to pick up when he is back online	19:50
ssweeny	they're all just appended to the slot profile	19:50
ssweeny	jdstrand, I'll give that a go	19:50
jdstrand	and I'll jump in and help guide that discussion	19:51
blackout24	I stepped through ubuntu-core-launcher and it fails in line number 562 where it uses aa_profile as parameter, which is taken from the second parameter when the app is launched through the helper script. The Apparmor profiles all seem to be in place.	19:52
jdstrand	blackout24: that suggests the profile isn't loaded	19:54
blackout24	Yes because "aa_change_onexec failed with -1. errmsg: No such file or directory", but the profile should be there if it wants to load it.	19:54
jdstrand	blackout24: that error is somewhat misleading. it isn't able to change_onexec because the profile isn't loaded into the kernel. the launcher doesn't load the profile into the kernel, snap install does	19:55
jdstrand	blackout24: what is the output of apparmor_parser -QTK /var/lib/snapd/apparmor/profiles/snap.your.profile?	19:56
ssweeny	jdstrand, ok, the line I end up with is peer=(label="snap.location-service.{example-client,example-service,location-service-cli}") and apparmor doesn't like that: 5Z ERROR cannot setup apparmor for snap "location-service": cannot load apparmor profile "snap.location-service.location-service": cannot load apparmor profile: exit status 1	19:56
ssweeny	apparmor_parser output:	19:56
ssweeny	AppArmor parser error for /var/lib/snapd/apparmor/profiles/snap.location-service.location-service in /var/lib/snapd/apparmor/profiles/snap.location-service.location-service at line 309: dbus rule contains message conditionals and service conditionals	19:56
jjohansen1	blackout24: hrmmm, I didn't find what I was looking for yet. It could have been a userspace error, I will keep looking	19:57
jdstrand	ssweeny: can you paste the full rule?	19:57
blackout24	jdstrand, this command just returns without printing anything. apparmor_status says module is loaded and 1 profiles are loaded.	19:57
blackout24	snap.notes.notes is in enforce mode, but I try to run the calculator app at the moment. notes doesn't work, yet either.	19:58
jdstrand	blackout24: ok so the userspace is ok. what is the output of apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.your.profile? (that shoudl be run as root)	19:58
jdstrand	ssweeny: you can paste the whole profile if you want	19:59
blackout24	Also returns without printing anything	19:59
blackout24	But apparmor status now says that 2 profiles are loaded	19:59
jdstrand	blackout24: and aa-status shows that 'snap.your.profile' is loaded in the kernel?	19:59
blackout24	And lists the calc app profile which I used for your command	19:59
ssweeny	jdstrand, nevermind, I had the replacement string in one too many places. It seems to work now	19:59
blackout24	2 profiles are loaded. 2 profiles are in enforce mode. <lists the notes profile and calculator profile now>	20:00
jdstrand	blackout24: I suspect the launcher will get farther along now	20:00
jdstrand	blackout24: assuming what you are trying to launch corresponds to one of those two profiles	20:01
jdstrand	:)	20:01
jdstrand	ssweeny: ack	20:01
blackout24	Yes. Now it fails with execv failed: No such file or directory. Will have to strace or ltrace that.	20:01
jdstrand	blackout24: ok-- note there is a problem with snapd not loading the profile into the kernel during snap install that you'll have to debug	20:02
jdstrand	blackout24: look at interfaces/apparmor/apparmor.go for details on what it is doing	20:03
jjohansen1	blackout24: that could be a different bug where apparmor is returning -ENOENT when the target profile is not found (I have patch in the upstream queue for that)	20:04
jjohansen1	blackout24: what is the message from apparmor in dmesg?	20:04
blackout24	jjohansen1, http://pastebin.com/8Y1diFRJ	20:06
jdstrand	blackout24: are you using an upstream kernel or one with newer apparmor patches?	20:07
jjohansen1	upstream	20:07
blackout24	4.5.1 without any patches. I rebuilt it from the official PKGBUILD on ARCH and just changed 4 Kconfig switches	20:07
jjohansen1	blackout24: thts it? It is missing at least one message	20:08
jdstrand	blackout24: I very much doubt you are going to have success with a pure upstream kernel at this time	20:08
jjohansen1	there should be something from change_profile or exec	20:08
jdstrand	beyond apparmor	20:08
jdstrand	well, maybe with 4.5.1 it is primarily apparmor	20:09
blackout24	Packaging a new kernel with a handful of extra patches would not be a problem. I would adopt linux-apparmor in the Arch User Repo which is currently unmaintained and ship the extra patch to also make snappy run	20:10
jdstrand	but assuming you can get it to work, you won't have dbus, ptrace, signal and unix mediation	20:10
jdstrand	I see	20:10
jdstrand	well, there are patches for 4.4 (Ubuntu has 4.4), I don't know the status of the 4.5 patchset	20:10
jdstrand	and we're working to get these bits upstream	20:11
jdstrand	but that'll take a while	20:11
blackout24	I could easily just set the package version to 4.4.0 and download the 4.4.0 kernel sources and apply the patchset.	20:11
jdstrand	I'll let jjohansen1 comment on how to get the patches. they are in a git tree somewhere	20:11
blackout24	The kernel doesn't have to be as recent as the official ARCH kernel, which will remain untouched on the system anyway.	20:11
jjohansen1	blackout24: for the apparmor bits git://kernel.ubuntu.com/~jj/linux-apparmor-backports	20:13
jjohansen1	you are looking for the v4.X-aa3.5-beta1 branches	20:14
blackout24	jjohansen1, thanks	20:14
ssweeny	jdstrand, I believe I've addressed all of your comments	20:14
blackout24	jjohansen1, it doesn't let me clone it for some reason. fatal: remote error: access denied or repository not exported: ~jj/linux-apparmor-backports	20:18
jjohansen1	blackout24: oops I stuck a ~ in there, thats only for the http version of the url	20:19
jjohansen1	git://kernel.ubuntu.com/jj/jj/linux-apparmor-backports	20:19
jjohansen1	urgg	20:19
blackout24	thanks	20:19
jjohansen1	lets try again	20:19
jjohansen1	git://kernel.ubuntu.com/jj/linux-apparmor-backports	20:20
blackout24	jjohansen1, something is still not working fatal: remote error: access denied or repository not exported: /jj/jj/linux-apparmor-backports	20:20
jjohansen1	blackout24: see that last url, I managed to double up the jj/ in the one you just tried	20:21
jjohansen1	the weekend can't come soon enough	20:21
blackout24	haha yeah I know that feeling	20:22
blackout24	cloning...	20:22
=== Aria is now known as Aria\|away
=== Aria\|away is now known as Aria
=== Aria is now known as Aria\|away
qengho	ubuntu-device-flash says "expected a gadget snaps: snap not found". Specified "canonical-pi2". What gives?	23:18
=== Aria\|away is now known as Aria

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!