=== chihchun is now known as chihchun_afk | ||
=== chihchun_afk is now known as chihchun | ||
zyga | o/ | 07:00 |
---|---|---|
commander_ | hi snappers | 08:02 |
commander_ | i need help | 08:02 |
commander_ | am trying to pack my qt app for snap store | 08:03 |
commander_ | anyone here ?? | 08:03 |
commander_ | my app is precompiled with qmake can i snap it ?? | 08:09 |
commander_ | who is on ?? | 08:09 |
commander_ | i need help | 08:09 |
didrocks | hey commander_! I don't think we have a qmake plugin, but kyrofa and sergiusens would be able to help you in a few hours (they are US-based) | 08:11 |
didrocks | ah, snap | 08:11 |
wsnipex | hi. I'm working on packaging kodi as snap package and have problems getting opengl to work | 08:44 |
wsnipex | it trying to load the intel driver i965_dri.so, but claims the file doesn't exist, while it IS in the snap at the correct location | 08:46 |
wsnipex | here is the console output with LIBGL_DEBUG=verbose: http://paste.ubuntu.com/16252748/ | 08:47 |
wsnipex | any pointers would be much appreciated | 08:48 |
zyga | wsnipex: hey | 09:39 |
zyga | wsnipex: looking at your output the thing that jumps at me is this: | 09:40 |
zyga | libEGL warning: DRI2: failed to open i965 (search paths /usr/lib/x86_64-linux-gnu/dri:${ORIGIN}/dri:/usr/lib/dri) | 09:40 |
zyga | libEGL warning: DRI2: failed to open swrast (search paths /usr/lib/x86_64-linux-gnu/dri:${ORIGIN}/dri:/usr/lib/dri) | 09:40 |
wsnipex | yeah, the lib is there though | 09:40 |
zyga | note that snaps do not chroot, so your search path has to understand $SNAP | 09:40 |
zyga | also note (play with hello-world.sh) that snap apps don't see your normal / | 09:40 |
zyga | as they get the ubuntu-core snap bind-mounted in various places | 09:41 |
zyga | so you don't see your normal /usr | 09:41 |
zyga | you see the very same ubuntu-core snap /usr | 09:41 |
zyga | the same on desktop and "devices" | 09:41 |
zyga | wsnipex: does this make sense? do you see what I mean? | 09:41 |
wsnipex | thats what I thought. How can I modify the command wrapper that sets LD_LIBRARY_PATH? its always overwritten | 09:41 |
zyga | wsnipex: you can just add one more wrapper | 09:41 |
zyga | wsnipex: we also have SNAP_LIBRARY_PATH but we don't use it for intal AFAIR, it is used for nvidia | 09:42 |
wsnipex | I'm completely new to snaps, so pleae bear with me | 09:42 |
zyga | no worries, we all are :) | 09:42 |
* zyga should publish the next article about snap runtime environment and confinement details | 09:42 | |
wsnipex | so, how/where do I add another wrapper? | 09:43 |
zyga | wsnipex: add a new app, say 'sh' and run shell there | 09:43 |
zyga | in that shell experiment with various LD_LIBRARY_PATH values | 09:43 |
zyga | once you know what you want | 09:43 |
wsnipex | albeit I can do it in our own wrapper script, I'd like to change as little in kodi as possible | 09:43 |
zyga | add a new file in the build tree, make sure it gets copied with snapcraft.yaml (using the copy plugin) | 09:43 |
zyga | and change the command of the app you were running originally to run the wrapper | 09:44 |
wsnipex | ah, I see, thanks | 09:44 |
zyga | wsnipex: but first experiment with just a shell, look at how the environment looks like there | 09:45 |
wsnipex | so currently there is no way to directly influence the default wrapper | 09:45 |
zyga | there are two "wrappers" | 09:45 |
zyga | the one in /snap/bin/ made by snappy on install | 09:45 |
zyga | you cannot influence that one | 09:45 |
wsnipex | heh, yes. I mean command-kodi.wrapper | 09:45 |
zyga | and one by snapcraft (command-foo.*) | 09:45 |
zyga | you can freely change that one though that's something snapcraft makes | 09:45 |
zyga | it's just part of snapcraft implementation detail | 09:45 |
wsnipex | I tried that, but my changes were overwritten on snapcraft snap | 09:46 |
zyga | yes, I know, the solution is to add your own wrapper :) | 09:46 |
zyga | run it as the 3rd wrapper | 09:46 |
zyga | sorry, we'll get it more streamlined over time | 09:46 |
zyga | just didn't have the time for 16.04 :) | 09:46 |
wsnipex | no worries | 09:47 |
wsnipex | also the plugins could be more flexible, specially autotools and cmake ;) | 09:47 |
zyga | those are extensible | 09:48 |
zyga | you can have your own local plugins in your tree | 09:48 |
zyga | and snapcraft picks them up | 09:48 |
zyga | it's all python so it is pretty flexible | 09:48 |
wsnipex | yeah, I saw that, just didn't have time to look further into it | 09:49 |
wsnipex | zyga, http://paste.ubuntu.com/16254300/ | 09:56 |
zyga | libEGL warning: DRI2: failed to open i965 (search paths /usr/lib/x86_64-linux-gnu/dri:${ORIGIN}/dri:/usr/lib/dri) | 09:57 |
zyga | same search path? | 09:57 |
wsnipex | I've exported and printed LD_LIBRARY_PATH | 09:57 |
wsnipex | first line, 1st entry | 09:57 |
zyga | I saw that but look at the "search paths" part being indifferent | 09:57 |
zyga | maybe something different | 09:57 |
wsnipex | -rw-r--r-- 5 root root 6561728 Apr 14 21:08 /snap/kodi/100001/usr/lib/x86_64-linux-gnu/dri/i965_dri.so | 09:57 |
zyga | EGL specific probably | 09:58 |
zyga | nothing is looking at that directory | 09:58 |
wsnipex | yeah, it seems to ignore the ld_library_path | 09:58 |
zyga | there's no chroot /usr/lib/x86_64-linux-gnu/dri is _not_ the same as $SNAP/usr/lib/x86_64-linux-gnu/dri | 09:58 |
wsnipex | sure, I get that | 09:58 |
zyga | sorry, this is new ground to me | 09:58 |
zyga | I wish I knew where this is hardcoded | 09:59 |
wsnipex | might have to take this up with intel mesa devs | 09:59 |
zyga | strace it, grep for PATH in sources, look at gdb, poke around | 09:59 |
wsnipex | will do | 10:00 |
wsnipex | and thanks for your help! | 10:00 |
zyga | good luck, ping me back when you get it running | 10:00 |
zyga | I think this should be handled better by the opengl interface | 10:00 |
zyga | just not sure how exactly just yet | 10:00 |
wsnipex | yeah, probably dlopen is not the optimal way | 10:01 |
commander_ | hi | 10:21 |
commander_ | i snapped a package but didn't got .snap file after successful compilation | 10:22 |
commander_ | am using ubuntu 14.04 | 10:22 |
commander_ | anyone to help here ?? | 10:25 |
wsnipex | zyga, got a step further: LIBGL_DRIVERS_PATH: /snap/kodi/100001/usr/lib/x86_64-linux-gnu/dri | 10:26 |
zyga | cooool | 10:26 |
wsnipex | looking at the mesa code brought up this var | 10:26 |
zyga | I'll write this down, perhaps something we should set in snapcraft/snappy by default | 10:27 |
commander_ | i snapped a package but didn't got .snap file after successful compilation' | 10:27 |
commander_ | guys | 10:27 |
commander_ | help me please | 10:27 |
zyga | wsnipex: does it load now? | 10:27 |
wsnipex | so, I now briefly see kodi starting... before it cores :) | 10:27 |
zyga | commander_: please share the log/output in a pastebin | 10:27 |
zyga | wsnipex: strace/gdb helps | 10:27 |
commander_ | okay zyga | 10:27 |
zyga | wsnipex: add gdb,strace as parts to your snap | 10:27 |
zyga | (and busybox) | 10:27 |
zyga | shell inside and poke around | 10:28 |
zyga | use: ulimit -c unlimited | 10:28 |
zyga | and cd $HOME to make the core there | 10:28 |
zyga | you can inspect that core later | 10:28 |
zyga | I went through this experience yesterday | 10:28 |
zyga | what helped a lot was fetching specifc libraries with apt-get source | 10:28 |
zyga | and building them with DEB_BUILD_OPTIONS=nostrip | 10:28 |
zyga | so that I would have symbols for gdb | 10:28 |
zyga | this helped me zero on the issue | 10:29 |
zyga | if you want I can also show you a trick that will let you skip snapcract snap part | 10:29 |
zyga | and just work live | 10:29 |
wsnipex | its still something with gfx | 10:29 |
zyga | with a "writable" snap | 10:29 |
zyga | wsnipex: after you install your snap the first time, unmount it (assuming there are no services runing) | 10:29 |
commander_ | zyga, http://pastebin.com/cEyUbB5R | 10:29 |
wsnipex | that'd be cool | 10:29 |
zyga | and sudo mount --bind /path/to/your/build/tree/snap /snap/$SNAP_NAME/10000* (the largest revision) | 10:30 |
zyga | then you can run your snap and you can compile/edit/change stuff | 10:30 |
zyga | a bit hacky but nice before we finish $ snap try | 10:30 |
commander_ | i got no .snap file | 10:30 |
zyga | commander_: is this with snapcraft on ubuntu 16.04? | 10:30 |
commander_ | its on 14.04 | 10:30 |
zyga | commander_: can you do snapcraft clean; snapcraft | pastebinit | 10:31 |
commander_ | okay wait | 10:31 |
zyga | commander_: show that output to kyrofa or sergiusens though we're a bit busy with sprint prep (me included) so no promises | 10:31 |
commander_ | zyga, i cleaned and run snapcraft | 10:32 |
* zyga has to dig out some ram from his 2nd PC, brb | 10:32 | |
commander_ | okay | 10:32 |
wsnipex | nice trick :) | 10:32 |
commander_ | zyga, it is downloading everything again | 10:32 |
commander_ | i mean libraries and other stuffs | 10:33 |
commander_ | please look and my yaml file once plz | 10:33 |
commander_ | zyga, here it is http://pastebin.com/kbpyv3Y1 | 10:34 |
popey | zyga: do we support it on 14.04? | 10:34 |
zyga | popey: no | 10:34 |
commander_ | kyrofa, here is my yaml http://pastebin.com/kbpyv3Y1 | 10:34 |
commander_ | popey, | 10:35 |
popey | zyga: so.. the fact that commander_ is on 14.04.... | 10:35 |
commander_ | am keshav bhatt @keshavmail68 from twitter | 10:35 |
zyga | commander_: you need to use 16.04 | 10:35 |
commander_ | i also unable to upgrade to 16.04 from ubuntu 14.04 | 10:35 |
zyga | sergiusens: it would be nice if we could SRU snapcraft to 14.04 that says "use xenial" if it sees plugs/slots | 10:36 |
commander_ | popey, i logged in to my dev account on developer portal and it said its disabled , whats the matter ??? | 10:36 |
zyga | or something similar to version snapcraft support properly | 10:36 |
popey | commander_: I don't know. | 10:36 |
commander_ | zyga, what about my yaml file bro is it okay ??? | 10:36 |
commander_ | popey, i mean why will they disable my account for no reason ?? | 10:37 |
zyga | commander_: on xenial it might build, the icon is no longer something you set in the yaml, put it in setup/gui | 10:37 |
proteusguy | does snappy use systemd? | 10:37 |
zyga | proteusguy: yes | 10:37 |
proteusguy | zyga, thanx. I don't suppose there's any simple way to eliminate systemd from snappy and use something else? | 10:38 |
commander_ | zyga, i also noticed a bug in snapcraft | 10:38 |
zyga | proteusguy: i don't know, you'd have to explore, I doubt that would be accepted upstream though | 10:39 |
zyga | proteusguy: systemd is used for a number of things | 10:39 |
commander_ | zyga, it is unable to build example from launchpad , if it will try do download untrusted packages , i mean if gpg signature is missing for a package it will simply skip download with some apt-get errors . | 10:40 |
zyga | proteusguy: look at the source, there's a lot of things happening there with various places | 10:40 |
zyga | commander_: sorry I cannot help you with 14.04 and snapcraft issues | 10:40 |
commander_ | okay i will install ubuntu 16.04 tonight | 10:41 |
commander_ | i will talk to you later okay :) thanks for your time bro | 10:41 |
commander_ | zyga, bro snap file appeared this time | 10:42 |
commander_ | haha | 10:42 |
commander_ | its working now | 10:42 |
commander_ | thanks | 10:42 |
proteusguy | zyga, that's what I figured. thanx for your reply. | 10:42 |
commander_ | it saying snapping \ | 10:43 |
commander_ | my 2mb app is now 80mb wts that ??? | 10:47 |
commander_ | is it okay ?? | 10:47 |
Chipaca | commander_, what libraries does it use? | 10:48 |
commander_ | qt libs | 10:48 |
Chipaca | commander_, only 80mb? quite good | 10:48 |
commander_ | its a qt app uses qml and c++ | 10:48 |
Chipaca | :-) | 10:48 |
commander_ | what ! :D | 10:49 |
Chipaca | commander_, so the 80mb is all of qt and c++ libs | 10:49 |
davmor2 | commander_: that's about right then, look at the clock and calculator apps and see how big they are :) | 10:49 |
commander_ | and whats the issue with debian packaging it make only a 2mb package | 10:49 |
commander_ | haha | 10:50 |
commander_ | guys here is my app www.ktechpit.com/ubuntu/ktechpit-com-released-ubuntu-play-store-ubuntu-14-04/ | 10:50 |
commander_ | if you wana check it out you can download a trial version . | 10:50 |
wsnipex | before I forget: it might be nice to document how to use snap behind a proxy somewhere, took me a bit to find that overriding systemd config with Environment=http_proxy | 10:51 |
commander_ | bye guys i will join later | 10:56 |
zyga | wsnipex: there's an open bug about proxy support | 11:01 |
zyga | wsnipex: we'll have to look at how that should work properly | 11:01 |
wsnipex | well, go supports the http_proxy env var ootb | 11:02 |
wsnipex | but systemd doesn't allow reading those | 11:02 |
zyga | yes but it's tricky because this is the daemon that has to know this :) | 11:02 |
zyga | exactly | 11:02 |
wsnipex | so you have to set it in the systemd.service | 11:03 |
wsnipex | the real issue with systemd is: you cannot have real variables in the systemd environmet | 11:03 |
wsnipex | so you can't do: Environment=http_proxy=$http_proxy | 11:03 |
wsnipex | which is a real pita | 11:04 |
zyga | well that cannot obviously work | 11:04 |
zyga | the reality is that proxy support is more complex than a single global settinhg | 11:05 |
wsnipex | it could, if it was set in /etc/environment and systemd would read that | 11:05 |
zyga | real proxies often require more elaborate setup, if we're fixing proxy we should really make it work | 11:05 |
zyga | not just more work | 11:05 |
wsnipex | best option might be to have snap read it and pass it on to the deamon, if thats possible | 11:06 |
zyga | what if each user has different proxy? | 11:06 |
wsnipex | if snap reads the users env, that'd be no issue | 11:06 |
zyga | what if both users want a different proxy? | 11:06 |
wsnipex | not snapd | 11:06 |
zyga | one snapd services many users | 11:07 |
zyga | anyway all I'm saying is that there's a bug and this is not a trivial thing to solve | 11:07 |
wsnipex | yes, have snap (not snapd) read it | 11:07 |
zyga | brb | 11:07 |
Chipaca | wsnipex, whats the problem with proxies? without making me read all the backlog :-) | 11:18 |
Chipaca | wsnipex, do you have a particular issue that needs addressing? | 11:19 |
Chipaca | or is it a more generic "we should support this" thig | 11:19 |
Chipaca | thing | 11:19 |
wsnipex | snap won't use a system configured proxy | 11:19 |
wsnipex | unless you override the snapd systemd service | 11:20 |
Chipaca | wsnipex, i ask you again, are you having a problem you need solving, or is it an on-principle issue? | 11:20 |
wsnipex | I solved it for me, so the latter | 11:21 |
Chipaca | wsnipex, how did you solve it? editing the .service file? | 11:21 |
wsnipex | I created /etc/systemd/system/snapd.service.d/proxy.conf | 11:22 |
wsnipex | [Service] | 11:22 |
wsnipex | Environment=http_proxy=.... | 11:22 |
Chipaca | wsnipex, question for you: would doing, instead, `EnvironmentFile=/etc/environment` solve it for you? | 11:23 |
wsnipex | a little cleaner then editing the actual service file | 11:23 |
wsnipex | that might actually work, let me try | 11:23 |
Chipaca | ah, yes, copying to /etc/ is what i meant by editing (on a snappy core it's your only option) | 11:23 |
Chipaca | wsnipex, followup question is whether instead of that, PassEnvironment=<space-separated list of proxy env vars> works for you | 11:24 |
Chipaca | then we can talk about which approach is best of these two, if they both work | 11:25 |
wsnipex | yes, works | 11:25 |
wsnipex | could be a decent solution | 11:25 |
Chipaca | ogra_, on snappy core is /etc/environment writable? | 11:25 |
wsnipex | but it won't work for users having different proxies | 11:26 |
ogra_ | Chipaca, i dont think so ... | 11:26 |
ogra_ | (and we should find some other mechanism ... if you need global vars) | 11:26 |
Chipaca | wsnipex, i hear you. Not sure there's much we can do for users with different proxies at this point. | 11:27 |
Chipaca | I mean, passing the info from the user to the server is incredibly tricky | 11:27 |
Chipaca | and most of the time is going to be the wrong thing to do anyway | 11:28 |
wsnipex | PassEnvironment doesn't work | 11:28 |
Chipaca | noted | 11:28 |
Chipaca | ta | 11:28 |
ogra_ | per user stuff should come from /etc/profile.d | 11:28 |
wsnipex | didn't even know this | 11:28 |
wsnipex | where should PassEnvironment take the env from? | 11:28 |
Chipaca | wsnipex, systemd | 11:28 |
Chipaca | wsnipex, it's "pass these env vars from systemd to the child" | 11:29 |
Chipaca | ogra_, isn't /etc/profile.d (ba)shist? | 11:29 |
Chipaca | ogra_, ie not something like /etc/environ | 11:29 |
ogra_ | well, pam parses it iirc | 11:30 |
ogra_ | so it is "loginish" :) | 11:30 |
ogra_ | it is where per-user stuff should go :) | 11:31 |
Chipaca | ogra_, /etc/profile.d is parsed by pam? things like /etc/profile.d/bash_completion.sh ? | 11:31 |
Chipaca | that sounds wrong | 11:31 |
ogra_ | well, by shell logins | 11:32 |
wsnipex | its parsed by the shell | 11:33 |
wsnipex | uh, maybe pam_env reads them | 11:35 |
ogra_ | no, i think that reads ~/.pam_environment only | 11:36 |
ogra_ | thats probably the best place to use then :) | 11:37 |
kyrofa | Good morning | 11:38 |
wsnipex | how can I get around: Mount snap "kodi" (cannot find mounted snap "kodi" at revision 100001) | 11:43 |
wsnipex | can I force install somehow? | 11:43 |
ogra_ | how did you build it ? | 11:44 |
ogra_ | snapcraft ? | 11:45 |
wsnipex | yes, but I had it installed before already | 11:45 |
wsnipex | then following zyga's advice to debug it, umounted it manually | 11:46 |
wsnipex | now I cannot get it to install anymore | 11:46 |
ogra_ | hmm, zyga might know a way out then :) | 11:46 |
ogra_ | since he got you into this | 11:46 |
wsnipex | where does snapd store its state? | 11:46 |
wsnipex | it clearly thinks its already installed, so if I could purge this somehow.. | 11:47 |
kyrofa | wsnipex, may I suggest the reset-state script in https://github.com/zyga/devtools/ ? | 11:52 |
wsnipex | kyrofa, thanks! | 12:04 |
wsnipex | worked | 12:04 |
kyrofa | wsnipex, hopefully once the next release makes it through the SRU process that won't be necessary anymore | 12:05 |
wsnipex | nice | 12:06 |
oparoz | Hey guys, can we use ZFS snapshots in Ubuntu Core to keep track of changes when doing updates/rollbacks? | 12:26 |
ogra_ | no | 12:28 |
oparoz | ;( | 12:28 |
oparoz | Why ogra_ ? ZFS isn't available? | 12:28 |
ogra_ | Perhaps in the future.... | 12:28 |
kyrofa | ogra_, will ZFS be supported at all now that it's in xenial? | 12:28 |
ogra_ | right | 12:28 |
kyrofa | Ah | 12:28 |
ogra_ | kyrofa, I still don't see it as a good default for embedded.... Beyond that we would indeed need to have support for that in all usespace tools | 12:29 |
ogra_ | *user | 12:29 |
ogra_ | (and it is only available on 64 bit arches afaik) | 12:30 |
kyrofa | ogra_, ah, right, now I remember a conversation you had with someone else about this a few weeks back | 12:30 |
oparoz | Ah yeah, I kind of forgot the memory requirements... | 12:30 |
oparoz | ARC is super hungry | 12:30 |
ogra_ | I think it is a good idea to support it long term... Optionally | 12:31 |
ogra_ | but definitely out of scope for the first image | 12:31 |
oparoz | Thanks ogra_ | 12:33 |
wsnipex | hmm, how can I disable binary stipping in snapcraft? | 12:37 |
=== JanC is now known as Guest26117 | ||
=== JanC_ is now known as JanC | ||
=== chihchun is now known as chihchun_afk | ||
sergiusens | didrocks if commander comes back, tell him to watch the UOS workshop session :-) | 13:08 |
kyrofa | wsnipex, what bad stuff is happening? | 13:09 |
sergiusens | wsnipex we don't do binary stripping just yet | 13:10 |
sergiusens | we will, we don't :-) | 13:11 |
=== oparoz is now known as Guest66429 | ||
=== oparoz_ is now known as oparoz | ||
wsnipex | right, I simply misinterpreted the snap output. Once I disabled stripping in the applikation build, its ok | 13:18 |
wsnipex | now I at least get a gdb trace of my crash: http://paste.ubuntu.com/16258222/ | 13:18 |
kyrofa | wsnipex, indeed, as sergiusens mentioned, we will eventually strip (which is why it's named "strip"), so you didn't really misinterpret :) | 13:19 |
wsnipex | is snap restricting access to set locale? | 13:19 |
kyrofa | wsnipex, ah, I know that error! | 13:19 |
kyrofa | wsnipex, are you running this in Ubuntu Core or the desktop? | 13:20 |
wsnipex | desktop | 13:20 |
kyrofa | wsnipex, I'm far from a locale expert so I don't actually know the problem, but one of my snaps had that problem as well and I ended up setting LC_ALL=C.UTF-8 in its wrapper to get around it. I couldn't use anything but C or C.UTF-8. I haven't investigated enough to know who to blame for it though-- the project I was snapping, or something to do with snappy | 13:21 |
kyrofa | wsnipex, sergiusens might have some suggestions, though | 13:21 |
kyrofa | wsnipex, note that ubuntu core _only_ has C and C.UTF-8 locales | 13:22 |
wsnipex | I'm assuming its snappy, since this code is perfectly fine outside of it | 13:22 |
kyrofa | wsnipex, any denials in the syslog? | 13:22 |
wsnipex | I'm running in devmode | 13:23 |
kyrofa | wsnipex, ah, then no :P | 13:23 |
kyrofa | wsnipex, yeah wait for sergiusens. ogra_ might have some suggestions as well | 13:23 |
wsnipex | otherwise it'd hang up way before that ;) | 13:23 |
wsnipex | I'll try setting the locale in the meantime | 13:24 |
didrocks | sergiusens: will do! :) | 13:26 |
wsnipex | oh wow, setting the locale to LC_ALL=C.UTF-8 works :) | 13:27 |
wsnipex | kodi now starts :D | 13:27 |
wsnipex | thanks kyrofa | 13:27 |
kyrofa | wsnipex, sure thing. Sorry for a workaround instead of a solution there-- I want one as well | 13:28 |
wsnipex | yeah, this needs fixing of course, but its great to have it working for now | 13:30 |
wsnipex | I still have a long road with app-armor... | 13:30 |
vila | sergiusens, kyrofa: coverage fixed in the macaroons branch (using ~130 recorded responses), hope that address your concerns | 14:33 |
jdstrand | elopio: hey-- I have a few ideas for integration tests and wanted to pass them along so they could end up on someone's queue somewhere? should I CC others? | 14:35 |
jdstrand | s/somewhere?/somewhere./ | 14:36 |
plars | fgimenez: elopio: Hi, I have some more info about that issue I was seeing | 14:54 |
plars | fgimenez: elopio: on that test that hits a kernel bug for me, but seems to work for you - I can make it work, but only if I run it by hand from *outside* the snap. When I try to run it from the snappy-tests snap that I built, I hit the problem. Maybe there's some permission/isolation issue here? (I did install with --devmode) | 14:55 |
fgimenez | plars, elopio mmm not sure, you only hit the problem with one of the tests? | 15:14 |
plars | fgimenez: so far, just that one. I haven't tried going further yet | 15:14 |
fgimenez | plars, that tests exercises the home interface by creating and installing test snap with that plug defined, maybe when you try to install that snap from another one without the plug it might cause problems | 15:18 |
plars | fgimenez: --devmode doesn't help me here? | 15:19 |
fgimenez | plars, not sure, can you try the networkInterfaceSuite? | 15:20 |
plars | fgimenez: some of them seemed to work, but then I got a bug here: | 15:22 |
plars | sudo snap disconnect network-consumer:network ubuntu-core:network | 15:23 |
plars | [82096.043981] BUG: unable to handle kernel NULL pointer dereference at 0000000000000038 | 15:23 |
plars | so as soon as it tried to disconnect it | 15:23 |
fgimenez | plars, that's from the snappy-test snap, right? | 15:24 |
plars | fgimenez: yes | 15:24 |
plars | fgimenez: can I just connect somehow to everything once the snap is installed? or do I need to go rebuild with more plugs defined in my snapcraft yaml? | 15:41 |
fgimenez | plars, maybe you can regenerate snappy-test defining all the plugs used by snaps created in the tests (currently home and network) | 15:41 |
fgimenez | plars, yes, once it's generated afaik you cannot connect to additional slots | 15:41 |
plars | fgimenez: I actually already have home defined - is that all the first one should have needed? | 15:42 |
plars | - snappy-tests:home | 15:43 |
fgimenez | plars, yes, the home-consumer snap only needs the home plug to be available, but i'm not sure of the behaviour calling it from another snap | 15:43 |
plars | but I also see this in snap interfaces output: | 15:43 |
plars | :home - | 15:43 |
ogra_ | i think you need to manually connect the interfaces | 15:44 |
fgimenez | plars, if you have it already defined and it is failing then that's not the solution of course | 15:44 |
fgimenez | plars, yes, home doesn't autoconnect | 15:44 |
plars | ogra_: fgimenez: so something like: sudo snap connect snappy-tests:home ubuntu-core:home | 15:45 |
ogra_ | yeah | 15:45 |
fgimenez | plars, ogra_ yes, that should do, you can check snap interfaces after | 15:45 |
plars | let me retry homeInterfaceSuite.TestPlugDisconnectionDisablesCreate with that set up | 15:46 |
plars | nope, still hit but on disconnect :( | 15:46 |
plars | sudo snap disconnect home-consumer:home ubuntu-core:home | 15:46 |
plars | [ 657.125253] BUG: unable to handle kernel NULL pointer dereference at 0000000000000038 | 15:46 |
* ogra_ guesses you are better off asking zyga or jdstrand here | 15:48 | |
fgimenez | plars, maybe zyga can help here ^ | 15:48 |
fgimenez | ogra_, yep :) | 15:48 |
jdstrand | plars: can you paste the full trace? | 15:48 |
plars | jdstrand: the original one was here: http://paste.ubuntu.com/16227643/ | 15:49 |
plars | jdstrand: but that looks slightly different from what I got now | 15:49 |
plars | https://www.irccloud.com/pastebin/isX3KDXU/ | 15:49 |
jdstrand | plars: can you file a bug? jjohansen1, you may want to look at that ^ | 15:50 |
jdstrand | plars: in your bug report, can you tar up everything in /var/lib/snapd/apparmor/profiles and /var/cache/apparmor ? | 15:51 |
plars | jdstrand: I'll have to reboot/retry - it's in a snapshotted qemu session right now, and it hangs when I hit this so hopefully there will be something useful there. Where's the best place to file this? | 15:52 |
ogra_ | interesting that systemctl doesnt complain about the autopilot stuff ... iirc we dont ship that anymore | 15:52 |
jdstrand | plars: oh, and home-consumer_1.0_all.snap. if that has sensitive stuff in it, feel free to strip out the sensitive stuff (only need the yaml) | 15:52 |
plars | jdstrand: that's all from the snappy integration tests | 15:52 |
jdstrand | plars: https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug | 15:53 |
fgimenez | jdstrand, home-consumer comes from here https://github.com/ubuntu-core/snappy/tree/master/integration-tests/data/snaps/home-consumer | 15:53 |
* jdstrand hopes that /var/lib/snapd/apparmor/profiles has the snap.home-consumer.reader and .writer policy | 15:55 | |
plars | jdstrand: you want me to run this like I did before, or after connecting to ubuntu-core:home slot manually? | 15:56 |
jdstrand | whatever gets the kernel bug | 15:56 |
oparoz_ | Does security-override works to give access to /proc ? | 15:58 |
plars | jdstrand: they both do :) | 15:59 |
plars | I'll do both | 15:59 |
plars | ! | 16:00 |
plars | it's working now - every single time I've run it so far I hit that kernel bug, and now it works | 16:00 |
plars | I wonder if running it as a snapshot made a difference | 16:01 |
jdstrand | plars: its possible sometimes the bug is a crasher and sometimes not. it is clear there shouldn't be a bug and the bug if it doesn't crash now may cause instability and other problems | 16:01 |
plars | ok, I got it to reproduce this time | 16:02 |
plars | by running the whole suite | 16:03 |
plars | jdstrand: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1579135 | 16:18 |
ubottu | Launchpad bug 1579135 in apparmor (Ubuntu) "kernel BUG on snap disconnect from within a snap" [Undecided,New] | 16:18 |
plars | jjohansen1: also ^ https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1579135 | 16:18 |
jdstrand | plars: awesome, thanks! | 16:18 |
jdstrand | plars: I left a couple of questions for you in the bug | 17:24 |
jdstrand | (fyi) | 17:24 |
ssweeny | jdstrand, any chance of a review for https://github.com/ubuntu-core/snappy/pull/1118 today? I'm going on holiday next week and I'd like to have this resolved if we can | 17:36 |
jdstrand | ssweeny: I might be able to. I'm working on something else but I think I can get it done before eod. note, the snappy guys are sprinting next week and seem to be traveling today, so not sure how all that will impact your plans | 17:44 |
ssweeny | jdstrand, fair enough | 17:45 |
blackout24 | I have snappy working on Arch Linux now. Kind of. The problem was that after implementing another check to see if snappy is used on a classic system it tries to do some bootloader stuff upon installing ubuntu-core. Since I didn't use grub it always just exited at that point. For simplicity I just installed grub without actually using it. Now it downloads and installs all the snaps. | 18:45 |
blackout24 | apparmor_status even shows that there are some profiles loaded now. | 18:46 |
blackout24 | Only problem is that a) for some reason /snap/bin isn't in my PATH despite installing apps-bin-path.sh in my profile.d and b) when I try to run ubuntu-calculator-app.calculator it wants root, while on a 16.04 test machine it doesn't. It also fails with "aa_change_onexec failed with -1. errmsg: No such file or directory" | 18:48 |
blackout24 | Adding support for systemd-boot is a little tricky since it's so minimalistic that it doesn't have an env file for variables. You'd probably have to implement a lot of string manipulation magic to essentially emulate that. Also the actual boot entry is a *.conf file in /boot/loader/entries. It can be named however you want. There is no sdboot.cfg for this or something. | 18:50 |
blackout24 | Ahh I see on 16.04 /usr/bin/ubuntu-core-launcher has different permissions | 18:56 |
ssweeny | jdstrand, thanks for the review! I'm looking at adding the label=###PLUG_SECURITY_TAGS### string and it needs a new helper function. My question is what should that string look like at the end. The function for slots includes all the bound apps but that doesn't seem right to me for this | 19:34 |
jdstrand | ssweeny: the plugs side gets all the connected slots. the slots side (what you are looking to add) are all the connected plugs | 19:35 |
ssweeny | jdstrand, ok, so it would still be something like "snap.name.app" or "snap.name.{app1..appn}" or "snap.name.*"? | 19:37 |
jdstrand | the actual format of that string should be like what ###SLOT_SECURITY_TAGS### is. if one snap/app, then no alternation, if all apps within a snap, then a glob (.*) and it multiple snaps, alternations with globs as needed | 19:37 |
jdstrand | yes | 19:37 |
jdstrand | but in this case you might end up with {snap.name1.{app1..appn},snap.name2.*,snap.name3.app} | 19:38 |
jdstrand | does that make sense? | 19:39 |
jdstrand | it is because multiple snaps can plug into a slot. the other way there was only the one slot provider | 19:39 |
ssweeny | ah | 19:40 |
ssweeny | ok | 19:40 |
plars | jdstrand: I'm not sure I understand your comment - I'm not trying to simply install that snap, I'm trying to run one of the integration tests in snappy, which I've packaged in another snap. The integration test does install that home-consumer snap as part of it, but that's just one piece of what it's doing. And it doesn't seem to be the installation of the | 19:41 |
plars | snap that's causing the problem | 19:41 |
jdstrand | I was trying to get at a simple reproducer. perhaps it would help if jjohansen1 was involved | 19:42 |
jjohansen1 | blackout24: what is logged in dmesg? | 19:43 |
jjohansen1 | what kernel, and which apparmor patchset (if any)? | 19:45 |
plars | jdstrand: I'll see if I can come up with something simpler | 19:45 |
jjohansen1 | a dump of apparmor/features would be good too | 19:46 |
ssweeny | jdstrand, from what I can tell the ConnectedSlotSnippet only gets a reference to one plug, so I guess there will be multiple snippets, one for each attached plug? | 19:46 |
jjohansen1 | jdstrand: uhm which of the 3 issues did you want me to jump in on? | 19:46 |
ssweeny | jdstrand, so each snippet will only have one snap with 1..n possible apps | 19:46 |
blackout24 | jjohansen1, I just rebuilt the stock ARCH kernel with CONFIG_AUDIT and and apparmor Kconfig flags. The version is 4.5.1 so it should be the latest upstream apparmor. | 19:47 |
blackout24 | I also packaged the latest upstream libapparmor and libseccomp | 19:48 |
jjohansen1 | blackout24: okay, I think there is a bug fix for change_profile that is needed for that kernel | 19:49 |
* jjohansen1 goes digging | 19:49 | |
jdstrand | ssweeny: I'm not sure. I'm not sure this subtlety was considered | 19:49 |
ssweeny | interesting | 19:49 |
ssweeny | I can't see any difference in the way the snippets go into the FS | 19:50 |
jdstrand | ssweeny: if it helps, you could treat it like ###SLOT_SECURITY_TAGS### for now and then ask the question in the PR for zyga to pick up when he is back online | 19:50 |
ssweeny | they're all just appended to the slot profile | 19:50 |
ssweeny | jdstrand, I'll give that a go | 19:50 |
jdstrand | and I'll jump in and help guide that discussion | 19:51 |
blackout24 | I stepped through ubuntu-core-launcher and it fails in line number 562 where it uses aa_profile as parameter, which is taken from the second parameter when the app is launched through the helper script. The Apparmor profiles all seem to be in place. | 19:52 |
jdstrand | blackout24: that suggests the profile isn't loaded | 19:54 |
blackout24 | Yes because "aa_change_onexec failed with -1. errmsg: No such file or directory", but the profile should be there if it wants to load it. | 19:54 |
jdstrand | blackout24: that error is somewhat misleading. it isn't able to change_onexec because the profile isn't loaded into the kernel. the launcher doesn't load the profile into the kernel, snap install does | 19:55 |
jdstrand | blackout24: what is the output of apparmor_parser -QTK /var/lib/snapd/apparmor/profiles/snap.your.profile? | 19:56 |
ssweeny | jdstrand, ok, the line I end up with is peer=(label="snap.location-service.{example-client,example-service,location-service-cli}") and apparmor doesn't like that: 5Z ERROR cannot setup apparmor for snap "location-service": cannot load apparmor profile "snap.location-service.location-service": cannot load apparmor profile: exit status 1 | 19:56 |
ssweeny | apparmor_parser output: | 19:56 |
ssweeny | AppArmor parser error for /var/lib/snapd/apparmor/profiles/snap.location-service.location-service in /var/lib/snapd/apparmor/profiles/snap.location-service.location-service at line 309: dbus rule contains message conditionals and service conditionals | 19:56 |
jjohansen1 | blackout24: hrmmm, I didn't find what I was looking for yet. It could have been a userspace error, I will keep looking | 19:57 |
jdstrand | ssweeny: can you paste the full rule? | 19:57 |
blackout24 | jdstrand, this command just returns without printing anything. apparmor_status says module is loaded and 1 profiles are loaded. | 19:57 |
blackout24 | snap.notes.notes is in enforce mode, but I try to run the calculator app at the moment. notes doesn't work, yet either. | 19:58 |
jdstrand | blackout24: ok so the userspace is ok. what is the output of apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.your.profile? (that shoudl be run as root) | 19:58 |
jdstrand | ssweeny: you can paste the whole profile if you want | 19:59 |
blackout24 | Also returns without printing anything | 19:59 |
blackout24 | But apparmor status now says that 2 profiles are loaded | 19:59 |
jdstrand | blackout24: and aa-status shows that 'snap.your.profile' is loaded in the kernel? | 19:59 |
blackout24 | And lists the calc app profile which I used for your command | 19:59 |
ssweeny | jdstrand, nevermind, I had the replacement string in one too many places. It seems to work now | 19:59 |
blackout24 | 2 profiles are loaded. 2 profiles are in enforce mode. <lists the notes profile and calculator profile now> | 20:00 |
jdstrand | blackout24: I suspect the launcher will get farther along now | 20:00 |
jdstrand | blackout24: assuming what you are trying to launch corresponds to one of those two profiles | 20:01 |
jdstrand | :) | 20:01 |
jdstrand | ssweeny: ack | 20:01 |
blackout24 | Yes. Now it fails with execv failed: No such file or directory. Will have to strace or ltrace that. | 20:01 |
jdstrand | blackout24: ok-- note there is a problem with snapd not loading the profile into the kernel during snap install that you'll have to debug | 20:02 |
jdstrand | blackout24: look at interfaces/apparmor/apparmor.go for details on what it is doing | 20:03 |
jjohansen1 | blackout24: that could be a different bug where apparmor is returning -ENOENT when the target profile is not found (I have patch in the upstream queue for that) | 20:04 |
jjohansen1 | blackout24: what is the message from apparmor in dmesg? | 20:04 |
blackout24 | jjohansen1, http://pastebin.com/8Y1diFRJ | 20:06 |
jdstrand | blackout24: are you using an upstream kernel or one with newer apparmor patches? | 20:07 |
jjohansen1 | upstream | 20:07 |
blackout24 | 4.5.1 without any patches. I rebuilt it from the official PKGBUILD on ARCH and just changed 4 Kconfig switches | 20:07 |
jjohansen1 | blackout24: thts it? It is missing at least one message | 20:08 |
jdstrand | blackout24: I very much doubt you are going to have success with a pure upstream kernel at this time | 20:08 |
jjohansen1 | there should be something from change_profile or exec | 20:08 |
jdstrand | beyond apparmor | 20:08 |
jdstrand | well, maybe with 4.5.1 it is primarily apparmor | 20:09 |
blackout24 | Packaging a new kernel with a handful of extra patches would not be a problem. I would adopt linux-apparmor in the Arch User Repo which is currently unmaintained and ship the extra patch to also make snappy run | 20:10 |
jdstrand | but assuming you can get it to work, you won't have dbus, ptrace, signal and unix mediation | 20:10 |
jdstrand | I see | 20:10 |
jdstrand | well, there are patches for 4.4 (Ubuntu has 4.4), I don't know the status of the 4.5 patchset | 20:10 |
jdstrand | and we're working to get these bits upstream | 20:11 |
jdstrand | but that'll take a while | 20:11 |
blackout24 | I could easily just set the package version to 4.4.0 and download the 4.4.0 kernel sources and apply the patchset. | 20:11 |
jdstrand | I'll let jjohansen1 comment on how to get the patches. they are in a git tree somewhere | 20:11 |
blackout24 | The kernel doesn't have to be as recent as the official ARCH kernel, which will remain untouched on the system anyway. | 20:11 |
jjohansen1 | blackout24: for the apparmor bits git://kernel.ubuntu.com/~jj/linux-apparmor-backports | 20:13 |
jjohansen1 | you are looking for the v4.X-aa3.5-beta1 branches | 20:14 |
blackout24 | jjohansen1, thanks | 20:14 |
ssweeny | jdstrand, I believe I've addressed all of your comments | 20:14 |
blackout24 | jjohansen1, it doesn't let me clone it for some reason. fatal: remote error: access denied or repository not exported: ~jj/linux-apparmor-backports | 20:18 |
jjohansen1 | blackout24: oops I stuck a ~ in there, thats only for the http version of the url | 20:19 |
jjohansen1 | git://kernel.ubuntu.com/jj/jj/linux-apparmor-backports | 20:19 |
jjohansen1 | urgg | 20:19 |
blackout24 | thanks | 20:19 |
jjohansen1 | lets try again | 20:19 |
jjohansen1 | git://kernel.ubuntu.com/jj/linux-apparmor-backports | 20:20 |
blackout24 | jjohansen1, something is still not working fatal: remote error: access denied or repository not exported: /jj/jj/linux-apparmor-backports | 20:20 |
jjohansen1 | blackout24: see that last url, I managed to double up the jj/ in the one you just tried | 20:21 |
jjohansen1 | the weekend can't come soon enough | 20:21 |
blackout24 | haha yeah I know that feeling | 20:22 |
blackout24 | cloning... | 20:22 |
=== Aria is now known as Aria|away | ||
=== Aria|away is now known as Aria | ||
=== Aria is now known as Aria|away | ||
qengho | ubuntu-device-flash says "expected a gadget snaps: snap not found". Specified "canonical-pi2". What gives? | 23:18 |
=== Aria|away is now known as Aria |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!