/srv/irclogs.ubuntu.com/2016/06/11/#snappy.txt

mhall119	d_ed: they aren't completely blocked, but access to them is mediated so apps can be given what they need and nothing more	00:00
d_ed	mediated by apparmor in the dbus server?	00:00
mhall119	access is determined by what "interface" they have a plug for, and that plug being connected (either automatically or with user concent, depending on the interface) to the appropriate slot	00:01
mhall119	d_ed: I believe it's apparmor, yes, but jdstrand or mdeslaur can probably confirm	00:01
mhall119	on distros without apparmor, snaps will have to run without confinement until an alternative can be integrated	00:02
d_ed	oh that's another topic I want clarifying:	00:02
d_ed	do you intent for snaps to be a thing on non Ubuntu platforms?	00:02
mhall119	absolutely	00:03
d_ed	most the snaps are linking against libs from the system aren't they?	00:03
mhall119	at the very least, other Linux platforms	00:03
d_ed	rather than all being in the snap layers	00:03
mhall119	no, they link against the "core" snap, which is a stripped down Ubuntu	00:03
mhall119	and soon they will be able to link to libs in a common shared snap	00:04
mhall119	so the snappy system should be insulated from the host system	00:05
mhall119	which would allow snaps to run on Fedora, for example, without knowing or caring that they're on Fedora	00:05
mhall119	d_ed: importantly, snappy as a project is welcoming to any changes/patches that are needed to make it work on other distros	00:06
d_ed	ok, and when buidling with snapcraft we can link .deb depencies, that'll always be Ubuntu ones because it's all from that core snap	00:07
sgclark	mm I don't think so	00:07
sgclark	I am using Neon debs atm	00:08
mhall119	I don't think the deb dependencies are necessarily related to the core snap, that was just a shortcut to getting pre-build binaries into the snap filesystem	00:08
sgclark	and I am going to be so overwehlmingly busy next week, I don't know that anything can help me lol. I also have to get all these things on my kde ci	00:09
sgclark	but hey, can't complain, I will be busy in the comfort of the Swiss alps.	00:11
mhall119	yeah, that's a pretty sweet sprint location	00:12
d_ed	RE DBus: It is restricted in the apparmor profile of the relevant snap	00:14
d_ed	with a lovely whitelist for gtk things	00:14
sgclark	hah	00:14
d_ed	but we can ship our own apparmor profiles, so that's quite good	00:15
sgclark	ok cool	00:15
mhall119	d_ed: ideally for KDE apps we would minimize most of the .deb dependencies, and build frameworks and qt	00:15
sgclark	I think we might go the opposite	00:15
sgclark	actually. to reduce repeat work	00:16
d_ed	we're building our for flat-pak	00:16
mhall119	d_ed: it's in the profile, yes, the snap's meta-data is used to generate a custom profile from a pre-defined template	00:16
sgclark	I am getting the latest and greatest using neons debs	00:16
sgclark	anyway, i am trying it, sitter asked me too and I have a hard time saying no to him lol	00:17
d_ed	allows us to tweak a few things to be better suited for running containerised (KDE_FORK_SLAVES for example, as we can't reach klauncher)	00:17
d_ed	:D	00:17
* mhall119 is in over his head with that		00:17
mhall119	d_ed: you're building apparmor profiles for flatpak?	00:19
d_ed	no, no, we build our own frameworks and Qt	00:20
mhall119	oh, ok	00:20
mhall119	then yes, that can be reused to build snaps	00:20
d_ed	flatpak doesn't use apparmor for DBus filtering, instead you have a proxy process (per "pak") that acts as a gateway between two busses	00:20
d_ed	it's a bit over complex	00:20
mhall119	do apps need to target that proxy specifically, or is it like a transparent proxy that looks like dbus?	00:22
d_ed	in theory or in practice?	00:22
mhall119	you mean they're not the same? :)	00:22
sgclark	lol	00:22
d_ed	the difference between theory and in practice, is that in theory, they're both the same	00:23
* mhall119 loves that saying		00:23
sgclark	lol	00:23
sgclark	ok I have to finish packing, leave tomorrow, see you Sunday d_ed!	00:23
d_ed	see you	00:24
d_ed	mhall119: I assume adding custom plugs/slots would be changes to snappy?	00:24
mhall119	d_ed: so snapd defined "interfaces", on one side of which is a plug and the other side is a slot	00:25
mhall119	interfaces for now are built into snapd itself	00:26
mhall119	but any snap can provide a plug or a slot for one of those interfaces	00:26
d_ed	ah! that's quite nice	00:26
mhall119	an example I'm looking at currently is Elementary's Contractor dbus service. That we would add to snapd as an interface, then they would provide a pantheon slot for that interface, and geary would provide a plug for it, and then snappy would connect the two together	00:27
mhall119	interfaces are fairly new, and I don't think anybody knows yet how we're going to scale that out, but having more use-cases like Contractor will help us figure that out	00:29
mhall119	sgclark: have a safe trip	00:30
mhall119	and you too d_ed :)	00:30
d_ed	more questions: My Ubuntu box runs snaps with "ubuntu-core-launcher" is this replaced by "smap-confine" ?	00:32
mhall119	sgclark: d_ed: I will be off work on Monday, though probably online, you can ping me if you need more information. Or just ask in here, which should be more active during Randa's daytime :)	00:33
mhall119	d_ed: that I don't know, several things are being renamed to be less "ubuntu-" and more distro-agnostic, so it could be	00:33
d_ed	edit, git logs says it is	00:34
d_ed	should have done that first	00:34
mhall119	snappy is evolving rapidly right now, which is part of the reason we want to have as many examples and use-cases from outside of Ubuntu and our apps as we can, so they can help direct that evolution	00:35
mhall119	d_ed: sgclark: something else you might be interested in, the snap store has beta-testing channels now, and snapcraft can push updates there from the command-line, so it's possible to use your CI infrastructure to publish the very latest updates to people who want to subscribe to that channel	00:38
d_ed	fyi, snapd doesn't appear on the repo listings of https://github.com/ubuntu-core	00:39
sgclark	mhall119: oh cool!	00:39
d_ed	but typing it manually works	00:39
mhall119	d_ed: It's on https://github.com/snapcore	00:40
d_ed	s/snapd/snappy	00:40
mhall119	again, moving away from ubuntu-* naming for this	00:40
d_ed	ah ok	00:40
d_ed	makes sense	00:43
d_ed	then I'm finally out of questions	00:43
mhall119	I'm sure that will chance come Monday :)	00:43
sgclark	yes	00:44
mhall119	as I said, folks in here on Monday will be able to answer any other questions you have, and I will be off-and-on around on Monday and then back fully on Tuesday	00:45
mhall119	I hope you both enjoy the Alps	00:46
sgclark	ty	00:46
=== JanC is now known as Guest3405
tsimonq2	so when I try to execute snaps, I get the following error thrown at me: failed to create user data directory. errmsg: Permission denied	07:09
tsimonq2	anyone know what's going on here?	07:09
zyga	o/	08:41
* zyga gets to work		08:41
=== Aria\|away is now known as Aria22
lundmar	hi, is it possible in a snap .yaml to somehow reuse eg. the version as a value in eg. source? For example: source: https://github.com/tio/tio/releases/download/v$version/tio-$version.tar.xz ?	10:52
lundmar	*variable	10:53
lundmar	hmm, why does a 1.20 version collapse into 1.2? Does snapcraft really force this type of version scheme?	10:56
lundmar	hmm, version: "1.20" did the trick so it does not collapse to 1.2	11:01
lundmar	yaml magic aye	11:02
zyga	lundmar: not today. but recall that snapcraft generates snap.yaml	12:27
zyga	lundmar: so there's a lot of room for variables and other stuff	12:28
zyga	lundmar: but the proper layer is above snap.yaml,	12:28
zyga	lundmar: so that complexity on snapd is not increased	12:28
lundmar	zyga: it's one of those convenience things. Would be nice not having to change the .yaml in multiple places just to bump version.	12:29
zyga	lundmar: and it is possible, just do it in snapcraft	12:49
lundmar	zyga: I'm not sure what you mean, I'm already using snapcraft - here is my snap: http://pastebin.com/zPZ62zyE	12:51
lundmar	I don't know of any way to reuse version in eg. source but I'm not yaml expert either.	12:52
zyga	lundmar: sorry, I meant that this is something that snapcraft could support	13:47
zyga	lundmar: then the variable could be used in snapcraft.yaml	13:47
lundmar	zyga: got it.	13:47
zyga	lundmar: and then snapcraft would replace the variable and generate the same snap.yaml we support today	13:47
zyga	lundmar: putting the complexity where it hurts less	13:48
lundmar	it would probably be a good feture for select key variables like version, name etc.	13:48
lundmar	feature*	13:48
=== oparoz_ is now known as oparoz
zyga	jdstrand: do we have to support ~/.config/pulse/cookie?	15:03
=== oparoz_ is now known as oparoz
tsimonq2	sorry for the repeat, but when I try to execute snaps, I get the following error thrown at me: failed to create user data directory. errmsg: Permission denied	17:53
tsimonq2	anyone know what's going on here?	17:54
tsimonq2	that's for multiple snaps	17:54
tsimonq2	I even have a snap I created in devmode that doesn't work because of that error	17:55
tsimonq2	I'll fire up a clean VM and try, but it's just really...annoying	17:55
qengho	tsimonq2: $ apt policy snapd; dmesg # to pastebin	18:16
tsimonq2	qengho: http://paste.ubuntu.com/17222462/	18:18
tsimonq2	that's apt policy snapd	18:19
tsimonq2	http://paste.ubuntu.com/17222480/ - and this is dmesg	18:19
qengho	tsimonq2: You should have 2.0.5 if you're on 16.04.	18:20
tsimonq2	qengho: I'm on Yakkety	18:20
tsimonq2	qengho: do I have to install a PPA then?	18:20
qengho	Oh, then you should have 2.0.8 or something! :)	18:20
qengho	Actually, I don't know that^. I'll verify.	18:21
tsimonq2	!info snapd yakkety	18:21
ubottu	snapd (source: snapd): Tool to interact with Ubuntu Core Snappy.. In component main, is optional. Version 2.0.2 (yakkety), package size 2745 kB, installed size 14700 kB	18:21
tsimonq2	!info snapd xenial	18:21
ubottu	snapd (source: snapd): Tool to interact with Ubuntu Core Snappy.. In component main, is optional. Version 2.0.5 (xenial), package size 2693 kB, installed size 14624 kB	18:21
tsimonq2	qengho: ^ :)	18:21
tsimonq2	O_O huh?	18:21
qengho	Ugh.	18:21
tsimonq2	well how does that work? :P	18:21
tsimonq2	I'll manually install the Xenial packages for now	18:22
qengho	It's technically possible, but weird because updating stable released (especially LTS!) is really hard, but updating the devel line is dead easy.	18:22
tsimonq2	yeah	18:23
tsimonq2	in fact, it probably should have went to Yakkety first	18:23
tsimonq2	because wouldn't it require an SRU?	18:23
qengho	Yes, unless it has an exception, and this might have one because it's new and not "released" yet. I don't know, here.	18:24
qengho	tsimonq2: Anyway, after .5, let us know if it still happens.	18:25
tsimonq2	I'm getting .8 from Launchpad :D	18:25
tsimonq2	:/ still	18:26
tsimonq2	[54353.152981] audit: type=1400 audit(1465669563.399:43): apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher" name="/home/.ecryptfs/simon/.Private/" pid=9481 comm="ubuntu-core-lau" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000	18:27
tsimonq2	[54353.152986] ecryptfs_dir_open: Error attempting to initialize the lower file for the dentry with name [/]; rc = [-13]	18:27
qengho	$ systemctl restart snapd.service # try this	18:27
tsimonq2	nope still	18:27
tsimonq2	does it help to know that I have an encrypted home directory?	18:27
qengho	tsimonq2: That second message is really weird.	18:27
qengho	I can tell you have one, silly.	18:28
tsimonq2	[54445.418517] audit: type=1400 audit(1465669655.670:44): apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher" name="/home/.ecryptfs/simon/.Private/" pid=9549 comm="ubuntu-core-lau" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000	18:28
tsimonq2	[54445.418521] ecryptfs_dir_open: Error attempting to initialize the lower file for the dentry with name [/]; rc = [-13]	18:28
tsimonq2	again... :P	18:28
qengho	"r" attempt, fail, that's fine.	18:28
qengho	read	18:28
tsimonq2	so apparmor can't read anythong off of my home directory?	18:29
qengho	tsimonq2: $ mkdir ~/snap/YOURSNAPPACKAGENAME	18:29
tsimonq2	*anything	18:29
tsimonq2	oh okay	18:29
tsimonq2	$ mkdir ~/snap/liferea	18:29
tsimonq2	mkdir: cannot create directory '/home/simon/snap/liferea': File exists	18:29
qengho	Oh, good.	18:30
qengho	Huh!	18:30
qengho	"ls" to make sure that's a dir, not a regular file.	18:30
tsimonq2	yup	18:30
tsimonq2	FWIW: drwxrwxr-x 3 simon simon 4.0K Jun 11 02:06 liferea	18:30
tsimonq2	and drwxrwxr-x 2 simon simon 4.0K Jun 11 02:06 100001 inside of that	18:31
qengho	tsimonq2: I have no idea, offhand. Time to look at source code, or "strace" it.	18:31
tsimonq2	qengho: I'll try getting off of an encrypted home directory	18:31
qengho	tsimonq2: er, okay, but I have one too, and it works for me.	18:32
tsimonq2	if that magically fixes it, I'll file a bug	18:32
qengho	(I do get ugly dmesg about that^.)	18:32
tsimonq2	weird	18:32
tsimonq2	okay	18:32
tsimonq2	thanks :)	18:32
qengho	tsimonq2: I don't know if it'll work.	18:32
tsimonq2	well i'll try	18:33
tsimonq2	I'll also Google around	18:33
qengho	$ strace -f -o snaptrace -e trace=file -p $(pidof snapd)	18:33
qengho	Do as root, probably.	18:33
qengho	It it install time, or run time?	18:34
qengho	"execute". hmm	18:34
qengho	Okay, that's harder.	18:34
qengho	And I have some things to do in Real Life. Back later.	18:34
tsimonq2	o/	18:35

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!