/srv/irclogs.ubuntu.com/2016/06/23/#snappy.txt

tsimonq2elopio, sergiusens: thanks for taking the time to make sure my code worked and fit the standards, that is much appreciated :)00:30
tsimonq2and elopio, I'm glad we have quality standards, it ensures things don't break ;)00:31
=== ayan_ is now known as ayan
ayanjdstrand: how do i allow seccomp() with the latest version of snap & snapcraft?  is there an interface i have to use (like x11 or unity7 etc.)?01:09
elopiotsimonq2: :) how is it going with the textwrap branch?01:36
tsimonq2elopio: I'm getting there :)01:39
tsimonq2elopio: I hope to have it done for tomorrow01:56
tsimonq2elopio: it *seems* like the only thing blocking it are the unit tests failing because they expect a text wrap01:57
sergiusenselopio fixed https://github.com/ubuntu-core/snapcraft/pull/58402:09
sergiusenselopio I had to manually review the vendored implementation and noticed that the upstream one is actually nicer :-P02:10
elopiotsimonq2: yes, that's what I think too.02:50
sergiusenselopio am now fighting this http://paste.ubuntu.com/17728277/02:50
sergiusenselopio all green https://github.com/ubuntu-core/snapcraft/pull/588 !02:50
elopiosergiusens: nice! I'll review it after dinner.02:52
elopiothat tweetnacl error, I have no idea.02:52
sergiusenselopio I do, we need newer libraries and packages than what we have in trusty :-/02:54
sergiusenselopio might be time to bring back that xenial lxd monster again02:55
tsimonq2elopio: well it keeps failing, the unit tests02:57
sergiusenselopio already reviewed, but I will let you take a stance at it, is dinner over soon? If not I am going to bet02:59
sergiusensbed02:59
elopiosergiusens: go for it. I'm about to start.02:59
elopioI'll review it when it is SRU time.02:59
tsimonq2elopio: could you peek at the build errors on https://github.com/ubuntu-core/snapcraft/pull/592 when you have the chance? I don't know what's wrong03:18
sergiusenselopio for dessert! https://github.com/ubuntu-core/snapcraft/pull/59003:53
=== chihchun_afk is now known as chihchun
ConfusedInternI  was wondering if anyone knew about the current status of 64-bit Ubuntu Snappy Core on the Raspberry Pi 3?07:48
ConfusedInternThe most recent info I can find on it is that you can run the Pi 2 32 bit image with a 64 bit version in the works. I wondered if that had been released yet or if anyone knew when it's expected?07:49
zygaConfusedIntern: hey08:04
zygaConfusedIntern: I think everyone is waiting for the pi foundation to release required files for the pi to use 64 bit code08:04
zygaConfusedIntern: from our end we will update the kernel snap when that happens08:05
zygaConfusedIntern: and we already have the userspace (because it is shared)08:05
zygaConfusedIntern: but right now the question is to the raspberry pi foundation, not ubuntu08:05
zygaConfusedIntern: ogra can correct me if I'm wrong but IMHO this is how things look like today08:05
ConfusedInternzyga: Ah ok then. Thanks!08:13
=== hikiko is now known as hikiko|afk
fusion809Anyone come up with a way of editing source files (like with sed) before building a snappy package from 'em?08:42
morphisjdstrand: will have a look08:52
zygajdstrand: https://bugs.launchpad.net/snap-confine/+bug/1595444 FYI08:58
ubottuLaunchpad bug 1595444 in Snappy Launcher "current working directory is always /" [High,In progress]08:58
=== hikiko|afk is now known as hikiko
=== hikiko is now known as hikiko|ln
=== hikiko|ln is now known as hikiko
jdstrandayan: re seccomp> you don't need to do anything except have snapd 2.0.9 installed when you installed your snap. eg:12:09
jdstrand$ grep '^seccomp' /var/lib/snapd/seccomp/profiles/snap.hello-world.sh12:09
jdstrandseccomp12:09
jdstrandzyga: it looks like setup_snappy_os_mounts() isn't chdir()'ing back to the user's pwd after it does its thing12:12
jdstrandzyga: see the changes to setup_private_mount() that I did recently that does do that12:13
jdstrandzyga: were you planning on committing the arg filtering branch today? (I'd just like it in place for the snapd 2.0.10 landing if possible)12:14
ysionneauany example of a snapcraft.yaml using systemd socket activation feature for a daemon? thx12:25
ysionneauI thought I found some yaml syntax doc about that on ubuntu website before ... but I cannot find it anymore12:26
ysionneauah, found it: https://developer.ubuntu.com/en/snappy/guides/meta/ !12:28
zygajdstrand: yes12:30
zygajdstrand: but after spread works12:30
zygajdstrand: btw, I have a fix for the chdir thing12:30
zygajdstrand: I'm just going through the process where we get real system tests for this12:30
jdstrandzyga: awesome :)12:40
jdstrandthanks! :)12:40
zygajdstrand: https://github.com/snapcore/snap-confine/pull/49/files12:40
zygajdstrand: simple smoke test for debian and ubuntu :)12:40
jdstrandzyga: nice!12:48
jdstrandthough, the curl bit is a bit weird. are all the spread tests doing that?12:48
zygajdstrand: yes, spread is not available anywhere12:48
jdstrandhrm12:49
jdstrandhopefully spread-amd64.tar.gz doesn't get trojaned12:49
jdstrandsurely one could at least snap the snap from the store and unsquash it?12:50
jdstrands/snap the snap/snag the snap/12:50
zygajdstrand: perhaps but TBH this wouldn't be any different12:50
jdstrandsure it would12:50
zygaI need to ask gustavo about more debian hosts12:51
zyganiemeyer1: can you please add another debian-8 node to our spread pool12:51
jdstrandI don't know how well that instance is protected. we know how well the store is protected12:51
jdstrandanyway, I expressed my concern12:51
zygajdstrand: yeah, I get your point12:51
zygajdstrand: spread is one tarball, we could perhaps check the hash12:52
jdstrandeven just an upload to LP in universe wuld help, then you could apt-get source it)12:52
zygajdstrand: that's better than unsquashfs as it is universally easier to get without sudo12:52
jdstrandunsquashfs doesn't need sudo. did I misunderstand something?12:52
jdstrandanyway, I see you are thinking about it. that was all I wanted to have happen12:53
jdstrand:)12:53
zygaI mean sudo to install unsquashfs12:53
zygathis is just a travis limitation12:53
zygaif you want sudo you wait longer for a test slot12:53
jdstrandah, that isn't on the node?12:53
jdstrandI don't know how those are setup12:54
zygajdstrand: those are typically old ubuntu (trusty)12:54
zygajdstrand: + loads of modifications by travis12:54
zygajdstrand: we don't do anything there apart from getting spread12:54
zygajdstrand: and running it12:54
jdstrandI'm surprised snapd tests are going to work there12:54
jdstrandI would think there would be kernel patches, etc that are needed12:55
zygajdstrand: snapd doens't do much there12:55
zygajdstrand: and we mock everything12:55
zygajdstrand: real tests are spread tests12:55
zygajdstrand: those run on lindode on the real ubuntu kernel12:55
jdstrandoh, these aren't for integration tests? I thought that was part of the allure of spread12:55
zygajdstrand: no no, those are integration tests but there are layers12:56
zygajdstrand: travis picks up github events12:56
zygajdstrand: travis is then configured to download and run spread12:56
jdstrandok, clearly I should stop distracting you. I find it interesting, but there are better things we can be doing than getting me up to speed on the test infrastructure :)12:56
zygajdstrand: spread distributes the code to linode vms12:56
zygajdstrand: and then real stuff happens on linode vms12:56
zyga:D12:56
jdstrandI see. neat :)12:56
zygano worries, I'm looking at the build log12:56
jdstrandzyga: though while I have you-- have you seen the various fail to upgrade bugs on yakkety for the launcher? oh, maybe 1.0.30ubuntu1 fixes that...13:00
zygajdstrand: yes13:04
zygajdstrand: I think will be fixed with 1.0.3313:05
zygajdstrand: or perhaps one of the earlier ones13:05
zygajdstrand: I don't release to debian so I feel pretty helpless about it13:05
jdstrandit will be nice when snapd on yakkety passes autopkgtests. so many bugs at fix committed...13:14
zygajdstrand: do you know what's blocking it there?13:14
jdstrandzyga: http://people.canonical.com/~ubuntu-archive/proposed-migration/update_excuses.html . search for 'snapd'13:17
jdstrandthe launcher has some always failed tests (though not sure why on armhf) and autopkgtests fail for all archs for sanpd13:18
kyrofaHey ogra_ you're building os snaps for s390x, right?13:23
ogra_indeed13:23
zygajdstrand: the launcher should have 0 tests on !amd6413:25
zygajdstrand: this is now made so upstream13:25
zygajdstrand: perhaps older tests13:25
zygakyrofa: *core* :)13:25
kyrofazyga, has that actually happened yet?13:25
kyrofaogra_, does the store allow uploading snaps of that arch?13:25
jdstrandzyga: note my arg filtering branch re-enables i386 because I fixed the tests for it13:25
stgraberis there anything I should be doing to have https://github.com/snapcore/snapd/pull/1380 re-reviewed and ideally, merged?13:25
ogra_kyrofa, yep13:25
jdstrandzyga: talking about the internal testsuite of course, not autopkgtests13:26
zygajdstrand: for snap-confine? yes that's what I was talking about as well13:26
jdstrandzyga: yes, for snap-confine. there isn't really any reason to not do it for all, but I felt strongly we needed at least 32 bit and 64 bit represented in the testsuite13:27
zygastgraber: yep, someone has to look and review them13:27
zygajdstrand: I'll add 32bit ubuntu to the linode mi13:27
ogra_kyrofa, there are ubuntu-core snaps in the store for all arches except the 32bit powerpc13:27
zygamix13:27
kyrofaogra_, I'm gonna see if launchpad will open that for me then. Wait, the store accepts ppc64 as well?13:27
kyrofaIt didn't last time I tried13:27
ogra_it did when i uploaded the snap ... but thats a while ago13:28
kyrofaogra_, well I tried probably a while before that, so nice13:28
ogra_it is a hard requirement that we support these two arches on classic13:28
ogra_so if it got dropped it has to come back :)13:28
sergiusenskyrofa mind moving your wiki part entry to the new wiki format?14:00
kyrofasergiusens, you need to the new wiki page?14:06
kyrofas/need/mean/14:06
kyrofasergiusens, done14:08
sergiusenskyrofa yeah14:09
sergiusenskyrofa thanks14:11
skayhi, I made my first snap, just a python based cli. is there advice for getting a smaller file size?14:20
didrocksskay: hey! you can filter with some stenza like snap: prime: or others that output to the snap file14:23
didrocksskay: see those keywords in https://developer.ubuntu.com/en/snappy/build-apps/snapcraft-syntax/14:23
skaydidrocks: thanks!14:23
didrocksyw ;)14:24
croephaso, why would a path be present in  /snap/my-app/current/ and not be present when I run a shell in the snap?14:24
croephaor any command, not just a shell14:24
jdstrandis there a way to run a single unit test? './run-checks --unit' is better than without '--unit' but still a bit long14:24
mhall119sergiusens: now that snap-confine works on Elementary 0.4, it sure would be nice if we could get the Panteon-Mail snap working for them14:27
jdstrand'go test github.com/snapcore/snapd/interfaces/builtin' seems to do what I want14:28
olli__ogra_, I just asked jamiebennett to help with the bug links14:34
ogra_kyrofa, is your nextcloud.occ a wrapper script (or could you make one for it and simply put in "sudo -i" in there ?)14:34
ogra_that should fix the issue and even call sudo transparently14:35
ogra_olli__, gracias ... i'd do it myself but i'm no OP here afaik14:35
kyrofaogra_, it is. I'm not a huge fan of forcing sudo upon the users without warning, but that's not a bad idea14:36
ogra_well, does it make any sense to run it without sudo ?14:36
ogra_then building it in is indeed bad14:36
kyrofaogra_, honestly no :P14:36
ogra_but if you need sudo anywy that is a nice way of just getting it14:36
kyrofaogra_, yeah, I think I'll do that, thank you :)14:37
ogra_you simply get a password prompt14:37
kyrofaogra_, but: this bug is still valid, yes?14:37
ogra_(and could put an echo before it if you feel like ... to tell the user whats going on)14:37
sergiusenskyrofa ogra_ or check euid and provide feedback on why sudo is needed14:37
ogra_well, i'm not sure, i think sudo does what it should ... we mangle the path in a place it cant use14:38
kyrofasergiusens, the problem is actually that sudo doesn't have /snap/bin in the path, so just running with sudo doesn't work14:38
ogra_right ... you need to use -i to make it process the pam login process14:38
kyrofaogra_, not every app will have the use-case I have (i.e. where it makes no sense to run without sudo)14:38
ogra_so /etc/profile.d gets read14:38
ogra_kyrofa, yes, indeed14:38
ogra_the prob is the other place to mangle it would be ~/.bashrc or /etc/environment ... of the host machine14:39
mhall119hi all, is there a way for me to upload a snap (geany in this case) under my developer namespace, while reserving the canonical (little c) name for the upstream?14:39
ogra_i think both would solve it but both are a no-no14:39
mhall119or do I need to do like cwayne did and put my name into the package name, like: mhall119-geany14:40
* ogra_ would put his name last 14:40
mhall119geany-ogra then?14:40
kyrofamhall119, I've been using canonical names expecting to transfer them14:40
mhall119kyrofa: ok, but what will show in Gnome Software for Geany if I do that?14:43
ogra_mhall119, yeah14:43
kyrofamhall119, I'm not sure I understand the question14:43
kyrofamhall119, oh, you mean because it has both debs and snaps named geany?14:43
ogra_mhall119, i suspect it pullls the name from the .desktop file ... but ask Laney, he knows the magic behind this14:43
mhall119kyrofa: if I open the Software app on Ubuntu and search for "Geany", I don't want users to think that my snap is the official one to use14:43
kyrofamhall119, why not? Does Geany package its debs? What is official?14:44
sergiusensKeep it in a non stable channel14:44
sergiusensAnd what kyrofa said14:45
sergiusensPeople will see you are the publisher14:45
ogra_except that you cant see non-stable channels anywhere14:47
ogra_(yet)14:47
ogra_(my gitter snap is in beta and edge ... there is no way to see it with "snap find")14:48
kyrofaogra_, yeah channels aren't very useful right now. No way to change channel without removing first, etc14:49
ogra_yep14:49
kyrofaogra_, verified, ppc64 accepted! Awesome14:52
ogra_:D14:52
kyrofaogra_, now I just need the LP team to unlock s390x for my snap recipes14:52
=== chihchun_afk is now known as chihchun
ogra_ hah14:53
mhall119kyrofa: no, geany does not package it's debs14:53
mhall119they rely (happily) on distros to package and published geany14:54
jcastroso will there be a way to browse unstable/edge snaps in the store or is the intent to keep them user invisible for QA reasons?14:56
elopiodidrocks1: ping. I14:57
elopioI'm copying your travis/docker setup from playpen, but I'm failing to collect a file afterwards.14:57
elopiodidrocks1: can you give me a hand? https://travis-ci.org/ubuntu-core/snapcraft/jobs/139686897 (take a look at the coveralls statement)14:58
dholbachdavidcalle, https://github.com/ubuntu/snappy-playpen/wiki/Examples is taking some time to put together, but I said to didrocks1 earlier that I'm getting to the first items in the playpen where I'm like "ok, I documented something like this already" - maybe it's going to be quicker now ;-)14:59
kyrofamhall119, right, that's my point. So what is official?15:01
davidcalledholbach: I'll wait for it to be in a state you are comfortable with before sending the weekly update, can wait tomorrow! :)15:02
dholbachcool15:02
sergiusensjosepht found a little nit in the parser, if `source` is not there, we shouldn't fail15:03
mhall119kyrofa: what's in the archive is official15:05
mhall119mine is experimental15:05
kyrofamhall119, if you don't anticipate getting it stable enough to be "the Geany snap" then yes, perhaps you should name it something else15:07
mhall119kyrofa: it's not just that it's a snap, it's also using gtk3 which upstream hasn't switched to by default yet15:08
josephtsergiusens: 'source' in the snapcraft.yaml from 'origin'?15:09
kyrofamhall119, I guess what I'm saying is that, until upstream wants to publish their own snaps, I don't see a problem with claiming the official name and trying to get something stable out there, just like we do with the archives.15:10
kyrofamhall119, there is of course no problem with naming it something different either15:11
elopiodidrocks1: ah, nevermind. I think I got it.15:15
* ogra_ melts15:17
didrocks1elopio: ah sorry, didn't see the ping15:19
didrocks1glad you sorted it out15:19
elopiofgimenez: let's skip today, to see if I finish something before my swimming class.15:21
fgimenezelopio, ok, i was going to porpose the same to you :) (without the swimming part)15:22
elopiofgimenez: :D15:26
stgraberjdstrand: is there some env variable or config I can set to temporarily entirely turn off apparmor in snapd?15:28
stgraberjdstrand: I'd be fine with masking paths in /sys and/or /proc if that works as a way to have that code skipped (basically pretending the kernel doesn't have apparmor support)15:28
jdstrandstgraber: you can boot with apparmor disabled. you can install the snap with --devmode. you can modify the profile in /var/lib/snapd/apparmor/profiles/snap... to be in complain mode. you can compile ubuntu-core-launcher with --disable-confinement15:30
jdstrandstgraber: but why are you doing that?15:30
stgraberjdstrand: running snapd inside an unpriv lxd container15:32
jdstrandso it is the snapd inside the container you want to disable apparmor?15:32
kyrofaogra_, sudo is denied :P . I should have guessed that, of course it is15:33
jdstrandif so, I think the easiest you can do until the nesting work is done in lxd is to compile ubuntu-core-launcher without confinement15:33
ogra_ah, crap, indeed15:33
stgraberjdstrand: I've sorted out the squashfs part of the problem and tych0 is looking at apparmor namespacing but trying to see if there's any other issue we'll have to take care of after that15:33
stgraberjdstrand: ok15:34
kyrofaogra_, who's problem is that? snapd?15:34
jdstrandstgraber: go here: https://github.com/snapcore/snap-confine15:34
ogra_kyrofa, that sudo doesnt work ? thats a feature :)15:34
ogra_you would have to ship sudo and a sudoers file inside15:34
kyrofaogra_, no no, I mean the environment thing, sorry15:34
jdstrandstgraber: see PORTING on how to use --disable-security. modify debian/rules for that. build the deb and use that in the container15:35
kyrofaogra_, since I can't workaround it, I'd like to push it a little15:35
stgraberjdstrand: ok, thanks15:35
elopiosergiusens: any idea about this error? https://travis-ci.org/ubuntu-core/snapcraft/jobs/13979157815:35
jdstrandstgraber: I think that should work (if you have trouble with --disable-security, talk to zyga since he has been in charge of the cross distro story)15:35
kyrofaogra_, but I don't know if it's something to be fixed in the snapd packaging or what15:35
ogra_well, as i said, not sure we can actually call it a problem ... sudo behaves as advertised and snnapd cant really mangle the other configs that would enhance $PATH15:35
jdstrandstgraber: that should work with snapd 2.0.9 that is in xenial now, so I think that is the only thing to change15:36
ogra_kyrofa, probably someone from the security team can elaborate if the sudo behaviour is correct15:36
kyrofaogra_, alright, thanks15:37
ogra_(i think it is though ... this is a tricky one)15:38
stgraberjdstrand: yeah, my snapd was built from current git as I needed my squashfuse support patch15:38
jdstrandyou should be doubly ok then :)15:38
=== davidcalle is now known as davidcalle_afk
kyrofajdstrand, currently /snap/bin is in the user's path, but the `sudo` secure path doesn't include it, which means `sudo snapname.appname` doesn't work. Can you think of a secure way to fix that?15:38
jdstrandthat is an old bug15:39
kyrofajdstrand, I know, but I didn't see any bugs actually logged about it15:39
kyrofajdstrand, maybe there was and I just duped it15:39
kyrofajdstrand, I seem to remember it working in 15.04 though15:40
sergiusenselopio yeah, just discussing that with josepht right now, already have a fix. Let me push15:40
jdstrandI think there is one, however, I'm going to defer to mdes laur since he looked at secure path for something else recently on 16.04. he is on holiday though. is this something you can circle back on (I would think so, this bug is ancient)?15:40
elopiosergiusens: cool, I'll rebase mine.15:41
kyrofajdstrand, oh certainly15:43
jdstrandI think he'll have most of the considerations at hand15:44
kyrofajdstrand, I'm going to forget though, so I'm going to send out an email if that's okay?15:44
jdstrandkyrofa: please send to security@ubuntu.com and you might get people responding sooner :)15:45
kyrofajdstrand, you got it! Is that an open list?15:45
jdstrandit's an email exploder for just the security team15:46
kyrofaOkay very good15:46
kyrofajdstrand, do you know if a bug was ever logged about that issue?15:47
kyrofajdstrand, I know it's old15:47
* jdstrand looks15:48
jdstrandkyrofa: bug 1411671. it looks like we did fix it in 15.04 core images via ubuntu-core-config, but I think it needs to be revisited, esp. for changing this on classic15:51
ubottubug 1411671 in Snappy "/apps/bin should be added to sudoer's secure_path" [Wishlist,Fix released] https://launchpad.net/bugs/141167115:51
kyrofajdstrand, ah, that explains why it used to work!15:51
kyrofajdstrand, still worth a security email?15:52
kyrofaAlso, I figure that bug should just be re-opened and mine marked dupe, but I'm not sure how to track a bug that's fixed in 15 and valid in 16. Just target to series?15:54
zygajdstrand, tyhicks: https://github.com/snapcore/snap-confine/pull/48/files15:57
zygatyhicks: thanks for your comment15:57
ogra_jdstrand, hmm, do you know if adding to secure_path via a sudoers.d snippet would work ?16:00
ogra_ah16:01
ogra_seems += will work16:01
sergiusenselopio https://github.com/ubuntu-core/snapcraft/pull/59816:02
ogra_argh16:03
ogra_or not16:03
* ogra_ just killed sudo on his laptop16:03
ogra_damned16:03
zygaogra_: :D16:03
zygaogra_: when fiddling with sudo config, have a root session around16:03
ogra_well, i havent seen recovery mode in years ...16:04
ogra_zyga, if i actually plan to work on it i do that too ... damned spontanity at 34′C16:04
dholbachall right my friends - I call it a day - see you all tomorrow again!16:05
seb128dholbach, enjoy!16:06
dholbachyou too16:06
zygaogra_: 34!! where are you?16:07
zygaogra_: still in greece?16:07
jdstrandmorphis: hey16:31
morphisjdstrand: so what are we doing with pulseaudio and the recording on xenial16:31
morphisI may can spend and hour or so on monday to get this started16:32
jdstrandmorphis: the agreement was to sru blocking recording and then work on pulseaudio/trust-store/interfaces migration to express recording in interfaces16:32
jdstrandmorphis: sru is phase 1. interfaces phase 216:33
morphisright16:33
morphisphase 1 is what I meant16:33
jdstrandthe meeting yesterday was for phase 2, but the meeting didn't happen and I need to reschedule16:33
morphisaye, I mainly meant the bug you pinged me about yesterday16:34
jdstrandmorphis: yeah, that is part of phase 116:34
morphisjdstrand: so what is left for this is proper testing and then getting the SRU out16:35
jdstrandsounds great :)16:35
morphisjdstrand: I can do the testing on monday16:35
morphismaybe someone else can then help with the SRU16:35
jdstrandawesome! I'll make a note in the card. thanks! :)16:35
jdstrandmorphis: what kind of help are you looking for? helping through the process?16:36
morphiseither that or someone taking it completely16:37
jdstrandmorphis: if I had a tested debdiff I could get it over the finish line16:37
morphisjdstrand: sounds good16:38
morphisjdstrand: then lets do it this way16:38
jdstrandmorphis: great, thanks!16:40
morphisjdstrand: will ping you on monday then16:40
jdstrandcool16:40
sborovkovHello. Doing sudo apt update on Ubuntu Mate on RPI - and getting this E: The repository 'http://ppa.launchpad.net/snappy-dev/tools/ubuntu xenial Release' does not have a Release file. - any ideas what could be happening.16:44
sborovkovAlso this error is the first one -  Cannot initiate the connection to ports.ubuntu.com:80 (2001:67c:1360:8001:1::2). - connect (101: Network is unreachable) [IP: 2001:67c:1360:8001:1::2 80]16:44
ogra_any reason why you have this ppa enabled ?16:45
popeyjdstrand: what does this mean:- "adjust snap to ship 'scmp_sys_resolver'16:45
popey(forgive my ignorance)16:45
jdstrandscmp_sys_resolver is what is used to resolve a syscall number to a name (or vice versa). whatever snap that is should ship it as part of the snap. if it is snappy-debug, that is a known issue-- do 'apt-get install seccomp'16:48
popeyon the host, not in the snap?16:49
popeyseccomp is already the newest version (2.2.3-3ubuntu3).16:49
popeyon the host16:49
jdstrandpopey: yes, on the host. is that snappy-debug?16:51
popeyyes16:51
popeyhttp://paste.ubuntu.com/17754105/ is the full output16:51
popeyam fixing the network-bind one first16:52
jdstrandpopey: oh, install it in strict mode and that will go away16:52
popeyoh16:53
jdstrandthere are some issues with complain mode logging that we're working through16:53
popeysuper16:56
jdstrandsnappy-debug also needs some work that will happen after some other higher priority interfaces work16:56
popeyI seem to be picking all the awkward apps to snap :)16:57
jdstrandpopey: several of those denials are fixed in 2.0.9. plug the opengl interface and reinstall and two of those will go away (it may make the ptrace go away too)17:00
popeyjdstrand: sorry, what do you mean by "plug the opengl interface"?17:04
jdstrandpopey: in qtox, make sure you have 'plugs: [ ..., opengl ]'17:05
popeyah, i do17:05
jdstrandpopey: upgrade to 2.0.9, then uninstall and reinstall qtox then17:05
popeyawesome, thanks17:06
jdstrandthat uninstall/reinstall things is also queued up and will be resolved in the next couple of sru cycles17:06
seb128jdstrand, mvo, did you see bug #1595478 ?17:26
ubottubug 1595478 in ubuntu-core-launcher (Ubuntu) "package snap-confine 1.0.30 failed to install/upgrade: trying to overwrite '/etc/apparmor.d/usr.bin.snap-confine', which is also in package ubuntu-core-launcher 1.0.29+2" [Undecided,Confirmed] https://launchpad.net/bugs/159547817:26
seb128unsure where those packages are coming from17:26
jdstrandseb128: I did. I pointed it out to zyga today. I think 1.0.30ubuntu1 may fix it17:34
seb128jdstrand, thanks17:36
sergiusenselopio is our testing infra down?17:39
croephaso ubuntu-core-launcher /is/ snap-confine?17:46
ogra_seb128, jdstrand they were falsely synced from debian (and i thought removed from the archive already)18:16
jdstrandcroepha: re snap-confine is the name of the project. ubuntu-core-launcher is the package name for snap-confine in Ubuntu 16.04 for historical reasons18:17
jdstrandsource package name*18:18
croephajdstrand: gotcah18:18
croephajdstrand: I mean, thanks :)18:18
jdstrand:)18:18
mhall119jdstrand: can you look at https://bugs.launchpad.net/snappy/+bug/1595649 and see if this is a confinement thing (I don't think so, because it fails in --devmode too) or not?18:20
ubottuLaunchpad bug 1595649 in Snappy "Audio playback fails for KDE apps with Phonon" [Undecided,New]18:20
d_edmhall119: it'll be failing to find a phonon backend, it's based on a hardcoded path at compile time18:26
d_edby default ${CMAKE_INSTALL_PREFIX}/${PLUGIN_INSTALL_DIR}/plugins18:27
croephaso, im assuming that if I snap install with --devmode then i am essentially bypassing all the Apparmor/interfaces access control stuff right, i should essentially have all the rights as if I was running not in a snap right?18:31
mhall119sgclark: ^^ see above.18:42
mhall119d_ed: is there a configuration work-around for that, or does it require a patch to some upstream code?18:42
mhall119croepha: I believe so, yes18:42
zygacroepha: yes, except that you still run in a different filesystem18:44
sgclarkmhall119: d_ed that is what I thought. I tried setting several env vars in qt5-launch without luck.18:45
d_edas far as I can see, no18:47
d_edhowever, it does also search the Qt install path - so one /could/ change phonon backends to install where Qt does or maybe add symlinks18:48
d_ed..or we fix upstream code18:48
d_edsee ensureLibraryPathSet() in Phonon18:49
sgclarkok18:49
sgclarkthanks18:49
croephamhall119, zyga: Thanks18:54
=== JanC is now known as Guest91547
=== JanC_ is now known as JanC
jdstrandpopey: fyi, I updated snappy-debug for the new 2.0.9 policy which should help the experience a bit18:56
jdstrandit's in the store18:56
zygajdstrand: hey, what is your opinion on https://github.com/snapcore/snap-confine/pull/4818:58
zygajdstrand: I'd like to move forward on that branch18:58
zygajdstrand: also a small bug in https://github.com/snapcore/snap-confine/pull/7/files#r6829557819:04
popeyjdstrand: thanks19:04
popeyis there a way to update all my snaps at once now?19:06
popeyuh..19:07
popeyalan@gort:~$ sudo snap refresh snappy-debug19:07
popeyerror: cannot perform the following tasks:19:07
popey- Download snap "snappy-debug" from channel "stable" (revision 22 of snap "snappy-debug" already installed)19:07
zygaknown issue19:09
popeyok19:11
jdstrandpopey: remove and reinstall and you should be set19:15
popeyah19:21
zygajdstrand: if you fix the one thing that probably leads to snap-confine crash I'll merge the seccomp filtering patch19:44
jdstrandzyga: huh?19:45
jdstrandwhat crash?19:45
jdstrandis it in the PR?19:45
jdstrandI see your notes19:46
jdstrandmeh, last minute change19:46
* jdstrand fixes19:46
zygajdstrand: I've commented on the pull request19:46
jdstrandI see19:46
jdstrandzyga: done. note the ci tests failed for something unrelated20:11
cwaynezyga: have you treid running refresh-bits in yakkety?20:13
=== devil is now known as Guest11152
croephaanyone got xserver-xorg running in a .snap that I can look at? im having all kinds of issues, currently im getting a segfault in xf86OutputClassDriverList tracking it down now20:41
croepha?20:41
elopiosergiusens: we have coverage: https://github.com/ubuntu-core/snapcraft/pull/59720:45
elopioif integration tests pass in travis, you can land this one and the requirement.20:45
jdstrandcroepha: I don't have specific details on that question (I don't know anyone who has tried that), but most people will not embed the X server in the snap and install use 'plugs: [ x11 ]' (or unity7) and install the snap on a 'classic' system (eg, a desktop system with X)20:49
jdstrandcroepha: now, if you are trying to run X as a snap to serve to other clients for a system that doesn't have X (eg, an iot device), that hasn't been done yet, but others on the list might be able to help20:50
jdstrands/list/channel/20:50
croephai am specifically trying to get xorg to run in core20:51
jdstrandI see20:51
jdstrandstart with --devmode for sure since at some point the x11 interface will need to implement the slot side to allow X to run20:52
croephaok, thanks for feedback, i'll keep pushing forward, i think ive traced the issue to a null pointer, now i need to figure out why its null in my case20:52
jdstrandwhen you are at that point, file a bug with the 'snapd-interface' tag and we can work through that20:52
croephasweet20:53
jdstrandcroepha: also, I'm not sure how many X devs there are here. since you mentioned xserver-org that suggests you are using Ubuntu. You might try in #ubuntu-desktop (maybe there is an #ubuntu-x channel too?)20:53
jdstrandthey won't know as much about snappy, but might be able to help with X-specific things20:54
croephaok, good point20:54
sergiusenselopio I don't understand the docker service and the need to specify python (and why it is not 3.5)21:36
elopiosergiusens: the docker service is to be able to do docker run. The need to specify python is just for coveralls. It's the same insane thing that blocked me for a week with lxc.21:37
elopioit could be 3.5, I think.21:37
elopiolet me try.21:37
sergiusenselopio nah, if it is just for coveralls and we will run 3.5 for our tests we are good21:37
elopiosergiusens: we are running our tests in whatever is in that xenial image.21:38
elopiowhich is the official one, so I'm guessing 3.5 or 3.621:38
croephais there a way to tell snapcraft to just use apt-get source ... to get the package source ?22:30
niemeyer_croepha: I don't *think* source packages has any special support yet22:36
niemeyer_croepha: bin packages do, and you can always cook some custom logic to achieve what you want, of course22:36
croephaniemeyer_ you mean like put my apt-get source stuff, confiugre command, ... make install  in a script and tell snapcraft to exec the script for the build ?22:38
niemeyer_Something along those lines.. but if you're using autotools, perhaps using the plugin for that is easier than going through the package22:39
=== niemeyer_ is now known as niemeyer
croephais there a way for a snap to know where something is going to be on the filesystem? like xorg needs to know at compile time the directory where xkbcomp is located, but the snap can be in a different path depending on revision... the best I can come up with is to have a script that runs and makes a link to the snap in /tmp based on the $SNAP_REVISION env variable, is there a better way?23:07
=== mwhudson is now known as mwhudson__
zygajdstrand: thanks for fixing that23:11
zygacroepha: ideally this would be based on $SNAP from environment but we are discussing other options23:11
zygajdstrand: the chdir / cwd issue is now convincing me that snap-confine should know what is expected and yes, perhaps refusing to work is the right thing to do right now23:16
zygajdstrand: my only concern is what is the cwd of apps started from unity or gnome shell23:16
zyga(I'd be bad if all of those refused to work)23:16

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!