[01:09] kyrofa: sergiusens: is there anything that sets $TMPDIR when a snap is run? [01:09] mhall119, yeah, each app gets its own [01:10] kyrofa: what might such a value look like? [01:10] I ask because in pantheon-mail sqlite is trying to create temp files in /var/tmp/ and failing [01:12] mhall119, /tmp/snap.foo_bar_baz [01:12] mhall119, but it shows up to the snap as /tmp [01:12] mhall119, now that you mention it, I'm not sure anything is explicitly setting the TMPDIR var [01:12] We just make /tmp work correctly [01:13] So if sqlite defaults to /var/tmp is TMPDIR isn't set, that may be it [01:14] it does [01:14] according to https://www.sqlite.org/tempfiles.html#tempstore [01:14] can I do something like: TMPDIR=/tmp /snap/bin/pantheon-mail [01:14] or will the envvars be stripped out when the snap is run? [01:20] mhall119, you can do that, but it'll need to be in a wrapper somewhere [01:20] mhall119, soon that'll get easier, you'll be able to specify environments in the yaml, but not just yet [01:20] do you think it's worth putting in common gtk/qt desktop launcher parts? [01:20] (sorry for the delay, packing up my office for a cross-country move) [01:21] mhall119, if this problem is encountered enough, sure [01:21] presumably it will be encountered anywhere sqlite3 is used [01:21] Indeed [01:22] I just wonder if it'll cause problems for others [01:22] e.g. /var/tmp is different than /tmp, it's not cleared each boot [01:23] So some users might want TMPDIR to be, say, in $SNAP_DATA/tp [01:23] $SNAP_DATA/tmp rather [01:23] how about setting SQLITE_TMPDIR? I don't think sqlite expects them to persist between boots [01:24] SQLITE_TMPDIR seems a little specific to go in a generic part, but that's just me [01:24] Such an approach won't scale [01:25] well, you said there was an easier method on the way :) [01:25] Indeed [01:25] In the next snapd release, actually [01:25] Just waiting for it to get through SRU [01:25] Though snapcraft needs to support it too... not sure if sergiusens has done that yet or not [01:28] But to get up and running, a simple wrapper script is pretty easy [01:29] yup, and I've just verified that it fixes all my apparmor warnings [01:30] Very good [01:30] it isn't copying my sqlite database forward for new install revisions of the snap though :( [01:30] mhall119, and the DB is in $SNAP_DATA? [01:31] it's /home/mhall/snap/pantheon-mail/x2/.local/share/pantheon-mail/ [01:31] Ah interesting! A hidden dir [01:32] does /home/mhall/snap/pantheon-mail/x2/ map to an envvar? [01:32] Out of curiosity, can you force it to _not_ be hidden? [01:32] because it looks like something might be trying for $HOME/.local/share/ [01:32] Indeed, that's $SNAP_USER_DATA, but snapd also sets $HOME to that [01:32] You got it [01:33] and $SNAP_USER_DATA isn't copied? Or it this not being copied because it's a dotfile? [01:33] It is copied. The fact that the DB isn't makes me wonder if it's the dotfile, which would be a bug I'd say [01:34] Can you verify? Even if you just renamed the dir and installed a new rev [01:34] I'll give it a try and see, but might wait until tomorrow [01:35] Yeah it's a bit late for you === chihchun_afk is now known as chihchun === chihchun is now known as chihchun_afk === chihchun_afk is now known as chihchun === chihchun is now known as chihchun_afk [06:44] hiya [06:47] hey dholbach [06:47] salut didrocks [06:47] does anyone know what to respond to http://askubuntu.com/questions/795139/ntp-synchronisation-in-ubuntu-core-10? === chihchun_afk is now known as chihchun === chihchun is now known as chihchun_afk === chihchun_afk is now known as chihchun [07:49] ara: o/ [07:53] zyga_, hey! [07:53] morning all [07:54] PR snapd#1501 opened: client: existing JSON fixtures uses tabs for indentation === ant_ is now known as Guest59427 [08:48] has anyone looked at the snapd autopkgtest failures in yakkety? [09:15] mwhudson: hey [09:15] mwhudson: I did but didn't find anything, in fact I cannot reproduce them [09:15] mwhudson: I used a yakkety vm, got the package from proposed and ran kvm based autopkgtest [09:16] zyga: where is this damn session [09:16] zyga_: hm, i tried the same and the failed just a few seconds ago in fact [09:16] let's see if the failures looked similar [09:16] mwhudson: how did you run the test? [09:16] adt-run --unbuilt-tree . --- qemu ~/adt-yakkety-amd64-cloud.img [09:16] from a git tree checked out to the release tag [09:16] I ran something different [09:17] give me a sec [09:17] ~/adt-yakkety-amd64-cloud.img is what adt-buildvm-ubuntu-cloud -r yakkety spat out [09:17] (or whatever that command is called :-) [09:17] I haven't used adt in a while, just booting yakkety to paste the command I ran [09:18] heh [09:19] hmm i think i see fewer failures than on autopkgtest.u.c [09:19] "yay" [09:19] let me find my irc session [09:19] fg === zyga_ is now known as zyga [09:19] woot [09:20] mwhudson: autopkgtest-buildvm-ubuntu-cloud -v -a amd64 -r yakket [09:20] y [09:21] oh well, that's not significantly different [09:21] autopkgtest snapd_2.0.10+16.10.dsc -- qemu [09:21] * zyga tries again [09:22] oh no, i did get the same errors [09:22] as https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-yakkety/yakkety/amd64/s/snapd/20160707_052336@/log.gz [09:22] i got less output spam though, whatever that means [09:24] sigh failures in teardown [09:24] always a good smell [09:25] messages like "Unit snap-basic\x2dbinaries-x1.mount not found." make my have unicode paranoia [09:25] bug 1571721 [09:26] Bug #1571721: Removing when an app is running results in a half removal [09:30] trying again [09:32] mwhudson: most interestingly, tests don't fail if you just run them [09:32] mwhudson: I mean from the tree [09:32] zyga: and they don't fail on xenial, right? [09:32] mwhudson: yep [09:32] mwhudson: one thing I didn't test, fully proposed update [09:33] mwhudson: I only ran this with yakkety + snapd from proposed [09:33] what's significantly different in yakkety? systemd, kernel i guess [09:33] ahhh hm [09:33] mwhudson: yep, just note that arch has the same version and it is all good there :/ [09:33] so ... hmm? [09:33] i think this is the key failure: [09:33] error: cannot perform the following tasks: [09:33] - Mount snap "basic-service" ([start snap-basic\x2dservice-x1.mount] failed with exit status 1: Warning: snap-basic\x2dservice-x1.mount changed on disk. Run 'systemctl daemon-reload' to reload units. [09:33] A dependency job for snap-basic\x2dservice-x1.mount failed. See 'journalctl -xe' for details. [09:33] hmm [09:34] i *think* all the rest is fallout from that [09:34] but i hardly know what is going on :) [09:34] what is the dependency job? [09:34] the fact that systemd says the unit changed on disk is not new in 230 [09:34] perhaps the dependency will tell us more [09:34] i should run it again in that mode that lets me ssh in afterwards [09:35] how do you do that? [09:35] --shell-fail [09:35] I'll replicate here and see what we get [09:35] thanks [09:43] running zyga@yakkety:~$ autopkgtest --shell-fail snapd_2.0.10+16.10.dsc --- qemu ~/autopkgtest-yakkety-amd64.img [09:44] zyga: i'm not completely sure what's happening now but i have this feeling my run is going to pass [09:45] do you know how regression tests are ran? is it with everything from proposed or just the one package? [09:45] and if it is the former, how can we replicate that? [09:45] i don't [09:45] and by editing the sources.list in the image, i assume [09:46] well, I can just upgrade to proposed and run tests locally [09:47] bah it failed but the --shell-fail magic did too somehow [09:47] my run is still in progress [09:48] zyga: mwhudson: it tries to limit -proposed packages to just the trigger and its dependencies [09:48] sometimes that doesn't work (stuff is uninstallable), then it falls back to enabling all of -proposed [09:48] zyga: i pasted your question in #ubuntu-quality btw [09:48] mwhudson: thanks! [09:49] hmm [09:49] well, we can try the full proposed one I guess [09:49] my tests are still ongoing [09:51] PR snapd#1459 closed: daemon,overlord/auth,store: update macaroon authentication to use the new endpoints [09:52] zyga: apparently a known intermittent thing, i'm running again [09:53] mwhudson: my run is still in progress, no failure yet [09:54] mwhudson: I really wonder if there's a difference between how we run tests [09:54] zyga: aaah the build failed this time! [09:55] FAIL: policy_test.go:103: policySuite.TestIterOpBadTargetdir [09:55] mwhudson: what's the rest of the error? [09:56] mwhudson: and can you reproduce that with the .dsc? [09:57] hmmmmm [09:57] mwhudson: I see it run ./get-deps [09:57] zyga: http://paste.ubuntu.com/18692046/ [09:57] mwhudson: I don't think that should ever be done in autopkgtests [09:58] isn't the whole idea to run tests from packaged bits [09:58] + ./get-deps.sh [09:58] Obtaining dependencies [09:58] reading... [09:58] hmmm [09:58] mwhudson: what is $HOME like? [09:59] don't know [09:59] so far it still hasn't failed for me [09:59] probably just /home/ubuntu === hikiko is now known as hikiko|ln [10:01] still not failed [10:01] (my computer is slower :-) [10:02] ah, it failed now! [10:02] same way [10:02] error: cannot perform the following tasks: [10:02] - Mount snap "basic-binaries" ([start snap-basic\x2dbinaries-x1.mount] failed with exit status 5: Failed to start snap-basic\x2dbinaries-x1.mount: Unit snap-basic\x2dbinaries-x1.mount not found. [10:02] ) [10:02] hooray [10:02] i think [10:02] ok package build worked this time [10:03] hmm, the failshell instructions don't work for me [10:03] ok [10:03] let's try to fail this on native yakkety without adt so that tinkering is easier [10:06] eh, we should really replace the one dependency that needs bzr [10:06] pulling all of python2 [10:07] :) [10:09] zyga: yeah i think the get-deps.sh invocation would be better as cp -r /usr/share/gocode/src $tmp or something like that [10:09] to use the packaged version of the dependencies [10:10] yep [10:10] grrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr [10:13] ? [10:17] the --shell-fail failed again [10:20] i guess i should figure out how adt-virt-qemu runs the vm and do it by hand [10:20] but maybe not today [10:31] PR snapd#1502 opened: Add an interface for tpm 1.2 [10:38] attente, do you know what to reply to http://askubuntu.com/questions/780670/i-cant-install-snap-packages-with-ubuntu-software-but-ok-with-terminal? === chihchun is now known as chihchun_afk === chihchun_afk is now known as chihchun [11:19] Do i need to set anything special in my snapcraft.yml, if my snap requires network access? [11:20] netphreak: yes [11:20] anywhere i can see an example of that? [11:21] $ snap interfaces # list of plugs [11:21] netphreak: https://github.com/snapcore/snapd/blob/master/docs/interfaces.md [11:21] In the app definition, "plug: [ network ]" [11:23] thx [11:31] Hrm, I have a snap installed. I "snap install ./develomentsnap". I want to remove the devel version and return to the previous. How can I do that? [11:32] PR snapcraft#635 opened: Fix parts cache handling [11:34] PR snapd#1503 opened: Set the snap price when listing available snaps === hikiko|ln is now known as hikiko [12:22] PR snapd#1504 opened: debian: chmod created config files to 0644 [12:25] PR snapd#1505 opened: store: introduce a search grammar (baby step #1) [12:40] kyrofa hey, is this only failing due to ros and friends? https://github.com/snapcore/snapcraft/pull/633 [12:40] PR snapcraft#633: qmake plugin: Stop doing out-of-source builds [12:52] kyrofa: zyga: is there a solution to the "clicking a URL in a snap doesn't open it in the browser" bug? [12:57] PR snapd#1506 opened: store/auth: add helper for the macaroon refresh endpoint [12:58] mhall119 there's a bug and attente was working on that [12:58] mhall119 I also raised the inverse, going from host to snap doesn't work as the mime handler doesn't seem to get registered. Hm, let me log a bug for that [13:00] sergiusens, bug #1597417 [13:00] Bug #1597417: Doesn't use "update-desktop-database" which is needed for mime handlers [13:00] sergiusens: how can we re-use the url-dispatcher that does this on the phone? [13:00] you can maybe confirm it [13:00] PR snapd#1507 opened: cmd: add buy command [13:02] mhall119, I don't think we need url dispatcher there, we have snapd-xdg-open in yakkety which is supposed to do that [13:02] unsure if it works out of the box though [13:03] that's also something that needs to be backported to xenial [13:05] PR snapcraft#635 closed: Fix parts cache handling [13:09] seb128 thanks [13:13] seb128: and that works based on the MimeType field in the .desktop files? [13:13] Bug #1597417 opened: Doesn't use "update-desktop-database" which is needed for mime handlers [13:16] seb128: besides backporting snapd-xdg-open, the fake xdg-open script needs to be inserted into the os snap [13:16] mhall119, urls are special cases of mimetypes so I guess in some ways [13:16] attente, that was done in yakkety? [13:18] sergiusens, I just merged with master, so I'll let you know [13:18] seb128: i don't recall, i thought mvo took care of that part though [13:18] k [13:18] mvo, ^ do you know what's the status there? ;-) [13:18] attente, thanks [13:25] attente: its in the os snap already (maybe not yet in stable? definitely in edge) [13:26] seb128: -^ [13:26] mvo: ok, thanks. so i guess the only thing missing is backporting to x [13:26] mvo, do we have an os snap installed on classic? [13:26] yo, just updated y'day and i'm seeing an error on snap list [13:26] known? [13:26] seb128: yeah, we do [13:26] error is "error: cannot list snaps: cannot unmarshal: json: cannot unmarshal string into Go value of type int" [13:27] seb128: yes [13:27] attente: people get it from the os snap, we don't need to backport it (unless I miss something) [13:27] mvo: I don't find it r122: /snap/ubuntu-core/current$ sudo find . -name 'xdg-open' [13:27] mvo: backporting snapd-xdg-open to xenial for the other half of that interaction [13:27] attente: if its not in stable yet (can check in a bit) it will be soon, we will get a new stable in the next few days [13:27] didrocks, mvo, how do I see what it's in my os snap? snap list only includes ubuntu-core [13:27] seb128: this is the os snap [13:27] seb128: 122 is stable, right? [13:28] mvo: and also pulling it as a depends [13:28] mvo, 122 of what? [13:28] mvo, sorry i'm not familiar with your new world ;-) my knowledge goes as far as the snapd version installed my xenial and snap list/install and the ubuntu-core snaps [13:29] seb128: I will double check, I think r122 of ubuntu-core is the stable version that has n been updated in a while [13:29] sergiusens, nope, example tests are still busted [13:29] mvo, ubuntu-core is the os snap? [13:29] seb128: yes, correct [13:29] or are they different things [13:29] ah ok [13:29] seb128: sorry for the confusion [13:29] no worry [13:34] PR snapd#1508 opened: cmd/snap,cmd/snap-exec: support running hooks via snap-exec [13:37] Chipaca: hey, for some reason, snapd still doesn't be returning an icon uri despite the snaps dpm uploaded being series 16 [13:39] Chipaca, https://launchpad.net/bugs/1588266 [13:39] Bug #1588266: Almost no info about Krita snap in Ubuntu Software [13:43] PR snapd#1504 closed: debian: chmod created config files to 0644 [13:49] kyrofa which ones? [13:51] PR snapd#1509 opened: interface: add new interfaces.all.SecurityBackends [13:51] sergiusens, http://162.213.35.179:8080/job/github-snapcraft-examples-tests-cloud/1216/console, image creation failure seems like [13:52] fgimenez, any idea on that one? ^^ [13:52] kyrofa, looking [13:54] sergiusens, I think my last successful run was a few days ago at this point :P [13:59] hi there, I get an error message when I try running any snap: [13:59] $ snap run vlc [13:59] execv failed: No such file or directory [13:59] kyrofa, seems like a quota problem, there are two danglling instances, i'll try to identify and delete them, will ping you when done [13:59] Thanks fgimenez [14:00] $ snap run hello [14:00] 2016/07/07 09:59:44.531420 cmd_run.go:175: WARNING: cannot create user data directory: cannot create "/home/bryan/snap/hello/common": mkdir /home/bryan/snap/hello/common: permission denied [14:00] execv failed: No such file or directory [14:00] slightly better error with hello I guess.. [14:00] gQuigs, that's not typically how one runs apps [14:00] gQuigs, run stuff out of /snap/bin [14:00] (which should be in your PATH) [14:02] kyrofa: hmm.. then it's not obvious how to run some... [14:02] kyrofa: for example, run hello and it says not installed [14:02] and what if I have both vlc snap and vlc deb installed? how to pick? [14:03] gQuigs, is hello installed? [14:04] $ /snap/bin/hello [14:04] Hello, world! [14:04] $ hello [14:04] The program 'hello' can be found in the following packages: [14:04] gQuigs, is /snap/bin in your PATH? [14:05] kyrofa, should be fixed now [14:05] Thanks fgimenez, re-running now [14:05] kyrofa: nope, it's not.. swear it was.. hmm [14:06] gQuigs, hmm indeed [14:08] with path set, hello works [14:09] but snap run still doesn't.. should that work? [14:09] How can i see what version of snapcraft and snap i installed? [14:09] jdstrand: Heya [14:09] jdstrand: Do you need any state currently in Spread-B? [14:09] netphreak: does --version not work for you? [14:10] jdstrand: We're having some connectivity issues between the freemont DC and Google services, so I'm moving it out to a different DC [14:11] mvo, sergiusens, what would the way to get the attention of the snappy team on bug #1597417? it's probably an easy one but I don't know if it needs team discussion on possible security impact or something [14:11] Bug #1597417: Doesn't use "update-desktop-database" which is needed for mime handlers [14:12] it's important to make desktop applications useful [14:12] like I've evince in a snap but it's not very useful if you can't get it to be used when clicking on a pdf in nautilus [14:12] kyrofa: so for VLC the deb takes precedent (based on how I did path). Should snap run work is that deprecated? [14:13] gQuigs, snap run will be how snaps are run behind the scenes, but you should never have to run it. You should be running things out of /snap/bin [14:14] gQuigs, it's an implementation detail [14:14] gQuigs, and I'm not sure that it actually works in the version of snapd released currently-- it's finished in the one being released now [14:15] gQuigs, so for a consistent experience, use /snap/bin/ [14:15] How do i upgrade to the latest snapd 2.0.10? I'm on apt-get [14:15] seb128 I have the same problem when clicking on telegram.me links ;-) [14:16] seb128: what needs to happen? does snapd needs to just run update-desktop-database after new desktop files got created? [14:16] kyrofa: so I should eventually work ? [14:17] gQuigs, yes, but again, you should never need to use it directly [14:17] niemeyer: no-- I can -discard now if that makes things easier for you [14:17] jdstrand: Ah, yes please, thanks! [14:17] mvo, yes [14:17] niemeyer: but when can I start up a new one with -keep? [14:17] jdstrand: Feel free to pick another one when you need [14:18] jdstrand: Immediately [14:18] kyrofa: thanks! [14:18] jdstrand: Hopefully I'll be faster and nuke the machine before you grab it again :) [14:18] jdstrand: There are other machines available on the new DC already [14:18] niemeyer: discarded [14:18] mvo, the mimetype handlers look into indexes and that dir doesn't have one so its entries are not registered [14:18] mvo, just doing the update command makes it work [14:19] jdstrand: Thanks, removed.. will re-allocate new ones with the same names on the new DC [14:19] niemeyer: I'm not sure you saw, but between README.md and a really nice cli, spread is literally the easiest testing infrastructure I've ever used [14:19] jdstrand: Wooo, that's great to hear! Thanks! [14:19] really nice. I was writing spread tests in just a few minutes [14:20] granted, I was using an existing project with spread.yaml, but still. good stuff :) [14:21] seb128: mvo: how should we backport snapd-xdg-open to xenial? should i reuse this sru? https://bugs.launchpad.net/snappy/+bug/1580740 or file a new one against the package? [14:21] Bug #1580740: [SRU] Cannot open a browser link from a snap that provides a link [14:21] niemeyer: oh and -debug is fantastic [14:21] attente, that SRU bug should do the trick [14:22] jdstrand: Yeah, I was very pleased with that one as well. So convenient to be able to jump in at the exact breakage [14:22] totally [14:23] seb128: thanks! [14:24] attente, yw! [14:25] niemeyer: at some point I want to try it with lxd. oh, that reminds me-- I guess it is possible to have two different backends and then spread -list would just prefix them accordingly? what happens if say a project has linode and lxd, and you have lxd and I don't? [14:25] seb128: could you please sponsor it for xenial? or should i subscribe ubuntu-sponsors? [14:26] niemeyer: fyi, I have Spread-E now [14:26] jdstrand: Right.. it'll try to run all backends by default, but you can easily tell what to run at the CLI.. e.g. linode: [14:26] jdstrand: Ack [14:27] jdstrand: That is, $ spread linode: [14:27] jdstrand: Then it'll run only things in Linode [14:27] niemeyer: if a project has both linode and lxd, but I don't have lxd, do that cause a usability issue for me or will spread just skip those? [14:27] eg, if I just call 'spread' [14:28] jdstrand: It'll try to run lxd, error out because it can't, mark the specific jobs that should run under lxd as aborted, but otherwise continue with all the rest [14:28] I see. ok, thanks [14:28] jdstrand: That's the main distinction between aborted and failed, btw.. aborted means "didn't even try" [14:29] ah, yes. that makes sense [14:29] I was trying to wrap my head around how useful it would be to add lxd backends to things and how that might affect people [14:30] I'm not actively working on that-- just was curious [14:38] seb128: thanks, that sounds pretty straightforward [14:38] jdstrand: I have a background idea that I haven't quite designed yet, but which might fit with what you describe [14:38] jdstrand: I'd like a way to mark certain tests as "manual".. [14:39] jdstrand: IOW, should only fire when explicitly requested [14:39] right [14:39] jdstrand: Need to find a way to blend that into the default job matching behavior in a non-awkward way [14:40] yeah, that would definitely work for this use case so long as it could be applied to backends as well as tests and suites [14:41] which in saying that, I see what you mean be it needing some design :) [14:41] jdstrand: Yeah, it'd need to work in a similar way to everything else.. cascading through the matrix [14:41] cool [14:41] Might be just a test in a suite, or a suite, or whole backend [14:42] anyway, I'm not using lxd just yet here for that, but I was excited to see it as a backend [14:43] I want to support kvm soon as well. There was some difficulties in finding the ip the machine fired with, but ogra_ gave some ideas. [14:43] mvo, thanks [14:53] PR snapd#1431 closed: cmd,interfaces,snap: implement hook whitelist [14:58] attente, sorry, day is a bit crazy and i'm off tomorrow ... please subscribe sponsors and maybe see if mvo wants to sponsor the SRU, I think he did the yakkety upload? otherwise I have a look on monday [15:01] PR snapd#1510 opened: integration-tests: remove login tests [15:02] attente, seb128: sure I can sponsor, just ping me [15:02] mvo, great, thanks! [15:05] jdstrand: I wrote a spread test for the apparmor profile [15:05] jdstrand: just testing it and I'll add it to the pull request [15:05] jdstrand: you said you want to have another thing in .36? [15:05] jdstrand: can you be more specific please? [15:09] zyga: I want only that in .36 [15:09] I mean, other things can be there, but we need to make sure we don't lose confinement for the next ubuntu upload [15:10] jdstrand: .35 was released, .36 is today [15:12] zyga: right. what I mean is that .35 is where I noticed the profile attachment bug you are working on. afaic, we need to only fix that bug for .36. then .36 can go to ubuntu [15:12] mvo: thanks! is there anything you need from me for the sru? [15:12] ah, ok [15:12] so there's nothing else you want to fix? [15:13] what about the nodev thing that was also mentioned by SUSE folks? [15:16] zyga: I do have something I was working on but it doesn't have to be for .36 [15:16] ok [15:16] sounds good then [15:18] zyga: for the nodev, that was actually a question for /tmp being user-owned, but that got me thinking snap-confine probably should think about nodev and nosuid for some of those mounts, but that is a hardening measure since the things being mounted are not user-controlled, correct? Does this have the content interface changes? If so, those mounts should absolutely by nodev and nosuid [15:21] zyga: ok, phew, I see in sc_setup_mount_profiles that MS_NODEV and MS_NOSUID are used [15:23] hmm [15:24] sergiusens, wouldnt it make sense if the make plugin would install a compiler by default (and put the cc and gcc links in place automatically) ? [15:25] yes, the user mounts are safe [15:25] those that are controlled by the user [15:25] but remember that all you need to do is to ship a snap with /dev/sda node [15:25] * ogra_ notes that he has to put ([ -e /usr/bin/cc ] || ln -s /usr/bin/gcc-5 /usr/bin/cc) and ([ -e /usr/bin/gcc ] || ln -s /usr/bin/gcc-5 /usr/bin/gcc) into his makefiles ... [15:25] and you're good :-( [15:25] and i have to put gcc-5 into build-files [15:25] err build-packages [15:34] ogra_ not make, but autotools and cmake yes [15:34] why not make ? [15:34] niemeyer: I have a potentially dumb question re environment and spread. I'm try to do: [15:34] ogra_ there are a bunch of examples where people use make as they would use the copy plugin [15:34] environment: [15:35] CORESNAP: $(mount | grep ubuntu-core | tail -1 | cut -f 1 -d ' ') [15:35] execute: | [15:35] ... [15:35] sergiusens, yeah, i have done that too ... but still, gcc is broken if you depend on it [15:35] echo "CORESNAP=$CORESNAP" [15:35] ... [15:35] ogra_ as a build-packages? [15:35] sergiusens, the needed symlinks are alternatives ... [15:35] yeah [15:35] niemeyer: but $CORESNAP is empty [15:35] niemeyer: the is in task.yaml [15:35] sanpcraft doesnt run postinsts ... so the symlinks are missing [15:36] ogra_ build-packages do run postinsts [15:36] what are you talking about? [15:36] well, not here [15:36] there are a bunch of tests for this [15:36] niemeyer: if I do under execute: echo "CORESNAP=$(mount | grep ubuntu-core | tail -1 | cut -f 1 -d ' ')" I see what I want [15:36] ogra_ use build-packages, not stage-packages [15:36] i tried to make all my packages "cleanbuild" safe today [15:36] and all of them are missing these links [15:36] niemeyer: I can sprinkle that command around and am not blocked, but it seems like environment should be able to handle this [15:37] sergiusens, https://github.com/ogra1/nethack/blob/master/snapcraft.yaml ... [15:38] sergiusens, same for https://github.com/ogra1/upnp-server/blob/master/snapcraft.yaml [15:38] (and a few others i havent public yet) [15:38] ogra_ ah you are explicitly installing gcc-5, that won't create the gcc link you want [15:38] if i use gcc-5 in build-packages there are definitely no alternative links set [15:39] it does if i install gcc-5 on a normal desktop [15:39] ogra_ because you have gcc installed as well [15:39] hmm, let me try to move to plain "gcc" [15:40] mvo, in case you do manual image builds. please note the new EXTRA_PPAS entry in crontab [15:41] ( i changed that yesterday ,,, forgot to tell you about it) [15:46] sergiusens, bah, and indeed you are right :P [15:47] * ogra_ goes and fixes all branches again ... mental note: ask first next time before writing a workaround [15:47] ogra_ iirc gcc has the alternative stuff and didrocks told me we install it by default on desktop now too [15:47] we always did [15:47] it is a requirement of dkms [15:48] (and before it was a req. for nvidia drivers and the like ... when they still got compiled at install time) [15:48] but tthat doesnt help with cleanbuild :) [15:54] PR snapcraft#622 closed: Hard-link local sources instead of symlinking them === chihchun is now known as chihchun_afk [16:01] Yay! [16:03] Bug #1599919 opened: SnapOpSuite unit tests interfere with the user's $HOME/.snap directory [16:10] jdstrand: One particularity of environment is that $() executions run locally rather than remotely.. I might move that behavior out into a separate field as it's probably unexpected [16:11] jdstrand: Right now that's how we can provide secrets and local info in general to the tests [16:11] I see [16:11] ok, well, like I said, I'm not blocked [16:12] thanks for the explanation [16:12] np [16:30] PR snapcraft#636 opened: parser - Handle malformed wiki entries [16:32] ogra_: thanks for the heads up [16:32] PR snapd#1511 opened: overlord: actually run hooks [16:33] attente: if you could prepare it so that I just need to dput the sru that would rock of course, if not just let me know [16:38] mvo: sure [16:50] mvo: i literally just changed the release to xenial and the date in the changelog: https://launchpad.net/~attente/+archive/ubuntu/snapd-xdg-open/+packages [16:50] (from the yakkety one) === JanC is now known as Guest55200 === JanC_ is now known as JanC === olli_ is now known as olli [17:07] mvo, attente: can we please do an upstream release of snapd-xdg-open [17:07] we really want it everywhere, not just ubuntu [17:09] if you want I can look at this [17:15] PR snapd#1512 opened: overlord: initial work on renaming core snap [17:15] kyrofa this is good to go https://github.com/snapcore/snapcraft/pull/632 [17:15] PR snapcraft#632: WIP Refactor/push [17:16] zyga: sure, but i don't have push access to that repo. i think mvo does however? [17:22] sergiusens, looks like it needs to be merged with master [17:23] kyrofa really, again? [17:23] kyrofa there you go [17:24] sergiusens, thank you! Also consider changing the title [17:24] kyrofa so pushy, I was going to change it while merging :-P [17:25] kyrofa there you go [17:25] sergiusens, I know you. You'll forget, and then our history will be hilarious [17:26] jdstrand: I've updated snap-confine#73 [17:26] PR snap-confine#73: Update apparmor profile for snap-confine [17:27] jdstrand: I didn't rename policy file because I think this simply belongs in downstream packaging and it is more and more evident [17:27] what sort of unit test coverage should I seek for my PR? ( snapcraft#619 ) [17:27] PR snapcraft#619: Add source-checksum option for tar and zip sources (bug 1585913) [17:28] integrated in the Tar and Zip classes or in it's own class? [17:28] kyrofa: ^ [17:29] tsimonq2, taking a look now [17:29] zyga: re rename> well, it depends-- where does make install put it? if the default is to /usr/lib/snapd/snap-confine then the name should reflect that [17:29] thanks kyrofa [17:29] zyga: alternatively, skip all that and just rename to 'snap-confine' [17:30] zyga: the only thing apparmor cares about is what's inside [17:30] jdstrand: I'd simply put it in src/apparmor-profile.in [17:30] jdstrand: and have the makefile generate the real one [17:31] that works too, but then update the debian/ packaging [17:31] jdstrand: downstream packaging will be doing the rename [17:31] jdstrand: yep, I will have to do it for debian and ubuntu then [17:31] jdstrand: just a reminder, I will try to remove debian entirely from the tree so that we can do real tests against real packaging in debian/ubuntu [17:32] jdstrand: right now debian/ is not used anywhere for real [17:34] tsimonq2, actually I think your units look pretty good. I'd check the coverage, though (do you know how to do that?) [17:34] tsimonq2, however, while you have an integration test snap, you don't have an integration test. Are you working on that? [17:35] Because that will be important [17:35] kyrofa: so do you think my integration tests need to be added to the tar and zip tests or it's own test? [17:35] tsimonq2, oh I see what you're asking [17:37] tsimonq2, I say add them to tar and zip [17:37] kyrofa: okay, so it's in the snap, I need to add to the python? [17:37] tsimonq2, so add some more to the simple-zip snap, then add checks to the integration tests that use simple-tar and simple-zip [17:37] tsimonq2, exactly [17:38] tsimonq2, I'm not sure it's worth adding new archives though-- just take the checksums for the archives already in the snaps [17:38] kyrofa: alright [17:39] kyrofa: all of them? which ones would you suggest? [17:39] tsimonq2, oh, scratch that. Forgot there were multiple. Go ahead and add a new one :) [17:39] alright :() [17:39] *:) [17:40] tsimonq2, do you know how to check the coverage? [17:40] kyrofa: yeah there's a report [17:41] kyrofa: that's talking about unit tests right? [17:41] kyrofa: or is that integration? [17:41] tsimonq2, yup, units, you got it [17:41] kyrofa: if it's unit, do I add my tests to the Tar and Zip classes or do I make my own class? [17:41] tsimonq2, wait... now I'm not sure what we're talking about [17:42] kyrofa: in snapcraft/tests/test_sources.py (or whatever the name of the file is) [17:42] tsimonq2, the unit tests you have so far look good (though I've not given them a complete review). The integration tests will be good for actually verifying checksums [17:42] kyrofa: there's class TestTar(tests.TestCase): and class TestZip(tests.TestCase): [17:43] But the integration tests go in integration_tests, not snapcraft/tests (those are units). Am I answering your question? :P [17:43] kyrofa: no [17:43] so here's what I'm asking [17:43] Heh, sorry [17:43] I added unit tests for incompatibility, right? [17:43] what about for testing that it works? [17:44] or that it successfully checks the checksum? [17:44] kyrofa might be good to go, but I don't want to update branch again ;-) https://github.com/snapcore/snapcraft/pull/633 [17:44] PR snapcraft#633: qmake plugin: Stop doing out-of-source builds [17:44] Well, in order to test that it works, you need to make something to take a checksum OF [17:44] That is an integration test [17:44] sergiusens, you're so mean :P [17:44] kyrofa: so then what's the difference between integration and unit? [17:45] PR snapcraft#633 closed: qmake plugin: Stop doing out-of-source builds [17:45] sergiusens, oh ha! I see what you're saying now ;) [17:46] tsimonq2 kyrofa difference between unit and integration changes depending on who you ask [17:47] tsimonq2 kyrofa we've settled for integration meaning talking to external servers and using real code to run snapcraft agains using the real snapcraft command [17:47] and for unit, we use some other module [17:47] to call as under test [17:47] tsimonq2, you have the right idea-- you should definitely verify the checksums work correctly. However, in this case the data you need to setup to test the checksums work correctly is beyond what a unit test should do. In order to test this at the unit level you could do some mocking though [17:48] and we consider it totatlly fine to generate artifacts on disk these days [17:48] kyrofa: so do I need a unit test or not for the coverage? [17:48] tsimonq2, indeed, integration doesn't count toward coverage [17:48] jdstrand: arch now ships snap-confine 1.0.35 [17:48] kyrofa I personally don't see this as a problem with open('file', 'w') as f:\n f.write('something that will produce a known checksum') [17:49] arch is FAST :) [17:49] kyrofa aside from an integration test [17:49] zyga how fast? [17:49] sergiusens: I mean, fast to update [17:49] neat [17:49] sergiusens, it needs to be a tar or zip source though [17:49] sergiusens: that's not me updating the package [17:49] sergiusens: that's arch maintainer [17:49] sergiusens, but yeah, you're right, not a big deal [17:49] sergiusens: it was released a day ago [17:49] kyrofa you could use the tar or zip modules for that, with tar.open... [17:49] on another note, I just got most spread tests to work on debian sid [17:50] tsimonq2, sergiusens's idea is probably better than mocking [17:50] tsimonq2, use that to make sure your code is covered, and then use the integration tests to cover end-to-end [17:52] kyrofa: so wait, when he said, "kyrofa I personally don't see this as a problem with open('file', 'w') as f:\n f.write('something that will produce a known checksum')" ? [17:52] tsimonq2, hold on, my son is asking me to tuck him in for his nap, be right back [17:52] alright kyrofa :) [17:53] Can someone point me to details of how to get launchpad to build ARM snaps? [17:54] mcphail, https://kyrofa.com/posts/building-your-snap-on-device-there-s-a-better-way [17:54] kyrofa: thanks! [17:55] sergiusens, how would you like him to determine the checksum in a known manner that still tests his code? [17:55] kyrofa I don't follow [17:56] sergiusens: I need unit test coverage, how would I go about doing that for snapcraft#619 ? [17:56] PR snapcraft#619: Add source-checksum option for tar and zip sources (bug 1585913) [17:56] sergiusens, he has code that grabs the checksum of the archive. If he generates the archive on the fly he can't know the checksum until it's been generated. How should he get it while still being able to test the checksum-grabbing code? [17:57] tsimonq2 by creating known files on the fly as part of the test fixture setup and passing those to your source (Zip, Tar) calls [17:57] sergiusens, i.e. saying "use my code to get checksum" -> "test that my code that gets checksum matches that checksum" isn't really a valid test [17:59] sergiusens, unless you're saying there's a way to create tars and zips in a completely deterministic manner across archs? [18:00] (not sure what metadata gets packed in there) [18:00] zyga, good for arch, they're ahead of ubuntu! [18:01] zyga, how is that SRU coming? :P [18:03] kyrofa: I don't know [18:03] kyrofa: I'm not doing the SRU work really :/ [18:03] kyrofa: I'm working on .36 for more SRU :P [18:04] attente: hm, what was the sru tracking bug again? I think that should also be in the changelog :) I can add it [18:04] zyga, hahaha [18:05] attente: aha, found it [18:05] Can someone check my snapcraft.yaml at http://bazaar.launchpad.net/~njmcphail/+junk/ag-mcphail/view/head:/snapcraft.yaml ? It isn't building on launchpad as per https://launchpadlibrarian.net/271553088/buildlog_snap_ubuntu_xenial_arm64_ag-mcphail_BUILDING.txt.gz due to grumbles about the "confinement" line, but builds OK on my machine [18:05] mcphail, huh... looks like their snapcraft might be out of date... ? [18:06] kyrofa: hmm. Should I poke someone about that? [18:06] zyga: for xnapd-xdg-open - you just need a git tag? or more? [18:06] mcphail, hop in #launchpad. I just asked [18:07] mvo: what's the buildystem there? I don't recall [18:07] mvo: ideally a make dist tarball and a release on github [18:07] (or launchpad) [18:07] mvo: and some simple packaging instructions [18:07] zyga: autotools [18:08] mvo: is that something that goes into the snap in any way or is it just the host distro [18:08] zyga: ok, can do in a bit [18:08] mvo: thanks [18:08] (I guess arch will be first again :) [18:08] zyga: we need it alongside snapd [18:08] understood [18:09] jdstrand: FYI, https://github.com/snapcore/snap-confine/pull/74 [18:09] PR snap-confine#74: Debian spread tests [18:09] jdstrand: sid support in spread [18:13] nice! [18:17] mcphail, to be fair I didn't document that very well in the post, so I'm adding a blurb now [18:19] jdstrand: I'd like to know what to do about the apparmor issue, we have the fact that .34 and .35 shipped without confinement, I'd like to get a resolution you agree on quickly so that .36 can be released that fixes the bigger issue, perhaps without adding a smaller one [18:27] zyga: I think I've been pretty clear :) [18:28] zyga: you can release 1.0.36 if you want without the fix, but we can't release that to Ubuntu because it regresses an important security feature [18:31] kyrofa: getting different build errors now, but making progress. Thanks! [18:31] mcphail, good deal! Let me know if you need any help [18:32] kyrofa: when building on lp, I assume installing libpcre3-dev doesn't automatically install libpcre3 as well? [18:33] jdstrand: but ubuntu 16.10 will get .35 through debian so isn't the cat out of the bag already? [18:33] mcphail, I assume it does, isn't it a dependency? [18:33] jdstrand: let me re-read your comments, I'm not sure what the next step is there [18:33] (I've not actually looked at the cache) [18:34] zyga: 16.10 is the dev release. 16.04 is stable. we can't regress this security feature in 16.04 [18:35] we shouldn't in 16.10, but if we do we just fix it [18:35] kyrofa: if you look at https://launchpadlibrarian.net/271556609/buildlog_snap_ubuntu_xenial_i386_ag-mcphail_BUILDING.txt.gz , for some reason libpcre3 shows up in the "Skipping blacklisted from manifest packages:"... [18:36] mcphail, ah, must be already installed then [18:36] zyga (cc tyhicks): the next step is to give examples of mount profiles that snapd currently implements [18:36] jdstrand: only the content interface uses them [18:36] mvo: ah, sorry, thanks for catching that [18:36] jdstrand: and the read/write paths are decided by plug/slot attributes [18:36] zyga (cc tyhicks): and then understand precisely what mount rules are needed [18:36] jdstrand: any value is allowed right now [18:37] jdstrand: that fact implies that any mount rules might be allowed [18:37] zyga: yes, but the source mount point is inside a snap, not /** [18:37] zyga: and the target mount point is inside a snap, not /** [18:37] jdstrand: one useful use case is /var/lib/snapd/hostfs/usr/share/fonts [18:37] jdstrand: as for the target directory, let me check [18:37] Hi, I'm playing with the snappy client code. Does it make sense that 'Find' returns a Status of 'available' for each snap even if it is installed on the machine? Do I need to do a separate call to 'List' to determine if a package is actually installed? [18:37] kyrofa: perhaps I need to add pkg-config as a build dependency? I'd assumed that would be default? [18:38] zyga: but the fonts directory is an implicit slot, not the content interface [18:38] zyga: sorry to distract from the discussion but does the snap itself define the plug/slot attributes? [18:38] jdstrand: it would be a slot on the core snap (it doesn't exist yet) [18:38] tyhicks: yes [18:38] small clarification, currently both source and destination are rooted at $SNAP [18:38] zyga: right, so we add a rules for /usr/share/fonts like we do for /etc/alternatives [18:38] mcphail, indeed, try adding that [18:39] so I guess we can constrain those profiles to /snap/*/** [18:39] zyga: and then a different glob rule for content [18:39] yes! :) [18:39] mcphail, it's not a default-- not everything needs it [18:39] I missed those two lines, I just read the content interface [18:39] kyrofa: ok, thanks [18:39] mcphail, not even gcc/g++ is a default [18:40] kyrofa: so we need to add build-essential? [18:40] mcphail, you can, but that's a bit of a shotgun [18:40] unfortunately, /snap/bin is in there and shouldn't be mounted, so we'll need several rules to express /snap/*/**. [18:40] zyga: when reviewing the bind mount PR, I thought we were in full control of the source and destination paths [18:40] tyhicks: we are [18:41] mcphail, the only things plugins will add implicitly are the tools required to run them (e.g. the make plugin will install make, autotools will install autotools, etc.) [18:41] mcphail, everything else you have absolute control over [18:41] tyhicks: for content it is relative to the providing snap's and consuming snap's directories [18:41] yes [18:41] which is why I kept saying let's constrain this to what we actually allow [18:41] kyrofa: OK, that's interesting. Is there any way to get a "naked" build environment on a local machine to simulate this? Presumably run it in lxc? [18:42] do we have protections against "../" components in the path? [18:42] that's a bit unfortunate for font sharing though, there's no way to describe that [18:42] mcphail, indeed, cleanbuild [18:42] zyga: font sharing? [18:42] tyhicks: we ensure that filepath.Clean(path) == path [18:42] zyga: regardless, we can have a separate rule for the fonts dir, just like we do for all the others [18:42] kyrofa: nice. Thanks [18:42] that is, no ../ bits are present [18:43] jdstrand: (this is actually inside snapd that we'd have to allow this) [18:43] jdstrand: to make the source *not* relative to the core snap [18:43] but I think we are good actually [18:43] zyga: I'm confused about what you are talking about there [18:43] not for fonts but for this [18:43] jdstrand: sorry, I'm just observing that content sharing interfae cannot be used to share fonts from the host today [18:44] but that's not a problem at hand, sorry for adding this to the mix [18:44] ok [18:44] well, in the future we can add whatever mount rule is needed for fonts too [18:45] so, I think some sort of /snap/*/** mount rule with a comment that it is to enable the content interface is fine [18:45] kyrofa: actually, looks as if gcc is in the base launchpad build instance already [18:48] jdstrand, tyhicks: https://github.com/snapcore/snap-confine/pull/73/commits/24bbd4338d24e97330ccd20e3cb01cb714b5f08c [18:48] PR snap-confine#73: Update apparmor profile for snap-confine [18:48] importantly, you are going to have to do the crappy /snap/[^b]*/**, /snap/b[^i]*/**, /snap/bi[^n]*/**, /snap/bin?*/**, /snap/b/**, /snap/bi/** shenanigans [18:48] zyga: see ^. let me add a comment [18:49] ohhh [18:49] hmmm [18:49] is that really needed? [18:49] I see why but what's the attack there? [18:49] yes [18:49] you cannot run any of those things [18:49] you don't want to mount /snpa/bin [18:49] and the mount is happening after unshare [18:49] why not? [18:50] will any other process see that mount? [18:50] because like you say it is pointless and we are being fanatical to guard against attacks [18:50] ah [18:50] that's a good answer [18:50] give me a minute [18:50] we are being as defensive as possible [18:50] I mean, if there's any way this is exploitable already I'd like to know (this is why I ask those questions), I undestand general "to be more safe" answers [18:51] I can't think of an attack otoh [18:51] ok, let me do the exclusive rules then [18:51] zyga: hold on [18:51] btw, would a deny rule be easier and would work too? [18:51] ok [18:51] no deny rules [18:52] I mean we can [18:52] well [18:52] actually in this case that would be good [18:52] audit deny mount /snap/bin/**, [18:53] is the single argument form matching both source and destination? [18:53] that is a good question [18:53] mount rule syntax is annoying [18:54] how about: audit deny mount /snap/bin/** -> /**, [18:54] yep [18:54] that is clear [18:54] jdstrand: wait, isn't that reverse [18:54] jdstrand: source -> destination [18:54] we don't want to let people bind mount over that [18:54] or bind mount that somewhere? [18:55] actually, probably both [18:55] jdstrand: like this? http://paste.ubuntu.com/18724566/ [18:55] (not tested) [18:56] PR snapd#1510 closed: integration-tests: remove login tests [18:56] I'll add a few spread tests for this but I need to go now [18:56] yes [18:56] I like that [18:56] I just read the man page and the single argument form is the source mount, but this is very clear [18:57] PR snapd#1509 closed: interface: add new interfaces.all.SecurityBackends [18:57] fyi, without those rules there would be an info leak on the installed snaps [18:57] kyrofa mind looking at https://github.com/snapcore/snapcraft/pull/627 [18:57] PR snapcraft#627: Added new maven-targets option to maven plugin [18:58] ? [18:58] we don't protect against that perfectly today, but there are longer term work items that will address that [19:00] jdstrand: good point about the info leak! [19:00] jdstrand: I'll make the spread tests happen [19:00] jdstrand: but now -> time to take a walk, it's 21:00 already [19:02] zyga: where'd the time go?! [19:02] zyga: thank you for working on this :) [19:13] kyrofa: so what am I doing for the integration tests again? [19:18] PR snapcraft#637 opened: Do not clean before running the snaps tests [19:22] tsimonq2, you're adding stuff to integration_tests/test_tar_plugin.py and integration_tests/test_zip_source.py [19:22] kyrofa: oh okay [19:25] slangasek hey, how's that umbrella bug for SRUing supposed to be created? [19:25] kyrofa: so what exactly should I test for, should I ensure that it can check the checksum (if so, I don't know if I can do that), should I check the checksum in the test, I mean, what am I trying to do here? [19:26] sergiusens: file bug against the package; include pointer to the wiki page describing the exception; document what testing has been done; include this bug in the changelog of the upload [19:26] slangasek: would https://pad.lv/1599125 , https://pad.lv/1567524 , and https://pad.lv/1590807 be able to be linked to 2.14 please? [19:27] whoops sergiusens ^ [19:27] sergiusens: or do you think they shouldn't? thoughts? [19:28] tsimonq2 I can link them once a PR is up, seems like a lot for a weeks work though [19:28] thanks sergiusens for clarifying [19:29] tsimonq2, well, you added some good stuff to simple-tar. An archive along with several known checksums. Make sure the test runs them all, and make sure you do similar things for zip [19:29] kyrofa: but doesn't it already all run because it's in the snapcraft.yaml? [19:30] tsimonq2, it might, I haven't looked. You may not need to change the tar test at all. But you're missing the zip test snap, right? [19:30] * tsimonq2 does that [19:33] slangasek: ping. Can you please reply here please? https://bugs.launchpad.net/snapcraft/+bug/1596068/comments/4 [19:33] Bug #1596068: The unittests in autopkgtest are run twice [19:40] elopio: so the argument is that the unit tests only test the snapd code, and would not pick up a regression caused by a dependency? [19:41] slangasek: they would catch regressions on dependencies, we don't fake everything. But those regressions should be caught too by the integration tests. [19:42] ok [19:42] and on the integration tests we don't fake any of the dependencies. [19:43] elopio: in that case I'm comfortable with your position; I just want to make sure we continue to have strong archive-level CI for this package, which it sounds like you're covering [19:44] slangasek so about the SRU bug now :-) [19:44] slangasek: great, thanks. [19:44] slangasek can I create a bug with a xenial/yakkety task title "New upstream version X.X.X" with a link to our milestone with all the fixed bugs and features in the summary? [19:44] and maybe a link to the wiki with the exception [19:45] ah, that's the umbrella you were talking about. [19:45] elopio yes [19:46] sergiusens: yes [19:50] slangasek works for me, thanks! [19:51] sergiusens: please call it the same as mvo is doing for snappy. It's like [SRU] New stable micro release X.X.X [19:51] PR snapcraft#632 closed: Refactor and update the logic that deals with the snap-push store endpoint [19:51] sergiusens: when you have a minute, how do I do that unit test coverage? how do I test checksumming in the unit test? :) [19:52] tsimonq2 run ./runtests.sh unit && python3-coverage html [19:52] tsimonq2 apt install python3-coverage if not there [19:52] sergiusens: I know how to test, how do I code the unit tests? basically, the clarifying question kyrofa asked [19:52] (for my PR) [19:54] tsimonq2 either create some zips or tars on the fly which you would know what they compute to or mock some things out. Final judgement should come from our QA master elopio though ;-) [19:55] ohh, I need to leave! [19:55] elopio? do you agree? we're talking about how to do the coverage for snapcraft#619 [19:55] PR snapcraft#619: Add source-checksum option for tar and zip sources (bug 1585913) [19:57] tsimonq2: yes, I agree. Ideally, check the sum in a real file, not mocking. [19:58] thanks elopio :) [19:58] thanks to you. [19:58] time to hack [20:07] jdstrand: does this look like the right approach? http://paste.ubuntu.com/18729680/ [20:07] PR snapd#1490 closed: overlord: implement &Retry{After: duration} support for handlers [20:07] jdstrand: I wonder how to do that to see the deny in syslog somehow [20:10] zyga: deny in syslog is difficult. you can dmesg|tail -1|grep 'DEN...' but it has the potential to be racy [20:10] zyga: but yeah, that looks like a fine test [20:11] jdstrand: I'll try to include some sort of audit trail there [20:11] jdstrand: I could fork a journalctl -f and kill it later [20:12] jdstrand: thanks, I'm reading your test [20:12] jdstrand: one personal preference, quote arguments to echo [20:12] anyone around that can help with snapcraft 1.x - trying to get lsusb to work on snappy [20:12] zyga: you can probably make that pretty good by adding 10 entries with logger that don't match and then tail -10 [20:12] I have a snapcraft file ready if someone could take a look [20:13] zyga: I normally like that myself, but wasn't sure how well that played with yaml [20:13] DT01: hey, on 1.0 and 15.04 that could be tricky, not sure if possible [20:13] zyga: that test was pretty annoying to write btw :P [20:13] jdstrand: I think it works because the whole part there is "free form text" - or so it seems [20:15] zyga: it builds and installs but when it runs it says that it cannot find libusb-1.0.so.0. Even though it is in the stage\build section [20:15] DT01: after that you'd be hit by confinement [20:16] jdstrand: can each test have restore and setup? I think it would be nicer for readability if we start to move long setup code to per-test prepare section [20:16] zyga: so I need to run in unconfined mode? [20:16] btw this is for a personal system not to be published [20:16] DT01: yes and I don't remember how much of that existed in 15.04 [20:17] zyga: idk [20:17] hmmm, I will take a quick stab at that [20:17] zyga: I was treating each dir as per-test and therefore the setup is per-test, but maybe there are other ways of doing it [20:18] jdstrand: what do you mean by remote environment variables? [20:18] jdstrand: AFAIR spread supports them [20:18] zyga: I found out the 'environment' runs the $(...) code locally and injects it to the remote end [20:19] zyga: see backscroll in this channel. I wanted to do environement: OSNAP=$(ls ...), but that ls is run on my laptop, not on the remote end [20:19] jdstrand: there's also [] [20:19] jdstrand: [SOMETHING] [20:19] * zyga looks at spread docs [20:20] zyga: I tried that, but it didn't work [20:20] zyga: I talked to Gustavo and he said that environment is currently there to support SPREAD_LINODE_KEY and not what I was doing [20:21] jdstrand: I think I see what this does, it runs locally [20:21] jdstrand: and sends the interpolated value already [20:22] yes [20:22] based on what he said and I observed [20:24] jdstrand: FYI I just checked that you can have a prepare/restore per task [20:29] "owner died" geez [20:29] zyga: https://launchpad.net/ubuntu/+source/snap-confine has 1.0.35 now \o/ [20:30] PR snapcraft#627 closed: Added new maven-targets option to maven plugin [20:35] elopio: with my PR, to check the checksum, do I use hashlib or the function defined in snapcraft/internal/sources.py and if it's the latter, how would I go about calling it? [20:39] PR snapcraft#638 opened: Re-create feature/maven-targets branch for snapcraft [20:44] mwhudson: that's good, making .36 today :) [20:44] zyga: no rest for the wicked! [20:44] mwhudson: not in this world [20:44] hopefully i won't screw up the gbp interactions so many times today [20:44] mwhudson: I didn't manage to fix yakkety snapd tests [20:45] mwhudson: no idea why that fails, I did a chmod on the two environment files that debian/tests scripts create [20:45] mwhudson: but no difference [20:45] zyga: i have a vm which i'm going to run the tests in by hand [20:46] zyga: but my qemu-fu is pretty weak [20:46] mwhudson: I have a vm with yakkety but I don't know how to run those tests without any abstractions in the way [20:46] mwhudson: but I'm almost sure this is the testbed, not snapd that is at fault [20:47] zyga: i guess staring at the diff between 2.0.2 and 2.0.3 might also be interesting [20:47] mwhudson: I dind't think of that [20:47] mwhudson: but it could be substantial :/ [20:48] mwhudson: maybe the diff between debian/tests is smaller [20:48] 15k lines, haha [20:48] zyga: i wonder if it just adds the test that fails or something... [20:51] mwhudson: you mean debian/tests or snapd in general? [20:52] snapd in general [20:52] but i'm just guessing here [20:52] debian/tests/integrationtests looks fairly different to what's in 2.0.10 [20:55] mwhudson: can we patch it somehow to run just the failing test [20:55] mwhudson: to make iteration faster [20:55] mwhudson: in general it takes ~30 minutes for me to run it to failure [20:55] must be possible somehow yeah [20:56] jdstrand: my spread tests are improving [20:56] jdstrand: I should be able to see the exact failure soon [20:56] cool :) [20:56] jdstrand: I've uploaded snapd-hacker-toolbelt 0.2 that adds $SNAP/mnt as a mount point for testing [20:57] zyga: feels like this "resume test after reboot" stuff must be related [20:58] mwhudson: hmmm [20:58] mwhudson: maybe snappy updates itself [20:58] *raises big red flag* elopio, sergiusens: I didn't touch snapcraft/storeapi/__init__.py , did a local merge that involved that file, and my static tests are failing with the following error: snapcraft/storeapi/__init__.py:405:15: F821 undefined name 'e' and I just confirmed that in my clean master branch I'm getting the same eorrr [20:58] *error [20:58] mwhudson: and something something reexec happens [20:58] elopio, sergiusens: so this is on master and the static tests are failing [20:58] tsimonq2: git diff? :) [20:58] zyga: I checked that [20:58] zyga: all clean [20:59] tsimonq2: git log -p on that file? [20:59] * tsimonq2 checks it out in /tmp and confirms again [20:59] zyga: heh heh when we worked on pypy there were internal jokes about "stuff occuring" whenever we didn't know what was going on [20:59] mwhudson: the local quantum fluctuation added 'e' there [21:00] elopio, sergiusens: also confirmed in a clean checkout [21:00] tsimonq2: locally installed package with a typo? [21:00] zyga: huh? [21:01] zyga: clone master locally, git pull origin master, then ./runtests static throws a failure [21:01] tsimonq2: do you have the same python package installed locally? [21:02] zyga: I'll need to play with snapd-hacker-toolbelt sometime [21:02] tsimonq2: I had plenty of cases where my /usr/lib/python3/site-packages/ would have something [21:02] jdstrand: it's just busybox :> [21:02] jdstrand: I will publish that somewhere [21:02] zyga: I don't know what you are saying [21:02] jdstrand: should this say anything? I don't see any denial dmesg | grep DENIED [21:03] weird [21:03] really weird [21:03] it passes on Travis... [21:03] tsimonq2: what is the code, snapcraft? [21:03] zyga: yeah [21:03] tsimonq2: is python3-snapcraft installed? [21:03] zyga: E: Unable to locate package python3-snapcraft [21:03] hmmm [21:03] how about snapcraft itself [21:04] yep installed [21:04] 2.12 [21:04] tsimonq2: just sanity,remove it and try again [21:05] zyga: snapcraft is uninstalled and it still [21:05] *still fails [21:05] if you are using 'audit deny' and it tries to mount, it should, yes. you might want to: sysctl -w kernel.printk_ratelimit=0 [21:06] tsimonq2: hmmmm [21:06] ah, thanks [21:06] jdstrand: how to undo that [21:06] what's the default? [21:09] jdstrand: audit deny or deny audit? [21:10] zyga: to undo, grab 'sysctl kernel.printk_ratelimit' then feed back in later: sysctl -w kernel.printk_ratelimit=$prev [21:10] jdstrand: it deoesn't work [21:11] jdstrand: digging deeper [21:12] spread is fantastic [21:12] I don't like only one thing about it [21:12] I prefer --options [21:12] but everything else is just amazingly useful [21:12] the default is to deny and log. when you add a rule it allows it with no logging. to deny it without logging, specify only deny. to explicitly deny and log, use audit deny. I always use audit first. I never thought it mattered but looking at apparmor.d, audit might need to be first [21:13] ha [21:13] trying that [21:13] because the thing does "work" (busybox true fails) [21:13] nice [21:13] zyga: it is possible that kern messages aren't going to syslog [21:14] zyga: they should if it is Ubuntu, but perhaps the syslogger is setup different [21:14] jdstrand: this is 16.04 so ... they should [21:15] zyga: I saw denials with 'dmesg'-- do you see anything there? [21:15] Anyone seen this before: findfs: unable to resolve 'LABEL=writable' [21:16] niemeyer: looks like the partition doesn't have the filesystem label [21:16] niemeyer: then we don't boot far [21:16] niemeyer: I saw it while fiddling with images [21:16] niemeyer: are you trying to get an all-snap image into linode? [21:16] zyga: The label is properly set [21:16] Yeah [21:16] jdstrand: successs :) [21:16] cannot mount /snap/bin at /snap/snapd-hacker-toolbelt/current/mnt with options bind,ro. errmsg: Permission denied [21:16] woot [21:16] niemeyer: hmm [21:17] jdstrand: a few more tweaks and I'll use this test as a base [21:17] jdstrand: I'm using SNAP_CONFINE_DEBUG [21:17] jdstrand: then it just puts errors on stderr and I can check that easily [21:18] [ 4389.271507] audit: type=1400 audit(1467926268.960:29): apparmor="DENIED" operation="mount" info="failed srcname match" error=-13 profile="/usr/lib/snapd/snap-confine" name="/snap/snapd-hacker-toolbelt/2/mnt/" pid=4382 comm="ubuntu-core-lau" srcname="/snap/bin/" flags="rw, bind" [21:18] jdstrand: so the order DOES matter [21:19] jdstrand: we can grep for "deny audit" vs "audit deny" perhaps [21:19] tsimonq2: are you on xenial or yakkety? [21:20] elopio: yakkety [21:20] zyga: snapd and snap-confine don't otherwise use 'deny audit' (just checked) [21:21] tsimonq2: yes, it happens only with yakkety's flake8. Please report a bug. [21:21] elopio: alright thanks [21:21] elopio: I think I'm almost done too! [21:22] jdstrand: thanks! [21:22] Someone else reported the same thing in April, with no feedback: https://lists.ubuntu.com/archives/snappy-devel/2016-April/001729.html [21:23] hohoho [21:23] niemeyer: fedora 25 can find snaps in the store :> [21:23] niemeyer: in gnome-software [21:23] so so cute :> [21:23] Sweet :) [21:24] just watched this on G+ [21:24] :D [21:24] that's fantastic to see [21:25] I suspect this will land in Arch soon :) [21:26] I'm just going to watch that again [21:26] to let it sink in : [21:26] :> [21:26] niemeyer: btw, did I say how much I love spread? [21:27] zyga: :D [21:27] niemeyer: I talked about exactly having something like spread at the sprint to fgimenez and elopio and you made it :-) [21:28] elopio: another thing while you are around. https://github.com/snapcore/snapcraft/pull/619/files#diff-3ce6f0422479e72d9db0860efb0e7b42R132 should cuase the test to fail, I did that intentionally for debugging perposes. It doesn't. https://github.com/snapcore/snapcraft/pull/619/files#diff-e6205a80af76b4faec1d9241dc3b3b7cR177 is what should cause it to fail but it isn't [21:28] PR snapcraft#619: Add source-checksum option for tar and zip sources (bug 1585913) [21:28] elopio: I can't figure out what the problem is [21:29] elopio: otherwise, my PR is ready for a full review [21:31] jdstrand: look at this test please: https://github.com/snapcore/snap-confine/pull/73/commits/9b09f3a2e574bb7782b5be5beaefa4e6cc74ddd6 [21:31] PR snap-confine#73: Update apparmor profile for snap-confine === devil is now known as Guest36675 [21:34] elopio: /o\ scratch that, still thinks I have no unit test coverage... ahh [21:35] tsimonq2: run it locally. [21:35] sergiusens: latest test of master and staging fails because the snap we are uploading needs a manual review. [21:35] https://travis-ci.org/snapcore/snapcraft/jobs/143148743 [21:36] elopio: I did [21:36] tsimonq2: and it fails locally? [21:36] elopio: the problem is, because the test doesn't fail, it isn't verbose [21:36] elopio: it's supposed to fail but it doesn't [21:36] elopio: (unit tests) [21:37] tsimonq2: have you used pdb? [21:37] elopio: never heard of it === Guest36675 is now known as devil_ [21:38] tsimonq2: add this line before https://github.com/snapcore/snapcraft/pull/619/files#diff-e6205a80af76b4faec1d9241dc3b3b7cR177 : import pdb; pdb.set_trace() [21:38] PR snapcraft#619: Add source-checksum option for tar and zip sources (bug 1585913) [21:38] that's a debugger. Enter n to jump to the next line. You can print a variable with p var_name. [21:39] wow that's awesome! :D [21:39] heh :) [21:39] https://docs.python.org/3/library/pdb.html [21:39] you should try gdb some day [21:39] tsimonq2: read that ^. [21:39] like pdb but also down to the metal [21:40] elopio: how do I run coveralls locally? [21:41] tsimonq2: install python3-coverage. Coveralls is just a way to display the report, not something you run locally. [21:42] elopio: oh I see [21:42] * tsimonq2 remembers now :D [21:43] zyga: I hacked it to only run the failing test, it passes of course [21:44] mwhudson: since it failed on some service still running I suspect it's bleeding the previous ttest that is causing the next one now [21:44] zyga: certainly plausible [21:52] elopio: so when I run the unit tests, am I supposed to get a debugger? because I'm not [21:52] I forked the test to cover both cases [21:53] I'll also have to patch the earlier tests that now fail because mount profiles got more constrained [21:53] elopio: and the coverage statement tells me that all three of my if/elif statements never returned to true [21:53] but we're looking good :) [21:54] tsimonq2: then put the breakpoint earlier, you are not hitting that statement. [21:54] alright elopio [21:54] zyga: ah --shell-fail finally worked for me [21:54] mwhudson: did you change anything? [21:55] zyga: when i log in, systemctl status snap-basic\\x2dbinaries-100001.mount is bad [21:55] mwhudson: for me it printed commands, none of which worked [21:55] Jul 08 09:49:37 autopkgtest mount[2148]: mount: special device /var/lib/snapd/snaps/basic-binaries_100001.snap does not exist [21:55] mwhudson: explore, why is it bad [21:55] oh [21:55] is that snap gone? [21:55] zyga: oh hm, no the ssh command worked for me [21:55] zyga: no, its there [21:55] zyga: and in fact i can run sudo systemctl start snap-basic\\x2dbinaries-100001.mount and it starts [21:56] zyga: could be a race? /me guesses wildly [21:56] hmmmm :< [21:56] I doubt it, we put the unit in place after we've looked at the squashfs file [21:59] mwhudson: anything in snapd log? [21:59] zyga: journalctl -u snapd? [21:59] or something else? [21:59] that should be it [22:00] Day changed to 08 lip 2016 [22:00] geee, thanks irssi [22:00] I wonder if any other irc client says that [22:00] quassel does [22:01] zyga: some stuff, yeah http://paste.ubuntu.com/18738038/ [22:01] hmmm [22:01] one thing is very wrong [22:01] Jul 08 09:49:38 autopkgtest /usr/lib/snapd/snapd[2060]: taskrunner.go:234: DEBUG: Running task 33 on Do: Mount snap "basic-service" [22:02] Jul 08 09:51:08 autopkgtest /usr/lib/snapd/snapd[2060]: task.go:250: DEBUG: 2016-07-08T09:51:08+12:00 ERROR [start snap-basic\x2dservice-100001.mount] failed with exit status 1: Warning: snap-basic\x2dservice-100001.mount changed on disk. Run 'systemctl daemon-reload' to reload units. [22:02] A dependency job for snap-basic\x2dservice-100001.mount failed. See 'journalctl -xe' for details. [22:02] Jul 08 09:51:08 autopkgtest /usr/lib/snapd/snapd[2060]: taskrunner.go:234: DEBUG: Running task 32 on Undo: Prepare snap "/tmp/snapd-sideload-pkg-316559037" [22:02] (sorry for pasting like that) [22:02] ah, no sorry [22:02] I though it's ignoring the error and carrying on but it is in fact undoing the thing [22:02] mwhudson: can you reproduce this if you run this in a loop? [22:03] I mean the whole testbed [22:03] and if so, how fast can you run it? [22:04] zyga: it seems pretty reproducible yeah [22:04] and it takes, uh, 10mins to run? [22:04] mwhudson: I was wondering if we can patch snapd to run deeper syslog dump when that fails [22:04] zyga: can certainly try that [22:04] mwhudson: or can you see that manually after logging in? [22:04] zyga: i don't know, am happy to try things :) [22:05] mwhudson: I have no idea why this might fail, I'm just trying to see beyond: [22:05] Jul 08 09:51:08 autopkgtest /usr/lib/snapd/snapd[2060]: task.go:250: DEBUG: 2016-07-08T09:51:08+12:00 ERROR [start snap-basic\x2dservice-100001.mount] failed with exit status 1: Warning: snap-basic\x2dservice-100001.mount changed on disk. Run 'systemctl daemon-reload' to reload units. [22:05] A dependency job for snap-basic\x2dservice-100001.mount failed. See 'journalctl -xe' for details. [22:08] zyga: oh hm, maybe http://paste.ubuntu.com/18738572/ ? [22:08] zyga: btw did you see https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1599799 ? [22:08] Bug #1599799: snapd > 2.0.2 fails on yakkety [22:08] that latest paste does look a little more informative [22:09] mwhudson: I saw it, I've added a comment to it [22:09] mwhudson: Jul 08 09:51:08 autopkgtest systemd[1]: dev-loop2.device: Job dev-loop2.device/start timed out. [22:09] Jul 08 09:51:08 autopkgtest systemd[1]: Timed out waiting for device /dev/loop2. [22:09] this looks wrong :/ [22:09] oh yes, so you ddid [22:11] https://bbs.archlinux.org/viewtopic.php?id=196083 suggest this is when the source doesn't exist but I find that hard to believe [22:12] does seem unlikely [22:22] * zyga iterates on mount tests [22:47] ro test done, rw test almost done [22:47] I changed the testing approach but the test is still valid [22:48] jdstrand: around? [22:48] jdstrand: I realized that there's no reason for allowing rw mounts [22:48] jdstrand: since we constrain to $SNAP anyway [22:48] jdstrand: ... they are always read only now [22:53] sergiusens: I'm once again hitting the issue where #! lines in python scripts point to my stage directory, rather than to the bundled python within the snap. I've tried making 'command' both reative within the snap, and just the command name, with no l uck [22:53] sergiusens: at what point is the #! line supposed to get rewritten? [23:08] jdstrand: I've updated https://github.com/snapcore/snap-confine/pull/73 [23:08] PR snap-confine#73: Update apparmor profile for snap-confine [23:08] jdstrand: if you feel that is sufficient now please merge it [23:20] * zyga EODs [23:24] Hey does anyone know if there will be 16.04 images of snappy available? I noticed that there weren't any for 15.10 [23:25] chasinglogic: there will be, we're working on the fine details [23:26] chasinglogic: when is more complicated but I'm already EOD and tired today [23:26] zyga: if I grab the 15.04 image will I be able to upgrade [23:26] chasinglogic: no [23:26] zyga: cool thanks for the info!