[02:47] <qengho> How does my Qt snapped app know what theme it should use? Qt is Martian technology and I don't understand it.
[03:14] <Croepha> qengho: you can use env variables
[03:15] <qengho> Croepha: that makes sense. I must not know what to use, because none I try changes it. I wish to use Humanity theme. What var and value?
[03:17] <Croepha> I dont have experience with QT styles, but for QT to work right, you need QT_PLUGIN_PATH to get to the platfrom plugins
[03:17] <Croepha> https://wiki.archlinux.org/index.php/Uniform_look_for_Qt_and_GTK_applications says to use QT_STYLE_OVERRIDE
[03:18] <Croepha> there might also be a programatic way to do it
[03:18] <Croepha> not sure
[03:18] <Croepha> you might want to use strace to see if the app is actually trying to load anything
[03:19] <qengho> I used strace. It's looking for hicolor only.
[03:19] <Croepha> have you tried QT_STYLE_OVERRIDE='gtk2'
[03:20] <qengho> I thought so. I'm trying again.
[03:20] <Croepha> you might also want to try printing out the env from the app, to make sure that your env isn't getting dropped
[03:21] <Croepha> I have a bash script inside of my snap that sets the required vars
[03:21] <Croepha> probably a better way would be to set the vars from inside the app
[03:21] <qengho> I have a wrapper too.
[03:21] <Croepha> anyway, im not sure I can help, because I haven't messed with styles
[03:22] <qengho> Okay then.
[04:31] <RyanTG> How do I give the VLC snap package access to my DVD drive?
[04:37] <RyanTG> I already have snapd-2.0.10 which is supposed to make DVDs usable with VLC, so what am I missing?
[04:38] <RyanTG> found it: snap remove vlc && apt-get install vlc
[04:39] <liuxg> if a snap needs a debian package, but it does not exist in the ubuntu archive, I can get the .deb file locally, how can I make use of the .deb file? thank
[05:13] <qengho> liuxg: There's no way to import a deb file, only a named APT package. You could make a plugin to unpack it and install it.
[05:16] <liuxg> qengho, I do not know how. This is a valid use case. For example, in China, there are some debian files which are not in the ubuntu archive (input method), there is no way to use stage-packages to do that. I think it would be good to support it in the snapcraft.
[05:17] <qengho> liuxg: I agree it would. Please file a bug report to explain what you want.  $ ubuntu-bug snapcraft   # maybe?
[05:17] <liuxg> qengho, sometimes, we need to add a specific ppa to get a software installed.
[05:17] <liuxg> qengho, sure, I will do that. thanks
[05:19] <qengho> liuxg: In the mean time, you can put a file at parts/plugins/x-deb-file.py , and extend  snapcraft.BasePlugin .  In your snapcraft, "plugin: deb-file" .
[05:20] <liuxg> qengho, is there any document for this? I want to have a better picture of this about how to do it. thanks.
[05:21] <qengho> liuxg: Yes. Google "write snapcraft plugins"
[05:23] <liuxg> qengho, OK. many thanks!
[05:23] <qengho> :)
[05:24] <liuxg> qengho, by the way, i have created a bug report at https://bugs.launchpad.net/snapcraft/+bug/1604669
[05:24] <mup> Bug #1604669: Support Installing a local deb package in the snapcraft <Snapcraft:New> <https://launchpad.net/bugs/1604669>
[05:26] <qengho> liuxg: defining an APT source is useful too
[05:28] <liuxg> qengho, how can I define an APT source for it? https://github.com/snapcore/snapcraft/blob/master/docs/snapcraft-syntax.md, at the link, I did not find anything about it.
[05:28] <qengho> liuxg: I'm suggeting anther bug report.
[05:28] <qengho> another
[05:29] <liuxg> qengho, yes, I think it is a good idea :)
[05:29] <liuxg> qengho, let me create one for it. thanks
[05:31] <liuxg> qengho, there is a bug https://bugs.launchpad.net/snapcraft/+bug/1583236, it seems that APT is already supported?
[05:31] <mup> Bug #1583236: snapcraft APT sources checking too strict <Snapcraft:New> <https://launchpad.net/bugs/1583236>
[05:31] <liuxg> qengho, but I do not find it in any of the documents. it is weired.
[05:32] <qengho> Hah, I filed that one. it refers to the system sources.list
[05:33] <liuxg> qengho, so, it is not for the snapcraft?
[05:33] <qengho> liuxg: That means that when installing stage-packages: or build-packages:, warnings cause failure.
[05:34] <qengho> It has nothing to do with other sources from snapcraft configuratio.
[05:35] <liuxg> qengho, so the API support for the snapcraft  is that it can install debian pacakges from other sources, right? Is this not supported? I just want to clarify this.
[05:36] <qengho> liuxg: it is not supported to have your snapcraft refer to a package that is not in the distro or the local system's global source list.
[05:36] <liuxg> qengho, OK. thanks..
[05:40] <liuxg> qengho, I have filed a bug at  https://bugs.launchpad.net/snapcraft/+bug/1604671. would you please take a look at it? thanks
[05:40] <mup> Bug #1604671: Adding APT source support in the snapcraft <Snapcraft:New> <https://launchpad.net/bugs/1604671>
[05:40] <qengho> Cool.
[05:41] <qengho> liuxg: Looks good to me.
[05:41] <liuxg> qengho, nice. thanks!
[05:41] <qengho> liuxg: Where are you physically?
[05:41] <liuxg> qengho, I am physically in Beijing, China. How about you?
[05:42] <qengho> Taipei. Just noticing your name and wondering if you were near.
[05:43] <liuxg> qengho, good to know you. Are you from canonical?
[05:44] <qengho> Yes.
[05:44] <qengho> Though snappy is not what I work on usually.
[05:45] <liuxg> qengho, oh, really? I am actually from phone team too :). by the way, I cannot find your irc nick name in our directory.
[05:46] <qengho> lp:~cmiller
[05:47] <liuxg> qengho, oh, you are from US. nice to meet you :)
[05:47] <qengho> Likewise.
[05:50] <liuxg> qengho, today, I tried to install the telegram app onto my desktop. I got the Chinese fonts in the snap. However, the input method does not work for me. I am wondering whether I need to install the input method into the snap.
[05:50] <liuxg> qengho, the problem is that I can only get the deb package for the input method.
[05:51] <qengho> I see. Hmm. I would think you don't need the input method in the snap.
[05:51] <liuxg> qengho, I used to develop a Qt-based phone app and convert it to a snap. the characters are shown correctly unlike the telegram one.
[05:53] <liuxg> qengho, then,  the Chinese characters are all shown as rectangle blocks :(
[05:53] <qengho> liuxg: You *do* need fonts in the snap.
[05:53] <liuxg> qengho, yes, I have installed the fonts already.
[05:54] <liuxg> qengho, strange, right? http://paste.ubuntu.com/20145372/, this is the modified snapcraft.yaml
[05:55] <liuxg> qengho, the Chinese input method does not work at all. I cannot input Chinese characters.
[05:55] <liuxg> qengho, the original source code is at https://github.com/sergiusens/telegram-snap
[05:57]  * qengho casts spell Summon Sergi.
[06:00] <qengho> liuxg: sorryy, I do'nt know.
[06:01] <liuxg> qengho, anyway, it is fine. it is just sth I experienced. internationalization is definitely one of the concerns. I think it would be easier to have the language support in the snapcraft as well.
[06:41] <mup> PR snapd#1573 opened: asserts/tool,cmd/snap: introduce hidden "snap sign" <Created by pedronis> <https://github.com/snapcore/snapd/pull/1573>
[06:42] <mup> PR snapcraft#672 closed: Capture the correct exception when not being able to decode json <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/672>
[06:45] <mup> PR snapd#1568 closed: Enable SNAPPY_STORE_AUTH_DATA_FILENAME override for client auth data <Created by absoludity> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/1568>
[06:57] <mup> PR snapd#1574 opened: tests: add network-control interface spread test <Created by fgimenez> <https://github.com/snapcore/snapd/pull/1574>
[07:00] <dholbach> hey hey
[07:33] <mup> PR snapcraft#674 opened: Add reference.md <Created by elopio> <https://github.com/snapcore/snapcraft/pull/674>
[07:40] <liuxg> dholbach, ping
[07:41] <dholbach> liuxg, pong
[07:41] <liuxg> dholbach, I just found that "snap run". but I do not how to use it. I tried it for the "hello-world" exmaple, it does not work. what should be the correct way to run it?
[07:42] <liuxg> dholbach, I have tried it like "snap run hello-world" or "snap run hello-world.env", both did not work.
[07:46] <dholbach> liuxg, you could ask all the others in the channel too - I'm not a snapd developer :-)
[07:47] <dholbach> I have never used "snap run" yet
[07:47] <pmp> liuxg: to run the hello-world-snap simply run hello-world
[07:48] <pmp> snap is mainly for installing and managing snaps
[07:48] <liuxg> dholbach, yes, it is a little strange. I have seen its help by running "snap run -h", and it shows something like http://paste.ubuntu.com/20152247/
[07:48] <pmp> liuxg: hello-world.echo for example
[07:49] <liuxg> pmp,  yes, that is what I normally use. However, what is the "run" command for there?
[07:49] <pmp> liuxg: sorry, have never seen or used it myself
[07:49] <liuxg> pmp, yes, I understood that. But why there is a "run" command when I run "snap --help"
[07:50] <liuxg> pmp, it is a little confusing in that sense. if there is a command like "run", we can do sth like "snap run xxx".
[07:50] <liuxg> pmp, maybe it simply means that way you talked about. Then the help is a little bit confusing there.
[07:52] <liuxg> from the syntax there in the help, it is sth like "snap [OPTIONS] run [run-OPTIONS] <app name>". it is supposed to run a snap app.
[07:52] <qengho> How does my Qt snapped app know what theme it should use? Qt is Martian technology and I don't understand it.
[07:53] <qengho> I have heard that one can set an environment variable of some kind, to affect it, but that seems to be lies lies lies.
[07:53] <liuxg> qengho, I think insider your Qt app, you can point what theme it should use.
[07:53] <qengho> liuxg: Inside how? I run a snapped app. I get broken thee.
[07:54] <qengho> theme
[07:54] <liuxg> qengho, inside your MainView, there is a "theme" property.
[07:54] <qengho> I am not going to edit the source.
[07:56] <liuxg> qengho, http://paste.ubuntu.com/20152716/, you can assign the theme you want to use
[07:56] <liuxg> qengho,   theme.name :"Ubuntu.Components.Themes.SuruDark"
[08:01] <qengho> liuxg: It seems to be set to Ambiance. strace doesn't try to access Ambiance files, though, only hicolor .
[08:01]  * qengho afk, back later.
[08:02] <liuxg> qengho, I have a test project for ubuntu phone at https://github.com/liu-xiao-guo/theme. I think you probably need to package the theme stuff as well.
[09:06] <mwhudson> zyga: are you going to release snap-confine again today? :)
[09:10] <leousa> hey folks, is it possible to package a Mono based app that runs perfectly on the desktop as a snap?
[09:12] <dholbach> leousa, I wouldn't see why not, but haven't heard of somebody try it yet
[09:13] <dholbach> somebody did a MonoGame apparently: http://askubuntu.com/questions/779315/how-do-i-create-a-snap-for-a-monogame-application
[09:14] <dholbach> leousa, what does the build use? is it autotools?
[09:15] <leousa> yeah i tried that, but didnt work, although im by no means a snappy expert
[09:15] <dholbach> is the source for the app available?
[09:16] <leousa> i have only found the binaries unfortunately
[09:16] <dholbach> ok
[09:17] <dholbach> in that case, just using the copy plugin should be a good start
[09:17] <dholbach> add the relevant dependencies to your stage-packages: definition
[09:17] <dholbach> and define the binary to be run in the apps: section
[09:17] <dholbach> let me see if there's a good example of something like that somewhere
[09:18] <leousa> ok great, thanks I appreciate that dholbach
[09:18] <dholbach> no worries
[09:19] <dholbach> https://github.com/ubuntu/snappy-playpen/tree/master/gitter-im could be a good start, it uses a Makefile to handle the custom download of a .deb package somewhere
[09:19] <dholbach> but you could easily replace that with    source: <url of tarball or zipfile>
[09:19] <leousa> i tried ldd to find the package dependencies, there were quite a few, but had issues building the yaml file
[09:19] <leousa> nice, ill have a look at it
[09:20] <dholbach> or https://github.com/ubuntu/snappy-playpen/tree/master/jtiledownloader
[09:20] <dholbach> leousa, which issues did you run into?
[09:20] <dholbach> can you pastebine the snapcraft.yaml file?
[09:21] <leousa> ok give me a min
[09:22] <dholbach> sure sure :)
[09:25] <leousa> http://pastebin.com/9RUCJZnD
[09:26] <dholbach> cool, checking
[09:27] <dholbach> ok, you could copy over the Forgotten\ Myths\ CCG.x86 file from wherever you get it from? Is it a tarball or something?
[09:27] <dholbach> and you could use the package names for the libraries you're listing and add them to stage-packages:
[09:27] <dholbach> let me try it
[09:29] <leousa> you can get the files from this link
[09:29] <leousa> https://drive.google.com/file/d/0B6jna1aYT5M1UHpPNHJ6dER5OXc/view
[09:31] <leousa> it is a game that runs nice on the Ubuntu desktop, and wanted to package as a snap
[09:33] <kalikiana> So... after rebooting all of my snaps do this:
[09:33] <kalikiana> htop
[09:33] <kalikiana> failed to create user data directory. errmsg: Permission denied
[09:34] <kalikiana> On gitter it was suggested it could be related to my home being encrypted
[09:34] <dholbach> leousa, something like this? http://paste.ubuntu.com/20158963/
[09:34] <dholbach> kalikiana, does scanlog say anything when you start the app?
[09:34] <kalikiana> what's scanlog?
[09:34] <dholbach> http://askubuntu.com/questions/783979/how-do-i-debug-snaps
[09:34] <kalikiana> Reading
[09:35] <kalikiana> dholbach: Well, how would I run that? :-D
[09:35] <dholbach> ?
[09:35] <kalikiana> That's a snap...
[09:36] <dholbach> Right, you install the snap, run the commands on that page, keep the terminal open...
[09:36] <dholbach> then run your snap
[09:36] <kalikiana> No, you don't get my problem: Any snap I run aborts.
[09:36] <dholbach> ok, sorry, I missed that bit
[09:36] <kalikiana> snappy-debug.security scanlog
[09:36] <kalikiana> failed to create user data directory. errmsg: Permission denied
[09:37] <dholbach> does "snap changes" say anything?
[09:37] <dholbach> is snapd in a clean state?
[09:38] <kalikiana> Yes, afair all is good, nothing "pending".
[09:38] <kalikiana> (That was why I rebooted, I couldn't resolve it otherwise)
[09:39] <dholbach> I guess you need to ping zyga, mvo, pedronis and Co
[09:39] <dholbach> I don't know
[09:40] <kalikiana> ls -lA ~/ | grep snap
[09:40] <kalikiana> drwxrwxr-x 15 cris cris 4,0K Jul 20 11:31 snap
[09:40] <kalikiana> drwx------  2 cris cris 4,0K Jun 19 00:33 .snap
[09:40] <kalikiana> Those are my snap folder permissions if that has any relevance
[09:41] <leousa> ok some progress, but throws error: Error downloading stage packages for part 'fmyth': no such package 'libx11'
[09:43] <dholbach> sorry
[09:44] <dholbach> libx11-6
[09:46] <leousa> better
[09:46] <leousa> [Errno 2] No such file or directory: '/home/leo/Applications/FM0_9545_linux/parts/fmyth/build/Forgotten\\ Myths\\ CCG.x86'
[09:46] <leousa> funny thing is that directory and file exist
[09:50] <dholbach> hohum
[09:51] <dholbach> Do you think you can send a mail with your snapcraft.yaml (or a link to it) to the mailing list?
[09:51] <dholbach> I don't quite know how to solve this one.
[09:52] <leousa> sure thing i will send it
[09:52] <dholbach> fantastic
[09:59] <leousa> ok mail sent, thx again dholbach
[10:14] <kalikiana> Okay, I found a way to run snappy-debug.security: SNAP=/snap/snappy-debug/22 /snap/snappy-debug/current/bin/snappy-security-scanlog | more
[10:14] <mup> Bug #22: Legal Link <lp-foundations> <Launchpad itself:Fix Released> <https://launchpad.net/bugs/22>
[10:15] <kalikiana> og: apparmor="DENIED" operation="open" profile="/usr/bin/ubuntu-core-launcher
[10:15] <kalikiana> " name="/home/.ecryptfs/cris/.Private/" pid=26032 comm="ubuntu-core-lau" reque
[10:15] <kalikiana> sted_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000
[10:16] <kalikiana> So for some reason ubuntu-core-launcher is trying to read my encrypted folder
[10:17] <mup> PR snapd#1575 opened: osutil: check for nogrup instead of adm <Created by zyga> <https://github.com/snapcore/snapd/pull/1575>
[10:42] <Croepha> so, when snappy is doing a refresh/update, and you have custom kernels and custom os snap, does snapd know to just install newer versions of the same snaps?
[11:36] <mup> PR snapd#1575 closed: osutil: check for nogrup instead of adm <Created by zyga> <Merged by chipaca> <https://github.com/snapcore/snapd/pull/1575>
[12:08] <thurston> good morning all...  any help on figuring out some bugs?
[12:18] <lfaraone> Is there ethernet available anywhere at the hotel, by the by?
[12:20] <thurston> when i run my application's binary it runs with no warnings,  however when i run the application's snap, i get warnings about being unable to load libXrandr.so
[13:06] <Cavan> I just finished the tomcat-webapp snap and installed it, is there anyway for me to check if its working correctly?
[13:14] <Cavan> I just finished the tomcat-webapp snap and installed it, is there anyway for me to check if its working correctly?
[13:18] <Croepha> Cavan if its a daemon, you can check its logs via journalctl
[13:18] <ogra_> or just look at the processlist to see if it runs
[13:19] <dholbach> thurston, you're on amd64 I guess? it might be looking for 32bit libraries :-(
[13:19] <dholbach> thurston, it's something I just realised
[13:19] <ogra_> we ship libc for 32bit execution in the core snap
[13:19] <ogra_> but only that ...
[13:20] <Cavan> Croepha, how do I know which logs are produced by tomcat?
[13:21] <thurston> why would it work on my 64bit ubuntu laptop and not my 64bit ubuntu desktop?
[13:21] <sborovkov> Hello. Any ideas what could be wrong here - running my snap on armhf classic image. Application crashes  KeyError: 'getpwuid(): uid not found: - look like it can not access /etc/passwd or something related to that. Any ideas what's the differnce with usual snappy image (everything works there)?
[13:22] <Croepha> Cavan find service name via: systemctl list-unit-files '*snap*'  , then you can do journalctl -u "<service name>"
[13:23] <Croepha> thurston: i dont really know about the 64bit angle, but have you tried copying the .so file into the snaps usr/lib ? that usually works for me, but i fear xrandr might end up wanting more and more things until you have all of xorg in your snap
[13:24] <Croepha> thurston: thurston run ldd con your executable to see what its missing
[13:25] <thurston> oh cool, thats a neat command!
[13:26] <ogra_> sborovkov, i think snapd on classic just binad mounts the hosts /etcc/passwd readonly on top of the one in the core snap and does not use /var/lib/extrausers at all
[13:26] <Cavan> Croepha, the terminal output was 'UNIT FILE STATE  0 unit files listed.' is that normal or?
[13:27] <ogra_> i'm not sure if we want the extrausers stuff to actually be identical between native snappy and snappy on classic ... zyga would be the man to knw i guess
[13:27] <ogra_> *know
[13:27] <Croepha> Cavan, no, thats not normal, you should have a list of services, even without any snaps loaded, it should atleast match the system snap related services
[13:28] <Croepha> Cavan: What is your OS? and what is the command you used exactly?
[13:29] <Cavan> Ubuntu and ' systemctl list-unit-files 'tomcat-webapp-demo_1.0_amd64.snap''
[13:29] <Cavan> Croepha
[13:29] <thurston> should i paste the list here?
[13:30] <Croepha> Cavan: i meant literally '*snap*'
[13:30] <ogra_> on http://paste.ubuntu.com/
[13:30] <sborovkov> ogra_: so snap does not see the usual /etc/passwd? I have this error both in python and glib which causes assertion that stops everything
[13:30] <sborovkov> zyga: Hello, any idea ^^
[13:30] <ogra_> sborovkov, why do you need the passwd file at all ?
[13:30] <thurston> http://paste.ubuntu.com/20177325/
[13:30] <Croepha> Cavan: the '*snap*' is kinda like | grep snap for systemctl
[13:31] <Cavan> Croepha, ah thats brilliant thanks, it says the tomcat service is enabled.
[13:31] <sborovkov> ogra_: I don't need it myself. Glib get some of that during initialization. No idea why. I get this warning and consequent assert at the end of the function https://github.com/GNOME/glib/blob/master/glib/gutils.c#L671
[13:31] <Croepha> Cavan, ok, so the blahblah.service is the service name, so then you can do journalctl -u blahblah.service
[13:32] <sborovkov> ogra_: and PythonQt gets that as well. Idk for what purpose honestly
[13:34] <ogra_> sborovkov, aha, it seems to try to look up *your* UID
[13:34] <ogra_> yeahm thats definietly a zyga thing and possible a jdstrand one ....
[13:35] <thurston> the list of plugs I include in the .yaml include [x11, opengl, unity7]   and the app works on my laptop,  but not my desktop,  which use different nvidia drivers
[13:35] <ogra_> snap-confine would have to somehow get that into into the core snap before executing the app
[13:35] <ogra_> thurston, there is an open bug with the proprietary nvidia drivers
[13:36] <lool> davmor2: hey
[13:36] <lool> davmor2: ups, EPING
[13:36] <lool> davidcalle: heya
[13:36] <lool> davidcalle: around?
[13:37] <davmor2> lool: D'oh
[13:38] <thurston> and anyone else confirm for me that my snap won't run for them?
[13:44] <sborovkov> ogra_: any ideas how I could workaround that for now? Or do I need to wait for a fix basically?
[13:45] <ogra_> sborovkov, not sure, you could try bind mounting /etc/passwd on top of the ubuntu-core /etc/passwd ...
[13:45] <ogra_> that is indeed a gross hack
[13:46] <sborovkov> ogra_: eh, how would I do that?
[13:46] <sborovkov> I don't care if it's very big hack if I can application running for now :)
[13:47] <ogra_> mount|grep ubuntu-core ... to find the mountpoint for the highest version
[13:47] <ogra_> then mount --bind /etc/passwd /snap/mountpoint/etc/passwd
[13:48] <ogra_> you might need the same for shadow and group files too
[13:49] <sborovkov> understood, I will try that, thanks
[13:56] <sborovkov> ogra_: Should I file a bug for this?
[13:59] <jdstrand> sborovkov: if you specify the 'network' plug you get /etc/passwd (because the network plug uses the 'nameservice' apparmor abstraction)
[13:59] <sborovkov> jdstrand: Hmm. I have it though. (running in devmode btw)
[13:59] <sborovkov> As I mentioned above it's working in snappy image
[13:59] <jdstrand> I think you'll find that if we allowed /etc/passwd, then it would want /etc/group, then nsswitch.conf, then networking, etc
[13:59] <sborovkov> but not in classic
[14:00] <diddledan_> does snappy confinement prevent forking or have I got a duff compile of hexchat (the program I'm trying to snapify)?
[14:01] <jdstrand> sborovkov: oh, then that isn't a security policy thing. what it sounds like is happening is that /etc/passwd from the core snap is being used
[14:01] <diddledan_> the child process forked by the main client for each server is dying into [defunct] aka zombie state
[14:01] <jdstrand> diddledan_: snappy allows fork() be default. try getting it to work when installing in --devmode
[14:02] <thurston> whats the best way to include library files manually?
[14:02] <diddledan_> ok, devmode works
[14:02] <sborovkov> jdstrand: I tried mounting /etc/passwd, /etc/group, etc/shadow to ubuntu-core as ogra suggested to get it working with a hack. No luck though, still failing with the same error
[14:03] <diddletest> see? :-p
[14:03] <diddledan_> ok, so why does it die when used without devmode I wonder
[14:03] <jdstrand> sborovkov: ogra_ suggested waiting for zyga. he knows the current state of bind mounts and I suggest waiting for him (since we ruled out the security policy)
[14:04] <diddledan_> and thanks for the pointer, jdstrand
[14:04] <sborovkov> jdstrand: Understood, thanks.
[14:04] <jdstrand> diddledan_: use 'sudo snap install snappy-debug' then do: sudo /snap/bin/snappy-debug.security scanlog
[14:05] <jdstrand> diddledan_: that should show you (non-dbus) sandbox denials with suggestions on what you need to do
[14:06] <thurston> whats the best way to include library files manually?
[14:07] <diddledan_> ok, it looks like it's trying to bind - so plug network-bind might fix it
[14:10] <diddledan_> awesome. I think that's got it going
[14:10] <mup> PR snapd#1576 opened: interfaces/builtin: allow getsockopt for connected x11 plugs <Created by zyga> <https://github.com/snapcore/snapd/pull/1576>
[14:11] <jdstrand> diddledan_: great! :)
[14:11] <diddledan_> right. now to publish it
[14:13] <diddledan_> oh, I need to add a menu/launcher entry
[14:16] <lool> j-b: can you open https://myapps.developer.ubuntu.com/dev/click-apps/5203/ ?
[14:16] <j-b> lool: no.
[14:19] <ogra_> sborovkov, i'll poke zyga in real life once he comes out of the session (we are at a sprint currently)
[14:19] <lool> j-b: http https://search.apps.ubuntu.com/api/v1/search Accept:application/hal+json X-Ubuntu-Release:16 X-Ubuntu-Device-Channel:edge X-Ubuntu-Wire-Protocol:1 X-Ubuntu-Architecture:amd64 'q==vlc.caldav' fields==package_name,architecture,anon_download_url,confinement
[14:24] <thurston> whats the best way to include library files manually?
[14:25] <sborovkov> ogra_: thanks :)
[14:29] <lool> j-b: https://myapps.developer.ubuntu.com/docs API docs
[14:32] <kalikiana> jdstrand: Any suggestions on ucl chokin on ecryptfs? http://paste.ubuntu.com/20182986/
[14:33] <lool> j-b: http://195.154.102.74:8000/
[14:33] <timothy> kalikiana: it should be fixed in snap-confine 1.0.36
[14:39] <mup> Bug #1604848 opened: Create interface for unity8 scopes <Snappy:New> <https://launchpad.net/bugs/1604848>
[14:40] <thurston> whats the best way to include library files manually?
[14:46] <zyga> sborovkov: you should see the real /etc/passwd except for an all-snap system
[14:46] <zyga> sborovkov: http://pastebin.ubuntu.com/20184274/
[14:47] <ogra_> hmm, then it is weird that getpwuid_r() actually fails
[14:48] <zyga> sborovkov: run it in strace
[14:48] <zyga> sborovkov: or give me the apparmor / seccomp denial
[14:48] <zyga> didrocks: you can actually bind mount files
[14:48] <zyga> didrocks: so standalone .mo or anything is ok
[14:50] <kalikiana> timothy: How/when would I get that?
[14:51] <kalikiana> Where do I see what version I have?
[14:55] <thurston_> X Error:  BadValue
[14:55] <thurston_>   Request Major code 154 (GLX)
[14:55] <thurston_>   Request Minor code 3 ()
[14:55] <thurston_>   Value 0x0
[14:55] <thurston_>   Error Serial #22
[14:55] <thurston_>   Current Serial #23
[14:55] <thurston_> thats the error i get on my desktop
[14:55] <j-b> lool: done.
[14:57] <sborovkov> zyga: hmm how do I run service with strace?
[14:58] <sborovkov> zyga: I don't have any apparmor denials, I am running in devmode. Just getpwuid fails
[14:59] <sborovkov> zyga: I do see real /etc/passwd in ubuntu-core indeed. May be something else is missing, idk
[15:00] <Cavan> I'm trying to make a snp of Apache Calcite but I cant find a conf file to direct a Makefile, any tips?
[15:01] <mup> PR snapcraft#675 opened: Allow godeps to fetch Go dependencies <Created by stevenwilkin> <https://github.com/snapcore/snapcraft/pull/675>
[15:02] <magicaltrout> Cavan: doesn't calcite use maven?
[15:03] <Cavan> magicaltrout, I'm not too sure, if so would I just need to direct it to a git instead of a makefile?
[15:03] <magicaltrout> https://github.com/apache/calcite
[15:04] <magicaltrout> in which case
[15:04] <magicaltrout> you could use the maven plugin I expect
[15:05] <magicaltrout> https://github.com/ubuntu/snappy-playpen/blob/cc1e13ca60280c249034bfaa3766072387d38a22/wallpaperdownloader/snapcraft.yaml#L15
[15:06] <Cavan> magicaltrout, do I need 'calcite:         plugin: tar-content         source: http://www.apache.org/dyn/closer.lua?filename=calcite/apache-calcite-1.8.0/apache-calcite-1.8.0-src.tar.gz&action=download' or should I use the github you just sent? I'm really new to this sorry
[15:07] <magicaltrout> me too Cavan me too! ;)
[15:07] <magicaltrout> that tar ball would still need compiling as its a src bundle
[15:08] <Cavan> magicaltrout, thanks!
[15:09] <magicaltrout> any time chief
[15:13] <Cavan> magicaltrout, I've staged and snapped Calcite, any idea how I would check if its working correctly?
[15:14] <magicaltrout> okay as a disclaimer I'm a developer who has worked with calcite a bit over the years.... my understanding of it in its current state it that a build of calcite would just give you a few libs to hook up to stuff.....
[15:14] <magicaltrout> so I guess my question is, why calcite? and what are you try to achieve?
[15:16] <Cavan> magicaltrout, Calcite was picked at random to be honest, just seeing what I can do with Snapcraft really
[15:16] <magicaltrout> lol
[15:16] <magicaltrout> okay
[15:16] <magicaltrout> i'd pick something else
[15:16] <Cavan> magicaltrout, any recomendations on what would be better?
[15:17] <magicaltrout> sure there's lots of apache projects that would suit
[15:17] <magicaltrout> let me peruse the list and find some
[15:18] <magicaltrout> apache drill would be a good one Cavan if you're interested in data stuff
[15:18] <magicaltrout> its a nice wrapper around calcite in reality
[15:18] <magicaltrout> you could snap the spark engine
[15:18] <magicaltrout> karaf
[15:18] <magicaltrout> tomcat
[15:19] <magicaltrout> kafka
[15:19] <Cavan> magicaltrout, I'll give them all a go aha! Thanks very much
[15:19] <magicaltrout> nifi
[15:19] <magicaltrout> :)
[15:19] <magicaltrout> pick a project thats not just a library basically :)
[15:19] <jdstrand> kalikiana: yes, that is fixed in later ucl that hasn't landed yet. add this to /etc/apparmor.d/usr.bin.ubuntu-core-launcher: http://paste.ubuntu.com/20187635/
[15:19] <jdstrand> kalikiana: then do: sudo apparmor_parser -r /etc/apparmor.d/usr.bin.ubuntu-core-launcher
[15:20] <magicaltrout> zeppelin would be a good one as well Cavan
[15:21] <jdstrand> zyga, sergiusens (cc ratliff): hey, fyi some of the chrome/firefox interface issues can only be resolved once snap-confine 1.0.36 is in xenial. can one of you talk to JamieBennett or mvo to prioritize that SRU?
[15:21] <jdstrand> I'd ask them myself, but they aren't here now. I will continue to follow up with them
[15:23] <kalikiana> jdstrand: woot, everything works like a charm again.
[15:24]  * kalikiana was feeling incomplete with no snaps all day
[15:24] <kalikiana> thanks!
[15:26] <jdstrand> kalikiana: np. there are bugs for that. it is queued (and will be fixed in 1.0.36 which I just asked about)
[16:01] <zyga> jdstrand: ack
[16:04] <sborovkov> zyga: so any ideas what could be going wrong that getpwuid is not working
[16:12] <mup> Bug #1604880 opened: Missing inhibit interface <Snappy:New> <https://launchpad.net/bugs/1604880>
[16:18] <Croepha> not that I really care at this point, but ubuntu-core essentially has a built in key-logger... pretty much every console keystroke I make gets logged as a kernel debug message
[16:19] <mup> Bug #1604885 opened: Access to mounted USB drives <Snappy:New> <https://launchpad.net/bugs/1604885>
[16:22] <mup> Bug #1604887 opened: MPRIS interface does not work <Snappy:New> <https://launchpad.net/bugs/1604887>
[16:26] <thurston> can someone test my snap out on their machine?   sudo snap install rpgdiceroller
[16:28] <Croepha> thurston: not a chance, sorry, what can we do that you cant do with virtualbox?
[16:30] <thurston> my desktop throws me an x-window error, and i can't figure out if its because i have multi monitors or what
[16:32] <thurston> Condition ' x11_window==0 ' is true.
[16:35] <kalikiana> thurston: I'll try but without sudo ;-)
[16:36] <kalikiana> could not load libXrandr.so, Error: libXrandr.so: cannot open shared object file: No such file or directory
[16:36] <kalikiana> Only a single monitor connected right now
[16:37] <thurston> i didn't realize you could use snap without sudo
[16:38] <thurston> does the app still come up for you kalikiana?
[16:41] <kalikiana> thurston: I briefly see a window which closes before I can really see it
[16:41] <kalikiana> sudo is only required if you're not logged in
[16:44] <Cavan> Just finished snapping Apache Zeppelin, anyone know any commands to check if i've odne it correctly?
[16:45] <thurston> kalikiana: thanks for doing that.   i'm trying to figure out how to include libxrandr.   I've got libxrandr2 included, but apparently it doesn't care
[16:49] <kalikiana> thurston: Is it in a folder in LD_LIBRARY_PATH? You might have to copy or organize the file(s)
[16:51] <Cavan> (My internet died I dont know if I just sent this) Just finished snapping Apache Zeppelin, how would I check its working correctly, can I run it or?
[16:55] <thurston> well,  using the plug x11,  it automatically fetches libxrandr2
[16:56] <thurston> apart from that, i don't know really what you mean by LD_LIBRARY_PATH
[16:57] <kalikiana> I mean if the lib is in a known path
[16:58] <kalikiana> As I was having the problem before where the libs would not end up somewhere they would be found
[16:58] <thurston> this is part of my problem,   i've been asking how exactly to include libraries manually?
[17:02] <Cavan> How do i run a snap after installation?
[17:04] <mup> PR snapcraft#676 opened: Special handling for pc files for conflicts <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/676>
[17:08] <thurston> sooo,  any help on how to add libraries to a snap manually?
[17:08] <kalikiana> thurston: Could it be that you need a symlink?
[17:08] <kalikiana> ls -R /snap/rpgdiceroller/current/ | grep libXrandr.so
[17:08] <kalikiana> libXrandr.so.2
[17:14] <Cavan> How do I run a snap from consol?
[17:23] <Cavan> Anyone have any idea?
[17:28] <Croepha> Cavan: is it a daemon ?
[17:29] <Cavan> Croepha, I'm not too sure. Its Apache Zeppelin, snapped. But also I think I messed up the wrapper and just fixed it so I'm snapping again and seeing
[17:29] <Croepha> this is your snap?
[17:29] <Cavan> Yeah
[17:30] <Croepha> does it have deamon in the app section?
[17:30] <Cavan> Yes
[17:30] <Croepha> do you know the service name?
[17:30] <Cavan> No idea, where would I find that?
[17:31] <Croepha> it should be systemctl start <service name>
[17:31] <Croepha> to list snap services: systemctl list-unit-files '*snap*'
[17:49] <kalikiana> You may want to turn the daemon: line into a comment and run it manually to see if it starts up correctly
[17:51] <ralsina> Hi there snappers! I am having a weird problem. It seems snapcraft's python3 plugin can't install things that are only available as wheels (in my case, the entrypoints package). See http://pastebin.ubuntu.com/20204182/
[17:59] <Croepha> ralsina , probably should file a bug
[17:59] <ralsina> Croepha: ack
[18:00] <Croepha> is there like a --no-wheel option you can pass to pip as a short term workaround?
[18:01] <ralsina> Croepha: well, I *need* it to install a wheel
[18:01] <ralsina> Croepha: and the whole pip invocation is done by the python3 plugin of snapcraft
[18:01] <ralsina> Reported, bug #1604909
[18:01] <mup> Bug #1604909: Python3 plugin fails to install requirements that are only available as wheels <Snapcraft:New> <https://launchpad.net/bugs/1604909>
[18:03] <Croepha> well, if the goal is just to get something working as a snap, then you can bypass the python3 plugin and use the bash plugin, or the copy plugin, assuming you have built outside
[18:05] <thurston> wow,  how is it so difficult to package a single binary spit out from a game engine?   i can execute the binary on almost any linux system i throw it at,  but when i try to snap it? nope
[18:06] <Croepha> thurston: yep, its difficult
[18:06] <kalikiana> Croepha: bash plugin? I don't see any such thing in list-plugins or search
[18:08] <Croepha> kalikiana: snapcraft github
[18:08] <Croepha> kalikiana: https://github.com/snapcore/snapcraft/pull/664
[18:08] <mup> PR snapcraft#664: New plugin: Bash <Created by monsterjamp> <https://github.com/snapcore/snapcraft/pull/664>
[18:08] <Croepha> miss pasted
[18:13] <Cavan> When I try and start a service I get 'bash: syntax error near unexpected token `newline''
[18:14] <ralsina> Croepha: this used to work until recently, the snap is Nikola, worked a few days ago. I suppose some dependency changed somewhere.
[18:57] <Cavan> Trying to make a command to check if my snap works, i did 'apps:  zeppelin:    command: startzep    plugs: [network-bind]' Is this correct?
[19:10] <Cavan> Should I remove the plug or should it work anyway?
[19:35] <dak__> hello, i have a question about snapcraft. i tried to package the angband.
[19:36] <dak__> i managed to build te snap, but it fail to load, because it looks for game files in /share/games/angband instead of $SNAP/share/games/angband
[19:36] <dak__> i thouth compiling it with --no-install might help, since the files are all in the same directory
[19:37] <dak__> but then i get "/snap/angband/100002/command-angband.wrapper: 5: exec: angband: Permission denied" :/
[19:43] <dak__> any ideas wy the permission is denied?
[20:40] <jdstrand> kyrofa: hey, re http://pastebin.ubuntu.com/19903287/ it looks like you are using a new snap-confine? I'm guessing /var/log isn't bind mounted so it can't find /var/log/syslog
[20:40] <magicaltrout>     ttps://docs.google.com/presentation/d/1UdKSsuXpYSy25V9HuxnqgzQRmlC1DEtLJUgEY-5PDoc/edit?pref=2&pli=1#slide=id.p
[20:40] <magicaltrout> if anyone is bored enough
[20:40] <jdstrand> kyrofa: how/where are you invoking it?
[20:41] <magicaltrout> theres the slides from tonights presentation/roasting of mark shuttleworth
[20:41]  * jdstrand notes it works fine here on xenial classic
[20:41] <magicaltrout> 2https://github.com/buggtb/snappy-maven-plugin
[20:42] <magicaltrout> there is a maven plugin to build  a snappy yaml file and build the pacage
[20:42] <magicaltrout> package
[20:52] <jdstrand> balloons: re snap.juju.juju unix denial> you either need to create a juju interface or to create a named unix socket that is in $SNAP_DATA
[20:52] <balloons> jdstrand, hmm
[20:53] <jdstrand> balloons: is this socket just for internal communications?
[20:53] <jdstrand> balloons: or are other snaps supposed to be able to consume it?
[20:53] <tsimonq2> \o/ balloons
[20:53] <balloons> jdstrand, ahh yes, internal
[20:55] <balloons> jdstrand, I assume I'll find some more things like this, it would be lovely if I could get some understanding how to proceed with this one
[20:56] <jdstrand> balloons: looking at the policy, you could make a smaller code change and have the abstract socket path match snap.@{SNAP_NAME}.*
[20:57] <jdstrand> balloons: so instead of /var/lib/juju/mutex-/store-lock, use snap.juju.mutex/store-lock (or something similar)
[20:58] <jdstrand> balloons: we have this rule: actually///
[20:58] <jdstrand> ...
[20:59] <jdstrand> balloons: actually, what we have should maybe work for you
[21:00] <jdstrand> balloons: can you paste /var/lib/snapd/apparmor/profiles/snap.juju.juju ?
[21:02] <balloons> jdstrand, sure
[21:05] <jdstrand> balloons: actually, if what you pasted the other day was the full denial, I think we need one more rule. Can you file a bug and add the 'snapd-interface' tag? the interfaces team would need to discuss both default policy and/or possibly a new interface. I suspect that we can add a 'unix addr=@snap.${SNAP_NAME}.*,' with no problem. that would require you to make a small code change for the path to go from /var/lib/juju/mutex-/store-lock to snap.juju.
[21:05] <jdstrand> balloons: but then it would be in your control
[21:06] <balloons> jdstrand, so I was initially looking at changing /var/lib/juju to somewhere else
[21:06] <jdstrand> balloons: that won't work atm. with what I am thinking, we can make that work
[21:07] <balloons> jdstrand, so I can file a bug -- against snapd?
[21:07] <jdstrand> balloons: the snappy project
[21:08] <balloons> and you would change the default policy to allow me to bind, but against what path?
[21:08] <jdstrand> balloons: https://bugs.launchpad.net/snappy/+filebug
[21:08] <balloons> jdstrand, ohh on launchpad? not github?
[21:09] <balloons> ohh right.. snappy uses lp. I remember
[21:10] <jdstrand> balloons: that needs discussion, but I was thinking I'd give you two rules. 1) 'unix addr=@snap.${SNAP_NAME}.*,' and 2) 'unix addr=@/var/snap/@{SNAP_NAME}/**,'
[21:11] <mup> Bug #1604967 opened: Apparmor denies bind to /var/lib/juju/mutex-/store-lock <snapd-interface> <Snappy:New> <https://launchpad.net/bugs/1604967>
[21:12] <jdstrand> balloons: these aren't real paths in the filesystem-- they are paths in the kernel. we have to namespace them accordingly as a result, but by giving both paths, it makes it so that people can do things in a natural way
[21:13] <balloons> bah, my install of snappy is still borked. I don't get any binaries after installing my snap anymore (or any other snap from the store)
[21:19] <wililupy> I have an interresting snap installation error: http://pastebin.ubuntu.com/20229623/
[21:20] <balloons> jdstrand, I'll work out my snappy install so I can get moving again, but do let me know if you need anything from me on this. As you might be able to tell, I'd like to try and get the juju client itself snappified. It would be nice to have for next week :-)
[21:20] <jdstrand> balloons: ok, I jotted down my ideas in a trello card and assigned the bug to me
[21:21] <balloons> jdstrand, many thanks. I assume I may hit another one of these issues, so if there's a way for me to proceed or test changes before you implement, do let me know. I'm happy to delve in a little.
[21:21] <jdstrand> balloons: we won't have a snapd that will land in time for next week, but I can give you a rule to add to /var/lib/snapd/apparmor/profiles/snap.juju.juju as a workaround
[21:21] <wililupy> I'm using a custom kernel (3.18.25) and I installed apparmor patches for 3.12, but I'm still getting the above errors. Do you know if Canonical as a patched 3.18.25 kernel in the kernel.ubuntu.com git? I can't seem to find one.
[21:21] <balloons> jdstrand, yep proof of concept is all I'm after
[21:21] <jdstrand> balloons: add this rule: 'unix addr="@/var/snap/@{SNAP_NAME}/**",' to that file
[21:21] <jdstrand> balloons: then do: sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.juju.juju
[21:22] <jdstrand> balloons: then adjust your path internally to use /var/snap/juju/mutex-/store-lock
[21:23] <balloons> jdstrand, ok, can do. Would /var/snap/juju be safe for other binds then? What about writes?
[21:23] <jdstrand> balloons: if you just want to test out the existing path, use this apparmor rule instead: unix addr="@/var/lib/juju/mutex-/store-lock",
[21:24] <jdstrand> balloons: /var/snap/juju would be safe for all the abstract unix sockets. binds, writes, everything is allowed with that rule
[21:25] <jdstrand> balloons: so you can have 15 different abstract sockets if you wanted, all under /var/snap/juju/...
[21:25] <jdstrand> or 3 or 37. you get the idea ;)
[21:25] <balloons> jdstrand, awesome. That might just fix things
[21:26] <jdstrand> balloons: the final rules that get implemented may be slightly different after discussing the PR, but the concept should be acceptable with no problems
[21:33] <jdstrand> balloons: also sorry it took a while to respond. I was on holiday and just got back today
[21:34] <balloons> jdstrand, no worries at all. I'm elated to see it might get solved so quickly :-)
[21:35] <jdstrand> balloons: it's actually something I've thought a lot about. I'm glad to have a good use case
[21:35] <diddledan_> o_O I can't figure-out what travis is complaining about in regards to my PR: https://github.com/ubuntu/snappy-playpen/pull/187
[21:35] <mup> PR ubuntu/snappy-playpen#187: Update hexchat snapcraft.yml <Created by diddledan> <https://github.com/ubuntu/snappy-playpen/pull/187>
[22:36] <mup> Bug #1605003 opened: cannot communicate with server - openSUSE Tumbleweed <Snappy:New> <https://launchpad.net/bugs/1605003>
[22:49] <diddledan> ok, I've hit a snag with hexchat - somewhere fchown syscall is being used but I can't figure-out where - is there any way of getting a backtrace leading to the point that seccomp kills an app?
[22:59] <ali1234> diddledan: i think you would run the program without seccomp and instead inside strace, which can print a backtrace when a specific system call is used rather than just killing it
[23:00] <ali1234> something like strace -e trace=fchown -k hexchat
[23:01] <diddledan> strace is telling me -k isn't valid with that
[23:02] <ali1234> "This option is available only if strace is built with libunwind."
[23:03] <ali1234> seems like on ubuntu it is not because -k doesn't work at all for me
[23:04] <ali1234> do you know what file it is calling fchown on? if not, strace should be able to tell you that at least
[23:05] <diddledan> seems not - all I get is "fchown(16, 1000, 1000)                  = 0"
[23:06] <ali1234> 16 is the filedescriptor
[23:06] <ali1234> you can find out what file it is through proc
[23:06]  * diddledan goes hunting :-)
[23:07] <ali1234> ls -l /proc/<hexchat pid>/fd/
[23:07] <diddledan> hmm, 16 isn't there, only 0, 1 and 2
[23:07] <diddledan> so it's transient
[23:08] <diddledan> 0, 1 and 2 are stdio?
[23:08] <diddledan> in, out and err
[23:08] <ali1234> yes
[23:08] <ali1234> you could try strace -e trace=open,fchown
[23:08] <ali1234> then you should see when it opens the fd
[23:08] <diddledan> roger that
[23:09] <ali1234> unless it doesn't open it of course, but does fdupe or something
[23:09] <diddledan> ok, let me paste the two important lines
[23:10] <diddledan> http://pastebin.ubuntu.com/20241932/
[23:10] <ali1234> you might need to do -e file which will make a huge log of all file access, and then pick through it
[23:10] <ali1234> ah...
[23:10] <ali1234> so it is the scrollback cache/log
[23:11] <diddledan> yeah
[23:11] <ali1234> and it is setting it to be read only by you, nobody else on the system, which is totally reasonable
[23:11] <diddledan> I think it's using glib's IO functions for those
[23:11] <diddledan> so either glib or the C library is calling the fchown
[23:12] <ali1234> yes, but it will be initiated by hexchat
[23:15] <diddledan> could this be it? >>> ostream = G_OUTPUT_STREAM(g_file_append_to (sess->scrollfile, G_FILE_CREATE_PRIVATE, NULL, NULL));
[23:15] <ali1234> yes
[23:15] <ali1234> G_FILE_CREATE_PRIVATE
[23:16] <ali1234> and the filename on disk even contains goutputstream
[23:16] <diddledan> that helped me narrow it down
[23:16] <ali1234> that's in common/text.c?
[23:16] <diddledan> yup
[23:17] <ali1234> i was just opening that file to have a look :)
[23:17] <ali1234> but you beat me to it
[23:17] <ali1234> there's actually two places where G_FILE_CREATE_PRIVATE is used int hat file
[23:17] <diddledan> there's two uses of that constant
[23:17] <diddledan> yeah that ^^^
[23:18] <ali1234> no idea how you are supposed to fix this though
[23:18] <diddledan> me either
[23:19] <diddledan> I'm wondering if the isolation rules might need adjusting to allow fchown to the current userid
[23:19] <diddledan> (if that's even possible?)
[23:20] <ali1234> i probably know less about that than you at this point
[23:21] <diddledan> might be worth my while emailing the snappy-dev list so there's a more permanent record that can be commented-on
[23:21] <ali1234> yeah
[23:22] <ali1234> or ask here in business hours :)
[23:22] <diddledan> :-)
[23:22] <diddledan> I don't "do" business hours :-p