/srv/irclogs.ubuntu.com/2016/09/07/#snappy.txt

mupPR snapd#1860 opened: misc fixes/tweaks/cleanups <Created by chipaca> <https://github.com/snapcore/snapd/pull/1860>00:26
nhaineskyrofa: Nextcloud 9 feels like it came out 7 years ago!00:56
nhaineskyrofa: in any case, your first ownCloud snap was a really cool proof-of-concept, the Nextcloud snap that got SSL support is amazing, and being able to say "Huh, wonder how this is looking now," run "snap install nextcloud" on my laptop, play with it, then delete the snap and not have 200 server packages installed and running is just amazing!00:57
nhaineskyrofa: but I'm glad Nextcloud embraced it (despite constantly saying they're not packaging Nextcloud for distros) and I'm looking forward to migrating my cloud server to the snap.  :)00:58
nhainesAlso, I tried to snappify the client but failed because of some missing directory and don't have the knowledge to proceed, but for a while it looked promising, hehe.00:59
sabdflwhat's the best python standard library for dealing with --opts ?02:16
mupPR snapd#1855 closed: overlord/boot: have firstboot support assertion files with multiple assertions <Critical> <Reviewed> <Created by pedronis> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/1855>02:37
sergiusenssabdfl argparse is in stdlib https://docs.python.org/3/library/argparse.html02:40
sergiusensso no extras needed02:41
sabdflthanks sergiusens, i've so far just copied docopt into my snap, is that considered a bad option?02:41
sabdfli can easily fall back to argparse02:41
sergiusenssabdfl docopts is great for simple CLIs, it has gotten out of control for snapcraft and its ever growing options02:42
sabdfli can believe that02:42
sabdflmy cli is super simle so i will stick to it for a quick fix02:42
sergiusenssabdfl for snapcraft itself I've been pondering on click http://click.pocoo.org/5/why/ ; played with it a bit and felt like a good match02:43
sergiusensyeah, docopt solve the simple cli's just great02:44
sergiusensit get's tricky when adding too many differing subcommands02:44
sabdfli bet02:45
kyrofanhaines, yeah, I've got the client snapped but I03:22
kyrofanhaines, I'm waiting to publish for indicators to work03:22
kyrofa(indicators in snaps are broken right now)03:22
kyrofakgunn, indeed, that's the current state of the art as far as I know, but I've lost track of a bit of the most recent snapcraft features-- it may have gotten better there recently03:25
=== King_InuYasha is now known as Son_Goku
=== Son_Goku is now known as Conan_Kudo
=== Conan_Kudo is now known as Sir_Gallantmon
=== Sir_Gallantmon is now known as Son_Goku
=== chihchun_afk is now known as chihchun
=== vigo is now known as vigo|afk
mupPR snapd#1861 opened: tests: fixes to actually run the spread tests inside autopkgtest <Created by mvo5> <https://github.com/snapcore/snapd/pull/1861>06:14
mvoogra_: small bugreport around classic, it seems like running it twice gives a ugly message that dev/pts is already mounted07:59
mupPR snapd#1862 opened: tests: add tests for the classic dimension <Created by mvo5> <https://github.com/snapcore/snapd/pull/1862>07:59
ogra_mvo, hmm, weird, shouldnt systemd unmount it ?08:00
morphiszyga: ping08:01
=== chihchun is now known as chihchun_afk
mvoogra_: it seems not08:07
morphismvo: can we already do sth like a factory-reset these days?08:07
mvomorphis: well, sort of, but you need to be careful08:15
mvomorphis: do you need a script to do that? how far do you want to go? reset everything ? including kernel/os and remove all data ?08:15
mvoogra_: I have not really investigated, more important stuff is still going on, its just cosmetic but I noticed while writing automatic tests for classic08:16
ogra_morphis, can you bring that up in the filesystem layout thread i started on the ML, we will need a partiton that holds the original snaps for this i think08:16
morphisogra_: can do that08:17
ogra_thanks08:17
morphismvo: thanks, was just wondering08:17
mvomorphis: so essentially if you keep the stuff that firstboot puts on the image you can wipe everything else08:18
morphismvo: ok, I think tim already has something for this in place with his recovery work, but was more thinking about what we're offering for other devices08:21
mvomorphis: this is probably something for the next sprint, we need a more generalized solution.08:21
morphisok08:21
mvoogra_: so I debugged why firstboot fails with ubuntu-image. it puts the grub.cfg into a different place than before. i.e. /boot/efi/EFI/ubuntu/grub.cfg (now) vs /boot/efi/EFI/ubuntu/grub/grub.cfg (before). there is a bind mount in the initramfs that assumes the grub/ location, do you know more aobut this change? I can update the initramfs code to use the other location I think, I'm just a bit puzzled08:32
ogra_mvo, that was james code, not really sure why its there ... drop it and lets have some test images ?08:36
ogra_(thats was also in system-ab times)08:37
mvoogra_: http://paste.ubuntu.com/23144982/08:38
mvoogra_: its stuff we still need. well, we could avoid the entire bind mount08:38
mvoogra_: but that would require changes in the snapd code too, maybe not unreasonable but a bit late08:38
mvoogra_: if the debdiff looks correct I will upload and hopefully this unblocks u-i08:40
mvou-i generated images08:40
ogra_mvo, looks fine08:43
mupPR snapd#1863 opened: image: have prepare-image set devmode correctly <Created by pedronis> <https://github.com/snapcore/snapd/pull/1863>08:44
mupPR snapd#1863 closed: image: have prepare-image set devmode correctly <Created by pedronis> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/1863>09:18
didrockspstolowski: hey! any leads on bug #1620560? (reminder that we need a fix to demo to consumer next week the revert functionality ;))09:26
mupBug #1620560: Revert command doesn't reset the right apparmor profile <amd64> <apport-bug> <xenial> <Snappy:Confirmed> <snapd (Ubuntu):Confirmed> <https://launchpad.net/bugs/1620560>09:26
Chipacasergiusens, when you're around, http://paste.ubuntu.com/23145076/09:28
Chipacadidrocks, you're demo'ing a snap in devmode?09:29
Chipacasergiusens, the issue there more than anything else is the '401 None' and not-too-helpful error message09:32
Chipacasergiusens, dholbach knows more09:32
didrocksChipaca: has to, the interfaces fixes are in trunk, (and one not done)09:33
didrocksChipaca: if you have any other way around, I'll gladly take it :)09:34
pstolowskididrocks, i've discussed the fix with Chipaca, looks simple, just did it and about to build and test09:37
didrockspstolowski: excellent! you think it's going to be in this week's release?09:41
ysionneauin which context is executed the post-stop-command?09:41
ysionneaudo I have access to /usr/bin and /bin ? (for instance : ps/awk/grep/kill)09:42
liuxgI compile my go project on my raspberry pi 3, and when I run it on the pi 3 device, I get "runtime: this CPU has no floating point hardware, so it cannot run this GOARM=6 binary. Recompile using GOARM=5." it is a golang project. how to correct this problem. it works well on pi 2 device. thanks09:43
pstolowskididrocks, I should have MP ready today, what happens next is not in my hands, but I'll make sure everyone knows it's important09:43
didrocksmvo: FYI ^09:45
didrocksthanks pstolowski09:45
liuxghow to configure go to compile my go project using GOARM=5. currently on my board, the version of snapcraft is 2.15.109:45
=== hikiko is now known as hikiko|ln
mvodidrocks: if its straightforward, happy to make sure its in, thank you09:56
nhaineskyrofa: Hmm, indicators seemed to mostly work in the Telegram snap, but I haven't used that for a while because it was always out of date, too.  In any case, I'm glad you're working on that, too.  It will be good to get Nextcloud-branded stuff into Ubuntu 16.04 LTS.09:56
Chipacaysionneau, in the same context as everything else in the snap10:00
Chipacaysionneau, try "snap run --shell yoursnap" and then you can dig around yourself10:03
ogra_mvo, whats with all these .moved files i always see in bzr branches after you touched them ? do you have some special bzr setup that keeps backups this way ?10:04
mvoogra_: eh, no idea, what files are those?10:07
ogra_ogra@anubis:~/datengrab/devel/branches/snappy-systems/dragonboard$ ls -lh|grep moved10:07
ogra_lrwxrwxrwx 1 ogra ogra    9 Sep  6 16:30 uboot.conf.moved -> uboot.env10:07
ogra_-rw-rw-r-- 1 ogra ogra 128K Sep  6 16:30 uboot.env.moved10:07
ogra_ogra@anubis:~/datengrab/devel/branches/snappy-systems/dragonboard$10:07
ogra_before there also was a pi2.moved that i recently deleted10:07
ogra_i only notice them showing up after you touched the branch ...10:08
ogra_hmm, funnily this time the files dont show up in the LP UI ... the pi2.moved one did10:10
ysionneauChipaca: thanks, how can I find the snap name syntax? i've tried the name in the 1st column of "snap list" and it does not work, I guess I need to append/prepend something10:30
=== hikiko|ln is now known as hikiko
liuxgogra_, when I try to run "sudo classic.create" on pi 3, it gives me the error like "runtime: this CPU has no floating point hardware, so it cannot run this GOARM=6 binary. Recompile using GOARM=5."  how to correct this problem? thanks10:50
ogra_liuxg, no idea ... thats definitely not related to classic ... classic is a shellscript10:53
ogra_(and classic.create is long gone ... "sudo classic" is all you need)10:54
liuxgogra_, but I need to run classic.create first, then I run then sudo classic, right? I got this from one your email replies.10:54
ogra_nope10:55
ogra_just sudo classic10:55
ogra_the creation is automatic nowadays10:55
liuxgogra_, but the "classic         classic.create  classic.reset" all 3 commands are there..10:55
ogra_where did you get that classic snap from ?10:55
ogra_you need --devmode --edge10:55
liuxgogra_, http://paste.ubuntu.com/23145383/, this is what happens here.10:56
* mwhudson blinks10:56
mwhudsonpretty sure the pi3 has a FPU :-)10:57
ogra_liuxg, well, no idea what that is ,... there is no go in classic10:57
liuxgogra_, yes, that is exactly what I got here http://paste.ubuntu.com/23145387/10:57
ogra_liuxg, --beta != --edge10:57
liuxgogra_,  sorry, I might get wrong. I will try the edge one.10:58
ogra_hmm, trhough looking at the store beta and edge are the same10:58
mwhudsonliuxg, ogra_: fwiw, go is looking at the AT_HWCAP auxv entry wrt that message10:58
liuxgogra_, mwhudson, for pi 2, it works well for the "--beta" channel.10:59
ogra_mwhudson, the tty prob is mainly that even if you have it print the issue file, it will not clear the screen and the line will appear somewhere in the middle of the boot messages that are still in the terminal10:59
mwhudsonogra_: ah10:59
ogra_we need to find out how to clear the screen i think11:00
ogra_(which is hard ... but i know there are serial apps that can do it)11:00
mwhudsonogra_: agetty claims to do it by default :/11:00
liuxgogra_, I tried to change to use "edge" channel, and it is the same thing for me http://paste.ubuntu.com/23145394/11:01
mwhudsoni guess putting 24 newlines in the issue file would not be considered elegant11:01
ogra_liuxg, yes, as i said, checking the store revealed they are the same11:01
ogra_mwhudson, and pointless if your terminal window is bigger (like mine)11:03
mwhudsonogra_: 1 million newlines?11:04
mupPR snapd#1864 opened: Apply flags (devmode) on revert <Created by stolowski> <https://github.com/snapcore/snapd/pull/1864>11:04
* mwhudson should just go to bed11:04
ogra_that might work ... even on hidpi displays :P11:04
mwhudsoni guess it would be a bit of a waste of precious storage space in the embedded case11:05
* mwhudson zzz11:05
ogra_adding a loop that counts from 1 to 1mio ? nah11:05
ogra_and given how long it takes for python to come up it would also not siginificantly slow it down on arm :P11:06
mupPR snapd#1860 closed: overlord/snapstate: misc fixes/tweaks/cleanups <Created by chipaca> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/1860>11:14
ogra_slangasek, so i fixed the sizes in the dragonboard gadget yaml ... using -w ./workdir to keep the content i see part0-part7.img files under .images/ in there ... all at the right size ... but looking at the resulting image there is only one partition, so i suspect however you invoke sgdisk doesnt do the right thing11:27
mupPR snapd#1852 closed: asserts: update trusted account-key asserts with names <Created by emgee> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/1852>11:32
JamieBennettogra_, elopio, have you tried a usb eth adaptor with the Dragonboard, does that work for console-conf?11:42
ogra_JamieBennett, nope, havent tried that yet ... i guess it depends if you have one that is supported by the mainline kernel without extra firmware11:43
ogra_JamieBennett, there is a console-conf that supports wlan setup from mwhudson that i havent found the time to try yet ...11:47
JamieBennettogra_, OK, I don't think it is too much of an issue11:49
ogra_JamieBennett, well, apart from the fact that you cant create a user, yeah11:51
ogra_(no wifi support in console-conf ... no wired nic)11:52
JamieBennettogra_, I bet that is possible with USB eth but yes, if is an issue but not for our RTM image11:52
ogra_if you have a supported USB eth key, yes ... else the image is completely unusable since you cant have a user to log in11:53
* JamieBennett nods11:53
ogra_but all of this is moot ... we dont have a booting image at all yet11:55
ogra_mvo, gave me one that was created with a hacked up u-d-f that doesnt boot ... and the one i'm trying to create with ubuntu-image ends up with only one partition11:56
JamieBennettI saw Leo had something booting this morning, was that a different image?11:57
ogra_no idea what leo had11:58
ogra_all i got is unbootable stuff11:58
ogra_hmpf ... and for some reason ubuntu-image doesnt pull the latest gadget12:03
ogra_ah, now it does12:03
ogra_slangasek, hmm, i dont see any sgdisk call in ubuntu-image that would set the alignment ... the dragonboard needs an alignem,nt of 1 byte ... (i.e. the -a 1 option) if i remember that right ... http://bazaar.launchpad.net/~ogra/+junk/dragonboard/view/head:/partitioner.sh and http://bazaar.launchpad.net/~ogra/+junk/dragonboard/view/head:/parts.txt create a properly working GPT12:17
jgdxwhere's the "plugs" docs? I'm looking at https://developer.ubuntu.com/en/snappy/build-apps/snapcraft-syntax/12:17
JamieBennettjgdx, http://snapcraft.io/docs/core/interfaces12:23
ogra_whee !12:24
ogra_Number  Start (sector)    End (sector)  Size       Code  Name12:24
ogra_   1            2048            4095   1024.0 KiB  FFFF  sbl112:24
ogra_   2            4096            6143   1024.0 KiB  FFFF  rpm12:24
ogra_   3            6144            8191   1024.0 KiB  FFFF  tz12:24
ogra_   4            8192           10239   1024.0 KiB  FFFF  hyp12:24
ogra_   5           10240         7812466   3.7 GiB     FFFF  sec12:24
ogra_getting better :)12:24
JamieBennettnice12:24
ogra_(far from ggood but i end up with more than one partition)12:24
jgdxJamieBennett, sorry, more specifically, the plugs snapcraft.yml syntax docs12:24
JamieBennetthey, its progress ;)12:24
jgdxJamieBennett, and thanks!12:24
ogra_yeah :)12:24
ogra_but i still think the way u-image calls sgdisk is completely wrong12:25
JamieBennettjgdx, you mean the available interfaces i.e. plug and slots available to snapcraft?12:25
JamieBennettjgdx, that would be the interfaces that snapd exposes so in the snapd docs at `http://snapcraft.io/docs/reference/interfaces12:26
jgdxJamieBennett, right. Thanks12:27
JamieBennettjgdx, np12:27
jgdxJamieBennett, to insert one into the snapcraft.yml I guess I'll use http://pastebin.ubuntu.com/23145601/ ?12:28
JamieBennettjgdx, There are lots of examples in the playpen, let me pick one with plugs for you12:30
JamieBennettjgdx, https://github.com/ubuntu/snappy-playpen/blob/master/hexchat/snapcraft.yaml12:31
jgdxJamieBennett, cool, I'll look through those as well. Thank you12:34
mupPR snapd#1864 closed: overlord/snapstate: apply flags (devmode) on revert <Created by stolowski> <Closed by chipaca> <https://github.com/snapcore/snapd/pull/1864>12:41
bull_guys can we set source field in snapcraft file a launchpad branch ??12:45
=== bull_ is now known as bulldog
bulldogcan we set bzr branch as source in snapcraft ??12:48
ogra_SUCCESS !!! (nearly ... one little glitch left)13:16
* ogra_ is looking at console-conf on an ubuntu-image built dragonboard image13:16
ogra_sadly no wlan config ... so i cant really test it ...13:17
* ogra_ tries to find an USB NIC13:17
abeato_ogra_, I am seeing this error when executing apps in RPi3, I think caused by upgrading ubuntu-core today:13:20
abeato_runtime: this CPU has no floating point hardware, so it cannot run13:21
abeato_this GOARM=6 binary. Recompile using GOARM=5.13:21
abeato_ogra_, any idea why is this? afaik rpi3 has vfp unit13:21
ogra_abeato_, hmm, liuxg reported the same above ... weird13:21
ogra_abeato_, sounds like an issue with snapd ?13:21
ogra_mvo, ^^^^ any idea ?13:21
abeato_ogra_, probably, snapd is running though13:21
ogra_did you guys switch tio a newer go or some such ?13:22
mvoogra_: uh13:22
ogra_abeato_, where diod you get that image ?13:22
abeato_ogra_, your image, refreshed13:22
ogra_(we dont really have any working pi3 image atm ... its all in flux this week)13:22
ogra_ooooh, i'm so happy !13:23
ogra_ogra@localhost:~$ uname -a13:23
ogra_Linux localhost.localdomain 4.4.0-1024-snapdragon #27-Ubuntu SMP Fri Aug 12 11:45:29 UTC 2016 aarch64 aarch64 aarch64 GNU/Linux13:23
ogra_ogra@localhost:~$ snap list13:23
ogra_Name                Version       Rev  Developer  Notes13:23
ogra_dragonboard         16.04-0.15    18   canonical  -13:23
ogra_dragonboard-kernel  4.4.0-1024-2  8    canonical  -13:23
ogra_ubuntu-core         16.04.1       511  canonical  -13:23
ogra_ogra@localhost:~$13:24
ogra_JamieBennett, ^^^ getting there ;)13:24
JamieBennett:)13:24
ogra_(but needed an USB NIC indeed)13:24
bulldogogra_, i need help13:28
bulldogplz check this snpcraft http://paste.ubuntu.com/23145789/13:29
liuxgogra_, abeato_ yes, exactly, I do not know how to resolve the problem.13:30
mvoJamieBennett: who is building snapweb snaps currently? I get "runtime: this CPU has no floating point hardware, so it cannot run13:34
mvothis GOARM=6 binary. Recompile using GOARM=5."13:34
mvoJamieBennett: when I try to run it13:34
jgdxwhen ubuntu is upstream, what's the best way to manage the code so that it can be built as both deb and snap?13:35
JamieBennettmvo, did Steve used to get you to do them?13:35
mvoJamieBennett: he did but I think I did not do the latest, I figure it out, no worries13:36
JamieBennettmvo, we have justinmcp_ working on it now but I do not believe he has built the project or made any changes yet13:37
tedgSo I have a snap that is in the store and says it is published on the edge channel, but it seems my local snapd can't install it.13:43
tedgI tried refreshing the login.13:43
abeato_ogra_, mvo, liuxg found a way to workaround the issue:13:43
tedgNot sure where to go next.13:43
abeato_sudo snap revert ubuntu-core13:43
abeato_sudo snap remove <snap>13:43
abeato_sudo snap install <snap>13:43
abeato_the interesting thing is that I found that when I was seeing the error I saw links in /snap/bin like13:44
abeato_lrwxrwxrwx 1 root root 13 Sep  7 13:04 command -> /usr/bin/snap13:44
abeato_and now I get the usual script defining all $SNAP env13:44
abeato_it looks like something goes wrong when installing with latest snap command?13:45
sergiusensChipaca dholbach we have plenty of bugs for this, the store only recently started to support finer grained messages which we need to support13:49
dholbachok, I see13:49
mvocjwatson: we get errors for some snaps like "runtime: this CPU has no floating point hardware, so it cannot run13:50
mvothis GOARM=6 binary. Recompile using GOARM=5." has anything changed in LP recently when auto-building snaps?13:50
cjwatsonmvo: https://lists.ubuntu.com/archives/ubuntu-devel/2016-July/039458.html would be the most obvious recent change13:53
abeato_mvo, cjwatson I do not think it is auto-building, it happens with my locally built snap13:54
mvoabeato_: oh, hm13:54
abeato_in my case the issue was triggered -I think- when ubuntu-core snap refreshed13:55
abeato_it is an error on installation13:55
abeato_weird links appear in /snap/bin instead of the usual scripts13:55
cjwatsonmvo: maybe it's failing to read hwcap properly?13:56
mvoabeato_: the links are ok, that is a planned change13:56
abeato_hm.. but those just point to /usr/bin/snap13:56
mvoabeato_: yeah, `snap run hello-world` is the equivalent to /snap/bin/hello-world -> /usr/bin/snapd13:57
abeato_got it13:57
mvocjwatson: hm, could be13:57
mvoabeato_: but it could still be releated to that change13:57
mupPR snapd#1865 opened: overlord/devicestate: POC to parametrise serial-request content/sending <Blocked> <Critical> <Created by pedronis> <https://github.com/snapcore/snapd/pull/1865>14:00
mvocjwatson: yeah, it looks like the hwcap set lacks HWCAP_VFP when it is running inside the confinement14:06
cjwatsonmissing apparmor access to /proc/self/auxv or something maybe?14:10
cjwatson(not sure if that makes sense)14:10
mvocjwatson: it sounds very plausible, let me try14:10
ogra_JamieBennett, http://people.canonical.com/~ogra/snappy/all-snaps/all-snaps-dragonboard.img.xz in case you want to test14:13
JamieBennettogra_, my dragonboard is with iftika now14:13
mvojdstrand: help, we have a bit of a showstopper on the pi2 image: snap run snapweb14:14
mvoruntime: this CPU has no floating point hardware, so it cannot run14:14
mvothis GOARM=6 binary. Recompile using GOARM=5.14:14
mvojdstrand: however - apparmor_parser -R /etc/apparmor.d/usr.lib.snapd.snap-confine14:15
mvojdstrand: and its all working14:15
ogra_JamieBennett, excuses :P14:15
mvojdstrand: I see no denials in the logs14:15
mvojdstrand: I tried the suggestion from cjwatson to make /proc/self/auxv readable that seems to not have cut it :/14:15
mvoJamieBennett: -^ pi2 showstopper14:16
shuduohello, i am working on pack a qml to be snap. I need add liboxideqtcore0 in stage-packages to support webview in qml. but my snap will exit since /snap/.../oxide-qt/chrome-sandbox is not owned by root but normal user same as my host. how i can install it with root?14:18
ogra_slangasek, so i have everything working with the dragonboard using ubuntu-image, but the partitioning is pretty wasteful, for the next release we should go over how sgdisk is used in ubuntu-image and see if we can not make that more elegant14:19
roadmrhey folks, has anybody tried the rocketchat-server snap? I installed it and get a 404 when going to http://localhost:3000, sure I'm doing something wrong but there aren't many knobs to tweak14:22
jdstrandmvo: this sounds familiar... tyhicks, does that ring a bell? ^14:23
jdstrandmvo: did you disable rate limiting?14:24
jdstrandmvo: sudo sysctl -w kernel.printk_ratelimit=014:24
jdstrandmvo: can you show me the rule you added?14:26
mvojdstrand: I added     /proc/self/auxv r,14:27
jdstrandmvo: this is the rule you want: @{PROC}/@{pid}/auxv r,14:27
jdstrandmvo: /proc/self is a symlink14:28
jdstrandtyhicks: if it doesn't ring a bell, that is fine14:28
jdstrandI think we saw this with java...14:29
mvojdstrand: http://paste.ubuntu.com/23146014/ - not quite it seems14:29
jdstrandmvo: is this for wnapweb or snap-confine?14:29
mvojdstrand: all golang apps it seems14:29
sergiusensnap-web, I like that14:30
ogra_+1 !14:30
jdstrandsnap-confine is not golang14:30
jdstrandmvo: let's backup14:30
mvojdstrand: actually I'm not really sure what is going on14:30
mvojdstrand: yeah14:30
mvojdstrand: so - since very recently we have this issue that when I run a golang app on the pi2 I get the above error14:30
jdstrandmvo: can you do 'sudo sysctl -w kernel.printk_ratelimit=0'14:30
ogra_sergiusens, nap-web but only after snap-confect !14:30
mvojdstrand: I did that when you put it in14:31
jdstrandmvo: then, can you tell me if hello-world works14:31
jdstrandok14:31
mvojdstrand: eh, when you wrote it some minutes ago14:31
shuduokyrofa, ping14:31
mvojdstrand: http://paste.ubuntu.com/23146021/14:31
mvojdstrand: the sequence is now: "snap run" (unconfined) -> "snap-confine" -> snap-exec (golang!)14:32
jdstrandmvo: ok. so, snap run is not confined14:32
tyhicksjdstrand: hmm... that doesn't ring any bells for me14:32
jdstrandmvo: isn't snap run also golang?14:32
mvojdstrand: so it might be that this is a bug we had for a longer time but now because we use snap-exec (golang) to actually launch its manifesting itself more14:32
mvojdstrand: it is, snap run is golang but unconfined14:32
mvojdstrand: and the snap-exec step is then confined14:32
jdstrandmvo: can you paste syslog?14:33
mvojdstrand: http://paste.ubuntu.com/23146025/ is strace14:33
jdstrandok, so it is snap-exec14:33
kyrofashuduo, pong14:34
jdstrandoh I think I remember what this is14:34
jdstrandI think there is an env var that is getting stripped out14:34
shuduohello kyrofa, i am working on pack a qml to be snap. I need add liboxideqtcore0 in stage-packages to support webview in qml. but my snap will exit since /snap/.../oxide-qt/chrome-sandbox is not owned by root but normal user same as my host. how i can install it with root?14:34
jdstrandmvo: can you paste me the updated snap-confine profile?14:34
mvojdstrand: http://paste.ubuntu.com/23146034/14:35
kyrofashuduo, jdstrand might have some suggestions for working with that sandbox. I suspect it will be to disable it14:35
zygahey14:35
zygaanything I can help with?14:35
kyrofashuduo, and use snappy's instead14:35
zygajdstrand, mvo: anything at all?14:35
jdstrandkyrofa, shuduo: morphis just brought this up in another channel14:36
jdstrandshuduo: are you part of an email thread on that?14:36
tyhicksjdstrand: I don't know exactly when the env var would be getting stripped out but I should you remind you that the non-secureexec change_profile syntax was backported to xenial - let me know if/when you want details on that14:37
shuduojdstrand: hi, i don't think i'm in th thread since I just search my email and lp to look for if someone meet this issue14:37
shuduojdstrand: does that mean no solution right now?14:37
jdstrandshuduo: the short answer is that you need to disable using the setuid sandbox14:37
tyhicks(the non-secureexec change_profile syntax is bug 1584069)14:38
mupBug #1584069: change_profile rules need a modifier to allow non-secureexec transitions <aa-parser> <aa-tools> <verification-done> <AppArmor:Fix Committed by tyhicks> <apparmor (Ubuntu):Fix Released by tyhicks> <apparmor (Ubuntu Xenial):Fix Committed by tyhicks> <https://launchpad.net/bugs/1584069>14:38
jdstrandshuduo: I'm not sure how to do that in oxide. chrisccoulson, is there an env var to set?14:38
shuduojdstrand: hmm, how? sorry i don't have many knowledge here.14:38
jdstrandshuduo: chrisccoulson should be able to say14:39
chrisccoulsonjdstrand, OXIDE_NO_SANDBOX=1, but this shouldn't be used by production code (and environment variables aren't considered to be part of the stable API either - they're only really there for testing purposes)14:40
jdstrandmvo: can you get the apparmor for xenial-proposed, then do: 's/change_profile/change_profile unsafe/' in snap-confine's profile?14:41
jdstrandmvo: that is to test my hypothesis about it being a stripped variable14:41
jdstrandmvo: I'm not sure that is the fix though14:42
mvojdstrand: so a new apparmor? from xenial-proposed? sure14:42
jdstrandmvo: 2.10.95-0ubuntu2.2 in xenial-proposed14:42
shuduochrisccoulson: so will "command: OXIDE_NO_SANDBOX=1 desktop-launch $SNAP/usr/lib/*/qt5/bin/qmlscene $SNAP/Main.qml" work?14:43
zygajdstrand, mvo: please ensure that the patch ends up in snap-confine master too14:43
jdstrandchrisccoulson: so, the problem is that we can't safely support the setuid sandbox due to the issues you already know about14:44
jdstrandchrisccoulson: ie, all the capabilities, etc14:44
chrisccoulsonshuduo, yes, although it means you get no renderer sandbox14:44
jdstrandchrisccoulson, shuduo: but the application is already sandboxed14:44
jdstrandvia snappy14:44
jdstrandelectron apps for example don't use the renderer sandbox14:45
mvojdstrand: this is actually a bit tricky, this is on an all-snap image on the pi2, so installing a snap is tricky, but I can unpack the deb and scp it14:46
jdstrandI don't think oxide apps should either while we are in the state we are in wrt snappy policy and oxide sandboxing14:46
shuduochrisccoulson: sorry what means "get no rendere sandbox"? i need webview to draw a webpage with webgl objects...14:46
jdstrandshuduo: it will work. he is saying this disables an internal sandboxing technique14:46
shuduojdstrand: great. my snap is for demo purpose only. :)14:47
jdstrandshuduo: I'm not sure where in the 'command' line you should put the env var, but so long as it is set, oxide should work in strict mode14:47
jdstrandmvo: I suspect you will need libapparmor and apparmor14:48
tyhicksmvo, jdstrand: you don't need apparmor from -proposed14:49
jdstrandactually, yes, I was just going to say that14:49
jdstrandthis was in 2.2 which is in updates now14:49
tyhicksmvo, jdstrand: 2.10.95-0ubuntu2.2  from -updates is good enough14:49
tyhicksok14:49
* jdstrand was confused by the bug being Fix Committed still14:49
kgunndpm: hey is this still the only/preferred way to pick arch in snaps14:49
kgunnhttp://pastebin.ubuntu.com/23146088/14:49
jdstrandmvo: right, so, skip getting a new apparmor and just add 'unsafe' as I described14:50
* jdstrand is also wondering why there isn't a 'snap-exec' rule in the snap-confine policy. is it just forked and not execd?14:51
mvojdstrand: its execed14:51
tyhicks(not sure why the bug status didn't update automatically - I've fixed it)14:51
jdstrandI have to look at how snap-exec is doing its thing again, clearly14:52
mvojdstrand: AppArmor parser error for /tmp/usr.lib.snapd.snap-confine in /tmp/usr.lib.snapd.snap-confine at line 60: Exec condition is required when unsafe or safe keywords are present14:52
mvojdstrand: am I doing something wrong?14:52
dpmkgunn, it's still the only way afaik, yes14:52
kgunncool14:53
tyhicksmvo, jdstrand: you want 's/change_profile/change_profile unsafe \/**/'14:55
zygamvo: can I help in any way?14:55
jdstrandmvo: perhaps not. I think use 'change_profile unsafe /** -> ...'14:55
jdstrandtyhicks: is /** needed with the change_profile rule?14:55
mvojdstrand: \o/ works14:55
mvozyga: maybe, not yet14:55
mvozyga: looks like jdstrand found the right magic14:55
mvojdstrand: I guess this is not a permanent solution :) please help me understand what magic you are doing14:55
zygamvo: I understand we landed the run/exec branch now14:55
zygaand this is the fallout?14:55
jdstrandtyhicks: yes, we got there. the question I had was if '/**' was needed (and curious why)14:55
mvojdstrand, tyhicks: http://paste.ubuntu.com/23146105/ works14:55
tyhicksjdstrand: it is needed but I'll have to dig through the mailing list archive to remember exactly why14:56
jdstrandmvo: right, so this rule works because we are ensuring the secure exec bit is not set which makes sure the env var I was talking about that go runtime needs isn't cleared14:56
jdstrandtyhicks: it isn't important14:56
zygaFYI, I'm tracking this as https://bugs.launchpad.net/snap-confine/+bug/162112714:56
mupBug #1621127: snap-confine doesn't work with new snap-run/snap-exec flow <Snappy Launcher:In Progress> <https://launchpad.net/bugs/1621127>14:56
shuduojdstrand, chrisccoulson i add OXIDE_NO_SANDBOX=1 before desktop-launch but snapcraft will report error "The specified command 'OXIDE_NO_SANDBOX=1' defined in the app 'Remote3DP' does not exist or is not executable                                                            114:57
mvojdstrand: aha, I remember this one too now, we had this issue before14:58
jdstrandshuduo: right, maybe add it after desktop-launch? I'm not really sure on that part. perhaps kyrofa or another snapcrafter can advise how to set arbitrary env vars14:58
jdstrandmvo: iirc, it came up wrt webdm, but memory is hazy14:58
tyhicksmvo: yes, I implemented this at your request :)14:58
kyrofashuduo, yeah we're working on adding environment keys to the YAML, but until then really your only option is to create a wrapper to use for your app14:58
mvotyhicks: ha!14:58
kyrofa(that sets the variable)14:58
tyhicksmvo: you ended up not needing it but I was stubborn and saw it through upstreaming and SRU'ing14:59
tyhicksmvo: good thing I'm stubborn :)14:59
jdstrandindeed14:59
mvojdstrand, tyhicks: so that is the answer? we change the profile in the way described in the pastebin?14:59
shuduokyrofa: understood. i will do it. thanks.14:59
mvotyhicks: yeah, you are a HERO14:59
mvotyhicks: (no kidding!)14:59
jdstrandmvo: possibly. I want to investigate14:59
mvotyhicks: this was a serious last-minute showstopper14:59
jdstrandtyhicks: I will likely need to run something by you after I investigate14:59
tyhicksjdstrand: ack15:00
jdstrandmvo: apply it now if it is blocking the world15:00
mvojdstrand: thanks15:00
mvoand thanks to tyhicks15:00
cjwatsonsergiusens: re https://github.com/snapcore/snapcraft/pull/726, cprov and I were thinking that perhaps the integration test for register-key should just skip if a sufficient version of snapd isn't available (e.g. for distributions without snapd).  Do you think that's reasonable and safe, or would you rather that it failed?15:00
mupPR snapcraft#726: Implement basic form of `snapcraft register-key` <Created by cjwatson> <https://github.com/snapcore/snapcraft/pull/726>15:00
tyhicksnp!15:00
mvojdstrand: in a meeting right now, but will do after the meeting15:00
jdstrandmvo: but can you point me at how how snap run/confine/exec is working?15:00
jdstrandmvo: source code is fine15:00
mvojdstrand: you can play with the latest image, code is cmd/snap/cmd_run.go15:01
jdstrand(and even preferred :)15:01
sergiusenscjwatson I will defer that to elopio15:01
mvojdstrand: but its essentially just snap run reads all the yaml, calls snap-confine with the right security-tag which runs snap-exec15:01
jdstrandmvo: it's that last bit that is throwing me15:02
sergiusenscjwatson is it just to avoid bit rot on your branch?15:02
elopiocjwatson: seems ok. We can make sure that snapd is in jenkins, so it will run for us.15:02
mvojdstrand: and cmd/snap-exec/main.go15:02
mvojdstrand: what last bit? snap-exec?15:02
jdstrandbecause I don't see an 'x' rule for snap-exec15:02
jdstrandI want to understand that15:02
mvojdstrand: oh, ok. is http://paste.ubuntu.com/23146025/ helpful? shows the full flow15:02
jdstrandmvo: will this get me the 'latest image' you are referring to? sudo /snap/bin/ubuntu-device-flash core --size=8 --enable-ssh --channel=edge --output=snappy-20160831-amd64.img --gadget pc --kernel pc-kernel --os ubuntu-core 1615:03
* jdstrand would use a different date of course15:03
sergiusenscjwatson merging this would make us unreleasable though as snapd might be stuck there forever so maybe a runtime check instead of a packaging dependency would help a lot15:03
jdstrandmvo: that paste will be handy, yes15:04
zygamvo: one question: the pastebin flow above shows that we run ubuntu-core-launcher first, didn't we want to run snap-confine directly and remove u-c-l executable?15:04
jdstrandmvo: as for after your meeting, please add a comment on why we are using 'unsafe' and please ping me for the review15:04
mvojdstrand: uploading you the latest image to https://people.canonical.com/~mvo/all-snaps/16, will take ~5min or so15:04
mvojdstrand: u-d-f is currently a bit outdated15:04
mvozyga: yes, we just need to do that15:05
jdstrandmvo: I'll want all-snaps-pc.img.xz?15:05
zygamvo: noted, I was just unsure if anything changed mid-way15:05
mvozyga: if you want to help, you can prepare a new snap-confine for the ppa with http://paste.ubuntu.com/23146105/ and a comment why its needed15:06
zygamvo: already on it15:06
mvojdstrand: yes, its still uploading, ~4min eta15:06
mvozyga: \o/15:06
jdstrandzyga: please ping me for the PR15:06
zygajdstrand: sure15:07
cjwatsonsergiusens: well, if the integration test skipped dynamically if it didn't have a new enough snapd, then it wouldn't block you, it's just that register-key wouldn't be guaranteed to work15:08
ackkhi, when trying to install a snap I created with snapcraft I get the following error: "cannot find signatures with metadata for snap", am I missing something?15:09
mupBug #1621132 opened: Porting guide is out of date <Snappy:New> <https://launchpad.net/bugs/1621132>15:12
mvojdstrand: its there now15:12
sergiusenscjwatson snapd is being unblocked now; my worries is for when I was going to dput and then get stuck on -proposed :-)15:13
mvoslangasek: is there a way to trigger an autopkgtest to run asap? I had a failure on yakkety because of a git clone gateway timeout :/ and would love to retrigger asap to see results15:13
slangasekmvo: the update_execuses.html page has a 'retry' button for failed tests if that's what you need15:13
slangasekmvo: http://people.canonical.com/~ubuntu-archive/proposed-migration/update_excuses.html#snapd the 'recycle' icon :)15:14
slangasekogra_: what's currently "not great" with console-conf on serial? are there open bug reports about this?15:15
jdstrandmvo: thanks15:15
mvoslangasek: \o/15:17
slangasekmvo, ogra_: wrt signed model assertions, where are we going to get these for the reference images we're building on cdimage infra?15:17
ogra_slangasek, mvo should be able to give them to you15:17
mvoslangasek: they will be available from the assertion "store", but I can forward you the ones we have15:17
mvoslangasek: once we have news, the pc one is currently re-done15:17
zygamvo: how do you want the snap-confine change? debdiff? dput to the repo?15:18
zygajdstrand: ^^ along how do you want the review15:18
slangasek"assertion store"> I guess that's not something I have a good interface for querying right now as part of image builds15:18
zygajdstrand: I think debdiff is easiest here unless there's a repo that I don't know about15:18
mvozyga: debdiff for final review from jdstrand and then dput I think15:18
mvozyga: but debdiff is fine, I can do the rest15:19
mvozyga: thank you, that helped me a lot15:19
ogra_slangasek, i thought i had filed one ... but seems i'm wrong15:19
zygahttp://paste.ubuntu.com/23146292/15:19
shuduochrisccoulson: after i export OXIDE_NO_SANDBOX=1 in wrapper script and repack my snap. now it reports "[0907/231547:ERROR:browser_main_loop.cc(231)] Running without the SUID sandbox! See https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md for more information on developing with the sandbox on.15:19
slangasekogra_: ok, please file so we know what we're asked to fix :)15:19
zygathat's the debdiff15:19
zygamvo, jdstrand: ^^15:19
chrisccoulsonshuduo, yes, that's expected15:19
shuduochrisccoulson: and no app window show up...15:20
chrisccoulsonthat's a separate issue15:20
chrisccoulsonOxide won't be responsible for an app window not showing up15:20
slangasekmvo: OOI, why is extra-snaps an option to prep-image rather than part of the model assertion?15:21
ogra_slangasek, it would help ifr LP knew about the subiquity package :)15:22
ogra_"subiquity" does not exist in Ubuntu. Please choose a different package. If you're unsure, please select "I don't know"15:22
mvoslangasek: its fine to add extra snaps that are not strictly needed by the model assertion, i.e. we install snapweb on our images but its fine to build a image without it15:22
ogra_(i clicked the "report a bug" link on https://bugs.launchpad.net/ubuntu/+source/subiquity15:23
ogra_)15:23
slangasekogra_: <blink> I know subiquity is no longer in the NEW queue, I assumed somebody had accepted it rather than rejecting it...15:23
mvojdstrand: does http://paste.ubuntu.com/23146292/ look ok? I guess the first @{PROC}/@{pid}/auxv r, is not really needed (?)15:25
slangasekcyphermox: do you know why subiquity 0.0.9 was rejected?  can't find the reject comment in the history in LP15:25
slangasekcyphermox: and if there was a valid reason for rejecting, can you upload a new version so we can put this "no package in Ubuntu" thing to bed15:25
zygajdstrand, mvo: please ping me if you need me to dput this into the PPA15:31
ogra_slangasek, it works if i file it against snappy and open a task for subiquity ... bug 162114215:38
mupBug #1621142: no "please press enter" message shown on serial console <Snappy:New> <subiquity (Ubuntu):New> <https://launchpad.net/bugs/1621142>15:38
Fl1ntHi folks!15:38
jdstrandmvo: I don't know if the auxv is needed any more. I don't think so cause snap-confine shouldn't need it itself, but not sure of how snap-exec is working yet15:38
eul0gy^hi15:38
cjwatsonogra_: don't assume that that hack will keep on working15:39
mupBug #1621142 opened: no "please press enter" message shown on serial console <Snappy:New> <subiquity (Ubuntu):New> <https://launchpad.net/bugs/1621142>15:39
ogra_cjwatson, i assume that subiquity will be known by LP before it stops working :)15:39
cjwatsonogra_: we'll probably be closing the weird partial loophole where you can sometimes open tasks against packages that only exist in PPAs as part of a project to close a security hole15:39
ogra_cjwatson, today ?15:40
cjwatsonno15:40
ogra_good :)15:40
cjwatsonwhen I finish the complicated code :P15:40
jdstrandzyga (cc mvo): there is no comment in there. Please use: # NOTE: use 'unsafe /**' to disable secure exec environment scrubbing15:40
jdstrandzyga (cc mvo): # This is currently required by snap-exec15:41
slangasekogra_: yes, that indeed works :/15:41
cjwatsonogra_: just taking the opportunity to warn people occasionally since I suspect it may cause some consternation when we start disallowing this15:41
mvojdstrand, zyga: will do and (re)upload15:41
mupBug #1621144 opened: serial console is not cleared before console-conf runs <Snappy:New> <subiquity (Ubuntu):New> <https://launchpad.net/bugs/1621144>15:42
cyphermoxslangasek: it had various issues; I'll reupload15:42
slangasekcyphermox: thanks15:42
ogra_cjwatson, well, as long as it works right now i'm fine ... i normally dont use that :)15:42
=== bull_ is now known as bulldog
mvojdstrand, zyga: added and uploaded15:44
bulldoghey , i have a question15:44
bulldogcan an application packed in snap make call to /usr/bin ??15:44
jdstrandmvo: did you remove the auxv access?15:45
Fl1ntI don't think so as snaps are self contained apps isolated, but I'm far from being an expert bulldog15:45
bulldoglike if my program want to call other program installed on user system,15:45
bulldogFl1nt, it should but it is not calling15:46
ogra_slangasek, three new bugs for you :)15:46
bulldogif snap apps wont able to do that, that will break lots of apps and wont allow programs to call other programs and utils which some apps may use15:47
zygajdstrand: ack, do you want me to remove the auxv line while I'm at it, I noticed that mvo asked about15:47
zygaah, I see that mvo already picked it up15:47
mupBug #1621147 opened: no way to configure wifi SSID and passphrase <Snappy:New> <subiquity (Ubuntu):New> <https://launchpad.net/bugs/1621147>15:48
bulldogguys fox example my app want call gsetting to change wallpaper or theme of users system how can a snap app can call gsetting ???15:48
kyrofabulldog, no blanket access to /usr/bin, but there are some utilities available there15:48
mvozyga: yeah, but if you could ensure this all goes into upstream git, that would rock15:48
Fl1ntbulldog: oh, I see you call an unsnapped app ?15:49
bulldogkyrofa, what you mean by   but there are some utilities available there?15:49
bulldogFl1nt, yes lots of apps do this15:49
kyrofabulldog, there's an explicit whitelist of things you can call, e.g. awk and so on15:50
kyrofabulldog, gsettings is unknown territory for me though, so I'll let someone else answer that15:50
bulldoghow you use grep, ls , bash, or anything which a developer can  use in their app to extend functionality15:50
kyrofadidrocks maybe15:50
zygamvo: I will, I'm tracking this15:50
kyrofabulldog, yeah, those are also whitelisted15:51
mvozyga: thanks again!15:51
zygakyrofa, bulldog: apparmor will soon be able to control gsettings but the precise value of soon is unknown to me15:51
bulldogkyrofa, this should not be just few list of apps15:51
Fl1ntbulldog: well, in this case I'm sorry, I'm trying to be 100% committed on snaps and so using the plugs :D15:51
didrocksbulldog: there are some example of wallpaper changing using gsettings even!15:51
slangasekogra_: thank you!15:52
ogra_and two for ubuntu-image15:52
shuduochrisccoulson, jdstrand, kyrofa add env var in wrapper, install with devmode, it works now. its snapcraft.yaml is refer to 2048 of playgen. i guess still need other plug to run in strict mode.15:52
bulldogdidrocks, all wallaper changing apps do this by calling gsetting15:52
bulldogdidrocks, all wallaper changing apps do this by calling gsettings15:52
didrockshere is an example for an icon theme changing https://github.com/ubuntu/snappy-playpen/tree/master/ubuntukylin-icon-theme15:53
didrocksusing the desktop-launcher, it's quite easy to get it working15:53
bulldogQprocess in qt look into /usr/bin to exec apps under linux15:53
bulldogdidrocks, that's different thing ,15:54
didrocksbulldog: it's not, you ship some files, then call gsettings15:54
bulldogdidrocks, do you want programmers to program their app snap way ??15:54
mupBug #1619729 changed: ubuntu-image (or snapd) does not set snap_kernel and snap_core anymore in created images <Snappy:Invalid by mvo> <Ubuntu Image:Invalid> <https://launchpad.net/bugs/1619729>15:54
didrockssee the "set" command15:54
bulldogthousands of developers will not do that by taking snap in mind15:54
didrocksbulldog: gsettings wasn't prommed "snappy way"15:54
didrocksprogrammed*15:55
didrocksAFAIK15:55
zygabulldog: you should be able to use gsettings in dev mode, all writes go over dbus AFAIK15:55
zygabulldog: reading is done by mmaping the file, this might be a different story15:55
didrockseven in non devmode, it's working in the above example ^15:55
bulldogdidrocks, i have app deskie which uses qt standards , and work fine on normal .deb install15:55
zygabulldog: the long story short is that gsettings support is in progress but it's not available yet15:55
didrocksfor both reading and writing15:56
bulldogwhile , with snap it look for gsettings which i stagged to be available in $SNAP but it wont do anything15:56
didrocksbulldog: I give you an example above with the correct wrapper and plugs to have it working even in non devmode15:57
didrocksplease give it a try15:57
bulldogzyga, my concerns are not only about gsettings man'\15:57
ogra_slangasek, to create an i386 pc gadget, can i just copy the content from generic-amd64 ? or will that explode ?15:57
bulldogmy question is why /usr/bin access is blocked ??15:57
ogra_i suspect we need a different binary and no shim ?15:57
zygabulldog: because the content of that is unpredictable and it may not be universally available15:58
bulldogif user want program do things why a packing format want him to stop him ?15:58
slangasekogra_: not different binary, pc grub is pc grub.  Copy, strike the UEFI, and done.  Do we care about non-GPT-friendly i386 BIOSes? probably not15:58
zygabulldog: so the snap you create will not work everywhere which is the idea with snaps15:58
zygabulldog: don't depend on stuff in /usr/bin, ship it15:58
bulldogzyga, oh15:59
=== petevg_afk is now known as petevg
mvoslangasek: fgimenez verfied #1618095 now, so if we could get an unblock even though autopkgtest is unahppy, that would be much appreciated15:59
mupBug #1618095: [SRU] 2.14.2 <verification-done> <Snappy:New> <snapd (Ubuntu):New> <snapd (Ubuntu Xenial):Fix Committed> <https://launchpad.net/bugs/1618095>15:59
bulldogdidrocks, plz explain your way to access gsettings15:59
ogra_slangasek, i heard about uboot i386 requirements in the past ... not sure thats still a thing ... and surely not for now :)16:00
bulldogzyga, gsettings should be directly connected to system bus, right now if you will pack unity tweak tool in snap format it will not work :D16:02
zygabulldog: gsettings is an application linked to glib, it uses a certain "protocol" or "interface" to read and to write key/values; as long as the protocol is stable you can bundle the required library and do the exact same thing (or even implement it in a compatible way separately)16:02
ackkhi, what can be causing snap install to fail with "cannot find signatures with metadata for snap"?16:02
zygabulldog: gsettings, AFAIK (I could be wrong) uses mmap to read and dbus to write values16:02
bulldogzyga, it will write and read data but wont change anything in real world16:02
slangasekogra_: uboot i386 would be separate from the i386 pc gadget16:02
ogra_yeah, definitely16:03
zygabulldog: dbus traffic to the session bus is controlled by apparmor, the file that gsettings tries to read is derived from $HOME which is remapped by snappy16:03
zygabulldog: I don't know more details but this might explain why things don't work the way you expect16:03
zygabulldog: the short term story is that gsettigns cannot be "allowed" because of how the API looks like (the decision if something is safe or not is not at an API level but at an argument level); we are working with gsettings upstream to add mediation points so that apparmor can be used to say "this application can read this gsettings value/tree" or "that application can change the background by writing to16:04
bulldogzyga, when app is not packed with snap , it simply calls /usr/bin/gsettings with args to do things , same happen with snap pack but it changes settings within the container , and do not affect ubuntu desktop16:04
zygathis gsettings path"16:04
zygabulldog: snaps run under confinement, this means that certain things are not allowed without an appropriate interface16:05
ogra_slangasek, hmm, if i kill the EFI,i still want to keep a system-boot vfat to carry grub.cfg, should that be named not EFI then ?16:05
bulldogzyga, is there any interface yet to allow call gsettings ?16:05
zygabulldog: when the gsettings improvement is in place applications will be able to use it as they did before, assuming the desired interactions are safe, for other interactions appropriate interfaces will have to be created16:05
zygabulldog: no, because it requires upstream work in gsettings itself and that has not been finished yet16:06
zygabulldog: people are working on this16:06
bulldogokay16:06
bulldogty16:06
slangasekmvo: snapd> promoting, thanks!16:06
bulldogzyga, wait i have one more question16:06
zygabulldog: interface creation is easy but right now there's no language to control which part of gsettings tree can be accessed16:06
=== shuduo is now known as shuduo-afk
* jdstrand notes there is a gsettings interface. it allows access to the global database. iirc one of the desktop parts makes that work right16:06
* zyga has deep desire to have a snap that can change backgrounds :)16:07
zygajdstrand: oh, I didn't remember this; thanks16:07
jdstrandthis interface is one of the transitional ones16:07
jdstrandbut you are right, proper app-isolated gsettings mediation is coming16:07
slangasekmvo: wrt the snapd autopkgtest failures, I've only overridden with a 'force-skiptest' hint; that means other packages which snapd depends on (snap-confine), and which trigger failing autopkgtest runs, will also need to be manually resolved for now16:08
bulldogzyga, i developed gui for snapcraft , which normally call /usr/bin/snapcraft , usr/bin/snap to do tasks , will it work after packaging in snap format ???16:08
jdstrandand when it is available we will encourage people to use it instead of the global one16:08
bulldogzyga, check out deskie wallpaper changer app :)16:08
zygabulldog: no, for the reason I outlined above, please talk to sergiusens about a possible content interface or a "snapcraft part" or another idea that would let you do this reliably and predictably16:09
bulldogzyga, www.ktechpit.com/deskie-wallpaper-changer-ubuntu-linux/‎16:09
zygabulldog: thanks, I will - I have some photos I took I want to release as a content snap16:09
bulldogzyga, deskie get thousands of images online and let you set them as wallpaper on your request16:10
bulldoghttps://github.com/keshavbhatt/Deskie16:11
zygaI need to get back to snap-confine16:11
zygabulldog: if you have any questions feel free to ask here or on the mailing list16:11
roastedpossibly a dumb question, but I'm curious -- say you have a .deb built for 14.04. When attempting to install on 16.04, it cites 5 missing deps (not in repos). The .deb in question is not open source. In theory, if one really wanted, could you (somehow) take that .deb, add the missing deps, and somehow snap it? Or is that crazy talk?16:11
bulldogit is powerful then variety and uses less ram :D16:12
zygaroasted: yes, though some things may require extra work because of the snap filesystem layout16:12
bulldogroasted, yes16:12
cjwatsonsergiusens: OK, yeah, with snapd released to -updates now, maybe the integration test hack isn't necessary16:12
bulldogzyga, plz check this out my 14 days work :) https://github.com/keshavbhatt/snapcraft-gui16:13
ogra_slangasek, http://bazaar.launchpad.net/~snappy-dev/snappy-hub/snappy-systems/revision/90 please take a look ... if you think thats ok i'll roll a gadget and push to the store16:13
=== eul0gy^ is now known as Eul0gy^
kyrofabulldog, is it really ppa:keshavnrj/snpacraft-gui ?16:38
bulldogkyrofa, yes16:41
bulldogno :D16:41
bulldogwait16:41
kyrofa;)16:41
kyrofaSorry, couldn't resist16:41
bulldogdamn16:42
bulldogkyrofa, i misspelled it :(16:43
bulldogyes it is  ppa:keshavnrj/snpacraft-gui16:43
bulldogyou can get it from there , i have to fix it now :D16:43
cjwatsonsergiusens: could you rerun the travis test in https://github.com/snapcore/snapcraft/pull/726 ?17:00
mupPR snapcraft#726: Implement basic form of `snapcraft register-key` <Created by cjwatson> <https://github.com/snapcore/snapcraft/pull/726>17:00
josephtcjwatson: you can do it as well by typing a comment with "retest this please" in it17:01
cjwatsonjosepht: oh, that works for anyone?  thanks17:02
cjwatsondone17:02
cjwatsonsergiusens: ^- never mind17:02
josephtcjwatson: I'm not sure about everyone, but it does for the PR author17:02
kyrofajosepht, I thought that just was the jenkins stuff17:04
cjwatsonI'm not seeing a fresh build on https://travis-ci.org/snapcore/snapcraft/pull_requests as yet17:06
josephtelopio: do you know what's going on here?  ^17:10
sergiusensjosepht cjwatson retest is just for jenkins, I'll trigger the retest of travis17:16
josephtsergiusens: oh, sorry cjwatson.  Ignore me17:19
mupPR snapd#1828 closed: cmd/snap,client: add snap set and snap get commands <Created by kyrofa> <Merged by kyrofa> <https://github.com/snapcore/snapd/pull/1828>17:21
bulldogtarvis is like launchpad remote building system ??17:22
bulldogwow17:22
bulldog:D17:22
bulldog*travis17:23
bulldogmade in Germany :)17:24
argeshi. upgraded to snapd 2.14.2~16.04 and now when trying to install my local snap I get 'error: cannot find signatures with metadata for snap' any suggestions?17:36
zygaarges: try snap install --dangerous17:43
zyga          --dangerous  Install the given snap file even if there are no pre-acknowledged signatures for it, meaning it was17:43
zyga                       not verified and could be dangerous (--devmode implies this)17:43
bulldogzyga, how we sign a snap ??17:45
bulldogi mean what  signatures we talking about ?17:46
=== joc_ is now known as joc
argeszyga: thanks17:51
argeszyga: that doesn't work on xenial17:51
argeszyga: --force-dangerous17:53
zygahhh17:53
zygaarges: hmm, it does for me but perhaps I just ran master without checking17:54
zygabulldog: just by uploading it to the store17:54
bulldogoh :) but he is trying local snaps he said17:54
zygabulldog: then you have to use that option17:56
bulldogokay :) thanks17:56
bulldogam learning travis-ci :D18:00
bulldogguys snapcraft-gui build passed on travis-ci :D see here https://travis-ci.org/keshavbhatt/snapcraft-gui/builds/15825262018:28
mvoslangasek: thank you! will work to make sure we have fully working autopkgtest again18:28
argesjdstrand: i'm packaging up a daemon program that has a socket. I'd like that socket to have root:adm ownership, but seems like fchownat is not whitelisted for seccomp. Whats the snap way to do somethign like this?18:42
bulldogkyrofa, i updated the ppa plz check it out now :)18:53
bulldogmhall119, you should allow old deb store back :(18:55
jdstrandarges: devmode currently18:57
jdstrandarges: or alter how you think about it and do root:root 660 (or whatever)18:58
argesjdstrand: hmm.18:58
jdstrandusers and groups aren't spec'd out yet. there are ideas18:59
argesjdstrand: (reading interfaces/seccomp/template.go) why do we need per-app UID/GIDs esp. if we have something like a daemon that users in the classic dimension can interact with19:00
argesjdstrand: i found bug 1446748, is there something else worth following?19:00
mupBug #1446748: implement seccomp filtering by argument <application-confinement> <ubuntu-core-launcher (Ubuntu):In Progress by jdstrand> <https://launchpad.net/bugs/1446748>19:00
jdstrandarges: this is a complicated problem. snap-confine can now filter by argument. what remains is adding policy for that (which I plan to add some to allow using (perhaps the) daemon user but that is after rtm stuff19:03
jdstrandarges: and then for arbitrary groups like you just suggested, exposing that in snap.yaml, figuring out what that means with classic vs all snaps, etc19:03
argesjdstrand: ok19:04
jdstrandarges: and then opt-in per-snap uid/groups come in later so something like postgres can drop privs to a user it wants to instead of say, 'daemon'19:04
bulldogwe package .deb with travis-ci too . wow19:04
jdstrandarges: once I add the logic to snap-confine to map user and group names to uids and gids and then update the policy accordingly, it becomes possible to say 'allow this snap to chown to 'adm'. but figuring out what that means in terms of policy, etc is not as simple19:07
jdstrandsnappy interfaces mediate access to things already19:08
argesjdstrand: would the application be able to do the same 'chown root:adm /thing' or would they need to use something else?19:08
jdstrandarges: an application would be able to do that, sure. we'd say 'you can chown to your own uid and this other one'19:09
jdstrandthat type of thing19:09
argesok19:09
jdstrandarges: but, what is it that you are trying to solve today? I may be able to suggest an alternative19:09
argesjdstrand: ok19:10
mvopitti: still around?19:33
pittimvo: o/19:33
mvopitti: a bit of a emergency on the snappy candidate image http://paste.ubuntu.com/23147237/19:34
pittimvo: -ish19:34
mvopitti: or can someone with a more us-ish timezone help with that too?19:34
mvopitti: the resolv.conf looks strange and I have no DNS on the images currently19:34
pittimvo: uh, that looks like a sed gone wrong?19:34
pittimvo: what's the Exec= line in your /lib/systemd/system/systemd-networkd-resolvconf-update.service ?19:35
mvopitti: https://launchpadlibrarian.net/282933728/livecd-rootfs_2.420+ppa33_2.420+ppa34.diff.gz19:35
mvopitti: thats the sed19:35
mvopitti: let me look, one sec19:35
mvopitti: http://paste.ubuntu.com/23147248/19:36
pittimvo: that's obviously being applied twice19:37
pittimvo: that, or you have systemd 229-4ubuntu8 from xenial-proposed, which already contains this fix19:37
pittimvo: if you build from x-proposed, you can drop the livecd-rootfs workaround19:38
mvopitti: oh, let me check. that would explain why it suddentdly broke19:38
pittimvo: or replace it with something more robust, i. e. turn19:38
pitti+sed -i '/^ExecStart=/ s!netif/state!& /run/systemd/netif/leases/* | sort -u!' /lib/systemd/system/systemd-networkd-resolvconf-update.service19:38
pittiinto19:38
mvopitti: yes we do19:38
pitti+grep -q netif/leases /lib/systemd/system/systemd-networkd-resolvconf-update.service || sed -i '/^ExecStart=/ s!netif/state!& /run/systemd/netif/leases/* | sort -u!' /lib/systemd/system/systemd-networkd-resolvconf-update.service19:38
mvopitti: so I drop the workaround I think19:38
pittimvo: ah, then kill the workaround with fire, I say :)19:39
mvopitti: yeah, that sounds reasonable19:39
* pitti updates his arithmetic: fix + fix == boom19:39
* mvo hugs pitti19:40
* zyga is in awe of mvo 19:40
mvopitti: thanks, you saved me, I would have spend ages on this19:40
mvozyga: be in awe for pitti :)19:40
zygamvo: pitti deserves his own slice of awe but you are saving snappy today :)19:40
ogra_what do you guys have with the poor awe19:42
awe;)-19:42
ogra_stop slicing him :)19:42
zygalol19:42
pittiyummy19:43
pittisorry for the sloppy workaround :)19:44
* zyga returns to gtest 19:44
mvopitti: all good, you saved the day19:48
=== drizztbsd is now known as timothy
mupPR # opened: snapcraft#652, snapcraft#661, snapcraft#671, snapcraft#674, snapcraft#716, snapcraft#726, snapcraft#727, snapcraft#736, snapcraft#742, snapcraft#751, snapcraft#758, snapcraft#761, snapcraft#772, snapcraft#773, snapcraft#77620:02
cjwatsonsergiusens: thanks20:33
cjwatsonelopio: please use format> why?  % isn't deprecated20:33
elopiocjwatson: for consistency, we use format everywhere.20:34
cjwatsonseems like a waste of typing, but whatever ...20:34
cjwatson(will fix things up later, thanks)20:35
pittiI think I'll jump from % directly to python 3.6's fstrings once these become available :)20:37
jcastrozyga: heya, it looks like xenial-proposed has snap-confine 1.0.38-0ubuntu0.16.04.1020:38
jcastrowill xenial get 1.0.40 like what is in yakkety?20:39
cjwatsonyeah, f-strings look like actually a nice improvement, .format just feels clumsy unless you're substituting the same thing more than once20:42
mvojdstrand: did something change wit the review scripts? it looks like the ubuntu-core uploads are no longer automatically accepted in the store20:45
mvojdstrand: I see "manual review pending" now20:45
jdstrandmvo: they did but they shouldn't block. can you give me the store url?20:46
mvojdstrand: https://myapps.developer.ubuntu.com/dev/click-apps/4142/20:47
mvojdstrand: I manually approved to unblock me20:47
jdstrandmvo: 'grade' should not be used with 'type: os' lint-snap-v2_grade_valid20:47
jdstrandmvo: I was told grade made no sense with 'type: os'20:47
mvojdstrand: fair enough, something for ogra_ to sort tomorrow I guess, but it might be snapcraft adding that20:48
jdstrandthat wouldn't surprise me20:49
jdstrandmvo: so, I downloaded your image but I don't seem to be using snap-exec20:53
jdstrandmvo: I don't have 'unsafe' in the policy and it all seems to work fine20:53
mvojdstrand: yes, it is all fine on pc, its only an issue on pi2 and I have not pushed a new image for that yet20:54
mvojdstrand: it literally build just 5min ago20:54
ogra_jdstrand, yeah, thats new20:54
jdstrandoh hrm20:55
ogra_nothing on our side ...20:55
jdstrandwell, I don't need the bug to look at this I guess20:55
jdstrandogra_: grade with os snap? sounds like a snapcraft bug then. cprov provided the 'grade' branch and said that it didn't make sense with the os snap20:56
ogra_jdstrand, right, new snapcraft landed today i think20:56
ogra_mvo, oh, do you need to build another kernel today ?20:57
cprovjdstrand: perhaps it was a mistake20:58
ogra_then we need to push a new PPA snapcraft with the hhtp_proxy fix for bzr20:58
jdstrandkyrofa, sergiusens: fyi, the review tools and snapcraft don't agree about 'grade' with 'type: os'. I'm told by cprov that 'grade' doesn't make sense with 'type: os'. can you guys sort that out so core uploads aren't blocked? let me know if the tools need to change20:58
mvoogra_: could be20:59
kyrofajdstrand, sergiusens cprov might be a question for ogra_ and mvo. Do you ever have core snaps that are in-development and shouldn't be in a stable channel?20:59
kyrofaHonestly I don't feel like _anyone_ needs grade20:59
ogra_kyrofa, sure, the dailies go to edge21:00
kyrofaBut if it makes sense for app snaps, then I feel like it probably makes sense for all snaps21:00
* ogra_ points to https://wiki.ubuntu.com/QATeam/OSSnapPromotion21:00
kyrofaogra_, are you familiar with the "grade" stuff?21:00
ogra_nope, never heard of it21:00
jdstrandogra_: doesn't grade prevent promotion to stable?21:00
* jdstrand is not super-familiar with the grade stuff either21:00
cprovStable and candidates21:01
kyrofajdstrand, indeed, at least that's my understanding as well21:01
kyrofaYeah21:01
kyrofaI guess just to prevent a mistake?21:01
jdstrandls21:01
jdstrandmeh21:01
ogra_well, then we definitely never want grade21:01
kyrofaBecause you promote?21:01
kyrofaRather than create new revs?21:01
ogra_because until the OSSnapPromotion is implemented we need to migrate through the channels21:01
kyrofaYeah, makes sense21:02
ogra_we wont anymore by GA ...21:02
kyrofaBut would anyone ever want to use that feature? I feel like it adds more complication making core snaps special cases here21:02
sergiusensogra_ so you don't need it now is different than you don't need it ever21:02
ogra_but til then we need to be able to migrate21:02
sergiusensI suggest a bug report and get some architect/master designer to comment21:02
ogra_sergiusens, well, given that this kills the image that mvo needs to release *now* ... i'm not so sure21:03
sergiusensogra_ just add `grade: stable`21:03
jdstrandthat won't fix the tools21:03
jdstrandthe review tools don't like grade with type: os21:03
jdstrandI can change that. I just don't know if I should21:03
ogra_sergiusens, since i can not use the pfficial snapcraft anyway, where do i need to patch ?21:03
ogra_*official21:03
sergiusensjdstrand we also are just considering Ubuntu's use case, but other `type: os` builders might need it21:04
sergiusensogra_ in `snapcraft/internal/meta.py`; pop `grade` if `type` == `os`21:04
ogra_(i need a hacked snapcraft in any case because bug 1606203 wont be fixed)21:04
mupBug #1606203: Failed to build of snappy package on Launchpad: Invalid header value 'Basic U05BUEJVSUxELTE4NzAtMTQ2OTQyNjE0ODpjOTJkYzVjOWQ0OTg0ZGE5OWZlNGY1ZjI3ODRhMWJk\nOA==' <launchpad> <snappy> <Snapcraft:Incomplete> <https://launchpad.net/bugs/1606203>21:04
jdstrandsergiusens: I was not part of the discussion or design. If it is supposed to make sense for type: os, that's fine21:04
sergiusensjdstrand I don't know; that is the thing :-)21:05
jdstrandsergiusens: yeah, me either21:05
sergiusensjdstrand we seldom discriminate if a feature should NOT affect the os snap21:05
sergiusensor gadget or kernel21:05
jdstrandcprov: you seem closest to this. what is your opinion considering the possibility of non-ubuntu os snaps?21:06
cprovjdstrand: I think it was a mistake to discriminate os-snap on CRT21:06
cprovmy *mistake*21:07
jdstrandok21:07
jdstrandI can fix that real quick then21:07
jdstrandogra_: you should probably still patch snapcraft since it won't land immediately21:08
cprovjdstrand: can't the current os-snap be manually approved until the next SCA rollout ?21:08
ogra_sergiusens, in write_snap_yaml ?21:08
ogra_cprov, if it cant go to stable that doesnt help21:09
jdstrandcprov: yes. he would only be patching his local copy of snapcraft so he wouldn't have to do that21:09
cprovogra_: if you use "grade: stable" they can go to stable channel21:09
ogra_cprov, and to all others too ?21:10
cprovyup21:10
ogra_it needs to start in edge and migrate up21:10
ogra_hmm, then i'll add just that to snapcraft.yaml21:10
jdstrandfyi, this is fixed in review tools r73921:13
cprovjdstrand: thanks, I will deploy it in staging, will be in prod ~ tomorrow noon. Is it okay to approve os-snap uploads manually until then ?21:14
jdstrandcprov: if that is the only warning, yes21:15
ogra_mvo, patched snapcraft uploaded to the PPA ... if you need a kernel build, wait til it promoted please (else the world will explode) and ubuntu-core snapcraft.yaml with added "grade: stable" is in the ubuntu-core build branch21:18
mvoogra_: aha, nice21:18
* ogra_ goes back to TV ... i'll check here occasionally though in case there is something else21:19
mvoogra_: just mild panic,21:25
mvojdstrand: the pi2 with the unsafe bit in the apparmor profile are available at http://cdimage.ubuntu.com/ubuntu-snappy/16.04/current/21:55
mvojdstrand: I verified that the fix works21:55
mupPR snapd#1866 opened: many: add snap configuration to REST API <Created by kyrofa> <https://github.com/snapcore/snapd/pull/1866>23:40

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!