[00:02] <jdstrand> kyrofa: note that process-control can be used for setpriority until seccomp arg filtering policy is available
[02:34] <mup> PR snapd#2105 opened: snapstate: only import defaults from gadget on install <Created by niemeyer> <https://github.com/snapcore/snapd/pull/2105>
[02:47] <blr> for a cmake snap, is there any way I can specify which directory the source lives in within the repo I have set to 'source'?
[02:48] <blr> oh nvm, found it 'source-subdir' :)
[06:32] <dholbach> good morning
[06:36] <didrocks> good morning dholbach
[06:36] <pbek> Good morning, dholbach ^_^
[06:37] <dholbach> salut didrocks, hey pbek
[07:10] <morphis__> zyga: ping
[07:45] <ara> good morning zyga
[07:45] <ara> zyga, any updates on snap-confine 1.0.43 in xenial-proposed? is that happening?
[07:53] <ara> pedronis, morning! found the issue why it wasn't connecting to staging. The env variable is SNAPPY_USE_STAGING_STORE (rather than USE_STAGING_STORE only, that we talked yesterday)
[07:53] <ara> pedronis, it works that way, thanks a lot for your help yesterday!
[08:09] <pedronis> ara: yes, I think I pinged late about that, sorry I recalled from memory and memory had dropped the prefix
[08:13] <mup> PR snapd#2106 opened: tests: exclude all-snap arm systems for the snap-connect test <Created by fgimenez> <https://github.com/snapcore/snapd/pull/2106>
[08:39] <Chipaca> ogra_, o/
[08:46] <zyga> morphis__: hey, I'm working on some more fixes, I'll be pushing code at each airport I'm at today, I'll write an update in the evening before I depart on the final connection
[08:46] <morphis__> zyga: awesome! thanks a lot!
[08:46] <zyga> ara: I don't know, if you can please work with jdstrand to get this into yakkety and sru https://github.com/snapcore/snap-confine/releases/tag/1.0.43
[08:46] <zyga> ara: no packaging changes required
[08:47] <zyga> morphis__: as a precaution I added support for offline testing so I'm good on the (long) journey ;)
[08:58] <morphis__> zyga: ok
[09:18] <Chipaca> silly core-m going to sleep in funky ways
[09:18] <Chipaca> ogra_, i got the dragonboard working wiht the nexdock :-)
[09:19] <Chipaca> ogra_, do i get a putty medal
[09:43] <mup> PR snapcraft#857 opened: Document the grade option <Created by dholbach> <https://github.com/snapcore/snapcraft/pull/857>
[09:44] <ogra_> Chipaca, heh
[09:50] <mup> PR snapd#2103 closed: store: send correct JSON type of string for expected payment amount <Created by pete-woods> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/2103>
[09:57] <mup> PR snapd#2107 opened: many: add payment-declined error kind <Created by pete-woods> <https://github.com/snapcore/snapd/pull/2107>
[10:18] <mvo> mwhudson: if you or cyphermox could merge https://launchpadlibrarian.net/288530592/subiquity_0.0.19~xenial_0.0.19~xenial+mvo1.diff.gz that would be great
[10:31] <mup> PR snapcraft#855 closed: tools: script to talk to the staging servers <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/855>
[10:40] <sergiusens> dholbach hey hey; are you a bash completion master? I wish you are and can look into allowing file completion, it drives me nuts :-P
[11:00] <dholbach> sergiusens, I'm not :-/
[11:01] <dholbach> sergiusens, but I can see if I can find something
[11:11] <sergiusens> dholbach heh, cwayne did the original contrib, we should pester him ;-)
[11:12] <cwayne> sergiusens: uh oh what'd I do
[11:15] <sergiusens> cwayne bash completion :-)
[11:15] <sergiusens> you are up early ;-)
[11:17] <cwayne> sergiusens: :)
[11:17] <cwayne> i can take a look at expanding it, sure
[11:18] <cwayne> what specifically are you lookin for?
[11:19] <sergiusens> cwayne we have a bug report from dholbach LP: #1630922
[11:19] <mup> Bug #1630922: Bash completion for "push" is incomplete <Snapcraft:New> <https://launchpad.net/bugs/1630922>
[11:20] <sergiusens> cwayne but basically anything that takes a file as an argument has me banging the tab key to no avail :-)
[11:20] <ogra_> get a new tab key :P
[11:21] <ppisati> ogra_: where can i download pi2-kernel_15.snap? i need the physical file to change some of its content (and regenerate an image)
[11:22] <ogra_> ppisati, https://code.launchpad.net/~snappy-dev/+snap/pi2-kernel
[11:22] <ppisati> ogra_: ta
[11:22] <ogra_> (click on "Successfully built")
[12:12] <mup> PR # closed: snapd#2033, snapd#2058, snapd#2065, snapd#2072, snapd#2083, snapd#2087, snapd#2091, snapd#2096, snapd#2104, snapd#2105, snapd#2106, snapd#2107
[12:13] <jdstrand> ara (cc zyga): do you want me to upload 1.0.43 to yakkety and xenial?
[12:14] <ara> jdstrand, please, apparently .42 (in xenial-proposed) had a regression, so it is never going to be go to -updates
[12:15] <jdstrand> I see
[12:16] <jdstrand> ara: ok, I'll do that now and ping you
[12:16] <ara> jdstrand, thanks!
[12:20] <mup> Bug #1630976 opened: Incomplete home directory mapping <Snappy:New> <https://launchpad.net/bugs/1630976>
[12:25] <mup> PR # opened: snapd#2033, snapd#2058, snapd#2065, snapd#2072, snapd#2083, snapd#2087, snapd#2091, snapd#2096, snapd#2104, snapd#2105, snapd#2106, snapd#2107
[12:29] <jdstrand> ara: do you have the bug for the regression?
[12:29] <ara> jdstrand, let me check, zyga mentioned yesterday on this same channel, let me check the backlog
[12:33] <ara> jdstrand, https://bugs.launchpad.net/snap-confine/+bug/1630479
[12:33] <mup> Bug #1630479: PATH is not set after namespace is initialized <Snappy Launcher:Fix Committed by zyga> <snap-confine (Ubuntu):In Progress by zyga> <https://launchpad.net/bugs/1630479>
[12:34] <jdstrand> zyga: can you make sure this is in 1.0.44: http://paste.ubuntu.com/23284317/
[12:34] <jdstrand> ara: thanks!
[12:35] <jdstrand> zyga: also http://paste.ubuntu.com/23284321/
[12:37] <zyga> jdstrand: sure
[12:37] <zyga> jdstrand: re, .43, yes, let's please get it into yakkety and xenial
[12:41] <zyga> jdstrand: will mount options=(ro rbind) /snap/{,ubuntu-}core/*/var/lib/** -> /var/lib/**,
[12:42] <zyga> jdstrand: will that cover /snap/core/current//var/lib/logrotate -> /var/lib/logrotate
[12:42] <zyga> jdstrand: or do I need some /**/ to cover directories?
[12:46] <stub> What do I do here? https://pastebin.canonical.com/167232/ . It seems the python3 pulled in by the python plugin does not patch the python3 pulled in as a stage package in another part (that embeds a Python interpreter)
[12:49] <jdstrand> zyga: /snap/{,ubuntu-}core/*/var/lib/** would cover it. is ../** needed though? can you use /snap/{,ubuntu-}core/*/var/lib/logrotate/ -> /var/lib/logrotate/ instead?
[12:50] <mup> PR snapd#2108 opened: devicestate: merge overlord/boot into devicestate <Created by mvo5> <https://github.com/snapcore/snapd/pull/2108>
[12:51] <zyga> well , we don't know which directories there are there
[12:51] <zyga> we're seeing a failure in autopkgtests
[12:51] <zyga>  cannot bind mount /snap/core/current//var/lib/logrotate -> /var/lib/logrotate with flags 0x85007. errmsg: Permission denied
[12:51] <zyga> no apparmor denial log though, we'd have to reproduce it now
[12:51] <zyga> I was wondering if apparmor changed in any way
[12:52] <zyga> the mount happens with the following flags MS_RDONLY | MS_REC | MS_SLAVE | MS_NODEV | MS_NOSUID
[12:52] <zyga> but AFAIK apparmor doesn't model all of them
[12:55] <jdstrand> zyga: re don't know> this is an old conversation. is it truly dynamic now and we don't know or is it just to ease future maintenance? if the former, we need a glob rule, if the later, let's continue adding more specific rules
[12:56] <jdstrand> zyga: you probably need: /snap/{,ubuntu-}core/*/var/lib/*/ -> /var/lib/*/
[12:56] <stub> huh. The only difference is munged shebang lines. I think I saw the python plugin messing around with shebangs
[12:56] <zyga> jdstrand: ack, I'll try to reproduce this and fix it when I'm in korea with better network
[12:57] <jdstrand> zyga: ie, the trailing '/' (and you don't need **/, just */ iirc the mirrored /var/lib code
[12:57] <jdstrand> )
[12:58] <zyga> thanks!
[12:58] <zyga> this doesn't explain why adt fails but at least I have more knowledge
[13:00] <jdstrand> zyga: looking at that source mount (/snap/{,ubuntu-}core/*/var/lib/*/), we should be able to enumerate those since we know what is in the core snap. however, would we list everything in /var/lib or would we skip stuff? iirc, there are things we would skip, so a more exact match would be best (though I'd be ok with a glob rule with deny rules for what we wouldn't mount from /snap/{,ubuntu-}core/*/var/lib/*/)
[13:00] <zyga> jdstrand: jdstrand overdue gift from the plane
[13:01] <zyga> geeez net is slow from the phone
[13:01] <zyga> jdstrand: https://github.com/snapcore/snap-confine/pull/166
[13:01] <mup> PR snap-confine#166: Allow running qemu spread tests offline <Created by zyga> <https://github.com/snapcore/snap-confine/pull/166>
[13:01] <jdstrand> woo!
[13:01] <zyga> Ill merge things on the plane
[13:01] <zyga> just adding remotes
[13:02] <mup> Bug #1616605 changed: Cannot open files from NFS drive mounted in /media <snapd-interface> <Snappy:Fix Released by ssweeny> <https://launchpad.net/bugs/1616605>
[13:03] <didrocks> jdstrand: hey! I see that to be able to run the "ping" command, we need one of those interfaces: firewall-control, network-control, network-observe
[13:03] <didrocks> jdstrand: so, it means, there is no interface that autoconnects to enable pinging a remote server?
[13:03] <didrocks> (I guess there are security implications…)
[13:08] <mup> PR snapd#2033 closed: many: move firstboot code into the snapd daemon <Critical> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/2033>
[13:08] <jdstrand> didrocks: that's correct. it has to do with the fact that it is setuid and what that would mean with 'safe' policy
[13:11] <jdstrand> didrocks: however, there are several things here to consider: 1) snaps can test for connectivity using other means that don't need setuid (eg, perform a GET / on http), 2) recent kernels allow ping to be used without setuid, so the snap could ship that ping, 3) snap declarations will allow autoconnecting interfaces after the snap is approved, d) I *might* be able to make something work now that the seccomp arg filtering feature landed
[13:12] <didrocks> jdstrand: actually, I'm just trying to ship some toolbox for health check that consul would use. ping utility is one of them. Is there any ping tool that you know for 2)?
[13:13] <didrocks> jdstrand: also, I just tried to network-observe + connect the socket, I'm still getting ping: icmp open socket: Operation not permitted
[13:13] <didrocks> (but nothing in scanlogs now)
[13:13] <didrocks> (and nothing in syslogs)
[13:13] <jdstrand> didrocks: you mean s/socket/interface/?
[13:14] <didrocks> interface, yeah, sorry
[13:14] <didrocks> :network-observe                   consul
[13:16] <jdstrand> tyhicks: what is the status of setuid-less ping?
[13:16] <jdstrand> didrocks: note, tyhicks will be online in a bit
[13:16] <didrocks> jdstrand: that would be great as a simple utility for use with health checks ;)
[13:17] <didrocks> however, in the fact that there is no log in syslog and that error ^ I'm puzzled
[13:17] <jdstrand> didrocks: there was this: http://tinyurl.com/h6obc5g
[13:18] <jdstrand> didrocks: what ping is it using? the system ping or its own ping? if its own ping, does it work with sudo?
[13:19] <didrocks> jdstrand: it's coming from a stage-package I took (can use another one if needed): iputils-ping
[13:19] <didrocks> let me try with sudo
[13:19] <didrocks> yep, works with sudo
[13:19] <jdstrand> didrocks: the problem with that ping is it requires kernel support. I forget the details of the earliest kernels, so an old 3.10 kernel (for example) might not work with this ping
[13:19] <didrocks> $ uname -a
[13:19] <didrocks> Linux n1 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[13:19] <didrocks> not that old :)
[13:19] <jdstrand> didrocks: right, so with stage-packages, the setuid bits are (correctly) stripped
[13:20] <didrocks> ah, that's the reason why…
[13:20] <didrocks> ok, making sense then
[13:20] <jdstrand> didrocks: but the ping in stage-packages doesn't have the patch for setuid-lessness
[13:20] <didrocks> so, I guess the setuid-less ping is the only way
[13:20] <jdstrand> didrocks: well, use /bin/ping from the core snap instead of stage-packages
[13:20] <jdstrand> didrocks: that will work with network-observe
[13:21] <didrocks> ok, let me give it try!
[13:21] <didrocks> jdstrand: indeed, works perfectly with that + network-observe
[13:22] <jdstrand> it might be fun to have a part or something with the patched ping. iirc, the patch to ping went upstream and it was accepted. that patch just didn't make it into Debian/Ubuntu yet. tyhicks would need to confirm
[13:22] <didrocks> thanks a lot, that would do it for now :)
[13:22] <didrocks> oh ok
[13:22] <didrocks> yeah, I'm creating some sort of general "utility" part/content-interface
[13:22] <didrocks> to be used as health check toolbox
[13:23] <jdstrand> didrocks: compiling upstream ping from source might be the way to go then if connecting network-observe is onerous
[13:25] <didrocks> jdstrand: yeah, sounds like it. do you have the link for the official upstream source (I find some github and such…), and debian/copyright doesn't point to a working ftp
[13:25] <jdstrand> didrocks: fyi, I added exploring 'd' (hehe, meant '4' in my list) to the card on implementing seccomp arg filtering policy. that card is down a ways cause of various critical cards
[13:26] <jdstrand> didrocks: I'll defer to tyhicks there. iirc, he submitted the patch
[13:26] <didrocks> oki :)
[13:26] <didrocks> jdstrand: yeah, no worry, thanks for helping, at least, I have options and I am unblocked :)
[13:27] <jdstrand> cool
[13:41] <mbenz> ogra: I am trying to port minicom from 15.04 to UC16 and need to access tty devices, isn't there a serial-port plug?
[13:42] <ogra_> mbenz, i think there is ....https://github.com/snapcore/snapd/blob/master/docs/interfaces.md look for serial
[13:42] <ogra_> needs the user to manually connect though
[13:43] <didrocks> ogra_: our discussion was that it's not listed via snap interfaces though, even being in the code
[13:43] <didrocks> is that ubuntu-core doesn't provide the slot?
[13:44] <ogra_> didrocks, hmm, thats a zyga question i fear
[13:44] <mbenz> ogra: I will look at doc but some background on what I have tried. I added the plug in yaml and install but see '-' listed as slot and trying to connect gives a failure unlike using modem-manager which works but doesn't have access to /dev/ttySx
[13:45] <ogra_> righ, smells like something is missing here
[13:45] <ogra_> as didrocks said
[13:46] <mbenz> should I work with zyga or log a bug?
[13:47] <ogra_> well, perhaps it is known, i guess zyga had enough pings from us to notice the discussion once he checks IRC again ;)
[13:47] <ogra_> wait for him ... then log a bug if he thinks you should
[13:47] <mbenz> ok
[13:48] <mbenz> for now I will just run in devmode and debug lock file and config file locations
[14:00] <jdstrand> tyhicks: as it happens, I am preparing a snap-confine upload and so I can remove the owner check from '@{PROC}/*/mountinfo r,' if that would help things. please advise
[14:00] <jdstrand> tyhicks: oh, I see you said to drop it in comment #4
[14:06] <tyhicks> jdstrand: thanks! could you also add the rule in comment #5?
[14:06] <tyhicks> jdstrand: @{PROC}/[0-9]*/attr/current w,
[14:20] <tyhicks> jdstrand, didrocks: re setuid-less ping, the patches landed in upstream iputils but we don't yet have a new enough iputils in any of our releases
[14:20] <tyhicks> jdstrand, didrocks: it isn't as simple as that, though
[14:21] <tyhicks> jdstrand, didrocks: setuid-less ping doesn't have full functionality so there's decisions to be made about whether that loss of functionality is ok, if we need to have multiple packages (one for setuid, one for no setuid), etc.
[14:25] <tyhicks> jdstrand, didrocks: also, you can't ship your own setuid-less ping in a snap until Ubuntu opens up the net.ipv4.ping_group_range sysctl to a range that includes our normal user's gid
[14:28] <jdstrand> tyhicks: hmm, so a snap that build iputils from upstream still wouldn't work cause of the sysctl, which we could allow setting, but probably in network-control, a non-auto-connected interface
[14:29] <jdstrand> tyhicks: yes, already done. about to upload this: http://paste.ubuntu.com/23284740/
[14:29] <jdstrand> tyhicks: fyi, https://github.com/snapcore/snap-confine/pull/167
[14:29] <mup> PR snap-confine#167: drop 'owner' check on mountinfo and allow write to @{PROC}/[0-9]*/attr/current <Created by jdstrand> <https://github.com/snapcore/snap-confine/pull/167>
[14:29] <didrocks> tyhicks: hum, ok, so I'm going with the ubuntu-core ping version now, with the correct interface
[14:30] <jdstrand> tyhicks: if you +1 that PR, I'll commit it
[14:31] <tyhicks> jdstrand: I've +1'ed
[14:31] <tyhicks> didrocks: yeah, that's your best option right now
[14:32] <tyhicks> jdstrand: we wouldn't want to allow a snap to set the sysctl, we'd want to set it ourselves
[14:32] <tyhicks> jdstrand: the least risky option would be set it at the distro level but continue to ship the setuid ping
[14:33] <tyhicks> jdstrand: that would allow snaps to ship their own setuid-less ping
[14:33] <jdstrand> tyhicks: technically, it could be at the core snap level
[14:34] <tyhicks> jdstrand: yeah, it could be
[14:39] <jdstrand> ara (cc zyga): uploaded snap-confine 1.0.43-0ubuntu1 to yakkety just now. aiui, autopkgtests have a long queue due to glibc upload. I'll work on xenial now
[14:39] <ara> jdstrand, thanks!
[14:44] <mup> PR snapd#2105 closed: snapstate: only import defaults from gadget on install <Created by niemeyer> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/2105>
[15:09] <mup> PR snapd#2109 opened: tests: update tests now that we do not have snapd.boot-ok anymore <Created by mvo5> <https://github.com/snapcore/snapd/pull/2109>
[15:09] <didrocks> hum, the consul snap is already taken, I think it's you elopio?
[15:10] <didrocks> elopio: I have a working version of it (which does a little bit than --help or local dev agent) and want to upload it to the store, do you mind add me to collaborators if it's really you? :)
[15:13] <jdstrand> ara (cc zyga and tyhicks): ok, snap-confine 1.0.43 with https://github.com/snapcore/snap-confine/pull/167 uploaded to both yakkety and xenial-proposed. yakkety is building, xenial-proposed needs a member of the sru team and the bugs to be done
[15:13] <mup> PR snap-confine#167: drop 'owner' check on mountinfo and allow write to @{PROC}/[0-9]*/attr/current <Created by jdstrand> <Merged by jdstrand> <https://github.com/snapcore/snap-confine/pull/167>
[15:14] <jdstrand> ara: at this point, I think my part for helping zyga is done?
[15:14] <ara> jdstrand, thanks!
[15:16] <tyhicks> jdstrand: thank you!
[15:18] <jdstrand> np
[15:22] <mup> PR snapd#2106 closed: tests: enable tests related to the home interface in all-snaps <Created by fgimenez> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/2106>
[16:27] <mup> PR snapd#2109 closed: tests: update tests now that we do not have snapd.boot-ok anymore <Created by mvo5> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/2109>
[16:35] <mup> PR snapd#2110 opened: overlord/devicestate: don't bail out on the first error in DeviceManager.Ensure, subcalls are fairly orthogonal <Created by pedronis> <https://github.com/snapcore/snapd/pull/2110>
[16:42] <jdstrand> roadmr: hey. ok, I'm going to start work on the review tools for snap declarations now
[16:42] <jdstrand> roadmr: and wanted to sync up. is now a good time?
[16:43] <mup> PR snapcraft#854 closed: Decouple state handling from plugin options <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/854>
[17:15] <zyga> jdstrand: https://launchpad.net/~command-not-found-developers/+member
[17:15] <zyga> er
[17:15] <zyga> bad link
[17:15] <zyga> I meant this: http://paste.ubuntu.com/23285366/
[17:17] <jdstrand> zyga: you mean that is what you wanted uploaded instead of what I did?
[17:19] <zyga> jdstrand: no, that's just a patch we should probably add to .43's debian packaging
[17:19] <zyga> jdstrand: I found this on the plane
[17:19] <zyga> jdstrand: not sure why it broke, it definitely used to work
[17:20] <zyga> jdstrand: maybe a fault in how tests were set up
[17:20] <zyga> this is strictly packaging, the upstream release is OK
[17:21] <zyga> jdstrand: I merged some of your branches on the plane
[17:23] <jdstrand> zyga: fyi, 1.0.42-0ubuntu3 on yakkety has 755
[17:24] <jdstrand> zyga: can you file a bug? I'd like to see the yakkety version migrate. I need to focus on snap declarations now, but can circle back to this maybe later today/tomorrow
[17:26] <zyga> jdstrand: sure, thanks!
[17:26] <zyga> jdstrand: I will, filing bugs on the plane is harder than sbuilding fixes :)
[17:28] <roadmr> jdstrand: hello! Sorry, I was out but i'm back. Sure, let's chat
[17:28] <zyga> roadmr: o/
[17:28] <roadmr> hello zyga
[17:28] <zyga> (just saying hi :)
[17:28] <roadmr> zyga: hello :) how are you doing?
[17:29] <zyga> roadmr: good, sprinting, patching, hacking :)
[17:29] <roadmr> you hacker :)
[17:30] <roadmr> zyga: awesome work btw, congrats
[17:30] <roadmr> jdstrand: (or if you're e.g. out lunching or something, we could sync later today)
[17:31] <jdstrand> roadmr: hey, so my plan is to embed the snapd base declaration for now. then take the snap declaration as a command line argument. on initial upload, the store would provide an empty snap declaration. after that, whatever is saved via the store ui. is this what you had in mind?
[17:31] <jdstrand> roadmr: no, I'm here
[17:31] <roadmr> jdstrand: ohai :)
[17:32] <roadmr> jdstrand: no, our code would pass the meat of the plugs and slots, it's how we've coded it right now
[17:32] <jdstrand> roadmr: sorry, that is what I meant
[17:32] <roadmr> jdstrand: we had a call earlier today where the issue of "how is it serialized?" came up, which applies to the tools as well
[17:32] <jdstrand> roadmr: can you paste me an example of what it will feed to the tools?
[17:33] <roadmr> jdstrand: so on initial upload or if the snap-declaration has no plugs/slots, we call crt without the --plugs or --slots arguments
[17:33] <jdstrand> that works fine
[17:34] <jdstrand> roadmr: oh, you are splitting up --slots and --plugs?
[17:34] <roadmr> jdstrand: yes, that's why I meant by the "meat"
[17:34] <roadmr> jdstrand: because if not, I'd have to pass you a blob containing both plugs and slots which you'd have to parse...
[17:35] <roadmr> jdstrand: and I'd have to massage it too, since I'd have to aggregate both headers somehow
[17:35] <jdstrand> roadmr: I was thinking you'd do --decl=... and that would just have slots: and plugs:
[17:35] <roadmr> jdstrand: we could modify our code to give you the snap-declaration document in its entirety
[17:35] <jdstrand> well I haven't gotten very far, so I can adjust
[17:36] <jdstrand> roadmr: what is in --plugs and --slots?
[17:36] <roadmr> jdstrand: yea... ok so what we'd pass is a json representation of slots/plugs, as edited my the reviewer
[17:36] <jdstrand> json?
[17:36] <roadmr> jdstrand: yep. I guess it could be a collapsed-in-one-line json thing
[17:37] <jdstrand> roadmr: so the store has 'Edit declaration assertion'
[17:37] <jdstrand> roadmr: and two text areas
[17:38] <roadmr> jdstrand: so the workflow is: we call crt with either --plugs/slots or not. If c-r-t says there's trouble with the payload (say, this payload would cause the snap to not install), the reviewer is expected to craft a suitable payload in those fields
[17:38] <jdstrand> roadmr: what goes in there? the yaml-esque payload and you convert that to json for the tools?
[17:38] <roadmr> jdstrand: then redo the crt review (there's a button for that) and once it passes, it approves the snap
[17:38] <roadmr> jdstrand: no, the json payload goes there. We'll never edit the yamlesque version by hand
[17:39] <jdstrand> the json payload
[17:39] <jdstrand> hmm
[17:39] <roadmr> jdstrand: what happens is, once the tools are happy with the json payload, we update the snap-declaration, passing a dict built from that json (essentially plugs=json.loads(the_json_payload))
[17:39] <roadmr> jdstrand: then the snap-declaration will have the yamlesque thing. But the store keeps a copy of the original JSON for human editing
[17:40] <roadmr> jdstrand: now, on subsequent upload, I pass the tools the json; if they're happy, then automated review just passes and I don't update the assertion at all (since it's supposed to already have that payload)
[17:40] <jdstrand> roadmr: I have some concerns that the reviewer needs to enter json instead of yaml, since the declaration spec uses yaml
[17:41] <roadmr> jdstrand: hehe what I keep hearing about that is "it's not really yaml" :)
[17:41] <jdstrand> roadmr: plugs and slots are just dicts
[17:42] <roadmr> jdstrand: that leaves us in a weird situation because we could help the reviewer by at least superficially validating json or pure-yaml syntax, but if it's some yamloid thing, the thought of crafting a custom validator sounds painful
[17:42] <roadmr> jdstrand: yes; one characteristic of the json is that it has to parse to a dict. For example, '"string yay"' is valid json but won't result in a dict
[17:43] <zyga> roadmr: json doesn't *have to* parse to a dict, most parses can just return any valid json type
[17:43] <roadmr> zyga: yes, I meant for this particular case, because SAS does expect a dictionary/map
[17:43] <jdstrand> roadmr: ok, let's backburner this discussion since it is only something the reviewer would see and for the moment, that would be me
[17:44] <roadmr> jdstrand: sure
[17:44] <jdstrand> roadmr: alright, so the tools gets no --plugs or --slots on initial upload. after that the store will give a json file for --plugs and/or --slots?
[17:45] <jdstrand> roadmr: then the tools do its thing. if the tools are not happy, what do you want it to do, exit with error? (I can use a particular error code if that helps)
[17:46] <roadmr> jdstrand: so we could give you an inline string --plugs='{"foo": "bar", ...}' *or* we could point to a file containing the separated payload --plugs=/tmp/plugs-for-snap-XXXXX.json)
[17:46] <roadmr> jdstrand: yes, that sounds good, we can check for that error code and say "needs to edit the payload".
[17:46] <jdstrand> roadmr: I think a file would be best. that string might get long and hit an argv limit
[17:47] <jdstrand> roadmr: what should we do if there are errors/warnings in addition to a payload error?
[17:47] <roadmr> jdstrand: I think the tools output a jsony thingy with the results too, right? if you could have a specific key there with a meaningful message (e.g. plugs don't allow use of interface FOO which the snap wants to use") that'd make reviewers' (you!) jobs much easier
[17:48] <roadmr> jdstrand: ok, let's aim for passing you a file
[17:49] <jdstrand> roadmr: the tools can do that helpful stuff no problem (we do that already). as for the json thingy, are you already passing --json to the tools?
[17:50] <roadmr> jdstrand: I think we are! let me check
[17:50] <roadmr> jdstrand: yes, /path/to/click-review --json /path/to/package.snap
[17:51] <roadmr> jdstrand: a new invocation would be /path/to/click-review --json --plugs /path/to/plugs.json --slots=/path/to/slots.json /path/to/package.snap
[17:52] <jdstrand> roadmr: if so, this is easy. I will add this code to a new file (sr_declaration.py) which means it'll automatically get put into an area you can process (eg, decl-snap-v2)
[17:52] <jdstrand> ok good
[17:52] <roadmr> awesome :)
[17:52] <jdstrand> roadmr: these are the return codes currently:
[17:52] <jdstrand> RETURN CODES
[17:52] <jdstrand>   0     found no errors or warnings
[17:52] <jdstrand>   1     checks not run due to fatal error
[17:52] <jdstrand>   2     found errors and/or warnings
[17:52] <jdstrand>   3     found warnings
[17:52] <mup> PR snapd#2111 opened: snap: ignore /dev/loop addings from udev <Created by mvo5> <https://github.com/snapcore/snapd/pull/2111>
[17:53] <jdstrand> roadmr: add '4  found snap declartion conflicts'
[17:54] <roadmr> jdstrand: sounds good to me. It'd be for correctness only because I checked and we don't use the return code at all :(
[17:54] <roadmr> jdstrand: we rely entirely on the json output
[17:54] <jdstrand> roadmr: the question then is, should I return 2 if have snap decl conflicts + errors/warnings?
[17:54] <roadmr> jdstrand: yes, sounds like 2 encompasses "other errors *and* snap decl conflicts" fine
[17:54] <jdstrand> roadmr: ok, then I return 4 if just snap decl conflicts and 2 if other conflicts. we can revisit that
[17:55] <jdstrand> ok cool
[17:55] <roadmr> totally, that makes sense
[17:56] <jdstrand> roadmr: what is the status of the store today? I imagine you are just waiting on me so you can uncomment the code to pass --slots and --plugs?
[17:57] <roadmr> jdstrand: yes, but we also need to fix the "parse json and pass the dict to SAS" (so: please DON'T edit those plugs/slots fields :)
[17:57] <jdstrand> np
[17:58] <roadmr> jdstrand: the code to pass --slots/--plugs is behind a toggle so we can flip it quickly if we break something
[17:58] <roadmr> jdstrand: but right now it won't work really because it passes inline strings
[17:59] <jdstrand> roadmr: ok, so, is this ok as part of the json output: http://paste.ubuntu.com/23285610/
[17:59] <roadmr> jdstrand: perfect!
[17:59] <jdstrand> roadmr: ok, great
[17:59] <jdstrand> I think that is everything
[18:00] <jdstrand> at least on my end
[18:00] <jdstrand> do you have questions or is there anything else I need to know about?
[18:00] <roadmr> jdstrand: I think this is clear, just a few tweaks to what we were envisioning
[18:01] <jdstrand> ok, I'll get to work on this. I will ask for a review when ready'
[18:03] <roadmr> jdstrand: thanks! I'll summarize in the design doc we have and get cracking
[18:03] <roadmr> \o/
[18:04] <jdstrand> roadmr: great :)
[18:04] <roadmr> this is awesome, almost as awesome as when sas started exploding due to me having created a bad payload \o/
[18:10] <jdstrand> haha :)
[18:15] <mup> PR snapd#2112 opened: systemd: Correct the mount arguments when mounting with squashfuse <Created by tyhicks> <https://github.com/snapcore/snapd/pull/2112>
[18:19] <om26er> Hi! Where can I find documentation on how to consume the gpio interface ?
[18:20] <jdstrand> roadmr: in the json output, lets use snap.v2_declaration instead of snap.v2_decl
[18:20] <jdstrand>   "snap.v2_declaration": {
[18:20] <jdstrand>     "error": {},
[18:20] <jdstrand>     "info": {},
[18:20] <jdstrand>     "warn": {}
[18:20] <jdstrand>   }
[18:22] <roadmr> jdstrand: sounds good, noted
[18:28] <mup> PR snapcraft#844 closed: Add `snapcraft history` <Created by maxiberta> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/844>
[18:29] <sergiusens> maxiberta mind fixing snapcraft#845
[18:29] <mup> PR snapcraft#845: Add `snapcraft status` <Created by maxiberta> <Conflict> <https://github.com/snapcore/snapcraft/pull/845>
[18:29] <sergiusens> ?
[18:29] <tyhicks> zyga: thanks for the review! do you know if there's going to be another snapd release and upload before yakkety is released?
[18:41] <riverloop> Hey, I tried building a snap of mpv using the examples from snappy-playpen on GitHub.
[18:42] <riverloop> I successfully built the snap but mpv can't access any files when I try to play something using it.
[18:42] <riverloop> I tried also playing a YouTube url. ffmpeg showed some error.
[18:42] <riverloop> What may be the reason?
[18:47] <tyhicks> niemeyer: hi - I'm looking for some guidance on getting https://github.com/snapcore/snapd/pull/2112 into yakkety
[18:47] <mup> PR snapd#2112: systemd: Correct the mount arguments when mounting with squashfuse <Created by tyhicks> <https://github.com/snapcore/snapd/pull/2112>
[18:47] <tyhicks> niemeyer: everything is in place, except for that small change, for snaps to work in unprivileged lxd containers
[18:48] <tyhicks> niemeyer: I don't know if there's another snapd upload planned before yakkety's release, if I should apply that patch to what's in yakkety-proposed and make a new upload, or if you're fine with including that fix in an SRU
[18:50] <mup> PR snapd#2110 closed: overlord/devicestate: don't bail out on the first error in DeviceManager.Ensure, subcalls are fairly orthogonal <Created by pedronis> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/2110>
[18:50] <mup> PR snapd#2111 closed: snap: ignore /dev/loop addings from udev <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/2111>
[18:50] <niemeyer> tyhicks: I think it's fine to see it in an SRU and in master
[18:50] <niemeyer> tyhicks: let me response to the PR there
[18:50] <tyhicks> thank you
[18:52] <niemeyer> tyhicks: Done, let me know what you think
[18:58] <pedronis> jdstrand: about JSON, as I understand that was the agreement in the meetings we had (there's no official tooling to parse fragments of assertion format atm)
[19:03] <tyhicks> niemeyer: Thanks. We can deliver the fix in a post-yakkety-release SRU. Until then, only root inside of a yakkety container will be able to run snap commands.
[19:19] <mup> PR snapcraft#858 opened: python plugin: allow usage of bzr <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/858>
[19:25] <tyhicks> ratliff, jgrimm: fyi, it looks like we'll deliver the last piece of the snaps in lxd containers story (the snapd bug fix for bug #1630789) as an SRU after yakkety is released ^
[19:25] <mup> Bug #1630789: normal users can't run snaps inside of LXD containers <verification-needed> <Snappy Launcher:Fix Committed by jdstrand> <Snappy:In Progress by tyhicks>
[19:25] <mup> <snap-confine (Ubuntu):Fix Released by jdstrand> <snapd (Ubuntu):Triaged> <snap-confine (Ubuntu Xenial):Fix Committed> <https://launchpad.net/bugs/1630789>
[19:25] <jgrimm> tyhicks, ack. thanks for following up!
[19:26] <tyhicks> np!
[19:33] <niemeyer> tyhicks: Hmm
[19:33] <niemeyer> tyhicks: Post yakkety release?
[19:34] <tyhicks> niemeyer: maybe I misunderstood what you were saying by, "I think it's fine to see it in an SRU and in master"
[19:34] <tyhicks> niemeyer: I thought you were saying that we should wait until after yakkety is released and then SRU that fix into yakkety-updates as part of the next snapd SRU
[19:35] <niemeyer> tyhicks: I was suggesting we can SRU this in X, probably next week
[19:35] <tyhicks> niemeyer: ah! yes, we're in the process of SRU'ing everything into X
[19:35] <niemeyer> tyhicks: and naturally in yakkety.. but it's October already, so I might be missing what the timeframe is for Yakkety
[19:35] <tyhicks> niemeyer: today is final freeze for yakkety
[19:36] <tyhicks> niemeyer: I can make a small yakkety snapd upload containing only that change, if you'd like me to
[19:37] <niemeyer> tyhicks: I think this is okay.. the only point of using squashfuse is for that one case anyway, so if it breaks it won't get any worse
[19:37] <niemeyer> mvo: What do you think?
[19:37] <tyhicks> oh, there he is
[19:37] <tyhicks> :)
[19:39] <tyhicks> mvo, niemeyer: here's the debdiff that I would upload: https://paste.ubuntu.com/23286012/
[19:40] <tyhicks> I've tested it with inside of a lxd container as well as outside of a container
[19:40] <niemeyer> tyhicks: +1
[19:40] <tyhicks> thanks, I'll wait for mvo to have a look as well
[19:41] <niemeyer> tyhicks: It would be really nice to see a spread test exercising this logic (cheaply, if possible)
[19:41] <mvo> tyhicks: yeah, looks fine, thank you
[19:42] <tyhicks> niemeyer: would I need to mock a container environment or would the spread test set up a lxd container?
[19:42] <tyhicks> I'm going to go ahead and proceed with this upload and will try to get a spread test ready for trunk
[19:42] <tyhicks> thanks mvo!
[20:58] <mup> PR snapd#2096 closed: tests: check for failure creating user on managed ubuntu-core systems <Created by fgimenez> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/2096>
[21:01] <lutostag> so I have snaps installed and now there is an extra dir in my home directory 'snap' is this expected?
[21:02] <nacc> lutostag: yes
[21:02] <lutostag> hmm... not my favorite, any way to make it live elsewhere?
[21:05] <nacc> lutostag: i don't believe so, as there are some variables that rely on it (iirc)
[21:05] <lutostag> nacc: ok, thanks for the info. Appreciate it
[21:17] <mup> Bug #1631159 opened: No way to simply list available snaps via snapd <Canonical System Image:New> <Snappy:New> <snapd (Ubuntu):New> <https://launchpad.net/bugs/1631159>
[21:30] <mup> Bug #1631165 opened: no ability to move snap directory out of $HOME <Snappy:New> <https://launchpad.net/bugs/1631165>
[22:17] <mup> PR snapcraft#845 closed: Add `snapcraft status` <Created by maxiberta> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/845>
[23:57] <SuperJonotron> I have manged to get a snap all wrapped up and deployed but when it runs it needs to run with root privelidges, I can't run the snap with "sudo snapname", doesn't recognize the snap, if i run it just as a user, it's fine but doesn't have root privelidges and when it hits those parts in the application I get "sudo: no tty present and no askpass program specified"
[23:57] <SuperJonotron> is there a way to handle this kind of thing in the yaml? or during install?
[23:58] <nacc> SuperJonotron: why does it need to run as root?
[23:59] <SuperJonotron> some bash scripts, at least one I know of personally, needs to be run as root