/srv/irclogs.ubuntu.com/2016/12/13/#snappy.txt

luk3yxDoes anyone know if I can publish an unofficial MT snap based on the snapcraft.yaml in the snappy playpen?01:00
luk3yx(By MT I meant Minetest)01:01
luk3yxI have a question about the snappy playpen licensing.01:08
mupPR snapcraft#954 closed: pluginhandler: convert to package <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/954>03:18
mupPR snapcraft#956 closed: tests: idempotent store installs <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/956>03:21
=== chihchun_afk is now known as chihchun
=== chihchun is now known as chihchun_afk
liuxgcan anyone tell me what are really there in the Ubuntu Core OS? a Ubuntu core OS has kernel, Ubuntu Core OS, Gadget and snaps. thanks07:02
dholbachhey hey07:55
didrocksgood morning dholbach!08:02
dholbachsalut didrocks08:03
mupPR snapd#2465 opened: snap: show apps in `snap info` <Created by mvo5> <https://github.com/snapcore/snapd/pull/2465>08:06
venkat_JOIN08:20
venkat_I tried to create a kernel snap for dragonboard08:20
venkat_using snapcraft.yaml08:21
venkat_It is created by snapcraft command08:21
venkat_then I tried to create a gadget snap for my board08:21
venkat_by using gadget.yaml and snap.yaml08:21
venkat_here also created a gadget snap08:22
venkat_but when try to create a ubuntu image it is showing the error like08:22
venkat_error: cannot decode model assertion eragon.model: assertion content/signature separator not found08:23
venkat_I just created a .json file for my board and used $ cat eragon-model.json | snap sign -k default &> eragon.model command08:24
venkat_It asked me to enter password, entered then succeed08:24
mupPR snapd#2466 opened: debian: fix Pre-Depends on dpkg <Created by mvo5> <https://github.com/snapcore/snapd/pull/2466>08:25
venkat_But When I use $ sudo /snap/bin/ubuntu-image -c devmode -o eragon410-SDtest.img eragon.model command for image creation, it fails and showing above error08:25
venkat_Do you the reason Why?08:25
venkat_Please  update if knows08:26
eyelashis it not possible for a snap in devmode to access programs outside the snap?08:51
didrockseyelash: hum, there are some tricky way to do, but you can't execute other snaps though (there is a bug for that)08:52
eyelashdidrocks: but if it's installed as a deb it should be possible?08:52
didrockseyelash: yeah, if you add the correct LD_LIBRARY_PATH yourself (as the hostfs is in /var/lib/snapd/hostfs/)08:54
eyelashI was trying to create a snap package for the Meson build system and it obviously needs to access the compilers that are installed on the system08:54
didrocksyeah, I guess some people asked for a compiler interface though08:54
didrocksthat will be great to have that, I'm pretty sure a bug was filed, but if you want to double check (and +1 on this)08:55
eyelashdidrocks: oh nice08:55
eyelashI could not find anything with the keyword 'compiler'08:58
eyelashseems to be this bug: https://bugs.launchpad.net/snappy/+bug/161800409:07
mupBug #1618004: Need a classic-bin interface to see classic binaries <snapd-interface> <Snappy:New> <https://launchpad.net/bugs/1618004>09:07
mupPR snapd#2467 opened: many: improve support for trusty <Created by mvo5> <https://github.com/snapcore/snapd/pull/2467>09:25
mupPR snapcraft#958 opened: Add source name to error message <Created by tsdgeos> <https://github.com/snapcore/snapcraft/pull/958>09:27
tsdgeosi think i need to adapt tests for this one09:28
mupPR snapd#2466 closed: debian: fix Pre-Depends on dpkg <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/2466>09:28
tsdgeosbtw could someone press the "merge" button for https://github.com/snapcore/snapcraft/pull/951 ?09:29
mupPR snapcraft#951: snapcraft plugins -> snapcraft list-plugins <Created by tsdgeos> <https://github.com/snapcore/snapcraft/pull/951>09:29
mupPR snapd#2468 opened: tests: add debug output to see why autopkgtests are failing <Created by mvo5> <https://github.com/snapcore/snapd/pull/2468>09:41
mupPR snapd#2374 closed: snap: tweak snap install output as designed by Mark <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/2374>09:45
grome55hi09:59
grome55hi i request your help to guide me to install snap on debian10:05
mupPR snapd#2469 opened: interfaces: upower-observe: refactor to allow snaps to provide a slot <Created by morphis> <https://github.com/snapcore/snapd/pull/2469>10:48
mupPR snapd#2455 closed: many: implement alias command <Critical> <Created by pedronis> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/2455>10:56
tsdgeossergiusens: i don't understand what you mean with "Please also remember to affect the bug this fixes"10:58
mardyt1mp: hi! The ubuntu-app-platform snap, in which distro should it be built? xenial?11:21
kalikiana_mardy: xenial with overlay11:37
kalikiana_See also https://developer.ubuntu.com/en/blog/2016/11/16/snapping-qt-apps/11:38
mardykalikiana_: thanks!11:49
sergiusenstsdgeos all PRs are required to have a bug on launchpad per https://github.com/snapcore/snapcraft/blob/master/CONTRIBUTING.md11:53
=== chihchun_afk is now known as chihchun
tsdgeossergiusens: nice way to make me not fix small issues like this :D11:54
tsdgeosaaaaaaaaaand we live in the 196012:00
tsdgeos E501 line too long (84 > 79 characters)12:00
tsdgeosoh noes it won't fit in my 800x600 screen12:01
mupPR snapd#2467 closed: many: improve support for trusty <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/2467>12:02
mupBug #1649569 opened: Make plugin/source error reporting a bit more useful <Snappy:New> <https://launchpad.net/bugs/1649569>12:06
tsdgeossergiusens: d1ad166365dfc2b934d2f28bebe31a99b1dd332f didn't have a LP bug linked :o12:16
mardytsdgeos: revert it! ;-)12:22
mupPR snapd#2470 opened: notifications, daemon: kill the unsupported events endpoint <Created by chipaca> <https://github.com/snapcore/snapd/pull/2470>12:33
mardyI'm getting this error after running snapcraft to build ubuntu-app-platform: E:Unable to correct problems, you have held broken packages.12:37
mardyany idea on how to debug this?12:37
mardyI don't have any held packages in my system12:37
Chipacamaybe "you have held broken packages" means snapcraft refuses to work with anybody that has ever handled a broken package12:38
Chipaca:-)12:38
mardyChipaca: still, this is a rather clean installation...12:42
Chipacamardy, I'll let people that know snapcraft give you serious answers now12:43
mardyChipaca: thanks :-)12:44
Chipacaanybody know what http://autopkgtest.ubuntu.com/ is running?12:51
mupPR snapd#2415 closed: overlord/ifacestate: no interface checks if no snap id <Created by chipaca> <Merged by chipaca> <https://github.com/snapcore/snapd/pull/2415>13:04
=== elfgoh_ is now known as elfgoh
abeatoogra_, hi, where could I find the sources for uboot used for rpi3?13:29
ogra_abeato, they are the upstream sources with the patch thats in the gadget tree13:31
abeatoogra_, is that lp:~snappy-dev/snappy-hub/snappy-systems ?13:31
ogra_abeato, the gadgets moved to https://github.com/snapcore13:32
ogra_https://github.com/snapcore/pi3-gadget actually13:33
abeatoogra_, oh, ok13:33
abeatoogra_, I am trying to do boot from USB13:33
abeatoogra_, the issue I see is that uboot is not finding the right enviroment and it tries to use the default13:34
ogra_note that the ROM change you have to do for that is irreversible ... afaik you wont be able to switch your Pi back to Sd onyl in case you care13:34
abeatoogra_, it apparently cannot load uboot.env13:34
* abeato does not core :)13:34
abeato*care13:34
ogra_right, that is the patch ....13:34
ogra_in the prebuilt subdir in above tree13:34
ogra_you need to tell the config to use uboot.env instead of uEnv.txt13:35
abeatoogra_, ok... how do you build uboot btw?13:36
ogra_uff... i havent done it in ages ... make config-rpi3 or some such and then just make ... with the armhf cross compiler installed13:36
abeatoogra_, will give that a try, thanks!13:37
ogra_(i would have to look up the exact lines upstream as well ... )13:37
abeatonv13:38
ogra_ppisati can surely help you too ...13:38
* ogra_ goes back into vacation mode :)13:38
madpropsbesides games, are there other kinds of applications that would benefit from delta updates?13:38
abeatoenjoy, sorry :)13:38
ogra_why sorry, i dont need to answer :)13:38
abeatothat's true too ;)13:39
=== hikiko is now known as hikiko|ln
ogra_madprops, why would only games benefit ? everything benefits from tiny downloads ;)13:41
madpropsyou should be drinking a pina colada and ignoring me :(13:41
ogra_haha13:41
madpropsbut yeah i think video games are the biggest forms of this13:42
madpropsand this is handled by systems like steam13:42
ogra_well, if you have a system that is competely built from snaps and upgrade 50 of them it sums up :)13:43
ogra_and there are browsers ... office suites ... theme packs ... language packs ... the yall are huge by default13:43
ogra_*they all13:44
madpropswell not really when 50 of  those download the same libs13:44
madpropsjust saying13:44
ogra_they wont ...13:44
ogra_(becaue they hopefully use the content sharing interface for the libs ;) )13:44
ogra_*because13:44
madpropsof you're going to do that13:45
madpropswhy not just have a good unviersal package manager13:45
ogra_erm ... that is what snap is13:45
ogra_just a lot more secure13:45
madpropshmm13:46
ogra_(securer enough that you wont have to worry that your webcam that runs snappy becomes part of a botnet ;) )13:46
ogra_*secure13:46
madpropswell language packs and stuff are already their own packages13:47
madpropsi don't know about the security, except for the isolation, but i think it's biggest plus is it's convenience13:47
madpropsto developers13:47
ogra_debs give every package maintainer 100% root on your box13:48
madpropswell and users (except for bigger download sizes)13:48
ogra_there isnt much security in them beyond the fact that you should use a trusted archive13:48
ogra_as soon as you use a package from a PPA or one you download from a website, the person owning that package has full root access to your system13:49
ogra_snaps fix this13:49
madpropshmm13:49
madpropsbut13:49
madpropswhat if it's an application designed to make system changes13:49
madpropshow is it going to do them without root access13:50
ogra_then it uses a snappy interface to talk to the system side ...13:50
ogra_which will require your authorization for critical bits13:50
ogra_by design a snap can not do any harm unless you as the system owner explicitly allow it to13:51
madprops"snappy interface" this is sounding like it's going to control the system a lot ala systemd13:52
ogra_well, a snap runs in a sandbox ... an interface is the outside connection to other snaps or the system for your snap13:53
madpropsbut if i don't run a normal application with sudo .. how does it have sudo powers?13:54
madpropsroot powers13:54
ogra_say you have a music player app you snap ... it wouldnt be able to play any sound without you allowitn to access the interface the pulseaudio snap provides13:55
mupPR snapcraft#892 closed: Catch PermissionError when attempting to replace contents in a readonly file. (LP: #1640305) <Created by larryprice> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/892>13:55
madpropsthat sounds terrible13:55
madpropslike every application that controls sound has to ask for permission first13:55
ogra_and why is that terrible ?13:55
madpropssomething as basic as playing sound13:56
ogra_(you only allow it once at package install time indeed)13:56
madpropsok so the permission is implied by installing it13:56
madpropsa la android permissions13:56
ogra_more like IOS13:56
ogra_but yeah, similar concept13:57
bossie__Hi! Any tips on where I can get info on the different Snap "types" -> type: app | core | gadget | kernel ?13:59
bossie__Either I'm blind or the docs arern't that clear on it13:59
ogra_https://docs.ubuntu.com/core/en/14:00
sergiusensogra_ I think android moved to this model too since 5.014:01
mupPR snapcraft#958 closed: Add source name to error message <Created by tsdgeos> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/958>14:01
mupBug #1649569 changed: Make plugin/source error reporting a bit more useful <Snapcraft:Fix Committed by aacid> <https://launchpad.net/bugs/1649569>14:01
ogra_bossie__, under "build a device"14:01
ogra_and very specific https://docs.ubuntu.com/core/en/guides/build-device/board-enablement14:02
ogra_sergiusens, ah ... havent used android for so long :P14:02
bossie__ogra, thanks! I've been searching under the snapcraft.io docs.... :/14:02
tsdgeossergiusens: what do you think about https://github.com/snapcore/snapcraft/pull/951 ?14:04
mupPR snapcraft#951: snapcraft plugins -> snapcraft list-plugins <Created by tsdgeos> <https://github.com/snapcore/snapcraft/pull/951>14:04
sergiusenstsdgeos let me comment there14:05
tsdgeosstupid github should send comments to the address i made the commit with and not to my main github address14:16
tsdgeosmeh14:16
mupPR snapd#2454 closed: client: only allow Dangerous option in InstallPath <Created by chipaca> <Merged by chipaca> <https://github.com/snapcore/snapd/pull/2454>14:23
mupPR snapd#2470 closed: notifications, daemon: kill the unsupported events endpoint <Created by chipaca> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/2470>14:25
pbektsdgeos: I guess they can't because they haven't confirmed that you own that email address ;)14:28
tsdgeospbek: they have14:29
tsdgeossince it's one of my confirmed email addresses in github14:29
tsdgeosjust not the main one14:29
pbektsdgeos: didn't know that they were able to do that... maybe you should open a feature request...14:30
mupPR snapd#2464 closed: cmd/snap: mock terminal.ReadPassword instead of using /dev/ptmx <Created by pete-woods> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/2464>14:32
tsdgeospbek: do they accept feature requests?14:32
pbektsdgeos: I've no idea to be frank...14:33
pbekGitLab does...14:33
sergiusenstsdgeos they do; I have made many and at least received replies (some are implemented).14:34
sergiusenstsdgeos you can configure email per project under your personal settings14:34
tsdgeossergiusens: Notifications -> Custom routing ?14:35
bossie__Anyone know of a snap or mechanism which will allow my snap to access a USB drive plugged into my device? - Ubuntu Core Pi 2 environment14:37
=== hikiko|ln is now known as hikiko
mupPR snapcraft#951 closed: snapcraft plugins -> snapcraft list-plugins <Created by tsdgeos> <Closed by tsdgeos> <https://github.com/snapcore/snapcraft/pull/951>14:40
sergiusenstsdgeos I think that's the one; Chipaca gave me the wisdom, he might recall better14:43
tsdgeossergiusens: that looks like what i'd like, but i only have one organization there, (which is not canonical or ubuntu) so doesn't seem to be per project sadly :/14:43
ChipacaI did nothing of the sort!14:53
* Chipaca reads about it14:53
Chipacaah! I don't remember it being called custom routing, let me check14:53
Chipacayep, that's the one14:54
Chipacatsdgeos, AFAIK you need to be a member of the organization14:55
Chipacai.e. it's per org14:55
tsdgeosmeh14:55
Chipacawhich makes sense to me14:56
ChipacaI'd say something about free software web services, but i'd sound bitter14:56
mupPR snapcraft#959 opened: Make plugins be an alias of list-plugins <Created by tsdgeos> <https://github.com/snapcore/snapcraft/pull/959>15:10
kyrofabossie__, the snap in question needs to use the removable-media plug16:03
kyrofamadprops, ogra_ FYI android nowadays prompts the first time the app requests said feature instead of at install time16:04
madpropskyrofa, that could be annoying maybe16:09
kyrofaI quite like it. As a side effect, I can deny it16:09
kyrofaSo now I can use an app minus a few features if I don't want to grant the permissions16:09
kyrofamadprops, note that it doesn't prompt every time, just the first time16:10
madpropsyeah denying certain features is cool16:15
bossie__thanks kyrofa I'll check it out16:21
=== shuduo is now known as shuduo-afk
mupPR snapd#2471 opened: interfaces: add new boot-config interface <Created by mvo5> <https://github.com/snapcore/snapd/pull/2471>16:57
mupPR snapd#2472 opened: tests: update custom core snap with the freshly build snap-confine <Created by mvo5> <https://github.com/snapcore/snapd/pull/2472>17:00
mupBug #1625805 changed: dragonboard: history daemon dereferences a rogue pointer <Canonical System Image:Fix Committed> <history-service (Ubuntu):Fix Committed by boiko> <linux (Ubuntu):Invalid by p-pisati> <https://launchpad.net/bugs/1625805>17:08
RiotelaI am on Arch Linux and wondering if I am supposed to see http://sprunge.us/ePQQ (snapd.refresh.service fails, Dec 13 19:07:28 sedric snap[3541]: - Download snap "ubuntu-core" (423) from channel "stable" (cannot authenticate to snap store: Provided email/password is not correct.))17:11
mupPR snapcraft#947 closed: Add 'aliases' support to 'apps' <Created by josepht> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/947>17:31
mupPR snapd#2473 opened: overlord,overlord/snapstate: implement snapstate.Unalias by generalizing the "alias" task <Created by pedronis> <https://github.com/snapcore/snapd/pull/2473>18:07
Seblaihi everyone. I would like to know if anyone has a link to share, tutorial, or reference on to how to develop a snap for rpi.GPIO. Basically, how to import the plugin.. thanks!!!18:15
kyrofaSeblai, no example that I know of, but there is a gpio interface described here: https://github.com/snapcore/snapd/wiki/Interfaces#gpio18:20
cachioI am trying to access to dbus from a python script in my snap18:25
cachioand I am getting -> dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Failed to connect to socket /var/run/dbus/system_bus_socket: Permission denied when I do bus = dbus.SystemBus(mainloop=DBusGMainLoop())18:26
cachioany idea how to fix it?18:26
mupPR snapd#2378 closed: interfaces: misc openstack snap enablement <Created by javacruft> <Merged by jdstrand> <https://github.com/snapcore/snapd/pull/2378>18:44
=== chihchun is now known as chihchun_afk
jdstrandpedronis: hey, wondering if you'll have a chance to review https://github.com/snapcore/snapd/pull/1613 ? (I'm told that it needs one more review and you were asked to do it. please correct me if I'm wrong)19:37
mupPR snapd#1613: interfaces/builtin: add dbus interface (LP: #1590679) <Created by jdstrand> <https://github.com/snapcore/snapd/pull/1613>19:37
jdstrandniemeyer: hi! friendly reminder about my open question to you on https://github.com/snapcore/snapd/pull/245019:38
mupPR snapd#2450: interfaces: add network-namespace-control (LP: #1624675) <Created by jdstrand> <https://github.com/snapcore/snapd/pull/2450>19:38
niemeyerjdstrand: Thanks for the reminder19:39
pedronisjdstrand: I was told to look a it19:39
pedronisat19:39
jdstrandpedronis: ack, I'll leave you to it then19:39
jdstrandniemeyer: note, the flurry of activity surrounding the testsuite failure in 2450 was mvo and I discovering a test infrastructure issue with the recent snap-confine merge (changes to snap-confine from PRs isn't getting properly applied to all snaps images)19:41
jdstrandniemeyer: he's working on that19:41
popeyis there a store problem right now? I am trying to setup a device (pi2) and it's just sat at "Contacting store..." after I enter my email address.19:43
jdstrandniemeyer: also, I just referenced you in a couple (few?) reviews requesting your input on the name of the interface19:43
jdstrandniemeyer: (just within the last couple hours)19:43
popeywow, finally finished... that console setup takes an _age_19:44
niemeyerjdstrand: Thanks for the poke19:49
niemeyerjdstrand: I'm not sure it makes much sense to have network-namespace-control separated, as you point out there19:52
niemeyerjdstrand: The question is this: what are we protecting against?19:53
niemeyerjdstrand: Can someone with network-control re-reoute traffic from other parties inside the system?19:53
niemeyerjdstrand: If so, we're just adding complexity for little gain.. network-control already allows abuse regardless, and network-namespace-control wouldn't work on its own19:54
niemeyerjdstrand: If network-namespace-control could work on its own, without network-control, then there might be some gain19:54
niemeyerjdstrand: In other words, if we could give some the ability to _just_ create a namespace, without being able to touch the network otherwise, then that might be justifiable19:55
niemeyerjdstrand: Off for some exercising.. back later19:59
jdstrandniemeyer: we can create _just_ the namespace, but then we can't configure it without network-control19:59
=== devil is now known as Guest88459
jdstrandniemeyer: based on your comments, I'm going to put it in network-control and circle back. if I need to undo it, that's fine. I prefer it in network-control after working with it for a bit20:00
jdstrandniemeyer: thanks for the feedback! :)20:03
pedronisjdstrand: does that dbus branch has a +1 from tyler?20:47
jdstrandpedronis: not formally. I know he looked at it at one point20:56
pedronisjdstrand: did somebody review the snippets? I was asked to look at it, but I generally don't/cannot review those20:57
* pedronis is a bit confused20:57
jdstrandpedronis: Gustavo and Zygmunt looked at them. I'll ask tyhicks to look at the security policy. I think Gustavo just wanted to make sure it made sense code wise20:58
jdstrandtyhicks: can you look at the security policy in https://github.com/snapcore/snapd/pull/1613 ?20:59
mupPR snapd#1613: interfaces/builtin: add dbus interface (LP: #1590679) <Created by jdstrand> <https://github.com/snapcore/snapd/pull/1613>20:59
jdstrandtyhicks: actually, nm, I forgot you looked at that once20:59
jdstrandtyhicks: meh, I forgot, you looked at the proposal, not the implemented code.21:00
jdstrandtyhicks: so, can you mind again and take a quick peek at the security policy? we can chat on irc about the policy if you have questions21:00
mupPR snapd#2471 closed: interfaces: add new boot-config interface <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/2471>21:03
tyhicksjdstrand: what do you mean by "snapd does not allow ###DBUS_NAME### to end with '-[0-9]+', so this is ok."?21:10
piholeNew to snapcraft: How do you get a simple daemon to start automatically?21:10
tyhicksjdstrand: if snapd doesn't allow it, what good is allowing it in the policy?21:11
kyrofapihole, all you have to do is declare it as a daemon in the YAML21:11
kyrofapihole, do you have a snapcraft.yaml you could share?21:11
piholeSure hang on21:11
piholehelp21:13
piholeOK, not sure how to format the code in here21:15
piholed21:15
tyhicksjdstrand: on line 83, the comment says "allow unconfined clients talk to ###DBUS_NAME### on classic" but the rule doesn't contain ###DBUS_NAME###21:17
piholekyrofa: apps: dnsmasq: command: bin/dnsmasq daemon: simple plugs: - network - network-bind - network-control21:19
kyrofapihole, yeah, use pastebin.ubuntu.com21:20
tyhicksjdstrand: same with the comment/rule on line 12521:20
tyhicks(that one is less worrisome because the rule specifies the peer label)21:21
piholekyrofa: http://pastebin.ubuntu.com/23625639/21:21
kyrofapihole, yeah that looks fine-- the `daemon: simple` tells snapd to run it as a daemon21:22
kyrofapihole, are you not seeing that behavior? Is the daemons perhaps erroring out?21:22
piholekyrofa: I checked journalctl -u and it shows it starts, but then stops shortly after.  Also tried it without the custom config file.  Load up fine either way when done manually21:23
jdstrandtyhicks: re '-[0-9]+', see the regex at line 21821:24
pedronisjdstrand: added some comments21:24
jdstrandtyhicks: what is happening is that a snap developer can request org.foo. snapd will create rules for org.foo and org.foo-[1-9]...21:25
jdstrandtyhicks: therefore we do not allow a developer to request org.foo-121:25
tyhicksjdstrand: got it, thanks21:25
jdstrandtyhicks: line 83 needs to be updated21:26
jdstrandtyhicks: well, really the comment is correct from a certain perspective, but I'll make it clear21:27
jdstrandpedronis: thanks!21:27
kyrofapihole, perhaps it's not a simple daemon?21:30
kyrofapihole, does it fork?21:30
piholekyrofa: good point.  Maybe I'll just try that.21:33
piholekyrofa: thank you very much21:33
kyrofapihole, of course21:33
mupPR snapcraft#957 closed: sources: refactor base sources into module <Created by kyrofa> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/957>21:52
MritunjaiHi All21:52
tyhicksjdstrand: thanks for clarifying the comments21:53
tyhicksjdstrand: my final concern is that the rules on lines 86 and 94 essentially allow the snap to communicate with any unconfined application21:54
mupPR snapcraft#960 opened: pluginhandler: install scriptlet support <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/960>21:55
MritunjaiI am very new to snappy. My requirement is that i have one app already working for x86 and arm. Now what i want to do is to have the stripped version of my exisitng app and make a snap of it and distribut it to the vendors so that they can play with it. Can anyone please gudie me how to start with the same?21:56
jdstrandtyhicks: it can only do it via that interface or path21:56
jdstrandtyhicks: the idea is to let this work within a traditional desktop environment (ie, classic)21:57
jdstrandtyhicks: so, say have some application that is a deb but knows about rhythmbox. I have a rhythmbox snap installed21:58
jdstrandtyhicks: the snap can use either the dbus interface that matches or the dbus path that matches. I was thinking that would make the other side not work so well, but thinking at last about the path one, maybe that should be a rec22:00
jdstrandreceive22:00
mupPR snapcraft#961 opened: sources: refactor local source into module <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/961>22:01
mupPR snapd#2473 closed: overlord,overlord/snapstate: implement snapstate.Unalias by generalizing the "alias" task <Critical> <Created by pedronis> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/2473>22:05
mupPR snapcraft#962 opened: sources: refactor bazaar source into module <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/962>22:13
mupPR snapcraft#963 opened: sources: refactor deb source into module <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/963>22:22
jdstrandtyhicks: did you see my response?22:22
jdstrandtyhicks: in case not:22:23
jdstrandtyhicks: it can only do it via that interface or path22:23
jdstrandtyhicks: the idea is to let this work within a traditional desktop environment (ie, classic)22:23
jdstrandtyhicks: so, say have some application that is a deb but knows about rhythmbox. I have a rhythmbox snap installed22:23
jdstrandtyhicks: the snap can use either the dbus interface that matches or the dbus path that matches. I was thinking that would make the other side not work so well, but thinking at last about the path one, maybe that should be a receive22:23
jdstrandleast*22:23
tyhicksI didn't see it (I apparently disconnected for a moment)22:24
jdstrandtyhicks: I could remove send from those two rules22:24
jdstrandI wonder how much it is needed for the interface rule though22:24
tyhicksI mean it just depends if the snap is going to be only replying to messages or if it needs to actually send a method_call or signal message22:25
pedronisjdstrand: how does things fail if bus or name don't match? you get an connection but it doesn't work?22:26
jdstrandtyhicks: we don't know. this is a generic interface. let's think of this in terms of say, talking to download manager22:26
jdstrandpedronis: you get too many things matching. see the test for this here: https://github.com/snapcore/snapd/pull/1613/files#diff-c5f8555bf0fa0810f5d9dbd039036112R53022:28
mupPR snapd#1613: interfaces/builtin: add dbus interface (LP: #1590679) <Created by jdstrand> <https://github.com/snapcore/snapd/pull/1613>22:28
mupPR snapcraft#964 opened: sources: refactor git source into module <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/964>22:28
jdstrandpedronis: in that, the slot offers two well-known names but the plug only plugs one22:28
jdstrandpedronis: we want to connect the right ones. that little bit does that22:29
pedronisjdstrand: I don't understand what you are saying at all22:29
pedronis:)22:29
jdstrandpedronis: look at the test22:29
jdstrandpedronis: the slotYaml has 'this' and 'that'22:29
pedronisthe test calls ConnectedPlugSnippet22:30
pedronisand gets what you told it to do22:30
jdstrandpedronis: look at the plugYaml, it only plugs 'that'22:30
tyhicksjdstrand: yeah, I appreciate that it is generic - I just wanted to point out that the rules with send perms grant a lot more than intended and it'd be nice if we could remove the send perms22:30
jdstrandpedronis: without this code, things go wrong22:30
tyhicksjdstrand: IMO, there's no use in removing the send perms on the interface related rule but not the path related rule22:30
pedronisjdstrand: sorry, I don't understand, that tests proves that the code does what you told it to do22:31
jdstrandtyhicks: I was thinking the other way around22:31
pedronisI don't understand how it relates to the higher levels22:31
jdstrandpedronis: ok, let me look at this again. two conversations at once is difficult22:31
jdstrandtyhicks: consider the snap has both rules22:32
jdstrandtyhicks: then it tries to talk to the session ubuntu-download-manager (udm) that is unconfined22:32
jdstrandtyhicks: so, the interface rule allows it to talk to the well-known name (name=udm) using the snap's interface (eg, org.foo)22:33
jdstrandtyhicks: wouldn't dbus just reject that rule cause udm doesn't have the org.foo interface?22:33
barryhey snappy folks, i'm seeing recent failures autopkgtests of ubuntu-image (both locally and via gh pull request) when trying to build the pc-i386-model.assertion here: https://github.com/CanonicalLtd/ubuntu-image/blob/master/debian/tests/models/pc-i386-model.assertion22:34
barryhere is a log for example: https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-yakkety-canonical-foundations-ubuntu-image/yakkety/amd64/u/ubuntu-image/20161213_220817_0caf6@/log.gz22:34
barryscroll to the bottom.  snap prepare-image can't find the pc-kernel snap on the beta channel22:34
tyhicksjdstrand: no, the message will be delivered and it is up to the receiving connection to reject that rule based on the invalid interface22:34
jdstrandtyhicks: the path rule is similar. the snap can talk to udm using path=/org/foo. I feel like that is maybe problematic and perhaps it should have the receive rule22:34
barryafaict, pi2, pi3, dragonboard, and pc-amd64 all all fine22:35
barryjust the pc-i386 one is failing.  has something changed here recently?22:35
tyhicksjdstrand: many dbus libraries will reject the message but the message is still delivered22:35
jdstrandtyhicks: ok, well, then the question becomes if on *classic* that is acceptable22:35
barrylike, the i386 arch of pc-kernel went away?22:35
tyhicksjdstrand: yeah, I agree that's the question22:35
jdstrandtyhicks: this is an environment with x1122:36
* tyhicks nods22:36
jdstrandthough, this also support system22:36
jdstrandhow about I remove 'send' and we see how it goes? if it needs to integrate with unity7 then the unity7 interface could gain whatever it needed22:37
tyhicksI would prefer that but can't say whether or not 'send' will just have to be added shortly after to make the interface useful in a classic environment22:38
elfgohCan i double confirm that I can't login to the Ubuntu core via password?22:38
tyhicksI just haven't profiled enough dbus services to know for sure :/22:38
elfgohi.e., if i connect a monitor, i can't login. I can login via ssh tough22:38
elfgoh*though22:38
jdstrandtyhicks: we don't have concrete examples for this part of the ruleset22:39
jdstrandso, let's remove send and see what happens22:39
tyhickstyhicks: I like the sound of that - it definitely improves the security properties of the policy so I think it is worth waiting and seeing22:40
mupPR snapcraft#965 opened: sources: refactor mercurial source into module <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/965>22:40
pedronisbarry: it's on snapd side, calling the api directly it seems there's no i386 beta kernel anymore in the store22:40
pedronisbarry: it's *not* on the snapd side22:41
tyhicksjdstrand: fyi, this was the crux of the kdbus authors' argument against our fine-grained dbus mediation22:41
barrypedronis: that's what i suspected.  do you know if that's intentional?  who owns/owned the i386 kernel snap?22:41
pedronisI don't know22:42
barryogra_: perhaps?22:42
pedronisit might also be a store bug (wrong channel inheritance)22:42
jdstrandtyhicks: hmm?22:42
tyhicksjdstrand: they claimed that if a dbus client could send *any* message to a dbus service, that service must be smart enough to reject invalid/unexpected paths, interfaces, and method names22:42
pedronisbarry: afaict as I get from the api,  there's a kernel in edge, and the same in stable and candidate, but nothing in beta22:43
pedronisfor i38622:43
tyhicksjdstrand: and that filtering out certain values of paths, interfaces, and/or method names in security policy was not worthwhile22:43
jdstrandtyhicks: I see. well, obviously we disagree22:43
tyhicksyeah22:44
jdstrandtyhicks: the same could be said of seccomp22:44
barrypedronis: so there is one in stable?  maybe i should just switch the tests over to that.  i suppose at one point they were only available in beta which is why the tests used that.  /me tries22:44
tyhicksjdstrand: good point22:44
jdstrandit is reducing attack surface22:44
tyhicksjdstrand: ok, that was mostly useless knowledge - I'll let you get back to the PR22:44
tyhicks:)22:44
pedronisbarry: yes,  stable and candidate have 44, edge has 4822:44
pedronisno beta22:45
barrypedronis: if it's in stable, you'd expect it to be in beta too then right?22:45
pedroniswell it's in candidate22:45
pedronisbut yes22:45
pedronisso as I said might be store issue22:45
pedronisworth poking store people22:46
barrypedronis: ok, thanks22:46
pedronisanyway amd64 has something explicit in beta fwiw22:47
elfgohIs it possible for me to modify the scheduled rebootreboot scheduled to update the system - temporarily cancel with 'sudo shutdown -c'22:50
elfgoh"reboot scheduled to update the system - temporarily cancel with 'sudo shutdown -c'"22:50
cachiojdstrand, hi, I am creating a tests where I am creating some methods in dbus and I call them from python calls in my snap22:55
cachiojdstrand, is it needed for that to create a new interface?22:56
cachiojdstrand, the process is the following, first I add policies in /etc/dbus-1/system.d, then register a method to be called22:58
cachiothen I call this methods with some parameters and this method will spam signals depending on the parameters used.22:58
cachioI am doing this to measure dbus performance22:59
cachiojdstrand, but I am still getting this error > dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NameHasNoOwner: Could not get owner of name 'com.canonical.kpi.signal': no such name23:00
cachioany guess?23:00
mupPR snapcraft#966 opened: sources: refactor rpm source into module <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/966>23:04
pedronisbarry: I poked, seems indeed a glitch, there should be something there23:07
jdstrandpedronis: well, it seems something higher is doing the right thing. if I comment out that 'ensure' area and then install a snap with two slots and a slot with one plug, I get the right policy23:08
barrypedronis: thanks23:08
jdstrandpedronis: I thought I observed different behavior before which is what prompted the test, but I don't recall specifically23:08
pedronisjdstrand: nothing higher level consider that method23:08
pedronisjdstrand: afaik it will either find too many, or if you are explicit enough23:08
jdstrandpedronis: I just mean if I try to snap connect the wrong slot, it doesn't23:09
pedronisit connect but things will not work23:09
pedronisjdstrand: with what kind of error?23:09
jdstrandno error23:09
pedronis?23:09
pedronisso the connection is there?23:09
pedronisbut doesn't work23:09
jdstrandpedronis: consider23:10
jdstrandsnap interfaces23:10
jdstrandfoo:bar23:10
jdstrandmeh23:10
jdstrandfoo: bar  -23:10
jdstrandmeh23:10
jdstrandfoo:bar  -23:10
jdstrandfoo:baz  -23:10
jdstrand-         norf:bar23:10
jdstrandsudo snap connect norf:bar foo:bar23:10
jdstrandthat works fine (expected)23:11
jdstrandsudo snap connect norf:bar foo:baz23:11
jdstrandno error, no issues23:11
jdstrand(policy is correct23:11
jdstrand)23:11
pedronis??23:11
pedronisbut snap interfaces23:11
pedroniswill say they are connect no?23:11
jdstrandtpedsnap interfaces show it as connected23:12
pedronisso you can connect things that will do nothing23:12
jdstrandyes23:12
pedronismaybe it's the best we can get23:12
pedronisbut is not that great23:12
jdstrandwell, I could error there23:13
jdstrandin the 'ensure' section23:13
jdstrandthis is with that code commented out23:13
pedronisbut then it's too late23:13
pedronisI think23:13
jdstrandif I put it back, I think it will work correctly since we return nil, nil23:13
jdstrandlet me check23:13
pedronisas far as I know23:14
pedronisnothing checks that first nil23:14
pedronisit just get ignored23:14
jdstrandok, putting it back it is the same behavior. snap interfaces shows it as connected, but the policy doesn't have it23:16
jdstrandlet me error in there23:16
jdstrandreturn nil, err23:16
jdstrandpedronis: yes, if I put an err there then snap connect shows the message, but snap interfaces still shows it as connected23:18
pedronisjdstrand: the problem with the error is that if there's a 2nd interface that should work it will get in a strange state possibly23:20
jdstrandpedronis: I don't know what to do at this point23:20
pedronisthere's not place atm for that check afaict23:20
pedronisso the nil, nil23:21
pedronisis the best we can do23:21
jdstrandok, so what I had23:21
pedronis(also error handling in there is not very graceful)23:21
cachiojdstrand, any suggestion about the comment I did before?23:24
jdstrandcachio: you are going to need to have security policy that handles that. currently there is none23:26
jdstrandcachio: I suggest devmode for the time being23:26
jdstrandcachio: then finish your snap and then I can take a look at it23:26
cachioI am getting this error23:27
cachiodbus.exceptions.DBusException: org.freedesktop.DBus.Error.NameHasNoOwner: Could not get owner of name 'com.canonical.kpi.signal': no such name23:27
jdstrandcachio: there is likely an apparmor denial in syslog23:27
cachiojdstrand, I just see apparmor="ALLOWED"23:29
cachiojdstrand, is it ok to copy the dbus config file to /etc/dbus-1/system.d ?23:30
jdstrandcachio: ah, it is in devmode23:30
cachiojdstrand, yes in devmode23:30
jdstrandcachio: right, so devmode isn't going to cover dbus bus policy, just seccomp, device cgroups, apparmor, etc23:30
jdstrandcachio: so you are going to need to put something in there. as it happens, the dbus interface I am working on would give you a bus policy that would work with devmode23:31
jdstrandcachio: see https://github.com/snapcore/snapd/pull/1613/files#diff-715ebbcbcd440b44a1e536f154ca6138R10823:31
mupPR snapd#1613: interfaces/builtin: add dbus interface (LP: #1590679) <Created by jdstrand> <https://github.com/snapcore/snapd/pull/1613>23:31
jdstrandcachio: eg, $ cat /etc/dbus-1/system.d/snap.test-hello-dbus.test-hello-dbusd-system.conf23:32
jdstrand<!DOCTYPE busconfig PUBLIC23:32
jdstrand "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"23:32
jdstrand "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">23:32
jdstrand<!-- This file was automatically generated by snappy -->23:32
jdstrand<busconfig>23:32
jdstrand<policy user="root">23:32
jdstrand    <allow own="com.canonical.HelloDBus"/>23:32
jdstrand    <allow send_destination="com.canonical.HelloDBus"/>23:32
jdstrand</policy>23:32
jdstrand<policy context="default">23:32
jdstrand    <allow send_destination="com.canonical.HelloDBus"/>23:32
jdstrand</policy>23:32
jdstrand</busconfig>23:32
jdstrandcachio: create a bus policy like that ^ (adjust for your well-known name and interface of course) and that will allow any one to talk to your service23:33
jdstrandwell23:33
jdstrandany unconfined process23:33
jdstrand(or devmode)23:33
cachiojdstrand, nice, but it would work when your change is landed, right?23:34
pedronisjdstrand: it's late here, if you get a +1 from tyler it's mergeable I think23:34
jdstrandcachio: for devmode, yes. in strict might need some adjustments23:35
jdstrandit may work23:35
cachiojdstrand, good, so I'll need to wait23:36
* pedronis => rest23:36
cachiojdstrand, any guess about when it is gonna be landed?23:36
jdstrandpedronis: thanks so much!23:36
cachioaprox23:36
jdstrandcachio: it is what I've been talking about with people in this channel today23:36
cachiojdstrand, we are talking about days, weeks?23:36
jdstrandcachio: it is targeted for 2.20. it will hopefully land tomorrow23:37
jdstrand2.20 is for thursday I think23:37
cachiojdstrand, awesome23:37
pedronisit will get in candidate thu or fri23:37
cachiojdstrand, it works for me if it is on this week23:37
pedronis(stable is in January though)23:37
jdstrandcachio: note pedronis' comment23:39
jdstrandcachio: if you need something sooner, you are going to need to hack up your bus policy manually23:39
cachiojdstrand, it is ok, I am using daily builds for testing23:39
cachiojdstrand, so I'll test it as soon as possible once it is landed23:40
pedronisbarry: there should be again something in beta (for pc-kernel i386)23:40
cachiojdstrand, thanks for the support23:42
jdstrandcachio: np! :)23:43
jdstrandtyhicks: thanks for your review! :)23:51
mupPR snapcraft#967 opened: sources: refactor script source into module <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/967>23:55
tyhicksjdstrand: no problem!23:57

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!