=== StoneTable is now known as aisrael
=== ueberall is now known as uebera||
mwhudsoni get the classic confinement requires the core_dynamic_linker to be set message trying to build a classic confinment snap on launchpad01:40
mwhudsonapparently that's code for "you need the core snap installed"01:40
mwhudsonbut how do i get the builder to install the snap?01:40
mupPR snapcraft#1040 closed: Run the rust test in armhf <Created by elopio> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1040>05:21
mupPR snapcraft#1041 closed: Document `notify` daemon type <Created by kyrofa> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1041>05:27
mupPR snapcraft#1042 closed: Add documentation for hooks <Created by kyrofa> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1042>05:27
=== chihchun_afk is now known as chihchun
=== chihchun is now known as chihchun_afk
mupPR snapd#2590 closed: interfaces: miscellaneous policy updates for network-control, unity7, pulseaudio, default and home <Created by jdstrand> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/2590>06:37
mupPR snapd#2591 opened: wrappers: add DBusActivatable to the allowed values for desktop files <Created by mvo5> <https://github.com/snapcore/snapd/pull/2591>07:13
longsleepIs the gadget snap actually installed on the device? I am wondering where i find the hooks or how to debug a prepare-device hook.08:07
zygalongsleep: it is, but it is not updated in the same way as other snaps08:08
zygalongsleep: look at /snap/$SNAP_NAME/current, as usual08:08
palassoHey there, sorry for the newbie question but by reading the docs in snapcraft.io I am confused on the types of snaps that exist08:08
longsleepzyga: /snap/ is emtpy08:08
zygalongsleep: empty?08:08
palassoSo I understand there's a focus in app and gadget snaps but there's more types being mentioned08:08
zygalongsleep: that's odd08:08
zygapalasso: there are kerenl snaps, gadget snaps and app snaps08:09
longsleepzyga: i only see the stuff from the gadget snap in /boot/uboot08:09
palassoThere's a mention of kernel and OS snaps and also in the snap store I can see there's OEM and framework snaps08:09
zygapalasso: and there's the one os/core snap08:09
zygapalasso: framework snaps are no more, oem snap is no more08:09
zygalongsleep: did the device finish booting?08:09
zygalongsleep: snapd installs snaps on first boot08:09
palassoalright ty zyga :)08:09
longsleepzyga: yes it boots and works just fine08:10
longsleepzyga: i finished the stup via serial console subiquity prompts and sshd in08:10
zygalongsleep: no idea then, maybe ogra_ has some ideas?08:10
palassozyga: so the OEM and framework snaps in the store are there for archival purposes or being used from devices having old versions of snapd?08:10
longsleepzyga: if i install hello-world snap  then it also first downloads the core snap which i find odd too08:11
longsleepzyga: and then of course the hello-world snap does not work because of the mount aa deny08:11
palassozyga: also I'm wondering, since it seems docker was the reason for the framework snaps, is there some inherent difficulty in snapping docker as an app snap? And if it goes away is there some suggestion of having a way to use docker in an all-snap distro?08:12
zygapalasso: those are 15.04 concepts, they are gone in 16.0408:12
zygalongsleep: that looks like a bug08:12
zygalongsleep: can you please report this08:13
palassozyga: also I'm wondering whether the proper name for the software that does the confinement is "snapd-confine" or "snap-confine"08:13
zygapalasso: framework snaps had more permissions, in 16.04 permissions are based on interfaces so any snap can get additional permissions by using appropriate interface08:13
zygapalasso: snapd defines confinemenet, snap-confine applies it08:14
palassoOk thank you zyga I think there's a typo in the docs because it mentions it as snapd-confine08:14
longsleepzyga: sure08:14
longsleepzyga: after i install hello-world, i now have bin, core and hello-world in /snap - before it was empty08:14
zygapalasso: can you point me to it08:14
palassozyga: core/snapd08:15
longsleepzyga: and it scheduled a reboot because it updated core?08:15
zygalongsleep: sanity check, this is not a classic system, this is a core system?08:15
longsleepzyga: yeah, created by ubuntu-image with UBUNTU_IMAGE_SKIP_COPY_UNVERIFIED_MODEL=1 ubuntu-image -c stable --image-size 2G --extra-snaps pine64_16.04-2_arm64.snap --extra-snaps kernel/pine64-kernel_3.10.104-2_arm64.snap -o test2.img pine64.model --debug08:16
longsleepexcept that this boot i used edge channel08:16
palassozyga: also in the same page there seems to have been a mistake in bullet points. Read part "A store where developers can easily make their" I think it shouldn't be a sub bullet point08:16
zygapalasso: sorry, can you give me a URL please?08:17
longsleepzyga: where should i file that bug - https://launchpad.net/ubuntu-image sounds good?08:18
longsleepzyga: i got ubuntu-image 0.12+real108:19
zygalongsleep: how did you install ubuntu-image?08:19
zygalongsleep: AFAIK today it is only installable as a snap08:19
zygalongsleep: I don't know how well it supports other platforms, apart from what we can build officially08:20
longsleepzyga: yes installed as snap on my xenial dev system - ubuntu-image  0.12+real1  44    canonical  devmode08:20
mupBug #1655262 opened: driver doesn't support ap mode <Snappy:New> <https://launchpad.net/bugs/1655262>08:21
palassozyga: also a few more typos, not important but I happened to notice: In http://snapcraft.io/docs/core/install correction of branding: OpenSuse --> openSUSE (also notice it'll be consistent with the URL of the repo that's been specified in the command)08:29
palassozyga: and I think in http://snapcraft.io/docs/core/updates "Snapd systems employ a method of transactional update" shall have a plural for "update" thus being replaced with "updates"08:30
palassozyga: Here's a pastebin for the typos: https://paste.ubuntu.com/23775246/08:36
zygapalasso: thanks!08:36
palassoyou're welcome :)08:36
palassobtw and sorry for bugging you the old OEM snaps have been replaced functionality-wise with the kernel snaps or the OS snap or is it more complicated than that?08:39
zygapalasso: I'm not sure what the OEM snaps were doing, I think it is now the (single) core snap08:44
palassoI'm still in the reading process so it's not like I understand everything. I also noticed Lennart talking about Portable system services within systemd and using squashfs images (seems very similar to the snap format) https://lwn.net/Articles/706025/08:45
zygayes, it seems that this is a clone from the idea of snaps08:46
palassoHe said if he were to create systemd today, he would have started with portable system services being the norm but since it's been there for so long he has to keep compatibility by keeping the "native" type08:47
palassoAnd here's the talk: https://www.youtube.com/watch?v=DUUbFGNZ1vI08:49
palassozyga: I have no idea what the OEM snaps are, I barely read in the past the old documents that weren't in the snapcraft.io domain name (those that were in the ubuntu.com domain name before the launch of snapcraft.io) but looking at the OEM snaps I think they're custom images for ARM boards.08:52
zygapalasso: hey, I just realized that snapcraft.io is a github project, can you please try to fix those typos directly? https://github.com/ubuntudesign/snapcraft.io/08:52
zygapalasso: I think OEM may have been just current kernel snaps08:53
palassozyga: yeah sure I'll make a PR :)08:53
zygapalasso: awesome, thank you :)08:53
davidcallepalasso: over here https://github.com/CanonicalLtd/snappy-docs/ :)08:59
palassodavidcalle: thnx I just found it myself by looking at the code :P08:59
davidcallepalasso: also, thank you08:59
palassothis part helped me find it: https://github.com/ubuntudesign/snapcraft.io/blob/master/import-docs.sh08:59
davidcallepalasso, zyga: OEM snaps -> Gadget snaps09:01
* zyga nods09:02
mupPR snapd#2592 opened: many: add support for session dbus services via snaps <Created by mvo5> <https://github.com/snapcore/snapd/pull/2592>09:10
vigoogra_, ping09:31
mupPR snapd#2593 opened: Mount backend <Created by zyga> <https://github.com/snapcore/snapd/pull/2593>09:41
ogra_vigo, yes ?09:50
vigoogra_, I'm following the steps you told me but when I try to connect to my wifi it is not listed09:51
vigoI mean I can see other wlans listed but not mine :S09:51
ogra_weird, works here09:51
ogra_i thought you cant see the device09:51
vigomakes me wonder about wifi compatibility, I scan for new networks and give it time to show me a complet list09:53
vigobut my network is still missing while dragonboard workd great09:53
ogra_longsleep, this sounds a bit like the old rtc issues we used to have does your cmdline have fixrtc set ? the device setup doesnt work if the clock is completely off09:55
vigoI'll change the wifi channel and try09:55
ogra_vigo, well, probably a driver bug, not sure ... i never had probs here, WPA2 and channel 1209:56
ogra_(thats what my network uses)09:56
vigoogra_, it was the channel10:01
vigoI was using channel 1310:01
ogra_so the pi driver rspects regulations and the dragonboard doesnt i guess :)10:01
vigonow I see my wifi printer too10:01
mupIssue snapd#2594 opened: Please add "install" hook <Created by jacekn> <https://github.com/snapcore/snapd/issue/2594>10:02
longsleepogra_: yes i have fixrtc in cmdline10:14
ogra_longsleep, well, check your syslog and dmesg ... i'm sure there is an error somewhere with the firstboot setup10:15
longsleepogra_: ok, will do - preparing a new image now10:15
ogra_(if it is not the clock it must be something else ... but there should be a log entry for it in any case)10:15
longsleepogra_: any chance you can point me to some docs how i can make it load an extra kernel module on boot?10:16
ogra_you should eb able to ship /etc/modules in the gadget ... i know there are plans for a core config interface to set this but i'm not sure where this stands10:17
ogra_beyond this, /etc/modules.d is writable so you can dump a file in there10:17
ogra_nowadays it is /etc/modules-load.d10:18
longsleepogra_: ok cool will try that thanks10:19
vigoogra_, pi3 has wifi n only10:38
vigoand db b/g/n10:38
ogra_ah, right10:38
vigothat's why 12 and 13 won't work10:39
vigoso it's legal :)10:39
ogra_thanks for researching that :)10:39
vigoogra_, np, I like it :)10:40
longsleepogra_: there are plenty of errors in syslog but nothing really obvious to me - http://paste.ubuntu.com/23775585/ has the full syslog after the first boot10:41
longsleepogra_: i guess everything related to /usr/bin/snap is relevant10:42
ogra_longsleep, and dmesg output ?10:43
ogra_(the bit before rsyslogd starts is interesting too)10:43
longsleepogra_: http://paste.ubuntu.com/23775592/ has the dmesg10:44
ogra_long term you also want to drop "rootfstype=ext4 rootwait"10:44
longsleepogra_: sure i can easily remove those, copied some u-boot stuff from classic ubuntu10:44
ogra_hmm, no failed messages there10:48
ogra_do you see any systemd errors in the serial console when booting ?10:48
longsleepogra_: yeah all  systemd units report fine10:48
longsleepogra_: none10:48
ogra_Jan 10 10:34:53 localhost /usr/lib/snapd/snapd[1171]: booted.go:81: cannot get info for "pine64-kernel": cannot find snap "pine64-kernel"10:49
ogra_Jan 10 10:34:53 localhost /usr/lib/snapd/snapd[1171]: booted.go:81: cannot get info for "core": cannot find snap "core"10:49
longsleepyeah - those snaps are not there10:49
ogra_it is definitely this ... but there should be a more descritive error above ...10:49
ogra_how did you build the image ?? do you use a properly signed model assertion with a valid key ?10:50
longsleepogra_: so the question is where do those snaps go / why are they not found - i mean ubuntu-image should use/install them during imafge creation10:50
longsleepogra_: no model assertion is not signed10:50
ogra_well, thats your issue then10:51
longsleepreally, i thought it still would be fully functional without it except that i cannot update10:51
longsleepogra_: i still cannot sign anything as i cannot register the key with the store10:51
ogra_though ubuntu-image should still have put the snaps into /var/lib/snapd/snaps/10:52
ogra_and you should eb able to find them10:52
longsleepogra_: nope, that folder is empty on the device10:52
longsleepogra_: so how do i get the "The account-key-request assertion is not valid." error fixed, so far nobody has been able to help me with that10:54
longsleepi unfortunately cannot sign anything as i cannot register a key with my account :/10:54
ogra_your assertion needs to be signed10:54
ogra_i dont think there is a way around ...10:54
ogra_point 2 and 310:56
longsleepogra_: ok let me try to use a signed assertion without having the key registered with my account10:56
ogra_well, i think ubuntu-image checks the key ... so that might not work either10:56
longsleepogra_: because step 2 of these instructions fail for me - http://paste.ubuntu.com/23770867/10:56
ogra_well, thats a question for the store people i fear10:57
longsleepogra_: you are right, i cannot build with the signed assertion unless the key is registered10:57
longsleepogra_: error: cannot fetch and check prerequisites for the model assertion: account-key (BBZk-RcyZ-tJN9eRJTW-pwcHg7r2ME-Bm9kUn5qOKyRQMJ9SPyrham_UHoSNnrAJ) not found10:58
longsleepso i already asked about this here in december - so far no luck in getting anyone from the store people :/10:58
ogra_zyga, do you know whom longsleep could poke to get this working ?10:59
mvolongsleep: what version of snapcraft are you using?10:59
longsleepmvo: 2.2410:59
zygano idea11:00
mvolongsleep: that should be ok - maybe pedronis has an idea about the error in http://paste.ubuntu.com/23770867/ "Key registration failed: The account-key-request assertion is not valid." ?11:00
mvolongsleep: he is at lunch right now though11:00
ogra_iirc key management starts working after 2.17 ... so this should be fine11:00
longsleepogra_: i thought so, its the version from xenial-updates repository11:01
longsleepmvo: ok thanks, lets hope to get a reply from pedronis when he is back11:01
ogra_yeah, 2.24 is definitely good11:01
longsleepi also tried with a new key, same error - so i think something is wrong with my account - it is very old and has probably gone through some migrations11:02
ogra_try creating a longsleep-test account ;)11:03
longsleepogra_: yeah i might do that as last resort, but its kind of shitty to use two different accounts11:04
ogra_just for this test indeed11:04
longsleepogra_: yeah let me setup an lxd container for that11:05
longsleepogra_: right, new account worked instantly :/ Done. The key "longsleep-test1" (KWRSCGwv7tVtZW8GpAHajvBIuWr0lfBBjmi4VPj6amYeeyzSmmG4Rf6uDrHT--Yc) may be used to sign your assertions.11:18
ogra_well, now roll an image with it ;)11:18
longsleepogra_: currently building :)11:19
longsleepor not ..11:20
longsleepi guess the snaps are signed too or something?11:20
longsleeperror: cannot fetch and check prerequisites for the model assertion: cannot add assertion model (pine64; series:16 brand-id:IcQdq5akLGfjzZ15kmONNRvA8ORuNbAa): error finding matching public key for signature: found public key "KWRSCGwv7tVtZW8GpAHajvBIuWr0lfBBjmi4VPj6amYeeyzSmmG4Rf6uDrHT--Yc" from "d0VlBe971cyBTYMdulEfu4cyzUgJWiva" but expected it from: IcQdq5akLGfjzZ15kmONNRvA8ORuNbAa11:20
ogra_the store snaps are ... is your gadget/kernel local or in the store ?11:22
ogra_if they are local you should use them in --extra-snaps11:22
longsleepyes thats what i am doing11:22
mupPR snapd#2595 opened: daemon: re-enable reexec <Created by mvo5> <https://github.com/snapcore/snapd/pull/2595>11:23
ogra_i thought they only get signed when you upload ... seemingly not ...11:23
longsleepogra_: http://paste.ubuntu.com/23775798/ is what i am doing, and the model assertion is signed with the new key which is registered to longsleep-test store account via snapcraft11:26
pedronismvo: longsleep: I have no idea tbh, cjwatson might be a better bet11:27
ogra_longsleep, and you run this in the same container you created the key in ?11:28
ogra_(the key must indeed be available to ubuntu-image)11:28
longsleepogra_: ah this is my fauilt, i need to change the key ids in the model json11:29
longsleepthen it should work11:29
mupPR snapd#2596 opened: tests: parameterize kernel snap channel <Created by fgimenez> <https://github.com/snapcore/snapd/pull/2596>11:29
longsleepogra_: this is really picky, timestamp outside of signing key validity11:31
ogra_oh my11:31
ogra_date -Iseconds --utc11:32
longsleepogra_: now it builds11:32
ogra_and replace it with the output11:32
longsleeppedronis: would you mind poking them so i can use my real ubuntu account to sign snaps11:33
pedronislongsleep: do you have the LP bug you submitted at hand11:35
pedronisfound it11:40
longsleeppedronis: sorry i had to switch location, https://bugs.launchpad.net/snapcraft/+bug/1652302 is the one you found i suppose?11:42
mupBug #1652302: Key registration failed: The account-key-request assertion is not valid. <Snapcraft:New> <https://launchpad.net/bugs/1652302>11:42
cjwatsonlongsleep: digging12:00
longsleepogra_: looks much better with the signed model - now snaps are how they should be after first boot12:03
cjwatsonlongsleep: could you modify your local version of snapcraft something like http://paste.ubuntu.com/23775926/ and send me the output when you try again?  Please try with your non-test account.12:10
longsleepcjwatson: sure hold on12:10
cjwatsonlongsleep: I don't think the output should be *very* private, but maybe send it in a private message just in case12:10
ogra_longsleep, YAY !12:16
longsleepogra_: ah and now i also see the mount aa denies on boot, i guess thats why the hooks do not run - now it finds the snaps at least12:23
longsleepogra_: Jan 10 11:48:02 localhost kernel: [   65.153519] type=1400 audit(1484048882.620:9): apparmor="DENIED" operation="mount" info="failed mntpnt match" error=-13 profile="/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" name="/run/snapd/ns/pine64.mnt/" pid=1640 comm="snap-confine" srcname="/" flags="rw, bind"12:23
longsleepogra_: so i guess i am down to one issue now with snappy, the key problem seems to be a problem with my account12:24
ogra_longsleep, hmm, never seen that one12:47
longsleepogra_: yeah, its the same i reported earlyier - happens for any command run through snap-confine - i am waiting on zyga for feedback12:48
ogra_might be a kernel issue12:49
ogra_(something missing in the namespace config ? )12:49
longsleepogra_: yeah, though i have looked and i seem to have all the aa patches12:49
ogra_well, might not be the patches but just a config option12:50
longsleepogra_: might be, though lxd works with this kernel (thats why i backported the stuff in the first place)12:50
longsleepogra_: yes, any suggestions how to find out which?12:50
ogra_apart from comparing to a working config ? not really12:51
longsleepogra_: could you pastebin a working /proc/config.gz12:51
ogra_thats what i get for NS12:52
ogra_plus CONFIG_NAMESPACES indeed12:52
zygalongsleep: I didn't have time to inspect this yet12:55
zygalongsleep: sorry :/12:55
longsleepogra_: looks different for me - http://paste.ubuntu.com/23776045/12:55
longsleepzyga: no problem, i continue to investigate myself - but any pointers would be helpful12:55
zygalongsleep: try to edit the apparmor profile of snap confine12:56
zygayou can copy it from /etc/12:56
zygaand edit it12:56
zygaand recopile it with apparmor_parser -r12:56
zygatry to add some rules related to the capture of the bind mount12:56
zygathat would be in the hat-profile, at the bottom of that file12:56
zyga(the name is /etc/apparmor.d/usr.lib.snapd.snap-confine)12:57
zygathere are comments there12:57
zygaif you have questions, ask12:57
zygabut I cannot reproduce that here and you stand a better chance12:57
longsleepzyga: yes i looked into that before, it has mount options=(rw bind) / -> /run/snapd/ns/*.mnt,12:58
longsleepzyga: which should match this12:58
zygalooks like a bug in apparmor12:58
longsleepzyga: but i have no idea on what to change12:58
zygatechnically that's not what we are doing12:58
mupPR snapd#2597 opened: vet: fix for unkeyed fields error on aliases_test.go <Created by stolowski> <https://github.com/snapcore/snapd/pull/2597>12:58
zygatry to change the initial /12:58
zygathe file we bind is /proc/self/ns/mnt12:59
zygabut ... bugs bugs bugs12:59
zygaand thank you!12:59
longsleepzyga: yes it has # NOTE: the source name is / even though we map /proc/123/ns/mnt as comment12:59
longsleepi have not much a clue about what aa is doing or why this might be like the NOTE says13:00
zygalongsleep: looks like a bug to me, try a super broad rule like13:11
zygalongsleep: mount options (rw, bind)13:11
zygalongsleep: mount options (rw, bind), # <- don't miss the comma13:11
zygalongsleep: try with one or both arguments on either side of the -> "bind" mount arrow13:11
longsleepzyga: adding a broad rule "mount options=(rw, bind)." just works13:38
longsleepzyga:  mount options=(rw, bind) /, works as well while mount options=(rw, bind) / -> /run/snapd/ns/*.mnt, does not13:41
longsleepzyga: mount options=(rw, bind) / -> /run/snapd/ns/hello-world.mnt, does not work either13:43
ogra_longsleep, any chance that you could use some newer kernel ?13:44
ogra_might be that 3.10 simply misses namespace features there13:45
longsleepogra_: well, mainline is under way for that board but is not ready13:45
longsleepogra_: i can backport stuff if i would know which13:45
longsleepogra_: i did backport some fixes already to get lxd running13:46
mupPR snapd#2597 closed: vet: fix for unkeyed fields error on aliases_test.go <Created by stolowski> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/2597>13:58
=== ben_r_ is now known as ben_r
Kaleowhat's the difference between the core snap and the ubuntu-core snap?14:34
ogra_Kaleo, the name14:36
Kaleoogra_, I see14:36
=== anewman__ is now known as anewman
ogra_(not sure if snapd reacts any different based on the name but i think it doesnt)14:37
Kaleoogra_, when trying to use the classic confinement mode it needs to have the core snap installed; the ubuntu-core snap won't do; unpractical (especially that it's hard to install the core one when the ubuntu-core snap is installed)14:37
ogra_eventually ubuntu-core will go away14:37
Kaleoogra_, thanks14:37
mupPR snapd#2593 closed: Mount backend <Created by zyga> <Closed by zyga> <https://github.com/snapcore/snapd/pull/2593>14:38
ogra_zyga, mvo ^^^ do we really still need that differntiation now that the content is identical ?14:38
ogra_(classic snaps refused)14:38
Kaleoogra_, the differentiation is in snapcraft (at build time)14:40
ogra_ah, k14:40
ogra_the prob is that we currenbtly have no proper upgrade path from the obsolete ubuntu-core to core14:40
ogra_the only thing that works is to remove everything and re-install snapd afterwards ... then core will be the default14:41
ogra_but that would make you lose all existing snaps14:41
Kaleonot great14:41
mhall119sergiusens: does the latest snapcraft in xenial support hooks?14:42
cjwatsonlongsleep: can you retry register-key?  should work for you now thanks to nessita14:52
* cjwatson repurposes https://bugs.launchpad.net/software-center-agent/+bug/1652302 for this14:54
mupBug #1652302: Unhelpful error from AccountKeyHandler if account assertion does not exist <Software Center Agent:New> <https://launchpad.net/bugs/1652302>14:54
Kaleoogra_, ever seen that? http://pastebin.ubuntu.com/23776495/14:54
zygaogra_: yes14:55
zygaogra_: blame linker14:55
* ogra_ blames linker 14:56
ogra_Kaleo, hmm, nope14:57
ogra_(specifically the french :P )14:57
ogra_Kaleo, did you manually tinker with it ?14:58
Kaleoogra_, nah, and I'm starting to figure that it has to do with plugs being defined14:58
ogra_or slots you dont have for the plugs ... yeah14:59
Kaleoogra_, the classic environment has slots?15:01
ogra_dunno, i'm just learning about it too15:01
* ogra_ hasnt used classic yet ... just starting to look at it for the classic mode 15:02
Kaleoogra_, I had to remove network, network-bind, and platform15:03
Kaleoogra_, https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/165536915:08
mupBug #1655369: cannot use the platform plug with a snap in 'classic' confinement <snapd (Ubuntu):New> <https://launchpad.net/bugs/1655369>15:08
ogra_Kaleo, that might be on purpose though15:08
Kaleoogra_, perhaps15:08
Kaleoogra_, I was excited to use classic confinement for the terminal :)15:09
ogra_well, it will be pretty much like a deb as i understand it15:09
ogra_but only in context with core, not with other snaps15:09
pmcgowanKaleo, although classic is supposed to be short term solution I thought?15:10
Kaleopmcgowan, no idea15:10
zygajdstrand: hey15:20
zygajdstrand: do you have a moment15:20
jdstrandzyga: hey, what's up?15:20
zygajdstrand: remember when we talked about new style interfaces15:21
zygajdstrand: well, they are happening15:21
zygajdstrand: I wanted to show you how things look like now15:21
zygajdstrand: I didn't get a review from gustavo yet so take it with a pinch of salt15:21
zyga(perhaps some go-ness can be made nicer)15:21
mupBug #1655376 opened: Add support for android/touch type images <personal> <Snappy:New for ogra> <https://launchpad.net/bugs/1655376>15:21
zygajdstrand: I ported mount backend and the content interface over15:21
jdstrandzyga: can you add something simple, like 'network' too? if you give me the PR then I can take a look15:23
jdstrandlikely today, possibly tomorrow15:23
zygajdstrand: not before gustavo acks the design15:23
zygajdstrand: network would require me to do apparmor which is by far the most complex one15:23
longsleepcjwatson, nessita: yay thanks a lot - confirmed working!15:25
jdstrandzyga: can you show me what you are asking Gustavo to review?15:26
zygajdstrand: yup, just a second15:26
cjwatsonlongsleep: \o/15:26
cjwatsonpedronis: ^-15:26
pedroniscjwatson: thanks15:26
mupPR snapd#2598 opened: snap-confine: allow snap-confine to re-exec too <Created by mvo5> <https://github.com/snapcore/snapd/pull/2598>15:45
=== Guest31134 is now known as mac_nibblet
mupPR snapd#2599 opened: interfaces: add new-style interfaces <Created by zyga> <https://github.com/snapcore/snapd/pull/2599>16:03
zygajdstrand: ^^16:06
zygajdstrand: that thing16:06
zygajdstrand: note that this is just a proposal16:06
* jdstrand nods16:06
* jdstrand adds to list16:06
zygajdstrand: so both the implementation and design are just an example16:06
stokachuanyone know what this means:16:12
stokachu[adam:~/Code/conjure-up/snapcraft] master(+15/-23) ± sudo snap install ./conjure-up_2.1.0_amd64.snap16:12
stokachuerror: cannot find signatures with metadata for snap "./conjure-up_2.1.0_amd64.snap"16:12
zygastokachu: you are installing a snap but snapd knows nothing about it16:12
zygastokachu: try --dangerous16:12
stokachuzyga, thanks that worked16:13
zygastokachu: I assume you are hacking on this snap16:13
zygastokachu: normally this should never happen16:13
stokachuyea i want to update it in the store16:13
stokachuonce i work out some kinks16:13
zygastokachu: and assertions are coming from the store :)16:13
stokachuzyga, nice, i haven't gotten there yet16:14
stokachuran into this again though http://paste.ubuntu.com/23776803/16:15
stokachui dont remember what i did awhile ago to get around it16:15
zygammm, no idea :/16:16
zygamaybe set locale to C.UTF-816:16
zygaall snaps should have that16:16
mupPR snapd#2598 closed: snap-confine: allow snap-confine to re-exec too <Created by mvo5> <Closed by mvo5> <https://github.com/snapcore/snapd/pull/2598>16:19
popeysergiusens: bug 1654721 is odd. It doesn't seem to copy to populate the build dir at all..16:23
mupBug #1654721: build directory empty with rust plugin <Snapcraft:Incomplete by sergiusens> <https://launchpad.net/bugs/1654721>16:23
mupBug #1655394 opened: First snap install of a local snap with devmode doesn't actually use devmode <Snappy:New> <https://launchpad.net/bugs/1655394>16:24
nuclearbobhow do I add a new user on ubuntu core? adduser fails when trying to create a group16:25
mupPR snapd#2600 opened: tests: remove the snapd dirs last (should fix error on ppc64el) <Created by mvo5> <https://github.com/snapcore/snapd/pull/2600>16:36
jdstrandroadmr: hi! sorry, I have one more trivial fix (for iio and i2c path attribute) in the tools. can you pull r817?16:38
roadmrjdstrand: sure! I'm doing my best to rall all this out this week16:56
mupBug #1655394 changed: First snap install of a local snap with devmode doesn't actually use devmode <Snappy:Invalid> <https://launchpad.net/bugs/1655394>17:04
=== JanC_ is now known as JanC
mupPR snapd#2601 opened: overlord, store: move confinement filtering to the overlord (from The Store) <Created by chipaca> <https://github.com/snapcore/snapd/pull/2601>17:42
jdstrandroadmr: cool, thanks! I don't have anything else planned. just fixing bugs as they come in :)18:32
zygajdstrand: I pushed to the new-interfaces branch with 2nd backend converted19:21
zygajdstrand: I have some (one) doubt left but I really love how this is progressing19:22
zygajdstrand: I'll look for a way to do a stab at seccomp/apparmor tomorrow that would not require a tedious flag day19:22
zygajdstrand: I want to be sure that what I did can model per-app/hook interfaces19:22
jdstrandzyga: ack19:48
pmcgowanzyga, jdstrand where can I read about install hooks19:48
jdstrandpmcgowan: I didn't implement these and haven't used them myself. https://github.com/snapcore/snapd/wiki/Snap-format#hooks is supposed to document it, but it says TODO. I don't know if install hooks have been implemented yet (I know the configure hook is implemented). I'll point you at kyrofa19:51
jdstrandI'm not sure if kyrofa is doing anything with install hooks, but he implemented configure hooks19:51
pmcgowanjdstrand, maybe configure would do19:51
pmcgowanwhen does it run?19:51
kyrofajdstrand, pmcgowan an install hook has been nixed, at least for now, since configure runs at all the times necessary19:52
pmcgowankyrofa, great then need ptr to docs19:52
kyrofapmcgowan, https://github.com/snapcore/snapd/wiki/hooks still seems to say that `configure` only runs with snap set, so it looks like it hasn't been updated in a while19:53
kyrofapmcgowan, but I can walk you through it, if you like19:54
pmcgowankyrofa, I am looking for a way to conditionally set an export19:54
kyrofapmcgowan, an export == environment variable?19:55
kyrofapmcgowan, what is the condition?19:55
pmcgowanwe want to tell qtubuntu what environment it is in19:55
pmcgowanand set its backend19:56
kyrofa(jdstrand, I'm back on snapcraft nowadays, but hooks haven't changed too much since I was involved)19:56
pmcgowanprobably based on which snaps are on the system19:56
pmcgowankyrofa, for exmaple, I am either in a kiosk tye environment with just mir or a full personal with unity819:57
jdstrandkyrofa: thanks. I came to you cause of the docs. it seems that there are some issues with the wiki. let me try to fix them since that page isn't in the TOC19:57
kyrofapmcgowan, does the snap in question have permission to list the snaps installed, first of all?19:57
pmcgowankyrofa, prolly not19:57
kyrofajdstrand, yeah, not sure what the deal is there19:57
kyrofajdstrand, I wrote that hooks doc before the wiki existed19:57
kyrofapmcgowan, so the first thing we need to figure out is how to determine this19:58
kyrofapmcgowan, if you need to change the environment somehow, can I assume you've got content sharing going on?19:58
kyrofapmcgowan, can you determine what you need to determine using that?19:58
pmcgowankyrofa, could do that19:59
kyrofaSee if there are contents in this directory, or crawl it if necessary19:59
pmcgowankyrofa, right and if its not there then I default otherwise set the export19:59
kyrofaExactly. Think that'll work?20:00
pmcgowanthink so20:00
kyrofaOkay let's go with that for now20:00
pmcgowanI still want to lean about configure hooks :)20:00
jdstrandkyrofa: ok https://github.com/snapcore/snapd/wiki/Snap-format is in the TOC and lists https://github.com/snapcore/snapd/wiki/Snap-format#hooks. I updated https://github.com/snapcore/snapd/wiki/Snap-format#hooks to refer to https://github.com/snapcore/snapd/wiki/hooks20:00
kyrofapmcgowan, so now the question is: are you sure this is something you only want to determine at install time?20:01
kyrofapmcgowan, because interfaces can be disconnected20:01
pmcgowankyrofa, in this case I think checking at runtime is ok20:02
kyrofapmcgowan, you might consider putting such a check in the app itself20:02
kyrofaYeah, okay20:02
kyrofaSo it sounds like your problem can be solved outside of hooks? I'm of course happy to show you hooks anyway20:02
pmcgowanI am interested, you implied configure hooks run at other times?20:02
kyrofapmcgowan, indeed, this might be helpful: https://kyrofa.com/posts/snap-updates-automatic-rollbacks20:04
kyrofapmcgowan, the configure hook runs at install time, upon upgrades, and of course with `snap set` (to change the configuration)20:04
kyrofapmcgowan, the difficulty comes when trying to determine why the hook is running20:06
kyrofaWhich is why I'd still like standalone install/upgrade hooks, but I digress20:06
pmcgowankyrofa, ok I think I grok it, not sure that works in this case though20:07
pmcgowanas the hook wont be able to figure things out20:07
kyrofaWell it would, but then it would have to have some way to tell apps what it learned20:08
kyrofaIn which case... you might as well just have the apps figure it out20:08
kyrofaEspecially considering that the outcome depends upon interfaces which can be disconnected/connected at any time20:09
pmcgowankyrofa, does a snap know if an interface is connected?20:14
kyrofapmcgowan, not right now, though last I heard there was ongoing work on interface hooks (i.e. run this hook when the interface is connected, that one when it's disconnected, etc.)20:15
pmcgowanok we already have a content interface here which will be there or not so still think I am set20:16
pmcgowanhmm kyrofa is the content iterface available to the wraper script that runs the app?20:16
mwhudsoncan you build classic confinement snaps on launchpad?20:19
kyrofapmcgowan, you mean is the shared content bind-mounted by the time the wrapper runs?20:21
kyrofapmcgowan, as long as the wrapper is called by something exported in the YAML as an app, yes20:21
kyrofa(or if it's an app itself)20:21
pmcgowanok cool20:21
kyrofapmcgowan, ignoring bug #1645731, of course20:22
mupBug #1645731: Fail to access the shared content if app starts before connect interface <Canonical System Image:Confirmed for pat-mcgowan> <Snappy:Confirmed for zyga> <Ubuntu App Platform:Confirmed> <https://launchpad.net/bugs/1645731>20:22
kyrofamwhudson, I assume so-- are you running into issues?20:23
pmcgowankyrofa, yeah like to get that fixed20:24
pmcgowanbites me always20:24
kyrofapmcgowan, same here, every time20:24
mwhudsonkyrofa: yeah, i get the message from bug 165094620:24
mupBug #1650946: unhelpful error when building a classic snap: classic confinement requires the core_dynamic_linker to be set <Snapcraft:Fix Committed by sergiusens> <https://launchpad.net/bugs/1650946>20:24
kyrofapmcgowan, I haven't been able to recommend it to anyone as a result20:24
mwhudsonper https://launchpadlibrarian.net/301869726/buildlog_snap_ubuntu_xenial_amd64_go-17-mwhudson_BUILDING.txt.gz20:24
kyrofamwhudson, oh interesting-- they must have ubuntu-core installed instead of core?20:25
mwhudsonkyrofa: apparently i need the core snap to be installed while building but i don't know how to do that20:25
mwhudsonkyrofa: oh, so maybe it's a lp-side problem?20:25
kyrofamwhudson, oh wait-- they probably don't have _any_ snaps, eh?20:26
kyrofamwhudson, yeah, they need the core snap20:26
mwhudsonkyrofa: i don't really see why they would20:26
mwhudsoncjwatson: hey, if you're around, do you know anything about building classic confinement snaps on launchpad?20:28
mwhudsoncjwatson: it seems they need the core snap to be installed20:28
mwhudsonkyrofa: there's no way for a snap to depend on snaps for building?20:29
kyrofamwhudson, not in snapcraft anyway20:30
mwhudsonhard to believe i'm the first person to try this...20:32
kyrofamwhudson, to be fair, it was just released20:33
kyrofaAnd I'm not sure how many people use LP just yet20:33
cjwatsonmwhudson: even at build time?  anyway, I know nothing20:53
kyrofacjwatson, mwhudson I sent out an email involving concerned parties21:09
cjwatsonfeel free to try to fix it in launchpad-buildd if you get to it before me21:10
cjwatsonassuming that it's even possible to do in a chroot21:10
kyrofacjwatson, ooo, that might be problematic indeed21:11
cjwatsonall builds happen in a chroot21:11
kyrofacjwatson, I haven't tried snaps in a chroot before, but I'd be willing to bet they don't work21:11
kyrofajdstrand, do you know anything about snaps in a chroot?21:14
mwhudsonah yeah i bet that's fun21:15
mwhudsoniirc it only reads something fairly simple out of the core snap, maybe we can just hard code that on ubuntu21:15
mwhudsonon launchpad21:15
kyrofamwhudson, or snapcraft could just download it and use what it needs out of it, like building a kernel21:16
mwhudsonoh eh21:17
mwhudsonit's not very simple21:17
mwhudsonbut pedantically i don't think it needs the core snap to be installed21:18
mwhudsonjust present on disk21:18
cjwatsonwhere's the code that uses it?21:18
mwhudsoni.e. you could download it and unsquashfs it to /snap/core/current21:18
kyrofacjwatson, https://github.com/snapcore/snapcraft/blob/master/snapcraft/_options.py#L17021:19
mwhudsoncjwatson: https://github.com/snapcore/snapcraft/blob/master/snapcraft/internal/project_loader.py#L328-L34921:19
cjwatsonright, so quite a few things21:20
cjwatsonand conceivably more as time goes on21:20
mwhudsonthis also points to the fact that classic confinement isn't quite working for the thing i am snapping :)21:21
mwhudson$ readelf -d /snap/go-17-mwhudson/current/bin/go | grep -e 'RPATH|RUNPATH'21:22
mwhudson -> nothing21:22
mwhudsonalso the interpreter is the host one, etc21:23
jdstrandkyrofa: snaps in a chroot? depending on what you are asking, I suspect there will be a number of policy issues21:24
cjwatsonif anyone wants to find out if it works in a chroot, you could try using https://jujucharms.com/u/launchpad/launchpad-buildd/ (you need to log in to see that, for some reason)21:24
cjwatsonjdstrand: just installing the core snap21:25
cjwatsonwe don't actually use that charm in production as such, but it's a quick way to run up a builder node for testing21:25
cjwatsonif you're using the lxd provider then you also get to test whether it works with snap in chroot in lxd :-)21:26
jdstrandI suspect that there are going to be quite a few issues for snap-confine and running snaps. snapd itself might start21:26
cjwatsonjdstrand: it doesn't really have to run anything meaningful, just put the files in /snap/core/current/21:26
cjwatsonwe could do that by hand as suggested above, but I'd really prefer not to have to reimplement the acquisition code by hand21:27
jdstrandok, I am missing a lot of context21:27
* jdstrand tries to read backscroll21:27
mwhudsonif i tried to upload a snap to the store that contained binaries that did not use the right elf interpreter, would something shout at me about it?21:27
kyrofamwhudson, I doubt it21:27
mwhudsonkyrofa: sadface21:28
cjwatsonjdstrand: tl;dr: in order to build classic snaps on LP, the core snap has to be installed so that snapcraft can poke about in /snap/core/current/ at build time.  All LP builds (snap or not) take place in a chroot21:28
cjwatsonthe base system outside the chroot is guaranteed to be at least xenial, but will not necessarily match the release of the chroot21:28
mwhudsonkyrofa: actually i guess it's only classic snaps that need this check21:28
kyrofamwhudson, indeed21:28
jdstrandcjwatson: if snapcraft only needs the files, then an unsquashfs in the right place (or a mount) should work fine21:30
cjwatsonjdstrand: will "snap install core" work?21:30
cjwatsonof course snap install has its own issues in this context21:31
cjwatsonwe'd have to clean up at the end of the build21:31
jdstrandI mean, snapd needs to be running. it isn't confined. installing core won't trigger snap-confine or anything21:31
kyrofacjwatson, you don't just toast the chroot?21:31
cjwatsonkyrofa: we do, but we have to unmount everything inside it first which snapd might not totally like21:31
euodeionomedeusuhello, world!21:31
kyrofaAh, sure21:31
cjwatsonjdstrand: running ... inside the chroot or outside?21:31
jdstrandso snapd might start in the chroot. snapd is usually started via systemd21:31
cjwatsonwill snap do that on demand or do we need to do it separately?21:32
cjwatsonalso that implies we need to make sure it stops, which is also possibly a little complex21:32
kyrofacjwatson, it's socket activated21:32
cjwatsonkyrofa: that won't help, systemd will be listening to the socket outside the chroot21:32
kyrofaHmm, indeed21:32
jdstrandyou might be able to just start it manually (but again, yeah, you'd have to start it21:33
cjwatsonmaybe a manual mount would be easier than all that21:33
jdstrandif you were going to do a start and stop command, you might just do an unsquashfs and rm command21:33
cjwatson"snap download core" into a tmpdir, mount core_*.snap /snap/core/current21:33
cjwatsonwe already clean up mounts21:33
jdstrandor that21:33
kyrofaAlright I'll update the email thread so sergio knows where it stands, we'll make this work one way or another21:34
kyrofaSorry for the wall mwhudson :)21:34
cjwatsonoh, "snap download core" will require snapd to be running, right?21:35
kyrofacjwatson, yeah, but snapcraft has code to talk to the store too21:35
cjwatsondoes it have a download command?21:35
cjwatsonI don't see one21:35
mwhudsonkyrofa: it's ok, i can ignore hundreds of emails a day :)21:35
kyrofacjwatson, oh, do you think the ideal fix is in the builder?21:36
kyrofacjwatson, I was thinking snapcraft needed to do this21:36
cjwatsonso I won't be sad if snapcraft does it, but I wasn't sure you'd be up for the "snapd can't be assumed to be running" constraint21:37
kyrofacjwatson, although now that I think about it, I don't think it's using anonymous access21:37
kyrofacjwatson, yeah I think that's okay, but sergio will know better21:38
cjwatsonand presumably if snapd *is* running then you don't want to just go mounting stuff under its feet21:38
cjwatsonalso, anonymous access raises another question, did we ever actually settle on "core snap will never require authentication to download"?21:38
kyrofacjwatson, great question, and I suspect not21:38
cjwatsonI was pushing for that but I have a vague memory that I may have lost21:38
kyrofacjwatson, me too, but I lost track of the discussion21:38
cjwatsonso um that would be really sad for builders21:39
kyrofaAll of the people who know are likely at the sprint :P21:39
cjwatsonOTOH this is a great argument for the core snap not to require auth :P21:40
cjwatsonand it's easy to imagine that we might end up needing some other snaps for classic builds - something to do with build-dependencies perhaps?21:42
kyrofacjwatson, yeah, I'm not quite up to speed on the classic snap stuff21:44
kyrofaHmm... looking closer at how snapcraft uses it, it seems it would indeed have to be mounted to /snap/core, since it injects rpaths21:48
kyrofaWhich makes me waffle a little on snapcraft doing it, since in most scenarios it wouldn't have permission21:48
mwhudsoni don't suppose anyone would like to do the rpath injection by providing wrappers for gcc/ld rather than environment variables? :)21:50
mwhudsonbash quoting is eating my head21:51

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!