[00:50] <seshu> cwayne: How can I import self signed certificates into Ubuntu Core 16 system?
[01:34] <cwayne> seshu: what exactly is it you're trying to do?
[01:35] <seshu> cwayne: Our EDM server allows user to upload self signed certificates to talk over https. So the user will have to import/export the same certificates to their devices so they can talk over https.
[02:16] <cwayne> seshu: hmm, I'm not 100% sure how we could do that, would be worth a mail to the list so some more security-minded people could take a look
[02:34] <stokachu> how far away is series (or branch?) support for multiple versions of a snap?
[08:09] <popey> ogra_: my laptop just died (battery) and when it came back, packageproxy didn't load, I suspect because /var/snap/packageproxy/1/lockfile.lock still exists. Perhaps needs a sanity check when it launches?
[08:18] <zyga> good morning
[08:24] <mup> PR snapd#2751 opened: 14.04/integrationtests: rely on upstart to restart ssh <Created by vosst> <https://github.com/snapcore/snapd/pull/2751>
[08:31] <Son_Goku> gah
[08:31] <Son_Goku> I hate being awake this early
[08:40] <zyga> Son_Goku: hey
[08:41] <zyga> Son_Goku: good morning :)
[08:41] <Son_Goku> hi
[08:41]  * zyga goes to dig into the kernel 
[08:41]  * Son_Goku grumbles about zsync and garbage fire build systems
[08:41] <Son_Goku> I hate autotools
[08:41] <zyga> Son_Goku: I share the sentiment
[08:43] <Son_Goku> I'm porting zsync to use meson as an exercise to learn meson and also because DNF upstream wants to libify zsync to use with librepo for doing zsync downloads of metadata
[08:44] <Son_Goku> might as well kill two birds with one stone
[08:44] <Son_Goku> but holy crap the source autotools build system is annoying to figure out
[08:59] <ogra_> popey, well, there is a check (that is why it doesnt start) ... the prob is that i'd need access to the process-control interface to actually check if the pid still exists to kill the potentially hanging former process ... when i created that snap there was no such interface ... :)
[09:08] <popey> ogra_: :)
[09:09] <ogra_> i'll try to come up with something though, that behaviour is indeed not acceptable :)
[09:09] <popey> jdstrand: http://askubuntu.com/questions/873495/how-do-i-use-snappy-debug-to-debug-a-snap/878204#878204 - perhaps snappy-debug description should be updated to remove mention of tools it doesn't contain? :)
[09:09] <popey> ogra_: thanks
[10:02] <cos-> hm, my .desktop file appeared in the menu today (=after reboot). perhaps some command must be run after snap installation to update the menu.
[10:09] <om26er> Where can I find documentation regarding paid snaps ? I didn't see a reference to that on snapcraft.io
[10:11] <om26er> popey: ^ do you know ?
[10:11] <popey> om26er: not landed yet
[10:12] <om26er> popey: hmm, what does `snap buy`  do ?
[10:13] <popey> om26er: nothing yet, as it hasn't all landed yet
[10:28] <jamespage> anyone know whether the launchpad builders can build classic snaps yet?
[10:52] <mup> PR snapd#2732 closed: snapenv: do not append ":" to the SNAP_LIBRARY_PATH <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/2732>
[10:53] <mup> PR snapd#2596 closed: tests: parameterize kernel snap channel <Created by fgimenez> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/2596>
[10:56] <mup> PR snapd#2731 closed: store: always log retry summary when SNAPD_DEBUG is set <Created by mvo5> <Merged by zyga> <https://github.com/snapcore/snapd/pull/2731>
[12:14] <bulld> guys how to play youtube in snap packaged app??
[12:17] <bulld> anyone on ??
[12:18] <bulld> hi popey
[12:21] <zyga> bulld: can you be more specific please?
[12:24] <bulld> zyga, flash support in snap packages
[12:25] <bulld> how my qt app with qwebviw cant play youtube videos
[12:38] <flexiondotorg> zyga You were on one of the Hangouts recently and we talked about running snapd on a kernel without AppArmor.
[12:39] <flexiondotorg> My memory was that you said something to the effect that it would "work" albeit without confinement.
[12:39] <flexiondotorg> Is my memory wrong?
[12:39] <ogra_> flexiondotorg, that is how it works on fedora for example
[12:40] <flexiondotorg> OK, so I've made a "Ubuntu" image with a 3rd party kernel.
[12:40] <flexiondotorg> Which has no AppArmor patches at all.
[12:40] <ogra_> bad idea :P
[12:40] <flexiondotorg> I know it's a bad idea.
[12:40] <flexiondotorg> :-)
[12:41] <zyga> hi
[12:41] <zyga> (re)
[12:41] <flexiondotorg> This was the outcome
[12:41] <flexiondotorg> http://paste.ubuntu.com/23899188/
[12:41] <zyga> flexiondotorg: no, that's accurate
[12:41] <zyga> flexiondotorg: but it needs some hand-holding to enable
[12:41] <zyga> flexiondotorg: specifically there's no runtime detection yet, you'd have to do two things:
[12:41] <flexiondotorg> OK, can you point me at something.
[12:42] <zyga> flexiondotorg: (both can be done permanently later)
[12:42] <zyga> flexiondotorg: snap-confine needs to be rebuilt without apparmor, simply pass the --disable-apparmor switch and that should do it
[12:42] <zyga> flexiondotorg: then snapd may need to be patched slightly depending on the state of your apparmor userspace
[12:42] <jdstrand> popey: done (it wasn't in the 15.04 snap. the series 16 and yaml was fine)
[12:43] <zyga> flexiondotorg: if changing snap-confine is not sufficient you need to edit (in snapd tree) release/release.go
[12:43] <zyga> flexiondotorg: and in there look at the function ForceDevMode
[12:43] <zyga> flexiondotorg: and have it return true for "ubuntu"
[12:43] <flexiondotorg> zyga OK, thanks for the info.
[12:43] <zyga> flexiondotorg: it would be good to give your system a different /etc/os-release
[12:43] <zyga> flexiondotorg: so that it doesn't register as ubuntu, that will kick in devmode automatically
[12:43] <flexiondotorg> zyga So this is "ubuntu" userspace right now.
[12:43] <zyga> flexiondotorg: (you still need to rebuild snap-confine but there are patches there (see debian/rules) to do that
[12:44] <flexiondotorg> But the end game here is the vendors own distribution.
[12:44] <zyga> flexiondotorg: a proper fix would be to fix snap-confine and snapd to do runtime detection
[12:44] <ogra_> then tweaking os-release should happen anyway
[12:44] <flexiondotorg> We spoke to them yesterday, they have agreed to work together to add snapd support to their distro.
[12:44] <zyga> flexiondotorg: btw, if you change the kernel and it's that wildely different you should not call it ubuntu anymore
[12:44] <ogra_> that too ...
[12:44] <zyga> flexiondotorg: would you mind waiting a little (~hour)
[12:45] <zyga> flexiondotorg: I have a meeting soon and my family calls me for lunch
[12:45] <flexiondotorg> It is a very popular SBC manufacturer with a distro based on Debian, with a similar sounding name.
[12:45] <zyga> flexiondotorg: (still not ubuntu)
[12:45] <flexiondotorg> I  know :-)
[12:46] <popey> jamespage: jdstrand nice one
[12:46] <flexiondotorg> zyga I'll be here later. Enjoy lunch.
[12:48] <ogra_> flexiondotorg, in the snappy core team we dont have lunch ... we have meetings instead :P
[12:49] <flexiondotorg> Ah yes, meetings. The practical alternative to work ;-)
[12:49] <ogra_> and to lunch :)
[12:50] <jdstrand> flexiondotorg: I don't think you could call a system Ubuntu if it doesn't have the Ubuntu kernel (ie, apparmor, etc)
[12:50] <ogra_> but zyga lives in spain anyway ... lunch time isnt before 4pm there :)
[12:50] <ogra_> jdstrand, tell that to OpenVZ :)
[12:50] <ogra_> (they offer ubuntu on 2.6 kernels :) )
[12:50] <flexiondotorg> jdstrand It is not Ubuntu.
[12:51] <ogra_> we recently had some support fun here with that
[12:51] <jdstrand> ogra_: that can't possibly meet the trademark standards
[12:51] <flexiondotorg> It was the quickest way for me test test their kernel with our userspace and snapd.
[12:51] <ogra_> FSVO "fun"
[12:51] <jdstrand> but, I'll let others decide on that
[12:51] <ogra_> jdstrand, https://openvz.org/Download/template/precreated
[12:52] <jdstrand> ogra_: I don't doubt they have things called 'ubuntu', I doubt that they should be able to do that. IANAL
[12:52] <ogra_> yeah
[12:53] <ogra_> i fully agree, especially after wasting 2h to support someone trying to run snappy on such an image
[12:53] <jdstrand> but to me, a system isn't Ubuntu unless it has apparmor and our kernel configs. that is especially true for snappy. again, IANAL
[12:53] <jdstrand> yeah
[12:53] <ogra_> i couldnt really belive the uname output when i first saw it
[12:54] <jdstrand> I wrote 'check-requirements' for ufw all those years ago because of people saying ufw didn't work on some hosted machine. "yep, it doesn't, you don't have connection tracking in your kernel"
[12:54]  * jdstrand shakes head
[13:07] <zyga> jdstrand: hey :)
[13:07] <zyga> jdstrand: looking at the kernel and the apparmor bug, trying to reproduce it with a smaller test case, interestingly it doesn't fail there
[13:07] <zyga> jdstrand: I'm trying to grow the test case to the point where the same behavior we have in snap-confine happens and the failure re-surfaces
[13:08] <jdstrand> that is annoying
[13:08] <zyga> jdstrand: I wasted some time because /home is nosuid for me but now progressing
[13:44] <mup> PR snapcraft#1094 opened: core: switch to using rpath for clasic confinement <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/1094>
[13:47] <bulld> zyga, how application get access to flash player when snapped ??
[13:47] <bulld> my qt app cant play videos from youtube
[13:48] <bulld> project is based on qt 5.5.1
[13:48] <ogra_> did you include flash in your snap ?
[13:48] <ogra_> i guess you'd need the player inside
[13:48] <bulld> ogra_, it wont work
[13:48] <bulld> ogra_, flash player installer as stage package wont install flash layer
[13:48] <bulld> ogra_, flash player installer as stage package wont install flash player
[13:49] <ogra_> no, indeed
[13:49] <ogra_> and i didnt say flashplayer-installer :)
[13:49] <bulld> ogra_, how to install f.p then ?
[13:50] <stokachu> does snapcraft require the CLA for people to contribute?
[13:50] <ogra_> teh same way you would do it without flashplayer-installer on a desktop ... put the binaries in the right place etc
[13:50] <bulld> ogra_, also my qt 5 app cursor dont look as  it looks in the normal deb install
[13:50] <mup> PR snapcraft#1080 closed: python plugin: avoid the use of PYTHON* env vars <Created by sergiusens> <Closed by sergiusens> <https://github.com/snapcore/snapcraft/pull/1080>
[13:50] <mup> PR snapcraft#1090 closed: core: classic with no exported variables <Created by sergiusens> <Closed by sergiusens> <https://github.com/snapcore/snapcraft/pull/1090>
[13:50] <sergiusens> stokachu: yes
[13:50] <bulld> sergiusens, hi
[13:50] <stokachu> sergiusens, thanks
[13:51] <mup> PR snapd#2749 closed: interfaces/default: allow mknod for regular files, pipes and sockets <Created by jdstrand> <Closed by jdstrand> <https://github.com/snapcore/snapd/pull/2749>
[13:51] <sergiusens> jamespage: they cannot yet
[13:51] <bulld> ogra_, i placed the libflashplayer.so in the right place and it still dont work
[13:51] <zyga> bulld: hey
[13:51] <sergiusens> hi
[13:51] <zyga> bulld: if you bundle the flash player in your snap it should jsut work
[13:51] <bulld> sergiusens, my qt 5 app mouse cursor looks odd
[13:51] <ogra_> bulld, well, you'Äd have to ship the right cursor theme in your snap (not sure there is an interface planned for that in the future, but for today you'd have to ship it)
[13:52]  * zyga goes to debug kernel issues, please ping/mention me explicitly if you need my attention
[13:52] <bulld> ogra_, sergiusens   http://paste.ubuntu.com/23899428/ here is my snapcraft file
[13:52] <sergiusens> jamespage: for one reason or another, it is good as these need to happen https://github.com/snapcore/snapcraft/pull/1093 https://github.com/snapcore/snapcraft/pull/1094
[13:52] <mup> PR snapcraft#1093: python plugin: do the right thing with classic <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/1093>
[13:52] <mup> PR snapcraft#1094: core: switch to using rpath for clasic confinement <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/1094>
[13:52] <sergiusens> bulld: I cannot help you with that, no idea about GUIs
[13:53] <bulld> ogra_, i also tried [desktop-qt5] to build
[13:53] <bulld> sergiusens, thanks
[13:53] <ogra_> that should at least give you a themed cursor
[13:53]  * mvo hugs popey for his emoj snap
[13:53] <bulld> sergiusens, am having issues with youtube video playback my project is using qt5.5.1 and qwebview
[13:54] <bulld> ogra_, same happedned with my previous application
[13:54] <ogra_> note that i have no clue how to make flash work, but i'd start with placing libflashplayer.so inside the snap in a place where the app can find it and then stracing the whole thing to see what it tries to do and how it actually fails
[13:54] <bulld> ogra_, did you checked my craft file ??
[13:55] <ogra_> i'm also not sure if qtwebkit would even have support for flash at all
[13:55] <ogra_> yes, i see it
[13:55] <bulld> ogra_, it works fine when i play video in normal deb install
[13:55] <ogra_> why are you building qt from source ?
[13:55] <bulld> am not building qt from source
[13:56] <bulld> thats the name of part , my app source code is in /src folder
[13:56] <ogra_> oh, right, thats just your app
[13:56] <bulld> yeah
[13:56] <bulld> ogra_, am bulldog you remember me ??
[13:56] <ogra_> yes
[13:56] <bulld> ty
[13:56] <bulld> hehe
[13:57] <ogra_> well, for the cursor thing i'd include the qt desktop bit ... and for flash i'd debug it like i said above
[13:58] <ogra_> but as i said, i'd be surprised if qtwebkit could even woirk with it
[13:59] <bulld> ogra_, konqueror webbrowser works with flash
[13:59] <ogra_> libflashplayer is built for being used with a plugin framework and i doubt qtwebkit provides that
[13:59] <bulld> and qwebview works with flash am sure about it
[13:59] <ogra_> well, then you know more than me ... just make it work :P
[14:00] <bulld> QWebSettings::globalSettings()->setAttribute(QWebSettings::PluginsEnabled, true);
[14:00] <bulld> this line enable webview to use external plugins
[14:04] <bulld> ogra_, i will open this url in my snapped application from webview to verify whats wrong https://helpx.adobe.com/flash-player.html
[14:06] <bulld> it is saying Sorry, Flash Player is either not installed or not enabled.
[14:10] <mup> PR snapd#2748 closed: seccomp-support.c: add PF_* domains which can be used instead of AF_* <Created by jdstrand> <Merged by zyga> <https://github.com/snapcore/snapd/pull/2748>
[14:15] <zyga> jdstrand: I ased in one of the reviews but I was wondering if there's any specific thing you'd like to do with seccomp
[14:16] <zyga> jdstrand: (any changes to default policy or some kind of new interface)
[14:20] <jdstrand> zyga: that is very open ended. I saw the question about quotactl and answered it. did you have another question?
[14:20] <mup> PR snapd#2752 opened: snap: add support user-sessions from snaps <Created by mvo5> <https://github.com/snapcore/snapd/pull/2752>
[14:21] <jdstrand> zyga: all of the PRs (except the PF_* one, which was just an omission in the original implementation) are to meaningfully improve policy
[14:21] <jdstrand> well and the cleanups one
[14:22] <jdstrand> ok, so the quotctl, mknod and ioctl ones are all to fix real world issues
[14:22] <jdstrand> once I fix mknod I' going to work on chown/setuid/friends to 'daemon'
[14:23] <jdstrand> zyga: I don't know if any of that answers your question, but there you go
[14:23] <bulld> ogra_, how i can trace what my app looking for ??
[14:23] <zyga> jdstrand: thanks, yes, that answers it
[14:23] <zyga> jdstrand: I was just curious about where this is going
[14:23] <ogra_> bulld, put strace into your snap and run the app under strace
[14:24] <bulld> guys any working example snap with flashplayer and html5 video playback ??
[14:24] <bulld> ogra_, i have no idea how to do that :(
[14:25] <ogra_> "and html5" ?
[14:25] <ogra_> it is either/or
[14:25] <jdstrand> zyga: mostly everywhere where there is a TODO in the policy to fix it with seccomp arg filtering, fix it. then fix bugs, then fix other things I noticed. fix, fix, fix :)
[14:25] <ogra_> there is no and ...
[14:25] <bulld> ogra_, html5 video playback
[14:25]  * ogra_ wouldnt use flash at all for youtube ... 
[14:25] <zyga> jdstrand: I was thinking about changing how some of the tests look like, it'd be good to add a few lines of documentation to each one
[14:25] <bulld> ogra_, yes
[14:25] <ogra_> i'D just use the ubuntu webbrowser-app isnide my snap
[14:25] <ogra_> that works fine with youtube
[14:26] <zyga> jdstrand: I grok them after a while but I have to double check each time if my feeling is right
[14:26] <bulld> ogra_, qwebkit support html5 video playback idk if youtube is trying with html5 why cant my app play videos
[14:26] <ogra_> no idea, really... it is your app
[14:27] <bulld> ogra_, it work with debian install man
[14:27] <ogra_> and we never used qtwebkit in ubuntu anywhere so i have no clue about it
[14:27] <bulld> :D
[14:27] <bulld> damn
[14:27] <jdstrand> zyga: can you give an example of a test that was hard to understand?
[14:27] <zyga> jdstrand: I specifically mean each of the seccomp test
[14:27] <bulld> ogra_, you telling me to include ubuntu webbrowser app in my snap ??
[14:28] <ogra_> on the phone we use oxide inside a webapp-container or the webbrowser-app ... if we want tio use Qt based stuff
[14:28] <jdstrand> zyga: yes, I figured, but like, what is hard to understand about it? (I'd like to clarify meaningfully rather than guessing)
[14:28] <zyga> jdstrand: hard is perhaps an overstatement but making it obvious like "check that $SYSCALL is denied when it is not in the filter" or something like this would help, I think
[14:28] <ogra_> https://github.com/fcole90/fcole-hexgl-webapp is an example i think
[14:28] <bulld> omg :9
[14:28] <bulld> :(
[14:28] <jdstrand> zyga: as a comment or test output?
[14:28] <zyga> jdstrand: the name encodes the meaning but it's also limietd by length/readability
[14:28] <zyga> jdstrand: as a comment really
[14:28] <ogra_> (i actually thougth qtwebkit was dead since years)
[14:28] <bulld> ogra let me check
[14:29] <bulld> ogra_,  no
[14:29] <bulld> :D
[14:29] <jdstrand> ok, I'll add a todo for that. I'll do that after I finish my policy updates
[14:29] <zyga> jdstrand: I was wondering if we could stick most of those tests into spread with preapre/execute and details section (details would be that comment)
[14:29] <ogra_> anyway, thats all i know about web apps
[14:29] <bulld> hehe
[14:29] <bulld> you are so nice :)
[14:29] <bulld> lol
[14:29] <zyga> jdstrand: thanks, this is not urgent in any way :)
[14:30] <jdstrand> zyga: I think we need to always have these build tests to make sure the C code is right. adding spread tests on top is fine of course. I am also working on a snap to test various parts of policy that I figured a spread test could drive
[14:31] <jdstrand> in fact, it was that exercise where I found bug #1658219
[14:31] <mup> Bug #1658219: flock not mediated by 'k' <AppArmor:Triaged> <https://launchpad.net/bugs/1658219>
[14:31] <bulld> ogra_,  my app http://imgur.com/a/o2GPq
[14:31] <zyga> jdstrand: yes, ideally we could run those via spread (like unit tests)
[14:32] <zyga> jdstrand: I wish there was a "more declarative" way of defining them
[14:32] <bulld> ogra_, how is it ??
[14:33] <zyga> jdstrand: nice
[14:36] <zyga> jdstrand: btw, it would be helpful if you or anyone you know could answer a question with authority: is it possible to reliably determine that something is a bind mount by looking at /proc/self/mountinfo
[14:36] <mhall119> sergiusens: is there any way to inject version numbers into a snapcraft.yaml at build time?
[14:36] <zyga> jdstrand: not urgent but something that will block update-ns when we return there
[14:36] <jdstrand> zyga: I would have to investigate. perhaps tyhicks or jjohansen would know
[14:36] <zyga> jdstrand: I can post this to a mailing list (not sure where) so that others can reply
[14:41] <jdstrand> zyga: stgraber might be someone else otoh
[14:51] <bulld> mhall119, hi
[14:52] <bulldog> mhall119,  my new app http://imgur.com/a/o2GPq
[14:53] <bulldog> mhall119, is not talking with me on telegram either :(
[14:58] <balloons> any suggestions in trying to debug what's happening with my config hooks? I'm trying to use the dump plugin to put files on the filesystem for a classic snap
[15:00] <didrocks> balloons: I did just echo to $SNAP stdout from a shell script personally
[15:01] <didrocks> (and look in /var/log/syslog for denials)
[15:01] <didrocks> $SNAP_DATA
[15:01] <mhall119> bulldog: in a call atm
[15:01] <balloons> hmm, I was thinking a script might be easier to see what's happening. I need to kick a service anyway
[15:06] <mhall119> bulldog: what was your question?
[15:06] <mhall119> balloons: if you have a non-daemon app defined in your snap, you can "snap run --shell <command>" to get a shell promot in the snap environment
[15:07] <balloons> mhall119, interesting
[15:08] <zyga> balloons: that's true for shell apps as well
[15:08] <zyga> er
[15:08] <zyga> daemon apps
[15:08] <zyga> jdstrand: I don't know if you saw my earlier ping about that but I'd love if you could review https://github.com/snapcore/snapd/pull/2745
[15:08] <balloons> so what I'm trying to do actually is get bash completion to work, along with installing a sysctl file
[15:08] <mup> PR snapd#2745: cmd: add sc_must_stpcpy <Created by zyga> <https://github.com/snapcore/snapd/pull/2745>
[15:08] <zyga> jdstrand: I plan to use that for all "strcat" like code
[15:09] <jdstrand> yes. I'll look at it after I fix the mknod branch
[15:09] <zyga> jdstrand: thanks!
[15:09] <mhall119> zyga: oh? Is that a recent change? When I tried to do that with a daemon in the past it didn't work
[15:09] <zyga> mhall119: it doesn't care if it's a daemon or not, --shell just causes us to run /bin/bash
[15:09] <zyga> mhall119: you get the same confinement as whetever would run otherwise
[15:10] <mup> PR snapd#2753 opened: tests: install ubuntu-core from the same channel as core <Created by fgimenez> <https://github.com/snapcore/snapd/pull/2753>
[15:10] <zyga> mhall119: if you saw otherwise I'd love to know more
[15:11] <mhall119> zyga: well I can't reproduce that error now, so I guess it was user-error all along :)
[15:19] <bulldog> mhall119, you there ?
[15:20] <bulldog> mhall119, my app uses qwebview to play youtube videos , on normal debian install it plays well and when i snap it the youtube player saus videos cant be played n this device
[15:20] <mardy> pstolowski: hi! got a minute?
[15:20] <pstolowski> mardy, hello! sure, what's up?
[15:21] <mardy> pstolowski: I'm trying snapd from master, + your interface hook branch (step 3)
[15:21] <pstolowski> brave man ;)
[15:21] <mardy> pstolowski: if I run snapd with SNAP_DEBUG=1, should I see the lines "Run hook %s of snap %q" in the output?
[15:22] <mardy> pstolowski: or, to make the question more meaningful, how can I check whether my hook is being run?
[15:24] <pstolowski> mardy, I think (but haven't actually used debug mode) you would see 'Running task ...'. but isn't it SNAPD_DEBUG (not SNAP_DEBUG)?
[15:24] <pstolowski> yeah, it's SNAPD_DEBUG
[15:25] <mardy> pstolowski: indeed, sorry, I launched the proper command, just misspelt it here on IRC
[15:26] <zyga> mardy: look at syslog/journal
[15:26] <zyga> mardy: how are you running snapd?
[15:26] <mhall119> bulldog: have you tried adding the browser-support plug?
[15:26] <mhall119> the qwebview might need that
[15:26] <mardy> zyga: sudo SNAPD_DEBUG=1 ./snapd
[15:26] <bulldog> mhall119, yes
[15:26] <jamespage> sergiusens, ack - thanks for confirming - have a few classic snaps landing into /openstack today - but holding off on the auto-build to edge bit for now then!
[15:26] <zyga> mardy: (funny that it works like that now, we used to require socket activation)
[15:27] <mardy> zyga, pstolowski: I see quite a few lines there, including "Run configure hook of "amazon-webapp" snap if present" but nothing about interface hooks
[15:27] <bulldog> mhall119,  my craft file http://paste.ubuntu.com/23899846/
[15:27] <mardy> pstolowski: are the hooks run for interfaces which do autoconnect?
[15:27] <pstolowski> mardy, they will only run when you connect (sorry if that's obvious)
[15:28] <mhall119> bulldog: I'm not sure then, I imagine it has something to do with the html5 video playback, have you checked dmesg for DENIAL?
[15:28] <pstolowski> mardy, no, not yet
[15:28] <mardy> pstolowski: ah, that explains it
[15:28] <bulldog> mhall119, how to do that ?
[15:28] <pstolowski> mardy, also, this branch doesn't actually use the attributes you set in hooks. this will come in the next branch
[15:29] <mardy> pstolowski: you mean the "step 3" branch, or another one?
[15:29] <bulldog> ok let me check
[15:30] <pstolowski> mardy, the upcoming 'step 4' should (hopefully) make it possible to apply the attributes to the interface
[15:30] <mhall119> bulldog: dmesg |grep DENIAL
[15:31] <mhall119> bulldog: are you running in --devmode or in strict confinement?
[15:31] <bulldog> mhall119, strict
[15:31] <mhall119> ok,then if it's confinement causing your errors,it should show up in dmesg
[15:32] <bulldog> mhall119, i installed with --devmode flag too but it still says this device cant play videos
[15:32] <pstolowski> mardy, although with step 3 branch it's already possible to exchange data between slot and plug side, as you can see in the attached spread tests
[15:32] <mhall119> hmm, might be a configuration thing then, not sure
[15:32] <mhall119> or a missing dependency
[15:32] <mardy> pstolowski: ok, thanks
[15:33] <mhall119> bulldog: does it need flash to work?
[15:33] <mardy> pstolowski: and about running hooks for interface which are autoconnected, is that planned?
[15:33] <bulldog> mhall119, this is very sad that my some of apps are still not running fine with snap
[15:35] <pstolowski> mardy, yes, afaict this needs to be supported (I don't see a reason why we wouldn't support this). it'll just come separately as for some reason autoconnect currently bypasses this execution path completely and needs to be treated separately
[15:35] <ogra_> mhall119, he is using his own custom webapp built around qt-webkit and trying to use adobe-flash ... (instead of just using an oxide webapp container ... i already pointed to the hexgl snap but ...)
[15:35] <bulldog> what support  browser-support gives :D
[15:35] <pstolowski> mardy, (separately as in a separate PR)
[15:36] <bulldog> ogra_, mhall119 , its not a webapp
[15:36] <ogra_> ita an app to play back youtube videos, no ?
[15:36] <ogra_> *it's
[15:36] <bulldog> ogra_, my app is a qt gui qpp , with more then 5k lines of code
[15:36] <ogra_> ok
[15:36] <mardy> pstolowski: ok, thanks a lot, I'll keep an eye on your branches :-)
[15:36] <ogra_> well, you wrote it,. you should know how to debug it too then
[15:37] <bulldog> yes it does , the question is if my app  can play video in normal install why it cant do that in snap
[15:37] <pstolowski> mardy, sorry it's taking so long... but we're making progress
[15:37] <ogra_> first of all strace it to see how/where it looks for libfalshplayer ... if it finds it ... if it execs it etc etc ... the standard stuff you do for debugging
[15:37] <bulldog> qt is not changing its api for snap right after compilation right ?
[15:37] <bulldog> ogra_, i think it is not looking for flash player
[15:38] <ogra_> well, find out why ... and fix that
[15:38] <bulldog> i renamed the libflashplayer.so in my system and it plays videos
[15:38] <bulldog> ogra_, yes i will :(
[15:39] <bulldog>  i renamed the libflashplayer.so in my system and it plays videos that mean app not looking for flash layer
[15:39] <ogra_> so it likely simply uses html5 and you dont need the flash player at all ...
[15:39] <bulldog> yes
[15:39] <ogra_> (like i said in the beginning of our conversation)
[15:39] <bulldog> hmm
[15:39] <tyhicks> zyga: no, I don't know of a reliable bind mount check from userspace :/
[15:40] <zyga> tyhicks: I see, thanks
[15:40] <zyga> tyhicks: is there any place better than mountinfo to see the mount table?
[15:40] <bulldog> so i added - libavcodec-ffmpeg56 - ffmpeg in stage-packages but still no luck
[15:40] <zyga> tyhicks: I'm reading kernel documentation but I'm not that far yet
[15:40] <ogra_> anyway, look at the hexgl snap that i pointed to, try to add the same interfaces and connect them ... also try to build your app unconfined and see if it works tghen
[15:40] <tyhicks> zyga: nope, that's the best
[15:40] <ogra_> if it doesn, thats not a confinement issue
[15:40] <zyga> tyhicks: thanks
[15:41] <ogra_> not sure why you would add ffmpeg
[15:41] <bulldog> ogra_, it even wont play , when i install app with  --devmode
[15:41] <ogra_> so its an issue with your app ... debug it
[15:41] <bulldog> libffmpeg.so is what makes play H264 vids
[15:41] <ogra_> and fix the errors you find
[15:42] <bulldog> ogra_, i said it is running fine on normal system
[15:42] <bulldog> i do not write buggy code :D
[15:42] <zyga> bulldog: I'd suggest doing as ogra_ suggested earlier, use strace to figure out what happens when your app runs outside of a snap (it probably accesses something on your host and uses that to work)
[15:43] <bulldog> zyga, ok
[15:43] <zyga> bulldog: then do the same inside a snap
[15:43] <zyga> bulldog: and compare to get an idea of what is missing
[15:43] <bulldog> ok :(
[15:43] <zyga> bulldog: remember that snaps run in a chroot of sorts
[15:43] <zyga> bulldog: why the sad face?
[15:43] <zyga> bulldog: so I suspect you just rely on the fact that something on your host is being automatically loaded
[15:43] <bulldog> i dont knnow strace and chroot and sorts
[15:44] <bulldog> idk
[15:44] <zyga> bulldog: and that thing is not present in the core snap (or your own snap) and it doesn't work
[15:44] <zyga> bulldog: strace works like strace
[15:44] <zyga> bulldog: just strace ./program
[15:44] <bulldog> ok
[15:44] <zyga> bulldog: --help and manual page has useful things,
[15:44] <tyhicks> zyga: from a real quick scan, MS_BIND is missing in fs_info struct in show_sb_opts() of fs/proc_namespace.c
[15:45] <zyga> bulldog: my suggestion is to limit it just to open() so that you see a very small set of data
[15:45] <tyhicks> zyga: I assume that is intentional but don't know why
[15:45] <mup> PR snapd#2744 closed: overlord: move configstate.Transaction stuff into configstate.config.Transaction <Created by mvo5> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/2744>
[15:45] <bulldog> zyga, am trying
[15:45] <zyga> tyhicks: interesting, thanks
[15:46] <zyga> tyhicks: I'll build a test kernel with a change there, maybe I can get some insight
[15:46] <bulldog> zyga, i got my terminal filled with stuff
[15:47] <bulldog> zyga, do i need to play video to find what it is using to play video ?
[15:47] <zyga> bulldog: strace -o is useful
[15:47] <zyga> bulldog: yes, use a realistic test case (do what it usually does)
[15:48] <bulldog> ok
[15:52] <tyhicks> zyga: one last idea about it... I can't fully remember but MS_BIND may not actually be set in the superblock's flags when you do a bind mount. It may just clone the mount flags from the source superblock.
[15:52] <zyga> tyhicks: I see, I'll read that code and see what I can find
[15:52] <tyhicks> zyga: that'll be the case if your test kernel doesn't end up showing "bind" in mountinfo
[15:53] <bulldog> zyga, i got something interesting man :)
[15:54] <bulldog> zyga, please check this out http://imgur.com/a/TFoCm
[15:55] <bulldog> ogra_, grep ffmpeg and flash of strace of my application http://imgur.com/a/TFoCm
[15:56] <bulldog> mhall119,
[16:01] <bulldog> :(
[16:06] <zyga> bulldog: I'm sorry I cannot check it out now
[16:06] <bulldog> zyga, ok
[16:07] <bulldog> zyga, you cant check image ??
[16:08] <bulldog> zyga, i want to know how to create those mimes files i think the player first read the mime files and then choose what codec is needed to play video and then call ffmpeg
[16:09] <bulldog> i added shared-mime-infot to stage-package now
[16:14] <zyga> bulldog: no, I'm digging through kernel code, sorry
[16:14] <zyga> bulldog: mime files don't do anything on ubuntu-core
[16:14] <zyga> bulldog: and I doubt they are related
[16:15] <bulldog> zyga, plyer tries to find he mime type am sure of this
[16:16] <zyga> bulldog: the server sends the mime type
[16:16] <bulldog> or it may be dynamic at runtime
[16:16] <zyga> it always is as the server sends it
[16:16] <bulldog> if it was not why strace showing mime stuffs
[16:17] <zyga> I'm sorry but I cannot dig into your code right now
[16:17] <bulldog> server sends several url to playable streams
[16:17] <bulldog> my code has nothing to do with that
[16:18] <mhall119> bulldog: are you using desktop-launch from the desktop-qt5 remote part?
[16:18] <bulldog> i have to pack it in deb :(
[16:18] <bulldog> yeah
[16:18] <bulldog> mhall119, yes
[16:18] <bulldog> mhall119, two things not working , video playback and mouse cursor looks odd
[16:19] <bulldog> rest of application works fine
[16:19] <zyga> wow, MS_BIND is really used just twice in the whole kernel
[16:19] <bulldog> and both issues are when i pack with snap
[16:20] <bulldog> mhall119, can i run update-mime-database before my app starts ??
[16:21] <bulldog> oh it is already done by desktop-launcher
[16:32] <flexiondotorg> zyga I've been asked what the RAM overhead for adding AppArmor to a kernel is. Any idea?
[16:34] <tyhicks> flexiondotorg: I've got no numbers for that off the top of my head
[16:34] <flexiondotorg> OK, thanks.
[16:41] <mup> PR snapcraft#1095 opened: Plainbox providers run validate <Created by jocave> <https://github.com/snapcore/snapcraft/pull/1095>
[16:43] <ogra_> pstolowski, poke ...
[16:46] <pstolowski> ogra_, hey
[16:47] <ogra_> pstolowski, so i'm trying to extend our core snap for an option to turn syslog on/off ...
[16:47] <ogra_> looking at https://github.com/snapcore/snapd/wiki/hooks
[16:47] <ogra_> apparently i cant get any info about what option the snap set that hands over the value was called with
[16:48] <ogra_> there is nothing in the shell env or in the arg list
[16:48] <ogra_> does that mean that ... if i would package ... say postfix which can easily have 500 config options the confgure script would have to parse each single of them with a snapctl call ?
[16:49] <mup> PR snapd#2749 opened: interfaces/default: allow mknod for regular files, pipes and sockets <Created by jdstrand> <https://github.com/snapcore/snapd/pull/2749>
[16:49] <ogra_> (and would also set all these options every time i change one of them)
[16:50] <ogra_> that doesnt look actually scalable ... is there a way for the configure script to find out what was called in snap set ?
[16:52] <zyga> flexiondotorg: no
[16:53] <zyga> flexiondotorg: I think jjohansen is the person to ask but you can measure that yourself
[16:53] <zyga> flexiondotorg: boot ubuntu on x86
[16:53] <zyga> flexiondotorg: then disable apparmor
[16:53] <zyga> bschaefer: (you have to pass somthing on command line, I could check later)
[16:53] <zyga> er
[16:53] <zyga> flexiondotorg: ^^
[16:54] <zyga> bschaefer: sorry, tab-mistake
[16:54] <zyga> flexiondotorg: then you can compare
[16:54] <zyga> flexiondotorg: but I don't suspect it is significant
[16:54] <flexiondotorg> zyga OK, thanks.
[16:55] <flexiondotorg> From some research papers is indicates maybe 1Mb of RAM.
[16:55] <flexiondotorg> But I'll need to test.
[16:55] <tyhicks> flexiondotorg: apparmor=0 is the kernel command option, which zyga is referring to, that disables apparmor
[16:56] <zyga> thanks :)
[16:56] <flexiondotorg> Yep :-)
[16:56] <zyga> flexiondotorg: once you do find out can you please give us a note
[16:56] <flexiondotorg> Yeah, will post on the ML.
[16:56] <zyga> flexiondotorg: include the test procedure as well, could be useful to repeat and measure
[16:56] <zyga> great, thanks
[16:56]  * ogra_ gives zyga a ♫
[16:57] <flexiondotorg> Won't be for a couple of days though.
[16:57] <tyhicks> flexiondotorg: just to check that you've properly disabled apparmor after booting, run aa-enabled and make sure that it doesn't print "Yes"
[16:57] <ogra_> flexiondotorg, he has a note now, no hurry, that will persist for a few days ;)
[16:57] <flexiondotorg> :-)
[16:58] <flexiondotorg> tyhicks Thanks for the tip.
[17:03] <pstolowski> ogra_, hmm, not really
[17:04] <ogra_> do we plan to extend that in the future ?
[17:04] <pstolowski> ogra_, i know this is not answer to your question, but I feel like it's worth mentioning - you can structure your options in a map, and then get them all in one go
[17:04]  * ogra_ imagines shell script hooks with 100s of lines of snapctl get at the top
[17:04] <pstolowski> ogra_, e.g. snapctl set author='{"name":"pawel", "age":18}'
[17:05] <ogra_> yeah, that doesnt help much ... especially in the context of the core snap where i probably only want to toggle a few options of the OS
[17:05] <pstolowski> ogra_, and then "snap(ctl) get -d ... author" will give you a formatted json document will both options
[17:05] <ogra_> right
[17:05] <pstolowski> s/will/with/
[17:06] <ogra_> i think we need a way to make the script knwo what option is being changed
[17:06] <pstolowski> ogra_, i think the idea was to use that as input to generate the target config
[17:06] <ogra_> thats fine for initial install
[17:06] <ogra_> but not if you want to change a single value
[17:06] <pstolowski> ogra_, I don't know of any plans to do that. this is the first time I hear about this limitation. but I think you're right
[17:06] <ogra_> in a snap that has tons of options
[17:07] <pstolowski> ogra_, yes.. sounds like a lots of work for script author to handle anything more complex than a few options
[17:07] <ogra_> well, i'm already stuggling with more than one :)
[17:07] <pstolowski> ;)
[17:08] <ogra_> morphis_ created a configure script for the core snap
[17:08] <ogra_> i'm trying to add a second option but seemingly cant do that without also parsing his option every time i set mine
[17:08] <pstolowski> ogra_, yeah, it's worth discussing. i'm about eod, need to pack things for the trip. back on monday but feel free to discuss tomorrow on standup
[17:09] <morphis_> ogra_: yeah you don't get a info which option is set
[17:09] <ogra_> i'll drag it to the ML
[17:09] <morphis_> ogra_: niemeyer talked about something to improve this
[17:09] <ogra_> morphis_, yeah, imagine you package postfix ... 500-800 possible options ...
[17:09] <morphis_> ogra_: but currently the only optio is to save state ..
[17:09] <morphis_> ogra_: I know, configure hook is pretty limited
[17:10] <ogra_> the configure script would probably end up bigger than the whole postfix source
[17:10] <morphis_> :-)
[17:10] <morphis_> ogra_: and my problem is that it is sometimes orthogonal to existing configuration systems as both can change and then don't match anymore
[17:10] <ogra_> yeah
[17:10] <morphis_> so you need to go state both ways etc.
[17:11] <morphis_> pretty complex
[17:11] <ogra_> yup
[17:11] <morphis_> raised that already back when the hook was introduced but I guess this is still just the beginning and to be improved in the future
[17:11] <ogra_> i hope so :)
[17:12] <ogra_> well, i'll just add my option to it then ...
[17:12] <pstolowski> it sounds to me like snap config options should only be used for some fundamental settings and not try to replicate all apps settings
[17:12] <pstolowski> e.g. what port to listen to or some such
[17:13] <morphis_> ogra_: wait, snapd does not update gadget snaps?
[17:13] <ogra_> morphis_, nope
[17:13] <morphis_> wooot?
[17:13] <ogra_> yeah
[17:13] <morphis_> awe_: ^^
[17:13] <ogra_> i was the same :)
[17:13] <morphis_> ogra_: why is that the case?
[17:13] <ogra_> safety net i think
[17:13] <ogra_> ask mvo
[17:14] <morphis_> so if a vendor updates its gadget snap in the store it doesn't get pulled and installed?
[17:14] <ogra_> we actually have a bug (though regarding the config.txt on the pi, but it applies to all gadget content afaik)
[17:14] <morphis_> ogra_: so lets say I add another plug to the gadget snap for a serial-port it doesn't get available on the device ever?
[17:15] <zyga> morphis_: plugs are processed (that's snap.yaml)
[17:15] <ogra_> i dont know if any parts get updated ... if there are any they are selectz bits
[17:15] <zyga> morphis_: but we don't process any of the gadget artefacts
[17:15] <bulldog> good night guys , i was not able to play videos in qwebview :(
[17:15] <zyga> morphis_: we don't bundle the equivalent of what ubuntu-image does
[17:15] <ogra_> yeah, you wont get a new grub config or a fix in the grub binary today
[17:15] <morphis_> zyga: right, so just gadget.yaml is ignored, correct?
[17:16] <zyga> morphis_: yes
[17:16] <morphis_> zyga: but lets say I change my configure hook in the gadget snap its still being updated and executed?
[17:16] <ogra_> thats in the snap.yaml, right ?
[17:16] <zyga> morphis_: yes
[17:16] <zyga> morphis_: it's just like any other snap
[17:16] <morphis_> good
[17:16] <zyga> morphis_: we just don't have code that goes over what is done by the gadget at build time
[17:17] <ogra_> we need that though :)
[17:17] <mvo> morphis_: there is a bit of a misunderstanding here it seem. we update the gadget snaps, we just don't update the bootloader bits and apply them to /boot/{uboot,grub}
[17:17] <morphis_> ogra_: then your comment on the bug does not apply
[17:17] <ogra_> morphis_, yeah, sorry
[17:17] <ogra_> seems i misunderstood
[17:17] <morphis_> mvo: yeah I just figured that ..
[17:17] <mvo> aha, thanks zyga, you already said this
[17:17] <morphis_> ogra_: can you correct that on the bug?
[17:18] <ogra_> done
[17:19] <zyga> mvo: thinking about it
[17:19] <zyga> mvo: perhaps it would be better in general
[17:19] <zyga> mvo: to have a special hook that gadgets could have
[17:19] <zyga> mvo: that lets them upgrade themselves
[17:20] <zyga> mvo: this feels more flexible than teaching snapd to understand all the random devices out there
[17:20] <zyga> mvo: and we could then leverage ubuntu-image codebase to construct gadget update hooks
[17:20] <ogra_> that sounds like a plan
[17:20] <zyga> mvo: (where the hook would run a new tool built from the same codebase)
[17:20] <zyga> mvo: and since the hook can inspect the system (kernel, what not) it could be smarter about hard cases
[17:21] <zyga> mvo: it could even be the configure hook though I somewhat share ogra_'s opinion about scalability
[17:21] <zyga> (as in what the hook is supposed to do when invoked)
[17:22] <zyga> mvo: and over time this could do other funky stuff like push a new gadget to update firmware on some oddball attached device
[17:22] <zyga> (e.g. reflash arduino with new program)
[17:22] <ogra_> well, i'd already be happy to be able to update bugfixes in the bootloader binary
[17:22] <ogra_> we do that all the time on classic
[17:23] <ogra_> so there is no reason to not do it on core
[17:23] <mvo> zyga: interessting idea, I think this aligns with the discussions we had at the sprint
[17:38] <seb128> sergiusens, what email client are you using? those colored lines in your replies are weird :-)
[17:53] <sergiusens> seb128: I am using dekko :-P
[17:53] <sergiusens> seb128: I've been notified
[17:53] <seb128> k, it's just weird looking :-)
[18:12] <DanChapman> sergiusens: I presume that's the wonky reply quoting your talking about? where you get loads of >>>>> in place of text. A fix for that will be landing shortly.
[18:28] <sergiusens> DanChapman: \o/
[18:28] <Pharaoh_Atem> Yo all
[18:37] <mup> PR snapd#2753 closed: tests: install ubuntu-core from the same channel as core <Created by fgimenez> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/2753>
[18:37] <Pharaoh_Atem> sergiusens: have you had a chance to take a look at breaking up the (stage|build)-packages backend up like we discussed at the October sprint?
[18:38] <Pharaoh_Atem> in snapcraft
[18:58] <jdstrand> zyga: I think it would probably be a good idea to do 'sysctl -w kernel.printk_ratelimit=0' for all spread tests. where would be the best place to put that in your opinion (otoh only). "I'm not sure" is an ok answer
[19:05] <zyga> jdstrand: ... in tests/lib/prepare.sh
[19:06] <zyga> tyhicks: you were right about MS_BIND, I patched the kernel a little bit (though this is a dead-end IMHO) to learn how things work
[19:06] <zyga> tyhicks: I've added MNT_BIND that gets set on bind mounts and printed in mountinfo
[19:06] <zyga> tyhicks: I kicked off another build
[19:07] <zyga> tyhicks: I start to think that I could use the tree structure to figure things out, I'll write a small helper for that tomorrow (to graph the mount structure)
[19:08] <zyga> tyhicks: if you know of one already then please drop me a line, otherwise I'll write one tomorrow (probably based on the existing mountinfo parser and dot/graphviz)
[19:09] <jdstrand> zyga: findmnt -a?
[19:10] <jdstrand> of maybe some other incantation
[19:10]  * zyga trie
[19:10] <zyga> tries
[19:10] <zyga> oh, groovy
[19:11] <jdstrand> zyga: thanks for prepare.sh
[19:12] <zyga> jdstrand: findmnt seems to do _something_ to figoure out bind mounts :)
[19:12] <zyga> jdstrand: that's very promising
[19:12] <jdstrand> cool
[19:15] <zyga> jdstrand: my patch actually worked
[19:15] <zyga> 257 24 8:1 /hacking/source /hacking/target rw,relatime,bind shared:1 - ext4 /dev/sda1 rw,errors=remount-ro,data=ordered
[19:15] <zyga> not very pretty but ... it shows bind mounts ;)
[19:17] <jdstrand> neat :)
[19:22] <zyga> jdstrand: http://paste.ubuntu.com/23901026/
[19:23] <jdstrand> huh
[19:23] <zyga> jdstrand: what?
[19:24] <jdstrand> just surprised that wasn't done already
[19:31] <zyga> jdstrand: I had a look at findmnt
[19:37] <zyga> jdstrand: and it treats anything that has mnt_root != "/"
[19:38] <zyga> jdstrand: it doesn't technically list bind mounts
[19:39] <zyga> jdstrand: it just has special syntax for btrfs and bind mounts
[19:39] <zyga> jdstrand: in any case this may be sufficient
[19:39] <zyga> jdstrand: do you think I should try to submit my MNT_BIND patch anywhere?
[19:44] <jdstrand> zyga: you might want to ask the kernel team about that
[19:48] <ogra_> jdstrand, you totally missed the classic snap that installs the classic dimension in which you can then develop classic snaps with classic confinement !
[19:48] <ogra_> (in your list in the mail)
[19:52] <jdstrand> ogra_: heh, I did actually think about it, but I was trying to focus on the two things that he may have been conflating
[19:53] <ogra_> yeah, i wasnt serious :)
[19:53] <jdstrand> :)
[19:53] <jdstrand> it is pretty overloaded :)
[19:53] <zyga> ogra_: that's a classic joke now
[19:53]  * zyga hides
[19:53] <ogra_> LOL
[19:53] <jdstrand> oh, boo :P
[19:57] <balloons> jdstrand, do all classic snaps have to have an initial manual review?
[20:10] <jdstrand> balloons: yes
[20:12] <stokachu> jdstrand, can i pm you about something?
[20:14] <jjohansen> flexiondotorg, zyga, jdstrand: the amount of ram overhead is highly dependent on policy, and cpu count. apparmor preallocates some per cpu work buffers. so a no policy base cost is you are looking at 2-4 pages/cpu + a few other small allocations. Policy is a lot harder to pin down, as it can vary drastically by what rules are used, how many profiles are loaded etc. Each profile will vary from just a few kb up to say a few 100 kb. 
[20:14] <jjohansen> It also depends on what compiler options are used. The policy is compiled and usually minimized and then compressed. There are flags to tune at each stage (they usually don't make huge differences, unless you disable a given stage entirely) but I have seen differences as large as 40%. We try to set the compiler to a good default, that balances cpu time for policy size.
[20:14] <jjohansen> And yes, kernel side the policy stays compressed, its a compression that allows us to directly us the data, (more of a packing but it can do state differences etc)
[20:16] <zyga> jjohansen: hey
[20:16] <jjohansen> hey zyga
[20:16] <zyga> jjohansen: I was working on a smaller test case for the bug you may remember, so far no luck (it works)
[20:17] <zyga> jjohansen: the original test is still broken
[20:17] <zyga> jjohansen: I'll continue this work tomorrow
[20:17] <jjohansen> zyga: ack, poke me to look at it again, I have been side tracked by other work
[20:17] <zyga> jjohansen: I asked a question in #ubuntu-kernel about a small patch, not sure if you want to review it (not sure if it makes sense to track MS_BIND flags)
[20:18] <zyga> jjohansen: I'll poke you tomorrow (hopefully with a simple C program that shows this issue)
[20:19] <jjohansen> zyga: I'll have a look
[20:19] <jdstrand> stokachu: of course
[20:21] <jdstrand> nessita: fyi, https://myapps.developer.ubuntu.com/dev/click-apps/5570/rev/652/ is stuck with "Automated review not yet completed.". These are coming from balloons' LP build and ther are now 80 revisions queued cause r652 is stuck. I granted classic confinement, hopefully if r652 gets unwedged, everything will just flow
[20:21] <jdstrand> nessita: Submission date for r652 is 2017-01-28 06:15 - 3 days, 14 hours ago
[20:27] <nessita> jdstrand, hum, checking
[20:28] <stokachu> nessita, hi! sent you and michael an email
[20:28] <nessita> stokachu, hi! is that a snap that we really want canonical to "sponsor"?
[20:29] <stokachu> nessita, yes
[20:29] <nessita> as in, is a canonical product?
[20:29] <HumbleBeaver> Hello gents, I'm chasing down a Seccomp issue my program seems to be triggering
[20:29] <stokachu> nessita, ah yes it is a canonical product
[20:30] <nessita> stokachu, ack, thanks; as soon as mvo replies with some ack I will do the transfer (likely tomorrow, is late for him and I'm close to EOD). Is that ok?
[20:30] <stokachu> nessita, yea that's great ty! also ill still have upload rights to it?
[20:31] <jdstrand> HumbleBeaver: do you have a denial in syslog? eg, grep -F type=1326 /var/log/syslog
[20:31] <nessita> stokachu, yes, the transfer automatically give you collaborator rights
[20:32] <stokachu> nessita, perfect ty!
[20:33] <HumbleBeaver> @jdstrand:yes
[20:33] <nothal> HumbleBeaver: No such command!
[20:35] <jdstrand> HumbleBeaver: can you paste the output to paste.ubuntu.com? (you might also be interested in 'sudo snap install snappy-debug ; sudo snappy-debug.security scanlog')
[20:36] <kyrofa> ogra_, what is the state of SPI on ubuntu core?
[20:38] <HumbleBeaver> jdstrand its been pasted, and I've got the debugger installed.
[20:39] <jdstrand> HumbleBeaver: can you give me the link with the paste?
[20:39] <HumbleBeaver> jdstrand yes one moment
[20:40] <HumbleBeaver> jdstrand http://paste.ubuntu.com/23901389/
[20:41] <jdstrand> HumbleBeaver: cat you paste the contents of /var/lib/snapd/seccomp/profiles/snap.codebreakers.<your command>?
[20:41] <jdstrand> s/cat/can
[20:44] <HumbleBeaver> jdstrand http://paste.ubuntu.com/23901416/
[20:46] <sergiusens> Pharaoh_Atem: I am going to take a spike at it this week or weekend; was thinking about it this past weekend but I got sick (two weekends in a row)
[20:46] <jdstrand> HumbleBeaver: ok, you have two choices. adjust your code to use 'sched_setscheduler(0, ..., ...)' or add 'plugs: [ process-control ]' to your snapcraft.yaml
[20:47] <jdstrand> HumbleBeaver: is this an open source project? if so, is the code hosted somewhere?
[20:48] <Pharaoh_Atem> sergiusens: I know that feeling well
[20:48] <Pharaoh_Atem> I was sick the entire month of December
[20:48] <Pharaoh_Atem> it sucked a lot
[20:50] <HumbleBeaver> jdstrand Yes its on github, https://github.com/bflanagin/CodeBreakers
[20:54] <jdstrand> HumbleBeaver: we allow sched_setscheduler to be used with '0' as the first argument because that limits changing the scheduler to a process for this snap. other values for the first argument allow changing the scheduler for other pids that aren't from your snap
[20:55] <HumbleBeaver> jdstrand do you know how I might have caused the issue. It only occured when I tried to use the LocalStorage
[20:55] <jdstrand> HumbleBeaver: the process-control interface allows you to use sched_setscheduler with any arguments. looking at your code, it seems that it is something in the qt libraries that might be doing this. are you explicitly setting the scheduler in some way?
[20:56] <jdstrand> maybe it is sqlite
[20:56] <HumbleBeaver> It must be, I have timers for some things, for animations but thats it
[20:57] <HumbleBeaver> jdstrand I've got it repackaged, let me see what happens now
[20:57] <jdstrand> HumbleBeaver: this is a thread scheduler unrelated to timers
[20:59] <HumbleBeaver> jdstrand I figured as much, its really a simple game.
[21:00] <jdstrand> I see sqlite3 uses sched_setparam but not sched_setscheduler
[21:01] <nessita> jdstrand, I gotta run now, Daniel (roadmr) is helping me debugging but I may unblock the revision tomorrow, sorry
[21:02] <jdstrand> nessita: thanks, sorry for pinging you at your eod. balloons, fyi ^
[21:03] <nessita> jdstrand, long story short I can file an RT to get that unblock, but would like to fidn what caused the blockeage first to be able to fix
[21:03] <jdstrand> makes sense
[21:07] <nessita> jdstrand, will keep you posted
[21:09] <HumbleBeaver> jdstrand I've added process-control to plugs, as well as network-control (this was suggested by the debugger)
[21:10] <HumbleBeaver> both seem odd for a QML app that only uses javascript to make it do what it does
[21:10] <jdstrand> HumbleBeaver: you shouldn't need network-control. what was the denial?
[21:10] <balloons> ty all
[21:11] <HumbleBeaver> jdstrand I thought it was odd too, one moment
[21:18] <kgunn> ogra_: fwiw, the link to db image seems broken from this page
[21:18] <kgunn> https://developer.ubuntu.com/core/get-started/dragonboard-410c
[21:19] <HumbleBeaver> jdstrand I removed network-control but left network (I'm going to need it later anyway). It was the debugger that suggested I add network-control, but I don't know what it was complaining about.
[21:20] <jdstrand> HumbleBeaver: the debug command will make several suggestions. it's possible there was a cascasding failure since you didn't have process-control
[21:20] <mup> PR snapd#2558 opened: snapstate: move refresh from a systemd timer to the inernal snapstate Ensure() <Created by mvo5> <https://github.com/snapcore/snapd/pull/2558>
[21:21] <jdstrand> HumbleBeaver: I've taken a todo to look into why qml apps need sched_setscheduler
[21:21] <HumbleBeaver> jdstrand That makes sense, with process control my app still fails to start, but there are no more debug errors when in devmode
[21:22] <HumbleBeaver> thanks for looking into this I'll see if I can set the scheduler like you suggested
[21:24] <mup> PR snapcraft#1088 closed: Release changelog for 2.26 <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1088>
[21:26] <jdstrand> HumbleBeaver: I don't think there is anything for you to do. I think it is in the guts of QThread: http://sources.debian.net/src/qtbase-opensource-src/5.7.1%2Bdfsg-3/src/corelib/thread/qthread_unix.cpp/?hl=721#L721
[21:27]  * jdstrand hugs sergiusens for releasing 2.26 ('desktop' in snap.yaml has been annoying :)
[21:28]  * sergiusens hugs back
[21:28] <sergiusens> jdstrand: would of pushed on Friday, but we had unexpected adt failures which were sorted
[21:29] <jdstrand> sergiusens: no worries, it hasn't been too bad
[21:32] <HumbleBeaver> jdstrand I hate it when that is the case, and I forgot to connect process-control to codebreakers. It now works in Scrict mode
[21:32] <HumbleBeaver> Forgive my ignorance, but will other users have to do that as well to use the application on their system?
[21:35] <jdstrand> HumbleBeaver: yes. like I said, I need to look into what is happening and see what to do to fix it
[21:39] <HumbleBeaver> jdstrand thanks for your help, I'll rewrite the code to use an online leader board while you get things sorted.
[21:41] <ogra_> kgunn, bah, looks like slangasek's re-arranging for automatic builds broke all links ... there was a new "/current" layer added
[21:42] <slangasek> ogra_: what links?
[21:42] <ogra_> i'm not actually sure we need current and pending there
[21:42] <ogra_> slangasek, https://developer.ubuntu.com/core/get-started/dragonboard-410c
[21:42] <slangasek> mmk
[21:42] <slangasek> the extra layer is there by discussion with QA (jibel)
[21:43] <slangasek> we have the same promotion process for images for the stable channel as elsewhere: we produce the image, it's put through QA, then it's published as current after it's been confirmed to work
[21:43] <ogra_> except that they (used to) test candidate
[21:43] <slangasek> we can retrofit some compat symlinks, but can we also please update the pages?
[21:43] <ogra_> yes
[21:44] <slangasek> the candidate image is a separate image build
[21:44] <slangasek> because the channel has to be changed within the image
[21:44] <slangasek> and we want QA of the actual output of the image build
[21:44] <ogra_> of snaps that get promoted through the store levels
[21:44] <ogra_> the only thing you woulld test there is ubuntu-image :)
[21:44] <slangasek> maybe you have confidence that ubuntu-image will always produce correct output
[21:44] <slangasek> I am more conservative about my own code ;)
[21:44] <ogra_> heh, k
[21:45] <slangasek> (also, jibel wanted it ;)
[21:45] <ogra_> the thing is that we are duplicating the processes ... snaps should layer through the store
[21:46] <ogra_> https://wiki.ubuntu.com/QATeam/OSSnapPromotion
[21:47] <slangasek> ogra_: so, I'm willing to do this any way that the team thinks is correct, but when I asked jibel how he wanted these done this is what he asked for
[21:47] <ogra_> the snap is identical in candidate and stable ... that should be true for kernel, core and the gadgets
[21:47] <slangasek> anyway, compat symlinks are now in place
[21:47] <ogra_> thanks
[21:47] <slangasek> will you take care of updating the documentation?
[21:47] <ogra_> i'll file the PRs yeah
[21:47] <ogra_> thanks
[21:48] <ogra_> kgunn, ^^ all back
[21:48] <kgunn> ;)
[21:49] <ogra_> kyrofa, hmm, should all work on a low level, though i'm not sure if we might need extra interface love ...
[21:49] <kyrofa> ogra_, just saw this pop up: https://askubuntu.com/questions/878445/error-illegal-arguments-for-construction-of-exports-spi
[21:50] <kyrofa> ogra_, which is from classic mode, which should be devmode
[21:51] <ogra_> bah
[21:51] <ogra_> sigh
[21:51] <ogra_> ogra@localhost:~$ grep spi /boot/uboot/config.txt
[21:51] <ogra_> #spi=on
[21:51] <ogra_> ogra@localhost:~$
[21:52] <ogra_> i'll fix that tomorrow ... can you tell him to remove the comment for now
[21:54] <kyrofa> ogra_, that's writable? Will do
[21:55] <ogra_> yeah, it is ... but isnt upgraded when we update the gadget
[21:55] <ogra_> so he would have to re-install an edge image ... just uncommenting is the least painless
[21:57] <stokachu> do we know if the launchpad snap builds support the /snap directory now?
[21:57] <kyrofa> ogra_, perfect, thank you for investigating. Shall I log a bug?
[21:57] <ogra_> kyrofa, nah, i'll do it with the next gadget update
[21:57] <kyrofa> stokachu, I don't think so-- that's snapcraft 2.26 which isn't quite out yet
[21:57] <kyrofa> stokachu, but once it's in -updates LP will support it
[21:57] <stokachu> kyrofa, ok thanks, ill continue building manually until then
[21:58] <ogra_> the fact that installed gadgets do not get updated is known and has bugs
[21:58] <kyrofa> ogra_, alright, sounds good
[21:59] <sergiusens> wgrant: do you remember the snap directory conversations? ^
[21:59] <wgrant> sergiusens: ie. having buildds mount the core snap for classic builds?
[22:00] <sergiusens> wgrant: no, snapcraft.yaml inside snap/snapcraft.yaml
[22:01] <wgrant> Oh that.
[22:01] <wgrant> sergiusens: I don't think LP needs specific support for that, does it?
[22:01] <sergiusens> wgrant: not out yet, but lp detection of that as a valid thing might be a thing; both you guys are subscribed to the bug, not sure if I need to do more next time
[22:01] <wgrant> It doesn't use snapcraft.yaml except via snapcraft itself.
[22:01] <wgrant> So it should Just Work.
[22:01] <sergiusens> wgrant: I think, I don't know; does the +Create a snap button show regardless?
[22:02] <wgrant> Oh right.
[22:02] <wgrant> buildd doesn't, but the app does, to autoparse the name.
[22:02] <wgrant> cjwatson is working on some stuff in that area atm, so might be able to sort it out.
[22:03] <wgrant> sergiusens: IIRC /snapcraft.yaml, /.snapcraft.yaml and /snap/snapcraft.yaml are all valid now?
[22:03] <wgrant> Anything else?
[22:03] <kyrofa> wgrant, you got it
[22:04] <sergiusens> wgrant: correct
[22:04] <wgrant> Great.
[22:04] <sergiusens> ok, I am EODing now!
[22:04] <sergiusens> cheers
[22:04] <wgrant> Note that all this breaks is the name autodetection when creating a new snap.
[22:05] <wgrant> Builds will work fine, and when creating a new snap that uses a new location you'll just need to enter the name manually.
[22:05] <sergiusens> wgrant: good to know, I won't block on releasing then
[22:15] <mhall119> bzoltan: zbenjamin: have you guys had any issue with QML/SDK apps running as fully confined snaps? HumbleBeaver is experiencing a problem related to SQLite
[22:42] <odysseywestra> Hi I was wondering if someone could help me package MyPaint. I read through the tutorial, but I would like someone to help me walk through the process so I can get it.
[22:48] <HumbleBeaver> odysseywestra Howdy, I'm still learning too, but I've got one or two snaps under my belt.
[22:48] <HumbleBeaver> I'll try my best to get you running, where are you at in the process
[22:51] <HumbleBeaver> and then my dogs demand I take them on a walk.
[22:52] <odysseywestra> Yeah, and one of my family member came over unexpectedly.
[22:52] <HumbleBeaver> odysseywestra lol, well I'll hit you up after the walk, if someone isn't helping you I'll see what I can do for you
[22:53] <odysseywestra> Okay thank you.
[23:34] <zyga> jdstrand: replied on must_stpcpy, I think I misunderstood you initially, strncat is mostly useless for preventing bufer overflows IMO
[23:35] <zyga> jdstrand: if you want we can discuss this here quickly or back in the pull request slowly
[23:38] <PugnaciousOne> Anyone awake in this channel?  I'm having some issues installing snapd.  The error i'm getting is: failed to synchronize cache for repo 'zyga-snapcore'
[23:39] <kyrofa> PugnaciousOne, what OS?
[23:40] <PugnaciousOne> CentOS
[23:40] <PugnaciousOne> i would have used ubuntu but the company i work for has issues if i use anything other than centos
[23:40] <kyrofa> zyga, can you take a look at that? ^^
[23:40] <PugnaciousOne> i'm trying to adapt the fedora guide to it
[23:40] <zyga> PugnaciousOne: hey, centos is not supported yet
[23:40] <kyrofa> PugnaciousOne, understood, I've been in that situation as well
[23:40] <zyga> PugnaciousOne: I'm sorry but I didn't build a centos package
[23:41] <zyga> PugnaciousOne: we're trying to get a working package but it's been somewhat starved by other things
[23:41] <zyga> PugnaciousOne: if you want to help I could use someone to work on a centos package
[23:41] <PugnaciousOne> ah, i'll have to try and get them to make an exception then.  it's very similar to fedora though.
[23:41] <PugnaciousOne> what type of help do you need?
[23:41] <zyga> PugnaciousOne: just on the packaging itself
[23:42] <zyga> PugnaciousOne: I can work with you, I think we could reuse some of the work that went into the (incomplete because of selinux) fedora package
[23:42] <PugnaciousOne> i have about 4 hours.  i can test whatever, but i'm currently vpn'd back into my company network so i can access the server through ssh
[23:42] <PugnaciousOne> if it makes you feel any better, i run selinux in permissive mode so it shouldn't be an issue on my end
[23:43] <PugnaciousOne> the vpn connection means that i'm a bit slower than i normally would be.  i'm on a little laptop at home
[23:43] <zyga> PugnaciousOne: right now the package that I was trying to build for fedora is a few releases behind and stuck on selinux policy; there's no centos package available as that was planned as the next step
[23:43] <zyga> PugnaciousOne: which version of centos do you need to use?
[23:44] <PugnaciousOne> 7
[23:44] <PugnaciousOne> the security guys have a cow even if linux is mentioned.  it took me months to get permission to use centos 7
[23:44] <zyga> PugnaciousOne: ok, I cannot give you anything concrete but have a look at this: https://github.com/snapcore/snapd/wiki/Distributions#centos
[23:45] <zyga> PugnaciousOne: if you want to contribute and help make the package happen I can giude you
[23:45] <zyga> PugnaciousOne: but I cannot work on it full time yet
[23:45] <zyga> PugnaciousOne: I wish I had better news
[23:46] <PugnaciousOne> i'll help as much as i can.  just let me know what info/input you need from me
[23:46] <zyga> PugnaciousOne: well, to work on the package itself
[23:46] <PugnaciousOne> i was hoping to setup a rocketchat server to demo to the guys visiting from corporate tomorrow.  trying to get them to move out of the stone age and use actual communication
[23:47] <PugnaciousOne> let me check and see if i have the dependencies first and i'll get back to you in a few minutes
[23:47] <zyga> PugnaciousOne: if you cannot work on the package then don't worry, I'll get around to work on it soon (~1-2 weeks probably)
[23:48] <zyga> PugnaciousOne: you may want to talk to Pharaoh_Atem
[23:48] <zyga> PugnaciousOne: he was working with me on the initial fedora package and has helped me a lot with RPM specific knowledge
[23:49] <PugnaciousOne> ok.  i'll look into it.  to be honest my coding is rusty and i don't use linux enough.  do you think it would be possible to build it from source?
[23:49] <zyga> PugnaciousOne: yes although you'd have to glue the bits together manually
[23:49] <zyga> PugnaciousOne: that doesn't sound like a good demo material
[23:50] <zyga> PugnaciousOne: I'd recommend trying this out on debian/ubuntu for now
[23:50] <PugnaciousOne> sadly, i'm familiar with gluing bits together.  i'll just see if i can build a debian install tomorrow
[23:50] <zyga> PugnaciousOne: on sid you can apt-get install snapd
[23:50] <zyga> PugnaciousOne: or xenial, that's the most tested release
[23:51] <PugnaciousOne> yeah.  the info sec team is going to have a field day, but...if i strip the install down enough i should be able to get them to accept it
[23:51] <PugnaciousOne> what's xenial?
[23:51] <zyga> PugnaciousOne: codename of ubuntu 16.04
[23:51] <mup> PR snapcraft#1096 opened: schema,copy plugin: better errors when item has no value <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1096>
[23:51] <PugnaciousOne> ah
[23:51] <PugnaciousOne> i've mostly been using arch for the past 3 years
[23:52] <zyga> PugnaciousOne: there's an arch package but it is outdated as well
[23:53] <PugnaciousOne> i'll stick with debian i think
[23:53] <PugnaciousOne> it'll be the easiset for me to get them to accept
[23:54] <zyga> PugnaciousOne: on xenial you will get much stronger security than on ubuntu
[23:54] <zyga> PugnaciousOne: on debian the confinement system is not enabled as apparmor patches are not all available in the kernel there
[23:54] <kyrofa> zyga, how does snapd work on openembedded and/or yocto? Do we have recipes upstreamed for snapd, snap-confine, etc?
[23:54] <zyga> PugnaciousOne: s/than on ubuntu/than on debian/
[23:54] <zyga> PugnaciousOne: it's a matter of time but for now ubuntu is the best host for snapd
[23:55] <PugnaciousOne> ok
[23:55] <zyga> kyrofa: I didn't work on openembedded
[23:55] <kyrofa> zyga, do you know who did?
[23:55] <zyga> kyrofa: no, I'm sorry
[23:55] <zyga> kyrofa: that may have been asac
[23:55] <kyrofa> Wonder who's maintaining that nowadays
[23:56] <zyga> I suspect nobody
[23:57] <kyrofa> As do I
[23:58] <kyrofa> zyga, are there any other distros on snapcraft.io that you're uncertain about?