/srv/irclogs.ubuntu.com/2017/02/02/#snappy.txt

mdyeis there a status page for snap services in case of outtages or such? (I have automated testing of download and installation of my snap and it's been slow or timed out the last few hours; is this a problem on my end or in store services?)00:01
kyrofamdye, check http://status.snapcraft.io/00:02
mdyethx00:02
kyrofamdye, ah, some firewall maintenance is happening today, I wonder if that is affecting things00:03
kyrofaBut I'll admit, that status page is quite a bit more optimistic about things than my experience has been. I have snaps uploading to CI daily and it's about 50/50 whether I'll get an email about a failed upload00:04
mupPR snapcraft#1100 opened: repo: remove symlinks to libc <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1100>00:10
olympionexwhen installing the app, it seems like the daemon in my snap is being started before the configure hook gets a chance to run.  I use the configure hook to setup the config and a few other things.  As a result, the daemon fails to start and the whole snap then seems to fail to install because of that.  Is this an error or the expected behavior?01:05
olympionex*when installing the snap01:05
kyrofaolympionex, that's expected behavior. When you consider running a hook upon install, there are two possible scenarios:01:07
kyrofa1. Run the hook after services start. This gives the hook a chance to query the running services, make sure everything is running correctly, and modify configuration if necessary. If something is wrong, it can error and rollback installation01:08
kyrofa2. Run the hook before services start. Which allows the hook to do some setup required by included daemons, but makes it useless for querying them and checking their health01:09
kyrofaolympionex, honesty I think this is a good case for an install hook instead of making the configure hook do everything01:09
kyrofaolympionex, but that's the reason the configure hook runs when it does-- it's closer to its purpose01:10
kyrofaolympionex, would you mind logging a bug?01:10
olympionexkyrofa: agreed, just making sure I don't have an option.  I'm trying to snapify a troublesome daemon that I can't modify unfortunately and need to do some setup upon install01:11
kyrofaolympionex, currently your only option is to write a shell wrapper that makes sure it's setup correctly when run. That wrapper should be your daemon, and after it ensures things are setup, it should run the real binary01:12
kyrofaolympionex, if we had an install hook that ran before the services did, you could use that instead01:12
olympionexkyrofa: yeah, makes sense -- snap seems to have a lot of development going on, so maybe I can look forward to it soon01:13
kyrofaolympionex, the configure hook stands alone in this regard because no one has asked for anything else. Please log a bug if you feel you need this01:14
olympionexkyrofa, for snapcore/snapd?01:15
kyrofaolympionex, right here: https://bugs.launchpad.net/ubuntu/+source/snapd/+filebug01:15
kyrofaolympionex, if you want some examples of other snaps that go the wrapper route, check out the nextcloud snap. A good example is the `mysql` daemon: https://github.com/nextcloud/nextcloud-snap/blob/master/snapcraft.yaml01:18
kyrofaolympionex, notice that it doesn't run mysqd directly, it runs start_mysql: https://github.com/nextcloud/nextcloud-snap/blob/master/src/mysql/start_mysql01:18
olympionexkyrofa: thanks - I actually already have a wrapper to handle some of the required pid file requirements of my daemon01:18
kyrofaWhich makes sure a database is generated, etc.01:18
kyrofaGood dea01:18
kyrofal01:19
htafdresgii snap installed docker, how do I docker pull?02:04
htafdresgilike I know I can cd into the /snap/docker/bin but is that how I'm supposed to do it, or is there a different way?02:04
htafdresginever mind i fiugred it out04:15
htafdresgifigured*04:15
olympionexI'm having a catch-22 with classic confinement and snapcraft.  It won't let me run snapcraft unless I install the core snap, and there is no way to do that b/c it conflicts with the immovable ubuntu-core snap04:22
olympionexthis is on 16.04, weird that it works fine on my other pc04:23
olympionexsame versions of everything, including the ubuntu-core snap04:23
olympionexi had to end up purging snapd and reinstalling04:25
MirvoSoMoN: can you retest bug #1642900 vs. https://github.com/ubuntu/snapcraft-desktop-helpers/pull/40 ?07:01
mupPR ubuntu/snapcraft-desktop-helpers#40: Use also ubuntu-app-platform's lib/$ARCH dir for LD_LIBRARY_PATH (LP:… <Created by tjyrinki> <https://github.com/ubuntu/snapcraft-desktop-helpers/pull/40>07:01
mupBug #1642900: libgcc_s.so.1 not found by app using ubuntu-app-platform content snap <Ubuntu App Platform:In Progress by timo-jyrinki> <https://launchpad.net/bugs/1642900>07:01
MirvoSoMoN: note that you'd need edge version of platform snap to have the libgcc_s.so.107:02
oSoMoNMirv, will do07:04
zygao/07:36
=== JanC is now known as Guest98802
=== JanC_ is now known as JanC
mupPR snapd#2692 closed: spread: add unit suite <Created by fgimenez> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/2692>08:03
mupPR snapd#2741 closed: store: enable download deltas on classic by default <Created by squidsoup> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/2741>08:08
mupPR snapd#2751 closed: 14.04/integrationtests: rely on upstart to restart ssh <Created by vosst> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/2751>08:09
mupPR snapd#2743 closed: debian: move the snap-confine packaging into snapd <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/2743>08:11
zygajjohansen: hey08:26
zygajjohansen: which timezone do you live in?08:26
jjohansenzyga: uhm UCT-8 (portland, OR area)08:27
jjohansenbut well, I can't say I uhmm follow the tz all that well08:28
jjohansenzyga: I haven't gotten to testing the test kernels against your bug yet. I have been chasing it as a regression for 1661030 and jdstrand's bug 164890308:29
mupBug #1648903: Permission denied and inconsistent behavior in complain mode with 'ip netns list' command <AppArmor:New> <https://launchpad.net/bugs/1648903>08:29
jjohansenI was about to get around trying your reproducer08:29
zygajjohansen: haha, that explains a lot :)08:29
zygajjohansen: I'm already running the test with the kernel you indicated08:29
jjohansenah nice08:30
zygajjohansen: btw, where is your tree, I could follow your patches and learn a few things08:30
jjohansenzyga: ha which tree? I have a whole bunch of trees, sadly most are more stale than I like08:31
jjohansenthere are the set on kernel.ubuntu.com/jj/08:31
zygajjohansen: s/tree/repo/08:31
zygalet's see08:31
jjohansen1 for each release + the backport kernels (which is work I need to get back too)08:31
zygahmm, that's a 40408:31
zygajjohansen: do you use multiple repositories for that/08:32
zygaI'm not familiar with kernel development process08:32
jjohansenhttp://kernel.ubuntu.com/git/jj/08:32
jjohansenits git://kernel.ubuntu.com/jj/  from git08:32
jjohansenzyga: I was trying to get a base set of backport kernels setup in a single repo, sadly its in poor shape as I just haven't had enough to do it properly08:33
jjohansenI also have an upstream tree08:33
zygathanks, I'm looking a the xenial tree now08:34
jjohansenbut I don''t push to that one often because a lot of bots watch it, and if I push dev code there I get slammed with emails from bots complaining about any and every little thing08:34
jjohansengreat some times, but not when you are in the middle of dev08:34
jjohansenzyga: the proposed patch hasn't been pushed yet08:35
zygajjohansen: where is it?08:35
jjohansengive me a minute08:35
zygaah08:35
zygasure :)08:35
zygajjohansen: curious, what do bots do when you push there?08:35
zyga(so far fetching from git://kernel.ubuntu.com/jj/ubuntu-xenial.git fails on corrupted repository)08:37
zygajjohansen: the test passed!!!08:42
zygajjohansen: it's fixed :)08:42
zygajjohansen: when can you land that in the ubuntu kernels and upstream?08:44
jjohansenzyga: okay its pushed, I will send the patch out in a few minutes. It will land into -proposed with the other fixes (it fixes a regression)08:52
jjohansenso it should land in the next kernel release in 2.5 weeks08:53
zygajjohansen: understood, thank you!08:56
zygajjohansen: did you push it to git://kernel.ubuntu.com/jj/ubuntu-xenial.git?08:57
zygaI still get: remote: error: Could not read 162e766089a4fdbbb6626f39cc23da92fdb2204e08:58
jjohansenzyga: yes, on the master branch08:58
jjohansengah, I need to reset my master-next as its been rebased and the ref no longer exists08:59
jjohansenthis happens all the time08:59
jjohansengah, no something else is broken09:01
mupPR snapd#2759 opened: asserts: support for correctly suggesting format 2 for snap-declaration <Created by pedronis> <https://github.com/snapcore/snapd/pull/2759>09:07
zygajjohansen: btw, I'll break my userspace code and see if I can trigger an oops that I ran into earlier09:14
zygajjohansen: I was trying to use a O_PATH fd to do something that wasn't meant for it (setns)09:14
zygajjohansen: and that oopsed09:14
jjohansenzyga: sounds good, I am still trying to figure out what is wrong with the tree, something broke09:15
zygajjohansen: what are your typical work hours?09:17
jjohansenO_o the tree has lost all its heads09:17
zygajjohansen: this one? http://kernel.ubuntu.com/git/jj/ubuntu-xenial.git/log/ ?09:17
jjohansenzyga: yes09:18
jjohansenzyga: my work hours drift but for the last few weeks they have been roughly 07:00-11:00 UCT and 20:00-02:00 UCT09:19
mupPR snapd#2760 opened: merge release 2.22.1 into master <Created by mvo5> <https://github.com/snapcore/snapd/pull/2760>09:20
jjohansenif I got the conversion right09:20
jjohansenthats 23:00-4:00 and 12:00-18:00 local time09:20
zygaare you doing this to stay in touch with devs in europe?09:21
jjohansenzyga: some times, but not atm, I'm a night owl and tend to work at nights when things quiet down here09:23
jjohansenI do try reseting my hours every once and a while but then something comes up, I push and they drift ...09:24
zygajjohansen: I know how this feels :)09:25
jjohansen:)09:25
zygajjohansen: thank you for fixing this and a host of other issues09:26
zygajjohansen: I'll check if the oops happens and let you know if it does (with a test case if I can)09:26
jjohansensounds good09:27
mupPR snapd#2761 opened: vendor: move gettext.go back to github.com/ojii/gettext.go <Created by mvo5> <https://github.com/snapcore/snapd/pull/2761>09:33
mupPR snapd#2762 opened: debian: update breaks/replaces for snap-config->snapd  <Created by mvo5> <https://github.com/snapcore/snapd/pull/2762>09:41
zygajjohansen: no more oops09:46
zygajjohansen: so whatever it was, one of your patches fixed it09:46
jjohansenzyga: \o/10:10
mupPR snapd#2763 opened: store: retry on 502 http response as well <Created by mvo5> <https://github.com/snapcore/snapd/pull/2763>10:36
sergiusensogra_: where did the livecdrootfs stuff live?11:32
mupPR snapd#2762 closed: debian: update breaks/replaces for snap-confine->snapd  <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/2762>11:41
=== tinwood is now known as tinwood_afk
ogra_sergiusens, image PPA12:02
ogra_https://launchpad.net/~snappy-dev/+archive/ubuntu/image/+packages?field.name_filter=&field.status_filter=published&field.series_filter=xenial12:02
sergiusensogra_: so download source deb and the push? Might I just ask you to do something? xdg-open is in /usr/local/bin, would be nice to get that in the default PATH12:18
ogra_sergiusens, well, see my comment on the bug :)12:18
ogra_sergiusens, we have /usr/local/bin in the default path on images ... and the calling user on a classic system should also have it in his default PATH ... the only way to *not* have it in the default PATH is if a desktop wrapper redefines PATH12:20
ogra_sergiusens, so IMHO the desktop wrppers need a fix here12:20
ogra_*wrappers12:20
ogra_ogra@localhost:~$ echo $PATH12:21
ogra_bah12:21
ogra_ogra@localhost:~$ echo $PATH12:21
ogra_/home/ogra/bin:/home/ogra/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin12:21
ogra_thats on my Pi12:21
ogra_(and i get the same thing on my desktop classic install)12:21
sergiusensogra_: http://paste.ubuntu.com/23910571/12:22
sergiusensogra_: I wonder if snap-confine is wiping it then12:22
sergiusens oops12:22
ogra_that would be a question to zyga i guess12:22
sergiusensoh, no oops, I pasted the paste bin and confused by your output :-)12:22
zygaogra_: hey12:23
zygahow can I help?12:23
ogra_zyga, does snap-confine reset PATH ?12:23
zygayes it does12:23
ogra_aha12:23
zygafor snaps other than classic confinement that is12:23
zygaotherwise you don't know what PATH you may see12:23
ogra_zyga, can we add /usr/local/bin then ?12:23
sergiusenszyga: then it needs /usr/local/bin and didrocks was right, you do need to fix it ;-)12:23
ogra_zyga,  we need to find xdg-open there12:23
zygaogra_: does that path exist on core?12:23
ogra_yes12:23
zygaogra_: oh, curious12:24
zygaogra_: sure I can fix this quickly12:24
ogra_for apt, dpkg palceholders and for xdg-open12:24
zygaogra_: is there a bug for reference?12:24
ogra_yeah12:24
sergiusenszyga: do you use gui snaps at all???12:24
zygasergiusens: not that much, my local setup is in a weird state for content testing12:24
zygasergiusens: and I don't want to rely on snaps on a dev machine12:24
zygasergiusens: I use them on other machines though12:24
zygasergiusens: why?12:25
ogra_Bug 166102312:25
mupBug #1661023: PATH does not include /usr/local/bin and /usr/local/sbin <Snapcraft:In Progress by sergiusens> <https://launchpad.net/bugs/1661023>12:25
zygaogra_: thank you12:25
ogra_zyga, nad it needs to be first ... before /usr/bin12:25
ogra_/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin12:25
ogra_like that12:26
zygaogra_: noted12:26
ogra_else it wont override12:26
zygaogra_: actually without /snap/bin12:27
ogra_heh, yeah, i guess12:28
ogra_(that was just tghe PATH from ym Pi)12:28
oSoMoNdidrocks, when I build a webbrowser-app snap locally and install it, the app won’t start, I’m getting this error:12:36
oSoMoNThis application failed to start because it could not find or load the Qt platform plugin "xcb"12:36
oSoMoNin "".12:36
sergiusenszyga: I would strongly recommend you do dev in a VM and leave your main system as a dog fooding one to enjoy the pain and fix stuff as they show (some sort of stress testing)12:36
didrocksoSoMoN: did you snapcraft update since tuesday?12:37
didrocksoSoMoN: pat confirmed that updating to latest works12:37
oSoMoNdidrocks, no I hadn’t, let me try that12:37
zygasergiusens: I'm already working in a VM but I don't use the host as much, that's my "main" vm that moves from host to host as I change devices12:37
zygasergiusens: I also use snaps but I don't use gui snaps that much12:39
zygasergiusens: (I'm mostly a terminal + browser person12:39
ogra_use a snapped browser and a snapped terminal !!12:40
ogra_:)12:40
oSoMoNdidrocks, confirmed, that fixed the issue12:40
didrocksoSoMoN: phew, same fixed issue then :)12:40
didrocks(the issue being part definition is cached, but the parameters used in the git repo has changed/been added)12:42
oSoMoNcan snapcraft be improved to handle this better?12:42
didrocksunsure, I guess we have to think that the definition can be async compared to code12:42
didrocksso handling backward compatibility and not treating as one unit, but 212:43
didrocks(I didn't think about the caching at the time)12:43
* didrocks really needs to take a lunch break, ttyl12:43
ogra_but if you already cache you know the local version12:43
ogra_so its just a matter of comparing to the remote and notifying the user12:43
sergiusensoSoMoN: handle what better?12:44
ogra_remote parts updates12:44
sergiusensoSoMoN: so you want the latest and greatest always no matter if what is locally works and what is remote doesn't?12:45
ogra_i guess jst a notification that there is a new remote version would help12:45
sergiusensogra_: we could do that on `pull` as it is an online operation; don't think it would be wise to anywhere else12:46
sergiusensand notify, not auto update12:47
ogra_right12:47
ogra_just let the user know "hey, there is a newer version of this remote part"12:47
ogra_prevents support questions because of outdated local revisions12:47
sergiusensoSoMoN: if you log a bug, we can do it ;-)12:47
oSoMoNdidrocks, mind filing the bug? you have a better understanding of the problem, and you would explain it better than I could12:48
HumbleBeaverjdstrand, mhall119 after all that help day before yesterday you two gave me I have found out that my system is to blame.  Every snap installed on my system exhibits some sort of issue.13:48
HumbleBeaverBut if I add process-control to the program and connect them they work fine.13:48
HumbleBeaverI'm currently trying to sort out the issue.13:49
jdstrandHumbleBeaver: its still just the one program?13:49
mupPR snapd#2764 opened: tests: disable ubuntu-core->core transition on ppc64el (its just too slow) <Created by mvo5> <https://github.com/snapcore/snapd/pull/2764>13:49
HumbleBeaverjdstrand no, another program I wrote is now exhibiting the same issue. (main screen never displays) , but hexchat locks up, blender-tpaw doesn't launch, Krita doesn't load, and both Telegram snaps won't allow me to attach files via the attach clip.13:53
stokachutvoss, you around?13:53
jdstrandHumbleBeaver: and for all of them, if you connect 'process-control' it fixes the issue?13:54
HumbleBeaverjdstrand I've only added it to numnom so far, and yes it fixed the problem.13:56
jdstrandHumbleBeaver: can you give the output of 'grep type=1326 /var/log/syslog' after you see all these denials?13:57
jdstrands/denials/failures/13:57
HumbleBeaverjdstrand sure can,  stand by13:58
tvossstokachu: yup, I am14:02
HumbleBeaverjdstrand paste.ubuntu.com/2391102414:08
zygaogra_: https://github.com/snapcore/snapd/pull/276514:08
mupPR snapd#2765: cmd: add /usr/local/* to PATH <Created by zyga> <https://github.com/snapcore/snapd/pull/2765>14:08
zygaogra_: review appreciated :)14:08
mupPR snapd#2765 opened: cmd: add /usr/local/* to PATH <Created by zyga> <https://github.com/snapcore/snapd/pull/2765>14:09
zygajdstrand: if you are around I'd like to quickly discuss where to take the sc_must_stpcpy branch,14:11
zygajdstrand: we talked but I'm not sure what the bottom line was14:11
zygajdstrand: I'm +1 on the rename to sc_append_string (or similar) and +1 to drop the size limit if you want to as well;14:12
zygajdstrand: and +0.5 on the simplification (from stpcpy-like to strcat-like)14:12
ogra_zyga, looks fine, though not sure we need games actually :)14:14
zygaogra_: I felt the same, added it for completeness14:14
ogra_yeah14:14
zygaogra_: but I can remove it if you feel we don't want to have it14:14
=== ara_ is now known as ara
ogra_well, we have it everywhere else, seems more consistent in the end14:15
=== ara is now known as Guest84900
jdstrandzyga: I am here, I'll need to circle back though14:16
jdstrandzyga: it sounds like you are in favor of basically everything then. I think going to strcat-like is going to be more useful long term. already you have to reset the pointer at the end of all the stpcpy calls to send the string off to be used, so this will remove that requirement14:19
zygajdstrand: yes, it makes it simpler and more reliable at a irrelevant cost in performance14:20
zygajdstrand: if you agree I'll folow up and do just that14:20
zygajdstrand: and apply this across the tree to kill the static char buffers14:20
jdstrandHumbleBeaver: telegram, numnom, krita and codebreakers are all sched_setscheduler and that is a regression in 2.2214:21
jdstrandHumbleBeaver: hexchat is fchown which was never allowed14:22
zygaogra_: if you reviewed that branch can you please add a comment; that helps14:22
jdstrandzyga: sounds fine14:22
zygajdstrand: thanks! :)14:22
ogra_zyga, yeah, sorry distracted14:22
zygaogra_: no worries, thank you :)14:24
HumbleBeaverjdstrand, well that explains why they still work on other people's computers.  Thanks for your help14:26
jdstrandHumbleBeaver: right, you have 2.22, other people only have 2.2114:32
jdstrandHumbleBeaver: for each of telegram, numnom, krita and codebreakers, can you add 'sched_setscheduler' (without the quotes) to the botton of /var/lib/snapd/seccomp/profiles/snap.<your snap>, then relaunch the app and let me know if it works?14:33
jdstrandbottom*14:33
jdstrandHumbleBeaver: fyi, bug 166126514:33
mupBug #1661265: [regression] sched_setscheduler denied with Qt/QML applications <snapd (Ubuntu):New> <https://launchpad.net/bugs/1661265>14:33
jdstrandmvo: fyi, https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1659522/comments/1014:35
mupBug #1659522: [SRU] 2.22 <verification-failed> <snapd (Ubuntu):Fix Released> <snapd (Ubuntu Trusty):Fix Committed> <snapd (Ubuntu Xenial):Fix Committed> <snapd (Ubuntu Yakkety):Fix Committed> <https://launchpad.net/bugs/1659522>14:35
mvojdstrand: oh, so we need a 2.22.2?14:36
zygamvo: \o/14:36
jdstrandmvo: I've assigned that to me, but I would like to do a little digging first14:36
zygamvo: l.oo.l release14:36
jdstrandmvo: yes, sorry14:36
mvojdstrand: no worries14:36
mvojdstrand: I caused 2.22.1 myself :/14:36
mvojdstrand: do you have a rough estimate about times?14:36
jdstrandmvo: let me PR a fix right this second that way you aren't blocked on my investigation. I will want to augment the comment for this syscall pending my investigation14:37
mvosounds good14:38
mupPR snapd#2766 opened: tests: improve snap-env test <Created by mvo5> <https://github.com/snapcore/snapd/pull/2766>14:39
mupPR snapd#2767 opened: interfaces: allow sched_setscheduler again by default (LP: #1661265) <Created by jdstrand> <https://github.com/snapcore/snapd/pull/2767>14:45
jdstrandmvo: ^14:45
jdstrandmvo: I did it to master. will you get it to 2.22.2 or should I do something extra?14:47
mvojdstrand: I can cherry-pick it into the 2.22 branch14:47
jdstrandHumbleBeaver: in addition to trying all that, can you point me to your hexchat snap? I'd like to see how it is using fchown14:48
HumbleBeaverjdstrand, tingping is the developer of hexchat. It's the one in the store.14:51
jdstrandHumbleBeaver: great, thanks!14:51
=== tinwood_afk is now known as tinwood
mupPR snapd#2768 opened: interfaces: miscellaneous updates for hardware-observe, kernel-module-control, unity7 and default <Created by jdstrand> <https://github.com/snapcore/snapd/pull/2768>15:13
zygajdstrand: FYI, I found this insteresting: https://github.com/snapcore/snapd/pull/2768/files#r9914137915:20
mupPR snapd#2768: interfaces: miscellaneous updates for hardware-observe, kernel-module-control, unity7 and default <Created by jdstrand> <https://github.com/snapcore/snapd/pull/2768>15:20
jdstrandzyga: yes, that occurred to me to. we'll have to design it to support snapd policy versions if we are going to allow different series core snaps on the same device. note, this isn't the only issue with this-- I suspect there will be a lot of things that will need to be done differently based on the core series15:22
zygajdstrand: after writing this I realized that we can see the slot so we can identify 16 and 18 series but I totally agree with what you just said15:23
jdstrandzyga: I'd rather not try to predict all that right now though. when series 18 core snaps are a thing and we want to pull the trigger on something different, we should see how we want to do that15:24
jdstrandit's kinda scary if you really think about it-- series 22 with series 16-- how will snap-confine/snapd have changed?15:24
zygajdstrand: I bet we will be asked for continuity so that 16-based snaps can be installed aon 1815:24
zygajdstrand: yes15:24
zygajdstrand: I think it is worth to think about what we will do with multi-base snaps when we start to split that sometime soon15:25
jdstrandzyga: that request will need to also consider positive change moving forward15:25
zygajdstrand: (I suspect we'll make ubuntu-base-16 before EOY)15:25
zygajdstrand: backwards compatibility will win ous many hearts and I think it's not impossible to do15:26
zygajdstrand: we'll just recommend devs to update to 18-base15:26
jdstrandeg, it is perfectly correct to evolve and deprecate. series 16 should always work, but does that mean series 18+ need to not evolve? interesting questions15:26
zygajdstrand: I suspect that we may phase out series over time (e.g. a given snapd will only support 16 and 18 and maybe 20 but not 22 and 16 at the same time)15:26
zygajdstrand: no, I didn't mean that15:26
zygajdstrand: in 18 we should change what that interface does15:27
zygajdstrand: (or to be precise) when that interface is connected to a 16-base snap it should behave as it does15:27
zygajdstrand: but not in 18-base snap15:27
zygajdstrand: from the same snapd process15:27
zygajdstrand: (curious issues with >1 base snap and snap interfaces and auto-connection)15:27
zygajdstrand: lots of fun things ahead :)15:27
jdstrandwell, I think this needs to be all thought through at the appropriate time. there is a lot to consider15:27
jdstrandyes15:27
kalikianaHmmm 'snapcraft push' just gabe me '502 Bad Gateway'15:36
kalikianaBasically a bunch of raw HTML15:36
kalikianaTried again, now it seems to have worked15:39
kyrofakalikiana, I get that every other day when LP tries to push as well16:02
ogra_jdstrand, did you see my comment on the remote syslog bug ? would be nice to have /etc/rsyslog.d writable by the core-support interface16:03
ogra_i can then add the needed script bits to the config script16:03
jdstrandogra_: I thought I saw the comment, and I thought I saw you say you were going to do that, and I meant to say 'thank you' to you :)(16:04
jdstrand:)16:04
ogra_oh16:04
ogra_i only made the dir writable on an image level yet16:04
mupPR snapd#2769 opened: snap-exec: support nested environment variables in environment: <Created by mvo5> <https://github.com/snapcore/snapd/pull/2769>16:05
jdstrandogra_: oh, I see what you mean16:05
jdstrandogra_: let me take that onto an existing PR16:06
ogra_awesome !16:06
ogra_thanks ... i'll care for the rest then16:06
jdstrandogra_: is there a particular path or naming convention you are going to use? ie, we have a choice to allow modifying anything in there (eg, 50-default.conf) or to only modify [0-9][0-9]-snap*.conf (or something)16:10
ogra_well, i made the whole dir writable on the image level ... if you want to restrict the interface to a particular filename, feel free to do so, just tell me the name then16:11
mupPR snapd#2767 closed: interfaces: allow sched_setscheduler again by default (LP: #1661265) <Created by jdstrand> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/2767>16:12
ogra_jdstrand, the latter sounds sane though ... also in the light that we might want to be able to add more options later16:13
ogra_and i'd like to keep one file per option to not have to do sed stunts in the scripts16:14
ogra_(rm $filepath is so much easier than in-place editing of a big config file)16:15
jdstrandogra_: I was going to do this: http://paste.ubuntu.com/23911801/16:15
ogra_perfect16:15
jdstrandthat at least namespaces it a bit16:16
ogra_yep16:16
jdstrandI figure you might want some flexibility on 00-snap-foo.conf vs 99-snap-bar.conf vs snap-baz.conf16:16
ogra_yeah16:17
jdstrandcool16:17
jdstrandI'll send it up. I think I will do a separate PR since I already have approval on the other one16:17
jdstrandogra_: this is exciting! :)16:17
ogra_:D16:18
jdstrandfor some reason I'm a bit of a logging nerd :)16:18
ogra_and i love to save wear levelling of my SDs16:18
ogra_directing all my boards to a central place surely helps that16:19
mupBug #1661265 opened: [regression] sched_setscheduler denied with Qt/QML applications <snapd-interface> <Canonical System Image:In Progress by pat-mcgowan> <Snappy:Fix Committed> <snapd (Ubuntu):Triaged by jdstrand> <https://launchpad.net/bugs/1661265>16:20
mupPR snapd#2758 closed: overlord/devicestate: implement policy about gadget and kernel matching the model <Created by pedronis> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/2758>16:24
mupPR snapd#2770 opened: interfaces/core-support: allow modifying snap rsyslog configuration <Created by jdstrand> <https://github.com/snapcore/snapd/pull/2770>16:25
jdstrandogra_: since you mentioned you forgot about the remote logging bug, I'll remind you of bug #1504657 too since it is all in the same area16:37
mupBug #1504657: ntp servers should be configurable on snappy <Snappy:Confirmed> <ubuntu-core-config (Ubuntu):Won't Fix by ogra> <https://launchpad.net/bugs/1504657>16:37
ogra_geez !16:38
jdstrandogra_: sorry! feel free to prioritize how you want, just wanted to get it back on your radar. I don't have any more, I promise! :)16:38
ogra_jdstrand, no, that was about me also missing this one16:38
jdstrandoh, heh :)16:39
ogra_my LP search doesnt show it because the task assigned to me is wont-fixed16:39
jdstrandogra_: makes sense16:40
jdstrandogra_: this one is interesting. In addition to being able to set the time servers for core, I suspect that eventually people will want an ntp, chrony, openntpd, etc snap and therefore will want to be able to disable systemd-timesyncd so they can just use their snap16:42
jdstrandogra_: so I think in the config (at least at this time) should include enable (default)/disable, and setting the timeservers16:43
ogra_jdstrand, well, afer my last change ro tezh configure script that just means adding systemd-timesyncd to a variable list ... thats trivial16:43
ogra_the way i changed it we only need to add the service names to the list now16:43
jdstrandcool. I figures from a snapd security policy perspectivy, it was covered with the systemctl changes16:44
ogra_right16:44
jdstrandfigured*16:44
jdstrandjeez I can't type :)16:44
jdstrandogra_: thanks for this too, now I'm really, really excited! :)16:44
jdstrand:)16:44
ogra_https://code.launchpad.net/~ogra/core-snap/more-flexible-service-handling/+merge/31611616:45
ogra_we just can add to SERVICES= as needed16:46
jdstrandneat :)16:46
=== JanC_ is now known as JanC
=== jkridner|pd is now known as jkridner_
=== jkridner_ is now known as jkridner
BLu2is there a way to start a snap without network and device access? like "snap run hello --strict" or whatever if I don't fully trust the application?18:10
noise][FYI we are experiencing some network issues that are leading to slow response times for some Store endpoints, see http://status.snapcraft.io/ for details and updates as we have them. Currently affecting mostly snapcraft release for a subset of snaps.18:11
zygaBLu2: you can disconnect the network / network-bind interface but due to the way seccomp works today that is not ideal (the app will be killed if it tries to use the network)18:13
zygaBLu2: ideally we'd not kill the app and just reject those calls18:13
zygaBLu2: and perhaps even offer an "offline" zone or something where we could connect the app there instead and it would just be in an empty network18:14
zygajdstrand: ^^ I always wanted to do this use case18:14
mupPR snapd#2771 opened: debian: update changelog from releases 2.22.{1,2} <Created by mvo5> <https://github.com/snapcore/snapd/pull/2771>18:20
BLu2zyga, sounds good enough18:21
zygaBLu2: note that soon we will not kill an app in that case but this feature is still not merged in the upstream kernel AFAIK18:25
zyga(or merged but not released)18:25
jdstrandzyga: you are in luck. tyhicks has patches that are going upstream for seccomp ERRNO with logging (ie, deny with EPERM (for example) but log). today we kill because that is the only one that logs18:27
kyrofajdstrand, ahhhhh \o/!18:28
jdstrandyeah, cool stuff18:28
* kyrofa hugs tyhicks 18:28
kyrofaThat will change my life18:29
kyrofajdstrand, judging from the regression bug I saw you log, can I assume that arg filtering is supported now as well?18:29
jdstrandzyga: I guess the use case you are talking about is running without network? (cc BLu2) interface connections are absolutely the way to do that. killing is not unreasonable if you don't trust the app, but that point is moot, we won't be killing soon18:30
tyhickshey kyrofa :)18:30
jdstrandkyrofa: yes, it has been for some time. the first policy that used it came in Dec for network-control and interfaces18:30
kyrofaVery cool, good work guys18:30
jdstrandkyrofa: 2.22 had some small changes. I have several PRs open now for more arg filtering policy and working on a few more things18:31
jdstrandkyrofa: thanks!18:32
kyrofajdstrand, one of the things pushing that was setpriority. Are some args whitelisted for that?18:32
jdstrandtyhicks: can you remind me-- do your patches include logging the value of the args?18:32
tyhicksjdstrand: the first set did but the audit people didn't like it18:32
tyhicksjdstrand: they see the audit message format as being set in stone :/18:33
kyrofa:(18:33
jdstrandkyrofa: that is one of the ones that is up for review18:34
jdstrandactually, was that 2.22...18:34
* jdstrand looks18:34
jdstrandactually, no, that is still on the list, but it will be in 2.2318:36
jdstrandtyhicks: that annoying18:37
jdstrandthat's*18:37
tyhicksoh18:37
jdstrandtyhicks: is there anything more that we can do?18:37
tyhicksjdstrand: oh, I misunderstood you18:37
jdstrandmaybe I asked unclearly18:37
tyhicksjdstrand: I thought you were asking if the errno value would be logged - that's what the audit folks were against18:37
jdstrandoh no18:38
jdstrandsorry18:38
kyrofajdstrand, sounds good. What is the plan there-- only allowing setting priority for yourself and only specific priority ranges?18:38
jdstrandI meant if we allowed setpriority 0-19 and -1 was blocked, can we log that arg2 was -118:38
tyhicksjdstrand: that's not in the patch set - that looks very hard to do18:39
tyhicksjdstrand: I think the BPF that libseccomp generates would have to be modified to support that18:39
zygajdstrand: I've updated https://github.com/snapcore/snapd/pull/274518:39
mupPR snapd#2745: cmd: add sc_string_append <Created by zyga> <https://github.com/snapcore/snapd/pull/2745>18:39
jdstrandkyrofa: we will allow setpriority(PRIO_PROCESS, ..., 0-19) by default. other uses will require process-control18:41
kyrofajdstrand, good deal. MySQL wants -20, I wonder how they actually snapped it18:42
kyrofaMaybe the require process-control18:42
kyrofaYup, they do18:43
jdstrandkyrofa: they use process-control18:43
kyrofaHow cool will it be when mysql will request process-control, the user doesn't want to give it, so mysql simply says "okay, I just won't run at that high a priority then" instead of dying?18:46
jdstrandkyrofa: well, today it has a snap declaration that auto-connects it18:46
jdstrandkyrofa: but it will be cool when disconnected that it won't die, yes18:47
kyrofajdstrand, yeah, I'm really talking about the one I embed in nextcloud18:47
kyrofajdstrand, I'm still maintaining a mysql fork to compile that setpriority out18:47
jdstrandfun!18:47
jdstrand:)18:47
kyrofajdstrand, although if I asked for a snap declaration to connect it, think I'd get it?18:48
kyrofaI guess it would probably perform better18:48
zygajdstrand: I heard about that feature, I wonder if we can detect if the kernel supports this; the seccomp backend should do runtime detection18:48
jdstrandI doubt it :P18:48
zygajdstrand: (as should apparmor perhaps)18:48
jdstrandzyga: what are we detecting?18:49
jdstrandzyga: the log vs not log?18:49
zygajdstrand: capabilities of the implementation in the kernel18:50
jdstrandzyga: we'll just add that to the list of patches that need to be in a kernel. it'll be upstream, eventually it'll flow down. distros that don't want to patch their kernel can use kill instead. perhaps that should be a compile time flag...18:50
zygajdstrand: that won't be very nice, I'd rather detect that (for a few reasons)18:51
zygahmmm18:51
zygathan again18:51
zygamaybe for seccomp that's not relevant18:51
zygaunless there's new syntax18:51
zygaor new API that defines this in C18:52
jdstrandthe policy won't change18:52
zygaI was mostly after being able to take snapd binary from a snap18:52
zygaand run in it somewhere18:52
zygaand not see issues18:52
zygaoh, drat, we will see issues already as snapd in debian will be affected by this18:52
zygaI'll add a card18:52
jdstrandthat sounds like crazy talk :P18:52
jdstrandmore seriously, I need to get to other thngs before eow18:52
zygajdstrand: mmm think carefully18:52
zygajdstrand: that's a good idea :)18:53
zygajdstrand: if you +1 the sc_string_append branch I'll have easier life for the next few days18:53
kyleNhey, anyone know how to install core snap when ubuntu-core is already isntalled on xenial desktop?  http://pastebin.ubuntu.com/23912890/19:34
kyrofakyleN, purge snapd or wait for the new release that will migrate it for you19:34
kyleNkyrofa, as in apt-get remove --purge snapd?19:35
kyrofakyleN, apt purge snapd is more new-agey, but yeah19:35
kyleNok, thanks19:35
kyrofakyleN, but note that'll kill any snaps you have as well19:35
kyleNkyrofa, I already kill them off hoping that might fix it ;)19:36
kyrofakyleN, ha! Easy fix then19:36
kyrofakyleN, note that core will automatically be pulled in once you reinstall and attempt to install a snap19:37
kyrofa(instead of ubuntu-core)19:37
kyleNkyrofa, i also note that now snap install *requires* sudo (on xenial desktop)19:37
kyrofakyleN, yeah that whole thing is beyond me. I always used sudo19:38
kyleNanyway, it worked, thanks kyrofa19:38
kyrofakyleN, good deal, no problem19:39
kyleNkyrofa, can I 'sudo snap try prime' with a classic snap? I get: snap "make-system-user" requires consent to use classic confinement19:41
kyleNand passing --classic does not change that19:41
kyrofakyleN, not sure, try passing-- oh19:41
kyleN(I like snap try : )19:41
kyrofakyleN, hmm... might be a bug, I'm not sure about that19:41
kyrofaI would like it if I could use it19:41
kyrofaDarn encrypted homes19:41
mupPR snapcraft#1101 opened: misc: consistently use a dash for copyright years <Created by elopio> <https://github.com/snapcore/snapcraft/pull/1101>19:54
jdstrandroadmr: can you pull r837 whenever it is convenient. not urgent in the least20:15
roadmrjdstrand: totally. r836 is in the queue, just awaiting a deployment but it probably won't happen until Monday...20:16
roadmrjdstrand: so for now the consequence is that production doesn't yet accept those number-first snap names. On the upside, we never deployed to production the "name of death" revision, so we're safe there.20:16
roadmranyway... 837 coming up20:16
jdstrandroadmr: cool, thanks. r837 covers the all-numeric case that pedronis mentioned is not supported20:17
roadmrneat!20:17
jdstrandwhich the name of death regex handled, but the new one didn't20:17
roadmrcool! ok jdstrand I see a deployment containing r836 was requested and may happen today.20:18
jdstrandr837 is really corner case so again, just whenever is fine20:18
roadmrthanks :)20:19
mhall119sergiusens: does "snapcraft cleanbuild" ignore local directories named "snap"?20:22
kyrofamhall119, yes it does, we just noticed that20:23
mhall119:/20:23
mhall119is it a regex, or just "snap" ?20:24
kyrofaJust snap (remember `prime` used to be called `snap`)20:24
kyrofaIt's a carry-over from that20:24
mhall119thanks, I'll rename to snappkg then20:24
kyrofamhall119, wait, what's in there?20:24
mhall119a config file and wrapper script20:25
kyrofamhall119, because the newest release is making the 'snap' directory special20:25
mhall119this is a directory I made20:25
kyrofaYeah you'll want to rename it anyway, then20:25
mhall119thanks kyrofa20:27
sergiusenselopio: you need to test cleanbuild with every release ;-)21:00
mupPR snapcraft#1102 opened: cleanbuild: include snap directory in tarball <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1102>21:03
kyrofasergiusens, there you go ^^21:03
mupPR snapcraft#1103 opened: meta: support for the environment keyword <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/1103>21:12
iceywhat do I execute to get into a shell in a specific snap's sandbox?21:12
cookseyhello all21:16
kyrofaicey, snap run --shell <appname>21:17
kyrofaHey there cooksey21:17
cookseyi want to build snapd on a yocto based linux (build from git source). has anyone done this?21:17
iceythanks kyrofa :)21:17
mupPR snapd#2772 opened: interfaces: allow nice/setpriority to positive values by default <Created by jdstrand> <https://github.com/snapcore/snapd/pull/2772>21:17
iceyI knew it was something like that but couldn't tease it out21:17
kyrofacooksey, not that I know of. It should work fine, but keep in mind snapd's dependencies as well21:18
jdstrandkyrofa: fyi ^ PR21:18
kyrofajdstrand, hey thanks!21:18
cookseythat's what I was looking for. trying to find a list of dependencies and basic instructions/best practices to build from source21:19
cookseycan't find any build from source documentation21:19
kyrofacooksey, building won't be an issue so much, but you need to make sure you have a kernel with an up-to-date apparmor, and make sure seccomp is enabled21:20
kyrofacooksey, zyga can probably give you some guidance21:20
cookseyah21:20
cookseyjust found the document that i think i need21:20
kyrofacooksey, but I think he's gone for the day. You might consider pinging him earlier tomorrow21:20
cookseythank, kyrofa. I will if I need him.21:21
kyrofacooksey, sounds good21:21
tewardwho do I stab for issues wrt what's on the snapcraft.io site22:22
kyrofateward, what's going on?22:25
tewardkyrofa: I'm a moderator on Ask Ubuntu, which is linked as a 'support medium' for Snapcraft, but we're Ubuntu-centric, not "snapd" centric.22:25
tewardwould love to have that link 'removed' or at least have a comment next to it about "(if on Ubuntu Core)" since we don't support non-Ubuntu distros there22:26
kyrofateward, snapcraft only runs on ubuntu22:26
tewardkyrofa: what about snapd?22:26
tewarddoes it only run on Ubuntu too?22:26
tewardwe're getting broad questions regarding snapd on non-Ubuntu22:27
kyrofateward, no, but you complained about snapcraft, not snapd :)22:27
tewardkyrofa: i'm complaining about the *site*22:27
tewardnot snapcraft or a specific component22:27
tewardrelated: http://meta.askubuntu.com/questions/16672/do-we-support-snapd-on-other-distros22:27
kyrofateward, perhaps an email to the snapcraft mailing list would be best22:27
tewardlist address?22:27
kyrofateward, the link is right next to the AskUbuntu one22:28
kyrofateward, https://lists.snapcraft.io/mailman/listinfo/snapcraft22:28
mupPR snapd#2755 closed: interfaces: port mount backend to new APIs, unify content of per app/hook profiles <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/2755>22:29
kyrofateward, indeed, the link should probably mention "only if using on ubuntu" or something similar22:30
kyrofateward, note also that there are two separate tags: snap and snapcraft22:33
kyrofaBut snapcraft.io only mentions one22:33
cory_fuHey, I'm hitting a strange error trying to build a classic snap22:37
cory_fu"classic confinement requires the core snap to be installed. Install it by running `snap install core`."22:37
cory_fuHowever, when I try to install that, I get this:22:37
cory_fucannot install core snap "core" when core snap "ubuntu-core" is already present22:37
zygacory_fu: hey22:38
zygacory_fu: you can update snapd on your system22:38
zygacory_fu: and track candidate/edge22:38
kyrofacory_fu, yeah known issue. The newest snapd will migrate you from ubuntu-core to core22:38
tewardkyrofa: https://github.com/ubuntudesign/snapcraft.io/issues/271 is relevant, and i have hailed someone on the rocket chat server apparently who pointed me to filing issues there22:38
zygacory_fu: then some code will migrate ubuntu-core to core22:38
tewardbut you're not wrong22:38
kyrofacory_fu, building a classic snap requires core22:38
zygacory_fu: and you will be good to go22:38
cory_fuzyga: Sure.  I'm currently using the snapd that came with xenial.  How would I switch to candidate/edge?22:39
kyrofacory_fu, do you have any snapd installed?22:40
kyrofaerr, any snaps*22:40
cory_fukyrofa: charm, snap-codelabs, and ubuntu-core22:40
zygakyrofa: you don't have to purge state anymore22:41
zygakyrofa: snapd does the migration22:41
kyrofazyga, so he just needs to switch to ubuntu-core from edge?22:41
zygakyrofa: yes22:41
kyrofazyga, will that install the core snap from edge, then?22:41
kyrofacory_fu, try `sudo snap refresh --edge ubuntu-core`22:42
cory_fukyrofa: It said refreshed, but I still have ubuntu-core listed and snapcraft still fails missing core22:44
kyrofacory_fu, then I refer you to zyga for the nice migration. I personally just purged snapd and reinstalled it22:45
kyrofaBut that toasts your snaps too22:45
cory_fukyrofa: I'm fine with that approach22:45
kyrofacory_fu, then it'll install the `core` snap from the beginning, instead of `ubuntu-core`22:46
cory_fuSounds good.  After I apt remove snapd, how do I install the edge?22:46
kyrofacory_fu, you don't need to22:47
kyrofaJust install snapd again, and install a snap22:47
kyrofaOr just `sudo snap install core`22:47
kyrofacory_fu, refreshing to edge was an attempt to get that migration to run22:47
kyrofaBut it didn't. Not sure how it works22:47
cory_fuAh, gotcha22:47
stokachuis $SNAP* exposed in the hooks/configure scripts?22:49
pedroniszyga: notice I think that once you have switched it probably takes 5 minutes or so for the update to happen22:49
kyrofastokachu, yes22:49
stokachukyrofa, cool thanks22:50
kyrofapedronis, good to know, thank you22:50
cory_fukyrofa: That worked fine.  Thanks.  Is there any plan to backport that in some way so that lxd containers (I'm using ubuntu-xenial) or other new xenial instances will be able to use classic snaps out of the box?23:00
kyrofacory_fu, yeah, eventually that migration will hit everyone23:00
kyrofacory_fu, you're just riding the wave ;)23:01
cory_fukyrofa: Is it possible to use the core snap inside a lxd container?  I'm getting a mount error when trying to install it, even when using -c security.privileged=true23:09
kyrofacory_fu, you're a little beyond my expertise. Have you seen https://www.stgraber.org/2016/12/07/running-snaps-in-lxd-containers/ ?23:10
cory_fukyrofa: I hadn't, thanks.  Possibly I need newer versions of lxd, or such.  I will continue to investigate tomorrow.23:12
cory_fuFor now, have a good evening.  o/23:12
kyrofacory_fu, you as well!23:13
=== ahoneybun is now known as ahoneybun_
mupPR snapcraft#1097 closed: lifecycle: print the command needed to clean the dirty part <Created by elopio> <Merged by kyrofa> <https://github.com/snapcore/snapcraft/pull/1097>23:30
mupBug #1661436 opened: snap download can't find gadget or kernel snap from a branded store <Snappy:New> <https://launchpad.net/bugs/1661436>23:38

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!