[00:34] PR snapcraft#1214 opened: asset-tracking: add subversion source tracking [00:58] PR snapcraft#1215 opened: asset-tracking: add mercurial source tracking === lifeless_ is now known as lifeless === chihchun is now known as chihchun_afk === mup_ is now known as mup === chihchun_afk is now known as chihchun === chihchun is now known as chihchun_afk === chihchun_afk is now known as chihchun === mup_ is now known as mup === mup_ is now known as mup === mwhudson_ is now known as mwhudson === chrisccoulson_ is now known as chrisccoulson [09:50] Pharaoh_Atem: you may be interested in joining https://plus.google.com/communities/103356268060178755068 [10:16] zyga: I'm in it now [10:20] PR snapd#3071 opened: many: Ignore configure hook failures on core refresh [10:23] Son_Goku: great, thanks [10:23] Son_Goku: I set moderation for 1st post of new members [10:23] Son_Goku: but after that you should be good [10:23] well, I don't have anything to say... [10:27] Son_Goku: aww, I'm sure you will have something to say one day :) [10:27] * Son_Goku shrugs [10:43] PR snapd#3071 closed: many: Ignore configure hook failures on core refresh [11:25] * zyga does school run [11:48] PR snapd#3071 opened: many: Ignore configure hook failures on core refresh [11:54] morphis, golang deps packaging? [11:56] Son_Goku: I've started and coming along [12:16] PR snapd#3072 opened: interfaces: use udev spec [13:00] PR snapcraft#1216 opened: cleanbuild: don't copy cache into container [13:03] Son_Goku: can you have a look at https://github.com/CanonicalLtd/snappy-docs/pull/47 and check the Fedora part of you see something wrong? [13:03] PR CanonicalLtd/snappy-docs#47: Extend snapd installation instructions [13:05] morphis: yeah, there are no working snappy packages [13:05] Son_Goku: the 2.16 ones from zyga's repo worked to some degree .. however this is more for the near future where we have working packages again [13:06] when we have working packages, they'll just be in the Fedora repos [13:06] Son_Goku: sure, but keeping what is written there doesn't make sense so this just takes it and rewrites it [13:06] yes [13:06] I guess [13:07] by that token, I could have just built and released 2.16 now [13:07] and if we can provide something in a repo until its in the main distribution we should do that to have something people can test [13:07] Son_Goku: hm, lets not do that, it has too many unknowns for me right now [13:08] I held off on releasing 2.16 because zyga said we'd have 2.23 done in a week, several weeks ago :( [13:08] there were quite some problems recently with getting people upgraded and if we release to main it should use the core instead of ubuntu-core snap from the beginning [13:08] Son_Goku: yeah 2.23 is there now and I am here to put speed on this :-) [13:08] yeah, except 2.23 and 2.23.1 don't build [13:09] we can fix this and I am working on the golang packages [13:09] well, I'm tired of receiving the errors from the buildsystem about snapd-glib needing snapd and it's unresolvable, so I hope you have the golang packages today for me to review :) [13:09] Son_Goku: lets see [13:10] I also am able to sponsor new packagers into the packager group, so we can get it done very quickly [13:15] Son_Goku: awesome! [13:16] Son_Goku: can I enter the chroot mock builds somehow? [13:16] yes [13:17] mock [-r ] --shell [13:17] ok [13:22] Son_Goku: I love this .. the guy named the repo gettext.go and if you call go test github.com/ojii/gettext.go go can't deal with it as it things its a .go file [13:22] :/ [13:23] you need to put / behind it to make sure its a dir [13:25] morphis: you may use go test github.com/ojii/gettext.go/.... [13:25] (one less dot) [13:26] zyga, is snapd checking the content: name in a newer version? does not seem to on 2.23.1 [13:27] also what is the advantage of having a content: value specified [13:27] Bug #1675413 opened: snap disconnect doesn't support tab completion [13:41] morphis: it used to be called gogettext :/ [13:41] then they broke it [13:42] pmcgowan: I think it does [13:42] pmcgowan: there was a regression at one revision but it was fixed AFAIR [13:43] zyga, I have 2.23.1 and it doesnt seem to get checked === spineau is now known as spineau_afk [13:43] zyga, but I am wondering, what is it good for? [13:44] since I cant really rev interface versions using it aiui [13:46] pmcgowan: it's a "protocol" handshake [13:46] pmcgowan: you cannot connect if plug and slot don't agree [13:47] zyga, but I already need to have the names agree, how is this different [13:47] pmcgowan: the regression was in one place where we didn't return the default one based on interface name [13:47] pmcgowan: which names? [13:47] the plug and slot [13:47] pmcgowan: those are irrelevant [13:47] pmcgowan: you cna name them any way you want [13:47] so they dont need to match [13:47] ok [13:47] pmcgowan: the content attirbute matters [13:47] so its just broken in this version [13:47] I think so [13:48] ok [13:48] pmcgowan: but if you define content explictly it should work in any version [13:48] yeah its not [13:48] zyga, I just connected foo to bar basically and it worked [13:50] zyga I also filed a bug about connecting to the wrong snap entirely [13:53] zyga, unless the checking is not happening with locally installed snaps with dangerous [14:00] pmcgowan: I think that's possible [14:00] pmcgowan: this is based on assertions [14:00] pmcgowan: so without assertions that will happen [14:01] zyga, ok thanks [14:05] Son_Goku: hah! INFO: Done(/home/simon/rpmbuild/SRPMS/golang-github-ojii-gettext.go-0-0.1.gitb6dae1d.fc25.src.rpm) Config(default) 0 minutes 36 seconds [14:05] yay [14:05] Son_Goku: ok, this is pretty rough, where can I submit for review? [14:06] process is mentioned in https://fedoraproject.org/wiki/Join_the_package_collection_maintainers#Create_Your_Review_Request [14:09] ok [14:10] morphis: note that first review is a bit different [14:10] morphis: you need a space to put your spec file and srpm [14:10] yeah [14:10] morphis: after the first review you get assigned space (though not sure since fedorahosted was shut down) [14:10] fedorahosted != fedorapeople [14:11] fedorahosted was like Debian Alioth [14:11] except using Trac instead of FusionForge [14:11] fedorapeople is just a space for people to use :) [14:12] PR snapcraft#1216 closed: cleanbuild: don't copy cache into container [14:13] aaah [14:13] so that's fine [14:13] * zyga wonders why this doesn't work [14:13] http://paste.ubuntu.com/24235103/ [14:15] PR snapcraft#1217 opened: tour: make it work when its a snap [14:16] zyga: fyi https://github.com/snapcore/snapd/pull/2624#issuecomment-288732682 [14:16] PR snapd#2624: cmd/snap-confine: re-associate with pid-1 mount namespace if required [14:28] jdstrand: checking [14:28] jdstrand: noted [14:38] Pharaoh_Atem: https://bugzilla.redhat.com/show_bug.cgi?id=1435327 [14:39] Pharaoh_Atem: this is mostly what gofed gave me + some small additions to get the tests running [14:39] zyga: ^^ === chihchun is now known as chihchun_afk === JanC_ is now known as JanC [14:59] morphis: left comments on review [15:00] Pharaoh_Atem: great [15:06] Pharaoh_Atem: fine for you if I update the spec and srpm at the same location? [15:06] yes, just make sure you note it as a comment [15:06] it's not significant enough to require anything else... [15:07] aye [15:09] Pharaoh_Atem: done === Tryum_ is now known as Tryum [15:32] PR snapcraft#1218 opened: asset-tracking: use a more likely to be found global build-package [15:41] hi all which test ran on a snap as soon as published on a channel? [15:42] Pharaoh_Atem: for the other package I need to see why gofed crashes on it [15:54] PR snapd#3073 opened: overlord: make sure all managers packages have *state.go with the main state manipulation/query APIs [16:01] morphis: ERROR: 'Error [Errno socket error] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) downloading https://mm.gravedo.de/files/golang-github-ojii-gettext.go-0-0.1.gitb6dae1d.fc25.src.rpm' (logs in /home/makerpm/.cache/fedora-review.log) [16:02] what? [16:02] Pharaoh_Atem: it's singed by LetsEncrypt [16:02] maybe that is the issue here for your build host [16:14] PR snapcraft#1219 opened: kernel plugin: learn how to assemble the ubuntu config using kconfigflavour [16:29] PR snapd#3074 opened: configstate,hookstate: limit runtime of the configure hook to 1 minute [16:46] morphis: something isn't set up right with your cert, since the only thing that lets me access it is Chrome [16:59] PR snapd#3073 closed: overlord: make sure all managers packages have *state.go with the main state manipulation/query APIs [17:35] anyone seen returns: "snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid [17:35] permission escalation attacks" [17:35] before? [17:36] ThiagoCMC: can you post `snap version` as well? [17:36] sure [17:36] 1 sec [17:36] "dpkg -l | grep snapd" = snapd 2.22.6 [17:37] It is a fresh installed Ubuntu 16.04.2 [17:37] better use "snap version" [17:37] Oh... [17:37] and also make sure to have all updates before trying to use snap [17:37] "apt full-upgrade" was executed a few minutes ago... [17:37] snapd is on a pretty frequent SRU cadence [17:37] sandvine@juju-1:~$ snap version [17:37] snap 2.23.1 [17:37] snapd 2.23.1 [17:37] series 16 [17:37] ubuntu 16.04 [17:37] kernel 4.8.0-41-generic [17:38] that looks better :) [17:38] damn... pasted my private login... lol [17:38] dont worry we're all saints here [17:38] So, how to fix: "snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks" ? [17:38] we wont tell anyone (only the IRc logs and google will though) [17:38] I know.... ^_^ [17:38] that's ok.. haha [17:39] looks like zyga is already off ... snap-confine is his area :/ [17:39] found this http://askubuntu.com/questions/888497/snap-confine-refuses-to-launch-application-to-avoid-permission-attack [17:39] no answers but.. [17:39] I found that too... =/ [17:40] So, http://conjure-up.io/ instructions are basically, broken. :-( [17:40] ThiagoCMC: you aren't on mint are you? [17:40] Nop! [17:40] Ubuntu 16.04.2, fresh installed. [17:41] from Ubuntu Server ISO... [17:41] hmm [17:42] so where was "dpkg -l | grep snapd" = snapd 2.22.6 run from? [17:42] hello [17:42] b/c your snap version shows 2.23.1 [17:42] ah [17:42] stokachu: hey [17:42] zyga: hey! [17:42] so I wrote that part [17:42] zyga: have a user running into snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks [17:42] stokachu: I'm curious where are you running this [17:42] PR snapcraft#1218 closed: asset-tracking: use a more likely to be found global build-package [17:42] ThiagoCMC: ^ [17:42] zyga: ThiagoCMC is the user with the issue [17:42] snap 2.23.1 [17:42] snapd 2.23.1 [17:42] series 16 [17:42] ubuntu 16.04 [17:42] stokachu: is this on Ubuntu or is this somewhere else? [17:42] kernel 4.8.0-41-generic [17:42] zyga: yea ubuntu 16.04.2 [17:42] ThiagoCMC: hey [17:42] Hey! [17:42] very interesting [17:43] ok, can you please look at ... [17:43] seems up to date and all [17:43] sudo cat /sys/kernel/security/apparmor/profiles [17:43] ThiagoCMC: can you please run that and pastebin [17:43] 1 sec [17:43] oh, that looks like a hwe kernel btw [17:44] zyga, https://paste.ubuntu.com/24236144/ [17:44] yeah, Linux 4.8 [17:44] ThiagoCMC: thanks, so lines 12 and 13 are what we needed to see [17:45] ThiagoCMC: can you please set SNAP_CONFINE_DEBUG=yes and run something that is a snap [17:45] Let me try [17:46] zyga, you mean, something like "conjure-up openstack" ? [17:46] ThiagoCMC: or even hello-world if you have that snap installed [17:46] (the smaller the better) [17:47] right, 1 min... [17:48] zyga, https://paste.ubuntu.com/24236164/ look good [17:48] ThiagoCMC: now run it [17:50] zyga, https://paste.ubuntu.com/24236179/ [17:51] hmmm [17:51] so hello-world worked [17:51] yep [17:51] now run what you tried earlier [17:51] maybe I need "$ sudo conjure-up openstack", with "sudo" ? [17:51] instructions on conjure-up.io doesn't tell to use sudo... [17:52] ThiagoCMC: that error you saw should never show up [17:52] =( [17:52] ThiagoCMC: maybe conjure-up runs some snap commands itself [17:52] easy to reproduce... [17:52] ThiagoCMC: can you run conjure up again? [17:52] sure [17:53] LOL Worked after a reboot! [17:53] WTF! =P [17:53] ThiagoCMC: curious [17:53] Windows! [17:53] aheuHAEuae [17:53] ThiagoCMC: what did you do before reboot? [17:53] ThiagoCMC: what that error message said essentially [17:53] ThiagoCMC: is that snap-confine didn't have its apparmor profile loade [17:53] *loaded [17:53] zyga, "sudo snap install conjure-up --classic" then reboot [17:53] otherwise, "conjure-up openstack" doesn't work... [17:54] aha [17:54] hehehe [17:54] hmmm [17:54] well [17:54] no idea really :/ [17:54] ThiagoCMC: thanks, if this happens again please report it [17:54] Looks like that conjure-up.io needs a review! [17:54] It happens all the time! [17:54] oh? [17:54] I tried it 3 times... [17:54] can you report a bug with instructions on how to cause it? [17:54] I never saw that myself [17:54] yes [17:54] ThiagoCMC: you are the only one to hit this issue [17:55] aaah [17:55] I think I know [17:55] I'm the Master of Bugs! ;-) [17:55] well, maybe suspect [17:55] suspect this is related to classic confinement which does not reset PATH [17:55] so you run with your own path [17:55] but ... [17:55] nah [17:55] that doesn't explain anything [17:55] Right, I'll even record my screen and upload to youtube, then, fill a "video bug report" on launchpad [17:56] thanks [17:56] i'd like to reproduce it [17:56] ThiagoCMC: if you can report that I would appreciate the details [17:56] ThiagoCMC: then we can get to the bottom of it [17:56] Sounds cool! I'll be happy to help! [18:05] hey there. i'm packaging an app and while it runs completely fine if i start it through /snap/app/current/usr/bin/app, it just prints "F" and quits if i start it from /snap/bin [18:05] does anybody have a clue what could be wrong please? [18:09] Bizon: iirc, /snap/bin apps are just wrapper scripts? you might be able (as root) to use bash -x or so (maybe, check what the script is first, i guess) to see what command is failing? [18:11] nacc, they aren't wrapper scripts anymore, they're symlinks [18:11] nacc: /snap/bin apps are symlinks to snap run [18:12] nacc, snapd uses those symlinks to determine the environment programatically, so it's a little opaque [18:12] kyrofa: ah! sorry, i dont' follow it actively, was going off what i recalled [18:12] Bizon: sorry for the misinformation! [18:12] nacc: np [18:12] nacc, oh no criticism meant on my part. You were absolutely correct until a few releases ago [18:12] hmm, now i see with snap run i can do --shell and try run it manually right? [18:13] Bizon: if you run it via /snap/bin it gets confined [18:13] Bizon, `snap run --shell` will put you into a shell confined with the same environment as the app, so yeah, try that [18:13] Bizon, I assume it'll fail the same way as when you run the app in /snap/bin/ [18:13] Bizon: if you run it from /snap/$SNAP_NAME/current/... you just run whatever is there unconfined [18:14] Pharaoh_Atem: that is lets-encrypt I guess [18:14] kyrofa: it doesn't, i get a ldd error [18:14] Bizon: Note you need to provide any command line arguments yourself [18:14] Bizon, ah, you're missing the snapcraft wrapper that's probably setting LD_LIBRARY_PATH for you, then [18:14] kyrofa: It'd be nice to get rid of those wrappers at some point [18:14] kyrofa: We have the environment settings support now [18:14] kyrofa: oh, i have that [18:15] niemeyer, I doubt it'll ever happen. Some plugins actually inject real shell script [18:15] kyrofa: running the wrapper i get just F again [18:15] niemeyer, i.e. not just exports [18:16] kyrofa: It'd be nice to find an alternative to that [18:16] kyrofa: Also, this is not a reason to not move the env itself into snap.yaml [18:16] niemeyer, I agree that they're an annoying level of redirection. What sort of alternative to you envision? [18:16] kyrofa: FIrst step would be to kill the wrapper altogether unless necessary [18:17] kyrofa: In the conversation above, note how the shell ends up in a completely different environment from the one the application will actually run on [18:17] kyrofa: More complexity, more confusion, ... [18:17] niemeyer, yes, like I said, I agree [18:17] kyrofa: So let's do it :) [18:18] but yeah, if i run the app, i just get "F" printed to stderr, not even a line break [18:18] and it quits immediately [18:18] niemeyer, but the environment keyword only supports state variable definitions, which doesn't cover all use-cases. The catkin plugin for example actually has real shell scripting in there [18:18] s/state/static/ [18:19] niemeyer, I'm not clear on a viable alternative [18:19] zyga, "conjure-up openstack", after staring the OpenStack deployment, failed again: https://paste.ubuntu.com/24236284/ [18:19] I'll give it up for now... :-( [18:21] ThiagoCMC: hmmm [18:21] ;-( [18:21] ThiagoCMC: is that because of snap-confine? [18:21] Pharaoh_Atem: ok, retry, should work now [18:21] no idea... [18:21] I'll try juju only, conjure-up is not working. [18:22] niemeyer, snapcraft could start placing all of its static environment in the snap.yaml and only generate those wrappers as a more special case for the plugins that need them, but that switches the order around so the plugin's environment doesn't come first which may have unintended side effects [18:23] kyrofa: In which sense would it not come first? [18:24] PR snapcraft#1217 closed: tour: make it work when its a snap [18:24] niemeyer, right now snapcraft evaluates the plugin environment and then sets the stuff it knows it needs (LD_LIBRARY_PATH, PATH, etc.). If that was moved into the snap.yaml, snapd would evaluate it before the plugin's environment was evaluated [18:24] niemeyer, changing the LD_LIBRARY_PATH ordering, etc. [18:26] kyrofa, where do I read about the environment keywword [18:26] kyrofa: This sounds like the more natural choice? [18:27] kyrofa: Defaults usually come first [18:27] ThiagoCMC, that pyhon stacktrace is probably something stokachu would like to see too [18:28] niemeyer, perhaps, I'm simply stating that it's a change that could have unintended side effects. We should be careful [18:29] ogra_, right... I posted on #juju as well... I'll ping him... In the end of the day, conjure-up.io instructions does not work. [18:30] pmcgowan, haha, I'm having a heck of a time finding docs for you, that's bad [18:30] kyrofa: Indeed, but note that this only affects new builds [18:30] kyrofa, yeah I did look myself [18:32] is there a way to run https://snapcraft.io/docs locally? the 3-4s page loads are slow enough to be annoying. [18:33] niemeyer, new or not, if the builds I publish via daily CI started breaking because of snapcraft changes I'd be unhappy [18:34] Regardless, I agree that it's something to move toward. Those wrappers drive me nuts [18:34] \o/ [18:34] Just don't want to put more work on the shoulders of snap developers [18:36] pmcgowan, mind logging a bug about the environment keyword? [18:37] pmcgowan, you can see a demo of it here if you're curious, though: https://github.com/snapcore/snapcraft/blob/master/demos/git/snap/snapcraft.yaml [18:37] kyrofa, what do I log against [18:37] pmcgowan, definitely snapcraft, though I couldn't find anything in snapd either [18:37] ok [18:38] kyrofa, as long as the wrapper needs to do things conditionally, this only helps a bit [18:38] pmcgowan, yeah that's what niemeyer and I were talking about. As soon as something other than static variables are required, we require wrappers [18:39] kyrofa, or most of the time to even set them you test something [18:39] PR snapd#3075 opened: overlord: split out handlers.go in devicestate and snapstate, other small order/naming tweaks [18:39] like to make the arch specific path [18:39] or find the right socket location [18:40] pmcgowan, indeed. Check out what the catkin plugin has to do: https://github.com/snapcore/snapcraft/blob/master/snapcraft/plugins/catkin.py#L381 [18:40] oy vay [18:41] Soo many faces on keyboards [18:41] there is a backslash missing ... [18:41] ... i'm sure ... [18:41] :P [18:42] kyrofa, michi reported one already at bug #1666745 [18:42] Bug #1666745: environment appears to be undocumented [18:42] morphis: package approved [18:42] Oh good! [18:43] Shush ogra_ [18:43] pmcgowan, https://github.com/myriadrf/snapcraft-sandbox/blob/master/limesdr-grc/snapcraft.yaml a good example for environment btw [18:43] morphis: however, you're not quite done yet :) [18:45] niemeyer, would it be downright dreadful to support more verbose shell in snapd instead of just static variables? [18:45] niemeyer, the point pmcgowan makes is a good one [18:45] Pharaoh_Atem: you mean with submitting that package? [18:45] niemeyer, but I can see that resulting in really gross YAMLs [18:46] But as far as snapcraft is concerned, we already have the scriptlets [18:46]