/srv/irclogs.ubuntu.com/2017/03/28/#snappy.txt

mwhudson	who can i bribe to get https://github.com/snapcore/snapd/pull/3065 merged?	00:58
mup	PR snapd#3065: Allow seeding a snap with classic confinement <Created by cyphermox> <https://github.com/snapcore/snapd/pull/3065>	00:58
cyphermox	mwhudson: I can ping zyga in the morning to see what's missing with that merge.	01:09
cyphermox	I meant to today, but when I thought of it it looks like it was too late, he wasn't online.	01:09
mwhudson	cyphermox: fair enough	01:12
cyphermox	mwhudson: if someone else answers before then... well we'll see here :)	01:14
mwhudson	cyphermox: yeah pinging at this time of day is more in hope than expectation	01:14
mup	PR snapcraft#1222 opened: beta <Created by snappy-m-o> <https://github.com/snapcore/snapcraft/pull/1222>	03:03
mup	PR snapcraft#1222 closed: beta <Created by snappy-m-o> <Closed by elopio> <https://github.com/snapcore/snapcraft/pull/1222>	04:21
mup	PR snapd#3089 opened: interfaces: drop udev tagging from framebuffer interface <Created by chunsangjeong> <https://github.com/snapcore/snapd/pull/3089>	06:12
mup	PR snapd#3083 closed: tests: move unity test to nightly suite <Created by fgimenez> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/3083>	06:40
didrocks	ubuntu-make classic snap is still not published on amd64 (but acked on all other archs) since yesterday. Is that an oversight?	06:46
mup	PR snapd#3065 closed: Allow seeding a snap with classic confinement <Created by cyphermox> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/3065>	06:47
mup	PR snapd#3071 closed: many: ignore configure hook failures on core refresh <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/3071>	06:48
mup	PR snapd#3078 closed: tests: remove stale apt proxy leftover from cloud-init <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/3078>	07:26
mardy	pstolowski: hi! I'll address the chanegs requested by Jamie -- thanks for your other updates!	08:17
mup	PR snapd#3090 opened: hookstate: add ability to report hook failures to the errtracker <Created by mvo5> <https://github.com/snapcore/snapd/pull/3090>	08:20
pstolowski	mardy, cool, yw!	08:26
mup	PR snapd#3064 closed: packaging: rename the file shipping snap-confine AA profile <Critical> <Created by zyga> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/3064>	08:31
ptrtng	Question: How do I access data on a mounted ntfs partition from a snappy-packaged application on 16.04? paths on mounted drive don't show up. fsstab uses fuseblk fs as per installation.	08:36
ogra_	ptrtng, did you try using the removable-media interface ?	08:46
ogra_	(assuming your partition mounts under /media this should be accessible)	08:47
ptrtng	here is my current fstab entry: UUID=XXXXXXXXXXXXXXXX /data ntfs uid=1000,gid=1000,users,nodev,noexec,noatime 0 0	08:49
ptrtng	note uid and gid are from my own tries to bend the user to my username. didn't work.	08:49
ptrtng	the /data dir is accessible from bash and file manager.	08:50
ptrtng	the current mount entry is: /dev/sdb1 on /data type fuseblk (rw,nosuid,nodev,noexec,noatime,user_id=0,group_id=0,default_permissions,allow_other,blksize=4096)	08:50
ogra_	the /data dir wont be accessible by snaps ... as i said ... use something like /media/ntfsdrive to mount it and use the removable-media interface in your snap	08:54
mup	PR snapd#3091 opened: interfaces/seccomp: add bind as part of the default seccomp policy for hooks <Created by morphis> <https://github.com/snapcore/snapd/pull/3091>	08:55
=== vigo_ is now known as vigo
ogra_	ppisati, should bluetooth work on the pi3 ? did you ever test that ?	08:58
ptrtng	ok. I removed the fstab entry. mounted using dolphin. mount says: dev/sdb1 on /media/USERNAME/data type fuseblk (rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other,blksize=4096,uhelper=udisks2) .	08:59
ogra_	ptrtng, goo, now make your snap use the removable-media interface and your snap apps should be able to see it	08:59
chani	guys i have a fundamental question	08:59
ogra_	*good even	08:59
chani	does snaps use os level virtualization	09:00
ptrtng	ok. thats why the app doesn't see the /media directory.	09:00
ogra_	no, snaps dont use virtualization by default	09:00
ptrtng	BTW its not my own. I merely try to use it.	09:00
ogra_	well, then you should probaly contact the developer so he/she adds that interface :)	09:01
chani	so how is the isolation of snaps atchived	09:01
ogra_	ppisati, bug 1674509 ... and i'm not sure if it shoudl work (i definitely see the devices created in dmesg if i load the module)	09:01
mup	Bug #1674509: Unable to find bluetooth device on RPi3 running Ubuntu Core 16 <Snappy:New> <https://launchpad.net/bugs/1674509>	09:01
chani	*achieved	09:02
ogra_	chani, via apparmor, seccomp and namespaces	09:02
ogra_	chani, https://developer.ubuntu.com/en/snappy/guides/security-whitepaper/ has all the dirty details	09:02
ptrtng	@orgac thanks for your help. I see me just using apt in this case. Pity.	09:03
nothal	ptrtng: No such command!	09:03
chani	thanks ogra	09:03
ptrtng	pitty	09:03
ogra_	ptrtng, what app was it ? i'm sure the maintainer would like to know about your issue	09:03
ogra_	(i know i would if it was my app)	09:03
chani	i have one more issue though	09:04
ptrtng	the snap in question is: openmvs 0.7.0-2a41453-0 2	09:05
ptrtng	sorry I was wrong the app is: mve 20170210-0 1 mardy.	09:06
chani	i have used apache as my stage-packages and once i have installed the app	09:07
chani	i want the apache to start	09:07
ptrtng	From the same people. I'll contact them by myself. Thanks for the help	09:08
chani	i tried to start it through my terminal it seems to use my system path rather than snap application path to search for files	09:09
ogra_	mardy, mind adding support for the removable-media interface to mve ? sounds like a valid addition if you want to use files from removable media	09:09
mardy	ptrtng, ogra_: hi :-)	09:09
ogra_	:)	09:09
mardy	sure, I'll do that	09:09
ptrtng	thanks!	09:09
chani	like it fetches webpages from /var/www rather than /snap/my_app/current/var/www	09:09
ogra_	chthen you need to adjust the config	09:10
chani	so what should i do to make the root of my apache /snap/my_app/current/	09:10
ogra_	choh, wait ... how do you start it ? you should have a daemon entry in your snapcraft.yaml for it and use systemctl if it is a daemon	09:10
chani	so if i write a bash file and run it as a deamon it would by default use my /snap/my_app/current/ as root	09:12
ogra_	yeah	09:12
chani	did i get it right	09:12
chani	ok thanks i will try that thanks :)	09:13
ogra_	an example is at: https://github.com/snapcore/snapcraft/blob/master/demos/webcam-webui/snap/snapcraft.yaml and https://github.com/snapcore/snapcraft/blob/master/demos/webcam-webui/webcam-webui is a script it uses to run the httpd and a cam capturing service in a loop	09:13
ppisati	ogra_: uhm, i don't remember testing it, and the problem on the rpi3 is that serial and bluetooth are contending the uart	09:15
ppisati	ogra_: i need to test it	09:15
ogra_	koza, see above ... we are not actually sure BT should work on the pi3 ...	09:15
chani	the bash script uses #!/bin/bash as its shell right so when the deamon runs the bash file will it use bash shell to run the script	09:16
chani	if so how is the root changed to /snap/my_app/current/	09:17
ogra_	thats done by a builtin wrapper when the snap app gets executed	09:17
ogra_	along with adding $SNAP/lib to your library path etc	09:17
=== ycheng is now known as ycheng-afk
chani	where can i get the details of this implementation. just out of curiosity :P	09:18
chani	is it in the whitepapers	09:19
ogra_	i think there is some of it, yeah ... under FHS	09:20
ogra_	and in "Snap security policy" too	09:20
chani	thanks a lot ogra i was struck on the changing root dir for a day now it would have been a day or more if you didn't clarify it. :) :) :)	09:24
mardy	ptrtng: try "snap refresh"	09:37
mup	PR snapd#3092 opened: interfaces: capitalize Udev... as UDev <Created by zyga> <https://github.com/snapcore/snapd/pull/3092>	09:38
mup	PR snapcraft#1223 opened: kernel plugin: check_config() and check_initrd() support <Created by piso77> <https://github.com/snapcore/snapcraft/pull/1223>	09:49
morphis	Pharaoh_Atem: looks like we have one minor issue left for i386 builds of snap-confine	10:06
morphis	Pharaoh_Atem: https://copr-be.cloud.fedoraproject.org/results/mrmorph/snapcore/fedora-25-i386/00533426-snapd/build.log.gz	10:06
koza	ogra_, hey, reading	10:14
koza	unity	10:15
didrocks	jdstrand: unsure if it's on your plate as well or not: ubuntu-make classic snap is not published on amd64 (but acked on all other archs) since yesterday. Is that an oversight?	10:25
=== hikiko is now known as hikiko\|bbl
zyga	jdstrand: hey, can you review https://github.com/snapcore/snapd/pull/3091	11:22
mup	PR snapd#3091: interfaces/seccomp: add bind to default seccomp template for hooks <Created by morphis> <https://github.com/snapcore/snapd/pull/3091>	11:22
=== hikiko\|bbl is now known as hikiko
ptrtng	mardy: I just tried your meshlab-mardy snap. I am seeing the same external-disks-accessible' issue as with openmvg. Would you care to fix that too?	11:51
mardy	ptrtng: which version is it ("snap info")?	12:15
mardy	ptrtng: for some reason it seems that "snap refresh" is not actually updating anything, weird	12:15
zyga	mardy: snap refresh is not updating devmode snaps	12:16
zyga	mardy: which OS is this?	12:16
zyga	mardy: we had a bug where we'd mark everything as devmode unless confinement was on	12:16
zyga	mardy: so no snaps would update	12:16
zyga	mardy: we'd fix core as a special-case but not any other snap	12:16
mardy	zyga: I'm on xenial, the snapcraft.yaml has "confinement: strict", but I don't remember if I used --devmode when installing it	12:18
Son_Goku	mardy: check bash history :)	12:18
mardy	Son_Goku: eh, that was long ago :-)	12:18
zyga	mardy: snap info says tihs	12:19
Son_Goku	if you didn't clobber ~/.bash_history, it should still be there	12:19
zyga	mardy: if you see devmode there it's devmode	12:19
ptrtng	mardy: I used 'meshlab-mardy 2016.12-20170302-2 4'	12:20
mardy	zyga: oh, could it be that I installed it from a local snap? I see that "publisher" is empty: http://paste.ubuntu.com/24267528/	12:21
ogra_	mardy, (x2) tells you it was local, yeah	12:24
zyga	mardy: yes	12:24
zyga	mardy: those won't refresh	12:24
mardy	zyga, ogra_: ah ok, that's expected, sorry for the noise	12:24
mup	PR snapd#3093 opened: cmd: discard the C implementation of snap-update-ns <Created by zyga> <https://github.com/snapcore/snapd/pull/3093>	12:33
jdstrand	didrocks: it was approved but not released. I don't personally release snaps after they are approved since the I don't know what channel things should go in. I think popey may have approved these yesterday though. anyway, if you want to release it still (I see you have a new upload for amd64), you can use snapcraft to do so (or just tell me here what channels it should go to)	12:45
jdstrand	zyga: hey, sure	12:45
didrocks	jdstrand: yeah, I noticed that meanwhile, it was actually done, great!	12:49
zyga	jdstrand: thank you	13:03
morphis	zyga: ok, you're right, it is the missing largefile support: https://paste.ubuntu.com/24267713/	13:03
zyga	morphis: glad to hear that was it	13:05
ogra_	xfs ?	13:05
ogra_	why the hell is anyone using xfs :P	13:05
ogra_	(apart from IBM)	13:05
Son_Goku	IBM would be using JFS	13:06
morphis	ogra_: its for some constants coming from xfs/xqm.h for confinement	13:06
Son_Goku	SGI was XFS	13:06
ogra_	oh, right, not IBM	13:06
zyga	yeah, just constants	13:06
morphis	Son_Goku: btw. if you have a min, I've updated the templating PR	13:08
mardy	ptrtng: done, please refresh meshlab	13:09
davmor2	ogra_: would it annoy you if someone did use xfs.....if so they are probably using it because I paid them to annoy you sorry ;)	13:10
mardy	ptrtng: there's a problem though: you need to explicitly type /media/<user> in the filename field, because the /media directory itself is not actually readable	13:10
Son_Goku	morphis: you need to fix snapd.system-shutdown.service too	13:11
Son_Goku	mvo: hey, you there?	13:13
morphis	Son_Goku: you mean adding template vars to it?	13:13
Son_Goku	morphis: yep	13:13
morphis	Son_Goku: it's not going to be used on any classic system, that is why I skipped it	13:14
Son_Goku	if you're going to do this, do it right :)	13:14
Son_Goku	you never know	13:14
morphis	and if you don't want people to use it another way than what it is supposed for then enforcement is better	13:15
morphis	AFAIK we don't test it anywhere else and therefor shouldn't ship it as an option	13:16
morphis	but leave this up to mvo and zyga	13:16
Son_Goku	your makefile already installs it	13:16
ogra_	davmor2, well, the paste was showing pokey-linux ... which is usually embedded ... using something like xfs or zfs in embedded would be rather insane (memory hog)	13:16
Son_Goku	morphis, and it's better to not presume that you guys will be the only "Snappy" system producers	13:17
davmor2	ogra_: hahahahaha	13:17
Son_Goku	I know zyga keeps shooting me down about it, but I fully expect that someone will want to build a snappy system on CentOS or Yocto or whatnot	13:17
ogra_	Son_Goku, we''ll just trademark it :P	13:17
Son_Goku	ogra_: you already did :/	13:18
morphis	Son_Goku: but you mean by "snappy" system? that word is already too overloaded :-)	13:18
ogra_	clever us ;)	13:18
Son_Goku	morphis: I mean that a system is composed as a snap-centric system like Ubuntu Core	13:18
Son_Goku	except not being Ubuntu based	13:18
ogra_	morphis, yeah, we should trademark "core" :)	13:18
Son_Goku	ogra_: too generic :)	13:18
morphis	:-)	13:18
zyga	coreOS ;-)	13:19
Son_Goku	Canonical holds trademarks for "Ubuntu Core" and "Ubuntu Snappy Core", think	13:19
ogra_	yeah	13:19
ogra_	to specific :P	13:19
Son_Goku	but if I want to make "Fedora Snappy Core", it's not particularly difficult	13:19
morphis	zyga, mvo: its your call on templating for snapd.system-shutdown.service or not	13:19
davmor2	ogra_: I think the gym guys beat you too it and intel and ..... well you know the list goes on	13:19
zyga	Son_Goku: fedora core, like ubuntu core, mozilla ;-)	13:19
zyga	Son_Goku: make it an user-agent problem	13:19
Son_Goku	well, Fedora Core was a thing :)	13:19
ogra_	ubuntu core was a thing since 6 years or so	13:20
ogra_	but not the core you are looking for :)	13:20
Son_Goku	ogra_: Fedora Core was the original name of the Fedora distribution :)	13:20
Son_Goku	when Red Hat Linux was merged into the Fedora Project, "Fedora Core" represented the RHL bits	13:20
Son_Goku	that name is still trademarked by Red Hat	13:21
morphis	Son_Goku: btw. do you have packages for snapd-glib somewhere too?	13:25
Son_Goku	in Fedora dist-git	13:25
Son_Goku	that builds fine and can be upgraded	13:25
Son_Goku	it just can't be installed because snapd isn't available	13:25
Son_Goku	zyga is the maintainer of snapd-glib, you'll need to request comaint privs on pkgdb	13:25
morphis	Son_Goku: ok, let me do that	13:29
morphis	Son_Goku: still waiting for the golang-* packages to be added to pkgdb here .	13:29
Son_Goku	morphis: poking people in #fedora-admin might be appropriate then	13:30
morphis	Son_Goku: sounds like a good idea	13:30
morphis	Son_Goku, zyga: ok also requested admin access for snapd / snapd-glib	13:33
Son_Goku	zyga, morphis: I've approved snapd-glib ACLs, but I'm going to wait on snapd ones until after you have your golang stuff	13:36
morphis	Son_Goku: aye	13:37
morphis	Son_Goku: thanks	13:37
morphis	zyga: ok, https://github.com/morphis/snapd/commit/26a1a4b695d608596c76ee84ee00e9ecf4188267 solves the xqm.h problem but it looks a bit clumpy	13:37
zyga	looking	13:38
zyga	morphis: you can alternatively use a custom checker and just #define the right stuff inside	13:39
zyga	morphis: no need to touch CFLAGS	13:39
morphis	zyga: no that doesn't work	13:39
morphis	I tried it	13:39
morphis	but can't explain yet why ..	13:40
morphis	zyga: https://paste.ubuntu.com/24267906/	13:41
zyga	morphis: no idea, autotools magic	13:43
morphis	let me try one thing ..	13:43
morphis	actually that paste is wrong one .. but anyway	13:44
cyphermox	mvo: ta, this will really help	13:48
mup	PR snapd#3094 opened: cmd: rework header check for xfs/xqm.h <Created by morphis> <https://github.com/snapcore/snapd/pull/3094>	13:50
morphis	zyga: ^^	13:50
zyga	morphis: checking	13:54
steve_fi	Hey, I've created an Ubuntu Core LXD container and I want to be able to create users on it (which I think means I need to make the system writable) ... According to this man page (http://manpages.ubuntu.com/manpages/xenial/man5/writable-paths.5.html) I should be editing the file /etc/system-image/writable-paths however, it doesn't exist and I cannot find it anywhere on the container, does anyone have any ideas?	14:10
ptrtng	mardi: I've checked out your meshlab update: Fails. See https://pastebin.com/gafuPLAg for more info.	14:17
mup	PR snapd#3093 closed: cmd: discard the C implementation of snap-update-ns <Created by zyga> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/3093>	14:41
NicolinoCuralli	hi all is it possibile to bind udp/67 port in strict mode?	14:43
mup	PR snapd#3095 opened: cmd/snap-update-ns: add C preamble for setns <Created by zyga> <https://github.com/snapcore/snapd/pull/3095>	14:51
kyrofa	jdstrand, if I publish a gadget and also publish a snap that uses a serial-port slot provided by that gadget, do I need an assertion to autoconnect those?	15:17
jdstrand	kyrofa: you may need to today, but my understanding was that the gadget snap has a voice in autoconnection, so I think the design is you shouldn't	15:19
kyrofa	jdstrand, alright, I may be pinging you about that in a bit, then	15:20
jdstrand	kyrofa: if it doesn't work, I can issue a snap decl if needed, but please file a bug in that case	15:20
kyrofa	Sounds good	15:20
kyrofa	Yeah this has been a good exercise	15:20
jdstrand	I don't have the specifics on gadgets and autoconnection. I think morphis has done a few though	15:20
morphis	jdstrand, kyrofa: AFAIK this isn't possible today	15:26
kyrofa	morphis, alright, thank you	15:28
morphis	kyrofa: according to what I've heard from pedronis this should be possible in some way later	15:29
morphis	kyrofa: btw. I've started to use the nextcloud snap recently and have it now in a production environment, awesome work :-)	15:34
kyrofa	morphis, why thank you!	15:35
morphis	kyrofa: I really liked how it did everything for me including the lets-encrypt setup	15:35
morphis	magic :-)	15:35
kyrofa	morphis, yeah that took some time to work out, heh	15:36
morphis	coming from a 14.04 setup where I throw everything away no because they told me to install php5.6 from some ppa to be still able to install nextcloud 11	15:36
morphis	s/no because/now because/	15:36
kyrofa	Yeah it was always painful to maintain for me, too	15:37
morphis	but having something coming officially from nextcloud is quite nice and is enough for my trust level :-)	15:37
morphis	yeah	15:37
morphis	its quite interesting that they officially still state they support 14.04 where they clearly don't unless you install php from a ppa which also ships a patched version of openssl ..	15:37
kyrofa	Haha, "we support 12.04 too!"	15:38
morphis	:-D	15:38
morphis	kyrofa: I always only believe those things when I see and feel it them	15:38
kyrofa	morphis, the only weirdness with the snap is that automatically updating will sometimes disable your apps	15:39
kyrofa	morphis, keep that in mind, if they disappear, just re-enable them, you didn't lose anything	15:40
kyrofa	morphis, they're working on fixing that in nextcloud itself, sounds like	15:40
morphis	kyrofa: yeah .. had this with the regular install too	15:43
morphis	always had my dad crying his calendar and contacts disappeared :-)	15:44
kyrofa	Yeah... annoying	15:45
morphis	kyrofa: but good to know they are fixing this at the root of the whole thing	15:50
mup	PR snapcraft#1224 opened: tests: fix name registration window limit test to latest changes <Created by elopio> <https://github.com/snapcore/snapcraft/pull/1224>	15:55
kyrofa	barry, in case you didn't notice, snapcraft v2.28 is in -updates	16:18
barry	kyrofa: oh cool. i don't see them in rmadison yet, but that might just be delay. as soon as the autopkgtests w/o -proposed passes, i can land the branch and get u-i 1.0 classic snap uploaded	16:22
barry	kyrofa: conveniently, it's lunch time :)	16:22
kyrofa	barry, hmm... indeed, I may have lied	16:23
kyrofa	barry, yeah it's verification-done, but not in -updates yet. I may have been fooled by an lxd container setup with proposed darnit, sorry	16:27
mup	PR snapd#3096 opened: many: abstract path to /bin/{true,false} <Created by morphis> <https://github.com/snapcore/snapd/pull/3096>	16:30
cachio	jdstrand, hey	16:36
cachio	jdstrand, tyhicks , I was making some changes to the dbus performance tests and I noticed the big overhead is when the confinment is not strict	16:37
cachio	jdstrand, tyhicks in case the confinement is strict the overhead is aroud 15 to 20 %	16:38
tyhicks	cachio: when you say "when the confinement is not strict", are you referring to devmode, classic, or both of those confinement modes?	16:40
cachio	devmode	16:41
tyhicks	interesting	16:41
cachio	tyhicks, I used to install it with --devmode	16:41
cachio	then I removed that and I started getting results with 15-20$ of overhead	16:42
tyhicks	cachio: to make sure I understand, the dbus mediation with strict confinement mode is within our expected range (15-20%)	16:42
cachio	tyhicks, yes	16:42
cachio	agree	16:42
tyhicks	cachio: the dbus mediation with devmode confinement mode sometimes exceeds our expected range (> 25%)	16:42
tyhicks	ok	16:42
tyhicks	that could be really helpful when reviewing the code	16:42
cachio	tyhicks, it is about 35% with devmod confinment	16:43
tyhicks	cachio, jdstrand: this is starting to feel like an auditing overhead to me	16:46
tyhicks	cachio: are audit messages being sent to /var/log/syslog for every message you send?	16:47
tyhicks	cachio: you'll have a ton of apparmor="ALLOWED" messages if that's the case	16:48
cachio	tyhicks, let me see	16:48
cachio	tyhicks, well there are many entries for dbus in syslog	16:52
cachio	tyhicks, but not sure if there are so many to cause that	16:52
tyhicks	cachio: is there one that looks to repeat a lot?	16:52
tyhicks	cachio: if so, please paste it	16:52
cachio	tyhicks, this one http://paste.ubuntu.com/24268835/	16:53
tyhicks	cachio: ok, that is definitely coming from dbus-daemon	16:54
tyhicks	the in-code overhead for a devmode snap talking on dbus is two calls to this function: http://paste.ubuntu.com/24268842/	16:55
tyhicks	however, if the message/signal is not allowed by the snappy policy, it'll generate an audit message through libaudit which could add significant overhead if a large number of messages/signals are sent	16:56
cachio	tyhicks, something that also could help you is that I am also plugging the mount-observe interface	17:00
cachio	tyhicks, could that affect in the results?	17:00
Pharaoh_Atem	mvo: would it be possible to split the vendoring for snapd into an overlay tarball?	17:00
Pharaoh_Atem	that is, a tarball that is overlaid on top of an unvendored snapd tarball	17:00
tyhicks	cachio: I don't think so	17:01
barry	kyrofa: cool. if it's verification-done, it'll show up soon enough	17:04
kyrofa	ogra_, I just noticed that the Dragonboard gadget has architectures: [armhf]	17:11
kyrofa	ogra_, shouldn't that be arm64?	17:11
zyga	jdstrand: hey	17:12
jdstrand	zyga: hey	17:14
zyga	jdstrand: can you please try to review https://github.com/snapcore/snapd/pull/3091 today, I think mvo wants this for an SRU	17:14
mup	PR snapd#3091: interfaces/seccomp: add bind to default seccomp template for hooks <Created by morphis> <https://github.com/snapcore/snapd/pull/3091>	17:14
jdstrand	zyga: I plan to	17:15
zyga	jdstrand: it's a workaround for golang doing "bind" and snapctl	17:15
jdstrand	I read it. I'm thinking about my response	17:15
sergiusens	barry: kyrofa I haven't pulled the trigger yet on releasing to -updates	17:15
zyga	jdstrand: aha, that's great, I just wanted to make sure you had an eye on this before it gets merged (it has two +1s)	17:15
barry	sergiusens: what's the hold up?	17:16
jdstrand	cachio: curious-- are you connecting the interface when in strict mode and not connecting the interface in devmode?	17:17
jdstrand	tyhicks: ^	17:17
Pharaoh_Atem	zyga: did you have a chance to talk to mvo about overlay tarballs?	17:18
jdstrand	people sometimes forget to connect their interfaces in devmode...	17:18
zyga	Pharaoh_Atem: no, because there was no release plan decision until today	17:18
zyga	Pharaoh_Atem: I'll ask	17:18
Pharaoh_Atem	zyga: cool	17:18
zyga	mvo: Pharaoh_Atem had an idea that we could release vanilla git tree + the vendor/ directory separately as that would ease packaging	17:18
zyga	Pharaoh_Atem: for vendorized builds we would consume both tarballs	17:18
zyga	Pharaoh_Atem: and for de-vendorized builds just one	17:19
zyga	Pharaoh_Atem: it shouldn't be be harder than what we do now (vendorized)	17:19
zyga	er	17:19
zyga	mvo: ^^	17:19
* zyga is tired		17:19
Pharaoh_Atem	it would make it much less painful for supporting EL7 builds along with Fedora builds	17:19
zyga	mvo: and once we have a script for making this should be essentially free	17:19
* zyga needs to walk again		17:20
zyga	(offline)	17:20
kyrofa	jdstrand, could you take a look at the dragonboard-turtlebot-kyrofa gadget when you're able, please?	17:22
kyrofa	Same thing as the amd64 gadget (serial-port workaround)	17:22
cachio	jdstrand, I am connecting in both	17:25
cachio	jdstrand, it is the same execution	17:25
cachio	jdstrand, the diff is the when I install	17:25
jdstrand	kyrofa: done	17:26
jdstrand	cachio: the diff is when you install? I don't understand. you mean you see a difference between when you install and when you connect the interfaces? as such, in strict mode before connecting and complain mode before connecting?	17:27
kyrofa	jdstrand, thank you!	17:27
jdstrand	(you see a difference)	17:27
jdstrand	kyrofa: I made a change to the review tools as well. the pc gadget should now pass automated review, but this one will be a little while for prod	17:28
kyrofa	jdstrand, indeed I've already experienced the pc passing, thank you :)	17:28
cachio	jdstrand, I install, then I connect and then I run the tests	17:37
cachio	jdstrand, that for strict and devmode	17:38
cachio	jdstrand, all the steps are equal, but hte install	17:38
cachio	jdstrand, the diff I see is when I run the tests	17:38
cachio	it is once the whole snap setup is done	17:38
jdstrand	ok	17:39
jdstrand	tyhicks: ^ (you probably figured all that out already...)	17:39
mup	PR snapd#3091 closed: interfaces/seccomp: add bind to default seccomp template for hooks <Created by morphis> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/3091>	18:08
kyrofa	Hey barry, I just hit an interesting python problem if you have a sec	18:29
barry	kyrofa: i do	18:29
kyrofa	I have a plugin that ends up pulling two dependencies, one of which is python2, the other is python3	18:30
kyrofa	barry, which means that I have two different python installs essentially contained in my part directory	18:31
kyrofa	barry, however, I only have one PYTHONPATH. Is there a way for me to set an environment that says "python2 stuff look here, python3 stuff look there"?	18:31
barry	kyrofa: unfortunately there isn't. $PYTHONPATH is the same envar for both python2 and python3. you'll have to put that on the command line, e.g. PYTHONPATH=foo:bar python2 whatever.py	18:32
kyrofa	barry, hmm... the problem is that a third dependency drives the actual build process, so I can't get anything into the cli	18:33
barry	kyrofa: hmm	18:33
kyrofa	Nasty	18:33
barry	yep :)	18:33
barry	too bad you can't just port the py2 bits to py3 :)	18:34
kyrofa	I didn't actually realize I had a python3 dependency in there until I saw a build failure happen on LP which apparently doesn't include lsb-release	18:34
barry	kyrofa: can you arrange for a module to get imported early in the build process?	18:34
kyrofa	barry, the build process is actually cmake. You would cry if you saw this	18:34
barry	because that module could test for the python version and then hack sys.path accordingly	18:35
barry	kyrofa: i'm tearing up just thinking about it ;)	18:35
kyrofa	barry, alright, thanks for the insight! I'll mull this over	18:36
barry	kyrofa: okay, good luck!	18:36
anorgrull	hi, trying to install snapd on a raspberry pi 3 running raspbian. Any shortcut from installing go and building from sources ?	18:37
kyrofa	anorgrull, I don't believe raspbian includes the necessary appamor kernel patches	18:37
kyrofa	anorgrull, zyga or morphis could probably talk you through building the necessary bits while disabling confinement, if you want to go that route	18:38
zyga	anorgrull: hey	18:41
zyga	anorgrull: hmm, raspbian is based on which version of debian now?	18:41
zyga	anorgrull: you may be able to just get it	18:41
kyrofa	barry, I suppose PYTHONPATH will still be needed even if I use .pth files?	18:41
zyga	anorgrull: in any case you can build snapd from source	18:41
anorgrull	maybe recompiling kernel to add it seem possible, an other route is to swich to ubuntu	18:41
zyga	anorgrull: I'd love to know how that feels like	18:41
zyga	anorgrull: a while ago I wrote this: https://new.zygoon.pl/post/case-study-snapd-on-centos/	18:42
zyga	anorgrull: it's a centos build but the main idea holds	18:42
barry	kyrofa: ah, that's a good (as in evil :) hack. if the .pth is on the normal import path you won't, but if you need to put that in a non-standard place, you will. you can do a lot with .pth files (for better or worse ;)	18:42
kyrofa	barry, I seem to remember that python checks in ~/.local somewhere by default as well as the system-wide location?	18:44
barry	kyrofa: there are differences depending on whether you're running it interactively or not, but you can always find out definitively with `python3 -c "import sys; print(sys.path)"	18:47
kyrofa	barry, wait... since the part owns the python in question I can create wrappers/aliases that set the right environment. Disgusting, but the best option yet I think	18:48
kyrofa	It also owns the PATH, so I can make sure those are called	18:48
barry	kyrofa: that's definitely the better way to go. i've done $PATH hacking in my snapcraft.yaml (originally also needing to hack $PYTHONPATH but then found i didn't need it). i'm not sure if the environment section can apply to a single part or to the whole thing (don't remember, didn't affect u-i)	18:50
kyrofa	Good deal	18:51
=== E-werd is now known as beckyblack
=== beckyblack is now known as E-werd
=== E-werd is now known as rebeccablack
=== rebeccablack is now known as E-werd
sergiusens	is this "ask barry"? If so, I have a question -> https://bugs.launchpad.net/snapcraft/+bug/1675479	18:59
mup	Bug #1675479: python plugin doesn't work for namespace packages <openstack> <plugin> <Snapcraft:Confirmed> <https://launchpad.net/bugs/1675479>	18:59
kyrofa	Hahaha	18:59
sergiusens	we use pure upstream pip, setuptools and wheels... any weird thing you can think of?	18:59
barry	python story time with the flufl	19:00
sergiusens	the fix mentioned in there involved driving the install with setup.py instead of pip btw (in case you have better ideas)	19:00
barry	sergiusens: that's odd because 2.7 doesn't have pep 420 style namespace packages. it has a hacky thing but still requires __init__.pys	19:02
barry	or it can have a hacky thing if the top-level package puts stuff in __init__.py	19:02
barry	the paste deploy pastebin doesn't seem related to that because it's a top level package	19:03
mup	PR snapd#3097 opened: interfaces/seccomp: add bind as part of the default seccomp policy (backport) <Created by zyga> <https://github.com/snapcore/snapd/pull/3097>	19:03
barry	ah, nspkg.pth files. yeah those are magical and problematic	19:04
Pharaoh_Atem	zyga: so morphis' golang packages have been approved	19:05
mup	PR core#30 opened: Update core snap cloud-init configuration <Created by raharper> <https://github.com/snapcore/core/pull/30>	19:05
Pharaoh_Atem	they are awaiting his import of the packages	19:05
Pharaoh_Atem	he should make sure that golang-sig and you are comaintainers of the golang packages	19:06
Pharaoh_Atem	zyga: and you should also grant golang-sig similar privileges for your golang-* packages	19:06
Pharaoh_Atem	only commit privileges, not approveacls and such	19:06
sergiusens	barry: any clues on how to circumvent this or have the interpreter read these?	19:08
kyrofa	jdstrand, alright, I've got two gadgets that both provide a `kobuki` serial-port slot, and one snap that has a `kobuki` serial-port plug. I'd like to get that snap to autoconnect to both gadgets	19:08
kyrofa	jdstrand, how do I go about this?	19:08
sergiusens	barry: but bottom line is packages added with .pth don't need __init__.py ?	19:08
sergiusens	did I read that correctly?	19:08
jdstrand	kyrofa: give me all the snap names and I'll do a snap declaration for them. please file a bug that you cannot do this with the gadget since that is the design	19:09
kyrofa	jdstrand, will do. The app snap's name is turtlebot-demo-kyrofa	19:10
kyrofa	jdstrand, the gadgets are pc-turtlebot-kyrofa and dragonboard-turtlebot-kyrofa	19:10
barry	sergiusens: i believe that's the case, although it's dependent on a properly written .pth file. i believe the standard ones hack the top-level module object's __path__ to include the path to the sub-package, which python's import machinery uses to find subpackages	19:11
zyga	Pharaoh_Atem: sounds good, I will look into it	19:11
barry	(it's kind of a trick for them to do that level of __path__ hackery)	19:12
jdstrand	kyrofa: I've got several things I'm working on but will ping you when I add it	19:13
kyrofa	jdstrand, no rush, this week will make me happy	19:13
barry	sergiusens: it's all keyed off of sys.prefix and sys.exec_prefix. i'm not sure what snapped python's do to those variables	19:13
sergiusens	barry: nothing really to sys.prefix and sys.exec_prefix, we just rely on the interpreter figuring it out relative to its exec path	19:17
barry	sergiusens: in that case it should find .pth files relative to those paths	19:17
sergiusens	but now that you mention no __init__ I'll look into running coreycb's full example and see how it goes	19:17
barry	sergiusens: cool. let me know how it goes	19:18
* zyga EODs		19:20
zyga	Pharaoh_Atem: I'll work on golang-sig ACLs first thing tomorrow	19:20
Pharaoh_Atem	okay	19:20
anorgrull	<zyga>tanks for the tuto, but i'm stuck on getting some dependencies header's, will try ubuntu mate 16	19:21
zyga	anorgrull: good luck,	19:21
mup	PR snapd#3098 opened: cmd: Select what socket to use in cmd/snap{,ctl} <Created by mvo5> <https://github.com/snapcore/snapd/pull/3098>	19:24
mwhudson	ahem	20:04
mwhudson	$ snap info snapcraft \| grep ^summary	20:04
mwhudson	summary: "Single-line elevator pitch for your amazing snap"	20:04
kyrofa	Hahaha	20:04
kyrofa	You can tell it's not done yet	20:05
mwhudson	there is a certain irony here :)	20:06
mwhudson	kyrofa: will launchpad use snapcraft 2.28 yet or only once it hits xenial-updates?	20:06
kyrofa	mwhudson, depends on the pocket you use	20:06
kyrofa	mwhudson, if updates, then yeah	20:07
mwhudson	oh right	20:07
kyrofa	mwhudson, you can of course use proposed	20:07
kyrofa	mwhudson, but then everything comes from proposed	20:07
mwhudson	yeah, that's ok for me i think	20:07
mwhudson	i guess i could also copy 2.28 into a ppa and depend on that	20:08
kyrofa	Indeed, though that sounds annoying	20:08
* mwhudson shrugs		20:08
jdstrand	pmcgowan: the ubuntu-app-platform issue should be resolved	20:27
pmcgowan	jdstrand, great thanks, what was it	20:27
jdstrand	pmcgowan: the review tools were correct. needed to tweak the snap decl slightly	20:28
pmcgowan	I guess thats good	20:28
pmcgowan	let me try to republish	20:29
jdstrand	pmcgowan: hold on	20:29
jdstrand	pmcgowan: let me just rerun the checks	20:29
pmcgowan	holding	20:29
jdstrand	pmcgowan: actually can you request a manual review in https://myapps.developer.ubuntu.com/dev/click-apps/6271/rev/42/ and https://myapps.developer.ubuntu.com/dev/click-apps/6271/rev/43/	20:30
pmcgowan	jdstrand, 2 reviews requested	20:32
jdstrand	ok, I triggered the autoreview	20:32
jdstrand	pmcgowan: ok, armhf passed. running the autoreview for arm64	20:33
pmcgowan	great	20:34
jdstrand	pmcgowan: arm64 passed. feel free to release like normal	20:35
jdstrand	pmcgowan: fyi, I added a task to a card to add a simple verification tool to the review tools so this doesn't happen again	20:36
jdstrand	(to verify the snap decl)	20:36
pmcgowan	ok	20:36
pmcgowan	thanks	20:36
jdstrand	the store itself only does rudimentary checks. perhaps it could be made to use this tool when its written	20:37
kyrofa	Haha, eject has a security update? I must read this...	20:44
kyrofa	Dang	20:45
mup	PR snapd#3074 closed: configstate,hookstate: limit runtime of the configure hook to 5 minutes <Created by mvo5> <Closed by mvo5> <https://github.com/snapcore/snapd/pull/3074>	21:19

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!