/srv/irclogs.ubuntu.com/2017/03/29/#snappy.txt

kyrofajdstrand, I needed to push an update to the dragonboard-turtlebot-kyrofa gadget snap if you could take another look (changing the arch. For some reason the official one is armhf... ?)01:14
* mwhudson looks at the task of shuffling three releases and six architectures into tracks03:35
=== chihchun_afk is now known as chihchun
=== JanC is now known as Guest92965
=== JanC_ is now known as JanC
mupPR snapd#3090 closed: configstate,hookstate: timeout the configure hook after 5 mins, report failures to the errtracker <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/3090>06:58
mupPR snapd#3099 opened: configstate,hookstate: timeout the configure hook after 5 mins, report failures to the errtracker <Created by mvo5> <https://github.com/snapcore/snapd/pull/3099>07:01
Son_Gokumorphis: yo07:16
morphisSon_Goku: hey!07:16
Son_Gokuugh, I hate being up this early, but w/e07:17
Son_Gokuonce I'm up, I'm up07:17
morphis:-)07:18
Son_Gokumorphis: did you do your initial import of the golang packages yet?07:19
morphisSon_Goku: its on my list for this morning07:26
Son_Gokumorphis: the sooner, the better ;)07:32
morphisyeah07:32
morphisSon_Goku: first one builds for rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=1865783807:33
Son_Gokushit, you didn't import for F24, too?07:34
Son_Gokuaccording to pkgdb, you only requested branches for Rawhide, F26, and F2507:35
morphisSon_Goku: should I?07:36
Son_Gokuyes07:36
Son_GokuI expect to be able to build snapd at least ONCE for F2407:36
morphisok07:36
morphislet me change that07:36
morphisSon_Goku: however, I get "BuildError: package golang-gopkg-retry not in list for tag f27-pending"07:37
morphisany idea?07:37
Son_Gokunot really, no07:38
morphishttps://koji.fedoraproject.org/koji/taskinfo?taskID=1865783807:38
Son_Gokuyou might want to pop into #fedora-releng and ask about it07:38
morphisSon_Goku: done07:39
morphisSon_Goku: I maybe have an idea ..07:41
morphisSon_Goku: my fault, should be fixed now07:50
Son_Gokumorphis: did zyga show you how fedpkg workflow is supposed to work?07:51
morphisSon_Goku: https://fedoraproject.org/wiki/Join_the_package_collection_maintainers#Import.2C_commit.2C_and_build_your_package is what I am using07:51
Son_Gokuokay, good07:52
morphisSon_Goku: but it doesn't tell if the package is now directly available in rawhide or not, just that I need to use bodhi for anything !rawhide07:54
Son_Gokufor rawhide (which currently is f27), it will automatically transition f27-pending -> f2707:55
morphisok07:55
Son_Gokufor branched releases, (f26 and below), it will transition from fXX-pending -> fXX-update-candidate07:55
Son_Gokufrom there, you need to use "fedpkg update" to make them available07:56
morphisSon_Goku: ok, let me get builds for f26-2507:56
Son_Gokuthe pending tags refer to pending the packages being signed with the Fedora GPG key07:56
Son_Gokuin RPM distributions, we sign the packages themselves, so that they are cryptographically verifiable no matter how you got the package07:57
Son_Gokuuhh07:59
Son_Gokumorphis: you messed up golang-gopkg-retry-v107:59
Son_Gokuhttps://koji.fedoraproject.org/koji/rpminfo?rpmID=941692707:59
morphishow?07:59
Son_Gokulook at the Provides07:59
morphis%{import_path_sec} ?08:00
Son_Gokuyeah08:00
Son_Gokuyou used a macro that's not defined08:00
morphishm08:00
morphistime for an update then :-)08:00
Son_Gokuincidentally, please don't do commit reverts08:01
Son_Gokuyou can just incrementally commit like any other git repo08:01
morphisSon_Goku: isn't that what I do with a revert? but ok if that is considered a bad practise08:02
Son_Gokuwell, for imports it's bad08:02
Son_Gokubecause then no one can tell the actual change in the spec you did08:02
Son_Gokubtw, why does this obsolete gocheck?08:03
Son_Gokumorphis: I think you forgot to remove some stuff :)08:04
morphisyeah08:04
morphisSon_Goku: didn't we go through the review process :-)08:05
Son_Gokuyou didn't tell me you didn't generate it with gofed08:05
Son_GokuI don't look too much into gofed-generated specs because they're complex and usually correct08:06
morphisNot this one, the gettext one is; this one didn't pass gofed because its using gopkg.in and has two identities08:07
morphisSon_Goku: however, look at the top two commits in http://pkgs.fedoraproject.org/cgit/rpms/golang-gopkg-retry-v1.git/08:07
Son_Gokulooks good to me now08:08
morphislets see what the build says08:09
Son_Gokuyou'll need to bump the release08:09
Son_Gokuand add to the changelog08:09
Son_Gokuonce a successful koji build has occurred, you can never reuse the EVR again08:09
morphisyeah on that already08:09
morphisSon_Goku: f24 branches are there now too08:21
mupPR snapd#3100 opened: tests: fix interfaces-cups-control for zesty (#3035) <Created by mvo5> <https://github.com/snapcore/snapd/pull/3100>08:34
ogra_kyrofa, indeed it should, but since it is full of binaries and ubuntu-image doesnt complain it does technically not matter if it is armhf ... thanks for the pointer though09:03
mupPR snapd#3099 closed: configstate,hookstate: timeout the configure hook after 5 mins, report failures to the errtracker <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/3099>09:12
zygamorphis: hey, can you please have a look at https://github.com/snapcore/snapd/pull/309509:22
mupPR snapd#3095: cmd/snap-update-ns: add C preamble for setns <Created by zyga> <https://github.com/snapcore/snapd/pull/3095>09:22
Son_Gokuzyga: mixing C and Go like this seems like it'd make things worse rather than better09:24
morphiszyga: sure09:55
zygamorphis: thanks09:56
mupPR snapd#3100 closed: tests: fix interfaces-cups-control for zesty (#3035) <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/3100>09:58
morphiszyga: so why are we mixing C and Go code here?09:58
zygamorphis: because go cannot do what we want09:59
zygamorphis: see the comment up fron the bootstrpa.go09:59
zygabootstrap.go09:59
zygamorphis: if go had any control over threads we could09:59
zygamorphis: but alas, no09:59
morphisah I see you use a constructor10:01
morphistricky ..10:01
morphiswas searching the actual call to bootstrap from the Go code10:01
zygamorphis: yes, it's tricky but that's the only way we found to achieve this10:05
morphisis that a limitation of setns?10:06
morphisor a bug?10:06
zygamorphis: note that this is the 2nd approach10:06
zygamorphis: it's a feature, that's how setns is documented to work10:06
morphisI see10:06
zygamorphis: the 1st approach was all-C but the complexity of the code kept growning10:06
zygamorphis: and we had 1000s of lines of tests and code that would be far far shorter in go10:06
mupPR snapd#3029 closed: snapstate: introduce helper to apply to disk a alias states change for a snap (aliases v2) <Critical> <Created by pedronis> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/3029>10:07
morphiszyga: reviewed10:10
morphisSon_Goku: https://koji.fedoraproject.org/koji/rpminfo?rpmID=9416966 looks much better10:15
Son_Gokuyep10:15
morphisSon_Goku: let me get builds for everything else10:28
zygamorphis: thank you :-)10:29
* zyga has stuff to do now10:29
morphiszyga: np10:29
morphiszyga: btw. I see my deb builds for snapd failing because my shellcheck on xenial does not know about -x10:31
morphiszyga: looks like you changed that recently10:34
morphiszyga: is it intended that shellcheck isn't pulled in for the deb build?10:38
zygamorphis: ah, I noticed that too10:39
zygamorphis: yes, shellcheck is absent on 14.04 and I think it's not that critical anymore10:39
zygamorphis: we have less and less shell code10:39
morphiszyga: however with it installed the tests fail for me :-)10:39
zygamorphis: yeah, we'd have to check if shellcheck groks -x10:40
mupPR snapd#3101 opened: cmd: explicit use of snapd sockets (for 2.23) <Created by mvo5> <https://github.com/snapcore/snapd/pull/3101>10:40
zygamorphis: but I was too lazy to do that TBH (at the time)10:40
morphiszyga: ok, so we should have an explicit --disable-shellcheck in debian/rules until we have that10:40
morphisas otherwise a shellcheck present on the build host causes the build to fail10:40
zygamorphis: well, that's also too much, just DTRT or remove shellcheck10:42
zygamorphis: I wonder if shellcheck sans -x is actually useful10:42
zygamorphis: maybe just check if shellcheck exists *and* supports -x10:43
zygamorphis: than again, maybe not, -x is needed for out-of-tree builds AFAIR10:43
morphisfor now I removed shellcheck from my host but actually this is a problem we need to fix one or another way10:45
ogra_ppisati, i have added a linux-raspi2 task to bug 1674509 ... seems the documented overlays that should switch UARTs for BT use do not work11:12
mupBug #1674509: Unable to find bluetooth device on RPi3 running Ubuntu Core 16 <Snappy:Confirmed> <linux-raspi2 (Ubuntu):Confirmed> <https://launchpad.net/bugs/1674509>11:12
LinAGKarI don't seem to be able to run any graphical snaps on OpenSUSE Tumbleweed11:20
ogra_zyga, ^^ ?11:21
LinAGKarFor example when trying to run keepassxc I get:11:21
* LinAGKar sent a long message: LinAGKar_2017-03-29_11:21:22.txt - https://matrix.org/_matrix/media/v1/download/matrix.org/NYEoBtzLLcrJlbDYTqgPCHzA11:21
ogra_LinAGKar, is the x11 interface connected for the app ? perhaps SuSE doesnt auto-connect it ... check with "snap interfaces"11:29
LinAGKarIt says:11:31
LinAGKar:x11                      dwarf-fortress,keepassxc11:31
morphisSon_Goku: which karma level should I set for my bodhi requests?11:53
King_InuYashamorphis: "1"11:54
King_InuYashanew packages can't possibly have any terrible effect on things, so setting stable karma to "1" is fine11:55
morphisok11:55
morphisboth for stable and unstable?11:55
King_InuYashamorphis: for all branches you're making a bodhi update to, yes11:55
King_InuYashait should be 1 / -3 for the autokarma settings11:56
morphisKing_InuYasha: thanks!11:57
zygaogra_: hey, who had issues with X/Display?11:59
morphisSon_Goku: ok, bodhi requests are out now; added all in https://docs.google.com/document/d/1l9xS8RqSSjASNEIcHAOanlURNrpmfodf4Fd79QXdLG4/edit12:05
LinAGKarzyga: I did12:13
mupPR snapd#3052 closed: overlord: remove snap config values when snap is removed <Created by stolowski> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/3052>12:17
mupPR snapd#3102 opened: interfaces/mount: add function for parsing mount entries <Created by zyga> <https://github.com/snapcore/snapd/pull/3102>12:18
King_InuYashazyga, morphis: if you've tried the new build of golang-github-go-tomb-tomb like I have, you can leave positive feedback+karma to get the ball rolling: https://bodhi.fedoraproject.org/updates/?packages=golang-github-go-tomb-tomb12:23
morphisKing_InuYasha: sounds good!12:23
zygaLinAGKar: hey12:27
zygaLinAGKar: sorry for the lag, I was away12:27
zygaLinAGKar: can you tell me more12:27
zygaLinAGKar: I suspect you use KDE, is that correct?12:27
zygaKing_InuYasha: I'll try it back in the office, I didn't bring my VMs on the road today12:28
* ogra_ imagines zyga to have a bag with VMs in them ... 12:29
zygaogra_: really a HDD12:30
LinAGKarHi12:32
LinAGKarzyga: I do use KDE12:33
LinAGKarzyga: When I try to run keepassxc I get:12:35
LinAGKarNo protocol specified12:35
LinAGKarQXcbConnection: Could not connect to display :012:35
LinAGKarAvbruten (SIGABRT)12:35
LinAGKarOr for dwarf-fortress I get:12:35
LinAGKarGtk-Message: Failed to load module "canberra-gtk-module"12:35
LinAGKarNo protocol specified12:36
LinAGKarDisplay not found and PRINT_MODE not set to TEXT, aborting.12:36
mupPR snapd#3103 opened: interfaces/mount: add function for parsing fstab-like file <Created by zyga> <https://github.com/snapcore/snapd/pull/3103>12:37
LinAGKarThis is on OpenSUSE Tumbleweed, with snapd from the snappy OBS repo12:38
AndyS2oh, seems like it builds on opensuse now. interesting, that's why I originally joined this channel. thanks for the info, LinAGKar12:40
LinAGKarzyga: From snap interfaces I get this: https://pastebin.com/vqLxV0zd12:41
Son_Gokuniemeyer: does snapd's sources offer an API for things to build off of?12:46
Son_Gokuas a golang library, I mean12:47
niemeyerSon_Goku: Heya12:47
niemeyerSon_Goku: Yeah, let me get you a link12:47
Son_Gokuhey12:47
niemeyerSon_Goku: https://godoc.org/github.com/snapcore/snapd/client12:47
zygaLinAGKar: thanks, I think I know what this is about12:57
zygaLinAGKar: can you check if you have /tmp/.Xauthority file?12:57
zygamorphis: ^^12:58
zygaLinAGKar: (sorry for being disconnected earlier)12:58
LinAGKarzyga: I do not have that12:58
mupPR snapd#3104 opened: tests: fix unity test <Created by fgimenez> <https://github.com/snapcore/snapd/pull/3104>12:59
zygaLinAGKar: hmm, curious12:59
zygaLinAGKar: ok, which distribution relaease are you on?13:00
LinAGKarzyga: Tumbleweed, it's rolling release13:05
Son_Gokuzyga: I've got snapd built on Fedora for rawhide locally13:06
Son_Goku2.23.513:06
Son_Gokuwith nine patches13:06
coreycbhi, for snappy config schema, am i right to assume that eventually i'll be able to snap install xyz with a specific config schema, in order to set specific configs at install time?13:08
zygaLinAGKar: Ack, can you please report a bug on the systems:snappy repository13:17
zygaLinAGKar: we'll try the KDE build and debug it13:17
zygaLinAGKar: (I was using gnome out of habbit)13:18
zygaSon_Goku: anything serious?13:18
zygaSon_Goku: try out some snaps if you can13:18
zygaSon_Goku: but this feels like something that we will release soon13:18
Son_GokuI will, but I have to go to work first :)13:18
ogra_zyga, could it be that our xauth setup is a bit more losely defined than suses ? iirc we have a pretty lose setup for localhost13:18
zygaSon_Goku: understood, thank you, a *lot*  :-)13:18
zygaogra_: yes, perhaps13:18
zygaogra_: but I remember seeing something that fails in KDE13:18
zygaogra_: but works in GNOME13:18
ogra_yeah, might not be that13:19
zygaSon_Goku: FYI: https://forum.snapcraft.io/t/towards-working-snap-update-ns/23 :-)13:19
zygaogra_: because I checked tumbleweed in gnome and it was all good13:20
ogra_right, was just a thought13:20
Son_Gokuzyga: I'd like to have most of these patches merged in some form in an upstream release :/13:21
Son_Gokuby the way, I don't see a PR or a commit resembling the change for making snap-confine internal lib use libtool?13:22
zygaSon_Goku: I have that patch in suse, I'll try to merge it buuut we may not be able to13:22
zygaSon_Goku: because there's another PR that adds fine-grained control (per lib) of what to link in statically13:22
Son_Gokuso that PR will supersede it?13:23
zygaSon_Goku: anyway, I'm sure morphis will have a lot of fun upstreaming that :)13:23
LinAGKarzyga: Bug report here: https://bugzilla.opensuse.org/show_bug.cgi?id=103150113:28
mupPR snapd#3098 closed: cmd: select what socket to use in cmd/snap{,ctl} <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/3098>13:28
mupPR snapd#3101 closed: cmd: explicit use of snapd sockets (for 2.23) <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/3101>13:29
morphisSon_Goku, zyga: I am working through sorting all these patches so only have a minimal set downstream in the distributions13:31
morphisthat is also highly necessary to be able to build packages later on in CI13:31
zygamorphis: can you please look into that bug ^^13:31
zygamorphis: thanks for working on the patches!13:31
* zyga needs to get into the car, brb13:32
morphiszyga: will do13:32
Son_Gokumorphis: https://github.com/Conan-Kudo/snapd/commit/ad2f6b49603b920b7de13b0431587857d31aca86 (clean), https://gitlab.com/Conan_Kudo/fedorapkgs-snapd/tree/snapd-pkg-dev (actual tree)13:33
VktnSomebody here?13:33
VktnI need help13:33
VktnI wanted to install deepin music player in linux mint 18.113:34
Son_Gokumorphis: if it passes my basic sanity tests (that is, I can run some dead-simple snaps), then I'll prepare the update today13:34
morphisSon_Goku: 0008, 0007 can be dropped once we have 2.2413:34
morphisSon_Goku: awesome!13:35
morphisSon_Goku: 0006 too13:35
Son_Gokupatches 0001, 0004, 0007, and 1001 have not been merged in some form13:35
Vktn@Morphis can you help me13:35
nothalVktn: No such command!13:35
morphisSon_Goku: for 0007 there is a PR13:36
VktnBuddy the thing is I am installing in snap form13:36
morphisSon_Goku: https://github.com/snapcore/snapd/pull/309613:36
mupPR snapd#3096: many: abstract path to /bin/{true,false} <Created by morphis> <https://github.com/snapcore/snapd/pull/3096>13:36
Son_Gokumorphis: I'm aware, see comments :)13:36
morphisSon_Goku: don't see any on that PR :-)13:37
VktnIts stuck on "run configure hook of core snap if present"13:37
morphisVktn: what is the problem you have?13:37
Son_Gokulook at my gitlab repo spec file: https://gitlab.com/Conan_Kudo/fedorapkgs-snapd/blob/snapd-pkg-dev/snapd.spec13:37
morphisVktn: on which distribution you see this problem?13:37
VktnLinux mint 18.113:38
morphisSon_Goku: ah good13:38
VktnI know snap is not completely supported13:38
morphisVktn: you seem to be running into a bug we're currently fixing13:38
VktnBut I still tried to install by first installing package snapd as suggested by someone on reddit13:38
VktnOk thanks buddy13:39
VktnIt would be helpful if you give me some more information13:39
VktnIs it just because of linux mint13:39
Vktn?13:39
Son_GokuVktn: no, it's because snapd comes from Ubuntu for mint13:40
Son_Gokuand the bug affects ubuntu13:40
VktnOk thanks buddy :)13:41
VktnSomebody's also having same problem on mail-archive.com13:41
mupPR snapd#3105 opened: tests: download previous snapd package from published versions instead of specific PPA <Created by fgimenez> <https://github.com/snapcore/snapd/pull/3105>13:41
ogra_Son_Goku, we rolled back the affected core snap in the stable channel13:42
morphisSon_Goku: not necessarily, this is more what we see where AppArmor doesn't work13:42
ogra_so nobody should actualyl see it unless they are not using stable13:42
pedronismvo: niemeyer: do you think I can reapply the bits of my overlord reorg that I reverted to help with 2.23.6 ? I need to make snapstate changes and I think they would be better done after that is reapplied13:42
Vktnhttps://www.mail-archive.com/snapcraft@lists.snapcraft.io/msg02782.html13:43
morphisogra_: I feel this is more https://bugs.launchpad.net/snappy/+bug/167419313:44
mupBug #1674193: core snap's configuration hangs on debian | openSUSE | mainline kernel <Snappy:In Progress by morphis> <snapd (Debian):New> <snapd (Fedora):In Progress> <snapd (openSUSE):Fix Released by morphis> <https://launchpad.net/bugs/1674193>13:44
niemeyerpedronis: Can you open a topic for that with details?13:44
ogra_morphis, ah, right, there were two issues13:44
niemeyerpedronis: (what PRs, etc)13:45
morphisogra_: right, so in this case we run into the problem that the configure hook calls snapctl13:45
morphisand AppARmor + Seccomp are enabled for the snapd package in Mint13:45
ogra_yeah, i remember13:45
morphisso snapctl gets killed by seccomp13:45
morphisogra_: and https://github.com/snapcore/snapd/pull/3101 is what should fix this13:46
mupPR snapd#3101: cmd: explicit use of snapd sockets (for 2.23) <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/3101>13:46
morphisogra_: however in cases like Mint we now have the problem that people run into this problem still and I don't see a clear migration path13:47
ogra_yeah13:47
ogra_well, update snapd is obviously the path :)13:47
ogra_we just need to release it13:48
morphisogra_: yes13:48
morphisogra_: and problem is that we can even recommend manually adding bind to the seccomp profile as it will be regenerated on every core snap updated ..13:51
morphisVktn: we're about to release snapd 2.23.5 which will fix that problem which mainly is one on distributions having AppArmor disabled and seccomp on which is the case for Mint13:51
Son_Gokumorphis: anyway, while I'm at work, please work on trying to get the patch situation resolved: https://gitlab.com/Conan_Kudo/fedorapkgs-snapd/blob/snapd-pkg-dev/snapd.spec#L49-6513:52
jdstrandmorphis: note https://github.com/snapcore/snapd/pull/3101 is the proper fix for this13:52
mupPR snapd#3101: cmd: explicit use of snapd sockets (for 2.23) <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/3101>13:52
jdstrandmorphis: and https://github.com/snapcore/snapd/pull/309813:52
mupPR snapd#3098: cmd: select what socket to use in cmd/snap{,ctl} <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/3098>13:52
Son_Gokumorphis: also leave feedback for the golang-github-go-tomb-tomb package in bodhi13:53
morphisjdstrand: right, but will not help people being blocked by the bug it fixes right now unitl 2.23.6 lands13:53
jdstrandmorphis: both merged now13:53
* jdstrand nods13:53
morphisSon_Goku: sure but we wont get them all in for 2.23.x13:53
morphiswe can drop them with followup upstream releases13:53
Son_Gokumorphis: I just want them all in master13:53
jdstrandmorphis: but it is nice that a simple core update will resolve it13:53
morphisSon_Goku: before we release a package to fedora?13:54
jdstrandthat's all I meant13:54
Son_Gokumorphis: yes it's fine13:54
morphisjdstrand: yes13:54
Son_Gokumorphis: well it doesn't matter about that13:54
* jdstrand hugs mvo for fixing that and the noisy denial in on shot13:54
Son_Gokubut ideally I need something for documenting all the patches13:54
Son_Gokumorphis ^13:54
Son_Gokusnapd moves too quickly for out of tree patches to be sustainable13:54
morphis+113:55
morphiswe only have on left so I will take care13:55
Son_Gokuso at the minimum, I need PRs13:55
Son_Gokuideally, they would all be merged into master :)13:55
Son_Gokuanyway, g2g13:56
Son_Gokubye13:56
zygaSon_Goku: o/13:56
Son_Gokuzyga: hi13:56
Son_Gokuzyga: quick catchup: I need at least all patches listed here to have PRs: https://gitlab.com/Conan_Kudo/fedorapkgs-snapd/blob/snapd-pkg-dev/snapd.spec#L49-6513:56
Son_Gokuideally, all of those should be merged in master13:56
Son_GokuI do not mind carrying patches, I do mind carrying them forever13:57
morphisSon_Goku: if you just need a PR, that's a minute work :-)13:59
Son_Gokumorphis: at LEAST a PR14:00
mupPR snapd#3106 opened: tests: enable docker test for more ubuntu-core systems <Created by fgimenez> <https://github.com/snapcore/snapd/pull/3106>14:04
=== vigo is now known as vigo|lunch
* mvo hugs jdstrand for his excellent analysis of the problem14:21
pedronisgoing ahead (https://forum.snapcraft.io/t/finish-overlord-reorg-to-enable-further-work/37/3)14:21
kyrofaogra_, if you use snapcraft to build and then release, it ends up in the armhf set of channels, which means when you use ubuntu-image to build (and specify arm64), ubuntu-image doesn't find it. Are you building in a different way?14:24
ogra_nope, weridly it pulls the right stuff from the store for me14:25
ogra_kyrofa, you are using https://github.com/snapcore/dragonboard-gadget right ?14:25
kyrofaogra_, indeed14:26
ogra_oh, and i see you changed it there14:26
kyrofaogra_, well, I _offered_ to change it there ;)14:26
* zyga goes to pick up kids from school14:26
ogra_yeah, mvo was fast and already merged it14:26
kyrofaOh nice. I haven't gone through my emails yet14:27
ogra_ogra@dragonboard:~$ snap info dragonboard|grep refresh14:27
ogra_refreshed:   2016-10-28 13:04:19 +0200 CEST14:27
ogra_ugh14:27
* ogra_ notes that we have actually never used the GH one then14:28
ogra_so tomorrows dragonboard edge image will be interesting :)14:30
kyrofaHa!14:31
=== vigo|lunch is now known as vigo
mupPR snapd#3107 opened: overlord: finish reorg, revert "be more conservative until we have cut 2.23.x" <Created by pedronis> <https://github.com/snapcore/snapd/pull/3107>14:34
pmcgowanjdstrand, crap does unity8 trigger manual review? I added it back thinking it was ok now14:40
=== ogra_ is now known as ogra
jdstrandpmcgowan: yes, it is reserved for Canonical employees14:41
jdstrand"The 'unity8' interface is in development and not yet ready for production. Please remove from your snap's plugs and feel free to reupload. After that your snap should pass automated review."14:41
jdstrandthat is what we say to non-Canonical ^14:41
pmcgowanjdstrand, ok but I need to wait for a review now? would be happy to reupload14:42
jdstrandpmcgowan: you are a Canonical employee. you can either remove it, or I can add a snap decl14:42
jdstrandnote if I grant it, you'll get an email that says "Granting use of the 'unity8' interface to Canonical employee. Note that this interface is not complete and subject to break applications at any time."14:42
jdstrand:)14:43
pmcgowan:)14:43
pmcgowanlet me remove it and re-upload jdstrand14:43
=== ogra changed the topic of #snappy to: Package any app for any Linux desktop, server, cloud or device. Read how on http://www.snapcraft.io | File a bug: https://bugs.launchpad.net/snappy/+filebug, join the snapcraft discussion https://rocket.ubuntu.com/channel/snapcraft | Join the forum: https://forum.snapcraft.io
pedronismvo: niemeyer: proposed https://github.com/snapcore/snapd/pull/310714:45
mupPR snapd#3107: overlord: finish reorg, revert "be more conservative until we have cut 2.23.x" <Created by pedronis> <https://github.com/snapcore/snapd/pull/3107>14:45
pmcgowanjdstrand, how do I get those out of the review queue? I rejected the first one14:45
mupPR snapd#3108 opened: cmd: use libtool for the internal library <Created by morphis> <https://github.com/snapcore/snapd/pull/3108>14:47
pmcgowanrejected them all then14:47
jdstrandpmcgowan: ok. yeah, there is a mechanism in the web frontend of the store to reject them that it seems you found14:48
=== ChanServ changed the topic of #snappy to: Join the forum: https://forum.snapcraft.io/t/when-to-use-forum-vs-irc/38
ograerr14:52
=== ogra changed the topic of #snappy to: Package any app for any Linux desktop, server, cloud or device. Read how on http://www.snapcraft.io | File a bug: https://bugs.launchpad.net/snappy/+filebug, join the snapcraft discussion https://rocket.ubuntu.com/channel/snapcraft | Join the forum: https://forum.snapcraft.io
=== chihchun is now known as chihchun_afk
mupPR snapd#3109 opened: Merge 2.23.6 release back into master <Created by mvo5> <https://github.com/snapcore/snapd/pull/3109>14:59
kyrofaHey jdstrand, what is the rationale for requiring manual review of gadget snaps? They're completely unusable without creating an image seeded with it, right?15:04
ograkyrofa, probably to make sure nobody steals the name15:05
jdstrandkyrofa: cause the necessary assertions dictated by the design of the system aren't implemented yet15:06
jdstrandkyrofa: in other news, I approved your snap earlier if you didn't see15:06
* ogra saw it on G+ :)15:06
ograuappexplorer is very helpful there :)15:06
kyrofaogra, that's registration15:10
ograyeah, indeed15:10
kyrofajdstrand, ahh, makes sense okay15:10
kyrofajdstrand, I did see, thank you! Now my images generate15:11
morphismvo: does 2.23.6 enable reexecution from core again?15:11
morphismvo: seeing snap crashing in cmd.ExecinCoreSnap() on Yocto with 2.23.615:12
=== ChanServ changed the topic of #snappy to: Join the forum: https://forum.snapcraft.io/t/when-to-use-forum-vs-irc/38
morphismvo: this is when using the current beta core snap15:12
niemeyerogra: Can we please keep the simpler topic for a while.. we can revert after a few days, once the regulars here are aware15:12
niemeyer(or we can keep it as well.. let's see what happens)15:13
mvomorphis: it has not chnaged anything, maybe we need to blacklist on yocto15:13
mvomorphis: blacklist re-exec there - what kind of crash do you get?15:13
niemeyermvo, morphis: Good topic for the forum thread?15:14
ograniemeyer, well, that sigles out the snapcraft people as well as hiding the docs15:14
morphismvo: https://mm.gravedo.de/files/crash-yocto.png15:14
niemeyerogra: The topic is dynamic.. we can bring it back later15:14
morphisniemeyer: :-)15:15
zygamorphis: you need to add yocto to a blacklist to have that15:15
niemeyerogra: My hope is also that the snapcraft developers come along15:15
zygamorphis: reexec is on by default15:15
morphisahh15:15
niemeyerogra: For the same reasons stated in that topic15:15
ograniemeyer, well, a forum is not a chat ...15:15
ograbut we'll see15:15
niemeyerogra: Actually, according to the real definition of "chat", it is15:15
ograheh, well, lets agree to disagree on that one :)15:16
niemeyerogra: You'll need to disagree with the dictionary rather than with me15:16
niemeyerogra: We could be having that unnecessary discussion there just as well.. I'm glad we're not, though. :)15:17
* niemeyer steps out for lunch15:17
ograheh15:17
morphismvo, zyga: where is the blacklist in snapd?15:18
zygamorphis: I think in cmd/cmd.go15:20
morphisok15:20
morphiszyga: and here it gets tricky ..15:20
morphiswe can't really predict what the release id is for Yocto based systems15:21
morphisso SNAP_REEXEC it means here15:22
zygamorphis: that's fine, we will support a reference yocto image15:22
zygamorphis: and over time the reasons for having the blacklist will go away15:23
zygamorphis: it's just a temporary measure15:23
morphiszyga: what means temporary? one release cycle?15:23
niemeyerSorry, came back quickly just to not leave snapcraft in a bad place in the forum15:23
niemeyerkyrofa, sergiusens, ogra: https://forum.snapcraft.io/c/snapcraft15:23
zygamorphis: a few cycles15:23
niemeyerLet's please have a hangout at some point today to discuss more details of this initiative15:23
* niemeyer back to lunch15:24
morphiszyga: sounds like "later this year"15:25
zygamorphis: once we have CI for yocto (reference) we can add that15:25
zygamorphis: and once the issues are fixed we can remove that entirely15:25
zyganiemeyer: the forum died?15:25
zygahttps://forum.snapcraft.io/ gives me "network error"15:25
ograworks here15:25
zygamorphis: with you on board I think that's faster15:26
morphiszyga: hah :-)15:26
zygamorphis: we have snap-confine that's detached from reexec15:26
zygamorphis: and we have known ways to fix that15:26
zygamorphis: we also need to have snap-confine talk to snapd better15:26
zygamorphis: then we have no issues15:26
morphiszyga: let me do a distro-patch for now15:27
zygamorphis: for blacklist? feel free to merge that back15:28
morphiswill do15:29
morphiszyga: btw. the open-suse bug exists on 42.2 too, so its not wayland15:30
zygamorphis: are you sure? maybe 42.2 has wayland too/15:30
zygamorphis: btw, fedora 25 has wayland/gnome as default15:30
zygamorphis: worth checking15:30
morphisit doesn't15:32
morphisits using xcb platform here so no wayland natively in KDE15:32
zygamorphis: aha15:34
zygamorphis: well, so it's not wayland15:34
pedronisniemeyer: I created a topic around the things we discussed after standup: https://forum.snapcraft.io/t/transactionality-locking-and-other-concurrency-coordination/5015:34
zygamorphis: curious what it might be15:34
morphiszyga: looking15:35
mupPR snapd#3110 opened: cmd: add poky to the list of distros which don't support reexec <Created by morphis> <https://github.com/snapcore/snapd/pull/3110>15:36
morphiszyga: ^^15:37
zygamorphis: perfect, thanks15:40
niemeyerpedronis: Woah, sweet!15:42
morphiszyga: this is a KDE specific problem, same distro using gnome shell those apps work15:54
morphiszyga: I have the feeling there is some disagreement between what the Qt/gtk version in those snaps expect and what they get from KDE in this case15:55
niemeyerpedronis: Do you have at hand the etherpad link for the snap aliases discussion we had?  I want to complete the topic about it including the user experience we discussed (or a tweaked version of it)15:56
pedronisniemeyer: we have the gdoc , it probably needs a bit of edits after what we discussed yesterday though15:58
niemeyerpedronis: Found it, thanks!15:59
morphisseb128: ping16:13
mupPR snapd#3111 opened: snapd: initial implementation for systemd software watchdog for snapd <Created by mvo5> <https://github.com/snapcore/snapd/pull/3111>16:19
mupPR snapd#3107 closed: overlord: finish reorg, revert "be more conservative until we have cut 2.23.x" <Created by pedronis> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/3107>16:26
LinAGKarzyga: I don't seem to be able to run those apps under GNOME either (I'm now on my desktop with Leap 42.2 BTW). Maybe it has something to do with, KDE being installed first, or with SDDM?16:39
morphisPharaoh_Atem: I've pushed a PR for the last patch without a PR reference, see https://github.com/snapcore/snapd/pull/310816:43
mupPR snapd#3108: cmd: use libtool for the internal library <Created by morphis> <https://github.com/snapcore/snapd/pull/3108>16:43
jdstrandkyrofa: hey, can you see if installing turtlebot-demo-kyrofa auto-connects the interface? either pc or dragonboard is fine16:47
kyrofajdstrand, sure, I'll generate a new image now and try it16:47
jdstrandkyrofa: curious. is the demo snap preinstalled?16:48
kyrofajdstrand, indeed16:48
jdstrandI don't know if this is going to help then. morphis saw issues with preinstalled snaps and auto connection16:48
jdstrandand that was without a snap decl involved16:49
kyrofaHmm... that somewhat defeats the purpose of my blog series, haha! Let me try and see16:49
kyrofajdstrand, I guess it depends on how snapd deals with that on boot, eh?16:50
kyrofaIf this image doesn't work, I'll make an image without it preinstalled and see if it auto-connects upon install16:51
jdstrandkyrofa: I could do the snap decl for the gadget (slot) or the app (plug). I chose the gadget, but can also try it for the app16:53
kyrofajdstrand, alright, I'll keep you in the loop here, see if we can't get this to happen16:53
jdstrandkyrofa: fyi, here is the bug about not being able to do this in the gadget snap: https://bugs.launchpad.net/snappy/+bug/164407416:55
mupBug #1644074: auto connect none auto-connect interfaces of snaps in gadget snap <Snappy:New> <https://launchpad.net/bugs/1644074>16:55
kyrofajdstrand, oh darn, I logged one too against snapd16:56
jdstrandI didn't know the one I just pasted existed (just found it looking for another bug)16:57
kyrofaYeah, I've stopped looking in the snappy project :P16:58
kyrofaI logged bug #167701516:58
mupBug #1677015: My app snap's plug is not auto-connected to my gadget snap's slot <snapd:New> <https://launchpad.net/bugs/1677015>16:58
kyrofajdstrand, hey hey, your snap decl change worked16:59
jdstrandoh!17:00
jdstrandnice :)17:00
kyrofajdstrand, did you do it for both gadgets?17:00
jdstrandI did17:00
kyrofajdstrand, wonderful, thank you :)17:01
jdstrandnp17:01
* jdstrand updates wiki for instructions on working around lack of gadget auto-connect with snap decls17:01
kyrofajdstrand, what is the logic in the snap decl exactly: "this app snap can automatically connect to my slot" ?17:03
kyrofaSimilarly, if you did it from the app snap side: "I can automatically connect to that gadget snap's slot" ?17:03
jdstrandkyrofa: in each of the gadget snaps, there is this snap decl: http://paste.ubuntu.com/24275679/17:04
jdstrandkyrofa: (for the slot)17:04
kyrofaAh ha, okay same page17:04
jdstrandkyrofa: from the app's side, I'd use the slot-snap-id in the plugs17:05
kyrofaWith the gadget's snap ID17:05
jdstrandkyrofa: I chose the gadget's snap decl since I figured that it is better mimicking what we are working around: ie, the gadget saying what can autoconnect17:05
kyrofaIndeed17:05
kyrofaAnd agreed17:05
kyrofajdstrand, I'm going to write the list with a summary email with some of the issues encountered during this process, just want to make sure I understand17:06
jdstrandkyrofa: sounds great17:09
kyrofajdstrand, does that snap decl apply to updates, as well?17:14
kyrofajdstrand, pedronis any idea what this means? task.go:303: DEBUG: 2017-03-29T17:26:45Z ERROR cannot deliver device serial request: Cannot process serial request for device with brand "4tSgWHfAL1vm9l8mSiutBDKnnSQBv0c8", store can sign serial only for brand "canonical"17:29
kyrofaMy demo snap stops running after that, it seems17:29
zygakyrofa: it means that you have a custom gadget snap17:33
zygakyrofa: and as the brand owner you need to deploy a serial vault to sign assertions from your devices17:33
zygakyrofa: the one from canonical doesn't sign assertions from other brands17:34
kyrofazyga, any reason why that would halt my app service?17:34
zygakyrofa: it would not17:34
zygakyrofa: this is just a debug log from snapd17:34
mupPR snapd#3110 closed: cmd: add poky to the list of distros which don't support reexec <Created by morphis> <Merged by zyga> <https://github.com/snapcore/snapd/pull/3110>17:34
zygakyrofa: but maybe a bug related to this fact is affecting something else17:35
zygakyrofa: suggestion to use the forum :)17:35
jdstrandkyrofa: fyi, I see the same thing on bbb from ogra. it doesn't seem to affect anything functionally17:36
ograwhat did i break ?17:36
ogra:)17:36
zygaogra: you didn't deploy a serial vault for bbb17:41
jdstrandogra: nothing. just saying your bbb gadget throws up the same debug message as kyrofa's gadget17:41
ograyeah, because my last name isnt canonical17:41
ogra:)17:42
* jdstrand notes that kyrofa thought the debug message might be causing a problem. I was reassuring him it doens't seem to17:42
kyrofajdstrand, I'm not sure... whenever I first boot, my service starts running fine, then I see http://pastebin.ubuntu.com/24275842/17:43
kyrofaThe service spams the logs, but once that print happens it stops showing anything and the bot stops moving17:44
kyrofaThe service is still running though.... something weird is happening here17:44
zygaogra: you make a mistake here, it's *your* brand now, the bbb gadget is not owned by canonical17:44
ograzyga, ?17:44
zygaogra: you said your last name is not canonical17:45
ograyes, the model assertion is completely created by me17:45
jdstrandkyrofa: idk, just saying I have a service that doesn't suffer from that17:45
zygaogra: so you own it17:45
ograzyga, yeah, my last name is grawert ;)17:45
zygaogra: and you can deploy a serial valut17:45
ograoh, can i ? (and should i )17:45
jdstrandzyga: is that documented somewhere? /me wonders if kyrofa would want to document that as well17:46
jdstrandmeh17:46
ograbrand and authority id's are min as is the gadget17:46
zygaogra: you can and probably should over time17:46
ogra**mine17:46
jdstrandif kyrofa would want to blog about that as well17:46
ograzyga, i never had any probs due to it17:46
kyrofajdstrand, zyga I don't even know enough about the serial vault to know why I'd want one17:46
zygajdstrand: I don't think it is; I know CE makes some customer documentation that could be read and trascribed into a public format17:46
zygaogra: yet :)17:46
zygakyrofa: it's something that signs your serial assertion17:47
kyrofazyga, why do I care?17:47
zygakyrofa: when a new device shows up it creates a serial assertion17:47
ogra(i noticed the message above though ... but since all bits of the image work reliable i never bothered about it)17:47
zygakyrofa: and asks the brand "here, sign this so that you ack my existence"17:47
zygakyrofa: and then you know that you have a device that the brand really blessed17:47
zygakyrofa: (not a knock-off or something)17:47
pedroniskyrofa: that should be a read herring, not something that blocks anything else in the system17:47
ograright17:47
pedroniss/read/red/17:48
ograthough we should have documentation for it :)17:48
zygakyrofa: your brand seems like random garbage though17:48
zygaogra: yes, definitely17:48
kyrofazyga, isn't that why the model assertion is an assertion, so that I know I'm booting a real image?17:48
ograin case you actually want it blessed17:48
zygakyrofa: model assertion is just a model assertion17:48
zygakyrofa: anyone can slap that on a fake device17:48
kyrofazyga, but it's signed17:48
zygakyrofa: but anyone can copy it :)17:48
pedroniskyrofa: not really, assertions are not secrets, they don't grant auth without some context17:48
ograright, the brand-id needs to match the signer of the gadget17:49
pedronisyou can take a device copy out it's model assertion etc17:49
ograso at least on that level there is some blessing going on17:49
zygakyrofa: e.g. company inc makes 1000 devices in factory inc; the factory now runs 2nd batch and sells them for 30% off17:49
zygakyrofa: now company inc has twice the support cost and no QA over half of the laptop with its logo17:49
zygakyrofa: serial assertion lets you see and respond to that17:49
ograpedronis, well, we just learned that your firstboot wont set up the gadget if the signatures dont match17:49
pedronisogra: well yes, your brand-id and auth-id on the model must match17:50
ograpedronis, so there is *some* brand-id vs gadget signature17:50
kyrofazyga, is this something done store side? Or is the "vault" some third-party software?17:50
zygakyrofa: because if you ordered 1000 devices and you see 2000 boot you know someone's faking something17:50
zygakyrofa: vault is a 3rd party software17:50
pedronisogra: yes, but has nothing to do with tha log or the serial17:50
ograindeed17:50
zygakyrofa: it's literally called serial-vault AFAIR17:50
ograthats cherry on top stuff :)17:50
zygakyrofa: (well, 1st party but not the store)17:50
pedronisogra: it's the new rule I was asked to implement that gadget publisher and model signer need to match unless the gadget comes from canonical17:51
kyrofazyga, right, heh, same page17:51
zygakyrofa: CE wrote tat17:51
zygathat*17:51
ograpedronis, yeah, and i remember when we discussed that in heidelberg ... serial is just an additional security measure on top17:51
pedronisserial is super relevant mostly if you want to have controlled access to a branded store17:52
ograright17:52
pedronis(we really would like most thing to have a serial, but that's the main purpose atm)17:52
ograbut not for a home brewed developer image17:52
pedronisno17:52
pedronisas I said that log be benign17:52
ograso kyrofa and i should both be fine as is17:52
pedronisif other things are not aligned it's a different matter17:52
ograyeah17:53
* zyga EODs17:54
zygasee you later guys17:54
pedroniskyrofa: model assertion authority-id must == brand-id  and gadget publisher ( != canonical) must be == brand-id , if the gadget is from canonical doesn't matter17:55
pedronissame for custom kernels well17:56
kyrofapedronis, right17:58
mupPR snapd#3094 closed: cmd: rework header check for xfs/xqm.h <Created by morphis> <Merged by zyga> <https://github.com/snapcore/snapd/pull/3094>17:59
* pedronis afk18:00
kyrofaAlright, nevermind guys-- seems to be an issue with the USB passthrough to my VM. As soon as I disconnect/reconnect it things start working18:14
kyrofapmcgowan, did I see that you were able to unpublish a single revision of your snap?18:35
kyrofapmcgowan, if so, how? I don't see an obvious way to do it18:39
pmcgowankyrofa, I cleared a failed one from the review queue18:44
pmcgowankyrofa, button way at the bottom of the page18:44
kyrofapmcgowan, oh, not an already published rev?18:45
pmcgowanno but I know there is a way to do that, isnt it just the button at the top?18:45
kyrofapmcgowan, doesn't that unpublish the entire snap?18:45
kyrofapmcgowan, I was afraid to press it :P18:45
pmcgowankyrofa, I havent done it but I know it can be done18:46
jdstranddon't press that18:46
pmcgowanlol18:46
jdstrand:)18:46
kyrofaHahaha18:46
pmcgowankyrofa, I was going to offer to try one here18:46
kyrofajdstrand, do you know how to do this?18:47
jdstrandI thought it was in there too and I just looked but didn't see it18:47
kyrofaHuh. Maybe I need nessita to do it manually?18:47
jdstrandI thought it was specific to a revision. I suspect it can't have ever been released18:47
kyrofaI released my gadget on the wrong arch at first. I'd like to remove that rev18:47
pmcgowankyrofa, I just unpublished all my versions :(18:48
kyrofapmcgowan, agh, I knew that was a dangerous-looking button18:48
pmcgowanbut I know you can do it18:48
kyrofaHey nessita, I accidentally published revision 1 of dragonboard-turtlebot-kyrofa targeting armhf, when it should have been arm64. Revision 2 is correct, but rev 1 is still available for armhf. There doesn't seem to be a way for me to remove it myself-- can you help me?18:50
nessitakyrofa, right, unpublishing is not defined for snaps, you need to release a new revision to that channel, or close the channel18:53
kyrofanessita, can I close all channels for a given arch?18:53
nessitakyrofa, hum, no, channel closing is per channel :-/18:54
nessitakyrofa, what channel you released to?18:54
kyrofanessita, stable, for both armhf and arm64. I just want the arm64 one18:54
pmcgowankyrofa, so once they are all unpublished you can selectively release them again18:56
pmcgowankyrofa, but rather tricky since the dates not listed in the summary18:56
kyrofapmcgowan, ah ha! Brilliant! I only have two revs, that's easy18:56
nessitakyrofa, hum, I can't change the status of the revision in any simple way. Can you try closing stable and then releasing a new amd64 revno to stable?18:58
kyrofanessita, pmcgowan's suggestion seems to have worked-- I just unpublished the whole thing, and then published only rev 219:00
kyrofaThanks pmcgowan :)19:00
pmcgowangreat19:00
nessitakyrofa, ahaha that button is super closed to be removed, you just reminded me :-D19:00
nessitathanks19:00
nessita(is just there for clicks)19:00
kyrofanessita, whew, made it just in time! :P19:00
nessitayeah :-)19:01
kyrofanessita, thanks for your time19:01
nessitakyrofa, sorry I couldn't be of more help19:01
kyrofaMy upload speed to people.canonical is so bad...19:07
kyrofaOh what do you know, as soon as I whine it perks up a bit19:07
kyrofaNope... back to 100k19:10
pmcgowannessita, which button, unpublish? that seems quite useful, would be better if it was version/arch specific19:30
nessitapmcgowan, the snap design does not allow for unpublishing (unreleasing), and is really a risk that someone unpublishes without wanting to19:30
nessitapmcgowan, people have complained about how risky it is19:31
pmcgowannessita, I would concur on that, but sometimes we have reverted a publish19:32
pmcgowanguess it will require a new version now19:32
nessitapmcgowan, yes, you need to release a new revision to the channel, or close it19:34
pmcgowannessita, how is closing a channel different from unpublishing19:35
pmcgowanrisk wise19:35
nessitapmcgowan, unpublishing removes all revnos from all channels. Closing a branch makes it show the content of the channel "above" it because of channel tracking (this is valid for all channels but stable, when closing stable it just gets emptied)19:38
nessitapmcgowan, imagine a very complex matrix of released revnos to many series, many archs, many channels including tracks and hotfixes19:39
nessitayou can have more than 100 released revisions19:39
pmcgowanindeed19:39
nessitaimagine unpublishing them all19:39
nessita*by mistake*19:39
nessitaimagine you have paying customer depending on availability of that snap19:39
nessitaso, way too risky19:39
pmcgowanagreed19:40
nessitawhile closing a specific channel affects only revision in that track/risk/hotfix channel19:40
kyrofajdstrand, I made a forum post instead of a ML post: https://forum.snapcraft.io/t/issues-encountered-while-creating-custom-gadget-and-image/6619:47
mupPR snapcraft#1225 opened: channels: Fix staging store test for Tracks <Created by josepht> <https://github.com/snapcore/snapcraft/pull/1225>19:48
jdstrandkyrofa: nice20:05
mupPR snapcraft#1205 closed: asset-tracking: track source VCS details <Created by josepht> <Closed by kyrofa> <https://github.com/snapcore/snapcraft/pull/1205>20:06
cachiojdstrand, any idea about this error ?20:57
cachio[81414.597898] audit: type=1400 audit(1490820896.938:1993): apparmor="DENIED" operation="exec" profile="snap.kpi-ubuntu-app-platform-tests.load" name="/lib/x86_64-linux-gnu/ld-2.23.so" pid=10908 comm="ldd" requested_mask="x" denied_mask="x" fsuid=0 ouid=020:57
cachiojdstrand, snappy debug is giving me this http://paste.ubuntu.com/24277039/21:00
jdstrandcachio: that should be allowed by this rule: /lib/@{multiarch}/ld{,32,64}-*.so    mrix,21:00
jdstrandcachio: where are you seeing this? what is the output of apparmor_parser -p /var/lib/snapd/apparmor/profiles/snap.kpi-ubuntu-app-platform-tests.load |grep multiarch | grep '/ld'21:01
cachiojdstrand,  /{usr/,}lib/@{multiarch}/ld{,32,64}-*.so    mr,21:02
cachioI see this executing "sudo snappy-debug.security scanlog"21:02
jdstrandcachio: what ubuntu release?21:06
cachiozesty21:06
cachiojdstrand, zesty21:06
jdstrandcachio: ok, so classic distro?21:06
cachiojdstrand, yes21:06
jdstrandcachio: oh, the rule you have doesn't include 'ix'21:08
cachiojdstrand, I see that, but how I should do to add that ix21:08
cachiojdstrand, I am using content interface to read the libs directory21:09
jdstrandthat rule comes from the apparmor base abstraction21:09
jdstrandlet me see if I can track it down21:09
mwhudsonhi is there an eta on the next snapd release?21:09
jdstrandcachio: is kpi-ubuntu-app-platform-tests not published anywhere?21:11
cachiojdstrand, no yet21:11
cachioI can share it21:12
kyrofajdstrand, the review tools flag a symlink to libc6 on ppc64 as an error21:12
kyrofajdstrand, no other arch, though21:12
kyrofajdstrand, specifically, a symlink to /lib/powerpc64le-linux-gnu/ld-2.23.so21:13
jdstrandcachio: it's an apparmor bug introduced in r3593.1.621:13
cachiojdstrand, ok, bad news for me21:13
cachioany workaround?21:13
cachiojdstrand, do you have the bug id?21:14
jdstrandcachio: you can sed the profile in /var/lib/snapd/apparmor/profiles to add back the ix. can you file a bug?21:14
cachiojdstrand, sure, where in snappy?21:14
jdstrandcachio: no, apparmor21:15
jdstrandhttps://bugs.launchpad.net/apparmor/+filebug21:15
jdstrandtyhicks: the zesty apparmor upload is breaking snaps due to r3593.1.621:15
jdstrandtyhicks: see cachio's denial21:16
cachiojdstrand, sorry but I have to leave now, I'll be back in 1 hour21:17
cachiojdstrand, I'll raise that issue, thanks for the support21:18
=== cachio is now known as cachio_afk
kyrofajdstrand, note that the symlink itself is named lib64/ld64.so.221:18
jdstrandkyrofa: do you have the snap?21:19
kyrofajdstrand, I do21:19
kyrofaLet me make it available21:19
jdstrandkyrofa: is it in the store?21:19
jdstrandyou can just give me the link to the revision21:19
kyrofajdstrand, actually wait... is the click-reviewers-tools in the xenial archives up to date?21:21
jdstrandkyrofa: no21:21
jdstrandzesty is21:22
jdstrandkyrofa: but I think I see the issue. I just need the snap21:22
kyrofajdstrand, sent via PM21:23
tyhicksjdstrand: I'm busy with something else at the moment but I'll be able to read backscroll soon21:27
jdstrandkyrofa: ok, fixed in trunk. if the publisher/you request a manual review, I can accept it21:27
kyrofajdstrand, excellent, thank you!21:27
jdstrandtyhicks: we should probably discuss in #apparmor21:32
jdstrandcachio_afk: fyi, we are discussing this in #apparmor on OFTC. I'm not able to reproduce. when you file the bug, please give complete instructions, ideally with a downloadble snap and access to its source code22:04
kyrofajdstrand, alright, if I want to test a profile change, I add it to the profile in /var/lib/snapd/apparmor/profiles, and then... what? How do I reload it again?22:11
jdstrandkyrofa: sudo apparmor_parser -r /path/to/profile22:12
kyrofajdstrand, thank you!22:12
kyrofajdstrand, sweet, /dev/input/js* is all I need22:14
kyrofajdstrand, you mentioned to refer to framebuffer for implementation and gave me a link to bug #1675738, but it seems like work is ongoing to remove udev tagging. Should I not worry about that aspect, then?22:27
mupBug #1675738: OpenGL interface should udev tag all /dev/fb* files <snapd-interface> <snapd:In Progress> <https://launchpad.net/bugs/1675738>22:27
mupPR snapcraft#1166 closed: tests: Fix name registration window limit test to latest changes <Created by fgallina> <Closed by elopio> <https://github.com/snapcore/snapcraft/pull/1166>22:45
mupPR snapd#3112 opened: interfaces: add a joystick interface <Created by kyrofa> <https://github.com/snapcore/snapd/pull/3112>23:25
kyrofajdstrand, there's my crack at it ^^23:25
slangasekdoes someone here know why I have /etc/ld.so.conf.d/conjure-up.conf on my system, pointing at /snap/conjure-up/156/usr/lib/x86_64-linux-gnu/ ?23:35
slangaseka directory which contains an incompatible version of libapt-pkg.so?23:36
cachio_afkjdstrand, sure, I'll upload the snap23:41

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!