/srv/irclogs.ubuntu.com/2017/04/04/#snappy.txt

mwhudsonmaybe the Status update for version mails from the store should mention architecture?00:24
morphis_robert_ancell_: ping05:00
robert_ancell_morphis_, hi05:00
morphis_robert_ancell_: we're currently porting snapd-glib to Fedora and enabling support for it in gnome-software there too05:00
robert_ancell_morphis_, awesome, thanks!05:01
morphis_robert_ancell_: however we saw something very interesting: http://imgur.com/a/CowmR05:01
morphis_the default locale of the user is en_GB but he gets turkish messages; I figured out later yesterday that this is because policykit in Fedora doesn't have gettext support05:02
robert_ancell_oh05:02
morphis_robert_ancell_: and found an old upstream bug you filed years ago https://bugs.freedesktop.org/show_bug.cgi?id=2963905:02
morphis_so policykit always falls back to the last <message ..> entry in the .plolicy file05:02
robert_ancell_morphis_, ah, I probably forgot about that and should generate the PolicyKit file with the translations as per the spec05:03
robert_ancell_morphis_, I can fix that up tomorrow and make a 1.10 release05:03
morphis_robert_ancell_: awesome!05:03
robert_ancell_morphis_, thanks for finding the problem!05:03
morphis_robert_ancell_: so upstream polkit has gettext support but in a different way?05:04
robert_ancell_morphis_, I think it never got accepted upstream and I didn't notice because I'm testing on Ubuntu05:04
morphis_robert_ancell_: np, Son_Goku and a gnome-software developer found it :-)05:04
morphis_robert_ancell_: yeah.. :-)05:04
morphis_robert_ancell_: as I am mainly focussing on cross-distro these days I am seeing  a lot of these things05:05
morphis_robert_ancell_: btw. would it make sense to move snapd-glib over to github.com/snapcore?05:09
robert_ancell_morphis_, possibly. I ended up putting on LP just to get going quickly.05:09
robert_ancell_morphis_, do you know who I'd have to ask to migrate there?05:10
morphis_robert_ancell_: I think zyga or niemeyer can do that05:10
morphis_robert_ancell_: if you don't overlap with them today I can talk with them or maybe better you create a forum topic on forum.snapcraft.io05:11
robert_ancell_morphis_, I'm past EOD, so I have to head off now. If you could raise it with them today that would be helpful.05:11
robert_ancell_bye05:12
=== ricardokirkner is now known as pindonga
=== DedSec_ is now known as DedSec
=== andyrock_ is now known as andyrock
=== victorbjelkholm_ is now known as victorbjelkholm
=== eshlox_ is now known as eshlox
=== vigo is now known as vigo|afk
zygagood morning05:57
zygamvo: hey, could you please review https://github.com/snapcore/snapd/pull/313105:58
mupPR snapd#3131: interfaces/mount: add OptsToFlags for converting arguments to syscall… <Created by zyga> <https://github.com/snapcore/snapd/pull/3131>05:58
zygamvo: and perhaps https://github.com/snapcore/snapd/pull/3129 (just a struct)05:58
mupPR snapd#3129: interfaces/mount: add InfoEntry type <Created by zyga> <https://github.com/snapcore/snapd/pull/3129>05:58
mvozyga: sure05:58
mupPR snapd#3039 closed: many: add support for partially static builds <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/3039>05:59
zygathanks :)05:59
zygamvo: ^^ I just landed partially static builds, let me know if something starts to misbehave05:59
mvook06:00
mupPR snapd#3125 closed: tests: download and install additional dependencies when using prepackaged snapd <Created by fgimenez> <Merged by zyga> <https://github.com/snapcore/snapd/pull/3125>06:01
=== vigo|afk is now known as vigo
zygaoho, a bug in regression test06:06
zyga/bin/bash: line 56: [: missing `]'06:06
mupPR snapd#3134 opened: tests: fix incorrect shell expression <Created by zyga> <https://github.com/snapcore/snapd/pull/3134>06:08
zygamvo: https://github.com/snapcore/snapd/pull/3134 this will fix some autopkgtest failures06:08
mupPR snapd#3134: tests: fix incorrect shell expression <Created by zyga> <https://github.com/snapcore/snapd/pull/3134>06:08
mupPR snapd#3106 closed: tests: enable docker test for more ubuntu-core systems <Created by fgimenez> <Merged by zyga> <https://github.com/snapcore/snapd/pull/3106>06:09
zygamorphis_: hey, I wanted to get this on your radar https://bugzilla.novell.com/show_bug.cgi?id=102856806:14
zygamorphis_: I'll open a forum topic to discuss this06:14
mvozyga: thanks, I'm going over all the one ones now06:15
mvozyga: keen to see the tests, autopkgtest should be fixed06:17
zygamvo: I'll merge master into https://github.com/snapcore/snapd/pull/3085 once the fix above lands and everything (maybe) goes green06:17
mupPR snapd#3085: .travis.yml: remove travis matrix and do a single sequential run <Created by fgimenez> <https://github.com/snapcore/snapd/pull/3085>06:17
mupPR snapd#3112 closed: interfaces: add a joystick interface <Created by kyrofa> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/3112>06:21
mvoha! #3115 has all tests green again, so nice to see that autopkgtest is now fixed again06:21
morphis_zyga: hey! yeah I saw already that lxd is broken both on Fedora and openSUSE, but good that we have a dedicated bug for that06:22
zygamorphis_: I did a quick branch to fix that but we need coordination from ogra and the core snap06:32
morphis_mvo: if you have a min, another review on https://github.com/snapcore/snapd/pull/3096 and a merge later today would be great!06:32
mupPR snapd#3096: many: abstract path to /bin/{true,false} <Created by morphis> <https://github.com/snapcore/snapd/pull/3096>06:32
zygamorphis_: my plan was to essentially stop sharing /etc06:32
morphis_zyga: is that easily possible?06:33
zygaexcept for hostname and resolv.conf06:33
zygamorphis_: yes06:33
zygaaww, brb06:33
morphis_we may have a few more dependencies on it don't we?06:33
morphis_like /etc/netplan06:33
morphis_zyga: and grep'ing through interfaces/builtin shows a lot more06:34
morphis_at least 12 which have rw permissions06:34
morphis_zyga: https://paste.ubuntu.com/24311669/06:34
mvomorphis_: sure, happy to06:36
morphis_mvo: thanks06:37
mvomorphis_: looks great! thanks for your patience06:37
morphis_mvo: np06:37
zygamorphis_: re :)06:38
zygamorphis_: so that will all work, but we need to tweak one symlink06:38
morphis_zyga: you saw the list I've pasted above?06:38
zygamorphis_: as if we stop sharing all of /etc one of the writable things has to be adjusted06:38
zygamorphis_: no06:39
morphis_https://paste.ubuntu.com/24311669/06:39
zygamorphis_: sorry, I had to do IRL stuff06:39
morphis_IRL?06:39
zygamorphis_: in-real-life06:39
morphis_ah :-)06:40
zygamorphis_: not sure what I'm looking at06:40
morphis_zyga: that is a grep through interfaces/builtin for things which refer to /etc06:40
morphis_there are quite a few writable things in /etc06:40
morphis_if we stop sharing those with the host things will break06:40
zygamorphis_: and they work with /writable and symlinks and such AFAIR06:40
morphis_zyga: what is with classic?06:40
zygamorphis_: the whole point is that it already works in core/all-snap06:41
morphis_zyga: ok, then I may don't get yet what you're planing to do06:41
morphis_we have symlinks in /etc in the core snap, I get that, but wont those break too if we have the same core snap on multiple distributions as they would point to /writable which doesn't exist there06:43
morphis_so if we stop sharing /etc with the host it looks to my like we have to repeat all the writable-paths handling the initramfs on Ubuntu Core currently does for classic06:44
mvomorphis_: 3084 has some more suggestions, but I must say I think its looking super nice, the extra bit in there will just make it even more nice :) great work there!06:44
* mvo hugs zyga for the review too06:44
morphis_mvo, zyga: will change that in a bit06:46
mvozyga: 3096 needs a second review, if you have a moment, should be trivial then it can land06:46
* zyga will review/read stuff in a sec06:46
zygajust sending kids to school06:46
mvozyga: thank, no real rush06:52
zygaok :)06:54
zygaall gone now06:54
zygamorphis_: of coruse writable would exist06:54
zygamorphis_: it is in the core snap after all06:54
zygamorphis_: and we look at the world _after_ the pivot_root is done06:54
zygamorphis_: so it is just a matter of putting the right host data files to /writable06:55
zygamorphis_: and setting everything up so that after pivot_root it's all resolving correctly06:55
zygamorphis_: writable would have to be a tmpfs06:55
zygamorphis_: and would need to be managed by either snapd or by snap-confine06:55
zygamvo: I was already looking at 3096 :-)06:56
mupPR snapd#3122 closed: packaging: do not compile spread for autopkgtests <Created by fgimenez> <Closed by mvo5> <https://github.com/snapcore/snapd/pull/3122>06:57
morphis_zyga: right, and we need to bind mount things there from the real /etc07:00
morphis_otherwise snaps wont be able to change timezone/locale/...07:00
mupPR snapd#3131 closed: interfaces/mount: add OptsToFlags for converting arguments to syscall… <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/3131>07:03
zygamorphis_: interesting07:05
zygamorphis_: yes, perhaps07:05
zygamvo: looks like adt will be green now :) https://github.com/snapcore/snapd/pull/313407:06
mupPR snapd#3134: tests: fix incorrect shell expression <Created by zyga> <https://github.com/snapcore/snapd/pull/3134>07:06
mvozyga: yeah, I like the level of greeness07:07
zygaonce this passes I'll merge it and start merging it into pending brnaches07:08
zygamvo: I'll start with those for 2.2407:08
zygaoh, no more 2.24 :)07:08
zygajust one test yellow :)07:17
morphis_zyga: but lets explore this a bit more, worth a forum topic :-)07:17
zygamorphis_: what?07:20
zygaall green, merging!07:20
morphis_zyga: the unshared /etc on classic07:21
zygamorphis_: aha, yes, definitely07:21
mupPR snapd#3134 closed: tests: fix incorrect shell expression <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/3134>07:21
zygaeveyone, let's not land failing tests now07:21
zygaeverything should be green07:21
mupPR snapd#3132 closed: overlord/state: make sure that setting to nil a state key is equivalent to deleting it <Created by pedronis> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/3132>07:23
zygapstolowski: hey07:33
pstolowskizyga, o/07:33
zygapstolowski: I just resolved conflicts on https://github.com/snapcore/snapd/pull/3119 and I worry that it is too easy to add a wrong version of AddConnected{Plug,Slot}07:34
mupPR snapd#3119: interfaces: API additions for interface hooks <Created by stolowski> <https://github.com/snapcore/snapd/pull/3119>07:34
zygapstolowski: I'd like to do a sanity test that looks at each interface and makes sure it doesn't implement the old APIs07:34
zygapstolowski: no snippets, no attr-less connected plugs or slots07:34
zygapstolowski: with the definer hack we essentially turned to duck typing on a security component07:35
zygapstolowski: and this is a bit risky :/07:35
pstolowskizyga, thanks for resolving conflicts in that branch;07:37
zygafgimenez: conflicts on https://github.com/snapcore/snapd/pull/310507:38
mupPR snapd#3105: tests: download previous snapd package from published versions instead of specific PPA <Created by fgimenez> <https://github.com/snapcore/snapd/pull/3105>07:38
fgimenezzyga: thanks on it07:39
pstolowskizyga, as for duck typing yes, I realized these risks too. I think from now only every interface needs to have full tests07:40
pstolowskizyga, good idea about sanity test, a simple shell script will do07:40
zygapstolowski: I was thinking about a go based test actually, let me try something07:41
zygaeveryone: I'm going through PRs and merging master into them, this should fix adt failurs07:41
zyga*failures07:41
zygaplease don't merge things if they are not green anymore07:42
zygahmm07:45
zygaFAIL: overlord_test.go:360: overlordSuite.TestEnsureLoopPrune07:45
zygathis failed on my laptop just now07:45
zygawas that known racy?07:45
zygapstolowski: we need to plan a 2nd pass through all PRs to adjust them to the new interface APIs07:56
zygapstolowski: but I'd like to see this new test merged first07:56
zygapstolowski: I'll take a break, prepare for some meetings today and then start working on it07:56
zygapstolowski: if you could do a trivial review on a struct: https://github.com/snapcore/snapd/pull/312907:57
mupPR snapd#3129: interfaces/mount: add InfoEntry type <Created by zyga> <https://github.com/snapcore/snapd/pull/3129>07:57
zygapstolowski: that would help me move update-ns effort forward :)07:57
mupPR snapd#3135 opened: interfaces/mount: add high-level Profile functions <Created by zyga> <https://github.com/snapcore/snapd/pull/3135>08:01
mupPR snapd#3108 closed: cmd: use libtool for the internal library <Created by morphis> <Closed by morphis> <https://github.com/snapcore/snapd/pull/3108>08:04
zygamvo: I'm done, nearly everyting is either yellow now or has been commented upon to have the author do something08:12
zygamvo: probably we'll run out of machines but spread can be restarted08:12
zygamvo: and adt will nicely queue08:12
* zyga afk08:15
mupPR snapd#2971 closed: data: ship "snap.mount" service that ensures /snap is MS_SHARED <Created by mvo5> <Closed by mvo5> <https://github.com/snapcore/snapd/pull/2971>08:24
morphis_zyga: can you have another look on https://github.com/snapcore/snapd/pull/3084 ?08:28
mupPR snapd#3084: packaging: use templates for relevant systemd units <Created by morphis> <https://github.com/snapcore/snapd/pull/3084>08:28
zygamorphis_: yes, after my calls08:28
morphis_thanks!08:28
zygafgimenez:     - autopkgtest:ubuntu-16.04-ppc64el:tests/main/classic-custom-device-reg failed on https://github.com/snapcore/snapd/pull/312908:51
mupPR snapd#3129: interfaces/mount: add InfoEntry type <Created by zyga> <https://github.com/snapcore/snapd/pull/3129>08:51
zygafgimenez: died on kill timeout there08:52
zygamvo: it would be awesome if we had a way to re-try adt tests08:52
zygawe're starting to see green tests :)08:53
zyganot all but at least some08:53
zygarandom failures on adt are annoying as they are harder to re-try08:53
mvozyga: yeah, I have no idea how to retrigger those, we need help from the adt people on that. but its worth investigating the failures I think08:54
zygamvo: if it is just slower infrastructure we should tweak knobs to kill them later08:54
zygamvo: if it is real failure we want to investigate08:54
zygamvo: so yeah, agreed!08:54
zygaaha, that looks like a real bug08:57
zyga[ 1602.570508] audit: type=1400 audit(1491294017.372:1090): apparmor="DENIED" operation="create" profile="snap.classic-gadget.hook.prepare-device" pid=27121 comm="snapctl" family="inet" sock_type="stream" protocol=6 requested_mask="create" denied_mask="create"08:57
zygasnapctl + ipv608:57
zygamvo: did your branch with config that was addressing that landed?08:58
zygas/landed/land/08:58
zygaI added https://github.com/snapcore/snapd/pull/3129/commits/f82c78c07facd73f5ad1a31f26b0b337dc6ce4ce to try to figure out what is failing on ppc6409:02
mupPR snapd#3129: interfaces/mount: add InfoEntry type <Created by zyga> <https://github.com/snapcore/snapd/pull/3129>09:02
ograzyga, i dont see a PR for the lxd bit09:05
fgimenezhi mvo: i'm looking into the expect errors on ubuntu-core http://paste.ubuntu.com/24305344/ and, trying manually tests/main/create-key on amd64 with edge core, it gets stuck after the "Confirm password" prompt http://paste.ubuntu.com/24312255/ if you could take a look when you have a moment that would be great09:17
morphis_zyga: so for gnome-software we have a hardcoded /snap/bin in snapd-glib we need to workaround09:18
morphis_err, a hardcoded /snap/bin in gnome-software09:18
zygamorphis_: aha09:37
zygamorphis_: we can do a small patch or we could maybe have it ask snapd09:37
zygamorphis_: but I think we can do it easily with a small patch09:37
zygaogra: hmm09:38
morphis_zyga: yeah that is the plan09:38
morphis_zyga: talked with Robert this morning and he wants to do a minor release of snapd-glib tomorrow anyway so I am asking him now if he can add a small API function returning the snap mount dir09:39
morphis_we can than set it statically via a configure switch and later ask snapd09:39
niemeyerGood mornings09:43
mvohey niemeyer! good morning09:45
morphis_niemeyer: morning!09:47
niemeyero/09:47
zygamorphis_: sounds good!09:47
zyganiemeyer: good morning :)09:47
morphis_zyga: you already had time to give snapd on Fedora a try or is that something for later this week?09:48
zygapstolowski: error: cannot refresh "test-snapd-delta-refresh": cannot get refresh information for snap "test-snapd-delta-refresh": Post https://search.apps.ubuntu.com/api/v1/snaps/metadata: EOF09:48
zygamorphis_: I'll try that today, I have my 2nd machine standing by09:49
zygapstolowski: this failed here: https://github.com/snapcore/snapd/pull/311109:49
mupPR snapd#3111: snapd: initial implementation for systemd software watchdog for snapd <Created by mvo5> <https://github.com/snapcore/snapd/pull/3111>09:49
zygapstolowski: will that be fixed with https://github.com/snapcore/snapd/pull/3126 ?09:49
mupPR snapd#3126: store: handle EOF via url.Error check <Created by stolowski> <https://github.com/snapcore/snapd/pull/3126>09:49
morphis_zyga: sounds great! we need 6 points to get the update done, so need to collect people :-)09:50
zygamorphis_: I'll boot F25 first09:52
morphis_ok09:52
zygafgimenez: tests/main/interfaces-network-observe failed on timeout (seems like test was stuck)09:53
zygahttps://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-yakkety-snappy-dev-image/yakkety/amd64/s/snapd/20170404_092050_bb1cd@/log.gz09:53
fgimenezzyga: thanks looking..09:53
zygafgimenez: your new dbus interface spread test seems to be geuinely failing https://github.com/snapcore/snapd/pull/301409:55
mupPR snapd#3014: tests: add dbus interface spread test <Created by fgimenez> <https://github.com/snapcore/snapd/pull/3014>09:55
Chipacahad to reboot because my tests leaked out and borked the environ, and spread realised and restarted qemu without me having to meddle09:57
* Chipaca hugs niemeyer 09:57
ograkoza, next customer ... Bug #1679432 ...09:57
mupBug #1679432: Bluetooth SCO connections don't work on Dragonboard 410c <Snappy:New> <https://launchpad.net/bugs/1679432>09:57
zygaChipaca: good morning :)09:57
zygahmm, I really wish we could retry adt tests09:57
zygaerror: RPC failed; curl 56 GnuTLS recv error (-110): The TLS connection was non-properly terminated.09:58
* niemeyer feels the love and hugs Chipaca back09:58
zygarandom error on git clone09:58
Chipacazyga, niemeyer :-)09:58
pstolowskizyga, yes, i hope so..09:58
fgimenezzyga: indeed, the test snaps weren't being built for ppc64el, doing that now10:00
fgimenezzyga: and thanks! :)10:01
zygapstolowski: let's merge it then!10:01
zygafgimenez: thank you!10:02
zygafgimenez: I think we have a chance at all-green tests today10:02
zygafgimenez: I'll do my best to help10:02
pstolowskizyga, i've just pushed the little fix for unneeded var error;10:02
fgimenezzyga: \o/ thanks a lot, spring is definitely coming to our poor test results :)10:04
* zyga reviews 312610:06
mupPR snapcraft#1230 opened: Refactor Cleanbuilder into Containerbuild and add Project <Created by kalikiana> <https://github.com/snapcore/snapcraft/pull/1230>10:07
Chipacahttps://bugs.launchpad.net/ubuntu/+source/linux/+bug/1672819/comments/10 is exciting10:11
mupBug #1672819: exec'ing a setuid binary from a threaded program sometimes fails to setuid <amd64> <apport-bug> <kernel-key> <xenial> <linux (Ubuntu):Triaged> <linux (Ubuntu Xenial):In Progress by colin-king> <https://launchpad.net/bugs/1672819>10:11
Chipacawhich reminds me10:11
Chipacazyga— do you have a fedora system/vm up?10:12
brunch875Guys I noticed that telegram puts downloads in /snap/.../Downloads/ instead of ~/Downloads. I know it's for the sake of confinement, but wouldn't it be a better idea to also mount this folder into ~/Downloads?10:15
brunch875that way, the snap doesn't see other snaps downloads but I can go to ~/Downloads to get my stuff10:16
brunch875 /snap/Downloads is a long path10:16
zygaChipaca: yes10:18
Chipacazyga— can you check whether that bug happens in fedora also? (it should, but maybe they patch their kernel for this already)10:18
Chipacabrunch875— it's tricky10:18
Chipacabrunch875— ~/Downloads isn't guaranteed; in fact, it's localised10:19
zygaChipaca: sure10:19
Chipacabrunch875— if you're in spanish I think it's ~/Descargas10:19
zygaChipaca: we have $XDG_CONFIG_DIR/user-dirs.dirs10:19
brunch875damn translations... how does firefox deal with this?10:19
Chipacazyga— exactly, but people editing that is rarer than people speaking something different10:20
Chipacanot saying it's impossible; it's tricky10:20
zygaChipaca: yeah10:20
zygaChipaca: just sligthly trickier than fixed path10:20
zygaChipaca: it's tricky if it changes underneath10:20
ograChipaca, i think we stopped localizing it ... your original install must be old10:20
Chipacait's three indirections to get the thing10:20
zygabut that is rare I hope10:20
zygayep10:20
Chipacais it bad that i made tests pass by removing the failing ones :-D10:21
zygaChipaca: I bet there's a bible rerefence that fits this but I don't think we want that ;)10:21
Chipacazyga— “And the beast shall come forth surrounded by a roiling cloud of vengeance. The house of the unbelievers shall be razed and they shall be scorched to the earth. Their tags shall blink until the end of days.” (here "beast" could be "snapd")10:22
kozaogra, haha thanks, reading now10:24
zygaChipaca: the church of snapd10:24
zygaChipaca: apply for tax deductions10:24
Chipacain civilization i always name my religion "worms"10:25
Chipacabecause i spread worms to other civilization and that makes me chuckle10:25
Chipacabut "the church of snapd" could work also10:25
mvoreviews for https://github.com/snapcore/snapd/pulls?q=is%3Aopen+is%3Apr+milestone%3A2.24 would be great - so that we can get 2.24 ready10:27
zygaChipaca: thu shal not have other packages before me ;-)10:28
zygathu shall refresh on weekends ;)10:28
* zyga gets back to being useful10:28
mupPR snapd#3136 opened: snap-confine: add code o ensure that / or /snap is mounted "shared" <Created by mvo5> <https://github.com/snapcore/snapd/pull/3136>10:30
niemeyermvo: I'm about to jump into it shortly.. just want to get a discourse snap with SSO support building meanwhile10:32
niemeyerChipaca: So it was indeed a bug in the kernel..10:33
mvoniemeyer: thank you!10:35
zygaChipaca: fedora booting, sorry, vmware decided it's time for upgrade10:37
zygafgimenez: DEBUG: restarting into "/snap/core/current/usr/bin/snap"10:39
zygafgimenez: this seems to clober and affect tests on https://github.com/snapcore/snapd/pull/301010:40
mupPR snapd#3010: snap: skip /dev/ram from auto-import assertions to make it less noisy <Created by mvo5> <https://github.com/snapcore/snapd/pull/3010>10:40
zygafgimenez: I wonder why it only happens here. it looks like either we reexec where we previously did not10:40
zygafgimenez: or we log where we previously did not10:40
zygafgimenez: I have no other ideas10:40
zygaoddly10:41
zygafgimenez: same spread run has this message:10:41
zyga2017/04/04 09:49:49.300407 cmd.go:114: DEBUG: not restarting into "/snap/core/current/usr/bin/snap" ([VERSION=2.23.6 2.23.6]): older than "/usr/bin/snap" (1337.2.23.6)10:41
zygaso it restarted once10:41
zygabut not another time10:41
zygaduring one run10:41
zygamvo: does this make any sense to you?10:41
zygait seems that all the failures there are caused by the extra DEBUG message10:42
zygamvo: aha, so that branch sets  +    SNAPD_DEBUG: 110:45
zygamvo: I think we need something more flexible10:45
mvozyga: indeed - maybe going back to snappy_testing?10:45
zygamvo: I commented on the PR10:46
zygamvo: snappy_testing? what is that10:46
mvozyga: its a flag we set when spread runs, it tells that the system is being tested10:47
mvozyga: let me try that10:47
* mvo really lunch now10:47
zygaChipaca: ok, updated my f25 to latest kernel and trying the suid bug now11:05
zygafgimenez: I have a question about https://github.com/snapcore/snapd/pull/3085/files11:06
mupPR snapd#3085: .travis.yml: remove travis matrix and do a single sequential run <Created by fgimenez> <https://github.com/snapcore/snapd/pull/3085>11:06
zygafgimenez: what happened to the prepare_all_snap vs prepare_classic code?11:07
zygaaha I see you excluded core11:07
zygafgimenez: so do we run any tests on core with that PR now?11:08
fgimenezzyga: of course, the core system filtering is a refactor only for the unit suite, previously the tasks in that suite were excluding the core systems, with this PR the exclusion is done at the suite level11:10
zygaaha, makes sense11:11
zygathanks!11:11
zygalet's merge it when it goes green11:11
fgimenezzyga: np thank you11:12
zygaChipaca: yep, it also affects fedora11:15
zygaChipaca: but curiously the go version is ok11:15
zygaChipaca: but the c+pthread version is not11:15
zygaChipaca: maybe fedora has different golang build defaults?11:16
mvozyga: https://github.com/snapcore/snapd/pull/3096 has some strange commits, did you maybe push the wrong branc there?11:36
mupPR snapd#3096: many: abstract path to /bin/{true,false} <Created by morphis> <https://github.com/snapcore/snapd/pull/3096>11:36
Chipacazyga— the go version might be ok if you have only one (real) cpu on your vm11:39
zygamvo: checking11:40
zygaoh, I must have11:41
zygasorry,11:41
zygashall I push --force to remove them?11:41
zygaah11:41
zygano sorr11:41
mvozyga: sounds reasonable11:41
zygaI did this on purpose!11:41
mvozyga: you did?11:41
zygaearlier run failed on EOF bug11:41
zygaso I merged the EOF fix branch11:41
mvozyga: the eof stuff is random11:42
zygaas that is coming to land soon in another PR11:42
zygamvo: yes but I wanted to give it a try to see if it fails on EOF11:42
mvozyga: honestly I think that is not a good idea, its mixing two branch changes and makes the review harder11:42
zygamvo: we can back those out or wait for https://github.com/snapcore/snapd/pull/3126 and merge master again11:43
mupPR snapd#3126: store: handle EOF via url.Error check <Created by stolowski> <https://github.com/snapcore/snapd/pull/3126>11:43
mvozyga: yeah, we can deal with this easily, I think we should avoid this in the future, i.e. 3126 was almost in master so a little wait and its all easier to review/land11:44
zygamvo: noted, I'll refrain from doing this11:45
mvota11:45
niemeyerzyga: #3039 again went in with unanswered comments11:54
niemeyerzyga: Starting to get worried about the fact we're getting used to overrunning comments11:56
zyganiemeyer: aha? checking,11:57
zyganiemeyer: are you referring to https://github.com/snapcore/snapd/pull/3039#discussion_r109441348 ?11:59
mupPR snapd#3039: many: add support for partially static builds <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/3039>11:59
zyganiemeyer: I didn't see it, it's another case where github had stale UI :/11:59
niemeyerzyga: I'm referring to my comment there made before the merge and unanswered11:59
zyganiemeyer: it seems to refresh sometimes but not always11:59
zyganiemeyer: right, I'm tring to clarify which comment that was12:00
zyganiemeyer: I checked for past comments to make sure it was all addressed12:00
niemeyerzyga: I had one comment with Request Changes.. the Approve came together with the comment12:01
zyganiemeyer: I think the lesson is to reload a tab before merging12:01
niemeyerSo either you didn't see the approve, in which case Request Changes was still in place, or you saw the Approve12:01
niemeyerand the comment12:01
zyganiemeyer: I really didn't see the comment12:01
zyganiemeyer: I don't know why exactly or how github works there12:02
niemeyerzyga: In either case, let's please be more careful.. we had two such cases in the last couple of days12:02
niemeyerzyga: Those were pretty minor, but my concern is obviously that we overrun critical things and nobody notices12:02
Chipacaogra— the 1m you're calling copying also involves sha3'ing the files, which omnoms a cpu for about a minute also12:18
ograah12:18
Chipacaat least afaik :-)12:18
ograyeah, i thought it is related to that step at least12:18
* Chipaca nods12:18
ograprobably not much we can do apart from adding a progress bar :P12:18
ograthe key gen change is super impressive though ... it takes almost no time12:19
mvoChipaca: hey, I was wondering if you had a chance to look at the channel2.0 stuff, looks like channels_map_list is now available from the store and I was wondering if I can start doing some of the groudnwork or if you are already on it12:19
Chipacaogra— zyga promised us some assembler work to make it faster :-D12:19
Chipacamvo— i am not on it12:19
ograheh, good luck with that ...12:19
Chipacamvo— i don't want to delay completion further12:19
* ogra waits for the s390x assembler to land 12:19
Chipacaogra— in any case that'd buy us a ~15% perf bump, not more12:20
mvoChipaca: no problem, just wanted to double check to avoid duplicating work12:20
Chipacamvo— it should be really straightforward to do though12:20
Chipacamvo— good luck :-D12:20
Chipaca(famous last words)12:20
ograChthats at least 9secs from a 1min run !12:20
ogradamn, auto-completion fail12:21
niemeyerpstolowski: #3126 reviewed12:21
ograwell, in any case we should get  https://github.com/snapcore/snapd/pull/3130 landed asap IMHO12:22
mupPR snapd#3130: overlord/devicestate: switch to keygen for device key generation <Created by vosst> <https://github.com/snapcore/snapd/pull/3130>12:22
ograthe difference is massive12:22
pstolowskiniemeyer, ty12:24
mupPR snapd#3137 opened: overlord: switch to aliases v2 tasks for install/refresh etc ops plus transition <Created by pedronis> <https://github.com/snapcore/snapd/pull/3137>12:29
=== cpaelzer_ is now known as cpaelzer
morphisSon_Goku: we're moving torwards a working gnome-software, just if you didn't follow the conversation in #g-s12:36
* zyga lunch12:41
mupPR snapd#3138 opened: interfaces/mount: add Change.Perform <Created by zyga> <https://github.com/snapcore/snapd/pull/3138>12:44
zyganiemeyer: some more progress for your attention https://forum.snapcraft.io/t/fixing-live-propagation-of-mount-changes/23/1312:47
zyganiemeyer: I suspect you will be busy with 2.24 tasks today but if you can revise feedback on the oldest PR of that set I could progress significantly12:48
ChipacaI love how the whole edifice of tab completion falls down if you have something with a newline in it12:49
ChipacaI'm using edifice here in the same sense you'd use it to describe an 8m column of toothpicks stood on end12:49
zygaChipaca: try adding tab completion for a file with a newline in it :)12:50
Chipacazyga— this is what i meant12:50
Chipacajust a space is enough to trip up some of it12:51
Chipacaa newline just causes giggling12:51
niemeyerpstolowski: Why the else if on 3126?12:58
niemeyerzyga: Thanks, I'll check it out soon12:59
niemeyerzyga: I started yesterday, actually, but this one needs a fresher mind12:59
zyganiemeyer: understandably so, thank you12:59
pstolowskiniemeyer, because it turns out that after unwrapping the error becomes a net error, so it falls into the check. and goes into return netErr.Timeout() check, which is not what we want12:59
niemeyerpstolowski: Seems fishy.. let's discuss in the call13:00
niemeyertvoss: Heya13:09
tvossniemeyer: o/13:09
niemeyertvoss: Can you open a thread in the forum with details of the issue about the ssh-keygen vs. internal generation issue?13:10
niemeyertvoss: Curious about your findings so far about where the problem lies13:10
tvossniemeyer: sure, good part of the findings is on the PR, too13:10
tvossniemeyer: https://github.com/snapcore/snapd/pull/313013:11
mupPR snapd#3130: overlord/devicestate: switch to keygen for device key generation <Created by vosst> <https://github.com/snapcore/snapd/pull/3130>13:11
niemeyertvoss: Thanks13:12
pstolowskiniemeyer, ok, tweaked retry error check as just discussed13:14
tvossniemeyer: in summary, the current theory is that check for primality in the key generation is killing performance. Mostly due to the BigInt implementation in Go not being as optimized as the ssh one.13:14
niemeyertvoss: Ack, will have a look at the PR13:15
zygamvo: reviewed the snap-confine change, have a look13:36
zyganiemeyer: can you have a look at https://github.com/snapcore/snapd/pull/3085/files -- if it lands we will have more travis slots for testing and we will have faster iteration overall13:40
mupPR snapd#3085: .travis.yml: remove travis matrix and do a single sequential run <Created by fgimenez> <https://github.com/snapcore/snapd/pull/3085>13:40
mvozyga: yeah, thank you13:44
niemeyerzyga: Looking13:44
mupPR snapd#3085 closed: .travis.yml: remove travis matrix and do a single sequential run <Created by fgimenez> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/3085>13:49
sborovkovHello, Is there some builtin executable to test snapd's REST API?13:57
sborovkovon core.13:57
ograsborovkov, snap install http ...13:58
ograthen you can talk to it using the http tool13:58
sborovkovMeh. I can't install it easily. I need another image then. because my image uses branded store. oh well.13:59
ograsborovkov, well, perhaps Chipaca has a local version of that snap you could install14:00
Chipacasborovkov— why can't you install it easily?14:00
pedronissborovkov: so it's a branded store not setup to inherit the main one?14:00
sborovkovpedronis: yes, It only has 2 snaps14:01
sborovkovChipaca: store I am using is not inheriting anything from the main one.14:02
Chipacanice14:03
Chipacasborovkov— if you have a snapd running against the regular store somewhere, you can 'snap download http' and then copy the two resulting files over14:03
sborovkovRight, I should have classic image lying somewhere around. It's easier to change what store it's using on the fly.14:04
Chipaca:-)14:04
ograyeah ... that silly IoT stuff ... way to secure nowadays14:05
ogra:)14:05
Chipacasborovkov— you also should have a way of copying snaps into your store14:05
Chipacai don't know how that side of things work though14:05
sborovkovDocumentation on REST API says that - "The API documents three levels of access: open, authenticated and root" and " The root user also gains authenticated access without having to send authorization." - Does that apply to snaps that run under root?14:06
Chipacasborovkov— if you do 'snap download', make sure to copy the .assert as well as the .snap14:06
sborovkovChipaca: understood.14:06
Chipacasborovkov— no, snaps need the snapd-control to talk to snapd even as root14:07
Chipacaotherwise they can't even open the socket14:07
sborovkovah, alright. So if I connect to that interface I won't need to send authentication header? I want to make requests to core/conf to modify config.txt on RPI14:08
zygare14:26
zygayay, thank you for merging that niemeyer :-)14:27
niemeyerzyga: No problem, thanks for bringing it up14:27
niemeyerfgimenez: Btw, I think we could run the gccgo test on amd64 only14:27
niemeyerubuntu-16.04-64 to be precise14:28
zygaI'm seeing hook error reporting failure in spread14:29
zygaApr 04 13:31:57 autopkgtest /usr/lib/snapd/snapd[13737]: hookmgr.go:380: DEBUG: Cannot report hook failure: cannot upload error report, return code: 50014:29
niemeyerzyga: Btw, I've created custom badges for distinguished community groups, per Ryan's request14:29
zygaI thouht we didn't send those from tests14:29
zyganiemeyer: yeah, I saw those14:29
fgimenezniemeyer: ok, i'll propose a branch for that14:29
zyganiemeyer: when I had a look at badges I saw some UI in account preferences14:29
niemeyerzyga: Got morphis and songoku on Fedora.. Ryan on system76.. any other suggestions?14:29
zyganiemeyer: specifically https://forum.snapcraft.io/users/zyga/preferences/badge_title14:30
zyganiemeyer: but that's not the same, is it?14:30
morphisniemeyer: nice one!14:30
zyganiemeyer: we may want to tag Canonical CE as such14:30
niemeyerzyga: It's related.. specific badges allow using them as titles14:30
niemeyerzyga: See how Neil shows up now, for example14:30
zyganiemeyer: looking14:30
niemeyeror Ryan14:30
zyganice14:30
zygaI wish we had icons too14:31
zyga(such a forum thing but I like it :)14:31
niemeyerYeah, those badges may have icons associated too14:31
niemeyerBut, one step at a time :)14:31
niemeyerzyga: Who's responsible for the Debian packaging those days?14:31
niemeyerand arch, opensuse, etc14:32
zyganiemeyer: I think that's mwhudson14:32
zyganiemeyer: opensuse that's me and morphis14:32
zyganiemeyer: arch that's timothy (not sure if he participates in the forum)14:32
zyganiemeyer: (we cannot upload to the arch packge ourselves)14:32
niemeyerzyga: Do you plan to remain directly involved in those efforts?14:32
zyganiemeyer: yes, I want to say involved, maybe 10%/20%, depending on need14:32
morphisniemeyer: worth adding Yocto too14:33
niemeyerzyga: Okay, I'll keep morphis as the main point of contact for now then14:33
zyganiemeyer: I can help with reviews, some release testing and being a backup so that there are several people involved and aware of what's going on14:33
zyganiemeyer: sounds good14:33
zyganiemeyer: yocto yes, morphis updated snapd in yocto AFAIR14:33
morphiszyga: I maintain it :-)14:34
niemeyermorphis: Who's handling Yocto, only you for now?14:34
zyganiemeyer: do you think we should have "snapd developer" badge?14:34
morphisniemeyer: yes14:34
zyganiemeyer: can we do many badgets for one person?14:34
niemeyerzyga: Well, looks at your own badges :)14:34
niemeyers/looks/look14:35
* zyga looks14:35
zygaoh14:36
niemeyerzyga: Not sure, let's think about that one (developer)14:36
zygaforum does feel like a massive upgrade over mailing lists14:36
zygabrick by brick it builds a community14:36
niemeyerzyga: Feels a bit too generic to be useful.. everyone should feel like they are developers.. PRs for all14:37
zygaindeed14:37
zygawe can revisit that once the forum has 100s of users14:37
niemeyerYeah14:37
zygapedronis: can we merge master into https://github.com/snapcore/snapd/pull/308714:41
mupPR snapd#3087: overlord/snapstate: introduce tasks for aliases v2 semantics with temporary names for now (aliases v2) <Critical> <Created by pedronis> <https://github.com/snapcore/snapd/pull/3087>14:41
pedroniszyga: I did14:41
zygapedronis: thanks!14:42
pedroniszyga: did something else got merge to master recently that fixes something?14:42
niemeyerhttps://usercontent.irccloud-cdn.com/file/OldF6S1B/14:43
zygapedronis: one thing that was breaking many adt runs and one simplification from federico that will make test runs faster14:43
niemeyerDid I miss anything?14:43
zyganiemeyer: gentoo, but we don't actively maintain it really14:43
zyganiemeyer: I would also consider centos14:43
niemeyerOkay.. let's create it on demand then14:43
zyganiemeyer: as many people love it14:43
zyganiemeyer: and it feels distinct from fedora14:44
niemeyerHmm.. what's the packaging story there?14:44
zyganiemeyer: once the fedora package is out we will request a package for centos14:44
zyganiemeyer: I was wondering if we want to have 'Ubuntu & Derivatives' instead of Ubuntu14:44
niemeyerzyga: What does that mean?14:44
zyganiemeyer: (elementary, mint and multitude of [KLX...]buntu)14:45
niemeyerzyga: I mean, requesting a package for CentOS.. what does that mean in practice?14:45
zyganiemeyer: it means that you get a permission to target your package to "enterprise" distros14:45
zyganiemeyer: it's distinct from fedora14:45
zyganiemeyer: you go through the review process again14:45
zyganiemeyer: different people decide, etc14:45
niemeyerIs it the same package, though?14:45
zyganiemeyer: then you get a branch that you can use for that distribution14:45
zyganiemeyer: not quite, it's the same package _name_ but it can be different _packaging_14:46
zyganiemeyer: it typically is somewhat different in the end14:46
zyganiemeyer: for snapd we will reuse the same package but build it with different switches14:46
zyganiemeyer: as centos doens't have golang much so what happens is you built it with fedora deps that are bundled / linked statically14:46
zyganiemeyer: that's what I understand from the process14:46
morphisniemeyer: it can be the same .spec file but build with different parameters14:46
zyganiemeyer: yes14:47
zyganiemeyer: it's actually automatic as our package has those switches onw14:47
zyganow*14:47
morphisniemeyer: King_InuYasha build the .spec file in a way that it can work on RedHat, CentOS and Fedora14:47
zyganiemeyer: we mainly need to apply for the permission and come up with a working srpm for review14:47
niemeyerOkay, sounds good.. badge created14:47
niemeyerWe're only handing it off when it lands though!  :P14:47
zyganiemeyer: exactly, this is why the spec files for golang are so convoluted14:47
zyganiemeyer: sounds good :)14:47
zyganiemeyer: question: what do you use for those tiny screenshots?14:48
niemeyerzyga: Which tiny screenshots?14:48
zyganiemeyer: like the one you linked to above14:49
niemeyerzyga: Ah, you mean the screen cropped ones?14:49
zygayes14:49
niemeyerzyga: Stock gnome-screenshot with proper keyboard shortcuts14:49
mupPR snapd#3139 opened: tests: run gccgo only on ubuntu-16.04-64 <Created by fgimenez> <https://github.com/snapcore/snapd/pull/3139>14:51
zygaChipaca: does this test failure ring a bell to you? https://github.com/snapcore/snapd/pull/2982#issuecomment-29152461814:53
mupPR snapd#2982: daemon: add desktop file location for app to the API <Created by mvo5> <https://github.com/snapcore/snapd/pull/2982>14:53
zygaChipaca: it's odd that it failed on some places and passed in others14:53
Chipacagocheck's output for diffing maps sucks :-(14:54
Chipacabut no14:54
zygayep14:54
zygaChipaca: thanks!14:55
* zyga looks at TestEnsureLoopPrune14:55
mupPR snapd#2982 closed: daemon: add desktop file location for app to the API <Created by mvo5> <Closed by zyga> <https://github.com/snapcore/snapd/pull/2982>14:55
mupPR snapd#3140 opened: overlord: increase prune test wait by x10 <Created by zyga> <https://github.com/snapcore/snapd/pull/3140>14:59
Chipacazyga— so, apps is different15:00
Chipacazyga— missing desktopfile stuff15:00
Chipaca?15:01
Chipacaah!15:01
Chipacano15:01
Chipacazyga— something is wrong in that test or something15:01
Chipacathere is no order to apps and the test is checking an ordered struct15:01
zygaChipaca: aah15:01
zygaChipaca: thanks, I'll look at fixing that15:02
zygafgimenez: commented on https://github.com/snapcore/snapd/pull/3139#pullrequestreview-3080638615:02
mupPR snapd#3139: tests: run gccgo only on ubuntu-16.04-64 <Created by fgimenez> <https://github.com/snapcore/snapd/pull/3139>15:02
Chipacazyga— it should probably be a map[string]daemon.appJSON instead of a []daemon.appJSON15:03
* ogra laughs about the forum15:07
mupPR snapcraft#1211 closed: sources: add git source tracking <Created by josepht> <Closed by josepht> <https://github.com/snapcore/snapcraft/pull/1211>15:08
ogra"You earned an Ubuntu"15:08
mupPR snapcraft#1213 closed: sources: add bazaar source tracking <Created by josepht> <Closed by josepht> <https://github.com/snapcore/snapcraft/pull/1213>15:08
ograyay15:08
zygaogra: it's yours to keep :)15:09
* ogra hugs his Ubuntu15:09
ogramy precious!15:09
dakerlol15:10
dakerzyga: can we have other providers for the login ? i don't want to create another account for it15:11
zygadaker: https://forum.snapcraft.io/t/support-for-sso-on-forum-snapcraft-io/7515:12
dakerzyga: thanks15:13
mupPR snapd#2982 opened: daemon: add desktop file location for app to the API <Created by mvo5> <https://github.com/snapcore/snapd/pull/2982>15:19
=== JanC is now known as Guest85044
=== JanC_ is now known as JanC
zygaChipaca: about map[string]daemon.appJSON, should the key be just the app name?15:21
Chipacazyga— yah15:22
zygaChipaca: the problem is that this is client-visible protocol, right?15:22
zygaChipaca: alternatively I can sort by that15:22
zygaChipaca: so that it shows up in good order15:22
Chipacayeah15:23
zygaChipaca: but I also recall the need to have a "launch" button that may imply order cannot be alphabetic15:23
Chipacasorting works15:23
zygaChipaca: and needs to be something special :/15:23
Chipacathe launch is per desktop15:23
Chipaca¯\_(ツ)_/¯15:23
zygaChipaca: yes but in gnome software you have one buttn15:23
zygabutton15:23
Chipacazyga— imagine :shrug:, but where each stroke is a ¯\_(ツ)_/¯15:23
Chipacaheh15:24
Chipacahexchat fail15:24
zygaChipaca: something like this http://paste.ubuntu.com/24313896/15:28
zygaChipaca: if you +1 I will push that into mvo's PR15:28
sborovkovHello again. Am I doing something wrong here? Trying to get conf details for core snap. r = session.get('http+unix://%2Frun%2Fsnapd.socket/v2/core/conf') - this returns me 404. I was doing it according to this https://github.com/snapcore/snapd/wiki/REST-API#get-v2snapsnameconf15:29
ograsborovkov, if there are no config options set (the default) you probably wont get any back15:31
Chipacasborovkov— is your url correct? e.g. does /v2/system-info work?15:32
=== Eleventh_Doctor is now known as Pharaoh_Atem
=== allison1 is now known as allison[m]
ograsborovkov, try something like: "snap set core system.powerkey-action=poweroff" (thats a harmless one) and see if you then get something else than 40415:34
zygaChipaca: pushed, please comment on the PR15:35
Chipacazyga— sorry got delayed15:38
Chipacazyga— recommend leave the code as it was, and then use sort.Slice directly15:38
mupBug #1679739 opened: System-User Assertions and the system time <Snappy:New> <https://launchpad.net/bugs/1679739>15:39
Chipacazyga— saying as much on the pr15:39
Chipacathere15:39
zygaChipaca: aha, looking15:40
mbruzekSetup snap "core" (1441) security profiles (cannot setup apparmor for snap "core": cannot load apparmor profile "snap.core.hook.configure": cannot load apparmor profile: exit status 24315:40
mbruzekapparmor_parser: Unable to replace "snap.core.hook.configure".  Permission denied; attempted to load a profile while confined?15:41
zygaChipaca: odd, I don't have sort.Slice15:41
zygaChipaca: is that a 1.7 thing?15:41
Chipacaah15:41
Chipacaif it is, then ignore me15:41
Chipacazyga— quite possibly15:41
pedronisliving in the future (well past) ?15:41
zygaChipaca: I wish go docs had a @since thing15:41
Chipacayeah15:41
zyga:/15:41
Chipacame too15:41
zygaok15:42
sborovkovChipaca: /v2/system-info works '{"type":"sync","status-code":200,"status":"OK","result":{"kernel-version":"4.4.0-1048-raspi2","managed":true,"on-classic":false,"os-release":{"id":"ubuntu-core","version-id":"16"},"series":"16","version":"2.23.6+201704032253.git.e2ab58d~ubuntu16.04.1"}}'15:43
sborovkovogra: command you have me works as well.15:44
fgimenezzyga: the test snaps are already in place since this morning for the dbus interface branch, could you please retrigger the tests? (i don't have the right permissions sorry)15:44
mbruzekHas anyone had problems with apparmor profiles while running snaps in lxd?15:44
ograsborovkov, well, does it stop returning 404 after you used that  ?15:44
tyhicksmbruzek: what ubuntu release for the host and container?15:44
Chipacasborovkov— and /v2/snaps/core/conf ?15:44
mbruzekxenial and xenial15:44
Chipacasborovkov— you might be missing the /snaps/ in there15:44
mbruzektyhicks: snap version 2.22.615:45
sborovkovChipaca: oh you are right, my bad :-( How did I not notice that. So it's not gonna return the full list of settings anyway? Because with corrected url I get '{"type":"error","status-code":400,"status":"Bad Request","result":{"message":"invalid option name: \\"\\""}}'15:46
mbruzektyhicks: actually the host is yakkety15:46
zygafgimenez: I don't have permissions for adt, I can merge master and push though15:46
fgimenezzyga: np, i'll do it15:47
Chipacasborovkov— I don't know enough about config to answer that15:47
tyhicksmbruzek: and the container OS?15:47
mbruzekUbuntu15:47
tyhicksoh15:47
tyhicksyou didn't higlight me in you orig answer15:47
tyhicksmbruzek: is the container unprivileged?15:48
mbruzektyhicks: so xenial, and yakkety15:48
mbruzektyhicks: it is a privileged container15:48
tyhicksmbruzek: that's a problem - that means that /sys/kernel/security/apparmor doesn't exist inside your container, does it?15:49
tyhicksmbruzek: well, you'll probably see "permission denied" even as root when trying to look at that directory15:50
mbruzekwhen I sudo su - I can see the profiles file.15:51
ograsborovkov, try querying for "system" after you set the powerkey-action key it should contain something ... what you are running is teh equivalent of: snap get core " " ... that returns the "invalid-option" while: "snap get core system" will return the json for the system category15:51
tyhicksmbruzek: your inside the container?15:51
mbruzektyhicks: oh that was on host15:51
tyhicksmbruzek: right - the problem is that you don't have access to apparmorfs inside of the privileged container so snapd can't load profiles15:52
mbruzektyhicks: Nope I can see in that folder and the files in it when inside the container15:52
sborovkovogra: Trying.  r = session.get('http+unix://%2Frun%2Fsnapd.socket/v2/snaps/core/conf', data={'keys': 'system'}) -> '{"type":"error","status-code":400,"status":"Bad Request","result":{"message":"invalid option name: \\"\\""}}'15:52
sborovkovsnap get core system does return proper values though15:52
zygafgimenez: thank you!15:52
zygatyhicks: hello :)15:53
ograogra@localhost:~$ snap get core system15:53
ogra{15:53
ogra"powerkey-action": "poweroff"15:53
ogra}15:53
tyhicksmbruzek: inside the container, run `"echo profile ctest {}" | sudo apparmor_parser -qr`15:53
ograsborovkov, it does for me15:53
tyhickshey zyga!15:53
ograsborovkov, oops, sorry, i read "doesn't"15:53
zygamorphis: I'll EOD and focus on giving F25 workstation and server a quick test15:53
sborovkovogra: Yup that works. But not when I am doing request myself. Not sure what's the difference. I see that I am supposed to pass keys to it which I do15:53
ograperhaps try the full key name ... "system.powerkey-action"15:54
mbruzektyhicks: # `"echo profile ctest {}" | sudo apparmor_parser -qr`15:54
mbruzekecho profile ctest {}: command not found15:54
sborovkovogra: Same error :-( It does not like "keys" it seems.15:55
mbruzektyhicks: same error if I run as "ubuntu" inside the contaienr15:55
ograhmm15:55
* zyga waves o/15:56
tyhicksmbruzek: I goofed up the quotes15:56
sborovkovogra: Ok I figured it out, mistake in my code15:56
ograah, cool15:56
tyhicksmbruzek: `echo "profile ctest {}" | sudo apparmor_parser -qr`15:56
Chipacasborovkov— does 'data' work with a dictionary like that?15:56
* ogra never used the REST api for config ... always only snap set/get15:57
Chipacasborovkov— what's the request you're doing, once you're past your library?15:57
mbruzektyhicks: apparmor_parser: Unable to replace "ctest".  Permission denied; attempted to load a profile while confined?15:57
mupBug #1679747 opened: Cannot send bluetooth SCO packets with Raspberry Pi 3 internal bluetooth module. <Snappy:New> <https://launchpad.net/bugs/1679747>15:57
sborovkovChipaca: Yeah, I replaced data with params and it works. I rarely use REST API so hence that mistake.15:58
Chipacasborovkov— out of curiosity, why are you using the api directly?15:58
tyhicksmbruzek: in the host, look in /var/log/syslog for any lines containing apparmor="DENIED" and /sys/kernel/security/apparmor/.replace15:59
morphiszyga: nice!15:59
morphiszyga: don't forget to comment in bodhi!16:00
sborovkovChipaca: well we distribute our software with users not having access to the system. So for some cases (for some TVs) they might need to change config.txt values from webinterface to get it to work. So I need an ability to modify it programmatically from our snap16:01
mbruzektyhicks: Yep I see it16:01
mbruzektyhicks: Apr  4 08:48:58 pandora kernel: [ 1782.858544] audit: type=1400 audit(1491313738.389:146): apparmor="DENIED" operation="file_mmap" namespace="root//lxd-juju-70fced-0_<var-lib-lxd>" profile="/usr/lib/lxd/lxd16:01
mbruzek-bridge-proxy" name="/usr/lib/lxd/lxd-bridge-proxy" pid=17468 comm="lxd-bridge-prox" requested_mask="m" denied_mask="m" fsuid=165536 ouid=16553616:01
Chipacasborovkov— and your snap is python already so you prefer to talk to the rest api directly?16:02
tyhicksmbruzek: that's not the one I'm looking for since it doesn't mention the ".replace" file16:03
sborovkovChipaca: yes16:04
Chipacafair16:04
zygamorphis: will do :)16:05
morphiszyga: we need to talk in the next days a bit more about your research in the past about the policy for golang packages in openSUSE16:06
zygamorphis: sounds good16:07
mbruzektyhicks: The DENIED ones do not contain replace, the STATUS ones do. http://pastebin.ubuntu.com/24314095/16:07
tyhicksmbruzek: ok, I'll need a little bit to look through lxd's code and/or poke at this myself16:08
mbruzekwould you like me to create a bug?16:09
tyhicksmbruzek: this is an intentional decision by lxd to not allow apparmor profile loads inside of privileged containers: https://github.com/lxc/lxd/blob/master/lxd/apparmor.go#L32116:11
tyhicksmbruzek: we're not seeing a denial message in the syslog because the rule on line 326 denies without auditing those filesystem accesses16:13
tyhicksmbruzek: you should use an unpriv container if you need to run snaps inside the container today16:13
mbruzektyhicks: I thought priviledge containers should be able to do everything? why can they not load apparmor profiles?16:14
tyhicksmbruzek: no, they cannot do everything16:15
mbruzekOK16:15
tyhicksmbruzek: they're still confined and there attempts made at trying to keep them from affecting the system16:15
tyhickss/there attempts/there are attempts/16:15
tyhicksmbruzek: you could file a bug against lxd and subscribe the security team so that we can discuss if it is safe to enable profile loads inside of a privileged container using apparmor namespaces16:18
tyhicksmbruzek: I don't know the answer to that off the top of my head and we'd need broader discussion16:18
mbruzekwill do after my meeting.16:18
tyhicksok16:18
mupPR snapd#3141 opened: many: show available "tracks" in `snap info` <Created by mvo5> <https://github.com/snapcore/snapd/pull/3141>17:00
pedronismvo: this test seems to fail often, at least under autopkgtest: autopkgtest:ubuntu-16.10-amd64:tests/main/refresh-core-with-hanging-configure-hook17:56
mdyeI have snapd 2.23.6 and a snap installed in devmode and tracking from the beta channel. "snap info" shows a new version (2.0.1 vs. my current 2.0.0) in that channel, but "snap refresh" doesn't update my running instance. Is that intended or a bug?19:10
ograyou need to pass --devmode to the refresh command too if you installed with --devmode19:14
ogra(security feature)19:14
mdyeogra: thx; automatic updates and rollbacks are handled by snapd as of something like 2.22 instead of the systemd timer, right? is there a way today to enable automatic updates and rollbacks of snaps installed with devmode?19:20
pmcgowanmdye, not currently, there is an open bug on it19:24
mdyethx. do you have a URL to the bug? I'd like to track it19:25
pmcgowanhttps://bugs.launchpad.net/ubuntu/+source/snapd/+bug/166510219:25
mupBug #1665102: Snap refresh not working as expected on devmode snaps <snapd (Ubuntu):Confirmed> <https://launchpad.net/bugs/1665102>19:25
mdyethx :)19:25
pmcgowanyep19:25
mupBug #1676928 opened: snap shell can't reach $SNAP_USER_DATA: Permission denied <cdo-qa> <Snapcraft:New> <Snappy:New> <https://launchpad.net/bugs/1676928>19:25
Chipacawhy, oh *why*, does setting IFS to \n make compgen not print newlines?19:45
jrwrenin bash, IFS is internal field separator. its not awk where it is input field separator with corresponding output field separator19:48
mupPR snapcraft#1214 closed: sources: add subversion source tracking <Created by josepht> <Closed by josepht> <https://github.com/snapcore/snapcraft/pull/1214>19:50
Chipacajrwren— so why does setting it to \n make the output of compgen not include it?19:55
ChipacaI'd be unsurprised if compgen used ${IFS[0]} to separate its output19:55
Chipacabut ... this is the opposite19:55
jrwrenChipaca: sorry, not sure, just trying to help with pointers, hopefully not bad pointers.19:57
Chipaca:-D19:57
mupPR snapcraft#1215 closed: sources: add mercurial source tracking <Created by josepht> <Closed by josepht> <https://github.com/snapcore/snapcraft/pull/1215>20:02
chani_hi guys i got a doubt20:11
Chipacachani_— shoot20:12
chani_i am trying to include a debian package in my snap using stage-packages20:12
chani_and when i try to run that package from a coustom script via deamon20:13
chani_its not working as the deb executable script has hard links to other files like /usr/bin/...20:14
chani_which it can't find as they are included in /snap/my-snap/usr/bin....20:15
chani_so what can i do here20:15
chani_should i use docker instead as where i have a complete virtualization20:18
chani_or is there some way i can use virtualization in my snaps20:18
niemeyerOkay, I'm going to take a break now..20:23
niemeyerSorry, didn't manage to get to 2.24 yet.. will try to do some work there today still20:23
niemeyerchani_: Can you please ask a question under the snapcraft category in the forum, if that's not asking too much?  I'll back back later and  would like to hear/collaborate on the conversation20:25
niemeyerchani_: There are a few tricks you can use to make that work, and I have some ideas to improve on that exact area20:26
* niemeyer back later20:26
chani_can you give me the link as to where to post the question20:26
chani_and also if there is any document reference for the tricks you mentioned20:27
pedronischani_: https://forum.snapcraft.io/20:45
chani_got it i am posting it right there now20:47
mupPR snapcraft#1224 closed: tests: update name registration window limit test <Created by elopio> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1224>20:53
mdyeis there a way to prevent snapd from doing updates ? (to lock a version indefinitely or delay updates for a time?)20:59
chani_niemeyer: hai i had posted my question in the form here is the link https://forum.snapcraft.io/t/how-to-ship-deb-packages-along-with-snaps/14921:18
mupPR snapcraft#1231 opened: pluginhandler: exclude `/snap/` from libraries <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/1231>21:20
mupPR snapcraft#1228 closed: nodejs plugin: switch to the newer LTS <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1228>21:29

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!