=== JanC is now known as Guest15321 === JanC_ is now known as JanC === chihchun_afk is now known as chihchun [05:15] PR snapd#3437 opened: tests: apt autoclean === chihchun is now known as chihchun_afk === chihchun_afk is now known as chihchun === chihchun is now known as chihchun_afk === chihchun_afk is now known as chihchun [06:53] good morning! [06:53] mvo: hey, did you see the resolution of the lock bug? [06:53] any idea why a snap would not list its aliases in `snap aliases`? [06:58] icey: that's something pedronis would know [06:58] to expand a bit, the app in the snapcraft.yaml hasthe alias listed (aliases: [rg]), but it isn't listed at all with the snap installed [07:01] hey zyga - good morning [07:01] zyga: yeah, looks like the root cause is found which is great [07:03] PR snapd#3436 closed: tests: fix econnreset on staging [07:04] PR snapd#3432 closed: tests: clean journalctl logs on trusty [07:12] PR snapd#3414 closed: tests: show available entropy on error [07:34] morphis: which PR did you asked me to review yesterday? sorry, forgot about it and want to do it now [07:52] apw: hey, good morning! are there any blockers for 2.26.4 into -propsed left? the artful arm build failure is fixed and afaics autopkgtests on artful are also happy [08:11] mvo: hey! [08:12] mvo: https://github.com/snapcore/snapd/pull/3365 and https://github.com/snapcore/snapd/pull/3222 are the most relevant ones [08:12] PR snapd#3365: tests,packaging: add package build support for Fedora for our spread setup [08:12] PR snapd#3222: many: fix test cases to work with different DistroLibExecDir [08:12] mvo: where I would really like to get #3222 merged as its pending for nearly 1.5 months now [08:12] if someone could do a second review on #3348 that would be great [08:12] morphis: thanks, checking [08:13] mvo: let me look at [08:13] #3348 [08:13] morphis: isn't 3365 blocking on a second gustavo review? [08:14] mvo: it is [08:14] mvo: both PRs are [08:15] but I hope we can spot all minor things until he has time to look again [08:17] morphis: :) makes sense [08:18] mvo: thanks for the review on the suse PR [08:46] mvo: fixed the things you pointed out in https://github.com/snapcore/snapd/pull/3406 [08:46] PR snapd#3406: tests,packaging: add package build support for openSUSE [08:49] thanks morphis [08:52] np [08:54] * zyga will soon have time to do some reviews [09:01] Tribaal: i like where (i imagine) you're going with your 'how to make a very simple deb package' post :-) [09:13] oookay [09:13] * zyga has 93 patches [09:21] PR snapd#3111 closed: snapd: initial implementation for systemd software watchdog for snapd [09:23] zyga: 93 patches for what? [09:27] mvo: for allowing base declaration to be declared alongside each interface [09:29] zyga: once you did that, I would love to talk about base-snaps and snap-confine, the next step for 3317 is snap-confine support [09:29] excellent [09:30] ho in 10 min? [09:33] zyga: yeah, something like this, I'm in the middle of a branch myself, so make that ~15min :) [09:41] mvo, so do i take it the build failure was triggered by an external artful specific issue which has been fixed and those builds retried ? [09:42] pedronis: is this https://forum.snapcraft.io/t/auto-aliasing-and-duplicate-aliases/907 a question for you? [09:43] apw: correct, arm/armhf is now building with PIC by default and that required a non-change rebuild of apparmor, I did that and things are fine [09:43] mvo, then no i don't think there are any blockers, and i'll go sort that out [09:45] apw: yay, thanks a lot! [09:46] zyga: can you add your PRs for snap-confine to https://forum.snapcraft.io/t/including-snapd-in-the-opensuse-factory-branch/863 ? [09:48] morphis: I haven't pushed them yet but I will do, I'm adding the last part of the base-policy work [09:48] zyga: didn't you push at least the spread test one? [09:49] morphis: then I'll have a call with mvo and then I'll resume snap-confine work, sorry for keeping you waiting [09:49] I am sure I saw one [09:49] zyga: np [09:49] morphis: ah, yes, that one landed I think [09:49] * zyga looks [09:49] Chipaca: yes, have bookmarked will answer to it [09:49] pedronis: ok [09:50] morphis: done [09:51] zyga: thanks! [10:06] Chipaca: hey, how to use http to POST some data to /v2/debug endpoint [10:07] Chipaca: I try the naive "http snapd:///v2/debug '...'" but this fails on invalid header name [10:07] 1 sec, let me try it here :-) [10:07] Chipaca: should I redirect the actual input via < and make it look like a http request? [10:07] Chipaca: I added a new debug method and I want to play with it [10:07] Chipaca: if you can post things like "ensure-state-soon" that's enough [10:08] Chipaca: ah, I got it [10:08] zyga: http snapd:///v2/debug action=ensure-state-soon [10:09] :D [10:09] thanks! [10:09] np! [10:09] I used more brute force way [10:09] << EOF [10:09] and then I typed the JSON [10:09] yes, that also works [10:09] but http knows about json body POSTs [10:09] :-) [10:09] zyga: I need to have lunch soon, so we need to postpone the HO [10:09] mvo: sure [10:09] PR snapd#3438 opened: daemon: make snapd a "Type=notify" daemon and notify when startup is done [10:09] mvo: I'm in the HO for some time, just join me when you can :) === ogra_ is now known as ogra [11:01] mvo: one more thing [11:02] mvo: to get base snaps to work on core systems we will need to treat them the same way as we do on classic [11:02] mvo: with pviot root and what not [11:02] mvo: (which is actually nice) [11:02] mvo: I won't make that change today [11:04] hey all, any idea where did https://developer.ubuntu.com/snappy/guides/mir-snaps go? [11:08] Saviq, i think davidcalle was working on getting it back [11:11] mvo: ok, I have a branch with the --base snap option [11:11] mvo: now to glue it to snap-exec [11:11] mvo: did you land your branch that adds information about the base snap to snap info? [11:18] mvo: ^ pushed as 3439 [11:18] mvo: let's land your earlier branch and iterate [11:19] PR snapd#3439 opened: cmd/snap-confine: add support for --base snap [11:45] Saviq: should be online by EOD or tomorrow [11:58] mvo, Chipaca: can you please +1 a trivial 3440 [11:58] I'll merge it when it goes green, I have some stuff I want to propose on top [11:59] PR snapd#3440 opened: interfaces: move base declaration to the policy sub-package [12:00] PR snapcraft#1314 closed: catkin plugin: add support for rosinstall files [12:01] Chipaca: I tried to answer [12:03] PR snapcraft#1357 opened: tests: do not break a systems `bzr whomai` [12:08] * Chipaca ~> lunch [12:15] mvo: looks like we don't have .vendor.tar.* tarballs for the 2.26.4, right? [12:15] only see one for 2.26.1 on https://github.com/snapcore/snapd/releases [12:16] ogra: hi! friendly ping that 4.4.0-79 is out for bbb [12:16] jdstrand, friendl pong that edge already has the new package ;) [12:16] I see it is in edge (nice!) [12:16] (waiting for my bbb to auto-upgrade [12:16] ) [12:16] ah [12:16] (because i want to test something alongside) [12:16] ogra: curious if edge is auto-uploaded? [12:17] once i see it boots i'll push it to the other channels [12:17] yeah, it is [12:17] nice [12:17] with my work on split-initrd i plan to re-ork the whole process to actually use build.snapcraft.io though [12:17] *re-work [12:18] and move linux-generic-bbb to GH [12:18] morphis: 2.26.4 is missing indeed, I take care of it today [12:18] mvo: thanks! [12:19] Chipaca, pedronis: 3441 is for you [12:19] PR snapd#3441 opened: cmd,daemon: add debug command for displaying the base policy [12:19] zyga: re one more thing> indeed, it will behave like on classic right now [12:19] mvo: yes, I agree [12:20] zyga: ta [12:20] zyga: and thanks for the branch! [12:20] mvo: I think it's not a big deal (less code actually) but some stuff will need to change [12:20] zyga: I check it out now [12:20] mvo: I will do that but not today, I need to work on stuff for openSUSE for morphis first [12:20] mvo: and then I want to return to the core/base snap staleness issue [12:20] mvo: but if you are blocked by anything please ping me, it should be easy :) [12:20] zyga: yeah, I think we need richer yam (as we talked about) in the medium term [12:21] zyga: no worries, thanks! lets aim for EOW for some progress with bases [12:21] mvo: I'm pretty sure we can run stuff today if you land your other branch that has the name of the base snap in snap info, and pull the base snap on install [12:21] mvo: I can quickly patch snap run to pass --base next [12:22] zyga: no worries, I can do the --base PR [12:22] zyga: I will also need to look at some 2.26.4 releated release work :/ [12:23] oh? more fun? [12:24] zyga: yeah, need to investigate a potential trusty bug [12:24] mvo: oh, anything I can help with? [12:24] mvo: is it related to rshare of /snap/ [12:26] zyga: the snap confine profile rewrite is looking for "snap.confine.real" but on trusty it looks like we don't call it .snap-confine.real :/ [12:26] zyga: andy spotted this while reviewing the diff [12:28] mvo: oh, interesting [12:28] zyga: I have not looked at the details yet, I will finish 3438 and continue then [12:28] mvo: I changed that later to always call it .real [12:28] mvo: at least in testing [12:28] mvo: but hmm hmm, indeed [12:28] zyga: plus it looks like a test for this is missing or incorrect (in spread) [12:28] mvo: are you talking about maintainer script or the code in snapd that relates to core and reexec [12:28] zyga: feel free to grab it if you want :) [12:29] zyga: core and re-exec [12:29] zyga: but like I said, I have not looked into the details yet, just got word from andy that it may be fishy [12:29] mvo: hmm, but isn't the core always 16.04 so the profile name is fixed? [12:29] aha [12:29] I'm jumping into a slot of calls, I can look with you after the standup [12:33] zyga: aha, indeed, i think you are right, will double check [12:56] PR snapd#3412 closed: tests: fix for snapd-reexec test cheking for restart info on debug log [12:59] davidcalle, thanks [13:07] HO is having one of those days it seems [13:42] jdstrand: hey, I'm having a weird issue/question on apparmor vs desktop snap [13:42] jdstrand: so, there are some theme properties (like dark theme) which are in a file ~/.config/gtk-3.0/settings.ini [13:43] it's basically gtk-application-prefer-dark-theme=1 [13:43] I was going to test before adding access to that file in the unity7 interface [13:43] the snap is a confined one (gtk3-demo), which has the home plug. I create a symlink at launch in SNAP_USER_DATA/.config/gtk-3.0/settings.ini [13:43] if I snap run --shell [13:44] and $ cat $SNAP_USER_DATA/.config/gtk-3.0/settings.ini [13:44] cat: /home/didrocks/snap/gtk3-demo/x1/.config/gtk-3.0/settings.ini: Permission denied [13:44] as expected (as you told, .* are forbidden by default in the apparmor profile) [13:44] same with direct cat /home/didrocks/.config/gtk-3.0/settings.ini [13:45] however, running gtk3-demo, it applies the dark and white themes based on that file! [13:45] if gtk-application-prefer-dark-theme=1 in settings.ini -> running gt3-demo -> dark [13:45] if gtk-application-prefer-dark-theme=0 in settings.ini -> running gt3-demo -> white [13:45] and that's the only thing I change! [13:46] I'm wondering how come I can't cat it, but in some way, gtk is able to read it (and wonder if we don't have some security apparmor profile issues) === cpaelzer_ is now known as cpaelzer [13:55] didrocks: reading is done differently than writing in gsettings, no? [13:57] zyga: this isn't gsettings, it's a plain file [13:57] (that's why I'm giving file path above, not gsettings schema path ^) [13:58] didrocks: can you show the apparmor denial you are getting? [13:58] zyga: there is none in sudo snappy-debug.security scanlog [14:00] when launching gtk3-demo [14:00] but if I cat in snap run gtk3-demo --shell, I'm getting the expected: [14:00] Log: apparmor="DENIED" operation="open" profile="snap.gtk3-demo.gtk3-demo" name="/home/didrocks/.config/gtk-3.0/settings.ini" pid=21903 comm="cat" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 [14:00] File: /home/didrocks/.config/gtk-3.0/settings.ini (read) [14:00] didrocks: dmesg | grep DENIED [14:00] aha [14:00] right [14:01] so, basically, gtk has access to this file content, which sounds weird… [14:03] didrocks: note that dot-files in the real home are forbidden [14:03] didrocks: but in the remapped home you can do anything [14:04] mvo: updated https://github.com/snapcore/snapd/pull/3222 [14:04] PR snapd#3222: many: fix test cases to work with different DistroLibExecDir [14:04] zyga: yes, but that doesn't explain why gtk3 can read the original file in real ~/ though [14:05] is it getting that via dbus perhaps? [14:05] nope [14:05] as told above, the only change is done via that file between 2 launchs that are applied [14:05] well, that doesn't rule out dbus [14:10] zyga: no, it can clearly access the file [14:11] [pid 22370] access("/home/didrocks/.config/gtk-3.0/settings.ini", F_OK) = 0 [14:11] [pid 22370] open("/home/didrocks/.config/gtk-3.0/settings.ini", O_RDONLY) = 10 [14:17] didrocks: it sounds like the one where it reads the file is not running under confinement [14:18] didrocks: how are you launcing it? when it is running, what does 'ps auxwwZ' tell you the profile name is for that process? [14:19] jdstrand: ohhhhhhhhhhhhhhhh, sorry to have bothered you, the snap path is still after the system one, well, scratch that… [14:20] heh, that would do it :) [14:21] jdstrand: I was soooooooooooooooo puzzled [14:21] hehe :) [14:23] Chipaca: shhhh don't spill the beans about my master plan (yet) :) [14:41] zyga, I left a comment on https://github.com/snapcore/snapd/pull/3433 [14:41] PR snapd#3433: tests: restoring the /etc/environment and service units config for each test [14:44] zyga, in the state dir we can store the snapd state, and also en env file and other stuff that could be needed independently [14:57] morphis: do you have a suse or fedora vm where snapd is not started by default? if you run there: "snapctl is-active snapd.service", what output do you get? [14:59] zyga: or you maybe -^ ? [15:01] is there an official AMI or method to produce one for ubuntu core? [15:02] I've googled a bit and saw this was announced in 2014, but couldn't actually find an AMI today [15:03] mvo: why do we use /etc/environment for the snapd units in Ubuntu? [15:04] in Fedora, we use /etc/sysconfig/snapd [15:04] (if it exists) [15:04] the Debianish counterpart would be /etc/default/snapd [15:05] (though imo, /etc/default is a horrible name for this directory and what it does) [15:06] mvo: let me check [15:07] Pharaoh_Atem: this is used for a systemd environment, a typical use case is a system-wide proxy environment. its typically set there on debian/ubuntu. is /etc/environment not used in fedora at all? [15:07] morphis: thank you [15:07] mvo: it exists, it's just empty [15:07] in Fedora, we don't really use it [15:08] mvo: https://paste.ubuntu.com/24801073/ [15:08] Pharaoh_Atem: if someone wants to configure a systemwide proxy (e.g. via http_proxy=http://proxy.internal) - whats the typcial way to do that? [15:08] zyga, at the end I am implementing what you suggested [15:08] morphis: thank you [15:08] mvo: that is on opensuse [15:09] mvo: you can set that in NetworkManager [15:09] it applies network wide [15:09] Pharaoh_Atem: how? [15:09] Pharaoh_Atem: do people use this on server too via nmcli? mostly curious [15:09] mvo: Yep [15:09] it's the preferred way to manage networking since RHEL 7 / Fedora 16 [15:10] Pharaoh_Atem: i mean, how does it set things "network wide", such that e.g. curl picks it up? [15:10] Pharaoh_Atem: thank you! yeah, my next question is the one that Chipaca already asked, i.e. what do we need to do in snapd to honor this :) [15:10] afaik, it's exposed via pacrunner? [15:11] and libproxy [15:11] and a few other means [15:13] Pharaoh_Atem: thanks, sounds like we need to research that a bit deeper then, we definitely want to have seamless proxy support for nm [15:14] I moved the snapd units to read /etc/sysconfig/snapd because you can set things other than proxy stuff to have snapd process it [15:14] and since snapd doesn't support a config file, it's the best I have [15:16] * mvo nods [15:16] we'll have a config file someday [15:17] … but not today [15:17] mvo: not to mention, I can also forbid things other than snapd from manipulating the file [15:17] through SELinux (or in your case, AppArmor) [15:17] Pharaoh_Atem: heh, indeed! [15:18] the SELinux policy module already does this by default for distros that use /etc/sysconfig (RH, SUSE, Gentoo, Arch) and /etc/default (Debian, Ubuntu) [15:18] * Pharaoh_Atem wishes /etc/default was renamed to /etc/sysconfig, as he thinks it's more accurate in purpose [15:32] PR snapd#3440 closed: interfaces: move base declaration to the policy sub-package [15:34] cachio_: thanks, I'll chek that out [15:34] Pharaoh_Atem: btw. you made any progress on snap-mgmt.sh? [15:34] mvo: let me check [15:34] mvo: I'm typing from suse :) [15:34] Pharaoh_Atem: mvo brought this up at https://forum.snapcraft.io/t/share-code-between-debian-postrm-purge-and-snap-mgmt-sh/915/2 earlier today [15:34] morphis: I made changes but no one tested to tell me if it's all good yet [15:35] morphis: I submitted updates to snapd in Fedora that have been sitting in updates-testing with more changes [15:35] Pharaoh_Atem: ah nice! based on 2.26.4? [15:35] not yet [15:35] I wanted to know whether snap-mgmt.sh does all the things right first [15:36] if there's something to fix, I was going to bundle it with snapd 2.26.4 update [15:36] snapd-2.26.3-3.fc{24,25,26} is the current build [15:36] the last time you gave me feedback was a month ago [15:38] pedronis: hey, I'm looking at the assertion response but I think it was actually easier first time around [15:38] pedronis: it seems that now I cannot just use Client().Debug() as I need to poke at headers and fire a custom decoder [15:38] Pharaoh_Atem: hm, then I forgot to press the button [15:38] pedronis: where all I want is the simple string for security team to review [15:38] but I've tested 2.26.3 and it was working but left an empty /var/lib/snapd dir [15:38] pedronis: I adapted the code to load assertion from the state as suggested [15:39] pedronis: am I missing something simple that lets me just access the response data as-is? [15:39] morphis: even 2.26.3-3? [15:40] zyga, mvo, Pharaoh_Atem: can you guys give a vote on https://github.com/snapcore/snapd/pull/3365 by your EOD? [15:40] PR snapd#3365: tests,packaging: add package build support for Fedora for our spread setup [15:40] Pharaoh_Atem: hm, let me power up my fedora VM and check [15:40] is there any way to share files among different parts in a snap? for example I want to use the dump plugin to dump patches. and then in another part use those patches to patch upstream code. [15:40] morphis: maybe, I'll try :/ === chihchun is now known as chihchun_afk [16:06] ok i answered my question. yes it's possible to share files amoung parts. was having trouble getting it going due to my own error. [16:09] PR snapd#3442 opened: snap: ensure security polices are re-created === mpt_ is now known as mpt [16:37] * zyga feels so-so and goes back to sleep [16:38] zyga: sorry, I forgot about Client.Debug, what you were doing make sense, though you probably want to add a level more of indirection [16:38] {"base-declaration": ... } or something [16:49] zyga, change pushed [16:50] zyga, question, how do you usually set a dependency between branches? [16:56] so... i have a first pass at the services branch [16:56] https://github.com/snapcore/snapd/compare/master...chipaca:snap-services [16:56] one thing i'm unsure about [16:56] is the lack of overlord in that code :-) [16:56] niemeyer: is that ^ how you imagined it working, or were you thinking that this would happen via tasks? [16:57] Chipaca: Sounds like we can start without tasks, and move there if/when we need to [17:11] niemeyer: excellent [17:11] but now eod === JanC_ is now known as JanC [17:26] Pharaoh_Atem: 2.26.3-3 still gives me the empty /var/lib/snapd [17:26] anything in the logs that indicate why? [17:27] niemeyer: you have time to approve https://github.com/snapcore/snapd/pull/3365 today? [17:27] PR snapd#3365: tests,packaging: add package build support for Fedora for our spread setup [17:27] Pharaoh_Atem: not really === chihchun_afk is now known as chihchun [17:30] Pharaoh_Atem: will have a more close look tomorrow morning [17:30] okay, cool, thanks [17:33] sdrobertw, I know how that goes! Thanks for keeping me on the loop :) [17:34] sdrobertw, the idea was raised to put the series on https://www.96boards.org/projects/ . What do you think? [17:36] There is an AWS live stream going on right now (around IoT) for anyone who is interested: https://live.awsevents.com/IoTevent [17:40] jdstrand, https://dashboard.snapcraft.io/dev/snaps/7788/rev/1/ one for you :) [17:41] (finally an ubuntu core board with proper SATA and gigabit ethernet ;) ) [17:41] (and it uses linux-generic-bbb!) [18:26] ogra: done [18:27] whee ! [18:27] i guess auto-approavl only after the next review-tools update as usual ? [18:28] morphis: Yes, I can look again [18:28] morphis: What's the status there? I've seen conversations about it in the last couple of days [18:29] ogra: yes. I updated the tools, but ping me until it auto-updates [18:29] (we need a store sync) [18:29] jdstrand, no hurry, i'm fine with waiting [18:34] kyrofa: would love to have the series on project page. [18:35] kyrofa, is there any way you could send me an email with all links/resources consolidated into one place? robert.wolff@linaro.org [18:36] This would make things much easier for me [18:37] sdrobertw, sure, though that sounds like the stuff that will be contained in the pull request I make to get it into projects. Want me to just do that? [18:38] (happy to send an email as well) [18:41] kyrofa: sure! That work just fine actually. Please let me know if I can help with anything. You will be second person to test this process. [18:42] It is all very new [18:42] sdrobertw, seems well-documented so far [18:42] :) [18:46] morphis: LGTM... tests are broken with an error that seems real [19:15] niemeyer: yeah saw that already, comes from a merge with master, will fix tomorrow [19:16] niemeyer: thanks! [19:46] morphis: np, and thanks for pushing it forward === chihchun is now known as chihchun_afk [21:19] niemeyer: hey, if you are still on, can I get your insight on this one https://forum.snapcraft.io/t/snapcraft-build-on-hint-for-builders/939?u=sergiusens ? I am trying to be future proof here and the build.snapcraft.io guys are interested in this to start supporting more arches out of the box === sergiusens_ is now known as sergiusens === akash_ is now known as akash === psftw_ is now known as psftw === TinoGuest_ is now known as TinoGuest === cargonza_ is now known as cargonza === diddledan_ is now known as diddledan === tvoss_ is now known as tvoss === ulkesh_ is now known as ulkesh [22:13] PR snapcraft#1349 closed: plugins: clarify wording of cross-compilation unsupported error [22:28] PR snapcraft#1356 closed: common: find data files via sys.prefix