[00:00] mwhudson: https://github.com/golang/go/commit/91139b87f776a553524b022753981e7909386777 [00:00] and good night [01:37] shouldn't the "requires classic or confinement override [01:37] " error be a "do you want to install classic mode which is blah blah Yes/No" ? === JanC_ is now known as JanC [03:44] PR snapcraft#1371 opened: beta [06:36] is it possible to get builds.snapcraft.io to build a package for which you are not a maintainer? the project has a snapcraft.yaml [06:37] I've just invited the owner of the repository to collaborate on the snap, but wondering what I can do to help move things forward [07:12] icey, GitHub requires someone to be a repo admin (or an organization owner) to set up “webhooks”, which is how build.snapcraft.io detects commits. So you’ll need to persuade a maintainer. [07:13] (Details here: ) [07:13] lett about persuading mpt, more about coordinating; I think he's in Pacific time, I'm Central European [07:14] icey, in the meantime, maybe you could build the snap on your own machine, to make sure it will work when it is set up. :-) [07:15] mpt I've been building it, I just invited the maintainer to collaborate on it :) `snap install --edge --classic alacritty` ;-) [07:15] Ah, good stuff [07:22] PR snapd#3502 opened: snap-seccomp: add more tests [07:34] moin === chihchun_afk is now known as chihchun [09:11] PR snapd#3503 opened: tests: add browser-support interface test [09:53] fgimenez: hey, quick question - do you have a suggestion how we could test the seccomp-bpf branch against the nested revert test that uncovered the network-manager and bluez issues? its not merged yet but before we merge it it would be great to verify that the bug is actually fixes [09:53] fixed [09:55] hey mvo, sure, the changes in the test for covering the bluez issue are already on master, just merging it in your branch (maybe the changes are already in your branch and this step is not needed) and running after setting the env vars should be enough, i can give it a try [09:56] wait, we need a core with your changes.. [09:58] fgimenez: yeah, thats the issue, could we simply revert to a saved copy of the self-build core or something? [09:58] fgimenez: or maybe we need to do it manually, but it would be great to get confirmation [10:01] mvo: yep after your changes are in master and an edge core is built from it it should be easy but before... we could build a core changing the ppa from wich it picks the debs and uploading there the debs built from your branch (maybe we could do this in the edge branch too?) [10:02] mvo: once we have a core with the changes from your branch i can change the test to sideload it, should that work (instead of refreshing)? [10:03] fgimenez: hm, it all sounds brittle, maybe the best is to do some basic testing manually and then once it is merged to the proper nested run, we want this merged anyway so it should be fine [10:03] mvo: ok sgtm, how can we test this manually? [10:07] instead of sideloading we could also upload the core built from your branch to staging and do a proper refresh [10:37] hello! Quick question - I can "snap set key=val". How do I remove certain config option? There is no "unset" [10:41] you set it to nothing [10:48] so, when installing a snap, systemd units start up before the initial configure hook is run, correct? [10:48] is there an install hook or similar thing that runs first, before systemd units are set up? [10:50] ogra_: so that does not seem to work for the kube-apiserver (I used snap set kube-apiserver runtime-config="") [10:50] ogra_: I end up with something like this: --min-request-timeout 300 --runtime-config --service-account-key-file === bloodearnest_ is now known as bloodearnest [11:10] am I right in thinking that snapctl only works in the configure hook, currently? It seems to fail in any other context anyway [11:14] PR snapd#3504 opened: interfaces: bring back seccomp argument filtering [11:15] jdstrand: you will like this one -^ :) [11:15] pstolowski: i think you're the one for answering bloodearnest's question there [11:21] bloodearnest, hey. correct, services are started before configure hook. install hook that runs before services are started is being reviewed currently - https://github.com/snapcore/snapd/pull/3498 [11:21] PR snapd#3498: hooks: support for install and remove hooks [11:22] pstolowski, great, thanks. Any rough idea of when that might be in a release? [11:23] bloodearnest, also, last week support for using snapctl also from other contexts (from apps in your snap) landed into master === trijntje_ is now known as trijntje [11:24] pstolowski, awesome [11:24] bloodearnest, not sure when the next release is, probably 2-3 weeks from now if it lands soon; mvo? [11:35] PR snapd#3505 opened: PLEASE IGNORE: Enable more tests for suse and fedora [11:39] Chipaca, et al, I'm running snapd like this: sudo SNAP_TESTING=1 SNAPD_DEBUG=1 SNAPD_DEBUG_HTTP=7 SNAPPY_USE_STAGING_STORE=1 /usr/lib/snapd/snapd [11:40] Facu: using it to install things, or just to query? [11:40] however, I'm not seeing the body responses in the logs, shouldn't I? this is an excerpt of the response: http://linkode.org/#IiLRuuty0L54FkOAgtvKb7 [11:40] Chipaca, it's inside a VM, it works! but I lack logging [11:40] ah [11:41] Facu: not related: it's SNAPPY_TESTING, not SNAP_TESTING [11:41] that _should_ work [11:42] * Chipaca tries it [11:42] Chipaca, but no body logged :/ [11:42] Facu: can you show me? [11:43] Facu: i mean, show me the logs you can see [11:43] Chipaca, note that I'd want also body in the requests, not only in the responses [11:43] Chipaca, yes! [11:43] Facu: you're not expecting to see the body of a snap download in the logs, are you? [11:43] Chipaca, http://linkode.org/#LhT7ABi0DterA4v7hEpZT4 , the activity triggered by a "snap refresh foobar40" [11:44] Chipaca, nah, just jsons [11:45] Facu: I'm seeing the response bodies in the logs, running it the same way you are [11:45] :o [11:45] and 2.22.2 is old, but not _that_ old [11:45] Facu: in particular: 2017/06/21 12:44:41.973596 logger.go:75: DEBUG: < "HTTP/1.1 404 Not Found\r\nContent-Length: 380\r\nCache-Control: private, max-age=0, no-cache\r\nContent-Type: application/problem+json\r\nDate: Wed, 21 Jun 2017 11:44:42 GMT\r\nServer: Apache/2.4.7 (Ubuntu)\r\nStrict-Transport-Security: max-age=15768000; includeSubDomains; preload\r\nX-Bzr-Revision-Number: 138\r\nX-Vcs-Revision: 138\r\n\r\n{\"detail\":\"no assertion with type [11:45] \\\"snap-declaration\\\" and key {\\\"series\\\":\\\"16\\\",\\\"snap-id\\\":\\\"99T7MUlRhtI3U0QFgl5mXXESAiSwt776\\\"}\",\"error_list\":[{\"code\":\"not-found\",\"message\":\"not found: no assertion with type \\\"snap-declaration\\\" and key {\\\"series\\\":\\\"16\\\",\\\"snap-id\\\":\\\"99T7MUlRhtI3U0QFgl5mXXESAiSwt776\\\"}\"}],\"status\":404,\"title\":\"not found\",\"type\":\"assertions:v1:not-found\"}\n" [11:46] logger.go in DEBUG, I have those [11:46] yes [11:46] i can clearly see your log truncated at the \r\n [11:46] which is strange [11:47] ie just before the body [11:47] Facu: what happens if you run the snapd from core directly? [11:47] iei instead of /usr/lib/snapd/snapd, /snap/core/current/usr/lib/snapd/snapd [11:48] Chipaca, let me check; also, for considering... I'm in the VM after doing "lxc exec snapd-staging bash", may it be that my terminal is weird, and the golang library behaves differently? [11:48] what "golang library" dude [11:48] :-) [11:49] all the go bits are static i mean [11:49] … [11:49] oh, i got what you meant [11:49] Chipaca, logger.go, don't know [11:49] Facu: try sending it to a file to check that [11:49] but i seriously doubt it [11:50] it logs to stderr [11:50] yes [11:50] Chipaca, no luck (running core and/or into a file) [11:51] grmbl [11:52] this are the situations where I value a lot editing some /usr/lib/whatever system file and putting a print() there :p [11:53] Facu: this should be just as easy once you've got it set up to build [11:54] ie something like 'go build -o /tmp/srv ./cmd/snapd && SNAPPY_yadda … /tmp/srv' [11:54] but, yes, not python [11:54] Chipaca, yes, but in that case I'm not using *what is installed* [11:55] well... you're using 2.26.3+git410.g6e6bfcc which is pretty funky [11:55] :-) [11:55] Facu: what happens if you force it to use the one in /usr/lib? [11:56] Chipaca, isn't that what I'm doing when running /usr/lib/snapd/snapd ? [11:56] Facu: sudo SNAP_REEXEC=0 SNAPPY_TESTING=1 SNAPD_DEBUG=1 SNAPD_DEBUG_HTTP=7 SNAPPY_USE_STAGING_STORE=1 /usr/lib/snapd/snapd [11:57] still no luch [11:57] *luck [11:57] phew [11:57] Facu: can you check whether this works outside of the vm (but not pointing to staging)? [11:57] Chipaca, it works fine in my host machine [11:57] o...k [11:58] Chipaca, maybe updating snapd? [11:58] Facu: updating to what? [11:58] Chipaca, latest version? no idea [11:58] Facu: you ran the one from core already [11:58] that's the latest [11:59] Facu: and i have never seen this behaviour since I added support for the 3rd bit [11:59] give me a bit though [12:00] PR snapcraft#1372 opened: cli: Containerbuild clean [12:00] Facu: what distro is snapd-staging? [12:00] Chipaca, I'm not *blocked* for this right now (may really needed it later) but I'm happy to help you testing and trying stuff [12:00] Chipaca, xenial, 16.04.2 [12:01] Facu: no idea then [12:01] Facu: if you can give me steps to reproduce this i'll give it a poke this afternoon [12:06] Chipaca, created an lxc as specified in https://docs.google.com/document/d/1MSThKrO762SgeY2lw74R5lcA7oQjTtq1ifYNut18bho/edit#heading=h.7f3zvinx0gcg under "snapd" and entered into it with "lxc exec snapd-staging bash" [12:08] Chipaca, and thanks === Tryum_ is now known as Tryum [12:24] Facu: the github gist that doc points to is 404 for me [12:25] Chipaca, why people uses gist and not linkode!? [12:26] Facu: access control? revision history? group and team membership? Faster page loads? https by default? [12:27] Chipaca, oh, I wonder why linkode does not redirects to 443 [12:28] bloodearnest: we are currently working on an important fix in snapd, once that lands (the goal is this week), then normal 2 week schedule for snapd releases resumes [12:28] mvo, ack, tx [12:29] ppisati, when i patch a dts in the tree and re-build the package, is anything in the build env reverting my change ? i dont get the new devices in the dtb [12:30] (i didnt run "fdr clean" to save time, would that be needed ?) === chihchun is now known as chihchun_afk [13:12] ogra_: nothing reverts stuff in the tree, and it should call 'make dtb' at the end, so you should get the 'new' dtb [13:12] unless there's a bug, of course [13:12] ogra_: which tree? [13:13] master-next ... i'm trying to add a sun8i-emac driver http://paste.ubuntu.com/24916775/ [13:13] ogra_: artul? [13:13] *artful? [13:13] yep [13:14] ogra_: let me try that [13:15] ppisati, well, fdr clean seems to have helped, now i see ethernet0 [13:16] * ogra_ checks if he also sees it after u-boot :P [13:16] [ 12.387103] sun8i-emac 1c30000.ethernet (unnamed net_device) (uninitialized): No associated PHY [13:16] aha [13:16] seems i'm close :) [13:20] Bug #1699504 opened: "network" plug does not allow outbound ping [13:21] hmm,, thats a bit annoying that it makes everything so time consuming [13:31] ppisati, ogra_ is it possible to force building with a given gcc version a kernel snap? [13:32] abeato, i guess you can force one in build-packages [13:32] but indeed only the ones available in xenial [13:33] PR snapcraft#1373 opened: Add support in snapcraft yaml for reload-command directive [13:33] ogra_, ok, will give a try, thanks [13:33] PR snapd#3490 closed: client, daemon: using oddjobstate, implement service operations [13:35] abeato: uhm, not that i'm aware [13:35] ppisati, ok, nw [13:40] Chipaca: hey, I've just noticed a store snap with an empty publisher field in snap info, is that supposed to happen in some edge cases? [13:41] davidcalle: what snap? [13:41] snap info peek [13:49] mvo: quick question, is SNAPPY_USE_STAGING_STORE enough for ubuntu-image to use staging? the underlying prepare-image is going to honor it, right? [13:53] mvo: hey, so I'm going to flesh out the password-manager-service policy next. you have a PR already that I figured I'd build on. how do you want to coordinate that work? [13:54] fgimenez: it needs snap built for staging [13:55] because of keys for checking assertions [13:58] pedronis: aha, great thx, i'll change the test to have that into account to (and eventually build snap if needed) [14:01] fgimenez: I think so, yes [14:01] jdstrand: you can have the password-manager-service, either branch from it and push a new PR and I close mine - or just push to my PR. but if its a lot of churn I think branch, new PR is better [14:04] niemeyer: taking this logs things to its natural conclusion, i think i'll make systemd.Logs (which nobody else uses) return an io.Reader [14:04] mvo: ack, thanks. I'll do a new PR I think [14:04] davidcalle: I don't see it having an empty publisher here [14:04] davidcalle: what are you seeing? [14:06] Chipaca: Yeah, that seems reasonable [14:07] Chipaca: The other option would be to pass in a writer, but that's perhaps less natural [14:09] Chipaca: I think I figured out what happened. I had a homemade snap of the same name locally installed, which gave me: [14:09] https://usercontent.irccloud-cdn.com/file/ZZJolLOW/Screenshot%20from%202017-06-21%2016-09-10.png [14:10] davidcalle: yep, x revisions don't have a publisher [14:10] because they're not published :-) [14:10] Chipaca: yeah, but snap info picked up channel data from the store snap :) [14:10] yeah [14:10] Hence, the confusion [14:10] davidcalle: suggestions for making this difference clearer very much accepted [14:14] Chipaca: what about "tracking: local" when there is no tracking info available, hence not in the store ? [14:14] that kinda makes sense :-) [14:14] niemeyer: what do you think? [14:16] It's not actually tracking local.. it's not really tracking anything since it won't ever update without manual action [14:16] Chipaca: Given the above picture, the magic dash seems fitting [14:17] As in, it's what we used to mean "there's nothing there" in the channels [14:17] +1 [14:18] niemeyer: consider it done [14:18] and by "it" I obviously mean using “ヽ( ͡͡ ° ͜ ʖ ͡ °)⊃━☆゚. * ・ 。゚” to signify the above [14:18] PR snapd#3472 closed: interfaces, tests: add mising dbus abstraction to system-observe and extend spread test [14:22] niemeyer: hopping subjects again, what needs to happen so shellcheck is available on the linode that runs the static tests? (that's a ubuntu-16.04-64) [14:23] Chipaca: Is that a deb package in the archive? [14:23] niemeyer: yes but not in xenial (we'd need the one from yakkety at least) [14:24] niemeyer: (it's usable directly, if you install the deb in the image directly for example) [14:24] niemeyer: http://mirrors.kernel.org/ubuntu/pool/universe/s/shellcheck/shellcheck_0.4.4-2_amd64.deb [14:26] Chipaca: Okay, so best route is likely to wait for cachio's PR to go in, so he doesn't need to fix that again (it's centralizing all package installs), and then it'll get included in the big image rebundling that I'll need to do for moving those installs out of the suite altogether [14:27] niemeyer: neat [14:27] niemeyer: this will make master fail right now [14:27] because a number of things have crept in [14:27] still, easy to fix once we're there [14:27] some are actual bugs :-/ === chihchun_afk is now known as chihchun === mup_ is now known as mup [14:51] PR snapd#3506 opened: asserts: introduce NewDecoderWithTypeMaxBodySize [14:51] Chipaca: hey, zyga pointed me to you for this issue https://forum.snapcraft.io/t/edge-beta-revert-fails/1072 - he said you know more about this [14:53] Chipaca: this will be a blocker for 2.27 [14:53] * Chipaca looks [14:54] mvo: I think he confuses "it happened to me a lot and drove me bonkers" with "knows more" [14:54] Chipaca: lol [14:54] ogra@orangepi-zero:~$ snap list [14:54] Name Version Rev Developer Notes [14:54] core 16-2.26.4+git245.a96842e 2212 canonical - [14:54] linux-generic-allwinner 4.11.0-7.12 x1 - [14:54] orangepi-zero 16-0.1 x1 - [14:54] \o/ [14:54] mvo: but i thought he'd fixed this? [14:54] I thought it was fixed as well [14:54] Chipaca: well, he said he did but then he said he did not [14:54] * Chipaca looks at his prs [14:55] mvo: ah [14:56] Chipaca: he said the wrong snap-update-ns is used, but I'm not fully understanding why, at this point current should still point to the "good" snap-update-ns from edge with his fix [14:56] mvo: in what scenario is "current" the wrong one to use? [14:57] Chipaca: in my failure scenario I go from edge to beta and edge is supposed to have the latest code but maybe something else is going on, I stumbled over this by accident I really want to test my seccomp-bpf work [14:58] Chipaca: i.e. the latest code that contains the fix [15:27] PR snapcraft#1316 closed: Run unit tests on Travis with mock armhf === chihchun is now known as chihchun_afk [16:14] PR snapd#3507 opened: many: backport of seccomp-bpf branch (#3431) to the 2.26 release [16:22] mvo, pedronis, niemeyer: where does snapd take the CA certificates from? Is it tied with openssl and the ca-certificates database for HTTPS access? [16:22] and I guess you don't use certificate pinning yet, right? === cachio is now known as cachio_afk [16:40] ogra@localhost:~$ snap list [16:40] Name Version Rev Developer Notes [16:40] core 16-2.26.4+git245.a96842e 2212 canonical - [16:40] linux-generic-allwinner 4.11.0-7.12 x1 - [16:40] nanopi-neo 16-0.1 x1 - [16:40] and the next one :) === wililupy_ is now known as wililupy [17:01] morphis: I recall a recent change that moved CA lookup into the core snap [17:01] ah! [17:02] morphis: It's been such a long time since we managed to get a release all the way into stable due to the revert issues being worked on that I don't know if that's there or not [17:02] niemeyer: I just have somebody who does certificate substituion on a proxy and wonders why things aren't working :-) [17:02] he claimed to have extended ca-certificates but if it's in the core snap that does help [17:02] morphis: Wait.. certificate substitution on a proxy? [17:03] don't ask me, a bad idea [17:03] which will break anyway once we pin the certificates [17:03] Yeah, we should probably do that sooner now that you mention it :) [17:05] niemeyer: hehe [17:14] pedronis: if you're still there, what content type do you use for "a series of json documents"? [17:16] application/json-seq [17:19] Chipaca: we don't anywhere [17:20] atm, afaik [17:20] Yeah, that sounds suspect [17:20] we return objects with arrays inside [17:21] Chipaca: what had you in mind? [17:22] pedronis: streaming journalctl output [17:22] we don't stream json anywhere [17:22] atm [17:22] right [17:23] i think we'd looked into this a bit, but probably for long poll or whatever it's called === jaggz- is now known as jaggz [17:25] niemeyer: suspect how? [17:27] Chipaca: ah, we might have done something for u1db but it was fully adhoc I think [17:27] with our own mimetype === cachio_afk is now known as cachio [17:46] morphis: there is a PR that needs to be resurrected for cert pinning https://github.com/snapcore/snapd/pull/2316 - its mostly about how we distribute the cert updates at this point, probably via assertions but we need to flesh out details [17:46] PR snapd#2316: store: add basic certificate pinning [17:53] erm [17:53] ogra@nanopi-neo:~$ ps ax|grep user [17:53] 1742 ? Ss 0:00 /lib/systemd/systemd --user [17:53] we do spawn a --user session on core ? [17:53] * ogra_ wonders why [18:20] PR snapd#3508 opened: tests: shellcheck improvementes for lib scripts [18:50] * ogra_ glares at https://forum.snapcraft.io/t/certificate-substitution-and-snaps/1077 ... [18:51] i suspect we'd need the ability to add certificates to the core snap dynamically === wxl_ is now known as wxl [19:02] mvo: also wgrant had a counter proposal on that [19:02] at the last sprint [19:25] pedronis: mvo isn't here [19:26] Chipaca: It was just a dumb gut feeling which I shouldn't have mentioned.. it probably makes sense to do that if you want to stream logs [19:27] niemeyer: i agree it's weird and strange and i'm not super enamoured with it [19:27] niemeyer: but streaming json leaves few options [19:27] so, yeah [19:27] PR snapcraft#1374 opened: tests: set up the spread execution in linode [19:27] Chipaca: Yeah, I think it's nice.. it means we can have more interesting semantics through that pipeline [19:28] Chipaca: We just need to be a bit careful to establish a nice pattern that can be reused for other cases soon [19:28] But it's worth going over it [19:28] semantics, schmemantics, i want icecream [19:28] :-) [19:29] but, yes. consciously not working on it now though (hadn't realised my irc was still connected) [19:29] Chipaca: It wasn't until recently :) [20:27] PR snapd#3435 closed: interfaces: add password-manager-service implicit interface [20:32] Chipaca, are you able to rerun the failed autopkgtest on there? https://github.com/snapcore/snapd/pull/3494 [20:32] PR snapd#3494: tests: restart rng-tools services after few seconds [21:07] PR snapd#3494 closed: tests: restart rng-tools services after few seconds [21:32] PR snapd#3509 opened: tests: shellcheck improvements for tests/nested tasks === chihchun_afk is now known as chihchun [23:44] PR snapd#3510 opened: tests: shellcheck improvements for nightly upgrade and regressions tests