[00:41] <ikey> crazy question here
[00:41] <ikey> lets say i wanted to control the cpu governor from inside a snap...
[00:41] <ikey> to switch between powersave/ondemand + performance...
[00:41] <ikey> would this be something i could ever do?
[06:02] <mborzecki> morning everyone
[06:13] <mup> PR snapd#4164 closed: interfaces/raw-usb: match on SUBSYSTEM, not SUBSYSTEMS <Created by jdstrand> <Merged by zyga> <https://github.com/snapcore/snapd/pull/4164>
[06:16] <zyga-ubuntu> o/
[06:16] <zyga-ubuntu> mborzecki: you start early :)
[06:17] <mborzecki> zyga-ubuntu: hey, yeah i plan to keep a regular 7-15 schedule, otherwise my day goes to hell quickly
[06:17] <mborzecki> besides, my wife drives kids to school at ~7 so I'm already up at ~5:45-6
[06:18] <mborzecki> zyga-ubuntu: no rush about the review :) suppose you have things to do in the morning
[06:21] <mup> PR snapd#4151 closed: tests: fix security-device-cgroup* tests on devices with framebuffer <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4151>
[06:24] <zyga-ubuntu> mborzecki: yeah, I feel broken-ish still
[06:24] <zyga-ubuntu> my yesterday was a disaster, I started my day in the late afternoon after meds helped, then stayed way too long (as usual)
[06:24] <mvo> mborzecki: uh, still not feeling well? take it easy then
[06:24] <mborzecki> caught a cold?
[06:24] <zyga-ubuntu> I need to adopt the morning / early afternoon cycle
[06:25] <zyga-ubuntu> both that and still recovering from back pain (over a week now) :/
[06:25] <zyga-ubuntu> mvo: I'll prep kids and I'll focus on udev branches for 2.29 / master
[06:26] <zyga-ubuntu> mvo: I got a review from jamie on udev tagging on hooks and I need to tweak it to format the output differently (sorting)
[06:26] <mvo> zyga-ubuntu: more to come? meh
[06:26] <mvo> zyga-ubuntu: or the hooks one?
[06:26] <zyga-ubuntu> the hooks one
[06:26] <mvo> zyga-ubuntu: aha, ok. thank you!
[06:26] <zyga-ubuntu> it will conflict after some other bits land so I'll focus on that first
[06:26] <mvo> pedronis: for later (not urgent at all) - 3992 needs some love, unit test failure currently
[06:26] <zyga-ubuntu> I guess today is final 2.29.3 attempt, right?
[06:30] <mvo> zyga-ubuntu: well, I would like to do 2.29.2 and then 2.29.3 a week later, unless we have regression in 2.29 that were not in 2.28 already
[06:31] <mvo> zyga-ubuntu: but depends a bit on QA feedback, we wanted to release today but that seems unlikely given that we need CE results
[06:35] <zyga-ubuntu> mvo: I see, ok
[06:35] <zyga-ubuntu> I'll do my best to help as soon kids are sorted
[06:58] <mup> PR snapd#4121 closed: overlord/snapstate: toggle ignore-validation as needed as we do for channel <Created by pedronis> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4121>
[06:59] <mup> PR snapd#4125 closed: corecfg:  support setting proxy.store if there's a matching store assertion <Created by pedronis> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4125>
[07:06] <mborzecki> is /var/lib/snapd/apparmor/snap-confine needed if snap-confine was configured with --disable-apparmor?
[07:06] <zyga-ubuntu> mborzecki: no
[07:07] <zyga-ubuntu> but
[07:07] <zyga-ubuntu> snapd will do runtime detection and will create and may populate that directory anyway
[07:07] <mborzecki> oh, ok
[07:07] <zyga-ubuntu> I think in general it is better to enable apparmor
[07:07] <zyga-ubuntu> even if the kernel is not apparmor aware
[07:07] <zyga-ubuntu> (as long as there is userspace)
[07:08] <mborzecki> yeah, arch is so manly that we don't use apparmor...
[07:08] <zyga-ubuntu> my point is that the configure time options are partial, they don't affect snapd
[07:08] <zyga-ubuntu> so I'd, if you can, enable apparmor to the extent possible
[07:10] <mborzecki> i'm getting close with arch packaging, at least the blender snap works just fine (though it's classinc, but it didn't work before anyway)
[07:10] <elopio> snappy-m-o autopkgtest 1716 xenial:amd64
[07:10] <snappy-m-o> elopio: I've just triggered your test.
[07:11] <elopio> snappy-m-o autopkgtest 1657 xenial:amd64
[07:11] <snappy-m-o> elopio: I've just triggered your test.
[07:11] <zyga-ubuntu> classic is actually harder :)
[07:12] <mborzecki> btw. hello-world.evil 'If you see this line the confinement is not working correctly, please file a bug' will not show only if using apparmor?
[07:12] <zyga-ubuntu> yes
[07:12] <zyga-ubuntu> it's a _very_ old and simplistic test btw
[07:13] <mborzecki> ok, i saw the message and wasn't sure whether I've screwed sth up or the system is missing some piece of infra
[07:14] <mborzecki> oh, and cleaned up environment file, now you can properly set SNAPD_DEBUG=1 for the daemon :P
[07:18] <mvo> mborzecki: 4135 has some simple nitpick things then it can go in from my POV
[07:18] <mborzecki> mvo: thanks for the review
[07:18] <mvo> mborzecki: felt slightly bad as it is really just nitpicks but then consistency in the codebase++ and all that :)
[07:19] <mborzecki> sure thing
[07:19] <mvo> (I mean, I felt slightly bad about nitpicking so much)
[07:21] <zyga-ubuntu> nitpick: nitpick less
[07:21] <zyga-ubuntu> :)
[07:21]  * zyga-ubuntu looks at sorting udev rules better
[07:40] <mborzecki> is there something like a smoke test i could use to verify that local snapd installation works as expected?
[07:40] <zyga-ubuntu> mborzecki: spread tests, but that's one big leap to do
[07:41] <zyga-ubuntu> mborzecki: if you run spread you will find all the interesting details that are broken
[07:41] <mborzecki> i was hoping for something i can run in 5 minutes locally to verify that the arch package works ok
[07:42] <zyga-ubuntu> you can run something for 5 minutes or you can run spread to find out if it works well, in my experience it's almost always something unexpected that fails mysteriously due to bugs or missing packaging
[07:43] <zyga-ubuntu> mborzecki: but don't get me wrong, just use it daily and we'll know over time
[07:43] <zyga-ubuntu> mborzecki: but there are some many features that only a spread run is a really good measure of what is broken
[07:44] <mborzecki> hmm DirsTestSuite.TestClassicConfinementSupportOnSpecificDistributions() started failing out of the blue
[07:47] <mborzecki> SupportsClassicConfinement() found /snap in my system
[07:48] <zyga-ubuntu> perhaps missing mocking
[08:04] <mborzecki> there's something weird about that test, its outcome may be altered by having the package installed in the system
[08:04] <mborzecki> the whole check-SnapMountDir-symlink should probably be mocked
[08:10] <mvo> mborzecki: yeah, sounds very much like an oversight from our patrt
[08:10] <mvo> part
[08:15]  * zyga-ubuntu goes to change 26 unit tests after rendering of udev rules got changed 
[08:20] <kalikiana> good morning
[08:20] <mvo> hey kalikiana - good morning
[08:37] <mup> PR snapd#4172 opened:  interfaces/kmod: simplify loadModules now that errors are ignored  <Created by mvo5> <https://github.com/snapcore/snapd/pull/4172>
[08:44] <zyga-ubuntu> mvo: reviewed
[08:52] <mborzecki> that feeling when you spend time mocking something just to come to a relization that a simpler fix is only a couple of lines
[08:52]  * mvo hugs mborzecki - we have all been there
[08:54]  * mvo tries to reproduce the lxd/juju bug from the forum
[09:02] <mborzecki> pushed fixes for #4135
[09:02] <mup> PR #4135: cmd/{snap-seccomp,snap-confine-ns},osutil,interfaces/account_control: workaround unit test failures on Arch <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/4135>
[09:07] <zyga-ubuntu> mvo: can you look at https://github.com/snapcore/snapd/pull/4144 please
[09:07] <mup> PR #4144: interfaces: fix udev tagging for hooks <Created by zyga> <https://github.com/snapcore/snapd/pull/4144>
[09:07] <zyga-ubuntu> I adjusted as jdstrand requested,
[09:07] <zyga-ubuntu> the diff is slighltly larger because of how formatting and sorting is done but this should help in readability of actual udev rules
[09:09] <pedronis> mvo: about #3992, after some recent discussions is not so clear anymore that is exactly what we need, I will close until that area is been worked on concretely again
[09:09] <mup> PR #3992: asserts: add cross-checking for snap-build <Created by pedronis> <https://github.com/snapcore/snapd/pull/3992>
[09:11] <mup> PR snapd#3992 closed: asserts: add cross-checking for snap-build <Created by pedronis> <Closed by pedronis> <https://github.com/snapcore/snapd/pull/3992>
[09:11] <mup> PR snapd#4165 closed: interfaces/raw-usb: match on SUBSYSTEM, not SUBSYSTEMS (2.29) <Created by jdstrand> <Merged by zyga> <https://github.com/snapcore/snapd/pull/4165>
[09:16] <zyga-ubuntu> I need a review for https://github.com/snapcore/snapd/pull/4163
[09:16] <mup> PR #4163: cmd/snap-update-ns: re-factor secureMkdirAll into secureMk{Prefix,Dir} <Created by zyga> <https://github.com/snapcore/snapd/pull/4163>
[09:20] <zyga-ubuntu> jamesh: failing tests on 4140
[09:21] <mup> PR snapd#4167 closed: cmd/snap-update-ns: fix golint and some stale comments <Created by zyga> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4167>
[09:22] <zyga-ubuntu> mborzecki: conflict on 4135
[09:25] <mborzecki> zyga-ubuntu: s/update.XSnapdGid/update.XSnapdGID/ right?
[09:28] <mborzecki> when merging a branch, do you leave the list of files with conflicts in the commit message?
[09:32] <zyga-ubuntu> mborzecki: hmm?
[09:32] <zyga-ubuntu> mborzecki: about the conflicts, not really, I think those are stripped out
[09:36] <mcphail> Good morning all. Will the patches needed for snaps be included in the mainline 4.14 kernel? I'm thinking of switching graphics cards to AMD, and that might push me into upstream kernel territory for best performance
[09:41] <zyga-ubuntu> mcphail: this is a question for jjohansen; AFAIK one patch was still discussed and that was blocking the merge so perhaps the answer is no
[09:41] <mcphail> aah. thanks zyga-ubuntu
[09:41] <mborzecki> zyga-ubuntu: conflicts are resolved now
[09:41]  * zyga-ubuntu -> coffee, brb
[09:41] <zyga-ubuntu> mborzecki: thank you
[09:42] <mcphail> mborzecki: great :)
[09:51] <mup> PR snapd#4173 opened: corecfg: validate refresh.schedule when it is applied <Created by mvo5> <https://github.com/snapcore/snapd/pull/4173>
[09:54] <zyga-ubuntu> mvo: removed where? ^^
[09:55] <zyga-ubuntu> mvo: you said that we did this in the test suite
[09:55] <zyga-ubuntu> and that you removed that now
[09:58] <mborzecki> zyga-ubuntu: added some comments to #4163
[09:58] <mup> PR #4163: cmd/snap-update-ns: re-factor secureMkdirAll into secureMk{Prefix,Dir} <Created by zyga> <https://github.com/snapcore/snapd/pull/4163>
[09:59] <zyga-ubuntu> mborzecki: thank you
[10:00] <mvo> zyga-ubuntu: ups, sorry, forgot to push that commit, will do so in a sec
[10:01] <mborzecki> zyga-ubuntu: i'm not entirely sure about that "/", i may be worth double checking cause it looks like you'll do `segment := segments[-1]` in secureMkDir
[10:01] <mvo> zyga-ubuntu: force pushed, sorry but I also forgot to add the header to corecfg.go
[10:06] <pedronis> mvo: what's the schedule for edge builds atm ?
[10:12] <mvo> pedronis: its broken right now, its supposed to happen after merges to master that have a green test
[10:12] <pedronis> heh
[10:13] <pedronis> is that spread-cron, or something else?
[10:13] <mvo> pedronis: yes, spread cron
[10:13] <pedronis> :(
[10:13] <mvo> pedronis: I triggered it manually this morning so we should have a proper edge soon
[10:14] <mvo> but that is not a soluation of course
[10:14] <mvo> solution even
[10:14] <pedronis> mvo: after or before the proxy.store= merge ?
[10:14] <mvo> pedronis: I think after, this merged happend last night, right?
[10:15] <pedronis> mvo: no, you merged it this morning I think
[10:15]  * kalikiana coffee
[10:16] <zyga-ubuntu> mborzecki: yeah, I'm adding tests
[10:16] <zyga-ubuntu> mvo: thanks :)
[10:17] <mvo> pedronis: hm, let me double check then
[10:17] <mvo> zyga-ubuntu: thank you!
[10:17] <mvo> pedronis: according to launchpad it is in
[10:28] <pedronis> ok
[10:31] <zyga-ubuntu> mborzecki: pushed with some updates, thank you for spotting that
[10:32] <mborzecki> zyga-ubuntu: similar thing with secureMkFile
[10:32] <mborzecki> but I think you can bail out there early by checking if the path does not end with /
[10:33] <zyga-ubuntu> mborzecki: or just is "/", yeah
[10:33] <zyga-ubuntu> mborzecki: I decided not to bail but instead check length around critical places
[10:33] <mborzecki> just checking / will not cover a path like /foo/bar/
[10:33] <zyga-ubuntu> mborzecki: this works just as fine and has lower coverage impact
[10:34] <zyga-ubuntu> mborzecki: I mean check if the actual full path is exactly "/"
[10:36] <pedronis> mvo: I don't understand the refresh.schedule change in the tests? isn't the idea that we don't want refreshes during the tests? shouldn't we put something correct back?
[10:36] <mborzecki> zyga-ubuntu: uhh, yeah, i meant for secureMkFile you'll probably need to check if the path does not end with /
[10:37] <zyga-ubuntu> mborzecki: we do filepath.Clean on that
[10:37] <zyga-ubuntu> it will chop off the final /
[10:37] <zyga-ubuntu> it's a bit tricky, I agree
[10:37] <zyga-ubuntu> mborzecki: I'll look at mkfile now
[10:38] <zyga-ubuntu> mborzecki: I think for mkfile we should error if name ends with "/"
[10:38] <mborzecki> yup
[10:38] <mvo> pedronis: I can look into this, right now the settings have no effect (they will be rejected by snapd when it reads them internally) so things are not worse than before. but I agree this is a good opportunity to ensure things are properly done
[10:39] <mvo> pedronis: I fix it
[10:39] <zyga-ubuntu> mvo: and perhaps this can explain random failures (some of them)
[10:39] <zyga-ubuntu> where we just refresh
[10:39] <mvo> zyga-ubuntu: definitely
[11:07] <zyga-ubuntu> mborzecki: updated and pushed https://github.com/snapcore/snapd/pull/4169
[11:07] <mup> PR #4169: cmd/snap-update-ns: add secureMkfileAll <Created by zyga> <https://github.com/snapcore/snapd/pull/4169>
[11:07] <zyga-ubuntu> mborzecki: In the end I rebased because somehow the merge was messy
[11:07] <mborzecki> ok
[11:07] <zyga-ubuntu> mborzecki: so please look at https://github.com/snapcore/snapd/pull/4169/commits/08d3ed6f54de26a7e671b58453044baebf591e1d
[11:08] <mborzecki> zyga-ubuntu: sorry for poking your reviews :) it's just that you have so many of them
[11:10] <zyga-ubuntu> mborzecki: thank you :-D I cannot be happier really
[11:10] <zyga-ubuntu> usually we beg for reviews
[11:11] <mup> PR snapd#4162 closed: interfaces/kmod: treat failure to load module as non-fatal <Created by jdstrand> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4162>
[11:13] <zyga-ubuntu> mborzecki: https://github.com/snapcore/snapd/pull/4166 is trivial
[11:13] <mup> PR #4166: cmd/snap-update-ns: detect and report read-only filesystems <Created by zyga> <https://github.com/snapcore/snapd/pull/4166>
[11:13] <zyga-ubuntu> just https://github.com/snapcore/snapd/pull/4166/commits/c21a85a15c923a5935d5374fe76c29463030c588 on top of other PRs
[11:13] <mborzecki> i'm look at it right now
[11:13] <zyga-ubuntu> (I have a similar one, unpushed, for mkfile)
[11:14] <zyga-ubuntu> mborzecki: once some of those land I'll rebase my working branch and start push one more trivial branch and two more interesting branches for the "tmpfs bind mount farm"
[11:14] <zyga-ubuntu> and with some luck, it will all fall into place and "just work"
[11:15] <zyga-ubuntu> I still need to implement symlink creation and generalize actions for create/destroy (so that we don't "mount" symlinks which is just confusing)
[11:16] <mborzecki> 4170 is part of this work too?
[11:16] <zyga-ubuntu> yes
[11:16] <zyga-ubuntu> that's the "main" element in many ways
[11:16] <zyga-ubuntu> everything else is to make that part work
[11:21] <niemeyer> o/
[11:22] <mborzecki> so high level view is that once you hit a read only path, you'll bind tmpfs over this and recreate all the things from that original location inside tmpfs?
[11:22] <zyga-ubuntu> mborzecki: exactly
[11:22] <mborzecki> niemeyer: hi
[11:22] <zyga-ubuntu> hey niemeyer
[11:24] <pstolowski> hi niemeyer
[11:27] <zyga-ubuntu> Pharaoh_Atem: hey, did you see https://bugzilla.redhat.com/show_bug.cgi?id=1509586
[11:28] <zyga-ubuntu> I don't have F27 around
[11:29] <niemeyer> Hey there
[11:35]  * zyga-ubuntu -> break
[11:42] <pstolowski> pedronis, do you have a moment for HO?
[11:46] <mborzecki> https://travis-ci.org/snapcore/snapd/builds/299009217 hit travis timeout, should i restart?
[11:50] <zyga-ubuntu> yes
[12:01] <zyga-ubuntu> ok, I really want to break now
[12:01] <zyga-ubuntu> see you at the call
[12:07] <mvo> pedronis: fwiw, core in edge should be up-to-date now
[12:18] <mvo> jdstrand: the /dev/mem test that cachio did in PR 4171 is interesting - it fails with EPERM and no apparmor denial, this is strange, usually we get EPERM (instead of EACCESS) when the device cgroup access fails, but poking around in a spread VM with the failed test things look ok there. do you know if /dev/mem is handled specially (beside the strict_devmem kernel mode which should still allow us to read the first 1mb). fwiw, its correctly tagged
[12:18] <mvo> in udev afaict
[12:18] <mup> PR #4171: tests: adding test to test physical memory observe interface <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/4171>
[12:21] <mup> PR snapd#4174 opened: packaging/arch: packaging update <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/4174>
[12:23] <mup> PR snapcraft#1648 closed: sources: get svn revision with --show-item flag <bug> <Created by clobrano> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1648>
[12:37] <pedronis> Chipaca: hi, I do plan to look at your aliases PR today or tomorrow
[12:45] <niemeyer> jdstrand: Related to our conversation around user ids and daemon:
[12:45] <niemeyer> https://github.com/snapcore/snapd/pull/4135/files#diff-be7cfe1e5aff69d70d80b1c2cabcaaccL749
[12:45] <mup> PR #4135: cmd/{snap-seccomp,snap-confine-ns},osutil,interfaces/account_control: workaround unit test failures on Arch <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/4135>
[12:47] <sergiusens> kalikiana mind looking into my comment on snapcraft#1633 ?
[12:47] <mup> PR snapcraft#1633:  recording: record information from the image in container builds  <Created by elopio> <https://github.com/snapcore/snapcraft/pull/1633>
[12:48] <jdstrand> niemeyer: hey, yeah I saw that and thought the same thing
[12:48] <jdstrand> mvo: there are kernel controls for /dev/mem
[12:51] <jdstrand> mvo, cachio: our kernels are configured with STRICT_DEVMEM. see interfaces/builtin/physical_memory_control.go for details
[12:52]  * zyga-ubuntu just read a PR title as "add support for soviet activation"
[12:57] <jdstrand> zyga-ubuntu: I don't know if I should laugh or give you a hug :)
[12:59] <zyga-ubuntu> jdstrand: SOVIETS TRIGGERED!
[13:00] <jdstrand> heh
[13:10] <zyga-ubuntu> jdstrand: I pushed updates to udev tagging for hooks
[13:10] <zyga-ubuntu> jdstrand: I'm running spread locally now to see if I broke something
[13:12] <zyga-ubuntu> jdstrand: sorting by tag is actually a pretty nice idea
[13:12] <zyga-ubuntu> jdstrand: I also added a comment that says # iface so that we know which interface added the rule
[13:12] <zyga-ubuntu> jdstrand: have a look if you have time
[13:16] <popey> Can someone please review my alias request? https://forum.snapcraft.io/t/alias-request-for-mgba/2710
[13:20] <mvo> jdstrand: my understanding is that STRICT_DEVMEM allows access to the first 1mb of mem - it is also failig in open() already, so how is this supposed to work, does it just support mmap()?
[13:20] <mvo> jdstrand: if you need to look it up, no worries, I can do this too :) just wondering if you know without research
[13:28] <jdstrand> zyga-ubuntu: awesome, thanks!
[13:30] <zyga-ubuntu> jdstrand: I think some spread tests fail but they are probably (probably) just too picky and grep for detailed strings
[13:30] <zyga-ubuntu> I'll fix those soon
[13:30] <zyga-ubuntu> (well, fixing now)
[13:30] <jdstrand> popey: I planned to today (note, 1 week hasn't gone by yet)
[13:31] <popey> ok :)
[13:47] <mup> PR snapcraft#1720 opened: kernel plugin: introduce kernel-channel to select from which channel … <Created by piso77> <https://github.com/snapcore/snapcraft/pull/1720>
[13:48] <zyga-ubuntu> Son_Goku: I'm installing gnome desktop on centos now, I can try your EPEL package soon
[13:48] <Son_Goku> zyga-ubuntu: okay, cool
[13:48] <zyga-ubuntu> Son_Goku: I forgot how to use yum :)
[13:48] <Son_Goku> heh
[13:48] <zyga-ubuntu> Son_Goku: is there a nice way to meta-install the desktop
[13:48] <Son_Goku> there's a DNF for CentOS 7
[13:48] <zyga-ubuntu> oh? it's not installed by default
[13:49] <zyga-ubuntu> I'm on centos 7 for sure
[13:49] <Son_Goku> https://seven.centos.org/2017/10/yum-4-is-available-for-testing/
[13:49] <zyga-ubuntu> yum or dnf?
[13:49] <Son_Goku> yum 4 == dnf
[13:49] <zyga-ubuntu> ah
[13:50] <zyga-ubuntu> but is the CLI the same?
[13:50] <Son_Goku> Yep
[13:50] <Son_Goku> yum4 is a symlink to /usr/bin/dnf
[13:50] <Son_Goku> in Fedora, this is the "dnf-yum" package
[13:53] <Son_Goku> zyga-ubuntu: so once that's installed, you can use dnf as normal
[13:57] <mup> PR snapcraft#1655 closed: lxd: distinguish argless clean from clean -s pull <bug> <Created by kalikiana> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1655>
[13:58] <diddledan> the build service is refusing to let me login again
[13:58] <diddledan> refusing my launchpad oauth token
[13:59] <diddledan> "Error:Invalid association handle"
[14:02] <diddledan> hmm, maybe it's specific to firefox (I have ublock origin installed, which might be conflicting)
[14:06] <zyga-ubuntu> jdstrand: oh, drat
[14:06] <zyga-ubuntu> jdstrand: my bad
[14:06] <zyga-ubuntu> jdstrand: KERNEL=="foo", TAG+="bar" # this is a comment
[14:06] <zyga-ubuntu> this is not valid
[14:06] <zyga-ubuntu> udev, man... really?
[14:06] <zyga-ubuntu> I need to change that to
[14:07] <zyga-ubuntu> # this is a comment
[14:09] <jdstrand> heh, yeah. it seems pretty finicky
[14:09] <kalikiana> sergiusens: now that you asked me to change the test... I'm pondering to change "image-info: {architecture: test-architecture, created_at: test-created-at, fingerprint: test-fingerprint}" to use line-broken syntax without the {} for consistency
[14:11] <kalikiana> need to check, though, how to change that. yaml has this behavior where the syntax depends on what types you use, not sure you can choose manually
[14:14] <diddledan> flexiondotorg: or popey: the build service has lost the store-name references for inadyn, opentyrian, and warzone2100 from the snapcrafters repositories
[14:14] <popey> que?
[14:15] <diddledan> https://usercontent.irccloud-cdn.com/file/sJAYGe5k/Screenshot%20from%202017-11-08%2014-14-40.png
[14:16] <popey> huh
[14:16] <popey> thats odd
[14:16] <zyga-ubuntu> jdstrand: I'm considering dropping the # iface comment
[14:17] <popey> fixed warzone2100
[14:17] <zyga-ubuntu> jdstrand: unless you think strongly we should keep it
[14:17] <diddledan> I think it's because I had duplicates building from my own repo that should have been nuked. I nuked them, and it appears they've also disassociated the snapcrafters repos.
[14:17] <zyga-ubuntu> it's just a hassle, I really hoped udev would suck less at parsing
[14:17] <jdstrand> zyga-ubuntu: it would be nice, but I don't think it is strictly required
[14:17] <popey> thats plausible
[14:17] <popey> diddledan: fixed all three, they're all building now
[14:18] <diddledan> thankyou :-)
[14:18] <popey> np
[14:18] <popey> in other news. diddledan would you like to be a collaborator on these snaps?
[14:18] <diddledan> I was trying to force a build so they get i386 versions when I spotted it :-)
[14:18] <popey> so you can help manage them in the store?
[14:18] <jdstrand> zyga-ubuntu: I wonder if you could do # comment\nKERNEL==... for the first string...
[14:18] <mvo> jdstrand: sorry, I had various laptop problems
[14:18] <jdstrand> not super pretty
[14:19] <diddledan> sure :D
[14:19] <mvo> jdstrand: did you write anything after I asked about STRICT_DEVMEM?
[14:19] <jdstrand> mvo: no. I don't know of anything else otoh
[14:19] <popey> ok, what email address should I add you as?
[14:19] <diddledan> my launchpad is diddledan, I think that's pointing at daniel@bowlhat.net
[14:20] <mvo> jdstrand: ok, thank you, I poke a bit more, maybe the 1mb limit is on 32bit systems only, i.e. maybe this is arch dependent or something
[14:20] <diddledan> alternatively diddledan@gmail will work
[14:20] <mvo> jdstrand: eh, I mean the limit that you can access the first 1mb on dev/mem
[14:20]  * diddledan fires up the forum to catch-up on todays posts
[14:20] <jdstrand> mvo: yeah, I don't know otoh
[14:20] <popey> which one do you sso with?
[14:20] <mvo> jdstrand: ta
[14:20] <diddledan> I try to sso with daniel@bowlhat.net
[14:21] <popey> ok
[14:21] <popey> will add you a bit later.
[14:21] <diddledan> ta
[14:22] <zyga-ubuntu> ok, soup time, I'll get back to udev shortly
[14:24] <jdstrand> mvo: did you come up with a kmod test? I thought of one that we could use on core
[14:25] <mvo> jdstrand: I just wrote a unit test, I was not thinking about a kmod spread test so far
[14:25] <jdstrand> mvo: ok. I'll try a spread test soonish
[14:26] <mvo> thanks
[14:31] <mup> PR snapd#4135 closed: cmd/{snap-seccomp,snap-confine-ns},osutil,interfaces/account_control: workaround unit test failures on Arch <Created by bboozzoo> <Closed by bboozzoo> <https://github.com/snapcore/snapd/pull/4135>
[14:36] <mup> PR snapd#4175 opened: dirs: use alt root when checking classic confinement support without … <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/4175>
[14:47] <cachio_> niemeyer, partially fixed the issue on spread-cron
[14:47] <cachio_> niemeyer, I'll add a PR to fix the problem
[14:48] <cachio_> basically, it is failing when there are conflicts on the branches, and that be caused because a change we do and push
[14:53] <sergiusens> kalikiana well the json in a yaml thing is just not nice; pseudo json I even.
[14:54] <kalikiana> sergiusens: right. I'm trying to figure out if we can force the style
[14:55] <elopio> hey popey, how can I enable build.snapcraft.io for vault?
[14:55] <sergiusens> kalikiana if you just add the dict, the right thing will happen on unmarshalling
[14:55] <popey> elopio: just did it, building now
[14:56] <kalikiana> sergiusens: no it doesn't
[14:56] <kalikiana> It's already a dict
[14:56] <kalikiana> This is YAML
[14:57] <elopio> popey: thanks. Do you have in mind any solution to keep the snapcrafters branches up-to-date with upstream? Latest vault stable is 8.3, and the latest we have released is 8.0.
[14:57] <popey> elopio: pull requests against the yaml is the simplest thing
[15:01] <popey> preferable to push it upstream of course
[15:01] <zyga-ubuntu> re
[15:05] <elopio> popey: yeah, but for the ones that upstream doesn't want. Would you mind if I experiment with vault to do it automatically?
[15:16] <cachio_> elopio, could you share the setup you have done for the autopcktests exec on snapcraft?
[15:17] <cachio_> elopio, you are running agains a ppa right?
[15:25] <popey> elopio: sure
[15:25] <popey> elopio: flexiondotorg has some scripts to automate this too
[15:26] <sergiusens> kalikiana one comment on snapcraft#1412
[15:26] <mup> PR snapcraft#1412: lxd: snapcraft refresh in containers <Created by kalikiana> <https://github.com/snapcore/snapcraft/pull/1412>
[15:26] <elopio> cachio_: https://github.com/snapcore/snapcraft/pull/1643
[15:26] <mup> PR snapcraft#1643: [WIP] tests: run daily autopkgtest in travis <Created by elopio> <https://github.com/snapcore/snapcraft/pull/1643>
[15:27] <sergiusens> kalikiana also, not sure you noticed, but it would be nice to use a temfile context to copy the snap into the lxd accessible area when copying the snaps over
[15:29] <cachio_> elopio, tx
[15:32] <diddledan> I'm looking at gimp. Trying to get internationalization working. I can't figure out how to tell gimp that it's translations are in $SNAP/usr/share/locale
[15:33] <diddledan> is there an environment variable to tell libc where to look for the locale folder?
[15:38] <Chipaca> diddledan: LOCALEDIR?
[15:39] <Chipaca> 'parently not
[15:39] <Chipaca> diddledan: dunno
[15:42] <zyga-ubuntu> WHYISITALLSODIFFICULT
[15:42] <zyga-ubuntu> I'm hoping that with layouts it's not going to be that hard
[15:42] <diddledan> when do we get layouts? :-p
[15:43]  * diddledan ducks
[15:43] <Chipaca> diddledan: tomorrow, but only if you use layouts to override glibc's date functions
[15:44] <sergiusens> Chipaca careful, if someone makes glibc return dates after tomorrow you will be N days late ;-)
[15:44] <Chipaca> sergiusens: or early!
[15:45] <Chipaca> sergiusens: in fact, given that we're closer to 2038 than to 1970, on average i'll be early _anyway_!
[15:45]  * zyga-ubuntu does the right thing wrt udev
[15:45] <zyga-ubuntu> even if painful
[15:46]  * Chipaca does the wrong things wrt everything else because he can blame pain meds
[15:46] <zyga-ubuntu> ha
[15:46] <zyga-ubuntu> I need some :(
[15:46] <zyga-ubuntu> I forgot about that
[15:46] <sergiusens> kalikiana wrt to that yaml thing; a dict that is yaml dumped should produce proper yaml, unless the thing that is json loaded is interpreted as a string in itself
[15:47] <zyga-ubuntu> I almost never take painkillers as they make me numb :(
[15:47] <kalikiana> sergiusens: it is YAML :-)
[15:47] <sergiusens> Chipaca that is kind of like blaming bad behavior on alcohol :-)
[15:47] <Chipaca> sergiusens: darn
[15:48] <kalikiana> sergiusens: I'm trying to find a way to switch the syntax to multi-line in any case
[15:48] <sergiusens> kalikiana oh, I thought we had code for that in the loader thing already
[15:51] <sergiusens> kalikiana try http://paste.ubuntu.com/25918524/
[15:51] <zyga-ubuntu> jdstrand: about that
[15:51] <zyga-ubuntu> jdstrand: gpio has a new /dev based API
[15:51] <zyga-ubuntu> jdstrand: we need to tweak the interface for that
[15:52] <zyga-ubuntu> there are ioctls and /dev/gpiochip entries for each controller
[15:52] <zyga-ubuntu> and the sysfs interface gets depracated (slowly)
[15:53] <jdstrand> happy to review that PR (I don't have hardware to implement that so would be best if someone who could test with real hardware could implement it)
[15:53] <zyga-ubuntu> gladly :)
[16:05] <kalikiana> sergiusens: Oh nice! Thanks! Was staring at why this didn't seem to work at first, turns out it also makes architectures a list. But actually it makes everything consistent.
[16:08] <kalikiana> pushed
[16:09] <kalikiana> need to get some food into my stomach, back in a bit
[16:14] <zyga-ubuntu> jdstrand: there, I retained all the comments
[16:14] <zyga-ubuntu> spread is running now, fingers croessed
[16:15] <zyga-ubuntu> jdstrand: man I wish we had https://github.com/snapcore/snapd/pull/4157 merged already
[16:15] <mup> PR #4157: add spread test for connecting all interfaces (excepting gadget slots) <Created by jdstrand> <https://github.com/snapcore/snapd/pull/4157>
[16:20] <zyga-ubuntu> niemeyer, jdstrand: interesting stuff here on lwn: https://lwn.net/Articles/738306/ - we could use the same idea for persistent identifiers of hot-plug usb devices
[16:20] <zyga-ubuntu> I'll break now, kids home, I'll check back and garden my PRs
[16:21] <zyga-ubuntu> I plan to send one more feature PR today, with changes-needed patch that enables tmpfs to work (and associated tests)
[16:21] <zyga-ubuntu> that will be two feature patches short of all the major bits, then enabling this and integration and final spread test (that already exists and just has a path disabled) to show it works
[16:21] <zyga-ubuntu> then reality will show where I was wrong :)
[16:21] <zyga-ubuntu> but that's what I'm here for
[16:24] <popey> elopio: i dont understand your nba-go - did you patch it? I absolutely can't get it to build. you using new snapcraft or something?
[16:25] <popey> elopio: i am on 2.34 from candidate
[16:27] <cachio_> elopio, so, you run from a container in travis the autopkgtests
[16:28] <cachio_> elopio, you are running against all the ubuntu releases right?
[16:33] <elopio> cachio_: no, that branch is only xenial. We will move it to nightly travis, so maybe we add more releases.
[16:34] <elopio> popey: I'm using snapcraft from source, but what gets installed in the container is the latest snapcraft deb.
[16:34] <popey> i dont understand, your branch builds, but if i just copy your yaml to an empty dir and source upstream it fails
[16:34] <elopio> popey: ah, maybe submodules?
[16:35] <elopio> no, doesn't look like it.
[16:35] <elopio> let me try that way.
[16:37] <mup> PR snapd#4176 opened: cmd: fix re-exec bug with classic confinement for host snapd < 2.28 <Created by mvo5> <https://github.com/snapcore/snapd/pull/4176>
[16:37] <Chipaca> niemeyer: 15pm -> 3pm in https://forum.snapcraft.io/t/1239/6
[16:37] <niemeyer> Chipaca: Oops, thanks
[16:44] <kyrofa> kalikiana, do you have an rpi handy?
[16:44] <kyrofa> (or any other arch, really)
[16:45] <kyrofa> We need to make sure cleanbuilding with a remote still works in snapcraft#1718
[16:45] <mup> PR snapcraft#1718: lxd: let lxd choose the architecture <Created by mwhudson> <https://github.com/snapcore/snapcraft/pull/1718>
[16:45] <kyrofa> Remote of another arch, specifically
[16:46] <elopio> popey: yeah, you are not crazy. This only works from a fork, no idea why.
[16:46] <kalikiana> kyrofa: I have only amd64 and i386 servers
[16:46] <kyrofa> i386 will do
[16:46] <popey> hah
[16:47] <kalikiana> kyrofa: I didn't stress test it yet since I wanted to know that we agree on the code. I'm still finding the string splitting rather ugly...
[16:48] <kyrofa> kalikiana, well, before we were doing the same thing, but pretending it was YAML, right?
[16:48] <elopio> popey: would you mind reporting a snapcraft bug? It could be that we are not installing the devDependencies for some reason. Or I don't know, this is weird, it needs debugging.
[16:48] <kyrofa> It's not, so I'm not sure there's a better solution
[16:48] <popey> elopio: where should i file that?
[16:49] <mup> PR snapd#4177 opened: state: add change.LaneTasks helper <Created by stolowski> <https://github.com/snapcore/snapd/pull/4177>
[16:49] <kalikiana> kyrofa: well, it parsed as YAML... are you saying it might stop working?
[16:50] <kyrofa> kalikiana, it could very well. It's definitely not dumped as YAML
[16:50] <kyrofa> Seems dangerous to parse something as YAML that we know for a fact is not YAML
[16:50] <kalikiana> kyrofa: Maybe stgraber should weigh in here actually
[16:51] <pstolowski> pedronis, ^ can you take a look at #4177? I found your suggestion cleaner than an alternative I mentioned in the standup
[16:51] <mup> PR #4177: state: add change.LaneTasks helper <Created by stolowski> <https://github.com/snapcore/snapd/pull/4177>
[16:51] <kyrofa> Yeah stgraber, why u no yaml?
[16:51] <nacc> kyrofa: funny that you typed out why but not you
[16:51] <kyrofa> Dangit
[16:51] <nacc> just wasting bits!
[16:52] <kyrofa> nacc, I'll admit, even typing 'u' was hard
[16:52] <nacc> heh
[16:54] <popey> elopio: https://bugs.launchpad.net/snapcraft/+bug/1731003
[16:54] <mup> Bug #1731003: node app builds forked, but not referencing upstream source <Snapcraft:New> <https://launchpad.net/bugs/1731003>
[16:55] <pedronis> pstolowski: yes, that looks like what I had in mind
[16:56] <zyga-ubuntu> mvo: wow
[16:56] <zyga-ubuntu> mvo: https://github.com/snapcore/snapd/pull/4176/files
[16:56] <mup> PR #4176: cmd: fix re-exec bug with classic confinement for host snapd < 2.28 <Critical> <Created by mvo5> <https://github.com/snapcore/snapd/pull/4176>
[17:00] <cachio_> elopio, you trigger the execution and where do you see the results?
[17:00] <pedronis> pstolowski: that's probably a useful helper anyway but what was the problem with your other approach?
[17:01] <cachio_> elopio, in the build history?
[17:05] <pstolowski> pedronis, I stored ID of last task to wait in context (initially it was hook's task ID, then if you queued another command, it would be that command's task ID and so on. problem was servicestate.Control (and cmdstate.Exec) gives taskset
[17:06] <pedronis> pstolowski: there's also a problem though that we should be waited by what was waiting for the tasks
[17:06] <pedronis> sorry,
[17:06] <pedronis> s/tasks/the configure hook task/
[17:07] <elopio> cachio_: travis sends an email when the nightly fails.
[17:07] <pedronis> pstolowski: there's also WaitTasks and HaltTasks on tasks to follow that btw, not sure if you knew those already
[17:07] <elopio> popey: flexiondotorg: what do you think about this? https://github.com/snapcrafters/vault/pull/3/files
[17:07] <mup> PR snapcrafters/vault#3: Build the latest unreleased tag <Created by elopio> <https://github.com/snapcrafters/vault/pull/3>
[17:08] <elopio> (I'm kind of proud of it, so be nice :)
[17:10] <pstolowski> pedronis, hmm, yeah I knew of them, but it didn't occur to me, WaitTasks can be useful indeed
[17:12] <pstolowski> elopio, I like how you motivate reviewers, and hi btw :)
[17:12] <pedronis> pstolowski: tbh I'm not quite sure how important it is to serialize the restarts vs what comes after the configure
[17:15] <pstolowski> pedronis, what's the question/concern?
[17:16] <elopio> pstolowski: hello :)
[17:19] <pedronis> pstolowski: should we wait  the stop/start/restart  before doing anything that was waiting on configure itself
[17:19] <pedronis> that's the question
[17:23] <kyrofa> Hey niemeyer, any progress on the LXC issues? https://forum.snapcraft.io/t/lxc-error-when-updating-snap-and-cleaning-old-revisions/786/34
[17:24] <zyga-ubuntu> jdstrand: hey, udev tagging for hooks works :)
[17:26] <pstolowski> pedronis, configure is the last task, there is nothing strictly waiting for it
[17:27] <kyrofa> elopio, any idea what's happening here? https://travis-ci.org/snapcore/snapcraft/jobs/299061202
[17:27] <pedronis> pstolowski: that is not true in some complex refresh cases
[17:27] <pedronis> if I remember correctly
[17:28] <zyga-ubuntu> kyrofa: hey, no progress from me yet :-( I only reproduced it and didn't try to fix it
[17:28] <zyga-ubuntu> kyrofa: sorry, too many things burning/working on at the same time
[17:28] <pedronis> pstolowski: at the moment I think is probably fine not to worry, but it's a question
[17:28] <kyrofa> zyga-ubuntu, right, niemeyer mentioned someone else would work on it
[17:29] <pedronis> pstolowski: if you look at doUpdate, you'll see that sometimes if attach more tasks after the doInstall ones
[17:29] <pedronis> s/if attach/we attach/
[17:29]  * zyga-ubuntu installs a new home router
[17:29] <zyga-ubuntu> well, helper router
[17:29] <zyga-ubuntu> and new as in "junk people threw out"
[17:30] <kyrofa> I sorta feel like the lxc issue falls into the "make things work before working on new features" but I guess that's just me
[17:30] <zyga-ubuntu> kyrofa: yes, I agree; we had some of that recently
[17:30]  * zyga-ubuntu looks at udev
[17:31] <zyga-ubuntu> kyrofa: I honestly think that we don't use lxc enough in the team to be burned by this; but I agree we should fix it as lxc is an important use-case
[17:31] <kyrofa> zyga-ubuntu, yeah I keep hearing that :)
[17:31] <pedronis> kyrofa: is it lxc or lxd ?
[17:31] <kyrofa> pedronis, lxd
[17:32] <kyrofa> pedronis, snaps only update three times before they never update again
[17:32] <mup> PR snapd#4178 opened: asserts/assertstest:  fix use of hardcoded value when the passed  or default keys should be used <Created by pedronis> <https://github.com/snapcore/snapd/pull/4178>
[17:32] <pstolowski> pedronis, ah, I see what you mean. when waiting for configure's hook task, the remaining tasks that may potentially be waiting for configure will not be waiting on us, we essentially insert new tasks in the middle
[17:33] <pedronis> pstolowski: as I said, I don't think is a problem atm, but I don't know if that will stay true
[17:34] <pstolowski> pedronis, if that ever becomes true, we will need a proper "run-queued-services" task that sits in the sequence i guess
[17:36]  * zyga-ubuntu EODs, goes to tweak home networking to merge two networks into one
[17:38] <mvo> zyga-ubuntu: yes :(
[17:38] <mvo> zyga-ubuntu: sorry for the delay, had dinner
[17:39] <mup> PR snapd#4179 opened: tests:  add a spread test for proxy.store setting together with store assertion <Created by pedronis> <https://github.com/snapcore/snapd/pull/4179>
[17:44] <kalikiana> sergiusens: updated snapcraft#1412 as per your suggestion
[17:44] <mup> PR snapcraft#1412: lxd: snapcraft refresh in containers <Created by kalikiana> <https://github.com/snapcore/snapcraft/pull/1412>
[17:44] <kalikiana> going to wrap up shortly
[17:47] <zyga-ubuntu> mvo: no worries, thank you for finding and fixing that
[17:47] <zyga-ubuntu> mvo: I'm mentally drained now so I'll refrain from complex work
[17:47] <zyga-ubuntu> mvo: any releases today/
[17:48] <mvo> zyga-ubuntu: no release, I will push 2.29.3 tomorrow in my morning
[17:48] <zyga-ubuntu> mvo: which of those do you plan to merge: https://github.com/snapcore/snapd/milestone/14
[17:51] <mup> PR snapd#4180 opened: interfaces/many: misc policy updates for browser-support, cups-control and network-status <Created by jdstrand> <https://github.com/snapcore/snapd/pull/4180>
[17:54] <mup> PR snapd#4181 opened: interfaces/many: misc policy updates for browser-support, cups-control and network-status (2.29) <Created by jdstrand> <https://github.com/snapcore/snapd/pull/4181>
[17:55] <mvo> zyga-ubuntu: I need to look at them with a fresh mind, maybe/probably all
[17:56] <jdstrand> mvo: hey, for your consideration, PR #4181. it is not a regression. it would help mailspring and some other high profile electron snaps
[17:56] <mup> PR #4181: interfaces/many: misc policy updates for browser-support, cups-control and network-status (2.29) <Created by jdstrand> <https://github.com/snapcore/snapd/pull/4181>
[17:57] <mvo> jdstrand: looking
[17:57] <jdstrand> a regression fix*
[17:57] <jdstrand> mvo: the two other denial are not important for 2.29, but cachio__afk I think would appreciate one, and ogra_ the other
[17:57] <jdstrand> s/denial/denial fixes/
[17:58] <mvo> jdstrand: thanks, looks fine
[17:58] <mvo> cachio__afk: some more validation work tomorrow for 2.29.3 :/
[17:59] <zyga-ubuntu> man, we have 46PRs
[17:59] <jdstrand> mvo: thanks. from mailspring upstream: "How long will it take for the policy change to reach the stable channel? I’d love to ship the Mailspring snap (I’m actually getting a couple emails / tweets a day about it because I said it was coming soon on the website ￼) but I should probably wait until a fix for this is in the wild."
[18:00] <jdstrand> mvo (cachio__afk): in other words, they will appreciate the effort
[18:00] <Chipaca> ttfn
[18:01] <mvo> jdstrand: we aim for Monday
[18:01] <mvo> jdstrand: and yeah, looks like a no-brainer, will pull it in
[18:01] <pedronis> zyga-ubuntu: close to needing us to declare a review sprint
[18:01] <zyga-ubuntu> yes
[18:01] <zyga-ubuntu> I was just thinking about that
[18:03] <jdstrand> mvo: there is one more mpris denial I need to look at for popey. I don't know if that will turn into a PR but will try to get it in place (if needed) today
[18:03] <jdstrand> mvo: the forum has been keeping my (and us!) busy!
[18:03] <jdstrand> s/my/me/
[18:03] <mvo> jdstrand: yeah, if you can get it done in (your) day, I can look at it in (my) tomorrow monring :)
[18:03] <mvo> jdstrand: in ~12h
[18:03]  * jdstrand nods
[18:03] <jdstrand> yep
[18:03] <mvo> jdstrand: $everything is keeping me busy :(
[18:03] <jdstrand> that one shouldn't take too long to chase down
[18:04] <jdstrand> mvo: heh, yeah, I bet
[18:04] <pedronis> zyga-ubuntu: I don't have immediate new feature coding to do, I need to go explore/analyze some things, I can also do reviews over the next few days
[18:04] <mvo> jdstrand: but lots of good stuff!
[18:04] <mvo> I will also do more reviews!
[18:04] <zyga-ubuntu> pedronis: thank you!
[18:04] <zyga-ubuntu> mvo: I think we need to really fix the lxc issue
[18:04]  * mvo does the pinkey swear
[18:05] <mvo> zyga-ubuntu: which one? the one in the forum?
[18:05] <zyga-ubuntu> mvo: I'll break feature coding while I wait for reviews and I'll focus on that tomorrow
[18:05] <zyga-ubuntu> kyrofa: all of my tomorrow I'll look at LX[cd]
[18:05] <kyrofa> Thank you zyga-ubuntu, I appreciate that
[18:06] <mvo> zyga-ubuntu: what lxc issue is that? sorry for being a bit slow
[18:06] <pedronis> mvo: https://forum.snapcraft.io/t/lxc-snaps-dont-update/786 I think
[18:06] <zyga-ubuntu> mvo: refreshes inside containers break due to mount event ordering and special /snap sharing change
[18:06] <pedronis> it's a long topic, been around since a while
[18:06] <zyga-ubuntu> mvo: somewhat related to 14.04
[18:07] <zyga-ubuntu> mvo: where simiar special sharing applies
[18:07] <pedronis> didn't we fix something about order in 14.04 recently though?
[18:07] <pedronis> rewriting units?
[18:07] <zyga-ubuntu> pedronis: yes but that is different
[18:07] <zyga-ubuntu> pedronis: we didn't rewrite on-disk units so that's still a todo
[18:07] <pedronis> ah
[18:07] <pedronis> do we have it somewhere?
[18:07] <pedronis> on the forum?
[18:07] <zyga-ubuntu> pedronis: here the lxd issue is really the mount events are in wrong order and this needs some love
[18:07] <pedronis> in a bug?
[18:08] <zyga-ubuntu> https://forum.snapcraft.io/t/lxc-snaps-dont-update/786/36
[18:08] <mvo> zyga-ubuntu: thats not a regression, right?
[18:08] <pedronis> no, the other issue, the rewrite units
[18:08] <pedronis> mvo: no, it's been terrible for a long while ;)
[18:08] <zyga-ubuntu> mvo: "doctor help, the patient is dying", "is it a regression?"  ;D
[18:08] <zyga-ubuntu> mvo: technically no
[18:08] <mvo> zyga-ubuntu: *pfff*
[18:08] <mvo> zyga-ubuntu: ;)
[18:08] <zyga-ubuntu> mvo: but I love your release-manager approach :)
[18:09] <zyga-ubuntu> being very focused on making the release work more and not less
[18:09]  * zyga-ubuntu hugs mvo for being so fantastic 
[18:09] <mvo> zyga-ubuntu, pedronis well, you guys know where the term "triage" comes from, right?
[18:09] <jdstrand> zyga-ubuntu: re udev tagging for hooks> \o/
[18:09] <pedronis> mvo: do we do it?
[18:09] <zyga-ubuntu> mvo: actually, I don't know
[18:09] <mvo> pedronis: *cough*
[18:09] <pedronis> anyway me needs to eod/have dinner
[18:09] <zyga-ubuntu> jdstrand: 2.29 variant is the one without sorting changes
[18:10] <mvo> zyga-ubuntu: worth looking it up, it comes from the medical triage of patients, i.e. treat the ones that need urgent attention first
[18:10]  * zyga-ubuntu looks that up
[18:10] <mvo> zyga-ubuntu: but conversely (in the worst case) don't spend time on something where there is no hope
[18:10] <zyga-ubuntu> mvo: oh, that's an interesting concept
[18:11] <zyga-ubuntu> do we tell the patient when that happens?
[18:11] <mvo> zyga-ubuntu: *cough*
[18:11] <mvo> zyga-ubuntu: or better *shhhh* ;)
[18:11] <zyga-ubuntu> https://commons.wikimedia.org/wiki/File:Deconference-2002-triage-tag.jpg
[18:11] <jdstrand> zyga-ubuntu (cc niemeyer): re https://lwn.net/Articles/738306/ (usbguard), this is actually on the security team's radar. It isn't bug free though. note that it isn't actually useful for snappy since the usb authorization system in the kernel is boolean, not application specific
[18:11] <jdstrand> zyga-ubuntu (cc niemeyer): however, the idea of hooking into the kernel's uevent stream like usbguard does is absolutely something we'll want to do
[18:12] <zyga-ubuntu> jdstrand: I was merely thinking about the "fingerprinting" logic where we could have stable-ish (more than now) identifiers for hotplug devices
[18:12] <zyga-ubuntu> jdstrand: yeah
[18:12] <zyga-ubuntu> jdstrand: I'd love to do implement that
[18:12] <jdstrand> zyga-ubuntu: if only the usbgurad fingerprinting worked well :\
[18:12] <zyga-ubuntu> mvo: I like how the "minor: walking wounded" category is green
[18:12] <jdstrand> zyga-ubuntu: we can certainly look at it
[18:12] <mvo> zyga-ubuntu: but seriously, if you have a fix and if its easy enough that even I can understand it I'm happy to take it
[18:12] <mvo> zyga-ubuntu: lol
[18:13] <zyga-ubuntu> mvo: I don't have a fix but I was thinking about one that may be very simple
[18:13] <zyga-ubuntu> mvo: one-line simple, I'll try tomorrow
[18:13] <mvo> zyga-ubuntu: oh? woah
[18:13] <mvo> zyga-ubuntu: that would be lovely
[18:13] <jdstrand> zyga-ubuntu: eg, if I plug my mouse into different buses, it shows up differently to usbguard
[18:13] <zyga-ubuntu> jdstrand: yeah, it's not a trivial problem in any way
[18:14] <zyga-ubuntu> jdstrand: but trivial problems are solved by dpkg
[18:14] <jdstrand> anyway, let me get to mpris then back to look at pr #4144
[18:14] <mup> PR #4144: interfaces: fix udev tagging for hooks <Created by zyga> <https://github.com/snapcore/snapd/pull/4144>
[18:14] <zyga-ubuntu> jdstrand: we are fixing interesting problems -
[18:14] <zyga-ubuntu> ;-)
[18:14] <jdstrand> :)
[18:14] <zyga-ubuntu> thanks :)
[18:24] <kyrofa> Yikes, github
[18:26] <zyga-ubuntu> ?
[18:28] <kyrofa> They're having javascript issues it seems
[18:31] <zyga-ubuntu> Son_Goku: I have centos 7 but too exhausted to play
[18:32] <zyga-ubuntu> Son_Goku: do some code reviews if you feel like jumping into layouts :)
[18:35] <kyrofa> Looks like he doesn't want to jump into layouts
[18:35] <zyga-ubuntu> kyrofa: or he jumped into layouts and is stuck in a namespace
[18:35] <kyrofa> Oooo, good one
[18:44] <Pharaoh_Atem> zyga-ubuntu: I hadn't seen the bug
[18:44] <Pharaoh_Atem> and HALP, stuck in namespace!
[18:44] <Pharaoh_Atem> :D
[18:45] <zyga-ubuntu> :-)
[18:46] <kyrofa> elopio, FYI, I'm looking at the Artful ruby errors. Want to make sure we aren't stepping on each other's toes
[18:47] <kyrofa> I'm also assuming we're not starting our nightly autopkgtest idea given that we're stilling waiting for stuff from the weekend
[18:47] <mvo> zyga-ubuntu: does 4146 (the 2.29 version) need cherry-picks from the changes that you did on the master version of this PR
[18:49] <sergiusens> kyrofa what do you feel about my comment on snapcraft#1633
[18:49] <mup> PR snapcraft#1633:  recording: record information from the image in container builds  <Created by elopio> <https://github.com/snapcore/snapcraft/pull/1633>
[18:49] <kyrofa> sergiusens, raise a warning i.e. parse the output anyway?
[18:50] <kyrofa> sergiusens, I totally agree that something we know is not YAML should not be parsed as YAML
[18:51] <kyrofa> So yeah, I like the idea of trying to use --json, warning if it doesn't work, then falling back to processing the CLI output, but not with a YAML processor
[18:51] <sergiusens> kyrofa no, if you do --format=json and it is not supported you would get an errno from the command
[18:51] <sergiusens> kyrofa I'd say, just not support it, period
[18:51] <kyrofa> Oh oh, this is recording
[18:52] <sergiusens> yes, this is recording
[18:52] <kyrofa> sergiusens, sorry, we're having this exact same discussion on another PR :P
[18:52] <kyrofa> Well, almost
[18:52] <kyrofa> sergiusens, yes, I agree
[18:54] <elopio> kyrofa: I am debugging the autopkgtest on travis error. Not yet ready to land.
[18:54] <sergiusens> kyrofa I know about the other PR, I just want to wrap up this recording thing; elopio want to close that one up with the latest comments?
[18:54] <elopio> thanks for looking into ruby. This is the segfault, right?
[18:54] <kyrofa> elopio, indeed
[18:55] <sergiusens> kyrofa elopio decided to just continue landing things if they made sense and thoroughly tested
[18:55] <kyrofa> sergiusens, fair enough. It's either that or kinda sit on our hands
[18:56] <kyrofa> I need to refresh my memory for how to run our adt suite in lxc
[18:56] <kyrofa> We can start doing that
[18:56] <elopio> sergiusens: I agree with the --json thing. I will revert the change after lunch, and make sure that we don't crash if it fails.
[18:57] <elopio> sergiusens: ack. I'll update my branches so they are ready to land. Most of them require an autopkgtest run though :(
[18:58] <elopio> kyrofa: about that failed travis execution, the CLA fails because the email is private. Rebase with master, to no longer carry that commit.
[18:59] <kyrofa> elopio, what's confusing is that there are only two commits on that PR, mine and kalikiana's
[18:59] <kyrofa> I merged with master, we'll see what Travis says. I'll rebase if necessary
[18:59] <sergiusens> kyrofa running the suite and unit tests in lxd should be our default :-)
[19:01] <zyga-ubuntu> mvo: looking
[19:01] <kyrofa> sergiusens, think so? It's a bit more of a barrier to proposing something
[19:01] <zyga-ubuntu> mvo: the 2.29 version is older, subsequent changes to master version are cosmetic though
[19:01] <sergiusens> kyrofa for us, not others
[19:01] <zyga-ubuntu> mvo: so I'd say no, no changes needed
[19:12] <kyrofa> sergiusens elopio, alright, I'll start running the autopkgtests for some of the PRs up now. I'll comment on the ones I've tested
[19:13] <kyrofa> Although... elopio will it install squashfuse by any chance for the snapd tests?
[19:13] <kyrofa> Otherwise it'll just fail partway through
[19:14] <matiasb_> sergiusens, elopio, o/ hey, when you get a few, any chance you can take another look at facundo's MP on metadata handling? https://github.com/snapcore/snapcraft/pull/1634
[19:14] <mup> PR snapcraft#1634: Push metadata to the Store <Created by facundobatista> <https://github.com/snapcore/snapcraft/pull/1634>
[19:19] <elopio> kyrofa yes, squashfuse should be installed for the suites that install snaps
[19:19] <kyrofa> Whew, good
[19:20] <elopio> matiasb: sorry for the delay. We have been stuck on autopktest for too long. I'll take another look today
[19:21] <matiasb> elopio, np, just wanted to check it is in your radar, thx
[19:45] <cachio> jdstrand, nice, thanks, so the denials that I shared yesterday should be fixed with this PR, right?
[19:49] <jdstrand> cachio: yes
[19:50] <jdstrand> cachio: I mean, I didn't test it beyond the policy compile (I just took the connected slot rule and used the unconfined label), but yeah, it should work
[19:51] <cachio> jdstrand, great, tx
[19:57] <zyga-ubuntu> jdstrand: still fighting the mpris bug/
[19:59] <mup> PR snapd#4175 closed: dirs: use alt root when checking classic confinement support without … <Created by bboozzoo> <Merged by zyga> <https://github.com/snapcore/snapd/pull/4175>
[20:12] <mwhudson> kyrofa, kalikiana: "lxc info remote:" is real yaml, "lxc info container" is not
[20:12] <mwhudson> unfortunately it's the latter that is really needed
[20:21] <mwhudson> heh heh "curl --silent --unix-socket /var/lib/lxd/unix.socket http://a/1.0/containers/complete-amoeba | jq .metadata.architecture" works for the local remote...
[20:26] <jdstrand> zyga-ubuntu: I just finished
[20:26] <jdstrand> cachio: fyi, I mentioned to mvo that I might have a PR for mpris. I will not. no bug in snapd (afaics)
[20:30] <jdstrand> cachio: mentioning it to you since he is offline and this was potentially something extra for 2.29.3, which I know you are helping validate
[20:36]  * zyga-ubuntu had fun watching https://www.youtube.com/watch?v=M6xZZiaLOV4
[20:47] <kyrofa> elopio, can you explain why snapcraft seems to be running units in debug mode in adt, but not normally?
[20:47] <kyrofa> (getting a failure in master due to this)
[20:50] <cachio> jdstrand, perfect
[20:51] <cachio> jdstrand, about the read access to /dev/mem
[20:52] <cachio> how should I make to run to read in the allowed spaces
[20:52] <jdstrand> cachio: otoh, I'm not sure, but I think mvo was looking into it
[20:53] <elopio> kyrofa, do you mean with --debug?
[20:53] <kyrofa> elopio, yeah
[20:53] <jdstrand> cachio: there is something called CONFIG_STRICT_DEVMEM that is getting in the way
[20:54] <jdstrand> there are ways to use it, but otoh idk
[20:54] <elopio> kyrofa: sounds weird that unit tests are using debug, because they don't call the snapcraft command.
[20:54] <kyrofa> elopio, I don't even now why units are run, haha
[20:54] <kyrofa> Yeah something weird is happening
[20:55] <kyrofa> All I see in debian/tests are integration and snaps tests
[20:55] <jdstrand> mvo: hey, fyi, I won't be submitting anything for mpris. I'm done (for now)
[20:55] <jdstrand> heh
[20:55] <cachio> jdstrand, so, is it any way to use that interface?
[20:55] <elopio> kyrofa: adt starts building the deb, and for that the unit tests are run
[20:56] <kyrofa> Ah right, of course
[20:56] <kyrofa> I'll look that way
[20:56] <cachio> should I disable the CONFIG_STRICT_DEVMEM?
[20:56] <jdstrand> cachio: that's a kernel config option
[20:57] <cachio> jdstrand, so the only way is rebooting the machine
[20:57] <jdstrand> cachio: there should be a way to do it (X uses it afaik), but I personally don't know the incantation required
[20:58] <kyrofa> elopio, huh, is it automatically determining how to run the units?
[20:58] <kyrofa> It's probably wrong, then
[20:59] <kyrofa> And sets the logger level wrong
[20:59] <elopio> kyrofa: setup.py defines the tests to run
[20:59] <jdstrand> cachio: the kernel-module-control interface needed it for read access. that interface was written for livepatch. maybe something in there that could give a clue
[21:00] <kyrofa> Oh! I've never run tests that way before
[21:02] <elopio> tests that depend on logger levele should set it up. But as far as I know, nothing on adt touches that
[21:02] <jdstrand> cachio: I suspect you can read it, but need to access it in a specific way. we have in the interfacec: "allow reading /dev/mem for read-only access to architecture-specific subset of the physical address (eg, PCI, space, BIOS code and data regions on x86, etc)."
[21:03] <jdstrand> cachio: all Ubuntu kernels use STRICT_DEVMEM=y so you wont' be able to test write access (physical-memory-control) on Ubuntu kernels
[21:03] <pedronis> mmh, I'm seeing this tests fail  linode:ubuntu-16.04-32:tests/main/xdg-open-compat: with apt download snapd-xdg-open=0.0.0~16.04 => E: Version '0.0.0~16.04' for 'snapd-xdg-open' was not found
[21:03] <jdstrand> cachio: there might be a kernel snap somewhere that uses STRICT_DEVMEM=n, but I don't know which one. I would guess perhaps an armhf kernel, but that is only a guess
[21:04] <cachio> jdstrand, ok, I'll research about it
[21:05] <pedronis> mmh, it works here, strange fluke
[21:06] <kyrofa> elopio, why is the ruby integration test using such an old version of ruby?
[21:06] <cachio> jdstrand, I'll take a look to the armhf ones
[21:06] <cachio> thanks
[21:06] <jdstrand> cachio: oh, I forgot we have a test for this. here is some more context: https://wiki.ubuntu.com/Security/Features#A.2Fdev.2Fmem_protection
[21:06] <jdstrand> cachio: let me get the link for the test
[21:07] <cachio> jdstrand, nice
[21:08] <kyrofa> elopio, well, it's not ancient I suppose. But versions < 2.4 don't seem to build with GCC7
[21:09] <kyrofa> I'm gonna propose changing it unless there was a good reason we were using the old one
[21:09] <elopio> kyrofa: no good reason that I can think of. But should we raise an early exception if we see gcc7 and ruby < 2.4?
[21:09] <jdstrand> cachio: oh boo. the test for STRICT_DEVMEM only verifies /boot/config... is set
[21:10] <kyrofa> elopio, I don't think so, might be fixed at some point
[21:10] <jdstrand> cachio: so nothing to verify the kernel protection is working
[21:11] <cachio> jdstrand, well the the that I did :)
[21:11] <elopio> kyrofa: updating the tests works for me.
[21:12] <jdstrand> cachio: Xorg might be something to look at if research doesn't help much
[21:12] <kyrofa> elopio, alright. Testing once more, then I'll propose
[21:12] <kyrofa> elopio, back to the autopkgtests: note that `python3 setup.py test` fails with the same error
[21:12] <kyrofa> So it's using a weird logging level
[21:16]  * elopio runs that
[21:17] <zyga-solus> jdstrand: hmm
[21:17] <zyga-solus> jdstrand: it _is_ sorted by command now :)
[21:17] <zyga-solus> jdstrand: unless I missed something
[21:18] <jdstrand> oh, hmm. I checked the new commits and I must've missed something
[21:18]  * zyga-solus tries to pull the diff
[21:19] <zyga-solus> https://github.com/snapcore/snapd/pull/4144/files#diff-641ccdace7a269ed745615226d7f4cffR111
[21:19] <mup> PR #4144: interfaces: fix udev tagging for hooks <Created by zyga> <https://github.com/snapcore/snapd/pull/4144>
[21:19] <zyga-solus> here
[21:19] <zyga-solus> is that what you expected?
[21:19] <jdstrand> zyga-solus: I see it now
[21:19] <zyga-solus> jdstrand: it's not super pretty because of that comment
[21:19] <zyga-solus> and we could be smarter about how to lay out stuff
[21:20] <zyga-solus> but it's a start
[21:20] <zyga-solus> also because of those comments it's ordered by TAG, interface, snippet
[21:20] <zyga-solus> which is at least, consistent :)
[21:21] <jdstrand> that sounds great
[21:25] <g4l> Hello guys! I'm try to connect to my vpn server, on a snappy ubuntu core os. using easy-openvpn.connect-server, I face this error: "ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)"
[21:25] <g4l> I'm thinking about some network permissions?
[21:26] <elopio> kyrofa: snapcraft.tests.test_lifecycle.ExecutionTestCase.test_dependency_recursed_correctly ?
[21:27] <kyrofa> Yep
[21:28] <kyrofa> g4l, if you run `snap interfaces`, are all of them connected?
[21:28] <ikey> zyga-solus, got 2.29.2 built
[21:28] <ikey> gonna try installing it and seeing how much i broke it
[21:28] <kyrofa> Can't remember if network management is granted by default
[21:28] <g4l> :firewall-control          docker,easy-openvpn
[21:28] <ikey> also yay for mkversion.sh taking an argument
[21:29] <kyrofa> elopio, see the ""GET /v2/snaps HTTP/1.1" 200 None" there throwing it off?
[21:29] <ikey> and not causing one
[21:29] <g4l> :network-control           easy-openvpn
[21:29] <g4l> :home                      easy-openvpn
[21:29] <g4l> I think that these 3 are enough
[21:29] <kyrofa> g4l, huh, yeah those are the ones I was thinking
[21:29] <kyrofa> g4l, although, did you use sudo?
[21:30] <cachio> jdstrand, the good part is that the test is working in debian, fedora and opensuse
[21:30] <elopio> kyrofa: seems to be affected by another test. ugh, that's hard to reproduce.
[21:30] <kyrofa> elopio, argh, I hate those
[21:30] <g4l> I did try. some other problems show up: "Options error: In [CMD-LINE]:1: Error opening configuration file: "
[21:30] <cachio> jdstrand, it is weird, why I can ready /dev/mem from the console
[21:30] <kyrofa> g4l, because adding tun/tap interfaces definitely requires sudo. For anything more snap-specific, you'll need to talk to the maintainer
[21:30] <ikey>  snap run ohmygiraffe
[21:30] <ikey> cannot perform operation: mount --rbind /lib/modules /tmp/snap.rootfs_qF4Snx//lib/modules: Permission denied
[21:31] <ikey> pfft.
[21:31] <kyrofa> elopio, it happens every time for me, three times in a row
[21:32] <zyga-solus> ikey: any denials?
[21:32] <zyga-solus> ikey: on which snapd?
[21:32] <zyga-solus> ikey: I have _that_ snap installed and it works
[21:32] <ikey> AVC apparmor="DENIED" operation="open" profile="/usr/lib64/snapd/snap-confine" name="/etc/os-release" pid=2163 comm="snap-confine" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[21:32] <zyga-solus> right here on solus
[21:33] <zyga-solus> that's so weird, /etc/os-release is allowed by the profile
[21:33] <ikey> Nov 08 21:30:37 ironhide kernel: audit: type=1400 audit(1510176637.423:37): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="/usr/lib64/snapd/snap-confine" name="/tmp/snap.rootfs_qF4Snx/lib/modules/" pid=2163 comm="snap-confine" srcname="/lib64/modules/" flags="rw, rbind"
[21:33] <zyga-solus> hm
[21:33] <zyga-solus> actually, it's not
[21:33] <ikey> ok well that one is fairly trivial
[21:33] <ikey> needs lib+lib64
[21:33] <ikey> stupid solus with its weirdisms
[21:33] <zyga-solus> but that's an old copy of snap-confine probably
[21:33] <ikey> ?
[21:33] <g4l> kyrofa, even as root, I can't make it. has no one ever try to configure this on a rpi3 ?
[21:34] <ikey> im on snapd 2.29.2
[21:34] <ikey> and id rebooted
[21:34] <zyga-solus> ikey: you will find that /lib/modules is baked into snap-confine itself
[21:34] <ikey> aye
[21:34] <zyga-solus> ikey: ah, I'm still on 2.27
[21:34] <ikey> oh yeah 2.27 is gloriously fine
[21:34] <ikey> 2.29.2 is choking on cookies
[21:34] <ikey> ima fix
[21:34] <kyrofa> g4l, please file a bug, I'm afraid I don't know anything about that snap
[21:34] <zyga-solus> ironically that's one of the things we could get into the new profiles now
[21:35] <zyga-solus> where it could be distro-based easily from snapd side
[21:35] <zyga-solus> ikey: tomorrow we do 2.29.3
[21:35] <kyrofa> g4l, https://bugs.launchpad.net/snappy-hwe-snaps/+filebug from the look of it
[21:35] <zyga-solus> there are a few PRs tagged for 2.29
[21:35] <ikey> ok
[21:35] <zyga-solus> milestoned
[21:35] <zyga-solus> not tagged in git sense
[21:36] <ikey>     mount options=(rw rbind) {,/usr}/lib{,32,64,x32}/modules/ -> /tmp/snap.rootfs_*{,/usr}/lib/modules/,
[21:36] <ikey> surely that already covers it?
[21:36] <ikey> or im being thick altogether
[21:36] <ikey> why it even needs my kernel modules ive no idea
[21:36] <zyga-solus> it looks good
[21:37] <zyga-solus> "failed flags match"
[21:37] <ikey> right
[21:37] <zyga-solus> I'm too tired
[21:37] <ikey> maybe somehow rw, rbind != rw rbind ?
[21:37] <zyga-solus> sorry, I need to stop typing
[21:37] <zyga-solus> tomorrow :)
[21:37] <ikey> kk
[21:41] <mup> PR snapcraft#1721 opened: integration tests: use ruby v2.4.2 <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1721>
[21:41] <ikey> oo the patch isnt in 2.29.2..
[21:41] <ikey> k well that makes sense then
[22:00] <mup> PR snapd#4182 opened: cmd/snap-confine: Ensure snap-confine is allowed to access os-release <Created by ikeydoherty> <https://github.com/snapcore/snapd/pull/4182>
[22:17] <elopio> kyrofa: can you please try this patch with your autopkgtest runs? http://paste.ubuntu.com/25920819/
[22:52] <mup> PR snapd#4183 opened: cmd/snap-confine: Respect biarch nature of libdirs <Created by ikeydoherty> <https://github.com/snapcore/snapd/pull/4183>
[22:55] <kyrofa> elopio, it's the parser test
[22:56] <kyrofa> I'm not sure how yet, but it is
[22:56] <ikey> turns out you guys were serious about snap-update-ns being static. :p
[23:03] <ikey> tada https://plus.google.com/+Solus-Project/posts/hG14dctjrfg
[23:22] <elopio> can somebody open build.snapcraft.io? I think I broke it :(
[23:22] <nacc> elopio: or is it affected by the canonical maintenance?
[23:23] <elopio> nacc: phew, so it wasn't me :)
[23:24] <nacc> elopio: it's nnot explicitly metioed, but the store and "Ubuntu web sites" are
[23:24] <nacc> *Canonical and Ubuntu
[23:30] <diddledan> aha, I was just about to ask whether I broked it
[23:32] <kyrofa> IRC is back, test again
[23:35] <mcphail> ikey: I love that ohmygiraffe has become the de facto test of snapd :)
[23:35] <ikey> lol yea
[23:36] <ikey> its nice because GL + sound + xdg