/srv/irclogs.ubuntu.com/2017/11/14/#snappy.txt

kyrofaThat makes the snapd suite far more than just hello-type snaps00:00
kyrofaBut I'm fine with it as long as running the snaps doesn't add a lot of time00:01
elopiokyrofa: some of them should be in the plugins integration suite, right?00:01
elopiothe ones that don't require execution.00:01
kyrofaYeah that would be better... but then we have problems :P00:02
kyrofaJust trying to figure out what we want to do about snapcraft#171700:02
mupPR snapcraft#1717: catkin plugin: check for pip packages in part only <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1717>00:02
elopiokyrofa: I haven't seen that plainbox error before, but permission denied in tmp isn't it the same we get in ruby?00:04
kyrofaelopio, I've never seen that for ruby, I just saw an inability to find rbconfig.rb00:04
elopiokyrofa: http://paste.ubuntu.com/25954649/ line #400:06
kyrofaelopio, that's probably shebang rewriting etc. Yeah, not sure why permission would be denied there00:06
kyrofaBut it's a separate issue from the breakage a few lines below00:07
kyrofa(which I've fixed)00:07
kyrofaelopio, note that I see those warnings as well00:08
kyrofa(just checked)00:08
kyrofaelopio, looks like ruby sets gems to 444 (read-only)00:09
kyrofaSo, non-fatal indeed00:09
kyrofaWe can ignore those00:09
=== mwhudson_ is now known as mwhudson
elopiokyrofa: ahh, I was looking at the wrong place then. Where are you getting those plainbox errors? to try to reproduce00:13
kyrofaelopio, on xenial, adt running in xenial lxc00:13
kyrofaI'll be running another one in a minute, see if it happens again or if it was a fluke of some kind00:13
elopiokyrofa: amd64?00:14
kyrofaelopio, yes indeed, sorry00:14
elopioyeah, I haven't seen that one.00:14
kyrofasergiusens, elopio, both of those PRs depend on making a call on where we want that test to be00:16
kyrofaI vote for leaving it alone until we can split the plugins suite00:17
elopiokyrofa: +1. Make the move after we have the reorg branch, probably to snapcraft/integration/plugins/catkin00:21
elopiothe hard part is to define where to put all the ones that are not catkin, naming those directories "general" is kind of sad.00:22
elopiomaybe, we can make a filter, and run everything except catkin.00:22
kyrofaelopio, hmm, aren't the filters regex though?00:23
elopiokyrofa: they could be.00:23
kyrofaNegative regex gets gross00:24
elopioyes. I don't have a solution for this, but I'm happy to push it for later.00:25
sergiusensreorgs later00:25
kyrofaGood00:26
kyrofaI'll run a zesty test on 171700:26
kyrofaelopio, thanks for the --setup-commands hint, by the way. I'll propose that for our testing doc once this release is out the door00:31
kyrofaRunning 1719 zesty:amd64 on my server as well00:41
kyrofaelopio, how do you feel about upping the ROS timeouts for arm adt?00:41
elopiokyrofa: I'm ok with that00:44
kyrofaEvery time it happens they're priming or snapping, so we're so close00:44
kyrofaIt also means it's not a legit hang, it's just taking a little longer00:44
elopiokyrofa: also, they can be moved to integration tests, right?00:44
kyrofaelopio, oh, are we talking about the demos?00:45
kyrofaelopio, yes they can, but then we run into the same question of where to put them00:45
kyrofaSeems pointless to move them until we have a place they can stay00:46
elopiokyrofa: they will be slow snapd integration tests, so they will only run on adt00:47
kyrofaOh riiight00:47
elopiowe haven't set a timeout for those, but we probably should.00:47
kyrofaI'd still rather just tweak the timeouts here so I don't need to retest them00:48
kyrofa(for release I mean)00:48
elopiokyrofa: ah, yes, for now, just bump that.00:51
elopioI would hate to cause a timeout in a different place, again.00:51
kyrofaNo kidding00:51
kyrofaI just wanna get this thing out the door00:51
mupPR snapcraft#1731 opened: demo tests: bump catkin timeout by ten minutes <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1731>00:58
kyrofaelopio, ^00:58
sergiusenskyrofa elopio fwiw I am not fond of timeouts01:42
* sergiusens looks for a clever blog post with why01:42
sergiusensmeh, I cannot find any. I wouldn't use timeouts on test hardware that is shared or out of our control01:44
sergiusensthere are so many things that can go wrong01:44
mupPR snapd#4211 opened: tests: adding tests for time*-control interfaces <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/4211>02:22
kyrofasergiusens, fine by me, they do cause issues02:28
kyrofasergiusens, we can remove them after this release, when we slurp them into the snapd suite02:29
kyrofa(which doesn't have timeouts)02:29
kyrofa(at least, I don't think they do. Maybe they have shorter timeouts though, we'll have to check)02:29
sergiusenskyrofa \o/02:38
=== JoshStrobl is now known as JoshStrobl|zzz
kyrofasergiusens, bug #1732065 is probably for you03:32
mupBug #1732065: dotnetplugin: use of xenial-only stage-packages <Snapcraft:New> <https://launchpad.net/bugs/1732065>03:32
sergiusenskyrofa heh, the dotnet plugin will not work on anything but xenial03:33
kyrofasergiusens, alrighty, more skips!03:33
sergiusenskyrofa seems the tests for snapcraft#1730 went rather well03:35
mupPR snapcraft#1730: ruby plugin: be smarter about arch-specific paths <bug> <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1730>03:35
kyrofasnappy-m-o, autopkgtest 1731 xenial:armhf03:35
snappy-m-okyrofa: I've just triggered your test.03:36
kyrofasergiusens, armhf is red, let me see...03:36
kyrofaUgh. Network problems03:37
sergiusenskyrofa ros test and python, network related and unrelated to this, but please double check03:37
kyrofasergiusens, indeed, both network related03:37
sergiusenskyrofa is snapcraft#1717 good when looking at the errors?03:38
mupPR snapcraft#1717: catkin plugin: check for pip packages in part only <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1717>03:38
kyrofasergiusens, for zesty anyway, yeah. But that skips some tests... would sure like xenial armhf to run03:39
kyrofaBut then we hit the timeout issue03:39
sergiusenskyrofa is that the 10 thing?03:40
kyrofasergiusens, yep03:40
kyrofaarmhf is running there now03:40
kyrofaOr queued at least03:40
sergiusenskyrofa be more ambitious, triple it03:40
kyrofaHahaha03:40
kyrofaYou got it03:40
sergiusensas if there were no timeout03:40
sergiusensreally03:40
sergiusensI asked elopio a year ago to remove these timeouts03:40
sergiusensthe only thing we do when we reach them is increase it03:40
mupPR snapcraft#1730 closed: ruby plugin: be smarter about arch-specific paths <bug> <Created by kyrofa> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1730>03:40
sergiusensand we already have the timeouts imposed by the machinery running the tests anyways03:41
kyrofasnappy-m-o, autopkgtest 1731 xenial:armhf03:43
snappy-m-okyrofa: I've just triggered your test.03:43
kyrofasergiusens, done03:43
sergiusensgreat03:44
kyrofasergiusens, my adt run on snapcraft#1719 blew up, unfortunately, it seems like it doesn't like running in nested containers. I'm starting it again here, but it takes about two hours03:47
mupPR snapcraft#1719: many: account for python shebang args in rewrite <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1719>03:47
kyrofa(zesty:amd64)03:47
kyrofaWould be nice to see xenial:armhf there as well but there seems little point in queuing that up until the timeout fix lands03:48
kyrofaI'll check back in a bit03:49
sergiusenskyrofa one sec03:49
sergiusenscan you review something real quick?03:49
kyrofaSure03:49
sergiusenskyrofa #173203:50
mupPR #1732: many: respect dirs.SnapSnapsDir in tests <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/1732>03:50
sergiusenskyrofa hmph, snapcraft#173203:50
mupPR snapcraft#1732: tests: dotnet only works on 16.04 <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/1732>03:50
kyrofasergiusens, haha, I got it. Always gets ya, though!03:51
sergiusenskyrofa I am doing it on purpose sometimes, maybe enough "incorrect" people get pinged that it gets removed as the implicit default :-P03:51
kyrofaHahahahaha03:51
kyrofasergiusens, +103:52
kyrofaAlright, back soon03:52
mupPR snapcraft#1732 opened: tests: dotnet only works on 16.04 <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/1732>03:52
HazWardIs there a guide to package Wine programs into snaps? I want to try out some windows programs but I don't want to have all those dependencies03:57
mupIssue snapcraft#1492 closed: Support for advanced filtering for build-packages <designed> <Created by sergiusens> <Closed by sergiusens> <https://github.com/snapcore/snapcraft/issue/1492>04:38
sergiusenssnappy-m-o  autopkgtest 1732 artful:amd6404:40
snappy-m-osergiusens: I've just triggered your test.04:40
ikeyhad to push a fix to the full-nvidia-support PR04:43
ikeyturns out Ubuntu uses a slightly different filename convention for vulkan ICDs (it doens't start with 10_ so i glob without the 10 now..)04:43
kyrofaTests still running...05:38
kyrofaThe timeout-increasing PR has its armhf run going though, looks like05:41
kyrofaI suspect things will come together tomorrow05:41
mupPR core#64 opened: 30-fix-timedatectl.chroot: fix quoting issues <Created by mvo5> <https://github.com/snapcore/core/pull/64>06:50
* zyga-ubuntu is doing some tax work in the morning, sorry about that07:45
mupPR snapd#4212 opened: tests/interfaces-network-control-tuntap: disable on debian-unstable for now <Created by mvo5> <https://github.com/snapcore/snapd/pull/4212>08:21
zyga-ubuntumvo: hint: all of debian unstable is broken08:23
zyga-ubuntumvo: because of https://forum.snapcraft.io/t/snapd-2-27-6-2-in-debian-sid-blocked-on-apparmor-in-kernel-4-13-0-1/2813/1208:24
zyga-ubuntumvo: so perhaps we need to refresh the debian image and fix this for real, disabling all of debian while this happens08:24
mvozyga-ubuntu: I see only the failures in tun/tap so far08:25
mvozyga-ubuntu: but those are quite consitent08:25
zyga-ubuntumvo: what is the error there?08:26
mvozyga-ubuntu: permission denied08:26
mvozyga-ubuntu: I have not checked (yet) for the details, just want to unblock master for now08:27
mvozyga-ubuntu: there are some PRs ready otherwise08:27
pedronispstolowski: hi, I re-reviewed #415808:55
mupPR #4158: snapctl: don't error out on start/stop/restart from configure hook during install or refresh <Created by stolowski> <https://github.com/snapcore/snapd/pull/4158>08:55
pstolowskipedronis, ty08:57
mvopedronis: hey, good morning. can I run an idea by you? I have created https://github.com/snapcore/snapd/compare/master...mvo5:refresh-candidates-managed?expand=1 as a starting point for the work for the refresh.schedule=managed PR. my idea was that if the refresh schedule is managed there is code that calls store.ListRefresh() with the RefreshControlManaged flag. do you think this makes sense or would you suggest a different approach?09:06
mvoalso 4212 would unblock master09:07
mvoif it gets reviews09:07
mupPR snapd#4212 closed: tests/interfaces-network-control-tuntap: disable on debian-unstable for now <Created by mvo5> <Merged by zyga> <https://github.com/snapcore/snapd/pull/4212>09:07
* mvo hugs zyga09:07
mvozyga-ubuntu: lets try to merge in a controlled way so that we don't cause a travis congestion09:08
zyga-ubuntumvo: ok, let's coordinate here09:08
mvozyga-ubuntu: I will push 4204 as this should be ready now09:09
zyga-ubuntuhttps://github.com/snapcore/snapd/pull/4207 can land09:09
mupPR #4207: Flesh out NVIDIA support for biarch and multiarch systems <Created by ikeydoherty> <https://github.com/snapcore/snapd/pull/4207>09:09
mvozyga-ubuntu: also 420209:09
zyga-ubuntu4202 has some comments09:09
zyga-ubuntuif you add those that's fine09:09
mvozyga-ubuntu: I think he addressed them, no?09:10
pedronismvo: we are trying not do add new headers09:10
pedronisbecause we are redesigning all of them09:10
mvopedronis: aha, happy to use json then, any suggestions for a straw-man?09:10
pedronismvo: I mean it's ok if first iteration doesn't flag this anyway09:11
pedronisit's really a question for cprov tbh09:11
mvopedronis: what the json should look like09:11
mvopedronis: oh, you mean in the first iteration we don't need this flag send? fair enough, I can hold back then if it does not make sense to add it at this point (because of the store API work)09:12
pedronismvo: I don't know, the issue is also that if we send something like this probably we need to send it with all calls09:12
pedronisnot just the extra calls09:12
mvopstolowski, zyga-ubuntu: is there anything controversial in 4120? it looks quite mechanical, if this is the agreed interface it seems we want to merge it. or does it need a gustavo +1?09:12
pedronismvo: I don't think it make sense to add a flag without discussing how it will be used09:13
pedronisfor that we probably need cprov09:13
mvopedronis: all refresh calls or all all calls, i.e. install etc as ewll?09:13
pedronisall refresh calls at least09:13
pedronisbut see general point09:13
zyga-ubuntumvo: I'll look in  a sec09:13
mvopedronis: adding it to all refresh calls was my plan, but happy to hold off for now and discuss wider first. sorry for the rush, was mostly because we want the managed mode in 2.30 but if we can life without the flag for v1 all is well09:14
mvopedronis: I followup in the forum09:14
pstolowskimvo, i hope there is nothing controversial09:17
pedronisthat was the agreed direction,  Permanent takes Info sanitized at read time09:18
Chipacamo'in09:19
mvopedronis: great, then its just a second review and it can go in. thanks for your feedback09:19
mvohey Chipaca09:19
pedronismvo: yes, please write something in the topic09:19
ackkChipaca, hi, could you please have another look at https://github.com/snapcore/snapd/pull/3916 ? I think I addressed the remaining comments09:20
mupPR #3916: snap,wrappers: add support for socket activation <Created by albertodonato> <https://github.com/snapcore/snapd/pull/3916>09:20
Chipacasure09:21
ackkthanks09:21
cprovmvo, pedronis: Hi! how can I help ?09:25
mvocprov: hey, good morning09:25
cprovmvo: morning09:26
mvozyga-ubuntu: you did say that you want to have a look at 4207, right?09:28
mvozyga-ubuntu: it has two +1 already but you are the expert in this area so your review will certainly not hurt :)09:28
zyga-ubuntumvo: I will look again and merge it09:30
zyga-ubuntuthank you :)09:30
* zyga-ubuntu is almost done with taxes09:31
zyga-ubuntumvo: +1 to land https://github.com/snapcore/snapd/pull/412009:40
mupPR #4120: repo: use PlugInfo and SlotInfo for permanent plugs/slots <Created by stolowski> <https://github.com/snapcore/snapd/pull/4120>09:40
pstolowskithanks109:42
mupPR snapcraft#1731 closed: demo tests: bump catkin timeout by a lot <Created by kyrofa> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1731>09:45
mupPR snapd#4120 closed: repo: use PlugInfo and SlotInfo for permanent plugs/slots <Created by stolowski> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4120>09:46
mupPR core#64 closed: 30-fix-timedatectl.chroot: fix quoting issues <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/core/pull/64>09:52
sergiusenssnappy-m-o autopkgtest 1717 xenial:armhf10:01
snappy-m-osergiusens: I've just triggered your test.10:01
* zyga-ubuntu goes to the doctor with his son 10:09
Chipacaackk: +1; merged10:11
Chipacaackk: thank you!10:11
mupPR snapd#3916 closed: snap,wrappers: add support for socket activation <Created by albertodonato> <Merged by chipaca> <https://github.com/snapcore/snapd/pull/3916>10:11
ackkChipaca, \o/ thanks :)10:11
ackkChipaca, are the blockers for the snapcraft PR to alow that syntax?10:12
Chipacaackk: je ne sais pas10:16
Chipacaackk: that's a snapcrafter question :-)10:16
Chipaca(i haven't been following that particular thing)10:16
Chipacaackk: have you checked with review tools also?10:16
ackkChipaca, wdym?10:20
ackkyeah I should probably ask kyrofa about that one10:21
ackk(https://github.com/snapcore/snapcraft/pull/1617 FTR)10:21
mupPR snapcraft#1617: Add options to configure applications socket activation <Created by albertodonato> <https://github.com/snapcore/snapcraft/pull/1617>10:21
Chipacaackk: there's a sanity checker / enforcer that's run as part of a store upload that might block this (i don't know, but somebody should check)10:23
Chipacaackk: it used to be called click-review-tools (it might still be called that)10:23
ackkI see10:23
Chipacarabble rabble proud heritage rah rah10:24
cjwatsonChipaca: hey, so man pages :-)  I've been putting some weekend/evening time into getting man-db set up with apparmor and seccomp10:45
cjwatsonChipaca: at the moment the state of play is that I've got committed-but-not-uploaded changes to add an apparmor profile to /usr/bin/man that confines various groff-related processes that it starts, plus decompressors and other misc filters10:46
cjwatsonChipaca: I've also got work in progress to do seccomp confinement in other simpler cases - groff can't really be seccomp-confined because we need to be able to do path filtering (to let it open temp files but not other things)10:47
cjwatsonChipaca: how widely deployed would we want all this to be before we could be comfortable turning it on in snaps, though?10:48
cjwatsonChipaca: the main issue here is that seccomp confinement requires some new API in libpipeline, so it'd be difficult to SRU.  the apparmor confinement on its own would probably be quite easy to SRU.  might we be comfortable if we just had apparmor for groff-related processes called by man, which it seemed to me before was the main concern?10:49
Chipacacjwatson: wrt whether apparmor would be enough for us to be happy, that's a question for jdstrand10:49
cjwatsonOK, hopefully he'll see that.  I did run the profile past him10:50
Chipacacjwatson: wrt SRU, i'll check what mvo thinks; worst case we might look at rolling it into 1810:50
cjwatsonAIUI from Gustavo at the rally, 18 is more of a future escape hatch than a concrete plan10:50
cjwatsonso yeah, that's a worst case, seems like quite a bad one though :)10:50
Chipacacjwatson: wrt how widely deployed, i'm ok with letting the packager decide whether their target distribution supports it or not10:50
Chipacacjwatson: 18 is many things :-) but we'll be switching to an 18.04-based default at _some_ point10:51
Chipacaas opposed to our current 16.04-based default10:51
Chipacaand that's what i meant10:51
cjwatsonright, if you mean 18.04 base snaps rather than series 18 assertions or whatever, then sure10:51
Chipacaseries:18 is the thing that's an escape hatch10:51
cjwatsonhopefully should be able to get the apparmor profile SRUed to xenial after some bake time, though10:52
Chipacayes (for moost non-devs, a 18.04 base snap defaut is as 18 as it gets)10:52
Chipacathat would be ideal, agreed10:52
Chipacacjwatson: the change in libpipeline, it's a new API, not a changed one?10:54
cjwatsonthe main hole this leaves would be man-db's own scanning of manual pages to figure out what their NAME headers are.  there's literally never been a vulnerability in that, though, so I'm not too worried10:54
Chipacaso it can be made ABI-compatible?10:54
cjwatsonit's a new API, yes, but it'd effectively be a new upstream version10:54
cjwatsonalso new ABI, so not quite sure what you mean by ABI-compatibile10:54
cjwatson*compatible10:54
Chipacamaybe i misunderstood -- i thought if you just added new symbols you didn't need to bump the abi10:55
Chipacabut my knowledge of that part of the stack is very hazy :-)10:55
Chipaca(i've never had to learn it)10:56
cjwatsonChipaca: well, it's not a new SONAME so doesn't require a library transition or anything, sure10:56
Chipacaright, that's what i meant, thank you10:56
Chipacacjwatson: taking a step back, that's great news, and thank you for your work on this! I'll try not to get too excited until more bits get put in place, but it's hard :-)10:59
cjwatsonright, it'll take a week or two more until everything lands in bionic, probably, since the seccomp stuff requires some care about portability.  Just mainly wanted to check whether I was missing anything important11:01
ChipacaSon_Goku: o/11:10
Son_Gokuhey11:10
ChipacaSon_Goku: question for you: if you set MANPATH to include, say, /var/lib/snapd/snap/man, and that directory contained manpages, would your man pick it up, or would its confinement block that?11:12
Son_Gokuit'd probably get blocked11:13
niemeyero/11:13
Son_Gokuniemeyer: hi11:13
Son_Gokuman can only access files labeled as "man_t"11:13
Son_GokuI'd probably have to fiddle with the SELinux policy to make sure any files in /var/lib/snapd/snap/man were marked as man pages11:14
Son_Gokuor at least could transition from type snappy_var_t to man_t11:14
ChipacaSon_Goku: could snapd do that labeling?11:14
Son_Gokuit *should*11:15
mvopedronis: I think I'm at the point now where I would like to use the fakestore with a fake snapDeclaration for my snapd refresh managed PR, maybe we can have a quick chat after the standup? happy to work on it just want to make sure things are aligned11:15
Son_Gokuthe fact it doesn't is super annoying11:15
ChipacaSon_Goku: ok, i'll keep it in mind11:15
Son_Gokuit should be generating all of these policy things11:15
ChipacaSon_Goku: tell me more11:15
Chipacaabout "all of these policy things"?11:15
Chipacai mean, i have no idea how to label something, but i presume it's something that could in worst case be done via a command11:16
Chipacaso snapd could do it as part of install11:16
Son_Gokusure11:16
Son_Gokuthere are a few ways to do it11:16
Chipacaso my question is more what needs labeling11:16
Son_Gokulibselinux provides a programmatic way to do it, but you can also use chcon to do it11:16
Son_Gokuit does run the risk of being reset unless a policy is generated and loaded11:17
Son_Gokuso snaps need to be labeled correctly on install and mount11:17
Son_Gokumatching the label in the snapd policy profile for them11:17
Son_Gokuassuming man is confined, man pages on install need to be labeled correctly, too11:18
ChipacaSon_Goku: what would do that resetting? and how does a policy loading stop the reset?11:18
pedronismvo: yes, it's almost lunch here, we can chat after the standup, this morning I looked around about what is the current situation about that11:18
Son_Gokuand snapd should be generating policies to enforce these so that when the user runs restorecon, it doesn't get reset by policy11:18
Son_Gokuthe restorecon command can be used to reset all filesystem labels to match what's in the loaded SELinux policy11:19
ChipacaSon_Goku: is the policy something like "everything under /foo/bar has label baz"?11:19
Son_Gokuyes, it can be11:19
ChipacaSon_Goku: so we could instead have that and do restorecon?11:20
Son_Gokuyes11:20
Chipacaor would that be frowned on11:20
Son_Gokuno, that's fine11:20
Son_Gokuyou can tell restorecon to restore only within a set of paths11:20
Son_Gokurather than the whole filesystem11:20
ChipacaSon_Goku: and how does restorecon affect running processes?11:20
Son_Gokuit doesn't11:21
=== chihchun_afk is now known as chihchun
Chipacaok11:21
Son_Gokuprocesses get their SELinux context from when they're initialized11:21
Son_Gokuthat comes from the label they were on disk11:21
ChipacaSon_Goku: thanks (i'll ask and dig more when i'm closer to the feature)11:21
Son_Goku:)11:21
Chipacathis gives me a general feel of what needs to happen :-)11:21
Son_Gokufor SELinux, there are two "languages" for them: a high level language (you can see that here: https://github.com/snapcore/snapd/tree/master/data/selinux), and an intermediate language that you can use to build another language to compile to: https://github.com/SELinuxProject/cil/wiki11:23
Chipacacjwatson: is the libpipeline work being done upstream? would fedora be picking that up as well?11:23
cjwatsonChipaca: I am upstream for libpipeline11:24
cjwatsonso yes11:24
mvopedronis: same here, lunch and meetings, looking forward for your ideas :) enjoy lunch11:24
Chipacacjwatson: thank you11:24
Son_GokuChipaca, since snapd has its own high level language for security constructs, any programmatic SELinux enablement would probably be done by leveraging the CIL11:24
Son_GokuCIL constructs can be directly loaded into the kernel11:25
ChipacaSon_Goku: I know some of those words! I'll see how much I need to learn down the road (not now though)11:26
Son_Goku:D11:27
ChipacaSon_Goku: the context is that we'll be adding manpage support at some point, and want man to be able to load manpages from snaps while minimising risk11:28
Son_Gokuright11:28
Son_Gokuthe CIL structure more closely resembles how AppArmor profiles are written, so that might be helpful for you ;)11:29
* Chipaca goes back to reviewing stuff11:30
Son_Gokualso... restorecon: https://www.mankier.com/8/restorecon11:30
* kalikiana tea break11:36
cjwatsonthe in-progress apparmor profile is https://anonscm.debian.org/cgit/pkg-man-db/man-db.git/tree/debian/apparmor/usr.bin.man FWIW11:38
cjwatsondefinitely not perfect but it protects the bits that deal with untrusted data most directly11:39
andyrockogra_:  regarding the problem of snaps mounts appearing in gdu11:48
andyrockthe mount options 'x-gdu.whatdever' cannot be used because it requires that to be in fstab11:48
andyrockan enviroment variable cannot be used because cannot be get using udisk211:49
zyga-ubunture11:50
zyga-ubuntuJamieBennett: I'm home now11:50
andyrockzyga-ubuntu: http://paste.ubuntu.com/25960186/11:51
andyrockI asked upstream if we can just mark them as udisk2 ignored11:52
andyrockand maybe gdu can avoid displaying an ignored loop device11:52
andyrockand show all the other devices (even if ignored)11:53
zyga-ubuntuandyrock: looking11:53
zyga-ubuntuandyrock: I don't understand why x-gdu.whatever cannot be used11:54
andyrockbecause it's not passed around11:54
zyga-ubuntuandyrock: is it because the custom mount unit data is lost and cannot be accessed?11:54
andyrocknot written in mtab11:54
andyrocknowhere11:54
zyga-ubuntuI see11:55
andyrockit can be that i'm doing something wrong11:56
andyrockbut I don't think so :D11:56
andyrockhttps://www.irccloud.com/pastebin/qWM7FlOw/11:57
andyrockit can be that I'm using an old version of util-linux11:59
andyrocklet me check on bionic11:59
zyga-ubuntuandyrock: I think you are right12:01
andyrockhttps://www.irccloud.com/pastebin/8i62fxih/12:01
andyrockzenial has 2.2712:02
andyrock*xenial12:02
andyrockbionic should be fine12:02
andyrockand it's ok to not target X12:02
JamieBennettzyga-ubuntu: OK, see you at the stand-up12:03
zyga-ubuntumvo: hello, did you consider increasing the number of workers?12:06
zyga-ubuntuok12:08
zyga-ubuntumvo: I just +1d https://github.com/snapcore/snapd/pull/420712:19
mupPR #4207: Flesh out NVIDIA support for biarch and multiarch systems <Created by ikeydoherty> <https://github.com/snapcore/snapd/pull/4207>12:19
zyga-ubuntunot sure if you think jamie should see it as well12:19
zyga-ubuntuChipaca: hey12:20
zyga-ubuntuChipaca: FYI, there's a C rewrite of c-n-f12:20
Son_Gokuzyga-ubuntu: eh?12:20
zyga-ubuntuhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=88169212:21
zyga-ubuntuhey Son_Goku12:21
Son_Gokuyet another c-n-f thing?12:22
Son_Gokujeez12:22
Son_Gokuwhy12:22
zyga-ubuntuSon_Goku: I'd love one upstream cnf that's not tied to gnome-software/packagekit12:23
zyga-ubuntuSon_Goku: that can work anywhere12:23
Son_Gokuand of course, it's debian specific, though I shouldn't be surprised since it's a rewrite of the debian c-n-f tool12:23
zyga-ubuntubut it's world vs reality12:23
Son_Gokuzyga-ubuntu: suse's scout uses libsolv12:23
zyga-ubuntuSon_Goku: why debian specific?12:23
Son_Gokuwhich can parse literally anything12:23
zyga-ubuntuSon_Goku: I don't want to use libsolve12:23
zyga-ubuntuSon_Goku: this is not a merit12:23
Son_Gokuwhy is that not a merit?12:23
zyga-ubuntuSon_Goku: cnf has a very simple goal: deliver useful hint quickly12:24
Son_Gokuyes12:24
zyga-ubuntuSon_Goku: it has a very simple data format12:24
zyga-ubuntuSon_Goku: that can be fed by anything12:24
Son_Gokuyou want a cnf framework?12:24
Son_Gokuthen make one12:24
zyga-ubuntuSon_Goku: no, I don't want a framework, we have one already, it just needed a C rewrite for speed12:24
zyga-ubuntuSon_Goku: app name -> list of info about hints12:25
zyga-ubuntuthat's literally the whole thing12:25
zyga-ubuntuSon_Goku: I'm sure each distribution had a reason to come up with something similar but I was trying to make a point about simplicity and speed12:26
zyga-ubuntuSon_Goku: using complex libraries for complex tasks is not improving the situation12:26
zyga-ubuntuSon_Goku: there's nothing to solve for12:26
Son_Gokuthe debian c-n-f calls apt directly12:26
Son_Gokuthat's basically the same problem then12:26
zyga-ubuntuSon_Goku: ?12:26
zyga-ubuntuSon_Goku: is the debian cnf the same as ubuntu's cnf?12:27
* Son_Goku shrugs12:27
zyga-ubuntuSon_Goku: note that "calling $packaging tool" directly is a simple build thing that can be tweaked form same source12:27
zyga-ubuntuSon_Goku: in fact the code I wrote a decade ago did that12:27
zyga-ubuntuSon_Goku: (though it was my very early python so it's pretty terrible)12:27
Son_Gokuzyga-ubuntu: it looks like it reads apt metadata12:29
Son_GokuContents and Packages, specifically12:29
zyga-ubuntuSon_Goku: the debian one? that's too bad, sorry about that (I didn't write that)12:30
zyga-ubuntuSon_Goku: my implementation was always about data, any package can add additional data files that contain hints12:30
zyga-ubuntuSon_Goku: and with minimal dependencies it is sane for servers and desktops and embedded alike12:30
Son_Gokuthe goal of most c-n-f tools is to identify what you need to install to make the missing command available12:30
zyga-ubuntuSon_Goku: and the data can come from whatever format, can be packagekit, gnome-software, apt, dnf, whatever12:31
Son_Gokuthat's what PK-cnf, scout, etc. all do12:31
Son_Gokuthe problem in your case is you want to inject foreign applications into the cnf12:31
zyga-ubuntu?12:31
zyga-ubuntuno, there's no problem here12:31
zyga-ubuntuanyway, not sure what we are arguing about12:32
zyga-ubuntuthe many implementations12:32
zyga-ubuntuthe design of a particular one12:32
zyga-ubuntuor something else12:32
Son_Gokuwe're not arguing12:32
Son_GokuI'm just telling you what the stuff has been forever12:32
Son_Gokuand your problem space (adding snaps to cnf) is not easy because most don't have a way to do it12:32
zyga-ubuntuSon_Goku: well, I know there were, I tried to unifiy it after writing the first one12:32
zyga-ubuntuSon_Goku: that's fine, we'll go little by little12:33
zyga-ubuntuSon_Goku: (actually not sure if I wrote the first one or just the one that got used in ubuntu)12:33
Son_GokuI think you just wrote the one that went into ubuntu12:33
zyga-ubuntuSon_Goku: but my point is that it's hard to unify everyone now as they all have their own quirky versions12:34
zyga-ubuntuSon_Goku: but was it also the first one?12:34
Son_GokuI recall cnf systems existing since before Ubuntu's existence12:34
Son_GokuMandrake had one, iirc12:34
zyga-ubuntuaha, I didn't know that12:34
zyga-ubuntuSon_Goku: in my problem the actually interesting/hard part was data collection12:34
Son_Gokumy memories of Mandrake are super-foggy though, it was 15 years ago12:35
zyga-ubuntuthe display part was really not that hard12:35
Son_Gokusure12:35
zyga-ubuntunowadays it's (maybe) better with better repo-side meta-data12:35
Son_Gokuyeah12:35
zyga-ubuntubut when you cannot get "vim" (because it's vim.real) or gcc (because $REASONS) I had to do some very ugly things to collect better source data12:35
Son_Gokuwell, Mandrake's urpmi was one of the first easily searchable metadata formats12:36
Son_Gokuit had a binary index called synthesis12:36
Son_Gokuthat made things super-fast for queries12:36
Son_Gokuright12:36
zyga-ubuntuSon_Goku: the index is not a problem, I built one too, the problem were postinst scripts12:36
Son_Gokuthis wasn't a problem in RPM land, because we had %ghost12:36
Son_Gokuwe can just say a file *will exist* and it would show up in the file lists anyway12:36
zyga-ubuntuSon_Goku: dpkg-divert and dpkg-alternatives12:36
Son_GokuI don't know how debian solved that problem12:36
Son_Gokualternatives has and will remain, garbage fire12:37
zyga-ubuntuSon_Goku: I think they now describe command line applications explicitly12:37
zyga-ubuntuChipaca: hey, about the README file, I'm thinking if it should be a standalone file && symlink12:40
zyga-ubuntuChipaca: and about the complexity tradeoff12:41
zyga-ubuntunot sure12:41
zyga-ubuntuSon_Goku: have you seen that PR?12:41
Son_Gokuwhich one?12:41
Son_GokuI follow lots of PRs for lots of projects...12:41
zyga-ubuntuhttps://github.com/snapcore/snapd/pull/421012:41
mupPR #4210: many: add magic /snap/README file <Created by zyga> <https://github.com/snapcore/snapd/pull/4210>12:41
zyga-ubuntuyesterday's experiment to help users12:41
zyga-ubuntuthis was caused by https://forum.snapcraft.io/t/a-more-graceful-way-for-snapd-to-fail-when-snap-is-missing/2712/31 (which is very eye-opening)12:42
Chipacazyga-ubuntu: question is, where do you symlink it to / copy it from12:43
zyga-ubuntuChipaca: yeah, complexity12:43
zyga-ubuntuChipaca: this is blissfully simple12:43
Chipacazyga-ubuntu: make it readonly i'm +1 on it :-)12:44
Chipacazyga-ubuntu: the others are wishful dreaming12:44
zyga-ubuntuChipaca: could be i18n if we had core locale handling :D12:44
=== JoshStrobl|zzz is now known as JoshStrobl
zyga-ubuntuChipaca: ok, I'll check if that doens't upset the ensure code and do it12:44
zyga-ubuntu*doesn't12:44
Son_Gokuzyga-ubuntu: umm wtf?12:46
Son_Gokuyou're dynamically generating a readme?12:46
zyga-ubuntuSon_Goku: yes, like everything else there12:47
Son_Gokualright then12:49
Son_Gokuman page like readmes should be treated like man pages :)12:49
zyga-ubuntuSon_Goku: I mean it's a bit of a stretch12:49
zyga-ubuntuSon_Goku: but it has some advantages12:49
Son_GokuI'm not saying it's bad12:49
Son_Gokuit's just out of left field12:49
zyga-ubuntuSon_Goku: yeah but this is for users who don't really read man pages12:49
Son_Gokuyes, yes12:49
zyga-ubuntuout of left field?12:49
Son_Gokusomething I didn't expect anyone would do12:50
zyga-ubuntuaha :)12:50
ChipacaSon_Goku: this is to address a problem we saw in the forum12:50
Son_Goku"out of left field" is an English idiomatic phrase coming from baseball12:50
ChipacaSon_Goku: somebody rsync'ed /snap and then mounted that and wondered why everything was terrible12:50
zyga-ubuntuI almost think we could have WHAT-IS-THIS.desktop that runs browser and goes to the forum12:50
Son_Gokuzyga-ubuntu: https://en.wikipedia.org/wiki/Out_of_left_field12:50
zyga-ubuntuwith gustavo movie explaining things12:50
* zyga-ubuntu reads12:50
Son_Gokuthe forum is a bad reference for these things12:50
Son_Gokuit's too dynamic and people are allowed to freely edit and delete things12:51
Son_Gokuas the information is relatively static, it makes little sense to not incorporate it into the README file if that's its purpose12:51
zyga-ubuntuSon_Goku: that topic is in the "doc" section12:52
zyga-ubuntuSon_Goku: so it should be curated12:52
Son_Gokuit can just as easily not be12:52
Son_Gokuthat is *not* a good enough indicator in my mind12:52
zyga-ubuntuSon_Goku: what would you add to the file that is not there already/12:52
Son_Gokuactually, I think the readme itself is fine12:53
Son_Gokubut if there's supposed to be more information, don't cop-out to link to the forum12:53
Son_Gokuit's a bad habit12:53
Son_Gokuit already happens too much when it really shouldn't12:53
Son_Gokudocumentation topics should probably be regularly exported from the forum into something that can be bundled and shipped as a static site12:54
zyga-ubuntuSon_Goku: maybe, I think it could be done if the forum has an API12:54
zyga-ubuntuSon_Goku: I like the appeal of offline, curated docs12:54
zyga-ubuntuSon_Goku: but nowadays people mostly just google stuff12:55
Son_GokuI'm more concerned that the docs aren't really forkable12:55
zyga-ubuntuaha12:55
Son_Gokuthey *were* when they were managed in a github wiki12:55
Son_Gokubut they're not anymore12:55
Son_Gokuand we have problems from time to time with people being unable to edit their own topics/posts12:55
mvozyga-ubuntu: I don't think I can do that myself, I can do a PR though, but I have no analyized why things are slow currently12:59
zyga-ubuntumvo: I mean, we can just do a PR with some extra nodes in it to see how timing works13:00
=== dontbeadick is now known as CoderEurope
niemeyerSon_Goku: Don't overthink it too much.. it's a link to a place which can be publicly edited and maintained. The link can change, the content in the forum can change, everything can change if it has to. For now this approach is good enough, and it's visible both to the community and to people maintaining it.13:15
zyga-ubuntuSon_Goku: I addressed your comments now, thank you!13:16
jdstrandzyga-ubuntu: hey, so 4163 was committed before I looked at it, but I looked at it yesterday. while the code appears to have the end result we want, I felt that it was a bit confusing as an api and hard to read. it's approved and it works so not a blocker, but 2 cents13:25
zyga-ubuntujdstrand: hey thank you for reviewing that13:30
zyga-ubuntujdstrand: yes, it got merged by accident really13:30
jdstrandok13:30
zyga-ubuntujdstrand: I did that to reuse code / testing for similar features, if you think it'd be better to just get it in one function like before that's useful data for me13:30
jdstrandzyga-ubuntu: if you agree and wanted to do a followup PR, I'm happy to review it13:31
zyga-ubuntujdstrand: did you add the feedback on github?13:31
zyga-ubuntuor is that just the remark here about the api complexity13:31
jdstrandzyga-ubuntu: it isn't so much about reuse (which is fine). my comments are in the PR, yes13:31
zyga-ubuntuok, i'll have a look; thank you!13:32
jdstrandsurprised you didn't get an email...13:32
jdstrandwonder if github is 'smart' and doesn't send reviews after it is merged...13:32
jdstrandin that light...13:34
ogra_yeah, GH mail handling for PRs sucks13:34
ogra_they should implement the launchpad one ;)13:34
jdstrandackk: hi! not sure if you noticed, but I added a few comments to https://github.com/snapcore/snapd/pull/3916#pullrequestreview-7643019113:34
mupPR #3916: snap,wrappers: add support for socket activation <Created by albertodonato> <Merged by chipaca> <https://github.com/snapcore/snapd/pull/3916>13:34
jdstrandackk: summary: I thought input validation was good but requested a few extra tests13:35
zyga-ubuntujdstrand: I think it didn't email me, I'll have to check the branch directly13:36
jdstrandzyga-ubuntu: https://github.com/snapcore/snapd/pull/4163#pullrequestreview-7625352213:36
mupPR #4163: cmd/snap-update-ns: re-factor secureMkdirAll into secureMk{Prefix,Dir} <Created by zyga> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/4163>13:36
jdstrandzyga-ubuntu: (and the inline comments below that ^)13:37
zyga-ubuntuah, I see your notification now13:37
zyga-ubuntuthanks!13:37
jdstrandnp13:37
jdstrandzyga-ubuntu: again, if you disagree, and feel it is fine, that is 3 against 1, so it is for your consideration13:38
zyga-ubuntujdstrand: I'll take it into account and integrate parts into other RPs, the rest will be in a separate PR most likely, I need to read this carefully first13:38
zyga-ubuntujdstrand: I think partially it is just naming as I was trying to have code that I can reuse for <prefix>/<leaf> where there are N leaf functions and one function for prefix13:39
zyga-ubuntumvo: I'm looking at the tuntap test failure now13:53
zyga-ubuntucachio: hey13:54
cachiozyga-ubuntu, hi13:54
zyga-ubuntucachio: how can we refresh the debian sid image we have in linode13:54
zyga-ubuntucachio: and ideally unbreak the sid vs debian 9 issue13:54
zyga-ubuntucachio: so we have the same distro in qemu and in linode13:55
cachiowe need to use spread-images for that13:55
zyga-ubuntudo I have permissions for that? i can have a look at fixing htis if I do13:56
cachiozyga-ubuntu, which kind of refresh should we do?13:56
zyga-ubuntucachio: we need to dist-upgtrade, including the new kernel, essentially13:56
cachioyou need to download the spread-images13:57
cachiothen execute with spread tasks/update13:57
zyga-ubuntuaha13:57
zyga-ubuntuhttps://github.com/snapcore/spread-images I assume13:57
cachiowith the image you want to update13:57
cachiothen you can manually install want yuou need13:58
cachioand then gustavo will replace that image that you created13:58
cachioI can start the image and give you the credentials13:58
cachioso then I make the tear down lo clean up the image13:58
cachiozyga-ubuntu, just giveme 5 minutes to start the machine13:59
zyga-ubuntuok13:59
zyga-ubuntucachio: I forked the repo13:59
zyga-ubuntuer13:59
zyga-ubuntucloned it13:59
cachioI am running the test14:00
cachioI'll have that machine in few minutes14:00
ogra_pedronis, did the behaviour of the "snap download... ; snap ack ... ; snap install ..." triplet change recently ? i was just told by someone that he didnt need to ack but could just do download and install14:07
mvozyga-ubuntu: \o/14:08
Chipacaogra_: if they've previously acked they don't need to re-ack14:08
zyga-ubuntumvo: ha, the test just passed?!?14:08
pedronisogra_: no, didn't change,  I had some discussion that we might ack for you but it didn't happen14:08
pedronisso far14:09
ogra_well, Chipaca's answer might explain it14:09
mvozyga-ubuntu: race?14:09
mvozyga-ubuntu: did you ran it on linode?14:09
zyga-ubuntuyes14:11
zyga-ubuntuinside linode14:11
zyga-ubuntuI doubt it is racing14:11
zyga-ubuntuI'll retry14:11
zyga-ubuntuSon_Goku: Fedora 27 is now released :)14:19
Son_Gokuyes14:19
Son_Gokuthe fedora 27 VM needs to be distro-sync'd to GA package set14:20
zyga-ubuntumvo: it passed again, I'll send a PR re-enabling that14:26
mupPR snapd#4213 opened: tests: re-enable tun/tap test on Debian <Created by zyga> <https://github.com/snapcore/snapd/pull/4213>14:28
roadmrjdstrand: good morning! tools r939 is in prod as of 2 hours ago \o/14:39
zyga-ubuntumvo: I worked with cachio on an updated pair of debian images, a proper debian-9 image (new) and separately from that debian-unstable (as today) that represents a current snapshot of sid14:51
mvozyga-ubuntu: nice14:51
zyga-ubuntumvo: the stretch/9 image will be a good baseline for testing snapd in stable14:52
mvozyga-ubuntu: yeah, debian-9 will be less volatile14:53
zyga-ubuntumvo: and the refreshed image will show us the issues with mainline kernel apparmor14:53
zyga-ubuntumvo: I'll focus on resolving those with jjohansen and jdstrand14:53
mvothanks zyga-ubuntu14:53
cachiozyga-ubuntu, machines are clean, now we need to wait until those are updated in linode14:54
jdstrandroadmr: thanks!14:56
zyga-ubuntumvo: can you please merge https://github.com/snapcore/snapd/pull/421315:08
mupPR #4213: tests: re-enable tun/tap test on Debian <Created by zyga> <https://github.com/snapcore/snapd/pull/4213>15:08
* Chipaca goes to have lunch before it's tea15:10
elopionessita: I need help sending an oauth request to an SSO authenticated URL. Can you help me?15:10
roadmroauth?15:10
roadmrelopio: does "surl" help here? it takes care of authentication15:10
ogra_only if you dont use 2fa though15:12
sergiusenskalikiana hey, how's that container work going?15:12
sergiusenselopio notice a problem here https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-artful-snappy-dev-snapcraft-daily/artful/amd64/s/snapcraft/20171114_144114_e9c38@/log.gz ?15:15
sergiusens:-)15:15
=== cachio is now known as cachio_lunch
elopiosergiusens: ugh, I will fix it.15:18
mupPR snapd#4213 closed: tests: re-enable tun/tap test on Debian <Created by zyga> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4213>15:18
sergiusenselopio thanks15:18
sergiusenselopio would be good to not check the output of commands we do not control; imagine people using ours as a result of test if you cannot see my point :-)15:19
sergiusensunless it is supposed to be machine readable output15:20
elopioroadmr: I didn't know about surl, I will check that. I was trying with the ssoclient and requests_oauth: http://paste.ubuntu.com/25961322/15:23
elopiobut last time I did this was years ago, I'm not sure if I'm doing it wrong.15:24
roadmrelopio: that's probably rotten :( surl does the macaroon dance, not really oauth, so depending on what you want it for, it may or may not work15:24
kalikianasergiusens: anything specific? I've got a branch for the matter of injecting the core snap but didn't propose it as to avoid taking resources off Travis15:24
nessitaelopio, i think so!15:25
nessitaelopio, tell me more15:25
elopionessita: I've just sent my script to roadmr: http://paste.ubuntu.com/25961322/15:26
elopiooh, there's a bad import there, but well, that's the idea.15:26
nessitaelopio, what's the goal of the script? I don't think https://autopkgtest.ubuntu.com/request.cgi supports oauth authorization?15:28
nessitaelopio, ie SSO is not an oauth provider, is an openid provider15:28
nessitaelopio, the OAuth that SSO supports is not rfc compliant and works with sso APIs (its own)15:28
sergiusenskalikiana have you seen your email inbox as of late?15:29
elopionessita: so, more context. I copied some bash from pitti that triggers the autopkgtests in a PPA. It uses a cookie for the request:15:31
elopiohttps://github.com/elopio/snapcraft/blob/ppa-autopkgtest/tools/run_ppa_autopkgtests.py15:31
kalikianasergiusens: oh, were you asking about the release stuffs I guess. "that container work" sounded like some PR you were looking for. My bad.15:31
kalikianasergiusens: I'm getting myself acquainted with asciinema15:32
elopionessita: Instead of the cookie, I thought it might be better to use oauth. But, it didn't work, so I started asking and they haven't tried that. Maybe, you are right and it's not supported.15:32
nessitaelopio, SSO has not API for other sites to do OAuth validation15:33
nessitahas no* API15:33
elopionessita: so, do you know of a way to do this user/password instead of thte cookie?15:33
CoderEuropehttp://www.rightrelevance.com/search/articles/hero?article=8461f06abc90aa4816d85711cc78e4f09d2a5bb0&query=ubuntu&emaildigest=true15:34
nessitaelopio, I don't think there is a way, SSO supported openid dance only which is browser/cookie based15:35
CoderEuropenessita: https://help.launchpad.net/API15:37
CoderEuropelast edited 20-1115:38
elopionessita: well, thanks for the info. I will stop trying :)15:39
elopionessita: the script mentioned that the cookie is valid for a month. Is that a month without use? Or will I always have to refresh the cookie manually?15:41
elopioomw to the meeting15:45
ChipacaCoderEurope: ?15:46
cjwatsonCoderEurope: that's not super-relevant to autopkgtest or SSO APIs.  Launchpad uses SSO, yes, but its APIs won't help in this case.15:58
=== cachio_lunch is now known as cachio
mupPR snapcraft#1597 closed: pluginhandler: warn about migrated system libraries <Created by sergiusens> <Closed by sergiusens> <https://github.com/snapcore/snapcraft/pull/1597>16:04
mupIssue snapcraft#1733 opened: Apply guidelines from design to error messages with commands that fix <Created by sergiusens> <https://github.com/snapcore/snapcraft/issue/1733>16:07
zyga-ubu1tuok, now debian tests will probably all fail, I'll work on a PR to update them16:15
* zyga-ubu1tu tries16:15
pedronismvo: we haven't released 2.29 to stable right?16:19
cachiopedronis, no yet16:23
mvopedronis: no, still waiting for CE for the final test-ok16:23
mvopedronis: why? any last minute issues?16:23
pedronismvo: there are store issues16:23
mvopedronis: store issues because of overload?16:26
mvopedronis: that is a good point actually, I need to tell the store about the immanent release. but if you say there are issues we should hold back with the release (cc cachio )16:26
pedronishttps://forum.snapcraft.io/t/snap-store-apis-outage/283216:27
cachiomvo, pedronis sure16:27
cachiopedronis, is there any test that we can do16:28
pedronisno, but yes, don't think it makes or is sensible to release until the store is back to normal16:28
cachiopedronis,  ok16:29
zyga-ubu1tuyeah, store is down for me too :?16:30
zyga-ubu1tuI guess time to focus on something else16:30
zyga-ubu1tusome new code :)16:30
mvoheh, and I was thinking my fakestore refactor was broken16:33
ppisatihttps://travis-ci.org/snapcore/snapcraft/jobs/30196698916:34
zyga-ubu1tumvo: I guess someone's feet are burning today16:34
zyga-ubu1tumvo: but not ours (this time)16:34
ppisatithis unit test fails when checking CLA check16:35
ppisatido anyone know why?16:35
mvozyga-ubu1tu: maybe ours, if our client code goes crazy16:35
zyga-ubu1tumvo: interesting, yes, let's see what happens16:35
mupPR snapd#4214 opened: fakestore: add go-flags to prepare for `new-snap-declaration` cmd <Created by mvo5> <https://github.com/snapcore/snapd/pull/4214>16:38
ppisatikalikiana: ^16:40
ppisatikyrofa: ^16:40
ppisatinot sure who is the most appropiate guy fo this kind of stuff16:40
ogra_ppisati, i'd interpret that as 'marius@ubports.com' has not signed the CLA (though it is weird that it doesnt say that and just dies quietly)16:44
ogra_i'm pretty sure he has signed (he contributed a lot to phone code before he started ubports) it but most likely not under this email address16:46
ppisatiogra_: yep, but why it's failing in my test? if he didn't sign the CLA, his commits shouldn't be part of snapcraft at all - my branch is based off origin/master + my own commits16:46
ogra_yeah16:46
ogra_elopio, ^^^ any idea ?16:46
* ogra_ wonders if the snapcraft team is on a team excursion today :P16:47
ogra_hiking and picnic ...16:48
sergiusensogra_ what's up? just got out of our team meeting16:48
ppisatisergiusens: this failure - https://travis-ci.org/snapcore/snapcraft/jobs/30196698916:48
ogra_:)16:48
sergiusensogra_ ppisati that happens on merge instead of rebase with our CLA checker tool, as the "squash and merge" functionality sets the email to the one set on github16:49
ppisatisergiusens: ok, how do i fix it?16:50
ogra_ppisati, obviously with a lot of patience :)16:54
zyga-ubu1tumy tweet was liked/retweeted by @systemdsucks and I have lots of notifications all the time16:57
=== zyga-ubu1tu is now known as zyga
kyrofaogra_, team meeting this morning, took a little while. So you're not far off! Hahaha17:01
ogra_haha17:01
kalikiana :-D17:02
davidcalleelopio: kyrofa: hola, I'm looking for fresh pair of eyes on a new snap tutorial, are you interested? hhttps://github.com/canonical-websites/tutorials.ubuntu.com/pull/41217:04
kyrofasergiusens, is this the only store API doc we have? http://search.apps.ubuntu.com/docs/17:04
kyrofaIt doesn't seem to cover snap uploads, for example17:04
kyrofadavidcalle, sure!17:04
kyrofaLet me get a few reviews out of the way here, first17:05
mupPR snapd#4215 opened: Fix path in snap install <Created by asalminen> <https://github.com/snapcore/snapd/pull/4215>17:12
CoderEuropedavidcalle: wat am I looking at ?17:12
CoderEuropedavidcalle: Iam here - http://tutorials.ubuntu.com-pr-412.run.demo.haus  Wat tutorial is it ?17:13
pedroniskyrofa: there is this https://dashboard.snapcraft.io/docs/api/snap.html17:14
mupPR snapcraft#1734 opened: recording: don't log the command when image info fails <Created by elopio> <https://github.com/snapcore/snapcraft/pull/1734>17:14
kyrofaThanks pedronis!17:14
pedronisI'm not sure how up to date it is though17:15
davidcalleCoderEurope: it's in the PR description: http://tutorials.ubuntu.com-pr-412.run.demo.haus/tutorial/snap-a-website17:15
mupPR snapd#4154 closed: overlord/snapstate: support completion for command aliases <Created by chipaca> <Merged by chipaca> <https://github.com/snapcore/snapd/pull/4154>17:15
davidcalleCoderEurope: thanks for having a look!17:16
CoderEuropedavidcalle: its says some basic command line know-how --- do you want me to PM you about sugestions ?17:17
davidcalleCoderEurope: feel free to leave feedback directly on the PR17:18
CoderEuropedavidcalle: I have never done that before - is the PR just meanings That I need a github account ?17:19
CoderEurope& whois caldav ?17:19
davidcalleCoderEurope: yes, once you have an account, you can leave comments there: hhttps://github.com/canonical-websites/tutorials.ubuntu.com/pull/41217:19
davidcalleThat's me17:20
CoderEuropek17:20
CoderEuropeit just says I cannot comment at this time.17:28
kyrofasnappy-m-o, autopkgtest 1717 xenial:armhf17:29
snappy-m-okyrofa: I've just triggered your test.17:29
sergiusenskyrofa why again?17:34
kyrofasergiusens, it hasn't run without them timing out yet17:34
kyrofasergiusens, it's not enough now that you reminded me that it doesn't actually run the snaps, so I'm also running xenial:amd64 locally17:35
kyrofasergiusens, the next one doesn't need arm, though17:36
sergiusenskyrofa but you retriggered an armhf test17:40
sergiusensshould be arm6417:40
CoderEuropedavidcalle: ^17:42
CoderEuropenothing, http://paste.ubuntu.com/25962234/17:43
kyrofasergiusens, does arm64 run snaps?17:56
sergiusenskyrofa yes18:00
kyrofaDarn, I misunderstood18:01
kyrofasnappy-m-o, autopkgtest 1717 xenial:arm6418:01
snappy-m-okyrofa: I've just triggered your test.18:01
sergiusenskyrofa btw, what you just did was cancel the armhf test I had triggered around 6am my time as armhf is what I had triggered18:01
sergiusenskyrofa did you check why it failed?18:02
kyrofasergiusens, oh! No, I just assumed it was failed from the previous run, ugh18:02
kyrofasergiusens, elopio this is the regression to which you were referring this morning, I assume? https://pastebin.ubuntu.com/25962350/18:07
zygare18:17
zyga(dinner done)18:17
kalikianakyrofa: there's an extra "." there it seems18:22
kyrofakalikiana, right18:23
kyrofaOr not enough, depending on your frame of reference18:23
kyrofaJust wondering if I should fix it or if that's what's elopio is working on18:24
* kalikiana wondering to have dinner now, it's been a long day18:25
elopiodavidcalle: great! I'm adding it to my todo.18:30
elopiodavidcalle: great! I'm adding it to my todo.18:31
elopiodavidcalle: great! I'm adding it to my todo.18:31
elopiodavidcalle: great! I'm adding it to my todo.18:31
elopiodavidcalle: great! I'm adding it to my todo.18:31
elopioupps, sorry David!18:31
elopiokyrofa: yes, there's already a pr ready for review.18:31
kyrofaelopio, ah ha! Okay very good, I see it now18:32
sergiusenselopio do not take it out on the wrong person 😂18:34
sergiusenskyrofa, yeah, I had rebased your branch as it was conflicting with the timeout one18:35
sergiusenskyrofa ask elopio I'd there is a way to retrieve the previous run. Should be confidence enough18:36
kyrofaelopio, yeah, do you know if it's possible to see the previous adt run of a PR?18:37
elopiokyrofa: Not really. Sometimes you can click the red/green button in github, and the link will be there. But not always, not sure why. The index has all the results, but it's hard to tell which corresponds to the PR. My script in progress might help.18:42
elopiohttps://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-artful-snappy-dev-snapcraft-daily18:42
kyrofaHey zyga you mentioned that you might have more lxd info today?18:43
elopiothe index ^18:43
kyrofaHaha, that is hilariously unparsable18:48
zygakyrofa: yes, good progress just stalled with some random (other) issues18:49
kyrofazyga, so the new solution is looking promising?18:49
zygakyrofa: yeah, it's just *annoying*18:49
zygakyrofa: the hardest one I thought of18:50
zygakyrofa: but doable18:50
zygakyrofa: so +1 :)18:50
kyrofaHaha, isn't that always the case18:50
zygakyrofa: I need to unbreak debian first and then I can try to wrap that up18:50
kyrofaGood deal, thanks18:50
zygakyrofa: yes, reality is fantastic at correcting assumptions18:50
=== dontbeadick is now known as CoderEurope
sergiusenselopio snapcraft#1734 failed19:43
mupPR snapcraft#1734: recording: don't log the command when image info fails <Created by elopio> <https://github.com/snapcore/snapcraft/pull/1734>19:43
ikeyshould i wait for new snapd to be released with my changes before uploading my snaps to store?19:45
sergiusenselopio retriggered the one failing test19:45
* ikey wonders if the snap yaml supports: assumes [works-for-me]19:45
sergiusensikey are you using assumes? If so I'd guess not... or maybe leave them on edge19:45
sergiusenslol19:45
ikeyoh id only have them in edge19:46
ikeyand atm i have assumes on 2.29.219:46
sergiusensikey then it probably is fine19:46
ikeythe problem im having is testing19:46
ikeyeach time i have to remove the snap and reinstalla19:46
ikeyand it nukes my data19:46
ikeyi did also figure out that i shouldnt be using SNAP_USER_DATA19:46
ikeyand switched to SNAP_USER_COMMON19:46
ikeydont really want gigabytes of data being transferred on update19:47
sergiusensgood call19:47
ikeyit still has nasty $SNAP_USER_COMMON/.local/share but meh19:47
ikeythe LSI snap exists only to support steam19:47
ikeyand steam.sh looks for XDG_CONFIG_HOME/XDG_DATA_HOME/etc19:48
sergiusensis that because that is the default path to install steam games?19:51
ikeyyeah19:51
ikey~/.local/share/Steam19:51
ikeyor $XDG_DATA_HOME/.local/share/Steam19:51
elopiosergiusens: thanks19:51
ikeyso im overriding the environment to suit19:51
ikeyshim has a magical shim_init_user function: https://github.com/solus-project/linux-steam-integration/blob/master/src/shim/shim.c#L11419:52
ikeywe call it further down in shim_export_extra19:52
ikeypassing it the value of SNAP_USER_COMMON19:52
ikeyits uh, pretty comprehensive.19:53
ikeyalso meant i was able to "avoid" having a shell script entry point19:53
kyrofasergiusens, elopio what on earth is this? Failure on arm64: https://pastebin.ubuntu.com/25962979/20:17
kyrofaOh, looks like a warning is leaking20:17
kyrofaThat weird ResourceWarning20:17
elopiokyrofa: I couldn't understand that open socket, so reported this https://github.com/msabramo/requests-unixsocket/issues/3620:19
elopiobut no reply :(20:19
kyrofaelopio, yeah I've tried looking into the code as well, which seems just fine. I never see that warning in prod, so something is weird in adt20:19
kyrofaelopio, oh dang, you can reproduce?! Nice20:20
elopioI learned that the tests set that default warning filter. We could remove that as an ugly workaround20:20
kyrofaelopio, do we need to dig into the unixsocket code? Although even if we propose a PR I don't have confidence it'll be noticed at this point20:22
kyrofaThis thing looks pretty much orphaned20:22
kyrofaelopio, think that will go away if I re-run?20:23
elopiokyrofa: yes, most certainly. And maybe it will also go away with your pr to reset the log.20:24
kyrofaOkay, I'll re-run, and also propose that PR20:24
elopioI'm fine ignoring it for 2.35.20:24
kyrofaAlright20:24
kyrofasnappy-m-o, autopkgtest 1717 xenial:arm6420:25
snappy-m-okyrofa: I've just triggered your test.20:25
mupPR snapd#4216 opened: interfaces/time*_control: explicitly deny noisy read on /proc/1/environ <Created by jdstrand> <https://github.com/snapcore/snapd/pull/4216>20:32
sergiusenskyrofa why?20:35
kyrofasergiusens, it failed with a log leak error before it could even build the deb20:38
kyrofasergiusens, I'm rerunning since those are typically flaky, and also testing the PR I'm about to propose to fix20:39
sergiusenskyrofa so it looks like a release is not happening today either...20:40
kyrofasergiusens, I'm still hoping, but given how long these tests take...20:41
kyrofasergiusens, for what it's worth, I got a successful xenial:amd64 run locally on that one20:43
kyrofaAnd that PR doesn't _explicitly_ touch multi-arch bits20:44
kyrofaDepends on how risk-adverse you're feeling20:44
kyrofaHow odd. sergiusens setting the log level at the beginning of the test instead of resetting it in cleanup actually doubles up the prints when it comes to tests/test_log.py20:45
kyrofaIt seems doing it in cleanup is the only thing that works consistently20:47
sergiusenskyrofa something like snapcraft/internal/remote_parts.py:logging.getLogger("urllib3").setLevel(logging.CRITICAL) (which is manifestation of what we discussed yesterday)20:55
kyrofasergiusens, oh interesting. We should be going that in the log module alongside requests20:57
sergiusenskyrofa this is only needed because we are doing things wrong20:59
elopiosnappy-m-o github subscribe 173420:59
snappy-m-oelopio: I'll send you a message if a test fails in the pull request #1734 (recording: don't log the command when image info fails).20:59
mupPR #1734: boot: add missing udevadm mock to fix FTBFS <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/1734>20:59
kyrofaYeah we need to fix21:00
ikeycan someone help me review my yamls before i get them ready for store upload pls? :321:00
ikeypure meta, no build instructions21:01
mupPR snapd#4217 opened: interfaces/browser-support: add shm path for nwjs <Created by jdstrand> <https://github.com/snapcore/snapd/pull/4217>21:03
kyrofasergiusens, do you want me to propose this cleanup log reset thing?21:20
kyrofaI'd rather not see more test failures because of this21:21
sergiusenskyrofa if you have the time, yes21:21
sergiusensikey review in what sense?21:22
ikeycheck for jankiness21:22
sergiusensjdstrand is crt available as a snap so that ikey could validate his snaps?21:23
mupPR snapcraft#1735 opened: unit tests: reset log level after test <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1735>21:24
kyrofasergiusens, sure, it was already done ^ . Running adt xenial:amd64 locally on it now21:27
elopiosergiusens: all green.21:28
kyrofaThough I'm not sure I even need to do the whole thing given that it's only units21:28
kyrofa(units have already passed)21:28
kyrofasnappy-m-o, subscribe github 171721:29
snappy-m-oCommand "," / ", subscribe" not found.21:29
snappy-m-o Did you mean "/snappy-m-o github subscribe" ?21:29
kyrofasnappy-m-o, well look at you being so helpful!21:29
snappy-m-oCommand "," / ", well" not found.21:29
kyrofasnappy-m-o, github subscribe 171721:29
snappy-m-okyrofa: I'll send you a message if a test fails in the pull request #1717 (catkin plugin: check for pip packages in part only).21:29
mupPR #1717: daemon,overlord: add subcommand handling to snapctl <Created by kyrofa> <Closed by kyrofa> <https://github.com/snapcore/snapd/pull/1717>21:29
kyrofaWow, what's the changes both PRs would be by me21:29
kyrofaUh. Chances21:30
kyrofasergiusens, uh oh. Ever tried the asciinema snap on trusty?21:35
kyrofaI can't upload :P21:35
kyrofaThankfully it captured. Guess I'll just scp it over21:35
=== dontbeadick is now known as CoderEurope
sergiusenskyrofa from the snap? you need my version which has the compiled python21:42
kyrofasergiusens, I don't see one from you in snap find. Is it stable?21:43
sergiusenskyrofa oh, I don't have it pushed even21:43
kyrofaHahaha21:43
kyrofaYou should make a PR for sabdfl21:44
sergiusensI don't know where that code is, and I'd rather have it as the experiment snap to test out the classic stuff21:44
mupPR snapd#4211 closed: tests: adding tests for time*-control interfaces <Created by sergiocazzolato> <Closed by sergiocazzolato> <https://github.com/snapcore/snapd/pull/4211>21:54
mupPR snapd#4218 opened: tests: adding tests for time*-control interfaces <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/4218>21:54
sergiusenselopio I have a question on your PR21:56
=== jero is now known as Guest21343
sergiusenskyrofa do you think my question on snapcraft#1734 is a concern?22:20
mupPR snapcraft#1734: recording: don't log the command when image info fails <Created by elopio> <https://github.com/snapcore/snapcraft/pull/1734>22:20
kyrofasergiusens, it's a good question, but I feel like elopio answered it, no?22:22
sergiusenskyrofa ah, I hadn't seen the reply; still would like to see some corroborration22:23
kyrofaGah, thunderbird sucks. It doesn't upload my folders22:24
kyrofaI didn't see that he answered my question either22:24
kyrofas/upload/update/22:24
* ikey adds handy debug tools to lsi..22:28
ikeyhttps://ibin.co/3hJKqbCtvh86.png ^^22:28
mupPR snapcraft#1736 opened: recording: pass the build info flag to the container <Created by elopio> <https://github.com/snapcore/snapcraft/pull/1736>22:30
elopiosergiusens: kyrofa: I found a recording bug ^22:31
kyrofaelopio, ah, good catch22:32
kyrofaelopio, is that required for this release, though?22:32
kyrofaSeems like an issue we've probably had for a while22:32
mupPR snapcraft#1734 closed: recording: don't log the command when image info fails <Created by elopio> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1734>22:33
sergiusenssnappy-m-o autopkgtest 1732 artful:amd6422:34
snappy-m-osergiusens: I've just triggered your test.22:34
sergiusenselopio kyrofa I am fine with snapcraft#173622:36
mupPR snapcraft#1736: recording: pass the build info flag to the container <Created by elopio> <https://github.com/snapcore/snapcraft/pull/1736>22:36
sergiusenssort of needed to show off the feature neatly22:36
kyrofaAlright22:37
sergiusenskyrofa stop living in the past, go in all webapps 💩22:38
kyrofasergiusens, hahaha22:38
elopiokyrofa: sergiusens: the past is the new future! Use mutt22:40
sergiusenselopio can you open calendar invites there?22:41
sergiusenseverything is so embedded with "the web" these days that it is hard to use something that doesn't support it22:41
kyrofaApparently it's just too much to ask for decent system integration22:41
elopioI would love to use a text browser. But I always give up too soon.22:43
elopiosergiusens: I copy the calendar link from mutt to firefox22:44
elopiobut I haven't been able to configure gmail there. I need to get back to bother m vo.22:45
elopiook, I will have lunch while my new branch is green, then come back to continue recording with asciinema22:47
sergiusenselopio cannot do much in text browsers theses days22:47
ikeyhow do i go about signing a snap?22:48
sergiusensikey https://forum.snapcraft.io/t/isv-questions-about-signing-a-snap/254622:54
ikeysign-build doesn't work22:56
ikeydoes it?22:56
ikeyNative builds aren't supported on Solus. You can however use 'snapcraft cleanbuild' with a container.22:56
ikeynay22:56
sergiusensikey once you have the snap, you should be able to `snapcraft sign-build`, it should work and if it doesn't we can make it work22:57
sergiusensbtw, you read fast22:57
ikeylol22:57
ikeyyeah i mean the main thing is i just wanna sign the snaps but i have my whole ugly manual build process22:57
sergiusenssnapcraft sign-build <snap-file> given all the keys are in place should be doable22:57
ikey(its hella inefficient and i need to fix that)22:57
ikeyyea22:57
ikeyso i assume i have to create keys via the API only22:57
ikeynot my own local keys22:58
ikeyso they're registered in some fashion22:58
sergiusensikey internally they are just gpg keys, but I think the system is very strict on poor keys (not saying yours are); you might get away with using your current keys by means of symlinking the directory the snap command looks for22:58
ikeyah ok22:59
sergiusensikey yes, snapcraft register-key pushes it to some vault on the store for corroboration22:59
sergiusensikey I am being vague on the store side, and keys for that matter, as this is not my best area of expertise22:59
ikeysub   rsa4096 2016-02-22 [E] [expires: 2018-02-21]22:59
ikeylol22:59
sergiusensalso, once you sign snaps, I don't think you can go back to unsigned ones23:00
sergiusenscprov care to expand on my ignorant comments? ^23:01
ikeygotcha23:01
ikeyfwiw in the initial stages we've no need to sign them23:01
ikeyas they'll be in the store on --edge only23:01
sergiusensikey fwiw, help for snapcraft says: `Usage: snapcraft sign-build [OPTIONS] <snap-file>`23:01
ikeyoh do i need to explicitly set grade/confinement to edge/devmode for now?23:01
ikeygotcha23:02
ikeyer grade devel23:02
ikeyeven23:02
cprovsergiusens: what you say is true, once signed there is no reason to pull it back23:02
sergiusensikey no, no need; but if it requires devmode I would and if you do not want to accidentally have that same snap build make it to candidate or stable then set grade to devel23:02
ikeyyea23:03
ikeyty23:03
* ikey was worried about that23:03
ikeydo base snaps have confinement..?23:03
cprovthe key might be revoked or expired and the signature won't be valid anymore23:03
ikeyack23:04
* ikey is muchly looking forward to having snap updates instead of doing the whole reinstall doflicky23:05
cprovsergiusens: "once you sign snaps, I don't think you can go back to unsigned ones", not true thou, there is nothing enforcing snaps to continue to be signed. 'snap-build' is per-snap-revision23:05
sergiusenscprov wait I am confused, it seems you said the opposite just above :-P23:06
cprovsergiusens: the scope is the snap revision, once signed it cannot be unsigned (mainly because a snap revision is immutable)23:07
cprovsergiusens: in terms of workflow, subsequent revisions can be either signed or unsigned, there is nothing enforcing "signed from now on" (or anything similar)23:08
cprovthere are proposals like https://forum.snapcraft.io/t/isv-questions-about-signing-a-snap/254623:08
cprovsergiusens: un-confused ?23:08
cprovsergiusens: and yes, I've misinterpreted your comment at first, sorry.23:10
sergiusensno worries23:10
sergiusensall good23:10
sergiusensikey wrt base snaps, if they have no apps entries in snap.yaml there is no reason for them to be confined, essentially what ends up being confined is what is under `apps`, so the "users" of the base snap will drive the confinement23:11
cprovsergiusens: 👍23:11
sergiusensthat said, I am not authoritative on this matter either, just using my spider senses23:12
ikeysergiusens, ack :]23:12
sergiusenselopio please make sure snapcraft#1736 is bullet proof23:12
mupPR snapcraft#1736: recording: pass the build info flag to the container <Created by elopio> <https://github.com/snapcore/snapcraft/pull/1736>23:12
sergiusensit looks like it is, but we have been fooled before23:13
elopioI tested it to confirm the fix. It's no different than the existing var, so I see no room for failure.23:14
elopioBut, I appreciate thorough reviews.23:15

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!