[00:00] <kyrofa> That makes the snapd suite far more than just hello-type snaps
[00:01] <kyrofa> But I'm fine with it as long as running the snaps doesn't add a lot of time
[00:01] <elopio> kyrofa: some of them should be in the plugins integration suite, right?
[00:01] <elopio> the ones that don't require execution.
[00:02] <kyrofa> Yeah that would be better... but then we have problems :P
[00:02] <kyrofa> Just trying to figure out what we want to do about snapcraft#1717
[00:02] <mup> PR snapcraft#1717: catkin plugin: check for pip packages in part only <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1717>
[00:04] <elopio> kyrofa: I haven't seen that plainbox error before, but permission denied in tmp isn't it the same we get in ruby?
[00:04] <kyrofa> elopio, I've never seen that for ruby, I just saw an inability to find rbconfig.rb
[00:06] <elopio> kyrofa: http://paste.ubuntu.com/25954649/ line #4
[00:06] <kyrofa> elopio, that's probably shebang rewriting etc. Yeah, not sure why permission would be denied there
[00:07] <kyrofa> But it's a separate issue from the breakage a few lines below
[00:07] <kyrofa> (which I've fixed)
[00:08] <kyrofa> elopio, note that I see those warnings as well
[00:08] <kyrofa> (just checked)
[00:09] <kyrofa> elopio, looks like ruby sets gems to 444 (read-only)
[00:09] <kyrofa> So, non-fatal indeed
[00:09] <kyrofa> We can ignore those
[00:13] <elopio> kyrofa: ahh, I was looking at the wrong place then. Where are you getting those plainbox errors? to try to reproduce
[00:13] <kyrofa> elopio, on xenial, adt running in xenial lxc
[00:13] <kyrofa> I'll be running another one in a minute, see if it happens again or if it was a fluke of some kind
[00:14] <elopio> kyrofa: amd64?
[00:14] <kyrofa> elopio, yes indeed, sorry
[00:14] <elopio> yeah, I haven't seen that one.
[00:16] <kyrofa> sergiusens, elopio, both of those PRs depend on making a call on where we want that test to be
[00:17] <kyrofa> I vote for leaving it alone until we can split the plugins suite
[00:21] <elopio> kyrofa: +1. Make the move after we have the reorg branch, probably to snapcraft/integration/plugins/catkin
[00:22] <elopio> the hard part is to define where to put all the ones that are not catkin, naming those directories "general" is kind of sad.
[00:22] <elopio> maybe, we can make a filter, and run everything except catkin.
[00:23] <kyrofa> elopio, hmm, aren't the filters regex though?
[00:23] <elopio> kyrofa: they could be.
[00:24] <kyrofa> Negative regex gets gross
[00:25] <elopio> yes. I don't have a solution for this, but I'm happy to push it for later.
[00:25] <sergiusens> reorgs later
[00:26] <kyrofa> Good
[00:26] <kyrofa> I'll run a zesty test on 1717
[00:31] <kyrofa> elopio, thanks for the --setup-commands hint, by the way. I'll propose that for our testing doc once this release is out the door
[00:41] <kyrofa> Running 1719 zesty:amd64 on my server as well
[00:41] <kyrofa> elopio, how do you feel about upping the ROS timeouts for arm adt?
[00:44] <elopio> kyrofa: I'm ok with that
[00:44] <kyrofa> Every time it happens they're priming or snapping, so we're so close
[00:44] <kyrofa> It also means it's not a legit hang, it's just taking a little longer
[00:44] <elopio> kyrofa: also, they can be moved to integration tests, right?
[00:45] <kyrofa> elopio, oh, are we talking about the demos?
[00:45] <kyrofa> elopio, yes they can, but then we run into the same question of where to put them
[00:46] <kyrofa> Seems pointless to move them until we have a place they can stay
[00:47] <elopio> kyrofa: they will be slow snapd integration tests, so they will only run on adt
[00:47] <kyrofa> Oh riiight
[00:47] <elopio> we haven't set a timeout for those, but we probably should.
[00:48] <kyrofa> I'd still rather just tweak the timeouts here so I don't need to retest them
[00:48] <kyrofa> (for release I mean)
[00:51] <elopio> kyrofa: ah, yes, for now, just bump that.
[00:51] <elopio> I would hate to cause a timeout in a different place, again.
[00:51] <kyrofa> No kidding
[00:51] <kyrofa> I just wanna get this thing out the door
[00:58] <mup> PR snapcraft#1731 opened: demo tests: bump catkin timeout by ten minutes <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1731>
[00:58] <kyrofa> elopio, ^
[01:42] <sergiusens> kyrofa elopio fwiw I am not fond of timeouts
[01:42]  * sergiusens looks for a clever blog post with why
[01:44] <sergiusens> meh, I cannot find any. I wouldn't use timeouts on test hardware that is shared or out of our control
[01:44] <sergiusens> there are so many things that can go wrong
[02:22] <mup> PR snapd#4211 opened: tests: adding tests for time*-control interfaces <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/4211>
[02:28] <kyrofa> sergiusens, fine by me, they do cause issues
[02:29] <kyrofa> sergiusens, we can remove them after this release, when we slurp them into the snapd suite
[02:29] <kyrofa> (which doesn't have timeouts)
[02:29] <kyrofa> (at least, I don't think they do. Maybe they have shorter timeouts though, we'll have to check)
[02:38] <sergiusens> kyrofa \o/
[03:32] <kyrofa> sergiusens, bug #1732065 is probably for you
[03:32] <mup> Bug #1732065: dotnetplugin: use of xenial-only stage-packages <Snapcraft:New> <https://launchpad.net/bugs/1732065>
[03:33] <sergiusens> kyrofa heh, the dotnet plugin will not work on anything but xenial
[03:33] <kyrofa> sergiusens, alrighty, more skips!
[03:35] <sergiusens> kyrofa seems the tests for snapcraft#1730 went rather well
[03:35] <mup> PR snapcraft#1730: ruby plugin: be smarter about arch-specific paths <bug> <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1730>
[03:35] <kyrofa> snappy-m-o, autopkgtest 1731 xenial:armhf
[03:36] <snappy-m-o> kyrofa: I've just triggered your test.
[03:36] <kyrofa> sergiusens, armhf is red, let me see...
[03:37] <kyrofa> Ugh. Network problems
[03:37] <sergiusens> kyrofa ros test and python, network related and unrelated to this, but please double check
[03:37] <kyrofa> sergiusens, indeed, both network related
[03:38] <sergiusens> kyrofa is snapcraft#1717 good when looking at the errors?
[03:38] <mup> PR snapcraft#1717: catkin plugin: check for pip packages in part only <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1717>
[03:39] <kyrofa> sergiusens, for zesty anyway, yeah. But that skips some tests... would sure like xenial armhf to run
[03:39] <kyrofa> But then we hit the timeout issue
[03:40] <sergiusens> kyrofa is that the 10 thing?
[03:40] <kyrofa> sergiusens, yep
[03:40] <kyrofa> armhf is running there now
[03:40] <kyrofa> Or queued at least
[03:40] <sergiusens> kyrofa be more ambitious, triple it
[03:40] <kyrofa> Hahaha
[03:40] <kyrofa> You got it
[03:40] <sergiusens> as if there were no timeout
[03:40] <sergiusens> really
[03:40] <sergiusens> I asked elopio a year ago to remove these timeouts
[03:40] <sergiusens> the only thing we do when we reach them is increase it
[03:40] <mup> PR snapcraft#1730 closed: ruby plugin: be smarter about arch-specific paths <bug> <Created by kyrofa> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1730>
[03:41] <sergiusens> and we already have the timeouts imposed by the machinery running the tests anyways
[03:43] <kyrofa> snappy-m-o, autopkgtest 1731 xenial:armhf
[03:43] <snappy-m-o> kyrofa: I've just triggered your test.
[03:43] <kyrofa> sergiusens, done
[03:44] <sergiusens> great
[03:47] <kyrofa> sergiusens, my adt run on snapcraft#1719 blew up, unfortunately, it seems like it doesn't like running in nested containers. I'm starting it again here, but it takes about two hours
[03:47] <mup> PR snapcraft#1719: many: account for python shebang args in rewrite <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1719>
[03:47] <kyrofa> (zesty:amd64)
[03:48] <kyrofa> Would be nice to see xenial:armhf there as well but there seems little point in queuing that up until the timeout fix lands
[03:49] <kyrofa> I'll check back in a bit
[03:49] <sergiusens> kyrofa one sec
[03:49] <sergiusens> can you review something real quick?
[03:49] <kyrofa> Sure
[03:50] <sergiusens> kyrofa #1732
[03:50] <mup> PR #1732: many: respect dirs.SnapSnapsDir in tests <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/1732>
[03:50] <sergiusens> kyrofa hmph, snapcraft#1732
[03:50] <mup> PR snapcraft#1732: tests: dotnet only works on 16.04 <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/1732>
[03:51] <kyrofa> sergiusens, haha, I got it. Always gets ya, though!
[03:51] <sergiusens> kyrofa I am doing it on purpose sometimes, maybe enough "incorrect" people get pinged that it gets removed as the implicit default :-P
[03:51] <kyrofa> Hahahahaha
[03:52] <kyrofa> sergiusens, +1
[03:52] <kyrofa> Alright, back soon
[03:52] <mup> PR snapcraft#1732 opened: tests: dotnet only works on 16.04 <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/1732>
[03:57] <HazWard> Is there a guide to package Wine programs into snaps? I want to try out some windows programs but I don't want to have all those dependencies
[04:38] <mup> Issue snapcraft#1492 closed: Support for advanced filtering for build-packages <designed> <Created by sergiusens> <Closed by sergiusens> <https://github.com/snapcore/snapcraft/issue/1492>
[04:40] <sergiusens> snappy-m-o  autopkgtest 1732 artful:amd64
[04:40] <snappy-m-o> sergiusens: I've just triggered your test.
[04:43] <ikey> had to push a fix to the full-nvidia-support PR
[04:43] <ikey> turns out Ubuntu uses a slightly different filename convention for vulkan ICDs (it doens't start with 10_ so i glob without the 10 now..)
[05:38] <kyrofa> Tests still running...
[05:41] <kyrofa> The timeout-increasing PR has its armhf run going though, looks like
[05:41] <kyrofa> I suspect things will come together tomorrow
[06:50] <mup> PR core#64 opened: 30-fix-timedatectl.chroot: fix quoting issues <Created by mvo5> <https://github.com/snapcore/core/pull/64>
[07:45]  * zyga-ubuntu is doing some tax work in the morning, sorry about that
[08:21] <mup> PR snapd#4212 opened: tests/interfaces-network-control-tuntap: disable on debian-unstable for now <Created by mvo5> <https://github.com/snapcore/snapd/pull/4212>
[08:23] <zyga-ubuntu> mvo: hint: all of debian unstable is broken
[08:24] <zyga-ubuntu> mvo: because of https://forum.snapcraft.io/t/snapd-2-27-6-2-in-debian-sid-blocked-on-apparmor-in-kernel-4-13-0-1/2813/12
[08:24] <zyga-ubuntu> mvo: so perhaps we need to refresh the debian image and fix this for real, disabling all of debian while this happens
[08:25] <mvo> zyga-ubuntu: I see only the failures in tun/tap so far
[08:25] <mvo> zyga-ubuntu: but those are quite consitent
[08:26] <zyga-ubuntu> mvo: what is the error there?
[08:26] <mvo> zyga-ubuntu: permission denied
[08:27] <mvo> zyga-ubuntu: I have not checked (yet) for the details, just want to unblock master for now
[08:27] <mvo> zyga-ubuntu: there are some PRs ready otherwise
[08:55] <pedronis> pstolowski: hi, I re-reviewed #4158
[08:55] <mup> PR #4158: snapctl: don't error out on start/stop/restart from configure hook during install or refresh <Created by stolowski> <https://github.com/snapcore/snapd/pull/4158>
[08:57] <pstolowski> pedronis, ty
[09:06] <mvo> pedronis: hey, good morning. can I run an idea by you? I have created https://github.com/snapcore/snapd/compare/master...mvo5:refresh-candidates-managed?expand=1 as a starting point for the work for the refresh.schedule=managed PR. my idea was that if the refresh schedule is managed there is code that calls store.ListRefresh() with the RefreshControlManaged flag. do you think this makes sense or would you suggest a different approach?
[09:07] <mvo> also 4212 would unblock master
[09:07] <mvo> if it gets reviews
[09:07] <mup> PR snapd#4212 closed: tests/interfaces-network-control-tuntap: disable on debian-unstable for now <Created by mvo5> <Merged by zyga> <https://github.com/snapcore/snapd/pull/4212>
[09:07]  * mvo hugs zyga
[09:08] <mvo> zyga-ubuntu: lets try to merge in a controlled way so that we don't cause a travis congestion
[09:08] <zyga-ubuntu> mvo: ok, let's coordinate here
[09:09] <mvo> zyga-ubuntu: I will push 4204 as this should be ready now
[09:09] <zyga-ubuntu> https://github.com/snapcore/snapd/pull/4207 can land
[09:09] <mup> PR #4207: Flesh out NVIDIA support for biarch and multiarch systems <Created by ikeydoherty> <https://github.com/snapcore/snapd/pull/4207>
[09:09] <mvo> zyga-ubuntu: also 4202
[09:09] <zyga-ubuntu> 4202 has some comments
[09:09] <zyga-ubuntu> if you add those that's fine
[09:10] <mvo> zyga-ubuntu: I think he addressed them, no?
[09:10] <pedronis> mvo: we are trying not do add new headers
[09:10] <pedronis> because we are redesigning all of them
[09:10] <mvo> pedronis: aha, happy to use json then, any suggestions for a straw-man?
[09:11] <pedronis> mvo: I mean it's ok if first iteration doesn't flag this anyway
[09:11] <pedronis> it's really a question for cprov tbh
[09:11] <mvo> pedronis: what the json should look like
[09:12] <mvo> pedronis: oh, you mean in the first iteration we don't need this flag send? fair enough, I can hold back then if it does not make sense to add it at this point (because of the store API work)
[09:12] <pedronis> mvo: I don't know, the issue is also that if we send something like this probably we need to send it with all calls
[09:12] <pedronis> not just the extra calls
[09:12] <mvo> pstolowski, zyga-ubuntu: is there anything controversial in 4120? it looks quite mechanical, if this is the agreed interface it seems we want to merge it. or does it need a gustavo +1?
[09:13] <pedronis> mvo: I don't think it make sense to add a flag without discussing how it will be used
[09:13] <pedronis> for that we probably need cprov
[09:13] <mvo> pedronis: all refresh calls or all all calls, i.e. install etc as ewll?
[09:13] <pedronis> all refresh calls at least
[09:13] <pedronis> but see general point
[09:13] <zyga-ubuntu> mvo: I'll look in  a sec
[09:14] <mvo> pedronis: adding it to all refresh calls was my plan, but happy to hold off for now and discuss wider first. sorry for the rush, was mostly because we want the managed mode in 2.30 but if we can life without the flag for v1 all is well
[09:14] <mvo> pedronis: I followup in the forum
[09:17] <pstolowski> mvo, i hope there is nothing controversial
[09:18] <pedronis> that was the agreed direction,  Permanent takes Info sanitized at read time
[09:19] <Chipaca> mo'in
[09:19] <mvo> pedronis: great, then its just a second review and it can go in. thanks for your feedback
[09:19] <mvo> hey Chipaca
[09:19] <pedronis> mvo: yes, please write something in the topic
[09:20] <ackk> Chipaca, hi, could you please have another look at https://github.com/snapcore/snapd/pull/3916 ? I think I addressed the remaining comments
[09:20] <mup> PR #3916: snap,wrappers: add support for socket activation <Created by albertodonato> <https://github.com/snapcore/snapd/pull/3916>
[09:21] <Chipaca> sure
[09:21] <ackk> thanks
[09:25] <cprov> mvo, pedronis: Hi! how can I help ?
[09:25] <mvo> cprov: hey, good morning
[09:26] <cprov> mvo: morning
[09:28] <mvo> zyga-ubuntu: you did say that you want to have a look at 4207, right?
[09:28] <mvo> zyga-ubuntu: it has two +1 already but you are the expert in this area so your review will certainly not hurt :)
[09:30] <zyga-ubuntu> mvo: I will look again and merge it
[09:30] <zyga-ubuntu> thank you :)
[09:31]  * zyga-ubuntu is almost done with taxes
[09:40] <zyga-ubuntu> mvo: +1 to land https://github.com/snapcore/snapd/pull/4120
[09:40] <mup> PR #4120: repo: use PlugInfo and SlotInfo for permanent plugs/slots <Created by stolowski> <https://github.com/snapcore/snapd/pull/4120>
[09:42] <pstolowski> thanks1
[09:45] <mup> PR snapcraft#1731 closed: demo tests: bump catkin timeout by a lot <Created by kyrofa> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1731>
[09:46] <mup> PR snapd#4120 closed: repo: use PlugInfo and SlotInfo for permanent plugs/slots <Created by stolowski> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4120>
[09:52] <mup> PR core#64 closed: 30-fix-timedatectl.chroot: fix quoting issues <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/core/pull/64>
[10:01] <sergiusens> snappy-m-o autopkgtest 1717 xenial:armhf
[10:01] <snappy-m-o> sergiusens: I've just triggered your test.
[10:09]  * zyga-ubuntu goes to the doctor with his son 
[10:11] <Chipaca> ackk: +1; merged
[10:11] <Chipaca> ackk: thank you!
[10:11] <mup> PR snapd#3916 closed: snap,wrappers: add support for socket activation <Created by albertodonato> <Merged by chipaca> <https://github.com/snapcore/snapd/pull/3916>
[10:11] <ackk> Chipaca, \o/ thanks :)
[10:12] <ackk> Chipaca, are the blockers for the snapcraft PR to alow that syntax?
[10:16] <Chipaca> ackk: je ne sais pas
[10:16] <Chipaca> ackk: that's a snapcrafter question :-)
[10:16] <Chipaca> (i haven't been following that particular thing)
[10:16] <Chipaca> ackk: have you checked with review tools also?
[10:20] <ackk> Chipaca, wdym?
[10:21] <ackk> yeah I should probably ask kyrofa about that one
[10:21] <ackk> (https://github.com/snapcore/snapcraft/pull/1617 FTR)
[10:21] <mup> PR snapcraft#1617: Add options to configure applications socket activation <Created by albertodonato> <https://github.com/snapcore/snapcraft/pull/1617>
[10:23] <Chipaca> ackk: there's a sanity checker / enforcer that's run as part of a store upload that might block this (i don't know, but somebody should check)
[10:23] <Chipaca> ackk: it used to be called click-review-tools (it might still be called that)
[10:23] <ackk> I see
[10:24] <Chipaca> rabble rabble proud heritage rah rah
[10:45] <cjwatson> Chipaca: hey, so man pages :-)  I've been putting some weekend/evening time into getting man-db set up with apparmor and seccomp
[10:46] <cjwatson> Chipaca: at the moment the state of play is that I've got committed-but-not-uploaded changes to add an apparmor profile to /usr/bin/man that confines various groff-related processes that it starts, plus decompressors and other misc filters
[10:47] <cjwatson> Chipaca: I've also got work in progress to do seccomp confinement in other simpler cases - groff can't really be seccomp-confined because we need to be able to do path filtering (to let it open temp files but not other things)
[10:48] <cjwatson> Chipaca: how widely deployed would we want all this to be before we could be comfortable turning it on in snaps, though?
[10:49] <cjwatson> Chipaca: the main issue here is that seccomp confinement requires some new API in libpipeline, so it'd be difficult to SRU.  the apparmor confinement on its own would probably be quite easy to SRU.  might we be comfortable if we just had apparmor for groff-related processes called by man, which it seemed to me before was the main concern?
[10:49] <Chipaca> cjwatson: wrt whether apparmor would be enough for us to be happy, that's a question for jdstrand
[10:50] <cjwatson> OK, hopefully he'll see that.  I did run the profile past him
[10:50] <Chipaca> cjwatson: wrt SRU, i'll check what mvo thinks; worst case we might look at rolling it into 18
[10:50] <cjwatson> AIUI from Gustavo at the rally, 18 is more of a future escape hatch than a concrete plan
[10:50] <cjwatson> so yeah, that's a worst case, seems like quite a bad one though :)
[10:50] <Chipaca> cjwatson: wrt how widely deployed, i'm ok with letting the packager decide whether their target distribution supports it or not
[10:51] <Chipaca> cjwatson: 18 is many things :-) but we'll be switching to an 18.04-based default at _some_ point
[10:51] <Chipaca> as opposed to our current 16.04-based default
[10:51] <Chipaca> and that's what i meant
[10:51] <cjwatson> right, if you mean 18.04 base snaps rather than series 18 assertions or whatever, then sure
[10:51] <Chipaca> series:18 is the thing that's an escape hatch
[10:52] <cjwatson> hopefully should be able to get the apparmor profile SRUed to xenial after some bake time, though
[10:52] <Chipaca> yes (for moost non-devs, a 18.04 base snap defaut is as 18 as it gets)
[10:52] <Chipaca> that would be ideal, agreed
[10:54] <Chipaca> cjwatson: the change in libpipeline, it's a new API, not a changed one?
[10:54] <cjwatson> the main hole this leaves would be man-db's own scanning of manual pages to figure out what their NAME headers are.  there's literally never been a vulnerability in that, though, so I'm not too worried
[10:54] <Chipaca> so it can be made ABI-compatible?
[10:54] <cjwatson> it's a new API, yes, but it'd effectively be a new upstream version
[10:54] <cjwatson> also new ABI, so not quite sure what you mean by ABI-compatibile
[10:54] <cjwatson> *compatible
[10:55] <Chipaca> maybe i misunderstood -- i thought if you just added new symbols you didn't need to bump the abi
[10:55] <Chipaca> but my knowledge of that part of the stack is very hazy :-)
[10:56] <Chipaca> (i've never had to learn it)
[10:56] <cjwatson> Chipaca: well, it's not a new SONAME so doesn't require a library transition or anything, sure
[10:56] <Chipaca> right, that's what i meant, thank you
[10:59] <Chipaca> cjwatson: taking a step back, that's great news, and thank you for your work on this! I'll try not to get too excited until more bits get put in place, but it's hard :-)
[11:01] <cjwatson> right, it'll take a week or two more until everything lands in bionic, probably, since the seccomp stuff requires some care about portability.  Just mainly wanted to check whether I was missing anything important
[11:10] <Chipaca> Son_Goku: o/
[11:10] <Son_Goku> hey
[11:12] <Chipaca> Son_Goku: question for you: if you set MANPATH to include, say, /var/lib/snapd/snap/man, and that directory contained manpages, would your man pick it up, or would its confinement block that?
[11:13] <Son_Goku> it'd probably get blocked
[11:13] <niemeyer> o/
[11:13] <Son_Goku> niemeyer: hi
[11:13] <Son_Goku> man can only access files labeled as "man_t"
[11:14] <Son_Goku> I'd probably have to fiddle with the SELinux policy to make sure any files in /var/lib/snapd/snap/man were marked as man pages
[11:14] <Son_Goku> or at least could transition from type snappy_var_t to man_t
[11:14] <Chipaca> Son_Goku: could snapd do that labeling?
[11:15] <Son_Goku> it *should*
[11:15] <mvo> pedronis: I think I'm at the point now where I would like to use the fakestore with a fake snapDeclaration for my snapd refresh managed PR, maybe we can have a quick chat after the standup? happy to work on it just want to make sure things are aligned
[11:15] <Son_Goku> the fact it doesn't is super annoying
[11:15] <Chipaca> Son_Goku: ok, i'll keep it in mind
[11:15] <Son_Goku> it should be generating all of these policy things
[11:15] <Chipaca> Son_Goku: tell me more
[11:15] <Chipaca> about "all of these policy things"?
[11:16] <Chipaca> i mean, i have no idea how to label something, but i presume it's something that could in worst case be done via a command
[11:16] <Chipaca> so snapd could do it as part of install
[11:16] <Son_Goku> sure
[11:16] <Son_Goku> there are a few ways to do it
[11:16] <Chipaca> so my question is more what needs labeling
[11:16] <Son_Goku> libselinux provides a programmatic way to do it, but you can also use chcon to do it
[11:17] <Son_Goku> it does run the risk of being reset unless a policy is generated and loaded
[11:17] <Son_Goku> so snaps need to be labeled correctly on install and mount
[11:17] <Son_Goku> matching the label in the snapd policy profile for them
[11:18] <Son_Goku> assuming man is confined, man pages on install need to be labeled correctly, too
[11:18] <Chipaca> Son_Goku: what would do that resetting? and how does a policy loading stop the reset?
[11:18] <pedronis> mvo: yes, it's almost lunch here, we can chat after the standup, this morning I looked around about what is the current situation about that
[11:18] <Son_Goku> and snapd should be generating policies to enforce these so that when the user runs restorecon, it doesn't get reset by policy
[11:19] <Son_Goku> the restorecon command can be used to reset all filesystem labels to match what's in the loaded SELinux policy
[11:19] <Chipaca> Son_Goku: is the policy something like "everything under /foo/bar has label baz"?
[11:19] <Son_Goku> yes, it can be
[11:20] <Chipaca> Son_Goku: so we could instead have that and do restorecon?
[11:20] <Son_Goku> yes
[11:20] <Chipaca> or would that be frowned on
[11:20] <Son_Goku> no, that's fine
[11:20] <Son_Goku> you can tell restorecon to restore only within a set of paths
[11:20] <Son_Goku> rather than the whole filesystem
[11:20] <Chipaca> Son_Goku: and how does restorecon affect running processes?
[11:21] <Son_Goku> it doesn't
[11:21] <Chipaca> ok
[11:21] <Son_Goku> processes get their SELinux context from when they're initialized
[11:21] <Son_Goku> that comes from the label they were on disk
[11:21] <Chipaca> Son_Goku: thanks (i'll ask and dig more when i'm closer to the feature)
[11:21] <Son_Goku> :)
[11:21] <Chipaca> this gives me a general feel of what needs to happen :-)
[11:23] <Son_Goku> for SELinux, there are two "languages" for them: a high level language (you can see that here: https://github.com/snapcore/snapd/tree/master/data/selinux), and an intermediate language that you can use to build another language to compile to: https://github.com/SELinuxProject/cil/wiki
[11:23] <Chipaca> cjwatson: is the libpipeline work being done upstream? would fedora be picking that up as well?
[11:24] <cjwatson> Chipaca: I am upstream for libpipeline
[11:24] <cjwatson> so yes
[11:24] <mvo> pedronis: same here, lunch and meetings, looking forward for your ideas :) enjoy lunch
[11:24] <Chipaca> cjwatson: thank you
[11:24] <Son_Goku> Chipaca, since snapd has its own high level language for security constructs, any programmatic SELinux enablement would probably be done by leveraging the CIL
[11:25] <Son_Goku> CIL constructs can be directly loaded into the kernel
[11:26] <Chipaca> Son_Goku: I know some of those words! I'll see how much I need to learn down the road (not now though)
[11:27] <Son_Goku> :D
[11:28] <Chipaca> Son_Goku: the context is that we'll be adding manpage support at some point, and want man to be able to load manpages from snaps while minimising risk
[11:28] <Son_Goku> right
[11:29] <Son_Goku> the CIL structure more closely resembles how AppArmor profiles are written, so that might be helpful for you ;)
[11:30]  * Chipaca goes back to reviewing stuff
[11:30] <Son_Goku> also... restorecon: https://www.mankier.com/8/restorecon
[11:36]  * kalikiana tea break
[11:38] <cjwatson> the in-progress apparmor profile is https://anonscm.debian.org/cgit/pkg-man-db/man-db.git/tree/debian/apparmor/usr.bin.man FWIW
[11:39] <cjwatson> definitely not perfect but it protects the bits that deal with untrusted data most directly
[11:48] <andyrock> ogra_:  regarding the problem of snaps mounts appearing in gdu
[11:48] <andyrock> the mount options 'x-gdu.whatdever' cannot be used because it requires that to be in fstab
[11:49] <andyrock> an enviroment variable cannot be used because cannot be get using udisk2
[11:50] <zyga-ubuntu> re
[11:50] <zyga-ubuntu> JamieBennett: I'm home now
[11:51] <andyrock> zyga-ubuntu: http://paste.ubuntu.com/25960186/
[11:52] <andyrock> I asked upstream if we can just mark them as udisk2 ignored
[11:52] <andyrock> and maybe gdu can avoid displaying an ignored loop device
[11:53] <andyrock> and show all the other devices (even if ignored)
[11:53] <zyga-ubuntu> andyrock: looking
[11:54] <zyga-ubuntu> andyrock: I don't understand why x-gdu.whatever cannot be used
[11:54] <andyrock> because it's not passed around
[11:54] <zyga-ubuntu> andyrock: is it because the custom mount unit data is lost and cannot be accessed?
[11:54] <andyrock> not written in mtab
[11:54] <andyrock> nowhere
[11:55] <zyga-ubuntu> I see
[11:56] <andyrock> it can be that i'm doing something wrong
[11:56] <andyrock> but I don't think so :D
[11:57] <andyrock> https://www.irccloud.com/pastebin/qWM7FlOw/
[11:59] <andyrock> it can be that I'm using an old version of util-linux
[11:59] <andyrock> let me check on bionic
[12:01] <zyga-ubuntu> andyrock: I think you are right
[12:01] <andyrock> https://www.irccloud.com/pastebin/8i62fxih/
[12:02] <andyrock> zenial has 2.27
[12:02] <andyrock> *xenial
[12:02] <andyrock> bionic should be fine
[12:02] <andyrock> and it's ok to not target X
[12:03] <JamieBennett> zyga-ubuntu: OK, see you at the stand-up
[12:06] <zyga-ubuntu> mvo: hello, did you consider increasing the number of workers?
[12:08] <zyga-ubuntu> ok
[12:19] <zyga-ubuntu> mvo: I just +1d https://github.com/snapcore/snapd/pull/4207
[12:19] <mup> PR #4207: Flesh out NVIDIA support for biarch and multiarch systems <Created by ikeydoherty> <https://github.com/snapcore/snapd/pull/4207>
[12:19] <zyga-ubuntu> not sure if you think jamie should see it as well
[12:20] <zyga-ubuntu> Chipaca: hey
[12:20] <zyga-ubuntu> Chipaca: FYI, there's a C rewrite of c-n-f
[12:20] <Son_Goku> zyga-ubuntu: eh?
[12:21] <zyga-ubuntu> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881692
[12:21] <zyga-ubuntu> hey Son_Goku
[12:22] <Son_Goku> yet another c-n-f thing?
[12:22] <Son_Goku> jeez
[12:22] <Son_Goku> why
[12:23] <zyga-ubuntu> Son_Goku: I'd love one upstream cnf that's not tied to gnome-software/packagekit
[12:23] <zyga-ubuntu> Son_Goku: that can work anywhere
[12:23] <Son_Goku> and of course, it's debian specific, though I shouldn't be surprised since it's a rewrite of the debian c-n-f tool
[12:23] <zyga-ubuntu> but it's world vs reality
[12:23] <Son_Goku> zyga-ubuntu: suse's scout uses libsolv
[12:23] <zyga-ubuntu> Son_Goku: why debian specific?
[12:23] <Son_Goku> which can parse literally anything
[12:23] <zyga-ubuntu> Son_Goku: I don't want to use libsolve
[12:23] <zyga-ubuntu> Son_Goku: this is not a merit
[12:23] <Son_Goku> why is that not a merit?
[12:24] <zyga-ubuntu> Son_Goku: cnf has a very simple goal: deliver useful hint quickly
[12:24] <Son_Goku> yes
[12:24] <zyga-ubuntu> Son_Goku: it has a very simple data format
[12:24] <zyga-ubuntu> Son_Goku: that can be fed by anything
[12:24] <Son_Goku> you want a cnf framework?
[12:24] <Son_Goku> then make one
[12:24] <zyga-ubuntu> Son_Goku: no, I don't want a framework, we have one already, it just needed a C rewrite for speed
[12:25] <zyga-ubuntu> Son_Goku: app name -> list of info about hints
[12:25] <zyga-ubuntu> that's literally the whole thing
[12:26] <zyga-ubuntu> Son_Goku: I'm sure each distribution had a reason to come up with something similar but I was trying to make a point about simplicity and speed
[12:26] <zyga-ubuntu> Son_Goku: using complex libraries for complex tasks is not improving the situation
[12:26] <zyga-ubuntu> Son_Goku: there's nothing to solve for
[12:26] <Son_Goku> the debian c-n-f calls apt directly
[12:26] <Son_Goku> that's basically the same problem then
[12:26] <zyga-ubuntu> Son_Goku: ?
[12:27] <zyga-ubuntu> Son_Goku: is the debian cnf the same as ubuntu's cnf?
[12:27]  * Son_Goku shrugs
[12:27] <zyga-ubuntu> Son_Goku: note that "calling $packaging tool" directly is a simple build thing that can be tweaked form same source
[12:27] <zyga-ubuntu> Son_Goku: in fact the code I wrote a decade ago did that
[12:27] <zyga-ubuntu> Son_Goku: (though it was my very early python so it's pretty terrible)
[12:29] <Son_Goku> zyga-ubuntu: it looks like it reads apt metadata
[12:29] <Son_Goku> Contents and Packages, specifically
[12:30] <zyga-ubuntu> Son_Goku: the debian one? that's too bad, sorry about that (I didn't write that)
[12:30] <zyga-ubuntu> Son_Goku: my implementation was always about data, any package can add additional data files that contain hints
[12:30] <zyga-ubuntu> Son_Goku: and with minimal dependencies it is sane for servers and desktops and embedded alike
[12:30] <Son_Goku> the goal of most c-n-f tools is to identify what you need to install to make the missing command available
[12:31] <zyga-ubuntu> Son_Goku: and the data can come from whatever format, can be packagekit, gnome-software, apt, dnf, whatever
[12:31] <Son_Goku> that's what PK-cnf, scout, etc. all do
[12:31] <Son_Goku> the problem in your case is you want to inject foreign applications into the cnf
[12:31] <zyga-ubuntu> ?
[12:31] <zyga-ubuntu> no, there's no problem here
[12:32] <zyga-ubuntu> anyway, not sure what we are arguing about
[12:32] <zyga-ubuntu> the many implementations
[12:32] <zyga-ubuntu> the design of a particular one
[12:32] <zyga-ubuntu> or something else
[12:32] <Son_Goku> we're not arguing
[12:32] <Son_Goku> I'm just telling you what the stuff has been forever
[12:32] <Son_Goku> and your problem space (adding snaps to cnf) is not easy because most don't have a way to do it
[12:32] <zyga-ubuntu> Son_Goku: well, I know there were, I tried to unifiy it after writing the first one
[12:33] <zyga-ubuntu> Son_Goku: that's fine, we'll go little by little
[12:33] <zyga-ubuntu> Son_Goku: (actually not sure if I wrote the first one or just the one that got used in ubuntu)
[12:33] <Son_Goku> I think you just wrote the one that went into ubuntu
[12:34] <zyga-ubuntu> Son_Goku: but my point is that it's hard to unify everyone now as they all have their own quirky versions
[12:34] <zyga-ubuntu> Son_Goku: but was it also the first one?
[12:34] <Son_Goku> I recall cnf systems existing since before Ubuntu's existence
[12:34] <Son_Goku> Mandrake had one, iirc
[12:34] <zyga-ubuntu> aha, I didn't know that
[12:34] <zyga-ubuntu> Son_Goku: in my problem the actually interesting/hard part was data collection
[12:35] <Son_Goku> my memories of Mandrake are super-foggy though, it was 15 years ago
[12:35] <zyga-ubuntu> the display part was really not that hard
[12:35] <Son_Goku> sure
[12:35] <zyga-ubuntu> nowadays it's (maybe) better with better repo-side meta-data
[12:35] <Son_Goku> yeah
[12:35] <zyga-ubuntu> but when you cannot get "vim" (because it's vim.real) or gcc (because $REASONS) I had to do some very ugly things to collect better source data
[12:36] <Son_Goku> well, Mandrake's urpmi was one of the first easily searchable metadata formats
[12:36] <Son_Goku> it had a binary index called synthesis
[12:36] <Son_Goku> that made things super-fast for queries
[12:36] <Son_Goku> right
[12:36] <zyga-ubuntu> Son_Goku: the index is not a problem, I built one too, the problem were postinst scripts
[12:36] <Son_Goku> this wasn't a problem in RPM land, because we had %ghost
[12:36] <Son_Goku> we can just say a file *will exist* and it would show up in the file lists anyway
[12:36] <zyga-ubuntu> Son_Goku: dpkg-divert and dpkg-alternatives
[12:36] <Son_Goku> I don't know how debian solved that problem
[12:37] <Son_Goku> alternatives has and will remain, garbage fire
[12:37] <zyga-ubuntu> Son_Goku: I think they now describe command line applications explicitly
[12:40] <zyga-ubuntu> Chipaca: hey, about the README file, I'm thinking if it should be a standalone file && symlink
[12:41] <zyga-ubuntu> Chipaca: and about the complexity tradeoff
[12:41] <zyga-ubuntu> not sure
[12:41] <zyga-ubuntu> Son_Goku: have you seen that PR?
[12:41] <Son_Goku> which one?
[12:41] <Son_Goku> I follow lots of PRs for lots of projects...
[12:41] <zyga-ubuntu> https://github.com/snapcore/snapd/pull/4210
[12:41] <mup> PR #4210: many: add magic /snap/README file <Created by zyga> <https://github.com/snapcore/snapd/pull/4210>
[12:41] <zyga-ubuntu> yesterday's experiment to help users
[12:42] <zyga-ubuntu> this was caused by https://forum.snapcraft.io/t/a-more-graceful-way-for-snapd-to-fail-when-snap-is-missing/2712/31 (which is very eye-opening)
[12:43] <Chipaca> zyga-ubuntu: question is, where do you symlink it to / copy it from
[12:43] <zyga-ubuntu> Chipaca: yeah, complexity
[12:43] <zyga-ubuntu> Chipaca: this is blissfully simple
[12:44] <Chipaca> zyga-ubuntu: make it readonly i'm +1 on it :-)
[12:44] <Chipaca> zyga-ubuntu: the others are wishful dreaming
[12:44] <zyga-ubuntu> Chipaca: could be i18n if we had core locale handling :D
[12:44] <zyga-ubuntu> Chipaca: ok, I'll check if that doens't upset the ensure code and do it
[12:44] <zyga-ubuntu> *doesn't
[12:46] <Son_Goku> zyga-ubuntu: umm wtf?
[12:46] <Son_Goku> you're dynamically generating a readme?
[12:47] <zyga-ubuntu> Son_Goku: yes, like everything else there
[12:49] <Son_Goku> alright then
[12:49] <Son_Goku> man page like readmes should be treated like man pages :)
[12:49] <zyga-ubuntu> Son_Goku: I mean it's a bit of a stretch
[12:49] <zyga-ubuntu> Son_Goku: but it has some advantages
[12:49] <Son_Goku> I'm not saying it's bad
[12:49] <Son_Goku> it's just out of left field
[12:49] <zyga-ubuntu> Son_Goku: yeah but this is for users who don't really read man pages
[12:49] <Son_Goku> yes, yes
[12:49] <zyga-ubuntu> out of left field?
[12:50] <Son_Goku> something I didn't expect anyone would do
[12:50] <zyga-ubuntu> aha :)
[12:50] <Chipaca> Son_Goku: this is to address a problem we saw in the forum
[12:50] <Son_Goku> "out of left field" is an English idiomatic phrase coming from baseball
[12:50] <Chipaca> Son_Goku: somebody rsync'ed /snap and then mounted that and wondered why everything was terrible
[12:50] <zyga-ubuntu> I almost think we could have WHAT-IS-THIS.desktop that runs browser and goes to the forum
[12:50] <Son_Goku> zyga-ubuntu: https://en.wikipedia.org/wiki/Out_of_left_field
[12:50] <zyga-ubuntu> with gustavo movie explaining things
[12:50]  * zyga-ubuntu reads
[12:50] <Son_Goku> the forum is a bad reference for these things
[12:51] <Son_Goku> it's too dynamic and people are allowed to freely edit and delete things
[12:51] <Son_Goku> as the information is relatively static, it makes little sense to not incorporate it into the README file if that's its purpose
[12:52] <zyga-ubuntu> Son_Goku: that topic is in the "doc" section
[12:52] <zyga-ubuntu> Son_Goku: so it should be curated
[12:52] <Son_Goku> it can just as easily not be
[12:52] <Son_Goku> that is *not* a good enough indicator in my mind
[12:52] <zyga-ubuntu> Son_Goku: what would you add to the file that is not there already/
[12:53] <Son_Goku> actually, I think the readme itself is fine
[12:53] <Son_Goku> but if there's supposed to be more information, don't cop-out to link to the forum
[12:53] <Son_Goku> it's a bad habit
[12:53] <Son_Goku> it already happens too much when it really shouldn't
[12:54] <Son_Goku> documentation topics should probably be regularly exported from the forum into something that can be bundled and shipped as a static site
[12:54] <zyga-ubuntu> Son_Goku: maybe, I think it could be done if the forum has an API
[12:54] <zyga-ubuntu> Son_Goku: I like the appeal of offline, curated docs
[12:55] <zyga-ubuntu> Son_Goku: but nowadays people mostly just google stuff
[12:55] <Son_Goku> I'm more concerned that the docs aren't really forkable
[12:55] <zyga-ubuntu> aha
[12:55] <Son_Goku> they *were* when they were managed in a github wiki
[12:55] <Son_Goku> but they're not anymore
[12:55] <Son_Goku> and we have problems from time to time with people being unable to edit their own topics/posts
[12:59] <mvo> zyga-ubuntu: I don't think I can do that myself, I can do a PR though, but I have no analyized why things are slow currently
[13:00] <zyga-ubuntu> mvo: I mean, we can just do a PR with some extra nodes in it to see how timing works
[13:15] <niemeyer> Son_Goku: Don't overthink it too much.. it's a link to a place which can be publicly edited and maintained. The link can change, the content in the forum can change, everything can change if it has to. For now this approach is good enough, and it's visible both to the community and to people maintaining it.
[13:16] <zyga-ubuntu> Son_Goku: I addressed your comments now, thank you!
[13:25] <jdstrand> zyga-ubuntu: hey, so 4163 was committed before I looked at it, but I looked at it yesterday. while the code appears to have the end result we want, I felt that it was a bit confusing as an api and hard to read. it's approved and it works so not a blocker, but 2 cents
[13:30] <zyga-ubuntu> jdstrand: hey thank you for reviewing that
[13:30] <zyga-ubuntu> jdstrand: yes, it got merged by accident really
[13:30] <jdstrand> ok
[13:30] <zyga-ubuntu> jdstrand: I did that to reuse code / testing for similar features, if you think it'd be better to just get it in one function like before that's useful data for me
[13:31] <jdstrand> zyga-ubuntu: if you agree and wanted to do a followup PR, I'm happy to review it
[13:31] <zyga-ubuntu> jdstrand: did you add the feedback on github?
[13:31] <zyga-ubuntu> or is that just the remark here about the api complexity
[13:31] <jdstrand> zyga-ubuntu: it isn't so much about reuse (which is fine). my comments are in the PR, yes
[13:32] <zyga-ubuntu> ok, i'll have a look; thank you!
[13:32] <jdstrand> surprised you didn't get an email...
[13:32] <jdstrand> wonder if github is 'smart' and doesn't send reviews after it is merged...
[13:34] <jdstrand> in that light...
[13:34] <ogra_> yeah, GH mail handling for PRs sucks
[13:34] <ogra_> they should implement the launchpad one ;)
[13:34] <jdstrand> ackk: hi! not sure if you noticed, but I added a few comments to https://github.com/snapcore/snapd/pull/3916#pullrequestreview-76430191
[13:34] <mup> PR #3916: snap,wrappers: add support for socket activation <Created by albertodonato> <Merged by chipaca> <https://github.com/snapcore/snapd/pull/3916>
[13:35] <jdstrand> ackk: summary: I thought input validation was good but requested a few extra tests
[13:36] <zyga-ubuntu> jdstrand: I think it didn't email me, I'll have to check the branch directly
[13:36] <jdstrand> zyga-ubuntu: https://github.com/snapcore/snapd/pull/4163#pullrequestreview-76253522
[13:36] <mup> PR #4163: cmd/snap-update-ns: re-factor secureMkdirAll into secureMk{Prefix,Dir} <Created by zyga> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/4163>
[13:37] <jdstrand> zyga-ubuntu: (and the inline comments below that ^)
[13:37] <zyga-ubuntu> ah, I see your notification now
[13:37] <zyga-ubuntu> thanks!
[13:37] <jdstrand> np
[13:38] <jdstrand> zyga-ubuntu: again, if you disagree, and feel it is fine, that is 3 against 1, so it is for your consideration
[13:38] <zyga-ubuntu> jdstrand: I'll take it into account and integrate parts into other RPs, the rest will be in a separate PR most likely, I need to read this carefully first
[13:39] <zyga-ubuntu> jdstrand: I think partially it is just naming as I was trying to have code that I can reuse for <prefix>/<leaf> where there are N leaf functions and one function for prefix
[13:53] <zyga-ubuntu> mvo: I'm looking at the tuntap test failure now
[13:54] <zyga-ubuntu> cachio: hey
[13:54] <cachio> zyga-ubuntu, hi
[13:54] <zyga-ubuntu> cachio: how can we refresh the debian sid image we have in linode
[13:54] <zyga-ubuntu> cachio: and ideally unbreak the sid vs debian 9 issue
[13:55] <zyga-ubuntu> cachio: so we have the same distro in qemu and in linode
[13:55] <cachio> we need to use spread-images for that
[13:56] <zyga-ubuntu> do I have permissions for that? i can have a look at fixing htis if I do
[13:56] <cachio> zyga-ubuntu, which kind of refresh should we do?
[13:56] <zyga-ubuntu> cachio: we need to dist-upgtrade, including the new kernel, essentially
[13:57] <cachio> you need to download the spread-images
[13:57] <cachio> then execute with spread tasks/update
[13:57] <zyga-ubuntu> aha
[13:57] <zyga-ubuntu> https://github.com/snapcore/spread-images I assume
[13:57] <cachio> with the image you want to update
[13:58] <cachio> then you can manually install want yuou need
[13:58] <cachio> and then gustavo will replace that image that you created
[13:58] <cachio> I can start the image and give you the credentials
[13:58] <cachio> so then I make the tear down lo clean up the image
[13:59] <cachio> zyga-ubuntu, just giveme 5 minutes to start the machine
[13:59] <zyga-ubuntu> ok
[13:59] <zyga-ubuntu> cachio: I forked the repo
[13:59] <zyga-ubuntu> er
[13:59] <zyga-ubuntu> cloned it
[14:00] <cachio> I am running the test
[14:00] <cachio> I'll have that machine in few minutes
[14:07] <ogra_> pedronis, did the behaviour of the "snap download... ; snap ack ... ; snap install ..." triplet change recently ? i was just told by someone that he didnt need to ack but could just do download and install
[14:08] <mvo> zyga-ubuntu: \o/
[14:08] <Chipaca> ogra_: if they've previously acked they don't need to re-ack
[14:08] <zyga-ubuntu> mvo: ha, the test just passed?!?
[14:08] <pedronis> ogra_: no, didn't change,  I had some discussion that we might ack for you but it didn't happen
[14:09] <pedronis> so far
[14:09] <ogra_> well, Chipaca's answer might explain it
[14:09] <mvo> zyga-ubuntu: race?
[14:09] <mvo> zyga-ubuntu: did you ran it on linode?
[14:11] <zyga-ubuntu> yes
[14:11] <zyga-ubuntu> inside linode
[14:11] <zyga-ubuntu> I doubt it is racing
[14:11] <zyga-ubuntu> I'll retry
[14:19] <zyga-ubuntu> Son_Goku: Fedora 27 is now released :)
[14:19] <Son_Goku> yes
[14:20] <Son_Goku> the fedora 27 VM needs to be distro-sync'd to GA package set
[14:26] <zyga-ubuntu> mvo: it passed again, I'll send a PR re-enabling that
[14:28] <mup> PR snapd#4213 opened: tests: re-enable tun/tap test on Debian <Created by zyga> <https://github.com/snapcore/snapd/pull/4213>
[14:39] <roadmr> jdstrand: good morning! tools r939 is in prod as of 2 hours ago \o/
[14:51] <zyga-ubuntu> mvo: I worked with cachio on an updated pair of debian images, a proper debian-9 image (new) and separately from that debian-unstable (as today) that represents a current snapshot of sid
[14:51] <mvo> zyga-ubuntu: nice
[14:52] <zyga-ubuntu> mvo: the stretch/9 image will be a good baseline for testing snapd in stable
[14:53] <mvo> zyga-ubuntu: yeah, debian-9 will be less volatile
[14:53] <zyga-ubuntu> mvo: and the refreshed image will show us the issues with mainline kernel apparmor
[14:53] <zyga-ubuntu> mvo: I'll focus on resolving those with jjohansen and jdstrand
[14:53] <mvo> thanks zyga-ubuntu
[14:54] <cachio> zyga-ubuntu, machines are clean, now we need to wait until those are updated in linode
[14:56] <jdstrand> roadmr: thanks!
[15:08] <zyga-ubuntu> mvo: can you please merge https://github.com/snapcore/snapd/pull/4213
[15:08] <mup> PR #4213: tests: re-enable tun/tap test on Debian <Created by zyga> <https://github.com/snapcore/snapd/pull/4213>
[15:10]  * Chipaca goes to have lunch before it's tea
[15:10] <elopio> nessita: I need help sending an oauth request to an SSO authenticated URL. Can you help me?
[15:10] <roadmr> oauth?
[15:10] <roadmr> elopio: does "surl" help here? it takes care of authentication
[15:12] <ogra_> only if you dont use 2fa though
[15:12] <sergiusens> kalikiana hey, how's that container work going?
[15:15] <sergiusens> elopio notice a problem here https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-artful-snappy-dev-snapcraft-daily/artful/amd64/s/snapcraft/20171114_144114_e9c38@/log.gz ?
[15:15] <sergiusens> :-)
[15:18] <elopio> sergiusens: ugh, I will fix it.
[15:18] <mup> PR snapd#4213 closed: tests: re-enable tun/tap test on Debian <Created by zyga> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4213>
[15:18] <sergiusens> elopio thanks
[15:19] <sergiusens> elopio would be good to not check the output of commands we do not control; imagine people using ours as a result of test if you cannot see my point :-)
[15:20] <sergiusens> unless it is supposed to be machine readable output
[15:23] <elopio> roadmr: I didn't know about surl, I will check that. I was trying with the ssoclient and requests_oauth: http://paste.ubuntu.com/25961322/
[15:24] <elopio> but last time I did this was years ago, I'm not sure if I'm doing it wrong.
[15:24] <roadmr> elopio: that's probably rotten :( surl does the macaroon dance, not really oauth, so depending on what you want it for, it may or may not work
[15:24] <kalikiana> sergiusens: anything specific? I've got a branch for the matter of injecting the core snap but didn't propose it as to avoid taking resources off Travis
[15:25] <nessita> elopio, i think so!
[15:25] <nessita> elopio, tell me more
[15:26] <elopio> nessita: I've just sent my script to roadmr: http://paste.ubuntu.com/25961322/
[15:26] <elopio> oh, there's a bad import there, but well, that's the idea.
[15:28] <nessita> elopio, what's the goal of the script? I don't think https://autopkgtest.ubuntu.com/request.cgi supports oauth authorization?
[15:28] <nessita> elopio, ie SSO is not an oauth provider, is an openid provider
[15:28] <nessita> elopio, the OAuth that SSO supports is not rfc compliant and works with sso APIs (its own)
[15:29] <sergiusens> kalikiana have you seen your email inbox as of late?
[15:31] <elopio> nessita: so, more context. I copied some bash from pitti that triggers the autopkgtests in a PPA. It uses a cookie for the request:
[15:31] <elopio> https://github.com/elopio/snapcraft/blob/ppa-autopkgtest/tools/run_ppa_autopkgtests.py
[15:31] <kalikiana> sergiusens: oh, were you asking about the release stuffs I guess. "that container work" sounded like some PR you were looking for. My bad.
[15:32] <kalikiana> sergiusens: I'm getting myself acquainted with asciinema
[15:32] <elopio> nessita: Instead of the cookie, I thought it might be better to use oauth. But, it didn't work, so I started asking and they haven't tried that. Maybe, you are right and it's not supported.
[15:33] <nessita> elopio, SSO has not API for other sites to do OAuth validation
[15:33] <nessita> has no* API
[15:33] <elopio> nessita: so, do you know of a way to do this user/password instead of thte cookie?
[15:34] <CoderEurope> http://www.rightrelevance.com/search/articles/hero?article=8461f06abc90aa4816d85711cc78e4f09d2a5bb0&query=ubuntu&emaildigest=true
[15:35] <nessita> elopio, I don't think there is a way, SSO supported openid dance only which is browser/cookie based
[15:37] <CoderEurope> nessita: https://help.launchpad.net/API
[15:38] <CoderEurope> last edited 20-11
[15:39] <elopio> nessita: well, thanks for the info. I will stop trying :)
[15:41] <elopio> nessita: the script mentioned that the cookie is valid for a month. Is that a month without use? Or will I always have to refresh the cookie manually?
[15:45] <elopio> omw to the meeting
[15:46] <Chipaca> CoderEurope: ?
[15:58] <cjwatson> CoderEurope: that's not super-relevant to autopkgtest or SSO APIs.  Launchpad uses SSO, yes, but its APIs won't help in this case.
[16:04] <mup> PR snapcraft#1597 closed: pluginhandler: warn about migrated system libraries <Created by sergiusens> <Closed by sergiusens> <https://github.com/snapcore/snapcraft/pull/1597>
[16:07] <mup> Issue snapcraft#1733 opened: Apply guidelines from design to error messages with commands that fix <Created by sergiusens> <https://github.com/snapcore/snapcraft/issue/1733>
[16:15] <zyga-ubu1tu> ok, now debian tests will probably all fail, I'll work on a PR to update them
[16:15]  * zyga-ubu1tu tries
[16:19] <pedronis> mvo: we haven't released 2.29 to stable right?
[16:23] <cachio> pedronis, no yet
[16:23] <mvo> pedronis: no, still waiting for CE for the final test-ok
[16:23] <mvo> pedronis: why? any last minute issues?
[16:23] <pedronis> mvo: there are store issues
[16:26] <mvo> pedronis: store issues because of overload?
[16:26] <mvo> pedronis: that is a good point actually, I need to tell the store about the immanent release. but if you say there are issues we should hold back with the release (cc cachio )
[16:27] <pedronis> https://forum.snapcraft.io/t/snap-store-apis-outage/2832
[16:27] <cachio> mvo, pedronis sure
[16:28] <cachio> pedronis, is there any test that we can do
[16:28] <pedronis> no, but yes, don't think it makes or is sensible to release until the store is back to normal
[16:29] <cachio> pedronis,  ok
[16:30] <zyga-ubu1tu> yeah, store is down for me too :?
[16:30] <zyga-ubu1tu> I guess time to focus on something else
[16:30] <zyga-ubu1tu> some new code :)
[16:33] <mvo> heh, and I was thinking my fakestore refactor was broken
[16:34] <ppisati> https://travis-ci.org/snapcore/snapcraft/jobs/301966989
[16:34] <zyga-ubu1tu> mvo: I guess someone's feet are burning today
[16:34] <zyga-ubu1tu> mvo: but not ours (this time)
[16:35] <ppisati> this unit test fails when checking CLA check
[16:35] <ppisati> do anyone know why?
[16:35] <mvo> zyga-ubu1tu: maybe ours, if our client code goes crazy
[16:35] <zyga-ubu1tu> mvo: interesting, yes, let's see what happens
[16:38] <mup> PR snapd#4214 opened: fakestore: add go-flags to prepare for `new-snap-declaration` cmd <Created by mvo5> <https://github.com/snapcore/snapd/pull/4214>
[16:40] <ppisati> kalikiana: ^
[16:40] <ppisati> kyrofa: ^
[16:40] <ppisati> not sure who is the most appropiate guy fo this kind of stuff
[16:44] <ogra_> ppisati, i'd interpret that as 'marius@ubports.com' has not signed the CLA (though it is weird that it doesnt say that and just dies quietly)
[16:46] <ogra_> i'm pretty sure he has signed (he contributed a lot to phone code before he started ubports) it but most likely not under this email address
[16:46] <ppisati> ogra_: yep, but why it's failing in my test? if he didn't sign the CLA, his commits shouldn't be part of snapcraft at all - my branch is based off origin/master + my own commits
[16:46] <ogra_> yeah
[16:46] <ogra_> elopio, ^^^ any idea ?
[16:47]  * ogra_ wonders if the snapcraft team is on a team excursion today :P
[16:48] <ogra_> hiking and picnic ...
[16:48] <sergiusens> ogra_ what's up? just got out of our team meeting
[16:48] <ppisati> sergiusens: this failure - https://travis-ci.org/snapcore/snapcraft/jobs/301966989
[16:48] <ogra_> :)
[16:49] <sergiusens> ogra_ ppisati that happens on merge instead of rebase with our CLA checker tool, as the "squash and merge" functionality sets the email to the one set on github
[16:50] <ppisati> sergiusens: ok, how do i fix it?
[16:54] <ogra_> ppisati, obviously with a lot of patience :)
[16:57] <zyga-ubu1tu> my tweet was liked/retweeted by @systemdsucks and I have lots of notifications all the time
[17:01] <kyrofa> ogra_, team meeting this morning, took a little while. So you're not far off! Hahaha
[17:01] <ogra_> haha
[17:02] <kalikiana>  :-D
[17:04] <davidcalle> elopio: kyrofa: hola, I'm looking for fresh pair of eyes on a new snap tutorial, are you interested? hhttps://github.com/canonical-websites/tutorials.ubuntu.com/pull/412
[17:04] <kyrofa> sergiusens, is this the only store API doc we have? http://search.apps.ubuntu.com/docs/
[17:04] <kyrofa> It doesn't seem to cover snap uploads, for example
[17:04] <kyrofa> davidcalle, sure!
[17:05] <kyrofa> Let me get a few reviews out of the way here, first
[17:12] <mup> PR snapd#4215 opened: Fix path in snap install <Created by asalminen> <https://github.com/snapcore/snapd/pull/4215>
[17:12] <CoderEurope> davidcalle: wat am I looking at ?
[17:13] <CoderEurope> davidcalle: Iam here - http://tutorials.ubuntu.com-pr-412.run.demo.haus  Wat tutorial is it ?
[17:14] <pedronis> kyrofa: there is this https://dashboard.snapcraft.io/docs/api/snap.html
[17:14] <mup> PR snapcraft#1734 opened: recording: don't log the command when image info fails <Created by elopio> <https://github.com/snapcore/snapcraft/pull/1734>
[17:14] <kyrofa> Thanks pedronis!
[17:15] <pedronis> I'm not sure how up to date it is though
[17:15] <davidcalle> CoderEurope: it's in the PR description: http://tutorials.ubuntu.com-pr-412.run.demo.haus/tutorial/snap-a-website
[17:15] <mup> PR snapd#4154 closed: overlord/snapstate: support completion for command aliases <Created by chipaca> <Merged by chipaca> <https://github.com/snapcore/snapd/pull/4154>
[17:16] <davidcalle> CoderEurope: thanks for having a look!
[17:17] <CoderEurope> davidcalle: its says some basic command line know-how --- do you want me to PM you about sugestions ?
[17:18] <davidcalle> CoderEurope: feel free to leave feedback directly on the PR
[17:19] <CoderEurope> davidcalle: I have never done that before - is the PR just meanings That I need a github account ?
[17:19] <CoderEurope> & whois caldav ?
[17:19] <davidcalle> CoderEurope: yes, once you have an account, you can leave comments there: hhttps://github.com/canonical-websites/tutorials.ubuntu.com/pull/412
[17:20] <davidcalle> That's me
[17:20] <CoderEurope> k
[17:28] <CoderEurope> it just says I cannot comment at this time.
[17:29] <kyrofa> snappy-m-o, autopkgtest 1717 xenial:armhf
[17:29] <snappy-m-o> kyrofa: I've just triggered your test.
[17:34] <sergiusens> kyrofa why again?
[17:34] <kyrofa> sergiusens, it hasn't run without them timing out yet
[17:35] <kyrofa> sergiusens, it's not enough now that you reminded me that it doesn't actually run the snaps, so I'm also running xenial:amd64 locally
[17:36] <kyrofa> sergiusens, the next one doesn't need arm, though
[17:40] <sergiusens> kyrofa but you retriggered an armhf test
[17:40] <sergiusens> should be arm64
[17:42] <CoderEurope> davidcalle: ^
[17:43] <CoderEurope> nothing, http://paste.ubuntu.com/25962234/
[17:56] <kyrofa> sergiusens, does arm64 run snaps?
[18:00] <sergiusens> kyrofa yes
[18:01] <kyrofa> Darn, I misunderstood
[18:01] <kyrofa> snappy-m-o, autopkgtest 1717 xenial:arm64
[18:01] <snappy-m-o> kyrofa: I've just triggered your test.
[18:01] <sergiusens> kyrofa btw, what you just did was cancel the armhf test I had triggered around 6am my time as armhf is what I had triggered
[18:02] <sergiusens> kyrofa did you check why it failed?
[18:02] <kyrofa> sergiusens, oh! No, I just assumed it was failed from the previous run, ugh
[18:07] <kyrofa> sergiusens, elopio this is the regression to which you were referring this morning, I assume? https://pastebin.ubuntu.com/25962350/
[18:17] <zyga> re
[18:17] <zyga> (dinner done)
[18:22] <kalikiana> kyrofa: there's an extra "." there it seems
[18:23] <kyrofa> kalikiana, right
[18:23] <kyrofa> Or not enough, depending on your frame of reference
[18:24] <kyrofa> Just wondering if I should fix it or if that's what's elopio is working on
[18:25]  * kalikiana wondering to have dinner now, it's been a long day
[18:30] <elopio> davidcalle: great! I'm adding it to my todo.
[18:31] <elopio> davidcalle: great! I'm adding it to my todo.
[18:31] <elopio> davidcalle: great! I'm adding it to my todo.
[18:31] <elopio> davidcalle: great! I'm adding it to my todo.
[18:31] <elopio> davidcalle: great! I'm adding it to my todo.
[18:31] <elopio> upps, sorry David!
[18:31] <elopio> kyrofa: yes, there's already a pr ready for review.
[18:32] <kyrofa> elopio, ah ha! Okay very good, I see it now
[18:34] <sergiusens> elopio do not take it out on the wrong person 😂
[18:35] <sergiusens> kyrofa, yeah, I had rebased your branch as it was conflicting with the timeout one
[18:36] <sergiusens> kyrofa ask elopio I'd there is a way to retrieve the previous run. Should be confidence enough
[18:37] <kyrofa> elopio, yeah, do you know if it's possible to see the previous adt run of a PR?
[18:42] <elopio> kyrofa: Not really. Sometimes you can click the red/green button in github, and the link will be there. But not always, not sure why. The index has all the results, but it's hard to tell which corresponds to the PR. My script in progress might help.
[18:42] <elopio> https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-artful-snappy-dev-snapcraft-daily
[18:43] <kyrofa> Hey zyga you mentioned that you might have more lxd info today?
[18:43] <elopio> the index ^
[18:48] <kyrofa> Haha, that is hilariously unparsable
[18:49] <zyga> kyrofa: yes, good progress just stalled with some random (other) issues
[18:49] <kyrofa> zyga, so the new solution is looking promising?
[18:49] <zyga> kyrofa: yeah, it's just *annoying*
[18:50] <zyga> kyrofa: the hardest one I thought of
[18:50] <zyga> kyrofa: but doable
[18:50] <zyga> kyrofa: so +1 :)
[18:50] <kyrofa> Haha, isn't that always the case
[18:50] <zyga> kyrofa: I need to unbreak debian first and then I can try to wrap that up
[18:50] <kyrofa> Good deal, thanks
[18:50] <zyga> kyrofa: yes, reality is fantastic at correcting assumptions
[19:43] <sergiusens> elopio snapcraft#1734 failed
[19:43] <mup> PR snapcraft#1734: recording: don't log the command when image info fails <Created by elopio> <https://github.com/snapcore/snapcraft/pull/1734>
[19:45] <ikey> should i wait for new snapd to be released with my changes before uploading my snaps to store?
[19:45] <sergiusens> elopio retriggered the one failing test
[19:45]  * ikey wonders if the snap yaml supports: assumes [works-for-me]
[19:45] <sergiusens> ikey are you using assumes? If so I'd guess not... or maybe leave them on edge
[19:45] <sergiusens> lol
[19:46] <ikey> oh id only have them in edge
[19:46] <ikey> and atm i have assumes on 2.29.2
[19:46] <sergiusens> ikey then it probably is fine
[19:46] <ikey> the problem im having is testing
[19:46] <ikey> each time i have to remove the snap and reinstalla
[19:46] <ikey> and it nukes my data
[19:46] <ikey> i did also figure out that i shouldnt be using SNAP_USER_DATA
[19:46] <ikey> and switched to SNAP_USER_COMMON
[19:47] <ikey> dont really want gigabytes of data being transferred on update
[19:47] <sergiusens> good call
[19:47] <ikey> it still has nasty $SNAP_USER_COMMON/.local/share but meh
[19:47] <ikey> the LSI snap exists only to support steam
[19:48] <ikey> and steam.sh looks for XDG_CONFIG_HOME/XDG_DATA_HOME/etc
[19:51] <sergiusens> is that because that is the default path to install steam games?
[19:51] <ikey> yeah
[19:51] <ikey> ~/.local/share/Steam
[19:51] <ikey> or $XDG_DATA_HOME/.local/share/Steam
[19:51] <elopio> sergiusens: thanks
[19:51] <ikey> so im overriding the environment to suit
[19:52] <ikey> shim has a magical shim_init_user function: https://github.com/solus-project/linux-steam-integration/blob/master/src/shim/shim.c#L114
[19:52] <ikey> we call it further down in shim_export_extra
[19:52] <ikey> passing it the value of SNAP_USER_COMMON
[19:53] <ikey> its uh, pretty comprehensive.
[19:53] <ikey> also meant i was able to "avoid" having a shell script entry point
[20:17] <kyrofa> sergiusens, elopio what on earth is this? Failure on arm64: https://pastebin.ubuntu.com/25962979/
[20:17] <kyrofa> Oh, looks like a warning is leaking
[20:17] <kyrofa> That weird ResourceWarning
[20:19] <elopio> kyrofa: I couldn't understand that open socket, so reported this https://github.com/msabramo/requests-unixsocket/issues/36
[20:19] <elopio> but no reply :(
[20:19] <kyrofa> elopio, yeah I've tried looking into the code as well, which seems just fine. I never see that warning in prod, so something is weird in adt
[20:20] <kyrofa> elopio, oh dang, you can reproduce?! Nice
[20:20] <elopio> I learned that the tests set that default warning filter. We could remove that as an ugly workaround
[20:22] <kyrofa> elopio, do we need to dig into the unixsocket code? Although even if we propose a PR I don't have confidence it'll be noticed at this point
[20:22] <kyrofa> This thing looks pretty much orphaned
[20:23] <kyrofa> elopio, think that will go away if I re-run?
[20:24] <elopio> kyrofa: yes, most certainly. And maybe it will also go away with your pr to reset the log.
[20:24] <kyrofa> Okay, I'll re-run, and also propose that PR
[20:24] <elopio> I'm fine ignoring it for 2.35.
[20:24] <kyrofa> Alright
[20:25] <kyrofa> snappy-m-o, autopkgtest 1717 xenial:arm64
[20:25] <snappy-m-o> kyrofa: I've just triggered your test.
[20:32] <mup> PR snapd#4216 opened: interfaces/time*_control: explicitly deny noisy read on /proc/1/environ <Created by jdstrand> <https://github.com/snapcore/snapd/pull/4216>
[20:35] <sergiusens> kyrofa why?
[20:38] <kyrofa> sergiusens, it failed with a log leak error before it could even build the deb
[20:39] <kyrofa> sergiusens, I'm rerunning since those are typically flaky, and also testing the PR I'm about to propose to fix
[20:40] <sergiusens> kyrofa so it looks like a release is not happening today either...
[20:41] <kyrofa> sergiusens, I'm still hoping, but given how long these tests take...
[20:43] <kyrofa> sergiusens, for what it's worth, I got a successful xenial:amd64 run locally on that one
[20:44] <kyrofa> And that PR doesn't _explicitly_ touch multi-arch bits
[20:44] <kyrofa> Depends on how risk-adverse you're feeling
[20:45] <kyrofa> How odd. sergiusens setting the log level at the beginning of the test instead of resetting it in cleanup actually doubles up the prints when it comes to tests/test_log.py
[20:47] <kyrofa> It seems doing it in cleanup is the only thing that works consistently
[20:55] <sergiusens> kyrofa something like snapcraft/internal/remote_parts.py:logging.getLogger("urllib3").setLevel(logging.CRITICAL) (which is manifestation of what we discussed yesterday)
[20:57] <kyrofa> sergiusens, oh interesting. We should be going that in the log module alongside requests
[20:59] <sergiusens> kyrofa this is only needed because we are doing things wrong
[20:59] <elopio> snappy-m-o github subscribe 1734
[20:59] <snappy-m-o> elopio: I'll send you a message if a test fails in the pull request #1734 (recording: don't log the command when image info fails).
[20:59] <mup> PR #1734: boot: add missing udevadm mock to fix FTBFS <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/1734>
[21:00] <kyrofa> Yeah we need to fix
[21:00] <ikey> can someone help me review my yamls before i get them ready for store upload pls? :3
[21:01] <ikey> pure meta, no build instructions
[21:03] <mup> PR snapd#4217 opened: interfaces/browser-support: add shm path for nwjs <Created by jdstrand> <https://github.com/snapcore/snapd/pull/4217>
[21:20] <kyrofa> sergiusens, do you want me to propose this cleanup log reset thing?
[21:21] <kyrofa> I'd rather not see more test failures because of this
[21:21] <sergiusens> kyrofa if you have the time, yes
[21:22] <sergiusens> ikey review in what sense?
[21:22] <ikey> check for jankiness
[21:23] <sergiusens> jdstrand is crt available as a snap so that ikey could validate his snaps?
[21:24] <mup> PR snapcraft#1735 opened: unit tests: reset log level after test <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1735>
[21:27] <kyrofa> sergiusens, sure, it was already done ^ . Running adt xenial:amd64 locally on it now
[21:28] <elopio> sergiusens: all green.
[21:28] <kyrofa> Though I'm not sure I even need to do the whole thing given that it's only units
[21:28] <kyrofa> (units have already passed)
[21:29] <kyrofa> snappy-m-o, subscribe github 1717
[21:29] <snappy-m-o> Command "," / ", subscribe" not found.
[21:29] <snappy-m-o>  Did you mean "/snappy-m-o github subscribe" ?
[21:29] <kyrofa> snappy-m-o, well look at you being so helpful!
[21:29] <snappy-m-o> Command "," / ", well" not found.
[21:29] <kyrofa> snappy-m-o, github subscribe 1717
[21:29] <snappy-m-o> kyrofa: I'll send you a message if a test fails in the pull request #1717 (catkin plugin: check for pip packages in part only).
[21:29] <mup> PR #1717: daemon,overlord: add subcommand handling to snapctl <Created by kyrofa> <Closed by kyrofa> <https://github.com/snapcore/snapd/pull/1717>
[21:29] <kyrofa> Wow, what's the changes both PRs would be by me
[21:30] <kyrofa> Uh. Chances
[21:35] <kyrofa> sergiusens, uh oh. Ever tried the asciinema snap on trusty?
[21:35] <kyrofa> I can't upload :P
[21:35] <kyrofa> Thankfully it captured. Guess I'll just scp it over
[21:42] <sergiusens> kyrofa from the snap? you need my version which has the compiled python
[21:43] <kyrofa> sergiusens, I don't see one from you in snap find. Is it stable?
[21:43] <sergiusens> kyrofa oh, I don't have it pushed even
[21:43] <kyrofa> Hahaha
[21:44] <kyrofa> You should make a PR for sabdfl
[21:44] <sergiusens> I don't know where that code is, and I'd rather have it as the experiment snap to test out the classic stuff
[21:54] <mup> PR snapd#4211 closed: tests: adding tests for time*-control interfaces <Created by sergiocazzolato> <Closed by sergiocazzolato> <https://github.com/snapcore/snapd/pull/4211>
[21:54] <mup> PR snapd#4218 opened: tests: adding tests for time*-control interfaces <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/4218>
[21:56] <sergiusens> elopio I have a question on your PR
[22:20] <sergiusens> kyrofa do you think my question on snapcraft#1734 is a concern?
[22:20] <mup> PR snapcraft#1734: recording: don't log the command when image info fails <Created by elopio> <https://github.com/snapcore/snapcraft/pull/1734>
[22:22] <kyrofa> sergiusens, it's a good question, but I feel like elopio answered it, no?
[22:23] <sergiusens> kyrofa ah, I hadn't seen the reply; still would like to see some corroborration
[22:24] <kyrofa> Gah, thunderbird sucks. It doesn't upload my folders
[22:24] <kyrofa> I didn't see that he answered my question either
[22:24] <kyrofa> s/upload/update/
[22:28]  * ikey adds handy debug tools to lsi..
[22:28] <ikey> https://ibin.co/3hJKqbCtvh86.png ^^
[22:30] <mup> PR snapcraft#1736 opened: recording: pass the build info flag to the container <Created by elopio> <https://github.com/snapcore/snapcraft/pull/1736>
[22:31] <elopio> sergiusens: kyrofa: I found a recording bug ^
[22:32] <kyrofa> elopio, ah, good catch
[22:32] <kyrofa> elopio, is that required for this release, though?
[22:32] <kyrofa> Seems like an issue we've probably had for a while
[22:33] <mup> PR snapcraft#1734 closed: recording: don't log the command when image info fails <Created by elopio> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1734>
[22:34] <sergiusens> snappy-m-o autopkgtest 1732 artful:amd64
[22:34] <snappy-m-o> sergiusens: I've just triggered your test.
[22:36] <sergiusens> elopio kyrofa I am fine with snapcraft#1736
[22:36] <mup> PR snapcraft#1736: recording: pass the build info flag to the container <Created by elopio> <https://github.com/snapcore/snapcraft/pull/1736>
[22:36] <sergiusens> sort of needed to show off the feature neatly
[22:37] <kyrofa> Alright
[22:38] <sergiusens> kyrofa stop living in the past, go in all webapps 💩
[22:38] <kyrofa> sergiusens, hahaha
[22:40] <elopio> kyrofa: sergiusens: the past is the new future! Use mutt
[22:41] <sergiusens> elopio can you open calendar invites there?
[22:41] <sergiusens> everything is so embedded with "the web" these days that it is hard to use something that doesn't support it
[22:41] <kyrofa> Apparently it's just too much to ask for decent system integration
[22:43] <elopio> I would love to use a text browser. But I always give up too soon.
[22:44] <elopio> sergiusens: I copy the calendar link from mutt to firefox
[22:45] <elopio> but I haven't been able to configure gmail there. I need to get back to bother m vo.
[22:47] <elopio> ok, I will have lunch while my new branch is green, then come back to continue recording with asciinema
[22:47] <sergiusens> elopio cannot do much in text browsers theses days
[22:48] <ikey> how do i go about signing a snap?
[22:54] <sergiusens> ikey https://forum.snapcraft.io/t/isv-questions-about-signing-a-snap/2546
[22:56] <ikey> sign-build doesn't work
[22:56] <ikey> does it?
[22:56] <ikey> Native builds aren't supported on Solus. You can however use 'snapcraft cleanbuild' with a container.
[22:56] <ikey> nay
[22:57] <sergiusens> ikey once you have the snap, you should be able to `snapcraft sign-build`, it should work and if it doesn't we can make it work
[22:57] <sergiusens> btw, you read fast
[22:57] <ikey> lol
[22:57] <ikey> yeah i mean the main thing is i just wanna sign the snaps but i have my whole ugly manual build process
[22:57] <sergiusens> snapcraft sign-build <snap-file> given all the keys are in place should be doable
[22:57] <ikey> (its hella inefficient and i need to fix that)
[22:57] <ikey> yea
[22:57] <ikey> so i assume i have to create keys via the API only
[22:58] <ikey> not my own local keys
[22:58] <ikey> so they're registered in some fashion
[22:58] <sergiusens> ikey internally they are just gpg keys, but I think the system is very strict on poor keys (not saying yours are); you might get away with using your current keys by means of symlinking the directory the snap command looks for
[22:59] <ikey> ah ok
[22:59] <sergiusens> ikey yes, snapcraft register-key pushes it to some vault on the store for corroboration
[22:59] <sergiusens> ikey I am being vague on the store side, and keys for that matter, as this is not my best area of expertise
[22:59] <ikey> sub   rsa4096 2016-02-22 [E] [expires: 2018-02-21]
[22:59] <ikey> lol
[23:00] <sergiusens> also, once you sign snaps, I don't think you can go back to unsigned ones
[23:01] <sergiusens> cprov care to expand on my ignorant comments? ^
[23:01] <ikey> gotcha
[23:01] <ikey> fwiw in the initial stages we've no need to sign them
[23:01] <ikey> as they'll be in the store on --edge only
[23:01] <sergiusens> ikey fwiw, help for snapcraft says: `Usage: snapcraft sign-build [OPTIONS] <snap-file>`
[23:01] <ikey> oh do i need to explicitly set grade/confinement to edge/devmode for now?
[23:02] <ikey> gotcha
[23:02] <ikey> er grade devel
[23:02] <ikey> even
[23:02] <cprov> sergiusens: what you say is true, once signed there is no reason to pull it back
[23:02] <sergiusens> ikey no, no need; but if it requires devmode I would and if you do not want to accidentally have that same snap build make it to candidate or stable then set grade to devel
[23:03] <ikey> yea
[23:03] <ikey> ty
[23:03]  * ikey was worried about that
[23:03] <ikey> do base snaps have confinement..?
[23:03] <cprov> the key might be revoked or expired and the signature won't be valid anymore
[23:04] <ikey> ack
[23:05]  * ikey is muchly looking forward to having snap updates instead of doing the whole reinstall doflicky
[23:05] <cprov> sergiusens: "once you sign snaps, I don't think you can go back to unsigned ones", not true thou, there is nothing enforcing snaps to continue to be signed. 'snap-build' is per-snap-revision
[23:06] <sergiusens> cprov wait I am confused, it seems you said the opposite just above :-P
[23:07] <cprov> sergiusens: the scope is the snap revision, once signed it cannot be unsigned (mainly because a snap revision is immutable)
[23:08] <cprov> sergiusens: in terms of workflow, subsequent revisions can be either signed or unsigned, there is nothing enforcing "signed from now on" (or anything similar)
[23:08] <cprov> there are proposals like https://forum.snapcraft.io/t/isv-questions-about-signing-a-snap/2546
[23:08] <cprov> sergiusens: un-confused ?
[23:10] <cprov> sergiusens: and yes, I've misinterpreted your comment at first, sorry.
[23:10] <sergiusens> no worries
[23:10] <sergiusens> all good
[23:11] <sergiusens> ikey wrt base snaps, if they have no apps entries in snap.yaml there is no reason for them to be confined, essentially what ends up being confined is what is under `apps`, so the "users" of the base snap will drive the confinement
[23:11] <cprov> sergiusens: 👍
[23:12] <sergiusens> that said, I am not authoritative on this matter either, just using my spider senses
[23:12] <ikey> sergiusens, ack :]
[23:12] <sergiusens> elopio please make sure snapcraft#1736 is bullet proof
[23:12] <mup> PR snapcraft#1736: recording: pass the build info flag to the container <Created by elopio> <https://github.com/snapcore/snapcraft/pull/1736>
[23:13] <sergiusens> it looks like it is, but we have been fooled before
[23:14] <elopio> I tested it to confirm the fix. It's no different than the existing var, so I see no room for failure.
[23:15] <elopio> But, I appreciate thorough reviews.