[00:23] <mup> PR snapd#4471 closed: cmd/snap-update-ns: refactor and improve Change.Perform to handle EROFS <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/4471>
[00:32] <mup> PR snapcraft#1897 closed: docker: user proper tags in Readme.md <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1897>
[00:50] <mup> PR snapcraft#1898 opened: docker: don't rely on snapcraft-classic <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1898>
[00:53] <zyga> kyrofa: the fixes are merged, please try edge and report any weird stuff
[00:53] <zyga> kyrofa: rc2 tomorrow
[00:53] <zyga> kyrofa: (early morning)
[00:53] <zyga> so you can be on beta to see it
[00:57] <mup> PR snapd#4561 closed: tests: generic detection of gadget and kernel snaps <Created by plars> <Merged by zyga> <https://github.com/snapcore/snapd/pull/4561>
[00:58] <kyrofa> zyga, you got it, thanks man :)
[00:59] <kyrofa> Yeah looks like RC1 now, when I see RC2 I'll give it a shot
[01:04] <zyga> kyrofa: tomorrow morning
[01:04] <zyga> I'm baby sitting the last PR
[01:05] <mup> PR snapd#4559 closed: snap-confine/nvidia: Support legacy biarch trees for GLVND systems <Created by ikeydoherty> <Merged by zyga> <https://github.com/snapcore/snapd/pull/4559>
[01:49] <mup> PR snapd#4342 closed: userd: add support for a simple UI that can be used from userd <Created by mvo5> <Merged by zyga> <https://github.com/snapcore/snapd/pull/4342>
[01:52] <mwhudson> i wonder what's going on here https://launchpadlibrarian.net/355232767/buildlog_snap_ubuntu_xenial_armhf_go-tip_BUILDING.txt.gz
[01:52] <mwhudson> i bet it's made an arm64 binary for some reason
[02:00] <zyga> mwhudson: hey
[02:00] <mup> PR snapcraft#1898 closed: docker: don't rely on snapcraft-classic <bug> <Created by kyrofa> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1898>
[02:00] <mwhudson> zyga: hello
[02:00] <zyga> exec format error, never saw that one
[02:00] <zyga> yeah, feels like wrong arch
[02:00] <zyga> (but how?)
[02:00] <mwhudson> no idea
[02:00] <zyga> mwhudson: offtopic, can you please look at https://bugs.launchpad.net/snapd/+bug/1745584 - maybe it's just a missing policykit file in packaging?
[02:00] <mup> Bug #1745584: pkexec dialog doesn't appear for 'snap install' on Debian <snapd:New> <https://launchpad.net/bugs/1745584>
[02:01]  * zyga should go to sleep 
[02:02] <mwhudson> zyga: mmm could be
[02:02] <Son_Goku> mwhudson, i dunno, it doesn't work in centos even with the polkit file installed
[02:03] <mwhudson> yeah, looks like the polkit file is installed in debian too
[02:03] <mwhudson> data/polkit/io.snapcraft.snapd.policy /usr/share/polkit-1/actions/
[02:03] <Son_Goku> same goes for Fedora
[02:03] <Son_Goku> I've been installing it for a while, no effect
[02:04] <Son_Goku> mwhudson: wait, this bug is about "snap install"?
[02:04] <Son_Goku> snap install doesn't query polkit at all
[02:04] <Son_Goku> like, zilch
[02:04] <Son_Goku> only GNOME Software does
[02:04] <Son_Goku> if that's supposed to work with "snap install" too, then this is horrifically broken
[02:07] <kyrofa> Hey tyhicks, if you're around, what is the status of using errno instead of kill for seccomp denials?
[02:07] <Son_Goku> mwhudson: https://src.fedoraproject.org/rpms/snapd/c/98b119302ae0d8d502f20877e0ecbf76a64ac1c9
[02:07] <Son_Goku> yeah, I've been installing it and it doesn't have effect :/
[02:09] <tyhicks> kyrofa: hey - it sounds like it is stuck waiting for a libseccomp-golang release and for other distros to include that release :(
[02:09] <tyhicks> kyrofa: https://github.com/snapcore/snapd/pull/3998/#issuecomment-358028579
[02:10] <mup> PR #3998: snap-confine, snap-seccomp: utilize new seccomp logging features <Decaying> <Created by tyhicks> <https://github.com/snapcore/snapd/pull/3998>
[02:10] <tyhicks> kyrofa: I haven't had a chance to look into falling back to KILL if the available libseccomp-golang isn't new enough
[02:10] <tyhicks> all underlying work upstream and in Ubuntu is done
[02:11] <kyrofa> tyhicks, excellent, thank you very much :)
[02:11] <tyhicks> no problem
[02:12] <tyhicks> I wish it was already working but there were a lot of moving parts
[02:12] <kyrofa> Oh totally, glad to see it moving along though
[02:13] <kyrofa> We were just chatting about it at the sprint and none of us knew where the work stood. So now we do!
[02:22] <Son_Goku> kyrofa: either you or zyga could poke the maintainers of libseccomp and golang-github-seccomp-libseccomp-golang about backporting these things to current Fedora releases if it's ready to go
[02:22] <Son_Goku> (since both of you have FAS accounts, you're also able to do PRs against the packaging repos for both of these
[02:22] <Son_Goku> )
[03:00] <mup> PR snapcraft#1899 opened: elf: readelf dependency <bug> <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/1899>
[06:15] <mborzecki> morning
[06:52] <Chipaca> mborzecki: morning
[06:52] <mborzecki> Chipaca: hey
[07:57] <mborzecki> Chipaca: sorry :)
[07:59] <zyga> o/
[07:59] <zyga> drat
[07:59] <zyga> I wanted to sleep
[08:00] <Chipaca> mborzecki: :-)
[08:00] <mborzecki> Chipaca: fwiw will looking at ProcessState be enough?
[08:00] <zyga> last night tests were utterly broken on networking
[08:01] <zyga> let's see how if today they fare better
[08:01] <Chipaca> mborzecki: not really, i think using a flag variable is the only way
[08:02] <Chipaca> mborzecki: the command just knows it was killed, not by whom
[08:02] <mborzecki> Chipaca: right
[08:02] <mborzecki> Chipaca: otoh maybe it's not worth it, unless the caller does something silly with the error the way it's now should be fine
[08:03]  * zyga has zero PRs open, that's ... new
[08:04] <Chipaca> mborzecki: that was what I thought when I wrote it, but then I thought maybe we want to behave differently if the Run error is context.Canceled
[08:04] <mborzecki> Chipaca: imo adding a comment instead of a flag will be ok too :)
[08:04] <pstolowski> good morning
[08:04] <zyga> hey paweł!
[08:04] <mborzecki> zyga: pstolowski: morning
[08:05] <doko> https://launchpad.net/ubuntu/+source/snapd/2.30+18.04 ftbfs on most archs
[08:08] <Chipaca> mborzecki: it'd look like https://pastebin.ubuntu.com/26493696/
[08:08] <zyga> doko: thank you for the heads up, we'll look into it
[08:11] <kalikiana> mornin'
[08:11] <zyga> hey kalikiana
[08:12] <doko> zyga: now given back. but seriously, hit the uploader for each day and one arch that this wasn't given back ...
[08:17] <mborzecki> Chipaca: right, so there's still a race but at least you'll get ctx.Err() if cancel was called or timeout was hit
[08:18] <Chipaca> mborzecki: I _could_ check that if the flag is set, the exec error looks like a 'killed' error
[08:18]  * Chipaca bbiab
[09:00] <mup> PR snapd#4570 opened: release: snapd 2.31~rc2 <Created by mvo5> <https://github.com/snapcore/snapd/pull/4570>
[09:40]  * Chipaca grins as he writes TestRunRace
[09:41] <pedronis> mvo: Chipaca: hi, what's the status of #4459
[09:41] <mup> PR #4459: snap: add support for `snap advise-snap pkgName` <Created by mvo5> <https://github.com/snapcore/snapd/pull/4459>
[09:41] <Chipaca> pedronis: what do you mean?
[09:42]  * Chipaca looks
[09:42] <pedronis> it seems to be sitting there
[09:42] <pedronis> since a while
[09:42] <pedronis> but is not blocked
[09:42] <Chipaca> huh, i thought this was merged
[09:42] <pedronis> see
[09:43] <Chipaca> pedronis: the status is it only has one +1
[09:43] <mvo> Chipaca, pedronis I think it should get a ack/nack from gustavo
[09:43] <Chipaca> i guess :-)
[09:43] <pedronis> mvo: it was not marked as such though
[09:43] <pedronis> I suppose I cand do that
[09:44] <mvo> Chipaca, pedronis it might be considered as redundant functionality. thanks, if you mark it that would be great, otherwise I will do it
[09:44] <pedronis> mvo: I requested a Gustavo reivew on it
[09:44] <Chipaca> mvo: redundant with what?
[09:44] <pedronis> probably needs a poke also
[09:46] <mvo> Chipaca: redundant with snap advice-snap --comand
[09:47] <mvo> Chipaca: oh, hold on a sec
[09:47] <mvo> Chipaca: I'm looking at the wrong PR, I think this one is uncontroversial mostly
[09:47] <pedronis> heh
[09:47] <pedronis> too many PRs
[09:47] <mvo> sorry, I was looking at the `snap run` one that advises on available commands
[09:47] <mvo> pedronis: yes :(
[09:48] <pedronis> mvo: I still recommend(very gently) trying to be a bit more agressive about closing PRs, otherwise it gets confusing
[09:48] <mvo> pedronis: agreed, let me start right now!
[09:49] <pedronis> close as in get merged or close as in close, whatever makes sense
[09:49] <mup> PR snapd#4424 closed: corecfg: pam_env can only handle 1024 byte <Blocked> <Created by mvo5> <Closed by mvo5> <https://github.com/snapcore/snapd/pull/4424>
[09:49] <pedronis> to be clear
[09:50] <mvo> :+1:
[09:50]  * Chipaca hugs mvo
[09:50] <mup> PR snapd#4477 closed: snapenv: add SNAP_ARCH_TRIPLET <Blocked> <Created by mvo5> <Closed by mvo5> <https://github.com/snapcore/snapd/pull/4477>
[09:52] <zyga> o.
[09:53] <zyga> (which is like o/ but with me being more sleepy)
[09:53] <zyga> mvo: so I woke up at 7 ... and ... yeah
[09:53] <zyga> man
[09:53] <mvo> 4521 needs a second review probably an easy win
[09:53] <Chipaca> zyga: I woke at 4
[09:53] <Chipaca> zyga: neener neener
[09:53] <mvo> zyga: good morning (and you looked at this already)
[09:53] <mvo> zyga: good morning
[09:53] <zyga> haha :)
[09:53] <mvo> zyga: rc2 is branched and uploaded to the ppa, waiting for the build
[09:53] <Chipaca> that's what peeking into scary finances does to you
[09:54] <zyga> excellent
[09:54] <mvo> I wonder if openoffice is building right now, build slots are in short supply it seems :/
[09:54] <zyga> Chipaca: I was merging things at 3am
[09:54] <mvo> Chipaca: :( that sounds scary
[09:55] <Chipaca> zyga: i saw you restarting things at my 1am, so yeah :-)
[09:55] <zyga> Chipaca: yeah, travis and spread didn't love each other last night
[09:56] <mvo> very ironc that 2.31~rc2 is only build on powerpc yet (which used to be one of the slowest arches)
[09:56] <zyga> ;D
[09:56] <Chipaca> mvo: no spectre for ppc
[09:56] <mvo> heh, yeah
[09:56] <mvo> i was wondering if it is build on a 32bit chroot on ppc64el or something, that would also explain it
[09:56] <mvo> anyway
[09:57] <zyga> mvo: someone just pressed the "turbo" button
[09:58] <mvo> haha
[09:59]  * zyga remebmers his 386 now
[10:01]  * Chipaca -> physio
[10:01] <mwhudson> mvo: yes, pretty sure powerpc builds in a chroot on a 64 bit box now
[10:01] <mvo> ha!
[10:01] <mvo> thanks mwhudson
[10:03] <mwhudson> Kernel version: Linux bos02-powerpc-008 4.4.0-103-powerpc64-smp #126-Ubuntu SMP Mon Dec 4 16:57:45 UTC 2017 ppc64
[10:03] <mup> PR #126: Ensure squashfs snaps keep all uid/gid and permissions on build <Created by mvo5> <Merged by zyga> <https://github.com/snapcore/snapd/pull/126>
[10:04] <ogra_> ogra@localhost:~$ htop
[10:04] <ogra_> snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks
[10:04] <ogra_> hmm
[10:04]  * ogra_ reboots the board
[10:04] <zyga> hmmm?
[10:05] <ogra_> edge ... not sure if i tinkered the istall to death here or if there is actually a prob in the core snap from tonight
[10:05] <zyga> ogra_: let me know if it happens, I can look at my boards
[10:05] <mvo> Chipaca: hm, silly question. when we run command-not-found (snap advise-snap --command echo) - should we return test-snapd-tools because we have echo in there as a command? even though its not a toplevel?
[10:07] <zyga> mvo: btw, doko said that snapd 2.30 builds are failing
[10:07] <zyga> 09:05 < doko> https://launchpad.net/ubuntu/+source/snapd/2.30+18.04 ftbfs on
[10:07] <zyga>               most archs
[10:07] <mvo> zyga: checking
[10:08] <Chipaca> mvo: no, i don't think so, not unless it's got an alias
[10:08] <mvo> zyga: fwiw https://launchpad.net/ubuntu/+source/snapd/2.30+18.04 is all green afaict
[10:09] <zyga> indeed
[10:09] <zyga> no idea, not very helpful today
[10:09] <zyga> (yet)
[10:10] <doko> mvo, zyga: yes, given back.  you should not upload and run away, but read your build failure messages
[10:11] <doko> but maybe snaps don't have those anymore ...
[10:12]  * mvo wonders why he did not get those
[10:12] <Chipaca> mborzecki: pushed a tweak to RunWithContext, including a test for the race
[10:13] <Chipaca> and now yes, to physio
[10:15] <mborzecki> Chipaca: thanks, will take a look
[10:17] <mup> PR snapd#4571 opened: data, cmd, packaging: use autotools to generate artifacts under data <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/4571>
[10:17] <mborzecki> zyga: ^^
[10:17] <ogra_> zyga, i had temporary disabled the apparmor init script on that device (because apparmor stalls the boot for ~1min), apparently snapd doesnt create the snap-confine (i think on core it simply should do that)
[10:17] <ogra_> *doesnt create the profile for ...
[10:18] <ogra_> that actually seems the only thing this init script is needed for
[10:19] <zyga> ogra_: it does and that thing you disabled loads it
[10:20] <ogra_> zyga, well, it seems to be the only profile this is needed for ... IMHO snapd could simply invoke the parser directly on core installs
[10:21] <ogra_> core does not have any other profiles outside of snap apps ... where snapd already takes care correctly
[10:21] <zyga> ogra_: it has to be done on boot
[10:21] <zyga> ogra_: by that script
[10:21] <zyga> that script compiles and loads all the profiles (including snapd generated ones)
[10:21] <ogra_> i understand that it has to be done o boot for classic installs ...
[10:21] <zyga> no
[10:21] <zyga> on all installs
[10:22] <zyga> I mean, snapd doesn't handle that at all
[10:22] <ogra_> but on core there is only one profile that gets generated
[10:22] <ogra_> which is the snap-confine one
[10:22] <zyga> no, all the per-snap profiles are handled by that guy
[10:22] <zyga> we could remove it but it's ... already doing it
[10:22] <ogra_> hmm, i dont see it doig that
[10:22] <zyga> and there's no clear reason why that would help
[10:22] <zyga> (look at /var/lib/snapd/apparmor
[10:22] <zyga> that's also loaded by the script
[10:23] <ogra_> well, the profiles are generated during snap install
[10:23] <ogra_> just not for snap-confine
[10:23] <zyga> yes but on reboot they are not loaded
[10:23] <zyga> ogra_: I'm telling you the script does useful work on boot, if we drop that script we have to put some thing on early boot, before _any_ snap can start
[10:24] <zyga> ogra_: I'm not sure that should be snapd; it could be but I don't see a clear advantage
[10:24] <zyga> ogra_: not on boot speed for sure
[10:24] <ogra_> well, thats different to what i see :) but i belive you :)
[10:24] <zyga> ogra_: there's a variable somewhere that makes it look at /var/lib/snapd/apparmor/profiles
[10:24] <zyga> ogra_: we also load profiles on startup if they _changed_
[10:24] <ogra_> (all snaps functioned fine for the last week while the script was off ... only a core refresh made snap-confine fail then)
[10:25] <ogra_> ... but probably the profiles simply never changed in that time despite me randomly installing/removing7refreshing apps
[10:26] <ogra_> anyway, re-enabling the script gets me 3min boots back but also makes snap-confine work again ... so its a user error
[10:26] <zyga> ogra_: how slow is it btw?
[10:26] <cjwatson> Chipaca: ppc does suffer from Spectre, FWIW (maybe not the actual 32-bit-only chips, I'm not sure, but certainly more modern ones)
[10:26] <zyga> maybe there is something wrong?
[10:26] <zyga> cjwatson: hey, I still _run_ one :)
[10:26] <ogra_> zyga, lol ... yes ... thats what i'm trying to find :P
[10:27] <zyga> ogra_: maybe add a echo to the script (or something like that)
[10:27] <zyga> ogra_: so that we know when it starts and when it stops
[10:27] <zyga> ogra_: not sure if that's clearly readable from logs
[10:27] <ogra_> (it is a 200-500MHz 256M ram board ... but 3mins are definitely to long even for that)
[10:27] <zyga> ogra_: so, there's a cache thing there but maybe it's broken and not used
[10:27] <ogra_> systemd-analyze is usually pretty correct in its timings
[10:27] <zyga> ogra_: normally apparmor should read the profile, check with the cache and insert a cached compiled blob if one is recent
[10:28] <ogra_> yeah, the cache is definitely empty on all my boards
[10:28] <zyga> ogra_: otherwise it would compile the profile, which is slow, save the cache and load it in the kernel
[10:28] <ogra_> jamie pointed that out before
[10:28] <zyga> ogra_: not sure how much of that is done in intrd
[10:28] <zyga> ogra_: and how much in early systemd
[10:28] <ogra_> (seems there is some general issue with the cache )
[10:28] <zyga> ogra_: oh?
[10:28] <ogra_> initrd doesnt do any apparmor stuff
[10:28] <ogra_> only the mounting
[10:28] <zyga> there are two cache locations
[10:28] <zyga> for some historic reason AFAIR
[10:28] <zyga> did you check both?
[10:28] <ogra_> well, jamie pointed me to /etc
[10:29] <zyga> look at /var/cache/apparmor
[10:29] <ogra_> and that one is definitely empty on all boards i have
[10:29] <ogra_> yeah, there are files
[10:29] <zyga> see if it makes any difference
[10:29] <zyga> even with a hand watch
[10:29] <zyga> if you remove them
[10:29] <zyga> if so then the cache works
[10:29] <zyga> if not ... well, slow boards are slow
[10:29] <ogra_> well
[10:30] <ogra_> snapd probing mmcblk1rpmb devces for assertions takes quite some time too ;)
[10:30] <ogra_> there are some obvious issues (like this one) ... but they are not enough to get me to a sane boot speed yet
[10:30] <zyga> how much?
[10:31] <ogra_> dunno, several tens of seconds
[10:31] <ogra_> 15-20 i'D say ... thats sadly a service that doesnt log anything ...
[10:31] <zyga> is that blocking boot or does it happen in parallle?
[10:31] <zyga> *parallel
[10:31] <ogra_> (i havent debugged that one yet, its an obvious one)
[10:32] <ogra_> others are 30sec for mounting loop devices
[10:32] <ogra_> thats more worrying
[10:32] <ogra_> console-setup 20sec ... keyboard-setup 15sec ...
[10:33] <ogra_> the device probing is blocking boot
[10:34] <mvo> ogra_: could you run systemd-analyize plot and copy the output somewhere?
[10:35] <ogra_> well, the system is havily modified atm ... i'll do that once i flashed it freshly ... here is a top list of blame though https://paste.ubuntu.com/26494246/
[10:35] <zyga> ogra_: the probing issue
[10:35] <zyga> ogra_: I honestly think it should not be a toggle
[10:35] <zyga> ogra_: but there should be a way to tweak this in the gadget
[10:35] <ogra_> zyga, ?
[10:36] <zyga> ogra_: so that you can use udev tagging to blacklist media
[10:36] <ogra_> ah
[10:36] <ogra_> yeah
[10:36] <zyga> ogra_: so that certain internal devices are just skipped
[10:36] <zyga> ogra_: it's a simple system, extensible to devices and makes sense as a design IMO
[10:36] <ogra_> well, you never ever want to probe mmcblkXrpmb or mmcblkXbootX
[10:37] <zyga> ogra_: I don't think that's true, that's absolute and those rarely turn out true
[10:37] <ogra_> but thats also something systemd needs to learn, not only snapd
[10:37] <mvo> ogra_: thanks, the plot would be nice at some point but not urgent
[10:37] <mup> PR snapd#4572 opened: mir: software clients need access to shared memory /dev/shm/#* <Created by gerboland> <https://github.com/snapcore/snapd/pull/4572>
[10:37] <zyga> ogra_: as long as you can set an attribute that makes it skip probing and you can express that in the gadget it feels sufficient
[10:38] <ogra_> zyga, right ... systemd doesnt have such a flag yet ... which is why i ignored that bit for now for snapd as well
[10:38] <ogra_> i'll get to that later ...
[10:38] <ogra_> thats one of the bits that are understood :)
[10:38] <zyga> ogra_: it's not a systemd flag
[10:38] <zyga> ogra_: it's an udev attribute
[10:38] <ogra_> (i have many in this particular boot process that arent :) )
[10:38] <zyga> ogra_: like MM_SKIP_PROBING (or whatever it was called)
[10:41] <ogra_> zyga, hmm, i only know UDISKS_IGNORE ... but that wouldnt help with systemd fsck or snapd autoimport
[10:41] <zyga> ogra_: fsck I cannot speak of, those are separate issues
[10:41] <zyga> ogra_: but the job that tries to look for assertions is under our control
[10:41] <zyga> ogra_: so it could just skip devics with a given attribute
[10:43] <ogra_> zyga, would be helpful if the autoimport udev rule could mention the variable in the comment somehow ... how would porters know about it ?
[10:44] <ogra_> (without reading snapd's source)
[10:44] <zyga> ogra_: sure that's documentation; I'm describing a feature that doesn't exist
[10:44] <ogra_> oh
[10:44] <zyga> ogra_: it's just something that we would doucment in device maker's book or similar
[10:45] <ogra_> i thought you said there is "MM_SKIP_PROBING"
[10:45] <zyga> ogra_: I'm saying that such an attribute, IMO, makes more sense than a big bool flag for _users_
[10:45] <ogra_> well
[10:45] <zyga> ogra_: that was a reference to existing similar attribute for modem manager and serial ports
[10:45] <ogra_> that flag will only make the udev rule skip
[10:45] <ogra_> it wont prevent the unit fro running
[10:45] <ogra_> *from
[10:46] <zyga> yes but we could make that unit run the prober with a device, so that control is reversed
[10:46] <zyga> systemd picks the devices, prober probes one
[10:46] <ogra_> most customers i worked with til now want that stuff completely off so people cant tinker with USB sticks
[10:46] <zyga> those could then even run faster as they would happen in parllel
[10:46] <zyga> ogra_: that's okay, but it should be a gadget decision, not a toggle for users
[10:46] <ogra_> it simply wastes cycles, even if it is a no-op
[10:47] <ogra_> yeah
[10:47] <ogra_> indeed it should be a gadget thing
[10:47] <ogra_> (like rsyslog or disabling ssh access)
[10:49] <ogra_> though here the issue is more of a subsequent thing ... i want the deices to be hidden completely during boot so fsck will ignore them too ...
[10:50] <ogra_> (autoimport is just the next thing in the chain here ... )
[10:57]  * zyga -> physical activities
[10:57] <zyga> ogra_: I'm so mentally tired I will do some house chores to vent my mind
[10:57] <zyga> ogra_: I agree on fsck
[10:58] <zyga> ogra_: though I would discuss it separately
[11:07] <mvo> cachio: good morning! 2.31~rc2 for armhf/arm64 is ready, the other ones are still building
[11:11] <cachio> mvo, good morning, already downloading images
[11:11] <mvo> cachio: great, I publish the other ones as soon as I can
[11:11] <cachio> mvo, great
[11:17]  * zyga hopes for one smooth release 
[11:17] <mvo> 2.30 was not too bad
[11:18] <zyga> mvo: going out with rc2 would be awesome :)
[11:19] <mvo> cachio: i386/amd64 ready now as well
[11:25]  * zyga refreshes to beta
[11:25] <zyga> mvo: oh
[11:25] <zyga> mvo: we didn't do one thing
[11:26] <zyga> that piece of code that wrote the snap.mount unit (under proper name
[11:26] <zyga> we don't have that
[11:26] <zyga> for reexec
[11:26] <zyga> but I guess it's okay for now, as long as packages are coming out, not a regression in any way
[11:27] <mvo> zyga: yeah, it will only be fixed in lxd hosts with the right snapd version
[11:27] <mvo> zyga: eh deb/rpm
[11:27] <mvo> zyga, pstolowski there is a bugreport that we should document that hooks use dash - I wonder if we should just switch them to bash. wdyt?
[11:28] <ogra_> oh, please dont
[11:28] <mvo> pstolowski: do you think you could check 1745015?
[11:28] <mvo> ogra_: why not?
[11:28] <ogra_> (dealing with a 200MHz 256M single core device here ... such a switch would have some impact)
[11:28] <zyga> mvo: is there any mandate for the hooks to be anything? they are just executables, could be dash, python or elf
[11:29] <ogra_> bash eats about 5Mb while dash lives in the kilobyte range
[11:29] <ogra_> (and used to be massively slower as well, back when debian did the research ... that might have changed since 2007 though)
[11:30] <mvo> zyga: there is no mandate for this
[11:30] <ogra_> mvo, assuming you dont mean live-build hooks here but app hooks
[11:31] <pstolowski> mvo, interesting. will look into 1745015
[11:31] <mvo> ogra_: snap hooks, yes. well, fair enough.
[11:31] <ogra_> mvo, most upcoming ubuntu core customers in the near future will be in a similar HW range, every byte of ram counts here
[11:32] <pstolowski> mvo, I agree with zyga; i think documenting is enough
[11:32] <mvo> pstolowski: ok
[11:32] <ogra_> (and on single core-low-speed cpus also every herz :) )
[11:32] <ogra_> s/herz/hertz/
[11:39] <ogra_> mvo, oh, during my debugging i noticed that "systemctl list-dependencies" on core devices shows quite a bunch of red dots, i wonder if we need to handle some units more gracefully or need to disable them
[11:40] <ogra_> i.e. "systemd-machine-id-commit.service" ... completely useless since we set the machine-id from the initrd ... but it gets run nontheless
[11:41] <ogra_> or systemd-hwdb-update.service ... (the hwdb is readonly)
[11:41] <cjwatson> mvo: I think the thing that bug reporter is missing is that /bin/sh is the default in normal Ubuntu too
[11:41] <cjwatson> mvo: err /bin/sh -> dash
[11:42] <cjwatson> they've obviously just configured it differently
[11:46] <Chipaca> cjwatson: wrt spectre on ppc, I was thinking exclusively of the pre-2006 chips (have there been 32-bit ppc chips since then?)
[11:47] <Chipaca> also I thought powerpc meant 32 bits, and the newer ones were ppc64le or w/e
[11:48] <cjwatson> yeah but you said ppc which is a bit ambiguous
[11:49] <Chipaca> ah, my bad then (i meant powerpc i think)
[11:49] <Chipaca> in my defence my only powerpc machine was a nubus-ppc one
[11:49] <cjwatson> there've certainly been embedded 32-bit chips since then, and e.g. the e600 has out-of-order execution, branch prediction, and such; wouldn't surprise me if you could get something like Spectre to work but I don't know if anyone's bothered
[11:51]  * zyga starts to see the light at the end of the tunnel :)
[11:52] <zyga> my office gets messy quickly
[11:52] <Chipaca> somebody's got to be trying to get spectre to work on a router
[11:52] <Chipaca> mborzecki: you around?
[11:53] <mborzecki> Chipaca: yeah, trying to go through #4551
[11:53] <mup> PR #4551: ifacestate: do not auto-connect manually disconnected interfaces <Created by stolowski> <https://github.com/snapcore/snapd/pull/4551>
[11:53] <Chipaca> mborzecki: just a quick Q: your version of the if in #4569 implies two class assertions, right?
[11:53] <mup> PR #4569: osutil: add ContextWriter and RunWithContext helpers <Created by chipaca> <https://github.com/snapcore/snapd/pull/4569>
[11:54] <mborzecki> Chipaca: sadly yes
[11:54] <Chipaca> ie one to get a ExitError, one to get a WaitStatus; that's why you said more verbose
[11:54] <Chipaca> mborzecki: fair enough. I'll rewrite it that way. i had it like that (except I didn't know about Signal() which makes it more readable, and probably worthwhile)
[11:55] <mborzecki> Chipaca: didn't know about it either, actually read through the exec code in stdlib :)
[11:55] <pstolowski> mborzecki, thanks!
[12:02] <mup> PR snapd#4557 closed: osutil: add DirExists and IsDirNotExist <Created by chipaca> <Merged by chipaca> <https://github.com/snapcore/snapd/pull/4557>
[12:05] <zyga> ok, one last power strip
[12:05] <zyga> and I should be ready
[12:08] <niemeyer> Hey hey
[12:09]  * ogra_ puts a dollar in zyga's waistband for that power strip ...
[12:09] <Chipaca> ogra_: I did _not_ need that image
[12:10] <ogra_> lol
[12:10]  * zyga googles waistband
[12:10] <zyga> oho
[12:10] <zyga> *gulp*
[12:11]  * zyga hugs ogra_ and Chipaca *together*
[12:11] <ogra_> no, no ... we didnt order that lapdance !!!s
[12:11]  * Chipaca steals the dollar and goes to get lunch
[12:12] <zyga> the dollar is actually a beer bottle cap
[12:22]  * zyga looks at unit tests again
[12:32] <Chipaca> zyga: guess lunch is roaches then
[12:32] <zyga> Chipaca: fry slowly
[12:33]  * Chipaca squints at Failed tasks: 1
[12:33] <Chipaca>     - linode:ubuntu-14.04-64:tests/main/server-snap:pythonServer
[12:34] <zyga> what's the failure?
[12:45] <ogra_> oh
[12:45] <ogra_> is bpf a hard kernel requirement nowadays ?
[12:48] <zyga> ogra_: yes, I think so
[12:49] <ogra_> aha
[12:49] <ogra_> ppisati, seems our default configs in the sample kernels do not enforce bpf ^^^
[12:50] <mup> PR snapd#4573 opened: tests: enable content sharing test for $SNAP <Created by zyga> <https://github.com/snapcore/snapd/pull/4573>
[12:53] <zyga> mvo: if this passes please drop it into final release
[12:54] <zyga> I forgot about it yesterday
[12:54]  * zyga is very excited about content sharing getting a huge boost in 2.31
[12:54] <zyga> but first let's drop those unit tests :)
[12:57] <mvo> zyga: which one, 4573?
[12:57] <zyga> yep
[12:57] <zyga> it just enables a test that I wrote ahead of time
[12:57] <zyga> and rigged to skip one case
[12:57] <zyga> now it should all pass
[12:59] <mup> PR snapd#4570 closed: release: snapd 2.31~rc2 <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4570>
[13:02] <mup> PR snapd#4569 closed: osutil: add ContextWriter and RunWithContext helpers <Created by chipaca> <Merged by chipaca> <https://github.com/snapcore/snapd/pull/4569>
[13:21] <ppisati> ogra_: i'm going to add it to the list of configs in the snapcraft/kernel_plugin
[13:24] <zyga> mvo: please merge https://github.com/snapcore/snapd/pull/4573
[13:24] <mup> PR #4573: tests: enable content sharing test for $SNAP <Created by zyga> <https://github.com/snapcore/snapd/pull/4573>
[13:24] <zyga> it's green now
[13:26] <ppisati> ogra_: which BPF options? i guess the BPF_SYSCALL filtering option
[13:27] <ogra_> ppisati, yeah, i guess so ... all i justz noticed is that on a misbehaving device /proc/filesystems doesnt list bpf ... mnot sure what options are exactly needed ... i know the pi kernels have all of them though
[13:28] <ppisati> ogra_: well, when you figure it out, add it to the list of required options here and send a pull req
[13:28] <ppisati> ogra_: https://github.com/snapcore/snapcraft/blob/master/snapcraft/plugins/kernel.py
[13:28] <ppisati> 'required_snappy' i guess
[13:32] <mup> PR snapcraft#1900 opened: Parent relative symlinks <Created by kalikiana> <https://github.com/snapcore/snapcraft/pull/1900>
[13:51] <zyga> jjohansen: o/
[13:51] <jjohansen> hey zyga
[13:51] <zyga> jjohansen: long time no see, how are you doing
[13:51] <jjohansen> zyga: well I was doing well, but I have a feeling that is about to change
[13:51] <jjohansen> :)
[13:51] <pstolowski> mvo, so my spread test for that install hook bug just produced 'mesg: ttyname failed: Inappropriate ioctl for device' and hung; waiting to see if the hook gets aborted as it should.
[13:52] <zyga> oh? what's going on?
[13:52] <mvo> pstolowski: aha, interessting
[13:52] <jjohansen> zyga: oh I was just assuming you pinged me because you have a bug for me :)
[13:52] <zyga> ah, no :)
[13:54] <jjohansen> zyga: ah, well then I am good :D
[13:55] <mup> PR snapd#4573 closed: tests: enable content sharing test for $SNAP <Created by zyga> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4573>
[13:55] <zyga> thank you
[13:57] <pstolowski> mvo, ok. puzzling. install hook got killed eventually, install was aborted. all as expected.
[13:58] <cachio> mvo, https://paste.ubuntu.com/26495194/
[13:58] <pstolowski> mvo, ah wait, he is not installing, he is using snap try
[13:58] <cachio> this is what Ii see in the pi21
[13:58] <cachio> mvo, there is no /snap/core/current
[13:58] <cachio> mvo, and many tests failing because of that
[13:58]  * kalikiana lunch
[13:59] <cachio> mvo, also the test-snapd-tools snap is not in /snap
[13:59] <mvo> cachio: that is strange, what does your state.json look like? i.e. python3 -m json.tool /var/lib/snapd/state.json
[13:59] <mvo> mborzecki: just to double check, the license for local snaps is displayed if these snaps have a "license:" field in their snap.yaml?
[14:00] <cachio> mvo, https://paste.ubuntu.com/26495214/
[14:03] <mvo> cachio: strange, looks like state.json and content is toally out of sync
[14:04] <mvo> cachio: I wonder if this is a fluke or if we somehow broke the testsuite
[14:04] <zyga> mvo: maybe backup/restore is messed up
[14:04] <zyga> we sometimes see that the state was modified while it was being saved
[14:04] <mvo> zyga: yeah, something along these lines
[14:04] <cachio> mvo, not sure yet, something similar is happening in dragonboard
[14:04] <cachio> pi3 is working fine
[14:04] <mvo> strange
[14:05] <zyga> it's a race
[14:05] <zyga> it doesn't matter where it failed
[14:05] <cachio> mvo, same issue with test-snapd-tools
[14:05] <mvo> Chipaca: does https://github.com/snapcore/snapd/pull/4531#pullrequestreview-92931228 capture the discussion during the standup? if so I will merge the PR and cherry-pick for 2.31
[14:05] <mup> PR #4531: cmd/snap: display snap license information <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/4531>
[14:06] <mvo> cachio: and its also in the state I assume? so the same out-of-sync issue(?)
[14:06] <Chipaca> mvo: except for the very last commit, i think
[14:06] <cachio> mvo, checking
[14:06] <mborzecki> mvo: it should, there's a /v2/snaps/<name>, as long as the response contains the license it will be shown, i can try and add a quick test case for it
[14:07] <mvo> Chipaca: commit or comment?
[14:08] <mvo> mborzecki: yeah, I think if we could have a test case that would be best
[14:08] <Chipaca> mvo: commit
[14:08] <Chipaca> mvo: ie the one that removed the “license: unknown”
[14:09] <mvo> mborzecki, Chipaca: indeed, sorry for this. lets just revert 60074f0 and the following one now that we have agreement on that it should be part of the snap
[14:10] <cachio> mvo, yes
[14:11] <cachio> mvo, also I see in the syslog many of these errors ---> Jan 31 11:15:58 localhost snapd[1369]: 2018/01/31 11:15:58.355309 stateengine.go:101: state ensure error: devicemgr: snap "core" has "install-snap" change in progress
[14:11] <mborzecki> mvo: just to be clear, revert the last 2 commits right?
[14:12] <mvo> mborzecki: yes
[14:12] <mvo> mborzecki: sorry for the confusion about this one, I was under the (wrong) impression that the store should be the authority and I'm happy that its the snap
[14:12] <mborzecki> mvo: also the text that was shown there is `(undefined)`, should I change it to unknown instead?
[14:13] <mvo> mborzecki: yeah, I think "unkown" is slightly better
[14:14] <mvo> niemeyer: for unknown licenses, "license: unknown" in `snap info` output? sounds reasonable?
[14:15] <doko> mvo, zyga: snapd has autopkg test regressions
[14:17] <zyga> where can we see them?
[14:18] <mvo> zyga: I think we have this problem that the store categories changed :( so the searching test fails now
[14:23]  * ogra_ scratches head about unlogical kernel config naming 
[14:23] <ogra_> # CONFIG_BPF_JIT is not set
[14:23] <ogra_> CONFIG_HAVE_BPF_JIT=y
[14:24] <ogra_> how can the second one be true if the first one is false ...
[14:24] <zyga> you have it (it's supported in arch) but not enabled
[14:24] <zyga> that's how I see it
[14:24] <ogra_> hmm
[14:24] <ogra_> so that would mean userspace you think ?
[14:25] <zyga> no, I mean the kernel has code to emit jit for bpf on this architecture (that's the HAVE part does)
[14:25] <zyga> (just guessing though)
[14:25] <ogra_> ah
[14:25] <ogra_> ok
[14:25]  * ogra_ gets it
[14:25] <zyga> but the config option to enable it is off
[14:25] <ogra_> anyway ... just curious ... i'll just enable it anyway
[14:30] <Chipaca> pstolowski: I got a panic in config, suspect I'm doing something wrong :-) do you have a moment to take a look?
[14:31] <pstolowski> Chipaca, what is it?
[14:32] <Chipaca> pstolowski: I'm doing : tr.Set(aSnap, "", aConfig)
[14:33] <Chipaca> pstolowski: and overlord/configstate/config/helpers.go:80 throws an 'index out of range'
[14:33] <niemeyer> mvo: Yeah, sounds good
[14:33] <niemeyer> mvo: I'm half-way through typing out a proposal for custom licenses too
[14:34] <mvo> mborzecki: -^ so "license: unknown" is fine, very happy that this gets pulled in :)
[14:35] <pstolowski> Chipaca, key cannot be "", I'm sure we prevent it in snap/snapctl set, but apparently not at this level
[14:35] <mborzecki> mvo: pushing update in a short while, turns out the biggest issue is forging the data that snapd returns
[14:35] <Chipaca> pstolowski: then how do I set the whole config? (because key is "" for get to get the whole config)
[14:41] <pstolowski> Chipaca, well, I've implemented "" on the get side for convienience to make it easy to discover config keys. but we don't have an equivalent for setting all at once
[14:41] <pstolowski> Chipaca, I mean - not for transaction.Set at least
[14:43] <pstolowski> Chipaca, you can of course workaround that by iterating over root elements and calling tr.Set(..) for them manually
[14:43] <Chipaca> pstolowski: that sounds very additive
[14:43] <pstolowski> Chipaca, or just make tr.Set smarter :}
[14:43] <pedronis> well you need also to remove all them
[14:44] <pedronis> which we don't quite support either
[14:44] <Chipaca> I need to set the config to the thing in the snapshot, not add to it
[14:44] <Chipaca> if the config is empty, empty it
[14:44] <pedronis> seems you need to bypass transactions
[14:44] <pedronis> or teach Set about "" or something like that
[14:44] <Chipaca> I don't mind bypassing transactions :-D
[14:45] <pedronis> replacing the whole thing is not quite the use case for transaction
[14:45] <pedronis> s
[14:45] <pedronis> then it's more  matter of not breaking too many abstractions
[14:45] <pstolowski> ah, I see, yes it's additive that way
[14:45] <pedronis> Chipaca: sounds we need configstate.Set or something
[14:46] <Chipaca> augh
[14:46] <pedronis> for your use case
[14:46] <Chipaca> I need to step away for a bit
[14:46] <pedronis> well configstate/config.Set
[14:46] <pedronis> maybe
[14:46] <pstolowski> yes, that should be very straightforward
[14:47]  * pedronis doesn't remember the how the code org looks like exactly
[14:47] <mup> PR snapcraft#1896 closed: elf: do not strip rpaths that contain $ORIGIN <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1896>
[14:47] <mvo> mborzecki: oh, a spread test is fine, just adding "license: ..:" to one of the test snaps
[14:48] <mborzecki> mvo: well, i've updated the unit tests anyway :)
[14:48] <mvo> mborzecki: .) ok
[14:49] <niemeyer> mvo, mborzecki: https://forum.snapcraft.io/t/support-for-custom-license-text/3671/16
[14:49] <niemeyer> Chipaca: ^
[15:07] <kalikiana> re
[15:12] <greyback> it possible for one snap app to call another snap app? Something like a poor-man's socket activation?
[15:13] <zyga> greyback: not without an interface
[15:14] <greyback> zyga: even inside the same snap?
[15:14] <greyback> i.e. appA & appB in the snap, I want appB to call appA
[15:15] <zyga> greyback: that's more subtle: if you want to go through the activator then you won't be able to
[15:15] <zyga> greyback: if you call the same command as that activator then sure
[15:15] <zyga> greyback: but you won't get the permissions of the other app
[15:16] <greyback> zyga: yeah, it was the permissions I was hoping to keep separate
[15:16] <greyback> so xwayland has tight security, and then my x app has more freedom
[15:17] <greyback> guess I'll give that up for now
[15:19] <zyga> 10 failures left
[15:20] <zyga> 7 failures :)
[15:22] <mup> PR snapd#4531 closed: cmd/snap: display snap license information <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4531>
[15:23] <mvo> thanks mborzecki
[15:50] <zyga> libreoffice 6.0 is out, will the snap be refreshed?
[16:04] <zyga> hhh
[16:04] <zyga> ah :)
[16:04] <zyga> man that was silly
[16:04] <zyga> 3 errors left, will be done in a moment
[16:15] <Chipaca> pstolowski: pedronis: I think I'm going to add a helper to do just this set/unset to config; should I add it to config, or to configstate?
[16:15] <Chipaca> it'll be a separate pr
[16:16] <pedronis> Chipaca: config
[16:16] <Chipaca> ok
[16:16] <Chipaca> pedronis: is config sorta-kinda the 'backend' of configstate?
[16:16] <pedronis> otherwise it cannot be used from snapstate
[16:16] <Chipaca> this is for use from snapshotstate, but ok
[16:17] <pedronis> Chipaca: no, it's mostly the accessor that can be used by any other *state
[16:17] <pstolowski> +1 (config)
[16:17] <Chipaca> k
[16:17] <pedronis> Chipaca: confistate itself imports a bunch of *state
[16:17] <pedronis> so that's why config exists
[16:17] <pedronis> otherwise circular imports
[16:18] <Chipaca> is there any reason a snapshot should save a revision-config?
[16:18] <Chipaca> the "what happens if you restore a revision that isn't current" question comes to mind
[16:18] <pedronis> those are used one revert I think
[16:18] <pedronis> no?
[16:19] <pedronis> are you snapshotting a revision? or all of them?
[16:19] <Chipaca> pedronis: a single one
[16:19] <Chipaca> the current one
[16:19] <pedronis> and you restore the current one?
[16:20] <pedronis> in that case I don't think revision-config is relevant
[16:20] <Chipaca> no, restore restores whatever was snapshot
[16:20] <pedronis> but puts it backa as current?
[16:20] <Chipaca> no
[16:20] <pedronis> then it's complicated
[16:20] <Chipaca> yes
[16:20] <pstolowski> in that case i think you should restore your snapshot into whatever is current rev
[16:20] <pedronis> you need to care about about revision-config
[16:20] <pedronis> I think
[16:20] <pstolowski> (so,just config)
[16:20] <Chipaca> maybe restore should block restore unless the revision is current
[16:21] <Chipaca> then the problem goes away :-)
[16:21] <Chipaca> at least for now
[16:22] <Chipaca> maybe in a followup it can restore to current always, but doing that to a 'live' snap makes me nervous
[16:23] <Chipaca> anyway, going with "config" for now
[16:28] <mup> PR snapd#4574 opened: tests: add integration for local snap licenses <Created by mvo5> <https://github.com/snapcore/snapd/pull/4574>
[16:37] <mup> PR snapd#4575 opened: config: add (Get|Set)SnapConfig to do bulk config e.g. from snapshots <Created by chipaca> <https://github.com/snapcore/snapd/pull/4575>
[16:37] <Chipaca> pedronis: pstolowski: ^ a quickie  (i hope)
[16:37] <pstolowski> looking
[16:39] <zyga> 2 lef
[16:39] <zyga> 2 left :)
[16:41] <Chipaca> zyga: 2 leffe?
[16:42] <zyga> Chipaca: two tests failing; almost done :)
[16:42] <zyga> 0!
[16:43] <pstolowski> Chipaca, +1
[16:44] <Chipaca> why can i edit your review summary
[16:48] <mup> PR snapd#4576 opened: cmd/snap-update-ns: large refactor / update of unit tests <Created by zyga> <https://github.com/snapcore/snapd/pull/4576>
[16:48] <zyga> big n boring
[16:48] <zyga> but had to be done
[16:48] <zyga> now I feel good about that code :)
[16:49] <zyga> I also tweaked a few strings based on one more patch I had, the error messages are nicer
[16:50] <zyga> mvo: ok, I think I can close that chapter for today, I can do code reviews or I can write about the content interface improvements
[16:50] <mup> PR snapcraft#1901 opened: elf: check if file exists before checking if ELF <bug> <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/1901>
[16:51] <mvo> zyga: writing sounds good
[16:52] <zyga> mvo: okay, let's get that done :)
[16:53] <zyga> if you include that PR in ~rc3 (if there is one) that's okay but it's not mandatory, I only added a load of unit tests and tweaked some error strings
[16:53] <mvo> zyga: yeah, just looking at it
[16:57]  * zyga tries to recall why x.snapd.symlink=foo is not conveyed through Entry.Name, hmm hmm
[16:57] <zyga> maybe it would be nicer to read
[16:57] <zyga> but I did that for *some* reason, I remember that much
[16:57] <zyga> well, did it the way it is now
[16:57] <zyga> those tests took about two days to write in this final form
[17:02]  * kalikiana going to wrap up for the day
[17:02] <zyga> o/
[17:04] <zyga> Chipaca: question on 4575
[17:05] <Chipaca> zyga: or is there
[17:05] <Chipaca> zyga: (i don't see a question)
[17:05] <zyga> Chipaca: hmmmm
[17:05] <zyga> it got eaten
[17:05] <Chipaca> github is hungry today
[17:05] <ogra_> omnomnom
[17:05] <zyga> I was asking why are we returning json.RawMessage by value
[17:06] <Chipaca> zyga: it's a []byte; it's already a pointer
[17:06] <zyga> and if that is safe actually (shallow copy)
[17:06] <zyga> ah, perfect
[17:06] <zyga> thanks! LGTM
[17:06] <Chipaca> I don't know why config uses *json.RawMessage (and it might, because it does some funky stuff), but these two functions are un-funky
[17:07] <Chipaca> might need to*
[17:07] <ogra_> sigh ...
[17:08] <zyga> Chipaca: was that related to some bug in json
[17:08] <zyga> where you need the pointer to get some methods right
[17:08] <zyga> something like that echoes in my head
[17:08] <Chipaca> it might be; if it is, pedronis will know :-)
[17:08] <zyga> + snap install test-snapd-control-consumer
[17:08] <zyga> error: cannot install "test-snapd-control-consumer": cannot get nonce from
[17:08] <zyga>        store: store server returned status 418
[17:08] <zyga> 418?
[17:08] <Chipaca> aw, so close to 419
[17:08] <zyga> is that my bus home? :)
[17:09] <Chipaca> ah no
[17:09] <Chipaca> 418 is the one
[17:09] <zyga> what is it?
[17:09] <zyga> should we retry that?
[17:09] <Chipaca> 418 I'm a teapot
[17:09] <ogra_> jdstrand,  (or any other securiteer ) ... looking at different core kernels i see "bpf" in /proc/filesystems ... the kernel i'm currently working on does not show it and i cant find what Kconfig option would enable the bpf filesystem, do you happen to have any hint (google isnt helpful either)
[17:09] <Chipaca> zyga: which in our tests means it is (hopefuly!) not talking to an actual server
[17:10] <zyga> haha, cute :)
[17:10] <pedronis> it's talking to the fakestore and trying to setup a device session
[17:10] <pedronis> or something like that
[17:10] <pedronis> why is it doing that though?
[17:10] <pedronis> only now
[17:12] <zyga> it is in here https://api.travis-ci.org/v3/job/335552657/log.txt
[17:12] <zyga> in this PR https://github.com/snapcore/snapd/pull/4562
[17:12] <mup> PR #4562: debian: add a zenity|kdialog suggests <Created by mvo5> <https://github.com/snapcore/snapd/pull/4562>
[17:15] <pedronis> it is using the fakestore
[17:15] <pedronis> wondering why we never got this kind of error
[17:16] <pedronis> it's a while since the situation in which we might try to create a device session have increased
[17:28] <ogra_> mvo, hmm, did the service disabling in the core config hook regress ? (seems to not mask aymore but just disable)
[17:28] <ogra_> lrwxrwxrwx 1 root root   35 Jan 28 11:50 syslog.service -> /lib/systemd/system/rsyslog.service
[17:28] <ogra_> ogra@localhost:~$ snap get core service.rsyslog.disabled
[17:28] <ogra_> true
[17:28] <ogra_> ogra@localhost:~$ ps ax|grep syslog
[17:28] <ogra_>  2195 ?        Ssl    0:00 /usr/sbin/rsyslogd -n
[17:31] <zyga> mvo: do we need https://github.com/snapcore/snapd/pull/4562 for the final release?
[17:31] <mup> PR #4562: debian: add a zenity|kdialog suggests <Created by mvo5> <https://github.com/snapcore/snapd/pull/4562>
[17:34] <cachio_> mvo, well I discovered the problem in dradonboard and pi2
[17:34] <cachio_> mvo, old core snaps
[17:34] <cachio_> it is weird because I  created the images after the cores were uploaded to the store
[17:50]  * Chipaca afk for a while
[18:01] <mup> Bug #1746564 opened: snapd should not allow --classic installation for snaps with strict confinment mode <Snappy:New> <https://launchpad.net/bugs/1746564>
[18:11] <cachio_> mvo, this seems to be an issue
[18:11] <cachio_> https://paste.ubuntu.com/26496402/
[18:11] <cachio_> mvo, it happens in the refresh scenario
[18:11] <cachio_> when we refresh from stable (factory release)
[18:11] <cachio_> I'll debug it once the execution finishes
[18:11] <zyga> hmm
[18:11] <zyga> in test-snapd-tools expected to have a key 'license'
[18:11] <zyga> that looks like the recently added thing
[18:12] <cachio_> mvo, it failed in both 32 and 64 bits
[18:12] <zyga> yes, it's not something that's arch dependent
[18:13] <cachio_> zyga, ok, I'll take a look in that case
[18:21] <zyga> cachio_: look at the newly merged patches
[18:22] <cachio_> zyga, yes, this issue was not happening in rc1
[18:22] <cachio_> it is quite new
[18:22] <cachio_> I am debuging
[18:22] <cachio_> zyga, any idea which PR was included the code that could be causing that?
[18:33] <mvo> ogra_: hm, I remember code to mask it but I will double check in the morning
[18:33] <ogra_> cyphermox, slangasek, am i correct assuming that the only reason for not using signing for the initrd in secure boot is that we dynamically re-generate it ? or is there any grub-sided restriction as well ?
[18:34] <mup> PR snapd#4575 closed: config: add (Get|Set)SnapConfig to do bulk config e.g. from snapshots <Created by chipaca> <Merged by chipaca> <https://github.com/snapcore/snapd/pull/4575>
[18:34] <mvo> zyga: 4562 is not super urgent, suggests are weak and in most cases where we will use the UI one of the two (zenity or kdialog) will be installed
[18:34] <slangasek> ogra_: what does signing an initrd mean to you?
[18:34] <ogra_> slangasek, well, having a signed img file
[18:34] <ogra_> and grub verifying that
[18:35] <mvo> cachio_: meh, I think its my fault :/
[18:35] <mvo> cachio_: I cherry-picked the license display PR into 2.31
[18:35] <mvo> cachio_: so there is a test for it in git
[18:35] <mvo> cachio_: but this cherry-pick is not included in ~rc2
[18:35] <mvo> cachio_: that explains the failure
[18:36] <slangasek> ogra_: grub verifying it using what code?
[18:37] <ogra_> slangasek, dunno, thats why i ask :) would that be a kernel thing ?
[18:37] <slangasek> ogra_: possibly.  in practice verification of initrds has consistently been punted to "that's a TPM thing"
[18:37] <ogra_> i assume there is a way to have a signed initrd too ... along with a signed kernel
[18:39] <ogra_> slangasek, the issue is ... we wanted to use u-boot.FIT for secure boot on arm for a project, but it turned out that this only allows a giant blob that contains kernel. initrd and dtb in a single file ... that doesnt go so well with snaps, so i'm looking into the possibility to instead use grub-uboot for that
[18:39] <ogra_> ... in the hope it allows me to have single files i can load
[18:40] <ogra_> (but still keep a secure chain of verified images)
[18:47] <ogra_> aha
[18:48]  * ogra_ finds https://ruderich.org/simon/notes/secure-boot-with-grub-and-signed-linux-and-initrd
[18:54] <cachio_> mvo, I noteced that :)
[18:54] <cachio_> np
[18:56] <slangasek> ogra_: right, so initrd is difficult because it's generated outside the archive, and the UEFI signing keys are quite intentionally only in the archive
[18:56] <ogra_> slangasek, right, but thats not the case in snap-land :)
[18:58] <slangasek> ogra_: it's still not generated in the Ubuntu archive, AFAIK?
[18:58] <cachio_> mvo, also we need a strace-static snap for i386
[18:58] <cachio_> mvo, could you please share it to me?
[18:59] <ogra_> slangasek, yeah, but thats the x86 UEFI world ... here we'll have a customer with his own key that gets burned into the trust zone on the arm board ... so all i need to care about is that the snaps get signed with the right key when the customer builds them in-house
[19:00] <ogra_> so no archive key involved
[19:02] <slangasek> ogra_: ah, I see. so, then the problem is, the initrd is not a PE object, which means the usual secureboot signature verification code can't do anything with it
[19:02] <ogra_> s/that the snaps/that the binaries in the snaps/
[19:02] <ogra_> right, but i the case of a custom key that wont matter ... great ...
[19:08]  * zyga dinner
[19:42] <jdstrand> ogra_: otoh, I don't... tyhicks *may*, but jjohansen probably would (though he is traveling and may not be available)
[19:42] <jdstrand> tyhicks, jjohansen: question from ogra is when does "bpf" show up in /proc/filesystems?
[19:44] <zyga> hey jdstrand o/
[19:45] <jamesh> zyga: hi.  Is there any particular reason why snap-update-ns only logs failures to mount/unmount file systems rather than treating it as a failure?
[19:48] <mup> PR snapcraft#1901 closed: elf: check if file exists before checking if ELF <bug> <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1901>
[19:48] <tyhicks> ogra_, jdstrand: is there more context? (I don't have backscroll handy)
[19:49] <tyhicks> ogra_, jdstrand: filesystem types show up in /proc/filesystems when filesystems of that type are available in the kernel (I doubt that answers your question and that you already know that)
[19:49] <tyhicks> s/and that you already know that/and suspect that you already know that/
[19:49] <mvo> cachio_: sure thing, let me fix the strace-static thing
[19:49] <jdstrand> hey zyga
[19:50] <jdstrand> tyhicks: right. let me give the whole question
[19:50] <zyga> jamesh: that's a good question, I think it was decided long ago
[19:50] <zyga> jamesh: I'm not super fond of it as we probably don't do things correctly then
[19:50] <jdstrand> tyhicks: 11:09 < ogra_> jdstrand,  (or any other securiteer ) ... looking at different core kernels i see "bpf" in /proc/filesystems ... the kernel i'm currently working on does not show it and i cant find what Kconfig option would enable the bpf filesystem, do you happen to have any hint (google isnt helpful either)
[19:51] <tyhicks> aha
[19:51] <tyhicks> I can answer that with some investigation
[19:52] <jdstrand> zyga: considering that snap-update-ns tries to do things in order, failing somewhere along the way and continuing as if it succeeded seems incorrect
[19:53] <jdstrand> ogra_ (cc zyga): I just looked at 3 different core systems, and none of them have a populated /etc/apparmor.d/cache
[19:53] <tyhicks> ogra_: the bpf filesystem was first added in kernel 4.4 with this commit: https://git.kernel.org/linus/b2197755b2633e164a439682fb05a9b5ea48f706
[19:54] <jdstrand> ogra_ (cc zyga): /var/cache/apparmor is correctly populated with snap cache (and nothing else)
[19:54] <tyhicks> ogra_: from what I can tell, it is only hidden behind CONFIG_BPF_SYSCALL
[19:56] <jdstrand> ogra_ (cc zyga): /etc/apparmor.d/cache is a writable path, so for giggles I unmounted it and /etc/apparmor.d/cache was also empty. if I were to guess, I would say that the ordering of the apparmor unit and the writable-path is wrong and that /etc/apparmor.d/cache is still readonly at the time that the parser is run
[19:57] <zyga> jdstrand: oho
[19:57] <zyga> jdstrand: nice find
[19:58] <mvo> jdstrand: with me "empty-etc" hat on> why is etc used to write a cache?
[19:58] <jdstrand> ogra_ (cc zyga): iirc this used to work. I don't know when it would have regressed. we should probably have a spread test to make sure
[19:58] <zyga> mvo: your question is spot on
[19:58] <jdstrand> mvo: hi! terribly longtime historical reasons
[19:59] <mvo> jdstrand: fair enough, just like 80% of etc
[19:59] <jdstrand> mvo: right
[19:59] <jdstrand> mvo: it predates me. afaik, it was there because alternatives weren't guaranteed to be mounted during early boot (eg, /var)
[20:00] <zyga> mvo: you probably know better than I do that /etc used to hold *binaries*
[20:00] <jdstrand> mvo: and other places were not lsb compliant (not that /etc/apparmor.d/cache is)
[20:02] <jdstrand> mvo: it comes up from time to time on the mailing list. there is a general desire to move it, but it gets complicated wrt to early boot, distros, etc. however for core, there is no reason we couldn't put it somewhere else, but we'd have to be careful about early boot
[20:02] <jdstrand> mvo: it comes up from time to time on the mailing list. there is a general desire to move it, but it gets complicated wrt to early boot, distros, etc. however for core, there is no reason we couldn't put it somewhere else, but we'd have to be careful about early boot
[20:02] <mvo> jdstrand: ok
[20:03] <jdstrand> mvo: I'm not sure how much you saw before you dropped off...
[20:03] <mvo> jdstrand: I missed this, thanks for pasting
[20:03] <mvo> jdstrand: my machine is a bit unstable recently, I wonder if I need to purge the intel-microcode package :(
[20:03] <jdstrand> mvo: here are two more:
[20:04] <jdstrand> mvo: it predates me. afaik, it was there because alternatives weren't guaranteed to be mounted during early boot (eg, /var)
[20:04] <jdstrand> mvo: and other places were not lsb compliant (not that /etc/apparmor.d/cache is)
[20:04] <mvo> jdstrand: ta
[20:04] <jdstrand> mvo: maybe-- mine made suspend not work at all
[20:04] <jdstrand> well, it would suspend. it wouldn't come out ;)
[20:05] <jdstrand> I'm hopeful new microcode will be available
[20:05] <mvo> jdstrand: thanks for the apparmor, for core18 we may need to tweak this, but its only one of many potential things we need to tweak :)
[20:05] <mvo> jdstrand: I will purge it for now :(
[20:06] <jdstrand> mvo: can you think of what might've caused the cache to not be populated?
[20:06] <jdstrand> mvo: do you also recall this used to work?
[20:06] <mvo> cachio_: I create a proper lp:~snappy-dev/strace-static-snap/trunk project with an auto snap build
[20:06] <cachio_> mvo, awesome, tx
[20:07] <jdstrand> ogra_: can you file a bug for /etc/apparmor.d/cache and we can contineu there?
[20:07] <mvo> jdstrand: I don't recall this used to work and I think the most plausible is what you said, if this run very early the location might still be read-only
[20:07] <mvo> jdstrand: fwiw, I hope we won't have writable-paths for core18 just a plain writable etc
[20:07] <jdstrand> it certainly is meant to work, otherwise those poor arm devices are grumpy
[20:07]  * jdstrand -> gotta run. bbiab
[20:18] <mup> PR snapd#4574 closed: tests: add integration for local snap licenses <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4574>
[20:33] <mup> PR core#80 opened: hooks: c-n-f is expected in /usr/lib/command-not-found <Created by mvo5> <https://github.com/snapcore/core/pull/80>
[20:36] <zyga> mvo: +1
[20:47] <mvo> zyga: ta
[20:47] <mup> PR core#80 closed: hooks: c-n-f is expected in /usr/lib/command-not-found <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/core/pull/80>
[20:47] <mup> PR snapd#4577 opened: snap: fix command-not-found on core devices <Created by mvo5> <https://github.com/snapcore/snapd/pull/4577>
[20:49] <zyga> mvo: so... it wasn't tested in practice before?
[20:50] <zyga> mvo: hmm
[20:50] <zyga> mvo: why
[20:50] <zyga>  +cmd.Positionals.CommandOrPkg = os.Args[2]
[20:50] <zyga> I don't get it
[20:50] <zyga> you iterate over all args except 0th
[20:51] <zyga> and then you can have a chain of --
[20:51] <zyga> and the first one that doesn't will set a _fixed_ answer
[20:51] <zyga> is that correct?
[20:51] <mvo> zyga: meh, incomplete push
[20:51] <mvo> zyga: sorry
[20:52] <mvo> zyga: please reload
[20:52] <mvo> zyga: originally I wanted to just hardcode os.Args[2]
[20:52] <mvo> zyga: but then though checking for "--" would be more robust if the handler that calls c-n-f ever changes
[20:53] <mvo> zyga: I guess it shows that I should stop for today :)
[20:53] <mvo> zyga: the integration on a real shell on a core device was not tested until today :/ many moving parts
[21:02] <geekgonecrazy> Greetings guys.  Back with more snap/snapcraft related issues. :)
[21:02] <geekgonecrazy> In the rocketchat-server snap we do an npm install.  One of the packages seems to always have issues getting properly snapped up
[21:03] <geekgonecrazy> So most of the time we can explicitely install it and it'll make it through.  But we're running into the issue again.  It seems as if for some reason snapcraft decides that the binaries don't need to be included so skips them
[21:03] <geekgonecrazy> > Unable to determine library dependencies for b'/build/stable/prime/programs/server/npm/node_modules/grpc/src/node/extension_binary/node-v57-linux-x64-glibc/grpc_node.node'
[21:04] <geekgonecrazy> we see this ^ and that exact same file is then complained about being missing when we try to start it
[21:04] <geekgonecrazy> does "Unable to determine library dependencies" really mean... "Can't figure out what to do with this so skipping" ?
[21:12] <zyga> geekgonecrazy: this is something for sergiusens, kyrofa and kalikiana
[21:13] <zyga> though they are sprinting this week so conditions apply
[21:17] <geekgonecrazy> zyga: ok fair enough.  I'll roll back our armhf build.  Typically if there is an error building it errors out.  But seems that the skipping of the files isn't an error just a silent thing :(
[21:18] <geekgonecrazy> i'd keep digging tonight, but gotta prep to head out to fosdem tomorrow.  Do you know if any of the snap/snapcraft team will be attending?
[21:23] <zyga> geekgonecrazy: I don't know, sorry
[21:24] <zyga> geekgonecrazy: they have a sprint now in US so probably not
[21:24] <zyga> though maybe someone else is going
[21:35] <geekgonecrazy> zyga: no biggie.  Just figured someone around might know :D
[21:45] <mup> PR snapcraft#1902 opened: many: use in-snap unsquashfs and readelf if running from snap <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1902>
[23:05] <ogra_> jdstrand, thanks for the investigation, will file it ...
[23:07] <ogra_> tyhicks, thanks for the research ! i have the BPF_SYSCALL option set here but still dont see it in /proc/filesystems ... will dig further myself ...
[23:20] <tyhicks> ogra_: kernel version?
[23:52] <jdstrand> greyback: hey, you probably saw but I approved your /dev/shm/# pr, but can you add the requested comment?