/srv/irclogs.ubuntu.com/2018/02/12/#snappy.txt

mborzeckimorning06:10
mupBug #1700560 changed: “snap find” returns confusing results <Snappy:Fix Released> <Snap Store:Invalid> <https://launchpad.net/bugs/1700560>06:53
zygahello07:29
zygasorry for being late07:29
zygamborzecki how are you doing? :-)07:29
mborzeckizyga: hey07:29
mborzeckiit's snowing outside (again)07:30
mborzeckizyga: have i missed anything interesting on friday?07:30
mvohey zyga and mborzecki07:31
zygahaha, same here :-) snow snow snow07:31
zygagood morning mvo07:31
mvohere as well!07:31
mvosnow!07:31
mborzeckimvo: morning07:31
zygawell, I had a great Friday EOD except for one test that made me think all weekend about it07:31
mborzeckizyga: what was the test?07:33
zygahttps://github.com/snapcore/snapd/pull/464407:33
mupPR #4644: tests: add a spread test for layouts <Created by zyga> <https://github.com/snapcore/snapd/pull/4644>07:33
zygalook at the diff first07:33
zygait passes everywhere but on core07:33
zygajamesh hello07:34
mborzeckibtw. this is what mikołajki looks like this time of the year: https://imgur.com/a/1Np8S07:36
zygaoh, we have a bug report hidden on github: https://github.com/snapcore/snapd/pull/3889#issuecomment-36463798007:36
mupPR #3889: interfaces: mount host system fonts in desktop interface <Created by jhenstridge> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/3889>07:36
zygamborzecki woah, nice!07:37
zygawarsaw is full of smog because of inefficient combustion heaters and people burning trash :/07:37
mborzeckisounds like every major city during the winter :P07:38
mborzeckithere's an area in lodz, south-west, towards pabianice, mostly older housing, the air quality meters are usually going all red during the winter07:39
zygayeah, it's all around poland07:39
zygaI miss spain, nobody burned trash, it wasn't that cold, air was clean07:39
mborzeckiit wasn't that cold <-- that's your solution there :)07:39
zygayeah but also everything was heated by gas, not coal/wood/garbage07:40
zygaand also a bit more money on average07:40
mborzeckizyga: that test failing, `cannot stat /var/lib/snapd/seccomp: No such file or directory` ? another thing, was there no /etc in the snap rootfs?07:43
zygathere is /etc in the core snap, we also have writable paths that change how that operates07:43
mborzeckizyga: there's a separate path for all this in snap-confine too?07:45
zyganope07:45
zygawell, not for layouts07:45
zygaI have a suspicion what the problem might be... stay tuned :)07:45
mborzeckizyga: right, not for layouts, but for bootstrapping the mount namespace07:46
zygayes, we do have different setup there07:47
* zyga looks at http://aqicn.org/city/poland/mazowieckie/warszawa/ursynow/ and at http://aqicn.org/city/spain/catalunya/barcelona-eixample/07:47
jameshzyga: hi07:55
zygahey!07:55
zygaI merged master into your PR07:55
zygaand resolved some conflicts due to a recent big code move07:56
zygajamesh I may also work on that branch further this week, mainly by chopping it down and landing parts while the last validation problem gets solved07:59
jameshthanks.  I've been thinking a bit more about the checks jdstrand wanted.  If we can't work out a way to reliably reconstruct the mount source from the mountinfo file, I wonder if it would be enough to ensure it is on the right device?07:59
zygajamesh I don't know yet, I need to think about that and focus (just barely woke up)08:00
jameshi.e. if we expect the mount source to be in the user's /run/user/$UID tmpfs, we should be able to reliably check that it is still from that file system after the mount08:01
jamesh(e.g. hasn't been replaced by a symlink to /etc on a different device)08:02
zygayes, that's doable08:02
zygaone thing we can do is to check that after the mount op finishes there are no more symlinks than before08:02
zygabut I need to think about what we might be racing with here08:02
jameshof course, for the xdg-document-portal case, the mount point is in a fuse file system under $XDG_RUNTIME_DIR, so we can't just check the one device number08:02
jameshI think we could do a simple walk backwards through mountinfo before the mount to find out the expected device for the source, and then check the details of the new mountinfo entry afterwards to confirm08:04
zygayeah, that's doable, I think we need to walk both the mount table and the path components and see where we land at each stage (if we follow any symlinks along the way)08:05
zygajamesh btw, I was also wondering about one more thing, if we can simplify the problem by 50% by doing "mount -t stuff /dev/stuff ."08:06
jameshfor user mounts, I think it'd be okay to consider any cross-device symlinks to be an error08:06
zygaif we mount in the current directory, if that's even doable, we have smaller attack surface08:06
zyganot sure if we're going to mount more than fuse filesystems now08:06
mborzeckimvo: could you upload a .vendor.tar.gz release files to github releases page for 2.31?08:07
jameshzyga: what do you mean by "mount -t stuff" here?08:07
zygajamesh: pushd && cd /tmp && mount -t tmpfs tmpfs . && popd08:07
zygajamesh no way to attack mount target directory (mount point)08:08
zygaand after we cd we can take all our time to investigate where we've landed08:08
zyga(we can also write a secure chdir)08:08
mvomborzecki: sure, let me do this08:09
jameshzyga: is that more secure than doing "cd dest; mount --bind /source ." ?08:09
mborzeckimvo: thanks08:09
zygano, that's exactly what I meant08:09
zygathe idea is to avoid mount /one/path /another/path08:09
zygaand to reduce that to /one/path08:10
jameshjust wanted to check what would happen when mounting over a symlink: the command line tool dereferences the symlink itself, so that doesn't help much08:12
zygajamesh yeah, that happens at syscall level too, that's why mount(2) sucks so much :/08:12
jameshso who wants to propose a mountat() system call? :)08:13
zygathere were some proposals like that08:13
zygabut I think it's a bit complex for reasons I don't fully understand08:14
zygathere is some reason why it's path based more than just FD based08:14
zygathe last thing I remember was ...08:14
* zyga still searches08:17
zygahttps://lwn.net/Articles/718638/08:18
* zyga breaks for breakfast08:20
alexlarssonjamesh: hey, did you look at the document portal?08:23
zygahey alexlarsson08:26
alexlarssonhey hey08:26
alexlarsson You can't get any simple mount() changes in08:27
alexlarssonbecause al viro hates the mount syscall and wants to completely redo it08:27
alexlarssonThus blocking minor improvements08:28
alexlarssonNot that i disagree with him...08:28
zygawell, a no-follow flag would do wonders08:32
zygabut yeah08:32
zygaI'd love to see a new API too08:32
jameshalexlarsson: I haven't done a full test of your branch yet.  I'll get that done and add some feedback to the PR.08:32
zyga(don't really mind if both happen)08:32
jameshthere is a fantasy linux mount API described here: https://lwn.net/Articles/718638/08:33
alexlarssonWhat i would love is a bind mount + make readonly in a single call08:33
alexlarssonI have some horrendous complicated code for recursive read-only bind mounts :/08:34
alexlarssonhttps://github.com/projectatomic/bubblewrap/blob/master/bind-mount.c08:35
alexlarssonthis is total bullshit08:35
alexlarssonand should just be MS_BIND | MS_REC | MS_RDONLY08:35
zygaall software evolves till it parses mountinfo ;-)08:37
alexlarssonI asked al, and he agreed it was bullshit. But...08:39
zygabut nack to small improvements?08:39
alexlarssonyeah08:40
zygais he working on the new big API or is it just fossilisation stage and nothing happens?08:40
alexlarssonunclear08:41
jameshIf you fixed mount() so that flags other than MS_REC were respected when performing a bind mount, how would the app even know?08:43
zygajamesh I think it'd require a MOUNT_EXTRA_FLAGS flag or something similar to indicate desire to use a richer interface08:44
zygaor an entirely new syscall08:44
jameshzyga: the syscall is currently documented as ignoring other flags, and the call is likely to succeed on an old kernel anyway08:45
jameshso you'd need to check after the fact to see if they were applied08:45
zygatoo messy, the idea is to make userspace easier, not just hard but different08:46
zygagiven what you said a new syscall is really needed08:46
alexlarssonjamesh: child of MS_MGC_VAL ?08:47
jameshIf they'd instead made it an error to specify the flags that it currently ignores, there'd be something user space could check for08:48
alexlarssonyeah08:48
alexlarssonbut that would make sense!08:48
zygahaha08:48
zygaall the good choices we never did08:48
zygaand even once the new interface is here it will be many many cycles before it can be used as a dependency without cutting a significant chunk of users08:50
Chipacamorning all09:31
mvohey Chipaca, good morning09:36
Chipacamvo: hiya09:36
ChipacaI suck at naming things. What would *you* call this Thing, and what would you call the arguments to New after the first? https://gist.github.com/chipaca/21222a4fa23ae5d8629c84cc016f23ea09:38
Chipaca^ that's what i've been playing with this weekend09:38
* Chipaca now gets back to work09:38
mvoChipaca: hm, maybe Formater?09:39
Chipacamvo: it's not strictly work, and it's got bugs still, but if you want to play with it, https://people.canonical.com/~john/snap-find should work on amd6409:40
Chipaca(needs a running snapd)09:40
mvoChipaca: nice09:41
mvoChipaca: Columnizer , ColumnFormater, SheetFormater for some more ideas09:42
Chipacaoooh, Columnizr and be all web 2.009:42
Chipacawrt the bugs, one is go's, in that i need to add code to handle double-wide characters by hand (search for 'hello' and look at hello-bluet)09:43
Chipacaanother is that in long listings it seems to be doing something wrong and leaving too much space for things it's not going to print yet, so there's a cutoff missing its spot09:43
Chipacabut anyway,lots of fun rune-twiddling to be had09:43
mvoChipaca: :) looks/sounds like it indeed!09:44
=== ikey|afk is now known as ikey
* Chipaca -> physio break10:44
* Chipaca -> *really* physio break10:59
mupPR snapd#4648 opened: debian, snap: only static link libseccomp in snap-seccomp on ubuntu <Created by mvo5> <https://github.com/snapcore/snapd/pull/4648>11:06
mupPR snapd#4645 closed: snapctl: allow `snapctl get` from any uid <Created by mvo5> <Closed by mvo5> <https://github.com/snapcore/snapd/pull/4645>11:12
mupPR snapd#4649 opened: many: record if snap was installed with --dangerous, snow relevant annotation in `snap info` and `snap list` <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/4649>12:01
mupPR snapd#4650 opened: daemon: allow `snapctl get` from any uid <Created by mvo5> <https://github.com/snapcore/snapd/pull/4650>13:00
Chipacahmmm, hangouts seems rather dark right now13:01
* Chipaca turns it off and back on again13:02
Chipacaoh god they're trying to use opengl13:02
mupPR snapd#4629 closed: ifacestate: only rewrite security profiles if the system-key changes <Created by mvo5> <Closed by mvo5> <https://github.com/snapcore/snapd/pull/4629>13:50
Chipacaman, go-flags is terrible at formatting this stuff13:53
Chipaca:-(13:53
Chipacahttps://pastebin.ubuntu.com/=dS8vNTVhrM/13:54
Chipacalike, wtf is going on with the option alignment13:54
Chipaca--hello13:54
Chipaca.                                       --yes-im-over-here13:54
Chipaca.    --WAT13:54
mupPR snapd#4651 opened: cmd/snap: add help for service commands (oops) <Created by chipaca> <https://github.com/snapcore/snapd/pull/4651>13:58
* Chipaca hugs mup13:58
Son_Gokutoday is a day where I curse Go for making it so that build flags are comments in Go files14:02
mborzeckiSon_Goku: CGO_LDFLAGS_ALLOW is your friend14:03
* Son_Goku sighs14:03
mborzeckiSon_Goku: they did forget to add a similar for pkg-config though :)14:04
* Son_Goku mournfully looks over at the nice stuff in Rust with Cargo...14:04
mborzeckioff to pick up the kids14:17
mvozyga: 4643 has a trivial suggestion for a comment fix14:19
zygaack14:19
mupPR snapd#4638 closed: devicestate: fix autopkgtest failure in TestDoRequestSerialErrorsOnNoHost <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4638>14:20
mupPR snapd#4651 closed: cmd/snap: add help for service commands (oops) <Created by chipaca> <Merged by chipaca> <https://github.com/snapcore/snapd/pull/4651>14:25
Chipacawooooo14:25
Chipacathat's got to be a record14:25
Chipaca23 minutes from PR to landed with 2 +1s and green spread14:25
* mvo hugs Chipaca 14:29
mupPR snapd#4646 closed: snap-seccomp: fix cgo pkg-config and LDFLAGS <Created by stapelberg> <Closed by mvo5> <https://github.com/snapcore/snapd/pull/4646>14:37
mvothe classic confinement test segfaults on bionic :( /me wants the `snap run --gdb` branch to be merged to debug this15:11
Chipacajdstrand: you around?15:11
mupPR snapd#4643 closed: snap: disallow layouts in various special directories <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/4643>15:12
jdstrandChipaca: hey, yes15:34
Chipacajdstrand: I was looking through the review tools wondering about version validation15:34
Chipacajdstrand: are they still from lp:click-reviewer-tools ?15:34
jdstrandChipaca: for the moment15:35
Chipacajdstrand: and if so, is it _verify_pkgversion in common.py15:35
Chipacajdstrand: and if so, maybe update it so it matches snapcraft's validator?15:35
Chipacajdstrand: or, sync with snapcraft about it15:35
Chipacathere are things that one considers invalid that the other doesn't, in both directions15:36
jdstrandChipaca: I can do that. it matched at one point...15:36
jdstrandChipaca: is there a particular issue you are looking at?15:36
Chipacajdstrand: I'm adding version validation to snapd15:37
Chipacaand I'd like to write that it matches what the review tools and snapcraft do15:37
Chipacabut currently i cannot :-)15:37
jdstrandthen, yes, I'll adjust the review tools to match snapcraft15:37
jdstrandChipaca: since you've looked at snapcraft, where is the validation happening there?15:38
Chipacajdstrand: ^[a-zA-Z0-9.+~-]{1,32}$ is what snapcraft is checking fwiw15:38
jdstrandso '~' is a valid version?15:39
Chipacajdstrand: schema/snapcraft.yaml15:39
Chipacajdstrand: yes15:39
Chipacajdstrand: also README.~1~15:39
jdstrandChipaca: let me rephrase. '~', '.', '+' and '-' are all supposed to be valid versions?15:40
Chipacajdstrand: in snapd, _anything_ is a valid version :-)15:40
Chipacabut yes in snapcraft those things are valid versions15:40
jdstrandChipaca: the store has its own checks separate from the review-tools aiui, and the review tools reflect that15:40
jdstrandChipaca: I know it is in snapcraft :P is snapcraft *wrong*?15:40
Chipacathis is turning into a Meeting, isn't it15:40
Chipaca*gasp*15:41
Chipacasurely not15:41
Chipacasergiusens: you on national holiday today, n'eh?15:41
Chipacakyrofa: kalikiana: can we talk about versions for a bit?15:42
Chipacaor maybe i should open a bug15:42
kyrofaChipaca, sure!15:42
jdstrandChipaca: honestly, I think we need the store team. iirc there are checks there15:42
Chipacakyrofa: am I right in thinking that snapcraft uses the schema/snapcraft.yaml thing to validate versions?15:42
kyrofaOh, looks like I have some reading to do15:42
kyrofaChipaca, yes, if it's a string it's validated with that regex15:43
Chipacajdstrand: ok15:43
jdstrandI'll change the review tools to whatever is agreed to. the version check was more important when we had the version as part of the security label15:43
Chipacanoise][: who knows about the version validation the store does?15:43
Chipacanoise][: that is, validation of the version string in a snap15:44
kyrofaChipaca, yeah we have no horse in this race either-- you just tell us what you want it to be and it shall be done15:44
Chipacakyrofa: basically the regexp there is suspect, but we have apparently three different ones already :-) so, this15:44
Chipacakyrofa: version must match ^fantastic-.*$15:45
Chipaca\o/15:45
jdstrandI *think* what I was remembering was that we were doing what the store does, not what snapcraft does, since people can run the review-tools on a snap prior to upload (no one does that now, but when this was written, that was the thinking)15:45
kyrofaYeah seems reasonable15:45
kyrofa:P15:45
Chipacajdstrand: right, but I'm not sure the store enforces the "version must be debianish" rule any more15:46
jdstrandit's possible now that click and snapv1 are gone, the version check in the store was removed15:46
jdstrandright. me either15:46
jdstrandhence you asking them :)15:46
pedronisjdstrand: Chipaca: I don't see a version check in the store15:46
Chipacahmmm15:47
pedronisthere's just a max length15:47
jdstrandit had to do with the upload15:47
pedronisafaict15:47
jdstrandI forget what it was called...15:47
Chipacamaybe I should just try to upload something with a ridiculous version and see what happens15:47
jdstrandI don't know if the output of the test is: 'Is a valid package' or 'Stated package version matches snap.yaml'15:49
jdstrandthose two tests are not from the review tools15:49
jdstrandpedronis: does what you looked at have those checks? ^15:51
Chipaca  - malformed 'version': 'this is some silly potatoes'15:52
diddledanno spaces?15:53
pedronisChipaca: that seems review tools tough15:53
pedronisnot the store itself15:53
pedronisI don't see a pattern check for version in the store code15:53
Chipacajdstrand: note review tool's [A-Za-z0-9.+:~-]+? means those things are also valid versions for this, fwiw15:54
Chipacaso, it's just snapcraft and review tools, beyond the length limit15:55
jdstrandChipaca: yes15:56
pedronisthere's a 32 chars max-length15:57
Chipacajdstrand: and i just pushed a thing with a version of ~ just to make sure15:57
pedronisin the sotre15:57
pedronisstore15:57
jdstrandalright, well, if there are no checks in the store, I'll just update the review tools to match snapcraft15:57
pedronisjdstrand: I'm double checking with other people about the store15:57
Chipacakyrofa: is there any reason snapcraft explicitly disallows epoch-style versions things?15:57
Chipacakyrofa: (there's no ":" in there)15:58
kyrofaChipaca, not that I know of. This regex has been there as long as I can remember15:58
jdstrandpedronis: it was some code that westby wrote. I can't remember the name of it. it might be gone now15:58
kyrofaChipaca, we don't use the version for anything other than plopping into the snap.yaml and putting it into the filename of the resulting snap15:59
jdstrandkyrofa: it probably should include ':'. people like to snapcraft a stage-package and just use the deb version15:59
kyrofajdstrand, yeah easy peasy. Sounds like we want some other changes too though, perhaps to not start or end or have multiple [.+~-:]16:00
Chipacawould ^[a-zA-Z0-9]([a-zA-Z0-9:.+~-]{,30}[a-zA-Z0-9+])?$ be any better?16:00
Chipacaoh, oh, _ also16:00
pedronisjdstrand: other store people seems to confirm there's no check (atm)16:00
Chipaca^[a-zA-Z0-9]([a-zA-Z0-9:.+~_-]{,30}[a-zA-Z0-9+])?$16:00
pedronis*seem16:00
kyrofaYeah seems fine to me Chipaca. You want it, you got it16:00
Chipacamvo: you also know something about versions, could you eyeball it? ^16:01
mvoChipaca: in a meeting right now, will look soon16:01
Chipacamvo: ack16:02
jdstrandChipaca: I would suggest: ^[a-zA-Z0-9]([a-zA-Z0-9:.+~_-]{,30}[a-zA-Z0-9+~])?$16:03
jdstrandChipaca: (allow ~ at the end)16:03
Chipacajdstrand: i don't mind; what version are you imagining that needs it?16:05
jdstrand1.2.3-2~16:05
ChipacaI left the + in there because I imagined somebody wanting a 3.2+ version16:05
jdstrandI've seen that before16:05
Chipacaok, fair16:05
mvoyeah, 1.0~ will be common16:05
mvo(ish)16:05
mvoits a common pattern for e.g. backports16:06
Chipacaalso if [+~_-] isn't an emoticon it should be16:06
jdstrandChipaca: alright, adding to trello ^[a-zA-Z0-9]([a-zA-Z0-9:.+~_-]{,30}[a-zA-Z0-9+~])?$. ping me if changing16:06
Chipacajdstrand: will do, thank you!16:06
jdstrandI'm also surprised that the review tools allow what they do... they didn't always. I remember the discussions. anyway, who cares, it is changing now :)16:07
Chipacakyrofa: running with this one ^ will shout if it changes16:07
Chipacaalso may i suggest you python people use (?: instead of plain ( :-P16:07
Chipacakyrofa: actually i'm not sure what the schema validation uses for regexps; if {,30} trips it up, you can use a * and the max-length of 32 will catch it16:10
* Chipaca breathes in, lets people deal with their problems, and gets back to his own16:11
kyrofaChipaca, sounds good16:15
kyrofaSorry, made the mistake of launching chrome. Had to reboot16:16
Chipacawritten forum post ahead of PR, because why not: https://forum.snapcraft.io/t/snapd-enforcinig-snap-versions/397416:22
Chipaca(currently not listed so people aren't confused :-) )16:22
kyrofaChipaca, waiit.. how do you do unlisted posts?16:23
kyrofajdstrand, what kind of timeline do you anticipate for that change? We should coordinate16:24
Chipacakyrofa: magic16:25
* kyrofa hears "special permissions you don't have"16:25
Chipacakyrofa: (tap the gear, it should be there)16:25
* Chipaca publishes a snap with a version of 'unpredictable-counterrevolutions'16:26
kyrofaI see hide details and poll16:26
jdstrandkyrofa: not terribly soon unless someone wants it *right now*16:26
Chipacakyrofa: you pleb16:26
kyrofajdstrand, no rush from me. I suppose snapcraft could make the change before you folks and it would be okay. It'd be bad the other way around16:26
* kyrofa puts together a PR16:27
mvoChipaca: the version of "base-18" is "very-unstable", but that should still validate right?16:27
Chipacamvo: unpredictable-counterrevolutions validates :-)16:27
mvoChipaca: heh16:28
jdstrandkyrofa: what is in the review-tools is pretty close to what we agreed to16:29
kyrofaGood deal16:29
jdstrandkyrofa: I guess just commit to snapcraft soon and these can just roll in later16:29
kyrofajdstrand, sounds good16:30
jdstrandthe only problematic one is '_' in that you'll start allowing '_' but the review tools won't16:30
jdstrandbut, you'd have to know that all of a sudden you could use it16:30
jdstrandthe other bits show the review tools more strict already, and people haven't been complaining16:31
Chipacaor we haven't heard them :-)16:31
Chipaca(i think it's the sort of thing that people will hit, complain, tweak the string, and move on16:32
Chipaca)16:32
Chipacas/complain/grumble/ perhaps16:32
jdstrandpoint is, status quo if we aren't in perfect sync16:32
jdstrandwhen we are in perfect sync, no more grumbling16:32
roadmrhi jdstrand16:36
roadmrjdstrand: so nothing will change with the review tools r1000 unless I set that resquashfs env vraiable, right?16:37
jdstrandroadmr: not wrt resquash, no16:38
roadmrjdstrand: ok - right. I have r1000 on staging right now and it was happy with my usual, trivial test snap16:39
* jdstrand nods16:39
jdstrandroadmr: you may have noticed all the snaps in tests/ in the bzr tree16:39
roadmrjdstrand: oh I did not! awesome!16:39
jdstrandroadmr: that was part of all the testsuite updates I did16:40
Chipacajdstrand: kyrofa: you've probably realised by now that it's {0,30} not {,30} in the regexp16:40
jdstrandChipaca: yes16:40
Chipacathe {,30} might be a perlism, or it might be a bug in my head :-)16:40
roadmrjdstrand: fantastic! I usually sanity-check locally against some bogus snap I have, to avoid pushing a bogus revno, but this should make all that moot!16:40
roadmrmoot-woot!16:40
jdstrandroadmr: if you want to send me that snap, I can add it to the tools16:41
jdstrandor anything else you like to test16:41
roadmrjdstrand: I don't think it's needed, it's an empty snap with classic confinement and only meant to protect against that case we had once...16:41
roadmrjdstrand: where you had an undeclared dependency so the thing worked for you but failed when pushed to the store16:41
jdstrandI may already have that use case in there16:41
roadmrjdstrand: to be honest I think I'll switch my local testing from my crap snap to the list you have here, though again it's for sanity, if you ran that test suite at merge time that looks quite thorough16:42
jdstrandroadmr: note I said 'wrt resquash'. that is because there are new and updated checks, but that is all normal stuff16:42
roadmrjdstrand: so does resquash modify the snap-under-test? or just verifies that when resquashing, the result is identical to what was uploaded?16:43
roadmrjdstrand: (that's why I zeroed in on that feature - was worried it might somehow alter the uploaded snap)16:44
roadmrin which case many components would be unhappy16:44
jdstrandroadmr: there is a big matrix for testing that I use. 14.04 was tested. running 'make functest' will run the tools on tests/, but the output is different on 14.04 and 16.04 on some click stuff due to testsuite mocking16:44
jdstrandroadmr: that will go away when I drop click/snapv116:44
roadmrthat'll be awesome16:45
jdstrandroadmr: the resquash will *not* modify the original squash. it unsquashes then resquashes and makes sure they are the same16:45
jdstrands/they are/it is the same as the orig/16:45
roadmrjdstrand: ah, nice!16:45
jdstrandyeah, we totally don't want to touch the original16:46
jdstrandroadmr: also note, that the resquashfs have always run16:46
roadmrohh16:46
jdstrandroadmr: they are even running in r1000. I didn't change that16:46
jdstrandroadmr: the env vars say whether the check is enforced or not, and whether or not to use fakeroot16:47
jdstrandthey haven't been enforced for a long time, and r1000 doesn't change that16:47
jdstrandonce snapcraft 2.39 is is in -updates on all the releases, I'll turn enforcement back on16:47
roadmrjdstrand: I see. So if it's enforced it'll actually return an error if they don't match?16:48
jdstrandroadmr: yes16:48
jdstrandbut the snap needs to be squash with -no-fragments, otherwise false positives16:48
jdstrandand snapcraft 2.39 does that16:48
roadmrjdstrand: ok. I was thinking how to set that variable but from this I get we shouldn't, until you ask for a tools update which enforces this, right?16:48
jdstrandroadmr: yes. you don't need to do anything. I was mentioning it in case you wanted to test it yourself or do something on staging, etc, but prod doesn't need to do anything16:49
roadmrjdstrand: ok. Sounds like we'll test that once you enable it (at which point it'll make it to staging anyway)16:50
jdstrandroadmr: when I turn on enforcement, it'll be by default and the tools will honor SNAP_RESQHASHFS_ENFORCE=0 to turn it off16:50
roadmrjdstrand: much fiddlier for me to add a feature flag to set the env var16:50
jdstrandyes16:50
roadmrjdstrand: right, we can totally add the feature flag if we see a lot of false positives and we want to be able to switch that off quickly16:50
jdstrandthe env var was mostly for us in debugging the enforcement feature16:50
jdstrandI never wanted you to have to do anything16:51
roadmrthanks :)16:53
roadmrwe're clear on that then. r1000 should land in prod sometime this week16:53
jdstrand\o/16:53
jdstrandthanks :)16:53
roadmrjdstrand: I'll be afk from tomorrow until Feb 21st16:53
jdstrandroadmr: ack. while I have you, you adjusted the debs to install already?16:54
roadmrjdstrand: yes, I did that first on staging to ensure none of the deps wrecked the world, then updated the tools, which are running fine too16:54
jdstrandperfect16:54
jdstrandthanks again! :)16:54
jdstrandmost of those deps you probably had. a few are if you want to run parts of the testsuite there16:55
roadmrjdstrand: yes, we did tweak the set of deps a bit (removed python3-all since we already install python3) but there were only 5 new ones16:56
* jdstrand nods16:56
Chipacawhy, oh why, doesn't the go test runner tell me exactly what file it's running? There are eleventyone backend_test.go and at least five have a TestUpdatingSnapToOneWithFewerHooks :-/17:10
mupPR snapd#4652 opened: tests: fix spread test failures on 18.04 <Created by mvo5> <https://github.com/snapcore/snapd/pull/4652>17:32
RobertGlickHello everyone I am having problems removing a snap17:39
RobertGlickI keep getting an error I have googled and seems like I must be the only one17:40
RobertGlickthe error is error: cannot remove "chromium": snap "chromium" has changes in progress17:40
RobertGlickI did a reboot and did not open chromium and I am still getting this message17:41
ogra_snap changes ?17:41
RobertGlickno17:41
ogra_(i mean ... run that command to see the changes in progress)17:41
RobertGlickah ok17:41
kyrofaRobertGlick, then run `snap change <changeid for chromium>` to see what it's doing17:42
RobertGlickok got 4 errors installing chromium17:42
RobertGlickbut then it succesfully installed17:43
ogra_can you just paste the output of the snap changes command to https://paste.ubuntu.com/ ?17:44
ogra_also "snap version" would be helpful17:44
RobertGlickhmm I pasted17:46
ogra_give us the url then :)17:46
RobertGlickbut should there be a link17:46
ogra_yes, in the url bar in your browser window17:47
RobertGlickhttps://paste.ubuntu.com/=cybnndDSsC/17:47
RobertGlickhow to see snap version17:47
ogra_just run "snap version"17:48
RobertGlickthanks17:48
ogra_that will print all relevant version info ybout your system17:48
RobertGlick2.3017:48
ogra_the full output please :)17:48
RobertGlicksnap    2.3017:48
RobertGlicksnapd   2.3017:48
RobertGlickseries  1617:48
RobertGlicksolus   317:48
RobertGlickkernel  4.14.18-51.current17:48
ogra_ah17:48
ogra_solus ...17:49
RobertGlickyup17:49
ogra_ikey, your customer ! ^^^^^17:49
ogra_:D17:49
RobertGlickThanks17:49
RobertGlickwill do17:49
ikeyogra_, what the who18:05
ikeyoh hey a customer18:05
ogra_ikey, yeah, you have them !18:05
ogra_:)18:05
ikeywe need to update our snapd before we look further into bugs me thinks18:05
ikeyso that everyone is on the same baselevel18:06
ogra_well, 2.30 is the current stable one18:07
ikeyo .31 is unstable?18:08
ogra_candidate18:08
ikeyo18:09
mupPR snapd#4642 closed: many: add nfs-home flag to system-key <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/4642>18:12
RobertGlickogra_ and ikey fixed it  not sure how this worked but i did sudo snap revert chromium then sudo snap remove chromium and it removed18:20
ogra_great18:20
ogra_it was probably just still doing some delayed operation while you tried the remove the first time18:21
RobertGlickhmm strange i did a reboot and did not open the app18:21
RobertGlickand was still getting that error18:21
RobertGlickbut happy reverting and removing worked18:22
RobertGlickogra_ one last question how do I clear the cached version to download a fresh copy?18:28
ogra_there is no caching18:28
ogra_it should just download anew if you removed the snap before18:29
RobertGlickok18:29
RobertGlickthanks18:29
mupPR snapcraft#1923 opened: mypy: update to 0.560 <Created by kyrofa> <https://github.com/snapcore/snapcraft/pull/1923>18:32
mupPR snapcraft#1914 closed: docker: add Dockerfiles for all risk levels <Created by kyrofa> <Merged by kyrofa> <https://github.com/snapcore/snapcraft/pull/1914>19:47
jdstrandtyhicks: so, that dbus service activation change is proving to be annoying: https://github.com/snapcore/snapd/pull/4652#discussion_r16766524120:07
mupPR #4652: tests: fix spread test failures on 18.04 <Created by mvo5> <https://github.com/snapcore/snapd/pull/4652>20:07
jdstrandtyhicks: I'm not sure why dbus isn't defaulting to 'unconfined' if AssumedAppArmorLabel is not set...20:08
jdstrandtyhicks: istr you saying you'd look at it, comment in a bug, something... (am I crazy?)20:09
tyhicksjdstrand: that sounds like something I said but I think I let it fall off my plate once it sounded like there was a usable workaround20:10
jdstrandtyhicks: I mean, really, it could even be configured via bus configuration20:11
tyhicks(I think that was mid-sprint, too, so maybe that had something to do with it)20:11
jdstrand<apparmor mode="(enabled|disabled|required)" assumedlabel="unconfined"/>20:11
jdstrandtyhicks: ok... how should we proceed now? what are your thoughts on what it should be doing?20:15
tyhicksjdstrand: I've taken a note to look into it soon20:16
jdstrandtyhicks: ok, thanks. holler if you want me to do anything. in the PR with mvo, I recommended adjusting systemd's timedate1 dbus service file20:17
tyhicksjdstrand: I don't have an answer right now but I think we discussed a new permission that may be implied by an existing permission20:17
jdstrandoh right20:17
jdstrandtyhicks: well, when you have time to look at it, feel free to ping me to discuss20:18
tyhicksjdstrand: will do - thanks!20:19
roadmrjdstrand: hey so the tools already support common-id for apps within a snap, right?20:48
jdstrandroadmr: as of r100020:49
roadmrjdstrand: fantastic :) thanks! (just checking)20:49
jdstrandroadmr: 980.1.3 to be specific20:51
roadmrright :) cool!20:51
jdstrandroadmr: and 980.1.4 has your ctime fix20:52
jdstrandas it happens, I saw that issue today with r950. looking forward to r100020:53
roadmrjdstrand: oh perfect :) yes, I haven't seen it super often but sometimes it happens20:53
roadmrjdstrand: haah it was fun with wxmaxima which had daily builds and when one got stuck it built a queue of like 100 revisions :/ pushing them through by hand was fun20:53
* roadmr said fun twice, imagine how fun it actually was20:53
jdstrandhehe, yes :)20:56
mupPR snapcraft#1564 closed: setup: changes to make installable from PyPI <Created by sergiusens> <Closed by kyrofa> <https://github.com/snapcore/snapcraft/pull/1564>22:45
mupPR snapd#4653 opened: all: snap versions are now validated <Created by chipaca> <https://github.com/snapcore/snapd/pull/4653>23:05
mupBug #1749028 opened: snapd and disks <Snappy:New> <https://launchpad.net/bugs/1749028>23:12

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!