/srv/irclogs.ubuntu.com/2018/02/22/#snappy.txt

mupPR snapcraft#1948 closed: tests: move test files out of the snapcraft dir <Created by elopio> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/1948>03:33
mborzeckimorning06:05
mborzeckimvo: morning07:25
mborzeckimvo: someone on arch tried to use `snap run --gdb` to debug a segfault with nvidia, they had some problems though so i'm trying to find out more07:28
mvomborzecki: aha, interessting. yeah, this is super new. keen to learn more about the exact issues07:30
mborzeckizyga: hey, feeling better?07:37
zygamborzecki hey07:37
zygayeah I feel better07:37
zygaI think the worst is over now, I'll try to help as much as I can now07:37
mborzeckizyga: take it easy ;) no use if end up getting worse07:39
zygathanks, I'm wrapped in blanket and dressed like an onion07:40
mvozyga: hey, welcome back. yeah, be careful and take it easy. I wonder how long I will last, my kids are sick too07:42
zygais it flu as well?07:42
zygaI had fever for a few days but now it's (almost) good, I hope your kids are better quickly07:43
mvozyga: yeah, fever and all that07:45
kalikianagood morning07:50
kalikianazyga: are you using tor as well? ;-)07:51
zygakalikiana, no I don't use tor07:52
kalikianaJust thinking you are dressed accordingly at least07:52
zygaaahh07:52
zyga:D07:52
zygasorry, I'm slow on jokes today07:52
zygayeah, I wish there was a flu firewall ;)07:53
kalikianaAvoid touching your face with your own hands ever unless you cleaned your hands07:55
zygacan I git push? :)07:55
kalikianaYou can you the keyboard, it's the dirtiest thing around you anyways07:56
kalikiana*touch07:56
zygaI clean my keyboard regularly but yeah07:56
mwhudsonsnap download going extremely slowly for me for some reason :/08:12
mwhudson35 kB/s08:13
pstolowskimorning!08:20
zygahey pawel08:26
zygamwhudson are you being redirected to some CDN on the other side of the planet?08:26
mwhudsonzyga: how would i tell?08:26
mwhudsonit was fast yesterday i think...08:26
zygamwhudson mmm, good question08:26
zygaI don't know08:26
mborzeckipstolowski: hey08:26
mwhudsonbut that might have been office vs home08:26
zygamwhudson btw, kudos on the installer work, it's stellar!08:26
mwhudsonzyga: thanks, it's ok :)08:30
pstolowskizyga, hey, can you revoke your approval of #4358 (I don't seem to be able to)? there were many additions that it mandates 2 reviews again I'm afraid08:35
mupPR #4358: interfaces: interface hooks implementation <Created by stolowski> <https://github.com/snapcore/snapd/pull/4358>08:35
zygasure08:35
pstolowskithankx08:36
mborzeckitravis jobs timing out again?09:03
Chipaca*yawn*09:09
zygahey John09:14
pedronisChipaca: hi09:21
Chipacazyga: pedronis: hiya09:22
Chipacazyga: are you back amongst the living?09:22
zygahey pedronis :-)09:22
zygaChipaca yeah, more or less09:22
* Son_Goku rises from the dead09:28
mborzeckiguys, should we have a content snap with debugging symbols for the core?09:54
mupPR snapd#4715 opened: store: reorg auth refresh <Created by pedronis> <https://github.com/snapcore/snapd/pull/4715>09:54
pedronisChipaca:  this ^ might be something for you to review09:54
zygamborzecki very interesting and big problem to solve correctly (ideally with gdb support for snap run --gdb)09:55
mborzeckian example, a user found a segfault that happens with nvidia drivers and snaps that require acceleration, he tried to use snap run --gdb, got this https://hastebin.com/sutuguquxu backtrace points to libc (probably something corrupt) but it's hard to discern what has really happened09:55
mvohrm, a pastebin that requires javascript to display text *grumpf*09:57
pedronismvo: I +1ed #4103,  but there were quite a few changes since Gustavo's +1, I think it needs a 2nd review again, not sure if by Gustavo or somebody else, maybe pawel10:09
mupPR #4103: snapstate: auto install default-providers for content snaps <Created by mvo5> <https://github.com/snapcore/snapd/pull/4103>10:09
pedronisChipaca: mvo: what do you think of a PR  that does  s/remoteRepoTestSuite/storeTestSuite/ s/UbuntuStoreRepository// in store/store_test.go10:17
Chipacapedronis: +3310:17
pedronisChipaca: ok, once a couple of other PRs touching store have landed I can do that, seems a clean up that is quite overdue10:18
pstolowskipedronis, mvo curious about your opinion on https://forum.snapcraft.io/t/snap-set-xxx-requires-configure-hook/413410:24
pedronispstolowski: my impression is that is something we could revisit when we have configuration schemas10:25
pstolowskipedronis, right, good idea. that will ensure people don't add more config garbage10:26
pedronisonce we have schemas to say what is the config/who can read it, then it might make sense to make configure optional10:27
pstolowski+110:28
mborzeckihmm: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/main/binary-amd64/Packages  Hash Sum mismatch10:28
pedronismvo: there's a failure of  tests/main/snap-service-refresh-mode on suse here:  https://travis-ci.org/snapcore/snapd/builds/344719396?utm_source=github_status&utm_medium=notification10:32
pedronisplus the Hash Sum mismatch stuff10:32
Son_Gokuzyga, mvo: new errors from gcc10:36
Son_Gokulibsnap-confine-private/locking-test.c: In function 'sc_test_use_fake_lock_dir':10:36
Son_Gokulibsnap-confine-private/locking-test.c:53:24: error: cast between incompatible function types from 'int (*)(const char *)' to 'void (*)(void *)' [-Werror=cast-function-type]10:36
Son_Goku   g_test_queue_destroy((GDestroyNotify) unsetenv,10:36
Son_Goku                        ^10:36
Son_Gokucc1: all warnings being treated as errors10:36
Son_Gokumake[1]: *** [Makefile:1571: libsnap-confine-private/libsnap_confine_private_unit_tests-locking-test.o] Error 110:36
zygaSon_Goku oho, thanks I will fix that shortly10:36
mupPR snapd#4716 opened: tests: make sure snapd is running before attempting to remove leftover snaps <Created by stolowski> <https://github.com/snapcore/snapd/pull/4716>10:38
mupPR snapd#4717 opened: cmd/snap-update-ns,testutil: move syscall testing helpers <Created by zyga> <https://github.com/snapcore/snapd/pull/4717>10:56
mupPR snapd#4718 opened: tests: disable interfaces-location-control on s390x <Created by mvo5> <https://github.com/snapcore/snapd/pull/4718>10:57
zygamvo ^ this is the first chunk of the move, it turned out to be pretty harmless actually, the diff is mostly caused by me writing tests for the testing helperrs10:58
* zyga -> break for lunch and meds10:59
mupPR core#81 opened: 14-set-motd.chroot: updated based on the suggestions from Mark <Created by mvo5> <https://github.com/snapcore/core/pull/81>11:04
* pstolowski lunch11:19
* pstolowski lunch11:23
=== wiking_ is now known as wiking
=== stokachu_ is now known as stokachu
niemeyerHeya11:34
niemeyerchipaca, mvo: Around?11:35
Chipacaniemeyer: o/11:35
niemeyerHey11:35
zygahey niemeyer11:36
niemeyerChipaca: did you catch up with mvo about command not found?11:36
Chipacaniemeyer: a little last night; last i heard there was more discussion to be had11:37
niemeyerWe said we'd have a call yesterday and I missed it.. Want to make sure you are in sync about the discussion in the meeting yesterday before spending time in a diff direction11:37
Chipacaniemeyer: i am not spending time on it, pending those discussions11:37
niemeyerMark suggested a simpler approach, which looks fine to me11:38
niemeyerHas less data11:38
niemeyerWe didn't agree on an output for the fuZy case but it should be easy to extrapolate11:38
niemeyerHe also recommended c-nf to be its own tool for the output to not go out of sync between the different backends11:39
niemeyerWhich is also fine since he understands we won't be able to change the output so easily11:40
mupPR snapd#4719 opened: timeutil: account for 24h wrap when flattening clock spans <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/4719>11:41
niemeyerI would like to preserve the idea of us using a command on our end, though, instead of having c-n-f coonsulting a file by itself.. The command can put json out11:41
niemeyerThe rationale for that is being able to evolve the implementation without having to keep historical data around that arbitrary tools depend on11:42
niemeyerChipaca: Those are the main points, I think11:42
niemeyerOr at least the main points that seem worth typing on a phone :)11:43
Chipacaniemeyer: ack. Not much for me in that; will await further news.11:48
=== cjwatson_ is now known as cjwatson
mupPR snapd#4720 opened: interfaces: add xdg-desktop-portal support to desktop interface <Created by jhenstridge> <https://github.com/snapcore/snapd/pull/4720>12:04
Chipacamvo: need to go to the school for a meeting, probably won't make it back for the standup12:17
zygamborzecki can you please have a look at https://github.com/snapcore/snapd/pull/471712:26
mupPR #4717: cmd/snap-update-ns,testutil: move syscall testing helpers <Created by zyga> <https://github.com/snapcore/snapd/pull/4717>12:26
ogra_mvo, is there anything wrong with the PPA  seems all nightly core snap builds failed with PPA errors ... https://launchpadlibrarian.net/357979314/buildlog_snap_ubuntu_xenial_amd64_core_BUILDING.txt.gz12:26
zygamost of the diff is just new unit tests12:26
mborzeckizyga: ok12:26
zygabut have a look at the API in general, I'd like to turn it from "locally crafted helper" to "semi reusable helper"12:26
zygahey ogra_12:26
* zyga looks12:26
ogra_hmm, ut different PPA issues in the different arches12:27
zygalaunchpad was offline for some maintenance lately, maybe that is related12:27
ogra_thats weird12:27
ogra_ah12:27
ogra_yeah, that might be it12:27
zygathough not really sure12:27
zygadoes it happen now or is that log from last night12:27
ogra_thats from 5:20 this morning12:28
ogra_but arm64 has an internal server error for the PPA https://launchpadlibrarian.net/357979358/buildlog_snap_ubuntu_xenial_arm64_core_BUILDING.txt.gz12:29
ogra_so i guess it was that maintenance window12:29
zygayeah, could be12:29
cjwatsonThere were some reboots which weren't completely perfectly coordinated.  Just retry those.12:36
pedronismborzecki: wasn't the issue here addressed:  https://travis-ci.org/snapcore/snapd/builds/344749295?utm_source=github_status&utm_medium=notification12:39
pedronisI merged master in that branch12:40
mborzeckipedronis: looking12:41
pstolowskimvo, "mainframe does not change location that often", love that :D12:43
pedronismborzecki: ah, the test seems to need to be fixed too12:44
mborzeckipedronis: hah right12:44
mborzeckipedronis: are you fixing this or should i?12:45
pedronisI can fix it I suppose12:45
pedronismborzecki: I find the original code a bit strange to be honest12:53
mborzeckipedronis: you mean globbing & stuff?12:53
pedronisI mean all this replacing12:53
pedronisbut not your fault12:54
pedronisseems just odd12:54
mvoogra_: thanks, I have not seen this error yet, hope its transient?13:02
kalikianare13:17
ogra_mvo, i fired off a new auto-build, then we will know soon13:36
ackkhi, is something special required in the snap to make xdg-open work? I have the snapd-xdg-open package installed (this is artful)13:36
magicaltrouthas the snap store died a death?13:37
zygaackk it depends on what you want to open13:37
ackkzyga, web url13:37
zygaackk then it should just work13:37
zygawhat happens when you try?13:37
ackkzyga, https://pastebin.canonical.com/p/WhvMqTgCDx/13:38
ackkzyga, note that is a --devmode snap installed via snap try13:38
ackk(if it makes a difference)13:38
zygaah13:38
zygadon't ship xdg-open13:38
ackkah you mean it's trying to use the wrong one?13:39
zygakalikiana ^ snapcraft should not bundle xdg-open deb as it will just break things13:39
zygayes, it's using the regular one and that's shadowing the magic one13:39
zygamagicaltrout what are you seeing?13:39
magicaltroutapi.snapcraft.io is 503ing13:39
magicaltroutcan't install anything13:40
mborzeckimvo:  the 2.31-maybe PR  I mentioned: https://github.com/snapcore/snapd/pull/459413:41
mupPR #4594: systemd, wrappers: start all snap services in one systemctl call <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4594>13:41
ahasenackmagicaltrout: confirmed13:42
magicaltroutlovely13:42
ahasenackI pinged staff13:42
magicaltroutthanks13:42
zygahttps://status.snapcraft.io is useful13:43
magicaltroutah13:43
magicaltroutcool13:43
magicaltrout99.57%13:43
magicaltrouthow rubbish! ;)13:43
ackkzyga, fwiw we don't pull it in explicitly, it's pulled as a dep13:45
mvojdstrand: hey, quick question - do we want settimeofday in time_control.go (in the time-control inteface). I think we do and we did in 2.31 but for some reason its not there in master afaict. I noticed when doing the merge of 2.31 back into master (c.f.  https://github.com/snapcore/snapd/pull/4712/files#diff-398a6a1ea514e53bd322812b60f02924R111 )13:50
mupPR #4712: release: version 2.31.1 <Created by mvo5> <https://github.com/snapcore/snapd/pull/4712>13:50
ackkzyga, i guess we can strip it manually from the snap13:51
zygaackk yes, please try to remove it, I think you can do that with one of the organize features of snapcraft13:51
zygakalikiana may be able to help, I don't remember the syntax for them13:51
ackkzyga, yeah, thanks for the info13:51
brunosfererror: unable to contact snap store13:52
ackkzyga, does the base snap provide xdg-open?13:53
zyga  yes13:53
ackkI wonder if base-18 has it13:53
zygaackk it is a part of snapd now13:53
zygabut ... hmm13:54
zygamvo ^ perhaps omission13:54
ackkzyga, it's not there in base-18 fwiw13:54
mvoyeah, base-18 does not have it just yet13:54
jdstrandmvo: it was in https://github.com/snapcore/snapd/pull/468713:54
mupPR #4687: interfaces: miscellaneous policy updates for home, opengl, time-control, network, et al <Created by jdstrand> <Merged by zyga> <https://github.com/snapcore/snapd/pull/4687>13:54
jdstrandmvo: which says it was merged...13:54
* jdstrand scratches head13:54
mvojdstrand: yeah, I'm puzzled13:54
jdstrandmvo: but looking at https://github.com/snapcore/snapd/pull/4687/files, it isn't in there13:55
mupPR #4687: interfaces: miscellaneous policy updates for home, opengl, time-control, network, et al <Created by jdstrand> <Merged by zyga> <https://github.com/snapcore/snapd/pull/4687>13:55
jdstrandbut there it is: https://github.com/snapcore/snapd/pull/4687/commits/c1093d46437a33d60d7378b1c6676818655bc35913:56
b4ntHello, is the snapcraft downtime planned?13:58
zygab4nt no, https://status.snapcraft.io13:58
pedronisit should be back13:58
* jdstrand verifies the others13:58
b4ntok, weird...13:59
mvojdstrand: yeah, its there and the log says it is mereged but https://github.com/snapcore/snapd/blob/master/interfaces/builtin/time_control.go#L109 in master does not have it and I'm puzzled why13:59
jdstrandmvo: this reverted it: https://github.com/snapcore/snapd/pull/4687/commits/cc5dcd8cd8879f81d9077b8300b36dd1db2224eb13:59
mupPR #4687: interfaces: miscellaneous policy updates for home, opengl, time-control, network, et al <Created by jdstrand> <Merged by zyga> <https://github.com/snapcore/snapd/pull/4687>13:59
zygab4nt it's down but not on purpose13:59
mvojdstrand: ohhhh13:59
mvojdstrand: accidently?13:59
mvojdstrand: if it got reverted by mistake I will just pull it back in via the 2.31 merge14:00
jdstrandmvo: I know there was a conflict in that file. I may have done a rebase somewhere and reorganized and messed it up14:00
jdstrandmvo: definitely a mistake14:00
mvojdstrand: no worries!14:00
mvojdstrand: thank you for helping solve this mystery :)14:00
jdstrandheh14:00
mvojdstrand: its back now!14:01
jdstrandmvo: sorry :) and thank you for pulling that in and noticing it in the first place! :)14:01
diddledanis api.snapcraft.io down?14:01
diddledanI'm getting 40314:01
mupPR snapd#4712 closed: release: version 2.31.1 <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4712>14:01
mvojdstrand: np!14:01
diddledanaah, I'm behind - I see yes it is14:02
mupPR snapd#4718 closed: tests: disable interfaces-location-control on s390x <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4718>14:02
diddledanbonus points for zyga sharing the status.snapcraft.io page which I didn't know existed14:03
kalikianaackk: zyga: what do you need to know for organize? to exclude a binary?14:07
zygakalikiana yes, get rid of xdg-open14:07
zygaand it should _probably_ be excluded by default14:07
kalikianawhat's pulling it in? desktop helpers?14:08
zygakalikiana unclear, ackk can share his snapcraft yaml14:08
kalikianaI'd recommend `snapcraft help plugins` to learn about he syntax in general. There's a section about "organize" as well as the other generic keywords14:09
kalikianaOkay, looking at the YAML would be best to see what's needed here14:09
mborzeckioff to pick up the kids14:10
ackkkalikiana, amtterm is pulling it in as a dependency14:11
ackkkalikiana, zyga: https://git.launchpad.net/maas/tree/snap/snapcraft.yaml14:12
kalikianaackk: Ah. By the looks of it, you can probably just add -usr/bin/xdg-open to the existing "remove" fileset. Note the leading - in addition to the - for each item in the list. That's how you exclude.14:15
ackkkalikiana, ah yeah, thanks14:15
ackkkalikiana, I'll try that14:16
=== leftyfb_ is now known as leftyfb
mupPR snapd#4717 closed: cmd/snap-update-ns,testutil: move syscall testing helpers <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/4717>14:21
ogra_mvo, looks like the builds succeeded, so it was transient indeed14:29
jdstrandsergiusens: hi! not sure you saw, but https://github.com/snapcore/snapcraft/pull/1945#pullrequestreview-9835015714:30
mupPR snapcraft#1945: elf: clear execstack by default <bug> <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/1945>14:30
mvoogra_: puh, thanks14:31
jdstrandzyga: hi! would you mind briefly looking at https://github.com/snapcore/snapd/pull/4714, and responding to my questions? that way I can finish the PR for a proper review14:31
mupPR #4714: interfaces/apparmor,system-key: add upperdir snippets for strict snaps on livecd <Created by jdstrand> <https://github.com/snapcore/snapd/pull/4714>14:31
zygagladly, looking14:31
jdstrandzyga: thanks!14:31
zygaI'm doing some cleanups in that area actually14:32
zygathis should address point 1014:32
zyga1)14:32
jdstrandzyga: fs_detect.go could be detect.go?14:32
jdstrandzyga: ah, ok14:33
zygajdstrand I'll probably merge overlay, nfs into mount.go later14:34
sergiusensthanks jdstrand14:36
zygajdstrand reviewed14:40
jdstrandzyga: fyi, willcooke asked about the per-user mounts feature yesterday (I heard you were out. hope you're feeling better). I tried to summarize it as best I could that you are actively looking at it with priority14:40
mupPR snapd#4721 opened: tests: update interface tests to remove extra checks and normalize tests <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/4721>14:41
jdstrandzyga: thanks!14:42
zygajdstrand does this look sane, as a list of mount constraints for user mounts: https://pastebin.ubuntu.com/p/V6zXf9wWkd/14:53
mvoChipaca: the snap pack validation saved my bacon a couple of times today when creating test snaps, nice job15:06
jdstrandzyga: looking15:07
zygajdstrand thanks15:07
jdstrandzyga: I'd love for point '3' to be enforceable because then this could be bulletproof. unfortunately '3' can't be a constraint for portals to work (see https://github.com/snapcore/snapd/pull/3963#discussion_r164623540)15:13
mupPR #3963: cmd/snap-confine: add support for per-user mounts <Created by jhenstridge> <https://github.com/snapcore/snapd/pull/3963>15:13
zygaaha, in that case 3 has to fly off the list15:14
jdstrandzyga: yeah. otherwise +115:14
zygajdstrand btw, I was thinking about traversing the filesystem (descending from /) and then doing mount ., this would halve the attack surface15:14
zygafor bind mounts that is15:14
zygafor normal mounts it would make it race-free15:15
zyga(whee)15:15
zyga(well, assuming /dev doesn't race015:15
jdstrandzyga: that's an interesting idea15:17
zygawe could also do one more crazy thing15:17
zygafor bind mounts15:17
zygabut that's not for today15:17
ackkmvo, is there a place to file bugs about things that are missing in base-18, or is it too early?15:18
zygajdstrand do you think it is worth it?15:19
jdstrandzyga: if you do ConservativeMount, then I think that should be sufficient for portals for now since the setuid process (which dropped, but retains enough privilege to mount) will fail if mismounted15:19
jdstrandwe have to get that detection right though15:19
jdstrand(mismount detection)15:19
zygaright15:19
zygaI think that's quite easy but maybe I miss something15:19
jdstrandwe can consider hardening after15:19
zygabecause of rule 4) we can simply look for the mount point in mountinfo _after_15:20
zygaso before we mount we ensure that mountinfo doens't contain the mount point15:20
zygaand after mount we ensure that it does15:20
zygathis means that we managed to mount exactly where we intended15:20
jdstrandzyga: james h had trouble with it, but he didn't write all the mount code you did. it seemed like something that would be easy for you :)15:20
zygaI wrote some test code for that15:21
mupPR snapd#4599 closed: many: send  new Snap-CDN header with none or with cloud instance placement info as needed <Created by pedronis> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/4599>15:22
jdstrandzyga: hmm. actually I was thinking of '4' as 'a snapd managed mountpoint', not an 'absolute mountpoint'15:22
jdstrandzyga: because XDG_RUNTIME_DIR (/run/user/uid) *is* a mountpoint15:23
zygaaha15:23
zygaso that's good feedback, I didn't realise that15:23
jdstrandzyga: *perhaps* for just portals it is ok because XDG_RUNTIME_DIR will *not* be a mountpoint15:23
zygaI will have to adjust the verification logic accordingly15:23
zygammm, one sec15:24
jdstrandzyga: but we will want to mount on XDG_RUNTIME_DIR to cleanup the wayland compat symlinks in XDG_RUNTIME_DIR/snap.foo/wayland -> ../wayland15:24
jdstrand(ie, get rid of wrappers)15:25
zygajdstrand so for portals we'll have the equivalent of: mount --bind $XDG_RUNTIME_DIR/doc/by-app/snap.pkg.$SNAP_NAME $XDG_RUNTIME_DIR/doc15:25
zygajdstrand and what's the value of $XDG_RUNTIME_DIR we want?15:25
zygajdstrand /run/user/1234 or something else/15:25
jdstrandzyga: re equivalent> that is my understanding15:26
jdstrandzyga: with XDG_RUNTIME_DIR, it will be /run/user/<uid>, which is a mountpoint, but /run/user/<uid>/doc will not be15:26
jdstrandzyga: so '4'15:26
mvopedronis: thanks again for the review. I added a unit and spread test for circular content providers and I think this is good for a review by e.g. pstolowski15:26
jdstrandmeh15:26
jdstrandzyga: so '4' should be ok for portals15:26
pstolowskimvo, sure15:27
jdstrandzyga: but it won't be for the XDG_RUNTIME_DIR cleanup (if you recall, XDG_RUNTIME_DIR as /run/user/uid/snap.foo has been problematic for some snaps)15:27
jdstrandzyga: and to be even more clear, XDG_RUNTIME_DIR in this context is what the host sees as XDG_RUNTIME_DIR, not what the snap sees. portals won't bind mount into /run/user/uid/snap.foo/doc15:28
jdstrandaiui15:28
jdstrandwe might need jamesh for that bit if we want to keep '4' as a constraint15:29
jdstrandI think I can answer definitively though. while we could distro patch portals to do what we want, we can't distro patch all the distros, so it needs to operate the way it does, which is /run/user/uid/doc15:30
jdstrandjamesh: can you comment ^15:30
zygajdstrand thanks for explaining this, I'm still a bit slow on the logic (I'm still a little sick)15:32
jdstrandzyga: regardless. we do know that we want to eventually have a per snap mount of: mount --bind /run/user/uid/snap.foo -> /run/user/uid, with bind-file mounts for the wayland and pulse sockets15:32
zygathe per snap mount is okay as that can be done with non-conservative mount15:32
jdstrandzyga: I think the question is, do we plan for this now or do we do the 'whatever makes portals work today'15:33
zygaI think we make portals work while considering what will be needed eventually15:33
jdstrandwhere 'this' is the bind mount for /run/user/uid15:33
mvopstolowski: thank you!15:34
jdstrandzyga: if that is the constraint, then '4' can remain, but we need to comment that we'll need to lift this restriction at some point15:34
zygaok15:37
zygaI'll get to work15:37
mupPR snapd#4722 opened: store: cleanup test naming, dropping remoteRepo  and UbuntuStore(Repository)? references <Created by pedronis> <https://github.com/snapcore/snapd/pull/4722>15:41
=== lool- is now known as lool
pedronismvo: Chipaca:  #4722  is the cleanup I was talking about, prereq has not landed though, anyway probably easist to look at each commit by itself15:58
mupPR #4722: store: cleanup test naming, dropping remoteRepo  and UbuntuStore(Repository)? references <Created by pedronis> <https://github.com/snapcore/snapd/pull/4722>15:58
pstolowskimvo, reviewed, great stuff! some nitpicks/suggestions + one question16:46
mupPR snapd#4723 opened: Translate polkit strings <Created by gunnarhj> <https://github.com/snapcore/snapd/pull/4723>16:47
pstolowski#4716 needs 2nd review (and is trivial)16:53
mupPR #4716: tests: make sure snapd is running before attempting to remove leftover snaps <Created by stolowski> <https://github.com/snapcore/snapd/pull/4716>16:53
pedronispstolowski: I myself forgot about Attrer, thanks for the review16:55
pedronisI mean for mvo's PR16:55
pstolowskipedronis, np16:58
mvopstolowski: thanks,  I have a look and will fixup things17:01
pstolowskiyw17:03
* kalikiana wrapping up for today17:17
mupPR snapd#4724 opened: osutil: aggregate mockable symbols <Created by zyga> <https://github.com/snapcore/snapd/pull/4724>17:38
Chipacahuh18:14
Chipacamvo: you around?18:15
mvoChipaca: ish18:16
mvoChipaca: good envening18:16
Chipacamvo: good evening18:16
Chipacamvo: I've got a grep for you18:17
Chipacamvo: grep -r SNAP_REFRESH_FROM18:18
Chipacamvo: I have a relatively strong suspicion that the two lines should match more than they do18:18
mvoChipaca: uh, oh, I see the problem18:18
Chipaca:-)18:18
mvoChipaca: thanks for spotting this, lets fix it and get the fix in 2.31 (just in case)18:19
mvoChipaca: will you or shall I?18:19
Chipacafunny what you spot when a user asks questions18:19
* Chipaca hugs Odd_Bloke 18:19
* mvo hugs Odd_Bloke as well18:19
Chipacamvo: if you can do it, i'll review it18:20
mvoChipaca: thanks! lets catchup on c-n-f tomorrow morning, sorry that I did not managed today, but it looks like the default content provider is sorted, so that is good18:20
mvoChipaca: sure think18:20
Chipacamvo: my git is very messy right now18:20
Chipacaand the sort of messy that doesn't stash well18:20
Chipaca(added and removed files)18:20
=== pbek_ is now known as pbek
mvoChipaca: eh, actually - I think there is a reason! sorry, we used to have the _FROM_TIMER=1 and then changed it to the emergency timer. so the check in the code is really there to prevent us running in case of an old .service file/timer file being around (hope that makes sense)18:24
Chipacamvo: but there's nothing that triggers from the emergency timer18:24
Chipacai mean, setting that env var does nothing18:25
Chipacaor am i missing something?18:25
Chipaca(as it is the systemd timer is firing and people are seeing "manual" refreshes triggered by it)18:25
Chipacamvo: https://forum.snapcraft.io/t/refresh-vs-auto-refresh-in-snap-changes-output/414518:26
pedronisChipaca: afaik  "refreshed"  in snap info  is the time of revision mount directory18:27
Chipacapedronis: it's the mtime of the mount dir18:27
Chipacapedronis: i.e. the mtime of the squash root18:27
Chipacacode is in daemon/snap.go:57, func snapDate18:28
Chipacast, err := os.Stat(info.MountDir())18:28
Chipacaand then ModTime of that18:28
* Chipaca greps the logs18:31
Chipacamvo: so... it seems we had FROM_TIMER in the systemd files in debian, and FROM_EMERGENCY_TIMER in the ones in data, and at some point we dropped the ones in debian for the ones in data, but there never was code to handle the FROM_EMERGENCY_TIMER18:36
Chipacathe FROM_TIMER was there so that a new snapd (with internal timer) would ignore the systemd timer18:37
Chipacawhereas the FROM_EMERGENCY_TIMER I think the idea was that snapd would check how long it'd been since it refreshed?18:37
Chipacabut we never did that code afaict18:37
Chipacanot sure ¯\_(ツ)_/¯18:37
Chipacaah, the note on on the emergency one is that it'd just run a manual refresh once a week18:39
Chipacaehhhhhh18:39
pedronisChipaca: I suppose /snap/*/current mtime would be a better estimate of when it was refreshed, right?18:40
Chipacapedronis: I love the current value18:41
Chipacait tells you when the snap was created18:41
Chipaca(assuming sane system times where it was created, but hey)18:42
Chipacamaybe we should validate it though :-)18:42
* Chipaca seems to be thinking a lot about validation18:42
Chipacajdstrand: do we check the times in the squash at all?18:42
pedronisChipaca: yes, but I have been asked for other reasons, about the time the snap was refreshed18:42
pedronison the system18:42
Chipacaright, for that, get the mtime of /var/lib/snapd/snaps/<yoursnap>18:43
pedronisChipaca: that emergency timer behavior seeems bad18:43
Chipacapedronis: bd946e43a477b054b6ea944497998faa4a70944218:43
Chipaca(there's a followup that s/RY/CY/)18:43
Chipacapedronis: that's the explanation for the current behaviour18:43
pedronis?18:44
Chipacathe ignoring of FROM_TIMER is because if you have FROM_TIMER you're on an older systemd unit which runs too often18:44
Chipacaso that's ignored completely18:44
pedronisI thought EMERGENCY was for repairs18:45
pedronisnot refresh18:45
Chipacathis predates repairs by a lot, i think18:45
Chipacapedronis: ah, by  bd946e43a477b054b6ea944497998faa4a709442  i meant 'git show bd946e43a477b054b6ea944497998faa4a709442'18:46
Chipacapedronis: this is literally so if <random event> happens and the refresh timer never fires, _something_ kicks the system to refresh so we can fix it18:47
pedronisChipaca: that behavior is wrong now that we have monthly schedules18:47
jdstrandChipaca: not for reasonableness. we do for complete grossness (ie, if unsquasfs -lls matches "date_pat = re.compile(r'^\d\d\d\d-\d\d-\d\d$')" and "time_pat = re.compile(r'^\d\d:\d\d$')"18:47
jdstrandChipaca: is there something you are thinking about? this is kinda tricky for arbitrary files in the system18:48
jdstrands/system/snap/18:48
Chipacajdstrand: not sure if you saw, but we were talking about how we report the mtime of the root of the squash as the time the snap was … updated? (currently we say refreshed, which is wrong)18:49
jdstrandI didn't see that18:49
pedronisChipaca: we shouldn't trigger a random weekly one, if the schedule is monthly18:50
jdstrandChipaca: it might be better to look at the superblock18:50
Chipacajdstrand: how so?18:50
jdstrandthis is what the review tools do: extract the fstime from the superblock then feed that back in for the resquash18:50
Chipaca(and, how? :-) but i can google that)18:50
Chipacapedronis: we should make a note about it at least18:51
Chipacapedronis: 'system administrators that wish to have refreshes >1week should also adjust yadda yadda'18:51
pedronisChipaca: or we convey the env var along the api request18:52
pedronisand check something in snapd itself18:52
jdstrandChipaca: the why is cause it seems plausible that someone might have a dir tree up, never remove it and tickle files inside, so squashfs-root doesn't change (does mksquashfs update it? I don't know)18:52
Chipacapedronis: I'd favour that tbh18:52
pedronissounds like we need a note somewhere18:53
pedronisChipaca: can you add something here:  https://forum.snapcraft.io/t/refresh-scheduling-on-specific-days-of-the-month/1239 perhaps ?18:54
jdstrandChipaca: right, sBlk.s.mkfs_time. here is a patch I did for squashfs-tools for extracting that: http://launchpadlibrarian.net/242328684/squashfs-tools_1%3A4.2+20130409-2_1%3A4.2+20130409-2ubuntu0.14.04.1.diff.gz18:55
jdstrandperhaps mksquashfs updates squashfs-root times whenever it is created18:56
jdstrandthat's easy enough to check18:56
Chipacajdstrand: i can confirm the root timestamp doesn't change unless something in it contains directly changes18:56
jdstrandok18:57
ChipacaIOW mksquashfs preserves the filesystem timestamp18:57
Chipacawait, let me double-check the flags we use18:57
jdstrandChipaca: so, mksquashfs is is going to update the mkfs_time on each run18:57
jdstrandChipaca: so you don't have to worry about squashfs-root18:57
Chipacaa'ight18:58
ChipacaI'll fix this at some point18:58
jdstrandI mean, someone could game that, but what does it gain them? buggy freshness?18:58
jdstrandso I think mkfs_time is going to be most robust18:58
jdstrand(even if it can be gamed)18:59
Chipacapedronis: https://forum.snapcraft.io/t/refresh-scheduling-on-specific-days-of-the-month/1239/1819:02
Chipacajdstrand: okie doke19:03
Chipacanot for the first time I find myself thinking of writing a squashfs parser in go19:03
jdstrandheh19:03
Chipacajdstrand: that patch isn't upstream, is it?19:03
jdstrandit shouldn't be *terrible* to extract the super block...19:04
pedronisChipaca: thank you19:04
jdstrandChipaca: in squashfs-tools? no19:04
Chipacaah well19:04
Chipacai should have a way to ask the kernel for this19:05
Chipacahuh, "file" knows how to find it19:06
jdstrandChipaca: $ unsquashfs -s /path/to/snap19:07
jdstrandCreation or last append time Fri Feb  2 19:23:56 201819:07
Chipacaaww, that's a lot easier than figuring out what '>>>40   bequad x'  means19:08
* Chipaca hugs jdstrand 19:08
* jdstrand hugs Chipaca :)19:08
pedronisChipaca: "file" knows a lot of things19:09
jdstrandit does19:09
jdstrandit also occasionally has bugs19:09
Chipacaevery time I'm tempted to look at its sourcecode I'm amazed it works so consistently well19:10
jdstrandI can't remember otoh, but I feel like it had to do with the review-tools and file behaving differently on 14.04 and 16.04+19:10
jdstrandI could be making that up. I know I was annoyed with file once though19:10
jdstrandoh yeah, it's great19:11
Chipacamvo: you'll be pleased to hear that "unsquashfs -s" does report errors with an exit code different from zero19:11
jdstrandI was just thinking through if you used file, you'd probably want to use the one from the core snap rather than the system19:11
ChipacaI don't think there's a file in the core snap19:11
jdstrandall the more reason to use unsquashfs :)19:12
Chipacaooh, yes there is a file in the core snap19:12
Chipacaoh wait this one is classic19:12
* Chipaca backpedals19:12
pedronisI'm not finding it19:12
jdstrandand yes, isn't unsquashfs annoying in that it returns 0 when it seems pretty clear it shouldn't?19:12
Chipacathere's no file in the core snap :-)19:12
jdstrandglad -s is reasonable19:13
Chipacajdstrand: we have a bug about that, and a patch upstream, thanks to mvo19:13
pedronisno "file" in core19:13
jdstrandChipaca: I actually wonder how the world will break if that patch is applied19:13
pedronisthere is "fold" though19:14
jdstrandTyler came across it (might be what prompted mvo to submit the patch) and we were uneasy about it19:14
Chipacajdstrand: the workaround we're using is grepping the output of unsquashfs for the error strings (fortunately they're consistent) (unfortunately, nobody can ever have a file named like one of their error messages)19:14
pedronisand "factor"19:14
* pedronis stops19:14
jdstrandChipaca: hehe, yes19:14
jdstrandpedronis: I don't know what we would do if 'factor' was removed from core! oh noes! :)19:15
pedronisI mostly wonder what depends on it to be there19:16
jdstrandit comes from coreutils19:16
pedronisI suspect so19:16
pedronisstill wonder why it's a "core"util :)19:16
jdstrandheh, well, the googles may have your answer ;)19:16
Chipacajdstrand: https://github.com/plougher/squashfs-tools/pull/46 fwiw19:22
mupPR plougher/squashfs-tools#46: unsquashfs: return exit 1 if writing fails for some reason <Created by mvo5> <https://github.com/plougher/squashfs-tools/pull/46>19:22
jdstrandroadmr: can you pull r1004 of the review tools? just some new/updated checks19:22
jdstrandChipaca: thanks. fyi, ^ that has the pkgversion update19:22
Chipacajdstrand: cheers19:22
Chipacajdstrand: next up, I'll be rejecting snap descriptions that aren't valid markdown19:23
* Chipaca runs19:23
jdstrandheh19:24
Chipaca(i don't think there's "invalid markdown")19:24
pedronis"doesn't look right" markdown19:25
pedronisso we can add ML to our stack :)19:26
Chipacasnap rejection reason: poor phrasing in snap description19:27
Chipacaof _course_ unsquashfs doesn't know about locales19:27
roadmrjdstrand: sure thing, I'll get an MP for that rolling19:33
jdstrandroadmr: thanks!19:39
tyhickshuh, I didn't realize that there was a squashfs-tools github project19:41
Chipacaso, what's a better label for 'refreshed' in 'snap info'?20:14
* Chipaca should probably ask in the forum20:15
pedronisit's reall "built" no?20:17
pedronisbut that will be confusing in context20:18
pedronisChipaca: or we could keep refreshed but give the  /var/lib/snapd/snaps/snap.snap time20:23
pedronisChipaca: notice that internally is called InstalledDate so that is worse20:24
Chipacapedronis: https://forum.snapcraft.io/t/better-field-name-for-refreshed-in-snap-info-output/415020:24
ChipacaI think at some point it started looking at the wrong thing, and the tests didn't catch it20:25
Chipaca(as i say in that post)20:25
Chipacabecause, ye, between it being InstallDate in the api, and refreshed in info, ye20:25
pedronisI think the api value is wrong20:25
Chipacaanyhow. i should stop, go grab me some curry, and then … dunno, more hacking probably20:26
pedronisgiven the api field name20:26
Chipacapedronis: exactly20:26
Chipacapedronis: but i also like that value20:26
pedroniswe can have a different field with the value you like :)20:26
Chipacaexactly!20:26
Chipacathat's what the forum post is about, i think20:26
Chipacatitle might be wrong tho20:26
* Chipaca might get used to calling it organolepcy20:28
* Chipaca -> really curry20:29
jdstrandtyhicks, mvo: can you update me on the status of the seccomp EPERM status?20:33
jdstrandtyhicks, mvo: still see new setpriority and chown questions in the forum20:34
tyhicksjdstrand: AFAIK, this cross-distro issue is still the blocker: https://github.com/snapcore/snapd/pull/3998/#issuecomment-35802857920:35
mupPR #3998: snap-confine, snap-seccomp: utilize new seccomp logging features <Decaying> <Created by tyhicks> <https://github.com/snapcore/snapd/pull/3998>20:35
tyhicksjdstrand, mvo: I think we could split that PR up and land the SECCOMP_RET_KILL -> SECCOMP_RET_ERRNO(EPERM) strict mode change separately from the SECCOMP_RET_LOG dev mode change if that helps20:38
mupPR snapcraft#1949 opened: repo: silence deb caching when fetching packages <bug> <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/1949>20:38
zyga_tyhicks I think this would be welcome by developers20:38
=== zyga_ is now known as zyga
jdstrandwell20:40
jdstrandnot if they have a denial, cause it would eperm with no logging20:40
zygaI think those that learned would like that denial to go away now :)20:41
jdstrandI mean, if its discussed and that is deemed less worse than the current situation, it is an option20:41
zygaerr, the kill to go away20:41
jdstrandI mean, it is a problem, that is why the PR is there20:42
tyhicksjdstrand: I think you're getting the two things slightly mixed up20:43
jdstrandby requiring to strace an unlogged eperm is pretty bad imho20:43
tyhicksSECCOMP_RET_LOG isn't needed for the SECCOMP_RET_KILL -> SECCOMP_RET_ERRNO(EPERM) strict mode change20:43
jdstrandtyhicks: I know it isn't required from a technical perspective20:43
jdstrandtyhicks: but if we only do eperm, we lose logging, no?20:44
jdstrandI mean, that is why the pr is the way it is :)20:44
tyhicksif we switch to EPERM, the kernel needs to support the SECCOMP_FILTER_FLAG_LOG filter attribute or EPERM will not be logged20:44
mupPR snapd#4725 opened: tests: avoid removing preinstalled snaps on core <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/4725>20:44
jdstrandI'm saying *if* we do that, it is a differently bad experience20:45
jdstrandtyhicks: right... and you need the golang changes for SECCOMP_FILTER_FLAG_LOG20:45
zygaand there is no upstream release still AFAIR20:45
jdstrandzyga: there isn't, I just checked. it hasn't moved since Jan 1620:46
tyhicksjdstrand: no, we don't need golang changes for SECCOMP_FILTER_FLAG_LOG because snap-confine sets that flag in the seccomp() syscall when it loads the filter20:46
jdstrandtyhicks: or am I not remembering right?20:46
zygatyhicks where is SECCOMP_FILTER_FLAG_LOAD passed to? prctl?20:47
tyhickszyga: seccomp(2), when that syscall is available20:47
tyhicksit falls back to prctl(), without SECCOMP_FILTER_FLAG_LOAD, when seccomp() isn't available20:47
zygaI see20:47
tyhicksprctl() doesn't let us specify filter flags20:47
jdstrandtyhicks: ok, so SECCOMP_FILTER_FLAG_LOG is only used by golang to query if it is available?20:47
jdstrandin the kernel?20:48
tyhicksjdstrand: right now, we're not querying the kernel to see if SECCOMP_FILTER_FLAG_LOG is supported by the kernel when snapd is constructing the filters20:48
tyhicksjdstrand: I thought we determined that wasn't needed20:49
jdstrandtyhicks: ok, I've lost too much context apparently. what is the golang change needed for?20:49
tyhicksjdstrand: snapd could call a small piece of C code that determines if SECCOMP_FILTER_FLAG_LOG is supported by the kernel and either use SECCOMP_RET_KILL or SECCOMP_RET_ERRNO(EPERM)20:49
mupPR snapcraft#1950 opened: elf: better debug messages <bug> <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/1950>20:50
tyhicksjdstrand: the golang change is needed for snapd to be able to construct a filter with SECCOMP_RET_LOG for dev mode snaps20:50
jdstrandright20:50
jdstrandso, today, we could drop that and devmode snaps operate the same20:51
tyhicksyes20:51
jdstrandI would be in favor of splitting it then20:51
jdstrandunless someone can do the runtime detection20:51
jdstrandtyhicks: can you suggest in the PR that it could be split?20:52
jdstrandtyhicks: thanks for bringing me up to speed (again) :)20:52
tyhicksjdstrand: yes20:52
tyhicksjdstrand: do you want to revisit our previous decision to not fall back to SECCOMP_RET_KILL even if SECCOMP_FILTER_FLAG_LOG is not supported?20:53
jdstrandit hard to keep all the context in your head when you visit something only monthly :p20:53
tyhicksjdstrand: it sounded like you weren't liking the idea of returning quietly returning ERRNO when the kernel doesn't support SECCOMP_FILTER_FLAG_LOG20:53
tyhickss/returning quietly returning/quietly returning/20:54
jdstrandtyhicks: no, we don't need to revisit imo. most distros that have strict mode should pick up the kernel change. we can even communicate that outward in the release notes of the snapd version that changes this that distros can pull the patches to get the logging back20:54
jdstrandtyhicks: I didn't for everyone20:55
jdstrandtyhicks: if we can get the top strict distros to patch, then I think its ok20:55
tyhicksok20:55
jdstrandtyhicks: you did say the Ubuntu kernels have this support, right?20:56
jdstrandor am I misremembering that too? :)20:56
tyhicksjdstrand: yes, for months and months now20:56
jdstrandright20:56
jdstrandok20:56
jdstrandyes, then I think not falling back to KILL is less of a big deal. we release note it. Ubuntu and (most of) its derivatives just work. solus would probably just snag the patch20:57
jdstrandif it proves to be an issue, we can patch snap-confine20:57
tyhicksI don't really understand why we define our own golang seccomp actions here: https://github.com/snapcore/snapd/pull/3998/files#diff-52db82d188e96fd9798675f0e17850faL38221:00
mupPR #3998: snap-confine, snap-seccomp: utilize new seccomp logging features <Decaying> <Created by tyhicks> <https://github.com/snapcore/snapd/pull/3998>21:00
tyhicksand then use libseccomp-golang's here: https://github.com/snapcore/snapd/pull/3998/files#diff-52db82d188e96fd9798675f0e17850faR63421:00
tyhicksI followed the lead of the existing code that I was changing in that regard but we could probably be smarter about that and not hit the cross-distro problem21:01
tyhicks(and not have to split up the PR)21:01
tyhicksI'll leave the requested comments and then think about that some more21:02
jdstrandtyhicks: interesting. it might be for the testsuite. mvo would have more context21:02
Aeliushello! I just found snap21:46
Aeliusif it requires sudo to install a package, then I assume the self updating feature won't work? (that is, unless I sign up for an ubuntu one account)21:46
Aeliusalso,is there a way to browse the online repository without searching?21:46
naccAelius: your first question doesn't make sense21:51
naccAelius: afaik, all snaps require sudo to install21:51
naccAelius: and all snaps autoupdate by default21:52
Aeliusnacc: the docs tell me that sudo is not required if I log in with an ubuntu one account. you log in with sudo, and I guess it caches your credentials21:52
naccAelius: which docs?21:53
Aeliushttps://docs.snapcraft.io/core/usage21:53
Aelius> When you are not logged in, most snap commands will require you to run them as root.21:54
diddledanAelius: snapd runs as root, so refreshing installed snaps is already privileged. snap login lets you assign your user account which allows you to snap install without sudo21:54
pedronisfor public snaps  there's no need for store credentials to update them, auto update works also for the one installed with sudo21:54
Aeliusok, good21:55
ChipacaAelius: also, you shouldn't need sudo anyway21:56
Chipacayou'll just get a polkit dialog21:56
diddledanthat too21:57
AeliusI am on archlinux- this dialog doesn't seem to be implemented here21:57
ChipacaAelius: it being arch, i guess it's up to you to have polkit installed and configured and everything?21:58
Aeliusprobably. I believe I installed it for the sole purpose of being able to use `reboot` without sudo21:58
Aeliusbut havent touchhed it otherwise21:59
ChipacaAelius: if so maybe you need to copy the policy files21:59
Chipacaanyway, i personally prefer sudo :-)21:59
Aeliusyeah sudo is fine21:59
ChipacaAelius: OTOH if you're creating snaps, you'll want to log in anyway22:00
Chipaca(as snapd can then let you get arbitrary revisions of your snaps, and/or private snaps)22:01
cachio_zyga, which driver is ok for the nvidia22:08
cachio_machine22:08
cachio_the nouveau is ok?22:08
zygano22:08
cachio_or has to be the once from nvidea22:08
zygacachio_ the test must use proprietary driver22:08
zygaideally the non-legacy22:08
zyga(depending on hardware version)22:08
cachio_zyga, ok, I'll try now with nvidia-39022:09
cachio_for xenial22:09
cachio_and see22:09
zygaperfect22:09
zygatry all of spread suite22:09
cachio_zyga, yes22:10
Saviqniemeyer: do you know if 17.10 images went away for good from linode ?? https://www.linode.com/distributions22:52
Saviqour CI is failing, missing ubuntu-17.10 images22:52

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!