[05:50] morning [06:38] PR snapd#4726 opened: [2.31] systemd, wrappers: start all snap services in one systemctl call [06:39] mvo: morning [06:39] hey mborzecki, good morning [06:39] mborzecki: thanks for opening this pr! [06:40] mvo: do we have any idication that we'll be doing another point release? [06:41] good morning [06:42] hey zyga, good morning [06:42] zyga:hey [06:42] hey guys [06:42] mvo did the release happen [06:42] there were some issues last night [06:43] zyga: yeah, it happened but according to bret they use phased updates to push it out [06:43] mvo +1 to merge 4724 [06:44] mvo ah, good, I stopped following at around midnight [06:46] btw. i was browsing archlinxu forum the other day, and noticed this: https://bbs.archlinux.org/viewtopic.php?id=234301 apparently thre's a problem installing snaps when behind a firewall [06:47] i think we could set HTTP_PROXY in /etc/environment (or an equivalent) but that would be inconvenient if you change networks, eg. there's a need for a proxy on one network but not on another [06:48] mborzecki: hm, yeah, so I think one fix would be that snap (the client) passes the clients proxy env to snapd and snapd uses that. should be simple [06:49] mvo I think the way this is handled in real networks is different [06:49] mborzecki: iirc I talked to gustavo about it but he did not like it, but I don't remember why [06:49] mvo there's a function to call for each URL that gives you proxy data [06:49] zyga: thats how libproxy will do it [06:49] (or information not to proxy) [06:49] exactly [06:49] so depending on how far we are willing to go with it [06:49] tricky for us to do because of the snapd daemon restriction [06:50] I think it's still a bit simplistic as in corporations the auth is integrated but at least it is better than all-or-nothing [06:50] looked through stdlib source code, and it seems that HTTP_PROXY is supported [06:51] mborzecki: yes, but snapd will only read it from /etc/environment [06:51] there is a forum discussion but unfortunately inconclusive [06:51] uhh right, i meant i used that as indication that net/http can do proxy [06:51] aha, yes :) [06:52] https://forum.snapcraft.io/t/improve-proxy-configuration-for-snapd/942 fwiw [06:54] heh, all this proxy stuff is actually a bit awkward to me, i'm used to this being handled transparently by whatever trickery cisco or netgear employed [07:09] can #4719 be merged? [07:09] PR #4719: timeutil: account for 24h wrap when flattening clock spans [07:12] mborzecki: how is the autostart going? anything interesting new here? [07:13] PR snapd#4719 closed: timeutil: account for 24h wrap when flattening clock spans [07:13] mvo: trying to finish with timer services first, maybe i'll look into autostart a bit later today [07:14] mborzecki: yeah, timers are more important. thank you [07:19] linode:ubuntu-14.04-64:tests/main/refresh-all-undo failed again https://paste.ubuntu.com/p/wGwqr8MDSp/ === Beret- is now known as Beret [07:59] heyas! [07:59] hey pstolowski ! good morning [07:59] hey :) [08:00] pstolowski: thanks for your review, I love the attrer stuff, much nicer than the naked map access [08:00] mvo, cool! [08:01] pstolowski: hey [08:05] #4716 anyone? it's trivial [08:05] PR #4716: tests: make sure snapd is running before attempting to remove leftover snaps [08:11] pstolowski: looking [08:12] mvo, ty! [08:12] PR snapd#4716 closed: tests: make sure snapd is running before attempting to remove leftover snaps [08:18] mvo can I land 4724 [08:18] it's just a trivial preparation for upcoming cleanup [08:19] good morning [08:19] hey kalikiana [08:21] PR core#81 closed: 14-set-motd.chroot: updated based on the suggestions from Mark [08:23] PR snapd#4726 closed: [2.31] systemd, wrappers: start all snap services in one systemctl call [08:24] thanks mvo! [08:24] PR snapd#4724 closed: osutil: aggregate mockable symbols [08:25] hmm I think chipaca already mentioned this before [08:25] but I'm getting this [08:25] advisor/backend.go:199: literal copies lock value from *db: github.com/snapcore/snapd/vendor/github.com/snapcore/bolt.DB contains sync.Pool contains sync.noCopy [08:30] pstolowski: do you think we can get the limited reader into 2.32? would be nice to have that fix [08:30] pstolowski: is the status that it just needs a re-review? [08:36] mvo, yes, it needs re-review from Gustavo, but I applied the snippet he suggested (with only minor change), so perhaps you can make a call [08:36] pstolowski: thanks, this now looks very nice, I think its uncontroversial [08:36] PR snapd#4584 closed: hooks/strutil: limit the number of data read from the hooks to avoid oom [08:37] \o/ [08:37] mvo, shall I cherry-pick it and prepare a PR? [08:37] PR snapd#4727 opened: many: simplify mocking of home-on-NFS [08:37] mvo this is a mostly red follow up I was talking about [08:38] this should also help with one of jdstrand's branches that adds overlayfs data to system key [08:38] zyga: my understanding is that 4140 just needs the rename and then things are ok? if so, sounds like something worth doing for 2.32 - wdyt? [08:39] zyga: it has +1 from jamie and you already and gustavo only objected the name afaict [08:39] yes, I agree [08:39] I can handle that if you want [08:44] ok, I'll carry on with mount business [08:45] zyga: either way is fine [08:54] mvo: hi, how are things? when will we cut 2.32 ? [08:56] pedronis: once tests are green for the default-provider PR, looks like the store is a bit unhappy currently, but maybe it fixed itself [08:56] pedronis: anything you want in there? [08:58] mvo: no, mostly wondering about my reorg/refactor PR that are green, whether I should hold them for post 2.32 [08:58] or not [08:58] mvo: you can look, #4715 #4722 [08:58] PR #4715: store: reorg auth refresh [08:58] PR #4722: store: cleanup test naming, dropping remoteRepo and UbuntuStore(Repository)? references [08:59] pedronis: holding it for a little bit would be great [09:05] PR snapd#4728 opened: store: move infoFromRemote into details.go close to snapDetails [09:08] mo'in peeps [09:09] hey Chipaca ! good morning [09:12] Chipaca: hi, if I understood the discussion yesterday, this would make refreshed/InstalledDate report a value closer to the intention: https://pastebin.ubuntu.com/p/4G8TDSQFsr/ [09:13] ? [09:13] as you said with that change no test fails, at least in daemon [09:17] :/ [09:19] jdstrand: I was renaming the gnome-online-accounts-service to accounts-services as requested by gustavo. it looks like the store (basedeclartion) and review tools need an update (store is rejecting my test snap right now) [09:19] zyga: do you know if it is safe to just override this via manual review -^ [09:21] mvo I don't know if it is safe but I suspect that's what manual review is for [09:24] pedronis: I've got a branch already on spread for this [09:24] pedronis: and, well, close [09:24] pedronis: that'd work for squashes [09:24] pedronis: for it to work for everything you'd want it to be Lstat [09:25] my branch does that, but … then it takes a stand :-) [09:25] any known issue with lxd today? got 2 failures https://api.travis-ci.org/v3/job/345155633/log.txt [09:25] Chipaca: anyway probably time to move this to methods on snap.Info I think [09:25] whatever the stand [09:26] Chipaca: I'm mostly interested in installedDate for snaps from the store [09:26] fwiw [09:27] pedronis: I think you'll like my PR [09:27] pstolowski look at this [09:27] E: Type 'curity' is not known on line 50 in source list /etc/apt/sources.list [09:27] mborzecki: why do you sometimes ask 'merge?' on PRs that are green and have two +1s? [09:27] "security" became "curity" [09:29] Chipaca: ahh, cause there's +1 with some comments, so just double checking that the changes i pushed are ok for those who reviewed [09:29] zyga, missed that, thanks. interesting [09:29] mborzecki: for myself, if I've +1'ed it with nits, it's because (a) i won't block the landing even if you don't fix them, and (b) i trust you to fix them; also (c) i'll shout if you mess it up and (d) git reset --hard @^^^^^ [09:29] hahah ok :) [09:31] zyga, that's inside the container, i don't think we generate sources.list do we? [09:31] I don't know [09:33] PR snapd#4103 closed: snapstate: auto install default-providers for content snaps [09:34] PR snapd#4677 closed: cmd/snap: introduce `snap run --timer` [09:35] PR snapd#4680 closed: snap: pass full timer spec in `snap run --timer` [09:39] PR snapd#4729 opened: many: drop snaps' InstallDate, introduce Updated [09:39] pedronis: ^_^ [09:40] zyga: pstolowski: can you take another look at #4695 ? [09:40] PR #4695: wrappers: generator for systemd OnCalendar schedules [09:40] Chipaca: I have bad news for you [09:41] pedronis: is it about potato fungus [09:43] Chipaca: you expect last updated to be the creation time of the revision? [09:43] on the store [09:44] pedronis: it … seemed to be; isn't it? [09:47] I don't know [09:47] pedronis: bah, I guess it might be the creation time of the last revision, which might not be the one being pointed at? [09:47] bu that's what the new api has [09:47] pedronis: that == creation time of the revision? [09:47] that's perfect :-) [09:47] yes, but for the new api [09:47] right [09:47] the old I don't know [09:48] I can check [09:48] mborzecki, sure [09:48] just that this value might be a bit confusing for remote for a bit [09:48] pedronis: please check (no rush); depending on what it is, the confusion might not be terrible [09:49] for example if it's the timestamp of the latest revision, i don't mind [09:49] if it's the timestamp of the last time you changed something via the web, i do mind :-) [09:51] Chipaca: no, it's the timestamp of the creation of the revision under consideration also for the old api [09:52] at least as server by modern infra [09:52] * Chipaca dances [09:52] (it might have been something else at some point in the past) [09:52] Chipaca: your PR and my last PR will conflict :/ [09:52] pedronis: I don't mind deconflicting [09:52] pedronis: hurry up and land it :-D [09:53] mine is small (if spread out) [09:53] mvo told me to wait [09:53] anyway I need reviews, but is trivial: #4728 [09:53] PR #4728: store: move infoFromRemote into details.go close to snapDetails [09:53] psh, who listens to mvo [09:53] pedronis: conflict! :-) [09:53] not on that PR [09:54] I suppose on the based one [09:54] or maybe yes [09:54] ah, conflict with mvo stuff [09:54] I'll have fun for a bit I fear [09:55] mmh, not, it's really only this one [09:55] I'll just wait at this point [09:56] I could stack mine on yours [09:56] that'd make it a fun review for people [09:56] I hear they really like wading through huge changes [09:57] Chipaca: my in progress new api stuff is +-3000 lines (I will split it, but a chunk will still be +1000 mostly tests) [09:58] I shall endeavour to nitpick it to death in detail [10:06] prereqSuite.TestDoPrereqRetryWhenBaseInFlight failed on master https://paste.ubuntu.com/p/qwbkSCGm3K/ [10:07] i've restarted the travis build, see if reproduces again [10:08] I saw a few failures related to store hicckups todaty [10:08] *today [10:08] but nothing major [10:08] (just annoying) [10:10] fatal: unable to access 'https://go.googlesource.com/crypto/': The requested URL returned error: 502 [10:10] if that's any consolation, I've got a failure related to google hiccup [10:12] Chipaca: couple of initial small comments [10:12] pedronis: I'm not sure my 'open question' is clear: I thought of having it show "updated" (or even "last-updated") for remotes, but that leaves locals with "refreshed" which IMHO isn't ideal either [10:12] update is strange for remotes [10:13] let me think [10:13] * Chipaca lets pedronis think, and goes off to physio [10:13] Chipaca: I don't think we want to print something for remotes [10:13] we would want dates in the channel [10:13] s [10:14] we don't print a top revision either [10:14] for remote infos [10:14] it's a bit strange to put a date there without the revision [10:16] Chipaca: are you seeing what I'm referring to? [10:17] I think we do want dates in the map, yes [10:17] I'm saying if you put a date at top-level [10:17] the confusing munge of revisioned and revisionless info in the store results is confusing, yes [10:17] is very unclear what it refers to [10:18] unless you mention the channel [10:18] Chipaca on your way, can you look at the idea behind https://github.com/snapcore/snapd/pull/4727 [10:18] PR #4727: many: simplify mocking of home-on-NFS [10:18] but I do think having it is valuable, as long as it refers to what the user gets when they just ask for the snap without qualifying it [10:18] (which is, i think, what it does) [10:18] just mocking the function instead of what the function depends on [10:18] Chipaca: last-stable-updated ? [10:19] I just fear whatever we do right now, we will regret/have to change it again [10:20] Chipaca: or you could think how you want dates in the channels, and start putting in only the one for stable? [10:21] that'd work rather well actually [10:21] bah [10:21] sorta-kinda [10:21] but also I don't know [10:21] how to add a date [10:21] there [10:21] without thinking as breaking format [10:21] pedronis: note I try to use the exact same layout for 'installed:' as I do for channels [10:21] but it'd be weird for that to change when you installed the snap [10:22] hmmmm [10:22] yes, it's a bit the problem I mentioned, it is strange to use one field for a value that is available remotely [10:22] but turns into a different value locally [10:23] pedronis: how about, for local snaps just leave it as 'refreshed', and for remotes just add the one for the latest stable as a comment to channels [10:23] might be ok [10:23] ie: channels: # latest stable from YYYY-mm-ddTHH:MM:SSZZZ [10:24] ah [10:24] like that [10:24] * pedronis was confusing notes and comments [10:24] pedronis: do you think 'updated' is ok in the api? [10:24] it's getting a baroque [10:24] * Chipaca prefers the term 'neo-rococo' [10:25] :) [10:26] Chipaca: my question is whether we want different fields for local vs remote [10:27] that's annoying in different ways though [10:28] I mean, if we're going for full clarity we'd go with "last-stable-revision-created-on" and "snap-downloaded-on" and "try-created-on" [10:28] ¯\_(ツ)_/¯ [10:31] 4th failure on trivial PR :/ [10:31] oh, this time racy unit tests [10:31] FAIL: handlers_prereq_test.go:155: prereqSuite.TestDoPrereqRetryWhenBaseInFlight [10:32] handlers_prereq_test.go:186: [10:32] // check that t is not done yet, it must wait for core [10:32] c.Check(t.Status(), Equals, state.DoingStatus) [10:32] ... obtained state.Status = 4 ("Done") [10:32] ... expected state.Status = 3 ("Doing") [10:32] ok, so it's only me seeing this [10:34] reproducible locally [10:43] mvo, pedronis https://forum.snapcraft.io/t/using-content-for-a-role-system-data-partition-makes-it-not-be-system-data-anymore [10:46] sounds a ubuntu-image issue [10:46] I don't think prepare-image deals at level [10:47] mborzecki: uh, that race looks like I caused it. sorry for this [10:47] *at that level [10:53] mvo: are you looking into it or should i? [10:53] mborzecki: I am not looking right now, need to prepare lunch in a wee bit :( [10:53] mvo: ok, i'll take a look then [10:54] mborzecki I'm not looking either, sorry [11:01] mborzecki: thank you! if you get stuck let me know [11:19] PR snapd#4730 opened: userd/tests: Test kdialog calls and mock kdialog too to make tests work in KDE [11:19] mvo, can you take a look at #4730 ^ ? [11:19] PR #4730: userd/tests: Test kdialog calls and mock kdialog too to make tests work in KDE [11:19] we fail on KDE currently :} [11:31] sigh [11:31] (not about kde) [11:38] gaaah [11:39] mvo, the prereq unit test seems to be flaky [11:39] mvo, https://pastebin.ubuntu.com/p/k5MpksjvrN/ [11:39] so [11:39] mvo, (this is from master) [11:39] I now feel I need to implement a little bit of path traversing, mount table traversing logic in userspace [11:40] mvo, also got this failure in travis a moment ago on my pr - https://api.travis-ci.org/v3/job/345185500/log.txt [11:40] the simple check grew a little bit that I started to write prose comment that barely fits on my 27" screen :/ [11:41] pstolowski mborzecki ran into it too [11:41] (and me too) [11:41] zyga, ah indeed, just looked at the backlog [11:41] pstolowski: i'm looking into it atm [11:41] mborzecki, great, thanks [11:42] jdstrand I'm a bit depressed again :) [11:42] about that mount verification [11:42] it's one notch harder than I thought yesterday [11:42] and that's with constraints I don't know if are reasonable (not a generic solution for sure) [11:43] this is all because there's no frelling MS_NOFOLLOW in mount [11:44] * cachio_ afk [11:56] ok, so here's a small problem with that test, it assumes that tasks are run in the runner in a specific order, however the runner takes the list of tasks to run by calling State.Tasks(), interlly State.tasks is a map, so when you range the order is not guaranteed, and so it happens that sometimes one task runs before the other [11:56] mborzecki, is there a reason we don't translate mon-fri to mon..fri, but expand all the days? not biggie at all, just curious; i guess it's just more straightforward to always expand? [11:57] pstolowski: yes, easier to expand [11:57] mborzecki, in certain cases we force the order by task.WaitFor(another task) [11:58] mborzecki, ack, that's fine, thanks [11:58] pstolowski: i think the idea in this case is not to use waitfor, but rather detect that a change we need is in flight and retry later [11:59] mborzecki, right, i see that now [12:01] mborzecki, perhaps we need a dummy task that holds link-snap task, then we mark it done in a controlled way, and that unblocks prereq task [12:01] mborzecki nice analysis [12:08] * pstolowski lunch [12:23] zyga, ondra: bug#1750059 might be of interest to you [12:23] for different reasons [12:25] you know that thing where you plan to replace a bit of hardware because it's getting old, and it immediately starts showing even more signs of old age, as if resenting its replacement? my notebook now chirps when i adjust the brightness [12:25] Chipaca :) [12:25] Chipaca thanKs for bug info! [12:26] ondra: integration-y thing with a workaround, thought you'd like to have it on the radar [12:29] mborzecki: pstolowski: I think s.snapmgr.AddAdhocTaskHandler can probably be abused to get a controllable link-snap [12:29] for that test [12:31] Chipaca ack, queued [12:31] pedronis: and return state.Retry{} in the handler? [12:31] mborzecki: or wait on a channel before returning [12:32] pedronis: right, i've started adding some mocks to taskrunner, but your suggestion may be better [12:32] Chipaca interesting [12:33] I wonder if there's a way to tell systemd "this service uses that path" [12:34] mborzecki: is just a way to get to call AddTaskHandler again, that is already there... the latter seems not to worry about overriding. is used in a very controlled way so seems fine as is [12:34] sorry AddHandler [12:35] Chipaca: one of the BindsTo or one of it's friends perhaps? [12:35] pedronis, so looking through the sources i'm not that sure it is an ubuntu-image issue ... prepare-image unpacks the gadget but does not move the content to the "image" dir ... https://paste.ubuntu.com/p/6MbNxJ6574/ [12:36] mborzecki: MagicallyFrobnicatesInto [12:37] mborzecki: somebody should write https://git-man-page-generator.lokaltog.net/ but for systemd directives [12:40] jdstrand around? [12:42] ogra_: afaik the only bit that prepare-image is the bootloader conf, and cloud bits [12:42] *prepare-image copies [12:42] pedronis, right thats the issue i guess [12:43] if i'm allowed to define "content:" in the yaml for the writable partition it should copy that too ... [12:43] it does even look at Volumes [12:43] ... and if i'm not allowed it should error out and not silently swallow the files [12:43] it's a ubuntu-image problem [12:43] as far as I understand [12:44] content: is definitely a problem of ubuntu-image [12:44] we don't even read the gadget.yaml afaict [12:44] anyway, mvo may be a better person to discuss this with [12:44] k [12:48] anyone interested in reading a bit of prose about an algorithm I'm writing [12:48] to spot any logic holes? [12:49] zyga: o/ [12:50] pstolowski: thanks, I will look at the prereq unit test, mborzecki did some analyisis as well [12:50] ogra_: I have a look at the forum post in a little bit [12:53] Chipaca https://pastebin.ubuntu.com/p/Jnw6KSHsrj/ [12:54] mvo, thx [12:54] Chipaca this will be in a PR sometime after standup, I'm still working on the logic below the comment [12:54] s/ant/and/ [12:54] (in the text) [12:54] btw .. for everyones friday entertainment ... https://github.com/npm/npm/issues/19883 [12:55] ogra_: sudo thing? [12:55] mborzecki, well, npm thing :) [12:56] (randomly changing permissions if it can ... if sudo is used it changes them to the uid of the calling user, not to root ... if you do it as root user everything becomes 777 root:root ) [12:58] wow [12:59] havoc [13:00] zyga: is the second column in mountinfo the minor? [13:00] no [13:00] parent mount id [13:00] zyga: ah, mount id, parent, major:minor? [13:00] correct [13:01] zyga: I followed that explanation [13:01] Chipaca standup :) [13:01] zyga: as an intro it's nice [13:01] zyga: missing chapter 2, the attack, and chapter 3, the narrow escape [13:02] Sorry, running late for the standup [13:02] Will be there in ~2min [13:02] Chipaca and I should name characters better [13:05] zyga, did you get a chance to fix the new error from gcc8? [13:09] Son_Goku no, sorry, I will task switch to that as soon as the standup is over [13:09] I'm sorry about that, I'll ensure it builds on f27 [13:19] mvo: yes, they would. let me look [13:19] jdstrand hey :) [13:19] jdstrand I will have some things to discuss with you today [13:19] one more important than other, let me know when it would be a good time for you [13:19] zyga_: hey, saw your pings [13:20] gimme a little bit (just came online) [13:20] sure, no rush :) [13:21] PR snapd#4729 closed: many: drop snaps' InstallDate, introduce Updated [13:24] mvo: can you request a manual review of the snap? [13:25] * kalikiana lunch time, omnomnom [13:27] PR snapcraft#1950 closed: elf: better debug messages [13:33] wow [13:34] so my hexchat just stopped working out of the blue ... [13:34] ... window greying out being completely unresponsive [13:34] (this is the snap ) [13:34] zyga_: MS_NOFOLLOW - tell me about it [13:34] checking syslog is see: [13:34] Feb 23 14:32:46 acheron kernel: [88729.701886] audit: type=1326 audit(1519392766.679:127): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=8453 comm="hexchat" exe="/snap/hexchat/17/bin/hexchat" sig=31 arch=c000003e syscall=93 compat=0 ip=0x7f11a51c0337 code=0x0 [13:35] zyga_: ok, I read backscroll and the paste [13:35] jdstrand haha, it's just my wish for a simpler life [13:35] jdstrand, how can that happen ^^^... i'm using that snap since over a month without probs [13:35] jdstrand so, my main request to you is to look at the pastebin you have to see if the text makes sense [13:35] jdstrand my 2nd request is to look at this denial [13:35] [13:08:31] [341123.064261] audit: type=1400 audit(1519387698.054:1895): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-snapstore-clean-test_" name="/tmp/snap.rootfs_XZQtTO/var/lib/snapd/lib/vulkan/" pid=11221 comm="snap-confine" flags="ro, remount" [13:35] ogra_: it took a code path that you never hit before. maybe it rotated a log or something? [13:35] this is inside a container on 17.10 (the container is 16.04) [13:36] ogra_: chown strikes again [13:36] we can discuss that separately [13:36] ogra_: snapcraft-preload may help. but tyhicks and mvo are discussing the eperm PR trying to come up with how to land it [13:36] jdstrand or and just 3rd thing that came up a second ago: https://forum.snapcraft.io/t/screen-inhibit-control-denial-interface-broken/4173/5?u=zyga [13:37] * zyga_ gets back to the standup [13:37] zyga_: I read the pastebin. I think it is pretty ingenious tbh. I want to think about it a little [13:37] that last thing is a one character patch for the interface rules [13:37] * zyga_ blushes [13:37] I thought I fixed that interface with a one char patch! dang it [13:37] jdstrand not in master :) [13:38] zyga_: I didn't fix that one. I'm happy to send that up as penance if you haven't already [13:38] no, I haven't yet :) [13:39] I'm bad at keeping multiple git trees and I don't like to stash mid-patch like that [13:39] (i actually had to install the deb to chat here now ... the snap worked fine for the time i use it and there are no other denials like this before it started to hang hard) [13:39] (syscall 93 is fchown ... it doesnt call that usually) [13:39] (neither core nor the snap were updated either) [13:40] jdstrand, well, i'm only a user of that snap ... but it is a really bad experience if your app all of a sudden turns unresponsive (in the middle of typing) without and error or anything ... and also doesnt start anymore [13:41] (i know that snapcraft-preload helps .. but how would my mom know that if her app suddenly stops working ) [13:41] we might need to make snapcraft-preload mandatory .. [13:41] (i.e. a builtin thing that everyone uses) [13:43] zyga_: sparkiegeek should file a snap bug, with exact steps to reproduce, including kernel version, lxd version, distro, core snap version, command, etc [13:45] jdstrand ack, I will reproduce this and explore [13:45] jdstrand I don't understand why that profile name shows up running snap-confine there [13:45] I was expecting snap-confine's profile [13:45] ogra_: your mom isn't expected to fix that. the developer of the snap is expected to make sure the snap is usable. forcing existing applications that weren't designed to run in a sandbox is always going to be tricky, and applications are complex [13:46] i totally understand that ... but even a developer wouldnt know ... [13:46] ogra_: so your snap unfortunately hit a code path it never did before. you could grep the source looking for chown, but it might be in a lib [13:46] and an enduser would probably not even report it to upstream or the dev [13:46] I would report it. "my snap all of a sudden stopped working". just like you did :) [13:47] I mentioned the PR for a reason though [13:47] the snap, today, isn't in a position to handle the kill signal [13:47] right ... if i run it from a terminal i cant even ctrl-c it [13:48] (killing the pid from another terminal works) [13:48] but the pr I mentioned turns the kill into an eperm which means that if the snap didn't check the error code (many don't with chown(myuid, mygroup)) then it continues to work [13:48] if it does check the error code, it can bubble that up to the user [13:48] thats good [13:49] that pr got hung up, but I started poking people about it and they're thinking about ways to unwedge it [13:49] the real fix will be the user/group stuff [13:50] because part of that work will be allowing the use of chowning to yourself unconditionally [13:50] right ... [13:50] (since, why not?) [13:50] i just wouldnt want to see random desktop snaps to just stop working like that [13:50] but that is dependent on a tricky issue that is fixable in libseccomp [13:50] of course [13:50] if there is a fix in the works that is acting globally thats fine i guess [13:52] chown aside, unless you have full coverage in your blackbox testing, you'll never *really* know if the application-not-designed-for-confinement doesn't have a lurking bug in a rarely used code path [13:52] indeed [13:53] niemeyer: mborzecki 1.9 added monotonic clocks [13:53] fwiw [13:54] PR snapd#4731 opened: overlord/snapstate: fix task iteration order in TestDoPrereqRetryWhenBaseInFlight [13:54] mvo: ^^ [13:55] PR snapd#4140 closed: interfaces: add an interface for gnome-online-accounts D-Bus service [13:55] ogra@acheron:~/Devel/branches/hexchat$ grep -r chown * [13:55] ogra@acheron:~/Devel/branches/hexchat$ [13:55] *sniff* ... [13:56] no obvious chown call in the source [13:57] probably in an underlying lib [13:57] does it use sqlite? [13:58] not by what i can see from the deb dependencies [13:58] Depends: hexchat-common (= 2.10.2-1ubuntu3), libc6 (>= 2.14), libcanberra0 (>= 0.2), libdbus-glib-1-2 (>= 0.88), libgdk-pixbuf2.0-0 (>= 2.25.2), libglib2.0-0 (>= 2.41.1), libgtk2.0-0 (>= 2.24.0), libnotify4 (>= 0.7.0), libpango-1.0-0 (>= 1.29.4), libproxy1v5 (>= 0.4.11), libssl1.0.0 (>= 1.0.0) [13:58] of those, i'd start looking at libproxy [13:59] funnily if i wipe all user data it works [13:59] so it must try to move something around in the cache, logs or whatnot i guess [14:00] Chipaca: But was the bug really only fixed in 1.9? [14:00] niemeyer: it's not a bug [14:00] I had secret hopes that the bug would have been fixed earlier [14:00] :-) [14:01] the kernel has two clocks, before 1.9 go only used the one that goes to sleep with the machine [14:01] after it, every time.Time is _two_ times [14:01] Chipaca: It is a bug from the perspective of the Go API specifically, in the sense of breaking the most obvious expectation [14:01] niemeyer, pedronis desktop team meeting? [14:01] niemeyer: yes, obviously [14:02] niemeyer: I was more making fun at googlers never putting their servers to sleep [14:02] mvo: there's no HO specified afaict [14:02] mvo: Where is it? [14:03] pedronis: I /msged it [14:12] PR snapd#4732 opened: [2.31] timeutil: account for 24h wrap when flattening clock spans [14:20] mvo: fyi, I updted the review-tools for accounts-service. please request a manual review for the snap (I still don't see it). it won't be in prod til next week [14:20] Chipaca: is the snapd.refrehs.timer enabled by default on ubuntu? [14:20] ah, roadmr must've sensed I was looking for him [14:20] roadmr: good morning! :) [14:21] hi jdstrand :) [14:21] jdstrand I'm going ahead with implementation and tests, if you find a loophole in the idea please let me know [14:21] how can I help? [14:21] roadmr: can you make that r1005 instead? [14:21] jdstrand: totally! [14:21] roadmr: just a small rename of an interface [14:21] mborzecki: it is, or it has been at some point [14:21] zyga_: getting back to it now [14:21] jdstrand: sure thing! [14:22] ~/wg 40 [14:22] gah, sorry [14:22] * jdstrand wonders why *every* morning has a gagillion little things [14:22] not every morning, just weekdays :-) === zyga_ is now known as zyga [14:23] zyga: well, they are there on the weekends too. monday is a 1/2 to 3/4 of a day of little things. some not so little ;) [14:23] jdstrand: I bet because people in Europe spend *their* morning devising ways to make yours more interesting ;) [14:23] haha [14:23] roadmr: sometimes I really do wonder about that :) [14:23] haha, that's actually regularly true :) [14:23] * zyga loves the moment when jdstrand joins [14:24] zyga: let me summarize the paste so I have it all straight [14:27] zyga: before doing anything, you snag mountinfo. you reconstruct it in the way described. we know that we can depend on st_dev because the kernel keeps track of that sensibly [14:28] zyga: so we can map the st_dev to the mount from before. we do the operation, and check that we have a (st_dev)/thing [14:28] if we do, then we're good, if we don't, it 'mismounted' [14:29] (or failed, but we would've already died if we failed) [14:29] more or less yes [14:29] yes, I was summarizing [14:29] the reconstruction happens on the "after" []mountinfo [14:29] so, all of this is happening on tmpfs, which is the problem [14:29] we use before and after together to see what is new [14:29] and only consider those entries as possible solutions [14:30] and XDG_RUNTIME_DIR is tmpfs [14:30] so /run/user/uid needs to be mapped to the st_dev [14:30] yeah, that's fine [14:30] zyga: doesn't this lift the requirement that it must not be a mount point? [14:31] yes, it does [14:31] I dropped that [14:31] right [14:31] oh [14:31] it's not in the paste :D [14:31] https://pastebin.ubuntu.com/p/bPZv9mPnxk/ [14:31] those are the new rules [14:31] 3 is the "no race" thing [14:31] and that's all [14:32] zyga: ok [14:32] I dropped the writability and mount entry constraints [14:32] as the race detector should be a superset of that anyway (for malicious intents) [14:33] jdstrand I'll break for lunch now but if you think about anything that I missed just drop me a note please [14:33] pedronis: have you an opinion on where 'InstallDate' should live, if I were to add it to something info-ish? [14:34] otherwise I'll keep this PR super-minimal [14:34] zyga: so, you are using the diff between before and after to narrow down what you need to look at, correct? [14:35] zyga: so for something like /some/arbitrary/mount/point, you'll see /some/arbitrary/mount/point show up, so then you look for /some/arbitrary/mount, /some/arbitrary, /some and / to calculate the st_dev to look for? (in that order) [14:37] * Chipaca goes with minimal [14:40] Chipaca: I'm in a meeting [14:40] pedronis: no worries [14:40] i can do followups [14:43] re [14:51] jdstrand: ta, I can accept those too [14:51] jdstrand: thanks for adding it [14:51] jdstrand: I will later push s390x, armhf etc binaries for testing [14:51] mvo: if you request the manual review, you can't accept it yourself [14:51] mvo: or if you do the upload [14:52] so, if you need me, ping me [14:52] ta [14:53] jdstrand the before after view is indeed to look at the diff and constraint the set of allowed solutions to the diff [14:53] Does anyone knows where to find good documentation regarding the upload of snaps to the store? [14:54] zyga: and you go bottom up looking for the parent st_dev? [14:54] jdstrand as for the second question, if I understand you correctly that is indeed how we find what is /some/arbitrary/mount/point [14:54] yes [14:54] right [14:54] when thinking about this I also considered something else: [14:54] using mount id, parent id to construct a tree of mounts [14:55] but I don't know if that is needed for any of the results yet (maybe it is but we haven't seen a case that shows this) [14:56] Chipaca: I think it should go at the level of Broken [14:56] ok. please proceed. this is a nice idea considering the limitation of the mount api [14:57] zyga: I don't think that is necessary otoh [14:57] thanks! :-) [14:57] zyga: I'm probably going to ask Tyler to do a final review after you and I are happy [14:57] thanks [14:57] I also wondered if anyone else solved this [14:58] it seems like a common problem for software [14:58] software sucks? [14:58] roadmr without doubt :) [14:59] if it was a hardware problem we could recycle it [14:59] in software we have to support it :) [15:01] hah well my mom has this ancient PC from the 1990s and I have to support it :( [15:01] probably the last PC on the planet with a 5.25" floppy drive [15:04] s/5.25"// [15:05] I have a USB floppy drive [15:05] that seems wrong [15:05] lol [15:05] I could plug it to my thunderbolt port via an adapter [15:05] :D [15:05] thunderfloppy [15:05] hispeed ™ [15:05] feeling the 40GB/s bandwidth right [15:05] of that *high-density* floppy [15:05] you typoed a G there .. [15:06] xD [15:06] I think that's hippiespeed :) [15:06] ah they were simpler times [15:06] when tapes and floppies challenged us with write protect tabs and we lol'd [15:06] and we had non-rootkit copy protection :) [15:06] ah see we approached that idea differently there :P [15:06] and computer magazines (and no interneet) [15:07] i thought i was a yuppie the first time i ever burnt a CD [15:07] tbf i had to "save up" all the things i wanted downloaded before i used the CD to transfer them [15:07] cuz CD-Rs were expensive >_> [15:07] im not proud to admit the JDK was on that. [15:07] I paid a colleague who carried the money to a guy across town, who had a recorder [15:08] like the instrument or an actual recorder? [15:08] cuz one makes more sense [15:08] I mean a CD recorder :) [15:08] xD [15:08] sorry having a friday yolo mood here. :p [15:08] that's all right [15:08] I deal with mount tables [15:08] I have that mood all the time [15:08] yeah saw the tweet [15:08] :D [15:08] my heart goes out to you [15:08] but hey [15:09] I'm proud I wrote something nice for a change [15:09] https://pastebin.ubuntu.com/p/Jnw6KSHsrj/ [15:09] "pls mount read-only" "yes i will" "why is it writable" "remount as RO pls" [15:09] or why kernel should have gotten that flags argument on mount to support MS_NOFOLLOW but.. yeah [15:09] mm [15:09] broken heap of ouch [15:09] that.. is quite the doc [15:10] yeah, would be easier to add MS_NOFOLLOW [15:11] anyone else ever read that MS as.. yknow.. that MS? [15:12] multiple sclerosis? :( [15:13] I know it as Mississippi mostly :P [15:13] nah [15:13] (my cousin has that so i wouldnt personally make that connection in that sense) [15:13] nah i meant Microsoft [15:14] I see :) yes, sometimes === ikey is now known as ikey|afk [15:35] jdstrand drat [15:35] jdstrand we need the parent-child association [15:36] man, I will write a paper about this [15:36] zyga: what is the test case that blew up? [15:36] (irc doesn't like leading slashes) [15:36] /foo/bar [15:37] PR snapcraft#1951 opened: repo: do not pull in libc6-dev by default for stage-packages [15:37] /foo [15:37] (those are mountinfo entries) [15:37] now we look for /foo/bar/froz [15:37] we need to model /foo/bar being shadowed by /foo [15:37] pedronis: do you think you could have a look at 4731? the last piece for 2.32 afaict [15:37] and I think we need to model child-parent to understand what path traversal means [15:38] isn't it sufficient to know that /foo/bar and /foo/bar/baz are the same st_dev? /foo will have a different st_dev, no? [15:38] unless I can do some simpler check that /foo is shorter than /foo/bar and it is later in the table so it hides /foo/bar (which can be ignored now) [15:38] they could all have same st_dev sadly [15:39] /foo/bar can be a mount entry for /foo/unrelated [15:39] pedronis: hmm. Right now what I've done is given Info a CurrentTimestamp(), which seems to avoid the issue of having it in info when it's only there for local [15:39] and /foo can be a bind mount of the original device [15:39] so you effectively unmount /foo/bar [15:39] oh, cause /foo might be tmpfs (new st_dev), but /foo/bar might be a bind mount (same st_dev)? [15:39] this is a contrived example that preserves same st_dev [15:39] yes [15:39] right [15:39] isn't this stuff fun :) [15:39] :-) [15:39] I was just thinking [15:40] "fun!" [15:40] Chipaca: that works too [15:42] zyga: I think that the before/after diff is really key here since this is happening within the ns and an unpriv user isn't going to be able to fiddle with the mount table for this (non-user mount) namespace [15:43] zyga: so you're able to trust that before and after are ok [15:46] we may want to consider fusermount (eg, user races with fusermount instead of just a symlink), but that might just be verifying that after doesn't have any fuse* mounts [15:46] that said... [15:47] zyga: before and after should only have a diff of '1' if you call before just before the mount, right? (ie, we're in the ns) [15:47] yes, that's correct [15:47] well [15:47] hmmm [15:47] no? [15:48] there are two cases that would change that: [15:48] 1) /media mounts can happen asynchronously [15:48] 2) interface connections can be inherited from the parent ns [15:48] and by 2) I mean we are in a MS_SLAVE ns but we will see mount events propagating into us [15:48] so an interface connection happens at the time of the mount? [15:49] yes [15:49] right [15:49] realistically I think the /media case is more likely to happen [15:49] Chipaca: we don't seem to use Timestamp much outside of assertions, typically we have Time ort nothing [15:49] sure [15:49] but either are possible [15:49] diff will *usually* be 1 but it may be legitimately longer [15:49] Chipaca: I mean in method/field names [15:50] * Chipaca nods [15:50] jdstrand I'll think about how to model shadowing best [15:50] shadowing beast :) [15:50] zyga: with the parent child tree, then that should detect any weird fusermount stuff too [15:51] Chipaca: LinkTime ? too obscure [15:51] zyga: cause we are looking for a specific child with a specific parent, so if it isn't found, die [15:51] Chipaca: sadly Current and CurrentTime have both the wrong connotation [15:52] * jdstrand notes this underscores the complexities of root messing around in user owned dirs [15:52] yeah [15:52] it's just like a thousand times more difficult with the crappy mount api [15:53] I don't understand how the mount maintainer cannot see that perfect is the enemy of good here, waiting for some mythical mount design we have to pay the price of MS_NOFOLLOW not being a thing [15:54] Pharaoh_Atem fedora 27 looks good in 5K :) [15:56] 5k ? is that dual monitor ? 4K + VGA ? [15:57] 5K screen [15:57] i didnt know thats a thing [15:57] yeah :) [15:57] (only know 4K) [15:59] oops [15:59] imgur crashes on 5K images ?:D [16:00] https://twitter.com/zygoon/status/967066654785056774 [16:01] not sure if there's a "get original" thing in twitter [16:06] when a part has a relatively unstable (it seems in practice) http server/git server, does it make sense to ship the tarball in the snap directory directly? [16:06] and is there a 'best practice' doc for doing so (cough anonscm cough) [16:16] anyone up for review for 4731? [16:18] PR snapd#4733 opened: interfaces/screen-inhibit-control,network-status: fix dbus path and interface typos [16:19] yep [16:19] mvo: is there going to be another 2.31? (thinking of ^) [16:20] jdstrand: maybe, there are some indication for it [16:20] jdstrand: but not urgent [16:20] mvo: what we have in 2.31 isn't a regression, just an incomplete fix (therefore also not urgent imo) [16:21] mvo: ok, I'll create a branch and milestone it, then you can do with it what you will [16:21] mvo: incidentally, does this ring any bells: [16:21] jdstrand: ta [16:21] $ ./run-checks [16:21] ... [16:21] Running vet [16:21] overlord/ifacestate/handlers.go:580: github.com/snapcore/snapd/overlord/state.Retry composite literal uses unkeyed fields [16:21] exit status 1 [16:21] (in a meeting right now so might be slow) [16:22] mvo: no worries. this is my 16.04 dev environment in lxd if you recall [16:22] jdstrand: does not ring a bell right now [16:25] Issue snapcraft#1952 opened: add support for in test release information [16:25] Issue snapcraft#1953 opened: Add in test architecture [16:25] PR snapd#4734 opened: interfaces/screen-inhibit-control,network-status: fix dbus path and interface typos - 2.31 [16:26] hmm hmm hmm [16:26] https://pastebin.ubuntu.com/p/VwtktKq7cc/ [16:26] mvo: fyi, 4734 for 2.31 [16:26] jdstrand both +1'd [16:26] yep, thanks! [16:27] I pasted something that shows the problem we talked about earlier [16:27] and found something unexpected [16:28] Issue snapcraft#1704 closed: Add unit tests for error classes [16:28] Issue snapcraft#1954 opened: Implement support for `common-id` [16:28] jdstrand: \o/ [16:28] PR snapd#4731 closed: overlord/snapstate: fix task iteration order in TestDoPrereqRetryWhenBaseInFlight [16:31] heh [16:32] so the kernel does allow a mount event to propagate back to ... itself [16:32] kind of [16:32] I just realized this by reading parent ids [16:34] jdstrand in the paste above mount 405 (/tmp2) is mounted on top of 390 which is /tmp2 [16:34] pedronis: vvv [16:34] PR snapd#4735 opened: daemon, snap: fix InstallDate, make a method of *snap.Info [16:35] in another meeting [16:36] * Chipaca hugs pedronis [16:45] zyga: yeah [16:46] zyga: so, an unpriv user isn't going to sneak a bind mount in there. what does a fuse mount look like in that situation? [16:47] hmm, what can I mount [16:47] any fuse mount? [16:47] sure [16:48] holly crap [16:48] there's bindfs [16:48] which is like mount --bind [16:48] they look like this: [16:48] and it's FUSE [16:48] $ grep fuse /proc/self/mountinfo [16:48] 53 22 0:45 / /sys/fs/fuse/connections rw,relatime shared:31 - fusectl fusectl rw [16:48] 3500 1411 0:97 / /run/user/1000/gvfs rw,nosuid,nodev,relatime shared:428 - fuse.gvfsd-fuse gvfsd-fuse rw,user_id=1000,group_id=1000 [16:48] zyga: yeah, we talked about that once before [16:48] for remapping uids [16:49] (but discarded it) [16:50] jdstrand fuse looks mostly like a normal filesystem [16:50] zyga: my line of thinking was that *perhaps* we don't have to worry about a bind mount getting snuck in, but if a fuse one did, die [16:51] zyga: fstype is going to have 'fuse' in the name though [16:54] well, it doesn't have to, does it? [16:55] zyga: yes, it does [16:55] zyga: fuse.sshfs, fuse.gfvsd-fuse, etc [16:56] is that done by the kernel or just a convention by each fuse process? [16:56] zyga: this is why in the fuse-support interface we use: mount fstype=fuse.* ... [16:56] I see [16:56] cool, I didn't know that [16:56] so, back to your idea [16:57] why are fuse mounts more dangerous than bind moutns? [16:57] because we don't know what they can bring? [16:57] zyga: in and of themselves, they aren't [16:57] zyga: what is different is that a normal user needs privs to do a bind mount. fusermount is setuid, so a normal user can use it [16:58] ah, I see [16:58] another snap-confine situation [16:58] ok, I'll look at the algorithm for what we talked about so far [16:59] zyga: all this is about is a non-root unconfined user playing tricks to escalate [16:59] zyga: we aren't worried about unconfined root [16:59] just bundle fuse with npm (that apparently just does a chmod -R 777 /* ... all security issues fixed) [17:00] I'd patch npm to use 2777, the colors in ls are nicer, presentation matters! [17:00] ogra_: there's a lesson in there about running npm as root, but it's not a new lesson and I doubt many people care [17:00] yeah, just send a patch for https://github.com/npm/npm/issues/19883 [17:01] Chwell, there might be a lesson for people reading the bug ... people reading that howto they found on this internet thing will just follow it and use sudo npm [17:01] zyga: for completeness, there are also user mount namespaces, but they shouldn't be in play because snap-update-ns is already in a system mount namespace, and the user won't be able to affect it [17:01] bah [17:01] Chipaca, ^^^ === Chipaca is now known as Chwell [17:02] there, fixed it [17:02] lol [17:02] user mount namespaces [17:02] or user namespaces [17:03] oh that is an awesome bug [17:03] :D [17:03] * kalikiana wrapping up for the week [17:03] too bad npm as a snap is classic [17:03] jdstrand, i knew you would love it [17:03] and here I was thinking the kernel was coming to address our issues :) [17:03] s/npm/node/ === Chwell is now known as Chipaca [17:05] zyga: cp `which false` `which npm` [17:06] zyga: the mount user namespace? :) [17:07] jdstrand the cake namespace [17:07] per-user mounts in the snaps system mount namespace aren't affected by mount user namespaces [17:07] jdstrand so the thing you stated for completeness, what did you mean there [17:07] how is that for a parseable sentence? [17:07] that user namespaces are not a risk? [17:07] it's okay but I have a question [17:07] what are mount user namespaces? [17:08] zyga: I'm saying that user namespaces shouldn't be in play, because be the time we do before, mount, after, s-u-n is in the system mount namespace of the snap, so the user shouldn't be able to fiddle with it [17:08] and we already unshared [17:08] ahh, ok [17:08] :) [17:09] man, the adjective order in english [17:09] right [17:09] with a few cases like in polish it would be easier to parse :) [17:09] it is all messy [17:10] mount namespace (system, need privs), mount user namespace (don't need privs), and snap namespace (system) [17:10] user namespaces are what lxd uses these days by default [17:12] we should call those rooms, not namespaces [17:12] it's such a geeky thing [17:12] my root user in this room is not the same as the root user in that room [17:12] and there's a root user in the room that contains the other two rooms [17:12] it almost sounds sensible! [17:13] zyga: I think somebody took “Namespaces are one honking great idea -- let's do more of those!” a bit too much to heart [17:14] and you can say "go to your room" if your kids are naughty and don't want to do homework [17:18] zyga: and you can shuffle the whole bunch of groups around every time somebody tries to change rooms [17:19] * Chipaca wonders if 'the cube' is too old [17:20] Chipaca ooh [17:20] yes [17:20] the cube is the perfect analogy [17:25] Saviq: ping [17:37] niemeyer: as you were, looks like they had some kind of hiccup [17:47] just fyi - I branched 2.32 and will hopefully do a beta later tonight [18:00] Saviq: Hm? [18:00] Saviq: Not sure if my IRC client is buggy.. but it looks like I'm missing part of the sentence [18:01] Saviq: I was going to talk about the image.. did you sort it out? [18:01] niemeyer: thought you were pinging about my issue yesterday (missing 17.10 images) [18:01] Saviq: Yeah, it was about it indeed [18:01] Right, yes, that - it was a hiccup on their side [18:02] So we're back in business, thanks [18:02] Saviq: I wouldnt' be surprised if they just removed the image [18:02] Saviq: and then people complained [18:02] Possible, yeah [18:03] Saviq: Our experiences with dynamic usage in Linode show they're not quite there yet [18:03] Saviq: They still hold a lot of the old school way of thinking, where you create a machine and hold it [18:03] I went to their IRC channel, someone said the image was still there in new API, but missing in old or something of the sort [18:04] Saviq: The other day I got a Terms Violation notice, for example, for a machine that we used for 23 minutes.. the timing of abuse report was off for several hours from our use [18:04] Saviq: We're also observing corruption of machine state when we do a lot of API calls next to each other [18:04] Aha... We've had some intermittent issues, but it's been fine overall [18:05] Saviq: For that sort of reason, I have a Google Compute Engine backend pretty much good to go [18:05] Saviq: Preliminar tests look very promising [18:05] Nice! [18:05] Saviq: Other than the image itself being perhaps slightly different, you shouldn't have to change anything on your end [18:07] Let me know if you want us to test anything [18:07] Thanks, will do [18:15] niemeyer: the forum is saying it's offline [18:15] WAT? I'm typing on it! [18:16] * niemeyer looks [18:16] Chipaca: hm, same here, it does not respond [18:17] The machine looks completely down.. [18:17] (speaking of Linode...) [18:18] https://usercontent.irccloud-cdn.com/file/44QXUsr8/image.png [18:21] cachio_: hey, I was just looking at the SRU of snapd, lets plan to do the sru verification early next week [18:21] mvo, hey, sure [18:22] which version 2.31.1? [18:22] cachio_: yes [18:25] cachio_: I push 2.32~pre1 to beta hopefully tonight but no need to validate that before monday, its just there for people to play with [18:26] mvo, sure [18:26] mvo, let's validate it on monday in that case [18:26] cachio_: yes [18:26] cachio_: that is what I was trying to say :) [18:27] :) [18:30] mvo, 2.32 contains layouts, right? [18:31] cachio_: yes and autoconnect tasks and auto install of default providers [18:31] cachio_: some dangerous stuff :) [18:33] rotundo82 [18:35] mvo, yes [18:35] What.. [18:35] error: cannot read snap file: app description field 'command' contains illegal "bin/gopkg [18:35] -acme=$SNAP_DATA/certs -http=:80 -https=:443" (legal: '^[A-Za-z0-9/. _#:$-]*$') [18:35] What happened there!? [18:36] Chipaca: Do you know anything about this? [18:37] Ah, I disabled the adapters.. [18:37] Looks like we need to make this logic a bit more flexible [18:38] niemeyer: I don't know what happened there, that doesn't contain anything that doesn't match [18:38] Chipaca: Yeah, we probably have something to fix.. === ubott2 is now known as ubottu [18:40] hey the forum seems to be down... [18:40] niemeyer: do you have the snap handy? [18:40] and my edit get lost... === JamieBennett_ is now known as JamieBennett === Dmitrii-Sh_ is now known as Dmitrii-Sh === luk3yx- is now known as luk3yx === Abhishek__ is now known as Abhishek_ === andyrock_ is now known as andyrock === coreycb_ is now known as coreycb [18:49] happyaron: I think that's what niemeyer is on [18:49] Phew.. ok.. gopkg.in is up on the secondary [18:50] Issue snapcraft#1819 closed: Detect and clear executable stack binaries [18:50] PR snapcraft#1945 closed: elf: clear execstack by default [18:51] long fight, :( [18:53] mvo: will you branch 2.32 tonight ? [18:54] niemeyer: I thought `S` was now allowed, we discussed it with jdstrand and mvo and agreed it was good [18:54] there must be a forum post somewhere but I cannot search it now [18:55] pedronis`: just fyi - I branched 2.32 and will hopefully do a beta later tonight [18:55] zyga: \o/ [18:55] Chipaca: ah, cool [18:55] can land some of my stuff [18:55] pedronis`: :-) === pedronis` is now known as pedronis [18:59] niemeyer: when you have a moment, the snap.yaml that threw that error would help [18:59] pedronis: yes, I branched it now [19:00] s/now/some minutes ago/ [19:01] PR snapd#4715 closed: store: reorg auth refresh [19:01] mvo: thank you [19:02] yay, thank you for all the nice PRs that can land now [19:08] PR snapd#4722 closed: store: cleanup test naming, dropping remoteRepo and UbuntuStore(Repository)? references [19:09] Chipaca: Thanks, will reproduce once I take my head above the water [19:10] niemeyer: no probs [19:32] Chipaca: https://gist.github.com/niemeyer/8270aeb96b6facd8ee1bc2129086e4b3 [19:37] Forum is back up [19:37] Or, stating more correctly, the entire data center has connectivity again [19:42] Chipaca: Also: https://forum.snapcraft.io/t/better-field-name-for-refreshed-in-snap-info-output/4150/6 [19:45] niemeyer: hah [19:45] niemeyer: I had that change in the PR that I closed during the standup :-) [19:45] glad we're aligned [19:48] Chipaca: Which of the three? :P [19:48] niemeyer: https://github.com/snapcore/snapd/pull/4729/files#diff-6ac026a08342873c6b9ada7333f66224R378 [19:48] PR #4729: many: drop snaps' InstallDate, introduce Updated [19:48] niemeyer: moving installed to the bottom [19:48] \o/ [19:48] Chipaca: so refreshed is not defined if the snap is inactive? [19:49] pedronis: correct [19:49] it's ok in info, it's a bit strange in the snap api [19:49] heh [19:49] I mean daemon api [19:50] pedronis: if you have a good definition of this for when the snap is inactive, I can implement it, no problem :-) [19:50] Chipaca: mtime of the revision snap blob? [19:51] we have a Current even if we are inactive nowadays [19:53] pedronis: that's hard to explain, though: enable the snap, its 'refreshed' changes [19:54] Chipaca: we are still mixing concepts I fear [19:55] the current link is a good approx of installe-date, only ignoring revert, enable/disable etc [19:55] something got to give [19:55] Chipaca's take sounds reasonable to me as well.. what are we missing [19:55] ? [19:56] I mean, if you have three different snap revisions and they are all disabled, it's hard to argue that a particular one of them should be shown there [19:56] I'm not unhappy about the snap info display, my issue is with the rest api field which is still called installed-date [19:56] That said, do we show the version? [19:56] Chipaca: ? [19:57] In "installed" that is [19:57] niemeyer: yes [19:57] Okay, it seems a bit inconsistent [19:57] niemeyer: we do show a version in installed even if the snap is disabled [19:57] niemeyer: but [19:57] Then I agree with pedronis [19:57] but maybe we shouldn't [19:57] because we have a current concept (that is different from active) [19:57] i mean, maybe we shouldn't show 'installed' if it's disabled [19:58] well, it's what you would get [19:58] if you did snap enable [19:58] Chipaca: pedronis has a point I think.. maybe that's just fighting against the real model we have, which in general means we'll have cascading issues [19:58] Chipaca: e.g. it's also what we show in "snap list" isn't it? [19:59] the line is like this: installed: 0.2.26 (8) 2MB disabled [19:59] we say disabled there [19:59] but there is also a version [19:59] (what you get if you enable) [19:59] so. [19:59] Yeah, so showing the refreshed time at all times sounds right [19:59] zyga: arg 4727 makes me have to redo a bunch of stuff [19:59] It's consistent with everything else at least [19:59] niemeyer: but what is the refresh time of a disabled snap? [20:00] what is a refresh time of a reverted snap [20:00] Chipaca: It's the refresh time of the _current_ revision [20:00] pedronis: the timestamp of current [20:00] that our current interpretation [20:00] usually refreshed means from the store [20:00] not strobed client side [20:01] though we have corner cases [20:01] you can refresh to revisions you already have [20:01] hi, is it possible to specify version constraints on "stage-packages" ? [20:01] niemeyer: we don't have the 'refresh time' anywhere, though [20:02] pedronis: yep, and in this context i don't think there's a non-weird answer for revert [20:03] Chipaca: Agreed [20:03] bah, the non-weird thing would be to keep (last action, timestamp) and show that [20:03] Chipaca: So isn't it the timestamp of the link anyway? [20:03] so you get installed/enabled/disabled/reverted/refreshed: [20:03] Chipaca: When we disable, do we kill the link? I thought we had changed that [20:03] niemeyer: the link isn't there if the snap is disabled [20:03] we kill the link [20:03] niemeyer: we keep 'current' in the state [20:04] Chipaca: Except installed is taken.. oops :) [20:04] Chipaca: I almost wrote as part of that post that we should change the field name at the same time we fix its meaning [20:04] For that reason [20:04] niemeyer: the revision descriptions are growing a timestamp, it all lines up [20:05] :) [20:05] Chipaca: I'm sold ;) [20:05] OTOH we could go with 'current' for the current version description line [20:05] s/version/revision/ [20:05] Chipaca: I like that.. === cory_fu_ is now known as cory_fu [20:06] ok, so, baby steps [20:06] Chipaca: So, just to go back to that point I'm still missing: you say we currently use the link time [20:07] niemeyer: yes [20:07] Chipaca: Isn't the link always there even when it's disabled? [20:07] bah, in the PR that's up [20:07] niemeyer: no, the link is not there if it's disabled [20:07] Ah, pedronis also answered that.. I missed it, okay [20:07] long week, and long day :-) [20:08] Chipaca: So.. I think we can fix the output, and if we cannot find the proper data for all cases, we can approach it and have more data as we find the time to polish it up [20:08] Chipaca: But, I suggest we do those fixes at once.. at least the key ones [20:08] I can rename it to 'current' as part of the move [20:08] that seems a big change [20:09] but I don't know if people parse it a lot (or not) [20:09] it's ok, i'll change it one letter at a time [20:09] :) [20:09] :-D [20:09] LOL [20:09] pedronis: I hope they aren't, because I'm pretty sure there are more corner cases than not where it's not valid yaml [20:09] It's not the kind of change we should be doing very often for sure [20:09] PR snapd#4736 opened: interfaces/screen-inhibit-control,network-status: fix dbus path and interface typos - 2.32 [20:10] But I think it's worth it doing it if we plan to have more times there, which I think we do [20:10] Chipaca: I didn't say they parse as yaml [20:10] pedronis: (but the change is still going to disorient people that rely on it) [20:10] those people could use the api [20:10] pedronis: ah [20:10] I'm more thinking the grep and cut and awk sort of people [20:10] pedronis: i gotcha [20:10] It's just awkward to have refreshed next to installed with completely different meanings, and it's double awkward because installed could actually BE A TIMESTAMP [20:12] zyga: oh I thought you said it was committed [20:12] pedronis: do you reckon a heads-up forum post would be enough? [20:13] it's a start [20:14] zyga: if your pr is committed, I'll update mine, but I don't want to mix in an unapproved approach at this time === chiluk_ is now known as chiluk [20:16] pedronis: niemeyer: and because this is for snap info, we can make an additive change to SnapState to keep track of (last action, timestamp), and have code that grabs it if it exists but doesn't die if it doesn't, and we'll be set [20:16] that's a change for next week though [20:18] although knowing us, it should probably be a map[action]timestamp [20:18] heh [20:18] and then you sort them, and take the last? [20:19] pedronis: unless the last is $x that we later decided to ignore :-) [20:20] last action timestamp, download time, revision creation time, release timestamp [20:21] Chipaca: I also wonder whether we should start from thinking what I user might really find useful [20:22] pedronis: I thought we were (in a bumbling, chatty kind of way) [20:23] niemeyer: btw in https://forum.snapcraft.io/t/4150/6 you had installed twice in the first example, and with me having moved it to the bottom I'd gotten used to seeing it there so it took me a bit to understand what you meant [20:23] Chipaca: one of my questions is that is unclear those times help answering, is the thing I have here old [20:24] Chipaca: Oops, sorry.. cleaned it [20:24] Chipaca: refreshed is sort of that (except if you strange local refreshes) [20:24] pedronis: that you can only answer with the store's timestamps though [20:25] the ones we don't plan to show anywhere :) [20:25] pedronis: oh? i thought we were going to have a day in the chan map [20:25] yes [20:25] 16-2.31.1+git587.d3e52a0 (4133, from 2018-09-24) 85MB core [20:25] or sth [20:25] though we haven't decided what that date is here yet [20:26] it can be the revision date, or the release date [20:26] hopefully, gregorian [20:26] or we need both (oh my) [20:27] star date [20:28] internet time! [20:28] * pedronis should go afk [20:32] popey: ping [20:33] niemeyer: pong [20:33] popey: Heya [20:33] popey: Would you have 5~10mins for a quick catch up? [20:33] Sadly not right this second. I need to go out and get my daughter from dance class. [20:34] But I'll be back a little later [20:34] popey: Sounds good, I'll be around, so will ping you again later [20:35] popey: Talk soon [20:35] kk, will let you know when I'm back [20:35] Thanks! === pbek_ is now known as pbek === bashfulrobot_ is now known as bashfulrobot [20:47] PR snapcraft#1955 opened: meta: make sure adapter does not propagate [21:04] PR snapd#4737 opened: cmd/snap: tweaks to 'snap info' (feat. installed->current rename) [21:10] huh, why did i think snap names had max length 40 [21:11] niemeyer: I can't do the alignment you're now asking for in the pr, without a ton of work [21:12] Chipaca: My naive mind reacts in disbelief about adding a couple of spaces in a line being a ton of work. [21:13] niemeyer: ok [21:13] That's such a great conversation.. it must be Friday :P [21:13] niemeyer: i was just writing [21:14] niemeyer: it's friday and i'm very tired, so maybe it's easy and i'm not seeing it, but i'm going to call it mostly-eod right here [21:14] Type faster! [21:14] Chipaca: Certainly sounds fair [21:14] niemeyer: snap info is messy; if it were nice and clean this would be easy [21:15] Chipaca: Agreed.. we can look into it again with fresh post-weekend eyes on Monday [21:15] I did see the problem with the alignment when the channel map is missing, fwiw, and looked at fixing it, and noped out [21:16] Chipaca: We might hack it by tuning the spacing specially for that line, and serializing it independently [21:16] Or something something [21:16] niemeyer: yeah, that's the nope scenario (you'd have to keep track of what the last thing you printed even was) [21:17] (there are a ton of "if it has this, then print this") [21:17] (and people care about the order, wouldn't you know :-) ) [21:17] Chipaca: Not printed, but whether a channel map exists.. we have semantic context at hand in the info impl itself [21:17] Chipaca: Yeah, I know.. I'm sure we could spent 5 years on a modern yaml parser and do it very nicely [21:19] actually, i can show you a diff that would do the job, and you tell me if it's worth it [21:20] niemeyer: https://pastebin.ubuntu.com/p/4xRZx4vdyH/ [21:21] Chipaca: WFM! [21:29] niemeyer: iterated it a bit though, because i can't help myself [21:50] niemeyer: pushed [22:18] niemeyer: i assume the catch up was regarding the various docs threads. It's late here. Shall we catch up early next week? [22:36] dooooh [22:36] * zyga solved a bug :) [22:54] no snapcrafters around! and me with a bug [23:01] * zyga hugs Chipaca [23:01] I found a super silly bug in my code [23:01] and I found out why core and layouts didn't work [23:04] zyga: yay? [23:04] zyga: zyga! zyga. Are you on bionic? [23:04] I have a VM on bionic available [23:04] but I'm on artful [23:05] I don't think it'll work in artful yet [23:05] zyga: bionic ships with "ls --hyperlink" [23:05] what are you thinking about? [23:05] gnome terminal [23:05] in bionic [23:05] supports hyperlinks [23:05] it's weird, and exciting, and wrong :-) [23:05] * zyga checks [23:06] and of course coreutils use them [23:06] wait, WAT! [23:06] * zyga doesn't believe this [23:06] hahah [23:06] zyga: https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3cb5feda [23:06] w...t...f.. [23:06] how does it work? [23:06] IKR [23:07] hollly [23:07] zyga: escape sequences, of course [23:07] and a particularly gnarly one to parse [23:07] if I were one to be writing a de-ansifier, that is [23:07] it also works in F27 [23:08] so you bumped into this because it broke something [23:08] heh, everything I've found so far has broken with a lot less [23:08] but yes, this broke my thing [23:08] man, thank you for sharing this [23:08] this is pretty cool actually [23:09] zyga: most de-ansifiers broke with just [23:09] but man [23:09] printf '\033(0lqwqk\nx x x\ntqnqu\nx x x\nmqvqj\n\033(B') [23:09] this will be exploited [23:09] uh, remove the trailing ) [23:09] snaps can even abuse this [23:10] someone who did this will add a "preload" feature next [23:10] ok so they removed the ability to title the terminal, but added this!? ) [23:10] :) [23:10] nacc: they whaaaa [23:11] Chipaca: it's been gone for a few releases now [23:11] nacc: you mean, in the ui? or with escapes? [23:11] Chipaca: in the UI [23:11] ah! psh [23:11] Chipaca: i can try with escapes, do you have an example? [23:11] that was just confusing because your escapes would override it [23:11] nacc: you have an example in your .bashrc :-) [23:11] it's in the skeleton bashrc [23:11] your PS1 is probably doing it [23:11] Chipaca: oh sure, I know that part [23:12] it's a hassle to write a per-terminal instance PS1 though :) [23:14] nacc: yup [23:15] nacc: my favourite complaint is that they add or remove features and there's no way to detect them [23:15] that's a fact :) [23:15] like, how would an implementer know whether the terminal has hyperlinks? 24-bit rgb? properly wide emojis? [23:15] right [23:15] and then wait til someone puts it in backports :) [23:16] and, and, it sets TERM to xterm-256color [23:16] and xterms do _so much more_! [23:16] heh [23:16] and faster, also [23:17] I can measure the width taken by every unicode character on an xterm in under five minutes, wheras I need 10 instances running gnome terminal for an hour [23:17] anyhow. silly rant over. [23:19] echo -e '\e#8' [23:19] this is fun :) [23:19] 'alignment test'? [23:19] indeed [23:19] man [23:19] heh, you want to hear a funny one [23:20] microsoft added support for DEC graphics charset to their terminal recently [23:20] good [23:20] at least microsoft documents stuff now :) [23:20] but in the dec character chart [23:21] they have some codepoints with things like [23:21] ␍ [23:21] microsoft thought they were carriage returns :-D [23:22] https://vt100.net/docs/vt220-rm/table2-4.html for reference [23:23] so on windows if you do printf '\033(0c\033(B\n' [23:23] it throws an actual form feed at you [23:24] (compare with https://vt100.net/docs/vt220-rm/table2-1.html) [23:24] * Chipaca shuts up about obscure silliness and gets back to fixing snapcraft [23:28] Hello all. Need some help as I never done this kind of work. I contributed to snapcraft a few months ago and haven't update my remotes for a while [23:28] So if I checkout to master, do git pull upstream (upstream...) master and git push origin (my fork) master should update my fork as well? [23:36] gsilvapt: hmm... that's not how I do it [23:36] PR snapcraft#1956 opened: snap: actually plug the completer in [23:37] gsilvapt: I do: git checkout master, then git fetch upstream, then git merge upstream/master, then git push origin [23:38] gsilvapt: but git is hairy enough that these two might be equivalent [23:38] ¯\_(ツ)_/¯ [23:38] Chipaca, uhh, I'm noob in open source projects. I'm only used to work in a single remote :P [23:38] That makes sense too [23:38] fwiw I've stashed it all into a single command 'git sync', https://github.com/chipaca/bin/blob/master/git-sync [23:39] gsilvapt: a neat trick of git is that any command that you call git-foo in your path, git'll happily use as 'git foo' [23:39] so if aliases aren't enough you can do that [23:40] Chipaca, thanks! [23:40] Chipaca, I was checking the commit logs in my remote and they seem right in comparison to the upstream's: https://github.com/gsilvapt/snapcraft/commits/master [23:41] Guess we both learned something, haha :D [23:41] gsilvapt: :-) [23:41] gsilvapt: good thing is, if they're the same, it'll tell you [23:42] so you can push/pull again if in doubt [23:42] Chipaca, you mean using the aliases? Hum, never did that before. Interesting! [23:42] gsilvapt: no i mean, git push origin; git push origin -> second one says "meh" [23:46] Chipaca, ahh! I see [23:46] elopio, you around?