[00:20] PR snapd#4869 closed: cmd/snap-update-ns: use x-snapd.{synthetic,needed-by} in practice [01:37] PR snapcraft#2010 opened: Release/2.40+18.04 === chihchun_afk is now known as chihchun [06:12] morning [06:13] morning [06:37] PR snapd#4864 closed: daemon: support 'system' as nickname of the core snap [06:38] PR snapd#4841 closed: snap/pack, cmd/snap: add `snap pack --check-skeleton` [06:51] good morning [06:52] quick breakfast and brb [06:52] any of you fellows use a intel gpu? [06:54] phoenix_firebrd: probably most of us [06:58] zyga: When you find time can you check If you are able to play a VP9 encoded file(ex: videos from youtube) using the vlc snap with hardware acceleration enable and using vaapi for hardware acceleration? [07:01] yes, sure [07:02] can you give me an example URL? === chihchun is now known as chihchun_afk [07:07] zyga: any youtube video is fine [07:07] any? [07:07] aren't they encoded in different formats [07:07] zyga: as far as i know all the youtube videos are displayed using vp9/webm format in the latest browsers by default [07:08] I mean, I'd love to help but I want to make the test meaningful [07:08] hey zyga ! good morning [07:08] hey :-) [07:08] zyga: do you have youtube-dl [07:08] no, I don't believe I do [07:09] zyga: try this as an example https://www.youtube.com/watch?v=D6tC1pyrsTM [07:09] let me try to get a video and play it [07:10] zyga: takecare, youtube-dl by default downloads the highest quality video and the above video is a 4k video and take a lot of size [07:12] phoenix_firebrd: which channel of vlc do you want to tets [07:13] *test [07:13] zyga: normal [07:13] stable? ok [07:13] zyga: I think it contains vlc verion 3.0.1 [07:14] zyga: ok === chihchun_afk is now known as chihchun [07:19] phoenix_firebrd: I'll let you know once the download finishes [07:20] zyga: ok [07:33] mvo: what shall we do with 4765 [07:34] PR snapd#4874 opened: tests: a bunch of test fixes for s390x from looking at the autopkgtest logs [07:35] PR snapd#4872 closed: tests: add workaround for s390x failure [07:39] zyga: is this line correct? https://github.com/snapcore/snapd/blob/master/cmd/snap-confine/snap-confine.apparmor.in#L367 the current autotools setup configured with --libexecdir=/usr/lib/snapd [07:39] looking [07:40] oh [07:40] no, looks like a bug [07:40] nice catch! [07:40] please tag the fix with 2.32 as well [07:40] ok [07:42] PR snapd#4863 closed: snap: don't create empty Change with "Hold" state on disconnect (2.32) [07:44] jjohansen: I'm running your kernel today, so far no issues, I will periodically run the script that finds dangling symlinks and report back [07:46] zyga: #4875 [07:46] PR #4875: cmd/snap-confine: fix ptrace rule with snap-confine peer [07:46] PR snapd#4875 opened: cmd/snap-confine: fix ptrace rule with snap-confine peer [07:47] thank you === phoenix_firebrd is now known as phoenix_firebrd_ [07:48] mborzecki: approved [07:48] man, we will have a lot of back ports to do [07:48] hopefully those are single patch fixes :) [07:49] mvo: I failed to fix the last bug yesterday, it's not that I don't know what to do it is just _how_ to do it [07:52] phoenix_firebrd_: hey === phoenix_firebrd_ is now known as phoenix_firebrd [07:52] so I think it doesn't work [07:52] [00007f7608001ca0] glconv_vaapi_x11 gl error: vaInitialize: unknown libva error [07:52] libva info: VA-API version 0.39.0 [07:52] libva info: va_getDriverName() returns 1 [07:52] libva error: va_getDriverName() failed with operation failed,driver_name=i965 [07:52] [00007f7608001ca0] glconv_vaapi_drm gl error: vaInitialize: operation failed [07:53] this is on a i5 skylake chip [07:53] zyga: hi [07:53] the video plays but using significant amount of CPU === chihchun is now known as chihchun_afk [07:54] zyga: I think skylake supports hybrid decoding of vp9 [07:54] zyga: can you paste the profiles list? [07:54] what profiles? [07:54] zyga: the rest of the livainfo [07:54] zyga: vainfo i mean [07:54] one sec [07:55] https://www.irccloud.com/pastebin/ZuZnIbE4/ [07:55] note that this is vainfo outside of the snap [07:56] zyga: are you on 18.04? [07:56] yes [07:56] zyga: ah [07:56] zyga: https://bugs.launchpad.net/ubuntu/+source/intel-vaapi-driver/+bug/1756380 [07:56] Bug #1756380: vaapi VP9 hardware decoding not working anymore in bionic [07:56] zyga: vp9 profiles are absent for supported hardware in 18.04 [07:57] phoenix_firebrd: but shouldn't this matter in snaps [07:57] is this a kernel side issue or a userspace issue [07:57] zyga: i mean just in case of the vainfo you gave from outside of snap [07:57] right [07:58] did you see the erros from libva I posted earlier [07:58] when starting up vlc [07:58] zyga: ya [07:59] zyga: is there a way to update the i965-va-driver package in snap to 2.1.0? [07:59] only by rebuilding the snap [07:59] mborzecki: ^ FYI, one of the things we could eventually support is pluggable va drivers === pstolowski|afk is now known as pstolowski [08:00] Mornings! [08:01] zyga: what are the steps that has to be done to fix this driver bug issue so that it does not show up in the vlc snap [08:01] I don't understand the issue so I cannot say [08:01] zyga: by driver i mean the one used in the snap core i guess === chihchun_afk is now known as chihchun [08:02] phoenix_firebrd: are you asking what is needed to stop shipping libva in a particular snap, like vlc? [08:03] I think it would be nice to consider whether the version in bionic archives could be upgraded or cherry pick fixed, but that's outside of snappy realm [08:03] zyga: If you know that the intel vaapi driver is buggy and that causes vlc snap to display corrupted frames while playback, how do you fix that [08:04] phoenix_firebrd: I don't know anything about libva, I cannot help with that [08:04] phoenix_firebrd: perhaps vlc folks who make the snap can say more [08:04] I can help with snapd side of the problem [08:04] zyga: if you want to update the display drivers what snap will you update? core or vlc or both? [08:04] phoenix_firebrd: vlc [08:05] phoenix_firebrd: the core doesn't ship any [08:05] zyga: so you mean different media player snaps can ship with different version of drivers ? [08:05] not really drivers, drivers are in the kernel [08:05] of userspace libraries, yes [08:06] zyga: This list of packages used to compile a snap is called manifest right? [08:06] PR snapd#4876 opened: packaging: recommend "gnupg" instead of "gnupg1 | gnupg" [08:06] phoenix_firebrd: snap may be built entirely from source (except from the toolchain perhaps) so the word package is perhaps misleading [08:07] I don't know how vlc snap is built, for example, I didn't look at it that closely [08:07] phoenix_firebrd: so it's possible to both reuse binary builds from a distribution and to build latest and greates of everything from source [08:08] a quick look at vlc snap tells me they're building a lot from scratch at least, as they have Qt 5.10 [08:09] zyga: how I see what are the contents of the core snap [08:09] phoenix_firebrd: just look at it? it's usually mounted in /snap/core/current/ [08:10] but the intel driver they have is from 2016 [08:11] good morning [08:11] o/ Mirv [08:12] right, they are basically using unmodified 16.04 LTS version of i965-va-driver, not building it themselves. since they're already building the whole Qt, it sounds to me they could be interested in building some of this too [08:12] kalikiana: o/ :) [08:14] zyga: by the looks of it, plain makefile stuff (even though I'm doing some templates inside) is way faster than autotools [08:14] the actual build part is comparable, the largest win is not running configure [08:15] mborzecki: yeah, that is very typical [08:16] zyga: I just found that the intel vaapi driver is shipped with the vlc snap and not with core snap. Where to file a bug on a vlc snap ? [08:17] phoenix_firebrd: well, I told you that [08:17] phoenix_firebrd: run "snap info vlc" [08:17] and see the contact URL [08:20] zyga: ok, let me check [08:26] zyga: thank you so much for the support [08:26] thank you for using snaps :-) [08:35] Ok, I think I have a nice way to fix the bug with layouts leaking thing to the host [08:49] `ERROR: Conflicting profiles for /snap/core/4278/usr/lib/snapd/snap-confine^mount-namespace-capture-helper defined in two files:` this something new? [08:51] full log https://paste.ubuntu.com/p/xCzYR4Ztpv/ [08:52] is snapd 2.32+18.04~pre5 known to be broken? [08:52] after dist-upgrading today, all my snaps are marked broken [08:52] rebooting seems to "fix" them, but then they won't start === chihchun is now known as chihchun_afk === chihchun_afk is now known as chihchun [09:00] mborzecki: I saw that once yesterday [09:01] mborzecki: looks like atomic file write left some stuff behind [09:01] oSoMoN: yes [09:01] zyga, want me to file a bug report or start a thread on the forum to gather information on the issue? [09:02] zyga: just saw it in 4875, restarted the build to see if it's something random [09:09] pedronis: hi did you see this? https://forum.snapcraft.io/t/avoiding-snap-refresh-in-live-sessions-i-e-installers/4468/4 [09:09] * mwhudson is not really here [09:10] PR snapcraft#2011 opened: tests: run tests on Trusty on Travis [09:10] mwhudson: yes, I don't have particular opinions, is this something snapd needs to do or the installer could do? [09:10] pedronis: how could the installer do it? [09:10] i'm all for not changing snapd at this point of the cycle [09:11] mwhudson: move refresh.hold from 2h to 60 days ? [09:11] pedronis: oh just execute snap set core refresh.hold 60d? [09:11] well now+60d [09:11] but yes [09:12] would that be enough? [09:12] oh ok then that sounds easy :) [09:12] i think if people boot the installer and then don't do anything for 60 days, i think i'm ok with things breaking [09:13] to be precise you can set anywhere in the future [09:13] but after 60 days is not respecte [09:13] d [09:13] haha [09:13] pedronis: i had another awful hack in mind, which was to install core and subiquity unasserted [09:13] but this sounds better than that [09:14] pedronis: which version of snapd has refresh.hold support? [09:14] 2.32 [09:15] ok [09:15] and that's not in bionic because i uploaded go 1.10 but well [09:15] well our plan is to have in bionic in the images [09:15] oh no it is in bionic now [09:15] awesome [09:16] it has issues it seems though (but unrelated to this) [09:17] pedronis: thanks [09:17] * mwhudson goes to bed === phoenix_firebrd is now known as phoenix_firebrd_ [09:40] mwhudson: it is in bionic now [09:41] mwhudson: I mean 2.32 is in bionic, we asked to ingore the s390x failures for now as this only affects the covermode=atomic right now [09:41] hmm, why is connecting to interfaces so slow all of a sudden [09:42] Chipaca: I noticed this as well [09:42] ok, I'll dig [09:42] mvo: do we still not have auto-prereqs? [09:43] Chipaca: 2.32 should have them [09:44] Chipaca: is that not working for you? iirc we do not pull in new prereq on refresh, that is a missing feature/bug [09:44] mvo: 2.32~pre4+git612.2003af8~ubuntu16.04.1 isn't working for me === phoenix_firebrd_ is now known as phoenix_firebrd [09:44] that is, "snap install evince" resulted in no gnome platform snap [09:44] in related news: does someone know why master is broken? it seems ~200 tasks are aborted [09:47] Chipaca: I look once the current fire is out [09:47] Chipaca: but I see the same here, slightly sad [09:47] mvo: k [09:48] kalikiana, hey, have you ever seen this snapcraft error when cross-compiling: https://paste.ubuntu.com/p/z4BW75yhXB/ ? (edge channel) [09:50] abeato: Hmm no I think that's new to me [09:50] abeato: Did this break recently? [09:51] kalikiana, well, it used to work last week [09:51] Also on edge? [09:52] yes [09:53] artful fyi [09:54] kalikiana, stable works [09:54] a regression in edge then [09:55] Yeah, looks like it :-/ === phoenix_firebrd is now known as phoenix_firebrd_ [09:55] abeato: Can you file a bug, please? [09:55] kalikiana, yup [09:58] PR snapd#4877 opened: snap-confine: fallback to /lib/udev/snappy-app-dev if the core is older [09:59] mvo: looking [09:59] kalikiana, https://bugs.launchpad.net/snapcraft/+bug/1757094 [09:59] Bug #1757094: snapcraft in edge channel (2.39.2+git46.c22d7e2) fails to cross-compile kernel [10:00] +1 :) [10:02] zyga: yay, thank you [10:02] zyga: now we just need to unbreak master [10:02] zyga: and *hopefully* the world is a happy place again [10:02] is master broken? [10:02] zyga: yeah, next PR comming that tests my theory on the why [10:02] oh, ok [10:03] PR snapd#4878 opened: tests: disable 18.04 spread tests in google for now [10:03] zyga: it looks like its a test problem with the google 18.04 [10:03] I didn't see any issues [10:03] but I'm still on an older branch from yesterday [10:03] zyga: no worries, only spread not our code [10:03] zyga: also - "make fmt" on bionic produces some different output than "make fmt" on older releases it seems [10:04] zyga: not a great morning so far, too many fires [10:04] yes [10:04] I noticed [10:04] this is why it's no longer enforced [10:04] when things quited down I will reindent with something saner [10:04] or see if I can coerce newer indent [10:12] abeato: Thanks! [10:13] abeato: Can you link the snap you're building there? [10:14] that might be tricky [10:15] (customer kernel) [10:16] kalikiana, that ^ [10:16] Hmm okay. [10:16] Chipaca: turns out the problem with evince is that there is on `content: ` line in the interface, I'm looking if we should use default here [10:21] mvo: we have code that sets defaults [10:21] but probably is not called for this case [10:21] bit fragile to duplicate it though [10:27] pedronis: yeah, I'm poking a bit to see if there is a nice way [10:30] mvo: i think oSoMoN and/or kalikiana could land a fix meanwhiles :-) [10:31] Chipaca: yeah, fix is trivial, just adding "content: " on both the evince plug and the gnome-3-26-1604 slot [10:33] mvo: ‘content: like a river’ [10:33] (http://www.azquotes.com/quote/1262712) [10:33] mvo: mmh, it's it not done much earlier, I suppose the issue is that we read the snap yaml but don't validate it [10:33] (which would set the defaults) [10:34] I was remembering the old code, but in the new world this should happen somewhere in snap/ === phoenix_firebrd_ is now known as phoenix_firebrd [10:36] mvo: I finally have good progress on the (I named it) trespassing bug [10:36] I'll get a coffee and finish it soon [10:37] Chipaca: nice and poetic [10:37] pedronis: hm, that might be it [10:39] pedronis: it looks like nowday "interfaces.BeforePrpareSlot" must have been called [10:42] mmh [10:42] pedronis: interfaces.SanitizePlugsSlots calls this, so you are right I think, somewhere there is a sanitation missing [10:44] mvo: it's called by the ReadInfo* but not by just parsing [10:44] mvo: I think you added code to details.go in store that calls parsing of yaml but not that [10:45] pedronis: indeed, that sounds like the culprit [10:45] mvo: otoh it seems to be called only for installed snaps [10:46] atm [10:46] mvo: Chipaca: it's all a bit confusing: ReadInfoFromSnapFiles calls Validate bot not SanitizePlugsSlots and ReadInfo calls SanitizePlugsSlots but not Validate [10:47] pstolowski: ^ [10:47] what was the thinking there? [10:47] pedronis: yes just looking. seems to be my oversight in the refactoring :( [10:47] pedronis: I'm still looking but afaict store/details.go calls InfoFromSnapYaml() which does not sanitzze, I wonder if we can/should do it there because that is used by the various bits afaict [10:48] I know why we don't validate already installed snaps [10:48] the assumption is that is done once [10:48] before [10:48] but SanitizePlugsSlots has side effects we always need [10:48] for values of always [10:50] pedronis: yeah, I wonder if nowdays it should be "annotatePlugsSlots" or something, its doing much more than to sanitize [10:53] PR snapcraft#2011 closed: tests: run tests on Trusty on Travis [10:53] mvo: what do you mean with more? afair the only difference with old implementation is the fact that it collects invalid ones in BadInterfaces [10:54] pstolowski: it calls BeforePrepareSlot for each interface [10:54] pstolowski: for the content interface this adds some defaults (like when content: is missing it adds an implicit "content: ") === phoenix_firebrd is now known as phoenix_firebrd_ === phoenix_firebrd_ is now known as phoenix_firebrd [10:56] kenvandine: could you please update evince so that default-provider is just a snap name? right now it is "gnome-3-..:gnome-3-..." [10:56] mvo: I see. BeforePepare* is the old Sanitize*, we were doing that before, it's just that we don't call SanitizePlugSlots now when we should after the code was moved around [10:56] pedronis: http://paste.ubuntu.com/p/2NjMYChFzR/ <- this might be what we need, i.e. run this always [10:57] pstolowski: yeah, it was just a idle though that the name is not fully conveying what is happening (but I guess one could argue that part of the sanitize is that missing fields are updated with sensible defaults) [10:57] it's reasonable, I don't know if there is some assumption that that code does that would explode if we don't Validate first though [10:58] pedronis: ReadInfo() would still get sanitization via infoFromSnapYamlWithSideInfo [10:59] pedronis: all tests explode because we are not prepared for this in the tests, so there is some work here :) and of course I need to double check with pstolowski that this is sensible [10:59] seems orthogonal right now [10:59] pedronis: orthogonal to what? === phoenix_firebrd is now known as phoenix_firebrd_ [11:00] sorry, I was answering my question: I mean the jobs Validate does and SanitizePlugsSlots do [11:00] they don't seem to depend on each other [11:00] (atm) [11:00] pedronis: yeah, validate is doing something else right now indeed [11:01] Chipaca, pedronis fwiw, I tested the evince with the updated location for the SanitizePlug and the content is installed (well, would be installed if default-provider was a snap name ;) but that is a problem of the snap and easy to fix there) [11:02] pedronis I think I will prepare a PR with the change and test updates and let pstolowski and you double check, sounds reasonable? [11:02] mvo: the original invariant was (and still is) that every snap.Info that we create and return has all the plugs and slots sanitized and we don't expose broken ones via this struct [11:02] mvo: ok [11:02] pstolowski: yeah, I think this invariant is currently not honored [11:03] mvo: right, my bad :( [11:03] pstolowski: when you create a snap.Info via InfoFromSnapYaml() [11:03] pstolowski: no worries [11:03] mvo: I can take this bug [11:03] pstolowski: http://paste.ubuntu.com/p/2NjMYChFzR/ is probably what we want plus test updates, if you can take it that would be great [11:04] pstolowski: the real world test is to snap install evince, it should pull in the gnome-3-... content snap but it does not right now because the defaults are not set [11:04] pstolowski: (john discovered this bug). if you have any question, just let me know [11:05] * mvo goes back to unbreaking bionic [11:05] mvo: yes, that fix looks sensible as long as this is indeed the central (or only) place that needs this [11:06] mvo: ok, i'll work on this right away; is this some kind of a blocker atm? [11:06] pstolowski: its not terrible but nice to have [11:07] pstolowski: 2.32 will have the install of content providers so if we can unbug it, that would be great [11:07] pstolowski: I mean, its not terrible urgent (no need to skip lunch over it) but ideally we should fix it today if we can [11:08] ack, will be aiming at that [11:08] thanks pstolowski ! [11:11] pedronis: one question re your comment "what happens on update with old tasks that had the previous thing?" to the interface hooks; that's a valid concern and I think we need to make sure update conflicts with these hooks (there is already some code for connect/disconnect conflict on update, but I need to check if it would do that). does that sound sensible? [11:11] mvo: sure, thanks for catching & sorry for the trouble /o\ [11:15] pstolowski: no worries [11:20] PR snapd#4878 closed: tests: disable 18.04 spread tests in google for now [11:21] PR snapd#4879 opened: tests: revert "tests: disable 18.04 spread tests in google for now" [11:26] sergiusens, hey, I've seen some errors on autopkgtests https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-artful/artful/armhf/s/snapcraft/20180319_163043_7404b@/log.gz [11:27] cachio: feel free to ignore armhf until the new autopkgtest roll out comes into place [11:27] sergiusens, nice, thanks [11:28] PR snapd#4880 opened: [RFC] cmd, data: plain make [11:28] zyga: plain make ^^ [11:28] oh,cool [11:28] mborzecki: queued for after standup === phoenix_firebrd_ is now known as phoenix_firebrd [11:38] mborzecki: nice speedup [11:39] mborzecki: hard to grasp how auto* is so inefficient, speed 6x [11:39] all the perl/sed/coreutils invocations add up [11:42] i'm looking into why #4875 fails, also #4871 failed in a way that's sort of similar [11:42] PR #4875: cmd/snap-confine: fix ptrace rule with snap-confine peer [11:42] PR #4871: cmd/snap-confine: fix Archlinux compatibility [11:42] it looks as if when updating snap-confine apparmor profile, some temp files are left behind [11:43] mvo: zyga: any ideas how that could be possible? [11:43] no, [11:43] we just write it using atomic thing [11:43] zyga: I checked the vlc snap info, it shows a url to a general support page. I checked the vlc support page, I shows a general bug reporting page, not anything specific to snaps, also on searching for existing bugs, there was not a single snap related bug report. So is there a specific place dedicated for vlc snap bugs? [11:44] phoenix_firebrd: no, it's their snap and their bug reports [11:45] mborzecki: looking [11:45] zyga: hm it looks like a temp file made by us though, /etc/apparmor.d/snap.core.4278.usr.lib.snapd.snap-confine.gVv662JKQnGl the suffix is 12 chars, the same as we use [11:46] mborzecki: do you have a link to the failure log or a pastebin of it? [11:46] yes [11:46] mvo: https://paste.ubuntu.com/p/xCzYR4Ztpv/ [11:46] ta [11:46] mborzecki: but I don't know why it would stay behind now [11:47] zyga: that is ensureDirState, right? that is used all over the place so should be well tested [11:47] yes [11:47] and the actual writing is done by atomic thing AFAIR [11:47] so I doubt it's something newly broken there [11:48] or its a race [11:48] i.e. we write things at the same time when the profile is loaded? [11:48] hmmmm [11:48] perhaps [11:48] but who would load it? [11:48] (a long shoot) [11:48] I have no idea :) [11:48] apparmor loads that profile [11:48] but we start after apparmor [11:48] then snapd reloads that profile [11:48] but _exactly_ that profile (not everything else) [11:48] the error is weird btw, [11:49] ah [11:49] + aa-enforce /etc/apparmor.d/usr.lib.snapd.snap-confine.real [11:49] this is aa-enforce doing things [11:49] it's just a test thing, we never touch that from snapd [11:49] so something goes wrong [11:49] and then much later we run aa-enfroce [11:49] *aa-enforce [11:49] and that looks for system-wide consistency for some reason [11:50] zyga: so a bug in vlc snap has to be reported in the regular vlc bug reporting channel? [11:50] phoenix_firebrd: yes, snaps don't have packagers in the same sense as other linux packages, typically upstreams package and ship the snap [11:51] zyga: mvo: just ran this test through spread and it was all good [11:51] yeah, I saw this once yesterday [11:51] zyga: maybe we need to run aa-enforce checks in each restore to catch the offender? [11:51] do we touch those profiles while installing the package? [11:51] and it's first time I ever saw it [11:51] ok [11:51] mvo: I think that's what happened here [11:51] or maybe I'm wrong [11:52] zyga: I think this makes sense - but what is calling aa-enforce? [11:52] I think it's one of the tests actually [11:53] mvo: the test does [11:53] mvo: main/snap-confine [11:53] mvo: one idea [11:53] mvo: somehow we stop snapd at the wrong time [11:53] and we have this in the state tarball [11:54] it would be good if someone managed to reproduce this with -debug [11:55] zyga: running it now with the same seed as the tests [11:55] NB: I doubt it's deterministic anyway [11:55] but let's see [11:55] zyga: can you point me to a place, where there is a complete documentation about snaps and the related process [11:57] phoenix_firebrd: ha, I wish we had one, we are doing most of the work on forum.snapcraft.io and on a new (test URL) site at https://snapdocs.labix.org/ [12:01] zyga: If i am doing "sudo snap install vlc " in ubuntu, from where does the vlc snap gets fetched? [12:03] phoenix_firebrd: from the snap store === pstolowski is now known as pstolowski|lunch [12:05] zyga: snapstore.com? [12:05] no [12:05] it's a service at... [12:06] https://api.snapcraft.io/ AFAIR [12:06] the actual package download is from a CDN [12:06] zyga: so in case of vlc, Vlc snap gets created and uploaded to the snap store by the vlc maintainers and then we fetch from it during install? [12:07] yes [12:07] exactly that [12:07] zyga: cdn of course [12:09] mvo: I'm testing the fix for trespassing bug now, looks good for 2.32 from layout POV today [12:09] zyga: I guess I have to create a vlc account and file a bug with them. I think I will windup today with this. Thank you. [12:09] I will need to backport all the things that were labelled as 2.32 and only merged to master [12:09] phoenix_firebrd: thank you! I think you can also shoot them an email somewhere but I have never tried reporting VLC bugs directly [12:11] zyga: I am thinking of collection preliminary information by directly talking to some devs in vlc irc channel, if one exists and then will email and/or file a bug report [12:11] yeah, that's a good idea === JanC_ is now known as JanC [12:17] niemeyer, change in spread already updated [12:18] aww, drat [12:19] * zyga tinks [12:19] thinks [12:23] pstolowski|lunch: my question was more about the older version of the same hooks? did we partially support hook already in stable? === phoenix_firebrd is now known as n === n is now known as phoenix_firebrd [12:35] mvo, hey [12:35] I am pushing a fix for bionic [12:38] PR snapd#4881 opened: tests: make tests run with specific bionic release avoiding take the last one [12:52] jdstrand: man, fixing the "trespassing" bug (where we write to real /etc is really hard) [12:52] it requires some fair amount of changes [12:56] mvo: fwiw, https://forum.snapcraft.io/t/auto-connection-for-gnome-3-24-content-interface/1379/79 === pstolowski|lunch is now known as pstolowski [12:57] jdstrand: my approach was to interact with the secureMk* family of functions [12:58] and before calling open(..., O_CREAT,...) or mkdirat() or symlinkat() check that fstatfs reports that we are on a tmpfs [12:58] this is not perfect but it is a close approximation to "is this a mimic" [12:59] if something is a tmpfs we just carry on [12:59] if it's not a tmpfs we check if the path we are attempting to make looks legitemately [12:59] zyga: https://paste.ubuntu.com/p/tQg4GVfMK5/ [13:00] brb [13:00] mvo: I will be a moment late to the standup [13:05] zyga: I spoke to a vlc dev, they say that the one-line-patch to fix the driver bug, has to be backported to 16.04 by ubuntu, they will then re-release an update vlc snap with the updated driver. [13:06] zyga: how likely ubuntu will backport a patch to 16.04? [13:06] phoenix_firebrd: not sure but they don't have to wait for that, they can just build the right version of the driver from source and put that in the snap [13:07] zyga: I guess their policy stops them. [13:08] zyga: they say they use the stuff from 16.04 to target the 16.04 core i guess [13:09] zyga: like for example the va-api version 2 uses libva2 which cannot be installed in 17.10, because of the dependency issue [13:10] zyga: do you know how long it will take for the ubuntu core snap to migrate to 18.04? [13:11] it wont, the design will change [13:11] (you wuill be able to simply declare 16 or 18 in your snaps snapcraft.yaml and it will work on either of them, pulling in what it needs) [13:12] but thats probably a thing that will still take til ... well.. october ? [13:12] ogra_: this October ? [13:12] no, october in 7 years [13:12] :P [13:12] (indeed this october :) ) [13:13] phoenix_firebrd: ubuntu core16 and core18 will exist in parallel [13:13] phoenix_firebrd: so vlc snap maintainers can hop onto the 18 one when they feel like it and when it is ready [13:13] it won't be a "hard" change [13:13] snaps will use base they want and will switch whenever they want [13:13] mvo, oh, all of our snaps do that [13:14] mvo, so it should just be the snap name? [13:15] ogra_: :) [13:15] zyga: ok [13:17] mvo, the documentation says to use the name and slot [13:17] default-provider (plug): name and slot of preferred providing snap (:) [13:20] zyga: temp files do not seem to come from snapd-state.tar.gz https://paste.ubuntu.com/p/D8qf6j6CwY/ [13:23] kenvandine: thank you, I'm in a meeting right now, I will review the docs [13:23] kenvandine: please do nothing for now, I will look in a bit [13:24] mvo, ok, thx! [13:32] mvo, zyga: looking at backscroll from last week, https://github.com/snapcore/snapd/pull/4822 would kill boot speed, especially on armhf. I'm glad you figured out another way [13:32] PR #4822: interfaces/apparmor: skip apparmor cache [13:38] mvo, zyga: how is that bionic fix coming along? [13:39] oSoMoN: fix is reviewed we are waiting for tests [13:40] mvo, excellent, thanks! [13:40] jdstrand: thanks, yes, we never wanted to do this for real :) [13:40] mvo, do the autopkgtests for snapd exercise installing and running real-world snaps? [13:42] jdstrand: yes, that was a RFC really, to see what the problem is [13:42] oSoMoN: mvo is handling that [13:43] * jdstrand hugs mvo and zyga [13:43] oSoMoN: yes [13:44] oSoMoN: well, depends on what you mean by real-world :) it does run lxd and a bunch of small snaps, it does not run chromium or firefox [13:44] jdstrand: btw, did you see my apparmor parser wrapper [13:44] with more control over caching? [13:45] zyga: not yet. is it a PR? [13:46] mvo, ack, thanks [13:46] jdstrand: it was but got closed (it was another RFC, let me show that to you quickly) [13:47] oSoMoN: this particular problem is caused by bionic being ahead of core [13:47] jdstrand: https://github.com/snapcore/snapd/pull/4827/files [13:47] PR #4827: cmd/snap-apparmor-parser: add a prototype apparmor parser [13:47] oSoMoN: if you switch your core to "beta" (snap refresh --beta core) you are good again too [13:47] I grew it slightly to handle removing later but this version shows the general idea [13:47] (I was also saving both the source file and the binary file) [13:47] (source after preprocessing) [13:51] mvo: you mentioned in backscroll that https://bugs.launchpad.net/snappy/+bug/1460152 needed love. that (and a regression fix for it) was committed to upstream apparmor in 2015 [13:51] Bug #1460152: apparmor cache not updated when apparmor.d rules change (breaks 15.04/stable -> 15.04/edge updates) [13:51] mvo: if it is continuing to not do what we want, then I think a new bug is in order [13:51] cachio: you want apparmor-profiles package [13:53] zyga: cachio: fwiw. apparmor is disabled in snap-confine for opensuse https://github.com/snapcore/snapd/blob/master/packaging/opensuse-42.2/snapd.spec#L126 [13:54] mborzecki: yes, but it could be enabled now [13:54] let's try it :) [13:54] zyga: before committing https://github.com/snapcore/snapd/pull/4827, we should talk to jjohansen [13:54] PR #4827: cmd/snap-apparmor-parser: add a prototype apparmor parser [13:54] jdstrand: it's closed, we're not going to commit that AFAIK [14:00] mborzecki: I'm with you in the hunt for the snap-confine.XXXX leftover profiles now [14:00] mborzecki: as this blocks my PR too [14:01] mvo, zyga: is the cache drama from last week resolved due to removing the system key OR? [14:01] PR? [14:01] jdstrand: yes, it's the system key [14:02] * jdstrand is trying to wade through the discussion and the various PRs [14:02] we change things that end up in system key behind snapd's back [14:02] (we repackage core) [14:02] so revision was not sufficient [14:02] right [14:02] and we simply remove the system key as a workaround (this only affects test) [14:02] https://github.com/snapcore/snapd/pull/4842 is still open btw (and out of date) [14:02] PR #4842: interfaces: make hash of apparmor profile for snap-confine in core part of the system-key [14:03] jdstrand: I think that was another RFC [14:03] jdstrand: it is resolved in the sense that things work now and we also have an idea how we could make it more robust (by adding a hash of the current snap-confine profile from core into the system-key). but I think there is a bug lurking there somewhere in the apparmor cache handling still :/ [14:03] the one that we decided on was merged [14:04] jdstrand: unfortunately I don't have much better feedback than: "it does not work" :/ sorry for that [14:04] mvo: if you figure it when 'it does not work', please file a bug and me or jjohansen can take a look at it [14:05] mvo: there is a lot going on between apparmor cache, system key, ensure dir, reexec, etc [14:05] #4873 is the delay classic reg PR [14:05] PR #4873: many: delay classic registration until first store interaction [14:08] mvo: any idea where this could be coming from? the code in intefaces/apparmor does not seem to be doing anything wrong [14:12] PR snapd#4842 closed: interfaces: make hash of apparmor profile for snap-confine in core part of the system-key [14:14] PR snapd#4781 closed: wrappers: refactor desktop file sanitizer to support autostart files [14:17] PR snapd#4882 opened: snap: make `snap run` look at the system-key for security profiles [14:17] mborzecki: yeah, its confusing. it just uses EnsureDirState() and that uses AtomicWrite and defer .Cancel() [14:20] mvo: ha, interesting [14:23] mvo: when core is refreshed, when does snapd restart to reexec into the new one? [14:25] mborzecki: thats slightly complicated, iirc in overlord/snapstate and in the link-snap handler there [14:25] mvo: I need to take a break === phoenix_firebrd is now known as phoenix_firebrd_ === phoenix_firebrd_ is now known as phoenix_firebrd [14:29] PR snapd#4883 opened: debian: undo snap.mount system unit removal [14:32] PR snapd#4884 opened: debian: run snap.mount upgrade fixup *before* debhelper === dgadomski_ is now known as dgadomski === phoenix_firebrd is now known as phoenix_firebrd_ [14:42] zyga: Didn't we have a snap for gcloud or something? [14:42] cachio: ^ === phoenix_firebrd_ is now known as phoenix_firebrd [14:44] zyga, mmm, I think zyga created it [14:44] We're working on that. [14:44] niemeyer, I have the google clud sdk snap that zyga created [14:45] cachio: What's the snap name? [14:45] niemeyer, it is not in the store [14:45] I see [14:45] niemeyer, he copied the snap in a usb [14:46] Is it super secret? :) [14:46] No, but don't put it in the store please. [14:46] niemeyer, I don't think so [14:46] niemeyer, should we upload it to the store? === phoenix_firebrd is now known as phoenix_firebrd_ === phoenix_firebrd_ is now known as phoenix_firebrd [14:51] niemeyer, zyga is it ok if we move the tests execution from opensuse 42.2 to 42.3 for each PR? [14:51] mvo: I am currently seeing problems with snap removal in LXD containers, is that a thing which was meant to work? [14:51] Yes, i think so [14:52] mvo: it smells like snapd tries to unmount the snap via mount where `fusermount -u` would be right [14:52] It is s point update === phoenix_firebrd is now known as phoenix_firebrd_ === phoenix_firebrd_ is now known as phoenix_firebrd [14:52] Morphis: we don’t unmount [14:53] It is done by systemd [14:53] zyga: someone does it, however a `snap remove ..` hangs forever [14:54] I think the fix was not released yet [14:54] You need 2.32 den [14:54] zyga: ++ snap remove lxd [14:54] 2018-03-20T14:41:12Z ERROR cannot remove snap file "lxd", will retry in 3 mins: [stop snap-lxd-6162.mount] failed with exit status 1: Job for snap-lxd-6162.mount failed. See "systemctl status snap-lxd-6162.mount" and "journalctl -xe" for details. [14:55] that is what I get [14:56] zyga: is this https://bugs.launchpad.net/snapd/+bug/1712930 ? [14:56] Bug #1712930: snap-confine: mounts happen in the wrong order [14:58] Yes [14:59] so 2.31 should have the fix, right? [15:05] kenvandine: https://forum.snapcraft.io/t/the-content-interface/1074 has the correct description for the content interface. where did you see the incorrect description? asking so that we can get this fixed :) [15:08] zyga: so is there already a timeline for when 2.31 gets SRUed into xenial or should this be fixed (without a reboot) with just a new core snap? [15:09] mvo, https://docs.snapcraft.io/reference/interfaces [15:09] mvo, it says "default-provider (plug): name and slot of preferred providing snap (:)" [15:09] thanks kenvandine [15:10] mvo, so that means all of our GNOME snaps are wrong :( [15:10] kenvandine: well, I need to talk to niemeyer but we could simply support you by adding coding to split on the ":" and just throw that part away [15:10] mvo, which are the official docs? the forum or docs.snapcraft.io? [15:11] morphis: for this bug we need 3.32 and I don’t know about timelines [15:11] off to prep lunch for the kids [15:11] zyga: you mean a new deb or a new core snap with 2.32? [15:11] New deb [15:12] Then the container inside can work [15:12] I mean then snapd inside the container can work [15:13] kenvandine: well, there is a bit of a debate about this but the forum docs tend to be more up-to-date and more accurate [15:13] zyga: ok, sounds like this is long away with the deb of snapd being still at 2.29 in xenial === chihchun is now known as chihchun_afk [15:14] Oh [15:14] mvo, hmmm... ok, we need to kill docs.snapcraft.io then [15:14] Good point [15:14] * zyga needs to stop sitting for back pain to go away [15:15] kenvandine: this is a ongoing discussion how to best deal with the docs, niemeyer is leading this discussion [15:16] davidcalle: what is the best way to ask for a small fix onhttps://docs.snapcraft.io/reference/interfaces ? we need to tweak the "default-provider" line so that it says that the default provider is just a snap name [15:19] mborzecki: when I tried to reproduce the snap-confine "ERROR: Conflicting profiles for /snap/core/4278/usr/lib/snapd/snap-confine^mount-namespace-capture-helper defined in two files:" in qemu (run in isolation) this did not work - did you managed to reproduce it? [15:20] mvo, hey, I'm not handling this anymore, but I'd say a PR on https://github.com/canonical-docs/snappy-docs/blob/master/reference/interfaces.md [15:24] PR snapd#4885 opened: Specify charset in po/snappy.pot [15:26] mvo: yes, i reproduced it twice using #4875 [15:26] PR #4875: cmd/snap-confine: fix ptrace rule with snap-confine peer [15:27] but didn't happen on the 3rd run when i had more ideas what to check :/ [15:34] niemeyer: there's some mention of the core snap and vlc in LP: #1756380 about the vaapi driver used by vlc [15:34] Bug #1756380: vaapi VP9 hardware decoding not working anymore in bionic [15:34] niemeyer: dunno if you can help confirm it, that user was a bit problematic on irc [15:39] mvo, kenvandine: We have a agreement to go ahead and replace docs.snapcraft.io to documentation based on the forum, resembling snapdocs.labix.org [15:41] nacc: I don't know details about that one, but I see a message in the bug itself saying it has been fixed elsewhere [15:41] niemeyer: yeah, i just wasn't sure if the user was full of it :) [15:43] davidcalle,mvo,kenvandine: We need to finish moving (and polishing on the way) this content over to the forum.. I'm hoping to come back to it once 18.04 and the review queue is a bit more under control [15:43] niemeyer, thx [15:43] snapdocs looks nice [15:46] mvo: About the splitting of default-provider, I think we had agreed to do that before in conversations.. we just forgot to come back into it [15:47] mvo: The issue was precisely one of practical consequences of people using it already more than it being technically important [15:47] I didn't realize it was in docs [15:47] That explains why people use it.. I thought it was just a copy & paste from terminal [15:50] kenvandine: There's a lot to do still, but it's slowly getting into shape [15:54] jdstrand: hey, this is the bugfix for the case when snapd would write to /etc directly (without a mimic) https://github.com/snapcore/snapd/compare/master...zyga:fix/trespassing?expand=1 [15:55] I'll propose a merge soon but I want to do a clean run first [15:55] ogra_: did you have a chance to verify https://bugs.launchpad.net/netplan/+bug/1741910 ? [15:55] Bug #1741910: ath6kl_sdio does not support unbinding [15:58] I need to lay down for now [15:58] mvo: ^ that is (fingers crossed) my last thing for 2.32 [16:07] mvo: https://github.com/snapcore/snapd/pull/4882#pullrequestreview-105420120 [16:07] PR #4882: snap: make `snap run` look at the system-key for security profiles [16:08] niemeyer: thanks, I will work on the splitting for content provider (cc kenvandine) [16:08] mvo, thx [16:11] zyga: I think its not only for reboot, on classic if snapd got updated and you restart the daemon its the same problem, no? [16:11] mvo: Thank you! [16:11] zyga: I mean, system-key may change even without a reboot [16:11] mvo: no because in such case snapd will regenerate the profile on core snap refresh [16:12] mvo: so before we are in the new core the profiles will be ready [16:12] mvo: this IMO strictly for core [16:12] mvo: on classic restarting snapd will complete without system reboot and the phase 2 profile generation handles that part [16:12] mvo: and then the profiles are ready and we proceed to activating the core snap revision [16:15] zyga: there is still a race here on phase 2, no? I mean, snapd gets refreshed, for some reason network-manager is restarted during that time, won't that be the same as in the reboot scenario? [16:15] mvo: that depends on one thing: if the new core is active and has the updated current symlink [16:15] if we do that after security (and AFAIR we do) [16:15] then it's not racy [16:18] jdstrand: hey, not urgent as we have thick smoke and some fires now but please enqueue this: https://github.com/snapcore/snapd/pull/4868 [16:18] PR #4868: [WIP] secure bind mount implementation for use with user mounts [16:18] jdstrand: jamesh wrote an interation of the secure mount idea [16:27] PR snapd#4886 opened: tests: adding opensuse-42.3 to google [16:31] zyga: mvo: phase2 security setup is after link-snap (it cannot be before by necessity) [16:32] pedronis: hmm, could we do that after we mount but before we rewrite current? [16:32] we can do a lot of stuff [16:32] wow, snap apps really core dump on arch with nvidia drivers [16:32] but is not trivial with the current task definition [16:32] s [16:33] it does phase1: setup-profiles link-snap restarts phase2: setup-profiles again [16:34] niemeyer: given my comment about the things doing print via io.Writer in cmd/snap, ok to merge #4858? [16:34] PR #4858: strutil, cmd/snap: drop strutil.WordWrap, first pass at replacement [16:34] Chipaca: Looking [16:34] cachio: is there anything atypical about the google machines? any strange mount options or filesystem layouts? I ask because we see strange failures in the snap-confine test [16:35] Chipaca: If we have other bad patterns, we should change them indeed, but let's please not add more of them [16:35] mvo: do you have an example? [16:35] Chipaca: Your PR doesn't need to fix all, though [16:35] Chipaca: It's trivial to do that by just making the type concrete [16:35] Chipaca: If it's memory, that is [16:35] * Chipaca changes it all to *os.File [16:35] :-D [16:36] Chipaca: Yeah, that's the point ;) [16:36] zyga, cachio these errors http://paste.ubuntu.com/p/DNWCbQRDqs/ [16:36] ah, those [16:36] niemeyer: do you also expect the code to check the returned error? [16:36] * zyga keeps trying to reproduce those [16:36] Chipaca: Not if it's bytes.Buffer [16:36] niemeyer: when it's an io.Writer [16:36] Chipaca: Passing those around with no error checking is fine [16:36] mvo, where did you see that? [16:37] Chipaca: If it's io.Writer, something is necessarily broken.. the single point of io.Writer is to allow any io.Writer, but we cannot do that and ignore errors without it being a bug [16:37] niemeyer: we fmt.Fprintf all over the place without checking error returns [16:38] niemeyer: are you saying we need to check every error returned from fmt.Fprint? [16:38] Chipaca: That's okay when you are the call site, and you know that it's okay to ignore the error [16:38] ah [16:38] Chipaca: It's not okay when that's inside a function that has no context about what the io.Writer is [16:38] niemeyer: ok, i think i understood [16:39] I guess I'll get to do the fix sometime later this week then [16:39] Chipaca: The cheapest fix for this particular case would be simply to make the type concrete [16:39] Chipaca: Since it's really all in memory AFAICS [16:40] PR snapcraft#2012 opened: pluginhandler: only do elf checking and patching for type app [16:41] niemeyer: you mean because it's going into a tabwriter? [16:42] Chipaca: Is that the io.Writer? If so, my point is moot.. [16:42] right now it is, but it could just be the terminal [16:42] Chipaca: In that case the easiest would be to just return the error from these functions.. and let the call site decide to ignore it or not [16:43] (the description cuts the tabbing anyway) [16:43] niemeyer: k [16:45] niemeyer: pedronis: also note i addressed the issues in #4790 [16:45] PR #4790: jsonutil/puritan: introducing puritan.String & etc [16:45] * Chipaca goes back to snapshots [16:46] PR snapcraft#2013 opened: tests: run tests on Trusty on Travis [16:50] PR snapd#4887 opened: snapstate: add compat mode for default-provider [16:51] niemeyer: -^ (cc kenvandine ) [16:51] niemeyer: and thank you for your input on this! [16:52] mvo: question about this pr [16:52] will this be any problem on reverts? [16:52] or is the :ifname part totally irrelevant and was never used [16:53] Chipaca: Thanks, approved, with a note [16:54] zyga: ack (i was already there) [16:55] mvo: Thanks! [16:55] mvo: LGTM [16:55] zyga: Yes, it's irrelevant [16:55] ack, +1 then [16:55] We may actually use this some day, but not today [16:55] s/i/it/ [16:56] zyga: The only reasonable thing to have there is the actual slot of the default provider.. if people put random content it may eventually stop working indeed [16:56] but not a problem we need to worry about today [16:57] hm glxinfo from inside the snap segfaults too [16:57] zyga: did you say we had an implenetation of OpenAt already? [16:57] Chipaca: we have something that's very similar in secureMkPrefix [16:58] zyga: ah, ok, then I'll leave it for later [17:00] anyone intimately familiar with glvnd? [17:02] not intimately [17:02] but I read the source of it once [17:02] but ask in #ubuntu-desktop maybe [17:03] and ask around upstream [17:03] zyga: i'm looking into why snaps segfault on arch with nvidia, apparently even glxinfo segfaults, bt points to glvnd: https://forum.snapcraft.io/t/nvidia-proprietary-driver-no-h-w-acceleration-in-chromium-and-firefox-stack-mashing-problem-also/4532/8 [17:03] a review for 4874 would be great, should be easy [17:03] PR snapd#4843 closed: interfaces/builtin: let MM change qmi device attributes [17:03] mborzecki: did you manage to get a backtrace? [17:04] mvo: doing that now [17:04] PR snapd#4876 closed: packaging: recommend "gnupg" instead of "gnupg1 | gnupg" [17:04] mvo: I tweaked spread.yaml to break if there's a snap-confine profile with some garbage in the filename [17:04] and I'm running this in a main/ loop [17:05] PR snapd#4883 closed: debian: undo snap.mount system unit removal [17:05] zyga: ta [17:07] mvo: the sanitize changes are more annoying than I thought (due to the tests)... i'm almost there [17:07] pstolowski: yeah, I feared it might be. thanks for pushing it through [17:07] mvo: amazing for 1 line fix :D [17:07] PR snapd#4888 opened: snap-confine: fallback to /lib/udev/snappy-app-dev if the core is older [17:10] * kalikiana wrapping up for today [17:11] mvo: let's keep (2.23) in the PR name if we can, some things will get confusing very quickly [17:12] zyga: temporarily disabled aslr, bt https://paste.ubuntu.com/p/TwRRRVZHYs/ strace https://paste.ubuntu.com/p/QdsZHM2rnz/ [17:16] mborzecki: can you list all the files in the nvidia and libglvnd files [17:16] er [17:16] packages [17:16] and compare that to what is visible in /var/lib/snapd/lib/gl [17:16] (as symlinks) [17:16] PR snapd#4874 closed: tests: a bunch of test fixes for s390x from looking at the autopkgtest logs [17:17] mborzecki: is it possible that libglvnd is compiled with newer libc than the snap [17:17] and that causes the incompatibility? [17:17] I long suspect this will bite us [17:17] and that we need to ship libglvnd and all the other userspace drivers in separate overlay/content snaps [17:17] zyga: well, it's possible, it's symlinked from hostfs atm [17:17] zyga: +1 [17:17] pstolowski: heh, indeed [17:17] yes, I know it is :( [17:18] mborzecki as a hack: [17:18] mborzecki: grab xenial chroot [17:18] compile libglvd [17:18] and drop it into that namespace instead of those symlinks [17:18] just libgldv [17:18] the only parts of userspace from hostfs you can use are the binary driver from nvidia [17:19] all the other parts compile on xenial chroot [17:19] if that fixes the issue we will have our answer [17:19] zyga: you guys know glvnd hasn't been working correctly with snapd forever now, right? [17:20] Pharaoh_Atem: ish, yes [17:20] Pharaoh_Atem: i didn't :P [17:20] it's been an issue in Fedora for a while [17:20] it has been working in the past to some extent [17:20] it only works with Mesa drivers [17:20] but it's a perpetual todo [17:20] well, now that it's in Ubuntu 18.04, now hopefully it'll get fixed :P [17:21] Pharaoh_Atem: this reminds me of the run towards 16.04 [17:21] I don't miss that [17:22] mborzecki: at one point or another, I've had reports on almost every single snapd update about it [17:22] but there's nothing I could do about it as I have zero nvidia hardware to debug with [17:23] I suspect it may require non-trivial work [17:25] no kidding [17:38] zyga: can someone please triage bug 1756793 so it has the right assignment and priority? Otherwise it outwardly looks like we're not on top of it [17:38] Bug #1756793: Can't run snaps on Ubuntu 18.04 [17:38] trying to snap sosreport - and stuck at it needing a file to exist: /etc/sos.conf. It needs to be a classic snap. Is there a way to have this file created? - https://github.com/sosreport/sos [17:38] popey: it's already fixed but we need new package out [17:39] popey: we debugged this earlier today [17:39] I'll update the bug report [17:39] (this should also be on the bug) [17:39] done now, I was not aware of the bug report before [17:39] I just rebooted on advice of the bug - closing down all my currently running apps - and now I've rebooted I have an unusable workstation - none of the snaps I use launch [17:41] popey: refresh to beta please [17:41] that's sufficient AFAIK [17:44] zyga: that worked. might want to let people on the bug know that's a valid workaround until the package lands. [17:45] done [17:45] Thanks [17:45] and I'm sorry, I did see this bug before [17:46] I appreciate there's like 3 threads on the forum and a bug. [17:46] Our direction from the top is to file and update bugs. So that's why I'm poking :) [17:49] PR snapd#4889 opened: cmd/snap-update-ns: don't trespass on host filesystem [17:49] mvo: I pushed and opened the trespassing PR [17:49] and I need to leave now [17:49] pedronis: do you know if there's an easy way (and if it's sane) to add an already-done task to a taskset, just to have a place to Logf() ? [17:49] my laptop is looping through all of master [17:49] er main [17:49] hopefully something will come up [17:50] Chipaca: ? [17:50] I'm not sure I even parse the question [17:52] Chipaca: what are you trying to do? [17:53] * pedronis needs to go have dinner [17:59] Need to step out for a while.. will be back later today [18:32] PR snapcraft#2014 opened: integration tests: snap tests shouldn't be arch-specific [18:33] pedronis: sorry, was preparing dinner myself =) [18:34] pedronis: my issue is that I have a list of non-fatal errors produced at the start of any of the exported snapshotstate taskset-returning public functions [18:34] and I thought I could log them [18:34] there, against the task [18:34] or I could return them all the way out to daemon and up [18:35] the latter might be easier, as it's a rather unique case, hm [18:35] Chipaca: you can return both a taskset and a error [18:35] if the caller can deal [18:35] yeah [18:36] logging them on the task is weird [18:36] they're just informative so yeah [18:36] pedronis: go have dinner :-) thanks [18:36] I'm back [18:36] ah! ok [18:36] it'll be a map[string]error, but, yeah [18:36] it's not an error in doing the thing, it's an error in listing the snapshots [18:37] which i was previously ignoring but at the sprint we decided to talk about [18:37] i mean, to alert the user about [18:38] zyga: thank oyu [18:38] zyga: once bionic is happy again I will look [18:40] PR snapd#4887 closed: snapstate: add compat mode for default-provider [18:40] PR snapd#4888 closed: snap-confine: fallback to /lib/udev/snappy-app-dev if the core is older (2.23) [18:44] PR snapcraft#2015 opened: docs: add execstack to HACKING.md's list of deb deps [18:47] PR snapcraft#2015 closed: docs: add execstack to HACKING.md's list of deb deps [18:50] PR snapcraft#2016 opened: demos: use realpath in command entry for java-hello-world [19:29] Hey stgraber, I'm kind of pushing the limits here, but I installed lxd on my rpi2 with Ubuntu Core on it, but can't get snaps to mount within a container, even with squashfuse installed. Any chance you've tried snaps in LXD on armhf? [19:29] PR snapcraft#2012 closed: pluginhandler: only do elf checking and patching for type app [19:29] kyrofa: what kernel are you using? [19:30] stgraber, 4.4.0-1030-raspi2 [19:30] is that an official ubuntu kernel? if not, you won't have unpriv fuse as that's not upstream [19:31] stgraber, I assume so, it's our reference Ubuntu Core image for the rpi [19:31] kyrofa: cat /sys/module/fuse/parameters/userns_mounts [19:31] stgraber, N [19:31] try echo "Y" into it [19:32] niemeyer: your opinion on 4882 would be great [19:32] should be Y by default on Ubuntu kernels though... it is on my 4.4.0-116-generic here (armhf) [19:32] PR snapcraft#2017 opened: many: optimize retrieval of the linker version [19:32] stgraber, ha! Works [19:32] Think that's a bug, then? [19:33] well, I don't know, that setting was changed a while back [19:33] and you're running a super outdated kernel [19:33] current 4.4.0 for raspi2 is -1085 [19:33] and you've got -1030 so you're months if not over a year out of date [19:34] ppisati, any chance you're around? [19:35] Probably not. stgraber I'll chase that one down, thanks for your help :) [19:36] kyrofa: your kernel dates back from Nov 2016 :) [19:36] kyrofa: so yeah, don't run that [19:43] kyrofa: what is snapcraft-pr? [19:43] kyrofa: and hi! :) [19:46] jdstrand, hey! snapcraft-pr is essentially a set of shell scripts that sets up a venv for a given snapcraft pull request and then runs that snapcraft. Basically, it's me automating what I have to do several times a day [19:46] kyrofa: is it useful for more than just you? you've requested classic confinement... perhaps request it formally? [19:50] jdstrand, maybe, but it's pretty developer-focused. Ideally build.snapcraft.io would just build snaps of each PR, which would probably make this tool unnecessary [19:55] kyrofa: I'm not sure how to proceed with that... I have a process I'm supposed to follow. I mean, technically I can add it, but based on this, it seems like a discussion in the forum might prompt improvements that make the snap unnecessary [19:59] jdstrand, follow your process, you can reject it without incurring my wrath === pstolowski is now known as pstolowski|afk [20:26] PR snapd#4890 opened: snap: Call SanitizePlugsSlots from InfoFromSnapYaml [20:26] mvo: ^ [20:28] re [20:28] I got /usr/lib/go-1.6/pkg/tool/linux_amd64/link: running gcc failed: fork/exec /usr/bin/gcc: cannot allocate memory [20:29] that's fun but unexpected [20:29] restarted loop [20:35] mvo: hi, so should we be on the lookout for a new core in beta soonish then? [20:38] cachio: hey, did you guys do something to spread so that it started launching i686 images on google? [20:38] how can I request amd64 ones? [20:39] cachio: https://travis-ci.org/MirServer/mir/jobs/356038699 [20:40] on beta/edge core snap channel every app tries to read /proc/sys/kernel/seccomp/actions_avail on startup which is blocked by apparmor. Is it known issue? [20:58] another thing: is it possible to permanently unplug snap form slot? After update everything is coming back to defaults [21:02] vidal72[m]: hey, yes' that is a known issue [21:02] vidal72[m]: I was planning on fixing it [21:02] vidal72[m]: but if you want to take a bite at the code, look at release/seccomp.go [21:02] vidal72[m]: and make the initialization there lazy (on first real use) [21:02] vidal72[m]: that will fix the issue [21:03] vidal72[m]: the auto-reconnect bug is fixed in edge now (and in master) [21:03] vidal72[m]: I believe pstolowski|afk can tell you more about that tomorrow [21:03] vidal72[m]: but if you build snapd from git you should no longer see that behavior [21:04] cachio: some tests are leaking "snap userd" processes [21:04] and those pile up in -reuse VMs [21:04] also plenty of dbus-daemon [21:05] specifically plenty of usr/bin/dbus-daemon --fork --print-pid 4 --print-address 6 --session [21:05] so snapd-git and core --edge are both needed? [21:06] PR snapcraft#2014 closed: integration tests: snap tests shouldn't be arch-specific [21:06] vidal72[m]: technically no, it depends if reexec is enabled [21:07] vidal72[m]: on some distributions, for instance on debian stable, snapd in the package re-exec itself from the core snap [21:07] vidal72[m]: this is not yet avialable everywhere as some strings are attached [21:07] vidal72[m]: and on arch for instance it is disabled [21:07] vidal72[m]: (in general the snapd build in the core snap must be compatible with the distribution and we still have a few compile-time choices in the C code) [21:07] vidal72[m]: if you take snapd from git you should be ok [21:08] * zyga restarted his test loop and resumes being mostly AFK [21:11] PR snapd#4816 closed: tests: move xenial i386 to google backend [21:13] Saviq, you should call it like we do https://github.com/snapcore/snapd/blob/master/spread.yaml#L54 [21:14] Saviq, take a look to that file, we are configuring the machines for google there [21:14] zygan which testS? [21:14] zyga, which testS? [21:15] cachio: ack [21:16] Saviq, fedora should be working now with the new spread [21:16] cachio: do I need to ask for a drive size or does it default to a bigger one? [21:16] Saviq, the default is 10 gb [21:17] as it was in linode [21:19] ack [21:21] * cachio afk [21:21] zyga: do we have a list of directories that are prohibited in layouts? I thought we planned to have one [21:28] pedronis: one sec [21:30] pedronis: https://github.com/snapcore/snapd/blob/master/snap/validate.go#L660 [21:30] pedronis: those places are off limits [21:30] pedronis: are you thinking about store-side validation? [21:30] zyga: no, I'm thinking about your new branch and the tmpfs check [21:30] cachio: I don't know which test, I observed this by running all of main in a -reuse loop in qemu all day [21:31] for example run is a tmpfs [21:31] pedronis: ah [21:31] but is in the prohibited list [21:31] pedronis: yes, that's safe because it's disallowed there [21:31] pedronis: as I wrote in the comment it is not perfect, ideally we'd allow only mimics and well-known places (/tmp) [21:32] oh, I see real failures in that PR [21:32] drat, I need to look at that [21:35] zyga: I have core --edge and curent snapd-git. I did snap revert , disconnected slot, snap refresh and slot is connected again [21:35] hmmm [21:35] revert does some things that can cause this to go back [21:35] revert is really "I liked previs revision better" [21:36] if you install a snap [21:36] disconnect something [21:36] and then refresh (not revet) to another revision [21:36] it should not auto-connect [21:36] s/previs/previous/ [21:37] zyga: I left a comment in the PR [21:38] thank you [21:38] zyga: I made changes after revert, not before and updated with refresh [21:39] hmm, in that case you want to talk to pstolowski|afk tomorrow [21:39] it smells like a bug [21:40] zyga: ok, thx [21:40] zyga: the fix not to re-autoconnect is still up for review [21:40] is not landed even [21:40] ohh [21:40] I see, I must have read it and assumed it is merged [21:41] vidal72[m]: ^ [21:41] vidal72[m]: you can perhaps review the code to learn more about how this works [21:41] vidal72[m]: https://github.com/snapcore/snapd/pull/4551 [21:41] PR #4551: ifacestate: do not auto-connect manually disconnected interfaces [21:42] zyga: pedronis ok, thx for info [21:44] zyga: when we talk about PR...as PR my was approved what happens next? [21:45] vidal72[m]: it will get merged [21:45] vidal72[m]: it's just that now we have a bit of a fire to put out [21:45] vidal72[m]: with bad bionic package and overdue release [21:45] vidal72[m]: and important bugs surfacing [21:45] all at the same time [21:46] zyga: ok, no pressure from me :) [21:55] zyga: do we protect about trying to mount with layout to /var/lib/snapd/hostfs [21:55] or below? [21:55] those things are mounted as slave so none of those matter [21:55] if you mount something there it won't show up in the host [21:58] still, I think it's something we could forbit explicitly [22:03] PR snapcraft#2016 closed: demos: use realpath in command entry for java-hello-world [22:07] pstolowski|afk: woah, thank you! that was a long day for you, appreciated [22:08] cwayne: new beta tomorrow, there is a bit of a discussion how to best fix this right now [22:09] mvo: ack, thanks. no rush just wanted to make sure we werent holding you guys up [22:09] cwayne: heh, thank you! === ikey is now known as ikey|zzz [22:20] cachio: ping [22:21] yes [22:22] niemeyer, the change is pushed [22:22] cachio: Thanks for that [22:22] and i386 is merged [22:22] cachio: The placeholder should remain as %q there [22:22] cachio: It's just the variable that needed changing [22:22] cachio: This is a parsing error.. %q tells us what exactly was being parsed [22:23] %s won't.. at least not clearly [22:23] niemeyer, ok, just 1 min [22:24] niemeyer, done [22:25] cachio: Thanks! [22:25] niemeyer, with this change debian-9 should be ready to be merged [22:25] cachio: I'm merging and releasing.. just a sec [22:25] niemeyer, sure [22:31] cachio: It's in, thank you! [22:32] cachio: Let me release it.. [22:32] niemeyer, great!!!! thanks for reviewing that [22:32] cachio: My pleasure, and thanks for the change. It's a nice tweak. [22:33] cachio: Travis release is up [22:35] niemeyer, great [22:35] niemeyer, re triggering jobs [23:17] cachio: Snap is up too, btw [23:43] is snapd in debian stretch usable? (2.21 version is quite dated) [23:52] jdstrand: ayt?