[05:18] morning [05:37] Hey Hey [05:38] so we have 2.32.1 [05:38] Indeed we do [05:39] The urgent fire should be out now [05:39] got a review on 4908 from jdstrand last night, think he got confused with all the arrays getting passed to sc_mkdir_and_mount_and_glob_files() [05:40] 2.32.2 could add your nvidia support [05:41] landing this, with a test, would be nice [05:41] Yes. Your test yesterday was a good start [05:43] that thing on 14.04 was a bit worrying, idk why you'd get permission denied when trying to mount tmpfs inside /var/lib/snapd/lib/vulkan [05:54] zyga: per your comment, the same flags to configure for all ubuntu variants right? [06:57] re [06:57] * zyga is done with kids & dog === mborzeck1 is now known as mborzecki [08:01] * zyga notices new systemd release in artful [08:22] btw. i've bumped aur package to 2.32.1 [08:24] mborzecki: thank you! [08:24] I will review the update to the othe PR soon [08:24] i'll be switching to ubuntu in a couple of mins to double check that things still work fine [08:32] hello [08:32] nick [08:32] hey Guest90825 [08:32] * zyga updated https://github.com/snapcore/snapd/releases/tag/2.32.1 [08:32] mborzecki: thanks [08:34] hellp [08:34] ? [08:34] CN_vic: how can we help you? [08:34] 哈哈 [08:35] no [08:35] thanks [08:35] bye [08:40] pstolowski: I did another pass over interface hooks, as I noted we are not very consistent with returning xxxRef types wrt pointer or not, not here, but a follow up should clean that up I think [08:41] pedronis: thank you, yes i just saw your comments. will address in a followup, thanks again [08:47] hmm [08:47] did anyone see [08:47] 2018-03-27 08:21:40 Cannot allocate google:ubuntu-14.04-64: cannot perform Google request: Get https://www.googleapis.com//compute/v1/projects/computeengine/zones: oauth2: cannot fetch token: Post https://accounts.google.com/o/oauth2/token: net/http: TLS handshake timeout [08:48] zyga: retry? [08:50] greyback: can you please merge master into 4545 [08:51] zyga: ack, on it [08:51] greyback: and please run go fmt [08:51] x11.go is off [08:53] greyback: you also have small comment on 4932 [08:54] yep, saw that [08:58] https://github.com/snapcore/snapd/pull/4920 needs a 2nd review [08:58] PR #4920: timeutil: in Human, count days with fingers [08:58] perhaps mborzecki-ubuntu or pstolowski [08:58] popey: ping [08:58] pstolowski: what's the plan on https://github.com/snapcore/snapd/pull/4917 ? [08:58] PR #4917: repo: added repo ConnectionsInfo method (for the new snap connections API) [09:00] om26er: pong! [09:00] popey: new Android Studio is out, could you please merge this PR https://github.com/snapcrafters/android-studio/pull/17 [09:00] PR snapcrafters/android-studio#17: Release version 3.1.0.16 [09:01] om26er: on it! [09:01] also kindly provide input on https://github.com/snapcrafters/sublime-text/pull/8 [09:01] PR snapcrafters/sublime-text#8: Remove '3' from snap name [09:02] heh, I already viewed 4920 but didn't click 'submit review' [09:02] popey: ^ [09:02] it'd be useful if github had a notification or sth that you have unfinished reviews [09:02] hehe, that one again. okay! [09:03] popey: I have added my input on that one, I consulted the upstream as well. [09:03] ok, will take a look. [09:03] #4931 needs a second review [09:03] PR #4931: configcore: give a chance to immediately recompute the next refresh time when schedules are set [09:03] zyga: i'll address your comments soon, not sure about PlugInfo/SlotInfo vs refs suggestion [09:04] sure, it was just a suggestion [09:07] mborzecki-ubuntu: #4571 needs to be closed? [09:07] PR #4571: data, cmd, packaging: use autotools to generate artifacts under data [09:07] pedronis: i'll close it [09:08] zyga: seems we have quite a few interface PRs in need changes since a while [09:08] pedronis: yeah, I'm looking at PRs now [09:08] I hope to garden somse [09:08] PR snapd#4571 closed: data, cmd, packaging: use autotools to generate artifacts under data [09:11] We hit some timeouts on pulling snaps from the store [09:11] Fetching pc-kernel ... [09:14] zyga: 4545 has master merged, gofmt was happy wiht x11.go for me? 4932 has comment addressed [09:14] if 4908 fails again i should probably use this as an occasion to merge master :/ [09:15] thank you, it's looking good [09:18] PR snapd#4940 opened: RFC: added UDevMonitor for future hotplug support [09:50] PR snapd#4941 opened: vendor: update gopkg.in/yaml.v2 to the latest version [09:57] pstolowski: reviewed 4940 [09:59] zyga: thanks! [10:02] zyga: 4923 needs de-conflicting [10:02] pstolowski: it needs investigation what to do, it was just a test PR [10:03] I will close it for now [10:03] ack [10:03] PR snapd#4923 closed: spread.yaml: look for signs of //deleted mounts [10:04] zyga: pushed a fix for autogen in 4908 [10:09] mborzecki-ubuntu: can you do the master dance with https://github.com/snapcore/snapd/pull/4875 please [10:09] PR #4875: cmd/snap-confine: fix ptrace rule with snap-confine peer [10:09] it should be green now [10:23] zyga: it can be closed now, 2.32 was merged back to master, and this change was part of 2.32 already [10:26] PR snapd#4875 closed: cmd/snap-confine: fix ptrace rule with snap-confine peer [11:12] mborzecki: sorry, I'm slow todat [11:12] zyga: hm? [11:12] can you please walk me through 4844 [11:15] https://www.irccloud.com/pastebin/okBoncVR/ [11:15] pedronis: is the store experiencing any issues? [11:16] not particularly at this moment [11:16] there were some issues with downloads, not sure if they were fully resolved [11:17] zyga: I also need to review 4844 [11:20] mborzecki: you have feedback from jdstrand on https://github.com/snapcore/snapd/pull/4509 [11:20] PR #4509: interfaces/builtin: add support for software-watchdog interface [11:21] ikey: hey [11:21] ikey: long time no talk (or see) [11:21] I'm going through various PRs and I noticed there's some feedback on https://github.com/snapcore/snapd/pull/4538 (steam support) [11:21] PR #4538: interfaces/builtin: Add new steam-support interface [11:22] is this waiting on updates from you? [11:24] zyga, yes, just not a good time at the moment sorry [11:26] greyback: I added one more idea to your x11 PR [11:26] greyback: have a look and tell me if I'm nuts [11:26] ikey: that's all right, I just wanted to catch up [11:26] ikey: how are you doing? [11:26] not good, hence not good time. sorry. you? === pstolowski is now known as pstolowski|lunch [11:28] ikey: I would say never better but that's not true [11:28] ikey: but it's been worse too so that's a charm :) [11:29] handy when you've an upside :] [11:41] pedronis: more core download issues [11:41] pedronis: I restarted the affected tests [11:42] zyga: yea, I think there are still download issues [11:43] + tar -C/ -xf /home/gopath/src/github.com/snapcore/snapd/snapd-state.tar.gz [11:43] tar: /home/gopath/src/github.com/snapcore/snapd/snapd-state.tar.gz: Cannot open: No such file or directory [11:47] I wonder what could cause the spotify snap on opensuse not to support high-dpi while the same snap works on ubuntu 17.10 [11:47] maybe distro patches missing somewhere? [11:47] but unlikely since all of opensuse works ok [11:49] PR snapd#4942 opened: cmd/snap: user session application autostart v3 [11:55] off to pick up my daughter from school, bb for standup [11:56] Caelum: I updated my review of your package updates [12:24] mborzecki (cc zyga): I did get confused initially, but then mentioned in 'Update:' what you could do. however, the refactor is good enough for me [12:28] I’m afk for now [12:40] jdstrand: thanks for the review :) [12:49] PR snapd#4871 closed: cmd/snap-confine: fix Archlinux compatibility [12:53] mborzecki: np, thanks for working on it! [12:55] PR snapd#4943 opened: tests: adding debian sid to google backend === pstolowski|lunch is now known as pstolowski [13:01] standup time [13:08] * kalikiana going for half a lunch break [13:14] error: cannot install "core": cannot query the store for updates: got [13:14] unexpected HTTP status code 404 via POST to [13:14] "https://api.snapcraft.io/v2/snaps/refresh" [13:14] pedronis: ^ that's unexpected, right? [13:14] zyga: where? [13:14] that's my PR, yes it's expected until I rerun the tests [13:15] https://travis-ci.org/snapcore/snapd/builds/356519762?utm_source=github_status&utm_medium=notification [13:15] yeah [13:15] ok [13:21] jdstrand: I think https://github.com/snapcore/snapd/pull/4932 is ready now and your feedback is applied [13:21] PR #4932: interfaces/content: add rule so slot can access writable files at plug's mountpoint [13:26] niemeyer: I labeled all those branches critical [13:27] https://github.com/snapcore/snapd/pull/4844 made me realise we have overloaded the term system key [13:27] PR #4844: overlord/snapstate: allow core defaults configuration via 'system' key [13:27] zyga: yeah, it's a 'nickname' [13:28] zyga: as agreed during the sprint ;), '$core' was another candidate [13:29] zyga: master already has some bits for making `snap set system foo.bar=baz` and `snap get system` work [13:30] mborzecki: I was thinking about code clarity and added https://github.com/snapcore/snapd/pull/4908/files#r177422132 (not a blocker) [13:30] PR #4908: [RFC] cmd/snap-confine: attempt to detect if multiarch host uses arch triplets [13:31] hey jdstrand, how are you doing? :-) [13:31] mborzecki: yeah, that's fine, I just found it funny [13:32] jdstrand: thanks, i can push it in a while, this part is tricky so comments are obviously helpful [13:32] zyga: jdstrand should I make PR with patch proposed in https://forum.snapcraft.io/t/apparmor-issues-with-default-install-dir/4568/2 [13:32] zyga: hey, pretty good. how are you? [13:32] mborzecki: thanks [13:34] zyga: re 4932> done [13:36] vidal72[m]: oh, I thought you were in the process of that. if you are so inclined, sure, if not, I can. [13:36] jdstrand: thank you (for both); I'm feeling a bit uneasy with my back lately but long walks with the dog make it go away [13:37] vidal72[m]: also, I liked '@{INSTALL_DIR}="{/snap,/var/lib/snapd/snap}"' cause I felt it was slightly clearer in this case, but both yours and mine are equivalent policy-wise [13:37] zyga: I recheck that error will go away if I rerun the tests, but that branch needs a merge from master and I would prefer to wait a bit for feedback on the prereqs [13:37] zyga: if you don't already, you might consider a standing desk [13:38] I found it helped me a lot. bonus points if you add an under-the-desk treadmill [13:38] jdstrand: oh, I have, it's planned already [13:38] nice [13:38] jdstrand: once we save some money we plan to transform a tarrace into my office, make it habitable all year and put a standing desk there [13:39] that will also move me out of the living room :) [13:39] heh, nice [13:39] that's for spring next year though [13:39] for now, it's the walks :) [13:40] zyga: it's really just about not sitting for long periods all day, so yeah, a dog walk works for that perfectly :) [13:41] yeah, I agree [13:41] plus, he's very happy not to be in a shelter anymore :) [13:48] :) [13:55] PR snapd#4944 opened: interfaces: add /var/lib/snapd/snap to @{INSTALL_DIR} [14:27] PR snapcraft#2036 opened: errors: remove stack data when sending to sentry [14:32] kalikiana: https://forum.snapcraft.io/t/support-for-passthrough-into-snap-yaml/4698 [14:33] Issue snapcraft#2037 opened: core refresh in container build breaks build [14:35] cachio: I reviewed https://github.com/snapcore/snapd/pull/4721#pullrequestreview-107307595 and have one suggestion but let's please do it in a follow-up [14:35] PR #4721: tests: update interface tests to remove extra checks and normalize tests [14:37] niemeyer: Awesome +1 [14:38] pstolowski: did you see the ping on the forum? [14:38] zyga: yes. looking into the code and where it comes from [14:38] it's an un-handled ErrNoState [14:40] hello, I am getting Built, failed to release [14:40] is there any way to debug why? [14:40] there are no errors in logs [14:40] petan: can you please provide some more information/ [14:40] https://build.snapcraft.io/user/huggle/huggle3-qt-lx/176724 [14:40] that's the build log [14:41] it doesn't say anything else than Build failed to release [14:42] btw I managed to build the .snap file using snapcraft on my own PC without any issues [14:42] zyga: yes i see that [14:42] kalikiana: ^ [14:43] kalikiana: is that when the store for whatever reason fails to release a snap to a channel? [14:43] petan: it feels like a store side fluke [14:43] petan: but please talk to kalikiana about it [14:43] pstolowski: I think we want to check the state from evan [14:43] hmm so solution is to wait and try to click rebuild later? [14:44] pstolowski: to see if this is broken state [14:44] petan: as I said, I don't know fully, please wait for a response from kalikiana or sergiusens who know this part better [14:44] ok [14:44] pstolowski: or correct state and broken code [14:44] pstolowski: unless you find some obviously broken piece of code somewhere [14:45] zyga: yes, i was going to suggest that. note, this error is actually not fatal, just logged, i'm not sure what's the reasoning behind that logic [14:48] zyga: petan Hmmm the build seems fine indeed. [14:48] zyga: that looks more like a store issue, roadmr ^ [14:49] pstolowski: dunno, but it looks fundamental and we need to get to the bottom of it [14:49] sergiusens, zyga : yes, we're looking at intermittent upload/download issues [14:49] zyga: sure [14:49] pstolowski: if you see ev, can you ask him about state.json please [14:49] zyga: I did via the forum [14:49] * zyga -> dinner [14:50] pedronis: #4931 reviewed.. I suggested a simpler and more general approach there [14:50] PR #4931: configcore: give a chance to immediately recompute the next refresh time when schedules are set [14:50] pedronis: LGTM if you're happy with that as well [14:52] pstolowski: hi! fyi, my comments in https://forum.snapcraft.io/t/please-help-testing-2-32-in-beta/4696/7 [14:53] jdstrand: yep, saw that, thanks! did you ever have dotnet-sdk installed? [14:53] pstolowski: yes (I just updated my comment to say that) [14:53] I don't recall when though... [14:54] jdstrand: can you send me your state?.json? [14:54] sure [14:54] pstolowski: should I stop snapd before sending it? [14:54] jdstrand: yes [14:58] Bug #1759294 opened: Please display confinement level information in 'snap info' command output [15:00] pstolowski: emailed [15:01] zyga, sure I'll take a look now [15:02] niemeyer: so doing it even on errors? [15:02] for any config change [15:13] pedronis: Yeah [15:13] ok [15:14] pedronis: Shouldn't be a problem, and it's a pretty rare and manual event.. much easier for us to reason about [15:16] cachio: thank you for doing that PR, it's pretty big! [15:18] woah [15:18] jdstrand: do you see the dotnet-sdk snap in snap interfaces anywhere? [15:19] zyga: no [15:19] this is very interesting and odd [15:19] pstolowski: let me know what you find out [15:21] PR snapcraft#2038 opened: Add an option for setting npm flags option [15:23] petan, hey, were you asking about the huggle snap? [15:23] yes, it builds but doesn't release now, it always worked [15:23] https://build.snapcraft.io/user/huggle/huggle3-qt-lx/176724 [15:23] petan, we are having some issues with our snap storage access that is being worked on, and that caused the review of your revision 640 to be stuck. I unstucked it and now the rest of the revisions are being processed, see https://dashboard.snapcraft.io/snaps/huggle/ [15:24] ok thanks [15:24] petan, you may need to go to dashboard and release the revisions manually [15:25] thank you nessita ! [15:25] zyga, \o/ [15:32] zyga: ok, so the problem is we have 4 stray connections for a removed snap in the state; these were auto-connections from the snap to core, so we consider that snap affected by core upgrade. now i need to find out why we didn't remove these connections when snap was removed [15:32] niemeyer: ^ [15:33] pstolowski: that's nice [15:34] I wonder if those were super old and were always there (but nobody noticed the error or the error did not surface) or it this is something we recently broke [15:37] Bug #1759294 changed: Please display confinement level information in 'snap info' command output [15:40] niemeyer: this made me think something, we should really call EnsureBefore after we have committed the transaction, which is outside this package [15:48] zyga, it is a big change the add -i interface in all the "snap interfaces" [15:48] zyga, is it ok if I do it in another PR [15:48] I also agree it is more robust [15:49] zyga, but I need to update 90 different places [15:52] when does snapd 2.31.2 leave -proposed on stable Ubuntu releases ? [15:59] mvo, zyga, hi, WRT 'nobody' user for snaps, was the idea we discussed at the sprint agreed upon? [16:01] pedronis: +1 [16:02] cachio: Yes, lets do it in a new PR [16:03] Ackk, I forgot what the agreement was, was it to ship a user with snapd or do something else? [16:09] zyga, yeah I think it was that snapd would create a "snaps-nobody" user that is used to remap the nobody user [16:09] zyga, (or whatever username is decided) [16:09] zyga, we really just need a non-root user [16:11] Ackk remap how? [16:11] Remember [16:12] Remember that etc passwd is from the host today, right? [16:15] zyga: see my latest answer to the stray connections bug [16:16] in the forum [16:16] pstolowski: looking [16:17] zyga, doesn't snapd remap uids? [16:18] Ackk, no we don’t do that [16:18] pstolowski: is there anything we can add to snapd to fix people with broken state [16:19] zyga, ah I see. anyway, that doesn't really matter, I just seemed to remember you talked about user mapping [16:19] zyga, you guys, not you specifically :) [16:19] Sorry, my memory is rusty. I need to review the notes from that week [16:20] Yam [16:20] zyga: yes, I think we need to remove these stray connections in InterfaceManager::initialize [16:21] zyga: does that sound sensible? [16:21] Okay! Let's do some more reviews.. [16:22] Hmmm, I think so but what is a stray connection? One without one or the other snap? [16:23] zyga: yes [16:30] zyga: ok, I think i know why we didn't see that before [16:30] adding one more comment [16:30] pstolowski: I think there's a deeper bug in refresh code in interfaces [16:30] mborzecki, when you have some time coiuld you please take a look to #4721 [16:30] PR #4721: tests: update interface tests to remove extra checks and normalize tests [16:31] oh [16:31] * zyga waits for your new comment [16:31] pstolowski: some code should not reach the state where it got ErrNoState [16:31] pstolowski: probably our reconnect code is buggy tyhere [16:34] * kalikiana wrapping up for the day [16:39] zyga: commented [16:40] right [16:40] thanks, I'm looking forward to the PR [16:40] zyga: yep, working on it, besides fixing reloadConnection I'll also add this cleanup on startup, wdyt? [16:41] pstolowski: skip the cleanup for now [16:41] zyga: ok [16:41] pstolowski: let me think about that some more [16:41] or propose it separatel [16:41] y [16:45] zyga: the cleanup could actually happen in reloadConnection, almost for free - Connect fails only if either plug or slot is missing [16:45] let's be conservative for now, this can be cherry picked into the release [16:45] we can always clean it up later [16:45] ok [17:07] pedronis, niemeyer: can you please ack 4941 [17:17] I wrote a post in forum. This raises my eyebrows https://forum.snapcraft.io/t/bogus-apps-in-store/4703 [17:17] #4941 [17:17] PR #4941: vendor: update gopkg.in/yaml.v2 to the latest version [17:17] Thank you! [17:19] zyga: Tests pass, previously discussed in the meeting, and not much to review.. I've just merged [17:19] thanks, I just wanted to ack this [17:19] zyga: Thanks for doing so [17:20] PR snapd#4941 closed: vendor: update gopkg.in/yaml.v2 to the latest version [17:20] pedronis: I'm getting to the end of #4900 btw [17:20] PR #4900: many: use the new install/refresh API by switching snapstate to use store.InstallRefresh [17:20] vidal72[m]: You got a response there [17:21] niemeyer: well, for part of the post [17:21] probably the less important part, though :) [17:23] hmmm, I get this on a clean tree [17:23] https://www.irccloud.com/pastebin/WAMjnnmK/ [17:23] so if I publish with invalid license it can stay this way forever? Nobody verify, nobody care? [17:23] is my govendor foo not great or is there a real problem? [17:24] nacc: Yes, there are about 10 questions on that post.. :) I've answered a few more of them [17:24] PR snapd#4945 opened: vendor: update gopkg.in/yaml.v2 to the latest version [17:24] niemeyer: heh [17:25] vidal72[m]: Please ask any other questions there so we can have a single conversation [17:25] nacc: Feel free to participate as well [17:25] nacc: Assuming you have points other than "heh", of course [17:26] niemeyer: sure [17:26] niemeyer: ok [17:27] PR snapd#4946 opened: Ignore bad connections in reloadConnections, don't surface them outsi… [17:27] zyga: ^ [17:29] niemeyer: fwiw, that one contains everything, it has prereqs [17:29] pstolowski: That PR title looks quite broken [17:30] pedronis: Too late :) [17:30] niemeyer: ah, sorry, fixed [17:30] pedronis: For the best I suppose, in this case [17:32] it's quite large (though more than half is tests) [17:33] roadmr: hi! not at all urgent, but can you pull in r1016 of CRT? (just another override) [17:35] pstolowski: reviewed [17:35] small change requested [17:35] let me know if you think this is okay or if it turns out bigger than small [17:42] zyga: notice that reconnect on refresh doesn't exist in master, it's a new thing in the interace hooks branch [17:42] * cachio afk [17:45] pedronis: hmmm, but we do reload connections on upgrade [17:45] otherwise people on beta would not hit this case, no? [17:45] zyga: reloading connections, and reconnect are two different things [17:45] we always been reloading connections [17:45] afaik [17:48] zyga: Connect() can fail only if either: plug or slot is missing, or interfaces on them don't match. we need to ignore both these cases and not add to affectedSnaps. the error message that people reported will not be visible anymore, we will only log to the logger [17:50] zyga: changing error reporting in Connect will affect ifacestate and api tests, so not exactly a small change [17:51] no, the error on interface mismatch is one thing [17:51] but when something is just *gone* that's the error we don't want to show [17:51] pedronis: Review is out [17:58] niemeyer: thanks, this was the big one so you covered also the prereqs. (4896, 4772 and 4771) [17:59] niemeyer: #4873 is for delaying registration [17:59] PR #4873: many: delay classic registration until first store interaction [18:00] quit [18:00] pedronis: Looking [18:19] zyga: how about this: https://pastebin.ubuntu.com/p/YyrYQY8FBw/ ? [18:19] pedronis: Okay, I think I can grasp it [18:19] pedronis: Do you have some time for a short call? [18:19] pedronis: About the PR [18:20] niemeyer: yes [18:25] pedronis: Okay, let's hop onto snappy-devel [18:26] niemeyer: I'm there [18:49] niemeyer, do you have any time today to meet about architectures? [18:51] zyga: i've pushed the above change to the PR, eod === pstolowski is now known as pstolowski|afk [18:55] jdstrand: sure, 1016 going in the queue \o/ [18:55] thanks! :) [19:19] kyrofa: In a call for the last hour.. tomorrow might be easier if it works for you [19:20] niemeyer, sergiusens will be on vacation after today, but I can be there [19:32] PR snapcraft#2036 closed: errors: remove stack data when sending to sentry [19:32] stokachu: did you update lxd to work around the environment scrubbing issue (ie, the not being able to find liblxc.so.1)? [19:32] stokachu: nm [19:33] stgraber: hey, did you update lxd to work around the environment scrubbing issue (ie, the not being able to find liblxc.so.1)? [19:35] stgraber: I'm trying to reproduce. I thought all I needed was an upstream kernel with apparmor enabled, but maybe I am misremembering [19:46] jdstrand: we might have accidentally worked around it [19:46] jdstrand: let me check [19:46] jdstrand: yeah, we did, we had to set LD_LIBRARY_PATH for zfs to be happy in some cases, so that's effectively masking the bug you're looking at [19:47] jdstrand: "snap run --shell lxd" and then running "aa-exec -p unconfined" should let you reproduce it though [19:51] stgraber: that would explain it [19:52] I'm wondering how important this is to fix in snapd then [19:52] I filed the apparmomr bug so we'll get a fix eventually [19:52] that'd still break all classic snaps though wouldn't it? [19:53] classic snaps on distros with similarly lacking apparmor support that is [19:53] as the same profile as LXD would be used and LD_LIBRARY_PATH would get stripped as a result [19:54] whether that'd break such a snap is another matter though, a lot of them may be fine not using any of the core snap's libs? [19:54] stgraber: classic snaps have all kinds of weirdness with their libs and don't set LD_LIBRARY_PATH [19:55] we've also not seen any reports against them [19:57] ok, anyway, yes, for LXD this isn't a problem anymore because we always consider whatever snap-confine sets to be bad and override it ourselves in our wrappers [19:57] stgraber: so, what I was thinking was that I'd have a lxd-support specific fix in snapd while we wait for the kernel to be fixed [19:57] but if you don't care any more... [19:59] we can probably wait for the kernel fix, we're only likely to run into this again if we add a new command and forget about it, which is somewhat likely but also a pretty quick workaround to put in place on our side once someone reports it [20:01] stgraber: I don't mind looking at an lxd-support fix for at least a little bit, but trying to find the correct aa-exec -p unconfined -- ??? invocation to demonstrate the issue [20:02] I "think" the reproducer on Sergio's system was: [20:02] snap exec --shell lxd [20:02] export LD_LIBRARY_PATH=foo [20:02] aa-exec -p unconfined bash [20:02] echo ${LD_LIBRARY_PATH} [20:02] which would then show up empty rather than containing "foo" [20:03] stgraber: sure, I know about that part (that is in the bug I filed and have all the reproducer's etc) [20:03] stgraber: but I'm looking for the liblxc issue specifically [20:05] ok, the liblxc issue is because prior to us always setting LD_LIBRARY_PATH ourselves, we'd rely on snap-confine doing that for us, so it looked like 1) user runs "lxd init" 2) calls snap-confine which sets LD_LIBRARY_PATH 3) The wrappers/commands/lxd is execed 4) Script re-execs itself through aa-exec -p unconfined loosing its LD_LIBRARY_PATH 5) Script exec bin/lxd which is linked against liblxc, causing [20:05] loader error due to missing library [20:07] fyi, snap-confine doesn't do anything with LD_LIBRARY_PATH [20:07] alright, I'll keep playing with it [20:08] oh, then whatever sets it :) the snap binary itself I guess? [20:09] it's a weird call stack, but it is snapenv.go that keep sit from getting stripped when going through setuid snap-confine [20:09] anyhoo, I'll look at this a bit, but may end up moving to something else [20:11] oh, I could install an affected revision [20:12] stgraber: was the change in lxd-pkg-snap.git or lxd.git? [20:12] jdstrand: it was in lxd-pkg-snap, when we started including multiple zfs versions [20:13] db211759 [20:13] ok, cool [20:13] jdstrand: http://paste.ubuntu.com/p/s4gMQvB9dx/ [20:13] jdstrand: applying that and then building the snap should give you a build that'll have the issue when running "lxd init" [20:14] right [20:14] cool, thanks! [20:22] Hmmm [20:22] On a phone [20:23] Ld library path is reset because of at secure [20:23] stgraber: fyi, the 2.0 channel is still affected: [20:23] $ sudo /snap/bin/lxd init [20:23] lxd: error while loading shared libraries: liblxc.so.1: cannot open shared object file: No such file or directory [20:23] But we have a system where certain variables are saved and restored as Snappy prefix $varname [20:23] zyga: that isn't the issue [20:24] Oh sorry just noticed notification from my phone [20:24] jdstrand: oh, that'd make sense since we haven't done the multi-zfs version trick there yet [20:24] jdstrand: well, that makes it easier to test :) [20:24] zyga: it is related to at secure of course, but the bug is this: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1759346 [20:24] Bug #1759346: ix scrubs environment when it shouldn't [20:25] stgraber: indeed [20:25] Looking [20:25] stgraber: it also means you can workaround it easy enough in the 2.0 packaging [20:26] I see [20:26] Still we have a system where snap run and snap exec cooperate and can save restore environment [20:26] jdstrand: yeah, got to update a whole bunch of stuff in 2.0, haven't done too much of it given our tiny snap user base for it vs deb [20:27] * jdstrand nods [20:29] zyga: yep [20:31] zyga: I updated my two PRs, will look at package issues later tonight [20:32] Thank you! [20:32] zyga: I don't know why you saw snap-repair, because I definitely remove those, you may have been looking at an older revision [20:33] Oh [20:33] Perhaps, I will check out and see tomorrow [20:33] Did you get Spotify to open browser links [20:33] no let me try that [20:34] That requires the service files [20:36] yeah it doesn't work [20:37] firefox opened a second spotify and didn't open the track [20:40] zyga: note that the issue happens after the snap run/snap env business. ie, LD_LIBRARY_PATH is preserved. The act of running aa-exec, which has ix, strips LD_LIBRARY_PATH such that the thing it execs doesn't see it [20:41] I see jdstrand [20:41] zyga: also, this is *only* partial apparmor support which gets the '/** pix,' rule [20:41] which applies to aa-exec [20:41] anyway. thinking through how to fix it. I have ideas [20:41] Do we need a user space workaround [20:42] I'm thinking about a snapd change to partial policy [20:42] Ok [20:42] really, we need the kernel fixed, and it will be [20:44] it is possibly a documentation change only [21:12] PR snapcraft#2039 opened: Release changelog for 2.40.1 [21:13] PR snapd#4945 closed: vendor: update gopkg.in/yaml.v2 to the latest version [23:22] kyrofa: sigh, sergiusens mentioned they had used the git-ubuntu.self-test, but it looks like maybe it's busted again -- (our CI flagged it, it passed on one run that was using 2.39.3+really2.35 (https://jenkins.ubuntu.com/server/job/git-ubuntu-ci/345/consoleFull) and failed one that used 2.40 (https://jenkins.ubuntu.com/server/job/git-ubuntu-ci/349/consoleFull). The former branch had the latter as an [23:22] ancestor, so it implies not a ocding error (and neither touches the gpgv paths) [23:51] kyrofa: hrm, now i had a job succeed with 2.40 [23:51] ... that's not great either