[05:02] <mborzecki> morning
[05:29] <mup> PR snapd#5177 closed: interfaces/builtin: allow access to libGLESv* too for opengl interface <Created by morphis> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5177>
[05:29] <mup> PR snapd#5180 closed: tests/main/snap-service-timer: account for service timer being in the 'running' state <Simple> <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5180>
[05:34] <mup> PR snapd#4497 closed: many: make rebooting of core on refresh immediate, refactor logic around it <Created by pedronis> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/4497>
[05:34] <mvo> 5181 looks like an easy win if someone wants to do a quick review
[05:36] <mup> PR snapd#5181 closed: userd: add the "snap" scheme to the whitelist <Simple> <Created by oSoMoN> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/5181>
[05:37] <mvo> yay, down to 25 PRs
[05:37]  * mvo hugs mborzecki 
[05:37] <mborzecki> yup
[05:40] <mborzecki> wonder if we should have a `snap timers` command, or include some information in the output of `snap services` that some services are timer activated
[06:24] <jamesh> mvo: hi.  I was wondering if you could help me in registering another snap package for use in some snapd spread tests
[06:26] <jamesh> mvo: this is to test some interfaces for evolution-data-server's contacts and calendar APIs: so it needs a binary client.
[06:26] <mvo> jamesh: sure, I just need a (possible empty) snap and I can do this
[06:28] <jamesh> mvo: I've got a 13 MB test-snapd-eds_0.1_amd64.snap.  Let me see if I can upload it somewhere
[06:29] <jamesh> mvo: or can you just register the name and add me as a collaborator?
[06:33] <mvo> jamesh: I can register the name but canont add people before there is a snap. its a store thing
[06:34] <wgrant> mvo: That changed a couple of weeks back. You can add collaborators from registration now.
[06:34] <mvo> wgrant: oh, cool
[06:35] <mvo> jamesh: I can add you without a snap now, thanks to wgrant for this tip
[06:36] <jamesh> okay.  Well the snap is currently "test-snapd-eds" -- I used a single test snap for both calendar and contacts, since they share much of the client code
[06:36] <mvo> jamesh: you should have access now
[06:37] <jamesh> just as I finish uploading it to https://people.canonical.com/~jamesh/test-snapd-eds_0.1_amd64.snap :)
[06:38] <mvo> jamesh: heh, sorry
[06:38] <mborzecki> mvo: is there a need to have all *.deb and all *.a files in the all snap image for tests?
[06:38] <jamesh> no problem.  Blame my slow ADSL :)
[06:39] <jamesh> I might actually get something faster this year, assuming the NBN rollout doesn't get delayed again
[06:39] <mvo> mborzecki: probably not, this is the integraton test?
[06:39] <mborzecki> mvo: yes in ubuntu-core prepare in  #5134
[06:40] <mup> PR #5134: Shrink image generated with snap prepare <Created by kubiko> <https://github.com/snapcore/snapd/pull/5134>
[06:40] <mvo> jamesh: nice, how much do you have now and how much will you get (if I may ask)?
[06:41] <mvo> mborzecki: hm, hm, lets kill it. is that triggering the space problem?
[06:42] <mborzecki> mvo: yeah, the built image is running out of space, and we seem to take 60-80MB of space just with the archives and debs
[06:43] <jamesh> mvo: On ADSL currently, I've got about 7.6 Mb/s down, 0.9 up.  NBN could potentially go as high as 100/40 (but probably won't hit that in practice)
[06:44] <mvo> jamesh: nice improvement!
[06:52] <mborzecki> jamesh: that's nice! is it expensive?
[06:53] <mborzecki> mvo: so the image is ~400MB, data partition is 346MB, once it's built we have 80MB left, /home/gopath (all of it is copied in prepare) is ~125MB
[06:53] <jamesh> mborzecki: haven't actually looked at the pricing, since it has seemed so far off.  There are a number of speed tiers for the NBN ranging from 12/1 up to 100/40.  So I'll probably be constrained by price rather than technology
[06:55] <jamesh> mborzecki: looks like my current ISP is offering AU$70/month for the 12 Mb/s plan, going up to AU$100 for 100 Mb/s
[06:55] <mborzecki> jamesh: i have some shitty adsl here, it's a bit outside of the city and i'm bit far from the concentrator, paying for 20mbps, actually getting ~12-13mbps, upside is it really costs pennies, ~9eur/month
[06:56] <mborzecki> jamesh: for comparison, if i were in the city, fiber 100/50 is ~10eur
[06:58] <jamesh> mborzecki: my current ADSL is $80/month for unlimited data (roughly what the 50MB/s NBN plan costs).  That's a "naked DSL" plan, so there is no line rental on top of that (which would usually be ~ $25/month)
[06:59] <jamesh> actually, looks like I'm on a grandfathered plan at $70/month
[06:59] <jamesh> anyway: a lot more than what you're paying :)
[06:59] <mborzecki> jamesh: yeah
[07:03] <pstolowski> morning
[07:04] <jamesh> mvo: Okay, I've an amd64 version of the snap uploaded and requested manual review.  Thank you for your help.
[07:05] <pstolowski> zyga, i understood the problem you have on your box, i'm starting working on a fix
[07:07] <mvo> jamesh: it is in but you should talk to jamie to ensure the review-tools gets updated
[07:09] <pstolowski> mvo: hey, i needed to try to reproduce an issue with an older revision of edge yesterday, but apparently i'm not allowed to specify --revision for core unless i'm in the core snap dev group. i think i don't need older edge anymore (the bug is present in current one as well), but perhaps it may be useful in the future
[07:10] <pstolowski> mvo: can you add me to the core devs?
[07:12] <mvo> pstolowski: if you need it to reproduce I'm happy to add you, otherwise I prefer to keep the list as small as possible
[07:13] <pstolowski> mvo: i see, fair enough
[07:14] <pstolowski> mvo: i don't think reproducing this particular problem is important anymore, i understand it now
[07:14] <pstolowski> mvo: it's more about future cases like this
[07:16] <pstolowski> mvo: so i guess i'm fine if it's on case-by-case basis as need arises in the future, and can be temporary membership
[07:16] <mvo> pstolowski: thank you
[07:16] <mvo> pstolowski: that sounds reasonable
[07:16] <pstolowski> great
[07:18] <mup> PR snapd#5182 opened: snapstate/hooks: reorder autoconnect and reconnect hooks <Created by stolowski> <https://github.com/snapcore/snapd/pull/5182>
[07:19] <mborzecki> mvo: heh, ok, so the amount of free space is probably some factor of the amount of data in the system partition, with ondra's change, that size has shrunk, so there is less free space and the whole image is ~60% of the old size, https://paste.ubuntu.com/p/ghdFfrT9yJ/
[07:20] <jamesh> mvo: I think I just have to live with the manual review until the new interfaces get merged to snapd: the review tools are driven off the current snapd version
[07:20] <mvo> jamesh: ok
[07:21] <mvo> mborzecki: oh, woah
[07:23] <mborzecki> mvo: well, it'd be nice if there was a way to pass desired amount of free space in the image
[07:24] <mvo> mborzecki: don't we calc the image size during the tests? or does our code have no control over that? (pardon my ignorance, I don't remember without looking to the test scripts)
[07:25] <mborzecki> mvo: we don't
[07:26] <mborzecki> mvo: well, for sure we don't need go *.a files and *.debs, this will save enough space, then we can think of hardcoding the image size or asking ubuntu-image guys how to force some amount of free space
[07:27] <mvo> mborzecki: hrm, hrm, I'm sure I miss something. the writable partition should be big. or are using something else here?
[07:27] <mvo> mborzecki: yeah, this all sounds dubious, iirc ubuntu-image has some code that calculates some free space area but there is iirc an option to override (and again, I think I miss something)
[07:33] <mborzecki> mvo: afaiu ondra's change, we no longer have 2 copies of the snaps, but instead /var/lib/snapd/snaps files are symlinked to ones from /var/lib/snapd/seed/snaps/
[07:36] <ondra> mborzecki I don't think this has landed yet, there seem to be some mysterious lock down in tests
[07:38] <mborzecki> ondra: Could not get lock /var/lib/apt/lists/lock thing? iirc it was resolved by cachio or sth
[07:38] <ondra> mborzecki yeah that one
[07:38] <ondra> mborzecki what was the problem? and can somebody then restart test so we can re-check pull request
[07:39] <mborzecki> ondra: i'm looking in the no space left thing
[07:40] <mborzecki> ondra: your change seems to have triggered a problem elsewhere
[07:41] <mborzecki> ondra: i can keep looking into it and push a fix if you don't mind
[07:45] <mvo> mborzecki: isn't it "just" a matter of tweaking tests/lib/prepare.sh:348 (the ubuntu-image call)
[07:46] <ondra> mvo yeah that would great
[07:46] <mvo> mborzecki: and adding --image-size=1G or something?
[07:46] <mvo> mborzecki: or whatever we need (not sure if the file is sparse so we may need to ensure its not crazy :)
[07:46] <mborzecki> mvo: yes
[07:47] <mvo> mborzecki: cool, thank you!
[07:47] <mvo> mborzecki: and thanks for diving into it :)
[07:48]  * Son_Goku groans to life
[07:57] <Chipaca> moin moin
[07:58] <mvo> hey Chipaca ! good morning
[07:58] <Chipaca> mvo: welcome back! how're things?
[07:58] <mvo> Chipaca: good, good. how are you?
[07:58] <mborzecki> mvo: hm --image-size 700M, the file is 700MB, partition is still 360MB :/
[07:58] <mvo> mborzecki: :( booo
[07:59] <Chipaca> i'm without context, but resize was done from initramfs wasn't it?
[07:59] <mborzecki> mvo: sil2100 says we'd have to list the partition in gadget.yaml to set the desired size
[08:00] <mborzecki> Chipaca: https://github.com/snapcore/snapd/pull/5134#issuecomment-390898663
[08:00] <mup> PR #5134: Shrink image generated with snap prepare <Created by kubiko> <https://github.com/snapcore/snapd/pull/5134>
[08:00] <mvo> mborzecki: don't we use writable?
[08:00] <Chipaca> i suspected it was related to that :-)
[08:01] <mborzecki> mvo: writable?
[08:01] <Chipaca> i'm getting a «Running task 3777 on Doing: Reconnect interfaces for snap "core"» every 5 seconds
[08:01] <mborzecki> Chipaca: talk to pstolowski
[08:01] <Chipaca> pstolowski: OHAI
[08:02] <mvo> mborzecki: we have two partitons (well, three) on core, system-boot and writable - I'm pretty sure that --image-size used to work to make writable bigger (but not system-boot which should be irrelevant for this test or so I hope)
[08:04] <mborzecki> mvo: hm maybe it does not work if the partition is not listed in gadget.yaml
[08:04] <pstolowski> Chipaca: yes, there is at least one critical bug around there that I'm fixing right now. can your try abort it
[08:04] <pstolowski> ?
[08:04] <mvo> Chipaca: i started looking into the snapd snap and hit bug #1772584 - I think I might have an idea for a workaround but its all a bit messy
[08:04] <mup> Bug #1772584: Having a "snap" directory with actual content causes build failures <Snapcraft:New> <https://launchpad.net/bugs/1772584>
[08:04] <mborzecki> mvo: this is what we have now https://paste.ubuntu.com/p/qStWjg56NV/
[08:04] <Chipaca> pstolowski: done
[08:04] <mvo> mborzecki: yeah, thats the default and this should work
[08:05] <mvo> mborzecki: I can look in a wee bit if that blocks you
[08:05] <Chipaca> mborzecki: got an error (not reported because I've got SNAPPY_TESTING=1)
[08:05] <Chipaca> um
[08:05] <Chipaca> pstolowski: ^ that one was for you
[08:06] <Chipaca> pstolowski: should I pastebin the report for you instead?
[08:06] <pstolowski> Chipaca: yes please, not sure what's the context
[08:06] <Chipaca> by error i mean an oops
[08:07] <Chipaca> pstolowski: I did "sudo snap abort --last=auto-refresh"
[08:07] <Chipaca> pstolowski: that succeeded
[08:07] <Chipaca> pstolowski: or more or less succeeded :-)
[08:07] <Chipaca> pstolowski: and that ended up in an error i think
[08:07] <Chipaca> pstolowski: I'll pastebin the whole thing, then you tell me
[08:08] <mborzecki> mvo: not really blocki, just wanted to push that PR a bit further
[08:08] <Chipaca> pstolowski: this is the log,  including the oops at the end: https://pastebin.ubuntu.com/p/75RZSmVGmm/
[08:08] <mvo> mborzecki: yeah, I think this is great (pusing it further)
[08:09] <Chipaca> pstolowski: let me know if you need anything further to figure it out
[08:11] <pstolowski> Chipaca: can you send me your state.json?
[08:16] <Chipaca> pstolowski: people.canonical.com:/home/john/state.json.bz2
[08:16] <mup> PR snapd#5183 opened: snapcraft.yaml: add minimal snapcraft.yaml with custom build <Created by mvo5> <https://github.com/snapcore/snapd/pull/5183>
[08:18] <Chipaca> pstolowski: if you can't ssh to p.c.c i can put it elsewhere
[08:18] <pstolowski> Chipaca: indeed i can't
[08:18] <Chipaca> pstolowski: you need the vpn up, fwiw
[08:18] <pstolowski> i haven't used it for years
[08:19] <pstolowski> Chipaca: right. can you email it?
[08:20] <Chipaca> pstolowski: sent
[08:20] <Chipaca> it's 12MB uncompressed, so I bzipped
[08:21] <Chipaca> pstolowski: also i formatted it and removed secrets from it (i think :-) )
[08:21] <pstolowski> Chipaca: good, thanks
[08:23] <pstolowski> mvo: core in edge is very broken because of reconnect bug, can we prevent people from using it (in fact last few revisions are broken)?
[08:23] <mvo> pstolowski: I think so, I can revert edge to a previous revision, if you tell me which one
[08:24] <pstolowski> mvo: problem is the PR landed 10 days aog
[08:24] <pstolowski> *ago
[08:24] <pstolowski> so you can hit the bug with any revision since then
[08:27] <mvo> pstolowski: ok
[08:35] <mvo> Chipaca: if at some point later you have time to talk about the snapd snap that would be great, it feels like we have a lot of work ahead of us :/ I will try to write up something about what we need to do to get there
[08:35] <mvo> Chipaca: i.e. what is missing etc
[08:35] <Chipaca> mvo: ok
[08:35] <Chipaca> mvo: right now i'm working on the conn check branch, beating tests into submission
[08:36] <mvo> Chipaca: sounds good
[08:38] <eraserpencil> what is the interface to choose if i wish to expose the Ethernet port?
[08:42] <popey> eraserpencil: https://docs.snapcraft.io/reference/interfaces
[08:42] <popey> that's the full list. we don't have one for the ethernet device/port, it's "network"
[08:42] <popey> (and network-bind if you want to run a server/service)
[08:43] <pstolowski> Chipaca: the bug you hit is same as zyga's
[08:43] <Chipaca> pstolowski: huzzah
[08:44] <zyga> High five
[08:44] <zyga> All 70000 of them
[08:44] <pstolowski> so that's what I'm fixing. there may also be a related problem with conflict checking but i haven't looked into that yet
[08:46] <pstolowski> basically the issue is that i iterate over all potential connections and create tasks as I go. however, if an error is detected during the iteration (such as conflict with another snap op) i error out (with Retry in some cases), and that leaves already created tasks and they are not assigned to a change. so the main task is retried and it all repeats
[08:49] <mvo> pstolowski: does 4646    2018-05-11T04:29:24Z  arm64    16-2.32.6+git716.83cec93          edge looks reasonable to go back to? the next one we have is 2018-05-14T04:30:30Z
[08:53] <pstolowski> mvo: 1 moment
[08:57] <pstolowski> mvo: that wouldn't include https://github.com/snapcore/snapd/pull/5120 that landed on 05/11 right?
[08:57] <mup> PR #5120: interfaces: interface hooks for refresh <Critical> <Squash-merge> <Created by stolowski> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/5120>
[08:59] <mvo> pstolowski: it seems it does not, the r4646 was build 2018-05-11 at 04:29 in the morning
[09:00] <pstolowski> mvo: good, that solves it for edge
[09:01] <pstolowski> mvo: i fear we have a potential to hit similar issue with autoconnect logic, and that's in stable already right?
[09:02] <mvo> pstolowski: autoconnect is in stable, yes
[09:02] <mvo> pstolowski: hm, at least iirc, let me double check
[09:02] <mvo> pstolowski: that is "Done    2018-05-22T09:02:31Z  2018-05-22T09:02:33Z  Automatically connect eligible plugs and slots of snap "test-snapd-tools"
[09:02] <mvo> " ?
[09:03] <pstolowski> mvo: yes
[09:03] <mvo> pstolowski: thats in stable
[09:04] <pstolowski> right, that's what i remembered
[09:07] <Chipaca> mvo: feedback on my changes to your conncheck pr appreciated
[09:09]  * Chipaca off to physio
[09:17] <pedronis> pstolowski: I was reading the logs a bit, what's the issue?  never ending retry cycles?
[09:18] <pstolowski> pedronis: yes, and continuous adding of hook tasks because of that, and they have no change associated if error out on Retry
[09:19] <pedronis> pstolowski: the latter is expected, we prune them but probably could be more aggressive, see state.go
[09:20] <pstolowski> pedronis: hmm that's interesting, i wasn't aware of that
[09:20] <pstolowski> pedronis: also while working on a fix i think i found another general flaw in reconnect logic
[09:20] <pedronis> pstolowski: do we know why the we retry forever? some kind of recursive case we didn't consider?
[09:20] <pstolowski> but that's probably not directly involved in the issue
[09:21] <pstolowski> pedronis: i haven't actually got the retry logic yet, you found general problem with error handling and focues on that first
[09:22] <pstolowski> d/you/
[09:22] <pedronis> ok
[09:22] <pedronis> let me know if I can help
[09:23] <pstolowski> thanks
[09:24]  * Chipaca really off to physio now
[09:36] <pstolowski> pedronis: would you like to take a look at John's state.json to see if you can spot the cause of retries?
[09:37] <pstolowski> nb, i think my remark about general flaw in reconnect logic may be premature
[09:43] <pedronis> pstolowski: the issue might be related to the ordering of refreshes we do now
[09:43] <pstolowski> pedronis: you mean ordering of refresh vs autoconnect?
[09:44] <pedronis> pstolowski: the fact that we  refresh core first  and then other snaps in a multi-refresh, I suppose auto-connect/or reconnect of core will never finish now
[09:48] <mvo> Chipaca: looks great, I will do a formal review now
[09:50] <pedronis> pstolowski: I think we didn't notice with auto-connect because we don't do anything if the connection is already there which is the common case with core and another snap
[09:53] <pedronis> pstolowski: you should try to write a test, have core and another snap that has a connected interface to core,  then do a refresh (UpdateMany) that needs to refresh both core and this other one, I think you get the bug
[09:53] <pstolowski> pedronis: thanks, this sounds plausible
[09:58] <pstolowski> pedronis: btw, i also proposed https://github.com/snapcore/snapd/pull/5182
[09:58] <mup> PR #5182: snapstate/hooks: reorder autoconnect and reconnect hooks <Created by stolowski> <https://github.com/snapcore/snapd/pull/5182>
[09:59] <eraserpencil> popey: I was checking the documentation on that, and erm just double checking if there was an "ethernet" option. Thanks anyway, I'll try out network.
[10:16] <mup> PR snapd#5184 opened: [WIP] interfaces: add desktop-{contacts,calendar}-service interfaces <Created by jhenstridge> <https://github.com/snapcore/snapd/pull/5184>
[10:49] <mup> PR snapd#5185 opened: tests: shellchecks part 2 <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5185>
[10:50] <pstolowski> pedronis: thanks for the review
[11:05] <mborzecki> fwiw #5134 is green now
[11:05] <mup> PR #5134: Shrink image generated with snap prepare <Created by kubiko> <https://github.com/snapcore/snapd/pull/5134>
[11:10] <ondra> mborzecki that helped :)
[11:10] <ondra> mborzecki tests do pass now
[11:10] <ondra> mborzecki I added you there also comment how to actually change writable size, in case this ever comes back
[11:12] <mborzecki> ondra: i tried something like this and ubuntu-image seems to ignore any edits to gadget.yaml :/ is there anyhing else i'd need to do beside dropping a new partition entry?
[11:13] <ondra> mborzecki not really, that there is bug in u-i
[11:13] <ondra> mborzecki it should not ignore that section
[11:14] <mborzecki> ondra: maybe what i added made no sense (but then there was no error or whatever)
[11:15] <ondra> mborzecki you can paste  it to me, and I will see if I can spot some problem
[11:16] <mborzecki> ondra: let me try your snippet
[11:19] <pedronis> pstolowski: btw, are you working on writing the test I described?
[11:20] <pstolowski> not yet, but getting to it, addressed your feedback re reorder PR and finished part of the fix related to error handling. onto test now.
[11:22] <mwhudson> Chipaca: what was your terrible snap called again?
[11:25] <mwhudson> ah interdenominational-counterintelligences
[11:26] <Chipaca> mwhudson: yup
[11:26] <mwhudson> Chipaca: ah heh another non-maximal field!
[11:26] <mwhudson> Chipaca: publiser
[11:26] <mwhudson> *publisher
[11:26] <mwhudson> (or did you say that already)
[11:27] <Chipaca> mwhudson: I did not
[11:27] <Chipaca> mwhudson: good point. Want to register a maximal lp user?
[11:27] <mwhudson> i'm not sure what the upper limit is there
[11:30] <Chipaca> mwhudson: probably less than an exabyte
[11:30] <mwhudson> probably
[11:34] <mwhudson> https://staging.launchpad.net/~m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789
[11:34] <mwhudson> Chipaca: ^
[11:35]  * Chipaca hugs mwhudson 
[11:36] <mwhudson> https://staging.launchpad.net/~
[11:36] <mwhudson> m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123
[11:36] <mwhudson> 456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m1234567
[11:36] <mwhudson> 89m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m1
[11:36] <mwhudson> 23456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m12345
[11:36] <mwhudson> 6789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789
[11:36] <mwhudson> m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123
[11:36] <mwhudson> 456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m1234567
[11:36] <mwhudson> 89m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789m123456789
[11:36] <mwhudson> yeah ok so maybe not much less than an exabyte
[11:36] <mwhudson> (sorry!)
[11:39] <Chipaca> mwhudson: if it's just  a text field, it might not be much less
[11:39] <mborzecki> ondra: looks like gadget.yaml comes from gadget snap which is downloaded on every build
[11:39] <mwhudson> Chipaca: that user has a 3600 char name so...
[11:39] <Chipaca> mwhudson: I would argue that it's a bug if it's longer than ~20 chars, myself
[11:40] <niemeyer> Good mornings!
[11:40] <Chipaca> although I might be convinced to thinking 32 isn't too bad either
[11:41] <pedronis> Chipaca:   should we s/url/host/  in a bunch of docs, variables  in the connectivity check PR ?
[11:41] <Chipaca> pedronis: no
[11:41] <Chipaca> pedronis: accurate documentation is for the feeble-minded
[11:41] <pedronis> ok :)
[11:41]  * Chipaca fixes
[11:47] <mup> PR snapd#5080 closed: many: support 'system' nickname in interfaces <Created by bboozzoo> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/5080>
[11:47] <Chipaca> pedronis: fixed
[11:49] <pedronis> Chipaca: I'm removing your +1 because it has changed so much by you since
[11:49] <Chipaca> pedronis: that seems fair to me :-)
[11:49] <Chipaca> I +1'ed it, and then rewrote it
[11:49] <Chipaca> :-D
[11:49] <Chipaca> "yeah that's fine, let's do something COMPLETELY DIFFERENT"
[11:49] <Chipaca> *merge*
[11:49] <Chipaca> I've been taking lessons from the US congress
[11:50] <pedronis> let's add a random thing at the last minute before the vote? fix conflicts, non-sense laters?
[11:51] <pedronis> seems it's a style there
[11:51] <Chipaca> > @niemeyer approved this pull request.
[11:51]  * Chipaca dances
[11:52] <Chipaca> i feel like i should bring out the champagne and the cigars
[11:52] <mborzecki> Chipaca: (snap)shots for everyone?
[11:52] <Chipaca> mborzecki: let me sneakily rename them to schnappshots before the merge
[11:52]  * niemeyer grabs the domain name
[11:53] <mup> PR snapd#5066 closed: overlord/snapshotstate/backend: introducing the snapshot backend <Complex> <Created by chipaca> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/5066>
[12:08] <mborzecki> off to school, back for standup
[12:12] <ondra> mwhudson ah if you are using gadget snap from store, then you are out of luck
[12:12] <ondra> mwhudson ups sorry wrong nick
[12:13] <ondra> mborzecki ah if you are using gadget snap from store, then you are out of luck
[12:13] <ondra> mwhudson you can always change u-i command and pass it own gadget snap instead, but that will make test a bit more static
[12:13] <mwhudson> ondra: you did it again!
[12:14] <ondra> mwhudson damn irc client, sorry for that
[12:14] <mwhudson> heh heh it's funny
[12:14] <mwhudson> no worries :)
[12:14]  * mwhudson goes to bed
[12:14] <ondra> mborzecki you can always change u-i command and pass it own gadget snap instead, but that will make test a bit more static
[12:14] <ondra> good night :)
[12:38] <cachio> Son_Goku, hey
[12:38] <Son_Goku> yo
[12:38] <cachio> Son_Goku, I am working again with the fedora 28 for google
[12:38] <cachio> I just see the oslogin package
[12:38] <Son_Goku> which ones do you need?
[12:39] <cachio> Son_Goku, https://paste.ubuntu.com/p/g9HByWRgbg/
[12:39] <cachio> those
[12:41] <Son_Goku> okay, so you need all three
[12:41] <Son_Goku> I'll try to work on that today
[12:42] <cachio> Son_Goku, great, thanks a lot
[12:45] <mborzecki> re
[12:45] <mborzecki> master unit tests are broken, i'll be opening a pr in a while
[12:47] <mborzecki> there should be a github feature that triggers a build on a PR whenever it's about to be merged into master
[12:54] <mup> PR snapd#5186 opened: daemon: update unit tests to match current master <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5186>
[12:55] <mborzecki> should fix master builds ^^
[13:14] <sergiusens> joc, thresh, diddledan, popey, Wimpress https://forum.snapcraft.io/t/call-for-testing-snapcraft-2-42-1/5540 has the snapcraft you want or need (a quick validation, if time permits, would be nice)
[13:14] <popey> hah
[13:14] <popey> you always have the snapcraft I need
[13:15] <joc> sergiusens: thanks, how quick were you hoping for?
[13:15] <popey> sergiusens: looks like I'm already on edge, so have been using that for at least the last 24 hours
[13:15] <sergiusens> joc: the test can be quick, but it is not urgent ;-)
[13:16] <sergiusens> popey: thanks
[13:17] <mvo> sergiusens: do you want me to write a forum post about the "snap" directory isssue outlined in 1772584?
[13:17] <sergiusens> mvo: this bug plays nicely with the fact that we also want to make `parts` relocatable for build environments
[13:18] <sergiusens> but this one is a bit more special even
[13:18] <mvo> sergiusens: being able to put it all under .snapcraft might also be an option
[13:18] <sergiusens> because it is our main entry point into the source of truth to build
[13:18] <mvo> sergiusens: I don't really mind, but the hack I had to do to make it work makes my cry
[13:18] <sergiusens> mvo: yeah, let's start with a post to brainstomr
[13:19] <mvo> sergiusens: cool, will do
[13:19] <sergiusens> hacks always make us want to cry until they stand the test of time, from then on, we are proud of them :-P
[13:22] <diddledan> sergiusens: I used it yesterday from edge (purposefully) to build gimp 2.10.2 - works great - fixes the argument length issue gimp build was encountering
[13:23] <popey> yay
[13:23] <popey> https://usercontent.irccloud-cdn.com/file/11QDTn3O/Good%20news%21
[13:24] <thresh> sergiusens, hey I've tried the edge multiple times and it worked fine for me - no time to test the actual release atm, sorry
[13:25] <diddledan> speaking of gimp - I've been building the world because glib needed to be newer than that of xenial, but because I'm now not using the themes and such from the ubuntu repo I'm missing icons that I can't work out how to get back - I'm building gnome-themes-extra and gnome-icon-theme and gnome-icon-theme-extra and adwaita-icon-theme but still there are missing icons :-(
[13:25] <diddledan> oh, and hicolor-icon-theme, too
[13:26] <popey> diddledan: is it possible to build using some of the magic kenvandine does to get newer gnome in desktop snaps? (or use 18 core)
[13:27] <diddledan> using 18 core would probably fix it
[13:27] <diddledan> how do I do that?
[13:27] <popey> I installed a snap the other day that pulled in core 18, surprised people are using it already
[13:27] <popey> https://forum.snapcraft.io/t/the-road-to-core18/5547
[13:27] <diddledan> it's not official yet is it?
[13:27] <popey> oh, that's not what you want
[13:27] <diddledan> "Sorry, you don't have access to that topic!" :-p
[13:28] <diddledan> that's a secrit topic
[13:28] <popey> ignore that then
[13:28] <popey> sorry.
[13:28]  * diddledan haxx0rs it
[13:28] <thresh> mmm fresh warez
[13:28] <popey> i think there's some work still to do in the store and snapcraft before core18 is commonplace
[13:29] <sergiusens> thresh: having used edge is good enough, thanks!
[13:30]  * diddledan surmises that popey has insider information from a secrit topic that he can't tell me about that makes popey "think there's some work still to do". 'the road to core18' is long and winding? :-p
[13:30] <mup> PR snapd#5187 opened: overlord: introduce snapshotstate <Created by chipaca> <https://github.com/snapcore/snapd/pull/5187>
[13:48] <mup> PR snapd#5186 closed: daemon: update unit tests to match current master <Simple> <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5186>
[13:54] <mborzecki> cachio: can you post the *.timer file somewhere?
[14:06] <jdstrand> roadmr: hi! can you pull r1074 of the review tools? note that most of the changes are around snap usn support, but there are a few things for regular reviews
[14:07] <roadmr> jdstrand: sure!
[14:07] <jdstrand> thanks!
[14:07] <roadmr> jdstrand: we still haven't re-enabled resquash enforcement, right?
[14:07] <cachio> mborzecki, well, it fails to install and it doers not leave the .timer
[14:07] <jdstrand> note to channel: ^ that includes support for the new 'timer' yaml
[14:07] <cachio> mborzecki, is it any way to see the .timer in that case?
[14:08] <jdstrand> roadmr: that is correct. plan to do it the week of June 4th. electron upstream is the last thing and they are working on it (several commits already pushed)
[14:08] <mborzecki> cachio: no i think not, what's your snapd version?
[14:08] <cachio> 2.32.8
[14:10] <mborzecki> cachio: w8, timers are in 2.33, any timer entry you have there will be ignored
[14:11] <jdstrand> cachio: note, I'm approving your gce-cleaner snap now
[14:11] <cachio> jdstrand, ok, thanks
[14:11] <cachio> mborzecki, weird, I tried with edge and I had same problem
[14:11] <jdstrand> cachio: all approved. you'll need to publish to a channel
[14:11] <cachio> mborzecki, let me check it again
[14:12] <cachio> jdstrand, perfect, tx
[14:13] <mborzecki> cachio: can you double check that there are no snap.*.timer files before you attempt to install that snap?
[14:13] <cachio> mborzecki, yes
[14:13] <cachio> mborzecki, I am refreshing core now, let me try once it is finished
[14:15] <cachio> mborzecki, I have snapd.snap-repair.timer
[14:15] <cachio> for example
[14:15] <mborzecki> cachio: this one is ok, it's part of snapd package iirc
[14:17] <cachio> mborzecki, https://paste.ubuntu.com/p/ztXv9HSRhw/
[14:18] <cachio> mborzecki, it is weird becase it works in a xenial machine on google
[14:20] <mborzecki> cachio: tried 2.32.9, the timers are ignored as expected
[14:20] <mborzecki> and -git version creates the timer files as needed
[14:21] <cachio> which systemd do you have?
[14:22] <cachio> mborzecki, I have systemd 229
[14:22] <mborzecki> cachio: 238, but that shouldn't matter, the error you had suggests that the timer was incorrectly generated
[14:22] <cachio> mborzecki, and the core is 16-2.32.9+git734.7763a07 (4718) 91MB core
[14:23] <mborzecki> cachio: can you post the snap.yaml somewhere?
[14:23] <cachio> mborzecki, sure
[14:23] <zyga> jdstrand: Hi
[14:23] <cachio> mborzecki, https://paste.ubuntu.com/p/DMncjbGVMJ/
[14:24] <zyga> From redhat docs about the new security issues related to speculative access to the store buffer
[14:24] <zyga> Since it will take time to enable explicit mitigations in all impacted third-party software, steps have been taken to automatically enable mitigation for some classes of applications. The Linux kernel “seccomp” (“secure computing”) framework allows an application to request that limits be placed upon itself, for example, to prevent further use of certain system calls and other system interfaces after its initial startup phase. Seccomp is often
[14:24] <zyga> used by sandboxes and managed code frameworks to limit the ability for sandbox escape once potentially malicious untrusted code begins to execute. The seccomp framework has been modified in the latest Linux kernel updates such that its use will automatically have the side-effect of disabling Speculative Store Buffer Bypass, equivalent to applications making an explicitly programmed “prctl” request
[14:24] <zyga> This implies that all snap software automatically runs slower
[14:24] <zyga> mvo: ^ FYI
[14:25] <zyga> Which imo sucks
[14:25] <jdstrand> zyga: put another way, it means that all snap software is protected
[14:25] <zyga> From itself? This is infra-process attack
[14:25] <jdstrand> but yes. speculative execution continues to be a pain
[14:26] <zyga> Not applicable to snapd mounting a sandbox around an otherwise single-security-level process
[14:26] <mborzecki> cachio: hm the spec is even the same as our test snap
[14:28] <cachio> mborzecki, do you want to try it https://github.com/sergiocazzolato/gce-cleaner.git
[14:30] <mborzecki> cachio: ok, let me fire xenial vm
[14:31] <zyga> jdstrand: imo, we should prctl this off in snap-confine, software that actually needs this (like browsers) should re-enable it
[14:31] <zyga> jdstrand: otherwise all software inside a snap seccomp profile becomes slower
[14:32] <jdstrand> zyga: I have not studied the issue to the extent to say that is ok. tyhicks, do you have an opinion?
[14:38] <zyga> I haven’t studied this in depth either but the article makes a connection between the use of seccomp and implicates that the process must use multiple security contexts inside so should automatically be protected from using the store buffer speculation attack
[14:38] <mborzecki> cachio: your snap builds and installs just fine
[14:38] <zyga> That is, doesn’t take into account the massive use of seccomp for software that doesn’t have multiple security contexts but is under general sandboxing like snapd
[14:40] <cachio> mborzecki, well, it works for me in a vm on gce
[14:40] <cachio> on xenial
[14:40] <cachio> but fails on my machine
[14:41] <mborzecki> cachio: ok, let me try with edge (that's what you're using right?) in xenial vm
[14:41] <tyhicks> zyga: this was known and documented in the Ubuntu KnowledgeBase (3rd paragraph of Mitigations): https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Variant4
[14:41] <cachio> mborzecki, I used edge and stabl
[14:41] <cachio> e
[14:41] <tyhicks> zyga: the idea is being secure by default
[14:42] <jdstrand> zyga (cc tyhicks): snaps can contain anything. I don't think we can assume that a snap doesn't use an affected pattern. also, it sounds like if we disable via the prctrl then an application would have to reenable with the prctl, where as app developers may assume that "since I'm using seccomp, I don't have to do that"
[14:42] <mborzecki> cachio: well stable does not have timers, so there's that
[14:42] <jdstrand> zyga: so, for your browser example, turning it off would likely turn it off for all the snapped browsers
[14:42] <tyhicks> zyga: while the impact of this issue doesn't seem to be very high, it hasn't received a lot of attention yet because it has been embargoed
[14:43] <zyga> tyhicks, jdstrand: I agree but I find this suboptimal, high-performance software (or games) now runs slower because they just happen to be sandboxed;
[14:43] <zyga> I'm off for most of this week but I will definitely get back to this issue in snapd context
[14:43] <jdstrand> zyga: do you know that? have you measured it?
[14:43] <mborzecki> cachio: xenial vm also working fine :/
[14:44] <zyga> jdstrand: no, but it is purely a preformance feature (speculative store) so it must have some impact, how grave it is I don't yet know
[14:44] <jdstrand> zyga: btw, you can't measure yet cause the microcode isn't available yet
[14:44] <tyhicks> zyga, jdstrand: I've measured about a 3.2% percent performance hit for CPU bound workloads (compiling the kernel using the default kernel configuration)
[14:45] <jdstrand> tyhicks: I thought we meeded microcode to be able to measure... granted, I am not up on the issue
[14:45] <tyhicks> jdstrand: yes, you need to have updated microcode to test
[14:46] <jdstrand> ok
[14:46] <jdstrand> we don't have that :)
[14:49] <jdstrand> tyhicks: curious, is it possible (and perhaps desirable) for snaps to opt out of the protection? Ie, it is on be default now, but yaml is introduced that tells snap-confine to use the prctl to turn it off?
[14:49] <tyhicks> zyga: I'm not saying that you shouldn't make use of the prctl to disable it but you may want to wait a little bit to see how the discussion around this flaw turns
[14:49] <zyga> tyhicks: ack, I didn't mean to imply ugrency, I'm just reading about this as it is becoming public
[14:50] <jdstrand> zyga (cc tyhicks): suse said: "A common pattern where this happens would be leaks out of zeroed cryptographic material storage"
[14:50] <zyga> jdstrand: since we have speciifc interfaces that allow to construct a seccomp sandbox we could tie it to that, perhaps
[14:50] <jdstrand> zyga (cc tyhicks): there are all kinds of snaps that take sensitive info
[14:51] <tyhicks> jdstrand: yes, the launcher would need to use the prctl to disable the mitigation and then load the seccomp filter with a newly added (and backported) seccomp filter flag that allows the mitigation to be disabled for applications using seccomp
[14:51] <jdstrand> it still sounds like by default is the correct choice. *perhaps* a mechanism to opt out would be ok
[14:52] <zyga> jdstrand: senstive info yes but isn't the whole attack only mountable from within a process? that is a process running untrusted code?
[14:53] <tyhicks> zyga, jdstrand: this is not a user friendly solution but, for completeness, a user could use the spec_store_bypass_disable=prctl kernel boot option to turn off mitigations for seccomp processes (see https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown/MitigationControls#CVE-2018-3639)
[14:53] <jdstrand> zyga: we don't know what snaps are running. maybe it is a lamp stack that is reachable over the internet and processes sensitive info and tries to dtrt with it
[14:53] <tyhicks> (the default is spec_store_bypass_disable=seccomp)
[14:54] <jdstrand> tyhicks: yes, I was just going to say that sounds like what people were thinking. set it to something lower then opt into more rather then setting to high and opting out
[14:54] <zyga> jdstrand: yes, I'm just trying to consider if, among snaps, the only scope of attack is a process attacking itself (by, for example, running untrusted code)
[14:54] <zyga> jdstrand: or if the scope is larger
[14:55] <jdstrand> zyga: I can't comment on that. it sounds like due to embargo it hasn't been studied. my point is it is enough of a reason to leave it on (at least by default)
[14:55]  * zyga nods
[14:55] <tyhicks> a browser process crunching of arbitrary javascript is an example of a process that isn't attacking itself but is potentially being attacked by an external attacker
[14:55] <jdstrand> zyga: but opting out sounds difficult since we'd need new kernel support that everyone would need to pick up since all distros are choosing spec_store_bypass_disable=seccomp
[14:56] <zyga> jdstrand: yes, I agree, it may be a while before an opt-out is even something me way offer
[14:56] <tyhicks> jdstrand: if distros are supporting spec_store_bypass_disable=seccomp then they're definitely supporting the prctl
[14:57] <jdstrand> tyhicks: right, but you said we need a new flag backported when =seccomp from kernel command line and we want to opt out
[14:57] <jdstrand> tyhicks: or did I misunderstand?
[14:57] <tyhicks> jdstrand: I think you misunderstood
[14:58] <tyhicks> jdstrand: if the kernel is opting seccomp'ed processes into SSBD, then it very likely supports the prctl and seccomp filter flag to allow those processes to opt out of SSBD
[14:58] <zyga> is the prctl code public now?
[14:58] <tyhicks> (the prctl comes before the seccomp patches in the patch set and the seccomp patches rely on the prctl patches)
[14:58] <tyhicks> zyga: yes
[14:59]  * zyga pulls his linux tree
[14:59] <tyhicks> zyga: there's not much need for that - the prctl is simple
[14:59]  * jdstrand notes that the act of having a seccomp sandbox at all is a performance impact
[14:59] <jdstrand> regardless of this
[14:59] <jdstrand> ie, snaps were already a little slower
[15:00] <zyga> jdstrand: that's true
[15:01] <jdstrand> an ideally complied seccomp filter will have the most used call first with the least last
[15:01]  * zyga tries to return to his holidays but this is too interesting
[15:01] <jdstrand> we can, today, do some instrumenting and reorder our template to add some performance
[15:01] <jdstrand> the template is in alphabetical order now. we could put open, write, read, etc first
[15:02] <zyga> jdstrand: that's intereting, I didn't think that the template would be compiled top-to-bottom
[15:02] <jdstrand> (it is alphabetical because at the time it was not known that the ordering mattered)
[15:02] <zyga> jdstrand: for instance, today we order it alphabetically
[15:02] <zyga> (I think we sort it internally)
[15:03] <jdstrand> zyga: I've thought that we could strace several applications and then see how much each call was hit, and do some ordering in (at least) the template
[15:03] <zyga> jdstrand: that's a good idea, I agree
[15:03] <jdstrand> it wouldn't have to be perfect to have an improvement. it would all have to be measured of course
[15:05] <mborzecki> cachio: not sure what's happening in your system, given the log, the template that's generated seems to have some incorrect characters inside, the 'n' may come from '\n' but we don't use that explicitly when generating the file, so maybe it's some printing problem in systemd/journalctl? to make things even more awkward the snap seems to work elsewhere
[15:05] <zyga> jdstrand: since seccomp profiles are per-app we might even do some eventual automatic tuning
[15:06] <cachio> mborzecki, good
[15:06] <jdstrand> zyga: you mean, like, "if browser-support is plugged, then assume we should tune as a browser" type things?
[15:06] <cachio> mborzecki, I'll try to update systemd and test with a new version
[15:08] <zyga> jdstrand: if one-of-set-of-interfaces is plugged then the app has an ability to construct a sandbox so enable the security hardening
[15:08] <jdstrand> zyga: if so, that shouldn't be out of the realm of possibility. I suspect (but again, just a gut feeling) that we are going to see a top 20 (or whatever) list of syscalls and that putting them ordered first we'd see the biggest benefit, with everything else falling off fast
[15:08] <zyga> yeah
[15:10] <jdstrand> who knows, maybe we can just do that and negate tyhicks' 3.2% impact :)
[15:12] <tyhicks> jdstrand: don't strace! set SECCOMP_RET_LOG as the default seccomp action
[15:13]  * tyhicks does all this work on seccomp logging and jdstrand just forgets about it...
[15:13] <tyhicks> ;)
[15:13] <tyhicks> oh, not the default action but used in place of SECCOMP_RET_ALLOW
[15:13] <roadmr> :~(
[15:13] <jdstrand> heh, well, I *had* actually thought of it be then was worried about kernel rate limiting and using a special snap-seccomp
[15:13] <jdstrand> but sure
[15:14] <zyga> it'd be nice if we could do SECCOMP_RET_HISTOGRAM or something similar, so that we don't need to log all of them, just increment a per-process counter somewhere
[15:14] <zyga> maybe with some perf way to get it out
[15:14] <tyhicks> if you disable rate limiting, you'll probably get much better performance than with strace
[15:14] <tyhicks> s/if you disable/even if you disable/
[15:16] <jdstrand> well, I wasn't suggesting measuring under strace, just gathering data, then adjusting the order, then measuring. rinse and repeat
[15:16] <tyhicks> zyga: definitely an interesting idea but I think that's probably adding too much complexity to seccomp for something that can be done easily in userspace
[15:16] <tyhicks> SECCOMP_RET_TRACE is probably the best option because the tracer, in userspace, could easily keep a tally
[15:16] <jdstrand> there are probably system-tap like things that could be done
[15:17] <jdstrand> ah yes, SECCOMP_RET_TRACE
[15:22] <pstolowski> pedronis: fyi, still fighting with the test but close, had to move it to managers_test and now its seems to be missing snap declaration only..
[15:23] <pedronis> pstolowski: that's probably the best place yes
[15:40]  * cachio lunch
[16:51] <mvo> sergiusens: I wrote the forum post about the "snap" directory in the source tree now btw
[17:28] <pstolowski> i'm calling it day, feeling really under the weather. the test for reconnect hasn't been succesfull so far, it's not failing as expected.. i might be missing something still in the setup/mocking
[18:57] <jdstrand> niemeyer: hi! when you get a chance would you mind reviewing https://github.com/snapcore/snapd/pull/5016? Specifically https://github.com/snapcore/snapd/pull/5016#issuecomment-390186013
[18:57] <mup> PR #5016: interfaces/home: add 'read' attribute to allow non-owner read to @{HOME} <Created by jdstrand> <https://github.com/snapcore/snapd/pull/5016>
[18:59] <niemeyer> jdstrand: Will do, and thanks!
[19:14] <jdstrand> np
[20:16] <mup> PR snapd#5188 opened: tests: ubuntu core abstraction <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/5188>
[20:34] <niemeyer> jdstrand: Perhaps instead of "own" or "owner" we should go with "user"
[20:35] <niemeyer> jdstrand: Rationale being that this vaguely resembles the u/g/o permission set, except the "o" has the opposite meaning
[20:36] <jdstrand> niemeyer: I actually like 'owner' because it matches apparmor terminalogy (eg, it is not uncommon to say 'we allow access to this file with owner match'. but, I'm not married to it. your point for 'u'ser is as valid as that
[20:37] <jdstrand> terminology*
[20:37] <niemeyer> jdstrand: Ouch.. so many standards :)
[20:37] <jdstrand> I know
[20:38] <jdstrand> I guess a regular person might under 'user' better, but 'owner' is pretty clear too since it is very typical to talk about file ownership
[20:38] <jdstrand> understand*
[20:38] <jdstrand> I don't have a strong opinion. I'm probably too close to 'owner' to be objective :)
[20:41] <niemeyer> jdstrand: We might also solve the dilemma by forbidding either, and just assuming the default to be that
[20:42] <niemeyer> jdstrand: This has the advantage of no ambiguity
[20:42] <niemeyer> (two syntaxes with same meaning)
[20:43] <jdstrand> well, user and owner really are communicating the same thing ime
[20:44] <jdstrand> they could really be interchangable at a high level. I liked 'owner' because 'all' removes 'owner' match and 'owner' (the default) adds it
[20:44] <jdstrand> at the lower level
[20:45] <jdstrand> if we take apparmor out of it, it might make sense to use user
[20:45] <jdstrand> we could use uid
[20:45] <jdstrand> owner means uid match with apparmor. user with u/g/o corresponds to the uid
[20:46] <jdstrand> and people understand what a uid is
[20:46] <niemeyer> jdstrand: I mean we might forbid both of them
[20:46] <niemeyer> jdstrand: And allow only "read: all"
[20:46] <jdstrand> oh I see what you mean
[20:46] <niemeyer> The other syntax is everything we already have today
[20:46] <jdstrand> I thought you meant find a 3rd alternative
[20:47] <niemeyer> So we don't need to express it
[20:47] <jdstrand> that's true
[20:47] <jdstrand> we could turn it into a boolean then... did we have that conversation already?
[20:47]  * jdstrand looks in the forum
[20:47] <niemeyer> Finding "read: own/owner" will make people wonder what it matters
[20:47] <niemeyer> and the answer is it doesn't
[20:47]  * jdstrand nods
[20:48] <niemeyer> jdstrand: I think "read: all" is nice and clear
[20:48] <niemeyer> jdstrand: We might just omit the other option for now, and keep it as the default
[20:48] <jdstrand> ok, wfm
[20:48] <niemeyer> jdstrand: That does not prevent us from having a third option later
[20:48] <niemeyer> jdstrand: LGTM too
[20:48]  * jdstrand will summarize and drop 'owner' and leave only all
[20:48] <niemeyer> jdstrand: Will comment on the PR
[20:49] <jdstrand> ok
[20:49] <jdstrand> :)
[20:53] <niemeyer> jdstrand: Sent the review, with another minor detail
[20:53] <jdstrand> niemeyer: thanks!
[20:55] <niemeyer> jdstrand: Sorry, my point about the mishandling of incorrect type was incorrect. The simplifcation note remains, though.
[21:00] <jdstrand> ack
[21:22] <JHOSMAN> Hello, how to I can make conecction of Hamachi in Ubuntu Core?
[21:34] <mup> PR snapd#5189 opened: interfaces/many: miscellaneous updates for default, desktop, desktop-legacy, system-observe, hardware-observe, opengl and gpg-keys <Created by jdstrand> <https://github.com/snapcore/snapd/pull/5189>