[01:17] PR snapd#5294 opened: Update SELinux Policy === cpaelzer_ is now known as cpaelzer [05:04] morning [05:15] mborzecki, night :) [05:15] * Son_Goku is nearly about to go to sleep [05:15] Son_Goku: an goodnight :) [05:15] s/an/and/ [05:57] good morning [05:57] * zyga is somewhat tied after yesterday [05:58] it is good that there is some rain this morning [06:01] zyga: hey [06:01] hi :) [06:02] it rained a bit here, pity it was the only rain in 2 weeks or so [06:30] it still rains here, forecast says it will all day [06:33] ok, kids off to school [06:33] first (or I forget) social security payment [06:33] then work [06:45] pstolowski|afk: 5288 has (ironically) an econnreset test failure :) [06:45] pstolowski|afk: might be yet another interessting corner case [06:52] mvo: hi [06:52] hey mborzecki [06:53] ok, all taxes and payments done [06:53] now back to patches [06:56] PR snapd#5295 opened: cmd/snap-mgmt: remove system key on purge [06:56] trivial PR ^^ [07:01] mborzecki: do we do this in debian/postrm already? or does it need to be done there as well [07:01] mvo: snap-mgmt --purge is used on fedora, opensuse, arch [07:01] mborzecki: I know, I mean, do we need this on debian/ubuntu as well? [07:02] mborzecki: or did we add it there already [07:02] mvo: aah, let me check :) i automatically assumed that it's correct there [07:02] mborzecki: maybe it is :) [07:05] mvo: well it does rm -rf /var/lib/snapd [07:05] mborzecki: heh, that should cover it [07:06] mborzecki: thanks for checking [07:06] mvo: np [07:06] mvo: btw. do you have any idea why the repair timer may be getting stopped before the test? [07:08] mborzecki: no idea, that is a bit mysterious [07:08] mvo: i've restarted 5285 but the log on friday showed that snapd.snap-repair.timer was being stopped just before the test === chihchun is now known as chihchun_afk [07:08] (kudos to systemd guys for actually collecting and showing this in systemctl show ..) === pstolowski|afk is now known as pstolowski [07:10] morning [07:10] mborzecki: I did a quick git grep over the tests dir but nothing jump out that would touch the repair service [07:11] pstolowski: hey === chihchun_afk is now known as chihchun [08:17] PR snapd#5294 closed: Update SELinux Policy [08:17] PR snapd#5295 closed: cmd/snap-mgmt: remove system key on purge [08:17] zyga: thanks! [08:23] when mounting a snap fails, does the journal contain anything useful? [08:23] mborzecki: as much as the kernel provides [08:24] hi, how can I get more information when I see this sort of trace?: "handlers.go:372: Reported install problem for "core" as 680c957c-6d4a-11e8-a5bb-fa163e839e11 OOPSID" [08:24] zyga: i'm wondering if we should try and grab the output of journalctl -u .mount at least [08:24] abeato: this goes to errors.ubuntu.com [08:24] mborzecki: mmmmm [08:24] mborzecki: in tests or in general [08:25] zyga: in tests [08:25] I think in tests we do (by extension of capturing lots of output) [08:25] in general would be interesting [08:25] zyga: in test's we don't, the tests run journalctl -u snapd .. which will not include the mount unit stuff [08:26] zyga, ok, but there is no other information that can be looked into in the system? [08:26] I think you can see more in "snap changes" [08:26] and "snap tasks NNN" [08:27] zyga, got it, thanks [08:28] abeato: the error report is going to contain things that are in the log (before it talks about the error report), or in the tasks log [08:28] or general system info [08:28] great [08:28] abeato: otherwise, https://errors.ubuntu.com/oops/680c957c-6d4a-11e8-a5bb-fa163e839e11 [08:28] zyga: pff, i see it now, there's something logged :/ but not much [08:28] Chipaca: heyo :) [08:29] zyga: 'sup [08:29] abeato: in particular: ERROR [--root / enable snap.network-manager.networkmanager.service] failed with exit status 1: Created symlink from /etc/systemd/system/multi-user.target.wants/snap.network-manager.networkmanager.service to /etc/systemd/system/snap.network-manager.networkmanager.service. [08:29] abeato: which is not particularly helpful :-) [08:29] abeato: no doubt you have better debug info locally [08:29] Chipaca, right, I just saw that in "snap change 1" [08:30] weird thing, then it retried and the second time it worked :/ [08:30] also, whoa, 96 bogoMIPS [08:30] speed fiend [08:31] hehe, yes, it is a pretty slow processor [08:31] mborzecki: what're you trying to do? [08:31] 96 tail movements in turtle graphics [08:31] Chipaca: was wondering if there's something more to collect when we fail to mount a snap [08:31] zyga: tail *recursive*? [08:32] Chipaca: ouch ;) [08:35] mborzecki: AFAIK no [08:36] mborzecki: systemd doesn't even report the errno of the mount call [08:36] because there is none [08:36] I mean [08:36] Chipaca: right, that's the protocol part [08:36] not one, it uses libmount [08:36] lots of more complexity and features handled [08:38] ¯\_(ツ)_/¯ [08:39] if you need to do foo, and you do it by using libfoo, that does not get you off the hook of handling foo errors properly [08:39] errors go to /dev/foo [08:39] I mean, you're responsible for the libraries you use as well as the code you write [08:40] mborzecki: only in 4.16.17 compiled on even days of the month though [08:40] mborzecki: /dev/foo? [08:41] zyga: s/f/p/ if you wish :) [08:41] ah [08:41] well [08:41] you are actually close ;) [08:41] there is a new kernel interface for mount errors [08:41] and it is a special device [08:41] * zyga looks for the patch [08:41] no wai [08:41] zyga: link? [08:41] mborzecki: too late [08:42] mborzecki: EVERYTHING IS ~~SPIDERS~~ block devices [08:45] btw. on friday i got my car back from the shop, the damage cost ~1800eur to fix, fortunately i'm not paying :P [08:46] I cannot find the patch [08:46] * zyga looks through bookmarks [08:47] mborzecki: whoa [09:16] hi [09:17] hey :) [09:19] PR snapd#5296 opened: daemon: paging is not a thing [09:25] mvo: if I had a feature I needed to be in 2.34, what's the latest it can land on master? [09:25] (without causing undue work to other people i mean) [09:28] also, that pr ^ is the shortest I've done in ages :-) [09:30] popey: you should snap OpenNFSv3 just to confuse people [09:30] needs some care in writing the description so you don't really know if you're getting a filesystem or a racing game [09:31] hah [09:31] 'from scratch rewrite of NFS with a focus on performance and interoperability', say [09:51] mborzecki: I think your PR is bigger [09:51] PR snapd#5297 opened: cmd/snap-update-ns: use RCall with SyscallsEqual [09:52] pedronis: just to be sure i'm not missing something, InstanceKey in snap action == InstanceKey in current snap in context right? [09:54] Chipaca: for 2.34 would be good to land this week or early next week [09:54] mvo: ok [09:54] mvo: thanks [10:03] PR snapd#5296 closed: daemon: paging is not a thing [10:14] mborzecki: yes, for refreshes [10:14] pedronis: thx [10:16] pedronis: i'm close to finishing with the changes in store, once i push the patch, i'll send you a link for a quick review in case i did something overly stupid there [10:42] * zyga -> coffee [11:08] PR snapd#5298 opened: store, image: have 'snap download' use v2/refresh action=download [11:09] pedronis: ^ info inch-pebble [11:12] Chipaca: thx, I'll look after the break [11:12] pedronis: somewhat trepidatious as it almost seemed to easy :-) [11:12] too* [11:13] in other news: you'll be shocked to hear snapd doesn't work in WSL [11:14] (there's a bug about it an' all) [11:19] Chipaca: is it snapd or general code around it that breaks? [11:19] zyga: WSL doesn't support daemons [11:20] zyga: WSL doesn't support systemd [11:20] daemons are supported [11:20] but systemd is not [11:20] zyga: ah, release notes I read said No, but that was a while ago [11:20] yeah, it is recent === pstolowski is now known as pstolowski|lunch [11:26] well, snaps under wsl, on windows, that would be fun [11:28] mborzecki: well, once they support mount namespaces we could [11:28] drop all sandboxing [11:28] and handle mounting snaps with something else (unpack?) [11:29] zyga: fuse :-) [11:29] (does it even) [11:29] i mean, windows does have the idea of mounting stuff === jibel_ is now known as jibel [11:29] Chipaca: WSL does some special things to windows filesystem [11:29] so not easily [11:31] zyga: if we really wanted to pursue this we might be able to get in touch with people at ms [11:37] mborzecki: hey look https://github.com/snapcore/snapd/pull/5297 is green now [11:37] I feel I should swap this review for your uber rename one [11:37] PR #5297: cmd/snap-update-ns: use RCall with SyscallsEqual [11:38] this needs a 2nd review https://github.com/snapcore/snapd/pull/5283 and is pretty short and simple [11:38] PR #5283: snapstate: get rid of needsMaybeCore [11:39] https://github.com/snapcore/snapd/pull/5230 needs a 2nd review and is otherwise ready [11:40] PR #5230: interfaces/udisks2: also implement implicit classic slot [11:49] * cachio afk [11:55] jdstrand: hello, can you please enqueue some time to look at this https://github.com/snapcore/snapd/pull/5170#issuecomment-396216845 [11:55] PR #5170: interfaces/builtin: add adb-support interface [11:59] Chipaca: I think we might have an ubuntu-image test using the fakestore, so it probably needs to learn about download [12:00] pedronis: only one spread error, and it seems unrelated to my change [12:00] mvo: can you please weigh in on https://github.com/snapcore/snapd/pull/4996 [12:00] PR #4996: overlord/ifacestate: store and use revision with security profiles set [12:00] is that ready for landing or is more stuff needed [12:01] Chipaca: ok, I'm probably misremembering then [12:01] mvo: can you please add a reference to the apt bug on https://github.com/snapcore/snapd/pull/5122 [12:01] PR #5122: snap: add support for `snap advise-snap --from-apt` [12:01] pedronis: maybe fakestore implemented enough of v2 refresh for it to work :-) [12:03] pedronis: tests/main/snap-download talks to the real stores tho [12:03] Chipaca: possibly, no I remembered right: /main/prepare-image-grub/task.yaml seems to use the fakestore, maybe a double check that it works for semi-reasonable reasons would be good [12:03] ah, prepare-image [12:04] ah, it uses the fakestore only for assertions [12:04] Chipaca: anyway it probably is a good idea to make sure the fakestore could handle download [12:04] given we are in the middle of introducing it [12:06] Chipaca: but yes, seems it should just work, afaict there's just a Action == "refresh" in all the relevant cocde [12:07] pedronis: we could make it barf on unknown actions, or sth [12:07] seems fine as is though [12:07] zyga: re 4996> does it need a gustavo review to ensure names (e.g. ifaceRepokey) are agreed upon? [12:08] mvo: the name was changed since earlier reviews (AFAIR by pedronis) so .. not sure [12:09] it was changed by mborzecki picking one of couple of suggestions [12:09] I made I think [12:10] * Chipaca ~> lunch [12:11] right, i took over 4996 for a while and addressed all (most) comments [12:12] mvo: can you look at https://github.com/snapcore/snapd/pull/4416 [12:12] PR #4416: tests: performance measurements for basic snapd commands [12:12] you reviewed it before [12:12] and it's the only PR from 2017:D [12:14] mvo: the choices were snap-interfaces or snap-profiles or snap-interface-profiles [12:14] pedronis: its fine with me, just want to ensure gustavo is happy about the naming as well [12:14] (as he usually cares a lot about this) [12:15] mvo: then you need to wait, but it's been like this since forever [12:15] * zyga -> lunch [12:17] zyga: I looked at 4416 - it looks like your question ("how its supposed to be used") is not answered [12:17] mvo: it's going to be used when we reload profiles [12:18] pedronis: yeah, sorry, I was replying to a different PR (the performance measure one) [12:18] ah [12:18] pedronis: I will +1 the other one, one sec [12:18] I saw the 4**6 I didn't read the middle number [12:18] s [12:18] it seems [12:18] pedronis: :) no worries [12:18] pedronis: just shows we still have too many open [12:19] that is true [12:21] pedronis: looks like 5221 just needs this tiny tweak that pawel suggests and then it can go in as well(?) [12:21] mvo: yes, I will do the change today [12:21] I'm also working on actually using this [12:22] pedronis: nice [12:25] mborzecki: how did you create test-snapd-appstreamid? via a snapcraft file? [12:27] mborzecki: aha, nevermind, found it [12:27] mvo: yup ;) glad that you found it [12:28] mborzecki: I make it arch: all, it breaks on non amd64 tests right now:) [12:28] right, iirc i've only published amd64 snap [12:29] mborzecki: yeah, no worries, I take care of it [12:29] mvo: ok, great [12:35] PR snapd#5299 opened: tests: publish test-snapd-appstreamid for any architecture [12:36] Chipaca: I did a pass over the download one [12:39] pedronis: if you have a spare cycle I would love to get an opinion on 5276 [12:44] mvo: it looks good, but I think we want like for core,base,kernel,gadget to make sure snapd is done first (even if seed.yaml order isn't what we expect) [12:44] I added a comment there too === pstolowski|lunch is now known as pstolowski [12:48] PR snapd#5300 opened: tests: skip security-dev-input-event-denied on s390x === chihchun is now known as chihchun_afk [13:35] mborzecki: https://www.gumtree.com/p/bicycles/unisex-optima-cougar-mountain-bike./1302194477 [13:35] mborzecki: https://www.gumtree.com/p/bicycles/gents-bike-ladies-bike/1302156061 [13:35] Chipaca: those look legit [13:36] mborzecki: told you [13:36] not sure why but bikes have very low resale value in uk [13:38] Chipaca: hmm weird, it's like cars then, isn't it? [13:38] also, gumtree -> stolen goods [13:38] my connection broke at around when cachio was talking so I just returned home then [13:39] popey: not always though [13:39] Sure. [13:39] you do need a sketchometer though [13:39] sketchy-o-meter [13:40] hmmm [13:40] guys, does anyone have a theory why there are all the test failures recently? [13:40] any specific change that triggered it [13:41] zyga: I blame multicasts on broken packets [13:41] * Chipaca puts away his BOFH excuse generator [13:42] for instance, what broke [13:42] + systemctl is-active snapd.snap-repair.timer [13:42] inactive [13:43] mborzecki: can you please look at v [13:43] https://github.com/snapcore/snapd/pull/5297 [13:43] PR #5297: cmd/snap-update-ns: use RCall with SyscallsEqual [13:44] mvo: #5294 confirmed wrt cla [13:45] PR #5294: Update SELinux Policy [13:46] roadmr: hi! would you mind flipping on requash enforcement? [13:46] jdstrand: sure! flipping now [13:48] roadmr: thanks! [13:48] jdstrand: where "now" is now. I'ts just been flipped to ON [13:48] Chipaca: confirmed that the CLA is singed or not signed? [13:49] jdstrand: also we'll get r1089 rolled out today \o/ [13:49] roadmr: thanks! :) [13:52] roadmr: unrelated to that, fyi, this seems stuck: https://dashboard.snapcraft.io/snaps/inoxision-webclient/revisions/115/ [13:52] roadmr: as does https://dashboard.snapcraft.io/snaps/falkon/revisions/45/ [13:53] jdstrand: let me unwedge them [13:53] thanks [13:54] jdstrand: interesting, inoxision-webclient says "Task 47c953d4-cb72-4618-9df6-5de67275e931 failed. ". I'll unwedge for now but will have a closer look at that task id later [13:54] yeah, thanks [13:54] jdstrand: falkon is ready to roll, inoxision-webclient should be in a couple of mins (it's a large snap) [13:55] off to pick up the kids [13:55] zyga: i'll take a look when i get back [13:55] thanks [13:55] jdstrand: hey :) [13:56] mvo: signed [13:58] jdstrand: you may find https://github.com/snapcore/snapd/pull/5297 interesting :) [13:58] PR #5297: cmd/snap-update-ns: use RCall with SyscallsEqual [13:58] zyga: cool, thanks [14:01] hey zyga :) === chihchun_afk is now known as chihchun [14:08] PR snapd#4700 closed: interfaces: add the dvb interface [14:19] mvo: signed [14:19] PR snapd#5300 closed: tests: skip security-dev-input-event-denied on s390x/arm64 [14:28] Wimpress: ping! [14:28] popey: Pong? [14:28] pedronis: do you remember offhand how to get the thing 'snap download' expects for auth? [14:29] Chipaca: in which sense? [14:29] pedronis: UBUNTU_STORE_AUTH_DATA_FILENAME=~/.snap/auth.json doesn't work [14:30] that doesn't work, because we don't store the store macaroons anymore there [14:30] only the local one [14:30] pedronis: we didn't have a 'snap grab-the-auth' command? [14:30] Chipaca: we don't yet [14:30] Chipaca: but snapcraft export-login works [14:30] one sec [14:30] ah there we go :-) [14:32] hm, looks like my snapcraft macaroni has expired or sth [14:32] Chipaca: just give it --acls package_access [14:33] huh, export-login asks you to log in again? [14:34] yes [14:34] anyway as I said you need different acls than your usual login [14:34] sorry, I mean, than the usual snapcraft macaroon [14:35] right [14:36] pedronis: wrt checking channel & revision, any reason not to let them through and have the store error? [14:36] is there a path in which we set both? [14:37] if we let them through, we get: error: cannot find snap "http": cannot download snap "http": Both revision and channel are present in the request for this Snap. It should be one or the other exclusively. [14:37] Chipaca: you an do snap download --channel=foo --revision=# no? [14:37] (and yes I'll drop the 'cannot find' thing) [14:37] are you saying for this it's good enough? [14:37] pedronis: I'm saying it's weird to check it at this level [14:37] pedronis: better to check it in cmd_download [14:37] ah, ok [14:38] and at this level just let it through [14:38] IOW, I'd drop the one in snapstate [14:38] rather than adding it to image [14:38] please don't drop the one in snapstate [14:38] if you do, you need to add checks in a lot of places [14:38] aw! you're no fun anymore [14:39] :-D [14:39] not a lot, but enough that is hard to keep track [14:39] pedronis: my 2nd favourite thing would be to move it into store itself [14:40] unless your point is that we'd have to have that code in fakestore as well? [14:40] ? [14:40] pedronis: ok to move it from snapstate to store? [14:40] fakestore is a server [14:40] Chipaca: yes, but remember this applies only to install and download [14:41] yes. what's the name of the thing that mocks Store though. [14:41] ah, the other fake store [14:41] but yes [14:41] Chipaca: there's an argument to do it both places tbh [14:42] belt and suspenders [14:42] as they say [14:51] PR snapd#5301 opened: snapstate,ifacestate: remove core-phase-2 handling [14:52] mborzecki: there is an nmap netcat? [14:53] mborzecki: woah, I had no idea, fun [15:04] Son_Goku: fedora netcat comes from nmap right? cc mvo [15:04] yes [15:04] Son_Goku: ack, thx [15:04] redhat / fedora netcat is nmap's variant [15:41] kyrofa ping [15:44] mvo: FYI, https://github.com/snapcore/snapd/pull/5301#pullrequestreview-127623720 [15:44] PR #5301: snapstate,ifacestate: remove core-phase-2 handling [15:47] pstolowski: I need a 2nd review on https://github.com/snapcore/snapd/pull/5278 [15:47] PR #5278: cmd/snap-update-ns: add IsSnapdCreatedPrivateTmpfs and tests [15:48] it's a PR with one new simple function [15:48] Hey ondra, what's up? [15:49] kyrofa hey [15:49] kyrofa I've got problem with snapcraft on one machine [15:49] zyga: thank you, just replied and updated the test. thanks for noticing. I can look into doing this on apparmor init as well if you feel this is cleaner [15:49] kyrofa it gets stacked in pull stage on 99% [15:50] mvo: I had a look and I don't know how to do it easily [15:50] mvo: as we'd need the revno for core [15:50] mvo: in apparmor.Backend.Initialize [15:50] mvo: let me look at your patch first [15:50] ondra, every time? Have you run in debug mode? [15:50] zyga: aha, right [15:51] mvo: ah, debian 9 [15:51] mvo: if this passes on Sid I'm happy then [15:51] mvo: the rest can be re-factored separately [15:51] kyrofa every time and on different projects now [15:51] mvo: any idea why it didn't fail before? [15:52] kyrofa I have wiped ~/.cache/snapcraft but some result [15:52] ondra, no errors, though? Is this pulling build- or stage-packages? [15:52] kyrofa I think stage packages [15:52] zyga: its a new test, I added it to check that things really work as we expect them to work [15:53] kyrofa https://paste.ubuntu.com/p/k3rfJT6RmG/ [15:53] kyrofa and then it will sit here forever [15:53] mvo: https://github.com/snapcore/snapd/pull/5301/commits/e6eb26c46718747e7e328dba1db24958f45cda7f#r194454976 [15:53] PR #5301: snapstate,ifacestate: remove core-phase-2 handling [15:53] I see [15:53] ondra, huh, that's just fetching indexes [15:54] Er, indices [15:54] please make this modification and if it passes I'm +1 [15:54] having no 2nd phase tasks would be a major simplification [15:54] zyga: looking [15:54] zyga: ok, will do tomorrow (or feel free to just tweak yourself). I need to go and play hockey now :) [15:54] * mvo waves [15:54] :) [15:54] kyrofa running apt-get update passes fine [15:55] kyrofa I do have multiple architectures on that machine though [15:56] ondra, hmm, that could make things a little odd. Try running `snapcraft pull --enable-geoip` as well [15:56] kyrofa so it was working fine, can't really say when it broke, not apparent reason there [15:56] kyrofa loads of errors with that option [15:57] kyrofa and indeed errors are related to arm64 and armhf [15:59] kyrofa interestingly I have another machine with similar setup, same errors there, but build still works [16:00] zyga: 1 comment [16:01] kyrofa OK so it looks like snapcraft is trying to be smarter and it's not actually following /etc/apt/sources.list [16:01] ondra, when you ctrl+c is while it's hung there, do you get a traceback? [16:01] kyrofa there I have correct setup for each arch [16:03] kyrofa https://paste.ubuntu.com/p/Mb9zBYFZY5/ [16:05] pstolowski: thank you, looking now [16:06] pstolowski: replied now [16:10] how does snapcraft decide what to include in the install/stage after the build phase? Is it just any file or change that is applied outside of the build dir? [16:11] ondra, huh, it really is just the apt api sitting there [16:13] ondra, I'm really not sure what's happening there [16:13] ondra, what happens if you remove the multiarch stuff? [16:14] kyrofa then I won't be able to cross build :) [16:14] ondra, haha, you can't right now anyway ;) [16:14] PR snapd#5278 closed: cmd/snap-update-ns: add IsSnapdCreatedPrivateTmpfs and tests [16:14] kyrofa lol [16:14] I'm just throwing darts at the wall, trying to figure out what's causing it to get caught up [16:15] kyrofa fair point :P [16:15] thank you pawel! [16:15] kyrofa testing it now [16:15] kyrofa so I removed arches with dpkg, I left them in sources, which seems to be ignored somehow anyway [16:16] and that is same result, stacked at 99% [16:17] sergiusens, any idea what would cause the apt API to do that ^ ? [16:17] kyrofa and 'snapcraft pull --enable-geoip' passes without error [16:17] ondra, wait, that finishes the pull step? [16:17] kyrofa ha and now that continues to pulling other parts [16:17] Innnteresting [16:18] It sounds like one of the repos being used it having issues, then [16:20] kyrofa so calling snapcraft will hang, calling ''snapcraft pull --enable-geoip' will complete pull stage [16:24] ondra, yeah, by default it just uses archive.ubuntu.com, but with geoip will use your country prefix [16:25] kyrofa I'm running it in the cloud, so god knows what that actually is [16:26] Oh, fun [16:26] ondra: please post on the forum [16:30] PR core#38 closed: Add another pi-config option [16:30] PR core#83 closed: move most of the ubuntu-core config deb into the snap snap build [16:31] PR core#38 opened: Add another pi-config option [16:31] PR core#83 opened: move most of the ubuntu-core config deb into the snap snap build [16:36] jdstrand: do you think we could fast-track https://github.com/snapcore/snapd/pull/5297 [16:36] PR #5297: cmd/snap-update-ns: use RCall with SyscallsEqual [16:36] and land it? [16:37] zyga: I'll move it to the top of the list, but the others need to wait. I owe morphis a review [16:38] ack [16:38] thank you [16:38] it's a large and very boring review [16:38] so I just want to land it to help me out and not conflict [16:56] sergiusens https://forum.snapcraft.io/t/snapcraft-getting-stacked-at-99-during-pull-stage/5876 [17:04] * zyga explores a descriptor leak that makes no sense [17:14] PR core-build#11 closed: remove cruft from the writable-paths [17:14] PR core-build#22 closed: unit testing for sync_dir() [17:14] PR core-build#26 closed: move most of the customization into the core snap build [17:16] PR core-build#11 opened: remove cruft from the writable-paths [17:16] PR core-build#22 opened: unit testing for sync_dir() [17:16] PR core-build#26 opened: move most of the customization into the core snap build [17:22] PR core#38 closed: Add another pi-config option [17:22] PR core#83 closed: move most of the ubuntu-core config deb into the snap snap build [17:23] PR core#38 opened: Add another pi-config option [17:23] PR core#83 opened: move most of the ubuntu-core config deb into the snap snap build [17:25] * zyga found the bug but first walk [17:50] zyga, if I have an `environment:` keyword in the root of my YAML, that applies to all apps and hooks, right? [18:05] kyrofa: let me check [18:05] kyrofa: I'd say yes [18:05] but I'll look [18:07] kyrofa: ha [18:07] so it looks buggy [18:08] kyrofa: ah, sorry [18:08] it looks good [18:08] so yes, [18:08] zyga, alright, something odd is happening on my hook... still investigating [18:08] we take the global (snap-global) environment [18:08] Thanks for the quick check! [18:08] then take the per app environment [18:08] oh, hook you say? [18:09] kyrofa: curious [18:09] kyrofa: hooks don't take environment at all [18:10] kyrofa: yes, hooks just take the snap-level environment keys [18:10] and with that I'm off for another round of bicycling [18:13] yeay zyga [19:02] * cachio afk [20:22] PR snapd#5302 opened: snap: don't include newline in hook environment [20:23] zyga, that's ^ the problem I was hitting [21:31] kyrofa: I saw that just now. I will review it first thing tomorrow [21:38] Thanks zyga [21:39] Thank you x10 for the patch! [22:50] question: what is '/var/lib/snapd/hostfs' used for? [22:53] wililupy: hey [22:54] hi zyga! [22:54] wililupy: it is used at runtime to host the / of the host system [22:54] technically when a snap application runs it constructs some temporary directories and then makes moves all of the root filesystem (/) to /var/lib/snapd/hostfs, replacing the / with something else [22:54] then hostfs is used as a "view" to the rest of the filesystem [22:56] zyga: thats what I thought. I have a weird apparmor error trying to confine my snap and the path. [22:57] I created an interface with the rule: /var/lib/snapd/hostfs/{,*} rw, [22:57] what is the denial you are getting, exactly? [22:58] Jun 11 22:52:36 dpdk-test kernel: [ 1408.757203] audit: type=1400 audit(1528757556.659:90): apparmor="DENIED" operation="open" profile="snap.dpdk-wililupy.testpmd" name="/var/lib/snapd/hostfs/mnt/huge/" pid=2546 comm="testpmd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [22:58] Right [22:58] I think what we want instead is to mirror /mnt from the host [22:59] and add it to removable media or a new interface [22:59] there's a thread about that on the forum [22:59] and mnt/huge is not there [22:59] I will make a patch for this tomorrow [22:59] (it's 1AM for me) [23:00] zyga: no problem. Its for a hugepages interface I am working on (https://github.com/wililupy/snapd/blob/master/interfaces/builtin/hugepages_control.go) [23:01] I can quickly say that https://github.com/wililupy/snapd/blob/master/interfaces/builtin/hugepages_control.go#L35 is probably not going to fly [23:01] as this gives full write access to the host [23:01] why /mnt/huge? isn't there a standardised place for huge pages elsewhere? [23:02] zyga: I'm following their testing documentation and that is the path they use in their example. [23:02] can you refer to that? [23:03] zyga: http://dpdk.org/doc/guides/linux_gsg/sys_reqs.html#running-dpdk-applications [23:04] mount | grep huge [23:04] hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M) [23:05] unless dpkd requires that specific path [23:06] wililupy: could you open a forum thread about this effort? it will be easier to sync this way than on IRC [23:06] Sure thing. Get some sleep. [23:56] PR snapd#5297 closed: cmd/snap-update-ns: use RCall with SyscallsEqual