/srv/irclogs.ubuntu.com/2018/06/21/#snappy.txt

=== mup_ is now known as mup
mborzeckimorning05:01
mupPR snapd#5360 closed: tests: fix shellcheck 0.5.0 warnings <Simple> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/5360>05:06
zygagood morning05:54
zygaI will be here shortly05:54
mborzeckizyga: hey05:58
zygahey, just getting a coffee06:12
zygacan I get an ack for https://github.com/snapcore/snapd/pull/534706:22
zygaready and green just needs a review06:22
zygawell06:22
zygaan ack06:22
mupPR #5347: data: remove /bin/sh from snapd.sh <Simple> <Created by zyga> <https://github.com/snapcore/snapd/pull/5347>06:22
mupPR snapd#5347 closed: data: remove /bin/sh from snapd.sh <Simple> <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/5347>06:30
zygahey sil210006:38
zygamborzecki: can you have a quick look at https://github.com/snapcore/snapd/pull/535506:50
mupPR #5355: data/complete: fix three out of four shellcheck warnings in data/complete <Created by zyga> <https://github.com/snapcore/snapd/pull/5355>06:51
mborzeckianyone wants to do a 2nd review on #5359 ?07:07
mupPR #5359: spread-shellcheck: use a whitelist of files that are allowed to fail validation <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5359>07:07
mborzeckionce this lands i have another pr that uses shellcheck from snap, although in --devmode because of our setup07:12
zygaI can :)07:14
zygaI restarted various failed PRs from yesterday07:14
zygamborzecki: can I add type annotations to spread-shellcheck?07:16
zygain a follow-up07:16
zygaand make it mypy clean?07:16
zyganothing like static typing :07:16
zyga:)07:16
mvozyga: pfff, you work on interfaces for core ;)07:17
mvocore1807:17
zygamvo: yes, that's almost done though :)07:17
zygabut good point :P07:17
mvozyga: aha! thats cool07:17
mvozyga: first the chores, then the fun :P07:17
mborzeckizyga: sure07:18
pstolowskimornings07:18
mvozyga: but thats great to hear, I look forrward to working tests and then we can run spread again on core1807:18
mvohey pstolowski ! good morning07:18
zygahey pawel07:19
pedronismvo: hi, could you re-review 5352 when you have a bit some time07:20
mborzeckibtw. it'd be nice to have an interface that allows access to arbitrary paths, and have those paths added/configured as a list per connection07:20
zygamborzecki: I had something like this planned a while ago07:20
mborzeckipedronis pstolowski: morning guys07:20
mvopedronis: absoutely, thank you!07:20
mvopedronis: and good morning :)07:20
zygamy desire then was to have an snapctl api where a snap could talk to snapd and create interfaces07:20
zygaso "hot plug" like but snap (not snapd) driven07:21
mvopedronis: its even green! how did you manage that given the stormy spread weather we had :) ?07:21
zygathat idea died though, we could do something different with a new interface07:21
pedronismborzecki: the problem is that unless we tied it down in the snap declaration (but gets annoying), is really access to any path07:22
zygapedronis: my idea was that you could only select a subset of home07:23
zygaso it would be like scoped home07:23
pedronisok, that's different from what mborzecki proposed07:24
pedronisthough07:24
pedronismvo: thanks, marked it blocked until I can discuss something with the store people, mostly wondering if there's a chance client StoreAccount and then one internal/from store can diverge07:25
mvopedronis: heh, I almost merged it. good that I was unusually not trigger happy this morning07:26
pedronismvo: nothing too bad if it was merged, mostly wondering if we need to StoreAccounts or using just one is ok07:26
pedronisin most uses of client should be immaterial either way07:27
pedroniss/to/two/07:27
* mvo nods07:27
pedronismvo: when will we cut 2.34 ?  from discussions from yesterday it seems there was a couple of things still desired for it07:29
mvopstolowski: did you got a chance to play a bit with 5356, i.e. the bits we brainstormed yesterday to figure out why exactly its is not working07:30
mvopedronis: I think early next week07:30
mvopedronis: we need a 2.33.1 with some adt fixes07:30
pedronisok07:30
mvopedronis: so maybe middle next week even07:30
mvopedronis: what is pending from your pov?07:30
pedronismvo: afaiu understand  work to get better errors if a snap is missing from arch or channel,  and expanding searches to other risks07:31
pstolowskimvo: no, i wanted to have full spread tests suite run first (which wasn't possible due to gce)07:31
pedronismvo: the first bit should be in store prod now, the 2nd soon07:31
pedronisbut need snapd work07:31
pedronismvo: and I have  my gadget connect PR that needs a review from you :)07:32
mvopedronis: thats exciting - is the store read for the better errors?07:32
mvopedronis: aha, you replied, cool07:32
mvopedronis: yeah, I need to do that review, will do it this morning07:32
mvopstolowski: heh, yeah, a bit of a storm yesterday07:33
mvopstolowski: thank you07:33
mvopedronis: I'm quite excited about the error messages, where can I learn more where we stand and what changed?07:33
pedronismvo: we have a bit of a problem there though,  related to our own API errors,  we set Value just to snapName in the relevant errors, so a bit unclear where to stick the extra info... we can put in the better message but is not ideal for all clients07:35
mborzeckizyga: pedronis: hm i thought about arbitrary, user set, paths, as in something that neither fits the removable-media, nor home interfaces and the location is kind of oustide of your control07:36
pedronismborzecki: as I said, it's doable but unless we have corresponding control in the snap-declaration, is really a blank check. the developer controls what goes into her snap.yaml07:37
mborzeckiin case of shellchecks, shellcheck snap comes with home and removable media interfaces, but the tests are run as root and the source code is at /home/gopath, i could probably hack around with some bind mount or just use --devmode (and open up everything?)07:37
pedronismborzecki: ah, user set07:38
pedronismmh, we don't have anything like that07:38
pedronisit would add quite a bit complexity to the machinary07:38
mborzeckipedronis: yes07:38
mborzeckiwe can discuss it over a glass of beer while in BRU :)07:39
pedronismvo: about your question, we get a bit like this:                               'extra': {07:47
pedronis                                  'releases': [{'architecture': 'amd64',07:47
pedronis                                                'channel': 'beta'}]}07:47
pedronis                              },07:47
pedronis in revision-not-found errors07:47
mvopedronis: nice!07:48
pedronismvo: as I said, the problem is that we don't have a place to stick it in our own API errors07:49
pedronismvo: https://github.com/snapcore/snapd/blob/master/daemon/response.go#L368 the way we set directly Value: snapName is the problem, changing that is backward incompatible07:50
mvopedronis: in our own snapd api errors? hm, hm, ok. could we just invent an "extra" field as well (just thinking out loud)?07:51
pedronisyes, but it a bit of a kludge, basically we had one (Value) but we used it a bit naively07:51
mvopedronis: could we invent new types? errorKindSnapRevisionNotAvailableWrong{Arch,Channel} - I guess old clients would not show a nice error with that but usually snap/snapd will be in sync so its just ugly for a minority ?07:52
pedroniswe can also do that07:52
mvopedronis: what approach do you like best :)?07:53
pedronisnone :)07:54
mvoheh07:54
* mvo scratches head then07:54
mvopedronis: sounds like something to talk about during the standup to figure out the least disliked option07:55
pedronisyes07:55
pstolowskimborzecki: can you take another look at https://github.com/snapcore/snapd/pull/5323 ?07:58
mupPR #5323: ifacestate: prevent running interface hooks twice when self-connecting on autoconnect <Created by stolowski> <https://github.com/snapcore/snapd/pull/5323>07:58
=== mborzeck1 is now known as mborzecki
pedronismvo: fwiw  snapd-glib doesn't support yet explicity snap-revision-not-available08:09
pedronisalso doesn't seem to use "value" at all from errors08:09
Chipacazyga: good morning. Chinese is not a language.08:10
zygayeah I know, it's a simplification ;)08:11
Chipacazyga: :)08:11
zygahow do I spell the M... thing?08:11
Chipacazyga: Mandarin08:11
Chipacazyga: unless you meant Mapudungun08:11
zygahehe08:11
zygadoes it have as many users? :)08:11
zygafixed08:11
Chipacazyga: Mapudungun has 260k native speakers08:12
Chipacaapprox08:12
zygathat's still more than the people who refuse to use systemd ;P08:12
Chipacazyga: but like the non-systemd users, they're being oppressed08:14
Chipacaok that turned the wrong way and I shall go sit in silence and think about my sins for a bit08:14
Chipacazyga: how hard would it be to have a script that you ran on a system and it told you all the ways in that snapd would fail to run?08:15
zygaChipaca: that's interesting,08:15
zygawell, some of that is in the new self-test work that mvo started08:15
zygano systemd, wonky kernel08:15
Chipacalike, "your apparmor was not shipped in slackware 1.0 because it was too old", etc08:15
zygaold apparmor userspace is another thing to check for08:16
zygaor "Slackware hates systemd, sorry"08:16
Chipacanon-linux kernel08:16
zygaare you after a shell script?08:16
zygaover golang?08:16
Chipacazyga: ideally :)08:16
Chipacaandroid userspace08:17
zygammm08:17
pedronismvo: tried to answer your questions08:17
Chipaca2MB usable ram08:17
zygaChipaca: we could try08:17
zygaChipaca: eventually that script could wget snapd.snap ;)08:17
Chipacassshhh08:17
Chipacaall the squashfs stuff, the mount crashes fixes08:18
Chipacadunno how to test for the latter08:18
Chipacaanyway. Good morning.08:19
zygagood morning :)08:19
* Chipaca brought donuts to the office08:19
zygaoh, you are at the office today?08:19
Chipaca… ok, my bedroom08:19
ChipacaFINE08:19
zygaah :(08:19
zygawell08:19
* zyga looks around at his "office"08:19
Chipaca:)08:19
zygaI just envied you for a brief moment08:19
Chipacaah, no, i'm happy like this, mostly08:20
mupPR snapd#5323 closed: ifacestate: prevent running interface hooks twice when self-connecting on autoconnect <Created by stolowski> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/5323>08:20
zygaI sometime miss the office08:20
zygaif we had one in Warsaw I'd use it a few days a week08:20
zyga(lugging my iMac on the bus ;)08:20
Chipacame too, but it takes one morning to commute in and i'm over it08:20
Chipaca(every ~6 months or so)08:20
zygaI need to try08:21
zygaI'll find some cheap flight to UK and commute once ;)08:21
ChipacaOTOH, I could totally build an office in a van and go visit people08:21
zygahahaha08:21
mvopedronis: thank you! as for the second resolveSnapIDToname, I was mostly wondering if we should have a gadget-connect test that uses the "system" name explicitly but maybe overkill08:21
mborzeckiChipaca: feel like tackling the traveling salesman problem irl?08:22
Chipacamborzecki: I suck at sales08:22
Chipacamborzecki: but other than that, sure :)08:22
pedronismvo: well, it is explicit  for that level of code,  already the parsing makes all entries non empty08:22
mvopedronis: ok08:22
Chipaca"yeah i'm here to show you this thing we built, which is cool, it's got all these issues [ three hours later ] pay me08:23
pedronismvo: that is code from the previous PR08:23
pedronisslot is really system:network-control at that point of the code08:23
mvopedronis: aha, that was the missing piece then - I remember now08:24
pedronismvo: adding the comment, I need to merge master anyway because of Name vs InstanceName08:24
mvopedronis: thank you08:25
Chipacazyga: in distros that don't have /snap/bin, what's added to PATH?08:26
zygaChipaca: /var/lib/snapd/snap/bin08:26
zygait's the same08:26
zygaI mean, the same script08:26
zygaugly, no?08:26
Chipacazyga: dunno if you're talking about #5355 but I was08:27
mupPR #5355: data/complete: fix three out of four shellcheck warnings in data/complete <Created by zyga> <https://github.com/snapcore/snapd/pull/5355>08:27
zygaah08:27
zygaI'll do that08:27
zygathanks, I'll push this branch in a moment08:27
zygaI'm moving all suse machines from drive to drive so they are suspend now08:28
Chipacazyga: you have way too much fun for it to be legal08:32
zygasuch as?08:33
Chipacazyga: moving suse machines around08:33
zygaI can hear the disks clicking08:34
mupPR snapd#5351 closed: packaging/opensuse: build position-independent binaries <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/5351>08:34
Son_Gokuzyga, dammit I'm blind08:35
zygaoh?08:35
Son_Gokuhttps://github.com/snapcore/snapd/commit/e21034320459354b8acd9d1c194946ceda363a6e#diff-36a23153f5bbd7bffd11c24597ac50fdR14608:35
Son_GokuI don't know _how_ that's valid shell08:35
Son_Gokuit should have barfed again this time08:35
zygathanks!08:35
zygaI'll fix it... in about 10 minutes when the copy is over08:36
Son_Gokuhaha08:36
mupPR snapd#5363 opened: snap: introduce the instance key field <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5363>08:44
mborzeckipedronis: this should be fairly uncontroversial ^^08:45
mborzeckignome shell actively not taking input because it's too busy dumping backtraces from js :(08:51
mupPR snapd#5364 opened: packaging/opensuse: fix typo, missing assignment <Simple> <Created by zyga> <https://github.com/snapcore/snapd/pull/5364>09:02
zygamborzecki: review on https://github.com/snapcore/snapd/pull/5363#pullrequestreview-13072681009:06
zygaPharaoh_Atem: fixed, thank you!09:06
mupPR #5363: snap: introduce the instance key field <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5363>09:06
mborzeckizyga: thanks!09:07
mupPR snapd#5359 closed: spread-shellcheck: use a whitelist of files that are allowed to fail validation <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/5359>09:08
mupPR snapd#5357 closed: firstboot: mark essential snaps as "Required" in the state <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5357>09:10
mvoreviews for 5361 would be great, should be straightforward and unblocks some more spread runs09:11
mvo5339 is also updated but that is a bit annoying to reivew (too much shell) :/09:12
zygaChipaca: one final look at https://github.com/snapcore/snapd/pull/5355/09:15
mupPR #5355: data/complete: fix three out of four shellcheck warnings in data/complete <Created by zyga> <https://github.com/snapcore/snapd/pull/5355>09:15
mvopedronis: a quick look my comment in 5331 would be great, if it captures enough information why we sort snapd first09:16
pedronismvo: which reminds that sorting is not enough09:19
pstolowskimborzecki: thanks for the inisght into systemd seeded PR09:24
pedronismvo: we need to tweak also the code here  https://github.com/snapcore/snapd/blob/master/overlord/snapstate/snapstate.go#L80609:24
pedronisto consider snapd in both sides of the if09:24
mborzeckipstolowski: iirc we stop all snapd* services in prepare, maybe that's why it's inactive/dead in your test09:25
mvopedronis: indeed09:26
zygamvo: done09:31
mvozyga: thank you09:32
zygamvo: conflict on https://github.com/snapcore/snapd/pull/535809:33
mupPR #5358: tests: add spread test to ensure snapd/core18 are not removable <Created by mvo5> <https://github.com/snapcore/snapd/pull/5358>09:33
mvozyga: thanks, looking09:33
mvomborzecki: thank you as well for the review!09:35
mupPR snapd#5353 closed: data/completion: fix inconsistency in +x and shebang <Squash-merge> <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/5353>09:35
mupPR snapd#5365 opened: spread-shellcheck: use the latest shellcheck available from snaps <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5365>09:35
mupPR snapd#5317 closed: overlord: introduce a gadget-connect task and use it at first boot <Created by pedronis> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/5317>09:44
pedronispstolowski: hi, I merged my gadget-connect branch, that means I fear conflicts for the disconnect hooks one09:45
pstolowskipedronis: ack, thanks for heads up09:46
mvo5361 needs a second revie wnow09:49
mvo(really simple :)09:49
mupPR core18#24 closed: Add the systemd-sysv package for tools like shutdown and reboot <Created by sil2100> <Merged by mvo5> <https://github.com/snapcore/core18/pull/24>09:51
mvozyga: you asked about locales all - when I just add this package the snap grows by 12mb09:55
zygayeah, sil2100 did the experiment yesterday09:55
mvozyga: aha, I missed the results09:55
zygaI would like to consider it, for the sake of making locale not suck again09:55
zygasnap authors cannot really do it inside snaps, from what I know09:56
sil2100I'll try looking into slimming down the core18 snap09:56
sil2100Maybe then we'll feel less sad with the additional 11-12MB09:56
sil2100(hello btw. o/)09:57
mvosil2100: yay, please do09:58
zygasil2100: is the new data _solely_ inside /usr/share/locale?09:58
zygasil2100: a diff of list of files would be awesome if you have one handy09:58
sil2100zyga: yes, it's just /usr/lib/locale/*09:59
* sil2100 goes AFK now to argue with some bad people10:00
mvozyga: and its massive, du -s | sort -n shows that its a whole lot of 1-3mb files10:00
zygamvo: iff 11MB is what we need to make snaps talk languages maybe that's not _so_ bad10:01
zygaI mean, the size is tiny in comparison to anything modern, just the download size is a problem10:01
zygawe should have a hello-i18n snap10:08
zygathat uses python and get text10:08
zygaor something that was problematic lately10:08
zyga(or actually have one set of .mo files and use many implementations to test stuff)10:08
Son_Gokuzyga, unrelated, but...10:09
zygayeah?10:09
Son_Gokufrom #fedora-devel:10:09
Son_Goku[05:58:33 AM]  <sfix>the selinux kernel code is slowly growing support for namespaces, so we might see policies in flatpak sometime in the future.  i think the existing container-selinux package could be used to create flatpak-specific policies though, but would probably need some upstream support to determine how you label the process10:09
mvopstolowski: 5356 seems to be failing, I guess that is on your radar?10:09
mvopstolowski: the fix for snapd.seeded10:09
Son_Gokuzyga, my understanding is that namespaced labels are the key to making selinux confined snaps work10:09
pstolowskimvo: yes i'm looking at right now. it's interesting10:09
mvopstolowski: (sorry for being a bit pushy here)10:10
zygaSon_Goku: no, I don't think that's critical10:10
Son_Gokuno?10:10
zygaSon_Goku: note that apparmor and namespaced labels are not important either10:10
zygajust when you have multiple containers10:10
zygathen it is important10:10
Son_Gokuwouldn't it be necessary for running LXD or Docker as a snap?10:10
zygathe most important first step on the topic of snapd and selinux is how the hell to get started :)10:10
zygaSon_Goku: I don't know10:11
Son_Gokuwell, mvo, lvrabec, and pmoore are in a mail convo about that10:11
Son_Gokuthough mvo has been bad about not responding to them :/10:11
Son_GokuI finally bit the bullet and did yet another response that I feel was probably not terribly helpful :/10:11
mborzeckizyga: iirc we've discussed overlayfs some time ago10:11
mvoSon_Goku: yes - sorry for that10:12
Son_Gokuzyga, the SELinux warnings and denials have reached the point that the Red Hat SELinux guys would like to help us10:12
Son_Gokubut I can't do anything to make this better, because I'm too incompetent to figure out how the security model works10:12
Son_Gokuand I'm stretched really thinly right now10:13
zygaSon_Goku: oh, interesting,10:14
zygaSon_Goku: do you have any names I could ping?10:14
Son_Gokumvo has them10:14
zygacool, I didn't know about this10:14
Son_Gokumvo, please reply to them with some useful info and CC zyga10:14
zygaeventually we could patch our test suite so that no _new_ warnings are introduced10:14
Son_Gokuzyga, are you not following selinux@ and devel@ on lists.fp.o?10:14
zygaSon_Goku: I'm subscribed but man, I'm not following my inbox much10:15
zygatoo many things lately10:15
Son_Gokuzyga: https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.org/thread/U6JJ3IIJNNGGDZECSIMZC5UODAECCWPT/10:16
zygamborzecki, mvo: what about instance installation of snapd?10:30
mborzeckizyga: what do you mean?10:30
zygacan we snap install snapd_foo10:30
zygaand if so, what shall that mean?10:30
mborzeckino, it will be blocked10:30
mborzeckikernel, gadget, core & snapd snaps are non parallel installable10:31
mborzeckis/core/os/10:31
Chipacamborzecki: but you can parallel-install base snaps?10:32
mborzeckii suppose not, don't think that would be useful10:35
Chipacamborzecki: maybe just clamp it to apps and ""10:37
Son_GokuI think you're inviting trouble with instance installs of snaps10:37
Son_Gokuwhat problem are you trying to solve here?10:38
ChipacaSon_Goku: it's our 3rd most requested feature afaik10:39
ChipacaSon_Goku: after world peas and universal healthcare10:39
Son_GokuI don't know if we should make "world peas"10:39
Son_Goku:)10:39
Chipaca:D10:40
ChipacaSon_Goku: split pea and ham soup tho10:40
Son_Gokuhaha10:40
Chipacaor just split pea soup10:40
mborzeckimvo: what was the failure with parsing losetup output?10:42
zygaohh10:42
zygamvo: fun issue10:42
zygahttps://www.irccloud.com/pastebin/ACep9bL8/10:42
zygabase policy needs love now10:42
zygamvo: to fix this it would be _really_ nice to have slot-snap-type: snapd10:46
zygathat is, a dedicated type for snapd snap10:47
zygaWDYT?10:47
zygapedronis: ^10:47
Son_Gokuzyga, can I not have a snapd snap installed?10:47
Son_Gokuit's going to be dead code on my system10:47
zygaSon_Goku: no, it's mandatory because otherwise the code would be even more hairy10:47
zygaand it's not dead code entirely, as it interacts with snap-exec and snapctl at runtime10:48
zyga(they are taken from the snapd snap)10:48
Son_Gokubut using the snapd you guys build breaks things :/10:48
Son_Gokuthat's why we have to disable re-exec for every distro except Ubuntu10:48
mvomborzecki: it will give me /dev/loop4 but I need /dev/mapper/loop4p310:48
zygawe won't use snapd but we will use other files from the snapd.snap10:48
Son_Gokudoes that mean that patches against those binaries on the host are basically ineffective, then?10:49
zygathey are today10:49
Son_Goku:/10:49
zygathere's a lot of non-trivial stuff involved10:49
zygaand edge cases that are easy to miss10:49
pedroniszyga: we need to discuss, adding a type like that doesn't make a lot of sense. really in that context "core" means system10:50
mvomborzecki: don't get me wrong, I'm not opposed to fix it, just want to get this PR landed to make the followups smaller (and its not worse than before arguable at least)10:50
zygapedronis: it's that or patching the policy checker to imply   that snap name "snapd" has magic type "core"10:50
pedroniszyga: well, we cannot use the name10:51
zyga?10:51
pedroniswe really need to use the snap id at that level10:51
zygawoah, so what can we use?10:51
zygathat won't fly10:51
mborzeckimvo: no worries, just wondered if there's something fishin in losetup output there, and if so i can take a look at it later10:51
zygastore changes and all that10:51
zygaI mean, staging vs prod10:51
zygaI really like the simplicity of snap type10:51
zygaif name is a no-go then we need to discuss how this ought to work10:51
pedronissnap type needs store changes too10:52
pedronisand review-tools changes10:52
zygawhen I said store changes I meant snapd talking to prod store or staging store10:52
zygaI agree that a new type needs store side changes10:52
pedronisI know10:52
zygahmm10:52
zygamvo: ^ this blocks further work for now unless there's some magic way I can patch the policy for now10:52
zygavirtual system snap was not blocked this way because it was never installed and thus never verified10:53
mvozyga: hm, hm, ok, lets discuss in the standup, but that is unfortunate. I'm not familiar enough with the details yet so I'm not sure what to do. I guess we can't simply add an exception at this point?10:56
mvozyga: special case I mean10:56
zyganot sure where10:56
pedroniswe can cheat for a bit, but to be honest even the old system with type was a bit fragile10:56
zygamy plan was to simply allow snap name "snapd"10:56
pedronisthe fact you can have different things installed10:56
pedronisin different cases10:56
pedronisdoesn't make it better10:56
zygamvo: I can add the snapd id of "snapd" to all the built-in interfaces for now10:57
zygabut that's ugh10:57
pedronisdon't think we want to change the policies10:57
pedronisthemselves10:57
mvozyga: yeah, that sounds not nice(tm)10:58
zygapedronis: do you mean the built-in policy?10:58
pedronisI mean whatever we do10:58
pedronisI don't think we want to change the snippets10:58
pedronis(too annoying)10:58
zygapedronis: so what would you change?10:58
mborzeckizyga: where was that check for partial apparmor support on tumbleweed?10:59
pedroniszyga: we have lots of options10:59
zygamborzecki: interfaces/apparmor/backend.go10:59
zygapedronis: like?10:59
mborzeckizyga: got it, thanks!11:00
pedroniszyga: we can some change in policy/helpers.go11:03
zygaright, I was asking for the idea what to look for; my initial instinct was to just look at snap name but I think you said that would be invalid (since we cannot trust it)11:03
zygaone more idea is to perhaps tag implicit interfaces somehow11:04
zygaand skip validation11:04
pedroniszyga: you can use the relevant snap ids in the place we check for type11:04
pedroniswill create problems for tests tough11:05
zygaso would that be hard-coding the well-known ID of snapd in the policy?11:05
pedroniszyga: not in the policy11:05
pedronisin the policy code11:05
zygaright11:05
zygathat's what I meant (policy/)11:05
pedronisfor a bit at least11:05
pedroniswe might in the end need a type11:05
pedronisthen we just translate that type to core11:05
pedronisor the other way11:06
pedronisaround11:06
pedronisor something11:06
zygahmmm11:06
zygaI think we ought to either introduce snapd type or track and ignore implicit interfaces explicitly11:06
pedronisingnore based on what?11:06
pedronisthe name?11:06
zygano no11:06
zygaif slotInfo.Implicit == true11:06
zygajust set Implicit on the interfaces we create11:06
pedronisignore in the sense that any snap can get them?11:06
zyga(a new attribute)11:07
pedronisthere is something fishy in this concept of ignore11:07
zygaand by ignore I mean skip the checks for _those_ interfaces11:07
pedronisthat means any snap can get their slot11:07
zygawell, it's just formality, we add them,11:07
zygano11:07
pedronisthat doesn't make any sense11:07
zygait's not an attribute11:07
zygait's something only snapd could set11:07
pedronisyes, but if it's in the interface11:07
pedroniswhat prevent a random snap11:07
pedronisto declare the slot?11:07
zygaI mean in SlotInfo11:07
zyganot in Interface11:08
pedronisbased on what again?11:08
pedronisthe snap name11:08
pedroniswe attach them based on name11:08
pedronisthe checks right now though are on type11:08
zygawell, today we _add_ the implicit interfaces based on snapInfo.Name() == "snapd"11:08
zygaif we disagree about that we need to take a step back and fix that11:08
pedronisbut it doesn't work11:08
pedronisbecause there are checks11:08
zygaonce we agree there it's trivial to add mark the interfaces as implicit11:08
pedronisI disagree11:09
pedronisI think we need a little more than a name11:09
zygawhy do you think so?11:09
zygabecause of side-loading?11:09
pedronisno not sideloading11:09
pedronisbecause it gets very messy11:09
pedronisin the old world there was core snap and only one11:10
pedronisand it was hard not to have it11:11
pedronisnow we are allowing various combinations11:11
zygain the old world _any_ snap with type="core" would get the implicit interfaces11:11
zyganow I'm doing what we discussed yesterday11:11
zygaif we have snapd snap installed it gets the implicit interfaces, otherwise we do as before (any type="core" does)11:11
pstolowskii feel that what you're discussing is interesting for hotplug too, although i haven't followed all details... i'm currently adding hotplug slots to "core"11:13
mvomborzecki: your comments on 5339 are not a +1 yet, right? it looks like it still needs a second review11:13
zygapstolowski: yes, I asked this question yesterday on the standup but didn't realise you left by then11:13
pstolowskizyga: ah. ok.11:13
zygahmmmm11:25
zygaone more twist11:25
zygasnap.Info.UseNick("core") returns "system"11:26
zygaand DropNick has the reverse logic11:26
zygathis is very annoying TBH11:26
zygabecause it is stateless11:26
zygamvo: ^11:27
zygaso at the API level it's not any different11:27
zygabut "snap interface network" shows "system" as the slot11:27
pedroniszyga: that is what I was mentioning the other day, it was a bit unclear that we wouldn't need reverse translation in the repo, or extra code in the api11:28
zygaI think that since we tell the user "system" all the time that we should have used system as a snap, it's just cleaner11:28
pedroniszyga: anyway the change I have in mind in policy is not that big, also we never invoke policy code for snaps that don't have snap id11:30
pedronis(we assume dangerous)11:30
zygathat's a good point11:30
zygapedronis: I didn't get your response on the previous question, how shall we identify snapd-the-snap in general11:30
zygato add interfaces to it11:30
zygaif the name check is wrong what is the right check11:30
pedronisin policy, with the snap ids11:31
pedronisbut we can hide that mostly in a helper11:31
zyganot in the policy11:31
zygain the interface manager11:31
zygasince that's where it starts11:31
pedronisname is fine, given that it will be blocked by policy11:32
pedronisif it's not installed with dangerous11:32
zygammm, ok11:32
ChipacaI'm off to have lunch, and then I've got a meeting at the boys' school11:33
ChipacaI don't think I'll make it to the standup11:33
Chipacalet me know if I said "yes" to anything in my absence :-D11:33
zygaChipaca: we'll tell you what you have volunteered to do tomorrow ;-)11:34
pedroniszyga: let me try to propose a diff of what I have in mind11:34
zygapedronis: thanks, I'm looking at that code but if you have something that's super nice :)11:34
pstolowskiChipaca: we will assume "yes" to everything you don't explicitely nack11:35
zygamvo: can you please merge https://github.com/snapcore/snapd/pull/536411:39
mupPR #5364: packaging/opensuse: fix typo, missing assignment <Simple> <Created by zyga> <https://github.com/snapcore/snapd/pull/5364>11:39
zygait failed twice on random junk11:39
=== pstolowski is now known as pstolowski|lunch
pedroniszyga: something like this is what I had in mind  https://pastebin.ubuntu.com/p/KbsqbVN9by/  of course needs a couple of tests in policy_test.go to go with it11:42
zygammm, thanks, let's see where I can take this11:42
mborzeckiheh, pushed to the wrong PR branch, quick reset & force push, maybe nobody will notice :)11:44
mupPR snapd#5366 opened: snap: helper for validating snap instance names <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5366>11:47
mborzeckimvo: shall we land #5362 ?11:54
mupPR #5362: tests: use "ss" instead of "netstat" (netstat is not available in core18) <Created by mvo5> <https://github.com/snapcore/snapd/pull/5362>11:54
zygamvo: what's the id of snapd snap in staging?11:58
zygahmm, we don't restart snapd.service when installing snapd.snap yet, do we?12:01
jameshzyga: I ran into this weird spread test failure in my PR: https://api.travis-ci.org/v3/job/394938067/log.txt -- I think it is down to incomplete cleanup in tests/main/xdg-open (it touches a file and then Arch's package manager refuses to overwrite it when I try to install a package)12:02
zygamvo: with pedronis' patch I can install snapd and (since it doesn't restart) we get duplicated interfaces12:03
zygaafter snapd restart things are ok12:03
jameshso I wonder if that test is using a bit of an anti-pattern12:04
zygajamesh: looking12:05
zygahmmm12:07
zygaI'm puzzled12:07
zygawhat's the xdg-open in the filesystem that this conflicts with?12:08
jameshzyga: in tests/main/xdg-open, it touches /usr/bin/xdg-open and then bind mounts a fake version of the script over the top, and then undoes the bind mount in the restore script12:09
zygaah12:09
jameshpresumably this is intended to make the test work on systems with or without xdg-open installed before hand12:09
pedroniszyga: I think we do have code to restarted but only if the model has a base12:09
mborzeckipacman refuses to overwrite files12:09
zygaIMO the main/xdg-open test must clean up after itself12:10
zygainstead of touching it could mv to .orig or something12:10
mborzeckizyga: it supposedly does12:10
jameshbut it means it leaves an empty file around if xdg-open wasn't around before hand12:10
zygamborzecki: does it?12:10
mborzeckibut does not remove the file if it wasn't there12:10
zygamborzecki: I'm looking at the restore section12:10
zygayes12:10
zygaexactly12:10
=== alan_g is now known as alan_g|afk
zygaso to properly clean up it should unlink /usr/bin/xdg-open12:11
mborzeckii can do a quick fix12:11
zygaand if /usr/bin/xdg-open.orig exists mv it over12:11
jameshalternatively, it could install xdg-utils to ensure a real xdg-open is available to bind mount over12:11
zygathis is safe regardless of whether xdg-open existed or not12:11
mupPR snapd#5339 closed: tests: initial core18 spread image building <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5339>12:13
zygamvo: ping12:14
mvozyga: pong12:16
zygamvo: can you shed some light on the expected behaviour of snapd the process when one "snap install snapd"12:16
zygashould snapd restart?12:16
mupPR snapd#5364 closed: packaging/opensuse: fix typo, missing assignment <Simple> <Created by zyga> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5364>12:17
mvozyga: a great question. I think today on !core18 it should do nothing but on core18 it should restart12:18
mvozyga: iirc it will do that already (restart in core18)12:18
mvomborzecki: re 5363 (ss instead of netstat) - if it looks good lets land it. it evolved a bit since your first review, sorry for that, the output is slightly different so I had to tweak a bunch of greps12:19
mupPR snapd#5355 closed: data/complete: fix three out of four shellcheck warnings in data/complete <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/5355>12:19
zygamvo: mmmmm12:21
zygamvo: thank you12:21
zygamvo: so12:21
zygawell, actually, so installing snapd.snap on classic12:21
zygawhat does that do?12:22
zygas/do/should do12:22
zygain the world without core12:22
mvozyga: in a future world it will restart into snapd12:22
mvozyga: into the snapd snap12:22
zygafuture as in far into the future12:22
mvozyga: but we are not there yet12:22
zygaor soon (week)12:22
mvozyga: ~4-6 weeks12:22
zygak12:22
mborzeckijamesh: opening a PR in a minute12:22
zygaso then we need to discuss what to do about implicit interfaces again12:23
zygashould the new logic only apply if model.Base is core18?12:23
zygaand otherwise things are as they are now12:23
mvozyga: I think for now we focus on model.Base != ""12:23
zygaI think with _that_ extra logic (and noting that no new tests are present) I could propose my branch to see what happens12:23
mvozyga: but eventually we will be in a new world with core16 and no snapd in there on classic12:23
zygaok, I'll do that12:23
zygathanks12:23
mvozyga: and a snapd snap on classic that will have the role of core12:24
mvozyga: *but* one step at a time :)12:24
zygahhmmm12:24
zygahold on12:24
zygaactually, let me have lunch12:25
mborzeckiwow, econnreset12:26
mborzeckihttps://api.travis-ci.org/v3/job/394933199/log.txt12:26
pstolowski|lunch2018/06/21 12:14:46.074136 store.go:1555: DEBUG: Download succeeded in 4.935s (109MB/s)12:29
=== pstolowski|lunch is now known as pstolowski
mupPR snapd#5367 opened: tests/main/xdg-open: restore or clean up xdg-open <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5367>12:31
mborzeckijamesh: zyga: ^^12:31
mborzeckipstolowski: nice, that's fast :)12:31
pstolowskii guess iptables rule is not immediately effective (as suspected by mvo)12:33
abeatomvo, I'm getting some snapd errors related to not having GNU build ID in the binary, how can I add that to the binary?12:34
mvoabeato: those should just be warnings12:36
mvoabeato: did you see my comment in the PR? was that helpful? I also wanted to write a small spread test but I didn't had time yet, I think it would be a nice addition12:37
abeatomvo, hm, does not this have side effects?: https://paste.ubuntu.com/p/sdkwXp3nV4/12:37
abeatomvo, yes, thanks for that, I have cherry-picked your commit and added it to the branch12:38
mvoabeato: those warnings are ok, it just means you get an unneeded profile-generation. maybe we need to phrase them differently so that they sound less scary12:38
abeatomvo, ok, was just wondering12:39
abeatothx12:39
zygamvo: do you have some time to hop on the standup HO now and talk about core18?12:43
mvozyga: yes, one minute, just finishing a small PR12:44
zygaok12:44
zygamvo: hmm,12:48
zygahangouts/meet don't want to let me in12:48
mupPR snapd#5368 opened: tests: disable core tests on all core systems (16 and 18) <Created by mvo5> <https://github.com/snapcore/snapd/pull/5368>12:48
zygamvo: ok, managed to join via regular hangouts12:50
mborzeckipstolowski: ok if i restart that build with econnreset?12:50
pstolowskimborzecki: yep, i made a copy12:51
mborzeckiack12:51
pstolowskithanks12:51
mborzeckipstolowski: download is run by the client only right? snapd is not proxying anything there?12:52
pstolowskimborzecki: correct12:52
pstolowskimborzecki: (in this particula case, e.g. on 'snap download ..')12:53
mborzeckiright12:53
mvozyga: look at your video ;)12:53
mupPR snapd#5362 closed: tests: use "ss" instead of "netstat" (netstat is not available in core18) <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5362>12:56
=== alan_g|afk is now known as alan_g
mupPR snapd#5365 closed: spread-shellcheck: use the latest shellcheck available from snaps <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/5365>13:47
mupPR snapd#5369 opened: overlord,interfaces,cmd: WIP early support for interfaces on core18 <Blocked> <Created by zyga> <https://github.com/snapcore/snapd/pull/5369>13:53
zygaI need to break now and take the dog out13:53
mvozyga: thank you!13:53
zygamborzecki: I will resume suse work when I'm back, looking forward to your testing :)13:53
mvozyga: anything you need in 2.33.1 for suse?14:03
zygaHmmm, yes but i am afk14:05
zyga32C now, ufff14:05
mborzeckizyga: at least you know that it's almost summer :)14:22
mupPR snapd#5370 opened: overlord/{config,snap}state: introduce parallel-installs feature flag <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5370>14:22
mupPR snapd#5371 opened: tests/main/interfaces-firewall-control: shellcheck fix <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5371>14:27
mborzeckimvo: ^^14:27
mvomborzecki: \o/ thank you14:40
mupPR snapd#5356 closed: packaging: require snapd.socket in snapd.seeded.service; make sure snapd.seeded.… <Created by stolowski> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5356>14:48
mupPR snapd#5372 opened: many: improve udev trigger on refresh experience (2.33) <Created by mvo5> <https://github.com/snapcore/snapd/pull/5372>14:54
mupPR snapd#5372 closed: many: improve udev trigger on refresh experience (2.33) <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5372>15:33
zygare15:38
* zyga tried to read a paper but ended up talking to mvo and then to family members 15:38
zygaanyway, back now15:38
zygamvo: hey15:42
zygadid you look at the RFC PR yet?15:42
zygait fails on core 18 with15:42
zyga+ snap install --channel=edge snapd15:42
zygaerror: cannot install "snapd": cannot install snapd snap on a model without a base snap yet15:42
zygadid I mess up or is the core18 somehow ending up without a model yt15:42
zyga*yet15:42
zygain any case, please look at the branch, it's very small so far15:43
zygaI will focus on suse release for the rest of the day15:43
mupPR snapd#5373 opened: release: 2.33.1 <Simple> <Created by mvo5> <https://github.com/snapcore/snapd/pull/5373>15:47
zygapstolowski: https://github.com/snapcore/snapd/pull/5368 needs a 2nd review15:52
mupPR #5368: tests: disable core tests on all core systems (16 and 18) <Created by mvo5> <https://github.com/snapcore/snapd/pull/5368>15:52
pstolowskilooking15:53
pstolowski+115:56
mupPR snapd#5331 closed: snapstate: sort "snapd" first <Created by mvo5> <Merged by zyga> <https://github.com/snapcore/snapd/pull/5331>15:56
pedronisas I remarked to mvo this morning 5331 is not sufficient to solve the related problems16:12
zygapedronis: shall I revert it?16:18
pedronisit's not harmful by itself16:18
pedronisbut I would like to understand if the other problem is being tracked16:18
=== pstolowski is now known as pstolowski|afk
sergiusensmvo: pedronis is there any reason for why the actual snap file on /var/lib/snapd/snaps would be 600 when installed with --dangerous but 644 otherwise?16:27
pedronisI don't think is --dangerous16:30
pedronisis local vs from from store16:30
pedronisthe involved files are created differently16:31
pedronisI see the 064416:31
pedronisthe 0600 (for local installs) comes from ioutil.TempFile16:33
niemeyerpstolowski|afk: #5326 reviewed16:55
mupPR #5326: api/snapctl: allow -h and --help for regular users <Created by stolowski> <https://github.com/snapcore/snapd/pull/5326>16:55
mvocachio: 2.33.1 is in the beta channel now - just fyi - mostly small fixes and test tweaks for autopkgtest17:01
cachiomvo, nice, I'll make a run today17:01
mborzeckiwow, opensuse really hates my nvidia, the graphical installer refuses to start, textual yast wants to do something (besides being super inconvenient to use) but i doubt that matches what i want it to do, wish i could just mount the target fs and bootstrap everything by hand, probably possible just havent found the way yet17:08
zygamvo: offtopic, did you know about git cherry-pick -m 1 ...17:10
zygait's very useful, I found it by accident17:10
zygapick a merge commit sha and cherry pick the whole lot17:10
zygamborzecki: which release are you on?17:10
zygamborzecki: try tumbleweed if you can, it's the most interesting to test for me17:11
mborzeckitw, pulled today's current17:11
zygagood17:11
zyga(and bad, sorry about your card)17:11
mborzeckii'm quite sure that vesa works, just no clue why it's not even tried17:11
mvozyga: oh, neato, I was not aware of this17:15
zygastorm is coming!17:16
zyga32C is falling quickly and it's all dark now17:17
mborzeckizyga: 16C here17:17
zyga!!!17:17
zygahow can it be twice as cold there as it was here a moment ago17:17
zygait's barely an hour away17:17
mupPR snapd#5374 opened:  tests: disable core tests on all core systems (16 and 18)  <Created by mvo5> <https://github.com/snapcore/snapd/pull/5374>17:18
mupPR snapd#5371 closed: tests/main/interfaces-firewall-control: shellcheck fix <Simple> <Created by bboozzoo> <Merged by zyga> <https://github.com/snapcore/snapd/pull/5371>17:25
zygamborzecki: https://github.com/snapcore/snapd/pull/537017:26
mupPR #5370: overlord/{config,snap}state: introduce parallel-installs feature flag <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5370>17:26
mborzeckizyga: hm?17:27
zygalook at my comment please17:27
mupPR snapd#5367 closed: tests/main/xdg-open: restore or clean up xdg-open <Created by bboozzoo> <Merged by zyga> <https://github.com/snapcore/snapd/pull/5367>17:27
mupPR snapd#5368 closed: tests: disable core tests on all core systems (16 and 18) <Created by mvo5> <Merged by zyga> <https://github.com/snapcore/snapd/pull/5368>17:28
mborzeckizyga: restarted the build, it's alreayd fixed in master17:29
zygaThank you!17:29
zygamvo: the 2.33.1 PR fails for the same reason17:29
zyga+ something that looks like journalctl skew17:29
mborzeckizyga: that test log is a bit misleading, the most interesting part is just the last few lines which gives a summary of what failed and why (expectedly/unexpectedly and so on)17:30
zygaaha17:37
* Chipaca EODs and goes to find a place with a tv17:49
Chipacao/17:49
zygauh-oh17:50
zygafire nearby17:50
zygaI see lots of smoke and hear the sirens17:50
zygaI have a love-hate relationship with "orc"18:01
zyga"osc"18:01
zygait sucks as a VCS18:01
zygabut it really rocks as a builder18:01
zygait's way too big (CLI is insanely complex)18:01
zygabut the build part is really flawless18:01
zygasmoke intensifies18:07
zygaI'll go to check it out18:08
zygaan old house is on fire18:12
zygaand a 2nd building now, a block of flats next to it, still under construction18:14
zygaI need to add three directory ownership lines to snapd.spec on opensuse18:16
zyga%dir /usr/lib/systemd/system-generators18:16
zyga%dir /usr/share/dbus-118:16
zyga%dir /usr/share/dbus-1/services18:16
zygaPharaoh_Atem: ^18:16
zygafirst question, should I own them (build fails on leap without it, works on tumbleweed without them)18:16
zygaand second question, what's the abbreviated name for those (with variables and such)18:16
zygamborzecki: ^18:17
zygamore fire18:21
zygaand more sirens nearby18:21
zygahttps://www.facebook.com/photo.php?fbid=1939797056064540&set=gm.10160553222185322&type=3&theater18:24
zygamborzecki: I have this interesting output from the build service:18:26
zyga[  132s] /usr/lib/snapd/snap-mgmt: line 25: systemd-escape: command not found18:26
zygawe have Requires: systemd18:26
zygaI wonder what else might be missing18:26
mvozyga: yeah, the failure of the changelog PR is strange18:28
=== phoenix_firebrd is now known as phoenix_firebrd_
zygaI see this failure often while building the package18:32
zygapanic in snap state tests https://www.irccloud.com/pastebin/zP4C8oCp/18:32
mvois it just me or is travis very slow?18:38
mvoI mean, giving me data for the test results18:38
zygamvo: it's unusably slow18:46
zygathe page is so js-heavy it renders very very slowly18:46
zygaI always click on the button to show raw log but even getting there is painful18:46
zygamborzecki: do you have suse ready?18:46
zygaI sent my build to https://build.opensuse.org/package/show/home:zyga:branches:system:snappy/snapd18:47
zygaI will break now18:49
zygaafter this builds I will test it on my machines18:49
zygaand update the forum18:49
zygaI still have a small diff to send18:49
zyga(to master)18:49
=== phoenix_firebrd_ is now known as phoenix_firebrd
Pharaoh_Atemzyga: %{_systemdgeneratordir}19:00
Pharaoh_Atemzyga: %{_datadir}/dbus-1/services19:01
zygait would be awesome if some python script could do that19:03
zygathank you!19:03
=== phoenix_firebrd is now known as phoenix_firebrd_
=== phoenix_firebrd_ is now known as phoenix_firebrd
zygaPharaoh_Atem: let me know if you need any testing on Fedora20:56
Pharaoh_Atemzyga: will do21:47
Pharaoh_AtemI'm planning on updating Fedora to 2.33.121:47
Pharaoh_AtemI'm trying to coordinate updating xdg-desktop-portal to 0.11 there too, though21:48
zygaPharaoh_Atem: re22:59
zygaPharaoh_Atem: do you have any idea what failed on https://build.opensuse.org/package/show/home:zyga:branches:system:snappy/snapd22:59
zygathe tumbleweed builds failed22:59
zygathey enable apparmor22:59
zygaI don't quite get it what happens at build time, is the build machinery somehow _executing_ scripts? (%post, etc)22:59
zygaah23:22
zygafixed it :)23:22
zygasheesh23:22

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!