=== mup_ is now known as mup [05:01] morning [05:06] PR snapd#5360 closed: tests: fix shellcheck 0.5.0 warnings [05:54] good morning [05:54] I will be here shortly [05:58] zyga: hey [06:12] hey, just getting a coffee [06:22] can I get an ack for https://github.com/snapcore/snapd/pull/5347 [06:22] ready and green just needs a review [06:22] well [06:22] an ack [06:22] PR #5347: data: remove /bin/sh from snapd.sh [06:30] PR snapd#5347 closed: data: remove /bin/sh from snapd.sh [06:38] hey sil2100 [06:50] mborzecki: can you have a quick look at https://github.com/snapcore/snapd/pull/5355 [06:51] PR #5355: data/complete: fix three out of four shellcheck warnings in data/complete [07:07] anyone wants to do a 2nd review on #5359 ? [07:07] PR #5359: spread-shellcheck: use a whitelist of files that are allowed to fail validation [07:12] once this lands i have another pr that uses shellcheck from snap, although in --devmode because of our setup [07:14] I can :) [07:14] I restarted various failed PRs from yesterday [07:16] mborzecki: can I add type annotations to spread-shellcheck? [07:16] in a follow-up [07:16] and make it mypy clean? [07:16] nothing like static typing : [07:16] :) [07:17] zyga: pfff, you work on interfaces for core ;) [07:17] core18 [07:17] mvo: yes, that's almost done though :) [07:17] but good point :P [07:17] zyga: aha! thats cool [07:17] zyga: first the chores, then the fun :P [07:18] zyga: sure [07:18] mornings [07:18] zyga: but thats great to hear, I look forrward to working tests and then we can run spread again on core18 [07:18] hey pstolowski ! good morning [07:19] hey pawel [07:20] mvo: hi, could you re-review 5352 when you have a bit some time [07:20] btw. it'd be nice to have an interface that allows access to arbitrary paths, and have those paths added/configured as a list per connection [07:20] mborzecki: I had something like this planned a while ago [07:20] pedronis pstolowski: morning guys [07:20] pedronis: absoutely, thank you! [07:20] pedronis: and good morning :) [07:20] my desire then was to have an snapctl api where a snap could talk to snapd and create interfaces [07:21] so "hot plug" like but snap (not snapd) driven [07:21] pedronis: its even green! how did you manage that given the stormy spread weather we had :) ? [07:21] that idea died though, we could do something different with a new interface [07:22] mborzecki: the problem is that unless we tied it down in the snap declaration (but gets annoying), is really access to any path [07:23] pedronis: my idea was that you could only select a subset of home [07:23] so it would be like scoped home [07:24] ok, that's different from what mborzecki proposed [07:24] though [07:25] mvo: thanks, marked it blocked until I can discuss something with the store people, mostly wondering if there's a chance client StoreAccount and then one internal/from store can diverge [07:26] pedronis: heh, I almost merged it. good that I was unusually not trigger happy this morning [07:26] mvo: nothing too bad if it was merged, mostly wondering if we need to StoreAccounts or using just one is ok [07:27] in most uses of client should be immaterial either way [07:27] s/to/two/ [07:27] * mvo nods [07:29] mvo: when will we cut 2.34 ? from discussions from yesterday it seems there was a couple of things still desired for it [07:30] pstolowski: did you got a chance to play a bit with 5356, i.e. the bits we brainstormed yesterday to figure out why exactly its is not working [07:30] pedronis: I think early next week [07:30] pedronis: we need a 2.33.1 with some adt fixes [07:30] ok [07:30] pedronis: so maybe middle next week even [07:30] pedronis: what is pending from your pov? [07:31] mvo: afaiu understand work to get better errors if a snap is missing from arch or channel, and expanding searches to other risks [07:31] mvo: no, i wanted to have full spread tests suite run first (which wasn't possible due to gce) [07:31] mvo: the first bit should be in store prod now, the 2nd soon [07:31] but need snapd work [07:32] mvo: and I have my gadget connect PR that needs a review from you :) [07:32] pedronis: thats exciting - is the store read for the better errors? [07:32] pedronis: aha, you replied, cool [07:32] pedronis: yeah, I need to do that review, will do it this morning [07:33] pstolowski: heh, yeah, a bit of a storm yesterday [07:33] pstolowski: thank you [07:33] pedronis: I'm quite excited about the error messages, where can I learn more where we stand and what changed? [07:35] mvo: we have a bit of a problem there though, related to our own API errors, we set Value just to snapName in the relevant errors, so a bit unclear where to stick the extra info... we can put in the better message but is not ideal for all clients [07:36] zyga: pedronis: hm i thought about arbitrary, user set, paths, as in something that neither fits the removable-media, nor home interfaces and the location is kind of oustide of your control [07:37] mborzecki: as I said, it's doable but unless we have corresponding control in the snap-declaration, is really a blank check. the developer controls what goes into her snap.yaml [07:37] in case of shellchecks, shellcheck snap comes with home and removable media interfaces, but the tests are run as root and the source code is at /home/gopath, i could probably hack around with some bind mount or just use --devmode (and open up everything?) [07:38] mborzecki: ah, user set [07:38] mmh, we don't have anything like that [07:38] it would add quite a bit complexity to the machinary [07:38] pedronis: yes [07:39] we can discuss it over a glass of beer while in BRU :) [07:47] mvo: about your question, we get a bit like this: 'extra': { [07:47] 'releases': [{'architecture': 'amd64', [07:47] 'channel': 'beta'}]} [07:47] }, [07:47] in revision-not-found errors [07:48] pedronis: nice! [07:49] mvo: as I said, the problem is that we don't have a place to stick it in our own API errors [07:50] mvo: https://github.com/snapcore/snapd/blob/master/daemon/response.go#L368 the way we set directly Value: snapName is the problem, changing that is backward incompatible [07:51] pedronis: in our own snapd api errors? hm, hm, ok. could we just invent an "extra" field as well (just thinking out loud)? [07:51] yes, but it a bit of a kludge, basically we had one (Value) but we used it a bit naively [07:52] pedronis: could we invent new types? errorKindSnapRevisionNotAvailableWrong{Arch,Channel} - I guess old clients would not show a nice error with that but usually snap/snapd will be in sync so its just ugly for a minority ? [07:52] we can also do that [07:53] pedronis: what approach do you like best :)? [07:54] none :) [07:54] heh [07:54] * mvo scratches head then [07:55] pedronis: sounds like something to talk about during the standup to figure out the least disliked option [07:55] yes [07:58] mborzecki: can you take another look at https://github.com/snapcore/snapd/pull/5323 ? [07:58] PR #5323: ifacestate: prevent running interface hooks twice when self-connecting on autoconnect === mborzeck1 is now known as mborzecki [08:09] mvo: fwiw snapd-glib doesn't support yet explicity snap-revision-not-available [08:09] also doesn't seem to use "value" at all from errors [08:10] zyga: good morning. Chinese is not a language. [08:11] yeah I know, it's a simplification ;) [08:11] zyga: :) [08:11] how do I spell the M... thing? [08:11] zyga: Mandarin [08:11] zyga: unless you meant Mapudungun [08:11] hehe [08:11] does it have as many users? :) [08:11] fixed [08:12] zyga: Mapudungun has 260k native speakers [08:12] approx [08:12] that's still more than the people who refuse to use systemd ;P [08:14] zyga: but like the non-systemd users, they're being oppressed [08:14] ok that turned the wrong way and I shall go sit in silence and think about my sins for a bit [08:15] zyga: how hard would it be to have a script that you ran on a system and it told you all the ways in that snapd would fail to run? [08:15] Chipaca: that's interesting, [08:15] well, some of that is in the new self-test work that mvo started [08:15] no systemd, wonky kernel [08:15] like, "your apparmor was not shipped in slackware 1.0 because it was too old", etc [08:16] old apparmor userspace is another thing to check for [08:16] or "Slackware hates systemd, sorry" [08:16] non-linux kernel [08:16] are you after a shell script? [08:16] over golang? [08:16] zyga: ideally :) [08:17] android userspace [08:17] mmm [08:17] mvo: tried to answer your questions [08:17] 2MB usable ram [08:17] Chipaca: we could try [08:17] Chipaca: eventually that script could wget snapd.snap ;) [08:17] ssshhh [08:18] all the squashfs stuff, the mount crashes fixes [08:18] dunno how to test for the latter [08:19] anyway. Good morning. [08:19] good morning :) [08:19] * Chipaca brought donuts to the office [08:19] oh, you are at the office today? [08:19] … ok, my bedroom [08:19] FINE [08:19] ah :( [08:19] well [08:19] * zyga looks around at his "office" [08:19] :) [08:19] I just envied you for a brief moment [08:20] ah, no, i'm happy like this, mostly [08:20] PR snapd#5323 closed: ifacestate: prevent running interface hooks twice when self-connecting on autoconnect [08:20] I sometime miss the office [08:20] if we had one in Warsaw I'd use it a few days a week [08:20] (lugging my iMac on the bus ;) [08:20] me too, but it takes one morning to commute in and i'm over it [08:20] (every ~6 months or so) [08:21] I need to try [08:21] I'll find some cheap flight to UK and commute once ;) [08:21] OTOH, I could totally build an office in a van and go visit people [08:21] hahaha [08:21] pedronis: thank you! as for the second resolveSnapIDToname, I was mostly wondering if we should have a gadget-connect test that uses the "system" name explicitly but maybe overkill [08:22] Chipaca: feel like tackling the traveling salesman problem irl? [08:22] mborzecki: I suck at sales [08:22] mborzecki: but other than that, sure :) [08:22] mvo: well, it is explicit for that level of code, already the parsing makes all entries non empty [08:22] pedronis: ok [08:23] "yeah i'm here to show you this thing we built, which is cool, it's got all these issues [ three hours later ] pay me [08:23] mvo: that is code from the previous PR [08:23] slot is really system:network-control at that point of the code [08:24] pedronis: aha, that was the missing piece then - I remember now [08:24] mvo: adding the comment, I need to merge master anyway because of Name vs InstanceName [08:25] pedronis: thank you [08:26] zyga: in distros that don't have /snap/bin, what's added to PATH? [08:26] Chipaca: /var/lib/snapd/snap/bin [08:26] it's the same [08:26] I mean, the same script [08:26] ugly, no? [08:27] zyga: dunno if you're talking about #5355 but I was [08:27] PR #5355: data/complete: fix three out of four shellcheck warnings in data/complete [08:27] ah [08:27] I'll do that [08:27] thanks, I'll push this branch in a moment [08:28] I'm moving all suse machines from drive to drive so they are suspend now [08:32] zyga: you have way too much fun for it to be legal [08:33] such as? [08:33] zyga: moving suse machines around [08:34] I can hear the disks clicking [08:34] PR snapd#5351 closed: packaging/opensuse: build position-independent binaries [08:35] zyga, dammit I'm blind [08:35] oh? [08:35] https://github.com/snapcore/snapd/commit/e21034320459354b8acd9d1c194946ceda363a6e#diff-36a23153f5bbd7bffd11c24597ac50fdR146 [08:35] I don't know _how_ that's valid shell [08:35] it should have barfed again this time [08:35] thanks! [08:36] I'll fix it... in about 10 minutes when the copy is over [08:36] haha [08:44] PR snapd#5363 opened: snap: introduce the instance key field [08:45] pedronis: this should be fairly uncontroversial ^^ [08:51] gnome shell actively not taking input because it's too busy dumping backtraces from js :( [09:02] PR snapd#5364 opened: packaging/opensuse: fix typo, missing assignment [09:06] mborzecki: review on https://github.com/snapcore/snapd/pull/5363#pullrequestreview-130726810 [09:06] Pharaoh_Atem: fixed, thank you! [09:06] PR #5363: snap: introduce the instance key field [09:07] zyga: thanks! [09:08] PR snapd#5359 closed: spread-shellcheck: use a whitelist of files that are allowed to fail validation [09:10] PR snapd#5357 closed: firstboot: mark essential snaps as "Required" in the state [09:11] reviews for 5361 would be great, should be straightforward and unblocks some more spread runs [09:12] 5339 is also updated but that is a bit annoying to reivew (too much shell) :/ [09:15] Chipaca: one final look at https://github.com/snapcore/snapd/pull/5355/ [09:15] PR #5355: data/complete: fix three out of four shellcheck warnings in data/complete [09:16] pedronis: a quick look my comment in 5331 would be great, if it captures enough information why we sort snapd first [09:19] mvo: which reminds that sorting is not enough [09:24] mborzecki: thanks for the inisght into systemd seeded PR [09:24] mvo: we need to tweak also the code here https://github.com/snapcore/snapd/blob/master/overlord/snapstate/snapstate.go#L806 [09:24] to consider snapd in both sides of the if [09:25] pstolowski: iirc we stop all snapd* services in prepare, maybe that's why it's inactive/dead in your test [09:26] pedronis: indeed [09:31] mvo: done [09:32] zyga: thank you [09:33] mvo: conflict on https://github.com/snapcore/snapd/pull/5358 [09:33] PR #5358: tests: add spread test to ensure snapd/core18 are not removable [09:33] zyga: thanks, looking [09:35] mborzecki: thank you as well for the review! [09:35] PR snapd#5353 closed: data/completion: fix inconsistency in +x and shebang [09:35] PR snapd#5365 opened: spread-shellcheck: use the latest shellcheck available from snaps [09:44] PR snapd#5317 closed: overlord: introduce a gadget-connect task and use it at first boot [09:45] pstolowski: hi, I merged my gadget-connect branch, that means I fear conflicts for the disconnect hooks one [09:46] pedronis: ack, thanks for heads up [09:49] 5361 needs a second revie wnow [09:49] (really simple :) [09:51] PR core18#24 closed: Add the systemd-sysv package for tools like shutdown and reboot [09:55] zyga: you asked about locales all - when I just add this package the snap grows by 12mb [09:55] yeah, sil2100 did the experiment yesterday [09:55] zyga: aha, I missed the results [09:55] I would like to consider it, for the sake of making locale not suck again [09:56] snap authors cannot really do it inside snaps, from what I know [09:56] I'll try looking into slimming down the core18 snap [09:56] Maybe then we'll feel less sad with the additional 11-12MB [09:57] (hello btw. o/) [09:58] sil2100: yay, please do [09:58] sil2100: is the new data _solely_ inside /usr/share/locale? [09:58] sil2100: a diff of list of files would be awesome if you have one handy [09:59] zyga: yes, it's just /usr/lib/locale/* [10:00] * sil2100 goes AFK now to argue with some bad people [10:00] zyga: and its massive, du -s | sort -n shows that its a whole lot of 1-3mb files [10:01] mvo: iff 11MB is what we need to make snaps talk languages maybe that's not _so_ bad [10:01] I mean, the size is tiny in comparison to anything modern, just the download size is a problem [10:08] we should have a hello-i18n snap [10:08] that uses python and get text [10:08] or something that was problematic lately [10:08] (or actually have one set of .mo files and use many implementations to test stuff) [10:09] zyga, unrelated, but... [10:09] yeah? [10:09] from #fedora-devel: [10:09] [05:58:33 AM] the selinux kernel code is slowly growing support for namespaces, so we might see policies in flatpak sometime in the future. i think the existing container-selinux package could be used to create flatpak-specific policies though, but would probably need some upstream support to determine how you label the process [10:09] pstolowski: 5356 seems to be failing, I guess that is on your radar? [10:09] pstolowski: the fix for snapd.seeded [10:09] zyga, my understanding is that namespaced labels are the key to making selinux confined snaps work [10:09] mvo: yes i'm looking at right now. it's interesting [10:10] pstolowski: (sorry for being a bit pushy here) [10:10] Son_Goku: no, I don't think that's critical [10:10] no? [10:10] Son_Goku: note that apparmor and namespaced labels are not important either [10:10] just when you have multiple containers [10:10] then it is important [10:10] wouldn't it be necessary for running LXD or Docker as a snap? [10:10] the most important first step on the topic of snapd and selinux is how the hell to get started :) [10:11] Son_Goku: I don't know [10:11] well, mvo, lvrabec, and pmoore are in a mail convo about that [10:11] though mvo has been bad about not responding to them :/ [10:11] I finally bit the bullet and did yet another response that I feel was probably not terribly helpful :/ [10:11] zyga: iirc we've discussed overlayfs some time ago [10:12] Son_Goku: yes - sorry for that [10:12] zyga, the SELinux warnings and denials have reached the point that the Red Hat SELinux guys would like to help us [10:12] but I can't do anything to make this better, because I'm too incompetent to figure out how the security model works [10:13] and I'm stretched really thinly right now [10:14] Son_Goku: oh, interesting, [10:14] Son_Goku: do you have any names I could ping? [10:14] mvo has them [10:14] cool, I didn't know about this [10:14] mvo, please reply to them with some useful info and CC zyga [10:14] eventually we could patch our test suite so that no _new_ warnings are introduced [10:14] zyga, are you not following selinux@ and devel@ on lists.fp.o? [10:15] Son_Goku: I'm subscribed but man, I'm not following my inbox much [10:15] too many things lately [10:16] zyga: https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.org/thread/U6JJ3IIJNNGGDZECSIMZC5UODAECCWPT/ [10:30] mborzecki, mvo: what about instance installation of snapd? [10:30] zyga: what do you mean? [10:30] can we snap install snapd_foo [10:30] and if so, what shall that mean? [10:30] no, it will be blocked [10:31] kernel, gadget, core & snapd snaps are non parallel installable [10:31] s/core/os/ [10:32] mborzecki: but you can parallel-install base snaps? [10:35] i suppose not, don't think that would be useful [10:37] mborzecki: maybe just clamp it to apps and "" [10:37] I think you're inviting trouble with instance installs of snaps [10:38] what problem are you trying to solve here? [10:39] Son_Goku: it's our 3rd most requested feature afaik [10:39] Son_Goku: after world peas and universal healthcare [10:39] I don't know if we should make "world peas" [10:39] :) [10:40] :D [10:40] Son_Goku: split pea and ham soup tho [10:40] haha [10:40] or just split pea soup [10:42] mvo: what was the failure with parsing losetup output? [10:42] ohh [10:42] mvo: fun issue [10:42] https://www.irccloud.com/pastebin/ACep9bL8/ [10:42] base policy needs love now [10:46] mvo: to fix this it would be _really_ nice to have slot-snap-type: snapd [10:47] that is, a dedicated type for snapd snap [10:47] WDYT? [10:47] pedronis: ^ [10:47] zyga, can I not have a snapd snap installed? [10:47] it's going to be dead code on my system [10:47] Son_Goku: no, it's mandatory because otherwise the code would be even more hairy [10:48] and it's not dead code entirely, as it interacts with snap-exec and snapctl at runtime [10:48] (they are taken from the snapd snap) [10:48] but using the snapd you guys build breaks things :/ [10:48] that's why we have to disable re-exec for every distro except Ubuntu [10:48] mborzecki: it will give me /dev/loop4 but I need /dev/mapper/loop4p3 [10:48] we won't use snapd but we will use other files from the snapd.snap [10:49] does that mean that patches against those binaries on the host are basically ineffective, then? [10:49] they are today [10:49] :/ [10:49] there's a lot of non-trivial stuff involved [10:49] and edge cases that are easy to miss [10:50] zyga: we need to discuss, adding a type like that doesn't make a lot of sense. really in that context "core" means system [10:50] mborzecki: don't get me wrong, I'm not opposed to fix it, just want to get this PR landed to make the followups smaller (and its not worse than before arguable at least) [10:50] pedronis: it's that or patching the policy checker to imply that snap name "snapd" has magic type "core" [10:51] zyga: well, we cannot use the name [10:51] ? [10:51] we really need to use the snap id at that level [10:51] woah, so what can we use? [10:51] that won't fly [10:51] mvo: no worries, just wondered if there's something fishin in losetup output there, and if so i can take a look at it later [10:51] store changes and all that [10:51] I mean, staging vs prod [10:51] I really like the simplicity of snap type [10:51] if name is a no-go then we need to discuss how this ought to work [10:52] snap type needs store changes too [10:52] and review-tools changes [10:52] when I said store changes I meant snapd talking to prod store or staging store [10:52] I agree that a new type needs store side changes [10:52] I know [10:52] hmm [10:52] mvo: ^ this blocks further work for now unless there's some magic way I can patch the policy for now [10:53] virtual system snap was not blocked this way because it was never installed and thus never verified [10:56] zyga: hm, hm, ok, lets discuss in the standup, but that is unfortunate. I'm not familiar enough with the details yet so I'm not sure what to do. I guess we can't simply add an exception at this point? [10:56] zyga: special case I mean [10:56] not sure where [10:56] we can cheat for a bit, but to be honest even the old system with type was a bit fragile [10:56] my plan was to simply allow snap name "snapd" [10:56] the fact you can have different things installed [10:56] in different cases [10:56] doesn't make it better [10:57] mvo: I can add the snapd id of "snapd" to all the built-in interfaces for now [10:57] but that's ugh [10:57] don't think we want to change the policies [10:57] themselves [10:58] zyga: yeah, that sounds not nice(tm) [10:58] pedronis: do you mean the built-in policy? [10:58] I mean whatever we do [10:58] I don't think we want to change the snippets [10:58] (too annoying) [10:58] pedronis: so what would you change? [10:59] zyga: where was that check for partial apparmor support on tumbleweed? [10:59] zyga: we have lots of options [10:59] mborzecki: interfaces/apparmor/backend.go [10:59] pedronis: like? [11:00] zyga: got it, thanks! [11:03] zyga: we can some change in policy/helpers.go [11:03] right, I was asking for the idea what to look for; my initial instinct was to just look at snap name but I think you said that would be invalid (since we cannot trust it) [11:04] one more idea is to perhaps tag implicit interfaces somehow [11:04] and skip validation [11:04] zyga: you can use the relevant snap ids in the place we check for type [11:05] will create problems for tests tough [11:05] so would that be hard-coding the well-known ID of snapd in the policy? [11:05] zyga: not in the policy [11:05] in the policy code [11:05] right [11:05] that's what I meant (policy/) [11:05] for a bit at least [11:05] we might in the end need a type [11:05] then we just translate that type to core [11:06] or the other way [11:06] around [11:06] or something [11:06] hmmm [11:06] I think we ought to either introduce snapd type or track and ignore implicit interfaces explicitly [11:06] ingnore based on what? [11:06] the name? [11:06] no no [11:06] if slotInfo.Implicit == true [11:06] just set Implicit on the interfaces we create [11:06] ignore in the sense that any snap can get them? [11:07] (a new attribute) [11:07] there is something fishy in this concept of ignore [11:07] and by ignore I mean skip the checks for _those_ interfaces [11:07] that means any snap can get their slot [11:07] well, it's just formality, we add them, [11:07] no [11:07] that doesn't make any sense [11:07] it's not an attribute [11:07] it's something only snapd could set [11:07] yes, but if it's in the interface [11:07] what prevent a random snap [11:07] to declare the slot? [11:07] I mean in SlotInfo [11:08] not in Interface [11:08] based on what again? [11:08] the snap name [11:08] we attach them based on name [11:08] the checks right now though are on type [11:08] well, today we _add_ the implicit interfaces based on snapInfo.Name() == "snapd" [11:08] if we disagree about that we need to take a step back and fix that [11:08] but it doesn't work [11:08] because there are checks [11:08] once we agree there it's trivial to add mark the interfaces as implicit [11:09] I disagree [11:09] I think we need a little more than a name [11:09] why do you think so? [11:09] because of side-loading? [11:09] no not sideloading [11:09] because it gets very messy [11:10] in the old world there was core snap and only one [11:11] and it was hard not to have it [11:11] now we are allowing various combinations [11:11] in the old world _any_ snap with type="core" would get the implicit interfaces [11:11] now I'm doing what we discussed yesterday [11:11] if we have snapd snap installed it gets the implicit interfaces, otherwise we do as before (any type="core" does) [11:13] i feel that what you're discussing is interesting for hotplug too, although i haven't followed all details... i'm currently adding hotplug slots to "core" [11:13] mborzecki: your comments on 5339 are not a +1 yet, right? it looks like it still needs a second review [11:13] pstolowski: yes, I asked this question yesterday on the standup but didn't realise you left by then [11:13] zyga: ah. ok. [11:25] hmmmm [11:25] one more twist [11:26] snap.Info.UseNick("core") returns "system" [11:26] and DropNick has the reverse logic [11:26] this is very annoying TBH [11:26] because it is stateless [11:27] mvo: ^ [11:27] so at the API level it's not any different [11:27] but "snap interface network" shows "system" as the slot [11:28] zyga: that is what I was mentioning the other day, it was a bit unclear that we wouldn't need reverse translation in the repo, or extra code in the api [11:28] I think that since we tell the user "system" all the time that we should have used system as a snap, it's just cleaner [11:30] zyga: anyway the change I have in mind in policy is not that big, also we never invoke policy code for snaps that don't have snap id [11:30] (we assume dangerous) [11:30] that's a good point [11:30] pedronis: I didn't get your response on the previous question, how shall we identify snapd-the-snap in general [11:30] to add interfaces to it [11:30] if the name check is wrong what is the right check [11:31] in policy, with the snap ids [11:31] but we can hide that mostly in a helper [11:31] not in the policy [11:31] in the interface manager [11:31] since that's where it starts [11:32] name is fine, given that it will be blocked by policy [11:32] if it's not installed with dangerous [11:32] mmm, ok [11:33] I'm off to have lunch, and then I've got a meeting at the boys' school [11:33] I don't think I'll make it to the standup [11:33] let me know if I said "yes" to anything in my absence :-D [11:34] Chipaca: we'll tell you what you have volunteered to do tomorrow ;-) [11:34] zyga: let me try to propose a diff of what I have in mind [11:34] pedronis: thanks, I'm looking at that code but if you have something that's super nice :) [11:35] Chipaca: we will assume "yes" to everything you don't explicitely nack [11:39] mvo: can you please merge https://github.com/snapcore/snapd/pull/5364 [11:39] PR #5364: packaging/opensuse: fix typo, missing assignment [11:39] it failed twice on random junk === pstolowski is now known as pstolowski|lunch [11:42] zyga: something like this is what I had in mind https://pastebin.ubuntu.com/p/KbsqbVN9by/ of course needs a couple of tests in policy_test.go to go with it [11:42] mmm, thanks, let's see where I can take this [11:44] heh, pushed to the wrong PR branch, quick reset & force push, maybe nobody will notice :) [11:47] PR snapd#5366 opened: snap: helper for validating snap instance names [11:54] mvo: shall we land #5362 ? [11:54] PR #5362: tests: use "ss" instead of "netstat" (netstat is not available in core18) [11:58] mvo: what's the id of snapd snap in staging? [12:01] hmm, we don't restart snapd.service when installing snapd.snap yet, do we? [12:02] zyga: I ran into this weird spread test failure in my PR: https://api.travis-ci.org/v3/job/394938067/log.txt -- I think it is down to incomplete cleanup in tests/main/xdg-open (it touches a file and then Arch's package manager refuses to overwrite it when I try to install a package) [12:03] mvo: with pedronis' patch I can install snapd and (since it doesn't restart) we get duplicated interfaces [12:03] after snapd restart things are ok [12:04] so I wonder if that test is using a bit of an anti-pattern [12:05] jamesh: looking [12:07] hmmm [12:07] I'm puzzled [12:08] what's the xdg-open in the filesystem that this conflicts with? [12:09] zyga: in tests/main/xdg-open, it touches /usr/bin/xdg-open and then bind mounts a fake version of the script over the top, and then undoes the bind mount in the restore script [12:09] ah [12:09] presumably this is intended to make the test work on systems with or without xdg-open installed before hand [12:09] zyga: I think we do have code to restarted but only if the model has a base [12:09] pacman refuses to overwrite files [12:10] IMO the main/xdg-open test must clean up after itself [12:10] instead of touching it could mv to .orig or something [12:10] zyga: it supposedly does [12:10] but it means it leaves an empty file around if xdg-open wasn't around before hand [12:10] mborzecki: does it? [12:10] but does not remove the file if it wasn't there [12:10] mborzecki: I'm looking at the restore section [12:10] yes [12:10] exactly === alan_g is now known as alan_g|afk [12:11] so to properly clean up it should unlink /usr/bin/xdg-open [12:11] i can do a quick fix [12:11] and if /usr/bin/xdg-open.orig exists mv it over [12:11] alternatively, it could install xdg-utils to ensure a real xdg-open is available to bind mount over [12:11] this is safe regardless of whether xdg-open existed or not [12:13] PR snapd#5339 closed: tests: initial core18 spread image building [12:14] mvo: ping [12:16] zyga: pong [12:16] mvo: can you shed some light on the expected behaviour of snapd the process when one "snap install snapd" [12:16] should snapd restart? [12:17] PR snapd#5364 closed: packaging/opensuse: fix typo, missing assignment [12:18] zyga: a great question. I think today on !core18 it should do nothing but on core18 it should restart [12:18] zyga: iirc it will do that already (restart in core18) [12:19] mborzecki: re 5363 (ss instead of netstat) - if it looks good lets land it. it evolved a bit since your first review, sorry for that, the output is slightly different so I had to tweak a bunch of greps [12:19] PR snapd#5355 closed: data/complete: fix three out of four shellcheck warnings in data/complete [12:21] mvo: mmmmm [12:21] mvo: thank you [12:21] mvo: so [12:21] well, actually, so installing snapd.snap on classic [12:22] what does that do? [12:22] s/do/should do [12:22] in the world without core [12:22] zyga: in a future world it will restart into snapd [12:22] zyga: into the snapd snap [12:22] future as in far into the future [12:22] zyga: but we are not there yet [12:22] or soon (week) [12:22] zyga: ~4-6 weeks [12:22] k [12:22] jamesh: opening a PR in a minute [12:23] so then we need to discuss what to do about implicit interfaces again [12:23] should the new logic only apply if model.Base is core18? [12:23] and otherwise things are as they are now [12:23] zyga: I think for now we focus on model.Base != "" [12:23] I think with _that_ extra logic (and noting that no new tests are present) I could propose my branch to see what happens [12:23] zyga: but eventually we will be in a new world with core16 and no snapd in there on classic [12:23] ok, I'll do that [12:23] thanks [12:24] zyga: and a snapd snap on classic that will have the role of core [12:24] zyga: *but* one step at a time :) [12:24] hhmmm [12:24] hold on [12:25] actually, let me have lunch [12:26] wow, econnreset [12:26] https://api.travis-ci.org/v3/job/394933199/log.txt [12:29] 2018/06/21 12:14:46.074136 store.go:1555: DEBUG: Download succeeded in 4.935s (109MB/s) === pstolowski|lunch is now known as pstolowski [12:31] PR snapd#5367 opened: tests/main/xdg-open: restore or clean up xdg-open [12:31] jamesh: zyga: ^^ [12:31] pstolowski: nice, that's fast :) [12:33] i guess iptables rule is not immediately effective (as suspected by mvo) [12:34] mvo, I'm getting some snapd errors related to not having GNU build ID in the binary, how can I add that to the binary? [12:36] abeato: those should just be warnings [12:37] abeato: did you see my comment in the PR? was that helpful? I also wanted to write a small spread test but I didn't had time yet, I think it would be a nice addition [12:37] mvo, hm, does not this have side effects?: https://paste.ubuntu.com/p/sdkwXp3nV4/ [12:38] mvo, yes, thanks for that, I have cherry-picked your commit and added it to the branch [12:38] abeato: those warnings are ok, it just means you get an unneeded profile-generation. maybe we need to phrase them differently so that they sound less scary [12:39] mvo, ok, was just wondering [12:39] thx [12:43] mvo: do you have some time to hop on the standup HO now and talk about core18? [12:44] zyga: yes, one minute, just finishing a small PR [12:44] ok [12:48] mvo: hmm, [12:48] hangouts/meet don't want to let me in [12:48] PR snapd#5368 opened: tests: disable core tests on all core systems (16 and 18) [12:50] mvo: ok, managed to join via regular hangouts [12:50] pstolowski: ok if i restart that build with econnreset? [12:51] mborzecki: yep, i made a copy [12:51] ack [12:51] thanks [12:52] pstolowski: download is run by the client only right? snapd is not proxying anything there? [12:52] mborzecki: correct [12:53] mborzecki: (in this particula case, e.g. on 'snap download ..') [12:53] right [12:53] zyga: look at your video ;) [12:56] PR snapd#5362 closed: tests: use "ss" instead of "netstat" (netstat is not available in core18) === alan_g|afk is now known as alan_g [13:47] PR snapd#5365 closed: spread-shellcheck: use the latest shellcheck available from snaps [13:53] PR snapd#5369 opened: overlord,interfaces,cmd: WIP early support for interfaces on core18 [13:53] I need to break now and take the dog out [13:53] zyga: thank you! [13:53] mborzecki: I will resume suse work when I'm back, looking forward to your testing :) [14:03] zyga: anything you need in 2.33.1 for suse? [14:05] Hmmm, yes but i am afk [14:05] 32C now, ufff [14:22] zyga: at least you know that it's almost summer :) [14:22] PR snapd#5370 opened: overlord/{config,snap}state: introduce parallel-installs feature flag [14:27] PR snapd#5371 opened: tests/main/interfaces-firewall-control: shellcheck fix [14:27] mvo: ^^ [14:40] mborzecki: \o/ thank you [14:48] PR snapd#5356 closed: packaging: require snapd.socket in snapd.seeded.service; make sure snapd.seeded.… [14:54] PR snapd#5372 opened: many: improve udev trigger on refresh experience (2.33) [15:33] PR snapd#5372 closed: many: improve udev trigger on refresh experience (2.33) [15:38] re [15:38] * zyga tried to read a paper but ended up talking to mvo and then to family members [15:38] anyway, back now [15:42] mvo: hey [15:42] did you look at the RFC PR yet? [15:42] it fails on core 18 with [15:42] + snap install --channel=edge snapd [15:42] error: cannot install "snapd": cannot install snapd snap on a model without a base snap yet [15:42] did I mess up or is the core18 somehow ending up without a model yt [15:42] *yet [15:43] in any case, please look at the branch, it's very small so far [15:43] I will focus on suse release for the rest of the day [15:47] PR snapd#5373 opened: release: 2.33.1 [15:52] pstolowski: https://github.com/snapcore/snapd/pull/5368 needs a 2nd review [15:52] PR #5368: tests: disable core tests on all core systems (16 and 18) [15:53] looking [15:56] +1 [15:56] PR snapd#5331 closed: snapstate: sort "snapd" first [16:12] as I remarked to mvo this morning 5331 is not sufficient to solve the related problems [16:18] pedronis: shall I revert it? [16:18] it's not harmful by itself [16:18] but I would like to understand if the other problem is being tracked === pstolowski is now known as pstolowski|afk [16:27] mvo: pedronis is there any reason for why the actual snap file on /var/lib/snapd/snaps would be 600 when installed with --dangerous but 644 otherwise? [16:30] I don't think is --dangerous [16:30] is local vs from from store [16:31] the involved files are created differently [16:31] I see the 0644 [16:33] the 0600 (for local installs) comes from ioutil.TempFile [16:55] pstolowski|afk: #5326 reviewed [16:55] PR #5326: api/snapctl: allow -h and --help for regular users [17:01] cachio: 2.33.1 is in the beta channel now - just fyi - mostly small fixes and test tweaks for autopkgtest [17:01] mvo, nice, I'll make a run today [17:08] wow, opensuse really hates my nvidia, the graphical installer refuses to start, textual yast wants to do something (besides being super inconvenient to use) but i doubt that matches what i want it to do, wish i could just mount the target fs and bootstrap everything by hand, probably possible just havent found the way yet [17:10] mvo: offtopic, did you know about git cherry-pick -m 1 ... [17:10] it's very useful, I found it by accident [17:10] pick a merge commit sha and cherry pick the whole lot [17:10] mborzecki: which release are you on? [17:11] mborzecki: try tumbleweed if you can, it's the most interesting to test for me [17:11] tw, pulled today's current [17:11] good [17:11] (and bad, sorry about your card) [17:11] i'm quite sure that vesa works, just no clue why it's not even tried [17:15] zyga: oh, neato, I was not aware of this [17:16] storm is coming! [17:17] 32C is falling quickly and it's all dark now [17:17] zyga: 16C here [17:17] !!! [17:17] how can it be twice as cold there as it was here a moment ago [17:17] it's barely an hour away [17:18] PR snapd#5374 opened: tests: disable core tests on all core systems (16 and 18) [17:25] PR snapd#5371 closed: tests/main/interfaces-firewall-control: shellcheck fix [17:26] mborzecki: https://github.com/snapcore/snapd/pull/5370 [17:26] PR #5370: overlord/{config,snap}state: introduce parallel-installs feature flag [17:27] zyga: hm? [17:27] look at my comment please [17:27] PR snapd#5367 closed: tests/main/xdg-open: restore or clean up xdg-open [17:28] PR snapd#5368 closed: tests: disable core tests on all core systems (16 and 18) [17:29] zyga: restarted the build, it's alreayd fixed in master [17:29] Thank you! [17:29] mvo: the 2.33.1 PR fails for the same reason [17:29] + something that looks like journalctl skew [17:30] zyga: that test log is a bit misleading, the most interesting part is just the last few lines which gives a summary of what failed and why (expectedly/unexpectedly and so on) [17:37] aha [17:49] * Chipaca EODs and goes to find a place with a tv [17:49] o/ [17:50] uh-oh [17:50] fire nearby [17:50] I see lots of smoke and hear the sirens [18:01] I have a love-hate relationship with "orc" [18:01] "osc" [18:01] it sucks as a VCS [18:01] but it really rocks as a builder [18:01] it's way too big (CLI is insanely complex) [18:01] but the build part is really flawless [18:07] smoke intensifies [18:08] I'll go to check it out [18:12] an old house is on fire [18:14] and a 2nd building now, a block of flats next to it, still under construction [18:16] I need to add three directory ownership lines to snapd.spec on opensuse [18:16] %dir /usr/lib/systemd/system-generators [18:16] %dir /usr/share/dbus-1 [18:16] %dir /usr/share/dbus-1/services [18:16] Pharaoh_Atem: ^ [18:16] first question, should I own them (build fails on leap without it, works on tumbleweed without them) [18:16] and second question, what's the abbreviated name for those (with variables and such) [18:17] mborzecki: ^ [18:21] more fire [18:21] and more sirens nearby [18:24] https://www.facebook.com/photo.php?fbid=1939797056064540&set=gm.10160553222185322&type=3&theater [18:26] mborzecki: I have this interesting output from the build service: [18:26] [ 132s] /usr/lib/snapd/snap-mgmt: line 25: systemd-escape: command not found [18:26] we have Requires: systemd [18:26] I wonder what else might be missing [18:28] zyga: yeah, the failure of the changelog PR is strange === phoenix_firebrd is now known as phoenix_firebrd_ [18:32] I see this failure often while building the package [18:32] panic in snap state tests https://www.irccloud.com/pastebin/zP4C8oCp/ [18:38] is it just me or is travis very slow? [18:38] I mean, giving me data for the test results [18:46] mvo: it's unusably slow [18:46] the page is so js-heavy it renders very very slowly [18:46] I always click on the button to show raw log but even getting there is painful [18:46] mborzecki: do you have suse ready? [18:47] I sent my build to https://build.opensuse.org/package/show/home:zyga:branches:system:snappy/snapd [18:49] I will break now [18:49] after this builds I will test it on my machines [18:49] and update the forum [18:49] I still have a small diff to send [18:49] (to master) === phoenix_firebrd_ is now known as phoenix_firebrd [19:00] zyga: %{_systemdgeneratordir} [19:01] zyga: %{_datadir}/dbus-1/services [19:03] it would be awesome if some python script could do that [19:03] thank you! === phoenix_firebrd is now known as phoenix_firebrd_ === phoenix_firebrd_ is now known as phoenix_firebrd [20:56] Pharaoh_Atem: let me know if you need any testing on Fedora [21:47] zyga: will do [21:47] I'm planning on updating Fedora to 2.33.1 [21:48] I'm trying to coordinate updating xdg-desktop-portal to 0.11 there too, though [22:59] Pharaoh_Atem: re [22:59] Pharaoh_Atem: do you have any idea what failed on https://build.opensuse.org/package/show/home:zyga:branches:system:snappy/snapd [22:59] the tumbleweed builds failed [22:59] they enable apparmor [22:59] I don't quite get it what happens at build time, is the build machinery somehow _executing_ scripts? (%post, etc) [23:22] ah [23:22] fixed it :) [23:22] sheesh