/srv/irclogs.ubuntu.com/2018/06/28/#snappy.txt

mborzeckimorning05:00
zygaGry06:27
zygaHey06:27
mborzeckizyga: hey06:30
mborzeckizyga: can you look at #5421 there's something fishy there06:31
mupPR #5421: tests: replace MATCH by grep to check users created for ubuntu core <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/5421>06:31
zygaYeah, in a moment. Barely waking up here06:31
zygaWe found a curious bug last night06:32
mborzeckizyga: what curious bug?06:42
mborzeckithis one?06:42
zygaFirst coffee06:42
zygaI stopped working after 10PM again06:42
mvozyga: good morning!06:43
mvozyga: how can I help :)06:43
mborzeckimvo: hey06:44
zygaHey :-)06:44
mvohey mborzecki06:44
zygaAll good just need to wake fully06:44
zygaAnd we have a small patch to unbreak snappy in lxd06:44
zygaI will send it in 20 minutes, just need to clean the kitchen to make the coffee06:45
mborzeckicoffee, splendid idea06:45
mvo5419 is probably an easy win, has one review already and looks pretty straightforward06:46
mborzeckizyga: btw. that's my kde bug that caused no sound in hangouts: https://www.mail-archive.com/kde-bugs-dist@kde.org/msg249018.html06:46
mvopstolowski|afk: good morning! when you have a chance, please check 5415, zyga has one suggestion there about the comment otherwise it is good to go (has two +1 etc)06:49
zygare06:50
zygaok, finally at the keyboard06:50
zygamvo: looking06:50
zygamvo: would you mind reviewing the apparmor change I sent a few days ago?06:51
zygaI'll get a 2nd review from jamie06:51
mvozyga: sure, I'm just going over the list sequentially06:52
zygamvo: going back to front helps in making sure we don't starve old PRs06:52
mvo5409 is probably a super simple review btw06:54
mvozyga: yeah, good point06:54
mupPR snapd#5404 closed: i18n: add canary checking to pot file extraction <Created by mvo5> <Closed by mvo5> <https://github.com/snapcore/snapd/pull/5404>06:56
mupPR snapd#5419 closed: many: switch to account validation: unproven|verified <Created by pedronis> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/5419>06:57
zygapedronis: https://github.com/snapcore/snapd/pull/5419#discussion_r198725202 (when you are around)06:58
mupPR #5419: many: switch to account validation: unproven|verified <Created by pedronis> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/5419>06:58
zygamvo: ^06:59
pedroniszyga: ?07:00
pedronisof course we need to signe the new assertion (which means using the root key, so probably will not happen until the september sprint)07:01
zygaperhaps I'm reading the patch wrong07:01
zygawhen is assembleAccount called?07:02
pedronismany places07:02
pedronisbut yes you are reading the patch wrong07:02
pedronisis just changing what the accessors see07:03
zygaah, that's good then07:03
pedroniswe sign a text, not a struct07:03
zygayeah, I know that,07:03
zygaI was worried that this is changing the data to be assembled into the text blob07:04
pedronis?07:04
pedronisit changes only what comes out of the new Accessor07:04
pedronisValidation07:04
zygaok07:04
pedronisas the comment tries to explain is really about preexisting stuff07:05
pedronis(until we can rev them)07:05
mupPR snapd#5400 closed: spread.yaml: enable main and regression suite on core18 systems <Core18> <Created by mvo5> <Closed by mvo5> <https://github.com/snapcore/snapd/pull/5400>07:06
zygamborzecki: commented on 542107:06
zygaI'm -1 on that07:07
mupPR snapd#5398 closed: tests: disable auto-refresh test on core18 <Core18> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5398>07:07
mupPR snapd#5322 closed: cmd/snap-confine: include CUDA runtime libraries <Simple> <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5322>07:12
mborzeckizyga: yeah, looks fishy, idk maybe something with the storage again07:16
mborzeckizyga: if you look at the pastebin, the output that's logged there even matches07:16
zygamborzecki: yeah07:17
zygait is odd07:17
zygaespecially that this is a file07:18
mborzeckihmm let me restart that travis job a couple of times07:18
zygaI'll play with MATCH07:19
zygabut first07:19
zygafix the lxd bug07:19
zygathen finish coffee because I'm still fuzzy07:19
zygathen MATCH07:19
mborzeckifuzzy MATCH(ing)07:19
=== pstolowski|afk is now known as pstolowski
pstolowskimorning07:20
mborzeckipstolowski: hey07:20
zygahehe07:20
zygaI'm very fuzzy matching today07:20
zygaon the upside I managed to convince the kids to help a little07:21
mvozyga: help coding? good job man!07:21
zygahaha07:21
zygaI wish :D07:21
mvozyga: no playing with the MATCH bug please, lets first attack the two core18 issues07:22
zygamvo: that's fair07:23
zygamborzecki: all yours07:23
zygamvo: the lxd issue is tiny so I'll do that first if you don't mind07:23
zygathen back to core1807:23
mvozyga: sure, I don't want to boss you around :)07:24
mvozyga: just a little ;)07:24
mupPR snapd#5230 closed: interfaces/udisks2: also implement implicit classic slot <Created by jdstrand> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5230>07:32
mupPR snapd#5423 opened: cmd/snap-confine: fix nvidia support under lxd <Created by zyga> <https://github.com/snapcore/snapd/pull/5423>07:34
zygamborzecki: this is something for you https://forum.snapcraft.io/t/lxd-snaps-nvidia/6134 :)07:36
zygamvo: can we remove 2.33 milestone now07:36
zygaI don't know how to now that issues don't show up on github07:37
mborzeckizyga: i'll check it before the standup, 18.04 host is good enough?07:41
zygayes07:41
mborzeckiok07:41
zygamborzecki: but must use nvidia drivers and you need to perform the test in a container07:41
zygaI would recommend that you perform a baseline test first07:42
zygato see the denial07:42
zygaand then use patched snap-confine07:42
mborzeckinow got to find that usb with mu 18.04 install07:42
mborzeckiyay found it :)07:47
mborzeckihttps://forum.snapcraft.io/t/search-by-common-id/6136 this involves some store work too?07:52
mvozyga: with https://github.com/mvo5/snappy/tree/core18-all-fixes-all-tests we are down to only a few failure: http://paste.ubuntu.com/p/FsTMHB6fFs/ - this is why I'm so keen to fix the snap-disconnect (i.e. route core: to system) and the core mount namespace08:07
zygamvo: I will have the latter done in ~ hour08:08
zygaso I think today we may see all green on that PR08:08
mvozyga: the stop mode issue is still a bit mysterious, I think its a race but I don't know how to fix it yet08:09
mvozyga: but yeah, would be awesome to get it to green08:09
mupPR snapd#5326 closed: api/snapctl: allow -h and --help for regular users <Created by stolowski> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/5326>08:20
mborzeckigoogle:ubuntu-core-16-64:tests/main/snapd-notify seems to be failing overly frequently08:25
mborzeckithis test looks weird, any idea what it's about? all it's doing is systemctl status snapd.service08:32
Chipacamoin moin08:33
Chipacahands up if you just messed up the last page of the paperwork and you need to take a break before reprinting it08:34
* Chipaca finally done except for this bit that's like a checksum of all the above08:34
Chipacathen i print that and i'm off to the postoffice and then i'm DONE08:34
* Chipaca gets back to it08:40
mborzeckihm i'll rework tests/main/snapd-notify to use systemctl show properties rather than looking for a debug message08:41
zygamborzecki: my gut feeling is, logging failure08:41
mborzeckizyga: yeah, that's why looking at ExecMainStartTimestampMonotonic and ActiveEnterTimestampMonotonic makes more sense as it comes directly form systemd08:42
mvopedronis: re the wait-for-auto-connect review - you ask about s.overlord.Settle() there. what is your suggestions? I was thinking about using s.overlord.SnapManager().Ensure() but that does not mix well with the Settles() we use in the tests elsewhere. what is your suggestion here?08:48
pedronismmh08:52
pedronismvo: my problem is not so much Settle but the loop etc, why doesn't the old code don't work anymore?08:53
mvopedronis: settle never converges because auto-connect waits for the restart08:54
mvopedronis: so the change is never "done"08:54
pedronis?08:54
pedronislet me check08:55
pedronissomething is different then08:55
mvopedronis: you mean settle should work?08:55
pedronisyes08:55
mvopedronis: even if the change does not go into done state?08:55
mvopedronis: aha, ok. sorry, I was not aware of this, let me look08:55
pedronissettle doesn't check for done08:55
pedronisit checks for ensure scheduling08:55
mvopedronis: don't worry in this case, I can dig into this, I had the wrong assumption08:55
pedronismvo: btw, did we kill this test:  https://github.com/snapcore/snapd/blob/release/2.32/overlord/managers_test.go#L969  ?08:57
pedroniswe should maybe bring it back08:57
pedronisno, still there08:58
pedroniswondering what it does right now on master though08:58
* mvo nods08:58
mvopedronis: aha, so I think the issue is that doAutoConnect returns retry errors. and this means that the taskrunner will schedule runing this task in the future and this is what settle looks at (are there tasks scheduled to run pending). does that make sense?09:06
* Son_Goku groans to life09:09
mvopedronis: the TestInstallCoreSnapUpdatesBootloaderAndSplitsAcrossRestart works because the configure hook of core waits for a restart09:12
mvopedronis: I can make the test smarter and ensure that the wait happens in the right place (at the auto-connect task)09:12
Son_GokuI guess it's more accurate that I was startled awake by thunderstorm...09:17
pedronismvo: no, I'm still not understand, we had tests like that before09:17
pedronismvo: remember the old code in setup-profiles was also like that09:21
mvopedronis: ok, let me dig some more then09:22
mvopedronis: I made the other test more targeted fwiw09:22
pedronismvo: anyway, maybe we are talking past each other, I don't know how you are changing the other test09:28
mvopedronis: I think you are spot on actually. I think the difference is that in the old code we did not restart, we had a check that if the same core is installed as the core that was booted we ignore the restart09:30
mvopedronis: for core18 this is different right now (we can discuss if that is good or bad :)09:31
mupPR snapd#5424 opened: tests/main/snapd-notify: use systemd's service properties rater than the journal <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5424>09:31
pedronismvo: it's the snapd always restarts stuff?09:31
mvopedronis: its different because right now snapd in seeding mode is not fully installed but after it seeded itself it is fully installed, so it seems to make sense to restart into the fully installed one at this point09:32
mvopedronis: yeah, its the snapd that triggeres the restart09:32
pedronisbut the other test in managers_test09:32
mvopedronis: the core18 will not trigger a restart as we use the same check if the revision is the same we booted we don't restart09:32
pedronisalso has a restart09:32
pedronisbut Settle is enough09:32
mvopedronis: indeed, let me look what is going on there09:33
* Chipaca returns, triumphant09:35
* Chipaca looks up the spelling of "pyrrhic"09:36
mvopedronis: still digging but yeah, something is different, its strange the old and the new code use the same retry but in the old one it does converge not in the new09:43
mvopedronis: also strange - in both the new and old world the TestInstallCoreSnapUpdatesBootloaderAndSplitsAcrossRestart test works with settle09:45
mvopedronis: aha! found it - so the difference is that the old code only waited for "core" with setup-profiles. but the new code waits for all snaps that are in auto-connect to restart09:50
pedronismvo: yes, but  they are done in order09:51
pedronisI'm still missing something09:51
pedronismvo: the first settle should stop after snapd or core09:51
pedronisthen you set the system as restarted and continue, no?09:51
pedroniswhat am I missing09:51
mvopedronis: maybe something in the ordering is wrong, let me check09:52
mvopedronis: I see that both snapd and core18 are in doing state for auto-connect - which should not be the case, right?09:52
pedronisyes09:52
pedronisthat seems wrong09:52
pedronissomething bad with the new snapd code09:52
mvopedronis: thanks, let me re-read the wait code09:52
mvopedronis: yeah, probably a missing WaitAll() in the new code09:52
pedroniswe should install in order snapd core18  kernel gadget  other snaps09:53
pedronisall sequentially09:53
mvopedronis: indeed09:53
pedronismvo: good I insisted because seems there's a real issue09:53
mvopedronis: yes!09:53
mvopedronis: this also explains why the other test is fine09:54
mvopedronis: its probably a bug in the firstboot code only09:54
mupPR core18#43 opened: Remove manpages and other documentation, cleanup empty doc dirs <Created by sil2100> <https://github.com/snapcore/core18/pull/43>09:56
mborzecki#5242 is a trivial review if anyone's interested09:59
mupPR #5242: tests: new test for joystick interface <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/5242>09:59
mborzeckiduh, wrong number10:00
mborzecki#5424 is the trivial one10:00
mupPR #5424: tests/main/snapd-notify: use systemd's service properties rater than the journal <Simple> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5424>10:00
mvopedronis: I pushed an update10:11
pedronisah10:13
pedronismvo: so, good, that was bad10:14
mvopedronis: yes, thanks for the persitance in getting to the bottom of it10:14
mvopedronis: there was also the unit test for the task ordering missing :(10:14
mupPR snapd#5415 closed: interfaces: moved normalize method to interfaces/utils and made it public <Reviewed> <Created by stolowski> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/5415>10:20
pedronismvo: thx, some more small comments there but looks good overall10:22
* Chipaca reading https://forum.snapcraft.io/t/5685 very slowly10:31
* zyga hands Chipaca a copy of for extra fun https://kernel.org/pub/linux/kernel/people/paulmck/perfbook/perfbook-1c.2017.11.22a.pdf10:32
* Chipaca hands zyga the original documentation for tc10:33
* Chipaca notes it was only found in russian at first10:33
zygatc?10:33
Chipacazyga: traffic control10:35
mupPR snapd#5417 closed: image: block installation of parallel snap instances <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/5417>10:36
mborzeckianyone willing to take a look at #5389 ?10:39
mupPR #5389: snap: account for parallel installs in wrappers, place info and tests <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5389>10:39
Chipacamborzecki: bring it on10:39
mborzeckiChipaca: thanks!10:47
mborzeckihmm WatchdogTimestampMonotonic=0 on 14.04 with systemd 20410:54
mvopedronis: thank you!10:54
mvopedronis: I updated the pr again but no rpush with a review, need to have lunch now :)11:20
pedronismborzecki: after #5389 will there be still nore changes in the snap package itself?11:20
mupPR #5389: snap: account for parallel installs in wrappers, place info and tests <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5389>11:20
pedroniss/nore/more/11:21
mborzeckipedronis: there'll probably be more, the orignal branches introduced some extra helpers and renames, but those can come in later when needed11:22
mborzeckizyga: libzypp has download.max_silent_tries to auto retry downloads, i'm checking this now, if it doesn't break things i'll open a PR11:26
zygaoooh11:27
zygayes please11:27
zygathat's a fantastic feature11:27
zyga(no pressure there apt/dnf)11:27
mupPR snapd#5414 closed: corecfg: added experimental.hotplug feature flag <Created by stolowski> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/5414>11:35
=== pstolowski is now known as pstolowski|lunch
mupPR snapd#5425 opened: spread: increase the number of auto retries for package downloads in opensuse <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5425>11:42
mborzeckizyga: ^^11:43
mborzeckizyga: also if you could take a look at 5424 please11:43
zygadone11:45
mborzeckithe tests are super frustrating today11:46
mupPR snapd#5426 opened: client, cmd/snap: pass snap instance name when installing from file <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5426>12:00
mborzeckicarved out another piece from parallel installs branch ^^12:00
zygamvo: ha12:02
zygamvo: did you think about this case: core18 system, snapd.snap, core.snap, you run an app that uses core.snap as base; which snap-confine is used? which snapctl is visible?12:02
zygacleaning up snap-confine made me realise this is a bit weird now12:03
pedronissnapctl comes from where snap-confine comes12:04
zygammm, well, it should12:05
zygabut those are arranged differently12:05
zygasnap-confine is selected by snapd on the outside12:05
zygasnapctl is selected by snap-confine12:05
pedronisyes12:05
zygaand the logic is not the same12:05
pedronishow can it be12:05
pedronissnapctl is picked relative to snap-confine12:05
mborzeckiswitching to ubuntu to check the lxd thing12:06
zygammm? there's a bit of code in snap-confine that, if you are not using "core" as a base, does extra bind mounts12:06
zygathis handles snap-confine but snapctl is in another place12:07
* zyga looks at what happens12:07
zygaI think it's something to tidy12:07
pedronisin that case uses_base_snap is true, no ? you said core18 and snapd present12:09
zygayes but that doesn't handle /usr/bin/snapctl as far as I can see12:09
zygait just does nothing for it12:10
zygathere's a chunk of commented-out code there12:10
pedronismmh, I thought snapctl was in /usr/lib/snapd12:11
pedronisthat is my confusion12:11
pedroniswe have code for that12:11
zygayeah, it'd be easier12:11
pedronishttps://github.com/snapcore/snapd/blob/master/cmd/snap-confine/mount-support.c#L36012:11
zygacould we ship a symlink /usr/bin/snapctl -> $libexecdir/snapd/snapctl12:11
zygayeah, I'm looking at the exact same code now12:12
zygaanyway, I will add this to the core18 todo list for today12:12
pedronissounds something to discuss with mvo12:14
zygaagreed12:14
mvozyga: which snap-cofine/snapctl - the one from core18. I think we want to ensure the tooling is in sync with snapd12:25
zyga yes12:26
zygamvo: let's HO if you want to chat quickly ahead of the standup12:26
mvozyga: sure12:26
mvozyga: I have a PR that moves snapctl into /usr/lib/snapd :)12:26
zygaoh, that's great12:26
zygathank you for doing that12:26
mvozyga: one min, just preparing a cup of tea12:26
zygathat's going to be a godsend12:26
zygamvo: I had a crazy idea just now12:27
zygasnapd.deb that ships just snapd.snap + entrypoint12:27
mvozyga: yeah, its a fun idea to explore12:27
zygamvo: ready when you are12:32
mborzeckizyga: lxd from snaps too?12:36
zygayes12:36
pedronismvo: looking at 5392 seems I found an unrelated bug, left a comment there12:58
=== pstolowski|lunch is now known as pstolowski
mvopedronis: thanks, I work on this13:02
mborzeckizyga: dog slow container rootfs download, ~300kBps13:09
mborzeckizyga: replace snap-confine inside the container right?13:24
zygayes13:24
zygaand disable reexec13:24
zygaand this will fail but that's fine, it will need an apparmor tweak that we can do as we see the denial13:24
mborzeckiok13:25
mborzecki-ubuntubtw, current master https://paste.ubuntu.com/p/7crJcmKcH7/13:30
zygaI saw that too, I think this is timing/racy test13:31
mborzecki-ubuntuzyga: https://paste.ubuntu.com/p/Q855YBK6nm/13:38
zygathat's perfect, thanks13:39
zygacan you change the apparmor profile for snap-confine13:39
zygaI will tell you where13:39
zygahold on13:39
zygaon line 26913:39
zygathere are a few "remount ro" things13:39
zygachange "remount ro bind" there13:39
zygareload and try13:40
zygathank you!13:40
mborzecki-ubuntuyup trying it already13:41
mborzecki-ubuntuzyga: i've edited snap-confine.real13:41
zygathat's good13:41
mborzecki-ubuntuzyga: https://paste.ubuntu.com/p/n9536fST8D/ hmm i should probably update lxd profile too13:46
zygano, not the lxd profile13:48
zygamborzecki-ubuntu: what's the profile you have now?13:48
zygaas a sanity check13:48
zygacopy paste the three lines13:48
zygaand have a variant with and without remount13:49
zygain case the pattern requires all flags to be present13:49
zygabut hmm13:49
ogra_mvo, hmm, does the pi-config stuff of snpd check the existence of values in config.txt at all ?13:57
ogra_ogra@pi2:~$ snap set core pi-config.gpu-mem-512=true13:58
ogra_ogra@pi2:~$ snap set core pi-config.gpu-mem-512=true13:58
ogra_ogra@pi2:~$ snap set core pi-config.gpu-mem-512=true13:58
ogra_ogra@pi2:~$ tail -10 /boot/uboot/config.txt13:58
ogra_device_tree_address=0x0200000013:58
ogra_core_freq=25013:58
ogra_dtoverlay=vc4-kms-v3d13:58
ogra_gpu_mem_512=true13:58
ogra_gpu_mem_512=true13:58
ogra_gpu_mem_512=true13:58
ogra_gpu_mem_512=true13:58
ogra_gpu_mem_512=true13:58
ogra_gpu_mem_512=true13:58
ogra_seems it completly blindly appends lines to it13:58
zygamborzecki-ubuntu: let me know what you get and I'll be right back13:58
ogra_(not sure if thats any different in stable, that pi runs edge atm)13:59
ogra_uh ... even worse:13:59
ogra_ogra@pi2:~$ snap set core pi-config.gpu-mem-512=false14:00
ogra_ogra@pi2:~$ tail -10 /boot/uboot/config.txt14:00
ogra_core_freq=25014:00
ogra_dtoverlay=vc4-kms-v3d14:00
ogra_gpu_mem_512=true14:00
ogra_gpu_mem_512=true14:00
ogra_gpu_mem_512=true14:00
ogra_gpu_mem_512=true14:00
ogra_gpu_mem_512=true14:00
ogra_gpu_mem_512=true14:00
ogra_gpu_mem_512=false14:00
ogra_it doesnt toggle the existing value at all but just appends and append for each snap set call14:00
mborzecki-ubuntuzyga: hm actually one denial is gone, if you look at the first log, there were to, one seemd like it's inside the container's namespace (?)14:00
zygawhat's the current denial you see14:01
mvoogra_: uhhh14:02
ogra_yeah14:02
mvoogra_: let me check14:02
mborzecki-ubuntuzyga: https://paste.ubuntu.com/p/n9536fST8D/ look below '<--- profile replaced --->' line14:03
zygaand the app fails to start, correct?14:04
mborzecki-ubuntuzyga: yes14:04
zygado you have the vanilla profile somewhere, can you diff before/after14:04
zyga(and did you reload the profile (just checking))14:04
mvoogra_: hm,hm,we have tests that should ensure that things are not blindly appended but obviously reality disagrees, lets me find out what is going on14:05
mborzecki-ubuntuzyga:  apparmor_parser -r /etc/apparmor.d/usr.lib.snapd.snap-confine.real14:05
zygathe file inherit parts are harmless, I think14:07
zygaonly the last one is the problem14:07
mborzecki-ubuntuzyga: http://paste.ubuntu.com/p/KwgWCRgskx/14:08
mborzecki-ubuntuzyga: tha's inside the container14:09
ogra_mvo, thanks, need a bug ?14:09
zygasorry my input froze14:09
zygamborzecki-ubuntu: the denial now is from lxd indeed14:10
zygathat's interesting14:10
zygalet me look at the conversation last night14:10
* ogra_ holds a flame under zyga's input14:10
mvoogra_: this is current edge I assume?14:10
ogra_mvo, yeah, i havent tried stable ...14:10
mvoogra_: no worries14:11
ogra_(i can if it helps though)14:11
ogra_(after a meeting i'm currently in)14:11
mvoogra_: all good, just want to know if I can start with master when trying to reproduce14:11
ogra_yeah14:11
zygamborzecki-ubuntu: I think next lxd will fix it14:13
zygahttps://github.com/lxc/lxd/pull/4704/files14:13
mupPR lxc/lxd#4704: lxd/apparmor: Allow ro bind-mounts and remounts <Created by stgraber> <Merged by brauner> <https://github.com/lxc/lxd/pull/4704>14:13
zygamborzecki-ubuntu: can you re-write the profile again, so that snap-confine has just the extra "remount" there14:14
zygareload that profile14:14
zygaand ensure this is consistent with the denial you had before14:14
zygaand finally add that to the PR 542314:15
zygathat that should be it14:15
mupPR #5423: cmd/snap-confine: fix nvidia support under lxd <Created by zyga> <https://github.com/snapcore/snapd/pull/5423>14:15
mborzecki-ubuntuzyga: wonder if lxd with this patch is in edge already14:16
zygagood idea, let's check :)14:18
zygaI need to take Bit for a walk14:19
zygait's been too long already14:19
zygamvo: I'll share what I have after I'm back14:20
mupPR snapd#5427 opened: configcore: fix incorrect handling of keys with nubmers (like gpu_mem_512) <Created by mvo5> <https://github.com/snapcore/snapd/pull/5427>14:23
pedronisaway _14:25
mvoogra_: -^14:26
stgrabermborzecki-ubuntu: it should be, yes14:26
mvoogra_: it just happens with key that have numbers in them14:26
stgrabermborzecki-ubuntu: and I've included it in candidate too14:26
mvoogra_: still a bug of course, thanks for the report14:26
mborzecki-ubuntuzyga: lxd (edge)    git-fe39a5a (7606) + snap-confine patch + apparmor profile update works14:26
mborzecki-ubuntustgraber: ^^14:26
ogra_mvo, ah ! so i was just lucky to test the right key :)14:27
mvoogra_: precisely14:27
mvoogra_: the fix above should be fine, I look into removing the hand-made thing, I think we have a better library for this14:27
ogra_i'll test once it merged14:27
mvoogra_: should be fine, I added a regression test (famous last words)14:28
ogra_:)14:28
zygaThank you mborzecki14:31
mborzecki-ubuntuzyga: now that MS_BIND is added, apparmor rules for gl{,32} and glvnd need an update too, right?14:31
zygaYes, all three14:32
niemeyermvo: On the go-check tweak, does the + at the end make sense for the case of the diff output?14:37
mvoniemeyer: you mean when a struct compare fails? I can look into removing it, I think its redundant and looks a bit out of place14:39
niemeyermvo: I'm trying to understand the consequence, but I can't quite put my finger on it given the examples14:39
niemeyermvo: Line 90 at the very end of the PR diff looks suspect, though.. might be a consequence of it14:40
mvoniemeyer: yes, thats a consequence14:40
niemeyermvo: The case demonstrated in the multiline test (TestMultiLineStringEqualFails) is super sweet, btw14:41
niemeyermvo: Okay, this is my last remark then14:41
niemeyerLGTM otherwise14:41
mborzecki-ubuntuhttps://paste.ubuntu.com/p/QYwPQhcFfz/ heh each time i run the unit tests a new error comes up14:42
mvoniemeyer: thank you! on so many levels :)14:43
mvoniemeyer: I will see how I can get rid of the "+" then in the output, iirc this is something that kr/pretty generates14:43
mvopedronis: I replied to your panic question in 5392 - happy to write another PR with a small unit test to be on the safe side14:47
pedronismvo: notice that that code could be used on classic14:47
pedronisin that case there's no kernel and potentially no gadget14:48
mvopedronis: then we are missing a test, let me add one14:48
pedronismvo: yes, this is about classic mostly14:48
niemeyermvo: np, and thanks again for the feature. It'll be great to have this!14:49
mvopedronis: iirc we test the classic firstboot in a different place, let me dig into it14:49
niemeyermvo: I don't think the + comes from pretty14:49
niemeyermvo: See the format function14:50
pedronismvo: yes, but this would be a strange tests with a seed.yaml that is empty or has empty snaps  (not sure we have one like that)14:50
niemeyermvo: If it did come from pretty, we'd have the "..." added by the format function14:50
pedronismvo: we have one with no seed.yaml at all I suppose14:50
mborzecki-ubuntuzyga: i'll push to your branch14:50
pedronisbut maybe I'm misremembering14:51
niemeyermvo: But we don't.. it looks like a minor bug on the formatting itself14:51
mvoniemeyer: aha, ok14:51
mvoniemeyer: thanks again!14:51
niemeyermvo: The + makes sense for the string case (see the multiline example)14:51
niemeyermvo: We might even reuse the quote bool14:51
niemeyermvo: np!14:52
* niemeyer lunches14:52
mvopedronis: hm, firstboot_test.go has no test for classic. let me find those tests first then I will add it there14:52
zygaThanks mborzecki14:52
pedronismvo: I thought it had a couple14:52
mborzecki-ubuntuzyga: and pushed14:52
mborzecki-ubuntuzyga: also verified locally14:53
mvopedronis: maybe I'm just too naive, I was looking for MockOnClassic in this file14:53
pedronismvo:  TestPopulateFromSeedOnClassicNoSeedYaml14:53
mvopedronis: aha, there they are. thank you, I will add the test now14:53
mborzecki-ubuntuour nvidia spread test caught that too, yay!14:54
pedronismvo: we have ClassicNoSeedYaml, we ClassicEmptySeedYaml I suppose14:54
pedronis*we need14:54
mvopedronis: +114:54
mupPR snapd#5428 opened: devicestate: fix panic in firstboot code when no snaps are seeded <Created by mvo5> <https://github.com/snapcore/snapd/pull/5428>15:04
mupPR snapd#5429 opened: osutil: import go-udev <Created by stolowski> <https://github.com/snapcore/snapd/pull/5429>15:10
mvoniemeyer: you were quite right, a subtle thing in formatMultiLine, update, let me know if its to your liking15:16
mupPR snapd#5430 opened: tests: enable new fedora image with test dependencies installed <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/5430>15:37
mupPR snapd#5431 opened: interfaces: move ValidateName helper to utils <Created by stolowski> <https://github.com/snapcore/snapd/pull/5431>16:10
zygajdstrand: hey16:24
zygajdstrand: can you please look at https://github.com/snapcore/snapd/pull/541116:24
mupPR #5411: many: remove core-support interface <Core18> <Created by zyga> <https://github.com/snapcore/snapd/pull/5411>16:24
zygait has two +1s but I didn't merge it because I wanted you to see16:24
zygapstolowski: question16:24
zygawhy interfaces/utils vs just interfaces/16:25
zygais it an import cycle if we use interfaces?16:25
zyganot a strong opinion, just curious16:25
pstolowskizyga: yes, i think i replied to that16:25
pstolowskizyga: cause interfaces/hotplug/... needs to import interfaces16:25
zygathanks, this makes sense16:26
popeyjdstrand: heads up, I just moved interfaces and assertions from the github wiki to the forum.16:26
zygapopey: interesting, thank you!16:26
=== chihchun_afk is now known as chihchun
mupPR snapd#5423 closed: cmd/snap-confine: fix nvidia support under lxd <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/5423>16:35
=== chihchun is now known as chihchun_afk
zygamvo: comment on 542816:42
=== chihchun_afk is now known as chihchun
zygamvo: comment on 542716:50
=== chihchun is now known as chihchun_afk
mvozyga: yay, thank you16:56
mvozyga: will work on it right after dinner16:57
pstolowskinooo, our checks don't like formatting of go-udev17:02
* zyga hugs mvo17:05
zygapstolowski: can we add an exception17:06
zygaso that it is not checked17:06
zygaalternatively17:07
pstolowskizyga: i just did17:07
zygago-fmt and send it upstream :)17:07
zygait's only a patch17:07
zygaif they take it, it would be easier17:07
sergiusensmvo: did you have any luck with core16?17:07
sergiusensmvo: (or maybe zyga), why are xXX revisioned snaps read by root only?17:08
zygasergiusens: hmm, no idea17:08
sergiusensin /var/lib/snapd/snaps I mean17:08
zygawell17:08
zygaright17:08
sergiusenscan they be made 644?17:08
zygathe files are probably made this way17:08
zygaI don't think this is deliberate actually17:08
zygaChipaca: ^ do you know why we chmod og-rw locally installed snaps?17:08
Chipacazyga: we don't17:09
Chipacazyga: at least, I don't think we do17:09
Chipacazyga: it's just the defauts for tempfile17:09
sergiusensI just think it is on how the copy logic works out, but it is a bit of a pain to inject snaps with this in place17:09
Chipacato be fair, who cares? :-)17:09
Chipacasergiusens: why do you care?17:10
sergiusensChipaca: we inject the local snaps into containers and into build VMs to not download again and to have the same version on the outside and the inside17:10
Chipacasergiusens: ok17:10
sergiusensso, yes, we do care17:11
Chipacasergiusens: no, you don't17:11
Chipacasergiusens: or at least, your explanation hasn't explained to me why you do :-)17:11
sergiusensspeaking of caring, can we make `snap install foo` not fail (with a --wait switch maybe) if there are pending auto refreshes?17:11
Chipacasergiusens: haven't we had this conversation about 'snap watch --last=auto-refresh' ?17:12
sergiusensChipaca: you had, but niemeyer said we should fix that17:13
Chipacathat == what?17:13
Chipacanot having it fail?17:13
sergiusensChipaca: snap watch --last=auto-refresh17:13
sergiusensthere's a chance for a race there too, isn't there?17:13
Chipacaof course17:13
sergiusensbetween that command returning and calling the new one17:14
zygaChipaca: just an idea "snap install --queue foo"17:14
zygait would wait for all conflicts to resolve and install17:14
Chipacaconflicts is about to get a thrashing17:15
zygawe could have a concept of idle tasks17:15
zygathose are picked up when snapd does nothing17:15
Chipacazyga: stahp17:15
zygajust making hand-wavy things17:15
zygacan I wave some more17:15
Chipacazyga: stop hand-waving more stuff on when we're trying to simplify it17:15
zygaI can also hold my hands above my head like a particular well-known Dilbert boss ;)17:15
zygathe idea is really simple ;-)17:15
* zyga shutups17:16
sergiusensChipaca: and for the permissions thing, I want to avoid this ugly logic https://github.com/snapcore/snapcraft/blob/master/snapcraft/internal/lxd/_containerbuild.py#L28517:16
Chipacasergiusens: it finally clicked what you're trying to do17:17
Chipacasergiusens: (why is that doing chown and not chmod?)17:18
Chipacasergiusens: so17:20
Chipacasergiusens: there's no strong reason for them being 060017:20
Chipacasergiusens: but, we can fix it17:20
Chipacasergiusens: but, fixing it retroactively would be trickier17:20
sergiusensChipaca: I am rewriting that to just do a copy/chmod; but I will not change ownership of files I do not own on my own :-)17:20
Chipacasergiusens: that is, even if the next snapd shipped made local snaps be 0444, you'd still need to handle snaps you can't read17:21
sergiusensChipaca: fix it for the future, build VMs introduced will use this and that is where I care it is ok, by then snapcraft will be fine17:21
Chipacasergiusens: but, feel free to chmod them meanwhile17:21
Chipacano chown, just chmod17:22
sergiusensChipaca: I'll keep the logic, but that sudo request is annoying and would be nice to make it a corner of a corner case17:22
sergiusenswell, permissions or ownership me no touch17:22
sergiusensat the point in that snippet I shared it doesn't really matter as it is operating on the copy17:23
niemeyerI also don't get what the problem is17:24
Chipacaniemeyer: the problem is that snapcraft runs as the user17:24
Chipacaniemeyer: and it tries to copy locally-installed snaps into the vm17:24
Chipacaniemeyer: but it can't read them because they're 060017:24
Chipacasergiusens: may i suggest, meanwhile: sudo cp --no-preserve=mode17:25
niemeyersergiusens: How do you run the vm?17:25
ChipacaOTOH maybe snapcraft can talk to lxd and tell it to mount the snaps directory directly17:26
Chipacano copying \o/17:26
niemeyerChipaca: It's qemu, but yes, that's the idea17:26
* Chipaca decides it's beer o'clock17:27
Chipacabrb17:27
niemeyermvo: go-check PR is in17:31
niemeyerThanks again17:31
pstolowskizyga: a bunch of formatting/nakered/spelling errors in go-udev. for now i fixed a few locally, added one exception and will propose a fix upstream but don't want to block on that for next few days (thus fixing them locally right now)17:31
zygayeah, that's sensible17:32
zygalet's add an exception and fix what we can upstream17:32
niemeyerpstolowski: As long as we keep track of the delta, sounds good17:34
zygaI'd be surprised if upstream complained about typo fixes and use of go fmt17:34
pstolowskiyep, the guy has been very friendly so far17:35
=== pstolowski is now known as pstolowski|afk
sergiusensniemeyer: running the VM (for now with sudo), but it is an open still17:41
niemeyersergiusens: Right.. it uses sudo, runs as root.. should be easy to, at least for now, expose the snap directory17:44
niemeyersergiusens: As 9p17:44
niemeyerI would rather not change the snap permissions17:45
niemeyerAs it encourages fiddling with backing data which does not have a well defined API17:46
Chipacaniemeyer: fwiw snap permissions are rather accidental right now17:54
Chipacaniemeyer: from store, they have 644, whereas local are 060017:54
Chipacaalso snapd on master (on my machine right now) refuses to stop (?!?)17:54
niemeyerChipaca: Ah, that sounds buggy indeed17:54
niemeyerChipaca: On both counts :)17:54
zygaChipaca: snapd --stubborn17:54
Chipacasystemd ends up kill-9ing it17:55
zygaonly until snapd controls systemd (evil laughter)17:55
Chipacazyga: I object17:57
zygaChipaca: in soviet russia, snapd ships you ;)17:57
* zyga really gets back to work17:57
Chipacazyga: you think systemd is hated, imagine if canonical had done it17:58
zygayes17:58
zygalennart would work for us and we would be universally hated (by the people who love to hate)17:58
zygaChipaca: also at that rate systemctl would contain snapd by now17:59
Chipacaniemeyer: to be clear: would you be ok with a change that made all snaps be 0444, or would you prefer they all be 0400?18:06
niemeyerChipaca: I don't have a strong opinion there18:08
niemeyerChipaca: Other than we should fix the inconsistency18:09
Chipacaniemeyer: as I can't really 'fix' ioutil.TempFile to take a mode, and this is relatively minor (in that if the power goes out and the chmod is lost it's not a huge issue) i'll just add a chmod to the end of install and be done with it18:10
niemeyerChipaca: I guess the argument of hiding them is weak as well.. one might argue about the case of private snaps, but these are mounted with their contents exposed anyway18:10
niemeyerHmm.. although the perms are under the publisher's control18:12
Chipacaniemeyer: snap download tho18:13
niemeyerChipaca: In theory that wouldn't give access to private snaps to which one doesn't have access18:13
Chipacaniemeyer: so you're concerned that a user that doesn't have root should not necessarily be able to read the files in a private snap18:15
niemeyerChipaca: Yeah, it's something we haven't really accounted much for so far18:15
Chipacamhmm18:15
niemeyerChipaca: The private snap can control its internal perms.. it cannot control whether the snap file itself is made public18:16
Chipacabut i agree if that's something we care about, that'd be the reason to make it 0400 instead of 044418:16
niemeyerChipaca: Makes the case for 0400 a bit more interesting18:16
Chipacaor just 060018:16
niemeyerYeah18:16
* cachio afk18:17
Chipacaok. 0600 everywhere is a one-line change (two because i'd add a comment). 0444 everywhere is bigger, but i've already got it18:17
Chipacai'll shelve it until tomorrow so you can ponder this in the background18:17
niemeyerChipaca: Thanks!18:18
Chipacanp18:18
Chipacaif we decide 0600 everywhere is the right thing, sergio is going to be sad18:18
* Chipaca hugs sergiusens 18:18
mvoniemeyer: yay, thank you!18:19
* Chipaca very EOD18:23
sergiusensChipaca: blimey, well that's that; we can tackle the wait for refresh thing tomorrow ;-)18:34
mupPR snapd#5425 closed: spread: increase the number of auto retries for package downloads in opensuse <Simple> <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5425>18:48
mupPR snapd#5409 closed: tests: run "arp" tests only if arp is available <Core18> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5409>18:49
mupPR snapd#5381 closed: interfaces: make findSnapdPath smarter <Core18> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5381>18:50
jdstrandpopey: thanks! did you do this in coordination with niemeyer? we were talking about it and hadn't done it yet18:52
jdstrandzyga: re 5411> ack18:52
popeyNo. It just seemed mad to have it be there.18:54
popeyThe rest API docs should move too as it's the last one left but it's more than 32k in size18:54
popeyThe forum balks at more than 32000 byte docs18:54
jdstrandzyga: fyi since mborzecki is away: https://github.com/snapcore/snapd/pull/5423/files#r19895409219:12
mupPR #5423: cmd/snap-confine: fix nvidia support under lxd <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/5423>19:12
zygammm19:12
zygaso the old rules _worked_ with old code outside of lxd19:13
zygainside lxd there was a denial from apparmor profile of the container which disallowed filesystem remounts19:13
zygastgraber changed the profile to allow _mount point_ remount19:14
zygaso the new rules also work fine with new code, but now inside and outside of lxd (though you need edge lxd to use it for now)19:14
jdstrandzyga: I guess the question is, do these rules only apply for that one line code change, or is there other code that the old rule covered?19:14
zygawe have a spread test that checks non-lxd case and it works (it failed before maciej updated the profile)19:14
zygait's the only instance, we checked19:14
jdstrandok, that's fine19:15
zygawe don't have a test that checks this inside lxd but this is a separate issue with just running the whole suite in lxd to see what _really _works vs adding special-cases in tests19:15
zygawe also ran this in practice on maciej's hardware with bionic host / guest and nvidia drivers and lxd from edge19:15
jdstrandzyga: thanks. I commented to myself19:17
zygaFYI, I added this as a response to the forum now19:17
zyganice, thank you :)19:17
jdstrand(I did in the PR)19:17
zygaer, I meant the PR as well19:17
zyganot sure why I said about the forum19:17
jdstrandheh, it is late there. I meant for you to only see this when you came online tomorrow :)19:18
zygaI'm still here, trying to fix some issues in s-c19:18
mvozyga: on the core/core18 thing?19:19
zygayes19:19
zygasorry, interrupts from IRL, daughter being grumpy about housework (literally one plate she used) and chatting with wife about weekend prep19:20
zygamvo: I'm moving out for three weeks to spend the time with my parents (and the kids)19:20
zygaso some preparation required19:20
mvozyga: heh, no worries19:23
mvozyga: if you push what you have, maybe I can help?19:23
zygasure19:23
zygamvo: just pushed to branch named after your PR19:24
zygawith a WIP/commit on top19:24
zygahave a look, not too much really19:24
zygaI will try to focus now and finish this19:25
zygabut feedback welcome19:25
mvozyga: cool, looking19:26
mvozyga: thanks a bunch!19:26
jdstrandpopey: ok, thanks! :)19:27
zygatrying locally now19:34
zygait failed on some non-core systems, checking what I did again19:34
zygabringing up the VM is veeeery slow19:58
zygamore timeouts, sigh20:08
zygaI switched to my laptop LTE20:08
zygamaybe my home link (different ISP) somehow sucks today20:08
mvozyga: I'm running in parallel20:08
zygait will fail but I want to see exactly how and focus on fixing it20:09
zygadid you eyeball the code20:09
zyga(please squash the last two WIP patches for better ideas)20:09
mvoyeah, looks reasonable20:09
zygaand _drat_ I didn't pass keep20:14
zygawell20:14
zyga;)20:14
zygamvo: ok, got it to fail now20:25
zygaI ran 16.04 classic20:25
zygaand it failed with: mount --move /var/lib/snapd /tmp/snapd.quirks_$random: EINVAL20:25
zygahmmm!20:25
mvozyga: I am almost there, I had an earlier failure that core18 did not work20:27
zygaI'll gdb to see what happens20:28
zygagdb20:28
zygathe one thing I miss in go world20:28
kyrofazyga, you don't need to lie about how much you secretly love C++20:29
zygaI don't love C++ actually, I'm a huge fan of C20:29
zygaC++ not so much20:29
zygauh, stripped20:33
roadmris niemeyer around?20:35
roadmrC is nice, C++ is beyond my powers to grok haha20:35
zygaroadmr: I feel exactly the same20:35
niemeyerroadmr: He is20:35
roadmrniemeyer: +1 for referring to yourself in the third person. Are you OK to transfer travis over to kyrofa ?20:36
roadmrzyga: today I found https://www.emojicode.org/20:36
zygamvo: how terrible would it be if snap-confine-debug would be in snapd.snap?20:37
zyga297K20:37
niemeyerroadmr: Yeah, major +1 for having a Travis CLI that doesn't involve building the gem from the ground up20:37
mvozyga: for now it should be fine20:38
roadmrthanks niemeyer ! the transfer is now complete. Cheers!20:38
zygamvo: I have supper now20:41
mvozyga: ok, lets talk tomorrow20:41
mvozyga: hm, hm, I merged my earlier spread test20:44
mvoand running test-snapd-tools.cat /etc/os-release gives me core-18 :(20:44
mvozyga: how is debug mode?20:44
mvozyga: anyway, tomorrow20:45

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!