[05:11] <mborzecki> morning
[05:57] <mborzecki> trivial review #5550
[05:57] <mup> PR #5550: spread: switch Fedora and openSUSE images (2.34) <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5550>
[06:13] <mborzecki> mvo: hi
[06:14] <mvo> mborzecki: hey, good morning
[06:15] <mborzecki> mvo: i have a vague recollection that you were suppsoed to be off today :)
[06:15] <mvo> mborzecki: I'm not really here today but the SRU is still pending and I need to do some testing to ensure it can go in in time :/
[06:15] <mvo> mborzecki: so yeah, hopefully not here for long
[06:15] <mborzecki> mvo: aah
[06:16] <mborzecki> mvo: while at it, #5550 is really simple, i hope if fixes the issues with fedora we're seeing in 2.34
[06:16] <mup> PR #5550: spread: switch Fedora and openSUSE images (2.34) <Simple> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5550>
[06:17] <mvo> mborzecki: oh, nice!
[06:17] <mborzecki> mvo: we somehow ended up using different image in 2.34 branch, and i'd guess only the one used in master branch got updated
[06:17] <mvo> mborzecki: yeah, makes sense
[06:17] <mvo> mborzecki: thanks for finding that
[06:17] <mvo> mborzecki: long standing branches are always a bit of a pain :/
[06:19] <mvo> mborzecki: feel free to merge once its green
[06:20] <mborzecki> mvo: ack
[06:21] <zyga> good morning
[06:22]  * zyga sort of feels better now
[06:24] <mborzecki> mvo: and merged, i've restart #5545
[06:24] <mup> PR #5545:  snapstate: allow setting "refresh.timer=managed" (2.34) <Created by mvo5> <https://github.com/snapcore/snapd/pull/5545>
[06:24] <mborzecki> zyga: hey
[06:24] <zyga> hey, how are things?
[06:32] <mvo> zyga: good morning! how are you? well rested?
[06:34] <zyga> mvo: so so but better, this trip was pretty unfortunate (lots of delays, lots of gate changes, terrible seats next to crying babies)
[06:34] <zyga> mvo: but I'm much better than yesterday :)
[06:34] <mvo> mborzecki, zyga: we have a bit of a problem - on a fresh install via http://cdimage.ubuntu.com/bionic/daily-live/current/ when doing "snap install gedit" it hangs forever in auto-connect
[06:34] <mvo> zyga: trip> meh, not good
[06:34] <zyga> hmm hmm, we had this bug before right?
[06:35] <mborzecki> mvo: do we have any logs?
[06:35] <zyga> auto-connect task would spin in a loop, failing and trying again
[06:36] <zyga> I have a hunch I know what causes mount failures
[06:36] <zyga> the "https://forum.snapcraft.io/t/unexplained-mount-failure-protocol-error-what-we-know-so-far/5682/7" issue
[06:36] <zyga> increased parallelism
[06:37] <zyga> if allocating a loopack device is racy
[06:37] <zyga> then we have tow racing tasks that somehow end up both using one /dev/loopX
[06:37] <mvo> fwiw, happens with 2.33 and 2.34
[06:38] <mvo> http://paste.ubuntu.com/p/DDCFVn7d4d/
[06:38] <mvo> zyga: yeah that sounds sensible
[06:38] <mvo> mborzecki: the pastebin is the change changes output
[06:38] <zyga> mvo: sadly we don't know what happens inside that task
[06:39] <zyga> mvo: as in, there is no log of attempts and failures
[06:39] <mvo> http://paste.ubuntu.com/p/VfKnHtHkzy/
[06:39] <mvo> zyga: yeah
[06:39] <mborzecki> hmm
[06:40] <mborzecki> spins locally too
[06:40] <pedronis> mvo: the seed order in wrong no?  we told them to fix it but they haven't
[06:41] <mvo> pedronis: oh, right
[06:42] <pedronis> mvo: or the last change in the gnome snap needs yet a different order
[06:42] <mvo> pedronis: yeah, task <1> is also in doing
[06:42] <mvo> pedronis: I think that explains it
=== chihchun_afk is now known as chihchun
[06:46] <mvo> pedronis, mborzecki, zyga I think pedronis is right and the hang is just a side effect of the incorrect seed order. so less urgent and we can wait for the new ISO biuld with the seed order fix
[06:47] <pedronis> mvo: do we know they fix the order?
[06:48] <mvo> pedronis: yeah, they added a workaround in livecd-rootfs
[06:48] <mvo> pedronis: where gtk-themes-common is sorted first now
[06:48] <pedronis> ok
[06:48] <mvo> pedronis: I hope it actually works, it was a bunch of shell
[06:48] <pedronis> mvo: btw  I'm happy for us to fix it, but I think for 2.34 is too much of a risk  (it would need to add a bunch of code)
[06:49] <pedronis> we can try to have something for 2.36
[06:49] <mvo> pedronis: +1
[06:49] <mvo> 2.34.2 is now bionic-updates
[06:50] <mvo> so we will be on the 18.04.1 iso :)
[06:50] <pedronis> thx
[07:00] <mborzecki> mvo: #5545 is finally green :)
[07:00] <mup> PR #5545:  snapstate: allow setting "refresh.timer=managed" (2.34) <Created by mvo5> <https://github.com/snapcore/snapd/pull/5545>
[07:05] <zyga> small coffee break to be more awake
[07:31] <jamesh> zyga: when you're more awake, could I get your opinion on this? https://forum.snapcraft.io/t/should-v2-interfaces-select-connected-return-unconnected-plugs-slots/6455
[07:32] <jamesh> I ran into it last week, and the suggestion was to wait for you to get back from the sprint
[07:39] <mborzecki> zyga: with this weather some cold brew would be great :P
[08:17] <zyga> re, sorry, this took a while
[08:17] <zyga> jamesh: looking now
[08:18] <jamesh> zyga: no problem.  I was getting over my own jetlag last week :)
[08:18] <zyga> jamesh: aha, curious, let me look at the code
[08:20] <zyga> jamesh: so, the output is as intended, I think what is missing is connection-level information (that was supposed to be returned by the never-implemented "snap connections"
[08:21] <zyga> jamesh: the last part I don't fully follow, the /v2/interfaces endpoint has two GET behaviors, legacy (which is more connection oriented) and non-legacy which is interface (not plug/slot but actual interface) oriented
[08:21] <jamesh> zyga: I was just trying to work out what users would want the current behaviour
[08:21] <zyga> jamesh: "Also, if one output mode is referred to as getLegacyConnections, should it be considered a bug that you can’t get the equivalent information from the non-legacy interface?" - this is the part that I don't understand
[08:21] <jamesh> zyga: I'm particularly concerned what the plug is connected to: just whether it is connected
[08:22] <zyga> jamesh: right, the thing is that the /v2/interfaces?select=connected returns _interfaces_ for which a connection exists between a plug and a slot
[08:22] <zyga> jamesh: currently there is no way to limit plug and slot references it returns (when prompted) to just those that actually have a connection
[08:23] <zyga> jamesh: the behavior is specifically modeled for "snap interface" to show a smaller list of interfaces (just those that have some actual connections established), unlike what "snap interfaces" (plural) does
[08:23] <jamesh> zyga: so the only way to find out if one particular plug is connected is by asking snapd to serialise every single connected plug/slot on the system and then filter it client side :(
[08:24] <zyga> jamesh: still there is no great way to show the state of a particular plug or slot
[08:24] <zyga> jamesh: I think we are open to improvements, I'm just explaining why it is the way it is now
[08:24] <zyga> jamesh: I think we need a connection-oriented view
[08:24] <zyga> jamesh: and perhaps that would also answer the query you are after
[08:24] <zyga> jamesh: what is it specifically that you want to access?
[08:25] <zyga> (or perhaps what is the UX that this is a part of)
[08:25] <jamesh> zyga: "does snap A have a connected plug of interface type X?"
[08:25] <zyga> jamesh: interesting, of interface type X or of name X
[08:26] <zyga> one thing I was looking at just last week was that in spread tests we often grep for stuff while we just want to answer "is this connected"
[08:26] <zyga> snap is-connected snap-name:plug-or-slot-name
[08:26] <jamesh> this is for a trusted helper type use, making a decision based on the interface connection state
[08:26] <zyga> and I was thinking we should implement the connections endpoint which returns all connections, with enough filtering to just answer that
[08:26] <zyga> I see
[08:27] <zyga> jamesh: note that in theory one snap can define multiple plugs or slots of the same type
[08:27] <zyga> (as long as those have different names)
[08:27] <jamesh> zyga: the particular use case is having pulse audio restrict access to microphones unless a particular interface is connected
[08:27] <zyga> in conversations long time ago we wanted "snap connections" to essentially return a set of tuples, one per connection
[08:27] <zyga> ah, right
[08:27] <jamesh> since we can't handle that kind of thing at the AppArmor level
[08:28] <zyga> jamesh: so I think that right now we don't have a nice API for that
[08:28] <zyga> jamesh: I think we should write one (along with snap-connections)
[08:28] <zyga> jamesh: as the only other alternative is the legacy endpoint and client side flitering
[08:30] <jamesh> okay
[08:54] <zyga> is mvo around today?
[09:07] <pedronis> zyga: he is offically off
[09:07] <zyga> ah, I didn't know
[09:07] <zyga> just today or for a week?
[09:08] <pedronis> just today I think
[09:09] <zyga> ok
[09:43] <mborzecki> hm building amzn2 using common fedora spec is triggering isseses when generating selinux policy files, looks like selinux-policy is missing map for file class :(
[09:52] <Chipaca> I have code that refuses to work locally if I imported from snapd, but works elsewhere imported from purportedly the same code, and works locally if I paste it into somewhere else. i've removed pkg/ from my gopath and no change. Strace doesn't seem to point to any weird imports. Any ideas?
[09:54] <jamesh> vendored dependencies?
[09:55] <Chipaca> hmmm
[09:55] <Chipaca> jamesh: moving aside vendor does make the code work!
[09:57] <Chipaca> jamesh: but that makes even less sense: the code I'm running is in one of the unit tests that has to be using the vendored code
[09:57] <Chipaca> but as soon as I run govendor sync again, it fails again
[09:58] <Chipaca> jamesh: code is https://pastebin.ubuntu.com/p/rtv8QH34qB/ fwiw
[09:58] <Chipaca> although I'm going to assume it's something local
[09:59] <jamesh> Chipaca: either (a) you're running into a bug in a dep that has been fixed since the revision govendor pulls, or (b) something bad happens when two copies of the package exist in the same process
[10:00] <jamesh> anything github.com/snapcore/snapd/strutil pulls in will reference github.com/snapcore/snapd/vendor/gopkg.in/yaml.v2
[10:01] <jamesh> by "doesn't work", do you mean crashes, or failes to compile?
[10:02] <Chipaca> jamesh: yaml: unmarshal errors:  line 2: cannot unmarshal !!map into yaml.MapSlice {[] map[]}
[10:02] <Chipaca> jamesh: option (c) :-)
[10:04] <jamesh> Chipaca: Looking at the yaml code, it has a branch of code dependent on  "reflect.TypeOf(MapItem{})"
[10:04] <Chipaca> indeed it fails as soon as I copy gopkg.in into vendor/
[10:05] <jamesh> Chipaca: so the MapItem as seen by strutil.OrderedMap is different to the MapItem the non-vendored yaml package sees
[10:05] <jamesh> Chipaca: presumably you could change your program to instead import "github.com/snapcore/snapd/strutil/vendor/gopkg.in/yaml.v2"
[10:06] <Chipaca> I thought go blocked that
[10:06] <Chipaca> lemme see
[10:06] <Chipaca> 	imports github.com/snapcore/snapd/strutil/vendor/gopkg.in/yaml.v2: must be imported as gopkg.in/yaml.v2
[10:07] <Chipaca> eh, nevermind
[10:07] <Chipaca> jamesh: now I understand it's not my go installation broken in weird ways (although arguably all installations are, given this), i can stop worrying
[10:07] <jamesh> anyway.  You can see that strutil.OrderedMap.UnmarshalYAML asks the non-vendored yaml package to unmarshal into the vendored yaml.MapSlice type
[10:08] <jamesh> which fails because it sees the vendored yaml.MapSlice as just some random third party type rather than something to handle specially
[10:10] <Chipaca> jamesh: i thought it  was the other way around: the u function will be unvendored (as it's provided by the caller which is outside of snapd, so unvendored) and the MapSlice will be vendored (as it's imported by strutil which will use the vendored)
[10:10] <jamesh> that's what I said, isn't it?
[10:10] <Chipaca> ah maybe thats what you said
[10:10] <Chipaca> :-)
[10:10] <Chipaca> jamesh: yes
[10:10] <Chipaca> jamesh: I'm easily confused, it seems
[10:40] <niemeyer> Mornings
[10:43] <mborzecki> niemeyer: o/
[10:53] <Chipaca> could somebody run the unit tests on cmd/snap on master a few (10?) times and tell me if it fails?
[10:54] <Chipaca> it fails here, at least once every 5-10 times; and it's failing every _single_ time on #5506 :-(
[10:54] <mup> PR #5506: cmd/snap: add a green check mark to verified publishers <Created by chipaca> <https://github.com/snapcore/snapd/pull/5506>
[10:54] <Chipaca> completely unrelated to the colour green :-(
[10:55] <Chipaca> the error is in cmd_aliases_test, ... value client.ConnectionError = client.ConnectionError{error:(*url.Error)(0xc82034e030)} ("cannot communicate with server: Get http://127.0.0.1:34111/v2/aliases: dial tcp 127.0.0.1:34111: getsockopt: connection refused")
[11:00] <mborzecki> Chipaca: got it on the first run
[11:00] <mborzecki> Chipaca: on master
[11:23] <mborzecki> niemeyer: can you upload the latest spread to s3? i've opened a pr for amazon linux but spread is complaining about invalid size string: "preserve-size"
[11:24] <niemeyer> mborzecki: Ah, indeed I haven't updated, waiting for feedback on whether it worked
[11:24] <niemeyer> cachio: have you had a chance to try it out?
[11:24] <mborzecki> niemeyer: it worked :)
[11:24] <niemeyer> mborzecki: There you go :)
[11:24] <niemeyer> mborzecki: Updating
[11:25] <mborzecki> niemeyer: thanks!
[11:25] <cachio> niemeyer, yes, I updated the amazon image using this one
[11:25] <niemeyer> mborzecki: Done, please let me know
[11:26] <zyga> hey niemeyer
[11:27] <zyga> how are you feeling?
[11:27] <mborzecki> in case anyone wants to take a look #5552
[11:27] <zyga> I had a rough ride home, I haven't felt this tired after returning from a sprint in a while
[11:27] <mup> PR #5552: (WIP) Amazon Linux 2 packaging and spread tests <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5552>
[11:38] <niemeyer> zyga: Yo
[11:40] <niemeyer> zyga: Feeling pretty reasonable.. don't have much time to feel tired this week :)
[11:40] <niemeyer> zyga: The sprint was intense indeed, though
[11:40] <niemeyer> I blame the short sessions, in part
[11:43] <zyga> indeed, lots of tasks switching during the week
[11:54] <mborzecki> pedronis: did you get a chance to take another look at #5434 ?
[11:54] <mup> PR #5434: overlord: introduce InstanceKey to SnapState and SnapSetup, renames <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5434>
[11:59] <pedronis> mborzecki: I think I skimmed it again, but didn't do a full re-review
[12:00] <mborzecki> pedronis: do you think you could do it this week? it'd be nice to land it before you're off for vacation :)
[12:01] <mborzecki> pedronis: i'm updating the store pr too, should be pushing the changes later today/tomorrow
=== chihchun is now known as chihchun_afk
[12:10]  * zyga -> walk
[12:15] <pedronis> mborzecki: yes, not today though, more likely tomorrow
[12:15] <mborzecki> pedronis: works for me, thank you!
[12:25]  * zyga actually goes for that walk...
[13:18] <cachio> Saviq, yesterday I updated images, please tell me if you see any error
[13:30] <mborzecki> zyga: vey nice umbrella :P
[13:49] <hunterk> mborzecki: I have a snap package for a program that uses vulkan but it complains about not being able to find the vulkan loader. I was told you were the person to talk to. Any suggestions? :)
[13:49] <mborzecki> hunterk: is it published?
[13:49] <hunterk> yes, retroarch
[13:51] <hunterk> it initially launches with a GL renderer, but I can walk you through enabling the Vulkan renderer if you like
[13:52] <mborzecki> hunterk: let me check my notes, iirc there was some fishy stuff about vulkan an how it finds icd files
[13:52] <hunterk> kk
[13:52] <hunterk> i have to run to a meeting, so no hurry
=== plars_ is now known as plars
[14:29] <zyga> Pharaoh_Atem: hey
[14:29] <zyga> around?
[14:29] <Pharaoh_Atem> zyga: yes?
[14:29] <zyga> hey, I
[14:30] <zyga> hey, I'm looking into f29 base snap now, I've started playing with image factory, trying to get it to do _basic_ things (whatever those are) in a way I understand
[14:30] <zyga> I wanted to quickly sync with you if that is the right way to start
[14:31] <zyga> Pharaoh_Atem: my plan is to write a plugin for it (called snapcraft) that builds a base snap according to the stuff in the template (still hand-wavy at this stage)
[14:31] <Pharaoh_Atem> sounds like a good strategy
[14:32] <cachio> zyga, do you know why we are installing linux-image-extra-* ?
[14:32] <zyga> Pharaoh_Atem: I don't know what the constraints are, I suspect more modern things may be a dependency problem, I plan to use python 2.7 and shell for now
[14:32] <cachio> zyga, what so we need from it?
[14:32] <zyga> cachio: AFAIK for the extra drivers, but not specifcially
[14:32]  * Chipaca takes a break from bashing his head on tests and goes get a cuppa
[14:33] <Pharaoh_Atem> zyga: you can email Brendan Reilly <breilley@redhat.com> about it
[14:33] <Pharaoh_Atem> bah
[14:33] <Pharaoh_Atem> Brendan Reilly <breilly@redhat.com>
[14:33] <cachio> zyga, ok, because there is not a package for the latest update on ubuntu 16.04-64
[14:33] <cachio> on gce
[14:33] <zyga> cachio: I don't know what that means,
[14:33] <Pharaoh_Atem> zyga: I'd plan on py3 compatible py2 code, since I think imgfac is going to be ported soon
[14:34] <zyga> are you saying the package is out of sync somehow?
[14:34] <zyga> it is built as a part of the kernel
[14:34] <cachio> zyga, we are installing this on snapd test suite
[14:34] <cachio> linux-image-extra-$(uname -r)
[14:34] <zyga> Pharaoh_Atem: that's a good hint
[14:34] <zyga> Pharaoh_Atem: who is Brendan?
[14:34] <cachio> but the last kernel is 4.15.0-1014-gcp
[14:34] <Pharaoh_Atem> he's the maintainer and main developer of Image Factory/Oz
[14:35] <Pharaoh_Atem> at least for the last two releases, he's been the guy making them
[14:35] <cachio> zyga, what I can so is to install 4.15.0-15 to make that work
[14:35] <Pharaoh_Atem> zyga: https://github.com/redhat-imaging/imagefactory/blob/master/imagefactory.spec#L132-L147
[14:35] <zyga> cachio: sorry, I don't know enough about the problem to help you
[14:35] <cachio> zyga, ok, np
[14:35] <cachio> I'll fix it
[14:35] <zyga> Pharaoh_Atem: ah, I see
[14:36] <zyga> Pharaoh_Atem: do you expect we will need to make changes outside of image factory in order to get the base snap building in place?
[14:36] <Pharaoh_Atem> we may need to touch pungi and koji
[14:36] <zyga> cachio: I know we are installing it in the test suite but I don't know what the problem is really, is the package uninstallable?
[14:37] <Pharaoh_Atem> https://pagure.io/pungi & https://pagure.io/pungi-fedora; https://pagure.io/koji
[14:37] <zyga> Pharaoh_Atem: to ping imagefactory or to do some other things?
[14:37] <Pharaoh_Atem> oz is run by koji, which is kicked off by pungi
[14:37] <zyga> and how does imagefactory fit into this?
[14:38] <Pharaoh_Atem> for example: https://koji.fedoraproject.org/koji/buildinfo?buildID=1130195
[14:38] <cachio> zyga, the problem is that when I update the image for xenial 64, there is not  linux-image-extra for the new kernel instlaled
[14:39] <Pharaoh_Atem> zyga: imagefactory is run as a koji task
[14:39] <zyga> cachio: I would ask the kernel team about htis
[14:39] <cachio> zyga, ok, make sense
[14:39] <zyga> Pharaoh_Atem: and how does this relate to pungi?
[14:39] <Pharaoh_Atem> pungi is the tool that actually kicks off all the koji tasks
[14:40] <Pharaoh_Atem> and tells the tools what they should do
[14:40] <zyga> so koji can build things
[14:40] <zyga> by deferring to imagefactory
[14:40] <zyga> but it has no scheduler
[14:40] <zyga> so pungi is doing that?
[14:40] <Pharaoh_Atem> koji is the build system, imgfac is the tool, and pungi is the orchestrator
[14:40] <Pharaoh_Atem> pungi -> koji -> imgfac
[14:40] <zyga> ok
[14:40] <zyga> thanks, I see now
[14:41] <zyga> so I started with the right place it seems :)
[14:41] <ogra_> hmm, did we have any recent snapctl changes ?
[14:41] <Pharaoh_Atem> zyga: you can also ask mboddu in #fedora-releng for more details ;)
[14:41] <ogra_> https://paste.ubuntu.com/p/9Qg7szthFq/
[14:41] <ogra_> i'm seeing "snapctl: Permission denied" errors
[14:41] <zyga> Pharaoh_Atem: for now I think this is enough to keep me busy but I will write that down, contact points are useful
[14:42] <Pharaoh_Atem> Mohan will be at Flock, too
[14:42] <ogra_> (this has worked before last edge update of core i think)
[14:42] <zyga> ogra_: it moved from /usr/bin/ to /usr/lib/snapd/ so maybe apparmor is out of sync somehow
[14:42] <zyga> see if you have any denials
[14:42] <zyga> Pharaoh_Atem: Mohan == mboddu?
[14:43] <Pharaoh_Atem> yeah
[14:43] <Pharaoh_Atem> his name is Mohan Boddu
[14:43] <ogra_> heh, surely a gazillion (but from other stuff ...)
[14:43] <zyga> is he responsible for for koji and friends?
[14:43] <zyga> ogra_: look for specific denial for snapctl
[14:43] <ogra_> [ 1007.643957] audit: type=1400 audit(1532443192.989:1239): apparmor="DENIED" operation="exec" profile="snap.chromium-mir-kiosk.hook.configure" name="/usr/lib/snapd/snapctl" pid=4522 comm="configure" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[14:43] <ogra_> [ 1007.710435] audit: type=1400 audit(1532443193.053:1240): apparmor="DENIED" operation="exec" profile="snap.chromium-mir-kiosk.hook.configure" name="/usr/lib/snapd/snapctl" pid=4529 comm="configure" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[14:43] <ogra_> yeah
[14:43] <ogra_> should another reboot help here ?
[14:44] <zyga> no, one sec
[14:44] <ogra_> (i'm freshly booted after core update)
[14:44] <zyga> can you check if /var/lib/snapd/apparmor/profiles/snap.chromium-mir-kiosk.hook.configure talks about snapctl (grep for it)
[14:44] <zyga> ogra_: if it doesn't then i think this is a bug
[14:45] <ogra_> ogra@pi3:~$ sudo grep snapctl /var/lib/snapd/apparmor/profiles/snap.chromium-mir-kiosk.hook.configure
[14:45] <ogra_>   # snapctl and its requirements
[14:45] <ogra_>   /usr/bin/snapctl ixr,
[14:45] <ogra_>   /usr/lib/snapd/snapctl ixr,
[14:45] <ogra_> ogra@pi3:~$
[14:45] <ogra_> looks like it is there
[14:45] <ogra_> with the correct path
[14:45] <zyga> that's interesting
[14:45] <zyga> can you run apparmor_parser -r on that file (as root)
[14:45] <zyga> and see if that fixes it
[14:46] <zyga> I wonder if we have a cache issue
[14:46] <zyga> it's also likely the file is correct now
[14:46] <zyga> oh
[14:46] <zyga> so run configure again
[14:46] <zyga> maybe it will work without running apparmor_parser
[14:46] <zyga> if it doesn't then do run apparmor_parser
[14:46] <zyga> and then try to run configure again
[14:46] <ogra_> i did run configure a few times already
[14:46] <zyga> ok
[14:46] <zyga> and it fails, right?
[14:47] <ogra_> yes, running the parser now
[14:47] <ogra_> now the configure works
[14:47] <zyga> ha
[14:47] <ogra_> ogra@pi3:~$ snap set chromium-mir-kiosk disablekiosk=true
[14:47] <ogra_> ogra@pi3:~$
[14:47] <zyga> can you reproduce that issue?
[14:47] <ogra_> no issues
[14:48] <zyga> I mean, can you get to a state where it happens again
[14:48] <ogra_> phew ... that takes a while (takes minutes to install the chromium snap)
[14:48] <ogra_> well, i'd remove and reinstall the snap
[14:48] <ogra_> not sure if that changes anything though
[14:49] <ogra_> the image is a week old or so and silently updated core but nothing else when i applied network 30min ago
[14:49] <ogra_> not sure if i can repro that state
[14:50] <ogra_> bah, dang !
[14:50] <ogra_> ogra@pi3:~$ snap remove chromium-mir-kiosk
[14:50] <ogra_> error: cannot remove "chromium-mir-kiosk": snap "chromium-mir-kiosk" is not removable
[14:50] <ogra_> it is in the model assertion as required snap ...
[14:51] <ogra_> so no way i could try to repro that by removing the snap
[15:08] <Saviq> cachio: ack, thanks for the heads up (down?) ;)
[15:09] <ogra_> isnt that also called "nodding" ?
[15:09] <ogra_> "heads up (down)"
[15:13] <mborzecki> pedronis: pushed fixes to the store PR too, thanks for the review comments there was indeed an error in mapping install errors there
=== jkridner|pd is now known as jkridner
[15:26] <ogra_> zyga, aha ... seems a reboot gets me back into the broken state
[15:27] <zyga> that's very interesting
[15:27] <ogra_> [ 1178.619187] audit: type=1400 audit(1532445976.250:48): apparmor="DENIED" operation="exec" profile="snap.chromium-mir-kiosk.hook.configure" name="/usr/lib/snapd/snapctl" pid=4393 comm="configure" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
[15:27] <zyga> because it seems to suggest that we load a profile from cache
[15:27] <zyga> but loading a profile from the file (compiling it again) results in correct behavior
[15:27] <ogra_> even when i ran the parser manually ?
[15:27] <zyga> ogra_: that's different, the cache behaves in another wy
[15:27] <ogra_> i thought that would also update the cache
[15:27] <ogra_> ah
[15:28] <zyga> no, that's separatet
[15:28] <zyga> can you provide the details
[15:28] <zyga> on the forum
[15:28] <zyga> and save the cache / profiles somewhere
[15:29] <zyga> this is very interesting to debug
[15:29] <zyga> if you can (and this is a SD card)
[15:29] <zyga> just save the card and don't change it
[15:29] <zyga> e.g. fill empty space with zero, dd the card, compress and send to me
[15:29] <ogra_> zyga, http://people.canonical.com/~ogra/snappy/kiosk/ ... it is just this image
[15:29] <zyga> I should be able to extract cache data and debug this
[15:30] <zyga> ogra_: do you have RTC on the device where this runs? is the hardware public?
[15:30] <zyga> aha, pi
[15:30] <zyga> do I need a specific pi?
[15:30] <ogra_> it will auto-update core (built from edge) on first boto and then you should see the error when trying to set anything for chromium-mir-kiosk
[15:30] <zyga> so I suspect this is a real bug in the cache system
[15:30] <ogra_> nope, that uses my universal gadget
[15:30] <zyga> and it affects devices that have no RTC that is battery backed
[15:30] <ogra_> runs on every pi
[15:30] <zyga> so on boot the time is very much wrong
[15:30] <ogra_> (well, every pi we support in core indeed)
[15:30] <zyga> thank you for this, this is very very useful
[15:31] <ogra_> well, the clock is correct after first network connection
[15:31] <ogra_> and the device was only rebooted, not powered off
[15:31] <ogra_> so it comes up with a proper clock on reboot
[15:31] <zyga> jdstrand_, jjohansen: ^ it looks like apparmor_parser cache is susceptible to misbehavior when loading profiles on boot on a device without battery backed RTC
[15:31] <zyga> ogra_: yes but apparmor loads much earlier than that
[15:31] <zyga> ogra_: before most of regular startup
[15:32] <ogra_> earlier than what ?
[15:32] <zyga> ogra_: and definitely before network
[15:32] <ogra_> the HW clock is set correct on reboot
[15:32] <zyga> ogra_: look at "systemctl cat apparmor.service"
[15:32] <zyga> ogra_: how is it being set?
[15:32] <ogra_> you dont understand :)
[15:32] <zyga> ogra_: what sets the hardware clock?
[15:32] <ogra_> ntp should call systohc
[15:32] <ogra_> once it gets the correct time
[15:32] <zyga> ogra_: does pi have an RTC on the board? AFAIK it doesn't
[15:33] <zyga> so on reboot the time is constant
[15:33] <ogra_> so the HW clock itself should be fine until you power off the board
[15:33] <zyga> and only gets fixed by userspace later
[15:33] <zyga> I see
[15:33] <zyga> this is something to investigate
[15:33] <ogra_> it surely has an RTC, just no battery
[15:33] <zyga> can you please collect the apparmor cache and profiles, just in case
[15:33] <ogra_> anyway, the board also boots with fixrtc set
[15:34] <zyga> cachio: from /etc/apparmor and /var/lib/snapd/ and /var/cache AFAIR
[15:34] <zyga> brb
[15:34] <zyga> er
[15:34] <zyga> ogra_: ^
[15:34] <ogra_> so even if the clock was wrong, it would only be slightly off (set to the last mount time of the rootfs)
[15:34] <zyga> I need to go afk for some time
[15:37] <mborzecki> hunterk: so i've tried vulkaninfo from my graphics-debug-tools-bboozzoo snap and ran into issues, we're not picking up a library from the host which apparently is required
[15:37] <ogra_> hmm, actually it doesnt have an RTC ... but fixrtc should still kick in from the initrd
[15:37] <mborzecki> hunterk: i've opened a PR #5553, feel free to build it locally and check
[15:37] <mup> PR #5553: cmd/snap-confine: (nvidia) pick up libnvidia-glvkspirv.so <Simple> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5553>
[15:37] <mborzecki> zyga: ^^
[15:38] <mborzecki> hunterk: also, you actually need to set a path to the nvidia ICD file, the way i'm running vulkaninfo is (inside snap run --shell): VK_ICD_FILENAMES=/var/lib/snapd/lib/vulkan/icd.d/nvidia_icd.json /var/lib/snapd/snap/graphics-debug-tools-bboozzoo/current/command-vulkaninfo.wrapper
[15:38] <zyga> What does fixrtc do?
[15:39] <mborzecki> hunterk: for comparison egl has icd search paths which is : separated list of dirs with icd files, libvulkan had no such thing :( hence the manual hack
[15:44] <zyga> ogra_: what does fixrtc do?
[15:44] <ogra_> zyga, running from initrd, setting the clock to the last mount time of the rootfs
[15:44] <ogra_> on boot
[15:45] <ogra_> so if the clock is off it is only by a really small margin
[15:47] <zyga> mmm
[15:47] <zyga> mount or unmount?
[15:47] <zyga> it may well explain the problem
[15:48] <zyga> mborzecki: reviewed
[15:52] <jdstrand_> zyga (cc jjohansen): re battery backed rtc> yes, the clock needs to be right because of the mtime check. Ubuntu had a bug on one of the Touch devices for that
[15:52] <hunterk> mborzecki: awesome. I'll take a look. Thanks for your help!
[15:52] <zyga> jdstrand_: I think this would neatly explain this
=== jdstrand_ is now known as jdstrand
[15:52] <zyga> jdstrand: if it is really _mount_ time it is clearly a way to be wrong and reproduce the problem
[15:53] <zyga> jdstrand: no immediate action now but I will look at reproducing this
[15:53] <mborzecki> zyga: thanks!
[15:53] <zyga> ogra_: can you point me to fixrtc sources?
[15:54] <ogra_> zyga, apt-get source initramfs-tools
[15:55] <zyga> ogra_: thank you very much sir!
[15:55] <ogra_> ir uses dumpe2fs to read the last mount date from whatever root= is
[15:55] <ogra_> *it
[15:55] <ogra_> and then uses date to set the clock to it ... pretty simple thing (and ages old)
[16:00] <zyga> ogra_: thank you
[16:00] <zyga> ogra_: and I think that is the bug actually
[16:00] <zyga> but I will confirm first
[16:01] <ogra_> whats the bug ? tha the clock is some minutes in the past ?
[16:01] <ogra_> *that
[16:02] <ogra_> (i could imagine it being a but if it is in the future ... but the past ? )
[16:02] <ogra_> *a bug
[16:03] <zyga> ogra_: if it really is the mount time it will be wrong for the cache use case
[16:03] <zyga> ogra_: it must be the unmount time to be correct
[16:03] <ogra_> well, thats nothing the metadata of ext4 stores sadly
[16:04] <ogra_> you only have creation, last mount and last write
[16:04] <ogra_> oh, and last checked
[16:04] <zyga> last write then
[16:04] <zyga> last mount is 100% wrong in this case
[16:04] <zyga> because depending on how the cache is made
[16:04] <zyga> then you are in the past and the cache is from the future
[16:05] <zyga> or you actually get the _old_ entry with the correct "window" of time
[16:05] <zyga> I will reproduce this and gather some evidence
[16:07] <ogra_> ah, right
[16:07] <ogra_> that makes sense indeed
[16:08] <zyga> yeah, it's such a interesting bug
[16:08] <zyga> it dates back to 15.04
[16:09] <zyga> ogra_: I cannot find fixrtc there
[16:09] <zyga> I got the sid version of the package
[16:09] <ogra_> ubuntu
[16:09] <ogra_> it isnt in debian
[16:09] <zyga> aha
[16:09] <zyga> thanks
[16:10] <zyga> getting now
[16:10] <ogra_> great
[16:13] <zyga> ogra_: can you please run this on your pi just now:
[16:14] <zyga> dupe2fs -h /dev/mmcblk0XXX
[16:14] <zyga> adjust to point to rootfs
[16:14] <zyga> and uptime
[16:14] <zyga> and pastebin both
[16:14] <ogra_> oh ... i think we have a bug here
[16:14] <ogra_> https://paste.ubuntu.com/p/pJqTTZzYkg/
[16:15] <ogra_> damn ...
[16:15] <zyga> if this is the bug we shall try those 1L beer mugs at the next sprint
[16:15] <ogra_> well, the bug goes deeper
[16:15] <ogra_> look at the timestamps
[16:15] <zyga> Filesystem created:       Mon Jul  9 13:01:52 2018
[16:15] <zyga> Last mount time:          Mon Jul  9 13:12:09 2018
[16:15] <zyga> Last write time:          Mon Jul  9 13:12:09 2018
[16:15] <zyga> July 9!
[16:15] <ogra_> yeah
[16:15] <ogra_> thats the image creation date
[16:16] <zyga> and uptime?
[16:16] <zyga> ogra_: ha, I suspected that :D
[16:16] <ogra_> uptime ?
[16:16] <ogra_> you mean date
[16:16] <zyga> no, really uptime
[16:16] <ogra_> Tue Jul 24 16:16:20 UTC 2018
[16:16] <ogra_> ogra@pi3:~$ uptime
[16:16] <ogra_>  16:16:22 up  1:09,  1 user,  load average: 2.34, 2.23, 2.64
[16:16] <ogra_> ogra@pi3:~$
[16:16] <zyga> to know when it booted
[16:16] <zyga> ok
[16:17] <ogra_> so for some reason the ext4 metadata doesnt get updated correctly in our weird stacked rootfs mounts setup
[16:17] <zyga> ogra_: and date?
[16:17] <ogra_> see above
[16:17] <zyga> ogra_: it thinks it's 9th of July because that's what is baked as fallback when the image was not mounted, then it runs with that because maybe we never unmount cleanly so that is what stays there forever
[16:17] <ogra_> (above the uptime call)
[16:17] <zyga> ah, that's good (date)
[16:17] <zyga> ogra_: if you have a serial, can you shut down / reboot
[16:17] <ogra_> well, Chipaca's helper unmounts it
[16:18] <zyga> ogra_: and see if things error on the poweroff tool we wrote
[16:18] <ogra_> so technically it shoudl unmount cleanly
[16:18] <zyga> ogra_: well, it unmounts stuff but it happily ignores errors
[16:18] <zyga> ogra_: and refcount must go to 0 for the unmount to be effective
[16:18] <ogra_> nope, they do not error ... i see it telling me it unmounts (i did a few reboots today)
[16:18] <zyga> ogra_: and after reboot, let's look at that data again: from dumpe2fs
[16:18] <zyga> ok
[16:18] <ogra_> there is the usual systemd error for writable ...
[16:19] <zyga> so this is golden:
[16:19] <ogra_> then the helper kicks in at the very end and tells that it unmounted writable fine
[16:19] <zyga> we have two bugs: one is that we must use "Last write time" to fix apparmor cache
[16:19] <zyga> two is that we somehow not unmount cleanly (or so it seems)
[16:19] <ogra_> yeah
[16:19] <zyga> next up: look at dumpe2fs to see how that field is read
[16:20] <zyga> ogra_: or maybe the kernel doens't flush buffers before pi reboots
[16:20] <zyga> ogra_: "enough"
[16:20] <zyga> to really sync the SD card
[16:20] <zyga> can you reboot to just ensure once and for all that this is still the 9th?
[16:20] <zyga> and I will look at dumpe2fs
[16:21] <ogra_> ogra@pi3:~$ sudo touch /writable/foobar
[16:21] <ogra_> ogra@pi3:~$ sudo sync
[16:21] <ogra_> ogra@pi3:~$ sudo dumpe2fs -h /dev/disk/by-label/writable | grep "Last write time"
[16:21] <ogra_> dumpe2fs 1.42.13 (17-May-2015)
[16:21] <ogra_> Last write time:          Mon Jul  9 13:12:09 2018
[16:21] <ogra_> ogra@pi3:~$
[16:21] <ogra_> i think it is the stacked nature of our rootfs that breaks it
[16:21] <zyga> ogra_: I only suspect that gets updated when we really unmount
[16:21] <ogra_> even touching and syncing a file doesnt update the field
[16:21] <zyga> ogra_: make a loopback mounted ext4 and see
[16:21] <ogra_> really ?
[16:22] <ogra_> i'd excpect sync to update it
[16:22] <zyga> ogra_: it would be silly to sync that on _any_ metadata write
[16:22] <zyga> ogra_: superblock
[16:22] <zyga> ogra_: sync is really "buffers are flushed"
[16:22] <ogra_> well, i explicitly tell the kernel to ...
[16:22] <zyga> but this buffer gets dirty when we unmount the superblock
[16:22] <zyga> if you see what I mean
[16:22] <zyga> it is really only written once we unmount
[16:22] <zyga> not at any time
[16:23] <zyga> a loopback ext4 test will confirm that
[16:23] <ogra_> well, then it is a miracle to me that the filesystem doesnt completely fall apart all the time
[16:23] <zyga> I'm looking at e2fsprogs now
[16:23] <ogra_> i mean ...
[16:25] <zyga> ogra_: yeah, Last write time: ... is coming from the superblock
[16:25] <ogra_> ... it effectively thimnks there hasnt been written anything in 3 weeks
[16:25] <zyga> ogra_: I will check when the kernel writes there now
[16:25] <zyga> ogra_: yes, fun finding eh? :)
[16:25] <zyga> ogra_: I love things like this, casual chat ends up finding very serious bug :)
[16:26] <zyga> and long long long standing one :)
[16:26] <ogra_> and the journal can only hold 16M ...
[16:26] <ogra_> (i definitely installed and wrote more stuff than 16M since july 9 )
[16:26] <zyga> journal as in journald?
[16:26] <zyga> ah
[16:26] <zyga> this journal
[16:26] <ogra_> ad in filesystem journal
[16:26] <zyga> right
[16:26] <ogra_> so where is my data !!!
[16:27] <ogra_> (it isnt like its not there ... but ... but ... )
[16:27] <zyga> ogra_: which kernel version do you have there, I'll sync the right tag
[16:28] <ogra_> 4.4 whatever is in the stable channel
[16:28] <ogra_> ah, no, i'm lying ... its edge
[16:28] <ogra_> pi2-kernel          4.4.0-1092.100            56    edge      canonical  kernel
[16:29] <zyga> thanks
[16:30] <ogra_> zyga, btw, we can only walk iteratively over creation, last mount, last write ... mount and write wont be populated at all on new images ... and there are other boards relying on it where it works (if you simply use a server image without loop mounted stuff )
[16:30] <zyga> https://github.com/torvalds/linux/blob/894b8c000ae6c106cc434ee0000dfb77df8bd9db/fs/ext2/super.c#L1251
[16:30] <ogra_> so if we change fixrtc we have to do it very careful to not break the world
[16:31] <zyga> mhm
[16:32] <zyga> ogra_: this field is used by ext2, not sure if ext4 _also_ uses it
[16:32] <zyga> looking
[16:32] <ogra_> pretty likely
[16:33] <zyga> https://github.com/torvalds/linux/blob/ca04b3cca11acbaf904f707f2d9ca9654d7cc226/fs/ext4/super.c#L4813
[16:33] <zyga> interesting
[16:33] <zyga> if the filesystem is mounted read only the superblock write time is _not_ touched
[16:33] <zyga> I will do some tests now
[16:33] <ogra_> sure
[16:33] <ogra_> but we (the initrd) remount it rw
[16:34] <zyga> wonder if this actually happens when we make / ro just before unmounting
[16:34] <zyga> yeah
[16:34] <zyga> but on shutdown
[16:34] <zyga> it becomes ro for a sec AFAIR
[16:34] <ogra_> well
[16:34] <ogra_> ah
[16:34] <zyga> so... maybe that's enough not to write this
[16:34] <ogra_> yeah
[16:34] <zyga> testing now
[16:35] <ogra_> whats a bit bothering is that "Last checked" is also not updated ... i'd expect that to be done sepoarately from unmounting
[16:36] <ogra_> and we definitely run fsck once per boot
[16:36] <zyga> Filesystem created:       Tue Jul 24 18:36:09 2018
[16:36] <zyga> Last mount time:          n/a
[16:36] <zyga> Last write time:          Tue Jul 24 18:36:10 2018
[16:36] <zyga> this is a loopback, freshly created, never mounted
[16:37] <ogra_> obviously
[16:37] <zyga> this is the same thing after mounting and writing a file
[16:37] <zyga> Filesystem created:       Tue Jul 24 18:36:09 2018
[16:37] <zyga> Last mount time:          Tue Jul 24 18:37:00 2018
[16:37] <zyga> Last write time:          Tue Jul 24 18:37:00 2018
[16:37] <zyga> note that mount time == write time
[16:37] <ogra_> (the n/a is new with 16.04 ... before it was hardcoded to the epoch)
[16:37] <zyga> and I obviously wrote _after_ (a few seconds after that)
[16:38] <zyga> sync doesn't affect that
[16:38] <ogra_> ok
[16:38] <zyga> after unmounting I get this:
[16:38] <zyga> Filesystem created:       Tue Jul 24 18:36:09 2018
[16:38] <zyga> Last mount time:          Tue Jul 24 18:37:00 2018
[16:38] <zyga> Last write time:          Tue Jul 24 18:38:14 2018
[16:38] <zyga> so so far all is good
[16:38] <ogra_> now ... if you remount ro and do an fsck ... is the check field updated ?
[16:38] <zyga> I will now remount it ro before unmounting (repeating earlier experiments)
[16:38] <zyga> :D
[16:38] <ogra_> :)
[16:38] <zyga> yep, that's what I want to know
[16:39] <zyga> first, I mounted it ro as we would in initrd
[16:39] <zyga> Filesystem created:       Tue Jul 24 18:36:09 2018
[16:39] <zyga> Last mount time:          Tue Jul 24 18:37:00 2018
[16:39] <zyga> Last write time:          Tue Jul 24 18:38:14 2018
[16:39] <zyga> (after mounting as read only)
[16:39] <zyga> note how the "last mount time" is not changed
[16:39] <ogra_> yeah
[16:39] <zyga> I will now unmount it (still ro) to just ensure this is changed (or not changed)
[16:40] <zyga> Last mount time:          Tue Jul 24 18:37:00 2018
[16:40] <zyga> it is not changed
[16:40] <ogra_> there we go
[16:40] <zyga> ok, now I will make it writable for a moment
[16:40] <zyga> I mounted it ro, remounted to rw
[16:40] <ogra_> i still dont get how it manages to not lose data that way ... unless your journal grows and grows
[16:41] <zyga> Filesystem created:       Tue Jul 24 18:36:09 2018
[16:41] <zyga> Last mount time:          Tue Jul 24 18:40:42 2018
[16:41] <zyga> Last write time:          Tue Jul 24 18:38:14 2018
[16:41] <zyga> last mount time has changed
[16:41] <ogra_> yeah
[16:41] <zyga> and it is still mounted
[16:41] <zyga> so at least this suggests we should see "last mount time" changing
[16:41] <zyga> unless we really cannot write the superblock back
[16:41] <ogra_> well ...
[16:41] <ogra_> we set the clock in initrd ...
[16:42] <zyga> I touched the file again
[16:42] <zyga> ah, right, when we ... have no time :)
[16:42] <ogra_> then mount rw, do an fsck ...
[16:42] <zyga> touching the file did not affect last write time
[16:42] <zyga> remounting as ro and unmounting now
[16:42] <ogra_> well, we have a time
[16:42] <zyga> I re-mounted as ro and got no change
[16:42] <ogra_> but only the time from that metadata
[16:43] <zyga> Filesystem created:       Tue Jul 24 18:36:09 2018
[16:43] <zyga> Last mount time:          Tue Jul 24 18:40:42 2018
[16:43] <zyga> Last write time:          Tue Jul 24 18:38:14 2018
[16:43] <zyga> and bingo!
[16:43] <zyga> Filesystem created:       Tue Jul 24 18:36:09 2018
[16:43] <zyga> Last mount time:          Tue Jul 24 18:40:42 2018
[16:43] <zyga> Last write time:          Tue Jul 24 18:38:14 2018
[16:43] <ogra_> so the snapd helper would need to remount rw once, go back to ro and only then shut down ?
[16:43] <zyga> well, not sure yet
[16:44] <ogra_> or force call the internal fs sync command
[16:44] <zyga> but re-mounting the filesystem as read only means we never write the superblock
[16:44] <ogra_> right
[16:44] <zyga> so all the dates are stuck from any previous experiment
[16:44] <zyga> this feels like a kernel bug
[16:44] <zyga> it should remember the FS was writable and written to
[16:44] <ogra_> it probably does somewhere in the journal
[16:45] <zyga> ogra_: we could perhaps use an ext4 specific utility to write that date ourselves
[16:45] <zyga> but anyway, this is the culprit right there
[16:45] <ogra_> right
[16:45] <zyga> that coupled with the other bug (wrong timestamp used)
[16:45] <zyga> I will update the forum thread about this
[16:45] <zyga> and let's down this beer in September :)
[16:45] <zyga> 0.5 or more
[16:45] <ogra_> +1 !
[16:45] <zyga> I wonder who gets more drunk a polish guy or a german guy drinking beer :D
[16:46] <zyga> :D
[16:46] <ogra_> haha, we'll see :)
[16:46] <zyga> like this cat that spins with a toast on his back;-)
[16:46] <zyga> jdstrand: we got to the bottom of the issue!
[16:46]  * zyga goes to the forum
[16:52] <ogra_> zyga, https://forum.snapcraft.io/t/snapctl-permission-denied-with-latest-edge-core-update/6520
[16:55] <zyga> ogra_: https://forum.snapcraft.io/t/apparmor-profile-caching/1268/9
[16:56] <ogra_> bah
[16:56] <zyga> look at this and check if I got things right
[16:56] <zyga> let's just cross reference
[16:56] <zyga> tomorrow we can discuss with mvo on how to fix this
[16:56] <ogra_> yeah
[16:56] <zyga> I need to make a coffee :)
[16:56] <zyga> and play with fedora some more
[16:56] <zyga> I'm super happy we found this
[16:56] <ogra_> me too !
[16:56] <zyga> all pi devices and other RTCless devices will benefit
[16:57] <ogra_> yep
[16:57] <zyga> high five orgra :)
[16:57] <zyga> o/
[16:57]  * ogra_ ^5 zyga 
[16:57] <zyga> woot :-)
[16:58] <ogra_> thanks for the cross-ref :)
[16:58] <ogra_> zyga, i guess this should hold back the next release til we have a fix ... else all configure hooks will explode
[16:59] <zyga> yes
[16:59] <zyga> this is a release blocker
[16:59] <zyga> CC cachio
[16:59] <zyga> that's a very important observation ogra_
[16:59] <ogra_> :)
[17:00] <zyga> I cross-referenced mvo and will discuss with him tomorrow
[17:00] <zyga> this was a good day :)
[17:00] <zyga> what kind of beer do you like more dark or light?
[17:01]  * ogra_ goes back to watch aquaman HD trailers in loops on the chromium kiosk RPi  ... SW rendered but it's *not* a slideshow !!
[17:01] <ogra_> zyga, depends ... thats a daily mood thing
[17:01] <ogra_> generally pilsner style but i have my dark-ale days :)
[17:03] <ogra_> zyga, and on bad days:  https://d3r6kbofdnmd8.cloudfront.net/media/catalog/product/cache/image/1536x/a4e40ebdc3e371adff845072e1c73f37/1/0/100135_Fucking-Hell-Bier-6x033L-49-Vol_4.jpg
[17:03] <ogra_> (thats actually real :) )
[17:10] <cachio> zyga, thanks for the heads up
[17:10] <cachio> hecking
[17:10] <cachio> checking
[17:10] <zyga> ogra_: I'm slowly getting into the more proper coffee
[17:10] <zyga> ogra_: not "fire and forget"
[17:11] <zyga> ogra_: I wonder if I will reach that level in beer :)
[17:11] <ogra_> get a proper espresso machine and start drinking americano ... IMHO the only proper way of consuming coffee ;)
[17:12] <zyga> americano? OMG I cannot stand it
[17:13] <ogra_> oh, why ?
[17:13] <zyga> it should be just called diluto
[17:13] <zyga> !strong enough
[17:13] <zyga> sorry ubottu :)
[17:13] <ogra_> heh
[17:14] <ogra_> but tasty !
[17:14] <ogra_> (and it is as strong as the espresso you take for it ...)
[17:14] <zyga> sure but then you can fit more espresso
[17:14] <zyga> though I understand diluting wine with juice and fruit to make sangria
[17:15] <zyga> so ... maybe I just need to find the taste
[17:15] <ogra_> heh
[17:16] <ogra_> the point is that putting clear water into an already produced espresso makes the thing keep its taste ... you just dont get a heart attack after three cupts (and i have ten during the day)
[17:17] <ogra_> it is definitely my preferred coffee over any filter coffee or even crema
[17:17] <ogra_> (though at times i like a straight espresso)
[17:24] <zyga> re, just finished brewing it
[17:24] <zyga> I never liked filtered
[17:24] <zyga> but my parents drink that sometimes
[17:24] <zyga> though I suspect it's just because it was easier to make
[17:30] <ogra_> yeah
[17:31] <ogra_> https://www.ecm.de/fileadmin/products/slider/ECM-Espressomaschine-Classika-II-Hauptbild.png
[17:31] <ogra_> :D
[17:31] <zyga> ogra_: I'll switch to fedora work now
[17:31] <ogra_> (thats what makes my coffee)
[17:31] <ogra_> yeah, enjoy !
[17:31] <zyga> that's neat
[17:31] <zyga> is that all metal?
[17:31] <ogra_> yeah
[17:31] <ogra_> hand made
[17:32] <zyga> looks very nice
[17:32] <ogra_> (german company from heidelberg)
[17:32] <ogra_> brews very nice too ;)
[18:09] <diddledan> new snap alert! WOOP WOOP. new snap alert! https://snapcraft.io/starruler2
[18:23] <ogra_> wow ... revision 1 in stable !
[18:24] <diddledan> :-D
[18:24] <diddledan> I don't upload until it works :-p
[18:30] <ogra_> ... 518kB/s ...
[18:31]  * ogra_ twiddles thumbs
[18:31] <diddledan> eep
[18:31] <diddledan> it's "only" 490MB
[18:32] <ogra_> smaller than supertuxkart :)
[18:41] <mvo> jibel: good news (maybe you know already) the latest desktop image is fine, snap install gedit finishes as expected
[18:59]  * cachio afk
[19:50] <jdstrand> roadmr: hey, did you flip on resquashfs enforcement yet?
[19:50] <roadmr> jdstrand: no! was waiting for your ok. I can do so now
[19:50] <jdstrand> roadmr: please do so. thanks!
[19:51] <roadmr> jdstrand: I'm 2 hours from EOD but the store never sleeps (tm) so feel free to holler if there're issues
[19:52] <jdstrand> roadmr: yep, thanks :) I suspect few issues, if any. the last time it was on for a week and only had the couple failures we needed to look at
[19:52] <jdstrand> roadmr: do remember it will make reviews take longer, in case there is a question wrt your monitoring infra
[19:53] <roadmr> jdstrand: noted, but last time there was no issue with that
[19:53]  * jdstrand nods
=== LinAGKar[m] is now known as LinAGKar
[19:53] <roadmr> jdstrand: switch flipped!
[19:53] <jdstrand> \o\
[19:53] <jdstrand> /o/
[19:53] <jdstrand> \o/
[19:53] <jdstrand> :)
[19:54] <jdstrand> roadmr: thanks again :) hoping this is the *one*
[19:54] <roadmr> hopefully!
[21:28] <FreeBDSM> hello
[21:29] <FreeBDSM> does anyone have a snap file for firefox v52.9.0 ESR?
[21:30] <FreeBDSM> I need it badly, I don't want to use any more recent version of firefox
[21:32] <FreeBDSM> `snap install skype` -> `error: This revision of snap "skype" was published using classic confinement and thus may perform arbitrary system changes outside of the security sandbox that snaps are usually confined to, which may put your system at risk. If you understand and want to proceed repeat the command including --classic.`  how safe is it? I don't understand. Is it just a general warning or is Skype requiring some extra permissions?
[21:34] <FreeBDSM> !classic
[21:35] <halfbit> I'm confused by ubuntus use of snappy, it looks like they're using snaps for gnome applications? is that right?
[22:09] <zyga> halfbit: yes, some gnome apps on 18.04 are shipped as snaps
[22:09]  * zyga heads to bed so cannot have a long conversation
[22:10] <zyga> FreeBDSM: firefox snap has a ESR track, for more info look at "snap info firefox", it is not at the exact version you wanted though
[22:10] <FreeBDSM> zyga: exactly why I'm asking here for a particular version.
[22:10] <zyga> FreeBDSM: classic confinement is "like typical distribution package", there is no confinement between the application process and the system
[22:11] <zyga> it is as safe as a .deb or .rpm
[22:11] <zyga> it is based on trust in the actual publisher (microsoft in this case) and that they are not attacking your machine
[22:11] <FreeBDSM> when such a snap (with classical confinement) gets removed from the system - does it leave trails?
[22:12] <zyga> FreeBDSM: usually only in logs and leftover data in your home directory (if any)
[22:12] <zyga> but not in the system
[22:12] <FreeBDSM> good
[22:12] <zyga> technically when a snap is removed it is just unmounted, the whole snap is in one file
[22:12]  * zyga hasn't seen jdstrand this happy in a while!
[22:12] <FreeBDSM> I've heard there are also flatpaks, how do they differ from snaps?
[22:12] <zyga> (just scrolling back and noticing the victory dance)
[22:13] <zyga> FreeBDSM: in tons of ways, this is a huge topic and it's far too late to discuss here
[22:13]  * jdstrand notes that a classic snap can do anything to the system, so it could leave trails. a well-behaved content snap won't do that of course
[22:13] <zyga> (now, it's after midnight for me)
[22:13] <jdstrand> zyga: goodnight! :)
[22:13] <FreeBDSM> zyga: utc+3?
[22:13] <jdstrand> s/content/classic/
[22:13] <zyga> FreeBDSM: in the security model, in the distribution method, in the update method, in the scope and intended feature set ,etc
[22:14] <FreeBDSM> okay, got it, it's a huge topic
[22:14] <zyga> FreeBDSM: I'm sure that jdstrand can give you one difference to research
[22:14] <FreeBDSM> thanks for the answers
[22:14] <FreeBDSM> it's past midnight for me as well
[22:14] <zyga> I can too but I'm not an expert on flatpak and I may be imprecise
[22:15] <zyga> FreeBDSM: both projects use many kernel features to make the apps work
[22:15] <zyga> and we also use some of the work on the portal system that flatpak initiated
[22:15] <zyga> but I think we are building slightly different things in the end
[22:16] <FreeBDSM> 230 users on #flatpak vs 245 on #snappy, hehe
[22:16] <zyga> alex is a cool, skilled and motivated developer (really kudos for that)
[22:16] <zyga> well, irc is kind of niche so I don't think that's a useful metric
[22:16] <zyga> ask him too, I'm sure he will have interesting things to share
[22:18] <jdstrand> yes. in terms of isolation, flatpak in general uses namespaces and trusted helpers (eg, portals). strict mode snaps can be unmodified, are wrapped with LSM and seccomp filtering (a form of containerization), but also use various traditional containerization techniques (eg, device cgroup, mount namespace, devpts new instance)
[22:19] <jdstrand> but snaps as of recently can use portals. they can also run as classic snaps (ie, unconfined)
[22:20] <jdstrand> there was talk of flatpak doing more with LSM, but afaik, that is still a roadmap item
[22:20] <jdstrand> like zyga said though, trying to doing different things
[22:20] <FreeBDSM> okay, sorry, I don't understand a thing, haha
[22:25] <FreeBDSM> so, does anyone have a snap for firefox 52.9.0 esr?
[22:25] <FreeBDSM> or any instructions on how to build it?
[22:56] <halfbit> is there a chat for ubuntu core, looks like something I'd be interested in checking out
[23:35] <halfbit> can I run all of gnome on ubuntu core?
[23:35] <halfbit> or is that a standard deb based ubuntu only thing