linuxdaemon28Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/01:04
TriangleSausage4Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/01:33
ski_Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/01:33
ski_or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/01:33
ski_Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate01:33
SigalsHey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/01:58
Sigalsor maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/01:58
SigalsRead what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate01:58
RussellB287Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/02:33
RussellB287or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/02:33
SebastianFlyte14Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/02:37
SebastianFlyte14or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/02:37
Guest84053Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/02:38
Guest84053or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/02:38
7JTAEXEXKHey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/03:22
7JTAEXEXKor maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/03:22
Ceber6Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/03:38
kepler_mach3Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/03:53
kepler_mach3or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/03:53
kepler_mach3Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate03:53
jim24Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/04:58
ptx023Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/05:33
ptx023or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/05:33
aphelHey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/05:43
aphelor maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/05:43
aphelRead what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate05:43
nullroutedHey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/05:48
mborzeckiso much spam05:50
mupPR snapd#5559 opened: tests/lib/snaps: avoid using relative command paths that go up in the  directory tree <Simple> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5559>05:50
mborzeckiyay, mup is alive again05:51
Caraway258Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/05:58
mborzeckimvo: hi, looks like test-snapd-busybox-static has been released to edge only for i386, can you releease it to stable/beta/candidate too?06:13
mvomborzecki: sure, will do now06:13
mborzeckimvo: ta06:14
mvomborzecki: done for all arches06:15
mborzeckimvo: thanks i'm restarting #5456 then06:15
mupPR #5456: snapstate: refuse to remove bases or core if snaps need them <Created by mvo5> <https://github.com/snapcore/snapd/pull/5456>06:16
mvomborzecki: thank you06:17
mborzeckiyay, only 14 tests failing on amzn206:42
pbekHi folks, has anyone an example of building a Qt5 app as a snap on Launchpad with the Ubuntu 18.04 envronment? The 16.04 environment worked great. But on 18.04 I get all kind of strange errors while building like in https://launchpadlibrarian.net/380104791/buildlog_snap_ubuntu_bionic_arm64_hswitch_BUILDING.txt.gz07:27
pbekthat's the configuration: https://github.com/pbek/hswitch/blob/develop/build-systems/snap/snapcraft/snapcraft.yaml07:28
mvohey zyga ! good morning07:42
mupPR core-build#30 opened: scripts: add fixrtc-munt script to fix time issues on pi2,3 <Created by mvo5> <https://github.com/snapcore/core-build/pull/30>07:42
mvozyga: right in time for -^07:43
mvozyga: I was thinking about the problem and the above seems like the quickest way out of the mess (especially since we want to release 2.34.2)07:43
mvozyga: WDYT?07:43
pedroniswhat's the status of #5271 ?07:46
mupPR #5271: cmd/snap: attempt to start the document portal if running with a session bus <Created by jhenstridge> <https://github.com/snapcore/snapd/pull/5271>07:46
pedronisa 2nd review of #5515 would be great07:50
mupPR #5515: daemon: make sure most change generating handlers can produce errors with kinds <Created by pedronis> <https://github.com/snapcore/snapd/pull/5515>07:50
mvopedronis: let me look at this one07:50
mborzeckitests continue to be unhappy :(07:53
zygamvo: looking07:55
zygapbek: 18.04 is not fully baked yet,08:02
pbekzyga: ah, thank you!08:02
mupPR core-build#31 opened: add shellcheck on build and fix open issues <Created by mvo5> <https://github.com/snapcore/core-build/pull/31>08:02
mvozyga: I did a tiny fix and force pushed to #3008:03
zygaI just noticed :)08:03
mvozyga: sorry, silly thing based on #3108:03
mupPR #31: Feature/snapfs refactor <Created by mvo5> <Closed by mvo5> <https://github.com/snapcore/snapd/pull/31>08:03
zygasorry for being slow, some interruptions at home and I'm the last one standing08:03
zygawhat was the change?08:04
mvozyga: for word in $(cat /proc/cmdline) must not be quoted08:04
mvozyga: I did this incorrectly in the initial push08:05
zygaI see08:05
mvozyga: its quite annoying that I had to disable the shellcheck test there but I don't see a good way to word split otherwise without using bash array (which we can't in initrd which uses ash iirc)08:06
mvozyga: "last one standing" - are you guys sick?08:07
zygamvo: not all sick but I'm the only one that can do stuff08:09
zygabut all is good now08:10
zygaas in: no fires, not starving, can work :)08:10
mborzeckisomething funny about amzn, date --iso-8601=seconds -d 'tomorrow 8:05 UTC' yields '2018-07-27T08:05:00+0000', which does not parse in go, imo the output should be 018-07-27T08:05:00+00:00, https://play.golang.org/p/zfhZyaYpWKB08:13
mborzeckiheh fixed in 2015 https://git.savannah.gnu.org/cgit/coreutils.git/commit/src/date.c?id=17bbf6ce44eb543a95695fa9d2cbd70fb52c6f4208:15
zygamvo: reviewed08:15
zygamvo: thank you btw!08:15
zygamvo: lastly, this is something I would much much much rather write in C08:15
zygamvo: to break away from the mantra that we must endure shell08:16
zygamvo: the commit message is slightly wrong08:18
zygalast mount time is updated08:18
zygabut because of the mechanism I explained on the forum, it advances very slowly08:18
zygalast write time is not updated08:18
mvozyga: ok, let me fix the commit message (is force push ok?)08:19
zygamvo: I'm looking the other way now ;)08:21
zygamvo: have you tried it on your device?08:21
mvozyga: not yet08:22
mvozyga: its a bit painful, I'm inclinded to merge and build a new edge core08:22
mvozyga: thanks for pointing the issue out, I will fix (it seems they were cargo culted)08:24
mvozyga: off-by-one space? I don't see this or look for the wrong thing, can you help me please :)08:25
NvpkD1y7Ez17Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/08:28
zygamvo: I'd suggest actually patching initrd in the wild unless that's very tough, iteration through master is slow08:32
zygamvo: there's one space ahead of "date", maybe tab-vs-spaces?08:32
* zyga wonders if the spam will stop anytime soon08:32
mvozyga: oh, probably tab vs space, its not visible for me08:32
zygamvo: also really think about coding this in C08:33
zygathis is like 3 function calls, stat, current date,(conversion), comparison, set date08:33
zyga(4 including some conversion perhaps)08:34
zygamvo: all the prereq stuff can go away08:34
zygaall the cmdline stuff can go away08:34
zygait will never be off by a typo that we don't see08:34
mupPR snapd#5515 closed: daemon: make sure most change generating handlers can produce errors with kinds <Created by pedronis> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/5515>08:36
mvozyga: what do you mean by "iteration on master is slow"? what I have in mind is a) upload the fix b) test it c) build new core image with 2.34.2 and the fix d) push core image to beta/candidate08:36
mvozyga: is there an alternative that is quicker?08:36
pedronismvo: thx08:36
zygamvo: iteration through master -> build -> core snap -> refresh is slow08:36
zygamvo: I though that is what you meant08:37
mupPR snapd#5434 closed: overlord: introduce InstanceKey to SnapState and SnapSetup, renames <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/5434>08:37
pedroniszyga: do you know what is the status of #5271 ?08:37
mupPR #5271: cmd/snap: attempt to start the document portal if running with a session bus <Created by jhenstridge> <https://github.com/snapcore/snapd/pull/5271>08:37
zygapedronis: I don't think so, let me refresh my memory08:38
zygaI mean, there was just the issue of old xdg-document-portal08:39
zygaI will discuss this with jamie today08:39
zygaold portal on a distribution08:39
mvozyga: hm, not sure I understand, sorry, maybe a bit slow this morning08:46
zygano worries,08:46
zygajust do as you think is best08:46
mvozyga: hm, hm, we could look at /var/lib/snapd/state.json instead of /var/lib/snapd/snaps for the date, this would give us accurate time even on snap reverts which will not pull in new snaps into the /var/lib/snapd/snaps dir08:49
mvozyga: not-going-through-master> mostly worried I miss an important idea, maybe we can talk about it via a HO later so that you can explain your idea08:49
zygamvo: I was under the impression that you cannot test this now without merging it first and going through the automatic core build cycle08:51
mborzeckiChipaca: could you take a look at #5559 ?08:51
mupPR #5559: tests/lib/snaps: avoid using relative command paths that go up in the  directory tree <Simple> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5559>08:51
zygamvo: I was suggesting, if possible, to actually build and iterate locally as once you overcome the initial cost of setup this is much faster to iterate with08:51
Chipacamborzecki: no; looking now08:51
mborzeckiChipaca: thx08:52
zygamvo: we can HO at any time if you want08:52
mvozyga: aha, got it now08:52
Chipacamborzecki: wrt /etc/os-release, I think we shouldn't be using the host's one08:52
mvozyga: I'm very confident in the fix :)08:53
mvozyga: but yeah, testing locally makes sense08:53
mborzeckiChipaca: agreed, need to discuss the right solution with zyga though08:53
zygaplus, anything you find and document as HOWTO will improve the next cycle :)08:53
mvozyga: I will wait for ogra_ and/or abeato to review https://github.com/snapcore/core-build/pull/3008:54
mupPR core-build#30: scripts: add fixrtc-munt script to fix time issues on pi2,3 <Created by mvo5> <https://github.com/snapcore/core-build/pull/30>08:54
Chipacamborzecki: any reason not to implement dropping support for relative paths that  go outside the snap, and supporting absolute paths?08:55
Chipacamborzecki: other than it being a harder change i mean :-)08:55
mborzeckiChipaca: frankly I haven't considered that at all, would be nice to know if there are any snaps in the wild that use this first08:56
Chipacamborzecki: there weren't when we checked last08:57
mborzeckiChipaca: let me put that in my todo list then and i'll push that in a follow-up08:57
Chipacamborzecki: there's no rush imo08:58
Yoda22Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/08:58
Yoda22or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/08:58
mupPR snapd#5559 closed: tests/lib/snaps: avoid using relative command paths that go up in the  directory tree <Simple> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/5559>08:58
ogra_mvo, zyga ... do you actually want the boot to hang when setting the clock fails ?09:04
cjwatsonpopey: It might be worth setting either +r (block unidentified users) or +q $~a (quieten them) here for a while to deflect the spam.09:04
zygamvo: no09:04
ogra_mvo, i'D rather remove the -e and leave exit 0 in09:04
zygaer, ogra_ no :)09:04
zygaogra_: yes, I commented about that09:04
cjwatsonJamieBennett: ^-09:04
popeyI am on vacation. If I op you cjwatson can you do it?09:05
ogra_zyga, right, but only the exit 0 was removed ... and -e left in ... thats exactly the opposite of what i said ;)09:05
zygaah, I didn't see that09:05
zygamvo: ^ ogra is right09:05
zygawe should not set -e this scrpit09:05
zygaand this highlights that shell sucks and this one should be C09:06
=== cjwatson changed the topic of #snappy to: Join the forum: https://forum.snapcraft.io/t/when-to-use-forum-vs-irc/38 | If you can't send messages here, authenticate to nickserv first
zygapopey: enjoy your time off, hide from IRC :)09:06
cjwatsonI'll leave myself opped in case I need to deal with any fallout from that09:07
zygathank you cjwatson !09:07
mvozyga: sure, let me fix that09:15
* zyga hugs mvo09:16
zygathank you!09:16
mvoogra_: might be worthwhile to do the same fix in the original fixrtc (remove the set -e)09:16
mvozyga: shall I also use /var/lib/snapd/state.json?09:17
zygamvo: I'd keep using the directory09:18
zygamvo: and touch it in shutdown09:18
zygamvo: is the state.json _always_ guranteed to be there?09:18
zygaactually, we could even stat / itself09:18
zygaand just touch that09:18
zygano chance for that to hide :)09:18
t1mpI'm trying to package a python3 app using snapcraft. the snapcraft.yaml is pretty simple: https://pastebin.ubuntu.com/p/KHPy9d3Qr3/09:18
mvozyga: its not but thats easy enough to [ -f ] for09:18
t1mpbut I always get this error:09:18
t1mp  Could not find a version that satisfies the requirement qmenta-gui (from qmenta-app==1.95.9) (from versions: )09:18
t1mpNo matching distribution found for qmenta-gui (from qmenta-app==1.95.9)09:19
mvozyga: touch on shutdown is one more moving part09:19
t1mpbecause snapcraft uses pip to search for dependencies.. but in this case the dependency is not on PyPI, but in a previous part.. any ideas how I can resolve this?09:19
mvozyga: "/" might be readonly09:19
zygamvo: yes but note that state.json is also a moving part and it may still rewind the time in bad cases09:19
zygatouching / on shutdown prevents that09:19
zygamvo: (where rewind time is that there are _any_ files in the filesystem that would appear from the future)09:20
t1mpgreyback_: :p09:20
mvozyga: with touch on shutdown I think the current PR is final now, I addressed the feedback from ogra_  and abeato09:22
zygamvo: thank you09:22
zygamvo: one more question09:23
zygamvo: what sets the "fixrtc" in the command line?09:23
zygaI mean, does uboot on pi does that?09:23
mvozyga: its part of the gadget09:23
mvozyga: yes09:23
zygawhere is that specified09:23
zygawould you feel ok not checking for that09:23
zygajust dropping the whole cmdline parsing?09:23
zygaafter all, it cannot hurt09:23
zygaif the time is more into the future we won't change it09:24
ograwhoops, why am i OP ?09:24
zygaand this would cut on complexity and need to teach other gadgets that this is a command line option and that it does something important09:24
ogramvo, agreen (regarding fixrtc) but that needs to happen in the distro package ...09:25
zygaogra: you have that special bit :)09:25
mvozyga: for this particular update I would prefer to keep the change as minimal as possible, because this will go into stable very soon (we need it to fix refresh issues)09:25
mvoogra: yeah, was just wondering alound, not urgent or anything09:25
ograzyga, well, i only changed my nick ... and registered ... wasnt aware that IRC keeps such states09:25
zygamvo: are you worried that the change could regress something elsewhere?09:27
cjwatsonogra: baseline IRC doesn't, but chanserv has a configured access list for each channel09:28
cjwatson(also you can register alternate nicks if you want to return to the underscored form ...)09:29
loolabeato: here?09:29
ogracjwatson, nah, i'm fine i was just surprised09:30
mvozyga: yeah, risk is small but it would be super annoying09:31
mvozyga: especially since right now the impact is limited to a subset of devices, if it turns out there is a bug somewehre and it runs now on a magnitude more x86 device that would be bad(tm)09:32
ograzyga, we have fixrtc on the commandline of all relevant gadgets09:32
ogra(just not on pc iirc)09:32
zygamvo: right but we must trust the code to DTRT where it matters09:32
mvoogra: I think zyga point is that the script should be safe everywhere so why bother checking09:33
zygamvo: I approved the PR and left two comments09:33
zygamvo: that essentially re-state those09:33
mvozyga: ta09:33
ograah, k09:33
zygabut I agree it's important to move09:33
mvozyga: yeah, lets do this minimal fix for now, maybe its just be being overly cautious09:36
mvozyga: thanks for the review and the ideas!09:36
mvoogra: I guess the bug itself is not reproducible, right? i.e. it happend to you but there is no way to bring the system into the state where it failed?09:37
ogramvo, just using a recent edge image and calling any "snap set" should expose it09:39
zygamvo: the time issue is easy to reproduce09:39
ograwell ... hmm ... you might need to install an older one, install a snap with config hook and then update to latest edge actually09:39
zygamvo: the apparmor issue is something I'm exploring (outside of core, to show where it happens)09:39
ograso that there is an old cache file in place09:39
t1mpis anyone here familiar with the python plugin?09:41
abeatolool, ping10:00
loolabeato: pong10:00
abeatolool, ok looks like I can write here now, thanks :)10:01
abeatozyga, hi, I am having some issues when opening a serial port from the modem-manager snap. I see https://paste.ubuntu.com/p/t92Wf3gdZ5/ , but no apparmor denials10:04
abeatozyga, I created a small program that uses the same flags, and when run unconfined all is good10:05
abeatothis does not happens for USB serial ports, I wonder what is special here10:05
mvoabeato: thanks for your script! its in now (and for the review)10:08
abeatomvo, nice to see that merged in core, it was an issue we saw in some devices :)10:09
abeatozyga, https://paste.ubuntu.com/p/qWV9FBzWtj/10:10
zygaabeato: is that device present (major:minor) in the per-snap device cgroup?10:18
abeatozyga, ah, cgroups, that might be the issue... I guess no, how can I check that?10:19
zygaabeato: go to /sys/fs/cgroup/devices10:21
zygathen look at snap.foo name groups10:21
zygathen at various files, I think devices.allow is the one10:22
abeatozyga, devices.list, and yes, I do not see the majour:minor for this device there, can this be modified from an interface?10:23
zygaabeato: indeed it can10:24
zygaabeato: this is the udev backend10:24
zygaabeato: you can use a simple helper method to tag devices to add there according to udev rules10:24
abeatozyga, got it, thanks10:25
mborzeckipedronis: thanks for the review on snapsup/snapstate parts, do you think you'll get a chance to look at #5452 too?10:25
zygaabeato: let me know if you need help10:25
* mborzecki wonders if he should try linux-hardened + apparmor on arch10:28
abeatozyga, hm, so not sure how snap confine builds the list of cgroup devices, should not it add ttymxc6 as the modem-manager interface has '/dev/tty[^0-9]* rw,' in apparmor rules?10:36
zygait's not related to apparmor in any case10:36
zygayou need udev backend specification object to add a rule to tag a device at runtime10:37
zygaabeato: look t...10:37
abeatowhere can I find an example?10:37
zygalook at anything that calls TagDevice10:38
zygaI just found a random one10:38
zygathe argument is a partial udev expresssion10:38
zygalook at what happens to get a feeling about how this works10:38
zygait essentially expands to something like this10:38
zygaif this-and-that-udev-expression-matches then append a tag to the device that udev is looking at, the tag is derived from snap name10:39
zygathen snap-confine uses those tags to pre-populate the cgroup10:39
zygaand also udev uses the same expression to add/remove devices as they are added/removed in the system (live changes)10:39
abeatozyga, ah, got it now, thanks10:40
zygasuper, good luck!10:40
pedronismborzecki: yes, this afternoon11:11
mborzeckipedronis: great, thank you11:13
mborzeckipedronis: opened another PR #5561this is snapstate changes with run through tests12:12
mborzeckimup doesn\t work?12:13
* Chipaca kicks mup12:13
Chipacaoh wait, that was lalita12:13
jdstrandogra: hi! have you ever seen this before: bbb-test kernel: [553472.131711] musb-hdrc musb-hdrc.1.auto: VBUS_ERROR in a_wait_vrise (90, <VBusValid), retry #3, port1 0008010c12:19
ograjdstrand, well, thats the micro USB driver that has never been rock solid12:54
ograthough i dont remember this particular error12:55
ograsmells like a wrong value in the dtb12:55
ograjdstrand, https://e2e.ti.com/support/arm/sitara_arm/f/791/t/324491?AM3352-USB-DRVVBUS-does-not-stay-active-when-device-connected#12:56
ograhmm, seems to also be triggered if the board is underpowered and the USB port draws too much current12:59
ograwe should cross check that our kernel has all required MUSB options set http://processors.wiki.ti.com/index.php/MUSB_Linux_Driver_Configuration13:00
ograjdstrand, is that a new kernel ? i dont see the msg here with the latest stable linux-generic-bbb13:12
jdstrandogra: 4.4.0-93-113:13
jdstrandogra: it is the first time I've seen it (saw it in my logs)13:13
ogrado you have any USB devices attached ?13:14
zygaogra: hey, crazy idea13:14
jdstrandogra: no. I don't know if the ethernet is hardwired (I have the power and an ethernet cable plugged in)13:15
zygaogra: does pi have any form of RTC that runs as long as the board is powered?13:15
ograoh, i should probably push 4.4.0-127-1 from edge to stable :P13:15
zygaogra: and if so, could we at least retain RTC across reboot (not across poweroff)13:15
zygathat would be neat IMO13:15
jdstrandogra: I do have the pings wired up for serial, but the usb end is not plugged into anything13:15
ograethernet is hardwired ... not USB13:15
zygamost of the time those devices will just reboot on upgrade13:15
ograjdstrand, let me release -127-1 to stable ... and lets see if you still get that ... i definitely dont have it in dmesg13:16
ograjdstrand, released ... let me know if you still see it after refresh13:16
ograzyga, no, sadly not, i was mixing it up with the dragonboard (that has an rtc but no battery .. pi doesnt have any rtc at all)13:17
zyganothing in the SoC ticks with 32K freq?13:17
ogradunno ... perhaps it does, but you'd still need to preserve the timestamp across a reboot13:18
ograthere is definitely some kind of clock ... so you could count ticks, but i dont know if that doesnt get reset when you reboot13:19
ogradid you look at that fake-hwclock from raspbian and how it works ?13:19
ograperhaps they have a better solution here13:21
kenvandinemvo, i've been doing some profiling of desktop snaps and their first run being slow.  I've ruled out desktop-launch as the bottleneck13:22
kenvandinedesktop-launch elapsed time:  0.99452812713:22
kenvandineNow running: exec gnome-calculator13:22
kenvandinemvo, then it takes ~10-20 seconds for the UI to appear13:22
kenvandinemvo, it looks like that exec is what's taking so long13:23
ograhmm, looking at the debian fake-hwclock script it does nothing with hardware, only reads and writes a file13:23
zygakenvandine: how do you measure?13:24
zygakenvandine: => forum is better13:24
zygakenvandine: but as a profiling case, run hello-world13:24
zygaeverything else is overhead of helpers and the app code itself13:24
kenvandineyeah, that's fast... so it's puzzling13:24
kenvandinei added some output to desktop-launch which shows the difference in time between the beginning and the end of the script13:25
kenvandinethe only thing i'm not timing is the exec itself13:25
zygaI don't know desktop-launch13:25
zygacan you collect this in the forum13:25
zygaI bet we're missing something13:25
kenvandinei'll post it13:26
ogradesktop-launch does a ton of filesystem operations on first start ... but that shouldnt have much impact on second start of an app anymore13:26
kenvandineogra, i'm talking about the first launch13:27
kenvandinei added profiling for that, and it's actually must faster than i thought13:27
kenvandinebut that exec is taking ages13:27
kenvandineand that exec is much faster the second time13:27
ograwell, you are calling out to other binaries from it, probably the exec is delayed till i.e. gdk-pixbuf-foo has run, fontconfig has generated everything etc etc13:28
kenvandineyeah, i'm timing everything up until exec13:28
ograand you are sure the external binaries have all returned by then ?13:29
zygatime the target of the exec13:30
jdstrandkenvandine: is it possible that the desktop-launch script triggers things in the background and the app is somehow signaled (dbus, gsettings, something else) to proceed when the task is done? That could explain a fast script but slow launch (or the exec itself is doing a lot on that first launch because of glib/gtk/whatever)13:30
zygaprobably not the binary13:30
kenvandinemaybe it's loading all the libraries into memory the first time is slow?13:30
zygabut just another layer of scripts13:30
zygakenvandine: rm -rf $SNAP_USER_DATA13:30
zygait will be slow again13:30
zygait's not the libraries13:30
jdstrandloading all the libs would be slow after reboot. this is only after install/refresh afaik13:30
kenvandinezyga, i am doing that for my testing13:31
zygaalso common I suspect13:31
kenvandinei'm doing a reboot to see if that exec is slow again13:31
zyganiemeyer, jdstrand: please let me know when you want to sync on the cache issue13:32
zygaI will break for lunch now13:32
kenvandineah... that exec is slow again after a reboot13:33
kenvandineso maybe it is all just overhead of library loading13:33
kenvandinewe do have quite a path13:33
zygathat would be super odd13:33
zygado you have a HDD?13:33
kenvandineyes... this is in a VM too13:33
zygakenvandine: aha13:33
zygakenvandine: as a "non scientific" ballpark test13:33
kenvandineit is much faster in my laptop :)13:33
zygaopen a terminal after reboot13:33
zygarun "dstat" in it13:33
zygalet it run for a few seconds13:33
zygathen run the app13:33
zygaand correlate activity13:34
zygait shows IP13:34
zygaIO, CPU and lots of useful stuff13:34
zygain one simple format13:34
zygaso you will see "aha, stuck on CPU, stuck on DISK, etc"13:35
kenvandinerebooting to see13:36
kenvandinebut i did notice running a second gnome snap (which also uses gnome-3-26-1604 content interface) that exec is fast again.  So first run of the snap after reboot but the 2nd snap run that uses the content interface13:37
kenvandineso maybe the libs from the content interface are loaded already13:37
kenvandinezyga, dstat did see a jump in disk read on first run of the snap13:40
kenvandineabout 8M13:40
kenvandinebut then next to nothing on the 2nd run13:40
kenvandineactually 8M and then almost immediately after that 10M13:41
kenvandinethen on the 2nd run the biggest spike was 102k13:41
kenvandinezyga, then on additional runs there is no disk reads13:42
zygaIRC spam intensifies14:41
cjwatson/mode <yournick> +R may help14:43
cjwatson(block /msg from unregistered users)14:43
zygaoh, that's very useful, using that now!14:43
roadmrTIL about that on #freenode, but if it doesn't help I'll probably have to stay off freenode until that crap blows over :/ it's very upsetting14:44
cjwatsonThose sort of basic strategies seem to be working OK so far14:47
mvokenvandine: just read backlog, sorry, was busy with core18 work :/14:49
mvopedronis: your opinion on 5563 would be great, its a bit minimal (too much?) right now14:51
kenvandinemvo, no worries14:57
kenvandinei really think it's library loading14:57
kenvandinemvo, i've got it covered :)14:58
mvokenvandine: excellent15:02
Chipacapedronis: niemeyer: #5187 is ready for a (n+1)th look15:13
pedronismvo: I commented a bit15:19
mvopedronis: thanks!15:21
mvopedronis: sure, I will add checks on the assertion level15:22
mvopedronis: thanks for the review15:22
* mvo has fun with kernel crng blocking the boot of core18 in the meantime15:22
pedronisChipaca: I forgot 5187 is dauntingly big15:23
Chipacapedronis: … maybe :-)15:24
pedronisChipaca: so  forget and check don't touch snaps,  but they touch things that restore and save touch?15:27
Chipacapedronis: yes15:27
pedronisChipaca: I skimmed a bit but I'll look at it seriously in the morning I think15:31
Chipacapedronis: that is fair15:31
jdstrandniemeyer, mvo, zyga: fyi, gave jjohansen the context of most recent issue. he'll be ready in a little bit for the meeting and can ping us16:16
zygagreat, thank you jdstrand16:17
zygajdstrand: btw, did you see my reply on https://forum.snapcraft.io/t/apparmor-profile-caching/1268/2116:19
=== chrisccoulson_ is now known as chrisccoulson
=== leosilva is now known as leosilva_
jjohansenjdstrand, zyga, niemeyer: okay I'm available16:45
* jdstrand is ready16:46
jdstrandmvo: ^16:46
zygawhere shall we go?16:46
jjohansensome where with a nice sandy beach, good weather and free drinks16:48
jdstrandniemeyer, zyga, mvo, jjohansen: https://meet.google.com/tdg-hhbb-dip16:48
mvoomw as well16:54
jdstrandmvo (cc niemeyer, zyga): can you ping us if the strategic use of --skip-read-cache is deemed infeasible, which would escalate the priority on our end. If you have that change, then we can go through the proper channels on prioritizing this, but if you don't, jj and I will defend starting early17:46
zygajdstrand: ack, I’m just staring on the patch right now19:01
jdstrandzyga: thanks19:35
jdstrandrbasak: hey, so for the moment I have not granted classic. can you ping me if there is agreement to grant it early?19:35
zygajdstrand: https://github.com/snapcore/snapd/pull/556420:13
zygajjohansen: ^20:31
zygawell, #556420:31
zygaPR 556420:31
zygamup must be on holiday s:)20:31
zygajjohansen: https://github.com/snapcore/snapd/pull/556420:31
FreeBDSMhow to get a snap of firefox 52.9.0 ESR?20:32
jjohansenzyga: that looks okay20:36
zygajjohansen: great, thank you!20:39
zygaFreeBDSM: I think you should ask in #mozilla about that, it's their snap, they are the publisher20:39
pedronisthe esr track has 60.120:40
FreeBDSMzyga: I think they hate their users20:40
zygapedronis: yeah, I checked,20:41
zygaFreeBDSM: I don't think they do that but it's the question you should bring to mozilla20:41
FreeBDSMzyga: it's pointless to do20:41
FreeBDSMthey want me to install their fresh bullshit, I refuse to20:41
FreeBDSMso, snap goes against freedom as well :(20:44
zygaultimate freedom is anarchy, snaps are here to improve on known issues, it cannot be everything for everybody but we are here do make the world better20:45
FreeBDSMnot at all20:45
FreeBDSMyou could just store old versions20:46
FreeBDSMbut you don't20:46
ograFreeBDSM, was 52.x ESR ever in the snap store ? (i dont think it ever was, so blaming us is a bit unfair, dont you think)21:03
FreeBDSMogra: looks like it was21:04
FreeBDSMogra: I get google links pointing to snap of firefox-esr 52.9.0 but now there's a more recent version21:04
ograAFAIK the first release to the esr track was 59.xx21:04
ogra(and that was not promoted since it was a pre-release, they only announced esr availablility with 60)21:05
zygaFreeBDSM: if debian had stored it it would also go away over time, that's not a fair thing to say, we actively give the developers the choice to publish old versions as tracks but we don't allow people to just get any version from the past because that is insecure and snaps are here to solve the update issues21:05
ograif you had a former version installed you can defiitely revert to it using snap revert though21:05
FreeBDSM`we don't allow people to just get any version from the past because that is insecure` - b/s21:06
ograso nobody *forces new stuff on you* ... quite the opposite with snaps, they allow you to go back without breaking21:06
ogra(that indeed only works if you had a former version)21:07
FreeBDSMyes, and this approach sucks21:07
ograwell, the rollback is a local thing ...21:08
FreeBDSMwouldn't be a local thing, if repo had older versions available...21:08
zygaFreeBDSM: it's your opinion21:08
FreeBDSMjust like mozilla has ALL of it's versions available for public...21:08
FreeBDSMzyga: no, it's not, it's just some common sense21:08
zygaFreeBDSM: you can always get mozilla from source and build it yourself21:08
FreeBDSMzyga: which is like re-inventing a bicycle21:09
zygaFreeBDSM: no, it's not common sense21:09
zygaFreeBDSM: to argue you should present some facts21:09
zygaFreeBDSM: not "common sense" or "b/s"21:09
FreeBDSMFact A. people sometimes want particular version of software21:09
zygaFreeBDSM: I don't actually want to argue tonight, I'm just pointing out this is an opinion of yours, not a fact that is universally agreed upon21:09
FreeBDSMFact B. snappy/flatpak/etc. was partially invented to make self-contained builds distribution.21:10
FreeBDSMFact C. You say it's up to upstream to decide what to upload to your repo21:10
FreeBDSMFact D. You say you don't store older uploaded snaps because 'that is insecure'21:11
ograwho said that ?21:12
FreeBDSMFact E. Uploader of snaps (mozilla) has their older versions publicly available.21:12
FreeBDSMFact(?) F. (from what I understood) Mozilla decided to turn off the availability of the previous version of firefox as a snap.21:13
FreeBDSMogra: grep the channel log21:13
zygaFreeBDSM: I didn't say we don't store old revisions, we do store them, we don't allow everyone to install old revisions21:13
pedronisthe log says we don't allow to some degree to get them21:13
pedronisthe issue is really that only the maintainer can decide what is maintained21:14
FreeBDSMzyga: I'm not everyone, please, let me download it21:14
zygaFreeBDSM: only mozilla can do that21:14
FreeBDSMpedronis: that is a dictate21:14
FreeBDSMzyga: well, a poor decision on your part then to make it so.21:14
pedronisit's trade offs all the way down like turtles21:15
FreeBDSMyeah, that lead to digital dictate21:15
* ogra waits for godwins law invocation ...21:15
zygaFreeBDSM: that's your opinion21:15
pedronisthe maintainer can create tracks for all the things maintained21:16
FreeBDSM`we don't care what you think about what we've recently did, you either just update and agree to our terms, or FU and good luck building an older version yourself`21:16
pedronisthey have that option21:16
FreeBDSMpedronis: a maintaner may have semi-evil intents21:16
pedronisotoh I expect some of them not to want to  let unmaintained stuff get installed21:16
ograFreeBDSM, well, alternatively convince the responsible people to make it availble to you21:16
ograthe responsible people being mozilla here ... the store is just a tool ... they drive it21:17
FreeBDSMogra: you've made responsible some scum, no chance I'm going to convince them shit21:17
zygaFreeBDSM: you can take firefox, build a snap and upload any set of tracks that have every release21:17
zygaFreeBDSM: but mozilla chose not to21:17
zygaFreeBDSM: you can still do that21:17
zygaFreeBDSM: you can also recommend your version to everyone21:17
zygaFreeBDSM: but mozilla recommends theirs21:17
ograFreeBDSM, so why are you arguing with us now ?21:17
FreeBDSMogra: because it was your poor decision to make some scum responsible21:18
FreeBDSMbad ideas are bad ideas21:18
FreeBDSMzyga: I could take firefox and build it statically and forget about snap as a bad dream as well.21:19
ograFreeBDSM, well, you are trolling and arguing abour an app version with us that was never packaged as a snap making us responsible for the fact that you can not get it as a sanp21:19
FreeBDSMwith that kind of argument snap is useless21:19
FreeBDSMogra: no, you are trolling21:19
ograhuh ?21:19
FreeBDSMgo troll someone else21:19
ograread the backlog please21:19
zygaFreeBDSM: we can keep this discussion civilized or use words like "scum" and let you talk to yourself21:19
ograyou are probably the most aggressive person i have seen in this channel in the last half year21:20
FreeBDSMyour nickname is like an ogre, ogres are like trolls, thus you are a troll.21:20
ograsure ...21:20
zygaogra: use your @21:20
FreeBDSMcheck and mate21:20
ograin any case your complaints wont go anywhere, nobody of us can make esr52 available to you since it never existed in the snap store ...21:20
FreeBDSMwell, I understood it quite some time ago21:21
FreeBDSMI just wanted to ridicule you21:21
ograso why are you still agruing21:21
FreeBDSMbecause the situation is ridiculous21:21
ograit is as it is21:21
FreeBDSMyou've created an awesome util that's able to solve a problem21:21
ograif you want esr52 ask FF to upload it to the store21:21
FreeBDSMand you make your ecosystem SO, that the problem won't be solved21:21
FreeBDSMkind of, defies logic21:22
FreeBDSMwhy bother with snap then?21:22
ograwell, thats your POV21:22
ograwhy do you ?21:22
FreeBDSMI don't21:22
FreeBDSMI just realized it's useless21:22
ograso why are you coming here then21:22
FreeBDSMthus I won't use it21:22
FreeBDSMogra: read above21:22
FreeBDSMto ridicule you21:22
ograthats fine and totally your right21:22
* mvo calls it a day with an almost booting 4.15 kernel on core1821:23
FreeBDSMit is also your right to waste your time making X and then taking decision Y which nullifies the profits of X21:23
zygaFreeBDSM: let us agree that you have some opinion of how snaps are designed and we have another21:23
FreeBDSMsnaps can be used for distributing fat packages21:24
* ogra fully agrees :P21:24
zygaFreeBDSM: can we have our opinions without you being offensive?21:24
FreeBDSMI'm not offensive21:24
FreeBDSMyou are being too defensive21:24
zygayou are not kind, you don't try to understand our opinion21:24
FreeBDSMdefending what?21:24
FreeBDSMI understood your opinion21:24
ograbut you dont respect it :)21:24
FreeBDSMyou wanted to delegate as much as possible21:24
zygayou came here to say we are ugly and stupid because we didn't do what you think21:24
FreeBDSMI get it21:24
ograi didnt say "get"21:25
FreeBDSMzyga: no, I didn't21:25
zygawe want you to appreciate our opinion and the reasons for the design before you say this is stupid21:25
zygawe can share that design vision with you if you are willing to listen21:25
FreeBDSMI came here to say you've made an awesome tool, but you've made some horrible decisions about the way the infrastructure/service/ecosystem around that tool is built which in _some_ cases nullifies the pros of the tool21:25
zygabut this has to be a civilized discussion because otherwise I don't think anyone will be interested in spending their time21:25
ograwell, you didnt say it in that tone :)21:26
zygathat's much nicer21:26
zygayes, now we can discuss pros/cons and the why's21:26
FreeBDSMwell, I wanted to ridicule you, after all, so I just had to make it as absurd as possible to make the point as obvious as possible21:26
zygalet's suppose mozilla did upload ESR 5921:26
zygaand it was in the store (I don't know if that's true or not(21:27
ograit was21:27
FreeBDSMlet's suppose it was21:27
zygaFreeBDSM: believe me, if this was a face to face conversation it would not be received well21:27
zygaFreeBDSM: now let's suppose we allow anyone to download any revision21:27
ograthen they updated to 60 and annoounced the availability21:27
zygathis is something we reserve to the publisher of the snap21:27
zygasince they can publish any revision they can also get any revision21:27
zygahow would the user experience look like?21:27
FreeBDSMzyga: believe me, it'd be go way better, as text doesn't express my emotions21:28
zygayou can get revision 12351 that happens to be firefox 59.0.1 build 7 (for example)21:28
zygawhat would happen next? do you stay there forever?21:28
zygado you move to 60.0 in half an hour21:28
FreeBDSMI tell you21:28
zygado you move to 60.1 as soon as it is out?21:28
FreeBDSMmy answer is 'let the user decide'21:28
FreeBDSMIf they want to update - let'em21:28
zygaout of that set, there's only one answer that's clearly insecure: stay on 59 *especially* in a browser21:28
FreeBDSMif they refuse to update - let'em21:29
zygaFreeBDSM: but the users cannot decide, this is well known that they don't understand security and only care about convenience21:29
FreeBDSMdon't fool yourself into thinking that you know better what's better for the user. you don't. period.21:29
zygaif update was opt-in a large population of the users would never update and would be on the insecure version21:29
zygaFreeBDSM: I'm curious, how many CVEs are in 59.0 that were fixed in 60.021:29
FreeBDSMzyga: the stupidest users don't know what linux is.21:29
FreeBDSMzyga: they user the OS that came with the laptop21:29
FreeBDSMand they ask their 'computer boi' to 'fix it when it gets to pornful'21:30
zygaFreeBDSM: well, we are building a coherent experience for our users, snaps are aiming to provide something better than what we had21:30
zygaso as a part of that design we said we would not allow people to just stay suck on old revision21:30
FreeBDSMI believe that you had best intentions21:30
zygabecause even if they don't want to be insecure21:30
zygathey don't understand the consequences21:30
FreeBDSMbut there's a saying: 'best intentions lead to hell'21:30
zygaand they can be easily fooled into following a set of instructions that keeps them stuck forever21:30
FreeBDSMthey do understand the consequences21:31
zygawe've seen this time and again21:31
FreeBDSMevery ubuntu monkey knows how to update21:31
zygacountless forum posts with instructions on how to pin a package21:31
FreeBDSMif someone doesn't - let the suffer21:31
zygaor download a random deb or rpm21:31
FreeBDSMthat's their choice to be stupid21:31
zygayou say "let them suffer"21:31
ograyou miss the point21:31
zygaI say "I want to make the world better"21:31
zygathat's what we _chose_ to do21:31
ograit isnt *them* who sufferes alone21:31
FreeBDSMand back to godwin's law21:31
zygathe linux landscape is full of harder options21:31
FreeBDSMhitler wanted to make the world better as well21:31
zyganobody is forcing you or like-minded people to use snaps21:31
ograthey will file bugs that someone needs to handle21:31
zygaogra: there you go21:32
ograthey will ask support questions that someone needs to deal with21:32
FreeBDSMboil point21:32
ograthey take away working time of mozilla devs to fix issues in a newer version21:32
FreeBDSMno reason to continue the argument because you think you know better than the users what is better for them21:32
FreeBDSMjust like some gov21:32
FreeBDSMI despise such approach21:33
ograo it is mozillas decision if they want to cope with that21:33
ograthey obviously dont21:33
ograso they picked to only offer the latest esr21:33
FreeBDSMthis always leads to what's described in Orwell's antiutopias21:33
ograthe store allows you to open tracks, and offer any number of versions you want to your users21:33
ograthey decided not to21:34
FreeBDSMmozilla is compromised. period.21:34
FreeBDSMthey chose the evil path.21:34
FreeBDSMlet them rot21:34
ograthis is *again* not our decision and you deny to accep that fact21:34
ograthe tool has the capability21:34
FreeBDSMthe fact that any organization may make turns in their path21:34
FreeBDSMand become evil21:34
FreeBDSMand the fact that you delegate too much to organizations21:35
FreeBDSMjust 2 facts21:35
ograwell, thats a topic for #mozilla i guess21:35
FreeBDSMmozilla does what it does21:35
FreeBDSMit now does evil things21:35
ograand nobody here can change that21:35
ograand nobody here can change that either21:35
FreeBDSMbut you do stupid things when you let evil corps lock older versions21:35
ograwe dont do *things*21:35
FreeBDSMand you could change that21:35
ograwe offer a tool21:36
FreeBDSMyou also offer a service, don't ya?21:36
FreeBDSMa repo21:36
ograyes, thats the tool i'm talking about21:36
FreeBDSMthe tool is great, I'm here to blame the service21:36
ograit is super easy to offer a track for each version of firefox ever released in that tool21:36
FreeBDSMI'm not sure I understood what you just said21:37
ograbut the publisher of that ackage decided to not do that21:37
FreeBDSMand back around21:37
FreeBDSMyou let the publisher do evil things21:37
FreeBDSMnow you just say `we dindo it! they did!`21:38
ograso again ... in easier words ... the snap store allows a publisher to make all versions available ever released as snaps in different tracks if he wants21:38
zygaFreeBDSM: we shared why snaps work the way they work21:38
ograthere is no limitation in snaps, snapd o the store here21:38
zygaFreeBDSM: you shared your opinion how how that is wrong21:38
FreeBDSMso again, it was your decision to make it so21:38
zygaFreeBDSM: we disagree on principles21:38
FreeBDSMit was a bad decision (IMO)21:38
ograif *you* would want to do that with a package fo yours you could do that at any time21:38
zygaFreeBDSM: let's be civilized and carry on, the great thing is that you can make a better system21:38
kyrofaHey zyga, can you explain why we just split instead of supporting shell quoting? https://github.com/snapcore/snapd/blob/master/cmd/snap-exec/main.go#L18121:38
zygaFreeBDSM: convince us we were wrong by doing something better21:39
ograjust have a track for each version ever existing21:39
zygakyrofa: hey21:39
zygakyrofa: I suspect the answer is "gulp" but let me look21:39
FreeBDSM(·̿Ĺ̯·̿ ̿)21:39
zygais the comment above any good?21:39
zygakyrofa: we split because we apparently refuse shell quoting and other magic stuff21:40
zygakyrofa: so we split because the input is super restricted where that is the equivalent operation21:40
zyga(that's much better than "gulp" I said above)21:40
kyrofazyga, the comment talks about how safe it is, but won't this blow up if the command name actually contains a space?21:40
zygakyrofa: can you give me an example please?21:41
ograa command name that contains a space ? in shell ??21:41
kyrofaYeah, let me actually verify my hypothesis21:41
zygakyrofa: I think we disallow that but not explicitly, the command _is_ the first word21:41
zygakyrofa: and since we don't allow quoting21:41
zygathat's that21:41
ograi dont think thats possible in shell21:41
zygaogra: I suspect it is21:41
zygabut very evil :)21:41
ograzyga, commands with spaces in the name ?21:42
zygayeah, just try it21:42
ograunless you do weird escaping the thing after the space will always be interpreted as the first arg21:42
FreeBDSMzyga: ogra: by the way, thank you for the civilized discussion. Although I didn't cross any lines I know I sounded trollish (making the situation as absurd as possible -it just a way to argue).21:42
zygawell, "weird escaping" is just escaping21:42
FreeBDSMit's a pity that we disagree21:43
ograFreeBDSM, well, you didnt get me ... the store actually allows what you want21:43
FreeBDSMogra: it allows if I'm to become a maintainer21:43
ograso while we might disagree in principle, what you want it in fact possible21:43
ograit is just that mozilla decided not to21:44
FreeBDSMand that defies the logic: why would I bother uploading stuff if I could just built something for myself and just use it?21:44
ograand we dont force anyone21:44
pedroniskyrofa: we don't suppor quoting, so we also don't support commands with spaces in practice21:44
ogradunno, because you are a social person that wants others to benefit from it too ?21:44
FreeBDSMogra: please, don't repeat yourself, I already told you my counter-argument to that.21:44
zygaFreeBDSM: calling mozilla compromized, us evil and users stupid feels a bit strong IMO21:44
FreeBDSMogra: I am an asocial person and I want comfort for myself first and I neither care, nor mind about the comfort of others.21:45
roadmrFreeBDSM: sorry, you did cross a line21:45
zygaat least I hope you can understand _why_ we made the decisions you disagree with21:45
ograFreeBDSM, well, then you probably wont package what you built as a snap ... perhaps fame could bribe you ?21:45
ograroadmr, multiple :)21:45
FreeBDSMzyga: 1. I didn't call you evil, I called mozilla evil. 2. you called users stupid and I said `that's their freedom to be stupid, you have to respect that`. 3. mozilla is in fact compromised and is now malicious.21:46
FreeBDSMroadmr: no.21:46
kyrofazyga, pedronis ah, indeed, quotes in the command actually result in an invalid snap21:46
ograwell, by democratic vote of the people speaking here for the last hour you definitely did21:46
FreeBDSMtrollin, I see21:46
zygaFreeBDSM: I don't think people are stupid, I do believe most of us are ignorant about the vast majority of topics21:47
zygaFreeBDSM: most people are highly ignorant of security threats21:47
zygaFreeBDSM: of how the software they use works21:47
FreeBDSMzyga: okay. And that is fine.21:47
zygaFreeBDSM: or what the consequences are21:47
FreeBDSMwarn them and go on21:47
FreeBDSMdo not limit them forcefully21:47
zygaFreeBDSM: for that we _chose_ to do something so that would be less hurt by their decisions _despite_ being ignorant abou tthat21:47
FreeBDSMbecause this is the road to hell21:47
zygaFreeBDSM: we chose not to do this for the reasons I stated already: humans largely ignore security because they are ignorant about it and choose convenience21:48
kyrofazyga, pedronis so we don't expect any command args to have spaces either, then?21:48
zygaFreeBDSM: to effectively make their lives better by handling security we took that option away21:48
zygakyrofa: not in the snap.yaml21:48
FreeBDSMzyga: that can be very well rephrased into `we think we know better than the users what is better for the users, we will force our decision onto the users, because majority of users is stupid`21:48
pedroniskyrofa: yes, no quoting anywhere, we don't support ' or "21:48
zygakyrofa: we need to improve that part to allow it21:48
pedronisin the commands21:49
zygaFreeBDSM: no, that's totally not what I said21:49
zygaFreeBDSM: I chose the words I used very carefully21:49
FreeBDSMthat's exactly how I understand it21:49
zygabeing ignorant is not being stupid21:49
zygaFreeBDSM: well, you are ignorant of the meaning of the word ignorant then21:49
FreeBDSMokay, read 'stupid' as 'ignorant'21:49
zygaFreeBDSM: I am ignorant of tons of things21:49
FreeBDSMdoesn't change the meaning of the sentence much21:49
zygaFreeBDSM: I don't know how to make electricity safe21:49
FreeBDSM`we think we know better than the users what is better for the users, we will force our decision onto the users, because majority of users is ignorant`21:50
ograit totally changes the meaning21:50
zygaFreeBDSM: I accept that some people do and I let them handle electric wiring at home21:50
ograone is an insult, the other isnt21:50
zygaFreeBDSM: this is quite like that21:50
FreeBDSMogra: in my opinion it changes it a very little21:50
zygaFreeBDSM: as I said before, total freedom is anarchy21:50
zygaFreeBDSM: and we're not here to give people total freedom because we believe there's a better way21:50
kyrofaThanks zyga, pedronis. Makes what I'm working on simpler, although soon folks will be exposed to that limitation (right now snapcraft users aren't), so we might think about changing it if we get complaints21:50
zygaFreeBDSM: those are choices we actively took to make the world better21:50
FreeBDSMI find this of all your choices bad21:51
zygaFreeBDSM: we cannot change humanity's knowledge about modern software issues, threats or consequences of certain actions21:51
zygaFreeBDSM: we did the thing we could21:51
FreeBDSMyou could not use restrictions21:51
FreeBDSMI think it would be better21:51
zygathat's okay, nobody is holding a gun to your head asking you to love snaps or die21:51
FreeBDSMit would be more fair21:51
FreeBDSMbut you are against fair21:52
zygayou can think that too,21:52
FreeBDSMbecause you think you know better21:52
zygawe're just saying we disagree and this is how this project is designed to operate21:52
zygayou also think you know better21:52
zygayou think you know better than some of us do21:52
zygathat's okay, you can do that too21:52
FreeBDSMI understand, I'm criticizing the obvious flaws of your design, that's all21:52
FreeBDSMnot the whole idea, just the flaws21:52
roadmrand you're saying it too, FreeBDSM : you say "in my opinion", "I think", "I find". Sounds like an agreement to disagree21:53
zygain absence of measurable data to the contrary we will hold our design firmly21:53
zygaso far we've seen the world of old software that is never updated21:53
ograbut what you see as flws might be seen as benefits by others ... can you accept that fact ?21:53
zygabecause it's hard or inconvenient21:53
FreeBDSMin absence of data one can apply logic and logical experiment, logical judgement21:53
roadmror compare people to hitler21:53
zygawe've seen threats spreading around the planet in half a day21:53
zygaFreeBDSM: we have tons of data21:54
FreeBDSMlike what?21:54
zygaFreeBDSM: security is very important to idea of snaps and the people who made them21:54
zygaFreeBDSM: many of the same people were working on ubuntu and other distributions and saw first hand the impact of security issues21:54
zygaFreeBDSM: and looking at the larger ecosystem and insecure old software being the de-facto norm we didn't want to repeat those mistakes21:55
FreeBDSMwhat is a snap?21:55
FreeBDSMin 1 sentence, please21:55
zygaFreeBDSM: I'm sorry, do you understand my points?21:55
FreeBDSMzyga: I understand them, I'm going to prove you are wrong21:55
zygaI'm not playing21:55
FreeBDSMzyga: what is snap in 1 sentence.21:55
zygaI don't want to talk to you anymore, you made your point21:55
FreeBDSMis it a tool to bring security?21:55
zygaI tried to do my best to explain my view21:55
FreeBDSMit doesn't and can not solve the problem of the security21:56
zygaplease get some rest, enjoy fresh air, ride a bike, talk to friends21:56
zygaif you want re-read this conversation piece by piece21:56
ograhe said he's antisocial ... no friends ....21:56
FreeBDSMcontainers solve some part of the problem of security, firewalls solve another part of the problem of security, anti-viruses solve another part of the problem of security, but snap is neither of them.21:57
zygaI was generous to spend a good chunk of my evening to explain my motivation and the design behind snaps21:57
zygabut I'm not offering to argue ad infinitum about that21:57
zygaso enjoy, maybe someone else will continue the conversation21:58
FreeBDSMmost of the time you've repeated yourself and stood deaf towards counter-arguments21:58
FreeBDSMso you didn't really argue21:58
zygayou came here to say the design is wrong, I explained the design first because you didn't seem confident knowing that21:58
zygaanyway, EOT21:58
roadmrcheers zyga \o/21:59
FreeBDSMthat's disappointing21:59
FreeBDSMwhen people refuse to argue - they refuse to change21:59
FreeBDSMwhen they refuse to change - they get obsolete pretty fast22:00
FreeBDSMthese are the laws of nature22:00
FreeBDSMbut still, I respect that at least you behaved in a civilized way22:01
FreeBDSMI really came here to just ask if maybe some other user would share their snap with me22:01
zygahmm, /bin/bash: line 60: killall: command not found22:08
zyga+ echo 'Ensure no stray sleep processes are around'22:08
zygaEnsure no stray sleep processes are around22:08
zyga+ killall sleep22:08
ograzyga, dont use killall ...22:10
ogrause pkill22:10
zygawe probably lack killall in the core snap22:11
ograkillal isnt a standard22:11
zygafunny that the test was written with killall before22:11
zygaI just kept using it22:11
ograpkill is a standard iirc so that should be there22:11
zygakillall is not in the core snap22:11
zygathat code never ran ^_^22:11
ograwell, and you obviously dont set -e22:13
ograelse it would have exploded in your face :)22:13
ogra(or at least exited nonzero)22:14
zygait's more funny than that :D22:16
zygapatch incoming22:16
ograoh my22:16
zygaI did git grep in the root of the tree so that's all of them22:17
ograLOL !22:17
ograis that the "skype kills my session" issue ?22:18
ogra(looking at the wayland interface ...)22:19
zygano, that's just a test22:19
zygaskype caused a segvfault in X22:19
ograah, right22:19
zygano idea why22:19
ograyeah, i missed the test/ at the beginning of the path22:20
ograzyga, oh, btw, looks like nobody from ym team is invited to the sept. thingie ... so no beer :(22:25
ograyeah :/22:26
zygajoin me at flock! :)22:26
zygait's in Dresden22:26
zygais that far from you?22:26
zygawell, :)22:26
zygajust sayin'22:26
zygajdstrand, jjohansen: is apparmor in 4.15 able to discover paths "across" bind mounts in a way that didn't exist in 4.4?22:29
zygadebugging a very very curious issue22:29
zygawe're seeing a denial22:29
zygathis is the profile:22:29
zygathis is the denial:22:30
zyga[  318.394972] audit: type=1400 audit(1532637900.980:30): apparmor="DENIED" operation="file_mmap" profile="snap-update-ns.test-snapd-tools-core18" name="/snap/snapd/452/usr/lib/snapd/snap-update-ns" pid=1054 comm="3" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=022:30
zyganotice that it talks about snap-update-ns from the *snapd* snap22:30
zygathe same profile works on 4.422:30
zygain both cases (so on 4.4 and 4.15) snap-update-ns is actually opened from /snap/snapd/(some revision)/usr/lib/snapd/snap-update-ns22:31
zyganow, having said that22:32
zygawe also bind mount /snap/snapd/(revision)/usr/lib/snapd/ to /usr/lib/snapd/ on the host22:32
zygaI may have a partial picture for now, this is still something we are exploring22:32
zygaany advice on how to debug this would be great22:33
zygaI'm looking for the knobs to enable kernel-level debugging of apparmor LSM22:33
zygado we need a better kernel for that (better = extra options)22:34
zygaagain, my kernel tree is in my home office so it's hard for me to check22:34
zygaoh and I forgot to mention22:35
zygathe denial went away after we tweaked the profile22:35
zygato allow snap-update-ns to come from either the core snap22:35
zygaor from snapd snap22:35
zygait's just unclear to us why exactly this happened on 4.15 kernel (running core18+snapd) and not on the 4.4 kernel (also running core18+snapd)22:35
jjohansenzyga: no22:56
jjohansenmy guess is a change in dpath but it could be something to do with mount flags and mount22:58
jjohansenI'll have to dig22:59
zygajjohansen: any hints for us on how to look?23:03
jjohansenzyga: well I can tell you its not in the apparmor commits23:08
jjohansenits something, mount/namespace related23:08
zygacan we somehow dump the checks that apparmor is doing?23:09
jjohansenand its probably going to take bisect to trace down23:09
zygaor get more context about the denial before we patch it23:09
zygaI mean, we will just add the patch that allows "snapd" in the path but it is curious what happened23:09
jjohansenit is curious23:10
zygaI will work with mvo tomorrow to get to a case we can easily reproduce and share23:11
zygaso far it's 'elaborate' to do so perhaps the bug is elsewhere23:11

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!