[01:04] Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/ [01:33] Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/ [01:33] Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/ [01:33] or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/ [01:33] Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate [01:58] Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/ [01:58] or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/ [01:58] Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate [02:33] Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/ [02:33] or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/ [02:37] Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/ [02:37] or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/ [02:38] Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/ [02:38] or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/ [03:22] <7JTAEXEXK> Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/ [03:22] <7JTAEXEXK> or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/ [03:38] Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/ [03:53] Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/ [03:53] or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/ [03:53] Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate [04:58] Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/ [05:19] morning [05:33] Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/ [05:33] or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/ [05:43] Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/ [05:43] or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/ [05:43] Read what IRC investigative journalists have uncovered on the freenode pedophilia scandal https://encyclopediadramatica.rs/Freenodegate [05:48] Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/ [05:50] so much spam [05:50] PR snapd#5559 opened: tests/lib/snaps: avoid using relative command paths that go up in the directory tree [05:51] yay, mup is alive again [05:58] Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/ [06:13] mvo: hi, looks like test-snapd-busybox-static has been released to edge only for i386, can you releease it to stable/beta/candidate too? [06:13] mborzecki: sure, will do now [06:14] mvo: ta [06:15] mborzecki: done for all arches [06:15] mvo: thanks i'm restarting #5456 then [06:16] PR #5456: snapstate: refuse to remove bases or core if snaps need them [06:17] mborzecki: thank you [06:42] yay, only 14 tests failing on amzn2 [07:27] Hi folks, has anyone an example of building a Qt5 app as a snap on Launchpad with the Ubuntu 18.04 envronment? The 16.04 environment worked great. But on 18.04 I get all kind of strange errors while building like in https://launchpadlibrarian.net/380104791/buildlog_snap_ubuntu_bionic_arm64_hswitch_BUILDING.txt.gz [07:28] that's the configuration: https://github.com/pbek/hswitch/blob/develop/build-systems/snap/snapcraft/snapcraft.yaml [07:41] o. [07:42] hey zyga ! good morning [07:42] PR core-build#30 opened: scripts: add fixrtc-munt script to fix time issues on pi2,3 [07:43] zyga: right in time for -^ [07:43] zyga: I was thinking about the problem and the above seems like the quickest way out of the mess (especially since we want to release 2.34.2) [07:43] zyga: WDYT? [07:46] what's the status of #5271 ? [07:46] PR #5271: cmd/snap: attempt to start the document portal if running with a session bus [07:50] a 2nd review of #5515 would be great [07:50] PR #5515: daemon: make sure most change generating handlers can produce errors with kinds [07:50] pedronis: let me look at this one [07:53] tests continue to be unhappy :( [07:55] mvo: looking [08:02] pbek: 18.04 is not fully baked yet, [08:02] zyga: ah, thank you! [08:02] PR core-build#31 opened: add shellcheck on build and fix open issues [08:03] zyga: I did a tiny fix and force pushed to #30 [08:03] I just noticed :) [08:03] zyga: sorry, silly thing based on #31 [08:03] PR #31: Feature/snapfs refactor [08:03] sorry for being slow, some interruptions at home and I'm the last one standing [08:04] what was the change? [08:04] zyga: for word in $(cat /proc/cmdline) must not be quoted [08:05] zyga: I did this incorrectly in the initial push [08:05] I see [08:05] right [08:06] zyga: its quite annoying that I had to disable the shellcheck test there but I don't see a good way to word split otherwise without using bash array (which we can't in initrd which uses ash iirc) [08:07] zyga: "last one standing" - are you guys sick? [08:09] mvo: not all sick but I'm the only one that can do stuff [08:10] but all is good now [08:10] ok [08:10] as in: no fires, not starving, can work :) [08:13] something funny about amzn, date --iso-8601=seconds -d 'tomorrow 8:05 UTC' yields '2018-07-27T08:05:00+0000', which does not parse in go, imo the output should be 018-07-27T08:05:00+00:00, https://play.golang.org/p/zfhZyaYpWKB [08:15] heh fixed in 2015 https://git.savannah.gnu.org/cgit/coreutils.git/commit/src/date.c?id=17bbf6ce44eb543a95695fa9d2cbd70fb52c6f42 [08:15] mvo: reviewed [08:15] mvo: thank you btw! [08:15] mvo: lastly, this is something I would much much much rather write in C [08:16] mvo: to break away from the mantra that we must endure shell [08:18] mvo: the commit message is slightly wrong [08:18] last mount time is updated [08:18] but because of the mechanism I explained on the forum, it advances very slowly [08:18] last write time is not updated [08:19] zyga: ok, let me fix the commit message (is force push ok?) [08:21] mvo: I'm looking the other way now ;) [08:21] mvo: have you tried it on your device? [08:22] zyga: not yet [08:22] zyga: its a bit painful, I'm inclinded to merge and build a new edge core [08:24] zyga: thanks for pointing the issue out, I will fix (it seems they were cargo culted) [08:25] zyga: off-by-one space? I don't see this or look for the wrong thing, can you help me please :) [08:28] Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/ [08:32] mvo: I'd suggest actually patching initrd in the wild unless that's very tough, iteration through master is slow [08:32] mvo: there's one space ahead of "date", maybe tab-vs-spaces? [08:32] * zyga wonders if the spam will stop anytime soon [08:32] zyga: oh, probably tab vs space, its not visible for me [08:33] mvo: also really think about coding this in C [08:33] this is like 3 function calls, stat, current date,(conversion), comparison, set date [08:34] (4 including some conversion perhaps) [08:34] mvo: all the prereq stuff can go away [08:34] all the cmdline stuff can go away [08:34] it will never be off by a typo that we don't see [08:36] PR snapd#5515 closed: daemon: make sure most change generating handlers can produce errors with kinds [08:36] zyga: what do you mean by "iteration on master is slow"? what I have in mind is a) upload the fix b) test it c) build new core image with 2.34.2 and the fix d) push core image to beta/candidate [08:36] zyga: is there an alternative that is quicker? [08:36] mvo: thx [08:36] mvo: iteration through master -> build -> core snap -> refresh is slow [08:37] mvo: I though that is what you meant [08:37] PR snapd#5434 closed: overlord: introduce InstanceKey to SnapState and SnapSetup, renames [08:37] zyga: do you know what is the status of #5271 ? [08:37] PR #5271: cmd/snap: attempt to start the document portal if running with a session bus [08:38] pedronis: I don't think so, let me refresh my memory [08:39] I mean, there was just the issue of old xdg-document-portal [08:39] I will discuss this with jamie today [08:39] old portal on a distribution [08:46] zyga: hm, not sure I understand, sorry, maybe a bit slow this morning [08:46] no worries, [08:46] just do as you think is best [08:49] zyga: hm, hm, we could look at /var/lib/snapd/state.json instead of /var/lib/snapd/snaps for the date, this would give us accurate time even on snap reverts which will not pull in new snaps into the /var/lib/snapd/snaps dir [08:49] zyga: not-going-through-master> mostly worried I miss an important idea, maybe we can talk about it via a HO later so that you can explain your idea [08:51] mvo: I was under the impression that you cannot test this now without merging it first and going through the automatic core build cycle [08:51] Chipaca: could you take a look at #5559 ? [08:51] PR #5559: tests/lib/snaps: avoid using relative command paths that go up in the directory tree [08:51] mvo: I was suggesting, if possible, to actually build and iterate locally as once you overcome the initial cost of setup this is much faster to iterate with [08:51] mborzecki: no; looking now [08:52] Chipaca: thx [08:52] mvo: we can HO at any time if you want [08:52] zyga: aha, got it now [08:52] mborzecki: wrt /etc/os-release, I think we shouldn't be using the host's one [08:53] zyga: I'm very confident in the fix :) [08:53] zyga: but yeah, testing locally makes sense [08:53] Chipaca: agreed, need to discuss the right solution with zyga though [08:53] plus, anything you find and document as HOWTO will improve the next cycle :) [08:54] zyga: I will wait for ogra_ and/or abeato to review https://github.com/snapcore/core-build/pull/30 [08:54] PR core-build#30: scripts: add fixrtc-munt script to fix time issues on pi2,3 [08:55] mborzecki: any reason not to implement dropping support for relative paths that go outside the snap, and supporting absolute paths? [08:55] mborzecki: other than it being a harder change i mean :-) [08:56] Chipaca: frankly I haven't considered that at all, would be nice to know if there are any snaps in the wild that use this first [08:57] mborzecki: there weren't when we checked last [08:57] Chipaca: let me put that in my todo list then and i'll push that in a follow-up [08:58] mborzecki: there's no rush imo [08:58] Hey, I thought you guys might be interested in this blog by freenode staff member Bryan 'kloeri' Ostergaard https://bryanostergaard.com/ [08:58] or maybe this blog by freenode staff member Matthew 'mst' Trout https://MattSTrout.com/ [08:58] PR snapd#5559 closed: tests/lib/snaps: avoid using relative command paths that go up in the directory tree [09:04] mvo, zyga ... do you actually want the boot to hang when setting the clock fails ? [09:04] popey: It might be worth setting either +r (block unidentified users) or +q $~a (quieten them) here for a while to deflect the spam. [09:04] mvo: no [09:04] mvo, i'D rather remove the -e and leave exit 0 in [09:04] er, ogra_ no :) [09:04] ogra_: yes, I commented about that [09:04] JamieBennett: ^- [09:05] I am on vacation. If I op you cjwatson can you do it? [09:05] Sure. [09:05] zyga, right, but only the exit 0 was removed ... and -e left in ... thats exactly the opposite of what i said ;) [09:05] ah, I didn't see that [09:05] mvo: ^ ogra is right [09:05] we should not set -e this scrpit [09:05] Thanks [09:06] and this highlights that shell sucks and this one should be C === cjwatson changed the topic of #snappy to: Join the forum: https://forum.snapcraft.io/t/when-to-use-forum-vs-irc/38 | If you can't send messages here, authenticate to nickserv first [09:06] popey: enjoy your time off, hide from IRC :) [09:07] I'll leave myself opped in case I need to deal with any fallout from that [09:07] thank you cjwatson ! [09:15] zyga: sure, let me fix that [09:16] * zyga hugs mvo [09:16] thank you! [09:16] ogra_: might be worthwhile to do the same fix in the original fixrtc (remove the set -e) [09:16] hello [09:17] zyga: shall I also use /var/lib/snapd/state.json? [09:18] mvo: I'd keep using the directory [09:18] mvo: and touch it in shutdown [09:18] mvo: is the state.json _always_ guranteed to be there? [09:18] guaranteed [09:18] actually, we could even stat / itself [09:18] and just touch that [09:18] no chance for that to hide :) [09:18] I'm trying to package a python3 app using snapcraft. the snapcraft.yaml is pretty simple: https://pastebin.ubuntu.com/p/KHPy9d3Qr3/ [09:18] zyga: its not but thats easy enough to [ -f ] for [09:18] but I always get this error: [09:18] Could not find a version that satisfies the requirement qmenta-gui (from qmenta-app==1.95.9) (from versions: ) [09:19] No matching distribution found for qmenta-gui (from qmenta-app==1.95.9) [09:19] zyga: touch on shutdown is one more moving part [09:19] because snapcraft uses pip to search for dependencies.. but in this case the dependency is not on PyPI, but in a previous part.. any ideas how I can resolve this? [09:19] zyga: "/" might be readonly [09:19] mvo: yes but note that state.json is also a moving part and it may still rewind the time in bad cases [09:19] touching / on shutdown prevents that [09:20] mvo: (where rewind time is that there are _any_ files in the filesystem that would appear from the future) [09:20] greyback_: :p [09:22] zyga: with touch on shutdown I think the current PR is final now, I addressed the feedback from ogra_ and abeato [09:22] mvo: thank you [09:23] actually [09:23] mvo: one more question [09:23] mvo: what sets the "fixrtc" in the command line? [09:23] I mean, does uboot on pi does that? [09:23] zyga: its part of the gadget [09:23] zyga: yes [09:23] where is that specified [09:23] aha [09:23] would you feel ok not checking for that [09:23] just dropping the whole cmdline parsing? [09:23] after all, it cannot hurt [09:24] if the time is more into the future we won't change it [09:24] whoops, why am i OP ? [09:24] and this would cut on complexity and need to teach other gadgets that this is a command line option and that it does something important [09:25] mvo, agreen (regarding fixrtc) but that needs to happen in the distro package ... [09:25] ogra: you have that special bit :) [09:25] *agreed [09:25] zyga: for this particular update I would prefer to keep the change as minimal as possible, because this will go into stable very soon (we need it to fix refresh issues) [09:25] ogra: yeah, was just wondering alound, not urgent or anything [09:25] zyga, well, i only changed my nick ... and registered ... wasnt aware that IRC keeps such states [09:27] mvo: are you worried that the change could regress something elsewhere? [09:28] ogra: baseline IRC doesn't, but chanserv has a configured access list for each channel [09:29] (also you can register alternate nicks if you want to return to the underscored form ...) [09:29] abeato: here? [09:30] cjwatson, nah, i'm fine i was just surprised [09:31] zyga: yeah, risk is small but it would be super annoying [09:32] zyga: especially since right now the impact is limited to a subset of devices, if it turns out there is a bug somewehre and it runs now on a magnitude more x86 device that would be bad(tm) [09:32] zyga, we have fixrtc on the commandline of all relevant gadgets [09:32] (just not on pc iirc) [09:32] mvo: right but we must trust the code to DTRT where it matters [09:33] ogra: I think zyga point is that the script should be safe everywhere so why bother checking [09:33] mvo: I approved the PR and left two comments [09:33] mvo: that essentially re-state those [09:33] zyga: ta [09:33] ah, k [09:33] but I agree it's important to move [09:36] zyga: yeah, lets do this minimal fix for now, maybe its just be being overly cautious [09:36] zyga: thanks for the review and the ideas! [09:37] ogra: I guess the bug itself is not reproducible, right? i.e. it happend to you but there is no way to bring the system into the state where it failed? [09:39] mvo, just using a recent edge image and calling any "snap set" should expose it [09:39] mvo: the time issue is easy to reproduce [09:39] well ... hmm ... you might need to install an older one, install a snap with config hook and then update to latest edge actually [09:39] mvo: the apparmor issue is something I'm exploring (outside of core, to show where it happens) [09:39] s/where/how/ [09:39] so that there is an old cache file in place [09:41] is anyone here familiar with the python plugin? [10:00] lool, ping [10:00] abeato: pong [10:01] lool, ok looks like I can write here now, thanks :) [10:04] zyga, hi, I am having some issues when opening a serial port from the modem-manager snap. I see https://paste.ubuntu.com/p/t92Wf3gdZ5/ , but no apparmor denials [10:05] zyga, I created a small program that uses the same flags, and when run unconfined all is good [10:05] this does not happens for USB serial ports, I wonder what is special here [10:08] abeato: thanks for your script! its in now (and for the review) [10:09] mvo, nice to see that merged in core, it was an issue we saw in some devices :) [10:10] zyga, https://paste.ubuntu.com/p/qWV9FBzWtj/ [10:18] abeato: is that device present (major:minor) in the per-snap device cgroup? [10:19] zyga, ah, cgroups, that might be the issue... I guess no, how can I check that? [10:21] abeato: go to /sys/fs/cgroup/devices [10:21] then look at snap.foo name groups [10:22] then at various files, I think devices.allow is the one [10:23] zyga, devices.list, and yes, I do not see the majour:minor for this device there, can this be modified from an interface? [10:24] abeato: indeed it can [10:24] abeato: this is the udev backend [10:24] abeato: you can use a simple helper method to tag devices to add there according to udev rules [10:25] zyga, got it, thanks [10:25] pedronis: thanks for the review on snapsup/snapstate parts, do you think you'll get a chance to look at #5452 too? [10:25] abeato: let me know if you need help [10:26] :) [10:28] * mborzecki wonders if he should try linux-hardened + apparmor on arch [10:36] zyga, hm, so not sure how snap confine builds the list of cgroup devices, should not it add ttymxc6 as the modem-manager interface has '/dev/tty[^0-9]* rw,' in apparmor rules? [10:36] no [10:36] it's not related to apparmor in any case [10:37] you need udev backend specification object to add a rule to tag a device at runtime [10:37] abeato: look t... [10:37] where can I find an example? [10:38] https://github.com/snapcore/snapd/blob/master/interfaces/builtin/serial_port.go#L196 [10:38] look at anything that calls TagDevice [10:38] I just found a random one [10:38] the argument is a partial udev expresssion [10:38] look at what happens to get a feeling about how this works [10:38] it essentially expands to something like this [10:39] if this-and-that-udev-expression-matches then append a tag to the device that udev is looking at, the tag is derived from snap name [10:39] then snap-confine uses those tags to pre-populate the cgroup [10:39] and also udev uses the same expression to add/remove devices as they are added/removed in the system (live changes) [10:40] zyga, ah, got it now, thanks [10:40] super, good luck! [11:11] mborzecki: yes, this afternoon [11:13] pedronis: great, thank you [12:12] pedronis: opened another PR #5561this is snapstate changes with run through tests [12:12] #5561 [12:13] mup doesn\t work? [12:13] * Chipaca kicks mup [12:13] oh wait, that was lalita [12:19] ogra: hi! have you ever seen this before: bbb-test kernel: [553472.131711] musb-hdrc musb-hdrc.1.auto: VBUS_ERROR in a_wait_vrise (90, jdstrand, well, thats the micro USB driver that has never been rock solid [12:55] though i dont remember this particular error [12:55] smells like a wrong value in the dtb [12:56] jdstrand, https://e2e.ti.com/support/arm/sitara_arm/f/791/t/324491?AM3352-USB-DRVVBUS-does-not-stay-active-when-device-connected# [12:59] hmm, seems to also be triggered if the board is underpowered and the USB port draws too much current [13:00] we should cross check that our kernel has all required MUSB options set http://processors.wiki.ti.com/index.php/MUSB_Linux_Driver_Configuration [13:12] jdstrand, is that a new kernel ? i dont see the msg here with the latest stable linux-generic-bbb [13:13] ogra: 4.4.0-93-1 [13:13] ogra: it is the first time I've seen it (saw it in my logs) [13:14] do you have any USB devices attached ? [13:14] ogra: hey, crazy idea [13:15] ogra: no. I don't know if the ethernet is hardwired (I have the power and an ethernet cable plugged in) [13:15] ogra: does pi have any form of RTC that runs as long as the board is powered? [13:15] oh, i should probably push 4.4.0-127-1 from edge to stable :P [13:15] ogra: and if so, could we at least retain RTC across reboot (not across poweroff) [13:15] that would be neat IMO [13:15] ogra: I do have the pings wired up for serial, but the usb end is not plugged into anything [13:15] ethernet is hardwired ... not USB [13:15] most of the time those devices will just reboot on upgrade [13:16] jdstrand, let me release -127-1 to stable ... and lets see if you still get that ... i definitely dont have it in dmesg [13:16] jdstrand, released ... let me know if you still see it after refresh [13:17] zyga, no, sadly not, i was mixing it up with the dragonboard (that has an rtc but no battery .. pi doesnt have any rtc at all) [13:17] nothing in the SoC ticks with 32K freq? [13:18] dunno ... perhaps it does, but you'd still need to preserve the timestamp across a reboot [13:19] there is definitely some kind of clock ... so you could count ticks, but i dont know if that doesnt get reset when you reboot [13:19] did you look at that fake-hwclock from raspbian and how it works ? [13:21] perhaps they have a better solution here [13:22] mvo, i've been doing some profiling of desktop snaps and their first run being slow. I've ruled out desktop-launch as the bottleneck [13:22] desktop-launch elapsed time: 0.994528127 [13:22] Now running: exec gnome-calculator [13:22] mvo, then it takes ~10-20 seconds for the UI to appear [13:23] mvo, it looks like that exec is what's taking so long [13:23] hmm, looking at the debian fake-hwclock script it does nothing with hardware, only reads and writes a file [13:24] kenvandine: how do you measure? [13:24] kenvandine: => forum is better [13:24] kenvandine: but as a profiling case, run hello-world [13:24] (shell) [13:24] everything else is overhead of helpers and the app code itself [13:24] yeah, that's fast... so it's puzzling [13:25] i added some output to desktop-launch which shows the difference in time between the beginning and the end of the script [13:25] the only thing i'm not timing is the exec itself [13:25] I don't know desktop-launch [13:25] can you collect this in the forum [13:25] I bet we're missing something [13:25] sure [13:25] thanks! [13:26] i'll post it [13:26] desktop-launch does a ton of filesystem operations on first start ... but that shouldnt have much impact on second start of an app anymore [13:27] ogra, i'm talking about the first launch [13:27] ah [13:27] i added profiling for that, and it's actually must faster than i thought [13:27] but that exec is taking ages [13:27] and that exec is much faster the second time [13:28] well, you are calling out to other binaries from it, probably the exec is delayed till i.e. gdk-pixbuf-foo has run, fontconfig has generated everything etc etc [13:28] yeah, i'm timing everything up until exec [13:29] and you are sure the external binaries have all returned by then ? [13:29] yes [13:29] weird [13:30] time the target of the exec [13:30] kenvandine: is it possible that the desktop-launch script triggers things in the background and the app is somehow signaled (dbus, gsettings, something else) to proceed when the task is done? That could explain a fast script but slow launch (or the exec itself is doing a lot on that first launch because of glib/gtk/whatever) [13:30] probably not the binary [13:30] maybe it's loading all the libraries into memory the first time is slow? [13:30] but just another layer of scripts [13:30] kenvandine: rm -rf $SNAP_USER_DATA [13:30] it will be slow again [13:30] it's not the libraries [13:30] loading all the libs would be slow after reboot. this is only after install/refresh afaik [13:31] zyga, i am doing that for my testing [13:31] also common I suspect [13:31] i'm doing a reboot to see if that exec is slow again [13:32] niemeyer, jdstrand: please let me know when you want to sync on the cache issue [13:32] I will break for lunch now [13:33] ah... that exec is slow again after a reboot [13:33] so maybe it is all just overhead of library loading [13:33] we do have quite a path [13:33] that would be super odd [13:33] do you have a HDD? [13:33] yes... this is in a VM too [13:33] kenvandine: aha [13:33] kenvandine: as a "non scientific" ballpark test [13:33] it is much faster in my laptop :) [13:33] open a terminal after reboot [13:33] run "dstat" in it [13:33] let it run for a few seconds [13:33] then run the app [13:34] and correlate activity [13:34] interesting [13:34] it shows IP [13:34] IO, CPU and lots of useful stuff [13:34] in one simple format [13:35] so you will see "aha, stuck on CPU, stuck on DISK, etc" [13:36] rebooting to see [13:37] but i did notice running a second gnome snap (which also uses gnome-3-26-1604 content interface) that exec is fast again. So first run of the snap after reboot but the 2nd snap run that uses the content interface [13:37] so maybe the libs from the content interface are loaded already [13:40] zyga, dstat did see a jump in disk read on first run of the snap [13:40] about 8M [13:40] but then next to nothing on the 2nd run [13:41] actually 8M and then almost immediately after that 10M [13:41] then on the 2nd run the biggest spike was 102k [13:42] zyga, then on additional runs there is no disk reads [14:41] IRC spam intensifies [14:43] /mode +R may help [14:43] (block /msg from unregistered users) [14:43] oh, that's very useful, using that now! [14:44] TIL about that on #freenode, but if it doesn't help I'll probably have to stay off freenode until that crap blows over :/ it's very upsetting [14:47] Those sort of basic strategies seem to be working OK so far [14:49] kenvandine: just read backlog, sorry, was busy with core18 work :/ [14:51] pedronis: your opinion on 5563 would be great, its a bit minimal (too much?) right now [14:57] mvo, no worries [14:57] i really think it's library loading [14:58] mvo, i've got it covered :) [15:02] kenvandine: excellent [15:13] pedronis: niemeyer: #5187 is ready for a (n+1)th look [15:19] mvo: I commented a bit [15:21] pedronis: thanks! [15:22] pedronis: sure, I will add checks on the assertion level [15:22] pedronis: thanks for the review [15:22] * mvo has fun with kernel crng blocking the boot of core18 in the meantime [15:23] Chipaca: I forgot 5187 is dauntingly big [15:24] pedronis: … maybe :-) [15:27] Chipaca: so forget and check don't touch snaps, but they touch things that restore and save touch? [15:27] pedronis: yes [15:27] ok [15:31] Chipaca: I skimmed a bit but I'll look at it seriously in the morning I think [15:31] pedronis: that is fair [16:16] niemeyer, mvo, zyga: fyi, gave jjohansen the context of most recent issue. he'll be ready in a little bit for the meeting and can ping us [16:17] great, thank you jdstrand [16:19] jdstrand: btw, did you see my reply on https://forum.snapcraft.io/t/apparmor-profile-caching/1268/21 [16:19] Thanks! === chrisccoulson_ is now known as chrisccoulson === leosilva is now known as leosilva_ [16:45] jdstrand, zyga, niemeyer: okay I'm available [16:46] hey! [16:46] * jdstrand is ready [16:46] mvo: ^ [16:46] where shall we go? [16:48] some where with a nice sandy beach, good weather and free drinks [16:48] niemeyer, zyga, mvo, jjohansen: https://meet.google.com/tdg-hhbb-dip [16:49] omw [16:54] omw as well [17:46] mvo (cc niemeyer, zyga): can you ping us if the strategic use of --skip-read-cache is deemed infeasible, which would escalate the priority on our end. If you have that change, then we can go through the proper channels on prioritizing this, but if you don't, jj and I will defend starting early [19:01] jdstrand: ack, I’m just staring on the patch right now [19:35] zyga: thanks [19:35] :-) [19:35] rbasak: hey, so for the moment I have not granted classic. can you ping me if there is agreement to grant it early? [20:13] jdstrand: https://github.com/snapcore/snapd/pull/5564 [20:31] jjohansen: ^ [20:31] ah [20:31] well, #5564 [20:31] :) [20:31] PR 5564 [20:31] mup must be on holiday s:) [20:31] jjohansen: https://github.com/snapcore/snapd/pull/5564 [20:32] how to get a snap of firefox 52.9.0 ESR? [20:36] zyga: that looks okay [20:39] jjohansen: great, thank you! [20:39] FreeBDSM: I think you should ask in #mozilla about that, it's their snap, they are the publisher [20:40] the esr track has 60.1 [20:40] zyga: I think they hate their users [20:40] (afaict) [20:41] pedronis: yeah, I checked, [20:41] FreeBDSM: I don't think they do that but it's the question you should bring to mozilla [20:41] zyga: it's pointless to do [20:41] they want me to install their fresh bullshit, I refuse to [20:44] so, snap goes against freedom as well :( [20:45] ultimate freedom is anarchy, snaps are here to improve on known issues, it cannot be everything for everybody but we are here do make the world better [20:45] not at all [20:46] you could just store old versions [20:46] but you don't [20:50] t [21:03] FreeBDSM, was 52.x ESR ever in the snap store ? (i dont think it ever was, so blaming us is a bit unfair, dont you think) [21:04] ogra: looks like it was [21:04] ogra: I get google links pointing to snap of firefox-esr 52.9.0 but now there's a more recent version [21:04] AFAIK the first release to the esr track was 59.xx [21:05] (and that was not promoted since it was a pre-release, they only announced esr availablility with 60) [21:05] FreeBDSM: if debian had stored it it would also go away over time, that's not a fair thing to say, we actively give the developers the choice to publish old versions as tracks but we don't allow people to just get any version from the past because that is insecure and snaps are here to solve the update issues [21:05] if you had a former version installed you can defiitely revert to it using snap revert though [21:06] `we don't allow people to just get any version from the past because that is insecure` - b/s [21:06] so nobody *forces new stuff on you* ... quite the opposite with snaps, they allow you to go back without breaking [21:07] (that indeed only works if you had a former version) [21:07] yes, and this approach sucks [21:08] well, the rollback is a local thing ... [21:08] wouldn't be a local thing, if repo had older versions available... [21:08] FreeBDSM: it's your opinion [21:08] just like mozilla has ALL of it's versions available for public... [21:08] zyga: no, it's not, it's just some common sense [21:08] FreeBDSM: you can always get mozilla from source and build it yourself [21:09] zyga: which is like re-inventing a bicycle [21:09] FreeBDSM: no, it's not common sense [21:09] FreeBDSM: to argue you should present some facts [21:09] FreeBDSM: not "common sense" or "b/s" [21:09] Fact A. people sometimes want particular version of software [21:09] FreeBDSM: I don't actually want to argue tonight, I'm just pointing out this is an opinion of yours, not a fact that is universally agreed upon [21:10] Fact B. snappy/flatpak/etc. was partially invented to make self-contained builds distribution. [21:10] Fact C. You say it's up to upstream to decide what to upload to your repo [21:11] Fact D. You say you don't store older uploaded snaps because 'that is insecure' [21:12] who said that ? [21:12] Fact E. Uploader of snaps (mozilla) has their older versions publicly available. [21:13] Fact(?) F. (from what I understood) Mozilla decided to turn off the availability of the previous version of firefox as a snap. [21:13] ogra: grep the channel log [21:13] FreeBDSM: I didn't say we don't store old revisions, we do store them, we don't allow everyone to install old revisions [21:13] the log says we don't allow to some degree to get them [21:14] the issue is really that only the maintainer can decide what is maintained [21:14] zyga: I'm not everyone, please, let me download it [21:14] FreeBDSM: only mozilla can do that [21:14] pedronis: that is a dictate [21:14] lol [21:14] zyga: well, a poor decision on your part then to make it so. [21:15] it's trade offs all the way down like turtles [21:15] yeah, that lead to digital dictate [21:15] * ogra waits for godwins law invocation ... [21:15] FreeBDSM: that's your opinion [21:16] the maintainer can create tracks for all the things maintained [21:16] `we don't care what you think about what we've recently did, you either just update and agree to our terms, or FU and good luck building an older version yourself` [21:16] they have that option [21:16] pedronis: a maintaner may have semi-evil intents [21:16] otoh I expect some of them not to want to let unmaintained stuff get installed [21:16] FreeBDSM, well, alternatively convince the responsible people to make it availble to you [21:17] the responsible people being mozilla here ... the store is just a tool ... they drive it [21:17] ogra: you've made responsible some scum, no chance I'm going to convince them shit [21:17] FreeBDSM: you can take firefox, build a snap and upload any set of tracks that have every release [21:17] FreeBDSM: but mozilla chose not to [21:17] FreeBDSM: you can still do that [21:17] FreeBDSM: you can also recommend your version to everyone [21:17] FreeBDSM: but mozilla recommends theirs [21:17] FreeBDSM, so why are you arguing with us now ? [21:18] ogra: because it was your poor decision to make some scum responsible [21:18] bad ideas are bad ideas [21:19] zyga: I could take firefox and build it statically and forget about snap as a bad dream as well. [21:19] FreeBDSM, well, you are trolling and arguing abour an app version with us that was never packaged as a snap making us responsible for the fact that you can not get it as a sanp [21:19] *about [21:19] with that kind of argument snap is useless [21:19] ogra: no, you are trolling [21:19] huh ? [21:19] go troll someone else [21:19] read the backlog please [21:19] FreeBDSM: we can keep this discussion civilized or use words like "scum" and let you talk to yourself [21:20] you are probably the most aggressive person i have seen in this channel in the last half year [21:20] your nickname is like an ogre, ogres are like trolls, thus you are a troll. [21:20] sure ... [21:20] ogra: use your @ [21:20] check and mate [21:20] in any case your complaints wont go anywhere, nobody of us can make esr52 available to you since it never existed in the snap store ... [21:21] well, I understood it quite some time ago [21:21] I just wanted to ridicule you [21:21] so why are you still agruing [21:21] because the situation is ridiculous [21:21] it is as it is [21:21] you've created an awesome util that's able to solve a problem [21:21] if you want esr52 ask FF to upload it to the store [21:21] and you make your ecosystem SO, that the problem won't be solved [21:22] kind of, defies logic [21:22] why bother with snap then? [21:22] well, thats your POV [21:22] dunno [21:22] why do you ? [21:22] I don't [21:22] I just realized it's useless [21:22] so why are you coming here then [21:22] thus I won't use it [21:22] ogra: read above [21:22] to ridicule you [21:22] thats fine and totally your right [21:22] thanks [21:23] * mvo calls it a day with an almost booting 4.15 kernel on core18 [21:23] it is also your right to waste your time making X and then taking decision Y which nullifies the profits of X [21:23] FreeBDSM: let us agree that you have some opinion of how snaps are designed and we have another [21:23] no [21:24] snaps can be used for distributing fat packages [21:24] * ogra fully agrees :P [21:24] FreeBDSM: can we have our opinions without you being offensive? [21:24] I'm not offensive [21:24] lol [21:24] you are being too defensive [21:24] you are not kind, you don't try to understand our opinion [21:24] defending what? [21:24] I understood your opinion [21:24] but you dont respect it :) [21:24] you wanted to delegate as much as possible [21:24] you came here to say we are ugly and stupid because we didn't do what you think [21:24] I get it [21:25] i didnt say "get" [21:25] zyga: no, I didn't [21:25] we want you to appreciate our opinion and the reasons for the design before you say this is stupid [21:25] we can share that design vision with you if you are willing to listen [21:25] I came here to say you've made an awesome tool, but you've made some horrible decisions about the way the infrastructure/service/ecosystem around that tool is built which in _some_ cases nullifies the pros of the tool [21:25] but this has to be a civilized discussion because otherwise I don't think anyone will be interested in spending their time [21:26] well, you didnt say it in that tone :) [21:26] that's much nicer [21:26] yes [21:26] yes, now we can discuss pros/cons and the why's [21:26] well, I wanted to ridicule you, after all, so I just had to make it as absurd as possible to make the point as obvious as possible [21:26] let's suppose mozilla did upload ESR 59 [21:26] okay [21:27] and it was in the store (I don't know if that's true or not( [21:27] it was [21:27] let's suppose it was [21:27] FreeBDSM: believe me, if this was a face to face conversation it would not be received well [21:27] FreeBDSM: now let's suppose we allow anyone to download any revision [21:27] then they updated to 60 and annoounced the availability [21:27] this is something we reserve to the publisher of the snap [21:27] since they can publish any revision they can also get any revision [21:27] how would the user experience look like? [21:28] zyga: believe me, it'd be go way better, as text doesn't express my emotions [21:28] you can get revision 12351 that happens to be firefox 59.0.1 build 7 (for example) [21:28] what would happen next? do you stay there forever? [21:28] do you move to 60.0 in half an hour [21:28] I tell you [21:28] do you move to 60.1 as soon as it is out? [21:28] my answer is 'let the user decide' [21:28] If they want to update - let'em [21:28] out of that set, there's only one answer that's clearly insecure: stay on 59 *especially* in a browser [21:29] if they refuse to update - let'em [21:29] FreeBDSM: but the users cannot decide, this is well known that they don't understand security and only care about convenience [21:29] don't fool yourself into thinking that you know better what's better for the user. you don't. period. [21:29] if update was opt-in a large population of the users would never update and would be on the insecure version [21:29] FreeBDSM: I'm curious, how many CVEs are in 59.0 that were fixed in 60.0 [21:29] zyga: the stupidest users don't know what linux is. [21:29] zyga: they user the OS that came with the laptop [21:30] and they ask their 'computer boi' to 'fix it when it gets to pornful' [21:30] FreeBDSM: well, we are building a coherent experience for our users, snaps are aiming to provide something better than what we had [21:30] so as a part of that design we said we would not allow people to just stay suck on old revision [21:30] I believe that you had best intentions [21:30] because even if they don't want to be insecure [21:30] they don't understand the consequences [21:30] but there's a saying: 'best intentions lead to hell' [21:30] and they can be easily fooled into following a set of instructions that keeps them stuck forever [21:31] they do understand the consequences [21:31] we've seen this time and again [21:31] every ubuntu monkey knows how to update [21:31] countless forum posts with instructions on how to pin a package [21:31] if someone doesn't - let the suffer [21:31] or download a random deb or rpm [21:31] that's their choice to be stupid [21:31] you say "let them suffer" [21:31] you miss the point [21:31] I say "I want to make the world better" [21:31] that's what we _chose_ to do [21:31] it isnt *them* who sufferes alone [21:31] and back to godwin's law [21:31] the linux landscape is full of harder options [21:31] hitler wanted to make the world better as well [21:31] nobody is forcing you or like-minded people to use snaps [21:31] they will file bugs that someone needs to handle [21:32] ogra: there you go [21:32] they will ask support questions that someone needs to deal with [21:32] yup [21:32] boil point [21:32] they take away working time of mozilla devs to fix issues in a newer version [21:32] no reason to continue the argument because you think you know better than the users what is better for them [21:32] just like some gov [21:33] I despise such approach [21:33] o it is mozillas decision if they want to cope with that [21:33] *so [21:33] they obviously dont [21:33] so they picked to only offer the latest esr [21:33] this always leads to what's described in Orwell's antiutopias [21:33] the store allows you to open tracks, and offer any number of versions you want to your users [21:34] they decided not to [21:34] mozilla is compromised. period. [21:34] they chose the evil path. [21:34] let them rot [21:34] this is *again* not our decision and you deny to accep that fact [21:34] the tool has the capability [21:34] the fact that any organization may make turns in their path [21:34] and become evil [21:35] and the fact that you delegate too much to organizations [21:35] just 2 facts [21:35] well, thats a topic for #mozilla i guess [21:35] nope [21:35] mozilla does what it does [21:35] it now does evil things [21:35] and nobody here can change that [21:35] and nobody here can change that either [21:35] but you do stupid things when you let evil corps lock older versions [21:35] we dont do *things* [21:35] and you could change that [21:36] we offer a tool [21:36] you also offer a service, don't ya? [21:36] a repo [21:36] yes, thats the tool i'm talking about [21:36] the tool is great, I'm here to blame the service [21:36] it is super easy to offer a track for each version of firefox ever released in that tool [21:37] I'm not sure I understood what you just said [21:37] but the publisher of that ackage decided to not do that [21:37] and back around [21:37] you let the publisher do evil things [21:38] now you just say `we dindo it! they did!` [21:38] so again ... in easier words ... the snap store allows a publisher to make all versions available ever released as snaps in different tracks if he wants [21:38] FreeBDSM: we shared why snaps work the way they work [21:38] there is no limitation in snaps, snapd o the store here [21:38] FreeBDSM: you shared your opinion how how that is wrong [21:38] so again, it was your decision to make it so [21:38] FreeBDSM: we disagree on principles [21:38] it was a bad decision (IMO) [21:38] if *you* would want to do that with a package fo yours you could do that at any time [21:38] FreeBDSM: let's be civilized and carry on, the great thing is that you can make a better system [21:38] Hey zyga, can you explain why we just split instead of supporting shell quoting? https://github.com/snapcore/snapd/blob/master/cmd/snap-exec/main.go#L181 [21:39] FreeBDSM: convince us we were wrong by doing something better [21:39] just have a track for each version ever existing [21:39] kyrofa: hey [21:39] kyrofa: I suspect the answer is "gulp" but let me look [21:39] (·̿Ĺ̯·̿ ̿) [21:39] https://github.com/snapcore/snapd/blob/master/cmd/snap-exec/main.go#L178 [21:39] is the comment above any good? [21:40] kyrofa: we split because we apparently refuse shell quoting and other magic stuff [21:40] kyrofa: so we split because the input is super restricted where that is the equivalent operation [21:40] (that's much better than "gulp" I said above) [21:40] zyga, the comment talks about how safe it is, but won't this blow up if the command name actually contains a space? [21:41] kyrofa: can you give me an example please? [21:41] a command name that contains a space ? in shell ?? [21:41] Yeah, let me actually verify my hypothesis [21:41] kyrofa: I think we disallow that but not explicitly, the command _is_ the first word [21:41] kyrofa: and since we don't allow quoting [21:41] that's that [21:41] i dont think thats possible in shell [21:41] ogra: I suspect it is [21:41] but very evil :) [21:42] zyga, commands with spaces in the name ? [21:42] yeah, just try it [21:42] unless you do weird escaping the thing after the space will always be interpreted as the first arg [21:42] zyga: ogra: by the way, thank you for the civilized discussion. Although I didn't cross any lines I know I sounded trollish (making the situation as absurd as possible -it just a way to argue). [21:42] well, "weird escaping" is just escaping [21:42] heh [21:43] it's a pity that we disagree [21:43] FreeBDSM, well, you didnt get me ... the store actually allows what you want [21:43] ogra: it allows if I'm to become a maintainer [21:43] so while we might disagree in principle, what you want it in fact possible [21:44] it is just that mozilla decided not to [21:44] and that defies the logic: why would I bother uploading stuff if I could just built something for myself and just use it? [21:44] and we dont force anyone [21:44] kyrofa: we don't suppor quoting, so we also don't support commands with spaces in practice [21:44] dunno, because you are a social person that wants others to benefit from it too ? [21:44] ogra: please, don't repeat yourself, I already told you my counter-argument to that. [21:44] FreeBDSM: calling mozilla compromized, us evil and users stupid feels a bit strong IMO [21:44] definitely [21:45] ogra: I am an asocial person and I want comfort for myself first and I neither care, nor mind about the comfort of others. [21:45] FreeBDSM: sorry, you did cross a line [21:45] at least I hope you can understand _why_ we made the decisions you disagree with [21:45] FreeBDSM, well, then you probably wont package what you built as a snap ... perhaps fame could bribe you ? [21:45] roadmr, multiple :) [21:46] zyga: 1. I didn't call you evil, I called mozilla evil. 2. you called users stupid and I said `that's their freedom to be stupid, you have to respect that`. 3. mozilla is in fact compromised and is now malicious. [21:46] roadmr: no. [21:46] yes [21:46] where? [21:46] zyga, pedronis ah, indeed, quotes in the command actually result in an invalid snap [21:46] there [21:46] well, by democratic vote of the people speaking here for the last hour you definitely did [21:46] trollin, I see [21:47] FreeBDSM: I don't think people are stupid, I do believe most of us are ignorant about the vast majority of topics [21:47] FreeBDSM: most people are highly ignorant of security threats [21:47] FreeBDSM: of how the software they use works [21:47] zyga: okay. And that is fine. [21:47] FreeBDSM: or what the consequences are [21:47] warn them and go on [21:47] do not limit them forcefully [21:47] FreeBDSM: for that we _chose_ to do something so that would be less hurt by their decisions _despite_ being ignorant abou tthat [21:47] because this is the road to hell [21:48] FreeBDSM: we chose not to do this for the reasons I stated already: humans largely ignore security because they are ignorant about it and choose convenience [21:48] zyga, pedronis so we don't expect any command args to have spaces either, then? [21:48] FreeBDSM: to effectively make their lives better by handling security we took that option away [21:48] kyrofa: not in the snap.yaml [21:48] zyga: that can be very well rephrased into `we think we know better than the users what is better for the users, we will force our decision onto the users, because majority of users is stupid` [21:48] kyrofa: yes, no quoting anywhere, we don't support ' or " [21:48] kyrofa: we need to improve that part to allow it [21:49] in the commands [21:49] atm [21:49] FreeBDSM: no, that's totally not what I said [21:49] FreeBDSM: I chose the words I used very carefully [21:49] that's exactly how I understand it [21:49] being ignorant is not being stupid [21:49] FreeBDSM: well, you are ignorant of the meaning of the word ignorant then [21:49] okay, read 'stupid' as 'ignorant' [21:49] FreeBDSM: I am ignorant of tons of things [21:49] doesn't change the meaning of the sentence much [21:49] FreeBDSM: I don't know how to make electricity safe [21:50] `we think we know better than the users what is better for the users, we will force our decision onto the users, because majority of users is ignorant` [21:50] it totally changes the meaning [21:50] FreeBDSM: I accept that some people do and I let them handle electric wiring at home [21:50] one is an insult, the other isnt [21:50] FreeBDSM: this is quite like that [21:50] ogra: in my opinion it changes it a very little [21:50] FreeBDSM: as I said before, total freedom is anarchy [21:50] FreeBDSM: and we're not here to give people total freedom because we believe there's a better way [21:50] Thanks zyga, pedronis. Makes what I'm working on simpler, although soon folks will be exposed to that limitation (right now snapcraft users aren't), so we might think about changing it if we get complaints [21:50] FreeBDSM: those are choices we actively took to make the world better [21:51] I find this of all your choices bad [21:51] FreeBDSM: we cannot change humanity's knowledge about modern software issues, threats or consequences of certain actions [21:51] FreeBDSM: we did the thing we could [21:51] you could not use restrictions [21:51] I think it would be better [21:51] that's okay, nobody is holding a gun to your head asking you to love snaps or die [21:51] it would be more fair [21:52] but you are against fair [21:52] you can think that too, [21:52] because you think you know better [21:52] we're just saying we disagree and this is how this project is designed to operate [21:52] you also think you know better [21:52] you think you know better than some of us do [21:52] that's okay, you can do that too [21:52] I understand, I'm criticizing the obvious flaws of your design, that's all [21:52] not the whole idea, just the flaws [21:53] and you're saying it too, FreeBDSM : you say "in my opinion", "I think", "I find". Sounds like an agreement to disagree [21:53] in absence of measurable data to the contrary we will hold our design firmly [21:53] so far we've seen the world of old software that is never updated [21:53] but what you see as flws might be seen as benefits by others ... can you accept that fact ? [21:53] because it's hard or inconvenient [21:53] in absence of data one can apply logic and logical experiment, logical judgement [21:53] or compare people to hitler [21:53] we've seen threats spreading around the planet in half a day [21:54] FreeBDSM: we have tons of data [21:54] like what? [21:54] FreeBDSM: security is very important to idea of snaps and the people who made them [21:54] FreeBDSM: many of the same people were working on ubuntu and other distributions and saw first hand the impact of security issues [21:55] FreeBDSM: and looking at the larger ecosystem and insecure old software being the de-facto norm we didn't want to repeat those mistakes [21:55] what is a snap? [21:55] in 1 sentence, please [21:55] FreeBDSM: I'm sorry, do you understand my points? [21:55] zyga: I understand them, I'm going to prove you are wrong [21:55] I'm not playing [21:55] zyga: what is snap in 1 sentence. [21:55] I don't want to talk to you anymore, you made your point [21:55] is it a tool to bring security? [21:55] no [21:55] I tried to do my best to explain my view [21:56] it doesn't and can not solve the problem of the security [21:56] please get some rest, enjoy fresh air, ride a bike, talk to friends [21:56] if you want re-read this conversation piece by piece [21:56] he said he's antisocial ... no friends .... [21:57] containers solve some part of the problem of security, firewalls solve another part of the problem of security, anti-viruses solve another part of the problem of security, but snap is neither of them. [21:57] I was generous to spend a good chunk of my evening to explain my motivation and the design behind snaps [21:57] but I'm not offering to argue ad infinitum about that [21:58] so enjoy, maybe someone else will continue the conversation [21:58] most of the time you've repeated yourself and stood deaf towards counter-arguments [21:58] so you didn't really argue [21:58] you came here to say the design is wrong, I explained the design first because you didn't seem confident knowing that [21:58] anyway, EOT [21:58] +1 [21:59] cheers zyga \o/ [21:59] :-) [21:59] that's disappointing [21:59] when people refuse to argue - they refuse to change [22:00] when they refuse to change - they get obsolete pretty fast [22:00] these are the laws of nature [22:01] but still, I respect that at least you behaved in a civilized way [22:01] I really came here to just ask if maybe some other user would share their snap with me [22:08] hmm, /bin/bash: line 60: killall: command not found [22:08] + echo 'Ensure no stray sleep processes are around' [22:08] Ensure no stray sleep processes are around [22:08] + killall sleep [22:10] zyga, dont use killall ... [22:10] use pkill [22:11] we probably lack killall in the core snap [22:11] killal isnt a standard [22:11] funny that the test was written with killall before [22:11] I just kept using it [22:11] pkill is a standard iirc so that should be there [22:11] thanks [22:11] killall is not in the core snap [22:11] that code never ran ^_^ [22:13] well, and you obviously dont set -e [22:13] else it would have exploded in your face :) [22:14] (or at least exited nonzero) [22:16] it's more funny than that :D [22:16] patch incoming [22:16] oh my [22:17] https://github.com/snapcore/snapd/pull/5566 [22:17] :) [22:17] I did git grep in the root of the tree so that's all of them [22:17] LOL ! [22:18] is that the "skype kills my session" issue ? [22:19] (looking at the wayland interface ...) [22:19] no, that's just a test [22:19] skype caused a segvfault in X [22:19] ah, right [22:19] no idea why [22:20] yeah, i missed the test/ at the beginning of the path [22:20] *tests [22:25] zyga, oh, btw, looks like nobody from ym team is invited to the sept. thingie ... so no beer :( [22:25] *my [22:25] oh [22:26] yeah :/ [22:26] join me at flock! :) [22:26] heh [22:26] it's in Dresden [22:26] is that far from you? [22:26] 2-3h [22:26] well, :) [22:26] just sayin' [22:29] jdstrand, jjohansen: is apparmor in 4.15 able to discover paths "across" bind mounts in a way that didn't exist in 4.4? [22:29] debugging a very very curious issue [22:29] we're seeing a denial [22:29] this is the profile: [22:29] http://paste.ubuntu.com/p/BSVrZV68RJ/ [22:30] this is the denial: [22:30] [ 318.394972] audit: type=1400 audit(1532637900.980:30): apparmor="DENIED" operation="file_mmap" profile="snap-update-ns.test-snapd-tools-core18" name="/snap/snapd/452/usr/lib/snapd/snap-update-ns" pid=1054 comm="3" requested_mask="rm" denied_mask="rm" fsuid=0 ouid=0 [22:30] notice that it talks about snap-update-ns from the *snapd* snap [22:30] the same profile works on 4.4 [22:31] in both cases (so on 4.4 and 4.15) snap-update-ns is actually opened from /snap/snapd/(some revision)/usr/lib/snapd/snap-update-ns [22:32] now, having said that [22:32] we also bind mount /snap/snapd/(revision)/usr/lib/snapd/ to /usr/lib/snapd/ on the host [22:32] I may have a partial picture for now, this is still something we are exploring [22:33] any advice on how to debug this would be great [22:33] I'm looking for the knobs to enable kernel-level debugging of apparmor LSM [22:34] do we need a better kernel for that (better = extra options) [22:34] again, my kernel tree is in my home office so it's hard for me to check [22:35] oh and I forgot to mention [22:35] the denial went away after we tweaked the profile [22:35] to allow snap-update-ns to come from either the core snap [22:35] or from snapd snap [22:35] it's just unclear to us why exactly this happened on 4.15 kernel (running core18+snapd) and not on the 4.4 kernel (also running core18+snapd) [22:56] zyga: no [22:58] my guess is a change in dpath but it could be something to do with mount flags and mount [22:59] I'll have to dig [23:03] jjohansen: any hints for us on how to look? [23:08] zyga: well I can tell you its not in the apparmor commits [23:08] its something, mount/namespace related [23:09] can we somehow dump the checks that apparmor is doing? [23:09] and its probably going to take bisect to trace down [23:09] or get more context about the denial before we patch it [23:09] ouch [23:09] I mean, we will just add the patch that allows "snapd" in the path but it is curious what happened [23:10] it is curious [23:11] I will work with mvo tomorrow to get to a case we can easily reproduce and share [23:11] so far it's 'elaborate' to do so perhaps the bug is elsewhere