/srv/irclogs.ubuntu.com/2018/08/27/#snappy.txt

mborzeckimorning05:10
mborzeckimvo: hi, any ideas if snapd will blow up if there's apparmor support in the kernel but no userspace tools?06:07
mvomborzecki: that sounds likely06:08
mvomborzecki: I think we need a extra check in the release.Apparmor code that checks if apparmor_parser is available06:08
mvomborzecki: should be a trivial PR06:08
mvomborzecki: and nice catch06:08
mborzeckimvo: i'll look into that06:09
mvomborzecki: ta06:10
mvomborzecki: and GOOD MORNING :)06:10
mborzeckimvo: hah right :) morning06:10
mvomborzecki: I also left some feedback in the arch -hardended kver PR, nice catch on the details of the kernels there06:12
mborzeckimvo: saw your review, thanks06:13
mborzeckimvo: nice thing is apparmor will be in the default kernel in arch, but you still need to pass apparmor=1 security=apparmor to the kernel and have the userspace tools, need to make sure we degrade gracefully06:14
mvomborzecki: nice! thats a good step forward06:15
zygagood morning!06:45
mvohey zyga ! good morning06:45
* zyga is sleepy but needs to wake up rapidly06:45
zygatoday I plan to spend 30% on PRs (reviews and gardening) and 70% on helping with a CE request06:46
mupPR snapd#5715 closed: selftest: detect if apparmor is unusable and error <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5715>06:46
zygamvo: question about 571506:53
zygahttps://github.com/snapcore/snapd/pull/5715#pullrequestreview-14959814206:53
mupPR #5715: selftest: detect if apparmor is unusable and error <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5715>06:53
mborzeckizyga: hey06:54
zyga:-) o/06:54
mvozyga: whats the question?06:58
zygamvo: I asked in the review if there's any difference about the two lines that check for the new message inside a container06:58
mvozyga: aha, sorry, I see it now. one is the loop but we also need to ensure the loop did not timeout06:58
zygaah06:59
zygathat makes sense, thanks06:59
mvozyga: ok06:59
mvozyga: does it look ok otherwise? sorry did not see that we were also reviewing06:59
zygayes, it looks good :)06:59
zyganice and simple06:59
zyga(which is not to say that it is easy, it's great to make simple things)07:00
mvota07:00
mborzeckimvo: for the record, i've removed apparmor tooling and cannot remove snaps anymore https://paste.ubuntu.com/p/fhmfjm6vhM/07:11
mvomborzecki: can you install snaps? or does anything install/remove related break?07:14
mborzeckimvo: snap remove/install errors out on security profiles07:15
=== pstolowski|afk is now known as pstolowski
pstolowskimorning07:15
mborzeckimvo: refresh probably doesn't work either as it's practically install under the hood07:15
mborzeckipstolowski: hey07:16
mborzeckizyga: when checking if we need to downgrade apparmor template to classic, do we care about specific kernel version, or is 4.16+ good to go in general?07:17
zygamborzecki: it was just the version that opensuse happened to ship with07:17
zygaand was meant as an experiment to see what breaks07:17
zygaI think it was successful though07:17
mborzeckizyga: any clue how network_v8 is different from network in apparmor features?07:56
zygasome, network is just "you can interact with given set of sockets", there's a very simple table that has some flags per socket type (AF_INET, AF_INET6, etc).07:58
zyganetwork_v8 is ... more than that :) I heard that fine grained network mediation was coming07:58
zygaso perhaps there's a more rich table now07:58
zygalet me look quickly07:58
zygamvo: can you please look at https://github.com/snapcore/snapd/pull/572108:00
mupPR #5721: interfaces: retain order of inserted security backends <Created by zyga> <https://github.com/snapcore/snapd/pull/5721>08:00
zyga(again, updates based on your review)08:01
mvozyga: sure08:01
zygathanks :)08:01
zygamborzecki: looking now08:02
mborzeckizyga: found this https://www.mail-archive.com/apparmor@lists.ubuntu.com/msg09772.html08:04
zygamborzecki: this is not new stuff, it was merged in July 201708:05
zygamborzecki: it's the old network support code from ubuntu, now mainline08:05
zyga(I'm looking at torvald's tree)08:05
niemeyerMorning all!08:06
zygamborzecki: note that I don't see "network" (plain, without v8) anymore08:06
zygahey :)08:06
pstolowskimorning niemeyer!08:09
mvoI see some strange errors on arch: Aug 27 07:17:06 arch snapd[25825]: task.go:303: DEBUG: 2018-08-27T07:17:06Z ERROR cannot generate device key pair: asn1: structure error: tags don't match (16 vs {class:1 tag:15 length:112 isCompound:true}) {optional:false explicit:false application:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} pkcs1PrivateKey @2 does that ring any bells?08:10
mvoand good morning niemeyer08:11
niemeyero/08:11
mborzeckiniemeyer: hey08:14
zygamvo: no, I never heard of this issue before08:35
mborzeckimvo: ... value *state.changeError = &state.changeError{errors:[]state.taskError{state.taskError{task:"Generate device key", error:"cannot generate device key pair: asn1: structure error: tags don't match (16 vs {class:1 tag:15 length:112 isCompound:true}) {optional:false explicit:false application:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} pkcs1PrivateKey @2"}}}08:42
mborzecki("cannot perform the following tasks:\n- Generate device key (cannot generate device key pair: asn1: structure error: tags don't match (16 vs {class:1 tag:15 length:112 isCompound:true}) {optional:false explicit:false application:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} pkcs1PrivateKey @2)")08:42
mborzeckiin unit tests08:42
zygaare we shelling out to external tools for key crypto?08:46
pedronisyes, to ssh-keygen because go own key creation was deemed too slow08:47
pedronisso something might be going on there08:47
mborzeckihmm [2018-08-26 22:29] [ALPM] upgraded openssh (7.7p1-2 -> 7.8p1-1)08:48
mborzeckiwhat version are you guys on?08:48
mvo7.608:48
zygamborzecki: ssh changed something lately08:49
zygamborzecki: there was an article about this on lwn08:49
mvoaha and the changelog has information that they changed the output of ssh-keygen08:49
mvo-m PEM will fix it08:49
mborzeckiok, i'll add it here08:49
zygahttps://lwn.net/Articles/763444/08:50
zygaindeed08:50
zyga * ssh-keygen(1): write OpenSSH format private keys by default08:50
zyga   instead of using OpenSSL's PEM format. The OpenSSH format,08:50
zygamborzecki: nice :)08:50
mvoand it works all the way back to trusty08:50
mvoso that should be fine08:50
mborzeckiseems to work now, opening a PR in a minute08:53
mupPR snapd#5725 opened: overlord/devicestate: use OpenSSL's PEM format when generating keys <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5725>09:00
mvomborzecki: ta09:00
mborzeckihm apparmor mocking around the tests for system-key is noop09:28
mvomborzecki: oh? do you have more details?09:29
mborzeckimvo: a path to apparmor sysfs features directory was built in SetUpTest() but it was never used afaict09:30
mvomborzecki: the pem pr failed with an unrelated error, I can restart but I will have a look at the error, it looks like we don't mock enough somewhere09:39
mborzeckimvo: ack, unit tests sans snap-seccomp were passing locally09:40
mupPR snapd#5726 opened: release, interfaces: make snapd degrade gracefully when AppArmor userspace tooling is unavailable <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/5726>09:50
mborzeckimvo: zyga: let me know if that makes sense09:51
mborzecki^^09:51
zygareading that now09:51
* mvo looks09:51
mupPR snapd#5723 closed: cmd: remove --skip-command-chain from snap run and snap-exec <Created by kyrofa> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/5723>09:51
mborzeckiok, time for some reviews09:55
mupPR snapd#5725 closed: overlord/devicestate: use OpenSSL's PEM format when generating keys <Critical> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/5725>10:13
zygathank you!10:14
zygabrb, coffee and snack11:44
mupPR snapd#5716 closed: tests: spread test for parallel-installs desktop file handling <Parallel installs> <Simple> <Created by bboozzoo> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/5716>11:45
=== pstolowski is now known as pstolowski|lunch
zygare12:01
=== King_InuYasha is now known as Son_Goku
mupPR snapcraft#2220 closed: schema: allow license field <Created by mvo5> <Closed by sergiusens> <https://github.com/snapcore/snapcraft/pull/2220>12:34
=== pstolowski|lunch is now known as pstolowski
mvocan I get a review for https://github.com/snapcore/core/pull/93 please?12:41
mupPR core#93: hooks: unwind /etc/alternatives <Created by mvo5> <https://github.com/snapcore/core/pull/93>12:41
zygamvo: looking12:45
zygamvo: wow, I missed that!12:47
zygathank you for sharing12:47
mvozyga: no worries12:47
zygamvo: reviewed12:55
mvozyga: thanks, I like your suggestion there12:58
mvozyga: mind if I do it in a followup, first in core18 ? that is much simpler to test (i.e. it can be build in 1/10 of the time)12:59
ograjdstrand, an interesting one for you https://paste.ubuntu.com/p/ZwdqN6XMVY/12:59
mupPR snapcraft#2223 closed: snap: prepare override scripts to allow rebuilding <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2223>13:01
zygaogra: how is it interesting?13:27
zygait looks like just missing "home"13:27
ograzyga, the traceback ...13:28
ograthat shouldnt happen13:28
ogra(and usually doesnt)13:29
zygalocale?13:29
ograwell, german ...13:29
ograit doesnt happen with other snaps13:29
zygano, I mean PYTHONENCODING=utf-813:29
zygais home connected?13:29
ograthe snap doesnt have a home plug13:29
ogra(yet)13:29
zygathen it cannot access Dokumente13:30
zygaI still don't see what's the interesting part13:30
ograsure, but snappy-debug shouldnt crash13:30
ograi dont care about home, i know i havent added it yet13:30
ograi want to see all the subsequent info that comes after home in the log13:31
ograbut snappy-debug crashes hard before it can evcen show anything13:31
ogra*thats* the interesting part13:31
zygaaaah, it was snappy-debug13:32
ograright13:32
zygaI missed that13:33
zygaindeed, I don't know why we do that13:33
ograi guess snappy-debug needs some utf-8 love somewhere in the code13:33
zygaijohnson: hey13:43
zygathank you!13:43
zygaijohnson: when would be a good time to chat?13:43
pedroniszyga: wrong channel?14:08
mupPR snapd#5721 closed: interfaces: retain order of inserted security backends <Created by zyga> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/5721>14:11
twobitspriteSo, I'm delving in to the world of snaps on my Debian Buster system... I'm trying to install the helm client, and it's only available as a snap or as a tarball, so I figured I'd try the snap version... I got snapd installed and I ran "sudo snap install helm". It says it installed it, but I don't have a helm command in my path...14:12
zygapedronis: yes, we moved14:16
* zyga -> errand break (1.5-2hrs)14:17
ogratwobitsprite, "snap info helm" should list any commands the snap ships14:20
ogratwobitsprite, you also might want to check if there are interfaces you need to manually connect ... list them with "snap interfaces helm"14:21
twobitspriteogra: it says "helm" is a command it should provide14:21
ogratwobitsprite, ah,m you newly installed snapd .. that adds /snap/bin to your oath but it will indeed only take effect if you re-login14:22
ogra*path14:22
twobitspriteogra: interfaces lists :home, :network and :network-bind, all of them say "helm" under the "Plug" column14:22
twobitspriteogra: ahh14:22
ograyeah, these typically auto-connect14:22
ograyou can either use "snap run helm"14:22
ograor use the full path via /snap/bin/heml14:23
ogra*helm14:23
ograor re-login indeed14:23
twobitspriteogra: yep, that was the problem, thanks14:24
ograenjoy14:24
=== zarcade_droid is now known as ^arcade_droid
jdstrandogra: ack, thanks14:51
niemeyerTaking a short break here15:00
kyrofamvo, can I get your input on this? https://bugs.launchpad.net/snapd/+bug/177941615:11
mupBug #1779416: Scripts in core snap attempt to do things impossible under confinement and die <snapd:New> <https://launchpad.net/bugs/1779416>15:11
mvokyrofa: that sounds sensible, I was not aware this is actually used15:12
kyrofamvo, me neither, took me forver to sort it out :P15:13
mvoheh, thanks for this kyrofa15:20
zygare15:35
* zyga has finished the car insurance and ownership saga15:35
* cachio lunch16:02
=== pstolowski is now known as pstolowski|afk
zygajdstrand: hey, just a gentle ping about https://github.com/snapcore/snapd/pull/5170 and https://github.com/snapcore/snapd/pull/530716:43
mupPR #5170: interfaces/builtin: add adb interface <Created by zyga> <https://github.com/snapcore/snapd/pull/5170>16:43
mupPR #5307: cmd,interfaces,tests: add /mnt to removable-media interface <Squash-merge> <Created by zyga> <https://github.com/snapcore/snapd/pull/5307>16:43
* zyga gets back to his activity16:43
jdstrandzyga: yep, both on the list. hopefully today16:44
zygathank you :)16:46
mupPR snapcraft#2227 opened: Wait lxd <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/2227>17:08
om26erHow far along is "parallel install" feature of snaps ?17:19
om26erwe want different versions (stable, beta, canary) of android studio at the same time (popular request)17:20
zygaom26er: it is coming along17:21
zygaom26er: ask mborzecki tomorrow morning17:22
om26erzyga: will do, thanks17:22
=== pbek_ is now known as pbek
mupPR snapd#5727 opened: interfaces/builtin, cmd/snap-seccomp: Allow read-only ptrace, for the Breakpad crash reporter <Created by jld> <https://github.com/snapcore/snapd/pull/5727>19:28
cachiozyga, hey, any idea why this could be happening? https://paste.ubuntu.com/p/dG7WVRZ8Q3/19:33
cachioit is braking ubuntu-core-1819:34
cachiozyga, if I restart the service it works, but initially it fails19:40
dave_uyWhat is the right way to reference a desktop icon in a .desktop file?20:11
dave_uyNevermind. I found an example: https://github.com/sergiusens/telegram-snap/blob/master/snap/gui/telegram.desktop20:27
zygacachio: looking21:09
cachiozyga, tx,21:09
cachiootherwise tomorrow is ok21:09
zygaperhaps because the socket doesn't respond initially (seeding)21:10
zygabut yeah, tomorrow21:10
cachiozyga, tomorrow better, now it is time to rest :)21:10
kyrofaIs the store down?21:46
kyrofaAh, it seems so21:46
kyrofa"Intermittent access issue in few services for 7 Mins 20 Secs" makes it sound like it's over21:47

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!