/srv/irclogs.ubuntu.com/2018/11/08/#snappy.txt

mupPR snapd#6109 opened: interfaces/apparmor: allow access to /run/snap.$SNAP_INSTANCE_NAME <Created by zyga> <https://github.com/snapcore/snapd/pull/6109>00:12
mupPR snapd#6110 opened: spread.yaml: add openSUSE Tumbleweed <Created by zyga> <https://github.com/snapcore/snapd/pull/6110>00:15
mupPR snapd#6111 opened: packaging/opensuse: move most logic to snapd.mk <Created by zyga> <https://github.com/snapcore/snapd/pull/6111>00:16
zygajdstrand: FYI https://github.com/snapcore/snapd/pull/6111 is the thing I was talking about00:18
mupPR #6111: packaging/opensuse: move most logic to snapd.mk <Created by zyga> <https://github.com/snapcore/snapd/pull/6111>00:18
eriohow do I say "rain is coming", because you saw on the forecast, in a normal conversation?02:28
=== blackboxsw is now known as blackboxsw_away
zygaGood morning06:36
mupPR snapd#6093 closed: daemon: spool sideloaded snap into blob dir <Created by chipaca> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/6093>06:39
mvohey zyga06:40
mvozyga: 6110 has two test failures in the new tumbleweed tests06:44
mvozyga: and 6109 has some new comments06:44
mupPR snapd#6101 closed: switch travis unit tests to xenial <Created by chipaca> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/6101>06:47
zygaThank you06:57
zygaTumbleweed failed for me locally but I wanted to share this with Sergio06:57
zygaI’ll get a shower and be back soon06:58
zygaI posted 6111, curious to know what you think06:59
mvozyga: sure, thanks07:00
zygaMan, I can barely see where I’m going in this fog07:32
=== pstolowski|afk is now known as pstolowski
pstolowskimorning07:59
mvohey pstolowski - good morning08:00
zygare08:00
zygagood morning pawel08:00
zygamvo: can I push https://github.com/snapcore/snapd/pull/6109 for 2.36.1 as well?08:07
mupPR #6109: interfaces/apparmor: allow access to /run/snap.$SNAP_INSTANCE_NAME <Created by zyga> <https://github.com/snapcore/snapd/pull/6109>08:07
mvozyga: yeah, please tag it08:08
mvozyga: 6096 needs a second review08:08
zygalooking08:08
mvozyga: I will release 2.36.1 once this is green08:08
zygadone08:09
mvota08:14
dokomvo: https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-bionic/bionic/amd64/s/snapcraft/20181030_213532_e6942@/log.gz  this is in bionic-proposed. could you have a look? that's the python3.6 3.6.7 update08:22
mvodoko: snapcraft is sergiusens baby - I assume this happens all the time and is not a one-off race or something in their suite?08:23
mvodoko: hm, hm, "{{{The package python3-dev has unmet dependencies:}}}"08:24
mvodoko: is/was there some inconsistency in the archive when this ran maybe?08:24
dokoI'll run it again08:28
mvota08:29
zygamvo: shall I squash https://github.com/snapcore/snapd/pull/609608:54
mupPR #6096: spread.yaml: add more systems to the autopkgtest and qemu backends <Created by mvo5> <https://github.com/snapcore/snapd/pull/6096>08:54
sergiusensmvo: adopted baby, its your original baby formed with another Michael, you have commit number 3 after all 😉08:56
mvosergiusens: haha08:56
mvosergiusens: true08:56
mupPR snapd#6096 closed: spread.yaml: add more systems to the autopkgtest and qemu backends <Created by mvo5> <Merged by zyga> <https://github.com/snapcore/snapd/pull/6096>09:03
mupPR snapd#6112 opened: correct localInstallCleanup doc comment <Created by pedronis> <https://github.com/snapcore/snapd/pull/6112>09:22
ackkhi, I'm having a hard time getting a python-based core18 classic snap to work. if I install it on xenial, I get this: https://paste.ubuntu.com/p/PbPq2bp5md/09:35
ackkChipaca, hi, so I've been trying to fix that snap of mine wrt python3, but I see this issue on xenial: https://paste.ubuntu.com/p/PbPq2bp5md/09:37
ackkChipaca, is snapcraft doing something wrong with python3?09:37
zygaackk: looking at your log09:37
ackkthanks zyga09:37
pedronisChipaca: hi, #611209:37
mupPR #6112: correct localInstallCleanup doc comment <Created by pedronis> <https://github.com/snapcore/snapd/pull/6112>09:37
zygaThe x3 vs x5 aspect is curious09:37
zygaIs the python interpreter present in x5 as well?09:38
Chipacaackk: classic snap?09:38
ackkzyga, ah sorry, that was because I run from history, x5 is the last attempt09:38
ackkChipaca, yes, classis, python, core1809:38
ackk*classic09:38
zygaClassic as in classic confinement?09:38
Chipacaackk: snap list --all sshoot ?09:38
Chipacapedronis: ah good catch and thanks09:39
ackkChipaca, https://paste.ubuntu.com/p/RvDdMMzW2g/09:40
ackkzyga, yes09:40
ackkis there another type of classic? :)09:40
zygaWell classic system09:40
Chipacaackk: a snap can be classic, a system can be classic, and there is a devmode snap that's called "classic"09:40
ackkah I see09:40
zygaIt is the classic problem of name overloading ;)09:41
ackk(I'm testing in a xenial lxd if that matters)09:41
ackkzyga, classic joke, classic :)09:41
Chipacaackk: you built this on 18.04?09:41
ackkChipaca, yes09:41
Chipacaackk: on 18.04, what happens when you run python from the snap like that?09:42
Chipacaackk: that is09:42
Chipacaackk: please, snap run --shell sshoot, start python3 in there, let me know how it goes (i'll have more things for you to do in the python)09:42
Chipacapstolowski: didn't we have a way to disable a service froma hook?09:43
ackkChipaca, it starts (and "sshoot" also works)09:43
pstolowskiChipaca: well, not really, the only way to do something with services from hook is via snapctl09:44
Chipacaackk: import _crypt09:46
Chipacaackk: print(_crypt)09:46
Chipacapstolowski: grmbl09:46
Chipacapstolowski: i'll see if i can fix this :-)09:46
ackkChipaca, <module '_crypt' from '/snap/sshoot/x1/usr/lib/python3.6/lib-dynload/_crypt.cpython-36m-x86_64-linux-gnu.so'>09:46
zygax1!09:47
ackkzyga, different container, this is bionic09:47
zygaAh09:47
Chipacapstolowski: where are hooks documented, for snap developers?09:50
Chipacaackk: can you ldd the python binary in the snap?09:51
Chipacaackk: from inside the snap09:51
sparkiegeekChipaca: oh you...09:51
Chipacasparkiegeek: i have a developer wanting to use them09:51
pstolowskiChipaca: https://forum.snapcraft.io/t/supported-snap-hooks/3795 and https://forum.snapcraft.io/t/interface-hooks/821409:51
Chipacapstolowski: thanks09:52
Chipacapstolowski: I'm also going to look into disabling :-)09:52
pstolowskinice09:53
Chipacasparkiegeek: or wait, have I continued to break the store09:53
sparkiegeekChipaca: nah, not today09:53
ackkChipaca, https://paste.ubuntu.com/p/kjFbQccfQV/ (bionic and xenial)09:53
ackkChipaca, isn't the last entry problematic? it points to the system library09:54
Chipacaackk: yes09:55
Chipacaackk: i think so at least :-)09:55
Chipacaackk: there's this other little-known classic python snap we could look at for inspiration09:55
Chipacaackk: schnappcraft, or something like that, probably about getting drunk09:55
ackklol09:56
ackkChipaca, isn't snapcraft also classic? :)09:56
Chipacaackk: but not core18 which might be the extra quirk here09:56
ackkright09:56
ackkChipaca, so, is that a core18 bug? 'cause the library isn't there in core1809:58
pstolowskidegville: hey, just noticed in https://forum.snapcraft.io/t/interface-hooks/8214 - is the colon at the end of "Interface hooks can read the attributes of the affected plug and slot by using the snapctl command, as defined by the snap’s snap.yaml:" sentence intended?09:59
mupPR snapd#6109 closed: interfaces/apparmor: allow access to /run/snap.$SNAP_INSTANCE_NAME <Created by zyga> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/6109>09:59
ackkChipaca, indeed on xenial that's a broken link10:00
degvillepstolowski: no - good spot, thanks.10:00
ackkChipaca, https://paste.ubuntu.com/p/h7MmBYgjjp/10:01
ackkmvo, ^ maybe you have insight10:10
mvoackk: I lack context, is the problem that the symlink is absolute?10:13
ackkmvo, no, the problem is that it's broken on xenial, as the ld.so version is different10:13
ackkmvo, should core18 perhaps include ld.so as well?10:14
ackkmvo, it's 2.23 not 2.27 on xenial10:14
mvoackk: I think the problem is actually that this link needs to be relative, i.e. /lib64/ld-linux-x86-64.so.2 must point to ../lib...10:17
mvoackk: let me look into this10:17
ackkmvo, ah, so it should point to the snap10:17
mvoackk: yeah, the file is there10:19
mvoackk: there in the snap10:20
ackkmvo, ah so it's just a symlink issue10:20
Chipacaackk: sorry i'm at the summit and only have half an ear for this right now ;-)10:21
mvoackk: yeah, looking at the fix now10:21
ackkChipaca, np it seems mvo has found the culprit10:21
Chipacanice10:22
* Chipaca hugs mvo 10:22
ackkChipaca, mvo, thanks10:22
mupPR snapd#6113 opened: overlord/ifacestate: handler for hotplug-connect task <Hotplug 🔌> <Created by stolowski> <https://github.com/snapcore/snapd/pull/6113>10:25
Chipacamvo: sudo find /snap/core18/current/ -type l -printf "%l from %p\n" | grep  ^/10:25
mupPR core18#88 opened: hooks: make ld-so symlink in /lib64 relative <Created by mvo5> <https://github.com/snapcore/core18/pull/88>10:26
mvoChipaca: hrm, that are many10:26
mvoackk: the above PR should fix the issue10:26
Chipacamvo: I don't know if they're all bad though, but yes there are :-)10:26
Chipacapstolowski: "snapctl stop --disable theservice" from within the snap works10:26
Chipacapstolowski: from the install hook i  mean10:26
mvoChipaca: *sigh* thanks :)10:26
pstolowskiChipaca: ah, of course, i forgot stop had the flag /o\... sorry about that10:27
ackkmvo, cool, thanks10:28
mupPR snapd#6112 closed: correct localInstallCleanup doc comment <Created by pedronis> <Merged by zyga> <https://github.com/snapcore/snapd/pull/6112>10:35
zygamvo: thank you for cherry picking into 2.3610:38
pedronisChipaca: I did a first pass on the epochs PR, I understad your focus is elsewhere this week, either way let me know if you disagree when you can look at it10:38
mvozyga: my pleasure - we are complete now, I wait for travis and once its green will do 2.36.1 (maybe after lunch, depending on travis)10:39
zygasuper10:39
mvozyga: in the meantime I'm packaging/patching fontconfg like its 199810:41
zygamvo: does current fontconifg support older cache formats/10:42
zygaas in, can it write all formats from one binary10:43
mvozyga: not afaict10:44
zygamvo: tumbleweed fails on gpg key management from snap keys and all10:44
zygaI wonder if this is a sign of trouble to come in disco with new package sync10:45
zygabut I won't look more today10:45
zygaback to user mounts10:45
zygaI'll do a brief packaging update with 2.36.1 but other than that I'm happy with current state10:45
pedroniszyga: what gnupg does it have?10:45
zygahttps://www.irccloud.com/pastebin/rUQqGjEg/10:46
zyga2.2.1010:46
pedroniswe'll need to dig10:46
Chipacapedronis: thank you. I'll get to it tomorrow, i expect10:49
Chipacatomorrow i'll be staying home10:49
* zyga is on the road today but trying to focus 10:51
* zyga is in a car dealer shop, on headphones listening to music, writing C on opensuse11:14
zygaI wonder if people think I'm some kind of evil nasty hacker11:14
zygaoh, I also have a dog with me11:15
zygaso maybe they are scared to check :D11:16
pstolowskizyga: is you screen flooded with wall of text in a matrix-style all the time? ;)11:26
ahasenackis there still no way to remove a snap config option once set?11:43
ahasenacksnap never forgets?11:43
pedronisahasenack: correct,  best approximation is setting to empty string or emptying a larger context11:47
ahasenackwhat does "emptying a larger context" mean?11:47
pedronisif you have foo.bar and foo.baz setting foo to {}, not saying it's useful in general11:48
ahasenackah, by larger you meant something like parent11:49
pedronisyes11:49
ahasenackok, thx11:49
pedroniswe do plan to allow some resetting, still haven't happened yet11:49
mupPR snapd#6052 closed: snap, store, overlod/snapstate: always send epochs <Created by chipaca> <Closed by chipaca> <https://github.com/snapcore/snapd/pull/6052>12:05
zygapstolowski: hollywood has a purpose ;-)12:19
* zyga is back home12:19
mupPR snapd#6114 opened: Handler for hotplug-disconnect task <Created by stolowski> <https://github.com/snapcore/snapd/pull/6114>12:43
Chipacazyga: got a weird snap-exec error about not finding a profile that went away with removing and reinstalling a snap, is this something you'd be interested in?12:54
cachiomvo, hey12:54
cachiomvo, did you see the log I sent you yesterday?12:54
cachiodoes it help?12:54
zygaChipaca: indeed12:55
zygaChipaca: can you tell me more12:55
pedroniszyga: pstolowski: did we end up reusing/abusing addImplicitSlots for hot plug slots as well?12:55
Chipacazyga: i'm waiting for a copy of the problem12:55
pstolowskipedronis: yes12:56
zygapedronis: I believe so12:56
pedronis:/12:56
pstolowskipedronis: addImplicitSlots now looks also into the state ("hotplug-slots" map)12:56
zygawhat do you think should happen there?12:56
pedroniswe should really find a different way to factor that12:57
pedronisit's not the hot plug part I'm not keen on12:57
pedronisit's as usual the addImplicitSlot sprinkled around part12:57
pedronismixing the two doesn't make things better tough12:57
zygaI had one idea with keeping well-know snap.Info for core/snapd and only ever handling implicit slots in one single spot at one time12:57
zygathis is what I did in one of the exploratory branches long ago when core18 was being prepared12:58
zygathe advantage was that we traded complexity all around snap info12:59
Chipacazyga: http://paste.ubuntu.com/p/KzM4NGdRQs/12:59
zygafor special casing one snap12:59
mupPR snapcraft#2396 opened: Partial Revert "build providers: fix osx non base and injection" <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/2396>13:00
pedronispstolowski: zyga: anyway things are as they are, we really need to clean this up at some point13:00
pedronistough13:00
zygaI agree, we just need to write down what we are willing to accept13:01
zygaChipaca: 1411 was setup-profiles13:01
zyga        "ready-time": "2018-11-08T12:41:47.570494396Z"13:02
zygathis is when it was ready13:02
pstolowskipedronis: yes i agree, i just didn't want to get into rabbit of refactoring before hotplug, similiar to what happened with various refactorings before interface hooks13:02
pstolowski*rabbit hole13:02
zygapre-refresh hook was 140613:02
zygait was ready on         "ready-time": "2018-11-08T12:41:47.570530073Z"13:02
zygaso it was after13:02
zygado you have kernel logs from the system?13:03
zygacan you extract the range a second before 12:41:4713:03
Chipacazyga: person's now in a meeting, but i'll ask13:03
zygawoa,13:03
zygaactually13:03
Chipacazyga: probably yes13:03
zygaits not !13:03
zygaI misread13:03
Chipacanot ! <- not not13:03
zygathe sub-second parts show that setup-profiles was after the hook?13:04
* zyga double checks that13:04
Chipacazyga: do vs undo?13:04
zygaeh, perhaps13:04
zygathis sucks, I wish we had better data there13:04
Chipacayes13:04
zygakenrel logs will have useful facts but probably not that resolution (though I may be wrong)13:05
Chipacazyga: easiest would be to ask them to 'dmesg -H | pastebinit', would that be enough?13:05
zygayes13:05
Chipacaasked13:05
Chipacabut, they're in a meeting13:06
Chipacaso i'll let you know :-)13:06
Chipacazyga: http://paste.ubuntu.com/p/MfKnvp8bD7/13:06
zyga[  +0.000004] audit: type=1400 audit(1541680843.472:176): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="/snap/core/5742/usr/lib/snapd/snap-confine" name="snap.code-oss.hook.pre-refresh" pid=15781 comm="snap-confine"13:08
zyga[  +0.005188] audit: type=1400 audit(1541681530.284:182): apparmor="STATUS" operation="profile_load" profile="unconfined" name="snap.code-oss.hook.pre-refresh" pid=17895 comm="apparmor_parser"13:08
zygaso we certainly tried to run the hook before we loaded profiles13:09
zygapstolowski: ^ can you tell me from the top of your head, the pre-refresh hook, when is it ran in the sequence of snap refresh?13:09
zygapstolowski: and if I have a snap with no revisions and install it, would that hook run?13:09
zygaChipaca: can someone report a bug about this13:10
zygafor tracking13:10
zygaI'll assign it to myself13:10
pstolowskizyga: from top of my head not, but let me take a quick look. first off, it only runs if refreshing13:10
zygaChipaca: if you can you please at least collect the basic info about the snap (confinement, hooks) and if this can be reproduced (snap remove foo; ... snap install foo # KABOOM)13:10
zygapstolowski: I wonder if we can ever do this:13:11
zygapstolowski: run pre-refresh hook on fresh install13:11
zygapstolowski: when there's no prior revision13:11
pedronispstolowski: for context, I'm trying to read the already landed hot plug code and also looking at recent hot plug PR that have landed13:11
zygapstolowski: and it somehow ends up in a sequence where we haven't installed the snap yet so it doesn't have security setup done13:11
pstolowskizyga: it runs after mount-snap, before stop-snap-services, remove-aliases, unlink-current-snap and before switching to the new revision13:12
pstolowskipedronis: ok. the biggest chunk that landed was udevmonitor stuff, after that only very small bits to set the stage13:13
pedroniszyga: how can it be not installed if it's a refresh13:13
zygapstolowski, pedronis: about implicit slots, I have a feeling it would be good for snapd to track the implicit system slots and hot plug slots explicitly in ifacestate13:13
zygaas a first step towards refactoring13:13
pedronisisn't that what the current code does?13:14
zygapedronis: I don't know yet13:14
zygapedronis: but the hook profile was not replaced13:14
zygait was _loaded_13:14
zygaso it seems like it was loaded for the first time at that stage13:14
zygaand that can only happen if the snap was never installed (even before because of a bug in profile removal code)13:14
pedroniszyga: btw relatedly remember that you have an open task about merging setup/remove-profiles into *link* tasks13:15
zygapedronis: yes, that's true13:15
zygapedronis: though awe need to write down TODOs and schedule them13:15
zyga*we13:15
pedroniszyga: yes, we do need to do that13:16
pedronisthis is an long standing open one though, not saying it's a priority now13:16
zygapedronis: I have a hunch that we ran the hook from this snap, the one being installed13:16
pedronisjust reminding it because it's related to this area13:16
* zyga nods13:16
pstolowskithis would be pretty unexpected given that we run it before current link changes and before setup profiles13:19
zygaright13:21
zygabut that's how it looks like13:21
zygabefore setup profiles for sure13:21
pedronispstolowski: I'm seeing some small typoes etc going over the code, if I don't see anything major I will do a small PR with tweaks if it's ok with you13:32
Chipacaany idea why 'snap run --strace snap.app args' would just print "exit status 1"13:35
Chipaca?13:35
pstolowskipedronis: sure, np, thanks13:37
zygaChipaca: hmmm, strace it ;)13:39
zygajokes aside, probably no strace?13:39
pedronispstolowski: I'm confused by ensureUniqureName,  it seems to remove "-" when clearing the suffix, but is not adding "-" when attaching the suffix13:39
mupPR snapd#6115 opened: cmd: update autogen.sh for opensuse <Simple 😃> <Created by zyga> <https://github.com/snapcore/snapd/pull/6115>13:40
Chipacazyga: they have strace13:42
pedronispstolowski: it seems to be by design, it's tested behavior, but is not documented/explained in the comment13:43
zygapedronis: https://github.com/snapcore/snapd/pull/6116 is the simplified feature flag storage for snap-confine13:44
mupPR snapd#6116 opened: cmd/libsnap: add simplified feature flag checker <Created by zyga> <https://github.com/snapcore/snapd/pull/6116>13:44
mupPR #6116: cmd/libsnap: add simplified feature flag checker <Created by zyga> <https://github.com/snapcore/snapd/pull/6116>13:44
Chipacazyga: https://dpaste.de/FNWL/raw13:44
zygaChipaca: lookking13:44
Chipacazyga: not helping :-)13:44
zygaChipaca: denials13:44
zyga?13:44
zygaChipaca: if you want I can jump into standup HO and you can walk me through this in the next 15 minutes13:45
pedroniszyga: what's the context for that13:45
pstolowskipedronis: indeed, just found the PR https://github.com/snapcore/snapd/pull/5782 ; it was requested in the review - see https://github.com/snapcore/snapd/pull/5782#discussion_r21701876713:45
zygapedronis: we need to learn about enabled experimental features from snap-confine and snap-update-ns13:45
mupPR #5782: ifacestate: helpers for generating slot names for hotplug <Hotplug 🔌> <Created by stolowski> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/5782>13:45
zygapedronis: this is the idea that Gustavo presented (just stat a file) in response to the facts PR13:45
pedronispstolowski: is not super clear from the discussion tough that it needs to be removed, if it's then not added13:46
Chipacazyga: http://paste.ubuntu.com/p/XVVzYWNHR7/13:46
pedronispstolowski: the test for sure look weird13:46
ograjdstrand, did you see https://bugs.launchpad.net/bugs/1802124 yet ?13:47
mupBug #1802124: Error installing chromium-mir-kiosk on RPi3/edge <snapd (Ubuntu):New> <https://launchpad.net/bugs/1802124>13:47
zygaChipaca: this is a snap in a container?13:48
zygaChipaca: I suspect that may not work fully13:48
zygaChipaca: ah, parallels VM13:49
zygabug report: on a mac, running parallels, running ubuntu, running lxd as a snap, running another version of ubuntu, running a snap with --strace is not supported13:50
pedronispstolowski: also I would it work if the base name ends with digits?13:50
jdstrandogra: uhh, there is extra code in this section13:50
ackkmvo, is "core" needed even if a snap depends on "core18" ?13:51
pedronispstolowski: we trim only one digit?13:51
pedronishow do we know it's enough13:51
ograjdstrand, yeah, sseems to be https://github.com/snapcore/snapd/commit/093b3662047123fe684a0d1dae27775593f1dc1f13:51
jdstrandChipaca: hey, seems you fiddled with ptrace_* for PTRACE_GETFPXREGS? (see https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1802124). looks like there is an armhf case13:51
mupBug #1802124: Error installing chromium-mir-kiosk on RPi3/edge <snapd (Ubuntu):New> <https://launchpad.net/bugs/1802124>13:51
pedronispstolowski: this line is very weird: https://github.com/snapcore/snapd/blob/master/overlord/ifacestate/hotplug_test.go#L24313:51
jdstrandogra: there is a commit after that which is meant to address archs without fp13:52
ograah13:52
jdstrandand with fp13:52
mvoackk: you shouldn't need core if you just depend on core1813:53
ackkmvo, that's weird, we have a (strict) snap that doesn't work if you don't have core13:54
mvoackk: oh, please tell me more13:54
mvoackk: how can I reproduce this?13:54
pedronispstolowski: to be clear wasn't my intention to rehash already landed code, but this bit looks weird coming fresh to it13:54
jdstrandChipaca: it looks like the policy isn't conditionally adding/removing the fp variants13:54
ackkmvo, https://pastebin.canonical.com/p/kTv7H5Q65Q/13:55
ackkmvo, i have core18 installed only13:55
ackkif I install core, it works13:55
pedronispstolowski: also that function is not used yet, is that right?13:55
pstolowskipedronis: no, we take entire numeric suffix with strconv.Atoi(proposedName[len(prefix):]); then increment it until we have unique name as a whole. the point is to generate unique name and the example slot3-5 -> slot36 may look weird but is guaranteed to be unique13:55
ackkmvo, this is a proprietary snap unfortunately, lemme see if I can get you something that you can try13:55
mvoackk: aha, interessting, I think you hit a bug, let me look at this13:55
mvoackk: its ok, I can probably trigger it somehow, I suspect its a bug with snap-confine that it does not use the right base when it runs the hooks13:56
pstolowskipedronis: it is used in the huge hotplug PR, but not in master yet, no13:56
ackkmvo, ah I see13:56
zygaackk: interesting13:57
zygawe need to be told of the base explicitly13:57
zygaanother thing we could fix with facts alone :/13:57
* zyga looks13:57
zygawe pass --base every time there's a base defined in the snap13:58
zygathis is the code path used both by hooks and by apps13:58
pedronispstolowski: why do we remove the "-" ?13:58
pedronispstolowski: it just seems a mix of two version of the code, I don't understand how it relates to uniqueness13:58
mvozyga: hm, apparently something is not quite wired up in the code path :/13:59
mvozyga: I do remember work on this13:59
mvozyga: anyway, will look after the meeting13:59
zygak13:59
ackkmvo zyga thanks13:59
pedronispstolowski: it also means slot3-5 and slot35 will both produce slot36, I don't know if thats a feature or a bug13:59
zygamvo: what is odd is that for hooks we parse the revision13:59
zygaand use that13:59
zygafrom snap.Revision13:59
pstolowskipedronis: that's not going to be a problem14:00
zygafor apps we just use R(0)14:00
Chipacajdstrand: i thought zyga was looking into fixing the PTRACE thing, but yes14:00
pstolowskipedronis: at any given point the function is guaranteed to generate a unique name14:00
pedronispstolowski: again, can base name end in numbers?14:00
Chipacajdstrand: I fiddled with them because they failed to build14:00
jdstrandChipaca: I don't know-- ogra pinged me about it14:00
Chipacajdstrand: so now we have a runtime failure14:00
Chipacabecause that's life14:00
pedronispstolowski: to create, what, slot names?14:00
pedronispstolowski: those also need not to too confusing14:01
pstolowskipedronis: do you mean "slot1234" ?14:01
zygamvo: I'm sorry, hooks use --revision from snap run14:01
zyganot from snap info14:01
pstolowskipedronis: sorry, im confused by what do you mean by base?14:02
kjackalHi snappy people, I am trying core18 because of the layouts and I get this error: "cannot update snap namespace: cannot create writable mimic over "/snap/microk8s/x1/": permission denie"14:03
pedronispstolowski: you start from a name that might not be unique, I suppose the output of suggestedSlotName ?14:03
pedronisand then you make it unique14:03
pstolowskipedronis: yes that's right. btw, standup14:04
jdstrandzyga: so, we perhaps probably shouldn't be failing with error here. we ignore unknown syscalls. perhaps we should ignore these unknown PTRACE args. *or* we mock them up like with AF_IB, AF_MLPS, etc14:04
jdstrandzyga: honestly, I was surprised we didn't do the latter, but I wasn't involved in that build pr14:04
zyga(standup)14:05
jdstrandthat's the extent of my thoughts14:05
jdstrandactually that's not true14:06
jdstrandzyga: readNumber could return something to signify skipping and continue the loop (silently ignore the rule)14:07
zyganot sure if this is what we should do, but I'll reply after the call14:08
kjackaljdstrand: I am following the your steps on for a strict microk8s. Got snapcraft 3.0 that has layouts, updated the snapctaft.yaml with base: core18, applied your patch. It seems to compile but failes in the install hook with https://pastebin.ubuntu.com/p/mcXnz52NkQ/14:08
jdstrandkinda 6 of 1. AF_IB we use a #define. we could #define here, but is that #define the same across archs? if not, skip seems reasonable. I don't think I care for browser_support.go having to understand arch-specific details about fp/fpx14:09
jdstrandkjackal: sounds like there is an apparmor denial in the snap-update-ns profile. can you check you log?14:10
jdstrandzyga: ^ (6 of 1 comment; but also fyi kjackal's)14:11
roadmrjdstrand: hy there! Hey a question - for the purpose of e.g. snap track approval, who other than Gustavo and Mark qualifies as an architect? the post detailing this just says "etc"14:14
kjackaljdstrand: zyga: indeed there is this "audit[22699]: AVC apparmor="DENIED" operation="mount" info="failed mntpnt match" error=-13 profile="snap-upda14:21
kjackalte-ns.microk8s" name="/tmp/.snap/snap/microk8s/x1/" pid=22699 comm="3" srcname="/snap/microk8s/x1/" flags="rw, rbind"14:21
kjackalN" that does not tell me much14:21
jdstrandroadmr: no one. perhaps pedronis now? if we add pedronis, we should update the docs14:21
roadmr\o/14:22
roadmrwe should add him, he rocks :)14:22
kjackalThis looks similar https://forum.snapcraft.io/t/core18-issues/521614:22
jdstrandkjackal: that is a different issue. I didn't test with core18. this might be a change relevant to that or new PRs in this area. actually, zyga did land some stuff to make it no longer experimental... need his input14:24
zygaI'm out of touch with this issue now14:24
zygastill in a call14:25
zygais there a report about it anywhere or should I scan the backlog on irc?14:26
jdstrandzyga: there are two unrelated issues now. the fp/fpx that we discussed and a sun denial with microk8s using layouts with core1814:27
jdstrandthat kjackal brought up14:27
zygajdstrand: aha, can we get a paste of the mount profile and of the apparmor profile for sun?14:28
jdstrandzyga: afaik, it is all backscroll14:28
jdstrandkjackal: ^14:28
zygakjackal: ^ if you know how to collect the two please do14:28
zygakjackal: otherwise ask14:28
zygakjackal: essentially /var/lib/snapd/apparmor/snap-update-ns.$foo14:28
zygaand /var/lib/snapd/mount/snap.$foo.fstab14:29
zygajdstrand: I wrote a branch where I keep a log of all the ops done by snap-update-ns14:29
zygaI need to clean it up and propose14:29
zygait is very useful for debugging14:30
zygakjackal: you can also set SNAPD_DEBUG=1 and run the app to see more debug14:30
jdstrandzyga: sounds handy14:31
=== blackboxsw_away is now known as blackboxsw
zygamvo: so the issue14:36
kjackalwait up zyga. My guess is you want something from /var/lib/snapd/apparmor/profiles/ . This is where the snap-update-ns-* is . However I do not see snap-update-ns.microk8s. What is $foo?14:36
mupPR snapcraft#2397 opened: cmake plugin: use native primitives <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/2397>14:36
mupPR snapcraft#2398 opened: gnome extension <Created by diddledan> <https://github.com/snapcore/snapcraft/pull/2398>14:36
zygacachio: please just remind me how that was invoked,14:36
kjackalsame for  /var/lib/snapd/mount/snap.$foo.fstab14:36
zygakjackal: $foo is snap name14:36
zygakjackal: did this snap have a hook that exploded on install?14:36
zygaif so the installation would be reverted14:37
zygakjackal: and the corresponding files removed14:37
zygakjackal: if so my suggestion would be to remove all hooks to debug this (^ no way to install a snap without hooks or keep it broken)14:37
zygamvo: so the issue14:37
zygamvo: snap-confine runs snap-device-helper14:37
zygamvo: with hardcoded locations14:37
kjackalok, trying this now14:37
zygamvo: that match core and ubuntu14:37
zygamvo: this is done after pivot root, so in the mount namespace of the snap already14:39
mvozyga: right, don't we bind mount things from the host (/usr/lib/snapd) into the base ?14:39
zygamvo: yes that's right14:40
* ogra hugs kyrofa 14:40
* kyrofa hugs ogra back14:42
kyrofaSeriously14:42
ograyeah :)14:43
zygaDEBUG: performing operation: (disabled) use debug build to see details14:43
* zyga _hates_ that part of snap-confine14:43
zygasecurity in the way of usability14:43
zygamvo: we don't bind mount it in this case, the base is "core"14:44
zygamvo: so the fact that we cannot find it is surprising14:44
mvozyga: yeah, that is surprising14:44
zygaDEBUG: snap-update-ns executable: /usr/libexec/snapd/snap-update-ns14:44
zygaperhaps we infer the wrong location?14:44
mvozyga: yeah, that seems to be it - this runs on a libexec idstro?14:45
zygauseful debug logs from the fedora29 issue https://www.irccloud.com/pastebin/TTN36845/14:45
zygaplease have a look, I'm still reading as well14:45
zygayes, fedora 2914:45
cachiozyga, test-snapd-udev-input-subsystem.slot14:45
roadmrzyga: wow that fedora29 snap is like stitch, destroys everything it touches?14:46
roadmr:D14:46
zygaroadmr: destroys all bugs14:46
roadmrzyga: true that :)14:46
zygahttps://www.youtube.com/watch?v=JTTwlAT_AwU14:47
zygaha14:50
zygamvo: I understand now14:50
zygaar, wait, no :/14:51
zygahmmm14:51
zygaso14:51
zygagoogle:fedora-29-64 /# /usr/lib/snapd/snap-device-helper14:51
zyga-bash: /usr/lib/snapd/snap-device-helper: /usr/bin/sh: bad interpreter: No such file or directory14:51
zygainitially I thought this is PATH14:52
zygabut14:52
zygathe file has a wrong shbang14:52
zygait says /usr/bin/sh!14:52
zyganot /bin/sh14:52
zygagoogle:fedora-29-64 /root# nsenter -m/run/snapd/ns/test-snapd-udev-input-subsystem.mnt14:53
zyga-bash: ls: command not found14:53
zyga-bash: /usr/libexec/grepconf.sh: No such file or directory14:53
zyga-bash: /usr/libexec/grepconf.sh: No such file or directory14:53
zyga-bash: sed: command not found14:53
zygagoogle:fedora-29-64 /# /bin/ls -l /usr/bin/sh14:53
zyga/bin/ls: cannot access '/usr/bin/sh': No such file or directory14:53
zygagoogle:fedora-29-64 /# /bin/ls -l /bin/sh14:53
zygalrwxrwxrwx. 1 root root 4 Nov  8 14:18 /bin/sh -> dash14:53
zygamvo: let me propose a quick PR14:53
ografancy14:53
mvozyga: gar14:53
zygaoaoaaah?14:53
zygawhat14:53
zygathe file has /bin/sh in the tree14:53
roadmraioueee14:53
mvozyga: yeah, I just did a git grep14:54
mvozyga: this is strange14:54
roadmr(as long as we're resorting to guttural sounds)14:54
zygamvo:14:54
zygamvo: sorry, the file is from the host distro14:54
zygafedora rewrites the shebang (apparently!)14:54
zygabut why would it be bind mounted there?14:54
zygaso we run with fedora29 version of snap-device-helper14:55
zygaso we must have did the bind mount for /usr/libexec/snapd /usr/lib/snapd14:55
* zyga confirms14:55
zygamountinfo in the app mount ns https://www.irccloud.com/pastebin/qSQmhrPV/14:56
mupPR snapd#6117 opened: overlord/ifacestate: don't remove the dash when generating unique slot name <Hotplug 🔌> <Created by stolowski> <https://github.com/snapcore/snapd/pull/6117>14:58
pstolowskipedronis: ^14:58
zygamvo: there is no such mount14:58
pedronisthx14:58
* zyga wonders 14:58
cachiozyga, mvo I need to go to take my son15:00
mvozyga: hm, what snaps is that?15:00
mvocachio: ok15:00
zygamvo: so it's not mounted15:00
zygathe core snap is busted15:00
zygahttps://www.irccloud.com/pastebin/3uE4g7eh/15:00
cachioif you need a new machine just add fedora-29-64 to the spread.yaml15:00
zygatheory: in CI when we repackage core and inject snapd15:00
zygathe locally built snapd.rpm has replaced shebang15:01
* zyga looks15:01
* cachio afk15:01
zygamvo: this would only break in CI15:01
zygamvo: not in real world15:01
zygareal world doesn't inject snapd from RPM into core snap15:01
mvozyga: aha, because we rewrite the core in ci15:01
zygaactually, I wonder what that was supposed to do15:01
mvozyga: indeed15:01
zygaI sure hope we don't have both /usr/lib/snapd and /usr/libexec/snapd15:02
* zyga checks that first15:02
zygamvo: confirmed, prepare.sh has15:03
zyga    cp -a "$LIBEXECDIR"/snapd/* squashfs-root/usr/lib/snapd/15:03
zygaso we take the host's rpm that was mangled15:03
zygaand inject that into the built package15:03
zygathis is broken15:04
zyganot only in the sense that this path is rewritten15:04
zygasnap-confine compiled on fedora is incompatible with core15:04
zygaI think we need to take a step back15:04
zygawithout making snap-confine and other C programs compatible with every distribution15:04
zygawe cannot just insert them into the core snap during testing15:05
zygathey will expect different paths15:05
zygait just happened to work because a path was hard-coded there15:05
zyganot using @libexecdir@15:05
zygabut other parts will not be so useful15:05
zygathe binary is linked with fedora locations15:05
zygait makes no sense to just inject it into a core snap with ubuntu chroot15:05
zygamvo: let's have a call about this if you don't mind15:05
zygaI think our fedora testing story was super lucky so far :)15:06
zygasnap-confine ldd inside and out https://www.irccloud.com/pastebin/OkT431Pi/15:07
zygamvo: and even if we make it 100% unaware of the distribution configuration15:07
zygathings like libc version will be at play15:07
zygaas we move to fedora30 and beyond15:07
zygasnap-confine linked in fedora30 might not run on ubuntu 16.0415:08
zygaI think the extent of testing fedora29 by repackaging core is a bit broken15:08
zygawe need to repackage core as if it was built on ubuntu15:08
zygaand test that15:08
zygathat's the realistic test IMO15:08
zygamvo: I'll make coffee and let's have a call, ok?15:08
mvozyga: let me finish some things here first, then yes15:09
pstolowskizyga: re hook issue & pre-refresh, can I help? what do we know so far (logs, a reproducer?)15:11
zygapstolowski: I don't have a reproducer, didn't try15:14
zygawhat we know is:15:15
zygahttp://paste.ubuntu.com/p/MfKnvp8bD7/15:15
zygaat the bottom15:15
zygalines 865-15:15
zyga865 says we didn't have the apparmor profile but we tried to execute a pre-refresh hook15:16
zygathen line 871 tells us we loaded (not replaced, loaded) the apparmor profile for the pre-refresh hook15:16
zygathat's all I know15:16
kjackalzyga: Just got the logs you asked https://pastebin.ubuntu.com/p/cRW8jX2XGM/ . Would you prefer a forum topic?15:17
zygakjackal: something tracable, yes, may be a bug report or a forum post15:17
zygakjackal: too many topics now :)15:17
zygakjackal: can you also get the /var/lib/snapd/mount/snap.$foo.fstab please15:18
kjackalzyga: it is on the pastebin line 7, right?15:19
zygaah15:19
zygaperfect15:19
zygakjackal: let's have a bug report15:19
zygabugs can be assigned15:19
zygaforum topics are swaaaamped15:19
zygakjackal: I'm sorry, the issue with fedora is fundamental to our testing and development story15:20
kjackalwhere do you keep bug reports?15:20
zygawe need to tackle it15:20
zygakjackal: launchpad.net/snapd please15:20
kjackalyes no worries15:20
kjackalthanks15:20
zygamvo: ready when you are15:20
zygamvo: https://meet.google.com/mcs-qqzz-idp?authuser=015:21
pstolowskizyga: thanks, i'll see if i can find anything15:23
zygamvo: I wrote a quick summary15:29
pstolowskizyga: can we have state.json for the hook issue?15:29
zygahttps://www.irccloud.com/pastebin/QhF9iWhq/15:29
zygapstolowski: yes15:29
zygahttps://www.irccloud.com/pastebin/nYonNbqH/15:30
zygapstolowski: we analysed that and determined that task timestamps are not super useful because of undo15:31
zygawe should store undo timestamps separately15:31
zygapedronis: ^ for debugging we should probably store undo timestamps in the state15:31
pstolowskizyga: this state is missing waittasks/halttask and is generally stipped down; do we have a complete state?15:37
mupPR snapcraft#2399 opened: Cmake find root build snaps <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/2399>15:39
mvoackk: hm, I may need access to your snap afterall, I wrote a testcase with a configure hook and core18 only and it works for me15:40
ackkmvo, ok, hold on15:41
mvoackk: also please pastebin "snap version"15:45
Chipacamvo: silly question that i could probably answer with grep: where's the snapd sanity check?15:50
mvoChipaca: sanity/check.go iirc15:50
Chipacamvo: thanks15:51
diddledanzyga or jdstrand, can you help with dbus ownership? on ubuntu transmission-gtk doesn't need a slot but on kubuntu it seems to require a defined slot. also transmission-qt and transmission-gtk both use the same dbus name, so we're wondering if the store allows two snaps to have the same dbus slot definition?15:59
threshA tool snapcraft depends on could not be found: 'execstack'.15:59
threshis that something I miss from the docker image I build?16:00
threshI see that package is in debian, but not in ubuntu16:02
threshhm, it's actually in universe, but not shown on packages.ubuntu.com16:04
threshand it's actually installed16:04
sparkiegeekpackages.ubuntu.com is broken atm16:05
sparkiegeekhttps://bugs.launchpad.net/pkg-website/+bug/180151816:05
mupBug #1801518: Search is broken <pkg-website:Confirmed> <https://launchpad.net/bugs/1801518>16:06
threshoic16:06
kjackalzyga: Here is the bug on microk8s https://bugs.launchpad.net/snapd/+bug/180233216:07
mupBug #1802332: Apparmor complains in strict confinement with base: core18  <snapd:New> <https://launchpad.net/bugs/1802332>16:07
threshhere's the snapcraft output on execstack: https://code.videolan.org/snippets/87116:07
zygakjackal: thank you16:07
threshI don't have /usr/sbin in $PATH, too16:07
kjackaljdstrand: I noticed that "kernel-module-observe" is not available but your patch had it there. Should I know anything about it? Merged with something else? Renamed? Not needed?16:08
kjackalI am not in the position yet to see what breaks and what works, just asking because I had to comment it out16:09
mupPR snapd#6118 opened: tests: add core18 only hooks test <Created by mvo5> <https://github.com/snapcore/snapd/pull/6118>16:17
Chipacapstolowski: where does the stdout/stderr of hooks go?16:18
zygamvo: actually16:21
zygamvo: on fedora29 running core18 test the same bug will happen; we need to switch the bind mount to use core's or snap's version of /usr/lib/snapd16:22
zygathe bind mount used for bases16:22
ograChipaca, the journal (at lest i find the output of mine there regulary)16:22
zygaI realised while cleaning up the notes16:22
mvozyga: indeed16:22
sparkiegeekogra: clue for where abouts?16:22
mvozyga: we need the snapd snap16:22
ograsparkiegeek, journalctl -f ... then install/rmove7configure the snap in another terminal16:22
ogra*install/remove/configure16:23
pedroniszyga: we need a bug or forum post on that or it will get lost16:23
pedronisI mean storing undo timestamps16:23
zygaI'm doing that now16:23
zygaah16:23
sparkiegeekogra: doesn't seem to help :(16:23
zygaI'm not doing that now16:23
zygaI will file a bug yes16:24
zygaI'm writing a post about the issue Sergio found and we just debugged with mvo16:24
* pedronis was in a longish meeting16:24
pedroniszyga: anyway if undo is involved, then might well be the issue that would be solved by merging *-profiles with *link*16:25
zygapedronis: I don't think the issue is related to undo16:25
pedronisah ok16:25
zygait's just that we have fewer bits of data about it to debug clearly from timestamps alone16:25
zygawe know for sure from kernel logs that we ran a hook before we setup security16:25
zygapstolowski: ^ actually this makes sense :D16:26
pedronisyes, but not having security when we should and undo16:26
zygathat hook should run before we setup security16:26
zygabecause security setup will switch the world for the NEXT revision of the snap16:26
pedronisare the a possible of form of the bug16:26
pstolowskiChipaca: to task's log i believe, however there is a catch afair, it only goes there if hook fails16:26
zygapedronis: yes, in this particular case we didn't have security because that snap was not installed yet, the bug is that we ran the hook at all, not that we didn't have security16:26
ograsparkiegeek, weird, i always see mine ... though i'm typically watching on UC ... not sure if thats any different (i wouldnt expect so though)16:26
pedronisah, interesting16:27
pedronisok16:27
zyga(we had nil security because that's the first install, we ran the pre-refresh hook of the installed snap in this nil security before we proceeded to setup security for the revision being installed)16:27
zygaI'll add this to the reporty16:27
pstolowskizyga: this is super weird, it could only happen if we had a snap in snapstate but it wasn't actually installed (?), in which case IsInstalled() would lie16:29
zygabut we do16:30
zygawe are installing it16:30
zygado we have a test for this situation16:30
zygasnap install snap-with-pre-refresh-hook16:30
zygaperhaps it ends up in snap state too early16:30
pstolowskizyga: that would mean we have other serious issues16:31
pstolowskizyga: we have a bunch of checks around isInstalled16:31
zygapstolowski: it would be good to try this. case16:31
zygamake a simple snap with pre-refresh hook16:31
zygaand install it16:31
pstolowskizyga: ok, i'll do this16:31
mupPR snapd#6119 opened: sanity: refuse to try to do things on WSL <Created by chipaca> <https://github.com/snapcore/snapd/pull/6119>16:33
Chipacamvo: ^ my sanity question was about this16:33
pstolowskizyga: wait, we do have spread test already16:33
zygamvo: https://forum.snapcraft.io/t/issue-with-repackaged-core-and-testing/839416:33
zygamvo: please sign off that you agree with what it says16:34
zygayou can edit it I believe16:34
zygapstolowski: then I don't know16:34
zygapstolowski: chase this with chipaca tomorrow please16:34
zygawe need to reproduce it really16:34
pstolowskizyga: install-refresh-remove-hooks16:34
zygapstolowski: maybe interplay with other hooks is important16:35
zygatry making a quick test with just one hook16:35
pstolowskiok16:35
zygaand base (not sure if relevant)16:35
pstolowskizyga: just one hook - pre-refresh - worked. does the hook need to do anything to trigger profile issue?16:37
zygano16:37
zygait would not be able to execute at all16:37
pstolowskiright, it's snap-confine erroring early16:37
pstolowskizyga: just pre-refresh hook, without base, and with base:core18, both worked16:44
Chipacazyga: chase what? (scrollback from where?)16:44
pstolowskizyga: do you have full state.json?16:44
zygapstolowski: I don't have anything else, it's all from backlog in this channel16:44
zygaChipaca: that bug with pre-refresh-hook16:44
zygapedronis, Chipaca: related to this bug I filed https://bugs.launchpad.net/snapd/+bug/180233916:45
mupBug #1802339: Tasks should carry separate timestamps for undo paths <snapd:New> <https://launchpad.net/bugs/1802339>16:45
pstolowskizyga: who reported it originally?16:45
zygapstolowski: someone from the sprint Chipaca is at16:45
zygaChipaca: wanna see something terrible16:45
pstolowskiaha16:45
zygahttps://forum.snapcraft.io/t/issue-with-repackaged-core-and-testing/839416:46
zygakaboom16:46
pedroniswe already  discussed that ^ in the past16:46
pedroniswe also said it was going to bite us at some point16:46
mvoChipaca: \o/16:47
* zyga needs to break for a while to vent 16:48
pedroniszyga: also that post doesn't list snap-exec, doesn't it always come from the base?16:49
pedronisor is that the bind mount bit?16:50
pstolowskiChipaca: can you find who that was reporting pre-refresh issue, and get more info? state.json for starters16:51
Chipacapstolowski: which pre-refresh issue?16:52
Chipacagah16:52
* Chipaca reads backlog again16:52
Chipacaah16:54
pstolowskiChipaca: somebody hit an issue where pre-refresh hook was run without security profile (=failed with denials), as if snap wasn't installed. in theory (and according to the code) this hook should run of old revision of the snap, before switching to new revision on refresh16:54
pstolowskis/run of/run for/16:55
Chipacawas this related to the dmesg -H pastebin?16:55
pstolowskiChipaca: the lof is http://paste.ubuntu.com/p/MfKnvp8bD7/16:55
pstolowski*log16:55
Chipacaah yes16:56
pstolowskiChipaca: pastebin from "joao"16:56
Chipacayes16:56
Chipacapstolowski: i'll get the state.json16:57
=== dkessel_ is now known as dkessel
Chipacapstolowski: zyga: for extra fun, they got the same thing again in the post-refresh hook, afterwards17:01
Chipacapstolowski: zyga: i've send you guys the state json17:01
Chipacaniemeyer: github is rate-limiting us which is why sometimes travis statuses don't make it back17:02
Chipacaniemeyer: e.g. https://github.com/snapcore/snapd/pull/610717:02
mupPR #6107: cmd/snap, snapctl: add column selectors to services <Created by chipaca> <https://github.com/snapcore/snapd/pull/6107>17:02
Chipacaniemeyer: i have logs to prove it17:02
pstolowskiChipaca: very curious. can you look around if their installations is sane? we use IsInstalled() check for this hooks, i cannot think of a case where this would lie, except for some inconsistency?17:02
Chipacaniemeyer: can youchat  with them and ask them to bump our limits a bit?17:02
Chipacaniemeyer: i'll fwd the email17:03
Chipacawith the logs17:03
pstolowskithanks for the state, lookiing17:03
pedronisif it's that, yes IsInstalled returning true for non installed snap would be very weird17:04
niemeyerChipaca: Huh.. curious17:04
sparkiegeekis it possible to delete a configuration key for a snap? i.e. 'snap set mysnap foo=bar; snap set mysnap foo=; snap get mysnap | grep foo' returning no hits17:05
niemeyerChipaca: Thanks, will follow up17:05
pedronissparkiegeek: not at the moment17:06
pstolowskiChipaca, pedronis, zyga from quick glance at the state, they seem to be using try mode quite a bit, which i hinted could be a factor, i think this is the first suspect17:07
Chipacatry mode + hooks = bad news?17:07
Chipacathat's a big bummer17:08
Chipacawhat's the situations in which it'd fail?17:08
Chipacapstolowski: ^17:08
pstolowskiChipaca: they should work obviously; is IsInstalled check correct for try mode?17:08
pedronisChipaca: try on top of a try, is really a refresh17:09
Chipacapedronis: yes17:09
pedronisbut if the two use the same dir17:09
Chipacaah17:09
pedronisnot sure what it means17:09
Chipacaok, i'll see if this helps17:09
pedronisChipaca: one thing to try,  snap try something without a prerefresh hook17:09
pedronisnow you try the same dir but you added a prerefresh hook17:09
pedronisI suppose: boom17:09
pedronisI feel their pain, but is not quite trivial to solve either17:10
pedroniswe would need to remember things that atm we don't care to17:11
Chipacawhere's our CoW support a t17:11
Chipacaat*17:11
Chipacathe dev isn't blocked on this, fwiw, so there's not that much urgency17:11
Chipacabut it does seem to match what we were seeing17:12
pedronisChipaca: or yes, take a snapshot somehow , unclear when or how17:12
Chipacapedronis: they were doing try+try to test the pre- and post-refresh hooks :-)17:13
pedronisdoesn't quite work17:13
pedronisthey need a 2nd checkout17:13
pedronisatm17:13
pedronisI fear17:13
pedronisI suppose it can of works17:13
pedronisif there are no interfaces involved17:13
pedronisanyway is not a well supported/understood case by our code17:14
pedronistry is really a best effort big hammer17:14
pedronisI suppose we should at least document this kind of sharp edges somewhere17:14
mupPR snapcraft#2400 opened: tests: fix maven spread test <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/2400>17:15
pedronisChipaca: can we get a bug or forum post on this now that is better understood?17:16
pedronisotherwise it will wash away17:16
Chipacapedronis: i'll give it a try17:17
* Chipaca would giggle but is too tired17:17
pstolowskiit's interesting, i've just tested this scenario (snap try without pre-refresh, then snap-try with pre-refresh, same dir), it fails but differently17:17
pstolowski Run pre-refresh hook of "snap-hooks" snap if present (run hook "pre-refresh": cannot stat /var/lib/snapd/seccomp/bpf/snap.snap-hooks.hook.pre-refresh.bin: No such file or directory17:18
pstolowskiand after a few minutes, after timeout17:18
pstolowskino denials17:18
mupPR snapcraft#2401 opened: ci: reduce spread system declarations <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/2401>17:18
Chipacahmm17:19
pedronispstolowski: does it have an interface that hook?17:19
pedronisI mean needs to need an interface to get a denial17:19
popeyondra: your avahi-client snap - should I be able to see avahi advertised services in the office?17:19
pstolowskipedronis: no hook, only home interface17:19
pedronisanyway  it's similar but different17:20
pedronismaybe they did enough to have a bf17:20
pedronisbpf17:20
pedronisin their case17:20
pedronisbut not the right apparmor profile17:20
pedronisyet17:20
mupPR snapcraft#2402 opened: packaging: update requests <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/2402>17:21
pstolowskiright. anyway, good that we know it's snap try17:22
* pedronis eoding17:22
pstolowskieod as well17:22
pstolowskicu17:22
=== pstolowski is now known as pstolowski|afk
ondrapopey yep17:24
ondrapopey that is exactly it's purpose :)17:24
Chipacapstolowski|afk: pedronis: zyga: https://forum.snapcraft.io/t/snap-try-snap-try-hooks-fun/840017:24
popeyondra: how do you operate it?17:24
ondrapopey but easier to use snappy-discover17:25
popeyooh17:25
pstolowski|afkChipaca: thanks! s/-remove/-refresh/17:25
ondrapopey then no need to use params17:25
ondrapopey mind, UC device needs to run avahi in first place :)17:25
Chipacad'oh17:26
popeynot on core17:26
* Chipaca should've EOWed after lunch17:26
ondrapopey ok then avahi-client17:26
ondrapopey what is device's name>17:26
ondra?17:26
popeyondra: Volumio17:27
popeyah, avahi-client has a bunch of not-automatically-connected interfaces17:28
ondrapopey yeah you need to connect manually17:28
ondrapopey 10.20.65.140, 10.20.65.21017:28
popeywhat did you do?17:28
ondrapopey on macOS lanscan17:29
popeywrong answer :)17:29
ondrapopey it does whole scan17:29
popeyI'm trying to prove avahi on snap17:29
popeywe have a broken snap and trying to prove avahi in snap works17:29
ondrapopey OK let me get you right command17:29
hackedheadare there instructions for installing the snap system from source? (my distro doesn't ship with a package: Slackware)17:32
popeyhackedhead: great question. I'd love to see a doc for bootstrapping snapd from sauce17:34
popeyChipaca: ^ :D17:34
Chipaca1. get systemd17:34
popey2. ???17:34
Chipaca3. profit17:34
* Chipaca wins17:35
ondrapopey avahi-client.browse -a | grep Volumino17:36
cachioChipaca, hey, any idea about what could be causing this on rpi 3: https://paste.ubuntu.com/p/B9RsstFFwj/17:37
Chipacacachio: yes17:37
cachioChipaca, :)17:38
ograpopey, avahi in snaps does not work ... i started a thread about it a month or two ago17:40
Chipacacachio: mozilla broke snapd on non-intel architectures, and we let them17:40
cachioChipaca, nice17:40
Chipacacachio: i thought zyga was fixing this but apparently no17:40
ograpopey, here is a hack in a wrapper script https://github.com/ogra1/dashkiosk-client-browser/blob/master/chromium.launcher ... and here is the thread https://forum.snapcraft.io/t/no-mdns-support-in-snaps-should-core-have-a-modified-nsswitch-conf/760317:41
ondraogra what? what do you mean?17:41
popeyoddly my machine can't see any avahi things17:41
popeyanother laptop can!17:41
popeyon the same network17:41
ograondra, snaps can not use mdns due to nsswitch.conf17:41
ondraogra ah, that's when you want to use libc17:41
cachioChipaca, good to know, thanks17:42
* zyga lost track of things to fix17:42
popeytypo, works now17:42
ondraogra avahi client still works17:42
ograpopey, you can use layouts to overcome that but that means you are forced to snapcraft 3.0 and core1817:42
zygaSorry about that chipaca17:42
ograondra, sure ...17:42
Chipacacachio: ¯\_(ツ)_/¯17:42
ondraogra core 18?17:42
Chipacacachio: i  think this blocks 2.3617:42
ograondra, <popey> we have a broken snap and trying to prove avahi in snap works17:42
ograondra, yes, for layouts without passthrough17:42
Chipacazyga: no problem17:43
Chipacazyga: i mean17:43
Chipacazyga: i'm very tired, i'm probably not the only one17:43
Chipacai might just work half a day tomorrow17:43
zygaare you fixing the ptrace bug?17:45
zygaCan you file it please, even a small bug for tracking17:45
zygaI think we need to fix our ability to store, triage and react to issues17:46
jdstrandzyga: you mentioned 2.36.1 will be released today. I don't think it can be released if the fp/fpx ptrace issue is present since if it goes to stable, you'll blow up kiosks17:46
jdstrandzyga: perhaps it is best to revert the PRs if you don't have time. then reintroduce in 2.36.217:46
zygaAck17:47
Chipacazyga: go for it17:47
zygaI agree but I don’t know if the issue is in edge/master only17:47
zygaOr also in the release branch17:48
Chipacadidn't 2.36 already inlcude the fp/fpx thing?17:48
zygaChipaca: ack, the bug is on me now17:48
Chipacazyga: i meant go for filing it17:48
zygaI don’t remember Chipaca17:48
jdstrandzyga: actually, it seems it is only in master. I just checked out 2.36 and don't see the code. sorry17:48
Chipacazyga: remember what17:49
zygaI’m taking the dog out now, took a break before. After I am back I will report the bug, check if it present in the release branch and coordinate with mvo17:49
* Chipaca is confused17:49
Chipacazyga: ah17:49
Chipacazyga: walk away17:49
Chipacazyga: okk17:49
zygaChipaca, IRC is slow from phone17:49
zygaSorry about that17:49
Chipacazyga: i'll fix tomorrow if you haven't by the time i wake up17:50
Chipacai plan to not wake up early17:50
zygaOk17:50
Chipaca:-)17:50
zygaGood plan17:50
* Chipaca hasn't felt this tired in a while17:50
zygaI keep doing 1-2am17:50
zyga:/17:50
Chipacahave i mentioned how being in a room full of people tires me out? :-)17:50
Chipacaand that, yes :-D17:50
zygaHey17:52
zygaAt least you are not sharing a room this week :-)17:52
mupPR snapcraft#2396 closed: Partial Revert "build providers: fix osx non base and injection" <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2396>17:54
pedronisjdstrand: I don't think, we meant released to stable, 2.36 didn't even make it to candidate17:58
pedronisunless me is very confused17:58
pedronisjdstrand: I think mvo meant pushing .1 to beta17:59
pedronisor so I hope17:59
zygare18:06
zygapedronis: that's correct18:06
mvozyga: ok18:12
mvopedronis: yeah, the plan is to push .1 today but I will wait for zyga to get back to me about this issue that jdstrand  described (fp/fpx)18:13
zygamvo: on that now18:14
zygamvo: release branch is not affected18:18
zygago for .118:18
zygaI'll fix the master issue18:18
zygaChipaca, jdstrand: FYI filed as https://bugs.launchpad.net/snapd/+bug/180236218:18
mupBug #1802362: browser-support broken on certain arches due to ptrace  <snapd:In Progress by zyga> <https://launchpad.net/bugs/1802362>18:18
Chipacazyga: ACK18:18
ChipacaEOD from me (mostly)18:19
mvozyga: ta18:26
* zyga pours a glass of Jim beam and gets to work18:27
zygapedronis: I saw your comment on the forum. I will respond and improve the post tomorrow. Today I just want to wrap up18:29
jdstrandmvo, pedronis: yeah I mispoke, 2.36 isn't affected by the fp/fpx18:54
jdstrandzyga: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1802124 already existed for that18:55
mupBug #1802124: Error installing chromium-mir-kiosk on RPi3/edge <snapd (Ubuntu):Confirmed> <https://launchpad.net/bugs/1802124>18:55
jdstrandzyga: I also think your conclusion in your bug is wrong. just like with AF_IB or or that set_tls is an arm-specific call, the policy shouldn't be arch specific. the backend should be smarter18:58
zygaI think I swing towards that conclusion as well now18:58
zygait's easier to handle on that end18:59
jdstrandzyga: yeah. a profiler should only have to worry about policy being safe or not. the backend can just be smart about archs18:59
jdstrandzyga: cool, thanks18:59
zygathank you :)18:59
sborovkovHello, is the kernel with B+ support released to stable?19:00
jdstrandzyga: not sure who will be assigned to that, but ahppy to review it (I can't jump on it right away, otherwise I would)19:00
zygaI am fixing it now19:00
zygajust trying to make sure I understand it and can see the fix working19:01
mvozyga: how do I reset the mount namespaces again? I suspect I Know why my test is not reproducing the core failure that ack reported19:23
zygamvo: just use snap-discar-dns19:24
zygadiscard-ns19:24
zygamvo: /usr/lib/snapd/snap-discard-ns snap-name19:24
mvozyga: no args?19:24
zyganote that it does more than it used to long time ago so please use that rather than work on unmounting the mount namespace alone19:24
zygajust the snap name19:24
ijohnsonzyga: does discard-ns also undo the device cgroup setup for a snap?19:25
zygano19:25
zygainteresting19:25
ijohnsonis there a command that does that?19:25
zyganope19:26
zygawe never remove them19:26
zygaijohnson: (feels like a bug)19:26
ijohnsonI currently have had to just reboot my machine to get it to go away after uninstalling a snap with the device cgroup on it19:26
ijohnsonshall I file a bug about it?19:26
zygaplease19:27
ijohnsonokay, will do in a bit, about to go out for lunch19:27
zygaijohnson: AFAIK that's been true since snapd got started19:27
zygaijohnson: I have some related work on refreshes pending19:27
zygaso I think we can fix it then19:27
ijohnsonokay cool19:28
zygaijohnson: you can stop rebooting19:28
zygait should be easy to clean up for development19:28
ijohnsonyeah I'm sure there's a way I haven't looked into it too much yet though19:29
* ijohnson -> lunch19:29
mvozyga: I'm afraid we need something like 6118 for 2.3619:57
zygalooking19:57
mvozyga: i.e. on classic we have the quirks code in snap-confine that always assumes core19:58
zygammmm19:58
zygaI think that should only run on core, not on core1819:58
zygaquirks need to die19:58
zygathey are useless now19:58
zygaso I suspect we could just ditch them19:58
zygalxd is a snap19:59
mvozyga: fair enough, I can fix the PR19:59
zygaI'm sorry that it lived for so long19:59
zygalet me read the PR in full19:59
zygamvo: the patch looks good20:01
zygaI don't oppose merging it20:01
zygawe should follow up with removal of quirks for base != "core"20:01
mvozyga: thanks, lets see if CI is happy too20:01
zygathat is, quirks only on classic when running against core20:01
zygaI suspect we could sync with stgraber and remove it entirely now20:01
zygaquirks exist for one reason:20:01
zygaallow lxd from the host to be visible in the snap20:01
zygaspecifically the socket20:01
zygabut I think the socket moved since20:01
mvozyga: oh, nice20:02
zygafor super compatibility I would probably stick to deprecation20:02
mvozyga: well, I can trivially add "if base_snap_name == "core" to the PR20:02
zygabut maybe we can skip ahead and just drop it20:02
zygayeah, plese20:02
zygaonce green20:02
stgraberzyga: what's that?20:02
zygaI don't want to derail evening20:02
zygastgraber: hey,20:02
zygastgraber: we have a quirk in snapd that puts /var/lib/lxd from the host into the snap mount namespace20:02
stgraberthat wasn't for lxd20:03
zygait was added to allow snaps to talk to lxd socket that is otherwise not visible in the core snap (/var/lib/lxd doesn't even exist there)20:03
zygano?20:03
zygawhat was it for?20:03
stgraberthe LXD snap never accessed /var/lib/lxd20:03
zyga(mental shortcut: it was for snaps that want to talk to lxd)20:03
stgraberwell, lxd.migrate does but it always used /var/lib/snapd/hostfs/var/lib/lxd20:03
zygawhere does lxd keep the socket now?20:04
stgraberyeah, probably was for some other random snaps that wanted to talk to a non-snap LXD on the host, no idea what those would be20:04
zygastgraber: that's correct20:04
zygait was behind an interface access so we could probably check too20:04
zyga(across store snaps)20:05
zygawhere does lxd store the socket now?20:05
stgraberthese days, they should be using the LXD snap anyway, socket would be at /var/snap/lxd/common/lxd/unix.socket20:05
mvoackk: 6118 has a fix, thanks for reporting the core18 only bug20:05
stgraberlxd-client interface gets you access to that20:05
zygastgraber: thank you20:05
zygamvo: I just checked the interface20:06
stgraberif someone really needs to talk to the non-snap LXD, I guess a lxd-deb-client interface or something could be introduced that gets you /var/lib/snapd/hostfs/var/lib/lxd/unix.socket20:06
zygathere is no interface that grants access to /var/lib/lxd anymore20:06
zygaI think we can remove this quirk entirely now20:06
zygastgraber: I agree20:07
zygajdstrand: FYI, based on the discussion above I think we can remove the quirk for /var/lib/lxd20:07
zygamvo: let's go ahead with your fix as-is20:07
zygaand then clean up by removing the whole hack20:07
zygaalong with extra permissions20:07
zygatests and what not20:07
mvozyga: ok, lets see what CI says20:34
zygaI took forever to boot a pi320:34
zygato ensure that ptrace issue is fixed20:35
zygabut it's not for the release so no stress20:35
zygamvo: offtopic, I think we may strip our snapd bits20:39
zygaI wonder what's the size of snapd.snap with stripped go20:39
ackkmvo, great, thank you for the fix20:41
mvozyga: good point20:42
mvozyga: strip> yeah20:56
mvozyga: tests still running, I check the PR in the morning, need sleep :/20:56
zygaok20:56
zygattyl20:56
* mvo waves20:57
zygajdstrand: https://github.com/snapcore/snapd/pull/612021:10
zyganot sure if it will pass21:10
mupPR #6120: cmd/snap-seccomp: add full complement of ptrace constants <Created by zyga> <https://github.com/snapcore/snapd/pull/6120>21:10
zygait works on armv721:10
zyga(and on amd64)21:11
mupPR snapd#6120 opened: cmd/snap-seccomp: add full complement of ptrace constants <Created by zyga> <https://github.com/snapcore/snapd/pull/6120>21:11
zygathanks to chipaca's brilliant cross-built test suite we will know soon if it passes on other arhces21:11
zyga*arches21:11
zygajdstrand: anyway, I'll EOD now, please let me know what you think about this patch21:11
zygajdstrand: can you look at the update on https://github.com/snapcore/snapd/pull/612021:57
mupPR #6120: cmd/snap-seccomp: add full complement of ptrace constants <Created by zyga> <https://github.com/snapcore/snapd/pull/6120>21:57
zyganot sure if you like it still21:57
zygaideally I'd say that some things are -1 or NaN or similar21:58
zygabut it's hard in the current structure since -1 is a valid value at that level21:58
zygaI could refactor that if you want21:58
zygathough I don't believe it is required for this specific part (ptrace constants)21:58
zygaspecifically the set we are dealing with here21:58
zygajdstrand: not sure if you have the time but I would love a quick look at a simple open, fstatat function; https://github.com/snapcore/snapd/pull/611622:00
mupPR #6116: cmd/libsnap: add simplified feature flag checker <Created by zyga> <https://github.com/snapcore/snapd/pull/6116>22:00
zygathe code is at https://github.com/snapcore/snapd/pull/6116/files#diff-034bb7401eb457bc8862f9b4ee97edc8R3322:00
zygathe rests are tests22:00
jdstrandzyga: if you were going to go that route, I think readNumber would have to return a 3rd value, 'skip' rather than interpreting the value22:01
zygayeah22:01
jdstrandzyga: but this is like what we do for AF_IB, etc22:01
zygait just sucks because we have the knowledge in C as a macro22:01
jdstrandwhat you're doing now22:01
jdstrandI'm ok with the approach, just verifying something22:01
zygait's all doable, just a bit more uphill22:01
zygathank you22:01
zygaFYI: I ran cross compile tests locally (thanks to chipaca's fantastic cross test suite)22:02
zygawhere locally is really locally invoked spread :)22:02
mupPR snapd#6115 closed: cmd: update autogen.sh for opensuse <Simple 😃> <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/6115>22:11

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!