/srv/irclogs.ubuntu.com/2018/11/29/#snappy.txt

=== chihchun is now known as chihchun_afk
cachioSaviq, hey, please try the image fedora-rawhide-64, tomorrow I'll ping you02:34
=== chihchun_afk is now known as chihchun
mborzeckimorning06:12
zygaHi06:19
zygaSome late night pull requests06:20
zygaWith green 2.3606:20
zyga:-)06:20
mborzeckiheh :) went to a meetup yday, then i stayed until midnight making that damn selinux work, audit actually showed some interesting behavior by journald poking some attributes in /proc all the time06:37
zygaCool, looking forward to that06:39
zygaMy son is 1/3rd my age today06:39
zygaFeeling old or young? :-)06:40
=== chihchun is now known as chihchun_afk
zygare07:23
zygamborzecki: hey07:23
zygaso today we will try to stabilize 2.36 and merge the bits back into master07:23
zygamborzecki: this is part of the issue https://github.com/snapcore/snapd/pull/623307:23
mupPR #6233: overlord: don't write system key if security setup fails <Created by zyga> <https://github.com/snapcore/snapd/pull/6233>07:23
zygamborzecki: this is a more complete view but as you will see there it cannot land just yet https://github.com/snapcore/snapd/pull/623507:24
mupPR #6235: overlord,apparmor: new syskey behaviour + non-ignored snap-confine profile errors <Created by zyga> <https://github.com/snapcore/snapd/pull/6235>07:24
zygaeach commit has some description that explains what was going on07:24
zygaChipaca: good morning sir!07:24
zygaI need to run an errand in the morning (wife doctor checkup) but I will be back as soon as I can07:25
Chipacazyga: goodmorning07:34
* Chipaca not legally awake yet07:35
mupPR snapd#6236 opened: Staticcheck fixes <Created by chipaca> <https://github.com/snapcore/snapd/pull/6236>07:40
zygaHey mvo07:58
zygaI’m afk on the way to a doctor with my wife (all is good, no worries)07:58
zygaI sent some PRs last night07:59
zygaPlease have a look07:59
mvozyga: cool07:59
mvozyga: thanks, I check the PRs07:59
=== pstolowski|afk is now known as pstolowski
zygaIf you have time I would love more eyes on the trio of pastebins from yesterday08:00
zygaTo be confident we understand how things happen08:00
zygaAfter I am back I will post leap fixes08:01
zygaTogether this will fix 2.36 as we understand it so far08:01
mvozyga: great08:06
pedroniszyga: I asked a question in one of them08:11
pstolowskimorning08:14
mvohey pstolowski08:15
zygapedronis: replied now08:18
zygaActually08:18
zygaHmmm08:18
zygaMore problematic08:18
zygaOh boy :-)08:19
zygaSomething to think about08:19
pedroniszyga: I thought we already added the waiting to snap-confine, is that false?08:19
zygaNo system key, no snap run08:21
mvopedronis: thanks for adding the todo to 619508:21
zygaI’m afk partially sorry for laggy replies08:21
pedroniszyga: ?08:21
pedronisI thought we did something saner08:21
zygaI’m not at home, doctor visit with wife08:22
pedroniszyga: ok, let' chat later08:22
pedronismvo: do you know what snap-confine does if there's no system-key? I thought it would wait a while08:22
mvopedronis: it will wait a while, do you see something different?08:23
mvopedronis: it should try to talk to snapd in this case08:23
zygaThis is really about a restart case08:23
pedroniszyga: is saying something else08:23
zygaSo we error because we are restarting08:23
zygaIt will be fixed by next startup08:23
pedronis?08:23
pedroniserror where08:23
pedronissomething sounds wrong08:23
pedronisis snap-confine assuming that snapd runs all the time08:24
pedronisthat's a bit optimistic08:24
mvopedronis: well, we had a long discussion abut this when we introduced the system key08:24
pedronismvo: I mean  if snap-confine needs to wait and can't talk to snapd it should wait a bit more and try again, no?08:24
mvopedronis: I can look in a bit for the details, I think we wrote it down. at least gustavo and me, don't remember if you were part of it08:25
zygaI can hop on a voice call if you want to discuss this in detail08:25
pedronisuntil some timeout08:25
mvopedronis: yes, thats correct08:25
pedronisis it simply dying if snapd is not there08:25
pedronis?08:25
mvopedronis: is this not what you see?08:25
zygaThat is what currently happens08:25
mvopedronis: no, it should not08:25
mvozyga: oh?08:25
zygaIt waits08:25
zygaAnd then might die if something required is missing08:25
zygaAFAIK08:25
mvoI am just trying this08:26
mvoit definitely waits08:26
pedronisthen is as designed, no?08:26
pedronisI mean, I don't expect this to work 100%08:26
zygaYes08:26
zygaI think this is as designed08:26
pedronisit should not fail on boot 100%08:26
mvoand when I start snapd again it will continue08:26
pedroniseither08:26
pedroniswe might have a problem in that08:26
pedronisthe timeout might be shorter than it takes to regen all security if lots of snaps ?08:27
zygaYes08:28
mvoyes, that could be a problem :(08:28
pedronisis not a problem for today tough08:28
pedronisbut zyga scared a bit, like snap-confine would not to do what I remember was designed to do08:28
mvoit waits 60s right now08:28
mvopedronis, zyga let me try this08:29
Chipacawhat were we calling the feature where we'd delay a snap refresh until the app was closed?08:29
mvo6195 still needs a second review08:29
zygaI think it is not perfect but as designed08:30
=== chihchun_afk is now known as chihchun
pedronisas I said I don't expect perfect (kind of impossible given the constraints), we might have to improve over time in some corners08:30
pedronisbut for a second it sounded like it was broken08:31
zygaI was scared :-)08:31
mvohm, it seems to error when it hits the timeout - iirc we wanted it to continue (best effort) - yes?08:31
pedronisChipaca: we call it "Prevent refreshes while running"08:32
pedronisat least that's the name of the day08:32
Chipacapedronis: is there a forum topic about it?08:32
Chipacaasking because https://forum.snapcraft.io/t/concerns-about-consistency-and-data-corruption-during-snap-refresh/874108:33
pedronisyea, I saw that one08:33
Chipacaif there isn't, i'll just reply vaguely08:33
Chipaca:-)08:33
pedronisChipaca: I don't see one, is mentioned in the last sprint topics but not as a discussed one08:36
pedronisanyway is planned for the cycle08:36
Chipacapedronis: https://forum.snapcraft.io/t/concerns-about-consistency-and-data-corruption-during-snap-refresh/8741/2?u=chipaca08:37
Chipaca¯\_(ツ)_/¯08:37
Chipacamvo: #6195 gtg fwiw08:38
mupPR #6195: snapstate: update fontconfig caches on install <Created by mvo5> <https://github.com/snapcore/snapd/pull/6195>08:38
pedronisChipaca: thx08:39
* Chipaca wanders off in search of coffee08:39
zygaI could use some too08:41
zygaWaiting for blood tests now08:41
* mvo gets some lovely tea08:42
zygaI’m happy nobody mentioned nutrient breakfast yet08:43
Chipacamvo: I saw somebody using "material tea timer" and thought you might like it (if you didn't have it already)08:43
Chipacamvo: https://play.google.com/store/apps/details?id=org.ligi.materialteatimer08:43
mvoChipaca: nice!08:44
mvoChipaca: I don't have it, I use the boring clock app08:44
mvoChipaca: but this even has nice pics (teap0rn)08:44
Chipacamvo: and it's FOSS08:45
mvo\o/08:45
=== chihchun is now known as chihchun_afk
mupPR snapd#6195 closed: snapstate: update fontconfig caches on install <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/6195>09:00
mupPR snapd#6218 closed:  snapstate: update fontconfig caches on install (2.36) <⚠ Critical> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/6218>09:00
dot-tobiasgood morning09:00
zygaHey dot-tobias09:10
mborzeckihm finnally, clean installation, no denials, ending up with this: system_u:system_r:unconfined_service_t:s0 root 11016 1  0 09:11 ?      00:00:00 /bin/sh /snap/test-snapd-service/x1/bin/start09:12
mupPR snapd#6237 opened: client, store: don't use store from client (use client from store) <Created by chipaca> <https://github.com/snapcore/snapd/pull/6237>09:13
zygaBreakfast time09:34
* Chipaca joins zyga09:38
* Chipaca thinks hobbits had the right of it09:38
zygaHaga09:39
zygaHaha, yes :-)09:40
mupPR snapd#6189 closed: daemon, vendor: bump github.com/coreos/go-systemd/activation, handle API changes (2.36) <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/6189>09:52
mupPR snapd#6238 opened: [RFC] many: add minimal SELinux support, refactor the policy <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/6238>10:03
mborzeckiputting selinux aside for while now10:05
mborzeckiany PRs needing 2nd reviews?10:08
Son_Gokumborzecki, you are literally my best friend right now!10:09
Son_Gokuyou have _no_ idea how happy I am to see this pull request!10:10
mborzeckiSon_Goku: haha :) yw, would appreciate if you could find someone more familiar with this stuff to take a look at the policy10:11
* Son_Goku dances in joy10:11
* zyga goes to sob in the corner10:11
zyga:-)10:11
Son_Gokuzyga, this is something I've been asking for two years for!10:11
zygaHeading home ttyl10:11
Son_Gokuyou can't blame me for being overjoyed :)10:12
zygaI know but I don’t make the schedule10:12
mborzeckiSon_Goku: hope i got most of the things right, but figuring out the bits was like uhh10:12
zygaI’m happy to see this too :-)10:12
Son_Gokumborzecki, yeah I knew it was going to be like that10:12
zygaBeginning of a long journey10:12
mborzeckiand the docs are few and useless really :P10:12
Son_Gokumborzecki, most security subsystems aren't well documented sadly :(10:12
Son_GokuI'll see if I can get Lukas from the Fedora SELinux team to do a review10:13
zygaInsecurity by security obscurity10:13
mborzeckiSon_Goku: yeah, unfortunately true10:13
mborzeckisome to think of it, SMACK is probably more obscure than SELinux and AppArmor10:13
Son_Gokuyep10:13
mborzeckis/some/come/10:13
Son_Gokuand TOMOYO even more so10:13
Son_Goku(TOMOYO is what Mageia has enabled, but no one knows what to do with it)10:14
mborzeckihahah10:14
mborzeckiiirc AGL was supposed to use SMACK10:14
Son_Gokuyep10:14
ChipacaSon_Goku: o/ !10:15
Son_GokuChipaca: \o10:15
ChipacaSon_Goku: when you have a moment I'd like to pick you brain a tiny little bit10:15
zygaYou know10:15
Son_GokuChipaca, I have a moment now10:15
zygaBreakfast downtown is fun and fancy10:15
zygaNeed to do this more often10:15
mborzeckizyga: nice, enjoy!10:15
Son_Gokumborzecki, and the biggest criticism of SMACK is that it's pretty much functionally identical to a minimal SELinux policy10:15
ChipacaSon_Goku: you remember, ages ago, when we talked about tracking what users had used snaps, to enable snap-user-enumeration without having to do system-user-enumeration?10:16
Son_GokuChipaca, yeah? that was what, a year ago at the rally?10:16
ChipacaSon_Goku: you objected to that because you said a user's data should be the user's to control,  or something like that?10:16
Son_Gokuyes10:16
Chipacayeah probably more10:16
Son_Gokuactually I don't think that was my only objection10:16
ChipacaSon_Goku: now we're again looking at things where we need to enumerate users10:16
ChipacaSon_Goku: and the same solution comes up, and so I wanted to revisit your objection to it10:17
Chipacato see if I understood it correctly10:17
Son_Gokuare we talking about ~/snap/* enumeration?10:17
Son_Gokuor the user population/enumeration for services?10:17
ChipacaSon_Goku: "all users that have used snaps"10:17
ChipacaSon_Goku: like10:18
ChipacaSon_Goku: ls /home/*/snap/* but that's a bad way of doing it10:18
Son_Gokuright10:18
zygaYou need a dbus call that does a perl shell call to is10:18
Son_Gokuthis? https://forum.snapcraft.io/t/bug-with-cleaning-snap-data-in-home-dirs-proposed-solution/120110:18
zygaLs, darn shell typos10:19
Son_GokuChipaca ^ ?10:19
mvozyga: have you looked at the systemd-run change for the profile generation? if not I can do that while waiting for builds10:19
ChipacaSon_Goku: yeh10:19
ChipacaSon_Goku: i think that's it10:19
Son_Gokumy problem was that the proposal as I understood it would break shared setups and make user data private from the user itself10:20
ChipacaSon_Goku: that's one bit I don't understand10:20
ChipacaSon_Goku: what's the user data that would be private from the user?10:20
ChipacaSon_Goku: the proposal is not to move all user data to /var/whatevs10:20
Son_Gokuwell, how I understood it is that data would move from ~/snap to /var/lib/snapd/<userid>/data10:20
ChipacaSon_Goku: but to create a stamp file in /var/whatevs "this user used a snap"10:21
Son_Gokuor something like that10:21
Son_GokuChipaca, my only objection there is that it makes network shared users ugly10:22
ChipacaSon_Goku: user data would remain unchanged; all this'd do is that 'snap run' would 'touch /var/lib/snapd/user/$USER' before running the thing10:22
ChipacaSon_Goku: how does it make network shared users ugly?10:22
Chipacaplease expand :-)10:22
Son_Gokuwell, actually, if it's only that and doesn't effect how data "ownership" and migration occurs, then it's not an issue10:23
Son_Gokuthe way it was explained to me at the rally is that we wanted to do "smart things" by doing so10:23
Son_Gokufor example, automatic cleanup of related user-data if the stamp didn't exist10:23
Son_Gokuwhich would be extremely dumb for networked user case10:23
Chipacaer, no, that's the opposite of what I'd want to do10:24
Chipaca"related user-data" would not be even looked at if the stamp didn't exist10:24
mupPR snapd#6239 opened: packaging/fedora/snapd.spec: fix bogus date in changelog <Created by mvo5> <https://github.com/snapcore/snapd/pull/6239>10:24
mvomborzecki: it looks like the selinux pr is failing because libselinux not found on centos afaict10:25
Chipacaas you say it breaks for networks, it also means that something is enumerating users from the system, which is a no-no10:25
mborzeckimvo: thanks, will look into it10:25
mvomborzecki: really nice progress btw10:25
ChipacaSon_Goku: re-reading that topic now to find the cleanup-of-missing thing to address it there10:26
mborzeckimvo: thanks, and sorry for not being too responsive for reviews the last couple of days, didn't want to loose context10:27
Son_Gokumborzecki, it's because you've disabled libselinux right now10:27
Son_Gokumborzecki, you currently have selinux disabled for centos builds10:28
mvomborzecki: no worries10:29
Son_Gokuoh no, wait, it looks like you've switched it back10:29
mborzeckiSon_Goku: --enable-selinux is behind %{?with_selinux:..}10:29
mborzeckiSon_Goku: and the rest is if/endif'ed10:29
mborzeckiSon_Goku: restored fedora 28 to spread specifically to build it10:30
mborzeckiomg, with_selinux is always defined :/10:36
mupPR snapd#6240 opened: release: 2.36.2 <Created by mvo5> <https://github.com/snapcore/snapd/pull/6240>10:36
zygamvo: I have not looked yet10:39
mvozyga: ok, I give it a poke10:39
zygaThank you10:43
mborzeckihmm selinux doesn't like the fontconfig bits10:47
ChipacaSon_Goku: https://forum.snapcraft.io/t/bug-with-cleaning-snap-data-in-home-dirs-proposed-solution/1201/14?u=chipaca10:53
Son_Gokumborzecki, will this work if both apparmor and selinux are available as options (i.e. SUSE distributions?)10:56
mborzeckiSon_Goku: we'll probably need to disable one, i see that with_selinux is 1 by default10:58
Son_Gokuwell, I'm saying can the integration be compiled in?10:58
Son_Gokubecause there are folks that use SELinux instead of AppArmor on SLED/SLES, for example10:59
mborzeckiSon_Goku: you can build both and there's a change it'll work out of the box, the libselinux bits do autodetection and so does libapparmor11:00
Son_Gokuyeah, that's what I was getting at11:00
mborzeckiSon_Goku: there's always a quesion of refpolicy they use, whether it's the same as fedora11:00
Son_GokuRH/Fedora and (open)SUSE use the same upstream: fedora-selinux11:01
Son_Gokuactually, of all the distros that offer SELinux support, I think only Debian/Ubuntu don't offer the fedora-selinux variant of the policy11:01
Son_Goku(and "offer" is a _strong_ word here for Ubuntu... more like didn't purge from Debian impots)11:02
Son_Goku*imports11:02
jameshChipaca: if you've got time, could you have a look at https://github.com/snapcore/snapd/pull/5822 ?11:04
mupPR #5822: wrappers: allow user mode systemd daemons <Created by jhenstridge> <https://github.com/snapcore/snapd/pull/5822>11:04
mborzeckiSon_Goku: mhm, right so there's a change it'll work :) happy to learn how far it gets though11:04
Chipacajamesh: whoops, yes11:04
Son_Gokumvo, niemeyer, I hope mborzecki's PR for selinux makes it in for the next release, this would drastically improve my confidence in shipping snapd for RHEL/CentOS through EPEL11:04
Son_GokuI'm actually pretty tempted to not ship until we get this in a release, because this is a *big* improvement across the board11:05
jameshChipaca: it should be fairly up to date now: I rebased it recently and spread seems happy with it again11:05
Chipacajamesh: ok11:05
cachioSaviq, hey, could you try the rawhide image?11:05
Son_Gokumborzecki, how is transitioning from older policy rules to the new one?11:05
Son_Gokuit works okay?11:05
mborzeckiSon_Goku: haha, don't be, i see some issues on centos alredy, we need to have smarter runtime detectio of whether the policy is present and the latest bits with fontconfig are causing some issues11:06
Son_Gokuah11:06
Son_Gokumborzecki, well, it would at least mean the confinement _does_ something now :)11:06
Son_Gokunot great, but it does something11:06
mborzeckiSon_Goku: it's only confining snapd and helpers11:07
Son_Gokubut now the framework is in place to confine snaps properly too11:07
mborzeckiSon_Goku: but there's a path forward i guess at this point11:07
mborzeckiSon_Goku: at least there are options to explore :)11:07
Son_Gokuyep11:07
Son_Gokunow that we have libselinux integration, we can look at things like mapping CIL and snappy policy knobs to the snappy security HLL11:08
zygare11:09
zygamvo: sorry for being absent so long, I'm finally home now11:11
zygamvo: I will start by adding tests to https://github.com/snapcore/snapd/pull/623311:11
mvozyga: no worries11:11
mupPR #6233: overlord: don't write system key if security setup fails <Created by zyga> <https://github.com/snapcore/snapd/pull/6233>11:11
zygathen resume with leap fixes11:11
cachiomvo, hey, I saw 2.36.2 branch has failed11:23
cachio2 tests with same error on configure hooks11:23
mvocachio: failed in spread?11:27
mvocachio: or failed somewhere else?11:28
cachiomvo, in spread11:28
mvocachio: I have not looked yet, does the failure look familiar in any way?11:29
cachiohttps://paste.ubuntu.com/p/z7jh7KwJt9/11:29
cachiomvo, it is happening on 2.36 family11:29
cachiomvo, I am already trying to reproduce it11:30
zygacachio: no  need11:40
zygacachio: this is the problem we've been trying to understand recently11:40
zygaand now I believe we mostly do11:41
cachiozyga,ah, ok11:41
cachiozyga, It just failed here :)11:41
Saviqcachio: I did, it seems to have failed to install our deps https://travis-ci.org/MirServer/mir/jobs/46120493711:43
SaviqI need to add a spread timeout < 50 minutes so it bails out I suppose11:43
mvozyga, cachio is it the permission denied bug?11:43
zygayes11:43
mvocachio, zyga thanks! in this case I hope to push a PR soon with a fix11:44
cachiomvo, yes11:44
cachiocannot create temporary directory for /var/lib/snapd mount point: Permission denied11:44
zygamvo: does systemd-run play ball on 14.04?11:44
mvocachio: yeah, I hope to have something ready before or shortly after lunch11:44
mvozyga: I don't know, need to check but if not that would suck(tm)11:44
mvozyga: 14.04 is just ~5 more month but still11:45
zygamvo: the set of patches I proposed fixes this too11:45
zygaI will land all the bits needed today11:45
zygaI don't mind systemd-run being used as well,\ we may have other issues causing system key-based problem11:46
mvozyga: hm, you mean 6234 - or more?11:47
zygahttps://github.com/snapcore/snapd/pull/623511:47
mupPR #6235: overlord,apparmor: new syskey behaviour + non-ignored snap-confine profile errors <⛔ Blocked> <Created by zyga> <https://github.com/snapcore/snapd/pull/6235>11:47
zygathat's the full set but it is blocked by leap11:48
zygahttps://github.com/snapcore/snapd/pull/6235/commits/15cae44908738b6c8e1814563c0cae727594a3d711:48
zygahave a look at each patch there11:48
mvozyga: interessting - and its green, nice. is this reliable, i.e. did you run a couple of times?11:49
zyganot in that PR but yeah, a few times locally11:50
zygafeel free to restart it as many times as you like11:50
zygait failed only on noise like mount error or store timeout11:50
mvogreat11:50
mvozyga: looks like systemd-run is out, a shame12:08
zygaoh, why?12:08
mvozyga: not availalbe on trusty, it has 204 but we need 20512:08
zyga14.04?12:08
zyga:////12:08
zygabummer12:08
zygawell12:08
zyga4 months12:08
mvozyga: yeah, indeed12:08
zygaand I'm busy writing tests12:08
mvooh well, I will shelve the PR12:08
mvountil then12:08
zygaI'm happy to finally end 2.36 drama ;)12:08
mvozyga: indeed12:10
mvozyga: well done!12:10
cachiozyga, :)12:11
mupPR snapd#6239 closed: packaging/fedora/snapd.spec: fix bogus date in changelog <Created by mvo5> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/6239>12:21
Chipacamvo: systemd-run wha?12:22
pedronisChipaca: it doesn't exist in 14.04 ?12:31
zygamvo: I pushed unit test to https://github.com/snapcore/snapd/pull/623312:46
mupPR #6233: overlord: don't write system key if security setup fails <Created by zyga> <https://github.com/snapcore/snapd/pull/6233>12:46
zygamvo: I will now add a spread test12:46
zygahave a look please12:46
mborzeckioff to pick up the kids12:57
pstolowskimborzecki: what's the story with https://bugs.launchpad.net/snapd/+bug/1759349 ?13:07
mupBug #1759349: Confinement doesn't work on arch (manjaro) linux <snapd:Triaged> <https://launchpad.net/bugs/1759349>13:07
mvozyga: sure, looking13:10
zygathx13:11
mvoChipaca: https://github.com/snapcore/snapd/compare/master...mvo5:systemd-run-security-gen?expand=1 <- the idea was to avoid that apparmor_parser and snap-seccomp processes get killed when we restart snapd13:12
mvoChipaca: but a non-starter for now13:12
jdstrandmvo: curious how snapd fits into trusty/esm...13:19
mvojdstrand: last time we talked about this someone mentioned that snapd would probably not included but that wasn't very official13:20
zygajdstrand: gives mvo more gray hair?13:20
jdstrandmvo: probably want to talk to joe and amurray. they arer in the process of defining what's in trusty/esm and that is coming from stakeholders13:20
mvojdstrand: ok13:21
jdstrandmvo: I hadn't really thought that snapd would be in esm, but it seems likely it will have a (much) expanded package set than precise/esm13:22
jdstrandmvo: I guess part of this would be looking at data for snapd on trusty and seeing how that maps to esm customers13:23
jdstrandmvo: which joe and amurray may need some help with (on the data collection bits)13:24
mvojdstrand: makes sense. however the version of systemd (204) there is giving us a headache13:24
jdstrandmvo: not trying to give you gray hair, sorry :\13:24
* jdstrand nods13:24
zygamvo: wrote the spread test, running it now13:24
zygaI'll make something warm13:24
mvozyga: thanks!13:25
mvozyga: and sorry for commenting on the wrong PR :/ I commtned on the right now now too13:25
zygamvo: with both spread and unit test I'm happy with this being merged into master13:25
zygamvo: hah, no worries :)13:25
zygaleast of our problems13:25
jdstrandmvo: I wouldn't necessarily consider also upgrading systemd in trusty/esm off the table. there is more flexibility there, so *if* snapd should be included in trusty/esm, perhaps there are things that can be done to make it easier on you13:25
mvojdstrand: well, it will be a discussion but trusty is a real burden for us, that should be taken into consideration13:25
jdstrandmvo: sure, which is why I wanted to mention that you should let joe and amurray aware of that. you're obviously a stakeholder :)13:26
mupPR snapcraft#2380 closed: tests: use autopkgtest to leverage snap testing <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2380>13:26
zygajdstrand: I would love 14.04 == 16.04 as far as systemd is concerned13:40
zygawould be much sweeter support target13:41
zygawe have plenty of // TODO because 14.04 ... in the code13:41
zygamvo: I added 2.36.3 milestone13:41
mvozyga: thanks13:41
mvozyga: to LP?13:42
zygayes13:42
mvozyga: cool13:42
zygamborzecki: probably want to update https://bugs.launchpad.net/snapd/+bug/177201613:42
mupBug #1772016: Mount snap "snapcraft" (1591) ([start snap-snapcraft-1591.mount] failed with exit status 1: <snapd:Triaged> <https://launchpad.net/bugs/1772016>13:42
mupPR snapd#6231 closed: data: set KillMode=process <⛔ Blocked> <Created by mvo5> <Closed by mvo5> <https://github.com/snapcore/snapd/pull/6231>13:53
zygamvo: I must say I really enjoy filing bugs and writing regression tests13:57
zygathat paper trail and non-main test means that we still get rapid testing of features (main) but get nice and good feeling that over time things don't explode on bugs that we fought before13:57
zygaand if it happens we have all the context to look at13:58
pedronisChipaca: standup?14:01
Chipacapedronis: omw14:01
pedroniscachio: ^14:02
mvozyga: indeed14:02
mvocachio: 2.36.2 is ready for beta validation now :)14:09
cachiomvo great14:09
cachioI'll start asap14:09
* cwayne gets excited for some core results14:12
mvokenvandine: the fontconfig fix is in the core beta now, if you could test and ask your team to test that would be awesome14:13
kenvandinemvo: awesome14:14
kenvandinethanks14:14
kenvandinemvo: how about core18?14:14
mvokenvandine: it will work there too14:14
kenvandinesweet14:14
mvokenvandine: I mean, it will work with snaps that use core18 as well14:14
sergiusensniemeyer: hello, just to clarify, is the conclusion from https://forum.snapcraft.io/t/snap-multi-line-descriptions-need-newline-trim-on-store-import/3934/12 to use | instead of > considering that the markdown filter will apply the appropriate formatting wrt (in this case) newlines?14:16
mborzeckizyga: can you try 'snap install hello-world_foo hello-world_bar'? does it work for you?14:19
zygamborzecki: in a sec14:19
zygamvo: if you can do a final ack on https://github.com/snapcore/snapd/pull/623314:22
mupPR #6233: overlord: don't write system key if security setup fails <Created by zyga> <https://github.com/snapcore/snapd/pull/6233>14:22
mupPR snapcraft#2417 closed: Revert "lifecycle: make snapcraft init template use > not | (#2393)" <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2417>14:23
zygamborzecki: yes14:24
zygamborzecki: works ok14:24
mborzeckizyga: both snaps in a single line?14:24
zygayes14:24
mborzeckizyga: are you running the latest master?14:25
zygano14:25
zyga2.36.114:25
zygasorry, too many machines :)14:25
zygamy master machine is on the right14:25
zygathis one was on the left14:25
mborzeckizyga: i get 'error: store.SnapNotFound with 2 snaps'14:25
zygahmmmm14:26
niemeyersergiusens: It looks like ">" (aka line folding) changes the output completely from what is presented to the user. It even corrupts the rendering once the text is interpreted as Markdown.14:30
niemeyersergiusens: Isn't that true?  If it is, then it indeed looks like a terrible idea to use it.14:30
sergiusensniemeyer: yes, exactly why I am inclined to revert it https://www.irccloud.com/pastebin/WaNVs8vG/para%20que%20veas%20el%20efecto14:31
zygamup: hello14:38
mupzyga: I apologize, but I'm pretty strict about only responding to known commands.14:38
niemeyerHeh..14:39
zyga2fa?14:39
niemeyerNo.. either chrome or hangouts itself is hanging on me14:39
mupPR snapd#6241 opened: tests/main/parallel-install-store: verify installation of more than one instance at a time <Parallel installs ⛓> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/6241>14:41
mupPR snapd#6240 closed: release: 2.36.2 <Created by mvo5> <Merged by zyga> <https://github.com/snapcore/snapd/pull/6240>14:45
niemeyersergiusens: Why are you just inclined?  Is the behavior reasonable?14:56
pedronispstolowski: niemeyer:  I wrote something here: https://bugs.launchpad.net/snapd/+bug/177712114:58
mupBug #1777121: Remove is called after snap services are stopped  <snapd:In Progress by stolowski> <https://launchpad.net/bugs/1777121>14:58
niemeyersergiusens: To me it looks clearly like a bug.. ideally that sort of change should be carefully investigated before it takes place14:58
niemeyerpedronis: Thanks.. depending on their use case, we might have a hook like this, but I'd try to cook it in a way that detaches from the promise of running services14:59
pedronisniemeyer: let's see if they have further feedback, now that the picture is clearer15:03
* zyga -> soup15:03
pstolowskipedronis: ty. i marked my PR blocked for now, we can decide if we want to close depending on feedback15:04
Chipacabrb, need to reboot - plugging in my headset hangs my trackpad15:06
Chipaca(WAT)15:06
cachiomvo, hey15:09
cachiohttps://paste.ubuntu.com/p/gNMHkR2Wpt/15:09
cachioany idea about this request15:10
cachioit is taking about 3/4 seconds15:10
cachiodelaying the test suite15:10
niemeyerpedronis: We might call it "cleanup", for example.. we should just make its semantics more clear, including when exactly it's called, what are the promises or possibilities, and we might also consider what other use cases we might have for the same hook15:12
mvocachio: not sure where it comes from, what happens before/after in the logs?15:14
cachiomvo, https://paste.ubuntu.com/p/ct763X3tj5/15:16
cachiomvo, it jumps from 14:50:20 to 14:50:2415:17
cachiowith that request15:17
jdstrandmvo: hey, did you see my response regarding your compression exploration? we don't need to discuss it here, but if you start to narrow in on something, please perform resquash tests (I can show you how) on a variety of snaps (eg, large, like chromium as well as snaps built on one arch (eg, i386, armhf, arm64) and resquashed on amd64)15:17
cachioit happens when we stop the snapd.service15:17
mborzeckicould we land https://github.com/snapcore/snapd/pull/6211 ? super simple15:21
mupPR #6211: spread: run tests on Fedora 28 again <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/6211>15:21
rbasak"error: cannot install zero snaps" -- not something I ever thought I'd see a dedicated error message for :)15:22
rbasak(my fingers raced a middle click paste against the return key)15:23
zygarbasak: attention to detail :-)15:24
mvojdstrand: yeah, saw it but didn't look at the details yet15:27
mvocachio: aha, looks like the catalog update15:28
mvocachio: I guess we could disable that via some magic15:28
mvocachio: but we need to write code for that, iirc we currently unconditionally run it15:29
cachiomvo, the problem is that we start / stop it on reset15:29
cachioand it takes like 7/10 seconds to stop it15:30
jdstrandmvo: ok, don't want to distract you, just want you to be aware that we should not regress resquash tests in the store and that, having been through this with our existing options, things are rather delicate15:30
cachiomvo, is it refreshing the catalog any time we start snapd?15:30
Chipacacachio: catalog refresh happens every startup yes15:41
=== phoenix_firebrd is now known as murthy
Chipacacachio: also sometimes assertions15:42
zygafun fact: on freebsd there's /.snap and then there's a /sys symlink to source code15:42
Chipacazyga: what's /.snap ?15:42
zygaempty directory15:42
zygamaybe snapshot spot?15:43
zyganot sure yet15:43
zygaChipaca: you will like this one15:43
Chipacazyga: https://lists.freebsd.org/pipermail/freebsd-questions/2012-January/237296.html15:43
zygaChipaca: /home is a symlink to /usr/home :D15:43
cachioChipaca, mmm, ok, perhaps I can make small change to avoid stop snapd just after we start it15:43
zygaChipaca: also /proc exists, but it is empty15:46
zygafreebsd is odd :)15:46
zygaChipaca: there's /rescue which is much like /bin but everything is statically linked15:46
zygaI see what you did there freebsd15:46
* cachio lunch15:47
Chipacacachio: or we could make snapd check the timestamp on the catalog and not refresh too often15:48
zygamvo, Chipaca found a fun bug15:54
zygahttps://pastebin.ubuntu.com/p/xyNHG2Hqdk/15:54
zygawe mount core18 _after_ starting snapd15:54
zygaand things go south15:54
zygais this expected?15:55
Chipacazyga: all bugs are expected15:58
* Chipaca puts down his tea and looks at it quizzically15:58
pedroniszyga: where? what's the context of that?15:59
zygapedronis: regression test noticed that things misbehave on a core18 system15:59
zygajust vanilla run-off-the-mill core18 test system16:00
zygalooking at journal logs to see what was wrong16:00
zygaI guess this possible means that we mount any snap after snapd is started16:05
zygawhich would be possibly quite grim16:05
zygashall I report it and finish my current task?16:05
cachioChipaca, yes, that too16:07
pedroniszyga: yes16:09
mvozyga: yeah, thanks for finding this16:13
zygareported as https://bugs.launchpad.net/snapd/+bug/180586616:13
mupBug #1805866: On core18 system core18 snap was mounted after snapd had started <snapd:New> <https://launchpad.net/bugs/1805866>16:13
mvozyga: its slightly strange iirc we set Before=snapd.service in our mount units plus mounts happen before multi-user16:14
zygaand if I can have one xmas present, I would love to see markdown support on launchpad comments16:14
mvozyga: but might be because of something in core18 that is special16:14
zygayep16:14
zygait's "fun" that this fix for 2.36 uncovers issues like that16:15
mvozyga: yeah16:15
mvozyga: is this first run on core18? I mean, very first start? there nothing is mounted yet, snapd needs to bootstrap itself16:15
zygamvo: I just ran16:15
zygaspread -debug -v google:ubuntu-core-18-64:tests/regression/lp-180583816:16
zygamaybe try with -shell-after16:16
mupPR snapd#6211 closed: spread: run tests on Fedora 28 again <Created by bboozzoo> <Merged by sergiocazzolato> <https://github.com/snapcore/snapd/pull/6211>16:16
mupPR snapd#6242 opened: overlord/snapstate: use file timestamp to initialize timer <Created by chipaca> <https://github.com/snapcore/snapd/pull/6242>16:16
mvozyga: ok, what PR was this again?16:16
Chipacacachio: ^16:16
zygahttps://github.com/snapcore/snapd/pull/623316:16
mupPR #6233: overlord: don't write system key if security setup fails <Created by zyga> <https://github.com/snapcore/snapd/pull/6233>16:16
zygathe test passes on all systems now16:17
mvozyga: thanks! running it now16:20
mupPR snapd#6243 opened: systemd: allow only a single daemon-reload at the same time <⛔ Blocked> <Created by mvo5> <https://github.com/snapcore/snapd/pull/6243>16:25
pstolowskizyga: can you take a look at #6180 (doesn't have to be today)16:31
pstolowski?16:31
zygak16:31
mupPR #6180: snap/info: bind global plugs/slots to implicit hooks <Complex> <Created by stolowski> <https://github.com/snapcore/snapd/pull/6180>16:31
zygaah16:31
zygasure16:31
* pstolowski should probably remove complex label from it and have something that attracts people instead ;)16:32
zygawe need a <cookie> label16:32
pstolowskiyay16:32
roadmr🍪16:32
pstolowskiit's not really complex btw.. just needs some insight maybe16:32
zygaroadmr: just need to cross check with kyrofa about how it renders16:32
pstolowskiroadmr: lovely16:33
mupPR snapcraft#2418 opened: Release changelog for 3.0.1 <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/2418>16:33
=== Trevinho_ is now known as Trevinho
pedroniszyga: do we need #6230 ?16:34
mupPR #6230: spread: detect "signal: terminated" in journal logs <⛔ Blocked> <Created by zyga> <https://github.com/snapcore/snapd/pull/6230>16:34
zygano, it was just experiments16:34
zygaclosed now16:34
mupPR snapd#6230 closed: spread: detect "signal: terminated" in journal logs <⛔ Blocked> <Created by zyga> <Closed by zyga> <https://github.com/snapcore/snapd/pull/6230>16:34
zygapedronis, mvo: though the forkstat stuff was amazing16:35
mvozyga: yeah, I think we keep this in mind, something like this may come back later16:37
pedronisChipaca: #6192 needs a 2nd review and I suggested a smal tweak16:39
mupPR #6192: overlord/snapstate: on refresh, check new rev can read current <Created by chipaca> <https://github.com/snapcore/snapd/pull/6192>16:39
mvozyga: I suspect the issue with the core-18 is really that on first-run nothing is available yet. otoh the state should also be empty so slightly strange16:40
zygamaybe particular test setup is the culprit but I don't expect this to happen16:41
mvozyga: I see "Reboot on qemu:ubuntu-core-18-64 ... is taking a while" and it seems like its hanging16:41
zygawe're either seeging16:41
zyga*seeding16:41
zygaand snaps are installed16:41
zygaor we know nothing about them16:41
zygafeels like a bug for real at some level16:41
mvozyga: oh, they are installed, hm, hm, if so we should have a Before=snapd.service16:41
zygammm16:41
zygayeah16:41
zygaI haz real bug16:41
pedroniszyga: mvo: we do have some tests that wipe the state16:42
zygapedronis: I ran that single test in isolation16:42
pedronisand simulate the seeding again16:42
zygait was the first code to run16:42
pedroniszyga: what test is it?16:42
mvozyga: did you also get this wait?16:43
zygaspread -debug -v google:ubuntu-core-18-64:tests/regression/lp-1805838 from https://github.com/snapcore/snapd/pull/623316:43
mupPR #6233: overlord: don't write system key if security setup fails <Created by zyga> <https://github.com/snapcore/snapd/pull/6233>16:43
zygawait?16:43
pedronisam I reading it wrong, that info is not in the bug?16:44
zygano, it's not in the bug but that test is arguably not doing anything, it just restarts snapd to see what the logs show -16:45
pedronisit's a new test?16:46
pedronisI don't have it here16:46
zygayes16:46
zygait's a regression test for that branch16:47
zygamvo: I missed this part:16:49
zygazyga: I see "Reboot on qemu:ubuntu-core-18-64 ... is taking a while" and it seems like its hanging16:49
zygamvo: I didn't get that16:49
zygais it still hanging16:49
zyga?16:49
mvozyga: hm, ok16:49
mvozyga: yeah, I try again16:50
zygaeh, failed on mount error16:50
zyga- Mount snap "test-snapd-tools" (7) ([start var-lib-snapd-snap-test\x2dsnapd\x2dtools-7.mount] failed with exit status 1: Job for var-lib-snapd-snap-test\x2dsnapd\x2dtools-7.mount failed.16:50
zygaSee "systemctl status "var-lib-snapd-snap-test\\x2dsnapd\\x2dtools-7.mount"" and "journalctl -xe" for details.16:50
mvozyga: I was running it in qemu16:51
zygaaha16:51
mvozyga: running it in google now16:51
zygaafk16:54
zygagoing to my son's birthday :)16:54
zygattyl16:54
=== zyga is now known as zyga|afk
=== pstolowski is now known as pstolowski|afk
kyrofaHaha, zyga|afk looks like a rock17:05
roadmrhttps://www.youtube.com/watch?v=2NEbe_brJAQ17:07
mvozyga|afk: enjoy!17:18
mvozyga|afk: hm, hm, spread -v -debug  google:ubuntu-core-18-64:tests/regression/lp-1805838 just worked, I try again after dinner17:34
zyga|afkmvo: yes, it passes17:37
zyga|afkmvo: try -shell-after17:37
zyga|afksee what logs say17:37
=== zyga|afk is now known as zyga
zygawhee18:47
mupPR snapd#6233 closed: overlord: don't write system key if security setup fails <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/6233>18:48
* cachio afk21:42
mupPR snapd#6244 opened: release: detect too old apparmor_parser <Created by zyga> <https://github.com/snapcore/snapd/pull/6244>23:14
* zyga really goes to sleep now23:15

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!