[05:55] <mborzecki> morning
[06:11] <mborzecki> google:ubuntu-18.04-64:tests/main/desktop-portal-open-file seems broken
[07:16] <zyga> Hey
[07:16] <zyga> I will be around shortly
[07:21] <mborzecki> zyga: hey
[07:45] <mup> PR snapd#6538 opened: tests/main/desktop-portal-*: try to collect some debug output in the tests <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/6538>
[08:01] <mborzecki> hm in both test runs that failed, document portal test was executed before the desktop portal one
[08:03] <zyga> back now
[08:04] <zyga> kids sorted out, dressed, fed, combed, sent off to school, kitchen cleaned, dog handled - all good, let's work :)
[08:04] <zyga> mborzecki: I haven't looked at the tests yet but perhaps they leak processes that make things fail
[08:05] <zyga> all the portals need to be killed / unmounted across testing sessions
[08:06] <mborzecki> zyga: yeah, that's my guess
[08:06] <mborzecki> tweaked spread priorities to make it run the document portal test before desktop ones :/
[08:07] <zyga> uh
[08:07] <zyga> sucks
[08:08] <mborzecki> anyways, i need coffee
[08:08] <pstolowski> hey o/
[08:08] <zyga> hey pawel
[08:09] <pstolowski> zyga: i frogot to give you back your serial adapter; i can send it
[08:09] <zyga> oh
[08:09] <zyga> no worries :)
[08:09] <zyga> keep it
[08:09] <zyga> I have more at home
[08:10] <pstolowski> zyga: ok, next time
[08:10] <zyga> and they are 3euro each so no point in sending it anywhere :)
[08:10] <pstolowski> :)
[08:12] <mborzecki> pstolowski: hey
[08:17] <mborzecki> aand reproduced
[08:18] <zyga> mborzecki: what is it?
[08:18] <mborzecki> idk yet, just got the same backtrace as on travis
[08:18] <mborzecki> so running document-portal activation before the test made it fail
[08:18] <zyga> mborzecki: mount
[08:18] <zyga> mborzecki: ps aux
[08:19] <mborzecki> hmm https://paste.ubuntu.com/p/2CJ63xWDG4/
[08:20] <zyga> that's expected!
[08:20] <zyga> unmount / kill them
[08:24] <mborzecki> hm xdg destkop portal is not starting for some reason
[08:24] <zyga> how are you starting it?
[08:25] <zyga> btw: the more I see this the more I'm inclined to require tests to clean up by themselves
[08:25] <zyga> we are wasting lots of time on prepare/restore
[08:25] <zyga> and it's not working
[08:25] <mborzecki> hahah https://paste.ubuntu.com/p/cpNrbBkBH7/
[08:25] <zyga> woah :D
[08:25] <zyga> how did we miss that :)
[08:25] <mborzecki> test execution order probably
[08:26] <mborzecki> soemthing cleaned up too much or not enough
[08:27] <mborzecki> yup, apt install python3-dbus and it worked :P
[08:30] <mborzecki> zyga: heh https://paste.ubuntu.com/p/hfhSxpF7tT/ document portal activation is a bit eager with the cleanup
[08:30] <zyga> yeah
[08:30] <zyga> good catch
[08:30] <zyga> I wish we had tagging in spread
[08:30] <zyga> we could tag a test as "dirty" or "clean"
[08:30] <zyga> and work our way through the maze
[08:31] <mborzecki> hm idk, i'd like to run the test on a snapshot of the rootfs, something like systemd-nspawn does, or a subvolume you can discard afterwards
[08:32] <zyga> mborzecki: I would use that only to detect violations
[08:32] <zyga> we still need to run them in contexts where we cannot afford such luxury
[08:32] <zyga> but I strongly agree on a need for automatic verification
[08:33] <zyga> we leak processes, mount points, random files, cache, temp files, package changes, kernel settings
[08:35] <mborzecki> i suppose i'll leave the extra debug info in the tests
[08:36] <zyga> https://9to5mac.com/2019/02/25/bbedit-12-6-sandboxing-mac-app-store/
[08:37] <zyga> this is curious, it's an IDE / developer editor that runs sandboxed on macos sandbox and will now be distributed by the app store
[08:37] <zyga> I wonder what the usability is like
[08:49] <zyga> pstolowski: can we detect gpio's via hotplug?
[08:53] <mborzecki> pushed a patch, #6538 should fix master once it lands
[08:53] <mup> PR #6538: tests/main/desktop-portal-*: try to collect some debug output in the tests <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/6538>
[08:53] <zyga> thanks, looking
[08:54] <zyga> mborzecki: I was thinking if the debug section should run without "set -e"
[08:54] <zyga> we have to resort to silly || true or risk more failure
[08:57] <mborzecki> pstolowski: is #5962 the last of the hotplug series?
[08:57] <mup> PR #5962: ifacestate/hotplug: hotplug handlers <Complex> <Hotplug 🔌> <Created by stolowski> <https://github.com/snapcore/snapd/pull/5962>
[08:58] <zyga> I'll take one more stab at https://github.com/snapcore/snapd/pull/6111
[08:58] <mup> PR #6111: packaging/opensuse: move most logic to snapd.mk <Created by zyga> <https://github.com/snapcore/snapd/pull/6111>
[08:59] <pstolowski> mborzecki: yes (as far as feature is concerned; there is a spread test+serial port interface in a followup)
[09:02] <mborzecki> pstolowski: great :) i'll take a look at the PR now
[09:11] <pstolowski> mborzecki: ty!
[09:12] <marlinc> Hey there, is there a way to make a 'team account'? I'm building some snaps for my company but having them be published using my name isn't very nice
[09:12] <pstolowski> zyga: good question, i'm not sure and familiar with gpio; fwtw this is what i see with udevadm info -e on rpi3 (not complete, just a snippet): https://pastebin.ubuntu.com/p/pqvFJkQyvx/
[09:12] <pstolowski> *not familiar*
[09:13] <pstolowski> this is what the interface can get & process as part of hotplug
[09:21] <mborzecki> need to go out for a while
[09:26] <mup> PR snapd#6539 opened: cmd, daemon: split out the common bits of mapLocal and mapRemote <Created by chipaca> <https://github.com/snapcore/snapd/pull/6539>
[09:26] <Chipaca> moin moin
[09:26] <Chipaca> ^ PR from the fun flight home
[09:29] <zyga> pstolowski: hmm, that's new to me as well
[09:29] <zyga> Chipaca: hey :)
[09:29] <Chipaca> zyga: 'sup
[09:29] <zyga> pstolowski: are any of the values pointing to a /dev/XXX entry (perhaps via a symlink)
[09:30] <zyga> Chipaca: settling back in the office, all is good, yourself?
[09:30] <zyga> https://www.monkeyuser.com/2019/pivoting/ (no association to snapd, just funny)
[09:34] <Chipaca> zyga: going through reviews :-)
[09:34] <pstolowski> zyga: the only one i can find in udevadm output is referencing /dev/gpiomem, but that doesn't seem relevant for the gpio interface we have atm
[09:34] <zyga> yeah
[09:34] <zyga> gpio via memory mapped registers
[09:34] <zyga> oh well
[09:36] <mup> PR snapd#6529 closed: daemon, client, cmd/snap: snap debug base-declaration <Created by chipaca> <Merged by chipaca> <https://github.com/snapcore/snapd/pull/6529>
[09:45] <pedronis> Chipaca: hi, it's a bit strange that a GET gets an "action" there ^
[09:45] <Chipaca> pedronis: hi!
[09:46] <Chipaca> oh dear :-/
[09:46] <pedronis> Chipaca: I mean I understand where it's coming from, but is not the most appropriate term for something that should be idempotent
[09:46] <pedronis> sorry
[09:46] <pedronis> without effects (actually)
[09:47] <Chipaca> pedronis: would select= have been better?
[09:47] <Chipaca> dunno, we don't have another one of these really
[09:49] <pedronis> Chipaca: select would be better, we use it already in other queries, no?  a cutesy one could be "aspect"
[09:49] <pedronis> debug which aspect (but as I said a bit too cute)
[09:50] <pedronis> maybe
[09:50] <Chipaca> pedronis: yes, we use select=all and =enabled (for list), select=refresh or =private (for find), all and connected on interfaces, all, in-progress and ready on changes, …
[09:50] <Chipaca> select is always a filter tho
[09:50] <Chipaca> (bah, refresh is weird0
[09:51] <pedronis> Chipaca: your pick, it's debug after all, I'm happy with either "select" or "aspect"
[09:52] <Chipaca> I like aspect, but i like the consistency of select
[09:52] <Chipaca> hm
[10:14] <mup> PR snapd#6540 opened: daemon, client, cmd/snap: debug GETs have actions, not aspects <Created by chipaca> <https://github.com/snapcore/snapd/pull/6540>
[10:15] <Chipaca> wait I got that backwards
[10:15]  * Chipaca groans
[10:17] <pedronis> Chipaca: changed
[10:54] <Chipaca> snap_mode=try means it hasn't rebooted after changing core/kernel/gadget, right?
[10:54] <zyga> Chipaca: I think so
[10:54] <zyga> Chipaca: bootloader changes that to trying
[10:55] <zyga> Chipaca: so snapd knows what's going on
[10:56] <Chipaca> so maybe that's the bit that's broken
[10:57] <zyga> what are you seeing? sorry, I'm deep in another topic and just responded because I saw the question
[10:57] <Chipaca> zyga: stay there :-)
[10:57] <Chipaca> zyga: i'm just talking to myself
[10:57] <zyga> tea helps :)
[10:57] <zyga> I'm drinking some now, it's not as warm as it was in the south
[10:58] <Chipaca> pedronis: on snapd stat, if snap_mode==try, we should set the restarting flag
[10:58] <Chipaca> start*
[10:58] <Chipaca> this'll probably break some of our tests
[10:59] <Chipaca> also, our minds
[10:59] <Chipaca> ¯\_(ツ)_/¯
[11:00]  * Chipaca tries a reproducer
[11:03] <pedronis> Chipaca: ?
[11:03] <pedronis> Chipaca: I wouldn't solve the problem that way
[11:03] <Chipaca> pedronis: ok
[11:03] <pedronis> Chipaca: too much conceptual change
[11:06] <pedronis> Chipaca: boot ids seems still a bit more of a solid bit of info than our flags
[11:08] <pedronis> Chipaca: let's have a chat later
[11:14] <greyback> hey all, I've got 2 approvals on this PR, can it land? https://github.com/snapcore/snapd/pull/6525
[11:14] <mup> PR #6525: interfaces/wayland: allow wayland server snaps function on classic too <Created by gerboland> <https://github.com/snapcore/snapd/pull/6525>
[11:16] <pedronis> greyback: yes
[11:18] <Chipaca> pedronis: should I just merge it
[11:18] <pedronis> Chipaca: yes
[11:18] <Chipaca> boom
[11:18] <mup> PR snapd#6525 closed: interfaces/wayland: allow wayland server snaps function on classic too <Created by gerboland> <Merged by chipaca> <https://github.com/snapcore/snapd/pull/6525>
[11:19] <greyback> thanks guys
[11:19] <pedronis> greyback: notice that it's ok because of jdstrand review, typically anything in interfaces/builtin needs that
[11:19] <pedronis> not just 2 reviews
[11:19] <greyback> pedronis: understood.
[11:34] <pstolowski> zyga: i'm trying to understand the core-support plug/slot wrt to you comment in the migration-fix PR, checked some very old releases (2.14-2.16); it actually seems to be introduced for the "core" snap, not "ubuntu-core"?
[11:36] <zyga> pstolowski: oh? perhaps I was mistaken, if it was never present on ubuntu-core, does that simplify the bugfix?
[11:40] <pstolowski> zyga: most likely yes; we probably don't need to do anything special with it on undo (core back to ubuntu-core) since core-support is obsolete so will not appear on current core if we fail on transition and need to go back to u-c
[11:41] <pstolowski> pedronis: ^ do you think this makes sense? do you remember when did we introduce core-support?
[11:54] <mborzeck1> re
[11:55] <mup> PR snapcraft#2486 closed: colcon plugin: support build-time chaining <Created by kyrofa> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2486>
[12:05] <zyga> mborzecki: how are you feeling?
[12:11] <pedronis> pstolowski: ok, we need to chat about that PR in general
[12:11]  * pedronis finishing my lunch break
[12:24] <pstolowski> pedronis ok; btw core-support was added in 2.22
[12:30] <pedronis> pstolowski: it doesn't seem like ubuntu-core used it, it didn't in its last table release
[12:30] <pedronis> and at that time core was
[12:32] <zyga> Lunch time
[12:32] <pstolowski> pedronis: yes, let's talk in the standup
[12:35] <mborzecki> wth just happend with freenode?
[12:37] <pstolowski> mborzecki: hmm looks fine here
[12:38]  * pstolowski lunch
[12:52] <pedronis> pstolowski: zyga: I'm confused by the preexisting comment in that PR, wouldn't core and ubuntu-core profiles have different disk names?
[12:57] <cachio> niemeyer, hey, could you please add permission for
[12:57] <cachio> ERROR: (gcloud.compute.disks.snapshot) HTTPError 403: Required 'compute.zoneOperations.get' permission for 'projects/computeengine/zones/us-east1-b/operations/operation-1551185626188-582cb8c3acb08-df0e03b2-6722caa8'
[13:00] <Facu> may you help me to run the tests in snapcraft? I've installed all the system dependencies as README indicates, then created the venv, and installed all there as indicated, but when I run the tests I get a RuntimeError: Snapcraft requires PyYAML to be built with libyaml bindings
[13:03] <zyga> pedronis: let me look at the PR
[13:03] <zyga> Facu: perhaps your venv didn't built pyyaml because you were lacking C headers for the C shared library it depends on?
[13:04] <zyga> pedronis: which comment are you referring to?
[13:05] <zyga> is it https://github.com/snapcore/snapd/pull/6530#discussion_r259345905 ?
[13:05] <mup> PR #6530: overlord/ifacestate: fix migration of connections on upgrade from ubuntu-core <Squash-merge> <Created by stolowski> <https://github.com/snapcore/snapd/pull/6530>
[13:08] <Facu> zyga, there's no complain at all in the install process: http://linkode.org/#NLIK5LANIbGcPu11FZcKy4
[13:09] <zyga> Facu: I don't know, just a guess
[13:10] <pedronis> zyga: I'm probably just confused
[13:11] <zyga> pedronis: I added the comment because I read this part
[13:11] <zyga> https://github.com/snapcore/snapd/pull/6530/files#diff-b88a3954d898e0a8ab681d98f1407a0fR344
[13:11] <mup> PR #6530: overlord/ifacestate: fix migration of connections on upgrade from ubuntu-core <Squash-merge> <Created by stolowski> <https://github.com/snapcore/snapd/pull/6530>
[13:11] <zyga> but after discussing with pawel I think there is no way that we can have plugs on ubuntu-core / core there
[13:11] <zyga> still, that was my reasoning at the time I added the comment
[13:14] <pedronis> zyga: I forgot that profiles are generally per app/hook, and ubuntu-core had none afawu
[13:15] <zyga> pedronis: there was the "core-support" plug on the configuration hook but I forgot if it was present in ubuntu-core
[13:23] <mborzecki> pstolowski: will hotplug land for .38?
[13:23] <mborzecki> anyone wants to do a 2nd review of #6538?
[13:23] <mup> PR #6538: tests/main/desktop-portal-*: try to collect some debug output in the tests <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/6538>
[13:26] <cachio> jamesh, hi
[13:27] <pstolowski> mborzecki: i think so, the plan was to land it by malta sprint. i need to check if mvo wants to take a look, then i can merge. thanks for re-review btw!
[13:30] <mborzecki> aand it's green
[13:46] <Chipaca> pedronis: https://forum.snapcraft.io/t/how-get-snap-set-property-list-snapd-api-extension/10155
[13:49] <pedronis> zyga: do you remember from what repo ubuntu-core was built?
[13:49] <zyga> pedronis: the snap?
[13:49] <zyga> let me look
[13:50] <zyga> https://launchpad.net/~snappy-dev/+snap/ubuntu-core
[13:50] <zyga> apparently this one https://code.launchpad.net/~snappy-dev/ubuntu-core-snap/trunk
[13:51] <pedronis> zyga: never had hooks
[13:58] <pedronis> Chipaca: is that post formatting broken? it seems cut up
[13:58] <Chipaca> pedronis: not as much broken as nonexistent
[13:59] <pedronis> I cannot parse bits of it
[14:00] <mup> PR snapd#6538 closed: tests/main/desktop-portal-*: fix handling of python dependencies <Created by bboozzoo> <Merged by sergiocazzolato> <https://github.com/snapcore/snapd/pull/6538>
[14:00] <pedronis> Chipaca: pstolowski: standup?
[14:02] <Chipaca> yeah was fighting the setup
[14:03] <diddledan> I added architecture tracking: https://snapstats.org/architectures
[14:25] <pedronis> Chipaca: I asked the poster the review the formatting
[14:37] <mup> PR snapcraft#2469 closed: cli: clean up snapcraft push output <Created by cmatsuoka> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2469>
[14:51] <zyga> Pharaoh_Atem: hey
[14:51] <zyga> around?
[15:00] <Chipaca> pedronis: seems like that forum topic is about config validation -- which we make impossible by not allowing you to -d the whole config
[15:00] <Chipaca> (we already have people asking for this)
[15:03] <pedronis> Chipaca: do you have super powers to fix the formatting of that post? he reposted but the formatting is still broken
[15:03] <Chipaca> pedronis: I do
[15:03] <Chipaca> pedronis: I didn't because I doubt it'll make more sense, but if it'll help you I'll do it
[15:03] <pedronis> Chipaca: unless it's really cut off
[15:03]  * Chipaca does it
[15:03] <Chipaca> pedronis: it's really cut off
[15:03] <pedronis> ah
[15:03] <pedronis> :/
[15:03] <pedronis> ok
[15:04] <pedronis> nvm
[15:04] <Chipaca> pedronis: at least the PROBLEM section is now sensible :-)
[15:07] <zyga> Pharaoh_Atem: I think I got what you asked for on snapd.mk review, I will run one more round of spread and propose my changes back
[15:15] <mborzecki> damn, why the desktop test always have to be so flaky
[15:15] <zyga> mborzecki: leaking processes
[15:15] <mborzecki> google:ubuntu-18.04-64:tests/main/desktop-portal-filechooser failed now
[15:15]  * diddledan spills some processes all over the carpet
[15:18] <mborzecki> wth is this? https://paste.ubuntu.com/p/CZJ4JqZ4qg/
 I'd say that's a paste of some terminal output *duck*
[15:20] <diddledan> can't see what's going wrong though :-(
[15:20] <mborzecki> OSError: [Errno 38] Function not implemented: '/run/user/12345/doc/257d6b8c/file-to-write.txt'
[15:20] <diddledan> just spotted it :-)
[15:21] <mborzecki> the portal is running though
[15:26] <mborzecki> wonder if it's because of python trying to truncate the file
[15:29]  * cachio lunch
[15:43] <mborzecki> duh, obviously the test works in isolation, even when repeating it a couple of times
[15:44] <zyga> mborzecki: think about system level solutions
[15:44] <zyga> how to find broken tests?
[15:44] <diddledan> heisenbug
[15:45] <zyga> no, just order bug
[15:45] <zyga> tests don't clean properly
[15:45] <mborzecki> zyga: given it's ENOSYS, i'd guess it's from fuse as used by xdg-desktop-portal
[15:45] <diddledan> aah
[15:45] <zyga> random order may put stuff that leaks stuff ahead of test that is affected by it
[15:45] <mborzecki> or document portal to be exact
[15:45] <zyga> mborzecki: yes
[15:45] <mborzecki> damn desktop tech
[15:47] <zyga> Pharaoh_Atem: https://github.com/snapcore/snapd/pull/6111
[15:47] <zyga> can you re-review that please
[15:47] <mup> PR #6111: packaging/opensuse: move most logic to snapd.mk <Created by zyga> <https://github.com/snapcore/snapd/pull/6111>
[15:48] <zyga> mborzecki: ^ perhaps you can have a look as well
[15:48] <zyga> the next thing to fix is to move golang hardening flags to a helper like I indended
[15:48] <zyga> then all of snapd.mk should be reusable
[15:51] <stgraber> ever heard of snapd forgetting to generate a unit? https://discuss.linuxcontainers.org/t/containers-fail-to-start-after-server-upgrade-to-ubuntu-18-04-2-lts/4174/7
[15:51] <stgraber> snap.lxd.daemon.unix.socket is present, snap.lxd.daemon.service isn't. Doing a back and forth refresh between two channels fixed it (back to same rev that was broken)
[15:51] <zyga> stgraber: no
[15:51] <zyga> that's interesting
[15:52] <zyga> stgraber: can you ask for `snap changes` on the LXD forum?
[15:52] <zyga> perhaps there are some clues there
[15:53] <stgraber> zyga: output now included
[15:54] <zyga> it would be awesome if pasting something into the forum showed a clippy saying "perhaps you wanted to paste pre-formatted text"
[15:54] <zyga> "running service command" is interessting?
[15:54] <mborzecki> zyga: just a hunch, but that's probably ENOSYS i'm seeing https://github.com/flatpak/xdg-desktop-portal/blob/master/document-portal/document-portal-fuse.c#L718-L735
[15:54] <stgraber> ah yeah, I'm editing people's posts all the time :)
[15:54] <zyga> perhaps ask for "snap tasks NNN" for the ones that failed?
[15:54] <zyga> stgraber: same here, thank you for doing that :)
[15:55] <zyga> mborzecki: oh, nice catch
[15:55] <zyga> I didn't know the portal did not support that
[15:57] <zyga> mborzecki: ^
[15:57] <stgraber> zyga: updated
[15:57] <zyga> Chipaca: ^ do we clean up if a service refresh fails, with regards to unit files?
[15:57] <zyga> thanks, I see
[15:58] <Chipaca> zyga: stgraber: it's possible an in-task cleanup is wonky
[15:59] <zyga> feels like worth reporting, even to add a spread test to see it works forever
[15:59] <mborzecki> zyga: 'works forever' don't know which industry is that, but not this one :P
[16:00]  * zyga shrugs and writes medical-grade code ;-)
[16:02] <diddledan> medical grade as in it makes you vomit?
[16:03]  * zyga inserts matrix reference with no-mouth neo
[16:03] <diddledan> "so offensive it kills 99.9% bacteria"
[16:04] <pedronis> pstolowski: did you find out how to check about the snap-confine profile?
[16:04] <zyga> pedronis: we talked about it, I gave a few suggestions that all should be sufficient to check this
[16:05] <pedronis> ok, thx
[16:05] <pstolowski> pedronis: yes, but i'm fighting a spread test error after the change
[16:09] <zyga> afk for 30 min
[17:04] <Chipaca> pedronis: I fear the followup refactor commit on #6540 is bigger than the original :-)
[17:04] <mup> PR #6540: daemon, client, cmd/snap: debug GETs ask aspects, not actions <Created by chipaca> <https://github.com/snapcore/snapd/pull/6540>
[17:07] <pedronis> Chipaca: looks good though
[17:07] <pedronis> thank you
[17:08] <Chipaca> huzzah
[17:09] <Chipaca> HAH! the fix for service completion is in my 'git stash'
[17:09] <Chipaca> never pushed a PR with it :-(
[17:09] <pedronis> pstolowski: was in meetings, can we help somehow?
[17:10] <pstolowski> pedronis: it's fine, thanks, will push in a moment
[17:20] <mup> PR snapd#6541 opened: tests: change how dir is umounted on desktop-portal.sh <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/6541>
[17:42] <pedronis> zyga: can you review the new tests added to #6530
[17:43] <zyga> sure
[17:43] <mup> PR #6530: overlord/ifacestate: fix migration of connections on upgrade from ubuntu-core <Squash-merge> <Created by stolowski> <https://github.com/snapcore/snapd/pull/6530>
[17:43] <zyga> looking
[17:44] <zyga> +1
[17:45] <zyga> pedronis: I wish we had a "snap debug wait-for-change-type core-transition" or something like that
[17:46] <zyga> pedronis: if mvo does a release, I will package it first thing tomorrow
[17:47] <mup> PR snapd#6542 opened: cmd/snap: fix `snap services` completion <Created by chipaca> <https://github.com/snapcore/snapd/pull/6542>
[17:56] <zyga> cachio: hey
[17:56] <zyga> cachio: has the leap 42.3 image changed?
[17:57] <zyga> cachio: I thing we could use an update (just take stock 42.3 and run "zypper refresh && zypper dup" on it)
[18:26] <mup> PR snapcraft#2483 closed: cli: Handle legitimate provider exec errors <Created by cmatsuoka> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2483>
[18:35] <mup> PR snapcraft#2487 opened: Release changelog for 3.2 <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/2487>
[18:51] <kyrofa> Hey zyga, any idea why this doesn't work in LXD? https://paste.ubuntu.com/p/QT2mnJWZ5J/
[18:52] <kyrofa> zyga, this works though: https://paste.ubuntu.com/p/zgf528P6sN/
[19:02] <cachio> zyga,  in progress
[19:03] <cachio> I almost have the tumbleweed image
[19:04] <cachio> but there are some permissions that are missing and untils those are not granted I can't publish the image
[19:07] <cachio> niemeyer, hey
[20:09] <zyga> cachio: ack, thank you
[20:09] <zyga> kyrofa: looking
[20:09] <cachio> zyga, I think the images will be ready tomorrow
[20:10] <cachio> I need those perms
[20:10] <zyga> kyrofa: I don't know how here doc are implemented but I'm sure you have a denial saying why it didn't work
[20:10] <zyga> kyrofa: most likely that shell opens a temporary file
[20:10] <zyga> kyrofa: and passes a fd to the child process as input
[20:10] <zyga> kyrofa: in the case it works the apparmor profile describes that file and allows snap-confine and bash to both use it
[20:10] <zyga> kyrofa: in the case where it does it is denied by the outer stacked profile
[20:11] <zyga> kyrofa: on the forum there are some discussions of "apparmor object delegation" but this is not implemented in the kernel or in userspace yet
[20:11] <zyga> kyrofa: so for now, it's a bummer and we can only fix it by adjusting lxd profile; not sure if the adjustment is sane from security point of view though
[20:17] <kyrofa> zyga, indeed, here are the denials (on the host): https://paste.ubuntu.com/p/4Sh6Hkf8sQ/
[20:18] <zyga> kyrofa: report a bug on lxd with those details, perhaps it will be included
[20:18] <zyga> it would be good to check what is the temporary file name pattern
[20:18] <zyga> is it always sh-*
[20:19] <kyrofa> stgraber, does that sound like a lxd bug to you? Happy to report it
[20:22] <kyrofa> stgraber, uh, context: the fact that this doesn't work in LXD: https://paste.ubuntu.com/p/QT2mnJWZ5J/
[20:30] <kyrofa> stgraber, with this type of denial on the host: https://paste.ubuntu.com/p/4Sh6Hkf8sQ/
[20:37] <stgraber> kyrofa: the file_inherit stuff is some kind of apparmor bug causing the profile in a container to have to be slightly more comprehensive than on the host
[20:37] <stgraber> kyrofa: IIRC this is something we ran into with snaps a LONG time ago and which got fixed by adding the required allow rule in snapd generated profiles
[20:38] <stgraber> the /apparmor/.null path is a bit odd though
[20:49] <kyrofa> stgraber, huh, so perhaps this used to work and regressed?
[21:06] <stgraber> kyrofa: yeah, that's posssible, it could have been a change to the generated apparmor profile, can be a change to the kernel or a change to the apparmor parser
[21:06] <stgraber> kyrofa: in all cases, you want someone from apparmor taking a look into this, jdstrand might know what's happening or jjohansen
[21:06] <stgraber> kyrofa: the exact kernel you're running may also matter here
[21:12] <kyrofa> stgraber, alright, thank you!
[21:17] <Chipaca> pedronis: am I right to think we said we should make 'snap debug connectivity' use the GET path as well?
[21:18] <Chipaca> pedronis: (so everything listed under snap debug -h works without sudo)
[21:41] <mup> PR snapcraft#2488 opened: cli: Fix traceback count check in error test <Created by cmatsuoka> <https://github.com/snapcore/snapcraft/pull/2488>
[21:47] <mup> PR snapcraft#2489 opened: cli: Mock Raven client in error tests <Created by cmatsuoka> <https://github.com/snapcore/snapcraft/pull/2489>