/srv/irclogs.ubuntu.com/2019/02/28/#snappy.txt

mupPR snapcraft#2490 closed: test: test-beta <Created by sergiusens> <Closed by sergiusens> <https://github.com/snapcore/snapcraft/pull/2490>00:15
mwhudsonhmm trying to use the fakestore and failing02:39
mwhudsonjust get http 418s from everything02:39
mwhudsonanyone around?02:39
mwhudsoni guess i'll ask in the forum02:39
mborzeckimorning06:15
mborzeckibrb kernel update06:26
zygaHey guys! I will be in the office in 20 minutes. Doing some babysitting now.07:09
mborzeckiarch package update pushed07:12
=== pstolowski|afk is now known as pstolowski
pstolowskimornings07:52
pedronispstolowski: hi, mvo created this: https://trello.com/c/h3v4bN13/172-fix-build-failure-on-armhf-in-edge-ppa08:10
pedronisis that a new test?  or associated with recent changes?  seems it's failing in the armhf builders08:10
pedronistiming?08:10
pstolowskipedronis: hey, yes, i got email from trello, investigating, reproduced locally by running in a loop, seems like a race08:10
pedronispstolowski: ok, thank you,  and yes it's a priority given it's stopping us from producing edge builds for arm08:11
pstolowskipedronis: i don't think it's because yesterday's changes, this landed last week08:11
pedronispstolowski: not quite sure when the error appeared08:11
pstolowskipedronis: more worrying is the amd64 failure in same ppa on TestHotplug08:13
pedronispstolowski: ok08:13
pstolowskipedronis: looks like something got stuck on udev monitor, might be something build env specific, hard to tell08:14
pstolowskibut also, not related to yesterday's change i think, that test was landed long time ago08:14
pedronispstolowski: ok, let me know how it goes08:23
pstolowskipedronis: sure08:25
mborzeckirpm triggers for downgrade suck08:30
pstolowskipedronis: ok, i got it, PR coming08:32
mupPR snapd#6550 opened: daemon/tests: fix race in the disconnect conflict test <Simple 😃> <⚠ Critical> <Created by stolowski> <https://github.com/snapcore/snapd/pull/6550>08:39
pstolowskipedronis: ^08:39
pstolowskipedronis: the amd64 failure on 14.04 is unclear atm, not sure why we didn't see it before; the udev mon test run for 10 minutes and got killed, i'll see if i can reproduce on 14.0408:41
pedronispstolowski: +1 on the first fix08:43
Chipacamoin moin09:09
pedronisChipaca: hi09:24
Chipacapedronis: 'sup09:24
mborzeckihmm rpm triggers are most interesting, semi-useless documentation, only thing you can really do is experiment :/09:41
pedronisChipaca: how's the tweaking of 6356 ?09:45
Chipacapedronis: nearly done, just the reRefreshUpdateMany rename pending09:46
Chipacapedronis: problem is I either make it _the_ update many, or fix it with a comment09:48
Chipacadithering too much on that09:48
pedronisChipaca: can I help? but I'm not understanding those last two comments09:48
Chipacapedronis: I'll let you know :-)09:49
zygauh, re09:57
zygahey09:57
zygasorry, tough night, tough morning09:57
zygapstolowski: I see you know about the card mvo made09:58
zygawe discussed it last night and he asked me to relay that you have a look09:58
pstolowskizyga: yep, https://github.com/snapcore/snapd/pull/655009:58
mupPR #6550: daemon/tests: fix race in the disconnect conflict test <Simple 😃> <⚠ Critical> <Created by stolowski> <https://github.com/snapcore/snapd/pull/6550>09:58
zygapstolowski, pedronis: should we do a .5 with this or is it sufficient to just patch master?10:00
pedroniszyga: as far as I understand it was affecting edge10:00
pedronisnot 2.3710:00
zygapedronis: the failure was reported on .4 build10:01
zygahttps://launchpad.net/~snappy-dev/+archive/ubuntu/edge/+packages10:01
zygaon line three there10:01
pedronisthen mvo explained himself badly10:02
zygalet me check the state of beta10:02
zygapedronis: I think we're good, I see .4 in beta across all architectures10:04
Chipacazyga: hella good10:05
zygaChipaca: :-) hey, how are you doing?10:06
Chipacazyga: hating names10:06
zygaoh?10:06
zygawhat's wrong?10:06
Chipaca:-)10:06
Chipacazyga: nothing unusual there though10:06
pstolowskigoogle:ubuntu-14.04-64:tests/main/snapd-reexec failed on my PR (unrelated to the PR), and lots of aborts again10:24
pedronispstolowski: yes, lots of aborts10:27
pedronisin many PRs10:27
pedronispstolowski: spread error output about aborts is always hard to chase10:35
pstolowskiuhm10:36
pedronisusually is allocating machines?10:37
pedronispstolowski: zyga: ah,  2019-02-28 07:08:49 Cannot allocate google:opensuse-tumbleweed-64: cannot find any Google image matching "opensuse-tumbleweed-64" on project "computeengine" or "opensuse-cloud"10:38
pstolowskiuh10:38
pedroniswe should disable it until cachio can debug10:38
pedronisit worked yesterday once or so10:38
pedronispstolowski: add a manual:true in its stanza (as we have for others)10:40
pedronisin your PR10:40
pstolowskipedronis: you mean in #6491?10:42
mupPR #6491: interfaces: hotplug nested vm test, updated serial-port interface <Hotplug 🔌> <Created by stolowski> <https://github.com/snapcore/snapd/pull/6491>10:42
pedronispstolowski: ?10:42
pedronispstolowski: the easy one10:43
pedronispstolowski: #655010:43
mupPR #6550: daemon/tests: fix race in the disconnect conflict test <Simple 😃> <⚠ Critical> <Created by stolowski> <https://github.com/snapcore/snapd/pull/6550>10:43
pedronispstolowski: the other needs a review process no?10:44
pedronispstolowski: we need a PR that we want to land and can land soon10:45
pstolowskipedronis: yes sure the other PR needs reviews; ok, will set opensuse-tumbleweed to manual for now10:49
* Chipaca brb10:56
pedronismborzecki: could you review #6356 when you have some time?11:04
mupPR #6356: overlord/snapstate: during refresh, re-refresh on epoch bump <Created by chipaca> <https://github.com/snapcore/snapd/pull/6356>11:04
pedronispstolowski: thanks11:04
mborzeckipedronis: sure, gladly, got quite fed up with the rpm crap11:05
mborzeckiheh, i cannot use snap-mgmt to do the patching of mount units and we'll have to ship a separate script, otherwise downgrade to pre selinux-aware snapd won't work11:06
zyga2.37.4 panic in unit tests11:09
zygahttps://www.irccloud.com/pastebin/Ky7i9Vr5/11:09
mupPR snapd#6499 closed: cmd/snap-confine: allow moving tasks to pids cgroup <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/6499>11:12
zygaI added a trello card11:14
pedroniszyga: about ?11:14
zygaabout that failure, so that I don't forget to look at it later today11:14
zygagoing through the release process now11:14
pedroniszyga: when does it happen?   2.37 is green11:14
pedronison GH11:14
zygapedronis: it seems like a race, it happened in 2.37.4 unit tests during package build11:15
pedronisok, weird11:15
pedronisI would those tests don't need to do weird racy things11:15
pedronisbut what do I know11:15
zygayeah :(11:15
pedronisthe test is probably complicated11:15
pedroniszyga: no, I fear a real bug11:19
pedronisthe manip of the counter is wrong11:20
pedroniswill send a fix after lunch11:26
Chipacapedronis: somebody at the sprint said that when we remove a snap we forget all connections, but it was in the middle of a bigger discussion and I didn't correct them even though I don't think that's right11:31
Chipacapedronis: that wasn't you was it?11:31
Chipacawe so don't forget them, you can ask for connections of snaps that aren't even installed11:31
zygathat was me11:33
zygawhen we remove the last revision we add one more task11:33
Chipacazyga: I'm not theorising, I'm looking at it on my system11:34
zygaoh11:34
zygaso bug :)11:34
Chipacazyga: is it though11:34
Chipacazyga: I've heard it described as a feature11:34
Chipacait does feel at least partially buggy in that connections only accumulate11:35
Chipacae.g. I iterated on the connections on icdiff, and my snapd remembers all the names as separate things11:35
Chipacaeven more interestingly, 'snap connections' lists it as connected even though the snap is removed11:36
Chipacawhich sounds like fun :-)11:36
zygauh11:36
zygacan you add a card please11:36
zygaI'll look11:36
Chipacapedronis: can you comment on this behaviour, wrt whether we want it one way or another please11:37
mupPR snapd#6550 closed: daemon/tests: fix race in the disconnect conflict test <Simple 😃> <⚠ Critical> <Created by stolowski> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/6550>11:40
pstolowskipedronis: ^ merged11:40
pedronisChipaca: we have a thing called discard-conns11:41
pedronisisn't it called11:41
pedronis?11:41
Chipacapedronis: no11:41
Chipacathat was an easy grep11:41
pedronisChipaca: ?11:42
Chipacapedronis: it's not called11:42
Chipacapedronis: grep -r --include \*.go --exclude \*_test.go discard-conns11:42
pedronisChipaca: it was at some point11:42
pedronishave we lost it?11:42
pedronisaddHandler("discard-conns", m.doDiscardConns, m.undoDiscardConns)11:43
pedronisifacestate does define it11:43
popeyIs there some way to do a "snap why <snap>" to find out why a particular snap is installed? e.g. "snap why core18" might tell me opentoonz is why i have it installed?11:43
Chipacapedronis: yes we lost it11:43
pedronisChipaca: how, when?11:43
pstolowskipedronis: yes i think we last it when we switched to running disconnects11:43
pstolowski*lost11:44
pedronispstolowski: but disconnect should remove conns?11:44
pedronisbut Chipaca says conns are there11:44
pedronisthere is bug11:44
Chipacapedronis: dc290cac8b548ec7369433dda75c9cdd6d71e27111:44
pedronisChipaca: anyway, yes it's bug, we don't want to keep conns around for removed snaps11:45
Chipacaok11:45
Chipacawe do :-)11:45
pedroniswe are not supposed to11:45
pedroniswould be good to find out how11:45
pedronisbecause disconnect should remove them11:45
pedronisat least one by one11:45
Chipacapopey: we don't currently track that though11:46
pedronisChipaca: anyway sounds like we are missing a test somewhere11:46
pedronisor is more complicated11:46
pedronisand we don't lose them only sometimes11:46
pstolowskipedronis: yes we do delete(conns, cref.ID()), although its condition on auto flags etc, so maybe that's wrong11:46
pedronispstolowski: ?11:46
pstolowski*conditional11:46
pedronisah11:46
Chipacaah, maybe we only don't forget manual ones11:46
pstolowskipedronis: in doDisconnect11:46
pedronissomething seems off11:47
pedronisdiscard-conns removed everything11:47
pedronisanyway depends which auto flag11:47
pstolowskiChipaca: do you see undesired:true on those connections?11:48
Chipacapstolowski: in the state itself?11:48
pstolowskiChipaca: yes11:49
pedronispstolowski: the code seems right to me tough11:49
pedronisit always delete11:49
Chipacapstolowski: "icdiff:personal-files core:personal-files":{"interface":"personal-files","plug-static":{"read":["$HOME/.gitconfig"]}}11:50
pedronisunless it's a autodisconnect11:50
pedronisit's not a auto-disconnect11:50
pedronisare we setting that flag wrong?11:50
pstolowskidoAutoDisconnect: // "auto-disconnect" flag indicates it's a disconnect triggered as part of snap removal, in which case we want to skip the logic of marking auto-connections as 'undesired' and instead just remove them11:52
pstolowskiand we set it there11:53
pedronisexactly11:53
pstolowskii looked at disconnect() as well, the flag is carried there, looks sane11:55
pedroniswe are missing a test and/or not understanding what happens/happened on Chipaca's system11:56
cachiopedronis, lokking this problem11:56
Chipacapedronis: pstolowski: what happens to connections on refresh? if a snap's connections change, in particular11:57
ChipacaI imagine there it's sane to keep them all11:57
Chipacaon removal, do we only look at the 'current' connections?11:58
* Chipaca should look at the code11:58
* Chipaca should also try to reproduce this from scratch11:58
pedroniszyga: fix https://github.com/snapcore/snapd/pull/655111:58
mupPR #6551: systemd: decrease the checker counter before unlocking otherwise we can get spurious panics <Created by pedronis> <https://github.com/snapcore/snapd/pull/6551>11:58
Chipacaanyway, first to go back to reviewing connections11:58
mupPR snapd#6551 opened: systemd: decrease the checker counter before unlocking otherwise we can get spurious panics <Created by pedronis> <https://github.com/snapcore/snapd/pull/6551>11:58
pedronisChipaca: we don't keep connections per revision, so there is no current12:00
pstolowskiChipaca: you might be onto something with this question, doSetupProfiles/setupProfilesForSnap looks a bit suspicious and it relies - again - on reloadConnections (which was wrongly uses on core transition and i was fixing it last week)12:02
pstolowskipedronis: ^12:02
pstolowskidid we run discard-conns on refreshes before switching to new revision?12:03
pedronisno12:03
pedronisit was strictly for full removal of snaps12:03
pedronisonly12:04
pstolowskiok12:04
pstolowskiso yes, a test with refresh to a revision with less connections may give an answer12:06
pedronispstolowski: but those I think fully remove the snap from repo in a refresh12:06
pedronispstolowski: there's a DisconnectSnap  and RemoveSnap in those12:08
pedronisbefore adding it back and reloading connections12:08
pstolowskipedronis: yes, but where do we update conns be in sync with repo?12:09
pstolowski*to be12:09
pedronispstolowski: ?12:09
pedroniswe drop everything from repo12:09
pedronispstolowski: Chipaca: but there is code that would keep around connections for unknown slots/plugs12:11
pstolowskipedronis: yes, but don't we have the same problem we had with ubuntu-core transition? we need to keep conns in sync with repo, but reloadConnections only adds connections from conns in state, never removes12:11
pedronispstolowski: we DisconnectSnap and RemoveSnap12:12
pedronison repo12:12
pedronisthat should remove everything12:12
pedronisthen we add back12:12
pedronisin reloadConnections12:12
pedronispstolowski: we reset the repo first or that's the intention at least12:13
zygayes12:13
pstolowskipedronis: yes, but DisconnectSnap/RemoveSnap remove in memory only12:13
pedronispstolowski: ?12:13
zygapstolowski: what else would it remove?12:13
pedronispstolowski: we keep the same conns12:13
pedronisif what you are asking12:13
pedronisbecause of the code in reloadConnections12:13
pedronisthat ignore some errors12:14
pedronisbut that has nothing to do with sync with repo12:14
pedronisrepo should be a clean slate at that point12:14
zygapedronis: I'm wondering if we should change things so that repo is only constructed from state on demand12:14
zygapedronis: repo is very useful12:14
zygapedronis: but the mental model of how to sync it is non trivial12:15
zygapedronis: RepoFromState(st *state.State) (*interfaces.Repository, error)12:15
zygathen work on repo all you want12:15
pedronismaybe12:15
zygaand then some sort of commit/abort to change state again12:15
pedronisseems a bit unrelated to the problem here12:15
zygayes12:16
pstolowskipedronis: i mean: when we refresh to a snap with less connections, we remove all connections from repo with RemoveSnap/DisconnectSnap, but they stay intact in conns. Then we re-add snap to repo and reloadConnections so we have them back in repo. back we're left with an extra connection in state (conns), no?12:16
zygajust thinking about the reasoning about what reload does12:16
pstolowskis/back/but/12:16
pedronispstolowski: they are not back in repo  because you cannot connect things that don't exist12:16
pedronispstolowski: what happens is this:  https://github.com/snapcore/snapd/blob/master/overlord/ifacestate/helpers.go#L31112:16
pedroniswhich maybe is what John hit or not12:17
pstolowskipedronis: yes, i understand this. we're left with a stray connection in conns, that's it12:17
pedroniswe don't have stray connections in repo12:17
pedronisas such12:17
pedronisor shouldn't12:17
zygawe cannot12:17
pstolowskiit's not ending up in repo12:17
pstolowskiyes12:17
zygabut AFAIK we do keep those in state12:18
pstolowskiyes12:18
pstolowskithat's the issue12:18
pstolowskiand I think it explains those stray connections problem we observed long time ago (which we didn't understand), for which we added that "unknown plug/slot" logic in reload (to ignore them)12:18
pedroniswell, there's a comment that says we don't know what to do from ago12:19
pedronisbut yes then we added removeStaleConnections12:19
pedronisonly on startup12:19
pedronisbut that considers snaps12:19
pedronisnot plug/slots12:20
pedronisanyway still unclear if this what John hit or something else12:20
cachiopedronis, I am creating a new tumbleweed image12:24
ChipacaI need to step out, but I just finished the review on connections, I can look at reproducing this from scratch if it'll help12:24
ChipacaI'm not sure what's needed, from all the above, though12:25
cachiopedronis, I don't know what happened with the previous one but it is not registered anymore12:25
* Chipaca bbiab12:25
pedroniscachio: fascinating12:26
pedroniscachio: thanks, I suppose we should a day to see if this one sticks around before turning the tests back on12:26
pedronis*should wait12:26
cachiopedronis, I see some errors related to lack of permissions in the logs12:27
cachiopedronis, perhaps that could be the cause12:28
cachioI'll continue researching12:28
cachiobut what I see is that the image is not in out pool anymore and it was not manually deleted12:29
pedronisChipaca: did you change the name of the plug at some point?12:32
pedronispstolowski: is it on you queue to look at the comments by mvo on #6322 ?12:32
mupPR #6322: overlord/hookstate: apply pending transaction changes onto temporary configuration for snapctl get <Complex> <Created by stolowski> <https://github.com/snapcore/snapd/pull/6322>12:33
mupPR snapd#6552 opened: ifacestate/tests: fix/improve udev mon test <Created by stolowski> <https://github.com/snapcore/snapd/pull/6552>12:33
pstolowskipedronis: ah, thanks, that one went under a radar a bit due to other things, i'll revisit it today12:34
cachiopedronis, tumbleweed image is ready again12:36
pedronispstolowski: that test you fixed, the accesses were, you have channels but you the things you access could be mutated by next loop of the monitor12:41
pedroniswhile you were checking them12:41
pedronis*were racy12:41
pstolowskipedronis: i kinda had a gut feeling about that, thanks12:41
pedronispstolowski: you can try go test -race  , sometimes it useful12:42
pstolowskipedronis: will do, thanks!12:42
pedronispstolowski: here on master it detects are race on remInfo for example12:43
pstolowskipedronis: right, i can confirm, works great! and doesn't report it anymore on my PR12:46
pstolowskicachio: opensuse will need to be enabled back as I disabled it in the PR that landed earlier12:49
pstolowskicachio: I'll prepare a PR12:52
cachiopstolowski, yes, thanks, I am trying to understand what happened12:53
mupPR snapd#6553 opened: tests: enable opensuse tumbleweed back <Created by stolowski> <https://github.com/snapcore/snapd/pull/6553>12:54
pstolowskicachio: ^12:54
pedronislet's see how it goes, probably we shouldn't merge it until tomorrow12:55
cachiopstolowski, pedronis I think the problem is a bug in the google lib12:56
Chipacapedronis: I did change the name of the plug, yes13:08
pedronisChipaca: ok13:09
Chipacapedronis: am i evil13:09
pedroniswe need to be a bit more clever in that code13:09
mborzeckioff to pick up the kids13:09
mupPR snapd#6551 closed: systemd: decrease the checker counter before unlocking otherwise we can get spurious panics <âš  Critical> <Created by pedronis> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/6551>13:10
zygapedronis: that feels like a real bug13:11
zygapedronis: I was thinking we should do a .513:12
pedroniszyga: I poked mvo about that13:12
zygaand keep the 2.37 branch around as an LTS, with regular security updates and serious bug fixes13:12
pedronis?13:12
zygait's the idea I was talking to mvo about a few times already13:12
zygawe move too fast and too slow13:13
zygawe should not release to the world on day one of 2.3813:13
zygaserver should stay behind on 2.37 until we had a few cycles of 2.38 desktop feedback13:13
pedroniswe cannot do that without tracks13:13
pedronisanyway it's probably not a discussion to have this week13:14
zygayeah, we'd have to do something to change how we release13:14
zygabut I think it's a good candidate for a starting point13:14
pedronisgiven that mvo is not really around13:14
pedronisalso not sure that bug is good candidate for that logic, is probably not very likely to hit in the field13:15
pedronisoften13:15
Chipacazyga: pedronis: listen to the wind! ☆c゚a.n*a・r。i゚e.s゚13:15
zygait's not that bug13:15
zygais the polishing effort that goes into 2.3713:15
pedronisChipaca: anyway if the plug was renamed, is not a regression, we had this kind of behavior since a long time13:17
pedronisprobably day 0 of the stuff13:17
Chipacapedronis: a zero-day bug! /o\13:19
* Chipaca promotes headless chickens13:19
pedroniszyga: I'm not particularly against or pro, I'm not sure an LTS as usual fits, also notice that the biggest non security issue with 2.37 was on servers13:19
pedronisit was on people CI pipelines13:19
=== ricab is now known as ricab|lunch
zygawe will never prevent all regressions but think we should consider this move as it may fix our credibility on stability where people really seriously depend on snaps for day-to-day work13:20
zygawe could also use lts on ubuntu lts desktops13:21
zygaand use non-lts on devel releases13:21
zygabut those are just ideas, I'd like to raise it as a topic next week when we are back in full set13:21
pedronisat some point we will just reduce the pool of testing to the point where we will hit the same issues but later13:21
Chipacazyga: seriously, canarying is for this, or am I missing the point13:22
pedronisif anything our issue is that people don't use beta/candidate enough13:22
zygaChipaca: how would canarying prevent what we saw during 2.37?13:22
Chipacazyga: depends on what you mean by "what you saw"13:23
zygaChipaca: the point is simple, now we release almost synchronously all around the planet13:23
Chipaca"what we saw" i mean13:23
pedroniswe try not to really13:23
zygaChipaca: I'd like to change that because we cannot maintain quality for production workloads13:23
Chipacazyga: and how is that _not_ canarying?13:23
zygaChipaca: perhaps I misunderstand but canarying is not a separate release schedule13:24
zygait's just a pool of machines that say yes or no automatically13:24
zygathat's not the same in my eyes13:24
pedronisanyway it's super unclear that the people that hit our bugs would have not run lts13:24
Chipacazyga: canarying is where, say, 1% of the installed base gets a new revision13:24
pedronisand then back to square one13:24
Chipacazyga: if nothing breaks, 5%, 10, … etc13:25
zygaChipaca: breaking 1% of server people IMO too much; I also don't trust in the automated aspect and holding that back; it feels like a good additional system but not a replacement for what LTSes are13:25
Chipacazyga: if something breaks, you rollback13:25
zygaChipaca: I don't disagree on that, just that the set of times you have to roll back burns our credibility and we should avoid  that13:26
zygaChipaca: we should do better in all the ways we can, including in how we release13:26
zygaanyway13:26
zygaI think we should discuss next week13:26
zygajust wanted to explain my point of view over canarying13:26
pedroniszyga: as I said, no strong opinion right now, I just have the impression that this will just delay when we see the bugs13:27
pedronisand that's it13:27
* pstolowski off to the doctor13:32
* zyga breaks and goes for a late walk13:33
zygaI'll skip standup today: my update is short, started late after rough night, releasing .4 everywhere;13:34
zygaone unusual aspect is that I filed bugs to help include snapd in opensuse13:34
zygathat's all13:34
pedroniszyga: thx for the update13:41
mborzeckire13:45
Son_Gokuzyga: erk: https://koji.fedoraproject.org/koji/buildinfo?buildID=121751913:52
Son_Gokudid you accidentally chop the changelog entry up?13:52
Son_GokuMichael's name is missing from the changelog entry and it looks like it was squished with the 2.37.4 release entry13:53
zygaThere was no changelog entry this time13:53
Son_GokuI see one here? https://github.com/snapcore/snapd/commit/af063cbb045a1e232bfb5131683657f78b0cd7ad13:53
Son_Gokuerr. https://github.com/snapcore/snapd/commit/af063cbb045a1e232bfb5131683657f78b0cd7ad#diff-29bff6a81f0669dfd7375cb5e5f13a8913:54
zygaOh? When I looked I saw TBD13:54
zygamaybe stale view13:54
zygaI took entries from the release page13:54
Son_GokuMichael puts them in as part of the tag-release commit13:55
Son_Gokuso they're usually there13:55
zygaI am afk but when I looked at the Fedora spec it had a placeholder only13:56
* Son_Goku shrugs13:56
Son_GokuI'll fix it in dist-git13:56
Son_Gokuno worries13:56
zygaThanks!13:57
Son_Gokuzyga, thanks for doing the update stuff anyway :)14:00
pedronisChipaca: pstolowski: standup?14:01
Chipacayep, omw14:01
zygaMy pleasure :-)14:01
Son_Gokuzyga, new snapd packages are building14:07
Chipacamborzecki: https://www.youtube.com/watch?v=OZpgnYhzdkI14:07
Son_Gokuwhen you get a moment, go ahead and file them as updates after they've been built14:08
zygaYep14:08
zygaI’m heading home slowly14:09
zygaHashtag baby hashtag walk14:09
cwayneHashtag babywalk?14:09
Chipacapopey: where can I find an Evan these days? (I know not IRC)14:19
* cachio afk 15 mins14:20
cory_fusergiusens: Do you have a moment to assist with a snap build issue I'm having?14:32
=== ricab|lunch is now known as ricab
pstolowskire14:53
pstolowskipedronis: sorry, i had an eye check today, i mentioned that yesterday during standup15:14
Chipacapstolowski: and via the forum15:17
zygare15:17
zygajdstrand: hello15:18
zygajdstrand: could you please look at a suggestion we got from the suse security team: https://bugzilla.opensuse.org/show_bug.cgi?id=1127366#c315:19
sergiusenscory_fu: what version? Also /join #snapcraft instead15:19
zygathe idea is to make snap confine ownership: snap-confine 6750 root:snapd15:19
zygathis way you can use snaps if you are a member of the group snapd15:19
zygathough I worry about setgid aspect of snap-confine (group root)15:20
zygadoing this would speed up entry to suse15:20
zygaPharaoh_Atem: did you run another round of builds15:23
zygaPharaoh_Atem: or shall I before I send stuff to bodhi?15:23
zygapedronis: CC on the message to jdstrand15:24
jdstrandzyga: I'm not opposed to the idea, though it may complicate the priv-dropping code in snap-confine somewhat. it will definitely cause usability issues on suse since only people in the snapd group would be able to use snaps15:27
jdstrandpedronis: ^15:27
zygajdstrand: right15:27
zygajdstrand: I understand the plan is to use this to simplify the review15:27
zygajdstrand: and ship snapd in kubic OS by suse15:28
zygajdstrand: where the users will have the permission by default15:28
zygajdstrand: can you explain how it would complicate the priv dropping code?15:28
pedronisjdstrand: don't we have also issues with reexec and the fact that we have one core15:29
pedronisrespectevely snapd snap15:29
jdstrandzyga: it would have to be reviewed-- it may not, but it may. I recall we very precisely drop uid and gid15:29
zygayeah15:29
jdstrands/drop/drop, raise, drop/15:30
zygaI can attempt that to see what happens (just chmod/chown it on my system)15:30
zygaI suspect we may need a patch on snap-run15:30
zygato say "please add the users to snapd group" or something alike15:30
zygaand some changes to snap-confine (there are probably three places that manipulate uid thre)15:30
zyga*there15:30
pedronisjdstrand: my question how can we have snap-confine have different perms on different distros while keeping one core snap15:31
zygapedronis: I think we are not using snap-confine from core/snapd on suse / fedora15:32
zygaso perhaps in those places as a special case?15:32
jdstrandpedronis: it wouldn't work in the reexec case15:43
pedronisjdstrand: but then it means people can circumvent that check by turning reexec on15:44
jdstrandI mean, it could theoretically work if you get the same gid for snapd in all the distros and your distro packaging adds the group with that gid and the snap also uses that gid, but yikes, hard to coordinate15:45
jdstrandpe15:45
jdstrandpedronis: yes15:45
pedroniswe would need to hardwire somehow no reexec15:45
zygaI think kubic would not allow reexec,15:45
zygapedronis: we do that today15:45
zygathere's no reexec on suse15:45
jdstrandzyga: but a user could set the env var, certainly15:46
pedronisI thought we always respected the env var15:46
zygajdstrand: it is ignored on suse15:46
zygaI ... don't know15:46
pedronisheh15:46
zygaworth checking :)15:46
zygabut I think it does nothing15:46
zygabecause it doesn't function15:46
jdstrandinteresting15:46
zygathings just don't work in many ways still15:46
zygadifferent paths etc15:46
zygaI'd love to be able to turn it on15:46
zygahave a default that distros agree with15:46
zygabut a knob the user can toggle15:46
zygait's just that we're not there yet15:47
pedronisbut we they ask for this15:47
pedroniswe cannot turn it on15:47
pedronisthe two things feels a bit incompatible15:47
jdstrandsnapd could disable reexec if the sgid bit was set on snap-confile15:47
zygaI agree15:47
jdstrandsnap-confine15:47
zygajdstrand: I would have it as a first class concept: no reexec mode set at build time15:47
zygathen there's simpler way to control this15:47
zygait's just off15:47
zygathough for now I think that's premature, we should just check what happens with the different group and see if we'd be happy with that mode during review (and land any extra changes before this goes in)15:48
zygaPharaoh_Atem: updates posted to bodhi :)16:42
zygayou have to tell me one day how to do sets so that all the three updates can be in one big set16:43
=== pstolowski is now known as pstolowski|afk
Pharaoh_Atemzyga: it's not a thing sadly17:37
Pharaoh_Atemwhen we moved from Bodhi 1.0 to Bodhi 2.0, the ability to push a single update across multiple distributions went away17:37
Pharaoh_Atemor are you referring to a set of packages per update?17:37
zygaPharaoh_Atem: ah, I confused that17:41
zygaI thought it was a thing17:41
zygabut that's okay17:41
Pharaoh_Atemanyway, I gave karma to everything17:41
mupPR snapcraft#2491 opened: Fix and enable multipass spread tests <Created by cmatsuoka> <https://github.com/snapcore/snapcraft/pull/2491>17:41
Pharaoh_Atemso it'll push out in the next 48 hours17:41
zygaPharaoh_Atem: thank you17:46
zygaPharaoh_Atem: say, what about manjaro17:46
zygashould we do something there?17:47
Pharaoh_Atemhm?17:47
zygais snapd in manjaro?17:47
Pharaoh_AtemI believe so17:48
zygado you have any contacts there?17:48
zygasomeone we could talk to in case we need to release urgently?17:48
Pharaoh_Atemnope17:49
Pharaoh_AtemI don't know anyone in Manjaro anymore17:49
zygaok,  thank you17:49
zygawe're doing our best where we can17:49
zygaI will work on suse concept for some more time and then EOD17:49
Pharaoh_Atemif it works out with the reworked packaging for SUSE, we can look at integrating those changes into the Fedora packaging and tweaking it to build for SUSE distributions too17:50
zygaPharaoh_Atem: I already started :)18:03
zygaPharaoh_Atem: I need to finish selinux support in snapd.k18:03
zyga.mk18:03
zygait's not a priority for me  this week but I expect to switch more and more packaging over to it18:03
Pharaoh_Atembe careful, though18:03
Pharaoh_AtemI still need to be able to build it everywhere18:04
zygait has not lost any features18:04
zygait should really be just less repetition without any other effects18:04
Pharaoh_Atemand having a way to ensure things like the golang build flags are passed in are important18:04
zygayep, that's part of why this is not ready yet18:04
zygaI'm just saying it's important for me to get this done to simplify packaging work18:04
Pharaoh_Atemsure18:05
Pharaoh_AtemI'd like it to be simpler too18:05
Pharaoh_Atemit's a big part of why I hate Go so much :/18:05
* zyga EODs19:06
mwhudsonpedronis: thanks for the answers about the fake store20:04
mwhudsonhm21:41
mwhudsonsnap seeding appears to be completely hung in this image21:41
mwhudsoni've probably broken something but how can i diagnose?21:41
zygamwhudson: set SNAPD_DEBUG=1 in snapd.service override, hack the image to have serial tty,21:44
mwhudsoni have a tty21:44
mwhudsonand i think that env var is set21:44
mwhudsonyeah it is21:44
mwhudsonit is complaining about not being able to find a snap-declaration21:45
mwhudsonah whoops killed vm by mistake21:45
zygawell, good luck :)21:49
tylerscheubleHey, I'm trying to build a snap with a custom plugin, and I'm getting a "/bin/sh: 29: snapcraftctl: not found" on the pulling step. snapcraftctl isn't in the source of any of my files.21:50
tylerscheubleAny ideas? Thanks21:50
mwhudsonah the fakestore can make a declaration too21:51
mwhudsonomg it lives22:06
RalphBahi all22:10
RalphBashort question, is there an equivalent to flatpak's --user?22:10
RalphBafor unpriviliged and formost userlocal installations22:10
RalphBaso installed into their home, system state stays unalterd22:11
mwhudsonnow just the api/v1/snaps/auth/nonces thing22:11
roadmrRalphBa: no :) (short answer)22:11
RalphBaok, and how is an app behaving when used by 2 users?22:12
RalphBasay two users use nextcloud snap22:18
RalphBanextcloud-client22:19
kyrofaRalphBa, no differently than the deb installed once and used by both users. Settings are stored in a user-specific area22:23
RalphBakyrofa: so all the data downloaded from nextcloud server is stored somewhere in /home/user directory? Where?22:24
kyrofaRalphBa, you said nextcloud-client, perhaps we're misunderstanding each other22:24
RalphBathe snap nextcloud-client available in store22:25
RalphBaI can access its data via the current directory22:25
kyrofaBut yes-- the nextcloud client syncs stuff from client to server, and its settings are stored per-user. Where the stuff it syncs is located shouldn't really matter22:25
RalphBabut where is it stored?`and why is it available via /snap22:25
RalphBait matters because I have multiple paritions for multiple stuff22:26
RalphBaI have a backup concept22:26
RalphBaI need to know where stuff is22:26
kyrofaRalphBa, what I mean to say is: where stuff syncs is up to the user(s). It has no bearing on whether or not multiple users can use it22:27
RalphBadefault setting of that snap is to store data in some shady mount thing22:27
RalphBahow said, I access that data via /snap/.../current22:27
kyrofaThe snap itself is installed into /snap like any other snap. That's not a shady mount thing, it's a squashfs image. That's what a snap is22:27
kyrofaIt doesn't store anything there though. It's read-only22:28
kyrofaIt just executes from there22:28
RalphBaNextcloud downloadded 3 GB, the squashfs image had 87MB22:28
kyrofaJust like, if it was a deb, it'd probably be in /usr/bin/22:28
RalphBahm...22:29
RalphBathis was the path ~/snap/nextcloud-client/current/Nextcloud o /snap/nextcloud-client/current/Nextcloud22:29
RalphBaand also /...22:29
RalphBathe symlink pointed to snap/nextcloud-client/1022:30
RalphBawhich was the mountpoint of that .snap file22:30
kyrofa/snap/nextcloud-client/* is the snap installation path. ~/snap/nextcloud-client/current/ is the user-specific path where it might store user-specific settings (and yes, it can sync there as well, although I don't recommend it)22:30
RalphBaok, but where is that user specific stuff?22:31
RalphBaif I want to put that file on a tape, where to find it?22:31
kyrofaUh. Which file?22:31
RalphBa"user-specific path where it might store user-specific settings" << the file or the files in there22:32
RalphBain the current directory22:32
RalphBaok, where is a good technical documentation?22:33
kyrofaAnything in ~/snap/nextcloud-client/current/ falls under that category... I'm not quite sure what you're looking for22:33
RalphBa~/snap/nextcloud-client/current/ is just a symlink to a mount point22:33
kyrofaNo, it's a symlink to a directory22:34
kyrofa/snap/nextcloud-client/current IS a symlink to a mountpoint though22:34
kyrofaThe one in $HOME is different22:34
RalphBahm22:34
RalphBaoh22:36
RalphBaok, got it22:36
RalphBathat was the point, I thought ~/snap/.../10 is a mount point22:37
RalphBaseems not to be the case22:37
kyrofaIndeed not, perhaps that explains both of our confusion :)22:38
RalphBa:-D thanks for that one22:39
RalphBajust one to come, can I move /snap to /data/snap and symlink it?22:39
kyrofaSnaps have a few defined places where they can always write-- that's one of them (SNAP_USER_DATA). This might enlighten you further: https://askubuntu.com/questions/762354/where-can-ubuntu-snaps-write-data/762405#76240522:39
kyrofaI doubt it, snapd will want to be able to update it etc.22:40
RalphBahmmm... I really would like to get the installed stuff out of the base system22:40
RalphBadeb for system stuff, snap and flatpak for application stuff22:40
RalphBamight it tolerate /snap beeing an own mount point?22:41
kyrofaRalphBa, I'm afraid I don't know, that's a question for the snapd devs, who are all probably gone for the day. I suggest coming back earlier tomorrow to ask22:43
mwhudsonhmm so now when i try to refresh from the fake store i get a complaint about mismatched revisions22:46
mwhudsonthe assertion says rev 2 but somehow the snap has revision 1?22:47
mwhudsonbut i don't understand how a snap has a revision that is different from what the assertion says...22:47

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!