[06:18] <zyga> mvo: good morning
[06:18] <zyga> fun test failure
[06:18] <zyga> no  void  directory on core18 https://www.irccloud.com/pastebin/hjyPHGW5/
[06:18] <mvo> zyga: uh, fun indeed
[06:18] <mvo> zyga: and easy to fix
[06:18] <mvo> zyga: thanks for finding this!
[06:19] <zyga> mvo: so
[06:19] <zyga> mvo: I have a problem
[06:19] <zyga> mvo: how  do we  fix this?
[06:19] <zyga> by hacking core18/
[06:19] <zyga> mvo: can we create a package that is designed for core18-like systems?
[06:19] <zyga> mvo: that has the right  startup core and mounting points
[06:20] <zyga> mvo: I would rather not have this conversation in core20
[06:20] <mvo> zyga: I would add it to the build tree of UC18, this will become the build tree of UC20
[06:20] <zyga> mvo: if we make the right package it will be simply inistalled in core18 systems and that will be enough
[06:21] <zyga> mvo: add it how? I'm arguing that it should be a standalone package built out of  snapd source package, that is then installed in core18 system
[06:22] <mvo> zyga: yeah, it could be snap-skeleton-dirs or something but I'm not sure this is more robust, we might also forgot add things there instead of in the main snapd package just like we could forgot adding things to the UC18/uc20 snaps. or do you have something different in midn?
[06:22] <mvo> mind
[06:22] <zyga> mvo: we can very well  forget but if we fix it the fix goes to core16, core18 and core20
[06:22] <zyga> mvo: in one patch
[06:22] <zyga> mvo: and it would be in the snapd repo, not somewhere else
[06:24] <mvo> zyga: how would that look like in pratcise? what would the package be called and what would the dependencies be?
[06:24] <zyga> mvo: it  would not depend on anything but it  would conflict with snapd.deb
[06:24] <zyga> mvo: the name is irrelevant, maybe  snapd-bootstrap-and-skeleton?
[06:25] <zyga> mvo: it would ship /var/lib/snapd structure, the /bin/snap symlink, the /usr/lib/snapd mount point and perhaps your bootstrap script
[06:25] <zyga> mvo: (anything appropriate)
[06:26] <mvo> zyga: it would be separate from the main package snapd which (afaics) has the same risk of getting our of getting out of sync. maybe we pull something from snapd git in to create the dirs/perms and use exactly this in the main snapd package build(s)?
[06:28] <zyga> mvo: hmm?
[06:29] <zyga> mvo: the snapd source package would have snapd.deb  binary package and snapd-skeleton.deb binary (arch all) package
[06:29] <zyga> mvo: is that sufficient or do I misundertand your worry?
[06:29] <zyga> *misunderstand
[06:29]  * zyga preps breakfast for kids, responses may be slower
[06:31] <mvo> zyga: snapd/snapd-skeleton may get out of sync if we are not careful
[06:32] <mvo> zyga: because we add a new dir (or something) to snapd but forget to add it to snapd-skeleton
[06:32] <mvo> zyga: so we need something that ensures that this can't happen, one way would be to use a makefile/script/whatever as part of the snapd package build and use exactly the same script as part of the uc18/uc20 build
[06:35] <mvo> zyga: alternatively we could create some of these missing dirs ourselfs maybe? /var/lib/snapd is fully writable
[06:35] <mvo> zyga: (create them if missing)
[06:35] <mvo> zyga: I actually like this as it means its easier if people try to run snapd from a snapd git checkout etc (slightly easier I admit :)
[06:38] <mborzecki> morning
[06:40] <mborzecki> wow, some prs are actually green
[06:41] <zyga> hmmm
[06:41] <zyga> I'm not sure
[06:41] <mborzecki> zyga: hey
[06:41] <zyga> this shoud run before  snap
[06:42] <zyga> before snapd
[06:44] <mvo> hey mborzecki
[06:44] <mborzecki> mvo: hey
[07:00] <mborzecki> zyga: idk if you noticed, but there's quite a few directories missing under /var/lib/snapd between core and core18
[07:06] <mvo> mborzecki: yeah, zyga and I discussed ways to fix this, zyga had some ideas how to make sure we have the layout inside our tree somehow so that its used in uc18/uc20 and we are exploring which one is the best
[07:14] <zyga> funny that we noticed just now
[07:14] <mborzecki> in most cases those are created on demand
[07:15] <mvo> yeah, I think on demand-creation is a nice way out of this
[07:15] <mvo> and it has the advantage of making it easy to run from e.g. checkouts
[07:16] <mvo> but *shrug* there are downsides too
[07:16] <zyga> mvo: I don't disagree in principle but not everything can be created on demand
[07:16] <mborzecki> iirc void has some special permissions too, so this would have to be accounted for when we create it on the fly
[07:19] <zyga> mborzecki: can you do a 2nd review on https://github.com/snapcore/snapd/pull/6645 please?
[07:19] <mborzecki> haha looking at it just now :)
[07:19] <zyga> thank you :)
[07:19] <zyga> I want the rush of adrenalin from landing a PR
[07:20] <mborzecki> still, suprising usb.ids doesn't list oneplus
[07:20] <zyga> maybe it's a fake request?
[07:20] <mborzecki> zyga: no, i found some pages describing the process of getting oneplus working on linux and they list the same vendor id
[07:21] <zyga> aha, that's a good find
[07:21]  * zyga reviews https://github.com/snapcore/snapd/pull/6634
[07:23] <mvo> mborzecki: silly question - what is needed for 6606 ? a second review or is there more ?
[07:24] <mborzecki> mvo: 2nd review
[07:26] <mborzecki> zyga: added some links under 6645 in case you're curious, there's even a patch from lineageos
[07:26] <zyga> mborzecki: looking
[07:27] <mvo> mborzecki: thanks, maybe pstolowski can do a second review on 6606, it looks pretty much ready to me
[07:31] <mvo> mborzecki: added my .0002¢ I think its fine but would feel better if pstolowski  could do  a final pass on 6606
[07:31] <mborzecki> mvo: thanks!
[07:47] <zyga> brb, coffee
[07:48] <zyga> https://github.com/snapcore/snapd/pull/6597 <- 2nd review needed in case someone wants to look
[07:48] <mvo> just a quick service announcement - we have an updated systemd in the edge core with a race fix, if anyone notices anything strange in the tests related to systemd please shout
[07:48] <mvo> zyga: I can look
[07:50] <zyga> mvo: thank you
[07:50] <zyga> mvo: alternatively look at https://github.com/snapcore/snapd/pull/6621/files
[07:50] <zyga> it's much smaller
[07:50] <zyga> and more on the critical path
[07:50] <zyga> mvo: ack, about systemd, thank you for that!
[07:50] <mvo> zyga: ha! thanks, I take 6621 I think :)
[07:51] <mvo> zyga: the other one is *big* it seem
[07:51] <mvo> zyga: hopefully both, but for that I need more tea
[07:51] <zyga> yeah, this one is very small, just tests and a few lines of new code
[07:59] <mvo> pedronis: do you want to review 6630 again (snap warnings yamlish) or can I merge? john addressed your review points
[08:03] <pstolowski> morning
[08:05] <mvo> pstolowski: good morning!
[08:05] <mborzecki> pstolowski: heya
[08:35]  * dot-tobias says hi
[08:36] <pedronis> mvo: hi, please merge
[08:38] <mvo> pedronis: ta
[09:09] <abeato> ppisati, morning!
[09:09] <abeato> ppisati, which is the apparmor status for 4.9 kernels? Is there any patch needed to run ubuntu core/snapd with it?
[09:11] <ppisati> abeato: not that i'm aware
[09:12] <zyga>  mvo I will merge 6605 after adding the extra comment
[09:12] <ppisati> abeato: *none, that i'm aware of
[09:12] <zyga> mvo: just wrapping up a small new branch you asked for
[09:12] <zyga> mvo: thank you for the review!
[09:14] <abeato> ppisati, ok, thanks
[09:16] <pstolowski> pedronis: i've debugged the ssh.disabled issue
[09:18] <mvo> zyga: ta
[09:23] <pstolowski> pedronis: we don't support dotted notation at the nested level of the defaults definition, we expand dotted path at the root level only, e.g. that would work (works in a unit test i made):
[09:23] <pstolowski> defaults:
[09:23] <pstolowski>   test-snap-ididididididididididid:
[09:23] <pstolowski>       service.ssh.disabled: true
[09:24] <pedronis> pstolowski: it sounds like we should error or do something though ?
[09:24] <pedronis> we don't support dots in name in principle?
[09:24] <pedronis> pstolowski: where is ther relevant code?
[09:24] <pstolowski> pedronis: and consequently, with the config that Sergio created you end up with unexpanded key in the config: map[string]interface {}{"ssh.disabled":true}
[09:25] <pedronis> yea, that looks wrong
[09:26] <pstolowski> pedronis: also, this works fine in unit test:
[09:26] <pstolowski> defaults:
[09:26] <pstolowski>   test-snap-ididididididididididid:
[09:26] <pstolowski>       service:
[09:26] <pstolowski>           ssh:
[09:26] <pstolowski>               disabled: true
[09:27] <pedronis> that I know
[09:27] <pstolowski> pedronis: we do support dots in name, but it needs to start at the root level. you cannot define map and then have dotted path deep inside
[09:27] <pedronis> pstolowski: I understand, you said it already
[09:28] <pstolowski> and yes we should error out i suppose
[09:28] <pedronis> yes,  "ssh.disabled" should't be a valid key
[09:28] <pedronis> we should not get there
[09:28] <pstolowski> let me see if i can find where it happens exactly in the code
[09:34] <zyga> mvo: https://github.com/snapcore/snapd/pull/6650 :-)
[09:36] <pedronis> zyga: shouldn't we try to land 6583 first?
[09:39] <pstolowski> pedronis: i think the important bit is the "for key, value := range patch" loop in func (h *configureHandler) Before(). we call tr.Set there for top-level patch entries, but inside transaction's Set we only ParseKey once (for that top level)
[09:40] <pedronis> pstolowski: so we are missing a check for dots in key (where unexpected) somewhere?
[09:42] <zyga> pedronis: I will be working on that today
[09:42] <pedronis> zyga: you have 17 open PRs , that's not a feature :)
[09:43] <zyga> pedronis: I know but many of them are very close to landing
[09:43] <pedronis> zyga: then please try to land before opening new ones
[09:43] <pedronis> or I will start to close new ones
[09:44] <zyga> pedronis: with regards to landing: we need a decision on what to do here https://github.com/snapcore/snapd/pull/6642#discussion_r268780713
[09:46] <pedronis> zyga: I agree with jdstrand if there's a way to keep it working without security issues it's better, we have been bitten already by taking stuff away from people
[09:46] <zyga> pedronis: so moving to void if we cannot stay in the current directory due to permission checks?
[09:47] <pedronis> yes
[09:47] <zyga> ok, I'll make the change
[09:47] <zyga> thanks, can you add a comment saying that in the PR, it will be easier for jamie to see
[09:48] <pedronis> done
[09:48] <zyga> Thanks
[09:53] <pstolowski> pedronis: yes, you could say that. i think we could support that in PatchConfig, although the fix is not immediately obvious
[09:54] <pedronis> pstolowski: anyway is not quite a priority right now, but we should plan to do something at some point
[09:54] <pstolowski> pedronis: ack
[09:54] <pedronis> pstolowski: I'm also not sure if it's better to error or to make it work
[09:54] <pedronis> (but splitting on dot9
[09:54] <pedronis> (by splitting on dots)
[09:59] <pedronis> mvo: do we use the standup ?
[09:59] <zyga> pedronis: https://github.com/snapcore/snapd/pull/6649 is a low hanging fruit
[10:00] <pedronis> ok
[10:03] <pedronis> degville: do you know where the meeting is?
[10:03] <degville> pedronis: nope. standup location? mvo is running a little late.
[10:24] <zyga> https://forum.snapcraft.io/t/ubuntu-18-04-fresh-install-default-snaps-are-updated-but-runtime-isnt/10579 this is interesting in a bad way
[10:25] <mborzecki> damn, Failed for "golang.org/x/crypto/cast5" (failed to clone repo): exit status 128
[10:27] <mborzecki> shal we land https://github.com/snapcore/snapd/pull/6623 ?
[10:29] <pedronis> mborzecki: seems so
[10:29] <mborzecki> it's sufficiently ripe :)
[10:30] <pedronis> it has a jdstrand +1  and other reviews
[10:30] <pedronis> at some point it sounded it needed to touch snap-confine, but is not the case
[10:31] <mborzecki> landed
[10:34] <zyga> eh
[10:35] <zyga> my tests also failed
[10:35] <zyga> 50 minutes of wasted time
[10:35] <zyga> fatal: unable to access 'https://go.googlesource.com/crypto/': Failed to connect to 2607:f8b0:400c:c06::52: Network is unreachable
[10:35] <zyga> this is why we need spread --fail-fast
[10:35] <zyga> this just sucks
[11:11]  * Chipaca hates all of the interfaces-many- spread tests
[11:13] <pstolowski> zyga: +1
[11:16] <niemeyer> mup_: So.. what's up with you?
[11:24] <niemeyer> mup: How're you doing now?
[11:24] <mup> niemeyer: I apologize, but I'm pretty strict about only responding to known commands.
[11:51] <mborzecki> 2019-03-26 10:33:46 Cannot allocate google:debian-sid-64: cannot perform Google request: Get https://www.googleapis.com/compute/v1/projects/computeengine/zones: oauth2: cannot fetch token: Post https://accounts.google.com/o/oauth2/token: dial tcp 74.125.126.84:443: i/o timeout
[11:51] <mborzecki> hmmm
[11:52] <mborzecki> gcp broke?
[12:05] <Chipaca> mborzecki: nevah!
[12:05] <Chipaca> also, spread takes too long, so: while true; do printf "\u$(printf "%x" $((0x2571 + RANDOM%2)))"; done
[12:07] <mborzecki> heh, and i got into a little mess with the 'gadget' package, some code is on review right now, and merging the branches breaks all of it :P
[12:08] <mborzecki> aand another job hit the time limit
[12:09] <mborzecki> it's quite intersting, so prepare fails on some nodes because golang.org is flaky and times out, then the nodes that actually made it execute all the tests and the job hits travis time limits
[12:14] <mborzecki> maybe it's because of https://twitter.com/MehreenKhn/status/1110509604176384000
[12:19]  * zyga goes to the doctor
[12:19] <zyga> ttyl
[12:22] <mup> PR snapcraft#2515 closed: build providers: support for provider setup <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2515>
[12:24] <Chipaca> mvo: question about the snapd snap when you have a bit
[12:25] <cachio> pstolowski, https://api.travis-ci.org/v3/job/511064184/log.txt
[12:25] <Chipaca> mvo: the question is whether building with snapcraft from the snap (instead of from the deb), and adding -b -Zgzip to the dpkg-buildpackage in the plugin, make sense to you
[12:25] <cachio> this is the log for the ssh.disable: true
[12:25] <Chipaca> mvo: the first is because otherwise it leaves behind a bunch of packages that break the invariant
[12:26] <Chipaca> mvo: the second is because 300s → 90s
[12:26] <Chipaca> mvo: (I could just change the first, the second is merely opportunistic)
[12:30] <pstolowski> cachio: i know, i debugged it in the morning and discussed with pedronis; we don't currently support dotted paths nested deep inside defaults; it would work only from top-level, e.g. service.ssh.disabled: true. we should at the very least provide a meaningful error message or make it smarter
[12:32] <mvo> Chipaca: +1 on the second, I'm not fully getting the first one, sorry (probably a bit slow today)
[12:34] <pstolowski> cachio: btw i think it found the cause of interfaces-daemon-notify failure in my nested vm PR; i think it fails because of "plan: n1-standard-2" (?!); i run this single test a couple of times today with and without this change (also with just master) and it seems to be it. if that plan is enabled, then "journalctl -u snap.test-snapd-daemon-notify.notify.service" that we execute at the end of the test doesn't return any
[12:34] <pstolowski> output for that service. i debugged this manually and when it fails, system log has the expected "Permission denied" errors in it, it's just not reported by journalctl for whatever reasons. systemd/journalctl versions appear to be the same both with and without that plan.
[12:35] <pstolowski> i've juse reverted this plan from https://github.com/snapcore/snapd/pull/6491 and it passed
[12:35] <mup> PR #6491: interfaces: hotplug nested vm test, updated serial-port interface <Hotplug 🔌> <Created by stolowski> <https://github.com/snapcore/snapd/pull/6491>
[12:36] <pstolowski> pedronis: ^ is green
[12:36] <pedronis> cachio: I'll comment in the PR when I have a bit of time today
[12:36] <pedronis> (about ssh.disable)
[12:36] <Chipaca> mvo: only builds the binary deb, uses gzip to compress it (instead of also building source and using xz)
[12:36] <Chipaca> mvo: oh wait
[12:37] <Chipaca> mvo: the first one, changing deb for snap, because 'apt install snapcraft" pulls in e.g. python3-crypto, which autoremove can't
[12:37] <Chipaca> can't autoremove i mean
[12:37] <Chipaca> because things recommend it or maybe suggest it i guess
[12:37] <cachio> pstolowski, which is the PR?
[12:37] <mvo> Chipaca: +1
[12:37] <cachio> pedronis, thanks
[12:38] <mvo> Chipaca: oh, so "snap install snapcraft"?
[12:38] <Chipaca> mvo: yar
[12:38] <pstolowski> cachio: #6491
[12:38] <mvo> Chipaca: this is the change? if so, yes, lets do it
[12:38] <Chipaca> ok
[12:38] <mup> PR #6491: interfaces: hotplug nested vm test, updated serial-port interface <Hotplug 🔌> <Created by stolowski> <https://github.com/snapcore/snapd/pull/6491>
[12:38] <mvo> Chipaca: thank you! I think htis is just old code from the time when we had no snap (ironically)
[12:38] <Chipaca> mvo: it'll be part of the invariant pr unless you'd rather it went in alone
[12:38] <mvo> Chipaca: and nice idea on the dpkg-buildpackage one
[12:38] <pstolowski> cachio: can you think on any reason why this more performant plan makes that test fail? any difference in the images?
[12:38] <mvo> Chipaca: fine for me
[12:38] <Chipaca> k
[12:38] <mvo> Chipaca: its not a big change :)
[12:38] <mvo> Chipaca: thank you!
[12:40] <cachio> pstolowski, did you change the plan?
[12:40] <cachio> I didn't see that
[12:58] <pstolowski> cachio: yes i reverted that change innym PR to make it pass
[12:58] <pstolowski> cachio: see last commit
[13:00] <pstolowski> cachio: just apply it on master and it should fail the interfaces-daemon-notify test
[13:00] <mup> PR snapd#6651 opened: tests: all the systems for google backend with 6 workers <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/6651>
[13:01]  * zyga off to the doctor
[13:02]  * Chipaca off to have lunch
[13:02] <Chipaca> zyga: lunch > doctor
[13:02]  * Chipaca wins
[13:03] <cachio> pstolowski, mmmm, ok
[13:03] <cachio> pstolowski, we can't change the plan
[13:05] <zyga> What is the status of spread / cloud?
[13:05] <zyga> Did we run out of money?
[13:08] <pstolowski> cachio: hmm hey not? How Is It affecting 14.04?
[13:12] <mup> PR snapd#6606 closed: selinux, systemd: support mount contexts for snap images <SELinux> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/6606>
[13:13] <mborzecki> zyga: do you want to take a look at https://github.com/snapcore/snapd/pull/6485 ?
[13:13] <mup> PR #6485: interfaces/seccomp: regenerate changed profiles only <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/6485>
[13:29] <dot-tobias> jdstrand: Is there a way to force an NTP resync using the timezone-control DBus interface? https://www.freedesktop.org/wiki/Software/systemd/timedated/ indicates that SetNTP() method restarts systemd-timedated, but timedatectl still reports “NTP in sync: no”. Use case: Our device is offline until configured via an access point, so the device is booting without network. System does not seem to pick up the available network connection in the
[13:29] <dot-tobias>  minutes after its established.
[13:32] <zyga> back from doctor
[13:32] <zyga> bikes are amazing :)
[13:32] <zyga> mborzecki: sure, looking
[13:56]  * Chipaca ⇝ cuppa
[14:00] <mup> PR core#38 closed: Add another pi-config option <Created by sergey-borovkov> <https://github.com/snapcore/core/pull/38>
[14:00] <mup> PR core#83 closed: move most of the ubuntu-core config deb into the snap snap build <Created by mvo5> <https://github.com/snapcore/core/pull/83>
[14:01] <mup> PR core#38 opened: Add another pi-config option <Created by sergey-borovkov> <https://github.com/snapcore/core/pull/38>
[14:01] <mup> PR core#83 opened: move most of the ubuntu-core config deb into the snap snap build <Created by mvo5> <https://github.com/snapcore/core/pull/83>
[14:05] <jdstrand> dot-tobias: I'm not an expert on timedated. If I were to guess, I'd guess the clock is maybe too far off or that your device is unable to communicate with the configured server. you might also check your logs for policy violations, but it sounds like timedatectl is working ok and it is something else
[14:07] <dot-tobias> jdstrand: Yes, the clock was off > 12h because that's the time when the image was created. Didn't know that in order to sync the clock has to be near the actual date. Will look into workarounds how to get in re-sync.
[14:07] <dot-tobias> jdstrand: Thanks!
[14:08] <mup> PR snapd#6329 closed: cmd/snap-confine, packaging: support SELinux <SELinux> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/6329>
[14:11] <jdstrand> dot-tobias: cool. ogra may have some thoughts on that as well
[14:14] <zyga> hey jdstrand :)
[14:14] <zyga> jdstrand: I'm glad you noticed "goto the void" :-)
[14:14] <zyga> initially it was an else statement but then it was too good to pass :-)
[14:17] <jdstrand> zyga: hey, yeah :)
[14:17] <zyga> :-)
[14:17] <zyga> jdstrand: we also managed to uncover that core18 is missing some directories in that test, it's better late than never
[14:18] <jdstrand> zyga: I saw that, wild :)
[14:21] <zyga> jdstrand: I implemented the next branch but I will defer until my set of open PRs shrinks sufficiently
[14:21] <zyga> jdstrand: btw, not sure if you saw https://github.com/snapcore/snapd/pull/6649
[14:21] <mup> PR #6649: snap: reject layouts to /lib/{firmware,modules} <Created by zyga> <https://github.com/snapcore/snapd/pull/6649>
[14:49] <mup> PR snapd#6652 opened: sanity: use proper SELinux mount context when sanity checking squashfs mounts <SELinux> <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/6652>
[14:50]  * zyga -> tea / coffee
[14:51] <mborzecki> super simple selinux PR ^^
[15:06] <ogra> zyga, mvo, do you gys know if anyone actually tested pi core18 images with wlan ? seems i dont get proper DNS resolution to finish console-conf here (network is up and i can ping the board but user creation times out with DNS issues finding the login.u.c api stuff)
[15:07] <ogra> this is with the stable released image...
[15:08] <mvo> ogra: I'm not sure we did, sorry. is this the dragonboard or pi3?
[15:08] <ogra> jdstrand, in case dot-tobias comes back while i'm not around ... https://github.com/ogra1/ntpcontrol
[15:08] <mvo> ogra: or both?
[15:08] <ogra> mvo, pi image on a pi 3 A+
[15:09] <ogra> core 16 works fine
[15:09] <ogra> (i resorted to that in the end)
[15:12] <mvo> ogra: we need to look into this, in a meeting now unfortunately
[15:13] <ogra> mvo, all fine, just wanted to check if it was tested before
[15:13] <ogra> i also resoted to core16 for the project i needed the board for ... but i have another A+ for any tests if required
[15:18] <mvo> ogra: added to test/debug this to our trello, thanks for reporting
[15:22] <mup> PR snapd#6649 closed: snap: reject layouts to /lib/{firmware,modules} <Created by zyga> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/6649>
[15:34]  * cachio lunch
[15:35] <cwayne> ogra: sorry if this message is doubled, my ircs been weird but we do test wlan on Pi's, but using nm
[15:35] <ogra> well, that wont help much if NM isnt preinstalled :P
[15:35] <ogra> (also ... does console-conf actually support NM ??)
[16:13] <niemeyer> cachio: spread#75 reviewed again
[16:13] <mup> PR spread#75: Make spread tests for spread project run on google backend <Created by sergiocazzolato> <https://github.com/snapcore/spread/pull/75>
[16:17] <mup> PR snapcraft#2516 opened: readme: add snap store badge <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/2516>
[16:19] <zyga> s pedronis renamed https://github.com/snapcore/snapd/pull/6621
[16:19] <mup> PR #6621: overlord/snapstate: track time of postponed refreshes <Created by zyga> <https://github.com/snapcore/snapd/pull/6621>
[16:20] <zyga> pedronis: to "inhibit"
[16:20] <zyga> it is green so I'm very tempted to merge it :)
[16:20] <zyga> everyone: I need 2nd review for https://github.com/snapcore/snapd/pull/6597
[16:20] <mup> PR #6597: cmd/snap-update-ns: refactor of profile application (1/N) <Created by zyga> <https://github.com/snapcore/snapd/pull/6597>
[16:20] <pedronis> zyga: it doesn't have 2 +1
[16:20] <zyga> pedronis: I know :)
[16:20] <zyga> that's why I'm saying
[16:20] <zyga> if that was your only reservation I'd love to get a 2nd one
[16:21] <pedronis> zyga: I asked Chipaca to review it
[16:22] <zyga> great, I'll wait for the review then
[16:22] <pedronis> Chipaca: could you look at #6621
[16:22] <mup> PR #6621: overlord/snapstate: track time of postponed refreshes <Created by zyga> <https://github.com/snapcore/snapd/pull/6621>
[16:22] <pedronis> when you have time
[16:22] <Chipaca> yes
[16:40] <cachio> niemeyer, thanks
[16:41] <ijohnson> fyi to anybody using the go remote part, I just updated it in the wiki, so if anything breaks ping me
[16:41] <zyga> thank you ijohnson
[16:42] <Chipaca> huh
[16:43] <zyga> Chipaca: hmm?
[16:43] <Chipaca> zyga: what permissions should snap-confine have?
[16:43] <zyga> Chipaca: as in UNIX?
[16:43] <Chipaca> zyga: ye
[16:44] <zyga> for now u+rwXs,g+rXs,o:+rX
[16:44] <zyga> though I will drop the g+S part
[16:44] <zyga> why?
[16:45] <Chipaca> zyga: because it starts at 06755, as you say
[16:45] <Chipaca> zyga: but snap-confine-from-core sets it to 04755
[16:45] <zyga> wait, what?
[16:45] <zyga> why?
[16:45]  * zyga hugs Chipaca for fixing the tests
[16:46] <Chipaca> restore: |
[16:46] <Chipaca>     echo "Restoring host snap-confine"
[16:46] <Chipaca>     chmod 4755 /usr/lib/snapd/snap-confine
[16:46] <Chipaca> zyga: ^
[16:46] <zyga> la la la
[16:47] <zyga> man
[16:47] <zyga> ...
[16:47] <zyga> what just happened
[16:47] <zyga> I spent 10 minutes debugging
[16:47] <zyga> why snapd doesn't build
[16:47] <zyga> on ... macos
[16:47] <Chipaca> zyga: snap does :-) but not snapd :-(
[16:47] <zyga> wrong terminal tab on a common shared source
[16:47] <zyga> lol
[16:47]  * Chipaca is still happy that snap does :-)
[16:47] <zyga> I aborted a rebase in progress because I got fed up with this and wanted to think why everything is broken
[16:48] <Chipaca> zyga: what was it telling you wasn't implemented?
[16:48] <zyga>  /Users/zyga/go/src/github.com/snapcore/snapd/interfaces/mount/backend.go:97:84: undefined: osutil.MountEntry
[16:49] <zyga> I totally ignored the path
[16:50]  * Chipaca nods
[16:51] <mborzecki> fwiw there was this crazy linux distro that didn't use the usual / layout, they could have had /User too
[16:51] <Chipaca> it's just noise
[16:51] <Chipaca> noise][1: no offense
[16:51] <Chipaca> :-)
[16:51] <zyga> mborzecki: yeah, I used it once
[16:51] <zyga> it had /Users and /Applications like on macos
[16:53] <pedronis> mborzecki: I did a pass over the gadget validation PR
[16:54] <mborzecki> pedronis: thanks, sorry for it being so long
[16:55] <pedronis> mborzecki: we'll need another layer of validation that looks at actual content for sizes as well?
[16:55] <mborzecki> pedronis: yes, that will need to access actual snap data
[16:56] <pedronis> ok
[17:02] <pedronis> zyga: are you waiting for review from me on anything but #6642 atm ?
[17:02] <mup> PR #6642: cmd/snap-confine: prevent cwd restore permission bypass <Created by zyga> <https://github.com/snapcore/snapd/pull/6642>
[17:02] <zyga> checking
[17:03] <zyga> we need  to look at https://github.com/snapcore/snapd/pull/6583
[17:03] <mup> PR #6583: cmd/snap-confine: move ubuntu-core fallback checks <Created by zyga> <https://github.com/snapcore/snapd/pull/6583>
[17:03] <zyga> but perhaps tomorrow morning
[17:03] <pedronis> I'm not entirely happy with the code I saw the there the last time I looked
[17:03] <pedronis> we can chat tomorrow
[17:03] <zyga> today I want to finish mending existing branches that I know  what needs to  happen wiht
[17:03] <zyga> ok
[17:04] <pedronis> I'll try to still look at 6642 tonight
[17:05] <zyga> thank you!
[17:05] <zyga> it should go green once I fix core18 later  today
[17:05] <mup> PR snapcraft#2516 closed: readme: add snap store badge <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2516>
[17:13] <mup> PR snapd#6485 closed: interfaces/seccomp: regenerate changed profiles only <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/6485>
[17:13] <Chipaca> zyga: how is having RefreshInhibitedTime be zero on success useful?
[17:13] <zyga> it is  useful because that is correct
[17:13] <zyga> we had refreshed
[17:13] <zyga> whee
[17:13] <zyga> kill the  inhibit time value, if we had  any set
[17:14] <zyga> next time when refresh is inhibited we can  check for non-zero inhibit time
[17:14] <zyga> and if the time of  initial inhibition goes beyond certain duration
[17:14] <Chipaca> hold on
[17:14] <zyga> we can take action (kill apps etc)
[17:15] <Chipaca> if the refresh wasn't inhibited, the task will be Done
[17:15] <zyga> and?
[17:17] <Chipaca> zyga: currently, if a refresh is inhibited, the task doesn't reach Done, right?
[17:17] <zyga> it's not implemented in this  branch but something along those lines, correct
[17:17] <zyga> we don't get to create those tasks in some cases
[17:17] <zyga> things just bail out early
[17:18] <zyga> sometimes we will create tasks and bail out late
[17:18] <Chipaca> zyga: where do you track the inhibited time when you don't create the task?
[17:18] <zyga> it's in the snap state all along
[17:18] <zyga> it's not tracked in tasks
[17:18] <zyga> the one in tasks is just for undo handler
[17:22] <zyga> Chipaca: does it make sense?
[17:22] <Chipaca> zyga: if you don't create the task, won't the refresh by retried much much later than intended?
[17:23] <Chipaca> zyga: why would you not download the snap i mean
[17:23] <mup> PR snapd#6646 closed: interfaces/adb-support: account for hubs on sysfs path <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/6646>
[17:23] <Chipaca> zyga: but yes, the code makes sense now, I somehow thought you were keeping it in the task (d'oh)
[17:23] <Chipaca> I didn't realie this was super-task
[17:23] <zyga> Chipaca: initially not creating the tasks is the easy way out
[17:24] <Chipaca> I'm not sure how that works though (hence my last question)
[17:24] <zyga> Chipaca: I will download the revision as an update to that flow
[17:24] <zyga> Chipaca: but I want to have the basic version in first
[17:24] <zyga> Chipaca: I will use the soft check (in another PR) to determine if we create tasks or not
[17:25] <zyga> Chipaca: then the hard check after stopping services to see if we abort or not
[17:25] <Chipaca> after stopping services?
[17:25] <zyga> Chipaca: then if soft  or hard checks go over $MAGIC_DURATION  we carry on regardless
[17:25] <zyga> Chipaca: ah, sorry, before
[17:25] <Chipaca> ah
[17:25] <zyga> (in this model it is before)
[17:25] <zyga> no, no wait
[17:25] <zyga> after
[17:26] <zyga> yeah, I was right the  first time
[17:26] <zyga> we do a hard check after stopping services because this is the moment we can migrate the data safely
[17:26] <zyga> though I may be tired and talk nonsense, that part is not proposed yet and I haven't ran it in weeks
[17:29] <pstolowski> pedronis: zyga can we land https://github.com/snapcore/snapd/pull/6491 ?
[17:29] <mup> PR #6491: interfaces: hotplug nested vm test, updated serial-port interface <Hotplug 🔌> <Created by stolowski> <https://github.com/snapcore/snapd/pull/6491>
[17:30] <Chipaca> buuuuh, github is being silly
[17:31] <zyga> pstolowski: looking
[17:31] <Chipaca> zyga: I tried to +1 with a "blocked" tag, but github isn't letting me
[17:32] <Chipaca> zyga: so I set it to 'changes requested', because i do request changes in fact, but my bigger concern is not landing it before the pr that uses it is ready to land
[17:32] <zyga> Chipaca: why is that a concern?
[17:32] <Chipaca> zyga: because without that, it's just cruft :)
[17:32] <zyga> I wanted to land this deliberately before so that in case someone turns the feature off the data in  state is  correct
[17:32] <Chipaca> it does nothing useful on its own
[17:33] <Chipaca> ?
[17:33] <Chipaca> wat
[17:33] <zyga> when the rest of the  code lands that new  chunk will be behind a feature  flag
[17:33] <zyga> but that's fine, it can land later
[17:34] <Chipaca> zyga: what in the state would be incorrect if somebody enabled and then disabled this?
[17:34] <zyga> Chipaca: if this ships but the  rest is in edge, going to  stable will give you correct state
[17:35] <zyga> Chipaca: though I agree it's a bit silly and not strictly tied to the follow up branch being present
[17:35] <Chipaca> zyga: if that is a concern, you need an epoch
[17:35] <zyga> Chipaca: I will work on the  follow up as soon as the hard/soft branch lands
[17:35] <zyga> Chipaca: no, it's not a concern,  just pedantry
[17:36] <Chipaca> zyga: what happens if they enable this, get the flag in state, go back to stable, time passes, and they get the feature?
[17:37] <Chipaca> zyga: and they had something inhibited when they went back to stable
[17:37] <Chipaca> what happens then
[17:37] <zyga> if the  inhibit time is  zero
[17:37] <zyga> nothing
[17:37] <zyga> if they had some value they may get a forced refresh if it goes over 90  days or something similar
[17:38] <Chipaca> doesn't sound too bad. OTOH you could zero them in a subpatch
[17:38] <Chipaca> ?
[17:39] <zyga> yeah
[17:39] <zyga> once we enable the feature perhaps/
[17:46] <zyga> Chipaca: fixed, thank you
[17:46] <zyga> pstolowski|afk: I will review it again, sorry for the lagg
[18:04] <mup> PR snapd#6653 opened: tests: try to be a little bit invariant <Created by chipaca> <https://github.com/snapcore/snapd/pull/6653>
[19:17] <om26er> Is this channel still connected to Slack ? if so, what technology is used for the bridge ?
[19:25] <mup> PR pc-amd64-gadget#10 closed: Add mmx64.efi (MokManager) to support mokutil <Created by tsunghanliu> <https://github.com/snapcore/pc-amd64-gadget/pull/10>
[19:25] <mup> PR pc-amd64-gadget#11 closed: Add mmx64.efi (MokManager) to support mokutil <Created by tsunghanliu> <https://github.com/snapcore/pc-amd64-gadget/pull/11>
[19:26] <mup> PR pc-amd64-gadget#10 opened: Add mmx64.efi (MokManager) to support mokutil <Created by tsunghanliu> <https://github.com/snapcore/pc-amd64-gadget/pull/10>
[19:26] <mup> PR pc-amd64-gadget#11 opened: Add mmx64.efi (MokManager) to support mokutil <Created by tsunghanliu> <https://github.com/snapcore/pc-amd64-gadget/pull/11>
[19:27] <zyga> om26er: I don't  believe it  ever was
[19:27] <om26er> zyga, ok, I think I confused it with another channel
[20:22] <zyga> jdstrand: please enqueue https://github.com/snapcore/snapd/pull/6605 if you have some time, it has 2 +1s and just needs your review
[20:22] <mup> PR #6605: cmd/libsnap,osutil: fix parsing of mountinfo <Created by zyga> <https://github.com/snapcore/snapd/pull/6605>
[21:27] <juliank> hmm, how does snapctl work?
[21:27] <juliank> sudo snapctl stop radicale
[21:27] <juliank> error: error running snapctl: cannot stop without a context
[21:27] <juliank> $ sudo snapctl services
[21:27] <juliank> error: error running snapctl: cannot query services without a context
[21:27] <ijohnson> juliank: are you using snapctl outside of a snap?
[21:28] <juliank> ah, it's just for use by snaps?
[21:28] <ijohnson> it's only usable inside a snap
[21:28] <juliank> it should maybe say so :)
[21:28] <ijohnson> outside of a snap you should just use `snap`
[21:28] <ijohnson> i.e. snap stop radicale
[21:30] <juliank> So I did sudo snap stop --disable radicale.daemon
[21:30] <juliank> will that persist after an upgrade of the snap?
[21:30] <ijohnson> it is supposed to but there's currently a bug where refreshes always re-enable services
[21:30] <juliank> Because with my local testing snap, if I do snap install my.snap --dangerous, it would override it :)
[21:31] <juliank> hmm
[21:31] <juliank> that's suboptimal
[21:31] <ijohnson> see https://bugs.launchpad.net/snapd/+bug/1818306
[21:31] <mup> Bug #1818306: disabled daemons are started after refresh <snapd:New> <https://launchpad.net/bugs/1818306>
[21:32] <juliank> I'm thinking about running radicale for caldav/carddav on my server, so I sanpped the current version - but I don't wanna run the daemon as root (even in strict confinement), so I wanted to disable the daemon and just run it as a user program (well, from a systemd service)
[21:33] <juliank> I do want to ship the daemon because duh, that's more useful for the store :)
[21:33] <ijohnson> how would you run it as a user program from a systemd service?
[21:33] <juliank> I don't know, I have not tried yet
[21:34] <juliank> Exec=/snap/bin/radicale I guess?
[21:34] <juliank> with User=radicale
[21:34] <ijohnson> hmm I guess that would probably work
[21:34] <ijohnson> there is upcoming snapd work that would allow the daemon to drop from root to a specific "daemon" user instead, but that's not done yet
[21:35] <juliank> it would confine it to access to ~radicale/snap/common instead of /var/snap/radicale/common, but that's fine
[21:35] <juliank> (it's a strict snap :D)
[21:36] <juliank> ijohnson: I read about that
[21:37] <juliank> (the only plug it needs is network-bind :D)
[21:37]  * cachio afk
[22:30] <jdstrand> zyga: ack