[01:01] hey hellsworth [01:35] hey sorry for the ping. it was an accident :) [04:52] Good morning [06:01] Good morning :) [06:12] * zyga resumes work [06:21] it rains heavily today [06:45] pstolowski|afk: https://github.com/zyga/snapd-peer-demo <- something I made at the sprint, suggestions welcome [06:46] * zyga breaks for breakfast === pstolowski|afk is now known as pstolowski [07:12] morning [07:12] hey Pawel [07:39] zyga: the peer demo looks nice, and serves as a useful example for practical use of interface hooks [07:39] pstolowski: yeah, I'll write a short blog post about it [08:10] zyga: btw, in that peer demo you could have interface hooks on the slot side too. i'd also consider renaming foo/bar to something more descriptive, e.g. provider/consumer [08:13] I used to have it symmetric but I abandoned that idea [08:13] yeah, the names are terrible :D [08:13] in practice that will be juju and microk8s [08:13] or the other way around [08:13] one can then take advantage of the other [08:13] by reusing cached images [08:13] or some other content that is big and costly to download [08:14] I worked on this with Ian from the Juju team [08:14] Ian Booth [08:15] zyga: i see; you could have just placeholders for the slot hooks, so that it's visibile they are there and could do something. [08:39] ogra: ping [08:57] zyga: when you've got time, could you give https://github.com/snapcore/snapd/pull/7042 another look over? I think the main blocker was your concerns over the number of mounts [08:57] PR #7042: interfaces: add an interface granting access to AppStream metadata [08:57] jamesh: looking [08:57] ah, I remember that [09:01] jamesh: +1, let me look at spread [09:01] jamesh: I commented in the thread with you and jamie [09:04] IIRC, the spread failure was unrelated to my code changes. I didn't get round to asking someone to restart that job [09:06] zyga, kenvandine: Regarding my problem with graphical snaps. I did try a few things yesterday and discovered something that might or might not be related. [09:06] oh, what did you discover? [09:06] jamesh: restarted [09:07] I added a new user and that users home-directory (and everything in it) was owned by my original user. [09:07] zyga, after chowning the files the snaps where still not working. [09:08] I allso tried to stop lightdm and start from startx, but still the same. [09:09] zyga, I don't know if that tells you anything else than that my system if fucked :P [09:09] I'm still totally puzzled by what may be wrong on your system [09:09] can you do one more experiment [09:09] add a new user that is independent from your current user [09:09] and see if that works [09:09] zyga: I wrote up a proposal for another problem we've run into on the desktop team here: https://forum.snapcraft.io/t/proposal-allow-snaps-to-specify-their-exact-desktop-file-id/12689 [09:09] zyga, that is what I did :) [09:10] Aavar: but not owned by your user [09:10] that's really the same exact user [09:10] (same uid) [09:10] nothing else matters in snapd world [09:10] zyga: I'm still working on session agent/user daemons/dbus activation right now, but it would be useful to get some feedback on the proposal at some point [09:10] jamesh: ah, I think we were expecting this [09:10] jamesh: I'll have a read but I think you need to discuss with samuele next week [09:10] jamesh: I'm working on a fix for device cgroup and mount namespace (as always) [09:11] jamesh: I think the proposal is sensible, we just need a way to control it properly [09:11] zyga: we finally found a use case where this is a blocker rather than just inconvenient :-) [09:11] zyga, I'm sorry. I don't thing you understood. I did create a new user named "control" (via the gui in ubuntu) and the system added /home/control but it was owned by "aavar:aavar". I have no idea why... [09:11] I can try to add another user via the terminal. [09:12] oooh [09:12] I see [09:12] I misunderstood you [09:12] wow that's really weird [09:13] hmm [09:13] zyga, I added a new user now via terminal and that did not happen. [09:13] Let me log back in [09:13] jamesh: ^ Aavar is debugging an issue where none of the graphical snaps can start [09:13] cannot talk to x [09:13] we are kind of lost, perhaps you have some ideas [09:14] jamesh: what should snapd do for parallel installs in the new desktop proposal? [09:14] zyga: I wonder if this is abstract namespace X socket vs. /tmp/.X11-unix X socket? [09:14] jamesh: the denial has addr=null [09:14] Aavar: ^ am I correct? (dmesg | grep DENIED) [09:15] at the same time DISPLAY is set correctly [09:15] Aavar: what is your desktop shell? gnome shell? [09:15] zyga: parallel installs would not be supported by my proposal. But in the notification case, the app would need to own a bus name matching the desktop file ID. [09:15] and that is also not parallel install friendly [09:15] I agree [09:16] I think we should be able to say "this snap does not support parallel installs" [09:16] I think it's a topic for next week when the architect is back [09:16] maciej is also away this week, attending Flock [09:17] Fair enough: I just want to make sure it is on the radar. I've got other work to complete in the mean time [09:18] ack [09:19] zyga: still the same result with a new user. I guess I have to wait for kenvandine :) [09:19] Aavar: ^ are you on gnome-shell? [09:20] zyga: now i'm on unity, but I tried with gnome-shell (bot wayland and X11) [09:21] hmmm [09:22] zyga: i'm sorry. I am not familiar with gnome. Is gnome-shell the same as gnome3? [09:22] yeah [09:22] I really don't know what is affecting your system [09:22] if you were anywhere close I'd love to have a look and inspect it myself [09:22] but I guess that is hard [09:23] zyga: yeah :) [09:24] I think, if kenvandine or someone dont find anything useful in the next few days I will reinstall. [09:35] Aavar: one last thing to help with debugging: could you provide a paste of the output of "ss -lxp | grep X11" [09:37] jamesh: brb, lunch :) [10:06] jamesh: p/qZ6hVy2YXF/ [10:07] hmm.. [10:07] jamesh: https://paste.ubuntu.com/p/qZ6hVy2YXF/ [10:16] Aavar: okay. That basically disproves my theory from earlier about the abstract socket not being available [10:16] zyga: looks like your restart cleared the test failure for https://github.com/snapcore/snapd/pull/7042. Thanks [10:16] PR #7042: interfaces: add an interface granting access to AppStream metadata [10:17] is there anything else needed before merging it? [10:18] jamesh, so that shows that the socket is open? [10:19] jamesh: let me look but I think that's good now [10:19] Aavar: the command lists listening unix domain sockets. The /tmp/.X11-unix/X0 socket is one you can see in the file system, while the @/tmp/.X11-unix/X0 socket is an "abstract namespace socket" [10:19] jamesh: it's in [10:20] Aavar: an unconfined app can connect to either, while a snap app is blocked from connecting to the first. [10:20] PR snapd#7042 closed: interfaces: add an interface granting access to AppStream metadata [10:20] zyga: thanks! [10:20] Aavar: if the abstract namespace socket was missing for some reason, that would explain your problems [10:22] btw, jamesh, zyga: When I log in via console or ssh (not x) it gives me an error: xhost: unable to open display "" [10:22] Isn't that also weird? [10:23] Aavar: that is normal if the DISPLAY environment variable isn't set [10:24] jamesh: ok :) [10:24] Aavar: yeah, that is to be expected [10:26] brb [10:28] Actually. A longer break is needed [10:56] * pstolowski lunch [11:28] not sure if this is the right place but here goes xubuntu 18.04 when i remove a snap as soon as it finishes my desktop goes black and then the login screen comes up any1 have a solution for this [11:28] sorry didnt identify [11:30] more info sony laptop i7 quad 4gb [11:47] jonzen: hey [11:48] yessir [11:48] jonzen: can you please tell us what kind of GPU are you using? [11:48] jamesh: is your system using wayland? [11:48] jonzen: ^ [11:48] kenvandine: ^ looks like desktop session crashes on udev trigger/settle [11:48] nvidia [11:48] how do i find out about wayland [11:49] jonzen: open a terminal and run: echo $XDG_SESSION_TYPE [11:49] x11 [11:51] can you pastebin your journal log? you can do that with journalctl | pastebinit # you may need to install pastebinit first [11:51] ok gimme a min i will do [11:52] thank you [11:52] http://paste.ubuntu.com/p/JVQ6dsSJyV/ your very welcome [12:00] Aug 08 06:23:28 pd-VPCF133FX xfce4-notifyd[23765]: xfce4-notifyd: Fatal IO error 11 (Resource temporarily unavailable) on X server :0. [12:02] hmm, I'm not an expert on X stuff, can you please report a bug on snapd [12:03] you can do that on bugs.launchpad.net/snapd [12:03] make sure to include your system version and other relevant stuff; you may be able to report the bug with apport [12:03] which may provide more relevant information [12:03] I understand that it is somehow snapd that is causing this but it seems X has crashed [12:03] should i put this pastebin in? [12:03] or perhaps not X [12:03] but the session in xfce [12:04] yes, as an attachment [12:04] ok will do ty very much for your help [12:07] * zyga goes for a walk [12:13] zyga ty again i did as you asked [12:17] PR snapd#7200 closed: recovery: update to latest fde-utils === ricab is now known as ricab|lunch [12:25] PR snapd#7222 opened: tests: show just the last log as part of the debug output when check journal logs [12:40] PR core-build#51 opened: Use /var/lib/snapd/seed/snaps/ as fallback when mounting core and kernel [13:01] pstolowski, you pung ? (sorry. at a sprint this week) [13:01] ogra: hey, ah i didn't realize you're at the sprint; i'min the standup atm, will you have a moment for a HO later today? [13:02] pstolowski, hmm, we have a training, might be late for you when i have a free spot [13:03] (and i actually have to go to class now ... perhaps drop an email with a quick summary) [13:03] ogra: i'll open a forum topic, perhaps you can reply there and help, ty === ricab|lunch is now known as ricab [13:46] hey jdstrand, zyga when y'all get a chance could you re-review https://github.com/snapcore/snapd/pull/7010 ? it is pretty straight forward I think and the tests are finally all green :-) [13:46] PR #7010: interfaces/docker-support: add controls-device-cgroup [13:46] ijohnson: hey, yes [13:46] thanks jdstrand [13:51] I’m off for lunch now [14:19] ijohnson: I’ll review when I am back but it feels like +1 [14:19] ack, thanks zyga [14:40] hey cachio, I'm unable to reproduce this error in spread tests with qemu locally, any idea what might be different about the google spread machines than qemu? [14:40] see https://pastebin.canonical.com/p/zsQVWhP2CP/ and https://travis-ci.org/snapcore/snapd/jobs/569057960 [14:41] it seems like some kind of path error where python3 thinks it should be reading from the core snap and not from the snap itself (and indeed those files it's trying to access exist in the snap and load fine on my system and in qemu 16.04) [14:44] ijohnson, checking [14:45] ijohnson, we use different images on qemu and gce [14:46] let me cehck which python we have [14:46] ijohnson, do you have a qemu instnace opened? [14:46] right, but inside the snap it sholdn't matter which version of python? [14:47] one second let me reboot it (I think it's off [14:47] could I boot the google image with qemu locally if I downloaded it? [14:48] ijohnson, I didn't try that [14:48] but should be possible [14:49] but not sure if you have the permissions to download the image [14:49] me neither [14:49] ah okay [14:49] it is using /usr/lib/python3.6/lib-dynload/termios.cpython-36m-x86_64-linux-gnu.s [14:49] still it's very odd that in one image a strictly confined snap tries to load python libs from the core snap, and that in another image it's loading python libs from the application snap [14:49] who would be the chrome sandbox goto expert here? :) I've got an electron 5 app I am trying to confine strict, but it gets cranky when I remove the chrome-sandbox binary and add --no-sandbox. It runs fine in devmode, but otherwise fails with `audit: type=1400 audit(1565112543.140:3117): apparmor="DENIED" operation="open" profile="snap.." name="/proc/8998/setgroups" pid=8998 comm="" requested_mask="w" [14:49] denied_mask="w" fsuid=1000 ouid=1000` - i'm curious if anyone has ideas... it does look like the program bails after reading /proc/cpuinfo [14:50] ijohnson, is it install as classic snapd o devmode? [14:50] it's installed strict [14:50] cachio: see https://github.com/snapcore/snapd/pull/7214/files#diff-82c7f368687a491cb7edc7d848e2b57eR16 [14:50] PR #7214: interfaces/network-setup-control: allow dbus netplan apply messages [14:51] actually I should probably have you review that spread test anyways since I'm still new on the spread tests [14:51] alright I requested a review from you on that PR [14:52] cjp256: do you have browser-support interface connected with allow-sandbox: true [14:52] ijohnson, please check the python version which is being used on qemu [14:52] it is the main difference [14:52] cachio: almost done preparing the image, will check in a minute [14:53] cachio: it's python 3.5.2 [14:54] ijohnson, could you try updating python [14:54] and see if this is hte problem? [14:54] the version of python3 in the snap though is python 3.6.8 [14:56] cachio: I ran apt update && apt upgrade and still can't reproduce the problem [14:57] I guess the version of python didn't change from the upgrade though [14:58] ijohnson, lets try this [14:59] run the test on google but in the spread.yaml [14:59] ijohnson: i was trying to do it without allow-sandbox, but if that's the required route, that'll have to do for now. Mostly curious if anyone else has had problems without allow-sandbox and using --no-sandbox? [14:59] add the image [14:59] image: ubuntu-os-cloud/ubuntu-1604-lts [14:59] to the ubuntu-16.04-64 system [14:59] and run the test [14:59] this is a pristine image [15:00] which is more similar to qemu [15:00] cachio: I have to get into a meeting right now actually, but where should I add that? to the system spec under qemu in the spread.yaml? [15:01] ijohnson, in the spread.yaml in the google backend where you have all the systems [15:01] you should configure https://paste.ubuntu.com/p/yw3wVnBvFR/ [15:01] ah and then launch the google system instead of qemu [15:02] and run the test on google system [15:02] ack, I'll let you know how it goes when I'm done with my meeting [15:02] ijohnson, so we can see if the problem is related either to google image or to the preparation of the suite [15:02] cjp256: AFAICT that access only is allowed with allow-sandbox: true unfortunately [15:03] alright, thanks ijohnson :) [15:26] PR snapcraft#2656 closed: appstream: xslt support for ul nested in p [15:27] i've created a forum topic re firstboot & initrd: https://forum.snapcraft.io/t/firstboot-seeding-failure-scenario-possible-fixes-and-boot-process-confusion-question/12698 [15:29] cjp256: you shouldn't remove the chrome-sandbox binary. just let it have 755 permissions and use --no-sandbox. [15:29] iirc [15:29] popey_ and Wimpress may have other tips [15:30] wimpy's on his holidays right now, so only popey :-) [15:33] jdstrand: I'll give that a shot, thanks! [15:36] * cachio lunch [16:08] Bug #1839498 opened: xdgopenproxy: Outdated github.com/godbus/dbus dependency === pstolowski is now known as pstolowski|afk [16:26] re [16:26] pstolowski|afk: thank you for creating the topic [16:26] ijohnson: looking now, sorry, took family out for dinner [16:27] no worries zyga, thanks for the review [16:38] ijohnson: I sent one comment but I need to make coffee to review this properly [16:39] ijohnson: tomorrow I'd love to share my thoughts on the device cgroup topic [16:39] ijohnson: we can perhaps join before or stay after the call [16:39] oh actually what you commented on should be removed from the PR [16:39] I missed that in my cleanup to address jdstrand's comment [16:39] s [16:39] but yes we can discuss more about the device cgroup tomorrow after SU [16:42] right [16:42] it is unconditional now [16:42] so that message shouldn't have been there at all [16:42] indeed [16:42] * zyga checks the coffee pot [16:44] when away from home I use this portable thing that you can just put on the stove [16:44] nice [16:47] I also have to step away for ~30 minutes [17:32] cachio: I was able to reproduce the issue on that clean google image you provided, however I then realized that the shebang was hard-coding /usr/bin/python3, when I launch netplan with $SNAP/usr/bin/python3 then the issue goes away [17:32] so I don't think it was an issue with the build env, it was an issue with my test snap rather [17:32] and how that was calling python [17:33] ijohnson, great, I am reviewing the test btw [17:33] thank you [17:33] ijohnson, mp [17:33] ijohnson, happy to help [17:33] * ijohnson lunches [17:41] PR snapcraft#2657 closed: Release changelog for 3.7.2 === hellsworth_ is now known as hellsworth [18:28] PR core-build#50 closed: initramfs: run recover mode if trigger is detected [18:31] re [18:55] PR snapd#7223 opened: recovery: update fde-utils [19:11] * cachio afk === hellsworth_ is now known as hellsworth [20:27] PR snapd#7221 closed: tests: split the sbuild test in 2 depending on the type of build [20:37] I'm having a little trouble with multipass on Windows - anyone have any pointers? couldn't find much useful in the event logs... :) https://www.irccloud.com/pastebin/qHKIdUdC/ [20:38] probably more appropriate for #multipass I imagine [20:46] cachio: thanks for the review on the PR, I addressed your points, can you re-review when you get a chance?