[06:30] PR snapd#7010 closed: interfaces/docker-support: declare controls-device-cgroup [07:01] PR snapd#7131 closed: overlord/devicestate: detect clashing concurrent (ongoing, just finished) remodels or changes [07:20] pedronis: hey, good morning! I'm about uneasy about the missing return code checks (the exec.ExitError), I will look into this and push something unless you are already on it or thing its not needed [07:20] mvo: it's needed I think but also there are open questions there [07:20] so we can push a couple of things to it [07:20] but we'll need jamie around before landing [07:21] mvo: anyway, I'm not working on that PR atm [07:21] I'm trying to address jamie comments in zygmunt's one [07:21] pedronis: ok, according to gettenv exit 2 means "not found in db" so I will make a very targeted change just for this [07:22] pedronis: cool, thanks! zyga is probably around today (right zyga?) [07:22] * mvo actually looks in the right place to be sure [07:25] pedronis: I was also wondering if we should have "osutil.FindUid(name, flags)" and flags something like "LocalOnly,Getenv" (better names) instead of two functions, wdyt? [07:45] mvo: does it ever make sense not to do both? [07:45] anyway as I wrote in the PR, I'm a bit confused because snap-seccomp itself uses those functions [07:45] but was not changed [07:45] so not sure how things work at all atm [07:45] :) [07:46] pedronis: aha, ok. I'm not that far yet I think :) I will not touch these then [07:46] pedronis: I pushed two trivial changes and will now add a test for malformated entries in getent() [07:46] pedronis: and then continue, I'm at below 10% of the PR so far :( [07:47] pedronis: but I think regardless of what happens we will need the tweaks I added/will add :) [08:13] mvo: I pushed something to 7254, in the end I decided that having both CurrentBase and CurrentCleanBase was just confusing [08:16] pedronis: thanks, I have a look [08:37] Chipaca: hi, given you looked 7124, I think we shouldn't have separate FindU/Gid and FindU/GidGetent ? [08:38] pedronis: but we don't [08:38] pedronis: that pr drops FindUid (makes it private) [08:38] did mvo change that just now [08:39] oh wait [08:39] pedronis: it exports them via a var [08:39] :-| [08:39] hmm [08:39] that is weird btw [08:39] not nice docs for you [08:40] anyway I don't think we should have both [08:40] unless you think we should [08:40] you are time that spent most thinking in that area [08:40] pedronis: I don't think I did, let me double check [08:40] s/time/the one/ [08:41] mvo: no, no, i just missed the exporting var [08:42] Chipaca, pedronis I posted my initial set of comments if you guys are looking anyway you can check and tell me what makes sense and what does not [08:42] pedronis: not reaching out over the network to look up a user that is either local or non-existent has value i think [08:45] Chipaca: but we were missing extrausers with the previous code anyway [08:45] so essentially unless we are looking up root [08:45] we have to try [08:46] also we are looking at passwd, not netgroup [08:47] Chipaca: when you did the review, did you double checked my commits? just curious as I would love to have someone double checking those [08:49] mvo: I think I did, let me double check I didn't miss anything [08:49] Chipaca: ta! [08:50] ah, snap-seccomp works because anyway is built with cgo [08:50] blargh [08:51] I don't really like how confusing the state is with the functions as thy are [08:54] Chipaca: do I understand correctly that if built with cgo we get the right behavior even from user.Lookup* but if not built with cgo we don't get extrausers support? [08:54] out of the box [08:54] but snapd itself is built without cgo usually [08:57] pedronis: well, no-ish [08:57] pedronis: snapd is not built without cgo [08:58] pedronis: godbus and seccomp both require it afaik [08:59] Chipaca: but those are not imported into the snapd binary or am I misremembering? [08:59] snapd definitely links with godbus [08:59] that's how it does polkit checks [09:00] as jamesh says [09:00] aha, of course [09:00] silly me [09:00] Chipaca: so we don't need getent stuff? [09:01] Chipaca:more silly questions - godbus/dbus is a native dbus, so why is it using cgo? [09:01] actually maybe it isn't, in linux [09:01] anyway until I'm deconfused that PR cannot land [09:01] just noticed that the ones that import C in there are freebsd and dragonfly [09:02] pedronis: thank you for stepping back like this, I got carried away with it :) [09:02] hmm. It looks like godbus will build without os/user for static_build [09:02] Chipaca: I was suprised you gave it a +1 without any comments btw [09:03] so it won't necessarily force cgo [09:03] pedronis: i didn't think it was nitpicking time and i didn't spot anything major [09:03] but FindGid FindGidGetent is not a sane state of things [09:03] see vendor/github.com/godbus/dbus/homedir_dynamic.go and homedir_static.go [09:03] also we have the issue that we have functions that behave very differently [09:03] depending how they are compiled [09:03] me don't like [09:04] I can confirm we don't require CGO for snapd today [09:05] godbus wants to know the home directory for the DBUS_COOKIE_SHA1 auth scheme noone uses [09:05] (we've even got a test that checks for this) [09:05] also, snapctl and snap-exec both are forced cgo-less [09:13] Chipaca: mvo: how painful would be to write unit tests that involve extrausers for reals? [09:17] pedronis: _unit_ tests? [09:17] yes, unit tests (ideally) [09:18] pedronis: 'for reals' as in via nss? [09:18] not doable [09:19] unless we added a known user to all our extrausers [09:19] including in spread [09:25] pedronis: should be doable in spread though [09:28] Chipaca: we could have tests that are skipped if libnss-extrausers is not there? [09:28] and install it in some cases also in spread [09:31] pedronis: what would the unit tests test? [09:38] you could unshare the mount namespace, and put a socket at /var/run/nscd/socket [09:39] have that feed user info into libc [09:50] Chipaca: had a chat with mvo, we have a plan I think [09:55] pedronis: … tell me more :) [10:01] pedronis: I hope to have a PR up in ~30min or so, it will be only about osutil.Find{Uid,Gid} and then we can merge it back into 7124 [10:01] Chipaca: -^ [10:01] Chipaca: the idea is to have only a single FindUid() that detect if cgo or not === pedronis_ is now known as pedronis [10:33] PR snapd#7263 opened: snap: cleanup some tests, clarify some errors [10:35] small follow up to what was already laded for system usernames ^ [10:47] pedronis, Chipaca https://github.com/snapcore/snapd/compare/master...mvo5:find-uid-getent?expand=1 here is the refactor for osutil.Find{Uid,Gid} we talked about, I'm adding more tests now (spread and some more unit tests). let me know if thats not what we captured === pedronis_ is now known as pedronis [11:08] mvo: seems in the right direction and what we discussed [11:09] pedronis: cool, I hope I have more tests and spread ready in a bit [11:29] Chipaca, hey [11:29] Chipaca, about the error: catalog: got unexpected HTTP status code 429 [11:30] cachio: yes [11:30] do you know how to make the catalog refresh just while we prepare the suite right? [11:31] cachio: say again? [11:31] Chipaca, does it work if we saved the catalog in the snapd state [11:31] PR snapd#7264 opened: packaging/fedora: build on RHEL8 (2.40) [11:31] and then we restore it? [11:31] cachio: it should, yes; then just touch the files [11:31] cachio: restore, and touch the files [11:31] so the timestamp is fresh [11:31] Chipaca, which files? [11:32] cachio: /var/cache/snapd/* [11:33] cachio: there's a "sections" file and a "names" file, as well as a commands.db [11:33] cachio: just touching sections would be enough, but * makes it more future-proof :) [11:34] cachio: OTOH, if you explicitly touch sections, then even if it's not in the saved state it might still work (i'd have to check) [11:35] Chipaca, ok, I'll implement that [11:35] Chipaca, I'll ping you in case it doesn't work :) [11:35] thanks!! [11:35] cachio: there is a spread test for the catalog thing though [11:35] cachio: which will fail if the catalog refresh doesn't actually work [11:40] Chipaca, perfect [11:44] * mvo has finished the spread test for findUid and will continue after lunch [11:46] PR snapd#7265 opened: osutil: add osutil.Find{Uid,Gid} [12:06] pedronis, mvo: hey, I'm here and ready to work on the 3rd snap_daemon PR. perhaps we could have a quick chat (5 minutes)? [12:07] pedronis, mvo: I could also attend your standup if the timing works better [12:14] jdstrand: I'm at lunch, I pushed 7265 with some small tweaks to the osutil.Find{Uid,Gid}. to chat standup or 10min before the standup (or right after) would work best [12:15] mvo: that is one of the things I wanted to discuss (whether we need the fallback at all) [12:15] mvo: I'll plan on 10 minutes before. care to invite me? [12:25] mvo: reading 7265, I like it and is inline with what I was thinking but implemented better than I was thinking :) [12:41] jdstrand: I made some changes to #7254 after your comments there [12:41] PR #7254: cmd/snap-update-ns: fix pair of bugs affecting refresh of snap with layouts [12:51] pedronis: ack thanks. can you invite me to the standup today? [12:52] jdstrand: we are in the standup channel [12:52] coming === Girtablulu|Away is now known as Girtablulu [14:00] jdstrand: I added some more comments to the PR [14:02] pedronis: ack [14:11] jdstrand: I pushed some tweaks to the 7265 osutil.FindUid pr, thanks for your feedback! the spread test should also pass now [14:20] mvo, Chipaca coudl you please take a look to #7262 [14:20] mvo: \o/ [14:20] mvo: it's getting close! :) [14:21] this has been a looooooonnngggg time coming :) [14:29] cachio: merged - and we should totally look into using this for our default sources.list :) [14:29] jdstrand: yeah, thanks for all your hard work on this one, we are getting close (did it merge without conflicts?) [14:29] mvo, sure, I'll try that today [14:30] cachio: thanks! no rush, but it feels like a cool improvement [14:30] cachio: (what I want to say is that I'm a bit excited about this I guess :) [14:31] mvo, nice :) [14:32] I want to go step by step with this [14:32] if go-build test doesn't fail today [14:32] we can go with the bigger change [14:32] cachio: sounds good [14:32] but I would like to make sure first this archive works well [14:33] in the meantime I'll create a pr to see how it works [14:33] mvo, thanks for the support [14:33] mvo: let me know when I should do a proper review pass on 7625 [14:33] heh, 7265 [14:34] pedronis: yes please I think its ready [14:34] ok [14:35] Chipaca: if you could have a quick look at 7257 that would be great, hopefully easy [14:37] mvo: LGTM [14:40] mup: Hi [14:40] niemeyer: In-com-pre-hen-si-ble-ness. [14:40] Brilliant.. [14:41] Alright folks, mup can now self-identify and even steal-back its own nick through nickserv [14:41] So this should be the end of its regular silenece [14:41] silence [14:42] * cachio lunch [14:42] niemeyer: \o/ [14:43] niemeyer: thank you! [14:44] np, sorry for how long it took [14:45] Please do let me know if it gets stuck from now on.. [14:45] mvo: the initial one did not, no, but I massaged it [14:47] mvo: +1 with some comments [14:51] mvo: re tests: fix user-libnss test> hehe [14:53] jdstrand: that was "fun" (not!) [14:53] pedronis: thanks, working through them now [14:53] mvo: :) [14:59] mvo: sorry, I nitpicked a bit on the spread tests comments [15:03] pedronis: thanks, appreciated the careful review [15:13] * ijohnson takes a break [15:18] jdstrand: sorry, one more commit to the spread test for user-libnss [15:18] jdstrand: with that it should really pass now [15:18] hehe, np [15:20] I know how spread testing goes :) [15:20] (merged) [15:34] jdstrand: meh, its still not always passing, I think there is some kind of race, I'm looking [15:39] PR snapcraft#2665 closed: Plugin catkin: disable parallel option [15:39] PR snapcraft#2669 opened: Plugin catkin: forward parallel build count [15:45] * Chipaca sets spread on fire and walks away [15:45] 🔥 [15:47] Chipaca, question [15:47] we restart snapd during reset for each test [15:48] is that triggering a catalog refresh? [15:48] right? [16:22] * cachio afk === pedronis_ is now known as pedronis [18:30] jdstrand: not sure we understand yet the failures of that new test, it seems something is not picking up the new configuration [18:32] pedronis: I theorized in the 7265 PR it might be the systemd entry in nsswitch.conf [18:35] the failure right now is silly though [18:36] * jdstrand takes a closer look [18:36] anyway we should try to make it work with getent itself [18:36] before trying with our lib [18:36] oh heh [18:38] pedronis: well, the if ./findid uid extratest can never pass cause we didn't go build anything, no? [18:38] PR snapd#7267 opened: many: simpler access to snap-seccomp version-info [18:38] we are just trying though [18:39] the code right now is silly [18:39] not sure what it did before the current hackish state [18:39] though [18:47] hacky code > nocode :-p [18:47] for a proper hacky code you want some epletive-ridden comments [18:48] expletive* [18:48] and a few comments of the form "I have no idea why this works" and "what was this supposed to do anyway?" [19:02] jdstrand: so playing in the debug shell after it fails things work [19:03] PR snapcraft#2670 opened: Plugin colcon: forward parallel build count [19:08] jdstrand: I think the failure is just silly [19:09] it's because of println I think [19:12] testing the fix [19:20] jdstrand: pushed the fix I think [19:25] PR snapd#7268 opened: tests: add /var/cache/snapd to the snapd state to prevent error on the store [19:26] pedronis: I also see that the println was problematic and fixed that here and it passed [19:29] pedronis: note, restore is not cleaning up extratest. it should: userdel --extrausers extratest [19:35] pedronis: I added two comments to the PR and merged/pushed to 7214 [19:36] pedronis: thanks for looking at that. println to stderr... indeed, silly bug :) [19:48] * cachio afk [23:33] PR snapd#7269 opened: tests: add test for services disabled during refresh hook [23:43] PR snapd#7270 opened: [RFC] overlord: save disabled snap svcs on unlink snap tasks