/srv/irclogs.ubuntu.com/2019/10/12/#ubuntu-devel.txt

Ark74hello! great night!03:50
Ark74I've seen that the network-manager package for Xenial is signed using this key:03:52
Ark74pub   4096R/F0210224A744BE93 2014-06-16 [revocada: 2016-08-16] | uid    Marc Deslauriers <marcdeslauriers@videotron.ca>03:52
Ark74but that key has being revoked03:53
Ark74I get: gpgv: Signature made Fri Nov  2 13:52:40 2018 CST using RSA key ID A744BE9303:56
Ark74gpgv: Can't check signature: public key not found03:56
Ark74would this count as a bug?03:57
valoriexenial?04:02
valorieis that still supported?04:02
Unit193For 557 more days.04:02
valorieif so, I would get so04:02
valorieguess!04:02
Ark74So, if it is so, I need to fill a bug, right?04:21
valorieArk74: easiest way to file a bug report is in the commandline: ubuntu-bug network-manager05:44
valorieand then just follow the prompts05:45
valorieyou can mark it security because it is05:45
alkisgHi, snapd doesn't run in the new ltsp, with "cannot create lock directory /run/snapd/lock: permission denied". I'm thinking it might be related to the writable overlay root that ltsp uses:05:46
alkisg29 0 0:25 / / rw,relatime shared:1 - overlay overlay rw,lowerdir=/root,upperdir=/run/initramfs/ltsp/up,workdir=/run/initramfs/ltsp/work05:46
alkisgThat /root there comes from: nfsroot=server:/srv/ltsp/images mounts the images directory, and ltsp then loop-mounts a squashfs.img file inside it, and applies a  tmpfs overlay over it05:46
alkisgWhat can I do in the LTSP code to help snapd detect IsRootWritableOverlay() or whatever else it needs?05:46
infinityalkisg: /run should be a tmpfs, not just a directory on your root overlay.07:06
cjwatsonArk74: It's not a bug that source packages uploaded years ago were signed with keys that have since expired.  The security model for fetching packages doesn't depend on developer signatures; rather, developer signatures authenticate uploads to the archive, and then the archive is signed (starting with the signature in the InRelease file) and apt trusts that.08:32
cjwatsonArk74: We aren't in general going to go round reuploading source packages to old releases of Ubuntu just to provide a new developer signature.08:33
cjwatson(expired or revoked, either way)08:35
alkisginfinity: /run is a tmpfs created by initramfs-tools; I'm putting my mount in /run/initramfs as systemd has this path hardcoded and doesn't unmount it on shutdown, as it does for other paths08:54
alkisgIt's supposed to be the correct path for initramfs-tools and dracut to mount their file systems, except for root, of course08:54
alkisgI don't think the /run path is related though, as the previous ltsp also used /run and didn't have issues with snap; but it was using nbd, not loopback over nfs (we changed to that as it's a lot more stable)08:56
alkisgAh btw, I believe /run/snapd is using mount namespaces or something else, and it appears with different permissions for each app or each user (I'm not using snap so I don't know the details)08:58
alkisgAnd maybe this has some issues with overlayfs, and maybe IsRootWritableOverlay() function is trying to apply some heuristics to work around those issues, and fails to catch the loopback over nfs case...08:59
Ark74cjwatson, oh, ok.  I need to study more the apt/gpg trust mechanism, thanks for the clarification.15:38
infinityalkisg: You misunderstood.  I don't mean the run in the initrd that has your mountpoints, I mean the /run in the running system should be a tmpfs mounted at /run :P18:31
infinity(Not confusing at all)18:32
alkisginfinity: the initramfs moves /run to the real file system, so  it's the same thing18:32
infinityalkisg: Well, overlayfs shouldn't be in play at all then?18:33
alkisginfinity: initramfs mounts proc, sys, dev, run, and root; the script/init-bottom/ltsp code loop-mounts /root/squashfs.img to /run/initramfs/blah, and creates a tmpfs there for up/work etc, and mounts the result with overlayfs in /root18:35
alkisgThen control goes back to initramfs-tools, which calls pivot_root to /root18:36
alkisgIt's the same thing that casper does for live CDs, except now it comes from nfs18:36
alkisgI see that snap has code to special-case some overlayfs file systems, so maybe it would need to add ltsp there, but I don't know the logic so I'm not sure18:37
alkisgThat's why I was looking for some guidance, to avoid spending e.g. a week understanding how snap works and why it special-cases overlayfs rootfs...18:38
infinityalkisg: Right, what I'm saying is that if your /run is a tmpfs pivoted from the initrd, then overlayfs is irrelevant, at least for the error you were talking about.18:38
alkisginfinity: the problem is /, not /run18:38
alkisgHrm18:38
infinity"/run/snapd/lock: permission denied"?18:38
alkisgOr maybe you're right, and I'm looking in an unrelated part18:39
alkisgBut then I've no idea why snapd doesn't like ltsp18:39
alkisgWe're not doing anything more than that overlay18:39
alkisgThe permission denied is probably due to mount namespaces18:40
alkisgBut I don't know how these work, how per-user or per-app namespaces are handled18:40
alkisgAnd why they break in ltsp :/18:40

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!