/srv/irclogs.ubuntu.com/2019/10/18/#snappy.txt

mborzeckimorning05:09
mupPR snapd#7621 closed: spdx: add EPL-2.0 to licenses <Created by ralight> <Closed by pedronis> <https://github.com/snapcore/snapd/pull/7621>05:30
mborzeckimvo: hey05:46
mvohey mborzecki05:46
mupPR snapd#7609 closed: snap-recovery: remove "usedPartitions" from sfdisk.Create() <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/7609>06:01
mupPR snapd#7620 closed: snap-install: add ext4,vfat creation support <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/7620>06:01
mvo7613 is ready for review now, pretty small and hopefully simple :)06:02
mborzeckimvo: so are we going with snap-recovery instead of recovery-tool, or will the former just stay an internal/testing thing for now?06:09
mvomborzecki: hope I understand the question but snap-recovery is the new name of recovery-tool, recovery-tool is a bit too generic (iirc that was what was the outcome of the code review earlier)06:13
mborzeckimvo: ah ok, missed that06:13
mvomborzecki: there should be no recovery-tool anymore unless I overlooked something :)06:14
mupPR snapd#7627 closed: overlord: add checks for bootvars in TestRemodelSwitchToDifferentKernel <Simple 😃> <Created by mvo5> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/7627>06:20
=== pstolowski|afk is now known as pstolowski
pstolowskimorning07:02
=== pedronis_ is now known as pedronis
mvohey pstolowski07:09
zygare07:18
zygahey guys07:18
zygafeeling somewhat better, working from office now07:18
zygaresuming work on /etc -> /var move07:19
mupPR snapd#7628 opened: gadget: helper for volume compatibility checks <Remodel :train:> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/7628>07:26
mborzeckimvo: ^^07:27
mborzeckipstolowski: zyga: hey07:27
mvomborzecki: nice one07:28
mvozyga: hey ! glad to hear that you feel better07:28
zygamvo: thanks07:28
pedronismborzecki: hi, btw now that claudio changes have landed #7509 should be unblocked ?07:29
mupPR #7509: gadget, snap/pack: perform extended validation of gadget metadata and contents <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/7509>07:29
mborzeckipedronis: yes07:29
zygamvo: check this out07:41
zygahttps://www.irccloud.com/pastebin/Kpa4yYyI/07:41
mborzeckizyga: hm maybe snapd.failure.service ran and exited between the is-active calls?07:44
zygathat's a good hunch07:44
zygaperhaps it should stay-after-exit?07:44
zygaor leave a trace that the test can reliably check for07:44
mupPR snapd#7629 opened: snap-recovery: create filesystems as defined in the gadget <Created by mvo5> <https://github.com/snapcore/snapd/pull/7629>07:45
mborzeckiosx jobs fail on travis?08:00
zygamborzecki: I didn't see any failures, what did you get?08:02
mborzeckizyga: jobn fails, 10 minutes with no output, as if nothing got really executed08:02
zygahum08:03
zygaI've submitted some changes so I will likely see that soon08:03
zygabut no output is a big hard to debug08:03
zygamacos has abandoned bash and switched to zsh08:03
zygamaybe that's a factor?08:03
mborzeckireally?08:04
mborzeckiwonder why08:04
zygagpl08:05
zygathey never upgraded past gpl 2.0 licensed version08:05
zygathere's nothing gpl 3.0 on macos08:05
mborzeckiduh08:07
mborzeckiat least they didn't go with tcsh :P08:07
zygamash :)08:07
pedronismvo: so I'm ready to submit seed/seed20 code and the basics of using it for firstboot, but I need reviews otherwise it will just be huge diffs08:10
zygamvo: question on your policy branch https://github.com/snapcore/snapd/pull/7615/files#r33636727008:10
mupPR #7615: policy: implement CanRemove policy for the snapd type <Created by mvo5> <https://github.com/snapcore/snapd/pull/7615>08:11
pedronisI'll have a break and then switch to doing reviews08:16
mvozyga: sure, I have a look08:19
mvopedronis: will review your PR in a little bit08:19
Chipaca👋08:25
Chipacajust to note I'm not working today :-)08:25
Chipacadid I say note? I meant 'gloat'08:25
zygaChipaca: are you okay?08:31
pedroniszyga: what's the status of #7547 ? does it need Jamie's review?08:44
mupPR #7547: many: use a dedicated named cgroup hierarchy for tracking <Created by zyga> <https://github.com/snapcore/snapd/pull/7547>08:44
zygapedronis: I asked for someone from security (jamie or alex) to review it08:44
zygajamie had a look and mentioned the idea is sound (on IRC)08:44
zygabut there's no full review from him yet08:44
zygaI think it would be good to have one though it's all entirely behind a feature flag so we might land it without a review assuming we get one later08:45
zygaI have more code depending on this landing so moving it would unblock me08:45
zygamborzecki: reviewed https://github.com/snapcore/snapd/pull/7628#pullrequestreview-30374674509:01
mupPR #7628: gadget: helper for volume compatibility checks <Remodel :train:> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/7628>09:01
mborzeckithx09:01
mvothanks zyga !09:02
zygamvo: small review for you https://github.com/snapcore/snapd/pull/7626#pullrequestreview-30375875109:11
mupPR #7626: [RFC] managers: add remodel undo test for new required snaps case <Created by mvo5> <https://github.com/snapcore/snapd/pull/7626>09:11
mvozyga: happy to discuss this in a bit, fwiw we use similar style in snapstate and wrappers, it seems to be ok if "f() (err error)" style is used - or am I misreading/misunderstanding?09:15
zygamvo: it's still easy to define another err09:16
zygamvo: I know we are using this style09:16
zygabut if we are going to rely on it I think it's a bit too fragile09:16
pedroniszyga: it's a bit more subtle09:17
mvozyga: you mean if someone defines does "return err2" ?09:18
pedronisthe return do an assignment afaiu09:18
mvoyeah, that is my understanding as well, so I wonder if I miss something09:18
pedroniszyga: see, this code  https://play.golang.org/p/gzUa03a0ET709:18
zygamvo: I could be wrong but last time I was doing it I had unexpected results from foo, err := ... style code even if err was defined09:18
mvozyga: this case will work, I can add some test for this later09:19
mvozyga: but in the middle of a review right now so I don't want to switch too much context :)09:19
mvozyga: aha, pedronis was kind enough to add the pastebin09:20
mvoeh, play09:20
pedroniszyga: is the this bit of the spec: A "return" statement that specifies results sets the result parameters before any deferred functions are executed.09:22
pedronishttps://golang.org/ref/spec#Return_statements09:22
zygapedronis: that's interesting, I didn't know that09:25
zygaI was trying to craft something nefarious in the playground but could not09:25
mvozyga: we could add a comment to this kind of code to ensure ppl are not nervous about it09:27
pedronisthere are still some ways to get this idiom wrong:09:28
pedronisnot defining err in the return type, but have some early err := but using the idiom anyway somehow09:29
pedronissome path that errors but returns nil to the caller (but still hope to get the undoing working)09:29
pedronismvo: thanks for the review, I asked a question about one of your questions :)09:38
zygaI'll be back soon,09:45
zygait's so cold in the office nowadays09:45
zygaI should turn more computers on09:45
zyga(heating is on but the office has weaker heat insulation compared to the rest of the house)09:46
mvopedronis: thanks, I replied10:00
pstolowskiyay, got the cloud image firstboot working end-to-end with pre-baked image \o/10:13
pstolowskinow onto open points.. system key, gadget configure hook..10:15
zygapstolowski: nice milestone :)10:15
pedronismvo: couple of comments in 762610:20
mvopedronis: thank you10:20
pedronispstolowski: great10:20
mupPR snapd#7548 closed: tests: update snap logs to match for multiple lines for  "running" <Created by sergiocazzolato> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/7548>10:28
mvopedronis: thanks for your suggestions, I will update the undo PR accordingly, much simpler this way :)10:29
mupPR snapd#7630 opened: overlord/devicestate: check snap handler for gadget remodel compatibility <Remodel :train:> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/7630>10:33
mborzeckimvo: pedronis: ^^10:33
mupPR snapcraft#2754 closed: meta: support the case of a plug without a default provider <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2754>11:11
mvomborzecki: thanks, looking11:13
zygamborzecki: https://github.com/snapcore/snapd/pull/7630#pullrequestreview-30381842211:13
mupPR #7630: overlord/devicestate: check snap handler for gadget remodel compatibility <Remodel :train:> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/7630>11:13
zygamvo: is https://github.com/snapcore/snapd/pull/7613 already minimal or would merging master shrink it?11:14
mupPR #7613: snap-recovery: add minimal binary so that we can use spread on it <Created by mvo5> <https://github.com/snapcore/snapd/pull/7613>11:15
zygamborzecki: can you do a pass over https://github.com/snapcore/snapd/pull/7614 as well11:16
mupPR #7614: cmd/snap-confine: implement snap-device-helper internally <Created by zyga> <https://github.com/snapcore/snapd/pull/7614>11:16
mvozyga: its already minimal, I merged master this morning11:17
zygamvo: thanks, I'll review it then11:17
zygamvo: I only asked because it said it is based on something and I wasn't sure11:17
mvozyga: ta11:18
* pstolowski lunch11:37
* zyga break as well11:41
zygamvo: I'll finish the review soon11:41
mvozyga: no worries, I have lunch now11:45
=== ricab is now known as ricab|lunch
zygamvo: https://github.com/snapcore/snapd/pull/7629#pullrequestreview-303823599 :)11:58
mupPR #7629: snap-recovery: create filesystems as defined in the gadget <Created by mvo5> <https://github.com/snapcore/snapd/pull/7629>11:58
mupPR snapd#7628 closed: gadget: helper for volume compatibility checks <Remodel :train:> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/7628>12:01
zygaLXD test is failing a few times today12:03
mborzeckipedronis: updated #750912:11
mupPR #7509: gadget, snap/pack: perform extended validation of gadget metadata and contents <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/7509>12:11
pedronisjdstrand: hi, I made a meta comment in the system-backup PR, you probably know but you have quite few snapd PRs asking your review12:14
jdstrandpedronis: thanks, yes, going to get through as many as I can today12:15
mborzeckioff to pick up the kids, or i'm gonna be late for standup12:18
jdstrandmvo: hey, others said they would bring this up in your standup, but fyi bug #184856712:21
mupBug #1848567: autogenerated per-snap snap-update-ns apparmor profile may contain many duplicate mount rules causing excessive parser memory usage <aa-parser> <AppArmor:New> <snapd:New> <https://launchpad.net/bugs/1848567>12:21
zygaoh12:22
jdstrandzyga: oh, did you not see backscroll from after you eod'd?12:22
* jdstrand gathers12:22
zyganope12:22
zygaI didn't read any12:22
jdstrandzyga: https://paste.ubuntu.com/p/NKFGsZtBZN/12:24
zygajdstrand: thanks12:25
zygajdstrand: I think there is an "easy" way to solve this12:25
zygajdstrand: I can give it a try12:25
zygajdstrand: we can de-duple in the apparmor spec12:25
zyga*de-dupe12:25
zygajdstrand: and simply change how we emit lines for the offending rules12:26
jdstrandzyga: please only dedupe in snap-update-ns profiles though12:26
zygajdstrand: I'll try12:26
zygajdstrand: though12:26
zygajdstrand: I think it'd be good to do globally12:26
jdstrandzyga: I do not12:26
zygajdstrand: we can have some code that emits # line if line was already added12:26
zygajdstrand: why?12:26
zygajdstrand: doing it in a specific profile would create a special case12:26
zygajdstrand: so more complexity to test12:27
jdstrandzyga: snap-update-ns is auto-generated so we need to make sure it is clean. the handcrafted snippets will have few duplicates and removing them will have essentially no performance gain but cause confusion in debugging and auditing12:28
zygajdstrand: it depends on how it is done, we can keep the duplicated lines, just comment them out12:28
pedronisI agree with jdstrand that it will get confusing for debugging12:28
Saviqis there documentation somewhere about the acls I can give to `snapcraft export-login`?12:28
zygapedronis: it's hard to say if it is confusing before we see it12:28
pedroniszyga: heh12:29
pedronisyou are copying something into something else12:29
pedronisexcept removing some bits12:29
jdstrandzyga: please note the problem is that the parser doesn't (currently) have a cheap dedupe for mount rules. all others are dedupes fast. we just need to make sure the auto-generated profiles doesn't balloon12:29
pedronisdepending on mixing of things12:29
pedronisthat sounds confusing12:29
pedronisa priori12:29
zygapedronis: I think you are confused by what I'm trying to do12:29
zygajdstrand: sure, I understand the problem12:30
pedroniszyga: I expect every line from a template to end up in the final profile atm12:30
pedronisit sounds you want to change that12:30
jdstrandzyga: the commented out idea is better than removing, but we don't want that. why have 17000 commented out lines?12:30
zygajdstrand: for the audit you wanted?12:31
zygapedronis: I don't want to change anything related to the template12:31
zygapedronis: or parse anything for that matter12:31
pedroniszyga: you are changing the relation between template content and output12:31
jdstrandzyga: I am talking about *auto-generated* rules. for templated policy with snippets, we  should have everything12:32
zygapedronis: yes, but that is unavoidable, we must change something to get less output12:32
pedroniszyga: yes, but only for autogenerated stuff12:32
zygajdstrand: sure, but I never intended to change the template here12:32
zygapedronis: yes, that's what I was proposing12:32
zygaanyway, I think code speaks clearer than english12:33
pedroniszyga: so I'm not confused, but both me and jdstrand are saying no to that12:33
zygaI will have a look12:33
zygaand we can discuss it then12:33
jdstrandzyga: but you did say that you would dedupe snap.* profiles, not just snap-update-ns.*. snap.* aren't autogenerated12:33
pedroniszyga: please discuss with mvo how to prioritize this12:33
zygajdstrand: my idea is to dedupe snippets12:33
zygajdstrand: nothing more12:33
zygajdstrand: this idea is super simple, it only depends on how we send mount rules as snippets12:33
zygajdstrand: instead of sending one big block of unique text12:33
jdstrandzyga: snippets are also not autogenerated rules12:33
zygajdstrand: we can send each mount rule12:34
zygajdstrand: snippets are just that, the contets is auto generated or not12:34
jdstrandzyga: or rather, the ones in interfaces/builtins are not autogenerated12:34
zygajdstrand: if we change the content permissions to generate each mount rule as a snippet12:34
zyga(actually we may already have deduplication in the snippets)12:34
jdstrandzyga: there is a difference between snapd calculating individual rules and adding them and snapd splatting out templated snippets12:34
zygajdstrand: so instead of sending one, say, ten line snippet12:34
zygajdstrand: we can send ten snippets12:35
zygajdstrand: and if the next directory rule sends the 9 snippets that are the same12:35
zygajdstrand: and one that is different12:35
zygajdstrand: we end up with just 11 snippets now12:35
zygajdstrand: as I said above, I don't intend to parse or split snippets that are provided to the spec12:35
zygajdstrand: just be smarter about the snippets that we add to the spec in this case12:36
jdstrandzyga: there are implementation ideas that can be done to dedupe. that is fine. I'm saying that at the end of it all, we should have deduped snap-update-ns policy, but snap.* policy is character by character identical12:36
jdstrandto what we have now12:36
zygajdstrand: I think I see your point but I don't think we should be this strict about this, this kind of approach introduces special cases that are error prone. I don't think we have any duplication in snap profiles today. Having said that I would not like to if-then-else this special case12:37
jdstrandzyga: it doesn't feel that hard. add a flag if and set it to true if generating snap-update-ns12:38
zygajdstrand: btw, how did you run into this?12:38
zygajdstrand: is there a simple test where we can measure the memory used by apparmor parser?12:38
pedronisjdstrand: agreed12:39
jdstrandzyga: people (including myself) were seeing OOMs in Ubuntu vms12:39
jdstrandzyga: did you read the bug? :)12:39
zygajdstrand: I didn't notice the -f mem thing there, I read the summary only12:40
zygajdstrand: I will look at adding a test that checks if the memory used by apparmor parser on a specific profile is not unreasonable12:40
zyga(though as with all "benchmark" style tests, it's not a clear-cut what is reasonable)12:40
jdstrandzyga: btw, there is duplication in the snap.* profiles today, but it is small and unimportant for performance and memory12:40
jdstrandzyga: that will be difficult and dependent on how many cpus you have12:41
zygajdstrand: I would imagine a test that loads one specific profile should not depend on that12:41
zygajdstrand: (load profile one by one, check that memory used by apparmor parser is << than some sane value)12:41
zyga(with the right arguments to force skipping cache to see the actual cost)12:42
jdstrandzyga: one profile no, but that is artificial with pstolowski's patches to load all of the snaps profiles with one parser invocation. it might be ok, but I don't know what a good number is. it is definitely less than 1.5G :)12:42
zygajdstrand: btw, why is apparmor parser not de-duplicating mount rules?12:42
jdstrandzyga: that is in the bug :)12:43
zygajdstrand: yeah, for sure, I need to see12:43
jdstrandzyga: it is a bug in apparmor_parser. it should be12:43
zygaI see12:43
zygaok12:43
zygamvo: can you triage https://bugs.launchpad.net/snapd/+bug/1848567 :)12:43
mupBug #1848567: autogenerated per-snap snap-update-ns apparmor profile may contain many duplicate mount rules causing excessive parser memory usage <aa-parser> <AppArmor:New> <snapd:New> <https://launchpad.net/bugs/1848567>12:43
jdstrandzyga: but even if that was fixed, 17000 auto-generated rules need to be fixed12:43
zygajdstrand: it looked good when we were writing it ;)12:44
zygajdstrand: precise and all that12:44
zygabut yeah12:44
jdstrandthat is impossible to read, audit and too much disk12:44
pedronismborzecki: I don't understand why we need volumes for classic gadgets now in #750912:44
mupPR #7509: gadget, snap/pack: perform extended validation of gadget metadata and contents <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/7509>12:44
zygajdstrand: perhaps we should not be this precise12:44
jdstrandzyga: well, I think things are pretty 'ok' with a single content interface. but the pattern in the filed is multiple content interfaces like with gnome-calculator12:44
pedronismborzecki: commented there12:45
jdstrandzyga: we are precise for a reason. just dedupe: we are then precise and small12:45
jdstrandthe file ends up being <700 lines (with comments) after deduped. that is totally fine12:46
jdstrand(for gnome-calculator that is)12:46
jdstrandmemory is inline with all our othe profiles12:46
jdstrandtime to compile too12:47
jdstrandit's a cheap win with no production risk since the rules loaded into the kernel are exactly the same as the 17000 line profile12:48
zygajdstrand: because of apparmor parser DFA miminalization?12:48
jdstrandzyga: yeah12:50
ijohnsonjdstrand: well looks like you got your bug discussed before I even had a chance to mention it :-)12:51
jdstrandzyga: there is an expensive dedupe stage and a cheap one. the cheap one is missing for mount in the parser.12:52
zygayeah, I think I understand how the parser is ending up working this way12:52
jdstrandzyga: the idea is, do the cheap one then the expensive.12:52
zygastate machine transformations are expensive, especially the minimalization that results in exponential states12:52
jdstrandijohnson: heh, it was good. now people know where everyone stands and the discussion in the standup can perhaps be more productive, shorter and about resourcing12:53
ijohnson+112:53
ijohnsonoh btw I still have a todo to look into stopping pivot_root for containerd, is that still necessary/relevant (cc joedborg)12:54
mborzeckipedronis: heh, right, leftover from the initial version of the pr12:54
ijohnsonjdstrand: ^12:54
pedronisijohnson: hi, I did a pass on the disabled services PRs12:55
joedborgijohnson: I’ve tried with setting `no_pivot` to true but am still getting the app armor violations on the file system12:55
jdstrandijohnson: kjackal is who wanted it (but I'm sure joedborg is interested too), but yes, kjackal saw prometheus had a similaar issue. I'll let him comment further12:55
jdstrandijohnson: if you don't mind that is12:55
* kjackal reading12:56
jdstrandzyga: fyi, sha256sum for big vs deduped cache files: https://paste.ubuntu.com/p/YFCkGZysk2/12:58
zygajdstrand: how did you dedupe?12:58
ijohnsonpedronis: I saw that thanks12:58
jdstrandzyga: it is in the bug ;) I sort -u then put the preamble lines and the } in the right spot12:58
zygajdstrand: +112:59
zygathanks12:59
zygayeah, this is expected12:59
* jdstrand nods12:59
kjackalijohnson: joedborg is probably the best to comment on this. The only thing I can say for sure is that we see issues with a number of workloads some of which are probably due to patches mising from containerd.12:59
jdstrandjust wanted to prove that the kernel blob is the same. no reason to change our rules12:59
ijohnsonjdstrand, kjackal, joedborg: ack I'll still take a look at it then. btw which snap is this for, the kubernetes-worker snap? I can't seem to find it on github anymore, I thought it was somewhere in https://github.com/charmed-kubernetes/bundle13:00
jdstrandijohnson: https://github.com/charmed-kubernetes/snap-kubernetes-worker is kubernetes-worker13:01
ijohnsonthanks jdstrand13:01
jdstrandijohnson: https://github.com/ubuntu/microk8s/ is microk8s13:01
joedborgah thanks jdstrand13:01
jdstrandijohnson: (though I don't know where kjackal's strict mode branch is currently living)13:01
jdstrandotoh13:02
kjackalIt is here https://github.com/ubuntu/microk8s/tree/feature/strict-v313:02
ijohnsonthanks everybody, will try to look into this soon13:03
jdstrandzyga: so, for the benchmark, /usr/bin/time -f "wall: %E, mem: %M Kb" apparmor_parser -QTK -o benchmark.cache profile13:03
jdstrandzyga: actually, just to be 100% consistent: /usr/bin/time -f "wall: %E, mem: %M Kb" apparmor_parser -j1 -QTK -o benchmark.cache profile13:03
mupPR snapd#7562 closed: tests: check the apparmor_parser when the file exists on snap-confine test <Simple 😃> <Created by sergiocazzolato> <Merged by sergiocazzolato> <https://github.com/snapcore/snapd/pull/7562>13:04
jdstrandzyga: where profile is something akin to what gnome-calculator has (eg, multiple content plugs). maybe put memory at under 50000 and time at under 1 second?13:05
zygajdstrand: thank you, I'll make sure this is tested13:05
jdstrandzyga: you might have to play with those thresholds. the deduped profile was ~32M here and < .5 seconds13:06
jdstrandhere13:06
zygajdstrand: I think I will put the threshold at 512M13:06
zygaif we needed more mem we will fail on some supported systems13:06
jdstrandzyga: maybe make sure it is < 1000? line? (it was 662 here)13:06
zygabut I need to sit down and code it first13:07
zygamost likely next week as we won't release over weekend anyway13:07
jdstrandzyga: soryy, 50000 was in k. that is 50M13:07
jdstrandzyga: 'time' uses 'k' but then I used 'm' in later comments. 50M as the upper limit initially sounds good13:08
* jdstrand tests on arm64 and armhf real quick13:08
zygajdstrand: I'm only grumpy that nobody raised this during 19.10 beta13:09
zygajdstrand: we could have fixed it for that release13:09
zygajdstrand: but that's why I want to do a test13:09
jdstrandzyga: it isn't a 19.10 thing13:09
zygajdstrand: so that next time we won't be burned by accident13:09
zygajdstrand: oh I know13:09
zygabut it JUST SHIPPED and nobody noticed before :)13:09
jdstrandzyga: oh I see what you mean13:09
jdstrandzyga: yes, well, at least it was found by us rather than the field blowing up13:09
zygajdstrand: well, the field may still blow up :)13:10
jdstrandzyga: but, for sure classic distro is feeling this and don't know it13:10
jdstrandzyga: most desktop system probably have 1.5G ram and swap these days, and it is desktop system that hit the pathological multiple content interface case13:11
zygajdstrand: yeah13:11
jdstrandzyga: so OOM won't usually be hit unless other things are going on13:11
zygajdstrand: if you want to review it today I may look at a quick PR after standup13:11
zygajdstrand: if you are fine waiting it will be done next week13:12
jdstrandbut, they could crawl with swap and be a bit slow13:12
jdstrandzyga: yes. I am off Mon and Tue. 2.43 material is fine13:12
zygajdstrand: oh13:12
zygahmmm13:12
jdstrandzyga: I'm going to try to get through all the PR reviews today13:12
zygaperhaps a quick iteration today is better13:12
zygawell, I'll leave that to you13:12
zygaotherwise I will resume reviews13:13
zygaand try to finish a bugfix for apparmor in another area13:13
zyga(the one with the include file)13:13
jdstrandzyga: 2.43 wasn't even branched yet as of... yesterday? wed?13:13
zygaI don't know the status of the release13:13
zygasorry13:13
=== kristijanzic[m] is now known as KristijanZic
jdstrandthat's fine. next week is fine. please discuss priority in standup (and feel free to relay I'm reviewing today and off Mon and Tue if that is useful)13:14
jdstrandzyga: ^13:14
zygaok13:14
jdstrandzyga: a not nearly as important bug that I can't recall if I forwarded to you: https://bugs.launchpad.net/snapd/+bug/184851613:15
mupBug #1848516: snap connections/interfaces shows dropped interfaces as connected after refresh <snapd:New> <https://launchpad.net/bugs/1848516>13:15
jdstrandzyga: oh, I did. I was really surprised remove/install still showed it as connected :)13:15
jdstranderf, 'time' isn't in UC13:17
ograjdstrand, lies ... my UC16 has it :P13:18
jdstrandogra: /usr/bin/time?13:18
ograah, no, the shell builtin13:19
jdstrand(it is also a shell builtin, but that isn't what I want)13:19
* jdstrand nods13:19
jdstrandusing classic snap13:19
jdstrandogra: I totally forgot how handy /usr/bin/time is13:20
ograhaha, yeah13:20
jdstrandthe builtin is all I think I've used for years :)13:20
ograoh, it actually even comes from its own deb13:20
ograi thought it is part of coreutils13:20
jdstrandhuh, me too13:23
jdstrandzyga: oh, /usr/bin/time -f "wall: %E, mem: %M Kb" apparmor_parser -QTK -Ono-expr-simplify -j1 -o cache profile13:23
jdstrandzyga: (forgot -Ono-expr-simplify)13:23
jdstrandzyga: armhf: wall: 0:00.24, mem: 3472 Kb13:24
=== ricab|lunch is now known as ricab
jdstrandzyga: arm64: wall: 0:00.45, mem: 5392 Kb13:39
* jdstrand moves along13:40
ograheh, thats the same binary you call on armhf and arm64 i guess ?13:40
ogra(surprising it isnt 2x the memory size but only 1.5 or so ... )13:41
ijohnsonhey Chipaca got a question yesterday about store connections from snapd... is there a single global timeout we set for all connections to the store? and if there is, can a user adjust that timeout?14:02
mupPR snapd#7574 closed: client: add KnownOptions to Know() and support remote assertions <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/7574>14:09
pedronisijohnson: John is off today,  we have a couple of timeouts and retry strategies, they are not user configurable atm14:09
ijohnsonah okay, thanks pedronis14:09
mvo7622 is now also ready for a review14:10
mvozyga: hm, it looks like I did not look closely enough, 7613 was the smallest snap-recovery PR in flight right now, I will apply your feedback to the other to this one. sorry that I overlooked this earlier14:13
zygamvo: no worries :)14:13
pedronismborzecki: re-reviewed 750914:23
mborzeckipedronis: thanks14:24
jdstrandpedronis: hey, those snap-ids, they were for all stores, correct?14:31
pedronisjdstrand: yes14:32
jdstrandthanks14:32
zygajdstrand: I think it works14:38
zygajdstrand: have a look https://usercontent.irccloud-cdn.com/file/FB0h24Ik/deduped-update-ns-profile14:39
zygaI need to adjust tests but it's simple enough14:39
zygabut firstd14:39
zygafoood :D14:39
* zyga had only breakfast and it's almost 5PM14:39
jdstrandzyga: yikes. that happened to me yesterday :\14:40
zygaas a super-cheap approach for now until tests pass14:41
zygajdstrand: diff that makes it go  https://www.irccloud.com/pastebin/TCWMioYP/14:41
zygait relies on spec.AddUpdateNS() de-duplicating already14:41
zygaok, time for that food14:41
joeubuntuhey all - looking for a pointer. I've heard tales of a scenario where snaps can be built by pulling source down from github. Is there a link you can share so I can read up on it? I have not been able to find it with the googles.14:54
joeubuntui.e. I'd somehow modify my snapcraft.yaml to git clone my repo? Is that a thing or do I misunderstand the feature?14:58
ijohnsonjoeubuntu: do you mean you have a snapcraft.yaml source on github you want to be built into a snap? or you just want to include some github repo in your snap?14:58
ijohnsonjoeubuntu: we have build.snapcraft.io which will automatically re-build your snap when you push to the github repository and publish the built snap into the edge channel14:59
joeubuntuijohnson that is the goal!  right now I just copy my files in to ~/snap/snapName/snap/files15:00
ijohnsonhmm I guess I didn't quite follow which thing is the goal :-)15:01
joeubuntuI want to use build.snapcraft.io , so thanks !15:02
ijohnsonjoeubuntu: ah okay cool, feel free to let us know if you can't get it setup15:05
ograoh, so interesting (and i have never noticed that before ...)15:05
ogra$ du -hcs /usr/lib/chromium-browser15:05
ogra230M/usr/lib/chromium-browser15:05
ogra$ ls -lh /var/lib/snapd/snaps/chromium_881.snap15:06
ogra-rw------- 1 root root 156M Okt 11 03:00 /var/lib/snapd/snaps/chromium_881.snap15:06
ograoSoMoN, why the heck dont we blog left and right about this ^^^ :)15:06
ogra(i just had another "snaps are too big" discussion with someone ... and actually checked the sizes for the first time ... what a surprise :)15:07
ijohnsonogra: maybe popey should update that blog post?15:08
ograwell, its a bit unfair given you have 3 copies with the snap ... so you lose the advatage in the end again ... but the fact alone that the snap itself is 80M smaller is definitely not well known among the haters (and their parrots)15:09
joeubuntuSorry for all the question... now that I am using build.snapcraft.io what does my snapcraft.yaml have to look like ? prior to using b.s.io I manually copied my files in to files/bin/* ?  In the repo they are just in the root.  I imagine I need to just update wrapper: source: to / and change the command from bin/foo to /foo ?15:12
ijohnsonjoeubuntu: so you have some files that are just on your mahcine's filesystem that need to be in the snap? if it doesn't make sense to put those files into your git repository, then you usually would either build those files inside a part in your snapcraft.yaml or upload those files somewhere and use the dump plugin in snapcraft with a source pointing to wherever you uploaded those files15:19
ijohnsondoes that make sense?15:19
zygare15:20
joeubuntuijohnson thanks,  I'll poke around. Thanks for the tips!15:20
popeyijohnson: I'm on vacation. Please email if there is something that needs my attention. Ta15:21
* ogra hugs popey ... no action needed enjoy holiday beers !15:22
ijohnsonpopey: enjoy the vacation! do something fun and stop checking notifications :-)15:23
* cachio lunch15:23
oSoMoNogra, yeah, I wrote about it at some point to answer one of those "snaps are big" claim15:46
oSoMoNto be fair, that's quite the exception, snaps do tend to be bigger than their deb counterparts15:46
oSoMoNwhich is totally normal, given that they embed their dependencies15:47
mvozyga: I addressed some of the feedback in 7629 in 7613, probably best to focus on 7613 for now and once that landed I will work on the remaining bits in the other one15:50
zygamvo: cool, I'll finish the de-dupper for jdstrand and look15:50
mvozyga: I still need to look at how not-to-install snpa-recover on rpms :/ but I'm running out of time for today15:52
zygamvo: rm -f works :)15:52
zygamvo: porting it to use snapd.mk also works15:52
zygamvo: in snapd.mk there's a section for things that are removed if we are packaging for a classic distribution15:53
zygamvo: thank you for looking into this :)15:53
ograoSoMoN, indeed15:53
mvozyga: ok, feel free to just do it and push while I'm away but I will try to get to it later tonight15:53
* mvo waves15:53
zygamvo: I won't have time, I will finish this bug and work on a test15:53
mupPR snapd#7631 opened: interfaces/pulseaudio: adjust to manually connect by default <Created by jdstrand> <https://github.com/snapcore/snapd/pull/7631>15:54
pedronisjdstrand: what's the status of #7228 ?15:55
mupPR #7228: interfaces: add audio-playback/record and pulseaudio spread tests <Created by jdstrand> <https://github.com/snapcore/snapd/pull/7228>15:55
jdstrandpedronis: that is next up after I do PR reviews and store reviews, so, for next week16:01
jdstrandpedronis: but for 2.43 for sure. disco has the changes needed to actually write those tests now, so I can move forward16:02
pedronisjdstrand: ok, thanks for the update16:02
jdstrandpedronis: fyi, I talked with kenvandine and he said that the desktop team will hopefully have the sru done for bionic and xenial (see https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/1781428)16:04
mupBug #1781428: please enable snap mediation support <patch> <pulseaudio (Ubuntu):Fix Released by jamesh> <pulseaudio (Ubuntu Xenial):Triaged by jamesh> <pulseaudio (Ubuntu Bionic):Triaged by jamesh> <https://launchpad.net/bugs/1781428>16:04
jdstrandpedronis: all the necessary dependencies are SRU'd, so just need the pulseaudio patch (though there may be a snapd-glib bug that needs fixing on xenial)16:04
kenvandinejdstrand: that reminds me to check on that :)16:05
jdstrandpedronis: I mention that because if it is SRUd before 2.43, I can adjust the aforementioned spread test to also include xenial and bionic rather than just disco (and now that I think of it, eoan)16:05
jdstrandkenvandine: thanks :)16:05
jdstrandpopey, Wimpress: is there anything besides snapcraft-desktop-helpers and electron-builder that might templatize snapcraft.yaml/snap.yaml to include pulseaudio?16:09
=== pstolowski is now known as pstolowski|afk
zygajdstrand: ok, I have a fix16:28
zygajdstrand: I'll work on a perf test now16:29
mupPR snapd#7632 opened: interfaces/apparmor: avoid excessive repetition of snap-update-ns mount rules <Created by zyga> <https://github.com/snapcore/snapd/pull/7632>16:34
popeyjdstrand: we are both on holiday, please email or forum thread16:34
zygajdstrand: https://github.com/snapcore/snapd/pull/763216:34
mupPR #7632: interfaces/apparmor: avoid excessive repetition of snap-update-ns mount rules <Created by zyga> <https://github.com/snapcore/snapd/pull/7632>16:34
zygajdstrand: if you don't mind I'll EOD now but watch for your feedback16:36
zygajdstrand: I can implement the spread test that checks for memory usage next week16:36
zygajdstrand: I wanted to ack the main part with you16:36
zygajdstrand: namely changes to apparmor.Specification.AddUpdateNS16:37
* zyga EODs and waits for jdstrand's input passively 16:38
jdstrandzyga: thanks! I've got a bunch of PRs enqueued ahead of that so may not get to it today16:49
zygajdstrand: boo ;-)16:50
zygajdstrand: can you just ack 3 line diff then16:50
zygajdstrand: (or not ack)16:50
zygathat's the essence16:50
zygahttps://github.com/snapcore/snapd/pull/7632/files#diff-8d0225478e724e1ef6689c6f12feac06L18416:50
zygathis one16:50
mupPR #7632: interfaces/apparmor: avoid excessive repetition of snap-update-ns mount rules <Bug> <Created by zyga> <https://github.com/snapcore/snapd/pull/7632>16:50
zygaI just realized this is just the layout part, not the content part16:51
zygashoo16:51
zygaanyway, that's that16:51
jdstrandzyga: I'm going to want to really examine it and not rush it to make sure we end up with identical cache files16:51
zygajdstrand: note, you don't have to approve it16:52
zygajdstrand: just disapprove if the approach is too simple16:52
zygajdstrand: but it's your call16:52
zygajdstrand: I'll add the perf test and handle content interface next16:52
jdstrandzyga: it's apparmor policy generation. I requested myself for review16:53
jdstrandpopey: sorry, thanks, done16:56
mupPR snapd#7616 closed: interfaces/many: allow k8s/systemd-run to mount volume subPaths plus cleanups <Created by jdstrand> <Merged by jdstrand> <https://github.com/snapcore/snapd/pull/7616>17:31
jdstrandkjackal: fyi ^. that should be in monday's core in edge17:32
kjackalwoohoo awesome jdstrand18:07
zygajdstrand: FYI https://github.com/snapcore/snapd/pull/7632 is updated to handle all the interfaces that used update-ns snippets18:11
mupPR #7632: interfaces/apparmor: avoid excessive repetition of snap-update-ns mount rules <Bug> <Created by zyga> <https://github.com/snapcore/snapd/pull/7632>18:11
zygajdstrand: I _really_ EOD now :)18:11
ijohnsonjdstrand: feel free to push #7579 to the back of your queue FWIW, the other PR's open in snapd are more important and we don't have anybody asking for that right now, just something I noticed18:19
mupPR #7579: interfaces/network-setup-observe: add Info D-Bus method accesses <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/7579>18:19
* zyga waves and wishes everyone a good weekend18:22
ijohnsonhave a good weekend zyga18:29
jdstrandijohnson: it is on the list, thanks18:30
jdstrandzyga: thanks!18:30

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!