/srv/irclogs.ubuntu.com/2019/11/28/#snappy.txt

mup	PR snapd#7796 closed: overlord/snapstate: make sure configuration defaults are applied only once <⚠ Critical> <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/7796>	04:57
mup	PR snapd#7811 closed: cmd/snap-bootstrap: some small naming and code org tweaks <UC20> <Created by pedronis> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/7811>	04:57
mup	PR snapd#7814 closed: overlord/snapstate: make sure configuration defaults are applied only once (2.42) <⚠ Critical> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/7814>	04:58
mup	PR snapd#7816 opened: release: 2.42.4 <Simple 😃> <Created by mvo5> <https://github.com/snapcore/snapd/pull/7816>	06:30
pedronis	mvo: hi, I made some (further) comments in #7810, hope they make sense	07:26
mup	PR #7810: devicestate: add reading of modeenv to uc20 firstboot code <UC20> <Created by mvo5> <https://github.com/snapcore/snapd/pull/7810>	07:26
mvo	pedronis: good morning	07:28
mvo	pedronis: looking, thanks a lot for the feedback	07:28
pedronis	mvo: that final note probably means we should tweak the boot pkg interface for modeenv to avoid errors, but can be done a bit later	07:33
mvo	pedronis: ok, the comment makes sense, I will work on this in a wee bit (after some baby-sitting for 2.42.4, the review tools are acting up or something else is blocking reviews)	07:34
=== pstolowski\|afk is now known as pstolowski
pstolowski	morning	08:03
marcustomlinson	morning :)	08:03
mvo	pedronis: thanks and I updated 7810 - hope I captured what you suggested there	08:08
mvo	pstolowski, marcustomlinson good morning!	08:10
pedronis	mvo: reviewed	08:25
mvo	pedronis: thank you!	08:42
mup	PR snapd#7817 opened: boot,bootloader: make MakeBootable() uc20 aware <UC20> <Created by mvo5> <https://github.com/snapcore/snapd/pull/7817>	09:01
zyga	Good morning	09:03
zyga	Working till 1am	09:03
zyga	Will start in an hour	09:03
zyga	mvo: is the release successful?	09:04
mvo	zyga: so far it looks good, we need sergio to do the validations now but stuff is in beta	09:06
zyga	Ack	09:16
pedronis	mvo: did a pass on 7817	09:18
mvo	pedronis: thank you!	09:20
mup	PR snapd#7818 opened: cmd-boostrap: write /var/lib/snapd/modeenv to the right place <Simple 😃> <UC20> <Created by mvo5> <https://github.com/snapcore/snapd/pull/7818>	09:28
pedronis	mvo: let me know if you have questions	09:29
mup	PR snapd#7750 closed: sanity: check /dev/loop-control device as part of sanity checks <Created by stolowski> <Closed by stolowski> <https://github.com/snapcore/snapd/pull/7750>	09:33
mvo	pedronis: looks good, will work on this next	09:34
mup	PR snapd#7819 opened: boot: add boot.Modeenv.Base support <Simple 😃> <UC20> <Created by mvo5> <https://github.com/snapcore/snapd/pull/7819>	09:35
mvo	pedronis: thank you so much for the review of the uc20 booting spec!	09:35
mborzecki	morning	09:43
pstolowski	hey mborzecki	09:44
mvo	hey mborzecki	09:51
pstolowski	pedronis: reviewing your plug/slot name cstrs	09:52
pedronis	pstolowski: thx, I asked a question in the is-connected one	09:55
pstolowski	ty	09:55
mborzecki	heh, switching to OneTab is kind of difficult, i don't feel this workflow yet	10:13
pstolowski	mborzecki: it's a pitty firefox dropped the tab groups feature, it was cool	10:17
mborzecki	pstolowski: not the only useful thing they dropped (or are dropping)	10:18
mborzecki	iirc scratchpad is next to go	10:18
mborzecki	as mus as i dislike js scratchpad was kind of useful to testing stuff out	10:19
zyga	hey mborzecki	10:20
* zyga is back now		10:20
zyga	but feeling so so still	10:20
=== pedronis_ is now known as pedronis
pstolowski	pedronis: updated #7771	10:41
mup	PR #7771: o/hookstate/ctlcmd: snapctl is-connected command <Needs Samuele review> <Created by stolowski> <https://github.com/snapcore/snapd/pull/7771>	10:41
pedronis	pstolowski: mmh, did you try it?	10:44
pstolowski	pedronis: i've run the spread test	10:45
pstolowski	pedronis: why?	10:45
pedronis	I'm confused by our code then	10:45
ondra	zyga hey	10:48
zyga	hey	10:48
zyga	I just wanted to ensure you know that to use the fix you need to enable the experimental option	10:48
ondra	zyga sorry I was out yesterday, still something I can help today?	10:48
zyga	and that the gadget will enable it	10:48
zyga	no worries :)	10:48
ondra	zyga for refresh bug?	10:49
zyga	yes	10:49
ondra	zyga what is config option, so I can make sure it's in our gadget	10:49
zyga	ondra: it's exactly the same one as was given in all the bug reports	10:50
ondra	zyga cool, let me check	10:50
zyga	snap set core experimental.robust-mount-namespace-updates=true	10:50
pstolowski	pedronis: my bad, the error is actually "error: error running snapctl: plug is not connected" (i misread the output)	10:53
pstolowski	pedronis: that's a byproduct of our error propagation	10:53
pstolowski	pedronis: was that the confusing bit?	10:54
pedronis	pstolowski: yes	10:55
pedronis	pstolowski: I think we need to decide what to do, that's kind of a not great error for this	10:55
pedronis	also the double error... : is bad in general	10:56
mup	PR snapd#7816 closed: release: 2.42.4 <Simple 😃> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/7816>	10:57
pstolowski	pedronis: true. slightly annoying is the fact that the only way for reporting non-zero status from this corner of the code is via non-empty error message	10:57
pedronis	pstolowski: I don't think that's true	10:58
pedronis	pstolowski: anyway, let me think a bit	10:58
zyga	ok, only one more thing to write	11:01
=== ricab_ is now known as ricab
pstolowski	pedronis: ok, looking at api - runSnapctl we could special case this like we do for ForbiddenCommandError; on the client we always append "error: ", that way we would have "error: plug is not connected"	11:04
mup	PR snapd#7820 opened: [RFC] boot: add boot.Modeenv.Kernel support <UC20> <Created by mvo5> <https://github.com/snapcore/snapd/pull/7820>	11:07
pedronis	mvo: ^ we need to discuss this, is unexpected	11:08
mvo	pedronis: yeah, happy to - this is why its RFC :) I'm pondering how to link from the static kernel.img back to the right kernel snap that needs to get mounted in initramfs	11:09
mup	PR snapd#7706 closed: overlord/snapstate: install task edges <Preseeding 🍞> <Created by stolowski> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/7706>	11:09
mvo	pedronis: that's the reaosn for this PR but I'm probably missing something	11:09
=== ricab_ is now known as ricab
mvo	pedronis: happy to chat (here or HO) in a bit, just need a short break	11:11
pedronis	mvo: I need to have lunch	11:11
zyga	tracking is now tested to work across all systems except 14.04	11:14
zyga	need to rewrite snap-run patch not to shell out to busctl	11:14
zyga	then it will work faster and on all of them	11:14
zyga	whee	11:15
mborzecki	zyga: does it work on centos/amazon too?	11:15
zyga	yes	11:16
mborzecki	cool	11:16
zyga	https://github.com/snapcore/snapd/compare/master...zyga:feature/sub-cg-wip-v2?expand=1	11:16
=== ricab_ is now known as ricab
zyga	mborzecki: early review welcome	11:17
zyga	mborzecki: I need to move some things to sandbox/	11:17
zyga	mborzecki: and add more tests as indicated by TODOs	11:17
pedronis	pstolowski: I made some initial suggestions	11:38
pstolowski	pedronis: ty	11:39
mborzecki	pstolowski: rebased by old branch about parallel seccomp profile compiles since we now know that it takes much longer to execute https://paste.ubuntu.com/p/NwxKtFtSJQ/	11:43
pstolowski	mborzecki: great, thanks	11:43
Chipaca	i so want to throw away all stringy channels and replace them with a type	11:47
zyga	Chipaca: \o/	11:48
zyga	yay for types	11:48
pedronis	Chipaca: we have a type, no, snap/channel.Channel ?	11:49
Chipaca	pedronis: yes, but most of the time we pass around strings	11:49
pedronis	well, because the type came later	11:49
pedronis	also we have risk only vs full	11:50
pedronis	also some channels come from assertions these days	11:50
Chipaca	pedronis: risk vs full, imho, is an argument for structured, not against	11:53
pedronis	Chipaca: we started in a world where channels were opaque to us, we cannot live there anymore sadly	11:54
pedronis	Chipaca: do you have a sense of how big a change it would be ?	11:55
pedronis	(I fear too big for right now, but maybe I'm wrong)	11:55
Chipaca	rather big, especially in tests	11:55
zyga	re	12:09
zyga	coffee is badly needed	12:09
mup	PR snapd#7818 closed: cmd/snap-bootstrap: write /var/lib/snapd/modeenv to the right place <Simple 😃> <UC20> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/7818>	12:34
mup	PR snapd#7819 closed: boot: add boot.Modeenv.Base support <Simple 😃> <UC20> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/7819>	12:34
zyga	eh	13:02
zyga	d-feet hangs when you pick systemd1 on session bus	13:02
zyga	ah, actually it's just very slow	13:03
zyga	but it works	13:03
mup	PR snapd#7821 opened: interfces/seccomp: parallelize secomp backend setup <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/7821>	13:15
pedronis	mborzecki: ^ I asked a question there	13:23
mborzecki	pedronis: cpu bound, but the compilation is single threaded	13:24
pedronis	mborzecki: do we want really to spawn that many processes on low end devices?	13:25
mborzecki	pedronis: we could as go about NumCPU(), but not i wanted to get a feeling whether anything breaks right away	13:25
pedronis	mborzecki: yes, I think we should use NumCPU() somehow	13:25
pedronis	mborzecki: it wasn't clear it's a draft	13:26
mborzecki	pedronis: ah, let me add [RFC] in the title	13:26
sdhd-sascha	is there a working weston snap ?	13:39
pedronis	Chipaca: can you explain the stack of failing spread tests? pstolowski had that landed at some point and we reverted it, so I think the spread tests were passing	13:46
=== ricab is now known as ricab\|bbl
pedronis	Chipaca: I mean this: https://github.com/snapcore/snapd/pull/7373	13:48
mup	PR #7373: overlord/snapstate: revert track-risk behavior change and validation on install <Needs Samuele review> <Created by stolowski> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/7373>	13:48
Chipaca	pedronis: yes	13:48
Chipaca	pedronis: i assume it's because of the other changes in this area	13:49
pedronis	but master is green	13:49
Chipaca	...?	13:49
pedronis	I mean I don't understand why the semantics change would now cause a cascade of spread failure	13:50
pedronis	when it didn't originally	13:50
Chipaca	ah	13:50
Chipaca	well, because we were over-normalising channels	13:50
Chipaca	and testing for that	13:50
Chipaca	so stable would become latest/stable before snapstate got to see it	13:51
pedronis	?	13:51
mup	PR snapd#7806 closed: tests/lib/prepare: drop workarounds for rpmbuild rewriting /bin/sh <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/7806>	13:52
pedronis	the changes were all in snapstate in pawel PR	13:52
pedronis	I'm still missing something	13:52
Chipaca	pedronis: was pawel's change sufficient to effect the behaviour change we wanted	13:52
Chipaca	pedronis: because testing locally, with master today, it would not have been	13:53
Chipaca	in particular cnd/snap's setChannelFromCommandline sets channel to the parsed short name	13:53
Chipaca	so there an explicit latest/ would be lost	13:53
Chipaca	and then daemon's snapRevisionOptions's validate would set channel to the parsed channel's name	13:54
Chipaca	so, again	13:54
pedronis	Chipaca: this is pawel main PR: https://github.com/snapcore/snapd/pull/7199	13:54
mup	PR #7199: overlord/snapstate: keep current track if only risk is specified <Created by stolowski> <Merged by chipaca> <https://github.com/snapcore/snapd/pull/7199>	13:54
pedronis	notice that I didn't review it	13:54
mborzecki	pstolowski: btw. didn't snap debug timings show the sum of doing-time at some point?	13:54
mborzecki	pstolowski: had to resort to some jq trickery :/	13:56
pstolowski	mborzecki: heh. no	13:56
Chipaca	pedronis: I did, and the change is necessary but not sufficient with today's master	13:57
Chipaca	pedronis: but, note both those things that over-normalize might be newer than pawel's pr	13:57
pedronis	Chipaca: yea, I woudl try to fix cmd/snap to stop changing latest/foo	13:58
pedronis	we don't want that anyway	13:58
pedronis	for default tracks	13:58
pedronis	Chipaca: it should try to pass as much as possible what the user gave	13:58
Chipaca	I know	13:59
pedronis	Chipaca: seems like a good separate PR	14:00
Chipaca	hmm	14:01
Chipaca	pedronis: i could make a separate pr from both un-over-normalisation changes	14:01
Chipaca	i'll do that	14:01
pedronis	but I missed something when I reviewed, I though we would use full only if errors	14:01
pedronis	ah	14:02
pedronis	I see	14:02
pedronis	the joy of ParseChannel vs Verbatim	14:02
pedronis	grumble	14:02
pstolowski	pedronis: standup?	14:03
pedronis	maybe	14:03
Chipaca	nice, half my system froze	14:04
zyga-laptop	hmm	15:01
zyga-laptop	ok, I pushed an update to the draft	15:01
zyga-laptop	mborzecki do you have a moment to just go over it with me	15:02
zyga-laptop	mborzecki I'm looking for advice on what to move or change ahead of proper PR	15:02
zyga-laptop	just a quick look	15:02
* cachio lunch		15:02
mborzecki	zyga-laptop: sure	15:04
mborzecki	zyga-laptop: meet?	15:04
zyga	yep	15:04
zyga	https://meet.google.com/eyi-xjto-svg?authuser=1	15:04
* zyga EODs		15:21
Chipaca	pedronis: FWIW the under-over PR does not break the spread tests	15:39
Chipaca	pedronis: https://github.com/snapcore/snapd/compare/master...chipaca:under-over-normalise	15:39
pedronis	good, you mentioned also SetChannelFromCommandline ?	15:40
pedronis	is that a different thing	15:40
Chipaca	pedronis: that's the first chunk in that diff	15:41
pedronis	ah, sorry	15:42
pedronis	Chipaca: is that a good thing or a bad thing that the spread tests don't break?	15:44
Chipaca	pedronis: i'm going with 'bad'	15:44
=== ricab\|bbl is now known as ricab
pedronis	ok, same as me then	15:44
Chipaca	:)	15:44
pedronis	still not sure why the other change would break lots of spread test	15:44
pedronis	s	15:44
pedronis	sound some subtle thing gone awry	15:44
pedronis	mvo: anything I need to re-review still today? I was considering eoding soon	15:45
mvo	pedronis: should be fine, thank you	16:26
mup	PR snapd#7822 opened: devicestate: ensure system installation <UC20> <Created by cmatsuoka> <https://github.com/snapcore/snapd/pull/7822>	16:39
mup	PR snapd#7823 opened: snap-bootstrap: implement "run" mode in snap-bootstrap initramfs-mounts <UC20> <Created by mvo5> <https://github.com/snapcore/snapd/pull/7823>	16:55
kjackal	did we change anything recently in snapcraft? Builds are failing on travis with: An error occurred when trying to execute 'snap set system experimental.snapd-snap=true' with 'LXD': returned exit code 1.	16:59
kjackal	I build there with --use-lxd	16:59
mvo	cmatsuoka: reviewed your PR, super close! thanks for this	17:00
cmatsuoka	mvo: thanks for the review, fixing it now	17:01
mvo	cmatsuoka: I also marked the stuff that is done green in the gdoc	17:04
mvo	cmatsuoka: there is a lot of not-green stuff :/ oh well :)	17:04
sdhd-sascha	hi, does anybody know, where in the golang code inside of snapd (snap+d - deamon) the mount for the /etc/fonts directory happens ?	19:30
sdhd-sascha	i want to disable these mount. And have already removed all plugs.	19:30
sdhd-sascha	ogra: is this the right place for this question? because it needs go-lang programming knowledge. and knowlege of internals of snapd	19:32
mup	PR snapcraft#2827 opened: build providers: only set the snapd flag when installing snapd <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/2827>	19:39
sdhd-sascha	Or, how can the snap mounts be shown ? losetup and /run/mount/utab doesn't show /etc/fonts	19:56
sdhd-sascha	Ok, inside the snap, the mounts are visible. (snap run --shell <snap> ; mount ) I look for a way, from outside...	19:59
* cachio afk		19:59
sdhd-sascha	hmm, seems that starting a snap, forks into a new namespace, and the mounts are under /proc/<snap pid>/mounts	20:14
zyga	sdhd-sascha: hey	20:33
zyga	sdhd-sascha: I know some things about how snap runtime works	20:33
zyga	sdhd-sascha: please feel free to ask me any questions you may have	20:33
sdhd-sascha	:-)	20:33
sdhd-sascha	zyga: for me it's sometimes very awkward to ask some noob question, and then the next day or the next 10 minutes i found the answer :-o	20:34
sdhd-sascha	thank you ;-)	20:34
zyga	sdhd-sascha: I'm such a noob at many things	20:35
zyga	sdhd-sascha: please don't worry, ask away :)	20:35
zyga	sdhd-sascha: snapd uses mount namespaces	20:36
sdhd-sascha	i just found git:/snapd/snap/cmd/cmd_run.go ... now i want to find the place where the namespace (or others) are created, to have a look at the linux-api. So i can then read about the api to understand snapd better...	20:36
zyga	sdhd-sascha: and many mounts within per-snap mount namespaces	20:36
zyga	sdhd-sascha: look at cmd/snap-confine/	20:36
zyga	sdhd-sascha: that part is implemented in C	20:36
zyga	sdhd-sascha: there's a document that explains, though older, version of snap-confine	20:36
sdhd-sascha	zyga: great :-)	20:37
zyga	sdhd-sascha: as a super-simple overview each non-classic snap runs in a new mount namespace	20:37
sdhd-sascha	i read a lot about "seccomp". what does this "abbrev" stand for ?	20:37
zyga	sdhd-sascha: seccomp is a feature of the linux kernel	20:37
zyga	sdhd-sascha: you can read about it by in many places, man pages are a good start, but it's essentially a way to control which system calls a given program may use	20:38
sdhd-sascha	ah, ok	20:38
zyga	sdhd-sascha: snap-confine creates a new mount namespace	20:38
zyga	sdhd-sascha: which is essentially a new mount table that is no longer always identical to the one you see normally	20:39
zyga	sdhd-sascha: then it performs a number of operations to change that mount table	20:39
zyga	sdhd-sascha: one thing it does is perform a super-charged version of chroot, called pivot, to change what the snap sees as the root filesystem	20:39
zyga	sdhd-sascha: I can tell you all the details about that if you have specific questions	20:40
sdhd-sascha	zyga: understood ;-)	20:40
zyga	sdhd-sascha: snaps using classic confinement (those that need snap install --classic something to install) are somewhat different	20:40
zyga	sdhd-sascha: they also use a mount namespace but the mount table is very similar to the host mount table	20:40
zyga	sdhd-sascha: and it is set up in a way that shares changes, so things mounted in one place show up in the other (e.g. you mount a drive on the system and the snap would see it)	20:41
zyga	sdhd-sascha: snap-confine does a few more things but that's about it for the mount parts	20:41
zyga	sdhd-sascha: oh, such mount tables are "persisted" so multiple processes started independently see the same mount table if they belong to the same snap	20:41
sdhd-sascha	zyga: thank you again	20:42
sdhd-sascha	currently sway runs in "devmode", so i concentrate on that now	20:42
zyga	sdhd-sascha: devmode is a concept where the snap runs in a mount namespace but the confinement is not enforced	20:43
zyga	sdhd-sascha: so it can do operations that normally are not allowed	20:43
zyga	sdhd-sascha: or are only allowed if a specific interface is connected	20:43
zyga	sdhd-sascha: this involves system calls that can be used, files and sockets that can be accessed as well as DBus messages that can be sent or received	20:43
sdhd-sascha	from the past, i can remember, that with "fork" or a similar call, you can give a parameter which says, to e.g. share some file-descriptors with the child or leave it	20:44
zyga	sdhd-sascha: file descriptors are shared across fork	20:45
zyga	sdhd-sascha: but not always across exec	20:45
sdhd-sascha	some days later i surely know what api-call snapd uses and if it can set similiar inheritence options	20:45
zyga	sdhd-sascha: typically library code will set the equivalent of O_CLOEXEC on each file descriptor opened	20:45
zyga	sdhd-sascha: and only clear that for things that need to be explicitly passed to executed program	20:46
sdhd-sascha	zyga: it's many years ago, i read about linux-/unix-systemprogramming ;-)	20:46
zyga	sdhd-sascha: manual pages are a great place to start	20:47
zyga	sdhd-sascha: though they can be somewhat dense at first	20:47
zyga	sdhd-sascha: cross-referencing each other	20:47
zyga	sdhd-sascha: feel free to ask, I'm here most of the time	20:48
sdhd-sascha	you are right. I'm the guy who read source, then open for 3 seconds the manual ...	20:48
sdhd-sascha	zyga: "snap-confine", was a super hint. great :-)	20:49
zyga	sdhd-sascha: oh, I forgot to share that link	20:50
zyga	one sec	20:50
zyga	sdhd-sascha: https://forum.snapcraft.io/t/snapd-2-36-snap-confine-logic-walkthrough/7843	20:51
zyga	it's not super up-to-date with latest changes but it's very good no-code overview	20:51
sdhd-sascha	Good to know. Will read this maybe tomorrow. and try to delete the flock :-D	20:53
sdhd-sascha	============	20:53
sdhd-sascha	One thing: can i access the X11 socket from the host - without mount /etc/font/fonts.conf	20:54
zyga	sdhd-sascha: those are unrelated	20:55
zyga	sdhd-sascha: the X socket is, on some systems, an abstract unix socket	20:55
zyga	sdhd-sascha: so it's not a filesystem object, even though it has "path" like name	20:55
sdhd-sascha	yes, here it is unix	20:55
zyga	sdhd-sascha: on other systems it's a unix socket that is mounted in a location that is visible from the snap and from the host	20:55
zyga	sdhd-sascha: and given the x11 interface is connected, the application process will have rights to open and use it	20:56
zyga	sdhd-sascha: fonts are entirely unrelated	20:56
zyga	sdhd-sascha: not sure why you mentioned /etc/font/font.conf but there are a number of interfaces for desktop interaction, specifically "desktop" is one such generic and broad interface that provides useful desktop-y things like font support, sharing of fonts from the host and more	20:57
sdhd-sascha	interfaces/builtin/desktop.go:284: // Since /etc/fonts/fonts.conf in the snap mount ns is the same	20:58
sdhd-sascha	interfaces/builtin/desktop.go-285- // as on the host, we need to preserve the original directory	20:58
sdhd-sascha	zyga: i found only this, so i started to understand the namespaces.	20:58
sdhd-sascha	and now i want to find, the interface which mounts this thing	20:59
zyga	sdhd-sascha: that's "desktop"	20:59
sdhd-sascha	zyga: it don't want to mention you any longer. You was a great help. I will figure it out by myself.	21:00
zyga	sdhd-sascha: this is a place to start https://github.com/snapcore/snapd/blob/master/interfaces/builtin/desktop.go	21:01
zyga	snap interfaces provide "specifications"	21:01
zyga	to various parts of the sandbox setup	21:01
zyga	e.g. mount specification describes what to mount	21:01
zyga	apparmor specification describes apparmor-level permisions (that's part of the sandbox)	21:01
zyga	and so on	21:01
zyga	various parts of snapd understand that and implement the policy described by the specifications	21:02
sdhd-sascha	Have three more questions now:	21:04
sdhd-sascha	* which part/source parse and execute this specs?	21:04
sdhd-sascha	* what is the minimal way to clone an interface, modify it and register it into snapd.	21:04
sdhd-sascha	* Okay, this one, i can ask google... How set snapd into the most verbose debug mode.	21:04
sdhd-sascha	zyga: sorry. if you don't have time. Than i can wait and looking around by myself for today	21:06
zyga	sdhd-sascha: it's all internally done by snapd	21:07
zyga	sdhd-sascha: snapd passes each spec to a "backend" of a given kind (e.g. apparmor backend in snapd)	21:07
zyga	sdhd-sascha: then the backend does some processing on all the specs combined (spec is for a specific interface, snaps may have many) and applies that in the system	21:08
zyga	sdhd-sascha: all interfaces are declared inside snapd, so you'd have to create a new file in interfaces/builtin and define stuff there, the magic happens when the interface is registered, e.g. here: https://github.com/snapcore/snapd/blob/master/interfaces/builtin/desktop.go#L293	21:09
zyga	sdhd-sascha: you can set SNAPD_DEBUG=7 or SNAP_DEBUG=7 (I always forget which)	21:09
zyga	but but but	21:09
zyga	be careful :)	21:09
zyga	because snapd re-executes itself	21:09
zyga	so you will not run your own code changes most of the time	21:09
zyga	you can disable that by setting and exporting SNAP_REEXEC=0	21:09
zyga	you can then define a new interface, even a dummy empty one	21:09
zyga	and see that "snap interface --all" reports it	21:10
sdhd-sascha	allright ;-)	21:10
zyga	sdhd-sascha: there are lots of merged pull requests that show how an interface looks like	21:10
zyga	sdhd-sascha: and what needs changing to add one	21:11
zyga	sdhd-sascha: apart from adding the new .go file in the right spot there are a few small changes elsewhere	21:11
zyga	sdhd-sascha: but that's not something you will need soon	21:11
zyga	sdhd-sascha: some things are related to the so-called default policy and some more with integration tests	21:11
sdhd-sascha	there are enough interfaces. i compare these, then i will see what is possible with interfaces...	21:11
sdhd-sascha	you mean, desktop_test.go ?	21:12
sdhd-sascha	e.g.	21:12
zyga	no, those are unit tests	21:12
zyga	integration tests are in tests/main/ in the top-level	21:12
zyga	there are lots of those but there's one specific one that checks each interface type	21:13
zyga	and it requires small change each time a new interface is defined	21:13
sdhd-sascha	normally, i will found them	21:13
sdhd-sascha	i always start with grep'ping the template interface. and look where it's name is used	21:14
sdhd-sascha	usally i would take a interface with a random name, so i could find all places faster	21:15
zyga	if there's something specific you'd like an interface to allow an app to do you can ask on the forum	21:15
zyga	or ask here now	21:15
sdhd-sascha	thanks :-)	21:16
sdhd-sascha	Compliments to all Snapd developers, the source looks clean and structed!	21:18
zyga	it's not all rosy but we do our best to keep it tidy :)	21:19
mup	PR snapd#7810 closed: devicestate: add reading of modeenv to uc20 firstboot code <UC20> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/7810>	21:20
zyga	and my colleague is still working	21:20
sdhd-sascha	:-)	21:21
sdhd-sascha	how many core developer are in the snapd team ? In my past, i was mostly a one-man team :-( There was often no time to cleanup, or rewrite the code	21:22
* cachio afk		21:23
zyga	sdhd-sascha: ten-ish	21:25
zyga	sdhd-sascha: though it's not all the same, we specialize and some members have different roles	21:25
sdhd-sascha	oh, i am too exhausted for today. I will be there tomorrow	21:27
zyga	good luck, stick around :)	21:27
sdhd-sascha	:-)	21:27
sdhd-sascha	i will. makes fun	21:28
sdhd-sascha	hope i can soon adapt the code from alan_g and start another snap from wayland	21:29
sdhd-sascha	;-)	21:29
sdhd-sascha	in some days, i will maybe have another question: How to start a console-command from another snap ? Because of the termite snap https://snapcraft.io/termite	21:31
zyga	sdhd-sascha: can you be more specific?	21:41
zyga	do you want to run one snap from another snap?	21:41
zyga	or something else	21:41
sdhd-sascha	alan has some repo with snapd in the mirServer repo	21:44
sdhd-sascha	there are some modifications to start a snap "B" from snap "A"	21:45
zyga	ah	21:45
zyga	yeah, I know that branch	21:45
zyga	it's not merged yet, I need to review it	21:46
sdhd-sascha	at first glance, it looks like it can only start other desktop-applicaionts	21:46
zyga	yes	21:46
sdhd-sascha	now, i wonder, if we have some terminal-snap (e.g. gnome-terminal)	21:46
zyga	starting arbitrary things is complicated	21:46
zyga	there are technical reasons why it doesn't work	21:47
sdhd-sascha	how could we launch "tig", "conjure-up" or other curses-application	21:47
zyga	it's late, come back tomorrow and I can explain, ok?	21:47
zyga	it _can_ be done	21:47
zyga	but one must accept the limitations of what the resulting process is	21:47
zyga	it won't be a descendant of the process requesting to launch it	21:48
sdhd-sascha	yes :-) i will ask in some days, if i understood the current solution	21:48
sdhd-sascha	another thought that I had,	21:49
sdhd-sascha	Is it possible to create a master-snap template, and embed other snap's inside of them ?	21:50
zyga	like a "fat" snap that has many snaps inside?	21:50
zyga	yes	21:50
sdhd-sascha	so anybody could create a snapcraft.yaml with, e.g. this desktop , this terminal, this app and combine them	21:50
zyga	but there are limitations, some permissions are special	21:50
sdhd-sascha	yes	21:50
zyga	and we don't grant them easily	21:50
zyga	only specific snaps can have powerful interfaces	21:51
zyga	because we trust those publishers	21:51
zyga	sometimes it's better to be interconnected with interfaces	21:51
zyga	than to bundle and ask for the same interfaces that the originals had	21:51
sdhd-sascha	But could there be a master-namespace ... and each embedded part of the snap, has an sub-ns ?	21:51
zyga	it's not a namespace thing	21:51
zyga	namespaces are one aspect	21:51
zyga	it's really late, let's carry on tomorrow please	21:52
sdhd-sascha	yes, it's late	21:52
zyga	e.g. seccomp cannot be removed	21:52
zyga	or lessend	21:52
zyga	it can only be constrained	21:52
zyga	think about that	21:52
sdhd-sascha	And it's better to talk about it, when i have learned this in more depth	21:52
zyga	if you cannot use syscall X because of a seccomp profile	21:52
zyga	you cannot remove that constraint from a process, or its children	21:52
zyga	this complicates things that involve one snap launching another snap	21:53
zyga	(that constraint is enforced by the kernel)	21:53
sdhd-sascha	good night ;-)	21:53
Chipaca	sdhd-sascha: without reading the _whole_ backlog, about just executing arbitrary things, note https://forum.snapcraft.io/t/how-to-confine-a-desktop-shell/6561	23:10
Chipaca	sdhd-sascha: and there are newer forum topics continuing this subject but i can't find them right now probably because it's late:)	23:11
Chipaca	sdhd-sascha: https://forum.snapcraft.io/t/how-to-confine-a-desktop-shell/6561	23:11
Chipaca	wait that's the same one	23:11
Chipaca	ok i'm officially eod	23:12

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!