/srv/irclogs.ubuntu.com/2019/12/02/#snappy.txt

mborzeckimorning06:38
zygagood morning07:21
mborzeckizyga:  hey07:26
zyga:-)07:26
zygaany crazy purchases?07:26
* zyga starts the day with reviews07:27
mborzeckizyga: nope, not falling for the black friday bs with fake discounts around here07:35
zygamborzecki: I got a real discount, I think07:35
zygamborzecki: got a monitor at 2/3 the price (and I did check regular price as well as manufacturer recommended retail price007:36
mborzeckizyga: what display did you buy?07:36
zygasamsung space 27" 144Hz VA 2K panel07:36
mborzeckizyga: nice07:40
pstolowskimorning08:01
zygahey pstolowski08:04
zygapstolowski: do you have that dock already?08:04
zygamborzecki: https://github.com/snapcore/snapd/pull/7824#pullrequestreview-32489068808:04
mupPR #7824: snap/squashfs, osutil: verify files/dirs can be accessed by mksquashfs when building a snap <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/7824>08:04
pstolowskizyga: no, should arrive around Wed08:05
mborzeckizyga: thanks for the review08:08
mborzeckipstolowski: hey08:08
zygaModeenv08:29
zygawhy not ModeEnv08:29
zygabrb08:34
sdhd-saschahi, good morning08:40
* zyga turned up heating09:04
zygaI have 15C in the office now09:04
mborzeckizyga: it's late atumn after all09:13
zygaand09:16
zygathe office has poor insulation :)09:17
zygathinner walls, cold garage below09:17
zygaI would love to make it better one day, even if I have to insulate the celling downstairs09:17
mborzeckizyga: heh walk() does not follow symlinks, filepath.Walk("/snap/core/current"..), works differently that filepath.Walk("/snap/core/current/")09:18
zygayeah :)09:18
zygabut it's just the outer initial symlink that matters to us09:18
zygawe don't want to follow symlinks inside, right?09:18
tomwardillhi, store team here. Store is currently down, it's being looked at.09:20
* zyga hugs tomwardill 09:20
zygathank you and good luck09:20
* tomwardill is mostly drinking coffee and watching people far more competent than I am, but I'll pass the sentiments on :)09:20
mborzeckizyga: anyways, refactored to use walk now, before i readdin'ing manually in order to faccessat, since that doesn't work bc of osx, might as well just use walk09:21
zygamborzecki: macos has some innovation in the case of fstat-like functions09:21
zygamborzecki: as well as in the case of "readdir" like functions09:22
zygaso the old syscalls are gone now09:22
zygamborzecki: fstat has been replaced by something that is like statx but x10 more complex with lots of extra features and things one can ask about09:22
zygamborzecki: and readdir is more like "search" now09:22
Chipacatomwardill: from here it looked like a lot more than just the store was down :)09:22
zygamborzecki: I think there's still the old readdir but it's deprecated and returns a subset of data now09:22
tomwardillChipaca: PS4.5 is out09:23
zygaoouch!09:23
Chipacatomwardill: is the internal irc on that?09:23
tomwardillyes09:23
Chipacaah, nice09:23
tomwardillor at least, behind the same switch09:23
Chipacaah09:23
tomwardillirc has just come back for me btw09:23
zygawill PS5 run on a xmas-lot of playstation 5 boxes? :)09:23
Chipacai thought it ran on a 486 unde elmo's desk :-p09:23
zyganow powering AI/ML workloads ;)09:23
zygahaha09:24
mborzeckiupdated #782409:28
mupPR #7824: snap/squashfs, osutil: verify files/dirs can be accessed by mksquashfs when building a snap <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/7824>09:28
Chipacamborzecki: why not do those checks from snap/pack's loadAndValidate?09:31
Chipacamborzecki: as part of ValidateContainer for ex09:32
Chipacamborzecki: that way you still get the error in 'snap pack', but snapcraft gets to warn about it early09:33
mborzeckiChipaca: because it may be intentional to have the path set to 0000 or otherwise unreadable by the user09:33
mborzeckiChipaca: iirc that code checks that snap own meta and files are accessible09:33
mborzeckis/accessible/present/09:33
zygamborzecki: do you want to check the return value of Walk itself?09:33
mborzeckizyga: heh, clearly need another coffee09:35
mborzeckiChipaca: what i mean is that, current uid being unable to pack the snap doesn't mean it's invalid09:37
zygamborzecki: one more question https://github.com/snapcore/snapd/pull/7824/files#r35249408409:37
mupPR #7824: snap/squashfs, osutil: verify files/dirs can be accessed by mksquashfs when building a snap <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/7824>09:37
Chipacamborzecki: right09:37
zygaChipaca: that's true but it also means the current uid won't be able to pack it :)09:37
zygaand that's worth checking09:37
zygamborzecki: added two comments and resuming other reviews09:38
zygabrb09:38
mborzeckizyga: i'm all for using a smarted syscall than access, but the only alternative is trying to open that location, checking permission bits is too simple09:41
zygamborzecki: but access is doing just permission check09:41
zygait doesn't do anything else, does it?09:42
zygaI guess we could just open and try, that's portable and reliable09:42
mborzeckiheh, so maybe we should just open09:42
abeatomorning! we are noticing that some times it takes a lot of time to get a snap installed due to snapd wanting random numbers and the rng not being initialized yet09:46
abeatowhich is the rationale for snapd needing random numbers when installing a snap¿09:46
abeato?09:46
zygaabeato: good morning, is this on a vm?09:46
zygaabeato: that's unclear, I cannot think of any09:46
abeatono, on real HW09:46
zygaabeato: we generate some random numbers for snap cookies09:47
zygaperhaps that's that09:47
abeatoon the Jetson Xavier, and on other devices on other prokects09:47
zygais there a hardware random number generator on the xavier?09:48
zygaI wonder if it's just snaps that are affected09:48
zygaor generally software waiting and waiting09:48
abeatothere is a trng, yes, but I think that due to a kernel bug the rng gets ~5 minutes to get initialized09:49
abeatoso, on one hand this is a kernel problem, but on the other hand I do not think it makes much sense that snapd has to block on urandom to be initialized09:50
abeatothe main issue is that we are seeing this on many deviced, not just one09:50
zygaabeato: right, I understand that09:50
zygaI think we investigated that once before09:50
zygabut it's lots of other parts of the stack that want entrop09:51
zyga*entropy09:51
zygaand us being super careful won't fix the general "it's stuck" feel09:51
zygaI think systemd is in the same boat09:51
zygawe don't depend on randomness in an unreasonable way, I think, we could do another analysis to check if anything new was added by accident09:51
abeatohm, well, systemd starts, not sure if there is much delay there09:52
abeatofor FDE you would get things blocked too, sure09:52
tomwardillstore update: most of the store should be back, SSO is still down10:03
sdhd-saschaWhat is the best way to strace/ltrace or debug an application inside a snap? Sway starts, Xwayland and Xwayland runs xkbcomp... And/Or does a wayland snap need X support ?10:27
zygasdhd-sascha: there's snap run --strace10:29
zygabut it's sometimes a little broken10:29
zygaand AFAIK we also have snap run --gdb10:29
zygaas for Xwayland -- I don't know10:30
sdhd-saschazyga: yes, i saw a file in the source with the name strace. But didn't have the time to inspect ... So it just ask10:30
sdhd-saschaWell, sway depends on dmenu for launching application. It's X11.10:31
sdhd-saschaThen the most GDK/GTK applications are not compiled with wayland or prefer X11.10:31
sdhd-saschaI read on a debian changelog, that there are problems with the clipboard between X11 and wayland. So they prefer to start the application as X, if available.10:32
sdhd-saschaNow i wonder, what the usecase of wayland inside a snap is. If kiosk with custom application, then no X11 is needed. But if it's a full desktop, then we need Xwayland support.10:33
sdhd-saschaWeston is very nice here. It does not depend on external Xwayland but has similar problems with xkbcomp currently10:33
zygaI'm sorry I just don't know enough about the desktop stack to give useful advice10:35
zygahttps://github.com/snapcore/snapd/pull/7129 needs a second review10:36
sdhd-saschazyga: it's ok. my opinion is, i will make it run. After that i need help to implement some plugs for common GUI-Frameworks10:36
zygait's very old by now10:36
mupPR #7129: userd: allow setting default-url-scheme-handler <Created by jwheare> <https://github.com/snapcore/snapd/pull/7129>10:36
zygamore reviews :)10:49
zygar-e-v-i-e-w-s :)10:56
mborzeckizyga: can you take a look at https://github.com/snapcore/snapd/pull/7743 ?11:10
mupPR #7743: snap-bootstrap: force partition table operations <Simple 😃> <UC20> <Created by cmatsuoka> <https://github.com/snapcore/snapd/pull/7743>11:10
zygasure, just a moment11:10
zygabrb11:10
zygareading a longer test11:19
zygaI should take a swap day11:19
zyganeed to burn it11:19
zygabefore xmas11:19
zygamborzecki: looking now11:40
zygamborzecki: hmm11:46
zygamborzecki: somewhat worried11:46
zygamborzecki: so the thing that we're operating on is mounted, right?11:46
zygabecause we've booted11:46
zygaand now we're changing partitions b11:46
zygaare all partitions that we are changing unmounted?11:46
mborzeckizyga: afaiu this ties into the uc20 setup process, i'm slightly concerned about it but i suppose it has been thought through11:49
zygaI'm concerned and not equally optimistic11:49
mborzeckizyga: heh, did you look through the spec?11:50
zygarapidly11:50
zygaI should read it again11:50
zygare12:30
zygahey cmatsuoka12:30
cmatsuokazyga: hi12:31
cmatsuokazyga: I'm also reading sfdisk.c12:31
cmatsuokazyga: it seems that we could use --no-reread instead of --force, and read the PT afterwards (which we already do)12:33
cmatsuokazyga: but if we could trigger the partition device node creation in a different way, then this second PT update wouldn't be necessary anymore12:34
cmatsuokazyga: I'm completely for understanding exactly what's happening there because I feel things are a bit out of control there12:35
zygawe are in agreement12:36
cmatsuokaso one unknown here is: why partx is necessary to trigger node creation for newly created partitions? sfdisk itself and blockdev --rereadpt won't do that12:37
zygacmatsuoka: I'm checking what --force does in practice12:41
zygaone thing is is doing is fdisk_device_is_used check gets ignored12:41
zygalet's see what that does12:41
cmatsuokazyga: yeah, I'm exactly there now12:42
zygahmm12:43
zygaone ioctl :)12:43
zygalet's see what that is12:43
cmatsuokazyga: it's a bit disturbing that all those utilities seem to use a certain amount of guesswork ("it seems that the kernel...", "I think this...", "I don't know why, but...")12:43
zygayeah12:43
zygalinux plumbing layer is full of traps12:44
zygait's not nice in many ways12:44
zyga(not that others are)12:44
zygaheh12:44
zygamanual pages are silent12:44
zygalooking at the kernel12:44
zygathat's the only relief12:44
zygaat the end of the day12:44
zygayou just read and know12:44
zygaI'm curious to know what is ABBA deadlock now12:47
cmatsuokahumm, I'll verify this, but I'm suspecting the node creation trigger happens with BLKPG but not with BLKRRPART12:47
zygain initramfs what is mounted on /dev?12:47
cmatsuokadevtmpfs I guess? not sure12:48
zygado you know what populates it?12:48
zygais it kernel itself or kernel + udev or udev from kernel events?12:49
cmatsuokaI don't know. I can check there but I'm not in bootable state right now12:49
cmatsuokaBut I think we must see that in the new initramfs xnox just built12:50
cmatsuokawhich may be different compared to the old ones12:51
cmatsuokaxnox: you there?12:51
zygareading the kernel12:54
zygaI start to see what happens12:54
cmatsuokazyga: the ABBA deadlock happens when two threads get two locks and then they try to get each other's locks12:55
cmatsuokaif I remember correctly12:55
zygaah12:55
zygaI see12:55
zygaI thought it's a weird abba reference12:55
zygait's just A B B A, as in thread names12:55
zyga:D12:55
cmatsuokaah yes, threads A and B :D12:56
cmatsuokazyga: hey wait wait, you said --force will skip the BLKRRPART ioctl?13:00
cmatsuoka(and then the partition table won't be updated anyway?)13:01
cmatsuokahm, not exactly, but it seems to me that the ioctl() call is always failing and --force is just masking that13:04
cmatsuokathat would explain everything except why the ioctl call fails13:05
zygayes13:05
zygaforce is igoring that13:05
zygathe ioctl always runs13:05
zygaI'm reading the kernel side to see when it fails13:06
zyga(I also have a cold, sorry for the frequent interrupts when I'm away)13:06
cmatsuokaso I think it's failing because seed is mounted, and --force just makes it ignore the fact that the ioctl failed13:06
cmatsuokaso --no-reread is more appropriate here, it seems13:07
zygawhat is the error we are getting in sfdisk again13:07
zygaoh boy13:08
cmatsuokazyga: this one: https://github.com/karelzak/util-linux/blob/master/disk-utils/sfdisk.c#L169613:08
zygait's only logged13:08
zygayeah but are we getting EINVAL, E...what?13:08
cmatsuokazyga: I don't know, I'll have to run it again to be sure13:09
zygathere's a way to get more output13:09
zygathere's a DBG macro13:09
zygajust need to figure out how to enable it13:09
mborzeckizyga: LIBFDISK_DEBUG=all ?13:13
zygathank you!13:13
cmatsuokaok, building an instrumented image13:17
zygacmatsuoka: this is an interesting page https://unix.stackexchange.com/questions/141476/forced-reread-of-partition-table-difference-between-blkrrpart-and-blkpg-ioctl13:18
cmatsuokazyga: we can check this in the kernel, but maybe BLKRRPART fails when partitions are mounted and BLKPG doesn't?13:19
zygayeah13:20
zygaI think so13:20
cmatsuokaso partx and possibly partprobe would work while sfdisk and blockdev fail13:20
cmatsuokathat would explain everything13:20
cmatsuokazyga: https://pasteboard.co/IJonVQV.png13:39
zygathanks!13:39
zygaEBUSY13:40
cmatsuokayep13:40
zygajust three places where that is returned13:40
zygalooking13:40
zygaor just a few13:41
zygacmatsuoka: when we partition the disk, what's the state of the existing partitions13:56
zygacmatsuoka: is the disk largely unpartitioned13:57
zygacmatsuoka: and we append?13:57
zygaI read the code and I think the change is "safe"13:57
cmatsuokazyga: we have the system-seed partition there, which is also our boot partition13:57
zygain this sense13:57
zygabrb, see you at the standup13:57
sdhd-saschahey, sorry for this "noob" question. But where is the XDG_RUNTIME_DIR set on login ? I grep'ed the whole /etc. Took a look at /etc/pam.d/.14:07
sdhd-saschaI wonder why it was set on "ssh" and "ttyX", but not on "sudo su"14:07
Chipacacmatsuoka: https://www.youtube.com/watch?v=ytWz0qVvBZ014:08
sdhd-saschaoh, i think it's inside systemd14:09
zygasdhd-sascha: it's complex14:12
zygasdhd-sascha: it's set by pam AFAIK but I don't know enough to tell you and point to a file where this happens14:12
cmatsuokaChipaca: :D14:12
sdhd-saschazyga: currently i only need to trigger the environment, so i can call "weston-launch" as root14:13
sdhd-saschai could also set it manually..14:13
sdhd-saschazyga: maybe i should look, howto increase the logging level of systemd ;-)14:15
mborzeckizyga: cmatsuoka: imo that delay is needed because partitions would show up/go away asynchronously14:23
zygayeah14:24
zygait's an event14:24
zygawe could instead look for them on disk14:24
zygathat would be less racy14:24
zygaif we know we expect /dev/xxx214:24
mborzeckizyga: cmatsuoka: and then udev is another async bit that should get some extra delay if you want to use /dev/disk/by-{name,label,uuid}..14:24
zygaChipaca: https://www.youtube.com/watch?v=dHoCeqlU2g8 (though it's mostly in Polish)14:25
zygabut it's fun ;)14:25
cmatsuokamborzecki, zyga: yeah, I remember this node creation race that crashed the kernel back in the spike days14:25
zygaChipaca: skip to 1;3014:26
=== ricab is now known as ricab|lunch
zygacmatsuoka: https://github.com/snapcore/snapd/pull/7743#issuecomment-56042046214:31
mupPR #7743: snap-bootstrap: force partition table operations <UC20> <Created by cmatsuoka> <https://github.com/snapcore/snapd/pull/7743>14:31
cmatsuokaChipaca: bah, no Diggy Diggy Hole t-shirts for me14:31
cmatsuokaChipaca: hmm, maybe the 12-14 years size could fit?14:31
Chipacacmatsuoka: the t-shirt link is a 404 from here so count yourself lucky (?)14:33
cmatsuokaChipaca: if you go to the store main page and search from there you'll find a kids size t-shirt14:34
Chipacacmatsuoka: i'm so sorry14:34
* cmatsuoka sings Down and down into the deep, who knows what we'll find beneath?14:34
* Chipaca updates cmatsuoka's race card to 'dwarf'14:36
cmatsuokaactually there's one in the video that looks a lot like our friend zygmunt14:37
zygacmatsuoka: is my comment sensible?14:42
zygacmatsuoka: note, alternatively --no-reread is okay as well, as it has the equivalent effect14:43
mborzeckioff to pick up the kids14:43
cmatsuokazyga: I think --no-reread would be a more conservative approach because it has a well-defined meaning and maybe what --force does could change in future versions of the utility. In practice, now, both would have the same effect14:45
zygaI agree14:45
cmatsuokaOk, I'll prepare a patch with --no-reread and update the comments14:45
zygaThanks!14:46
cmatsuokathank you zyga for digging into this14:46
zygamborzecki: thanks for looking at --explain,14:47
zygamborzecki: the marker, did you mean to use some kind prefix for each line14:48
zygamborzecki: or something else?14:48
cmatsuokaChipaca: https://www.youtube.com/watch?v=34CZjsEI1yU14:48
=== alan_g_ is now known as alan_g
* zyga switches gears to https://github.com/snapcore/snapd/pull/781514:53
mupPR #7815: tests: reduce the complexity of the test-snapd-sh snap <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/7815>14:53
zygacachio: I pushed a small tweak there15:04
cachiozyga, thanks15:05
cachioI'll take a look to that PR15:05
sdhd-saschaChipaca: :-D15:09
* cachio lunch15:10
Chipacacmatsuoka: mucho bettero15:10
cachiopstolowski, the hotplug test is failing here https://paste.ubuntu.com/p/VbRsMH3Sjx/15:12
cachiopstolowski, not sure it is related to any change15:12
cachiodone recently15:13
cachiobut if fails twice and I can reproduce it15:13
* ijohnson is all caught up on emails/backlog15:14
pstolowskicachio: weird, we haven't touched anything there. full log?15:14
ijohnsonzyga: shall I review https://github.com/snapcore/snapd/pull/7825 ? looks like it's ready for review?15:14
mupPR #7825: many: use transient scope for tracking apps and hooks <Created by zyga> <https://github.com/snapcore/snapd/pull/7825>15:15
cachiopstolowski, https://paste.ubuntu.com/p/fwm2MhW6bs/15:16
cachiopstolowski, the log is huge15:16
cachiopstolowski, it appears /dev/ttyUSB0 rwk,15:17
zygadinner is coming up, everyone's home now15:17
cachioand we are trying to match "/dev/ttyUSB0 rw,"15:17
zygacachio: I need to read only a small chunk of the diff before finishing my review but it's the most important one15:17
zygaI'll finish today for sure15:17
cachiozyga, thanks15:17
pstolowskicachio: aah, maybe we landed "+k" change, that would explain it15:18
pstolowskicachio: we planned to change serial port permissions15:18
cachiopstolowski, ahh15:21
cachioso  we should update the test in that case right?15:21
cachiopstolowski, I can do it after lunch15:22
cachiopstolowski, does it make sense?15:22
* cachio lunch again15:26
=== ricab|lunch is now known as ricab
jdstrandijohnson: hey, you asked about '... (i.e. seccomp) and non-root owned "/"'15:34
ijohnsongood morning jdstrand :-)15:34
ijohnsonyes I did ask about that15:34
ijohnsondo you want me to re-ask?15:35
jdstrandijohnson: I see the question. you asked if I had time to chat. I didn't then but can now. what is up?>15:35
ijohnsonah right sorry I have forgotten what I sent15:35
ijohnsonlet me find the forum page for the full context15:36
ijohnsonso here someone is trying to use snaps on azure pipelines: https://forum.snapcraft.io/t/permissions-problem-using-snapcraft-in-azure-pipelines/1325815:36
jdstrandijohnson: ok, I am going through irc backscroll first and not caaught up on email yet15:36
ijohnsonjdstrand: what's weird is that on azure pipelines, "/" is not root-owned, and so snap-confine refuses to run15:36
ijohnsonjdstrand: and looking through git history it seems that the reason snap-confine does the check for "/" and all elements of the path down to where we have seccomp compiled programs being root owned is to protect against someone putting bad bpf programs there and doing an escalation attack15:38
ijohnsonjdstrand: so my question is if we can do anything about this case to loosen that requirement or enable some kind of flag to allow running snaps on azure pipelines like this15:39
jdstrandijohnson: I've read the topic and you are right in why we are doing that. we are doing that for security reasons. I can't think of a legitimate reason why / is not owned by root.15:39
ijohnsonyeah it's weird, but it does seem like a deliberate action, it doesn't seem like something someone would do on accident15:40
jdstrandijohnson: I would like to understand why that is a legitimate use case. usually, there is a coding error somewhere in a maintainer script type thing that accidentally chowns /15:40
jdstrandijohnson: chown vsts $TPYO/15:41
jdstrandijohnson: there have been USNs to fix CVEs in deb packaging for this type of thing15:41
ijohnsonah yes I could see that happening15:41
ijohnsonlet me see if I can find a place we could file an issue to get more context from azure15:42
zygajdstrand: it would be so funny if that was the case15:42
zygajdstrand: "Q: can you fix your software not to check / owner"15:43
zygajdstrand: "A: can you apply this patch not to chown / from maintainer script"15:43
zyga;)15:43
pstolowskicachio: yes, thank you15:43
jdstrandzyga: yeah. well, ufw I think was the first thing to do this checking in Ubuntu anyway, and it found a CVE in hplip :)15:43
zygajdstrand: haha15:44
zygajdstrand: so it *is* good that we ask for root password to install that printer ;)15:44
pstolowskicachio: i've just verified, we now have "rwk" on serial port15:44
jdstrandzyga: people said: "jdstrand> your check is too strict. please fix". I was like, uhm, why does hplip own /? You realize it can now change anything underneath it, right?15:45
mborzeckizyga: i think something like `<< snap explain start >>\n`, `<< snap explain end >>\n` would be enough15:45
jdstrandzyga: heh15:45
zygamborzecki: that was not part of the initial design but I'll play with it15:45
zygait's an experiment after all :)15:45
mborzeckizyga: iirc kernel has some ------[ cut here ] ------------- markers for backtraces15:45
zygamborzecki: ah, I se15:45
zygait would be just printed twice15:45
zygathat's nice15:45
zygaI'm semi-afk15:46
mborzeckizyga: otherwise my feeling is that the output of the actual app and the one from explain could be easily confused15:46
zygaLucy is roaming around the office15:46
ijohnsonjdstrand: zyga: well I tried looking and without an azure account the best they can do to talk to us is to ask on the stack exchange :-/15:46
jdstrandijohnson: https://forum.snapcraft.io/t/permissions-problem-using-snapcraft-in-azure-pipelines/13258/1315:56
jdstrandijohnson: I suspect one of the people asking for the change can use that when filing a bug with their azure account15:58
ijohnsonjdstrand: ack yes that sounds fine, I did also ask on their stack exchange about it fwiw15:59
jdstrandcool, thanks16:00
ijohnsonthanks jdstrand!16:00
* Chipaca afk16:36
jdstrandogra: thanks for the response re usb drive. I don't mind an sd card and am happy to do that, but it feels more correct to be able to boot off the usb directly. if that requires a blob from someone I don't know though, I prefer the approach you outlined :)16:40
zygare17:32
cachiogit push17:33
zygagit-clippy: where do you want to push today17:34
pstolowski:)17:35
mupPR snapd#7827 opened: tests: apply change on permissions to serial port on hotplug test <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/7827>17:36
pstolowski+117:37
cachiothanks17:37
pstolowskizyga: ^ can you look at it as well, trivial test update17:38
cachioI am going to the dentist now17:38
zygayeah17:38
cachioI'll be back in 40 minutes17:38
sergiusensjdstrand: hey,maybe consider escaping the _ on https://forum.snapcraft.io/t/mpris-name-for-media-player-snap/14371/717:38
cachiopstolowski, I'll try to merge it today17:38
pstolowskiijohnson was faster :)17:38
ijohnson:-)17:38
cachioijohnson, pstolowski thanks guys17:38
zygapstolowski: what happened that the permissions changed?17:39
ijohnsonzyga: folks want to lock the serial-port, there are various forum topics about this17:39
pstolowskizyga: apparmor (kernel?) change at some point, jdstrand updated serial-port to grant locking permission as it was missing know, was implicit before17:39
* ijohnson goes to look17:40
zygaaha17:40
pstolowskis/know/now/17:40
zygakernel side changed or our side changed?17:40
zygathe patch looks good , I'm just wondering why it wasn't checked earlier and caused something to fail17:40
pstolowskizyga: afair it was an apparmor or kernel bug17:41
pstolowskizyga: but not ours17:41
zygapstolowski: but do you know if "our" side has changed?17:41
zygabecause it is clearly measuring snapd files17:41
zygaso it must have come from snapd patch17:41
zygaso ... why didn't this change happen in sync then?17:41
pstolowskizyga: yes, we added +k to serial.port.go17:41
ijohnsonsee https://forum.snapcraft.io/t/hotplug-doesnt-allow-access-like-a-gadget-slot-does/1409017:41
zygawas the test not executed?17:42
pstolowskizyga: because this spread test is run only on demand (nested execution)17:42
zygaah17:42
zygathat was the thing I was after17:42
ijohnsonzyga: the PR jdstrand submitted changing the policy is https://github.com/snapcore/snapd/pull/777917:42
mupPR #7779: interfaces: misc updates for u2f-devices, browser-support, hardware-observe, et al <Created by jdstrand> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/7779>17:42
zygaapproved17:42
zygathanks!17:42
ijohnsonhey zyga, I'm reviewing 7825, and am I right in thinking we have a race condition between when we unlock the lock in genericRefreshCheck() and when we check `if PIDs := knownPids[app.SecurityTag()]; len(PIDs) > 0 {` ?17:44
* zyga looks17:44
ijohnsoni.e. a snap process could launch in between those two things and knownPids would miss it17:44
ijohnsonerr s/miss/not contain/17:44
zygahttps://github.com/snapcore/snapd/pull/7825/files#diff-6eeb1fdef37cbd9f8f731642102858e1R5917:46
mupPR #7825: many: use transient scope for tracking apps and hooks <Created by zyga> <https://github.com/snapcore/snapd/pull/7825>17:46
zygaif I understand your question correctly the answer is "yes" and also "but that's by design"17:47
mupPR snapcraft#2823 closed: xattrs: switch to python's os package for reading/writing xattrs <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2823>17:47
zygawe don't want to have precise information about which pid is or is not in that group17:47
zygait's not that interesting really17:47
zygawe're only interested in the fact that a given security tag had a non-empty list17:47
ijohnsonzyga: right, I understand we don't really care about individual pids, we just want to know if the set of pids is empty or not. what I'm concerned about is if we unlock that lock after computing the set, a new snap process could launch while we are doing other things in that genericRefreshCheck() function that we wouldn't have allowed to launch if we held the lock longer17:49
ijohnsonperhaps I'm being confused about which lock is being held there17:49
zygayes, that's entirely possible and correct17:50
zygait's unprotected at this time17:50
ijohnsonbut don't we not want that to happen?17:50
zygathere's going to be a new lock that is not a part of this PR17:50
zygait will prevent that from happening17:50
zygabut it's not the current lock17:51
zygawhere the "current" lock can only be held very very briefly17:51
zygathe new inhibit lock will actively stall startup and can be held during long operations (e.g. snap refresh downloads)17:51
ijohnsonokay, if this is a known limitation we plan to resolve later and is effectively not worse than the current behavior then that's fine17:51
zygathat's correct, the current behavior is identically weak17:51
zygait's making a point-in-time decision17:51
ijohnsonit just seemed to me like we are releasing the lock sooner so we are introducing more race conditions17:51
zygabut before unlinking17:52
zygaso it's effectively still racy17:52
ijohnsongot it, thanks for clarifying17:52
ijohnsonand for working on all this, it _feels_ really close this time :-)17:52
zygathat's why I included that comment, it's a specific guarantee that we are providing only17:52
zygaha, it's still somewhat distant but definitely better than before17:52
zygathe new inhibit lock is in another PR17:52
zygabut I need to rebase it on top of this thing as it's still using one of the earlier iterations17:53
pstolowskieod, cu17:53
ijohnsonzyga: ack sounds good17:53
* zyga needs to reboot18:02
=== ijohnson is now known as ijohnson|lunch
* zyga-laptop EODs18:20
zyga-laptopdegville hey18:40
zyga-laptoppost EOD question18:40
zyga-laptopdo you happen to know what happened to ubuntu core downloads?18:40
zyga-laptophttps://ubuntu.com/download/raspberry-pi has just server images18:40
zyga-laptopI found https://ubuntu.com/download/raspberry-pi-2-3-core but it's not linked from the download page18:42
degvillezyga-laptop: hello! no, I don't know what's happened there.18:42
zyga-laptopit seems we are advertising classic18:42
zyga-laptopand core is on a distinct page that is in a void somewhere18:42
zyga-laptopI'm good for now but I just wanted to raise this18:43
zyga-laptopI'll make a video about how to install ubuntu core on a pi18:43
zyga-laptopand the first step is ... harder than I expected18:43
degvillemmm... yeah, we're doing a poor comms job. Not sure why, or the motivation behind it.18:44
degvilleThe compute docs are Core focused.18:44
degvillehttps://ubuntu.com/download/raspberry-pi-compute-module-318:44
zyga-laptopoh well18:44
zyga-laptopI'll try to include this in the video18:45
zyga-laptopdoing a quick note/screenplay thing now18:45
zyga-laptopit's pretty weird18:46
zyga-laptopif you go to ubuntu.com/download/iot18:46
zyga-laptopthere's a big green install button18:46
zyga-laptopfor pi 2 3 or 418:46
zyga-laptopbut that's the classic page18:46
degvillezyga-laptop: yeah, totally agree.18:46
zyga-laptopif you scroll below18:46
degvilleJust tried the same.18:46
zyga-laptopthere's install ubuntu core18:46
zyga-laptopbut it's a separate set of platforms18:46
zyga-laptopI guess I "get it" but it is messy18:46
degvillezyga-laptop: my guess is not wanting to confuse the majority who may be looking for the Ubuntu-equivalent to Raspbian. But Core images are totally lost along the way.18:48
zyga-laptopyeah18:48
zyga-laptopI have the same feeling about both18:48
zyga-laptopI think we need more of a ...18:48
zyga-laptophttps://www.opensuse.org18:49
zyga-laptoplike chooser18:49
zyga-laptopit's a really clean page18:49
degvilleyes, you're right.18:49
zyga-laptopijohnson|lunch thank you19:35
=== ijohnson|lunch is now known as ijohnson
zyga-laptopI'll iterate tomorrow though, trying to record something tonight19:35
ijohnsonk, np19:35
ijohnsongood work on the branch!19:35
=== epod is now known as luk3yx
=== mwhudson_ is now known as mwhudson
=== arnatious_ is now known as arnatious
=== wieczorek1990_ is now known as wieczorek1990
=== joedborg_ is now known as joedborg
=== boxrick_ is now known as boxrick
=== lfaraone_ is now known as lfaraone
=== Trevinho_ is now known as Trevinho
=== benoitc_ is now known as benoitc
=== jwheare_ is now known as jwheare
mupPR snapd#7828 opened: tests: demand silence from check_journalctl_log <Simple 😃> <Test Robustness> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/7828>21:36
mupPR snapd#7829 opened: tests: fix the channels checks done on nested tests <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/7829>23:30

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!