[01:37] PR snapd#7917 opened: snap-bootstrap: trigger udev for new partitions [04:19] Bug #1846894 changed: Cannot use PulseAudio in classic confinement [05:53] PR snapd#7909 closed: snap: improve squashfs.ReadFile() error [05:53] PR snapd#7911 closed: systemd: fix uc20 shutdown [05:53] PR snapd#7912 closed: boot: write modeenv when creating the run mode [06:12] PR snapd#7915 closed: lkenv.go: adjust for new location of include file [06:13] PR snapd#7918 opened: boot: copy kernel/base to data partition in makeBootable20RunMode [06:14] PR snapd#7914 closed: bootstrap: reduce runmode mounts from 5 to 2 steps [06:35] morning [06:48] hey mborzecki [06:49] PR snapd#7919 opened: snapstate: do not try up update bootloader in ephemeral mode [06:50] mvo: hey, any interesting PRs to look at? [06:53] mborzecki: 7918,7919 are hopefully interessting [06:56] mvo: ok, let me see, i saw some chatter yesterday about that but i may not be familiar with the details [07:11] PR snapd#7920 opened: snapstate: do not try to detect rollback in ephemeral modes [07:13] mborzecki: yeah, all pretty straightforward but probably needs samuele anayway [07:19] mvo: #7916 is quite trivial [07:19] PR #7916: interfaces/browser-support: add more product/vendor paths [08:01] morning [08:02] pstolowski: hey [08:21] PR snapd#7921 opened: devicestate: run boot.MakeBootable in doSetupRunSystem === niemeyer_ is now known as niemeyer === nniehoff_ is now known as nniehoff === plars_ is now known as plars === souther_ is now known as souther === blackboxsw_ is now known as blackboxsw === bloodearnest_ is now known as bloodearnest === stoopkid_ is now known as stoopkid === cydizen_ is now known as cydizen === davecore_ is now known as davecore === coreycb_ is now known as coreycb === nottrobin_ is now known as nottrobin [09:15] PR snapd#7905 closed: cmd/snap-bootstrap: actually parse snapd_recovery_system label [09:23] degville: I don't have enough access to make comments or suggestions to the assertions doc [09:24] pedronis: sorry - fixed now. I keep expecting docs to default to edit in share mode. [09:25] degville: 👋 [09:25] degville: I noticed while on holiday that in the glossary we were mixing up core and core16 [09:25] degville: if nobody brought that to your attention, here is me doing so :) [09:26] Chipaca: thanks! pedronis did indeed point it out - hopefully fixed now. [09:26] degville: good good :) [09:42] degville: thank you, I did a pass [09:42] pedronis: thank you! [10:12] PR snapd#7922 opened: packaging, tests: stop services in prerm [10:17] degville: I did some edits to the glossary, please look at the last diff, feel free to reedit if needed [10:17] degville: we also should tweak the assertions entry once we have agreement in the main doc [10:24] degville: weird, seems for reasons discourse merged my update with your last one [10:24] (that is confusing (tm)) [10:29] degville: pstolowski: I made a couple of suggestions in the preseed help doc [10:30] pedronis: thanks! I'll take a look at the glossary diff and your other comments! [10:30] pedronis: thanks! [10:31] pstolowski: the help texts are good for me now [10:33] pedronis: +1, i can prep a PR once degville makes a pass [10:33] thx [10:33] pstolowski: looking now, but they're good for me too. [10:36] pstolowski: +1 from me too... thanks for creating the docs. [10:36] s/docs/doc [10:37] np, thanks for feedback! [10:56] PR snapd#7923 opened: snap-bootstrap: mount filesystems after creation === cjwatson_ is now known as cjwatson [11:12] Chipaca, hey [11:12] cachio: 'sup [11:12] last week there was a problem with the apt-hooks test [11:13] store started rejecting calls to /names api [11:13] I had to set as manual the test [11:14] Chipaca, this is the log https://paste.ubuntu.com/p/JY69dz4vwP/ [11:14] Chipaca, do you know if anything chante in snapd that could be causing this? [11:15] cachio: nothing changed in snapd no [11:15] PR snapd#7924 opened: tests: fix use of MATCH -v [11:16] Chipaca, so, somethings changed in the store [11:17] cachio: probably [11:17] cachio: how often were we getting this, and in what timeframe? [11:17] Chipaca: ^^ [11:17] fun PR [11:17] mborzecki: yep, nice [11:17] Chipaca, almost all the runs were failing [11:18] Chipaca, and if you run now the whole suite it fails too [11:18] cachio: 429 Too Many Requests, store doesn't like us anymore? [11:19] yesterday I rna the checks pr which wasn't merged to master nad apt-hooks failed [11:19] mborzecki, aparently not :) [11:19] cachio: when did this start? [11:20] tuesday / wednesday [11:21] logger.go:74: DEBUG: < "HTTP/1.0 429 Too Many Requests\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n" [11:21] it'd be nice to see the content [11:22] Chipaca, reviewed the google docs and I see the error started on tuesday [11:22] cachio: this happens when running on gcp? [11:22] mborzecki, yes [11:27] cachio: ok, trying out something [11:30] mborzecki, nice, thanks [11:30] 7904 needs a second review [11:37] cachio: heh, i suppose i can stop spamming api.snapcraft.io, can't reproduce this, maybe curl takes too long between requests [11:38] mborzecki, perhaps I could add extra logging and run apt hooks test [11:38] does it make sense? [12:01] cachio: have you seen it pop up in PR travis jobs? [12:01] PR pc-amd64-gadget#29 opened: grub.cfg-normal: go back to the UC16 way of loading the kernel [12:01] PR snapd#7925 opened: cmd/snap-preseed: update help strings [12:06] cmatsuoka: question for you in 7917 [12:06] mborzecki: sure [12:07] cmatsuoka: maybe worth trying, provided the spread tests pass [12:08] mborzecki: let me check what that does exactly... [12:09] mborzecki: so you mean calling it after all nodes are there (and it would act on all block devices, not only the ones we just created)? [12:10] cmatsuoka: no, just adding --subsystem-match=block to the udevadm trigger call [12:10] mborzecki, yes [12:10] pedronis, degville #7925 is up [12:10] PR #7925: cmd/snap-preseed: update help strings [12:10] mborzecki, initially I saw that in travis [12:10] pstolowski: thank you! [12:11] then I could reproduce it manually here [12:11] mborzecki: since we're already calling it with a block device target, I think it wouldn't change what it's doing [12:12] mborzecki: I'll have a look at the source code to be sure [12:12] cachio: ah, right [12:12] cachio: yeah, so it's fine [12:25] mborzecki, which should be the best configuration for adding more debug info ? [12:25] trying to add more debug without touching the code [12:26] mborzecki, currently we use SNAPD_DEBUG_HTTP=7 SNAPD_DEBUG=1 [12:28] PR pc-amd64-gadget#29 closed: grub.cfg-normal: go back to the UC16 way of loading the kernel [12:33] cachio: i think that we only dump the outgoing request data [12:37] mborzecki, now is not failing anymore apt-hooks [12:45] PR snapd#7926 opened: cmd/snap-bootstrap: xxx todos about kernel cross-checks [12:47] mvo, about 2.43 on arm64 [12:47] it is not in beta the snapd snap [12:49] cachio: oh, let me check. maybe there was a mistake :( sorry for that [12:50] cachio: should be fixed now [12:50] mvo, thanks === ricab is now known as ricab|lunch [13:00] cachio: pushing some patches to reset the state of failed services after each test run in a couple of minutes [13:02] mborzecki, nice, I am going to the hospital now, I'll review it there [13:06] * cachio afk [13:43] PR snapcraft#2845 opened: remote-build: configurable timeout/deadline for starting and monitoring build [13:52] PR snapd#7925 closed: cmd/snap-preseed: update help strings [14:03] PR snapd#7924 closed: tests: fix use of MATCH -v === stgraber_ is now known as stgraber === ricab|lunch is now known as ricab === heather is now known as hellsworth [14:47] hrm, lot's of reds in snapd already [14:47] eh, travis - has anyone looked? [14:48] hello. can someone explain to me why I can not see "real" hostfs root from my VLC snap, but still can access it via /var/lib/snapd/hostfs/ ? i'm on debian, snap/snapd 2.42.5, kernel 5.3.0. vlc is installed in "strict" mode. [15:01] mvo, any test that I could take a look? [15:01] of those reds? [15:07] thresh: the filesystem that snaps see is composed on the fly from core snap (or core18) and various bind-mounted dirs, so it's completely different from the host fs. hostfs is mounted on the side under /var/lib/snapd/hostfs/ for some interfaces (such as system-observer or opengl), but access is controlled by apparmor (which i suppose you don't have) [15:08] thanks pstolowski [15:09] I do have apparmor though, and aa-status reports VLC as enforced mode, as well as ps auxZ: snap.vlc.vlc (enforce) thresh 70717 24.0 0.4 1002360 71556 pts/1 Sl+ 18:09 0:00 /snap/vlc/1049/usr/bin/vlc --config=/home/thresh/snap/vlc/common/vlcrc [15:11] cachio: I have not investigated, just noticed in recent PR runs [15:11] mvo, ok, your PRs right? [15:11] I am gonna take a look [15:13] thresh: do you have vlc's opengl plug connected? [15:13] pstolowski, yes [15:13] PR snapcraft#2846 opened: base plugin: use shlex quoting for logged command in run() [15:15] thresh: opengl interface gives access to portion of hostfs - see https://github.com/snapcore/snapd/blob/702a637803b1da7f55596e6de3d76057929e5f78/interfaces/builtin/opengl.go#L38 [15:17] pstolowski, I can reproduce the same behaviour e.g. with "jq" snap, which doesnt have any plugs [15:17] thresh: do you mean the snap can access entire var/lib/snapd/hostfs ? [15:17] and this doesnt really explain why opengl plug allows access to /data/1.mkv in my case [15:18] well, rather /var/lib/snapd/hostfs/data/1.mkv [15:21] I mean, it's probably due to debian, and confinement being not full [15:21] but I'd rather like to understand what exactly causes that [15:21] cachio: yeah, it may well be it all real, i was too busy to check [15:24] zyga, could you please take a quick look to #7877 [15:24] PR #7877: tests: avoid mask rsyslog service in case is not enabled on the system [15:24] it is failing in many prs [15:26] thresh: most likely yes.. i cannot confirm this observation with ubuntu. could you please show the output of:snap debug confinement [15:26] thresh: snap debug confinement [15:26] thresh: and 'snap debug sandbox-features' [15:27] pstolowski, https://code.videolan.org/snippets/1118 there you go [15:27] anyone have a good example on how to configure opengl for `classic`? [15:29] i built an opengl app that just works without any special casing on my nvidia graphics system, but fails on intel. Interesting that nvidia just works in the classic case? [15:29] thresh: right. that's it [15:29] thresh: on ubuntu it is strict, and for apparmor it's apparmor: kernel:caps kernel:dbus kernel:domain kernel:file kernel:mount kernel:namespaces kernel:network kernel:policy kernel:ptrace kernel:query kernel:rlimit kernel:signal parser:unsafe policy:default support-level:full [15:31] thresh: and also confinement-options: classic devmode strict (yours is missing strict) [15:33] right, so the differences are: missing kernel:dbus, and policy:downgraded vs policy:default [15:33] there is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923500 but that seems to be forgotten, too [15:33] zyga: ^ maybe you have some thoughts wrt opengl? :D [15:35] cjp256: zyga is off this week; perhaps mborzecki ? ^ [15:35] hm hm? [15:35] ah, thanks! [15:36] cjp256: does the snap include relvant mesa libs and drivers? [15:37] it does not (yet) - but I assume it should, and should do something like found https://github.com/ubuntu/snapcraft-desktop-helpers/blob/master/common/desktop-exports#L81 [15:38] while I'm doing this for specific snap right now, my ultimate goal is to add an "opengl" extension which should just work for classic or strict [15:39] though it was interesting that without any mesa stuff, nvidia worked [15:39] thresh: right.. and the last comment there is from zyga.. he may know more where we are with this, but as i just said, he is off [15:39] cjp256: nvidia is handled slightly differently, especially for confined snaps === AdmWiggin is now known as tianon [15:40] cjp256: fwiw that should be transparent for the snap [15:40] yeah, this one is classic (alacritty terminal). [15:43] the mesa packages should also be staged with classic, correct? don't attempt to use the host's? [15:44] cjp256: looked ad the code again, for classic we don't set up anything nvidia specific, it's only done when snap is confined, but mesa should be part of the snap in both scenarios [15:45] wish we had some time allocated for the gpu support proposal zyga had, but maybe next cycle [15:46] cjp256: if you have thoughts/ideas feel free to review https://forum.snapcraft.io/t/gpu-support-proposal/11247/13 and share them [15:47] pstolowski, could you take a quick look to #7877 please? [15:47] PR #7877: tests: avoid mask rsyslog service in case is not enabled on the system [15:47] ah, was not aware of that. thanks mborzecki :) [15:47] this is constantly failing on master [15:47] cachio: sure [15:48] pstolowski, thanks [15:53] * cachio lunch [16:20] cachio: a general question there, i'm confused by this change, need more info. if you can provide a more elaborate description it would be super helpful (the sentence "The idea os this test is the rsyslog service when it does not exist." needs fixing) [16:21] hello! Store team here, downloads are currently having a bad time, and you might get errors. We're looking at it :) [16:22] pstolowski, sure [16:22] cachio: thanks! [16:22] pstolowski, yaw [16:46] downloads should now be working again! [16:47] \o/ [16:58] pstolowski, description updated [16:58] ty [17:17] cachio: the description is fine. have you seen my reply re uc18? [17:20] pstolowski, yes, I am making hte change [17:20] cachio: i'm about to EOD but don't want to block this PR [17:20] 1 sec [17:20] pstolowski, nice, thanks [17:20] ok [17:20] cachio: i can approve, just push the change to limit it to uc18 [17:21] before merging [17:24] pstolowski, pushed [17:24] k [17:28] why in snap users aren't allowed to manually connect slots that aren't declared in manifest? [17:29] pstolowski, is it ok there or it is better to put is at the begining of the prepare phase? [17:29] perhaps that's more clear [17:29] when some slot is missing and snap maintainer is afk then it's a dead end... [17:34] vidal72[m]: well, that's deliberate, snaps must know what they need and must be upfront about that. otherwise people would start connecting random slots in a hope of getting a broken snap to work. if a snap is missing a slot it should have, it's a bug of the snap like any other bug.. [17:36] cachio: yes i think beginning would be better [17:36] cachio: also made one small remark [17:37] pstolowski: yes but the bug remains unfixable by user if publisher doesn't cooperate [17:39] pstolowski, nice, already pushed the change [17:39] pstolowski, thanks for the review!!! [17:43] pstolowski, thanks for the +1 [17:43] I'll merge it once it is in gree [17:43] n [17:43] vidal72[m]: yeah, but that's no different than any other software bug. what you propose has secruity implications. nb, you can try repack that snap yourself and change its manifest, then install it with --dangerous [17:43] see you tomorrow [17:44] yep, eod, cu! [18:42] PR snapd#7877 closed: tests: avoid mask rsyslog service in case is not enabled on the system [19:09] hello [19:09] I have just registered the snap name "munge" [19:10] here is the repo for the snap https://github.com/omnivector-solutions/snap-munge [19:10] Omnivector is going to be maintaining this snap [19:11] Can I request an approval on the name please? [19:11] thanks! [19:11] (the snap store wont let me push to "munge" until its approved by someone) [19:27] hi bdx [19:27] roadmr: how's it going? [19:27] bdx: to be clear, are you as a snap developer going to be maintaining the snap, or do you envision transferring it to another Omnivector account? [19:29] the https://github.com/omnivector-solutions github account is where it will live as far as I can see [19:30] there will be others that contribute to the project, but the upstream will always remain https://github.com/omnivector-solutions/snap-munge [19:31] bdx: right, I'm thinking in terms of snap store accounts here [19:31] ahh yes, I dont think I have created a snap store account for omnivector yet [19:31] bdx: and no worries, we can approve for your account and then transfer to a more project-centric account [19:31] (if desired, of course) [19:31] ok, I see [19:31] should I just create the omnivector snap store account now in that case? [19:33] bdx: you could, and then I can transfer the name (which I've just granted to you anyway). [19:34] bdx: the typical pattern is for the snap to be registered under an e.g. "omnivector" account (for the org/project) which is tied to an e-mail address controlled by the project itself, and then individual people (e.g. you) are attached to the snap as collaborators [19:34] ahh I see - I was just going to ask abou thtat [19:35] bdx: this helps in the case of a snap maintainer not being able to maintain the snap for some reason - it can then be transferred away from that person but it's easier if the transfer is avoided altogether :) [19:35] entirely - is there a way for me to create the "omnivector" org in the snap store? [19:35] bdx: there's no concept of organizations in the snap store :( what you'd do is register an "omnivector" developer account (i.e. set that as the username) [19:36] bdx: it does have to have an e-mail address different from yours, though [19:36] ok, np [19:36] so, the snapstore wants to use my ubuntu one user [19:37] should I create the ubuntuone user "omnivector" then [19:37] bdx: yes, you'd need to create an altogether new ubuntuone user :/ sorry for the extra hoops [19:41] roadmr: np [19:41] roadmr: I've created a snapstore user "omnivector-solutions" [19:42] is it possible for you to transfer the registered name to this user? [19:44] bdx: I'll do so right away :) [19:46] bdx: done! [19:46] roadmr: thats awesome! many thanks! [19:46] np, happy to help :) [19:48] roadmr: I was able to upload a release to stable and install from the snap store! [19:49] one small quirk .... [19:49] I think its related to the build functionality [19:50] If I click into the "build" tab in the web ui [19:50] I am presented with a page that asks me to login with github [19:51] after I login with github I am redirected to the jamesbeedy snapstore account [19:52] bdx: hmm. [19:52] so, I get here https://imgur.com/a/HfjbnBJ [19:52] Issue pc-amd64-gadget#30 opened: Git tags and versioning [19:52] bdx: I'm not super familiar with the build service :/ not sure how it establishes who you are from your github login [19:52] oh but that says you're omnivector, right? [19:53] yeah [19:53] see in the img ^ it says omnivector [19:53] but when I click the login weith github button [19:54] it seems to login my jamesbeedy user https://imgur.com/a/lwQZ6Hk [19:54] either way, not a big deal for me [19:54] oh I see [19:54] just thought I would mention it [19:54] right, we'd have to ask the build service folks, most of them in Europe so probably sleeping now heh [19:54] yeah no worries [19:54] I can file a bug for it [19:55] roadmr: thanks again for your help here [19:55] np [19:56] build service issues here: https://github.com/canonical-web-and-design/snapcraft.io/issues [20:50] PR snapd#7927 opened: interfaces: x11 allow apparmor on classic [21:17] PR snapcraft#2847 opened: Catkin plugin: consider only 'local' workspaces [21:26] I have a few questions about socket-directories using the content interface [21:28] I have one snap that provides a socket-directory plug https://paste.ubuntu.com/p/N7wchfdYhM/ [21:28] bdx: (in case you don't get a reply here, you can always post in the forum :) a bit easier for people to see that asynchronously) [21:28] ok, will do - thx === gurmble is now known as grumble [21:29] we can see the socket that the munge process creates here https://paste.ubuntu.com/p/FwvQ7JQNZw/ in SNAP_DATA [21:30] I create another snap to test with munger [21:30] https://paste.ubuntu.com/p/GtxZkyy9Dq/ [21:32] ^I have one snap that provides a socket-directory slot* [21:32] the other snap creates the plug [21:35] I install both of the snaps and connect the content interface plug of one to the content-interface slot of the other https://paste.ubuntu.com/ [21:35] https://paste.ubuntu.com/p/qhrQQGKFq3/ [21:36] * cachio eod [21:39] once both the snaps are connected, I can see the socket in the snap that creates it, but I can't see my socket in the snap that has the consuming plug https://paste.ubuntu.com/p/6tJPVs7x9s/ [21:48] err .. that didn't come across so well [21:48] I've rephrased it a bit on discourse here https://forum.snapcraft.io/t/the-content-interface/1074/9?u=jamesbeedy [22:31] PR snapd#7928 opened: boot,overlord: introduce internal abstraction bootState and use it for InUse/GetCurrentBoot [22:35] PR snapd#7926 closed: cmd/snap-bootstrap: xxx todos about kernel cross-checks === ahayzen_ is now known as ahayzen