[00:25] PR snapcraft#2937 closed: spread tests: do not attempt to remove snapd snap [00:28] PR snapcraft#2938 closed: remote build: default to snapcraft's stable channel [02:35] PR pc-amd64-gadget#35 opened: grub.cfg-boot: drop compatibility mode [06:23] morning [06:42] Make current revision for snap "snapd" unavailable ([--root / is-active snapd.core-fixup.service] failed with exit status 3: failed [06:42] seen this one before [06:52] hmm maybe we should ignore the stderr/stdout when calling systemctl is-active and just look at the exit code [06:55] quick errand, some utility guys coming over, hopefully they'll be gone in 30 mins or so [07:36] re [07:59] mvo: hey [07:59] PR snapd#8132 opened: systemd: improve is-active check for 'failed' services [08:04] morning [08:04] pstolowski: hey [08:06] snow :) [08:06] good morning pstolowski mborzecki and zyga [08:07] zyga: hey, snow? got plenty of rain here :) [08:07] let's hope today is more productive [08:07] o/ [08:07] mborzecki: yeah, there's even nice patches on the ground [08:07] is it freezing? [08:07] supposedly +1 so no [08:07] oh well [08:08] zyga: snow, but melting away immediately [08:08] simple pr to start your morning with #8132 [08:08] PR #8132: systemd: improve is-active check for 'failed' services [08:09] mborzecki: ha [08:09] remember when you told me about that dhcp thing [08:09] that it failed for you [08:09] suprirse [08:09] it really only fails on arch, out of all the systems [08:09] * zyga runs and see why [08:36] pstolowski: 8128 LGTM, do you want to merge it? [08:38] mvo: merged, thank you! [08:38] PR snapd#8128 closed: o/devicestate: StartOfOperationTime helper for Prune (1/2) [09:16] mborzecki: can you re-review https://github.com/snapcore/snapd/pull/8123/files [09:16] PR #8123: interfaces/network-control: bring /var/lib/dhcp from host (approach b) [09:16] it's updated and passes on arch [09:16] just want to ack the new permissions [09:20] PR snapd#8133 opened: cmd/snap-confine: allow snap-confine to load nss libs [09:23] mborzecki: ^ this is a RFC-ish [09:23] more to raise awareness [09:23] I don't expect it will land [09:47] mborzecki: was there a bug report on https://github.com/snapcore/snapd/pull/8132? [09:47] PR #8132: systemd: improve is-active check for 'failed' services [09:51] pstolowski: there's a conflict on https://github.com/snapcore/snapd/pull/8120 and on https://github.com/snapcore/snapd/pull/8046 [09:51] PR #8120: cmd/snap-preseed: snapd version check for the target [09:51] PR #8046: many, tests: integrate all preseed bits and add spread tests [09:53] zyga: thanks, i'm switching back to these PRs after de-tour with #8130 (prune tests are tricky) [09:53] PR #8130: overlord, state: don't abort changes if spawn time before StartOfOperationTime (2/2) [09:53] sure :-) [10:00] mborzecki: I ported parts of the desktop interface over to common [10:00] zyga: nice! [10:00] mborzecki: but only the simple parts, I'll do more once the prereq lands [10:01] zyga: as for 8132, afaik there was no bug reprot, noticed that in a failed spread run today [10:01] mborzecki: https://github.com/snapcore/snapd/pull/8134 [10:01] PR #8134: interfaces: use commonInteface for desktopInterface [10:01] mborzecki: ok, I wanted to cross-reference if there was one, no worries [10:01] mborzecki: ^ this one can be reviewed and merged separately from the rest [10:01] PR snapd#8134 opened: interfaces: use commonInteface for desktopInterface [10:02] btw. to my surpise snapd.core-fixup.service was in failed state on 20.04, but it should `exit 0` if not running on ubuntu core [10:02] ohhh [10:02] that's weird [10:02] what's the condition? [10:03] pedronis: please review 8123 if you can [10:03] pedronis: I applied your suggestions and I think this is the right way forward indeed [10:03] * zyga breakfast [10:24] PR snapd#8135 opened: bootloader: make uboot a RecoveryAwareBootloader [10:26] pedronis: updated/replied on #8046 [10:26] PR #8046: many, tests: integrate all preseed bits and add spread tests [10:35] PR snapd#8131 closed: boot: add current_kernels to modeenv [10:37] PR snapd#8132 closed: systemd: improve is-active check for 'failed' services [10:38] mvo: ^ I added a comment to consider that for stable [10:38] mvo: up to you to decide [10:39] zyga: good point [10:39] PR snapd#8060 closed: gadget: skip update when mounted filesystem content is identical [10:39] zyga: cherry-picked [10:39] thank you! [11:29] snapd failover failed again [11:29] is anyone looking at fixing that? [11:29] https://www.irccloud.com/pastebin/ZHsaJSrS/ [11:29] more debug notes [11:29] https://www.irccloud.com/pastebin/fyoWz9Pr/ [11:31] then more log spam [11:31] https://www.irccloud.com/pastebin/HtomsMSS/ [11:31] (that last one is repeated heavily) [11:31] mborzecki: ^ IIRC you asked for logs before [11:32] do you want more or shall I kill this run? [11:34] I'll make coffee [11:35] mvo: I may skip standup today, I'll let you know [11:36] PR snapd#8136 opened: boot: write current_kernels in bootstate20, makebootable [11:36] thanks for the merge on 8131, I opened the followup https://github.com/snapcore/snapd/pull/8136 just now [11:36] PR #8136: boot: write current_kernels in bootstate20, makebootable [11:39] * ijohnson disappears for a couple hours [11:56] PR snapcraft#2935 closed: build providers: remove tzdata workaround [12:04] cmatsuoka: hi [12:08] * pstolowski lunch [12:19] xnox, hi, I am trying to test the image in http://cdimage.ubuntu.com/ubuntu-core/20/pending/ [12:19] xnox, using kvm [12:20] I can make that work [12:20] is there any specific parameter for kvm/qemu which I need to use? [13:25] cachio: yes [13:25] you need ovmf from focal; secureboot firmware; qc35 machine type; snakeoil variables [13:26] cachio: i use virtmanager desktop gui app to elect secureboot / tpm and override variables with snakeoil vars. [13:26] i guess we should document this somewhere. [13:26] otherwise from cmdline it is something like this [13:26] nice, I'll try that and if it works I'll add that to our snapd testing docs [13:26] sudo kvm -smp 4 -m 2048 -machine pc-q35-4.0 -global ICH9-LPC.disable_s3=1 -drive file=/usr/share/OVMF/OVMF_CODE.secboot.fd,if=pflash,format=raw,unit=0,readonly=on -drive file=OVMF_VARS.snakeoil.fd,if=pflash,format=raw,unit=1 -drive file=pc.img,if=none,format=raw,id=disk1 -device virtio-blk-pci,drive=disk1,bootindex=1 [13:27] xnox, owesome, thanks [13:27] so /usr/share/OVMF/OVMF_CODE.secboot.fd is simply readonly [13:27] bu tthe OVMF_VARS.snakeoil.fd is a "per-VM UEFI variables store" which should be started with like $ cp /usr/share/OVMF/OVMF_VARS.snakeoil.fd my-VM-VARS.fd [13:28] cause we pre-built what the initial variables / uefi status should be [13:30] xnox, nice [13:30] xnox, I'll try it [13:30] xnox, thanks [13:33] (the vars have pre-enrolled settings to enforce secureboot, and have the keys currently used for signing enrolled) [13:41] xnox, is it any way to get /usr/share/OVMF/OVMF_CODE.secboot.fd on bionic? [13:41] or it is just available on focal? [13:42] I'll create a vm with focal to test is [13:45] mvo: I'm making good progress on OOM handling [13:46] mvo: I'll skip standup as I'm in a car seat going with folks for lunch [13:46] cachio: you can download ovmf package from launchpad from focal and install it. [13:46] mvo: I'll have some demo code on Monday, I hope, running in spread [13:46] cachio: it's an arch:all package with prebuilt static contents [13:46] cachio: why are you on bionic still instead of focal? [13:46] mvo: I'm tweaking services so that we can regen services easily with extra entries [13:47] xnox, I'll try that [13:48] mvo: I still haven't thought of a better way to surface this [13:48] mvo: so I'm going ahead with "snap set core oom-protect ..." [13:51] mvo: I'll send two small patches that build towards that, one to snap.Info and one to wrappers [13:52] hello again folks [13:54] mvo: and other than that I'll focus on trying to set oom score and write a test that shows how a memory hog cannot kill a protected service [13:55] mvo: and that's my update, I'll keep hacking until we arrive for dinner and then after that [13:55] mborzecki: ^ FYI if you are interested in changes to wrappers [13:56] zyga: also I saw that snapd failover test failure last night and was looking into it [13:56] ijohnson: thank you, I am not looking into it [13:57] ijohnson: so if you want to dive in please do [13:57] yes it's on my list for today [13:57] ijohnson: I kept a failed log on https://github.com/snapcore/snapd/pull/8133 [13:57] PR #8133: cmd/snap-confine: allow snap-confine to load nss libs [13:57] thanks [13:57] great, thanks [14:39] mvo: looking at 8135, will we need uboot to implement ExtractedRunKernelImageBootloader as well as RecoveryAwareBootloader in order to have uc20 support there? [14:46] ijohnson: yes, I think you are right [14:46] mvo: perhaps your PR is enough to unblock foundations with setting up a uc20 gadget snap however [14:47] ijohnson: yeah, that was my hope [14:47] ijohnson: give them something to play with [14:47] mvo: but makebootable20RunMode will fail if there's not an ExtractedRunKernelImageBootloader available, so probably the image won't get past install mode [14:47] mvo: ok, if you like I can work on that with foundations when they get farther along the process ? [14:47] ijohnson: that sounds acceptable for now, they need to first write the right uboot.env [14:48] ijohnson: \o/ that would be most welcome [14:48] ack [15:06] PR snapd#8137 opened: tests: skipping interfaces-openvswitch on centos due to package is not available [15:14] * cachio bank & lunch [15:15] PR snapcraft#2939 opened: pluginhandler: user directories scoped to partdir for snapcraftctl [16:02] PR snapd#8138 opened: snap/info: add SnapRevisionFileName [16:13] ijohnson: mvo: finishing the current boot stuff is probably higher priority as long as they are unblocked for a bit [16:13] PR snapd#8135 closed: bootloader: make uboot a RecoveryAwareBootloader [16:14] pedronis: ack [16:14] ack [16:21] maciek is off already [16:21] ah, right [16:21] oh well :) [16:30] pedronis: I replied to the unrestricted path extension question https://github.com/snapcore/snapd/pull/8123#discussion_r379526244 [16:30] PR #8123: interfaces/network-control: bring /var/lib/dhcp from host (approach b) [16:35] zyga: are you saying that with that change a layout can now create directories under /var in the host? [16:36] asked in the PR as well [16:40] pedronis: layouts cannot create anything in /var/lib/snapd/*, which includes hostfs, it would allow a snap to create a directory on the host if that location is bridged with snap-confine's default set - this includes /var/snap (but that is black-listed from layouts), /var/lib/snapd (also black-listed), /var/tmp (allowed), /var/log (allowed) and finally /var/lib/extrausers (allowed) [16:40] I'll paste this response to the PR [16:42] pedronis: (to be precise, users cannot request a layout, not that layouts cannot create) [16:44] pedronis: interestingly, /var/log snap-confine-made, fixed mount, is marked with a TODO, asking to move it to an interface [16:44] pedronis: I think the approach is right but perhaps we need to investigate the unrestricted path more [16:44] pedronis: here we _do_ want it (in /var/lib/dhcp) because otherwise we'll end up with a mimic [16:44] pedronis: but the point of the interface is to expose _real_ /var/lib/dhcp to the snap, creating it if necessary [16:45] pedronis: I would be happy with a special case that says var/lib/dhcp can be made [16:45] and continue the investigation into what is exactly allowed per interface, akin to what Maciek hinted at [16:45] zyga: to be clear I'm slightly less worried about interfaces, my worry is layout, whether we have enough checks in place, not to make something odd happens [16:45] if we change something there [16:45] because the new unrestriction [16:46] pedronis: so, users cannot request a layout to /var/lib/snapd/hostfs/* so the answer is that it is not something that interacts with layouts directly [16:47] pedronis: and actually, thinking about it now [16:48] pedronis: my comment was incorrect - given that layouts and snap-confine made mount points don't interact [16:48] pedronis: this doesn't change anything layouts can make [16:48] pedronis: I was confused because if you put a layout from $SNAP/foo to /var/lib/foo [16:48] that feels like it might interact [16:48] because perhaps /var/lib/foo is bridged by snap-confine to the host [16:48] but that's irrelevant for /var/lib/snapd/hostfs/var/ that is allowed [16:49] because /var/lib/foo is not in a prefix of hostfs, you end up with a mimic [16:49] as such I think this is safer than I assumed, since nothing apart from snapd code can request new hostfs entries [16:50] (I added this to the PR thread) [16:51] thx, I'll reread on Monday morning at this point [16:51] thank you, that's a good idea :) [16:52] pedronis: I would like to see a more central system for permissions [16:52] pedronis: some of it is in layout validation [16:52] pedronis: some in appamor on snap-confine [16:52] pedronis: we should think about what we'd like to make explicit [16:52] yea, it all feels very disjoint, no clear suggestion atm though [16:52] and also some in snap-update-ns trespassing exceptions [16:53] yeah, spanning C, apparmor and two Go parts (one with state access one without) [16:53] but I agree that it would be good to make it easier to see at a glance [16:53] perhaps a shared go package that just list stuff that both snapd and snap-update-ns import and use [16:53] and even generated .c for snap-confine [16:53] or something along those lines [17:25] * zyga just unblocked a lot of progress [17:25] sssheeesh :) [17:31] * zyga EODs [17:49] cachio: do you in spread if there's an easy way to "skip" a test? for example I have a test with environment variable variants and on uc18 with one of the variants it doesn't make sense to run, so I want to skip that one [17:50] cachio: what I did was just `if ...; then echo "skip"; exit 0; fi` is that a good way to do that? [17:50] ijohnson, you want to skip a variant on a specific system right? [17:51] yes [17:51] what I have works, just wondering if there's a more elegant way to do this [17:51] ijohnson, the if solution is the one we use for those cases [17:51] as you did [17:51] okay, so what I have is the right thing to do [17:51] thanks! [17:52] I have a pr for that but it is not approved [17:52] to create run conditions [17:52] so you write the if but just once [17:52] here you need to add that if in the prepare, execute and restore [17:55] yeah right, that would be nice === ijohnson is now known as ijohnson|lunch [19:40] PR snapd#8139 opened: interfaces/{desktop-legacy,unity7}: adjust for new ibus socket location [19:55] Issue pc-amd64-gadget#36 opened: Broken kernel.efi does not reboot automatically === sergiusens_ is now known as sergiusens [21:21] kenvandine: FYI https://bugs.launchpad.net/snapd/+bug/1863255 [21:21] Bug #1863255: Programs installed in Snap format do not detect the keyboard

[21:22] kenvandine: not sure if this is widespread but my 20.04 system doesn't have working keyboard input in some graphical snap apps [21:22] kenvandine: and someone just reported a bug that's similar [21:22] oh interesting [21:22] Wimpress: ^ [21:22] like what apps? [21:22] kenvandine: I tried irccloud-desktop [21:22] * kenvandine looks at bug [21:22] wasn't able to type my email address [21:23] i'm using irccloud-desktop right now [21:23] working fine [21:23] weird [21:23] the reporter tried spotify, thunderbird and superproductivity [21:23] I suspect it depends on classic vs strict [21:23] but something is wonky [21:23] weird [21:23] I had a fresh insstall [21:23] I tried wayland and x [21:23] all up to date [21:24] something to chase next week [21:24] but just wanted to give you a note [21:24] zyga: I've been using 20.04 daily for weeks. [21:24] And have dozens of snaps that I rely on. [21:24] Not experienced that issue. [21:24] Wimpress: hmmm hmm hmm [21:24] must be something in fresh vs updated installs [21:25] I wonder what could be a factor [21:25] input stack is such a mystery to me [21:25] Wimpress: can you create a new user account and try if they work there? [21:25] maybe that gives you a pristine config [21:28] Not right now. But I'll make a note to test. [21:28] thanks, I'll try some more as well [21:28] thank you guys! [21:46] PR snapcraft#2940 opened: build providers: remove use of cloud-init === heather1 is now known as hellsworth [22:28] PR snapcraft#2941 opened: [WIP] extensions: add cleanup extension [23:05] PR snapd#8138 closed: snap/info: add Filename [23:07] PR snapcraft#2942 opened: pluginhandler: do not search installdir or stagedir for dependencies === ijohnson|lunch is now known as ijohnson [23:09] PR snapd#8140 opened: [DRAFT] tests: add more UC20 tests [23:22] PR snapcraft#2943 opened: spread: capture developer debug information