[00:25] <mup> PR snapcraft#2937 closed: spread tests: do not attempt to remove snapd snap <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2937>
[00:28] <mup> PR snapcraft#2938 closed: remote build: default to snapcraft's stable channel <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2938>
[02:35] <mup> PR pc-amd64-gadget#35 opened: grub.cfg-boot: drop compatibility mode <Created by anonymouse64> <https://github.com/snapcore/pc-amd64-gadget/pull/35>
[06:23] <mborzecki> morning
[06:42] <mborzecki> Make current revision for snap "snapd" unavailable ([--root / is-active snapd.core-fixup.service] failed with exit status 3: failed
[06:42] <mborzecki> seen this one before
[06:52] <mborzecki> hmm maybe we should ignore the stderr/stdout when calling systemctl is-active and just look at the exit code
[06:55] <mborzecki> quick errand, some utility guys coming over, hopefully they'll be gone in 30 mins or so
[07:36] <mborzecki> re
[07:59] <mborzecki> mvo: hey
[07:59] <mup> PR snapd#8132 opened: systemd: improve is-active check for 'failed' services <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/8132>
[08:04] <pstolowski> morning
[08:04] <mborzecki> pstolowski: hey
[08:06] <zyga> snow :)
[08:06] <mvo> good morning pstolowski mborzecki and zyga
[08:07] <mborzecki> zyga: hey, snow? got plenty of rain here :)
[08:07] <zyga> let's hope today is more productive
[08:07] <pstolowski> o/
[08:07] <zyga> mborzecki: yeah, there's even nice patches on the ground
[08:07] <zyga> is it freezing?
[08:07] <zyga> supposedly +1 so no
[08:07] <zyga> oh well
[08:08] <pstolowski> zyga: snow, but melting away immediately
[08:08] <mborzecki> simple pr to start your morning with #8132
[08:08] <mup> PR #8132: systemd: improve is-active check for 'failed' services <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/8132>
[08:09] <zyga> mborzecki: ha
[08:09] <zyga> remember when you told me about that dhcp thing
[08:09] <zyga> that it failed for you
[08:09] <zyga> suprirse
[08:09] <zyga> it really only fails on arch, out of all the systems
[08:09]  * zyga runs and see why
[08:36] <mvo> pstolowski: 8128 LGTM, do you want to merge it?
[08:38] <pstolowski> mvo: merged, thank you!
[08:38] <mup> PR snapd#8128 closed: o/devicestate: StartOfOperationTime helper for Prune (1/2) <Needs Samuele review> <Created by stolowski> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/8128>
[09:16] <zyga> mborzecki: can you re-review https://github.com/snapcore/snapd/pull/8123/files
[09:16] <mup> PR #8123: interfaces/network-control: bring /var/lib/dhcp from host (approach b) <Bug> <Created by zyga> <https://github.com/snapcore/snapd/pull/8123>
[09:16] <zyga> it's updated and passes on arch
[09:16] <zyga> just want to ack the new permissions
[09:20] <mup> PR snapd#8133 opened: cmd/snap-confine: allow snap-confine to load nss libs <Created by zyga> <https://github.com/snapcore/snapd/pull/8133>
[09:23] <zyga> mborzecki: ^ this is a RFC-ish
[09:23] <zyga> more to raise awareness
[09:23] <zyga> I don't expect it will land
[09:47] <zyga> mborzecki: was there a bug report on https://github.com/snapcore/snapd/pull/8132?
[09:47] <mup> PR #8132: systemd: improve is-active check for 'failed' services <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/8132>
[09:51] <zyga> pstolowski: there's a conflict on https://github.com/snapcore/snapd/pull/8120 and on https://github.com/snapcore/snapd/pull/8046
[09:51] <mup> PR #8120: cmd/snap-preseed: snapd version check for the target <Preseeding 🍞> <Created by stolowski> <https://github.com/snapcore/snapd/pull/8120>
[09:51] <mup> PR #8046: many, tests: integrate all preseed bits and add spread tests <Complex> <Needs Samuele review> <Preseeding 🍞> <Created by stolowski> <https://github.com/snapcore/snapd/pull/8046>
[09:53] <pstolowski> zyga: thanks, i'm switching back to these PRs after de-tour with #8130 (prune tests are tricky)
[09:53] <mup> PR #8130: overlord, state: don't abort changes if spawn time before StartOfOperationTime (2/2) <Preseeding 🍞> <Created by stolowski> <https://github.com/snapcore/snapd/pull/8130>
[09:53] <zyga> sure :-)
[10:00] <zyga> mborzecki: I ported parts of the desktop interface over to common
[10:00] <mborzecki> zyga: nice!
[10:00] <zyga> mborzecki: but only the simple parts, I'll do more once the prereq lands
[10:01] <mborzecki> zyga: as for 8132, afaik there was no bug reprot, noticed that in a failed spread run today
[10:01] <zyga> mborzecki: https://github.com/snapcore/snapd/pull/8134
[10:01] <mup> PR #8134: interfaces: use commonInteface for desktopInterface <Created by zyga> <https://github.com/snapcore/snapd/pull/8134>
[10:01] <zyga> mborzecki: ok, I wanted to cross-reference if there was one, no worries
[10:01] <zyga> mborzecki: ^ this one can be reviewed and merged separately from the rest
[10:01] <mup> PR snapd#8134 opened: interfaces: use commonInteface for desktopInterface <Created by zyga> <https://github.com/snapcore/snapd/pull/8134>
[10:02] <mborzecki> btw. to my surpise snapd.core-fixup.service was in failed state on 20.04, but it should `exit 0` if not running on ubuntu core
[10:02] <zyga> ohhh
[10:02] <zyga> that's weird
[10:02] <zyga> what's the condition?
[10:03] <zyga> pedronis: please review 8123 if you can
[10:03] <zyga> pedronis: I applied your suggestions and I think this is the right way forward indeed
[10:03]  * zyga breakfast
[10:24] <mup> PR snapd#8135 opened: bootloader: make uboot a RecoveryAwareBootloader <UC20> <Created by mvo5> <https://github.com/snapcore/snapd/pull/8135>
[10:26] <pstolowski> pedronis: updated/replied on  #8046
[10:26] <mup> PR #8046: many, tests: integrate all preseed bits and add spread tests <Complex> <Needs Samuele review> <Preseeding 🍞> <Created by stolowski> <https://github.com/snapcore/snapd/pull/8046>
[10:35] <mup> PR snapd#8131 closed: boot: add current_kernels to modeenv <UC20> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/8131>
[10:37] <mup> PR snapd#8132 closed: systemd: improve is-active check for 'failed' services <Simple 😃> <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/8132>
[10:38] <zyga> mvo: ^ I added a comment to consider that for stable
[10:38] <zyga> mvo: up to you to decide
[10:39] <mvo> zyga: good point
[10:39] <mup> PR snapd#8060 closed: gadget: skip update when mounted filesystem content is identical <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/8060>
[10:39] <mvo> zyga: cherry-picked
[10:39] <zyga> thank you!
[11:29] <zyga> snapd failover failed again
[11:29] <zyga> is anyone looking at fixing that?
[11:29] <zyga> https://www.irccloud.com/pastebin/ZHsaJSrS/
[11:29] <zyga> more debug notes
[11:29] <zyga> https://www.irccloud.com/pastebin/fyoWz9Pr/
[11:31] <zyga> then more log spam
[11:31] <zyga> https://www.irccloud.com/pastebin/HtomsMSS/
[11:31] <zyga> (that last one is repeated heavily)
[11:31] <zyga> mborzecki: ^ IIRC you asked for logs before
[11:32] <zyga> do you want more or shall I kill this run?
[11:34] <zyga> I'll make coffee
[11:35] <zyga> mvo: I may skip standup today, I'll let you know
[11:36] <mup> PR snapd#8136 opened: boot: write current_kernels in bootstate20, makebootable <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/8136>
[11:36] <ijohnson> thanks for the merge on 8131, I opened the followup https://github.com/snapcore/snapd/pull/8136 just now
[11:36] <mup> PR #8136: boot: write current_kernels in bootstate20, makebootable <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/8136>
[11:39]  * ijohnson disappears for a couple hours
[11:56] <mup> PR snapcraft#2935 closed: build providers: remove tzdata workaround <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2935>
[12:04] <mborzecki> cmatsuoka: hi
[12:08]  * pstolowski lunch
[12:19] <cachio> xnox, hi, I am trying to test the image in http://cdimage.ubuntu.com/ubuntu-core/20/pending/
[12:19] <cachio> xnox, using kvm
[12:20] <cachio> I can make that work
[12:20] <cachio> is there any specific parameter for kvm/qemu which I need to use?
[13:25] <xnox> cachio:  yes
[13:25] <xnox> you need ovmf from focal; secureboot firmware; qc35 machine type; snakeoil variables
[13:26] <xnox> cachio:  i use virtmanager desktop gui app to elect secureboot / tpm and override variables with snakeoil vars.
[13:26] <xnox> i guess we should document this somewhere.
[13:26] <xnox> otherwise from cmdline it is something like this
[13:26] <cachio> nice, I'll try that and if it works I'll add that to our snapd testing docs
[13:26] <xnox> sudo kvm -smp 4 -m 2048 -machine pc-q35-4.0 -global ICH9-LPC.disable_s3=1 -drive file=/usr/share/OVMF/OVMF_CODE.secboot.fd,if=pflash,format=raw,unit=0,readonly=on -drive file=OVMF_VARS.snakeoil.fd,if=pflash,format=raw,unit=1 -drive file=pc.img,if=none,format=raw,id=disk1 -device virtio-blk-pci,drive=disk1,bootindex=1
[13:27] <cachio> xnox, owesome, thanks
[13:27] <xnox> so /usr/share/OVMF/OVMF_CODE.secboot.fd is simply readonly
[13:27] <xnox> bu tthe OVMF_VARS.snakeoil.fd is a "per-VM UEFI variables store" which should be started with like $ cp /usr/share/OVMF/OVMF_VARS.snakeoil.fd my-VM-VARS.fd
[13:28] <xnox> cause we pre-built what the initial variables / uefi status should be
[13:30] <cachio> xnox, nice
[13:30] <cachio> xnox, I'll try it
[13:30] <cachio> xnox, thanks
[13:33] <xnox> (the vars have pre-enrolled settings to enforce secureboot, and have the keys currently used for signing enrolled)
[13:41] <cachio> xnox, is it any way to get /usr/share/OVMF/OVMF_CODE.secboot.fd on bionic?
[13:41] <cachio> or it is just available on focal?
[13:42] <cachio> I'll create a vm with focal to test is
[13:45] <zyga> mvo: I'm making good progress on OOM handling
[13:46] <zyga> mvo: I'll skip standup as I'm in a car seat going with folks for lunch
[13:46] <xnox> cachio:  you can download ovmf package from launchpad from focal and install it.
[13:46] <zyga> mvo: I'll have some demo code on Monday, I hope, running in spread
[13:46] <xnox> cachio:  it's an arch:all package with prebuilt static contents
[13:46] <xnox> cachio:  why are you on bionic still instead of focal?
[13:46] <zyga> mvo: I'm tweaking services so that we can regen services easily with extra entries
[13:47] <cachio> xnox, I'll try that
[13:48] <zyga> mvo: I still haven't thought of a better way to surface this
[13:48] <zyga> mvo: so I'm going ahead with "snap set core oom-protect ..."
[13:51] <zyga> mvo: I'll send two small patches that build towards that, one to snap.Info and one to wrappers
[13:52] <ijohnson> hello again folks
[13:54] <zyga> mvo: and other than that I'll focus on trying to set oom score and write a test that shows how a memory hog cannot kill a protected service
[13:55] <zyga> mvo: and that's my update, I'll keep hacking until we arrive for dinner and then after that
[13:55] <zyga> mborzecki: ^ FYI if you are interested in changes to wrappers
[13:56] <ijohnson> zyga: also I saw that snapd failover test failure last night and was looking into it
[13:56] <zyga> ijohnson: thank you, I am not looking into it
[13:57] <zyga> ijohnson: so if you want to dive in please do
[13:57] <ijohnson> yes it's on my list for today
[13:57] <zyga> ijohnson: I kept a failed log on https://github.com/snapcore/snapd/pull/8133
[13:57] <mup> PR #8133: cmd/snap-confine: allow snap-confine to load nss libs <Created by zyga> <https://github.com/snapcore/snapd/pull/8133>
[13:57] <ijohnson> thanks
[13:57] <zyga> great, thanks
[14:39] <ijohnson> mvo: looking at 8135, will we need uboot to implement ExtractedRunKernelImageBootloader as well as RecoveryAwareBootloader in order to have uc20 support there?
[14:46] <mvo> ijohnson: yes,  I think you are right
[14:46] <ijohnson> mvo: perhaps your PR is enough to unblock foundations with setting up a uc20 gadget snap however
[14:47] <mvo> ijohnson: yeah, that was my hope
[14:47] <mvo> ijohnson: give them something to play with
[14:47] <ijohnson> mvo: but makebootable20RunMode will fail if there's not an ExtractedRunKernelImageBootloader available, so probably the image won't get past install mode
[14:47] <ijohnson> mvo: ok, if you like I can work on that with foundations when they get farther along the process ?
[14:47] <mvo> ijohnson: that sounds acceptable for now, they need to first write the right uboot.env
[14:48] <mvo> ijohnson: \o/ that would be most welcome
[14:48] <ijohnson> ack
[15:06] <mup> PR snapd#8137 opened: tests: skipping interfaces-openvswitch on centos due to package is not available <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/8137>
[15:14]  * cachio bank & lunch
[15:15] <mup> PR snapcraft#2939 opened: pluginhandler: user directories scoped to partdir for snapcraftctl <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/2939>
[16:02] <mup> PR snapd#8138 opened: snap/info: add SnapRevisionFileName <Simple 😃> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/8138>
[16:13] <pedronis> ijohnson: mvo: finishing the current boot stuff is probably higher priority as long as they are unblocked for a bit
[16:13] <mup> PR snapd#8135 closed: bootloader: make uboot a RecoveryAwareBootloader <UC20> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/8135>
[16:14] <mvo> pedronis: ack
[16:14] <ijohnson> ack
[16:21] <zyga> maciek is off already
[16:21] <zyga> ah, right
[16:21] <zyga> oh well :)
[16:30] <zyga> pedronis: I replied to the unrestricted path extension question https://github.com/snapcore/snapd/pull/8123#discussion_r379526244
[16:30] <mup> PR #8123: interfaces/network-control: bring /var/lib/dhcp from host (approach b) <Bug> <Created by zyga> <https://github.com/snapcore/snapd/pull/8123>
[16:35] <pedronis> zyga: are you saying that with that change a layout can now create directories under /var in the host?
[16:36] <pedronis> asked in the PR as well
[16:40] <zyga> pedronis: layouts cannot create anything in /var/lib/snapd/*, which includes hostfs, it would allow a snap to create a directory on the host if that location is bridged with snap-confine's default set - this includes /var/snap (but that is black-listed from layouts), /var/lib/snapd (also black-listed), /var/tmp (allowed), /var/log (allowed) and finally /var/lib/extrausers (allowed)
[16:40] <zyga> I'll paste this response to the PR
[16:42] <zyga> pedronis: (to be precise, users cannot request a layout, not that layouts cannot create)
[16:44] <zyga> pedronis: interestingly, /var/log snap-confine-made, fixed mount, is marked with a TODO, asking to move it to an interface
[16:44] <zyga> pedronis: I think the approach is right but perhaps we need to investigate the unrestricted path more
[16:44] <zyga> pedronis: here we _do_ want it (in /var/lib/dhcp) because otherwise we'll end up with a mimic
[16:44] <zyga> pedronis: but the point of the interface is to expose _real_ /var/lib/dhcp to the snap, creating it if necessary
[16:45] <zyga> pedronis: I would be happy with a special case that says var/lib/dhcp can be made
[16:45] <zyga> and continue the investigation into what is exactly allowed per interface, akin to what Maciek hinted at
[16:45] <pedronis> zyga: to be clear I'm slightly less worried about interfaces, my worry is layout, whether we have enough checks in place, not to make something odd happens
[16:45] <pedronis> if we change something there
[16:45] <pedronis> because the new unrestriction
[16:46] <zyga> pedronis: so, users cannot request a layout to /var/lib/snapd/hostfs/* so the answer is that it is not something that interacts with layouts directly
[16:47] <zyga> pedronis: and actually, thinking about it now
[16:48] <zyga> pedronis: my comment was incorrect - given that layouts and snap-confine made mount points don't interact
[16:48] <zyga> pedronis: this doesn't change anything layouts can make
[16:48] <zyga> pedronis: I was confused because if you put a layout from $SNAP/foo to /var/lib/foo
[16:48] <zyga> that feels like it might interact
[16:48] <zyga> because perhaps /var/lib/foo is bridged by snap-confine to the host
[16:48] <zyga> but that's irrelevant for /var/lib/snapd/hostfs/var/ that is allowed
[16:49] <zyga> because /var/lib/foo is not in a prefix of hostfs, you end up with a mimic
[16:49] <zyga> as such I think this is safer than I assumed, since nothing apart from snapd code can request new hostfs entries
[16:50] <zyga> (I added this to the PR thread)
[16:51] <pedronis> thx, I'll reread on Monday morning at this point
[16:51] <zyga> thank you, that's a good idea :)
[16:52] <zyga> pedronis: I would like to see a more central system for permissions
[16:52] <zyga> pedronis: some of it is in layout validation
[16:52] <zyga> pedronis: some in appamor on snap-confine
[16:52] <zyga> pedronis: we should think about what we'd like to make explicit
[16:52] <pedronis> yea, it all feels very disjoint, no clear suggestion atm though
[16:52] <zyga> and also some in snap-update-ns trespassing exceptions
[16:53] <zyga> yeah, spanning C, apparmor and two Go parts (one with state access one without)
[16:53] <zyga> but I agree that it would be good to make it easier to see at a glance
[16:53] <zyga> perhaps a shared go package that just list stuff that both snapd and snap-update-ns import and use
[16:53] <zyga> and even generated .c for snap-confine
[16:53] <zyga> or something along those lines
[17:25]  * zyga just unblocked a lot of progress
[17:25] <zyga> sssheeesh :)
[17:31]  * zyga EODs
[17:49] <ijohnson> cachio: do you in spread if there's an easy way to "skip" a test? for example I have a test with environment variable variants and on uc18 with one of the variants it doesn't make sense to run, so I want to skip that one
[17:50] <ijohnson> cachio: what I did was just `if ...; then echo "skip"; exit 0; fi` is that a good way to do that?
[17:50] <cachio> ijohnson, you want to skip a variant on a specific system right?
[17:51] <ijohnson> yes
[17:51] <ijohnson> what I have works, just wondering if there's a more elegant way to do this
[17:51] <cachio> ijohnson, the if solution is the one we use for those cases
[17:51] <cachio> as you did
[17:51] <ijohnson> okay, so what I have is the right thing to do
[17:51] <ijohnson> thanks!
[17:52] <cachio> I have a pr for that but it is not approved
[17:52] <cachio> to create run conditions
[17:52] <cachio> so you write the if but just once
[17:52] <cachio> here you need to add that if in the prepare, execute and restore
[17:55] <ijohnson> yeah right, that would be nice
[19:40] <mup> PR snapd#8139 opened: interfaces/{desktop-legacy,unity7}: adjust for new ibus socket location <Created by jdstrand> <https://github.com/snapcore/snapd/pull/8139>
[19:55] <mup> Issue pc-amd64-gadget#36 opened: Broken kernel.efi does not reboot automatically <Created by anonymouse64> <https://github.com/snapcore/pc-amd64-gadget/issue/36>
[21:21] <zyga> kenvandine: FYI https://bugs.launchpad.net/snapd/+bug/1863255
[21:21] <mup> Bug #1863255: Programs installed in Snap format do not detect the keyboard  <amd64> <apport-bug> <focal> <package-from-proposed> <snapd:New> <snapd (Ubuntu):Confirmed> <https://launchpad.net/bugs/1863255>
[21:22] <zyga> kenvandine: not sure if this is widespread but my 20.04 system doesn't have working keyboard input in some graphical snap apps
[21:22] <zyga> kenvandine: and someone just reported a bug that's similar
[21:22] <kenvandine> oh interesting
[21:22] <zyga> Wimpress: ^
[21:22] <kenvandine> like what apps?
[21:22] <zyga> kenvandine: I tried irccloud-desktop
[21:22]  * kenvandine looks at bug
[21:22] <zyga> wasn't able to type my email address
[21:23] <kenvandine> i'm using irccloud-desktop right now
[21:23] <kenvandine> working fine
[21:23] <kenvandine> weird
[21:23] <zyga> the reporter tried spotify, thunderbird and superproductivity
[21:23] <zyga> I suspect it depends on classic vs strict
[21:23] <zyga> but something is wonky
[21:23] <zyga> weird
[21:23] <zyga> I had a fresh insstall
[21:23] <zyga> I tried wayland and x
[21:23] <zyga> all up to date
[21:24] <zyga> something to chase next week
[21:24] <zyga> but just wanted to give you a note
[21:24] <Wimpress> zyga: I've been using 20.04 daily for weeks.
[21:24] <Wimpress> And have dozens of snaps that I rely on.
[21:24] <Wimpress> Not experienced that issue.
[21:24] <zyga> Wimpress: hmmm hmm hmm
[21:24] <zyga> must be something in fresh vs updated installs
[21:25] <zyga> I wonder what could be a factor
[21:25] <zyga> input stack is such a mystery to me
[21:25] <zyga> Wimpress: can you create a new user account and try if they work there?
[21:25] <zyga> maybe that gives you a pristine config
[21:28] <Wimpress> Not right now. But I'll make a note to test.
[21:28] <zyga> thanks, I'll  try some more as well
[21:28] <zyga> thank you guys!
[21:46] <mup> PR snapcraft#2940 opened: build providers: remove use of cloud-init <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/2940>
[22:28] <mup> PR snapcraft#2941 opened: [WIP] extensions: add cleanup extension <Created by galgalesh> <https://github.com/snapcore/snapcraft/pull/2941>
[23:05] <mup> PR snapd#8138 closed: snap/info: add Filename <Simple 😃> <Created by anonymouse64> <Merged by anonymouse64> <https://github.com/snapcore/snapd/pull/8138>
[23:07] <mup> PR snapcraft#2942 opened: pluginhandler: do not search installdir or stagedir for dependencies <Created by cjp256> <https://github.com/snapcore/snapcraft/pull/2942>
[23:09] <mup> PR snapd#8140 opened: [DRAFT] tests: add more UC20 tests <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/8140>
[23:22] <mup> PR snapcraft#2943 opened: spread: capture developer debug information <Created by cjp256> <https://github.com/snapcore/snapcraft/pull/2943>