/srv/irclogs.ubuntu.com/2020/02/25/#snappy.txt

mupPR snapcraft#2952 opened: spread: introduce appstream parse-info test <Created by cjp256> <https://github.com/snapcore/snapcraft/pull/2952>03:25
=== mcphail3 is now known as mcphail
=== popey8 is now known as popey
=== Eleventh_Doctor is now known as Pharaoh_Atem
mborzeckimorning06:11
mborzeckischool run06:40
mborzeckire07:08
mupPR snapd#8184 closed: cmd/libsnap, tests: fix C unit tests failing as non-root <Test Robustness> <⚠ Critical> <Created by zyga> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/8184>07:40
mvoijohnson: meh, it looks like 2020-02-24 22:05:33 Error executing google:ubuntu-core-18-64:tests/core/snapd-failover :  is still failing on master even after merging your latest fix for it :(07:41
mvoijohnson: https://api.travis-ci.org/v3/job/654625002/log.txt which is a run after 8171 got merged07:42
mborzeckimvo: hey07:42
mvohey mborzecki07:42
mborzeckiouch, failover still failing? :/07:43
mvomborzecki: at least one log still has it07:43
mborzeckimvo: there's one oustanding PR with fixes iirc07:43
mvomborzecki: aha, there is?07:43
mvomborzecki: 8169 ?07:44
mborzeckihm i think it was #814007:44
mupPR #8140: tests: enable more tests for UC20/UC18 <Test Robustness> <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/8140>07:44
mborzeckilet me check, it was referenced in one that got merged07:44
mborzeckimvo: right 816907:45
zygagood morning08:03
* zyga is sleepy today, sorry for starting late08:04
mvozyga: hey!08:04
zygamvo: hey, I fixed the error from last evening08:04
mvozyga: I saw, thanks for this! merged already08:04
zygaah, good08:04
zygamvo: I wanted to raise https://github.com/snapcore/snapd/pull/812308:04
mupPR #8123: interfaces/network-control: bring /var/lib/dhcp from host (approach b) <Bug> <Created by zyga> <https://github.com/snapcore/snapd/pull/8123>08:04
zygamvo: jamie gave it a +1 and expressed ok to put this in 2.4408:05
zygamy reasoning for raising it is that I prefer one variant rather than two08:05
pstolowskimorning08:05
zygamvo: if 2.44 ships (a) (merged) and then we switch to (b) in 2.45 that's more churn than just going with (b)08:05
zygamvo: at the same time, it's not a priority fix, just for your consideration08:05
mborzeckizyga: pstolowski: hey guys08:05
zygahey maciek!08:05
* zyga is sleepy, couldn't sleep last night08:06
zygaI'll make a 2nd coffee and be back soon08:07
mborzeckipstolowski: can you take a look at https://github.com/snapcore/snapd/pull/8081 ?08:10
mupPR #8081: tests/main/user-session-env: add test verifying environment variables inside the user session <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/8081>08:10
pstolowskisure08:10
mupPR core20#23 closed: hooks: ensure console-conf@ is started after snapd.recovery-chooser-trigger.service <Created by bboozzoo> <Closed by bboozzoo> <https://github.com/snapcore/core20/pull/23>08:13
mborzeckipstolowski: thanks!08:13
mvozyga: thanks, it looks like samuele wants to have another look, I'm not against this (at all)08:14
zygayep, I saw,08:14
mupPR snapd#8188 opened: spread.yaml: make qemu ubuntu-core-20-64 use ubuntu-20.04-64 <Simple 😃> <Created by mvo5> <https://github.com/snapcore/snapd/pull/8188>08:14
zygawhat's the timeline for 2.44?08:14
zygaPPA is busted?08:16
zygahttps://www.irccloud.com/pastebin/BCFak9n5/08:17
* zyga wonders if we could just get on with slack08:17
* mborzecki prepares to buy another 16GB of ram08:21
zygamborzecki: that's easy though :)08:22
zygamborzecki: remember when vista was around08:22
zygamborzecki: all that free memory08:22
mborzeckii think i wouldn't mind matrix really08:30
pstolowskimborzecki: +1 with small remark08:30
mborzeckipstolowski: thanks, pushing the update now08:30
mborzeckiseems like there's a bunch of mobile apps, probably none as well supported as slack app, but still looks better than mattermost08:33
mborzeckimvo: so, about the chooser ui, i think we should have some intiial prompt rather than jumping straight away to options that do something08:34
mborzeckimvo: for instnace, on serial you may have trouble with baud rate setting, or the output may not apepar right away, if the user presses enter and that activates some 'funky' option there may be trouble ahead08:35
zygamborzecki: does matrix have a good phone app?08:35
mvomborzecki: good point08:35
mborzeckizyga: hmm https://play.google.com/store/apps/details?id=im.vector.app&hl=en_US08:36
mborzecki677 reviews, heh08:36
zygaseems poor08:36
mborzeckithere's this one too https://play.google.com/store/apps/details?id=im.vector.riotx&hl=en_US08:36
zyga5k installs08:37
mborzeckiyeah08:37
degvillezyga / mborzecki: I've used Riot.im for some time, and it has really improved over the last 12 months. I use it mostly as an IRC bridge though. RiotX looks good - it would be great to see how Mozilla gets on with Matrix, because it's scale that worries me and can't test.09:19
zygadegville: I wonder if matrix can be summarized as "good desktop experience, irrelevant mobile experience"09:24
zygadegville: which might explain why mozilla is OK with it09:24
zygadegville: I would probably not use slack on my phone outside of conferences and occasional "let's check that one thing from bed" moments09:25
degvillezyga: me neither. my phone is too old and it will probably reduce battery to 30 mins. I used the web client when I needed to use slack. It does seem a little 'over engineered'. It would be great to get behind an open replacement for IRC imo, because it's not just us who could benefit.09:26
degvillethough I did get the weechat (IRC client) to slack plugin working, which is a nice compromise.09:27
zygadegville: I think one thing has changed though, the acceptance level has shifted up09:37
zygadegville: people expect a more polished experience09:37
zygadegville: and in the endless quarrels of FOSS people we have not managed to raise above that to produce an excellent opinionated product that is also free09:37
zygadegville: I fear we'll go to a non-free product just because it is actually working well09:38
zygadegville: a bit like going with google for mai09:38
zyga*mail09:38
zygacan we run our own mail server, sure09:38
zygais it nice to most people, not as much09:38
zygaI think IRC will be exactly the same thing09:38
zyga(and email has much nicer desktop apps than IRC ever did)09:39
degvilleyeah, you're right. I really don't h09:39
degvillehave a problem with non-free at all. It is about the best tool.09:39
degvillebut... it's also a change to differentiate, and also flex some open source credentials when other people may be going the other way.09:40
zygaI wish there was a monetarily supported free product that's really nice and offers good experience09:40
zygaI wonder what suse and rh are doing in this regard09:41
degvilleyep. I was seriously considering getting in touch with a couple of friends to see if they wanted to create a startup :)09:41
zygaI think being able to host your own FOSS server would be 90% of what we want09:42
degvillewell, RH has just gone with Slack.09:42
degvilleover MS teams (https://www.theverge.com/2020/2/10/21132060/ibm-slack-chat-employee-rollout-microsoft-teams-competition)09:42
zygathe apps could just be closed source for all I care (mobile) and web apps running from the same server09:42
zygaoooooh09:42
zygaRH slack?09:42
mborzeckidegville: as in 'just now' or just (as in no other options considered) ?09:42
zygaare they using the snap? ;)09:43
mborzeckiah ok, IMB09:43
degvilleahahah...09:43
mborzeckiIBM09:43
degvilleyeah, true. I didn't realise it was only 350k employees either, which is a drop in the IBM ocean.09:44
zygawait, what's 350k employees?09:44
degvilleIBM's employees.09:44
zygaouch09:45
zygathat must cost some pretty penny09:45
degville...actually, all of it's employees.09:45
degvilleits09:45
* mborzecki wonders about uinput for snap-boostrap recovery-chooser-trigger spread tests09:45
zygauinput?09:45
zygawhat's that?09:46
mborzeckizyga: userspace driven input device, basically create /dev/input/<event*> from userspace and inject input events09:46
zygaaha09:46
zygaall this input devices are now yours09:46
zygaexcept evdev09:46
zygaattempt no open there09:46
zyga;)09:46
* zyga goes back to hitting his head on sessions09:47
MattJzyga, degville: there are multiple options for self-hosted FOSS team chat... RocketChat, Mattermost, etc. - curious why you're dismissing them (iirc this community used to be on RocketChat, what happened?)09:47
MattJI've been working on FOSS chat stuff for ~15 years, so I'm 100% curious to hear from folk (and happy to chat in private if it's too off-topic here)09:48
zygaMattJ: I don't know - do any of those offer identity management and mobile apps?09:48
* zyga wonders what the requirements are09:48
MattJYes09:48
mborzeckihm mattermost mobile app was pretty crappy tbh09:50
MattJI've never used their mobile app myself, but the rest of Mattermost is generally fairly polished (it's essentially a Slack clone)09:51
MattJMain issue with Mattermost is that they do the do the "enterprise edition" thing, and refuse to add (or accept contributions for) certain features in the community edition09:51
zygatypical open core09:52
zygais that bad tough09:52
zygaotherwise the open part would not be there either09:52
MattJ*shrug* - that's an entire debate in itself :)09:52
MattJI'm personally not a fan of it, but I do also find it weird how many stories I've heard of companies running the open-source version with bunches of patches applied because they don't want to pay for the commercial version09:53
MattJbut then they basically have to maintain their own fork09:53
MattJbut I guess dev/ops time spent on that doesn't appear explicitly on balance sheets, so it's ok09:54
zygacombinations of imperfect realities09:54
zygawe should all use git irc09:55
zygalike irc09:55
zygajust with the usability of git ;)09:55
zygacommit your messages09:55
zygadon't rebase public channels09:55
zygathat kind of stuff09:55
zygafor usability it comes with a man page generator09:55
MattJThere are plenty of blockchain chat solutions if that really tickles your fancy :D09:55
mborzeckiICO included ;)09:56
mborzeckilooks like it's a choice between lest crappy solution09:57
MattJWell there are plenty of annoyances with Slack and other proprietary solutions too, so... welcome to software :)09:58
MattJI'm looking to possibly release something in this space later in the year, so I've been doing a fair amount of research09:58
* zyga is feeling so so today10:05
mupPR snapd#8177 closed: cmd/snap-bootstrap/initramfs-mounts: mount the snapd snap in run-mode too <UC20> <Created by anonymouse64> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/8177>10:06
zyga[Tue Feb 25 08:37:42 2020] audit: type=1400 audit(1582619862.212:29075): apparmor="DENIED" operation="open" profile="snap.test-snapd-audio-record.play" name="/etc/pulse/client.conf" pid=11535 comm="paplay" requested_mask="r" denied_mask="r" fsuid=12345 ouid=010:06
zygahttps://www.irccloud.com/pastebin/06KY87al/10:07
ackkhi, is there a way to programmatically (from a script) check for snapd support for default tracks?10:30
zygaackk: apart from version query, probably not10:32
ackkzyga, ok. so >=2.44 ?10:32
zygaackk: I don't know, please ask mvo about the details10:32
* zyga is deep in systemd-pam10:32
* ackk looks around for mvo :)10:33
mvoackk: yeah, 2.44 is the best bet right now10:36
ackkmvo, ok, thanks10:36
mvoackk: we could build something programmatic if needed10:37
ackkmvo, are versions guaranteed to be x.y (just two numbers)?10:37
mupPR snapd#8189 opened: seed,cmd/snap-boostrap: introude seed.Snap.EssentialType, simplify bootstrap code <Created by pedronis> <https://github.com/snapcore/snapd/pull/8189>10:38
pedronismvo: mborzecki: ^ this is relatively simple, the size is mostly from test updates that change indent10:51
mvopedronis: thanks10:51
mupPR snapd#8156 closed: cmd/snap-bootstrap: subcommand to detect UC chooser trigger <UC20> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/8156>10:51
mvoackk: following the ubuntu versioning schema, so 2.44 or 2.44.110:51
pedronisis not the step that reduces validations but is on the way there10:52
ackkmvo, thanks10:57
pedronismborzecki: thanks for review and for spotting the image_test.go issue11:14
pedronisimage_test.go fixed11:27
mupPR snapd#8190 opened: overlord, taskrunner: exit on task/ensure error when preseeding <Preseeding 🍞> <Created by stolowski> <https://github.com/snapcore/snapd/pull/8190>11:43
jdstrandpedronis: hi! curious, is there a store api to determine the highest snap-declaration format the store supports?12:00
pedronisjdstrand: not at the moment12:08
jdstrandok, thanks12:08
pedronisit could be added if needed12:08
pedronisbut needs to involve the store (obviously)12:09
jdstrandpedronis: sure, it isn't important12:11
jdstrandpedronis: I'm just writing a small tool to help reviewers working with store apis. I can hardcode it with a pointer to maxSupportedFormat in asserts/asserts.go12:13
pedronisjdstrand: fwiw, it doesn't support 4 yet12:13
jdstrandI know12:13
pedronisI'll ask for a bump during 2.44 release cycle12:13
* jdstrand nods12:14
mupPR snapd#8191 opened: [RFC] cmd/snap-recovery-chooser: add a recovery chooser <UC20> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/8191>12:26
=== Eighth_Doctor is now known as Conan_Kudo
=== Conan_Kudo is now known as Eighth_Doctor
* zyga is deep into PAM but feels like it is actually working now12:35
zygamborzecki: fun stuff12:36
mborzeckizyga: pam?12:36
mborzeckizyga: the session/scope thing?12:36
mupPR core20#25 opened: hooks/200-console-conf-after.chroot: perform console-conf ordering checks <Created by bboozzoo> <https://github.com/snapcore/core20/pull/25>12:37
mborzeckihmm signal?12:40
zygamborzecki: yeah, I feel I'm starting to understand WTF when you log in12:41
zygaI need to take the dog out12:41
zygattyl12:41
zygaI'm taking off12:53
zygacannot stand smell of food and cooking at home12:53
zyga$motherinlaw is on a cooking spree12:54
mborzeckihmm looks like all spread jobs are failing?13:08
cmatsuokamborzecki: the error message also looks wrong13:09
cmatsuoka'If that is intentional, please update the package list in the'13:10
mborzeckicmatsuoka: the error is way up in the log13:10
cmatsuokaah ok, it continues after in a new echo13:10
cmatsuokanever mind13:10
mborzeckibut i meant that snapd spread jobs are failing due to snapd-failover13:11
cmatsuokamborzecki: make install error, that's strange13:12
cmatsuokadid we land ian's snapcraft.yaml fix?13:13
cmatsuokaanyway, I'm not familiar with this usr/share/snappy/dpkg.list13:16
cmatsuokamborzecki: ah, failover again? I thought mvo fixed that a few days ago13:18
mvocmatsuoka: I thought so too :(13:23
mvocmatsuoka: investigating this again, it's a PITA13:23
cmatsuokamvo: btw dimitri's fix worked and now we have run mode working, with and without tpm13:25
* zyga is at a cafeteria 13:26
zygafinally no food smell13:26
roadmrwhat :)13:28
mvocmatsuoka: \o/13:30
mborzeckizyga: must be a bad cafeteria if you're no smelling any food13:35
zygamborzecki: are you kidding me?13:36
zygamborzecki: there's coffee and food but you don't smell any of it13:36
zygamborzecki: it's not a kitchen13:36
mborzeckizyga: sure, it doesn't smell like beef steaks, but these places have a very distinct smell too (one i actually enjoy)13:41
zygamborzecki: I think I'm just overly happy that it doesn't smell like the back of a kitchen anymore :)13:46
mborzeckihahaha ;) fair enough13:46
zygamborzecki: but on topic, pam is really key to my understanding of the whole problem13:47
zygamborzecki: building pam with debugging and setting up the debug log13:47
zygamborzecki: also forkstat13:47
zygathat opened my eyes as to what's going on on login13:47
zygain various contexts13:48
zygaI'm going through the config and the pam modules that interact with default sessions you may open, piecing together the picture of how it works13:48
mborzeckizyga: you'll have to do a write up for everyone13:48
zygamborzecki: yep, including instructions on how to get stuff into debuggable state :)13:48
mborzeckiand not break your system in the process13:49
zygamborzecki: pam_systemd.c (in systemd's tree) is really 99% of what I care about13:50
zygaalthough some other bits are also relevant in other modules13:50
zygaheh13:51
zygathis is a fun comment13:51
zygahttps://www.irccloud.com/pastebin/zk6NdIwe/13:51
mupPR snapd#8192 opened: tests: add more debug output to the snapd-failure handling <Created by mvo5> <https://github.com/snapcore/snapd/pull/8192>13:52
zygahmm, how to set syslog priority level13:55
zygamvo: I'll skip standup; my update is a deep-dive into logind, pam, ssh, getty and systemd in order to write proper tests for the issue discovered by jamie13:58
ijohnsonhey folks13:59
zygamvo: I'll update the standup notes later today, as I've been taking notes on with pen&paper13:59
ijohnsonzyga: sounds like fun :-)13:59
zygaijohnson: yeah, and useful13:59
zygaI didn't know this at all13:59
zygabut I'm slowly building towards a tool that will let us run stuff as a user in a session of given properties14:00
mvozyga: ok14:07
mborzeckiijohnson: looks like we need to sync about core20/subiquity PRs14:10
mborzeckiijohnson: opened this one https://github.com/CanonicalLtd/subiquity/pull/638 to master14:11
mupPR CanonicalLtd/subiquity#638: debian/console-conf.service: ensure correct order with respect to snapd services <Created by bboozzoo> <https://github.com/CanonicalLtd/subiquity/pull/638>14:11
ijohnsonmborzecki: hmm talk more after we talk after SU about the other thing?14:11
mborzeckiijohnson: and this one to core20 https://github.com/snapcore/core20/pull/2514:11
mupPR core20#25: hooks/200-console-conf-after.chroot: perform console-conf ordering checks <Created by bboozzoo> <https://github.com/snapcore/core20/pull/25>14:11
mborzeckiijohnson: yeah, let's stay after standup14:12
zygamborzecki: this is cool14:18
zygahttps://www.irccloud.com/pastebin/XACC4Nqv/14:18
zygafor example, this is running "true" via ssh14:20
zygahttps://www.irccloud.com/pastebin/9Bmj2q1M/14:20
zyga(so much noise and garbage)14:21
zygait's also interesting as to what PATH is set to specific components, e.g. update-motd14:21
zygaor the number of times python has to run before you get the shell prompt14:22
zygaeach time to run lsb_release14:22
zygamborzecki: comparison of /etc/pam.d/{su,sudo} is interesting14:33
zygaone involves common-session and the other common-session-noninteractive14:34
zygacommon-session invokes pam_systemd.so while common-session-noninteractive does not14:34
pstolowskicmatsuoka: hey, you're probably aware of https://bugs.launchpad.net/snapd/+bug/1863886 ?14:45
mupBug #1863886: snap-bootstrap should validate which ubuntu-data is mounted <core20> <snapd:New> <https://launchpad.net/bugs/1863886>14:45
cmatsuokapstolowski: ah yes14:46
cmatsuokapstolowski: we still must check the best way to do that14:46
pstolowskisure14:48
cmatsuokabut yes, it's in my todo list14:49
pstolowskicmatsuoka: ok, i'll assign it to you then14:49
cmatsuokapstolowski: ok, thanks!14:49
mborzeckiijohnson: added your patch to https://github.com/CanonicalLtd/subiquity/pull/63814:56
mupPR CanonicalLtd/subiquity#638: debian/console-conf.service: ensure correct order with respect to snapd services <Created by bboozzoo> <https://github.com/CanonicalLtd/subiquity/pull/638>14:56
ijohnsonmborzecki: cool sounds good, I hadn't noticed your branch didn't have the other old uc18 specific service15:01
mborzeckiijohnson: can you do a quick review of https://github.com/snapcore/core20/pull/25 maybe?15:02
mupPR core20#25: hooks/200-console-conf-after.chroot: perform console-conf ordering checks <Created by bboozzoo> <https://github.com/snapcore/core20/pull/25>15:02
ijohnsonmborzecki: sure looking now15:02
mborzeckiijohnson: thanks!15:03
mupPR core20#24 closed: hooks: delete console-conf hack <Created by anonymouse64> <Closed by anonymouse64> <https://github.com/snapcore/core20/pull/24>15:05
* zyga has a small eureka moment!!!15:32
zygain case I get hit by a bus on my way home15:48
zygathe magic to run a command in a session15:48
zygais15:48
zygasystemd-run /sbin/runuser -l USER -c COMMAND15:49
zygaone can also pass --send-sighup and --tty to systemd-run, for instant gratification15:49
zygathe rationale is as follows:15:49
zygasystemd-run runs the rests as a servicem outside of our existing logind session15:50
zygarunuser -l invokes pam_systemd which asks logind for a new session - this normally fails if we already have one (hence systemd-run)15:50
zygathe session lives for the duration of the executed command15:50
zygaI'll work on making this nice and useful for writing tests15:50
zygaCC ^ mborzecki15:51
ijohnsonzyga: nice work that's pretty great to know15:51
mborzecki*magic*15:52
zygaI'll make some test primitives15:52
zygaand adjust our test code where it matters15:52
zygaI have extra notes on how to get debug information15:53
zygathe critical bit was tracing logind code paths to understand that it fails to create a session if the requesting PID already inhabits one15:53
zygaI'm happy about this day now :)15:53
zygaI think I deserve lunch now15:54
zygaI'll head home15:54
zygaand sit some more to write down the code in the evening15:54
zygaCC jdstrand ^ (how to test in a user session above)15:54
zygaI need to check this on more distributions as PAM config matters15:54
zygamainly to check if there's any important skew from one distro to another15:54
jdstrandzyga: nice! :)16:01
zygajdstrand: the journey through PAM was interesting16:01
zygajdstrand: one-more-way-to-setenv16:01
zygaperhaps a way out of some of our environment problems16:01
* jdstrand nods16:07
zygaogra: is this reliable? https://github.com/ogra1/snapd-docker16:18
=== alan_g_ is now known as alan_g
mvohm, I get "remote failed to report status" when I try to push to github16:38
mvoanyone else seeing this? pushing a new branch16:38
zygasystemd-run --pipe --quiet --wait /sbin/runuser -l test -c "COMMAND"16:39
zygawooot16:39
zygathat's what we need :)16:39
zygahttps://status.github.com/16:39
zygaincreased error rate16:40
zygaso probably broken16:40
zygapartial outage16:40
mvoaha16:40
mvoit's very annoying, it *may* be the fix for the failover16:40
zygahahaha16:42
zygathat's indeed a bit annoying16:42
zygaok, I need to stop coding and wrap up16:43
* zyga waits for spread to finish16:43
mupPR snapd#8193 opened: snapstate: do not restart in undoLinkSnap unless on first install <Created by mvo5> <https://github.com/snapcore/snapd/pull/8193>16:43
mvoijohnson: I pushed 8193 with something that worked for me at least once, let's hope it proves to be ok16:44
ijohnsonmvo: nice I'll try that in combination with 816916:44
zygaoooh16:44
zygawow16:44
zygamvo: is this intentional? https://github.com/snapcore/snapd/pull/8193/files#diff-5a87044d1fc20ea2664be6c683755bffR12916:45
mupPR #8193: snapstate: do not restart in undoLinkSnap unless on first install <Created by mvo5> <https://github.com/snapcore/snapd/pull/8193>16:45
ijohnsonzyga: I have that in my branch too16:45
ijohnsonzyga: it's quite useful I think because if we are at the point where snap-failure is running, something has went wrong so having debug info from snapd when it is invoked from snap-failure is very useful16:46
zygaI don't doubt usefulness16:46
zygaI wonder what the consequences of running with debug are16:46
ijohnsonit's rather quiet because in this case snapd should only revert the snapd snap and exit16:46
zygaI'll review stuff with clear head later16:48
zygaI think working outside is a bit more tiresome than indoors16:48
zygabut this was a good day16:48
zyga(at least for me)16:48
* zyga EODs16:50
mvozyga: yeah, it's on prupose, like ijohnson says, the output is actually quite short but very useful16:51
cjwatsonzyga: FYI I released man-db 2.9.1 with the /snap/man change17:23
cjwatsonas discussed17:23
ijohnsonmvo: I've done 3-4 spread runs of your branch with mine on top on core18 qemu and haven't run into the race yet17:28
ijohnsonbut to be fair I was only seeing it once every 30 or so runs, so not sure how excited to get about that data point17:29
zygamvo: ack, I just wanted to check17:33
* zyga is back with fixed bikes17:33
zygacjwatson: ack, thank you17:33
zygacjwatson: I'll look at the state on our side soon17:33
* zyga spawns some more tests and goes for dinner 17:34
* zyga is starving17:34
mvoijohnson: ohhhhhh17:38
mvoijohnson: fingers crossed - I will stop irc now and pretend the bug is fixed :)17:38
ijohnsonhaha17:38
* mvo hugs ijohnson 17:41
zygadrat18:28
zygamy laptop suspended while running tests18:28
zygaoh well18:28
kyrofaHey zyga, when I run `snap login`, does that macaroon ONLY have the ability to install snaps? Nothing else?18:49
zygakyrofa: mmmm, no18:49
zygakyrofa: I think that is equivalent to root18:49
kyrofaWhat other possibilities are there?18:49
zygakyrofa: the details are in api.go18:49
zygakyrofa: you can remove snaps, configure them, etc18:49
zygakyrofa: let me check18:50
kyrofazyga, right, but none of those things relate to the macaroon18:50
kyrofaFor example, a macaroon can have the ability to upload snaps as well, which we use in snapcraft18:50
zygaI think it is subtle18:50
zygaone moment18:50
kyrofaAlright, thanks :)18:50
zygahttps://github.com/snapcore/snapd/blob/master/daemon/api.go#L19218:51
zygalook at all the UserOK: true things18:51
zygathose can be done as an authenticated user18:51
zygayou can get app icon, search the store, manage snaps, interfaces, changes, and more18:52
kyrofazyga, does the polkit integration end up with the same permissions?18:52
zyganot quite18:52
zygafor example an authenticated user can search18:52
zygaand that doesn't require any polkit permissions18:52
zygaUserOK means a non-root can GET the endpoint18:53
kyrofazyga, to clarify: if app A uses polkit and app B runs `snap login`, do they end up being able to do the same things, or does one have more ability than the other?18:53
zygaah wait18:53
zygawait18:53
* zyga is misreading stuff18:53
zygakyrofa: I think they are not identical and thus could be different18:54
zygafor example, /v2/logs has PolkitOK18:54
zygaso it requires a polkit prompt to see18:55
kyrofaAh ha18:55
zygahttps://github.com/snapcore/snapd/blob/master/daemon/daemon.go#L132 is relevant18:55
kyrofazyga, exactly what I needed18:55
zygahttps://github.com/snapcore/snapd/blob/master/daemon/daemon.go#L13918:56
zygathis seems to suggest that if you are logged in18:56
zygathen you can access anything that's not specifically walled off18:56
zygaso if you log in you get more power18:56
zygawhich is weird, nothing sets RootOnly?18:57
zygaaha, I see18:57
zygathose are now split up to separate files18:57
zygakyrofa: creating users require to be root18:57
zygakyrofa: also profiling snapd18:58
kyrofaThanks zyga19:04
zygakyrofa: pleasure :)19:12
mupPR snapd#8194 opened: o/devicestate: unset recovery_system when done seeding <Simple 😃> <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/8194>19:58
mupPR snapd#8193 closed: snapstate: do not restart in undoLinkSnap unless on first install <⚠ Critical> <Created by mvo5> <Merged by anonymouse64> <https://github.com/snapcore/snapd/pull/8193>20:27
=== gremmlyn is now known as gremmly

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!