/srv/irclogs.ubuntu.com/2020/03/04/#snappy.txt

mupPR snapcraft#2954 closed: cli: enable config file for base snapcraft command <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2954>06:08
mupPR snapcraft#2957 closed: go plugin: do not remove install /bin directory before build <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2957>08:02
zygajdstrand: EHLO10:38
zygajdstrand: I have an idea to run by you10:38
zygajdstrand: we discovered that some containers do not run udev (they have it installed but udevd is down)10:38
zygajdstrand: this breaks interface setup10:39
zygajdstrand: I patched it to skip the entire udev backend10:39
zygajdstrand: and got feedback to write the files but not invoke udev as a safer way10:39
zygajdstrand: now the question:10:39
zygajdstrand: should we do that for all the backends, specifically apparmor10:39
zygajdstrand: write the profiles and not load them10:39
zygajdstrand: .10:39
mupPR snapd#8210 closed: wrappers: add mount unit dependency for snapd services on core devices  <UC20> <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/8210>10:56
ograhmm10:56
ograogra@localhost:~$ sudo ls -alh /root/snap/10:56
ogratotal 16K10:56
ogradrwxr-xr-x 4 root root 4.0K Mar  4 10:56 .10:56
ogradrwx------ 3 root root 4.0K Oct  3 12:09 ..10:56
ogradrwxr-xr-x 6 root root 4.0K Mar  2 08:39 mir-kiosk10:56
ogradrwxr-xr-x 4 root root 4.0K Oct  3 12:09 pc10:56
ograwhy do i have a dir for the gadget in /root/snap ??10:57
zygaogra: because it runs as root and has HOME=/root/snap/$SNAP_NAME11:01
ograzyga, "runs" ?11:02
ograits a gadget :)11:02
zygait must have a hook11:02
ograor is that from some hook11:02
ograah11:02
mupPR snapd#8220 opened: interfaces/seccomp: allow passing an address to setgroups <Created by alfonsosanchezbeato> <https://github.com/snapcore/snapd/pull/8220>12:08
mupPR snapd#8216 closed: tests: add session-tool, a su / sudo replacement <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/8216>12:42
zygajdstrand: https://github.com/snapcore/snapd/pull/8220 is interesting12:46
mupPR #8220: interfaces/seccomp: allow passing an address to setgroups <Created by alfonsosanchezbeato> <https://github.com/snapcore/snapd/pull/8220>12:46
zygajdstrand: https://github.com/snapcore/snapd/pull/8219 is a priority for 2.44 that came up during the sprint12:48
mupPR #8219: interfaces: use udev backend if udev socket exists <Security-High> <Created by zyga> <https://github.com/snapcore/snapd/pull/8219>12:48
ograzyga, some cosmetics for you guys ... https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/186605812:53
mupBug #1866058: gadget hooks should not write to /root/snap by default <snapd (Ubuntu):New> <https://launchpad.net/bugs/1866058>12:53
zygaogra: aha12:54
zygaogra: hmmm12:54
ografull of assumptions :)12:54
ograif you think this is wrong, just close it though12:55
zygaogra: I think it's interesting but I don't know what to do about HOME in such a case12:55
zygaogra: I'll ask others for opinions12:55
ograyeah ... it is purely cosmetic anyway12:55
jdstrandzyga: hey, ack. I'm going into a meeting but otoh not running the udev backend means the device cgroup isn't going to work right (too restrictive). disabling that results in degraded policy (some apparmor rules depend on the cgroup) which would mean PartialConfinement12:57
zygajdstrand: I'll be in the call12:58
jdstrandnot removing the cgroups should be 'ok' security-wise since it should just be too strict12:58
zygajdstrand: note that without udev /deve is really not populated12:58
jdstrandbut, I want to look at it more carefully and comment12:58
zygajdstrand: sure12:58
zygajdstrand: note that the PR has two approaches12:59
zygajdstrand: prior approach removed udev backend12:59
jdstrandzyga: well, that is an assumption of container setup. what if this isn't a container and udev just happens to not be running, or a container in the same way12:59
zygajdstrand: and we changed that to avoid interacting with the system-key12:59
zygajdstrand: it's a container configured not to run udev (buildd) even if installed (we do install it as a snapd dependency)12:59
zygajdstrand: we are ready with the call13:00
jdstrandzyga: but the code afaics isn't checking any of that13:00
zygajdstrand: can you clarify what is not being checked?13:31
jdstrandzyga: well, so, I haven't read the PR closely, but the problem statement includes 'some containers don't have udev' but the PR will fire on 'any system that doesn't have udev'13:32
jdstrandzyga: we aren't limiting the solution to containers in other words. I am not saying we should, but that is what I meant by 'not being checked'13:33
=== ppd1990 is now known as ppd
=== ppd is now known as ppd1990
mborzeckijamesh: commenting out the line that loads from local cache makes the fonts look ok, so mabe the cache format did change, just that now i'm skippinng my real $HOME/.cache/fontconfig ?13:46
jameshmborzecki: But if your default font came from /usr/share/fonts, you'd have the same problem with caches in /var/cache/fontconfig13:47
jameshit's not just the user's home dir13:47
mborzeckijamesh: i think i need to run the bisect again, with adding the xdg path to the ~/.fonts.conf13:58
sil2100ogra: hey! So I merged the --disable-console-conf change - one thing worth remembering though is to adjust it for uc20 once it's a thing14:19
sil2100So that it always does what it's intended to14:19
ograyeah ... i havent tried UC20 at all yet but will roll an UC18 image to test and verify14:20
sil2100ogra: it should land in edge soonish14:20
ograand my team owes you $BEER .)14:20
ograyeah14:20
=== ppd1990 is now known as ppd
zygajdstrand: I think this is fine, I only meant to say "we saw a system, namely a container, that didn't use udev"15:01
jdstrandzyga: I'm looking at it now15:06
zygajdstrand: thank you15:15
zygajdstrand: that's correct15:23
zygaah15:23
zygasorry, my backlog moved15:23
zygaI read your response from two hours ago15:23
mupPR snapcraft#2960 opened: specification: base plugin and plugins for core20 <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/2960>16:03
mupPR snapcraft#2927 closed: requirements: uprev lxml to 4.5.0 <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2927>16:13
mupPR snapcraft#2942 closed: pluginhandler: do not search installdir or stagedir for dependencies <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/2942>16:16
mborzeckijamesh: so this is the commit that broke stuff: https://gitlab.freedesktop.org/fontconfig/fontconfig/commit/c4324f54ee16e648ba91f3e9c66af13ab3b1754c16:18
mborzeckijamesh: feels like we've been there already16:18
mborzeckijamesh: we were https://forum.snapcraft.io/t/snapped-app-not-loading-fonts-on-fedora-and-arch/12484/3016:30
jameshmborzecki: weirdly, the fontconfig inside the platform snap is from before all the UUID nonsense.  I would have thought that change effectively reverted to the old behaviour16:31
jameshmborzecki: thinking about it some more, the incompatibility is probably further back: it's just that the versions before that commit produce cache files the snap can't see16:32
jdstrandzyga: ok, I spent a lot of time on PR 8219 and I wasn't thinking about it correctly up above. please see my PR comments17:17
mupPR #8219: interfaces: use udev backend if udev socket exists <Security-High> <Created by zyga> <https://github.com/snapcore/snapd/pull/8219>17:17
zygajdstrand: ack, thank you17:19
cjp256does the snap search cache get updated intermittently?17:30
cjp256i search `flutter-gallery` and get no hits, but it installs fine17:31
mupPR core20#26 opened: Disable emergency.target & debug-shell, unless kernel cmdline is dangerous <Created by xnox> <https://github.com/snapcore/core20/pull/26>20:32

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!