[00:19] thank [00:19] thanks Eighth_Doctor [02:09] how do i go about turning that ./spec file into an RPM? [06:35] morning [06:36] starting around 9, need to run an errand and do groceries before the panicked crowds show up [07:39] mvo: hi, maybe it was already noticed, but it seems we have a real issue with seccomp unit tests on 20.04: https://api.travis-ci.org/v3/job/662738603/log.txt [07:41] pedronis: yeah, I'm checking that right now [07:41] pedronis: also the postrm test is still flaky, a bit annoying [07:43] PR snapd#8262 closed: interfaces/udisks2: also allow Introspection on /org/freedesktop/UDisks/** [07:43] PR snapd#8263 closed: interfaces/udisks2: also allow Introspection on /org/freedesktop/UDisks2/** - 2.44 [07:43] mvo: this test seems also flaky sometimes snap-session-agent-socket-activation [07:43] seems a timing issue [07:44] pedronis: on all OSes or just specific ones? I noticed it only on ubuntu-core-16 [07:44] PR snapd#8261 closed: interfaces: work around apparmor_parser slowness affecting uio (2.44) [07:44] I seen it also on non-core [07:45] pedronis: ok, I see what I can find [07:46] mvo: maybe jamesh can also help with that one [07:52] good morning [07:53] pedronis: this is known, I reported it on tumbleweed about a week ago [07:53] zyga: well we have it on 20.04 now [07:53] https://bugs.launchpad.net/snapd/+bug/1866183 [07:53] Bug #1866183: seccomp tests fail in tumbleweed on 2020-03-05 [07:53] fun :| [07:53] ok [07:54] I had a terrible night, I'm barely awake [07:54] how can I help? [07:54] should I jump at seccomp, at reproducible maas content bug, at something existing like app tracking? [07:54] zyga: I'm looking at this right now [07:54] zyga: maas content bug sounds worthwhile [07:55] zyga: I can reproduce the seccomp one [07:55] mvo: is it segfaulting ? [07:55] I'll get to it [07:55] pedronis: not sure yet, seccomp got upgraded from 2.4.2 to 2.4.3 [07:56] pedronis: this is triggering it [07:56] ok, seccomp upgrade seemed the most likely candidate [07:56] mvo: if you do please check if the list in the bug I referenced is the same as in ubuntu now [07:57] I hope it's the same bug [07:57] zyga: yeah, output looks exactly the same [07:57] zyga: I bet the same lib update happend there too [07:57] yeah, that's a good sign [07:57] whatever it is we will need just one solution [07:58] this is fixed now: https://bugs.launchpad.net/snapd/+bug/1863807 ? [07:59] Bug #1863807: core snap rev 8716 breaks keyboard input in chromium and inkscape [07:59] pedronis: I think it was [07:59] pedronis: it was a change in input handling in ibus or something alike [08:00] pedronis: jamie fixed it a few weeks ago [08:00] mvo: they asked you a question here: https://bugs.launchpad.net/snapd/+bug/1863816 [08:00] Bug #1863816: trusty: snapd deb package does not start systemd [08:03] https://bugs.launchpad.net/snapd/+bug/1867415 is interesting :| [08:03] morning [08:03] Bug #1867415: Hardlinking snaps wastes 400 MB tmpfs RAM in live CDs [08:03] hey pawel [08:03] pstolowski: it's a morning but not particularly good one ;) [08:04] zyga: oh, bugs? [08:04] pstolowski: bugs and spiders [08:05] oh [08:05] public service announcement [08:05] if you are running focal [08:05] be careful not to break your system [08:05] zyga: I assigned this to you: https://bugs.launchpad.net/snapd/+bug/1866855 not sure what's it's overall priority [08:05] Bug #1866855: nvidia driver integration is incompatible with Debian [08:05] pedronis: ack, I can check on my nvidia box [08:05] thank you [08:05] I'll look at it to evaluate after maas bug [08:06] I suspect it might go away if we update snapd in debian though [08:06] probably a worthy goal anyway [08:06] mvo: debian question, is debian in some sort of freeze? new queue is full of things that are many weeks old [08:06] or is that just shortage of ftp masters? [08:06] re about focal: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1866844 [08:07] Bug #1866844: package libc6:amd64 2.31-0ubuntu3 failed to install/upgrade: installed libc6:amd64 package post-installation script subprocess returned error exit status [08:07] 127 [08:07] I got affected, need to spend some time to fix my laptop so that it boots normally again [08:07] I see it's got fixed now, that's really good [08:09] mvo: one you have a moment: https://bugs.launchpad.net/snapd/+bug/1867415 is this medium or high? [08:09] Bug #1867415: Hardlinking snaps wastes 400 MB tmpfs RAM in live CDs [08:09] pedronis: note, we can use statfs to detect overlayfs and switch to symlinks [08:09] it sucks we only learned this the hard way so close to release date :/ [08:20] what was the conclusion on this at the sprint: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1865519 ? [08:20] Bug #1865519: apparmor depends on python3 [08:20] pedronis: I think jamie said that it's not bad that python3 is a dependency but I don't remember if the people in the room had another consistent opinion [08:21] anyway is not a snapd bug strictly [08:24] why is this bug is saying install/update, when it looks like a purge op: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1866932 ? [08:24] Bug #1866932: package snapd 2.44~pre1+20.04 failed to install/upgrade: installed snapd package post-removal script subprocess returned error exit status 1 [08:24] morning [08:25] mvo: got logs from the postrm test? [08:28] mborzecki: yes, one sec [08:28] mborzecki: I was initially suspecting a race, i.e. the output not quite in sync [08:28] mborzecki: but my naive (late night) adding a sleep did not help at all so it's probably something else [08:30] mborzecki: https://api.travis-ci.org/v3/job/662738604/log.txt [08:30] mborzecki: + grep -E 'snap\..*\.(service|timer|socket)' [08:30] Ò— snap.test-snapd-service-stop-timeout.svc.service not-found failed failed snap.test-snapd-service-stop-timeout.svc.service [08:30] + echo 'found unexpected leftovers' [08:30] found unexpected leftovers [08:30] + exit 1 [08:30] ha a different service this time [08:31] mvo: should be a simple fix [08:31] mborzecki: oh, ok [08:33] zyga: this is not fixed yet https://bugs.launchpad.net/snapd/+bug/1821302 right? I'm marking it just high [08:33] Bug #1821302: /usr/lib/snapd unmounted in app + core18 + core (tooling) use case; possibly on core18 refresh [08:34] pedronis: correct [08:34] zyga: did suse upgrade to libc6 2.31 too? I suspect it's actually the libc6 update that breaks the tests (and I think I have a fix, just making sure I understand it) [08:34] mvo: well, maybe not that simple though, it's the same thing as i investigated last week, there's systemd service state leaking between the tests, even though we call systemctl reset-failed in restore :/ [08:34] mvo: I don't know, let me check [08:34] mborzecki: yeah, that part confused me [08:34] mborzecki: it looks like we explicitly reset it :( [08:35] mborzecki: hence suspecting the race [08:35] mvo: and it's on sid, before the problem was seen on arch [08:35] mvo: but I would expect so, tumbleweed rolls weekly [08:36] booting now [08:37] mvo: systemd 245 here on arch, same in sid [08:37] zyga: what's the current version of systemd in tw? [08:37] mborzecki: still updating, give me a moment [08:38] mvo: again, once you have a moment: should this be won't-fixed also on the package: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1673247 [08:38] Bug #1673247: package snapd 2.23.1 failed to install/upgrade: trying to overwrite '/etc/apparmor.d/usr.lib.snapd.snap-confine', which is also in package snap-confine 2.23.1 Progress by mvo> [08:38] [08:41] mborzecki: focal has systemd 244, so that's the most recent we have [08:42] pstolowski: I opened it now and once I'm done with the test issue will look in detail [08:42] pedronis: ^-- (and thanks for the pointer) [08:42] pstolowski: ups, sorry [08:44] zyga: according to their website also glibc 2.31, I think that's the one that breaks things for us, fixing now [08:50] pstolowski: hi, maybe you can review #8264 when you have a moment [08:50] PR #8264: many: introduce snapdenv to present common snapd env options [08:50] pedronis: sure [08:54] mborzecki: 244 [08:54] zyga@yantra:~> systemctl --version [08:54] systemd 244 (+suse.138.gf8adabc2b1) [08:54] +PAM -AUDIT +SELINUX -IMA +APPARMOR -SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 -IDN +PCRE2 default-hierarchy=hybrid [08:54] mvo: glibc version 2.31-2.1 [08:56] zyga: ta [08:57] zyga: thx [09:08] PR snapd#8265 opened: tests: add regression test for MAAS refresh bug [09:08] so some good news [09:08] if mborzecki can help me with selinux denials [09:08] hm? [09:08] I can fix the bug affecting maas by just enabling robust mount ns updates [09:09] i shuld hijack my wife's fedora laptop for a couple of days and try to weed out all the denials if there's any left [09:09] https://github.com/snapcore/snapd/pull/8089 is critical [09:10] PR #8089: features: enable robust mount ns updates [09:10] as in, fixing those denials will really improve snap experience for people [09:11] i investigated one on thursday evening (because there's better to do on a day off), and i think that desktop-helpers were causing a problem by doing cp -a on user-dirs.locale [09:11] mborzecki: not all denials are equal [09:11] if we just get over the hump that allows 8089 to land [09:11] it will mean a lot [09:13] omg, reproduced the problem with postrm-purge in a spread run where i forgot to add -debug /o\ [09:13] mborzecki: ouch :| [09:13] btw, it failed for me today [09:14] zyga: btw, I did work on 8242 end of last week [09:14] yeah, I noticed, I didn't review the changes yet but I plan to soon [09:15] thank you :) [09:15] I looked at snapdenv just now and it looks good [09:15] it's a much needed cleanup [09:17] yea, though it was an indirect reminder that store (and daemon) are still our least loved code [09:19] fwiw, I will work more on 8266 but wanted to unblock you guys [09:19] PR snapd#8266 opened: snap-seccomp: allow mprotect() to unblock the tests [09:28] heh, so with new systemd, there's a unicode dot printed in the sssytemctl line [09:28] ● snap.test-snapd-service-stop-timeout.svc.service not-found failed failed snap.test-snapd-service-stop-timeout.svc.service [09:28] ofc it doesn't match the awk pattern we search [09:29] fun, otoh we are culpable of those kind of changes to info or list, so can't blame [09:30] heh [09:33] mborzecki: mvo: on the UC20 uboot front, I worked a bit on it and #8228 needs 2nd reviews [09:33] PR #8228: boot,image: ARM kernel extract prepare image === ricab_ is now known as ricab [09:35] pedronis: nice, thank you! [09:35] pedronis: we got ourselves a deadlock in the reviews of that PR, looks like each of us pushed a bit there :) [09:38] * mvo will look at this [09:39] mborzecki: well, I think if both mvo and you look at it again, we are ok [09:44] mborzecki: mvo: it's missing a unit test though, but that can come in a follow up, anyway there's the todo and rename as well [09:49] * mvo is in a meeting but will look at the PR after that [09:49] hmm reset-failed does not clear the status though, the unit is still in not-found/failed state, wtf? [09:49] maybe someone in #systemd has a clue [09:59] mborzecki: sergio said he needs to reset twice [10:00] reset what? the service? [10:00] reset failed [10:00] just do it twice [10:00] google:debian-sid-64 .../tests/main/postrm-purge# systemctl reset-failed --force snap.test-snapd-service.test-snapd-service-refuses-to-stop.service [10:00] Failed to reset failed state of unit snap.test-snapd-service.test-snapd-service-refuses-to-stop.service: Unit snap.test-snapd-service.test-snapd-service-refuses-to-stop.service not loaded. [10:00] google:debian-sid-64 .../tests/main/postrm-purge# systemctl reset-failed --force snap.test-snapd-service.test-snapd-service-refuses-to-stop.service [10:01] Failed to reset failed state of unit snap.test-snapd-service.test-snapd-service-refuses-to-stop.service: Unit snap.test-snapd-service.test-snapd-service-refuses-to-stop.service not loaded. [10:01] zyga: ^^ :) [10:01] not loaded [10:01] but does it list as failed? [10:01] weird [10:01] yup [10:01] maybe deamon reload and then? [10:01] however, i can do `systemctl reset-failed` (no params, resets all units) and the status is cleared [10:01] huh [10:01] magic [10:01] or [10:01] maybe the unit is really gone [10:02] and it cannot be referred to by name anymore [10:02] and reset-failed can clear "unreachable" units somehow [10:02] it is, but we were able to reset-failed a unit that was not found before [10:07] ackk: hey [10:07] ackk: some good news :) [10:08] hi zyga, I saw :) [10:08] ackk: please try that and let me know if you run into any issues having that enabled [10:09] zyga, how do I enable? [10:09] ackk: like this https://github.com/snapcore/snapd/pull/8265/files#diff-09aaa35036aab4cfb8a7a8ae90869822R14 [10:09] PR #8265: tests: add regression test for MAAS refresh bug [10:09] oh I see, thanks [10:10] zyga, I'll let you know if I hit the issue again, thanks [10:10] ackk: I just wanted to say I'm very grateful for the bug report with information on how to reproduce [10:10] zyga, is the plan to enable the feature by default in the next release? [10:10] ackk: I know this was plaguing you for many weeks now [10:11] ackk: yes, we just need to adjust the selinux policy because it currently blocks the branch that enables this from landing [10:11] zyga, no problem, happy that it was helpful :) [10:11] zyga, thank you for jumping on it [10:11] my pleasure :) I really like making things robust [10:13] heh [10:14] PR snapd#8267 opened: tests/lib/reset: workaround unicode dot in systemctl output [10:16] now i can't reproduce the reset-failed problem on sid, wth? [10:16] anyways, mvo ^^ 8267 shoudl fix the postrm-purge and snap-mgmt tests [10:16] mborzecki: nice, thank you [10:25] mborzecki: then maybe more than it alone needs to reset-failed [10:39] zyga: suse is using /var/lib/snapd/snap too? [10:39] nope [11:06] mvo, hi WRT https://bugs.launchpad.net/maas/+bug/1867571 (ISTR we talked about the issue in the past) looking at snapd core it seems there is an apparmor rule allowing read access to /run/uuidd/request, is the denial because of the "w" ? [11:07] Bug #1867571: apparmor denied warning for /run/uuidd/request [11:14] ackk: in a meeting right now, will get back to you [11:15] mvo, np, thanks [11:15] ackk: looks like it [11:15] ackk: let me check snapd to be ure [11:15] *sure [11:16] zyga, fwiw it seems you need write access too, as libuuid does write to the socket to get the uuid [11:16] I'm not sure of the protocol [11:16] ackk: you get write access with openvswitch-support [11:16] ackk: everyone else get s read access by default [11:16] zyga, right, but read access is probably useless? [11:17] I don't know [11:17] I suspect not [11:17] it is a socket [11:17] perhaps just reading is enough? [11:18] zyga, https://paste.ubuntu.com/p/kfNs4pkMyS/ is what "uuidgen -t" does [11:18] ackk: as I said, I don't know [11:18] one would have to read the source of uuidd [11:18] and check what's the protocol === valentind_ is now known as valentind [11:25] the mprotect() fix failed aparently in non-ubuntu, does anyone have details? if it's something silly like the postrm-purge failure I can merge and override the failure [11:25] but it looks like I can't see the reason for the restart of the testrun unfortunately [11:26] wasn't me [11:26] appreciate y'alls thoughts on https://forum.snapcraft.io/t/uuidd-apparmor-denial/16013 [11:27] zyga, looking at https://github.com/karelzak/util-linux/blob/master/libuuid/src/uuidd.h#L43-L49 you have to write the type of operation you want, so you need write access [11:28] zyga, I suspect the current rule isn't really working (although libuuid will still work as it falls back to local getrandom() if the socket fails) [11:28] ackk: I see [11:28] * ackk adds comment to sparkiegeek's post [11:28] pedronis: I reviewed 8264 [11:28] ackk, sparkiegeek: thank you [11:28] I suspect it's a jamie topic [11:28] I can change stuff but he needs to ultimately review that anyway [11:31] zyga, can we test locally by hacking apparmor rules for the maas snap? (adding "w" support) [11:31] yes [11:31] always :) [11:31] zyga, how do I do that? [11:31] ackk: you need to edit the appropriate text file [11:31] they are stored in /var/lib/snapd/apparmor/profiles [11:31] and are named after the snap and application name [11:32] the correct one should be easy to locate [11:32] then you need to locate the line that mentions uuidd [11:32] and change "r," to "rw," - mind the comma, they are relevant [11:32] and issue a command to compile and insert the profile into the kernel [11:32] sudo apparmor_parser -r /path/to/that/profile/file [11:32] mind you that snapd will regenerate profiles for many operations [11:32] so your changes may get undone [11:33] let me know if you need ehlp [11:33] *help [11:35] zyga, that seems to fix the issue [11:35] sparkiegeek, ^ [11:35] ackk: ack [11:40] PR snapd#8266 closed: snap-seccomp: allow mprotect() to unblock the tests [11:40] PR snapd#8267 closed: tests/lib/reset: workaround unicode dot in systemctl output === alan_g is now known as alan_g_ [11:45] zyga: thanks, I tried to answer your questions [11:46] looking [11:49] zyga: also notice that the description has a list of TODOs for follow-ups already, this PR is already quite big given what is doing [11:49] ok [11:49] ah [11:49] I missedthe PR message somehow [11:50] the main motivation for this is actually PreseedMode, but yes ideally all SNAPD_/SNAPPY_ vars would be handled like this, buit is quite a bit of work that is hard to justify atm [11:51] at least we have a place now [11:51] pedronis: LGTM, happy to see progress in this area :) [12:02] sparkiegeek: note that 8537ba5b2816ac1a2f77dc03ba709947b11a2531 added it to snap-update-ns profile. it was only in 2049f2c8245da1d97c96fcc76bab871eb0491d23#diff-a34e166c5b3016c122430c5884f41e9b from last week where it was added to the default template. [12:03] mvo, hey [12:03] it still only had 'r' though [12:03] jdstrand: thanks [12:03] has* [12:03] PR snapd#8268 opened: snap-seccomp: robustness improvements [12:04] mvo, snapd,failure is failing also on uc18 na uc20, on PR #8252 [12:04] PR #8252: tests: update test to make snapd snap fixed twice [12:05] guten morgen from the quarantine :-) [12:06] jdstrand: ninja-edit'd post to reference the correct commit [12:06] pedronis: added StoreAcount in #8246 [12:07] PR #8246: client, daemon, overlord/devicestate: structures and stubs for systems API [12:17] Saviq, hey [12:17] cachio: oi! [12:18] I plan to delete fedora 28/9 images from gce, are you using them ? [12:18] mborzecki: reviewed [12:18] I need to clean up a bit [12:18] pedronis: thanks! [12:18] cachio: fire away https://github.com/MirServer/mir/blob/master/.travis.yml#L47 [12:19] nice, thanks [12:19] or more importantly https://github.com/MirServer/mir/blob/master/spread.yaml#L5 [12:20] ijohnson: hello, I pushed a bit forward your PRs on Friday [12:20] hey pedronis [12:20] Great, I see some of them were merged [12:21] * zyga breaks for coffee [12:21] or actually [12:22] maybe I'll grab lunch and then coffee [12:22] ahead of the standup [12:26] PR snapd#8269 opened: apparmor: add rw for uuidd request to default and remove from snap-update-ns [12:27] sparkiegeek, ackk: fyi, ^ [12:28] jdstrand, thanks! [12:28] jdstrand: thank you [12:28] jdstrand, fwiw the openvswitch interface also grants that, so it could maybe be dropped from there? [12:29] zyga: ijohnson: #8258 needs your reviews [12:29] PR #8258: interfaces/kubernetes-support: allow autobind to journald socket [12:30] Yes it's on my list thanks pedronis [12:31] mvo: #8249 needs a master merge? [12:31] PR #8249: interfaces: make gpio robust against not-existing gpios in /sys [12:31] pstolowski: #8235 probably also needs master merged in [12:31] PR #8235: cmd/snap-preseed: handle --reset flag [12:32] pedronis: ack, doing [12:32] zyga: hey there 😊 Short ping about https://bugs.launchpad.net/snapd/+bug/1844496/comments/8 [12:32] Bug #1844496: β€œDevice or resource busy” error during snap refresh when using layout with variable [12:34] mvo is something blocking an update to snapd in debian? I have snaps which cannot be installed because they need 2.43 [12:35] mvo: can you take a look at 8246? [12:36] popey: nothing is blocking, I wanted to upload 2.44 once out (this week), re-exec should handle most cases though, I can put this on higher priority [12:36] Oh, debian has re-exec? [12:36] mborzecki: yes, once the fires are out [12:36] popey: yes, should be [12:37] hey mvo! [12:37] ah okay. Is it locked to debian via os-release or somesuch? [12:37] hey ijohnson, welcome back [12:37] what's on fire today :-) [12:37] Because I have seen reports of outdated snapd on debian derivatives, which suggest they don't get re-exec [12:37] popey: iirc yes, I don't remember the details [12:37] mvo: this is the same bug we saw on trusty: snapd snap not getting pulled down [12:37] hm, ok [12:37] popey: aha, interessting [12:37] jdstrand: aha, ok [12:37] Seen it on the forums mentioned a bit [12:37] popey: for some stuff we need an update [12:38] popey: I will do a new upload [12:38] <3 thanks [12:38] ackk: ok, yes, done [12:38] ackk: (updated the PR) [12:38] e.g. snapctl is-connected is in 2.43, I would *love* that :D [12:38] ijohnson: tests were failing left and right [12:38] I'll leave you alone, thanks mvo [12:39] mvo: :-/ anything I should look at right away? I'm currently trying to triage all my notifications/PR requests and things [12:39] ijohnson: that's fine, I think test are good again [12:39] cool [12:59] zyga: this is what i have https://paste.ubuntu.com/p/jXh8yNzGqQ/ [13:00] popey: Certainly works for me on Debian stable [13:00] dpkg -l snapd says 2.37.4-1+b1, snap version says 2.43.3 [13:06] zyga: should I push a patch with policy update to your PR? [13:10] jdstrand: is #8269 meant for 2.45 or 2.44 ? [13:10] PR #8269: apparmor: use rw for uuidd request to default and remove from elsewhere [13:11] mborzecki: please! [13:12] pedronis: ack, after lunch [13:12] dot-tobias: replied [13:14] zyga: Thanks! [13:15] zyga: hmm any clue why snapd would trigger this on remove? list_dirs_pattern(snappy_mount_t, snappy_var_lib_t, snappy_var_lib_t) [13:15] list_dirs_pattern(snappy_mount_t, snappy_var_lib_t, snappy_var_lib_t) [13:15] pff [13:15] type=AVC msg=audit(1584364147.373:402): avc: denied { getattr } for pid=2756 comm="snapd" path="/run/user/1000/snap.snap-store/dconf" dev="tmpfs" ino=63262 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:config_home_t:s0 tclass=dir permissive=1 [13:15] this ^^ [13:15] what's snapd doing with /run/user//snap. ? [13:16] I don't know off hand [13:16] but it is dconf [13:16] perhaps that is managed by something (helpers or interface) [13:17] mborzecki: zyga: is simply space that we let the snap use afaict [13:18] pedronis: that i know, but i'm wondering why we poke anything under /run/user//snap./ it when removing a snap [13:18] PR snapcraft#2975 opened: specifications: experimental features guidelines [13:21] mborzecki: looking, one sec [13:23] mborzecki: yes, RemoveSnapCommonData removes filepath.Glob(snap.XdgRuntimeDirs()) afaict [13:24] PR core20#26 closed: Disable emergency.target & debug-shell, unless kernel cmdline is dangerous [13:24] pedronis: thanks! [13:25] PR snapd#8270 opened: store: support for search API v2 [13:26] ok, so that explains getattr (caused by globbing probbaly) and then unlinking [13:34] zyga: couple more tweaks to the policy [13:34] mborzecki: sure, I will check soon [13:34] zyga: np, haven't pushed yet, want to make sure it builds on centos7 too [13:34] there's some interfaces that may not be available there :/ [13:35] pedronis: 2.45 [13:35] pedronis: I mean, it could be 2.44, but I'm trying to actually let you release the thing :) [13:35] pedronis: and nothing is actually broken, it is just noise [13:36] (since fallback behavior allows things to work ok) [13:37] * mvo had the same question [13:38] the k8s one I did on friday though would be good to have in 2.44 [13:38] actually, I think it was thursday, but yeah [13:39] PR snapd#8258 closed: interfaces/kubernetes-support: allow autobind to journald socket [13:39] jdstrand: I asked people to review the k8s one [13:40] PR snapd#8259 closed: interfaces/kubernetes-support: allow autobind to journald socket - 2.44 [13:42] pedronis: I saw, thanks! :) [13:55] @zyga: If you need a tester for https://bugs.launchpad.net/snapd/+bug/1866855, I'm in the office @ my nvidia machine [13:55] Bug #1866855: nvidia driver integration is incompatible with Debian [13:55] pedronis: re the unit test you mentioned https://github.com/snapcore/snapd/pull/8228#discussion_r392221605 should I add that before we merge that? [13:55] PR #8228: boot,image: ARM kernel extract prepare image [13:56] ijohnson: not particularly if it get green before, anyway I think we should do the todo as well [13:56] ok [13:56] in a follow up [14:00] ppd: thank you, I need to debug the issue first [14:00] ppd: I have nvidia and debian at home [14:00] ppd: I plan to switch to that soon [14:02] PR core20#25 closed: hooks/200-console-conf-after.chroot: perform console-conf ordering checks [14:02] xnox: yay [14:03] PR snapcraft#2975 closed: specifications: experimental features guidelines [14:14] PR snapd#8271 opened: interfaces: add hugepages-control [14:43] mvo: and now it is stuck on considering re-refresh [14:43] and now it completed [14:43] so on 2nd try it did towrk [14:43] *did work [14:43] zyga: so racy :( [14:44] huh, but the snap change says it worked [14:44] what? [14:45] ah, no [14:45] just lots of changes [14:45] but I see the error [14:46] zyga: could you attach it to the bug with the snapd logs please? [14:46] zyga: both the bad and good case [14:46] zyga: (if you haven't already) [14:46] yeah [14:46] done now [14:46] looking at journal logs for more details [14:46] mborzecki: ^ [14:46] gosh why doesn't launchpad do markdown [14:46] and why does it wrap text [14:47] I have 60%+ whitespace on my screen [14:47] because LP wraps everything to 800x600 or something :/ [14:48] logs added [14:48] mborzecki: [14:48] Mar 16 15:37:40 $HOSTNAME systemd[1]: snapd.service: Current command vanished from the unit file, execution of the command list won't be resumed. [14:49] what the :) ? [14:50] I'll switch gears to Debian now [14:50] if you need anything just ping me please [15:00] ijohnson, hey, this is the pr for the snapd.failure serivce #8252 [15:00] PR #8252: tests: update test to make snapd snap fixed twice [15:00] if you want to add the fix there should be great [15:08] mborzecki: how can I toggle gadget asset writes? [15:08] er trigger [15:16] PR snapd#8272 opened: data/selinux, tests/main/selinux: cleanup tmpfs operations in the policy, updates [15:16] zyga: ^^ [15:16] looking [15:16] and *thank you8 [15:16] * :) [15:17] zyga: can you cherry pick the patch to your PR and see if it's ok now? [15:17] mborzecki: sure [15:17] first or both? [15:18] zyga: i've only tried it locally with experimental.robust-mount-namespace-updates=true, the default ran on spread [15:18] ok, I'll try [15:21] * cachio lunch [15:36] zyga: hm afaict that systemd line is because we replace the snapd service file, so the file on disk is no longer the same as it was when the service was started [16:00] mborzecki: what does command vanished though? [16:00] *mean [16:06] I’m helping with kids upstairs. Afk [16:07] First few days are hard [16:28] PR snapcraft#2976 opened: cli: formalize developer debug as hidden build option [16:35] pedronis: afair from the last time we investigated this, this happens when there's a reload, systemd does serialze/deserialize sequence, and the service unit it serialized does not match the one that was read again from disk [16:35] pedronis: though in the case of this bug, the problem appears to be elsewhere imo [16:35] mvo: I looked into extracting just the bit from #8169 that drops RemainsAfterExit=true from snapd.failure.service, but that requires a bit of tests changes that would also need to be pulled out [16:35] PR #8169: tests/many: don't use StartLimitInterval anymore, unify snapd-failover variants, build snapd snap for UC16 tests [16:35] mvo: I can certainly pull those out into a PR if you like, but it may be easier to just review the PR as it is IMHO [16:35] pedronis: zyga: it unexpectedly exits with an error when a restat was requested: Mar 16 12:50:29 $HOSTNAME snapd[680]: cannot run daemon: context deadline exceeded [16:36] let me know how you want to procee [16:36] d [16:36] whgat triggers the rollback [16:36] pedronis: zyga: afaict this is caused by a graceful shutdown of the snapd.socket ? [16:36] d.tomb.Kill(d.serve.Shutdown(ctx)) [16:37] mborzecki: I don't know w [16:37] I have my laptop upstrairs and will try to resume work [16:38] mborzecki: what has changed in this area though ? [16:40] pedronis: in that particular daemon shutdown code nothing spectacular, last change was in june 2019 [16:41] I think maciek had a good hunch [16:42] the device agent is poking snapd api [16:42] so it may be interacting with snapd as it shuts down [16:42] we may need the /etc/nologin equivalent for the API [16:42] but we close our sockects [16:42] before getting there [16:42] are we closing the snapd.socket? [16:42] as in [16:42] are we preventing socked-based activation? [16:42] we may shut ourselves down [16:43] but unless we do it in a way that doesn't disable activation [16:43] pedronis: so looking at http.Server.Shutdown(), it loops waiting for all connections to become idle [16:43] pedronis: #8264 can land [16:43] PR #8264: many: introduce snapdenv to present common snapd env options [16:43] it may be that a constant ping is enough to break frefresh [16:43] PR snapcraft#2977 opened: cli: merge build options into provider options [16:43] *refresh [16:43] heh, more, the shutdown timeout we use is 25s, the logs are 25s apart :P [16:43] Mar 16 12:50:04 $HOSTNAME snapd[680]: daemon.go:539: done waiting for running hooks [16:43] Mar 16 12:50:29 $HOSTNAME snapd[680]: cannot run daemon: context deadline exceeded [16:44] are we seeing snapd restarts in the middle though? [16:44] anyway at that point we closed the sockets but are still running [16:44] so systemd shouldn't start a new version of snapd [16:44] afaiu [16:45] pedronis: but there's a failure instead of clean restart [16:45] mborzecki: this means that some handler is taking very long [16:45] I think [16:46] pedronis: api endpoint handler right? [16:46] pedronis: what if a client is slow to receive the response, would it look the same? [16:46] yes, or something is keeping a connection alive [16:46] but I think Shutdown deals with that [16:46] (our old code did) [16:46] I can double check for the latter [16:47] pedronis: we use the stdlib now, and run it with a context.WithTimer() [16:47] when it times out, the error becomes tomb status, and the core that runs later returns that as an error [16:48] maybe we should just suck it up if it's a timeout and exit [16:48] I switched the machine on [16:48] checking for changes [16:48] there are changes of the sort "Running service command for snap ..." [16:49] and that has tasks that ... install snapd? [16:49] ah, sorry no [16:50] * zyga there are commands but they restart a service of another snap [16:50] zyga: i think you need SNAPD_DEBUG=1 to see if anything is poking the api [16:50] aha [16:53] mborzecki: done, I will watch the log [16:53] snapd.failure.service failed on the first restart [16:54] cmd_snapd.go:136: restarting snapd socke [16:54] error: [16:54] ----- [16:54] PR snapd#8273 opened: interfaces/greengrass-support: add new 1.9 access [16:54] Job for snapd.socket failed. [16:54] See "systemctl status snapd.socket" and "journalctl -xe" for details. [16:54] fun [16:55] mborzecki: took a while but, no, the stdlib code doesn't let reuse a connection once in shutdown [16:55] then [16:55] snapd.socket: Socket service snapd.service already active, refusing. [16:55] Failed to listen on Socket activation for snappy daemon. [16:55] mborzecki: so it would be a handler<->client taking too long [16:56] mborzecki: ignoring the timeout is what we do with RestartSystem btw [16:56] PR snapd#8274 opened: interfaces/greengrass-support: add new 1.9 access (2.44) [16:57] pedronis: right, but we only refresh snapd here, so a simple restart [16:57] yea [16:59] hm maybe we should ungracefully call d.serve.Close() when timeout occurred [16:59] mborzecki: it's the reserve we close the socked below the server ourselves [16:59] before [16:59] PR snapd#8264 closed: many: introduce snapdenv to present common snapd env options [17:05] pstolowski: thanks, I'll work on snapdenv.Preseeding next (I'll probably rename PreseedMode to Preseeding in places) [17:06] pedronis: great, ty [17:13] PR snapd#8235 closed: cmd/snap-preseed: handle --reset flag [17:15] mvo: ^ that was still targeted for 2.44 [17:20] mborzecki: anyway doing what we do for a system restart seems neccesary, otoh it would still be good to understand what is blocking us for 25s [17:23] mvo: I remembered the gpg key :D === ijohnson is now known as ijohnson|lunch [17:26] PR snapd#8275 opened: daemon: do a forceful serer shutdown if we hit a deadline [17:26] pedronis: we could try something like this ^^^ [17:27] anyways, need to go, kids got their homework, since the school is in lockdown it's e-learning now ;) [17:28] zyga: yay! [17:28] pedronis: yeah, 8235 looks sane for 2.44, no? [17:28] mvo: yes [17:28] I've pushed my keys to debian and ubuntu [17:28] whee [17:28] mvo: needs to be cherry picked [17:28] I'm so happy [17:28] pedronis: will do in a sec [17:35] pedronis: thanks, cherry picked now [17:46] PR snapd#8276 opened: snap: whitelist lzo as support compression for snap pack [17:58] PR snapd#8277 opened: asserts,o/devicestate: support model specified alternative serial-authority [17:59] PR snapd#8278 opened: devicestate: disable cloud-init by default on uc20 [18:07] mvo: left some comments ^ [18:07] it's almost dinner for me === ijohnson|lunch is now known as ijohnson [19:19] pedronis: thanks \o/ ! checking [19:56] mvo, I made uc20 tests work on nested vm [19:57] so no hurry with cloud init [20:00] cachio: !!! how did you do that? amazing \o/ [20:01] cachio: nice [20:02] mvo, small change on how we modify snapd snap to use the current branch [20:03] mvo, cmatsuoka helped a lot on the process [20:03] I'll add some tests to the branch and pushed again [20:03] thanks cachio and cmatsuoka [20:03] mvo, just a clarification, uc20 works but still the secure boot is not ready on the machine [20:04] so the test which checks the secure boot is currently failing [20:04] but we can boot and check uc on a nested vm with all the tpm machinery [20:04] cachio did all the stuff, I just tried to boot his images here [20:05] when cmatsuoka branch is landed, that test should pass [20:05] cachio: nice! [20:05] cmatsuoka: and nice job of you too [20:05] * mvo hugs cachio and cmatsuoka (totally virus safe!) [20:05] hehehe [20:06] virtual hugs [20:18] PR snapd#8279 opened: snap: do not hardlink on overlayfs [20:22] PR snapd#8249 closed: interfaces: make gpio robust against not-existing gpios in /sys [20:24] cachio: cmatsuoka: which branch should I take a look at to enable uc20 nested tests ? [20:33] PR snapd#8280 opened: many: introduce snapdenv.Preseeding instead of release.PreseedMode [20:37] PR snapcraft#2978 opened: tests: add microk8s spread test [20:40] ijohnson: I was using sergio's tests-enable-nested-on-core20 branch [20:40] cmatsuoka: is there a PR open for that? [20:40] cachio: ^^ [20:41] ijohnson: I think sergio opened it last friday [20:41] I'll take a look [20:41] looks like https://github.com/snapcore/snapd/pull/8260 is the branch [20:41] PR #8260: tests: enable nested on core20 and test current branch <β›” Blocked> [20:41] err PR [20:43] I see I have pending comments there [20:59] PR snapcraft#2979 opened: tests: add multipass adhoc spread backend [21:29] PR snapcraft#2980 opened: vcs: add direnv files to .gitignore [21:31] wgrant i have another snap which seems to be randomly using snapcraft deb rather than snapcraft snap in build.snapcraft.io :S [21:32] https://launchpadlibrarian.net/469283263/buildlog_snap_ubuntu_bionic_s390x_f575d29e94f650a871d01c059930838d_BUILDING.txt.gz [21:33] sergiusens have you seen this happening in lp? ^ [21:45] popey: what triggered this build? [21:46] popey: using the wrong snapcraft is sort of out of my hands [21:46] unless it is remote-build [21:47] if it is build.snapcraft.io triggered, we need to ask Lukewh and verify that they are inadvertingly setting the "snap" fields [21:47] it says build trigger unknown [21:47] we have a few threads on the forum about it now [21:48] popey: seems it is build.snapcraft.io https://launchpad.net/~build.snapcraft.io/+snap/f575d29e94f650a871d01c059930838d/ [21:48] what would cause this though? [21:49] wonder if it's the new build button [21:50] popey: well if you are using something new, yeah, most likely, specially since it sends a call to the launchpad APIs, this is where you can incorrectly be setting to NOT use the snap [21:50] popey: Has anyone filed a bug against LP about this yet? [21:50] no because we couldn't figure out where the bug should be [21:50] I don't think it can be a BSI bug [21:51] We haven't figured out what's going on, but it's currently hard to see how it could be outside Launchpad (much though I'd like that to be the case) [21:53] where should I file a bug? [21:53] cjwatson: well, the webteam (I just learned) added a new "build" button which might be calling the api and setting the snap fields incorrectly [21:53] popey: https://bugs.launchpad.net/launchpad [21:54] cjwatson: would be nice to have launchpad show that info in the logs, I can log a bug about just that :-) [21:54] sergiusens: On build.snapcraft.io? I don't see a recent change like that in its repository [21:54] sergiusens: It kind of does if you know how to read it :) [21:54] popey: where is this new build button [21:54] sergiusens: Or maybe I'm misunderstanding what info you're talking about [21:55] login to the store, any snap page and you'll see a new tab next to Listing [21:55] Oh, that's been rolled out has it? [21:55] yes [21:56] That would be the obvious recent change then I suppose [21:57] cjwatson: in .requestBuild you can pass a "channels" dict or snaps as keys, channels as values. This is what I suspect is incorrectly being set [21:57] sergiusens: Yes but LP is supposed to infer that itself in the case of bases [21:57] *dict with [21:57] I know about the requestBuild(s) API :) [21:58] https://bugs.launchpad.net/launchpad/+bug/1867689 [21:58] Bug #1867689: snap builds via bsi use the deb rather than snap of snapcraft [21:58] Thanks - we can redirect if that turns out to be the wrong place [21:58] cjwatson: I know you do, I was just trying to be specific of what my thought was on why it could have started failing [21:58] If nothing else we could use some better debugging information in our own logs [21:58] (internally) [21:58] sergiusens: Right, I agree it's a candidate place for things to go wrong, I just haven't been able to work out how that could concretely happen from the code flow [21:59] I'll have a look at the new web team changes as soon as I can find where the backend bits for it life [21:59] *live [22:00] Oh [22:00] Hahaha [22:00] You may be right [22:00] data = { [22:00] "ws.op": "requestBuilds", [22:00] "channels": "snapcraft,apt", [22:01] Why [22:03] sergiusens: So yeah, sorry, I didn't expect that they'd have specifically gone out of their way to override this wrongly :-/ [22:05] hah [22:05] oopsie [22:07] Filing a bug [22:09] thanks cjwatson [22:09] PR snapd#8228 closed: boot,image: ARM kernel extract prepare image [22:09] https://github.com/canonical-web-and-design/canonicalwebteam.launchpad/issues/13 [22:23] Glad to have found that, that was super-puzzling this morning [22:26] heh [22:29] PR snapcraft#2981 opened: colcon plugin: rewrite poco absolute library paths [22:59] thanks for the bug cjwatson. I'll chase it up tomorrow. === adrian- is now known as alvesadrian