[03:43] PR snapcraft#3129 opened: schema: add support for the daemon-scope property on apps [03:46] Does this channel support issues with the snap management tool? [03:46] or is it only developer focused? [03:58] PR snapcraft#3130 opened: build_providers: don't show an error if there are no auto-refresh changes [06:25] morning [06:28] hey mborzecki [06:29] mvo: hey, can you take a look at https://github.com/snapcore/snapd/pull/8604 ? [06:29] PR #8604: interfaces/builtin/desktop: do not mount fonts cache on distros with quirks [06:30] mborzecki: sure [06:30] mvo: thanks [06:31] mborzecki: thanks, done, we should also squash it I think [06:31] mvo:yeah, easier to cherry pick [06:33] +1 [06:45] hey [06:45] good morning zyga [06:48] zyga: hey [06:48] how was Friday? [06:49] zyga: that opensuse go thing is weird, looks like there's a parallel install of go1.13 and go1.12, and the packages are conflicgting on who owns /usr/bin/go [06:49] yeah [06:49] maybe it is some kind of vendor change situation [06:49] but I really don't know [06:49] actually, afaiu both packages ship /usr/bin/go ? [06:50] I never experienced this myself [06:50] yeah [06:51] zyga: we also ahve `BuildRequires: go >= 1.9` so go1.13 should be just fine, unless it doesn't provide go? [06:52] maybe something else depends [06:52] or maybe we just mass-upgrade [06:52] I didn't look that deeply [06:53] maybe it's confused when we ask for go >= 1.9 :/ [06:53] it's funny, bc we end up with older go than we had :P [06:53] mmm, as in doesn't understand that dependency is satisfied? [06:53] I think that's unlikely [06:53] btw, suse does roll back packages normally [06:53] their repo points to the truth [06:54] and systems adjust [06:54] and it's not unheard of packages going to older releases [06:54] maybe that's what going on [07:01] morning [07:01] hey pawel [07:01] rainy morning [07:01] perfect for Monday [07:06] good morning pstolowski [07:10] zyga: same here [07:29] pstolowski: hey [07:30] zyga: heh, zypper insists on installing 1.12, however what provides lists many options https://paste.ubuntu.com/p/P8NbcSGpRR/ [07:47] mborzecki: your hunch about selinux denials & go doing enumeration of network interfaces was good.. https://paste.ubuntu.com/p/JQQDrTqsg8/ [07:47] pstolowski: heh, no a question which part of the code does that [07:48] pstolowski: maybe pulling in net package triggers is [07:49] it's the randutil code [07:50] omg, i see now, it's listing interfaces [07:51] ah [07:51] / mix in net interfacles hw addresses (MACs etc) [07:51] if ifaces, err := net.Interfaces(); err == nil { [07:51] but it's inderect [07:51] it you neeed to be using RandDuration [07:51] but we have a few places that use RandomDuration at the top level [07:52] it's only in my PR, apparently indirectly pulled (by configcore?) [07:52] https://github.com/snapcore/snapd/blob/master/randutil/rand.go#L93 [07:54] pstolowski: let me think a second, we had something in mind that we might have forgotten [07:55] pedronis: for clarity, this is now triggered by snap cli, not snapd [07:55] pstolowski: yes, we have worked toward a way to build configcore without pulling in the mangers [07:55] but we haven't finished the work [07:55] we really don't want the managers in snap [07:55] this is showing that very indirectly [07:56] good morning pedronis ! [07:59] pstolowski: we need to finish that work [08:00] and it's going to be a of a pain as we learned from nosecboot [08:01] zyga: addeda note under https://github.com/snapcore/snapd/pull/8685#issuecomment-630014236 perhaps it's worth checking with go packaging guidelines or in #opensuse about the best solution [08:01] PR #8685: opensuse: zypper --replacefiles [08:02] mborzecki: btw i also saw some selinux denials that for some reason were not reported when using --checkpoint ..., only shown with ausearch -i -m AVC. i haven't investigated it and i don't know if it is anyhow related to my branch or also present in master - https://pastebin.ubuntu.com/p/TBRdbCFvkS/ [08:02] mborzecki: 1:1 [08:03] pstolowski: am I making sense? [08:05] pedronis: yes, i remember the general idea/desire we discussed some time ago. don't know what does this entail yet [08:05] pstolowski: mostly usinh build flags, except for some of the distro they don't quite work :/ [08:06] pedronis: in this particular case, is there a concern of entropy? could we land this early-config PR by temporarily relaxing selinux check in these tests? [08:07] pstolowski: temporarely for how long? we really don't want to pull in the managers in snapd [08:09] pedronis: i can start working on proper fix today, just don't know how annoying/long will it be and for long early config will be blocked because of this [08:09] pstolowski: to be clear I'm not too concerned about relaxing the selinux rules otoh is completely not the work we need [08:19] pstolowski: i saw those only in our tests though, i suspect it's because we repack the core snap and try to prevent the new squashfs from picking up default label (home_t) by passing unlabeled_t epxliciltly, however we also expliclity set the context=.. when mounting the squashfs, but that doesn't stop the denials due to unlabeled_t when running hooks to appear, i suspect there may be some race [08:19] between snapd accessing the contents and desired label set at the fs level [08:20] pstolowski: iirc if you go an ls -lZ those locations they have snappy_snap_t as expected [08:24] PR snapd#8676 closed: tests: port interfaces-dbus to session-tool [08:28] mborzecki: ack [08:44] re [08:44] mborzecki: looking [08:46] mborzecki: nice work! [08:47] brb, tea and back into the fray :) [08:56] pstolowski: are you blocked atm? [08:57] pedronis: no [08:57] and back [08:58] pstolowski: we can chat after lunch about what to do, I have a meeting now [08:58] pedronis: ok, thanks [09:17] PR snapd#8686 opened: o/devicestate: cleanup system actions supported by recover mode [10:02] pstolowski: can you setup a meeting before the standup when is convenient for you? [10:03] pedronis: will do [10:09] PR snapd#8687 opened: [RFC] overlord: show what manager throws a state ensure error [10:19] PR snapd#8688 opened: [RC] state: log task errors in the journal too [10:46] PR snapd#8689 opened: o/devicestate: raise conflict when requesting system action while seeding [10:48] PR snapd#8690 opened: devicestate: do not report "ErrNoState" for seeded up [11:14] mvo: left a comment under https://github.com/snapcore/snapd/pull/8687#discussion_r426544961 [11:14] PR #8687: [RFC] overlord: show what manager throws a state ensure error [11:15] mborzecki: yeah, saw it, looks interessting. I guess we samuele to decide if we should consider this at all but yeah, if we do maybe doing something smarter would be good. [11:16] yes, I think we touch this, it's better to the work, it shouldn' be too hard to something sensible, it will need more than 1 line though [11:17] pedronis: shall I close it given that it need to be reworked? [11:18] btw. devicemgr seems to dtrt, maybe it's enough we add error wrappers for other managers and still log it in stateengine? [11:18] xerrors would be nice too [11:19] PR snapd#8688 closed: [RFC] state: log task errors in the journal too [11:19] it captures the frame info so we'd have exact line in the manager [11:19] mborzecki: nice [11:20] PR snapd#8688 opened: [RFC] state: log task errors in the journal too [11:20] mborzecki: I'm not sure I want to invest in xerrors atm [11:21] I pressed close by mistake [11:21] mvo: you want to land these things in 2.45 I imagine? [11:22] pedronis: yeah, mostly to give us slightly better error reporting. I know it's not ideal but it seems not like a step backwards and we can always improve it [11:22] pedronis: I care less about 8687 [11:23] pedronis: the other one 8688 is a bit more interessting I feel because I noticed when we ask for logs for install failure we tend to lack information [11:23] pedronis: anyway, up to you - I totally understand if you prefer something better that is less "ad-hoc" [11:23] mvo: I have a old PR to address that, doing the right thing is quite a bit of work [11:24] though, it's probably time to do it, but not 2.45 [11:25] * mvo nods [11:25] pedronis: for which one do you have a PR? or for the stateengine errors one? [11:25] s/or// [11:25] for logging task errors [11:26] it's a PR from 2016 to give you a sense of things [11:26] 8688 would be nice, it was super annoying debugging why install failed when running with too small image, there was no other way but to use the debug shell, not sure if even https://github.com/CanonicalLtd/subiquity/pull/771 will be enough [11:26] PR CanonicalLtd/subiquity#771: console-conf-wrapper: show snapd log during install [11:26] pedronis: woah :) ok [11:27] mborzecki: 771 will be enough but I still think it would be nice to have task error in our log but again, I will not fight over this [11:28] mvo: to be clear, I'm not against the logging, the biggest issue is what to log [11:28] summaries are long, task numbers are not informative [11:29] I'm not sure all summaries are complete enough [11:29] the latter is less of an issue [11:30] pedronis: right - I was thinking about this too and it seemed like the summary is usually ok but yeah, it's not ideal in all cases. [11:30] mvo: i see xnox raised the same issue, i think there's a problem when snap watch/change is called to early [11:30] pedronis, mborzecki fwiw, I created an image too small to install and tested all my changes against that to see if my changes improve the error/log output [11:31] mborzecki: yes, I need to look, it did not happen in my testing but I was probably lucky [11:31] mborzecki: for me it was the other way around actually, usually install-system was already done in the error case by the time this code was reached, but again, I think there is no gurantee :/ [11:31] mborzecki: I need to think [11:32] pedronis: I think you raise an important point, *if* we log the task error we probably need the id there too for cross reference at least. my pr is not doing this right now [11:34] * mvo shuts up for a couple of minutes to give others the chance to talk too :) [11:35] mvo: we don't display task numbers though usually [11:35] * mvo nods [11:36] PR snapd#8680 closed: tests: port interfaces-autopilot-introspection to session-tool [11:42] brb [12:05] PR snapd#8684 closed: tests: add a note about broken test sequence [12:09] mvo: in the context of https://bugs.launchpad.net/snapd/+bug/1878943 it'd be nice if we made use of the timinigs we have in the install-system handler [12:09] Bug #1878943: armhf core20 image unusable on rpi2, rpi3 [12:09] mvo: there's still a question how to show the timings before reboot [12:14] mvo: I made a proposal [12:15] in #8688 [12:15] PR #8688: [RFC] state: log task errors in the journal too [12:24] pedronis: i'm in the HO [12:51] mvo: do you think we could cherry pick https://github.com/snapcore/snapd/pull/8580 to 2.45.1? [12:52] PR #8580: data/completion: add `snap` command completion for zsh [12:52] i'll distro patch it in arch and fedora for now [12:52] mvo: i can open a PR with relevant patches for 2.45 branch [12:57] PR snapd#8691 opened: tests/lib/bin: a TODO to improve the naming and uniformatiy of utilities [12:58] mborzecki: yeah, let's cherry-pick the zsh [12:58] mborzecki: let me look [13:11] PR snapcraft#3130 closed: build providers: don't show an error if there are no auto-refresh changes [13:32] PR snapcraft#2843 closed: snap: only ship .pyc files, strip shared objects [13:40] PR snapd#8690 closed: devicestate: do not report "ErrNoState" for seeded up [13:41] hmm i cannot open files via xdg-desktop-portal anymore in 2.45 [13:41] maj 18 15:40:27 galeon xdg-desktop-por[466975]: g_desktop_app_info_get_string: assertion 'G_IS_DESKTOP_APP_INFO (info)' failed [13:41] maj 18 15:40:27 galeon xdg-desktop-por[466975]: g_app_info_launch_uris: assertion 'G_IS_APP_INFO (appinfo)' failed [13:41] oh no [13:41] (on arch) [13:42] pff, zip/pdf/directories open fine though [13:42] graphical files do not [13:43] they do open outside of snap tho [13:52] * zyga -> lunch [14:36] zyga, we need google-compute-engine availlable for fedora-32 https://paste.ubuntu.com/p/V58T6xCv3v/ [14:37] cachio: where is that package coming from? [14:37] Pharaoh_Atem, hey, you are the owner of the google-compute-engine package in fedora right? [14:37] that's a copr repo [14:37] perhaps we don't need it? [14:38] zyga, I think Neal owners it [14:38] cachio: no, he owns the copr we use to get it from [14:38] cachio: perhaps we don't need the copr at all? [14:38] cachio: or perhaps the package in general [14:38] zyga, ah, ok, I'll try [14:38] cachio: does the stock f32 cloud image have this package installed? [14:39] zyga, let me check [14:43] zyga, seems to be installed [14:43] great, then we don't need anything, just use that [14:43] (no need for copr) [14:46] zyga, yes, now creating the image again [14:46] sounds good [15:01] mborzecki: in your chain of PRs when did you plan to create systems.go ? [15:01] pedronis: it's in this one: https://github.com/snapcore/snapd/pull/8689 [15:01] PR #8689: o/devicestate: raise conflict when requesting system action while seeding [15:02] mborzecki: ok, thx [15:04] Curious if there is a reason /snap/bin is added in profile.d only, and therefore isn't added to non-interactive sessions? [15:04] e.g. snap install aws on server, then `ssh user@server aws` fails with 'command not found' [15:26] mborzecki: I reviewed #8672 and #8686 [15:27] PR #8672: o/devicestate: change how current system is reported for different modes [15:27] PR #8686: o/devicestate: cleanup system actions supported by recover mode [15:30] PR snapd#8692 opened: configcore: add nomanagers buildtag for conditional build [15:31] pedronis: ^ this seems to be sufficient. i can do ConfGetter change separately, didn't do it in this PR as it would create noise in the diff [15:31] pstolowski: as I said it matters less [15:31] pstolowski: I will look at it in a bit [15:38] PR snapcraft#3131 opened: plugin handler: debug build commands if developer debug enabled [15:49] pedronis: thanks! [15:49] ijohnson: thanks for setting up a meeting [15:49] pedronis: sure let me know if there's anything I can do to help or if we should try and pull in somebody from cloud-init [15:51] ijohnson: don't think so, I'll try to prepare a bit in my morning [15:51] ack [15:52] * cachio lunch [16:18] ijohnson: I did a pass on #8683 [16:18] PR #8683: osutil/disks: support IsDecryptedDevice for mountpoints which are dm devices [16:19] thank you looking now [17:02] cachio: hey, can you please update the tw image [17:02] cachio: a "zypper dup" is enough to resolve our issue [17:03] cachio: I could bake it into the prepare section but I think this is just better [17:05] PR snapd#8685 closed: opensuse: zypper --replacefiles [17:07] * zyga EODs [17:07] pedronis: hmm while looking for documentation on the format of DM_UUID and/or the dm/uuid sysfs value it seems that we may have a slight problem [17:07] according to some of the back and forth on https://bugzilla.redhat.com/show_bug.cgi?id=1322110, the DM_UUID is meant to be an implementation detail and ought not to be parsed because it could be broken at any time [17:09] now that may be true generally, but I'm wondering if we can rely on it for now because 1) we are in control of the thing creating the volume (snap-bootstrap calling systemd-cryptsetup) , 2) the thing creating the volume is from other software version we kinda control, in that systemd version 245/luks/cryptsetup seems unlikely to bump and change significantly over the lifetime of the core20 snap [17:10] 3) the version of systemd in the initramfs should always match what's in the core20 snap I think(?) [17:10] zyga, sure, I am finishing fedora 32 [17:10] so all the things poking / creating this device mapper volume (which is where the DM_UUID value comes from) should be stable over the lifetime of uc20/core20 I think [17:11] if that's not good enough then I will need to seriously think about how we can re-write this code, and moreover why we do not have the additional udev params that we expect in the initrd [17:11] zyga, in 10 minutes will be ready [17:11] and Ill fix tw === ijohnson is now known as ijohnson|lunch [17:15] zyga: https://github.com/snapcore/snapd/pull/8685#issuecomment-630315807 what do you mean by unlucky snapshot? does it install the latest aviablel go version (eg. go1.14) or rather the `go` package in version 1.12.sth? [17:15] PR #8685: opensuse: zypper --replacefiles [17:40] Saviq, hey, are you using fedora 28 and 29 images for testing? [17:40] Saviq, we want to rmemove them [17:40] Saviq, is it ok for you? [17:40] cachio: remove away https://github.com/MirServer/mir/blob/master/spread.yaml#L5 [17:40] sergiusens, same question for you [17:41] cachio: we do not. [17:41] Saviq, good, hopefully we will have fedora 32 today [17:41] feel free to remove [17:41] sergiusens, thanks === ijohnson|lunch is now known as ijohnson [17:47] PR snapd#8672 closed: o/devicestate: change how current system is reported for different modes [18:14] ijohnson: well we either parse the uuid, or we call cryptsetup status and parse the output [18:15] pedronis: which do you think we should do? As I said it seems unlikely that the dm uuid will change for the lifetime of uc20, but then again it could since upsteam devs don't think it's meant to be inspected [18:16] ijohnson: it's probably easier to use cryptsetup status, otoh the output doesn't seem super machine friendly (differently for other tools it doesn't seem a way to control the output format) [18:17] let me boot into the initrd and see how the output looks there [18:18] pedronis: let me boot into the initrd to see how it looks there [18:51] PR snapcraft#3132 opened: go v1 plugin: warn when using go.mod and go < 1.13 [19:23] pedronis: after some other new hurdles I learned about (now I have to always also re-build pc gadget to test initramfs changes), I now find that cryptsetup isn't even in the initramfs [19:24] afaict we only have systemd-cryptsetup which doesn't understand the "status" argument [19:24] ijohnson: no, it can only setup things, so much fun [19:24] yep! [19:32] ijohnson: let's pursue the parsing to unblock us, and then reconsider this I suppose [19:32] pedronis: ok, I will add a TODO to the code about sorting this out perhaps [19:49] PR snapd#8693 opened: tests: adding fedora 32 to spread.yaml [19:49] zyga, ~ [19:49] tests breacking on fedora 32 [19:50] zyga, https://paste.ubuntu.com/p/vfQqBG2SCG/ [20:10] * cachio afk [20:22] ijohnson: are you now unblocked on what to do with #8683 ? also if you think is risky keep reading the dm files directly [20:22] PR #8683: osutil/disks: support IsDecryptedDevice for mountpoints which are dm devices [20:22] pedronis: yes I'm unblocked I will address your comments [20:23] ok, thx, going to call it a day [20:23] sounds good, talk to you tomorrow