/srv/irclogs.ubuntu.com/2020/06/12/#snappy.txt

=== alazred_ is now known as alazred
mupPR snapd#8851 opened: interface/fwupd: add more policies for making fwupd upstream strict <Created by woodrow-shen> <https://github.com/snapcore/snapd/pull/8851>07:21
mupPR snapd#8852 opened: asserts: introduce new assertion validation-set <Created by pedronis> <https://github.com/snapcore/snapd/pull/8852>07:31
mupPR snapd#8853 opened: asserts: introduce the concept of sequence-forming assertion types <validation-sets :white_check_mark:> <Created by pedronis> <https://github.com/snapcore/snapd/pull/8853>07:36
mupPR snapd#8849 closed: tests: fail in setup_reflash_magic() if there is snapd state left <Test Robustness> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/8849>08:51
=== alazred_ is now known as alazred
mupPR snapd#8755 closed: tests: fix classic ubuntu core transition auth <Simple 😃> <Created by sergiocazzolato> <Merged by anonymouse64> <https://github.com/snapcore/snapd/pull/8755>10:47
mupPR snapd#8854 opened: sysconfig/cloudinit: make callers of DisableCloudInit use WritableDefaultsDir <Simple 😃> <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/8854>11:02
ogramwhudson, do you still care for console-conf ? ... https://bugs.launchpad.net/ubuntu/+source/subiquity/+bug/188158812:38
mupBug #1881588: pre-seeding lxd on Core appliances breaks console-conf user creation <snapd:Invalid> <subiquity (Ubuntu):New> <subiquity (Ubuntu Xenial):New> <subiquity (Ubuntu Bionic):New> <https://launchpad.net/bugs/1881588>12:38
ijohnsonogra: that's probably one for xnox these days12:45
ograah, i didnt know he took over console-conf12:53
ogra(specifically for xenian/bionic where it isnt a snap yet)12:54
ogra*xenial12:54
pedronisijohnson: standup ?13:01
xnoxijohnson:  huh. mwhudson is still subiquity lead13:01
xnoxogra:  it is related to the previous stuff on forums etc. "there is no way to create system users/groups for a snap to use"? and/or now it is possible, but breaks other pieces of snapd?13:04
ograxnox, no it is related to a combination of "pre-seeding lxd in an appliance creates a user" .... and ... "console-conf refuses to create a user if /var/lib/extrausers/passwd containe any entry (instead of just checking the "managed" state of the system)"13:06
ogra*contains13:06
ograthere is some hardcoded hackery in snapd or the lxd snap that allows it to create the lxd user on install ... console-conf notes that the extrausers db has a user (even though not the system user) and falls flat on its face13:08
ograas ian described in the bug, console-conf should not check the passwd db with blind assumptions but simply check the "managed" state of the system ... that indicates a prope core system-user has been created13:09
ogra*proper13:09
xnoxogra:  # TODO: use proper snap APIs.13:12
ograxnox, TODO for whom ?13:12
xnoxogra:  is the proper snap API to query "managed" state?13:12
ograi cant release a bunch of appliance i'm working on because of this13:12
xnoxogra:  that's a code comment right next to parsing of the /var/lib/extrausers/passwd, in console_conf13:12
ograoh, yeah13:12
ograthere is an API13:12
ograhah !13:12
ograxnox, https://github.com/snapcore/snapd/wiki/REST-API#get-v2system-info13:13
ogra""managed": false,"13:13
xnoxogra:  but there is also https://docs.ubuntu.com/core/en/guides/manage-devices/#checking-if-a-system-user-assertion-was-created13:14
xnoxsnap known system-user13:14
xnoxogra:  what is that?13:14
ograyeah, that too13:14
ograthe above is the API to query snapd13:14
xnoxogra:  cause console-conf not only needs to know "if there is a system management user already" but also "what it is called"13:14
ograright13:15
ograthe API isndeed only returns the state ... not the usersname13:15
ogra*username13:15
ograhttps://github.com/snapcore/snapd/wiki/REST-API#get-v2users migth help with that13:16
xnoxright13:17
ograbut if the system is managed i can simply refrain from running the user module (if it is a module, i havent looked at subiwuity)13:17
ogra*subiquity ...13:18
ogra(why does my typing suck so badly today 😞 )13:18
ijohnsonxnox: mmm actually maybe you need to be even smarter than snapd, as there could be users created on the system via cloud-init, probs if a user was created by cloud-init console-conf should not run?13:18
ograyeah ... along with the fact that cloud-init created users are typically broken for core ... i.e. will not "snap login" the user and thus the system never becomes "managed"13:20
ijohnsonogra: well with cloud-init you don't have to provide SSO, so there's not an obvious way to have any user created by cloud-init a "snap user"13:21
* pedronis break13:21
ograright ... c-init is simply not designed for core ... (which is why i have been opposing its inclusion since day one)13:21
ijohnsonxnox: anyways probably the best way to fix that bug for now is just to check if snap managed is false, then run cloud-init, if there is a system user, then `snap managed` should return true13:22
ograit allows you all kinds of awful hacks and people simply never (have to) learn the proper ways13:22
ijohnsonxnox: (or use the API instead of the cli cmd, etc.)13:22
ograalternatively just ignoring the lxd user might be an appropriate quick fix/hack13:25
ogra(and probably a potential docker one too ... though i think that one is even worse hardcoded in the readonly /etc/passwd for some obscure reason))13:26
ograyay consistency !13:27
ijohnsonogra: was a bug ever filed about the docker user / group being in the base snap's /etc/{passwd,group} ?13:28
ograno, i only just remembered it again right now ... and it is indeed there13:28
ijohnsonogra: that should probably be assigned to sil2100 or xnox at this point13:28
ogra(no idea if it exists in core20 though)13:31
ijohnsonogra: it exists in core2013:32
ijohnsonsame as core and core1813:32
ograaha13:32
ijohnsonactually since core20 hasn't been released yet, perhaps we could just drop it from the base snap now and move it to extrausers 🤔13:33
ograwell, it might also help to find out how exactly the lxd user gets there in the first place13:34
ograi dont really know if it comes from the lxd snap or snapd13:34
ijohnsonogra: that's known it's the lxd snap doing hacks because it can13:34
ograah13:34
ograso docker would have to be alloed the same hack13:35
ogra*allowed13:35
ijohnsonwell13:35
ijohnsonno, not necessarily, just because lxd gets to be hackish doesn't mean that docker should get to be hackish too13:35
ograheh13:35
ijohnsonanyways this is not the right channel to discuss this13:35
ograoh, note that removing a user from passwd is extremely dangerous ... the UID/GID might change underneath you but writable will have dirs using the old numbers13:38
ogra(this is why the core build scripts have a bunch of pre/post-build md5 sum checks for /etc/passwd and fail hard if anything has changed)13:39
ijohnsonogra: hence why I say we should fix it for core20 before it is released :-D13:40
ograright, but only there ... else you need to do awful filesystem transitions13:40
ijohnsonyeah I don't know how to handle other releases, but that's not my problem to fix13:40
xnoxogra: i agree it's a bug. i'm not sure if fixes in consoleconf alone are enough, or if anything will be needed in snapd too.13:49
xnoxogra:  pasted comments on the bug report, and hope for some advice from snapd team as to which APIs / command-line calls console-conf should use to determine if system is managed or not, and by whom.13:50
ograi'm pretty sure fixing console-conf is enough, snapd provides all info it needs13:50
ograbut yeah, i'll leave it to the snapd team to answer13:50
kenvandineijohnson: hey, fontconfig is biting us again... in really fun ways13:58
kenvandinebug 185863613:58
mupBug #1858636: snapd generates incomplete fontconfig caches, result in emoji rendering issue in chromium <apport-collected> <eoan> <focal> <rls-ff-incoming> <snap> <wayland-session> <chromium-browser (Ubuntu):Confirmed> <snapd (Ubuntu):New> <https://launchpad.net/bugs/1858636>13:58
kenvandineijohnson: a snap refresh will break the cache on the host for debs13:58
ijohnsonkenvandine: do you mean a refresh to any snap version or a specific snap version ?13:58
kenvandineany snap13:59
ijohnsonoh that seems ... bad ...13:59
kenvandineseb128 just reproduced this with a refresh of core13:59
* ijohnson reads the bug13:59
seb128ijohnson, https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1858636/comments/3713:59
mupBug #1858636: snapd generates incomplete fontconfig caches, result in emoji rendering issue in chromium <apport-collected> <eoan> <focal> <rls-ff-incoming> <snap> <wayland-session> <chromium-browser (Ubuntu):Confirmed> <snapd (Ubuntu):New> <https://launchpad.net/bugs/1858636>13:59
seb128has steps13:59
seb128it screws the cache13:59
ijohnsonseb128: that's reproducible in a fresh focal VM for example ?13:59
seb128which means fonts are missing from snap and debs14:00
seb128ijohnson, yes, those steps I just tried on an autopkgtest cloud instance14:00
seb128(I had it created to test something else just poked there)14:00
ijohnsonthanks folks I will have a look here14:02
seb128ijohnson, thanks!14:02
kenvandineijohnson: thanks!14:02
ijohnsonhmm it seems that the focal releases zsync file doesn't work14:05
seb128ijohnson, I don't think it's specific to focal and you trying on your normal system should work fine14:11
abeatoijohnson, hey, how would you define the difference between plugs and slots? Because from an implementation pov, they are in the end quite symmetrical - would you say that the difference is mostly conceptual?14:12
ijohnsonman it is busy today in here14:13
abeatolol14:13
abeatonw, was just a random question14:13
ijohnsonabeato: uh I guess what's the answer you're looking for ? something to give to a customer or your own philosophical musinsgs?14:13
abeatoijohnson, more the second14:14
ijohnsonabeato: yes it is mostly conceptual, but the idea reallly is that a slot is "providing" something that the plug consumes, for example with the docker interface, the slot is providing access to the docker socket14:14
ijohnsonseb128: when I run your final command fc-cat I see a bunch of "Unable to load the cache" messages, I presume that is your bug?14:15
ijohnsonkenvandine: ^14:15
seb128ijohnson, no14:15
ijohnsonseb128: I ran the commands how do I tell if my fontconfig was broken14:15
seb128that's just the cat command not being targetted14:15
seb128as I wrote14:16
ijohnsonhttps://www.irccloud.com/pastebin/8FEZ1pvX/14:16
seb128you should have an entry14:16
seb128"NotoColorEmoji.ttf" 0 "Noto Color Emoji:familylang=en:style=Regular:stylelang=en:fullname=Noto Color ...14:16
ijohnsonseb128: that's what I see14:16
seb128right14:16
seb128it's buggy14:16
seb128try now to do dpkg-reconfigure fontconfig14:16
seb128and try again see if it lists a result14:16
ijohnsonah yes I see now14:17
seb128that's the difference14:17
ijohnsonafter the dpkg-reconfigure I see NotoColorEmoji in the grep output14:17
ijohnsonok14:17
seb128somehow snap does the cache refresh in a way that misses out that installed font14:17
ijohnsonhmm14:17
ijohnsonI need to think on this, but I'm wondering if this is reproducible with any core snap refresh or if it specifically is something new14:18
abeatoijohnson, ok, that what my intuition too - I was curious because in the end you can provide same permissions to either plug or socket.  And I noticed that you can even connect the same plug to two different "slot providers"14:18
seb128ijohnson, the report is from january so it's not "new" as in recent14:18
ijohnsonseb128: kenvandine: because we did land some changes recently to the fontconfig handling but AIUI that was supposed to be for just non-ubuntu distros like arch that were broken14:19
ijohnsonabeato: yes plugs can be connected to many slots, i.e. see gpio pins. what ends up being unique is the _connection_ not itself14:19
ijohnson*connection itself14:19
abeatoright14:19
abeatoijohnson, thanks for the insight14:19
seb128ijohnson, does snap log somewhere the output of the fontconfig cache refresh?14:22
ijohnsonseb128: right so I can see this with an empty /var/cache/fontconfig and edge core snap, refreshing to stable core snap will regenerate the cache, but not in a way that picks up that NotoColorEmoji font, so it is not something that is introducted between 2.45 and master right now14:22
seb128it doesn't create a /var/log/fontconfig.log14:22
seb128ijohnson, I will let you poke at it since you are able to trigger the issue, otherwise my comments are probably just going to slow you down/interrupt, but let me know if I can help in some way14:24
ijohnsonseb128: no we don't save the log anywhere14:24
seb128would be useful to do :)14:24
mupPR snapcraft#3169 opened: package-repositories: allow empty component list <Created by cjp256> <https://github.com/snapcore/snapcraft/pull/3169>14:37
mupPR snapcraft#3170 opened: pluginhandler: no update cache for the build step <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/3170>15:07
mupPR snapcraft#3167 closed: unit tests: move to pytest <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3167>15:37
ograwh owns the expect snap ? i cant remember if it was chipaca, zyga or mvo who initially created it ... https://forum.snapcraft.io/t/expect-snap-not-living-up-to-expectations/1814215:58
ogra*who15:58
ijohnsonogra: seems to be ~snappy-dev https://launchpad.net/~snappy-dev/+snap/expect15:59
ograoh my ... snappy-hub !16:00
ograi thought that was dead since 2017 !16:00
ijohnsonhaha apparently not16:00
ograand it was done by federico ! who is long gone16:00
mupPR snapd#8855 opened: cmd,many: move Version and bits related to snapd tools to snapdtool, merge cmdutil <Created by pedronis> <https://github.com/snapcore/snapd/pull/8855>16:03
=== pedronis_ is now known as pedronis
pedronisthat was fun (#8855), not entirely16:07
mupPR #8855: cmd,many: move Version and bits related to snapd tools to snapdtool, merge cmdutil <Cleanup :broom:> <Created by pedronis> <https://github.com/snapcore/snapd/pull/8855>16:07
ijohnsonpedronis: seems a unit test failure on that PR16:30
pedronisno, something about mkversion.sh16:34
pedronislet's see if it works better now16:35
ijohnsonpedronis: the unit test says it can't create a dir16:35
ijohnsonanyways I'm sure you can debug it16:35
pedronisheh16:35
ijohnsonwhy are fonts so hard16:36
ijohnsonthe spread test we have has a working font package that shows up in the cache but we now have some font packages which do not show up in the cache we generate16:36
=== ijohnson is now known as ijohnson|lunch
pedronisijohnson|lunch: I fixed it, there's some weirdness on centos now though that seems unrelated17:50
=== ijohnson|lunch is now known as ijohnson
ijohnsonpedronis: yeah I've seen that on centos17:52
ijohnsonseems a package probelm17:52
ijohnson*missing package17:53
mupPR snapd#8856 opened: tests/main/install-fontconfig-cache-gen: for bionic, focal use broken font <Test Robustness> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/8856>18:34
mupPR snapd#8857 opened: tests/lib/prepare: increase the size of the uc16/uc18 partitions <Test Robustness> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/8857>18:34
ijohnsontianon: o/ do you have a minute to chat about the docker snap on UC?18:36
mupIssue core20#72 opened: move docker user/group to extrausers <Created by anonymouse64> <https://github.com/snapcore/core20/issues/72>18:40
=== mpontillo_ is now known as mpontillo
jdstrandkenvandine: hey, fyi, https://github.com/snapcore/snapd/pull/8699#pullrequestreview-42934087119:46
mupPR #8699: interfaces/desktop-launch: support confined snaps launching other snaps <Needs Samuele review> <Needs security review> <Created by AlanGriffiths> <https://github.com/snapcore/snapd/pull/8699>19:46
jdstrandkenvandine: I'm not sure alan signed up for a spread test, but it is needed. not sure if you want to reach out for someone from your team to do it in a followup19:47
kenvandinejdstrand: yeah, that is probably something jamesh could help with19:47
jdstrandkenvandine: I mean, he hasn't said 'no' yet, just thought I'd mention it so two weeks from now it isn't blocked on that19:47
kenvandineindeed19:48
kenvandinejdstrand: thanks19:48
jdstrandkenvandine: thanks! :)19:51
roadmrhi jdstrand ! I got a system-files request to access /proc/sys/fs/file-nr, I get the feeling tht might be best covered by another interface, got any ideas?20:29
roadmrif not, is it ok to grant system-files read-only?20:30
jdstrandroadmr: it doesn't exist in an interface, but file-max is in the default template. we should add it to there21:02
jdstrandroadmr: feel free to issue it read only. I've taken a todo to update the default template21:02
roadmrthanks jdstrand21:03
jdstrandnp21:03
roadmrI'll allow it then! cheers!21:03
jdstrandemitorino: fyi ^21:03

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!