[05:27] morning [07:00] morning [07:04] Good morning [07:04] pstolowski: zyga: hey guys [07:04] I had a terrible night and I’m barely awake, I will not be around for some more time [07:04] Most likely I will take half a day or all day off [07:05] I managed to finally start sleeping only around 6 [07:53] PR snapd#8934 closed: overlord: mock timings.DurationThreshold in TestNewWithGoodState [08:00] mborzecki: hi, could you review #8683 ? [08:00] PR #8683: osutil/disks: support IsDecryptedDevice for mountpoints which are dm devices [08:00] pedronis: sure [08:00] thx [08:34] o/ [08:34] I feel somewhat better and I will work in 30 minutes, just need to handle some remote doctor stuff [08:35] thank you for the review pedronis, I think we will get the backend branch merged this week [09:04] pstolowski: hi, I reviewed #8923 [09:04] PR #8923: wrappers: helper for enabling services (8/9) [09:04] pedronis: hey, thank you [09:11] hmm something has changed (for worse) on https://ubuntu.com/core wrt downloading core images. it's super confusing and more difficult now [09:13] pstolowski: probably something to talk with mvo when he's back [09:13] download link is buried at the bottom under Download Ubuntu Core. Download section at the top > Ubuntu for IoT > Raspberry.. redirects to server images. very confusing. I spent 10 minutes looking for core image [09:25] uh, github 500s [09:30] yeah, it's down [09:31] yeah 😞 [09:32] well, only the UI ... seems cloning still works as expected [09:33] ogra: seems to be somewhat more than that [09:34] eh, I need to stretch my leg and back anyway [09:34] * zyga is not in a good shape today [09:39] brb, quick errand [09:52] re [09:54] so github is not collaborating atm in terms of leaving reviews [09:55] https://github.com/snapcore/snapd/pull/8910 is in a funny state [09:55] PR #8910: usersession: support additional zoom URL schemes [09:55] it's not merged [09:55] but conflicts with nothing? [09:55] maybe got partially merged [09:55] as in merged in the tree but not in some database [09:55] eh, fun [09:56] pedronis: https://www.githubstatus.com indicates the issue is being fixed now [10:06] brb [10:14] PR snapd#8936 opened: osutil: detect autofs mounted in /home [10:22] eh, github is still malfunctioning [10:30] GRRR ... it also affects build.snapcraft.io [10:31] (which is really funny because you can pull/push just fine ... but i guess websockets sit on top of the web service) [10:45] it seems everything is read only now [10:45] * zyga phone + doctor [10:58] re from doctor e-visit [10:58] weird but works [11:01] jdstrand, hmm, seems the raw-usb change to allow access to /dev/usb/lp[0-9] doesnt fully work ... a simple open call with (O_RDWR|O_NONBLOCK) : O_WRONLY) returns "Operation not permitted" ... but no errors are to be found anywhere (neither journal nor dmesg have anything) [11:02] do you have any idea what i should look for (and where) ? [11:03] ogra: look at the apparmor profile and check if there are any deny rules that could explain that [11:03] ogra: also look if the device is udev-tagged [11:04] ogra: a practical way is to check if major:minor and device/char code is present in the device cgroup of the snap that attempts access [11:04] well, but if there was anything with apparmor shouldnt i see denials ? [11:04] ogra: not if there are deny rules [11:04] there are two things that don't log [11:04] device cgroup not allowing things [11:04] and apparmor with a deny rule [11:04] is the /dev/usb/lp* thing a device node? [11:04] would the latter log in devmode ? [11:04] none of those log [11:04] yeah [11:04] in any mode [11:04] ah, k [11:05] ogra@localhost:~$ ls -lh /dev/usb/ [11:05] total 0 [11:05] crw-rw---- 1 root lp 180, 0 Jun 29 10:32 lp0 [11:05] ok [11:05] just a char device [11:05] it's a char device [11:05] so check if that's listed in the device cgroup [11:05] in /sys/fs/cgroup/devices/snap.$SNAP_NAME [11:06] then cat the devices.list file [11:07] if it's not there then that's why [11:07] 180 is not in there [11:07] and we can check why it's not there [11:07] ok, look at the udev rules [11:07] well, most likely because my PR is incomplete 🙂 [11:07] (i only added the entry for apparmor ) [11:07] please check /etc/udev/rules.d/70-snap.$SNAP_NAME.rules [11:07] ah [11:07] I see [11:08] let me know if you need help with the udev side [11:08] you need to figure out what kind of udev attributes to match against [11:08] that was https://github.com/snapcore/snapd/pull/8329 btw [11:08] PR #8329: interfaces: allow raw access to USB printers [11:08] udevadm info --export-db is useful to know [11:08] heh [11:08] I reviewed it [11:09] can you export udev data and paste the relevant fragment please? [11:09] well, jamie made a comment already suspecting it is not enough [11:09] the one that describes that /dev/usb/lp0 [11:09] :) [11:09] yeah [11:09] FWIW I'm happy it got merged [11:09] even if it's not complete [11:09] makes us move forward [11:10] https://paste.ubuntu.com/p/3jshrXD4zj/ [11:10] huh [11:10] what kind of printer is that? [11:10] HP laserjet 1018 [11:11] on UC18 [11:11] maybe we need subsystem=USBMISC [11:11] or maybe core is missing something [11:11] can you plug it to a classic system [11:11] and check if udev says more? [11:11] * zyga is running system backup and that's long and makes fans go wrrrr [11:12] zyga: the fans go brrr? :) [11:12] thats tricky ... the one i have has the hplib stuff installed, that mangles udev afaik [11:12] mborzecki: I go grrr while the fans go wrrr [11:12] ogra: let's try it anyway [11:12] maybe we need more udev rules [11:12] as the core device does not seem to think this is a printer yet [11:13] mborzecki: I reviewed #8924 [11:13] PR #8924: gadget, bootloader: preserve managed boot assets during gadget updates [11:14] https://paste.ubuntu.com/p/46fDj5mzcf/ ... still usbmisc [11:15] pedronis: thanks [11:21] zyga, oh ... i only noticed now tht there is another (higher level) entry (i grepped for "usb/lp" ... ) that actually lists the snap ... it is just not the /dev/usb/lp0 itself that has any tags [11:21] ahh [11:21] interesting [11:21] what's the other entry? [11:21] https://paste.ubuntu.com/p/x7dW98cYFS/ [11:22] hmmm, interesting that there's a precise entry for this [11:22] but not for lp0 [11:22] * zyga doesn't understand usb and udev well enough [11:23] i wonder if i could DEVPATH from that entry ad the "printer device" in the app [11:24] heh [11:24] Connection from 192.168.2.48 port 32908 accepted [11:24] /sys/devices/platform/soc/3f980000.usb/usb1/1-1/1-1.5/1-1.5:1.0: Is a directory [11:24] 😛 [11:27] ogra: hmm? [11:27] does it work [11:27] btw maybe ask til for advice [11:27] nah [11:27] I would love to know more what to do with the permission stack [11:27] and why that character device was not annotated [11:27] well, i guess i need the tags for the actual device node [11:28] but there's nothing to match against, you saw the data [11:28] DEVNAME ? [11:28] after all it is a fixed path ... "/dev/usb/lp*" [11:29] hmm [11:29] maybe [11:29] can udev match against that? [11:30] i guess so ... iirc that is how HP creates the symlinks into /dev [11:30] try it [11:32] https://github.com/snapcore/snapd/pull/8936 is a low hanging fruit [11:32] PR #8936: osutil: detect autofs mounted in /home [11:32] mborzecki: reviewed #8930 [11:32] PR #8930: many: managed boot config during run mode setup [11:32] pedronis: thanks again [11:34] PR snapd#8910 closed: usersession: support additional zoom URL schemes [11:35] backup complete, back to work [11:37] github actions are still down [11:37] but some pages work better now [11:39] all systems operational now [11:41] zyga, well, re-reading jdstrand's comment on the PR i guess just adding usbmisc might be the best [11:41] var rawusbConnectedPlugUDev = []string{ [11:41] `SUBSYSTEM=="usb"`, [11:41] `SUBSYSTEM=="tty", ENV{ID_BUS}=="usb"`, [11:41] } [11:41] here ... [11:41] (no idea where that snippet comes from though) [11:42] probably something like: `SUBSYSTEM=="usbmisc", ENV{DEVNAME}=="/dev/usb/lp*"` (now i dont know if globbing wrks here though) [11:44] mborzecki: also #8925 [11:44] PR #8925: bootloader: allow managed bootloader to update its boot config [11:44] PR snapd#8936 closed: osutil: detect autofs mounted in /home [11:45] PR snapd#8910 opened: usersession: support additional zoom URL schemes [11:45] pedronis: thank you [11:50] PR snapd#8910 closed: usersession: support additional zoom URL schemes [11:50] PR snapd#8936 opened: osutil: detect autofs mounted in /home [12:20] PR snapd#8935 closed: spread.yaml: allow amazon-linux-2-64 qemu with ec2-user/ec2-user [12:28] pstolowski: https://github.com/snapcore/snapd/pull/8932#pullrequestreview-439084856 [12:28] PR #8932: o/ifacestate: update security profiles in connect undo handler [12:28] * zyga -> meds [12:32] re [12:37] zyga: great catch! and i got the test wrong, because with this is should be 0 security backend calls [12:37] happy to help :-) [12:38] thanks! [12:39] mborzecki: could you please do a 2nd review on https://github.com/snapcore/snapd/pull/8863 [12:39] PR #8863: sandbox/cgroup: allow discovering PIDs of given snap [12:39] with this the backend branch is super close to landing [12:39] (and has reduced from 2K+ to sub 1K now) [12:40] PR snapd#8937 opened: o/devicestate: set mark-seeded to done in the task itself [12:43] morning folks [12:43] hey [12:48] ijohnson: hey, since you are here and expressed interested in https://github.com/snapcore/snapd/pull/8863 [12:48] PR #8863: sandbox/cgroup: allow discovering PIDs of given snap [12:48] could you please look, I think it is close [12:48] zyga: yes I will take a look today, sorry it was on my queue for Friday but got lost with other things that came up [12:49] no worries [12:49] I asked maciek as well [12:49] but I think this is very close and I would love to make progress on it :) [12:52] zyga: updated #8932 [12:52] PR #8932: o/ifacestate: update security profiles in connect undo handler [12:53] ack [12:55] pstolowski: did you push? [12:55] maybe gh is broken again [12:56] zyga: yes, but wrong branch ;) [12:56] now [12:56] * pstolowski needs to cleanup his local git repo from old stale branches [13:00] pstolowski: +1 [13:00] ty [13:00] PR snapd#8938 opened: sandbox/cgroup: extend SnapNameFromPid with tracking cgroup data [13:00] ^ that's still a draft, I want to wait for the prerequisite to land and work on the TODO there [13:30] pstolowski: let me know if you want to work on snap-confine and udev or if I should pick it up please [13:35] PR snapd#7168 closed: tests: measure testbed for leaking mountinfo entries [13:35] PR snapd#8570 closed: many: allow using ~/.snapdata instead of ~/snap [13:38] cachio: can you re-review / re-test #8933 ? I think I fixed the issue you found on Friday [13:38] PR #8933: tests/core/uc20-recovery: apply hack to get gopath in recover mode w/ external backend [13:41] zyga: i'll do it [13:41] pstolowski: ok [13:52] * zyga -> lunch! [13:58] ijohnson, checking [14:19] thanks cachio [14:22] back [14:22] * zyga migrates away from irccloud [14:34] yay [14:34] ijohnson, done [14:34] * zyga closed his IRCcloud account [14:34] thanks cachio [14:34] yaw [14:49] #8928 needs a 2nd review, test only and uncontroversial [14:49] PR #8928: tests: add spread test for disconnect undo caused by failing disconnect hook [15:08] pedronis_: do you mean first boot here? https://github.com/snapcore/snapd/pull/8924/files/567604a5eece95698088a21de1e36a9310a2ee77#r446889258 [15:08] PR #8924: gadget, bootloader: preserve managed boot assets during gadget updates === pedronis_ is now known as pedronis [15:11] mborzecki: no, I really mean more the combination of gadget/install and make bootable for run for handling install [15:13] mborzecki: which doesn't use this code? it's a different path? [15:14] pedronis: run mode install is https://github.com/snapcore/snapd/pull/8930 [15:14] PR #8930: many: managed boot config during run mode setup [15:14] mborzecki: yes, but that will overwrite things put there by gadget/install? [15:14] I'm just slightly wondering if we should avoid the double write [15:15] or if I'm confused there's not double write [15:16] pedronis: ah, i see, so you mean the scenario when system-boot is popuated by gadget install, and then InstallBootConfig coes in an overwrites grub.cfg [15:16] yes [15:17] maybe is not worth worrying about it because we will remove things from gadget at some point? [15:17] but it feels a bit asymmetric to filter out things on update but not on write [15:17] pedronis: yeah, i would assume it's not a problem, provided we keep installing boot config last [15:18] with a note perhaps [15:18] pedronis: just to make the assumptions about the order of operations clear [15:19] yea, it sounds like a low-prio todo, so a note here [15:19] and maybe a todo in the write code [15:19] ok [15:33] * cachio lunch [15:35] PR snapd#8936 closed: osutil: detect autofs mounted in /home === zyga-mbp is now known as zyga [16:26] PR snapd#8939 opened: [RFC] snap-confine: don't die if a device from sysfs path cannot be found by udev [16:29] ijohnson: https://github.com/snapcore/snapd/pull/8863 has +2 and I'll merge it when green, if you want to review it I will hold but I'd love to push forward [16:29] let me know please [16:29] PR #8863: sandbox/cgroup: allow discovering PIDs of given snap [16:40] zyga: nah go for it, I wouldn't get to it for at least a couple of hours [16:41] sorry about that, but happy you're make progress, irrespective of my slow (and sometimes absent) reviews :-) [16:41] ijohnson ack, thank you :) [16:41] it was refined so I really think it's ready [17:46] PR snapd#8683 closed: osutil/disks: support IsDecryptedDevice for mountpoints which are dm devices [18:36] PR snapd#8940 opened: tests: fix "restart.service" [20:11] PR snapd#8863 closed: sandbox/cgroup: allow discovering PIDs of given snap [20:16] PR snapd#8941 opened: sandbox/cgroup: avoid parsing security tags twice [20:32] PR snapd#8928 closed: tests: add spread test for disconnect undo caused by failing disconnect hook [20:42] PR snapd#8937 closed: o/devicestate: set mark-seeded to done in the task itself [20:42] PR snapcraft#3192 opened: Flutter [20:47] PR snapcraft#3191 closed: plugins: introduce v1.FlutterPlugin [22:02] PR snapd#8942 opened: tests: to support different images on nested execution