=== Eighth_Doctor is now known as Conan_Kudo === Conan_Kudo is now known as Eighth_Doctor [02:40] PR snapd#9027 opened: tests: refresh/revert snapd in uc20 [05:47] morning [06:24] heh, looks our spread images don't have moreutils by default [06:44] mvo: hey [06:45] mvo: snap downloads don't work [06:46] is there any way to get ubuntu-image to include a system-user assertion in the resulting image? [06:46] mborzecki: wut? [06:46] mborzecki: what exactly is broken? [06:47] mborzecki: store again? [06:48] mvo: yes, the status page lists the search api and downlaods as down [06:48] :/ [06:48] ok [06:48] mvo: and they do appear down [06:56] PR snapd#9015 closed: cmd/snap-preseed: handle relative chroot path [07:02] morning [07:02] good morning pstolowski [07:16] pstolowski: hey [08:01] PR snapd#9028 opened: interfaces: new helpers to get and compare system key, for use with seeding debug api (1/N) [08:10] pstolowski: small remarks there [08:10] ty [08:46] quick errand, back in 30 [08:59] pedronis: I had a chat with wgrant earlier today. His main concerns about the theme API was that it was specific to the theme use case rather than being something more generic. [09:01] re [09:16] hello [09:18] zyga: hey, how are you today? [09:18] mvo hey [09:19] mvo, like shit in the human centipede, I think [09:19] not well at all [09:20] mvo, tired [09:20] zyga: :( oh no [09:22] yesterday was incredibly painful, sleeping a little here and there and otherwise just trying to find a position with least pain [09:22] today morning was similar but it's somewhat better now so I grabbed the laptop [09:22] I will try to push forward with PRs [09:23] zyga: thanks! and good luck that the meds help a bit more [09:23] 28th is the day [09:23] not that far away now [09:30] xnox: fyi, you should now be able to build core20 using "snapcraft --use-lxd" for edge Snapcraft [09:30] might be useful to you [09:40] jamesh: thanks, let's discuss next week, what it means if anything [09:52] zyga: hi, do you remember why in the system-key we list only the top directories in /sys/kernel/security/apparmor/features, for some directories, it makes sense like file or ptrace, the level below has a lot detail that isn't that variable, but something like the policy dir has versions which has supported ABIs I think, so there "policy" alone is not very informative/significative [09:55] let me think [09:55] I don't recall why we did this - thinking about it now perhaps because the combinations that actually exists are limited but that's a stretch [09:56] offtopic: I get a change to vendor.json after get-deps.sh [09:56] - "checksumSHA1": "UUnaKjQAEIclOm5Aqe2VmrMiQJY=", [09:56] + "checksumSHA1": "jK98PjsZS3gPOZfc+pqIQaz6r1A=", [09:56] that's secboot [09:56] is that known? [09:57] yes, but I have different diff there [09:57] have you got the latest of both masters? [09:58] my diff is like this: [09:58] - "checksumSHA1": "fqejS2llZXw3gLnOYhg7pcSlY+Q=", [09:58] + "checksumSHA1": "Yfj2ZrgRrklXrshCM1RxH5pvUY8=" [10:04] re, sorry I was taking meds [10:05] I have latest master, I just pulled [10:05] as for both masters, I don't have secboot checked out separately [10:06] weird [10:07] PR snapd#9029 opened: api: seeding debug api (2/N) [10:21] again quick errand, back in 30 [10:22] PR snapd#9030 opened: bootloader/assets: helpers for registering per-edition snippets, register snippets for grub [10:37] PR snapd#9022 closed: usersession/userd: do not modify XDG_DATA_DIRS when calling xdg-open [10:54] hmm, we don't have a debian 10 image? [11:03] re [11:03] zyga: but we have sid :P [11:03] and oldstable :/ [11:04] mborzecki we actually have 10 [11:04] it's just not used [11:04] anyway, I have what I needed [11:07] jamesh: horay! [11:09] xnox: this is the relevant change: https://github.com/snapcore/snapcraft/pull/3218 -- Snapcraft will now enable security.syscalls.intercept.mknod on the container if there is kernel support, which allows the few mknod calls to succeed. [11:09] PR snapcraft#3218: lxd: enable security.syscalls.intercept.mknod if supported to allow snaps to create some device nodes [11:20] we should get the new leap image [11:31] zyga: 15.2? [11:31] new leap version, yeah [11:32] we seem to have the image? (not sure if cachio made this ahead of time or if we are inheriting one somehow) === ijohnson|EOD is now known as ijohnson [11:38] morning folks [11:39] hello Ian [11:40] hey zyga [11:45] curious, even leap 15.2 has relatively old systemd [11:45] 234 [11:52] mborzecki took a while but I updated https://github.com/snapcore/snapd/pull/8977 - not much change but I think it's ready for another look [11:52] PR #8977: cmd/snap: track started apps and hooks [11:52] zyga: k, will take a look [11:52] thanks! [12:03] * zyga afk for 10 minutes [12:15] I have now officially hit the same problem as popey, where I have too many snaps installed and no longer get refreshes :-/ [12:15] pedronis: did the bulk refresh stuff you worked on already land in edge ? [12:15] ijohnson: no, it's blocked on the store fixing perf issues [12:16] ah ok [12:16] * ijohnson snap removes many things in the meantime [12:16] I worked around this by wiping my laptop [12:16] I now only have 68 snaps [12:17] I just realized I had 98 snaps this morning [12:17] I had 300 at one point [12:17] oh wow that's impressive you could even get to that point :-D [12:17] Not wishing to brag :) [12:17] Ikr [12:17] Also 2x all of them [12:19] ah right, also I have 207 .snap files in my /var/lib/snapd/snaps [12:19] although also I did manually set snapd to keep 5 revisions [12:37] PR snapd#9031 opened: interfaces/audio-playback: let pulseaudio own org.pulseaudio.Server [12:42] PR snapd#9032 opened: secboot: add call to reseal an existing key [13:00] PR snapcraft#3220 closed: review tools: link or copy snap to snap common [13:07] PR snapd#9033 opened: osutil, many: add helper for checking whether the process is a go test binary [13:33] PR snapd#9034 opened: cmd/snap-seccomp/syscalls: add faccessat2 [13:46] mborzecki, so about https://github.com/snapcore/snapd/pull/8977 [13:46] PR #8977: cmd/snap: track started apps and hooks [13:46] mborzecki apart from failures in master I think it looks good [13:46] I played with it it some more and ran some more tests in a loop to be sure [13:48] btw, who is looking at the seccomp test failure? [13:56] zyga: #9034 [13:56] PR #9034: cmd/snap-seccomp/syscalls: add faccessat2 [13:57] ah, thanks! [13:58] merge it already :) [14:02] hmm, interfaces-pulseaudio is failing [14:14] * zyga lunch [14:54] zyga, could you please take a look to #8973 [14:54] PR #8973: tests: moving journalctl.sh to a new journal-state tool [14:55] sure [14:55] zyga, and this #8903 [14:55] PR #8903: tests: new core config helper [14:55] zyga, thanks a lot [14:55] sure, one it [14:55] on it* [14:55] PR snapcraft#3221 opened: repo: install requested build-package versions [15:02] cachio first done, please look [15:03] +1 assuming the two comments are adjusted [15:04] uh, one hour till next pill [15:04] I hate this time [15:10] afk for a while [15:56] mvo: looks like https://github.com/snapcore/snapd/pull/9024 is ready, the only failed tests look like store failures [15:56] PR #9024: sysconfig/cloudinit: add RestrictCloudInit [16:03] PR snapd#9035 opened: o/devicestate: save seeding/preseeding times for use with debug seeding api (3/N) [16:50] mvo: if you're still around, if you could close and re-open #9026, I added the "Run nested" label, so all the nested spread tests in that PR will actually run so we should be able to see those pass in Github which would be cool [16:50] PR #9026: tests/nested/manual: add spread tests for cloud-init vuln [16:52] cachio: if you have time could you take a look at the nested spread tests in #9026 ? [16:52] PR #9026: tests/nested/manual: add spread tests for cloud-init vuln === ijohnson is now known as ijohnson|lunch [16:53] PR snapd#9036 opened: snapshots: import of a snapshot set [17:03] mvo https://github.com/snapcore/snapd/pull/9037 [17:03] PR #9037: tests: adjust xdg-open after launcher changes <⚠ Critical> [17:04] PR snapd#9037 opened: tests: adjust xdg-open after launcher changes <⚠ Critical> [17:04] brb [17:08] we have 80 open pull requests [17:08] there's some practical reasons for that, but we'll probably need to go back to mostly reviewing soon [17:08] pedronis ^ that one is easy and fixes (partially) master === ijohnson|lunch is now known as ijohnson [17:20] zyga: approved your xdg-open PR [17:20] thanks :) [17:21] this will need force-merge or merge into the other fix branch from maciek [17:21] (for seccomp) [17:22] zyga: ah right, yeah I added critical label to the other one and will check in on that to merge [17:22] ah but wait that one will also break on xdg-open too [17:22] ack [17:22] and there goes mvo with sudo git merge powers [17:26] vader: noooooo [18:09] ijohnson, hey, if you have time could you please take a look to #8903? [18:09] PR #8903: tests: new core config helper [18:09] cachio: sure, did you see my ping about the nested cloud-init PR? [18:20] ijohnson, no [18:20] checking now [18:20] thanks [18:20] those tests were what we landed for the cloud-init CVE [18:55] ijohnson, I'll need to change how we run the nested tests because we are creating many nested/manual tests [18:56] cachio: yes that PR adds 8 more nested tests [18:56] cachio: is it a workers issue ? [18:56] yes [18:56] I'll split the nightly suite in 2 jobs [18:56] 1 for nightly [18:56] and 1 nested [18:57] and perhaps 1 manual [18:57] ok, makes sense [18:57] also because those use different spread params [18:57] spread env vars [18:58] you are taking the #9026 when mvo is on vacations? [18:58] PR #9026: tests/nested/manual: add spread tests for cloud-init vuln [18:59] cachio: I'd prefer if we could land 9026 as-is first if that's okay with you and then yes I will work on any follow-ups needed [19:00] it would be good to make sure that master gets the fix for the CVE asap, in case there are devices that are only following edge, they will not get the fix yet since the fix is only on stable [19:00] granted that's a very small number of devices I think, but still [19:00] ijohnson, ok, I think the only important is to avoind installing/removing genisoimage [19:00] this could break the following tests [19:00] cachio: sure I think I can push a change, what's the issue with genisoimage ? [19:00] ah is that package already installed ? [19:00] yes [19:01] we do that inthe spread.yaml [19:01] while the suite is preapred [19:01] cachio: let me push up a change for that then to mvo's pr [19:01] ijohnson, then there are some other cosmetic stuff that can wait [19:02] ok [19:04] cachio: pushed up a change to not install/remove genisoimage [19:05] ijohnson, thanks [19:05] let me check a bit more and I'll approve it [19:09] cachio: I'd like to close and re-open 9026 actually, so that we can have the nested spread runs run too, do you know if it works to add the label to the pr after it is opened ? I seem to recall it doesn't work to add the label afterwards [19:09] but I also don't know if I can re-open the PR if I close it since mvo is the one who opened it [19:09] I suppose I could re-open it with a new PR number myself [19:10] ijohnson, I can also run the tests here and paste hte result [19:10] okay that works too [19:50] ijohnson, +1 [19:50] attached all the logs [19:54] Thanks cachio [19:54] ijohnson, yaw [20:30] PR snapd#8903 closed: tests: new core config helper [20:40] * sdhd-sascha damn, just going backing back to SuSE... But the Kubic Distro didn't work with Rancher.... Hmm... (Then i look for an channel to talk... couldn't find some... [20:41] I wonder, what is really "open"source... [20:51] ohOh, i talk .... But ... ;-) [22:19] ijohnson: you, can't slowly me? [22:22] oh, i hope you know, that i just mean it with "words" [22:26] ijohnson: i'm already repeatly read my text... and nothind is true!!! [22:29] ijohnson: i'm sorry ;-) [22:31] ijohnson: i'm damn fucking angry, about our wourld!!! ... [22:37] if i had a problem, whit to much beer.. i know where "ubuntu" is... but i didn't know where i can distorquer them .... ? hmmm.... (me ...) [22:38] i want to say, that other ompanys are not here... [22:42] ijohnson: how are you ? i'm not angry? [22:47] (dont now) I can learn.