[05:34] o/ [05:36] morning [05:40] mborzecki: hey [05:40] zyga: heya [05:41] crappy weather today (this week) [05:42] oh yeah [05:42] I wanted to mention that just now [05:42] Janek is just leaving for school [05:42] I had one fun experience this weekend, [05:43] I was playing QFG:1 and drawing a map in a paper notebook [05:43] and then realized that some of the screen transitions are jumps in the grid pattern as the map does not line up and rooms would overlap [05:43] I was playing this game when I was in primary school and it just hit me now that this happens, I never drew a map before [05:44] I was also playing with my benchmark code and ported it to windows now [05:44] how was your weekend? [05:46] zyga: boring, aching back, did some gardening, then helper my father cut & move some wood since they preemptively fell some birch trees [05:46] mborzecki: preemptively? [05:46] mborzecki: I had one fun gardening surprise [05:46] well, maybe two [05:46] some dates we planted as an experiment are growing [05:46] zyga: yeah, birch trees have a tendency to rot from inside and then fall down during strong winds [05:47] and the tomatoes we planted this pring and now removed (we just cut the part above the ground) are growing back, I didn't knew they could do this [05:47] ah, I didn't know that [05:47] hmm https://forum.snapcraft.io/t/why-snap-set-system-does-need-sudo/20484 looks like an ommision on our side [05:47] omission? [05:48] ah [05:48] I understand [05:48] yeah [05:48] we should also support polkit or being signed in [05:49] replied on the threa [05:49] *thread [05:49] heh https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1643706 also getting some heat over the weekend [05:49] I read that [05:50] zyga: wasn't there an idea to have the list of accessible locations extensible at some point? [05:50] I wonder what do they mean that it works better in flatpak [05:50] IIRC it doesn't work at all unless your app is fully portal aware or you disable the sandbox [05:50] zyga: well, you can mount arbitrary locations iirc [05:50] mborzecki: in flatpak you mean? [05:50] yeah, let me check that [05:50] mborzecki: we could have a hack that reads a global config file [05:51] and mounts any directories there to /run/mnt or something [05:51] sounds a bit hackish [05:51] with open permissions [05:51] with open permissions [05:51] er [05:51] do you have an idea to make it better? [05:53] I need to take Bit out [05:53] zyga: i have a vague recollection of some hallway talk to maybe allow adding custom directories to one of the interfaces (media was it?) [05:53] Lucy is still sleeping [05:53] mborzecki: how would you define extra directories? [05:54] zyga: as in actual mechanics of that? [05:54] yes [05:54] what would the user have to do [05:55] idk, we don't have anything else than snap set or connect [05:56] zyga: and we can't add attributes to slots & plugs dynamically from the cli [05:57] mvo: hey [06:04] re [06:04] mvo: hello [06:04] mborzecki: well, I think doing that technically is not hard [06:04] but we have a busy schedule [06:06] mvo: https://github.com/snapcore/snapd/pull/9485 is a low hanging fruit that needs a 2nd review [06:06] mup: ping [06:14] brb, need to drive my daughter to school [06:19] ok [06:27] hey mborzecki and zyga ! good morning [06:27] zyga: looking [06:41] re [06:55] zyga: I think the error reporting is busted on #9485 [06:55] jamesh: looking [06:55] oh?! [06:55] jamesh: tell us more please [06:55] oh, of course [06:56] thank you, I'll fix this in a moment [06:56] mvo: it's reusing loop iteration variables after the loops [06:56] jamesh: oh, nice catch [06:56] basically all failures get assigned to last suite/section [06:56] I noticed some failures when I broke the tree but I didn't look too hard [07:05] jamesh: https://github.com/snapcore/snapd/pull/9491 [07:06] mvo: bump to 14 days: https://github.com/snapcore/snapd/pull/9492 [07:09] zyga: what's missing for the notification refresh work to land? anything I can/should review? [07:09] mvo: tests [07:09] mvo: I need to write some tests before that can land [07:10] mvo: also, probably, mock that away in tests of the package [07:10] mvo: I was thinking if I should keep the warning [07:10] zyga: why would we keep the warning? [07:11] zyga: honest question :) [07:11] mvo: it's easier to test, it's also something that works in headless systems [07:11] but I think those are weak reasons [07:12] * zyga needs a coffee, made three for his wife today but none for himself [07:12] brb [07:17] mvo: https://github.com/snapcore/snapd/pull/9490#pullrequestreview-506349703 [07:22] zyga: aha, good point [07:22] mvo: we can land yours and I can follow up [07:22] or you can make changes inline [07:22] up to you [07:24] zyga: it's fine, I will just do it, have it almost ready I think [07:24] ok [07:25] zyga: except that my approach (just passing the executor) [07:25] zyga: does not work :/ [07:26] zyga: so if you have something that works, feel free to push to the PR [07:26] ok [07:32] mvo: we can close your branch then [07:33] zyga: sure, just do that then [07:33] zyga: once the other one is up [07:34] * mvo needs to run out for a few min [07:34] ok [07:37] done [07:37] mborzecki: perhaps you can look at https://github.com/snapcore/snapd/pull/9493 [07:44] hmm, with increased concurrency, my slow system is hitting the 10 second itmeout [07:44] *timeout [07:44] mborzecki: was this done because shellcheck hangs on some input? [07:48] zyga: not that i know of, it was there to have an upper bound on shellcheck execution [07:48] also, shellcheck isn't super fast apaprently [07:49] hmm [07:49] ijohnson is on vacation this week? [07:49] but what is the bound for? [07:49] mborzecki: correct [07:51] zyga: what do you mean? [07:59] re [07:59] hmm, cannot connect from hexchat again [08:00] * zyga greatly enjoys https://aubreyhodges.bandcamp.com/album/quest-for-glory-shadows-of-darkness-official-soundtrack [08:00] should buy the album for the sheer love that went into making something so niche [08:05] mvo you said you wanted to have the 1:1? [08:05] re [08:05] restarting hexchat helped [08:07] zyga: wdyt about https://github.com/snapcore/snapd/pull/9493#discussion_r503110724 ? [08:08] mborzecki nice idea [08:08] more responsiveness [08:08] I'd like to have this in a follow up, so that a correct version is merged first [08:12] zyga sorry, was not paying attention earlier [09:02] zyga: 9491 has a strange error in the unit tests [09:02] looking [09:02] yeah this is explained in [09:03] https://github.com/snapcore/snapd/pull/9493/commits/afc1008ad9943c0f25cb096c24febfe1c400741f [09:06] zyga: nice [09:09] mvo we could close 9491 and just merge https://github.com/snapcore/snapd/pull/9493 [09:15] * zyga missed one test [09:26] zyga ok [09:26] something is broken in tumbleweed, should look at that as well [09:26] but first iteration on existing PRs [09:41] I reviewed Ian's maintenance branch https://github.com/snapcore/snapd/pull/9489#pullrequestreview-506453347 [09:48] mup: hello? [09:48] niemeyer: could you please restart mup? it seems to be unhappy [09:48] mup: Let me look into it [09:51] mvo: quick pass over the FDE hook https://github.com/snapcore/snapd/pull/9488#pullrequestreview-506460961 [09:53] zyga: nice, thnak you [09:54] zyga: excellent points, especially about the environment passing. I'm also checking now how to teach systemd-run to have a execution-max-time [09:54] mvo I looked at that and I'm sure there was something [09:55] but there's a difference between services and other things, [09:55] I cannot find it, it's probably a property on one of the unit types [09:55] it could be that I misread something before and there's no execution time limit [09:55] but we can always close the unit [09:55] but that might also require us to use DBus directyl [09:55] *directly [09:56] PR #9431: desktop/notification: add unit tests [09:56] Bug #1846397: snapdragon uc18 image fails to boot (current stable) [09:56] Bug #1888691: [uc20] rpi4 does not boot with armhf on recent 5.4 kernel snaps [09:56] brb, small tweak [09:56] PR #9430: dbustest: fix stale comment references [09:56] Bug #1842259: snap stop --disable svc with socket doesn't disable the socket [09:56] Bug #1897573: ubuntu core 20 with secure boot, install fails [09:56] PR #9427: boot, gadget, bootloader: observer preserves managed bootloader configs [09:56] PR #9436: tests: fix sudo-env test [09:56] oh [09:56] welcome back mup :) [09:56] PR #9424: cmd/snap: allow snap help vs --all to diverge purposefully [09:56] mborzecki: Plugin "ldap" is not enabled here. [09:56] PR #9417: o/snapshotstate: set snapshot set id from its filename [09:56] Bug #1897984: snapd not wiring alias for 'dotnet' that is in snap assertion [09:56] Bug #1898038: docker-support/multipass-support broken with system apparmor3 (20.10) [09:56] PR #9434: o/snapshotstate: improve allocation of new set IDs [09:56] PR #9438: desktop/notification: switch ExpireTimeout to time.Duration [09:57] PR #8573: overlord/snapstate: inhibit startup while unlinked [09:57] mup is back! [09:57] PR #7700: cmd/snap: wait while inhibition file is present [09:57] PR #9442: o/snapshotstate: pass set id to backend.Open, update tests [09:57] PR #9440: gadget: preserve files when indicated by content change observer [09:57] PR #9450: many: scaffolding for snapshots import API [09:57] PR #9247: secboot: use EFIImage type in load sequences [09:57] PR #9036: snapshots: import of a snapshot set [09:57] Bug #1863613: spotify fails to load (Trace/breakpoint trap (core dumped)) [09:57] Bug #1898622: uc20 grade dangerous images don't seed properly with devmode snaps in them [09:57] PR #9454: client: cleanup the Client.raw* and Client.do* method families [09:57] PR #9443: gadget, gadget/install: support for ubuntu-save, create one during install if needed [09:57] PR #9467: daemon: limit reading from snapshot import to Content-Length [09:57] PR CanonicalLtd/ubuntu-image#186: Some options are unsupported for UC20 builds [09:57] PR #9378: tests/nested/manual: add uc20 grade signed cloud-init test [09:57] PR #9391: o/assertstate: introduce ValidationTrackingKey/ValidationSetTracking and basic methods [09:57] PR #9471: cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for same IP addr [09:57] PR #9472: cmd/snap-bootstrap/initramfs-mounts: split off new helper for misc recover files [09:57] PR #9475: tests: add tests.cleanup pop sub-command [09:57] PR #9425: tests: new tests.backup tool [09:57] PR #9478: spread: remove workaround for openSUSE go issue [09:57] PR #44: Proposal fix for Bug #1496319 [09:57] PR #9482: bootloader/assets/grub: adjust fwsetup menuentry label [09:57] PR #9414: tests: new nested tool [09:57] PR #9474: boot, overlord/devicestate: list trusted and managed assets upfront [09:57] PR #9418: many: implement snap routine console-conf-start for synchronizing auto-refreshes [09:57] PR #9484: spread-shellcheck: process paths from arguments in parallel [09:57] mborzecki: I apologize, but I'm pretty strict about only responding to known commands. [09:57] Bug #1643706: snap apps need to be able to browse outside of user $HOME dir. for Desktop installs [09:57] PR #9485: spread-shellcheck: speed up spread-shellcheck even more [09:57] PR #9491: spread-shellcheck: correctly attribute suite errors [09:57] PR #9492: overlord: increase refresh postpone limit to 14 days [09:57] mvo: In-com-pre-hen-si-ble-ness. [09:57] niemeyer: Roses are red, violets are blue, and I don't understand what you just said. [09:57] PR #9490: spread-shellcheck: respect --max-procs in checkfile() [09:57] PR #9493: spread-shellcheck: use single thread pool executor [09:57] PR #9488: [RFC] boot/fdehook: add skeleton fdehook support <â›” Blocked> [09:58] /o\ [10:03] I suspect this has something to do with the internal IRC server going away, for too long [10:12] mup: Are you okay now? [10:12] niemeyer: I apologize, but I'm pretty strict about only responding to known commands. [10:12] mvo: It was in trouble after too many weeks of pending communication with the internal servers [10:13] mvo: Should be in better shape now [10:13] mvo: If anything weird happens please do ping me so I can have a look [10:16] niemeyer: thank you! [10:16] My pleasure [10:25] PR snapd#9492 closed: overlord: increase refresh postpone limit to 14 days [10:26] mvo reviewed https://github.com/snapcore/snapd/pull/9480#pullrequestreview-506492965 [10:26] PR #9480: snap: support different exit-code in the snap command [RFC] [10:33] zyga: yay, you rock [11:19] zyga: I reviewed #9474, it needs a 2nd re-review though [11:19] PR #9474: boot, overlord/devicestate: list trusted and managed assets upfront [11:19] sorry [11:19] wrong PR [11:19] pedronis right [11:19] zyga: I meant #8573 [11:19] PR #8573: overlord/snapstate: inhibit startup while unlinked [11:19] thank you, looking [11:20] cool, I'll rename those in a moment [11:20] pedronis I noticed you noticed that I was thinking about moving the run inhibition to soft check later, on this is something we could think about, but it would have the property that we really download the update and apply it by refusing to start the app during this process [11:21] so the app is linked still, but you cannot run it now, because that would "ruin" the update [11:21] it's not something I want immediately but I think the experience would be better [11:21] zyga: the problem is how to make sure we unlock, right now that is tied to the handlers [11:21] so we always have / try to have undo paths [11:22] we should unlock if the task is undone or when we complete a later task (link snap) [11:22] if we lock in non-handler code it gets more complicated [11:22] I agree it is delicate and has to be done right [11:22] indeed [11:22] this would have that property [11:22] we might actually lock in one of the other tasks [11:22] so soft check could stay soft [11:22] and then do a "binding check" [11:23] that is started at the same time we download [11:23] then we only lock in handlers [11:23] and have the same overall user experience [11:23] soft check tells you no quickly (as now) [11:23] hard check prevents data loss [11:23] and this would be "usability check" in a way ;-) [11:25] the dates in the SU doc were a bit off [11:25] fixed (hopefully) [11:28] pedronis: reviewing https://github.com/snapcore/snapd/pull/9422 would be great, this would unblock the export manager [11:28] PR #9422: overlord: add link participant for linkage transitions [11:29] or some guidance if that is on the right path [11:31] hopefully tomorrow [11:35] great [11:36] I'll iterate on some sprint bits and on the other branches in the meantime [11:44] pedronis: applied both renames, [11:44] * zyga-x240 grabs some hot soup [11:47] jdstrand, amurray: do we need to add close_range to seccomp templates, I can send a patch if you say so [12:21] zyga: hmm, https://paste.ubuntu.com/p/CnVGSKzn3C/ too much load on the system? [12:44] mborzecki re [12:44] sorry, I was in a call [12:44] looking [12:44] hmmm [12:44] maybe we should log with -v [12:45] and see if there's something fishy going on [12:45] but yeah [12:45] it's a new thing, we can revert it if's smelly [12:45] or [12:45] we could use a thread pool executor with one worker [12:45] I think that would be an easy way to sort out the immediate problem (I hope, could be wrong if it's some deadlock) [13:30] * zyga goes to check on family and make coffee for the 2nd part of the day [13:53] mvo: do you have an idea where it's picking up the @users.noreply.github.com from https://github.com/snapcore/snapd/pull/9482/checks?check_run_id=1242371209 ? [13:53] PR #9482: bootloader/assets/grub: adjust fwsetup menuentry label [14:20] mborzecki: in a meeting but I think we can just recommit this with --author="Dimitri..." [14:20] mborzecki: and then force push [14:20] mvo: that's what i did [14:20] mborzecki: \o/ [14:21] and it still fails :P [14:38] mborzecki: oh no :( [14:50] sil2100: hey, do you think you have time today to allow snapd 2.47.1 to *-proposed? [14:51] sil2100: it's in the SRU queue (hope I got it right that monday is your sru day) [14:51] zyga: I'm going to defer to amurray. we have a syscall detector and a) there might be other things and b) amurray may already have the answer for this [14:52] jdstrand ack [14:53] mvo: sure! I can take a look o/ [14:55] * mvo hugs sil2100 [14:55] mborzecki maybe new privacy thing? [14:55] zyga: what are close-range seccomp filters? [14:57] zyga: idk why it's finding 3 email addresses instead of only 2 like i see locally [14:57] mvo: not seccomp filters, just a new system call to close a range of file descriptors quickly [14:57] mborzecki from one or more than one user? [14:57] zyga: oh, neat [14:58] mborzecki maybe some privacy thing is at play? [15:09] uhh errands [15:09] ah, or not yet [15:27] PR snapd#9486 closed: logger: fix snapd.debug=1 parsing [15:27] PR snapd#9494 opened: logger: use strutil.KernelCommandLineSplit in debugEnabledOnKernelCmdline [17:36] &away off [18:51] mvo: HMM [18:52] er [18:52] hmm [18:52] something weird [18:57] zyga-x240: hm? [18:57] werid, we merged the 14 day refresh window [18:58] but I pulled master and my test, that measures old 7 passes [18:58] maybe some fast-forward thing [18:58] * zyga-x240 looks [18:58] * zyga-x240 wrote all the tests for the new desktop notifications [18:58] just looking anything is missing [18:59] pushed to https://github.com/snapcore/snapd/pull/9446 [18:59] PR #9446: overlord,usersession: initial notifications of pending refreshes [19:01] mvo: I'll work on a spread test tomorrow [19:01] I think the new git defaults ff only [19:01] and I need to merge now [19:01] oh well [19:02] * zyga-x240 resolves conflict [19:02] zyga-x240: ok [19:06] mvo: https://github.com/snapcore/snapd/pull/9446 is ready for review [19:06] PR #9446: overlord,usersession: initial notifications of pending refreshes [19:21] zyga-x240: re 9446> supernice! I will have a look in my morning, too tired now [22:38] zyga-mbp: yeah close_range is on my list of stuff to look at (we ideally also would want a newer libseccomp as well so we get openat2 and a few others as well - https://pastebin.ubuntu.com/p/zJRczX4BFk/)