mupPR snapd#9563 closed: secboot: set metadata and keyslots sizes when formatting LUKS2 volumes <Run nested> <UC20> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/9563>06:48
zygagood morning06:52
zygaI need to look after Lucy for an hour and a half now so I won't start until I can pass her over06:52
mborzeckiz hey07:17
zygaback in the office07:41
zygamborzecki, how are things?07:41
mborzeckizyga: heya07:46
mborzeckiheh, surprising, `mkfs.ext4 <dev>` and `mkfs.ext4 -T default <dev>` produces quite different overhead in the fs07:47
mborzeckieven though if you don't specificy -T, it's the same as 'default'07:47
zygaoverhead as in % reserved for root?07:48
mborzeckizyga: idk, looked at free space only and it was like ~8MB vs ~5MB, but did not investigate further07:52
zygamaybe different feature set?07:52
zygaI'll start in ~30 minutes07:55
mborzeckipstolowski: hey08:07
mborzeckizyga: so if you don't specify anything mkfs.ext4 has some heuristic to choose the settings based on block device size08:07
pedronismborzecki: hi, do we need to sync on something?08:16
mborzeckipedronis: not yet, i've opened https://github.com/snapcore/snapd/pull/9565 yesterday08:17
mupPR #9565: [RFC] overlord/devicestate: bind mount ubuntu-save under /var/lib/snapd/save on startup <Run nested> <UC20> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9565>08:17
pedronisyes, saw it08:17
zygahey pstolowski, pedronis08:17
mborzeckipedronis: there's some trouble with default ext4 parameters that we pass during install, instead of ~8MB of free space we get slightly above 408:17
zygahow are you? :)08:17
pedronismborzecki: in save ?08:18
mborzeckipedronis: looks like it's beacuse of using -T default instead of letting mkfs choose08:18
mborzeckipedronis: yes08:18
pedronismborzecki: do you why we chose to pass default manually?08:25
pedronisit doesnt seem a good idea in general08:26
mborzeckipedronis: iirc this follows what ubuntu-image does, the idea was to stick to it as close as possible08:26
mborzeckipedronis: i'm thinking that maybe it's best to just let mkfs use the defaults from /etc/mke2fs08:27
pedronisyes, tha would be my impression reading the man page08:27
mborzeckimhm, i'm adding a little spread test for save, and will tweak the install next08:33
zygafresh master fails on my machine08:56
zygawith the following error:08:56
zygaFAIL: firstboot_test.go:1547: firstBoot16Suite.TestPopulateFromSeedMissingBase08:56
zyga...     "cannot accept some assertions:\n" +08:56
zyga...     " - assertion is signed with expired public key \"ByUltd1OtnFrz7CpmYlxAB5YDg_hcimrdPamuMMYNtGzKOvJreXK-DpKYZYMG9Lv\" from \"canonical\"\n" +08:56
mupPR snapd#9568 opened: interfaces,snap: use correct type: {os,snapd} for test data <Skip spread> <Test Robustness> <Created by zyga> <https://github.com/snapcore/snapd/pull/9568>08:58
pedronismborzecki: I did a pass on #956508:59
mupPR #9565: [RFC] overlord/devicestate: bind mount ubuntu-save under /var/lib/snapd/save on startup <Run nested> <UC20> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9565>08:59
mborzeckipedronis: thanks, i'll check the comments in a bit08:59
zygajamesh, I'd like to skip this call and focus on landing last few bits before I go08:59
jameshzyga: okay09:00
zygapedronis, ^ is the assertion error expected?09:01
zygadid we forget to bump some key expiry date?09:01
pedroniszyga: it's passing here09:01
zygaI did govendor sync as well as some secboot stuff was changed09:02
zygapristine master: ... value *errors.errorString = &errors.errorString{s:"assertion is signed with expired public key \"UnnnrXnSNgBgPXpScoO0g3LVnpoFhL3lXme5LYUOhKqLcvioXURIz4jPvzR9zo2b\" from \"canonical\""} ("assertion is signed with expired public key \"UnnnrXnSNgBgPXpScoO0g3LVnpoFhL3lXme5LYUOhKqLcvioXURIz4jPvzR9zo2b\" from \"canonical\"")09:03
zygabut in a different test now: FAIL: writer_test.go:1989: writerSuite.TestDownloadedCore20CheckBase09:03
mupPR snapd#9569 opened: tests/nested/core20/save: a test that verifies ubuntu-save is present and set up <Run nested> <UC20> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9569>09:03
zygaand the error I saw before is gone09:03
zygaanother run and it passed09:04
zygaI nuked my go cache and I cannot reproduce this09:05
zygaso weird09:06
pedroniszyga: I read there's a bug in go with recent tzdata versions09:18
pedronisnot sure it's relevant or not09:18
pedronishere I have the not affected/ing tzdata fwiw09:18
mborzeckihm maybe we need to ship /etc/mke2fs.conf in the core snap for the heuristic to work09:58
mborzeckii did the chabnge, doble checked it's used but the size change isn't there09:58
mborzeckifwiw, there's a buitlin use in that scenario10:07
mborzeckiheh, so the built-in config on 20.04 is somewhat different from what i have10:17
mborzeckiso the difference is blocksize, whic is 1024 in the default mke2fs.conf but somehow 4096 in focal10:20
mupPR snapd#9570 opened: gadget/internal: let mkfs.ext4 figure out the best setup <Run nested> <UC20> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9570>10:39
zygare, sorry, I had to power off this VM for a call10:54
zygamborzecki, could you please help me with and vulnerable hosts will be notified.10:57
zygacopy paste fiasco10:57
mupPR #9530: interfaces: share /tmp/.X11-unix/ from host or provider <Needs security review> <⚠ Critical> <β›” Blocked> <Created by zyga> <https://github.com/snapcore/snapd/pull/9530>10:58
mupPR snapd#9568 closed: interfaces,snap: use correct type: {os,snapd} for test data <Skip spread> <Test Robustness> <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/9568>10:59
zygapedronis, I'd like to return to https://github.com/snapcore/snapd/pull/954611:03
mupPR #9546: overlord: add inert export manager <Created by zyga> <https://github.com/snapcore/snapd/pull/9546>11:03
zygapedronis, I will look at reducing the structure if that is possible but any advice on what you were thinking about would be useful11:03
pedroniszyga: let me comment there in a couple of minutes11:03
zygapedronis, thank you, I'll put my full attention to this11:04
zygaback with tea11:15
mupPR snapcraft#3338 closed: Rename plugins keys <Created by xnox> <Closed by xnox> <https://github.com/snapcore/snapcraft/pull/3338>11:21
pedroniszyga: commented11:22
* pedronis lunch11:22
mupPR snapd#9571 opened: tests: re-enable the apt hooks test <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/9571>12:24
mupPR snapcraft#3343 opened: build providers: set snapd proxy settings after setup_environment() <Created by cjp256> <https://github.com/snapcore/snapcraft/pull/3343>12:31
pedronismborzecki: I added a couple more commens and follow up comments to 956512:46
mborzeckipedronis: thanks, saw them12:47
pstolowskiijohnson: hey, i've replied to your questions on preseed+hooks PR, i hope it makes sense now?12:48
ijohnsonhey pstolowski yes thank you for the excellent explanation it makes sense now12:54
ijohnsonI will approve shortly12:55
cachiomborzecki, hey13:00
cachioin f33 I see this https://paste.ubuntu.com/p/SnMj8xF3Hr/13:00
cachiofor selinux-clean test13:00
cachiocould be needed any change in the selinux policy?13:00
zyga-mbpcachio probably a change in the fs layout that makes us do something new13:17
cachiozyga-mbp, ok, I'll research a bit more13:18
mborzeckicachio: yeah, we may need to tweak something13:18
zyga-mbpit's really annoying that there's no path13:19
zyga-mbpjust a type13:19
mborzeckizyga-mbp: still an umount by s-c, there shouldn't be too many of those13:19
zyga-mbpmborzecki that includes all of snap-update-ns, no?13:19
zyga-mbpso ... well, a lot13:20
zyga-mbpsnap-confine doesn't unmount anything IIRC13:20
zyga-mbp(anything that is not fixed)13:20
mborzeckihm, s-u-n should run with a seaprate context (maybe it's not?)13:20
zyga-mbpmborzecki it is for apparmor but I don't think it is for selinux13:22
mborzeckizyga-mbp: there's snappy_mount_t, transitions should be set up13:23
mborzeckihahah the new github jobs status emails are brilliant, huge heading 'some jobs were not successful', but doesn't really say which ones13:28
mborzeckipedronis: i've updated #956513:33
mupPR #9565: overlord/devicestate: bind mount ubuntu-save under /var/lib/snapd/save on startup <Run nested> <UC20> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9565>13:33
pedronismborzecki: thx13:34
* zyga-mbp is making progress but needs to interrupt for a while, should resume after standup13:41
zyga-mbpmost of the code is updated, some new tests are being added now13:41
mborzeckipedronis: can you take a look at https://github.com/snapcore/snapd/pull/9566#discussion_r514269126 ? shouldn't this be /run/mnt/ubuntu-save/device/fde, so InitramfsUbuntuSaveDir + "device/fde" ?13:47
mupPR #9566: boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save <Run nested> <UC20> <Created by mvo5> <https://github.com/snapcore/snapd/pull/9566>13:47
mborzeckior we should bind mount save under install host writable save during install?13:48
pedronismborzecki: I don't know, we have save mounted somewhere by gadget/install ?13:49
pedroniswe should pick the right dir though13:49
pedronismborzecki: maybe the SideData should tell use that13:50
mborzeckipedronis: yes, it's under InitramfsUbuntuSaveDir aka /run/mnt/ubuntu-save13:50
pedronisI mean, the bind mount seems overkill for install13:50
pedronisas long as we have the right path to use13:51
mborzeckii'll look into it13:51
mupPR snapd#9571 closed: tests: re-enable the apt hooks test <Created by sergiocazzolato> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/9571>13:55
mborzeckipedronis: the final path in run mode is supposed to be /var/lib/snapd/save/device/fde right?13:55
dot-tobiasWould the hardware-observe interface give my snap access to /sys/class/dmi/id/chassis_type and /sys/firmware/acpi/pm_profile? snappy-debug just advises to β€œadjust program to not access <sys device>”13:57
mupPR snapd#8395 closed: o/ifacestate: handle interface hooks when preseeding <Preseeding 🍞> <Created by stolowski> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/8395>14:00
mupPR snapcraft#3344 opened: pyproject: add isort with black-compatible configuration <Created by cjp256> <https://github.com/snapcore/snapcraft/pull/3344>14:32
* zyga-mbp has terrible headache and takes a break 14:47
ijohnsondot-tobias: your snap by default should have read access to `/sys/class/**` by the default profile, do you need write access ?14:48
ijohnsondot-tobias: regarding /sys/firmware/acpi, we don't seem to have any interface which allows that (either read or write), do you need read or write access to that?14:49
mupPR snapd#9572 opened: tests: update google sru backend to support groovy <Simple πŸ˜ƒ> <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/9572>14:55
* cachio lunch14:59
mborzeckierrands, afk15:01
* zyga-mbp feels better but will resume work at 18:3015:16
zyga-mbpnot so better, whatever it is :/15:29
mupPR snapd#9573 opened: o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20 <Run nested> <UC20> <Created by pedronis> <https://github.com/snapcore/snapd/pull/9573>15:45
mupPR snapd#9574 opened: o/devicestate,a/sysdb: make a backup of the device serial to save <Created by pedronis> <https://github.com/snapcore/snapd/pull/9574>15:55
* zyga-mbp gets some meds15:56
niemeyerfunc (*containsCheckerSuite) TestContainsUncomparableType(c *check.C) {15:56
niemeyer        if runtime.Compiler != "go" {15:56
niemeyerThis test will never pass.. it's "gc", I think15:57
niemeyerNot exactly life threatening, though :)15:57
ijohnsonniemeyer: good catch I can fix that in snapd15:58
niemeyerijohnson: Thanks15:58
pedronismvo: mborzecki: I opened my PRs15:58
niemeyerijohnson: While you're there, another trivial: cmdVersion.Execute doesn't return the error from printVersions15:59
niemeyerNot a big deal for the current implementation, but it's not ideal at least16:00
ijohnsonsure that at least doesn't make any tests fail :-)16:00
ijohnsonniemeyer: #9575 :-)16:03
mupPR #9575: testutil, cmd/snap/version: fix misc little errors <Simple πŸ˜ƒ> <Test Robustness> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9575>16:03
niemeyerijohnson: Speed coding? :)16:05
niemeyerijohnson: Thanks!16:05
ijohnsonhaha just happened to be switching between other things and so it was easy enough to just do it16:05
mupPR snapd#9575 opened: testutil, cmd/snap/version: fix misc little errors <Simple πŸ˜ƒ> <Test Robustness> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9575>16:05
pedroniszyga-mbp: notice that some of your comments are actually about #9565 from mborzecki16:11
mupPR #9565: overlord/devicestate: bind mount ubuntu-save under /var/lib/snapd/save on startup <Run nested> <UC20> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9565>16:11
pedroniswhichc my PR is stacked on16:11
zyga-mbppedronis ah, I see16:11
ijohnsonpedronis: mborzecki: #9560 is now updated16:15
mupPR #9560: gadget/many: drop usage of gpt attr 59 for indicating creation of partitions <Run nested> <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9560>16:15
ijohnsongofmt 1.9 strikes again!16:17
* mvo is in non-stop meetings fwiw, but will read backlog16:33
pstolowskipedronis: good news, i think we don't need go 1.13, older go has .WithContext() method that returns new request, and we even use it in the code. what is more, it seems to be working16:57
pstolowskii also solved other issues i mentioned, and yes, the problem with the test was solved by pushing more data to fill the buffer16:57
pedronispstolowski: ah, good16:58
mborzeckipedronis: zyga-mbp: pushed the updates to 956516:58
mborzecki(needs 2nd reviews still)16:58
mvomborzecki: some feedback from ijohnson in 9565, I can work on applying the feedback in a wee bit if you want?17:02
mvocmatsuoka: it would be great if you could open your PR about the 1.5 object sealing today even if it's not perfect (maybe as a draft?). then samuele and the rest of .eu can look at it/help in our morning :)17:08
cmatsuokamvo: yes, will do17:09
mupPR snapd#9572 closed: tests: update google sru backend to support groovy <Simple πŸ˜ƒ> <Skip spread> <Created by sergiocazzolato> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/9572>17:11
* mvo hugs cmatsuoka 17:13
cmatsuokamvo: I used the "messy-but-works" alternative because having someting ready in time is important, if I try to tidy up all the details beforehand we'd be at the risk of not having it done end-to-end17:16
cmatsuokamvo: so I'll try to tidy it up as much as I can after it works but I'll open a draft PR anyway17:17
mvocmatsuoka: great, thanks so much!17:20
ijohnsonmvo: if needed I can move the meeting with Igor around if you wanted to meet before the SU tomorrow?17:30
ijohnsonwe were just going to go over my etrace blog post and get it published tomorrow17:30
ijohnsonmmm github actions is very confused on 956517:33
* ijohnson sympathizes with github actions for being very confused17:33
=== King_InuYasha is now known as Conan_Kudo
=== Conan_Kudo is now known as King_InuYasha
mvoijohnson: should be fine, but thank you!17:42
ijohnsonack sounds good17:45
=== ijohnson is now known as ijohnson|lunch
=== ijohnson|lunch is now known as ijohnson
mupPR snapd#9569 closed: tests/nested/core20/save: a test that verifies ubuntu-save is present and set up <Run nested> <UC20> <Created by bboozzoo> <Merged by anonymouse64> <https://github.com/snapcore/snapd/pull/9569>20:57
mupPR snapcraft#3342 closed: unit tests: mock os.environ.copy() for deb tests <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3342>20:58
mupPR snapcraft#3341 closed: repo: move apt ppa helpers into apt_ppa module <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3341>22:08

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!