[06:41] <mborzecki> morning
[06:48] <mup> PR snapd#9563 closed: secboot: set metadata and keyslots sizes when formatting LUKS2 volumes <Run nested> <UC20> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/9563>
[06:52] <zyga> good morning
[06:52] <zyga> I need to look after Lucy for an hour and a half now so I won't start until I can pass her over
[07:17] <mborzecki> z hey
[07:41] <zyga> back in the office
[07:41] <zyga> mborzecki, how are things?
[07:46] <mborzecki> zyga: heya
[07:47] <mborzecki> heh, surprising, `mkfs.ext4 <dev>` and `mkfs.ext4 -T default <dev>` produces quite different overhead in the fs
[07:47] <mborzecki> even though if you don't specificy -T, it's the same as 'default'
[07:48] <zyga> oh?
[07:48] <zyga> overhead as in % reserved for root?
[07:52] <mborzecki> zyga: idk, looked at free space only and it was like ~8MB vs ~5MB, but did not investigate further
[07:52] <zyga> interesting
[07:52] <zyga> maybe different feature set?
[07:55] <zyga> I'll start in ~30 minutes
[08:01] <pstolowski> morning
[08:07] <mborzecki> pstolowski: hey
[08:07] <mborzecki> zyga: so if you don't specify anything mkfs.ext4 has some heuristic to choose the settings based on block device size
[08:13] <pstolowski> o/
[08:16] <pedronis> mborzecki: hi, do we need to sync on something?
[08:17] <mborzecki> pedronis: not yet, i've opened https://github.com/snapcore/snapd/pull/9565 yesterday
[08:17] <mup> PR #9565: [RFC] overlord/devicestate: bind mount ubuntu-save under /var/lib/snapd/save on startup <Run nested> <UC20> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9565>
[08:17] <pedronis> yes, saw it
[08:17] <zyga> hey pstolowski, pedronis
[08:17] <mborzecki> pedronis: there's some trouble with default ext4 parameters that we pass during install, instead of ~8MB of free space we get slightly above 4
[08:17] <zyga> how are you? :)
[08:18] <pedronis> mborzecki: in save ?
[08:18] <mborzecki> pedronis: looks like it's beacuse of using -T default instead of letting mkfs choose
[08:18] <mborzecki> pedronis: yes
[08:18] <pedronis> ok
[08:25] <pedronis> mborzecki: do you why we chose to pass default manually?
[08:26] <pedronis> it doesnt seem a good idea in general
[08:26] <mborzecki> pedronis: iirc this follows what ubuntu-image does, the idea was to stick to it as close as possible
[08:26] <pedronis> mmh
[08:27] <mborzecki> pedronis: i'm thinking that maybe it's best to just let mkfs use the defaults from /etc/mke2fs
[08:27] <pedronis> yes, tha would be my impression reading the man page
[08:33] <mborzecki> mhm, i'm adding a little spread test for save, and will tweak the install next
[08:56] <zyga> hmm
[08:56] <zyga> fresh master fails on my machine
[08:56] <zyga> with the following error:
[08:56] <zyga> FAIL: firstboot_test.go:1547: firstBoot16Suite.TestPopulateFromSeedMissingBase
[08:56] <zyga> ...     "cannot accept some assertions:\n" +
[08:56] <zyga> ...     " - assertion is signed with expired public key \"ByUltd1OtnFrz7CpmYlxAB5YDg_hcimrdPamuMMYNtGzKOvJreXK-DpKYZYMG9Lv\" from \"canonical\"\n" +
[08:58] <mup> PR snapd#9568 opened: interfaces,snap: use correct type: {os,snapd} for test data <Skip spread> <Test Robustness> <Created by zyga> <https://github.com/snapcore/snapd/pull/9568>
[08:59] <pedronis> mborzecki: I did a pass on #9565
[08:59] <mup> PR #9565: [RFC] overlord/devicestate: bind mount ubuntu-save under /var/lib/snapd/save on startup <Run nested> <UC20> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9565>
[08:59] <mborzecki> pedronis: thanks, i'll check the comments in a bit
[08:59] <zyga> jamesh, I'd like to skip this call and focus on landing last few bits before I go
[09:00] <jamesh> zyga: okay
[09:01] <zyga> pedronis, ^ is the assertion error expected?
[09:01] <zyga> did we forget to bump some key expiry date?
[09:01] <pedronis> zyga: it's passing here
[09:02] <zyga> HMM
[09:02] <zyga> I did govendor sync as well as some secboot stuff was changed
[09:03] <zyga> pristine master: ... value *errors.errorString = &errors.errorString{s:"assertion is signed with expired public key \"UnnnrXnSNgBgPXpScoO0g3LVnpoFhL3lXme5LYUOhKqLcvioXURIz4jPvzR9zo2b\" from \"canonical\""} ("assertion is signed with expired public key \"UnnnrXnSNgBgPXpScoO0g3LVnpoFhL3lXme5LYUOhKqLcvioXURIz4jPvzR9zo2b\" from \"canonical\"")
[09:03] <zyga> but in a different test now: FAIL: writer_test.go:1989: writerSuite.TestDownloadedCore20CheckBase
[09:03] <mup> PR snapd#9569 opened: tests/nested/core20/save: a test that verifies ubuntu-save is present and set up <Run nested> <UC20> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9569>
[09:03] <zyga> and the error I saw before is gone
[09:03] <zyga> wth?
[09:04] <zyga> another run and it passed
[09:04] <zyga> wat?
[09:05] <zyga> I nuked my go cache and I cannot reproduce this
[09:06] <zyga> so weird
[09:18] <pedronis> zyga: I read there's a bug in go with recent tzdata versions
[09:18] <zyga-mbp> aha
[09:18] <pedronis> not sure it's relevant or not
[09:18] <pedronis> here I have the not affected/ing tzdata fwiw
[09:58] <mborzecki> hm maybe we need to ship /etc/mke2fs.conf in the core snap for the heuristic to work
[09:58] <mborzecki> i did the chabnge, doble checked it's used but the size change isn't there
[10:07] <mborzecki> fwiw, there's a buitlin use in that scenario
[10:08] <mborzecki> https://github.com/tytso/e2fsprogs/blob/ae3a1d571beb1b86cedfee6652a327854499da3f/misc/mke2fs.conf.in
[10:17] <mborzecki> heh, so the built-in config on 20.04 is somewhat different from what i have
[10:20] <mborzecki> so the difference is blocksize, whic is 1024 in the default mke2fs.conf but somehow 4096 in focal
[10:39] <mup> PR snapd#9570 opened: gadget/internal: let mkfs.ext4 figure out the best setup <Run nested> <UC20> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9570>
[10:54] <zyga> re, sorry, I had to power off this VM for a call
[10:57] <zyga> mborzecki, could you please help me with and vulnerable hosts will be notified.
[10:57] <zyga> er
[10:57] <zyga> copy paste fiasco
[10:58] <zyga> https://github.com/snapcore/snapd/pull/9530
[10:58] <mup> PR #9530: interfaces: share /tmp/.X11-unix/ from host or provider <Needs security review> <⚠ Critical> <⛔ Blocked> <Created by zyga> <https://github.com/snapcore/snapd/pull/9530>
[10:59] <mup> PR snapd#9568 closed: interfaces,snap: use correct type: {os,snapd} for test data <Skip spread> <Test Robustness> <Created by zyga> <Merged by zyga> <https://github.com/snapcore/snapd/pull/9568>
[11:03] <zyga> pedronis, I'd like to return to https://github.com/snapcore/snapd/pull/9546
[11:03] <mup> PR #9546: overlord: add inert export manager <Created by zyga> <https://github.com/snapcore/snapd/pull/9546>
[11:03] <zyga> pedronis, I will look at reducing the structure if that is possible but any advice on what you were thinking about would be useful
[11:03] <pedronis> zyga: let me comment there in a couple of minutes
[11:04] <zyga> pedronis, thank you, I'll put my full attention to this
[11:15] <zyga> back with tea
[11:21] <mup> PR snapcraft#3338 closed: Rename plugins keys <Created by xnox> <Closed by xnox> <https://github.com/snapcore/snapcraft/pull/3338>
[11:22] <pedronis> zyga: commented
[11:22]  * pedronis lunch
[11:22] <zyga> looking
[11:24] <zyga> thanks!
[12:24] <mup> PR snapd#9571 opened: tests: re-enable the apt hooks test <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/9571>
[12:31] <zyga> brb
[12:31] <mup> PR snapcraft#3343 opened: build providers: set snapd proxy settings after setup_environment() <Created by cjp256> <https://github.com/snapcore/snapcraft/pull/3343>
[12:42] <zyga> re
[12:46] <pedronis> mborzecki: I added a couple more commens and follow up comments to 9565
[12:47] <mborzecki> pedronis: thanks, saw them
[12:48] <pstolowski> ijohnson: hey, i've replied to your questions on preseed+hooks PR, i hope it makes sense now?
[12:54] <ijohnson> hey pstolowski yes thank you for the excellent explanation it makes sense now
[12:55] <ijohnson> I will approve shortly
[12:57] <pstolowski> thx
[13:00] <cachio> mborzecki, hey
[13:00] <cachio> in f33 I see this https://paste.ubuntu.com/p/SnMj8xF3Hr/
[13:00] <cachio> for selinux-clean test
[13:00] <cachio> could be needed any change in the selinux policy?
[13:17] <zyga-mbp> cachio probably a change in the fs layout that makes us do something new
[13:18] <cachio> zyga-mbp, ok, I'll research a bit more
[13:18] <mborzecki> cachio: yeah, we may need to tweak something
[13:19] <zyga-mbp> it's really annoying that there's no path
[13:19] <zyga-mbp> just a type
[13:19] <mborzecki> zyga-mbp: still an umount by s-c, there shouldn't be too many of those
[13:19] <zyga-mbp> mborzecki that includes all of snap-update-ns, no?
[13:20] <zyga-mbp> so ... well, a lot
[13:20] <zyga-mbp> snap-confine doesn't unmount anything IIRC
[13:20] <zyga-mbp> (anything that is not fixed)
[13:20] <mborzecki> hm, s-u-n should run with a seaprate context (maybe it's not?)
[13:22] <zyga-mbp> mborzecki it is for apparmor but I don't think it is for selinux
[13:23] <mborzecki> zyga-mbp: there's snappy_mount_t, transitions should be set up
[13:28] <mborzecki> hahah the new github jobs status emails are brilliant, huge heading 'some jobs were not successful', but doesn't really say which ones
[13:33] <mborzecki> pedronis: i've updated #9565
[13:33] <mup> PR #9565: overlord/devicestate: bind mount ubuntu-save under /var/lib/snapd/save on startup <Run nested> <UC20> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9565>
[13:34] <pedronis> mborzecki: thx
[13:41]  * zyga-mbp is making progress but needs to interrupt for a while, should resume after standup
[13:41] <zyga-mbp> most of the code is updated, some new tests are being added now
[13:47] <mborzecki> pedronis: can you take a look at https://github.com/snapcore/snapd/pull/9566#discussion_r514269126 ? shouldn't this be /run/mnt/ubuntu-save/device/fde, so InitramfsUbuntuSaveDir + "device/fde" ?
[13:47] <mup> PR #9566: boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save <Run nested> <UC20> <Created by mvo5> <https://github.com/snapcore/snapd/pull/9566>
[13:48] <mborzecki> or we should bind mount save under install host writable save during install?
[13:49] <pedronis> mborzecki: I don't know, we have save mounted somewhere by gadget/install ?
[13:49] <pedronis> we should pick the right dir though
[13:50] <pedronis> mborzecki: maybe the SideData should tell use that
[13:50] <pedronis> *us
[13:50] <mborzecki> pedronis: yes, it's under InitramfsUbuntuSaveDir aka /run/mnt/ubuntu-save
[13:50] <pedronis> I mean, the bind mount seems overkill for install
[13:51] <pedronis> as long as we have the right path to use
[13:51] <mborzecki> i'll look into it
[13:51] <pedronis> thx
[13:55] <mup> PR snapd#9571 closed: tests: re-enable the apt hooks test <Created by sergiocazzolato> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/9571>
[13:55] <mborzecki> pedronis: the final path in run mode is supposed to be /var/lib/snapd/save/device/fde right?
[13:56] <pedronis> yes
[13:57] <dot-tobias> Would the hardware-observe interface give my snap access to /sys/class/dmi/id/chassis_type and /sys/firmware/acpi/pm_profile? snappy-debug just advises to “adjust program to not access <sys device>”
[13:57] <mborzecki> ack
[14:00] <mup> PR snapd#8395 closed: o/ifacestate: handle interface hooks when preseeding <Preseeding 🍞> <Created by stolowski> <Merged by stolowski> <https://github.com/snapcore/snapd/pull/8395>
[14:32] <mup> PR snapcraft#3344 opened: pyproject: add isort with black-compatible configuration <Created by cjp256> <https://github.com/snapcore/snapcraft/pull/3344>
[14:47]  * zyga-mbp has terrible headache and takes a break 
[14:48] <ijohnson> dot-tobias: your snap by default should have read access to `/sys/class/**` by the default profile, do you need write access ?
[14:49] <ijohnson> dot-tobias: regarding /sys/firmware/acpi, we don't seem to have any interface which allows that (either read or write), do you need read or write access to that?
[14:55] <mup> PR snapd#9572 opened: tests: update google sru backend to support groovy <Simple 😃> <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/9572>
[14:59]  * cachio lunch
[15:01] <mborzecki> errands, afk
[15:16]  * zyga-mbp feels better but will resume work at 18:30
[15:29] <zyga-mbp> not so better, whatever it is :/
[15:45] <mup> PR snapd#9573 opened: o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20 <Run nested> <UC20> <Created by pedronis> <https://github.com/snapcore/snapd/pull/9573>
[15:55] <mup> PR snapd#9574 opened: o/devicestate,a/sysdb: make a backup of the device serial to save <Created by pedronis> <https://github.com/snapcore/snapd/pull/9574>
[15:56]  * zyga-mbp gets some meds
[15:56] <niemeyer> func (*containsCheckerSuite) TestContainsUncomparableType(c *check.C) {
[15:56] <niemeyer>         if runtime.Compiler != "go" {
[15:57] <niemeyer> This test will never pass.. it's "gc", I think
[15:57] <niemeyer> Not exactly life threatening, though :)
[15:58] <ijohnson> niemeyer: good catch I can fix that in snapd
[15:58] <niemeyer> ijohnson: Thanks
[15:58] <pedronis> mvo: mborzecki: I opened my PRs
[15:59] <niemeyer> ijohnson: While you're there, another trivial: cmdVersion.Execute doesn't return the error from printVersions
[16:00] <niemeyer> Not a big deal for the current implementation, but it's not ideal at least
[16:00] <ijohnson> sure that at least doesn't make any tests fail :-)
[16:03] <ijohnson> niemeyer: #9575 :-)
[16:03] <mup> PR #9575: testutil, cmd/snap/version: fix misc little errors <Simple 😃> <Test Robustness> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9575>
[16:05] <niemeyer> ijohnson: Speed coding? :)
[16:05] <niemeyer> ijohnson: Thanks!
[16:05] <ijohnson> haha just happened to be switching between other things and so it was easy enough to just do it
[16:05] <mup> PR snapd#9575 opened: testutil, cmd/snap/version: fix misc little errors <Simple 😃> <Test Robustness> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9575>
[16:11] <pedronis> zyga-mbp: notice that some of your comments are actually about #9565 from mborzecki
[16:11] <mup> PR #9565: overlord/devicestate: bind mount ubuntu-save under /var/lib/snapd/save on startup <Run nested> <UC20> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9565>
[16:11] <pedronis> whichc my PR is stacked on
[16:11] <zyga-mbp> pedronis ah, I see
[16:15] <ijohnson> pedronis: mborzecki: #9560 is now updated
[16:15] <mup> PR #9560: gadget/many: drop usage of gpt attr 59 for indicating creation of partitions <Run nested> <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9560>
[16:17] <ijohnson> gofmt 1.9 strikes again!
[16:33]  * mvo is in non-stop meetings fwiw, but will read backlog
[16:57] <pstolowski> pedronis: good news, i think we don't need go 1.13, older go has .WithContext() method that returns new request, and we even use it in the code. what is more, it seems to be working
[16:57] <pstolowski> i also solved other issues i mentioned, and yes, the problem with the test was solved by pushing more data to fill the buffer
[16:58] <pedronis> pstolowski: ah, good
[16:58] <mborzecki> pedronis: zyga-mbp: pushed the updates to 9565
[16:58] <mborzecki> (needs 2nd reviews still)
[17:02] <mvo> mborzecki: some feedback from ijohnson in 9565, I can work on applying the feedback in a wee bit if you want?
[17:08] <mvo> cmatsuoka: it would be great if you could open your PR about the 1.5 object sealing today even if it's not perfect (maybe as a draft?). then samuele and the rest of .eu can look at it/help in our morning :)
[17:09] <cmatsuoka> mvo: yes, will do
[17:11] <mup> PR snapd#9572 closed: tests: update google sru backend to support groovy <Simple 😃> <Skip spread> <Created by sergiocazzolato> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/9572>
[17:13]  * mvo hugs cmatsuoka 
[17:16] <cmatsuoka> mvo: I used the "messy-but-works" alternative because having someting ready in time is important, if I try to tidy up all the details beforehand we'd be at the risk of not having it done end-to-end
[17:17] <cmatsuoka> mvo: so I'll try to tidy it up as much as I can after it works but I'll open a draft PR anyway
[17:20] <mvo> cmatsuoka: great, thanks so much!
[17:30] <ijohnson> mvo: if needed I can move the meeting with Igor around if you wanted to meet before the SU tomorrow?
[17:30] <ijohnson> we were just going to go over my etrace blog post and get it published tomorrow
[17:33] <ijohnson> mmm github actions is very confused on 9565
[17:33]  * ijohnson sympathizes with github actions for being very confused
[17:42] <mvo> ijohnson: should be fine, but thank you!
[17:45] <ijohnson> ack sounds good
[20:57] <mup> PR snapd#9569 closed: tests/nested/core20/save: a test that verifies ubuntu-save is present and set up <Run nested> <UC20> <Created by bboozzoo> <Merged by anonymouse64> <https://github.com/snapcore/snapd/pull/9569>
[20:58] <mup> PR snapcraft#3342 closed: unit tests: mock os.environ.copy() for deb tests <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3342>
[22:08] <mup> PR snapcraft#3341 closed: repo: move apt ppa helpers into apt_ppa module <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3341>