/srv/irclogs.ubuntu.com/2020/11/09/#snappy.txt

jameshamurray: in case the other message didn't make it, reviewing https://github.com/snapcore/snapd/pull/8943 would be more useful than 6258: it was split out from 6258, and there may not be anything useful in the older PR once it is merged.01:17
mupPR #8943: wrappers: generate D-Bus service activation files <Needs security review> <Created by jhenstridge> <https://github.com/snapcore/snapd/pull/8943>01:17
amurraythanks jamesh - ok I'll go with 8943 then - let me know if you do need 6258 as well and I can come back to that after02:16
mborzeckimorning06:45
mvogood morning zyga07:47
zygagood morning07:47
mborzeckizyga: hey07:53
mborzeckimvo: hey07:54
mvomborzecki: hey, good morning07:54
mborzeckimvo: zyga: wondering, shouldn't this point to libexecdir? https://github.com/snapcore/snapd/blob/master/interfaces/udev/spec.go#L9407:55
mborzeckimvo: #9600 grew a bit :/08:00
mupPR #9600: cmd/s-b/initramfs-mounts: refactor recover mode to implement degraded mode <Complex> <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9600>08:00
zygare08:00
zygahey mborzecki, mvo08:01
zygalooking08:01
zygamborzecki yes, it should08:01
zygamborzecki note that this is affected by https://github.com/snapcore/snapd/pull/761408:01
mupPR #7614: cmd/snap-confine: implement snap-device-helper internally <⛔ Blocked> <Created by zyga> <https://github.com/snapcore/snapd/pull/7614>08:01
zygaI really hope UC20 can be released and we can just merge this branch08:02
zygathen there's only one consumer of snap-device-helper - the host system08:02
mborzeckii reckon since this is started by udevd it's running in pid 1 ns, so $(libexecdir) rathre than hardcoded /usr/lib/snapd08:02
zygaand all paths can be easily understood08:02
zygayes, correct08:02
pstolowskimorning08:03
mborzeckipstolowski: hey08:06
zygabtw, is core20 released?08:07
zygaor branched at least?08:07
mvozyga: uh, it's just "one more thing" :/ or :) depending on POV, we need to review the degraded recovery mode PR and then we are good08:34
zygamvo better to be careful than sorry, even when late08:36
mvozyga: yeah, but it's really really the last thing08:36
zygamvo: maybe bump version to 3.0 :)08:36
mvomborzecki: if you have cycles, a review for 9540 would be great, should be easy I hope08:36
mvozyga: yeah, not a bad idea actually08:37
mvopstolowski: good morning!08:37
mvo(btw :)08:37
pstolowskio/08:37
mborzeckimvo: sure, will do, looking at 9600 atm08:39
mvota08:40
mupPR snapd#9514 closed: interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core ESP layout <Created by woodrow-shen> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/9514>08:51
mborzeckiduh, the more i look at 9600 the more i think secboot.UnlockVolumeUsingSealedKeyIfEncrypted is doing too much09:17
mvomborzecki: if secboot.UnlockVolumeUsingSealedKeyIfEncrypted is doing too much, maybe we need to break it apart :/09:22
mborzeckimvo: i think it shouldn't fall back to doing anything about the unencrypted device, perhaps it'd be better if the caller did the device lookup and knew whether there is an encrypted device or not, and if there is one, just ask to open it09:23
mborzeckistill, if we change that, better do that after 9600 lands and snapd is branched09:24
mvomborzecki: ok09:30
pedronismborzecki: hi, looks like 9605 can be merged ?09:31
mupPR snapd#9605 closed: gadget, overlord/devicestate: validate that system supports encrypted data before install <Run nested> <UC20> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/9605>09:36
mborzeckipedronis: yup, just merged it, there were some failed tests in the morning, but looked like the store downtime that happend on friday09:38
mborzeckipedronis: wdyt about https://github.com/snapcore/snapd/pull/9600#discussion_r519560708 or maybe we should use dirs.SnapRunDir (i.e. /run/snapd/)?09:46
mupPR #9600: cmd/s-b/initramfs-mounts: refactor recover mode to implement degraded mode <Complex> <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9600>09:46
pedronismborzecki: I will re-review it in a little bit and try to answer09:47
mborzeckihm weird, with the latest snapd from edge: taskrunner.go:271: [change 2 "Setup system for run mode" task] failed: internal error: system encryption keys are unset10:15
pedronismborzecki: wrong kernel?  something wrong with directories moves?10:17
mborzeckipedronis: idk yet, investigating10:24
mborzeckipedronis: heh, missing ubuntu-save in gadget ofc10:27
mborzeckipedronis: but te snapd snap i had did not have 9605 yet, so instead snapd hit the sanity check that encryption keys for data & save exist10:28
mborzeckimvo: trivial PR https://github.com/snapcore/snapd/pull/9608 it'd be nth for 2.4810:46
mupPR #9608: gadget/install: add progress logging <Run nested> <Simple 😃> <UC20> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9608>10:46
mvomborzecki: looking10:46
mupPR snapd#9608 opened: gadget/install: add progress logging <Run nested> <Simple 😃> <UC20> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9608>10:46
mvomborzecki: heh, I did something similar for my fde hooks hackish branch :)10:46
mborzeckihaha10:48
pedronismborzecki: I did a nother pass on #9600, some naming comments, biggest suggestion (unclear if we can do it) is https://github.com/snapcore/snapd/pull/9600#discussion_r51971475810:56
mupPR #9600: cmd/s-b/initramfs-mounts: refactor recover mode to implement degraded mode <Complex> <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9600>10:56
mupPR snapd#9609 opened: tests: add unit test for auto-refresh with validate-snap failure <Created by stolowski> <https://github.com/snapcore/snapd/pull/9609>10:56
pstolowskimvo: so as suspected last week, there is an issue with snapd-generator & the units for snapfuse (the change relaeted to preseeding from a few months ago)11:42
mvopstolowski: oh, thanks for finding this. is it hard to fix? something for 2.48?11:42
pstolowskimvo: not hard at all, but annoying since maybe they need to revert preseeding in groovy until new deb is available11:43
pstolowskimvo: i'm not super clear about what is affected yet, will talk to Dmitri today11:43
mvopstolowski: ta11:47
mvopstolowski: let's try to get a fix in asap so that it's part of 2.4811:48
mvopstolowski: I still want to branch that today11:48
pstolowskimvo: hmm yes, but would be good to combine both fixes (task-chaining)?11:48
mborzeckipedronis: hm https://github.com/snapcore/snapd/pull/9600#discussion_r519701222 double checkign you meant to rename MountPointIsFromDisk or verifyMountPoint to mountIsFromDisk?11:48
mupPR #9600: cmd/s-b/initramfs-mounts: refactor recover mode to implement degraded mode <Complex> <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9600>11:48
mvopstolowski: yes, I reviewed the task-chaining11:49
mvopstolowski: that is also tagged 2.48 :)11:49
pedronismborzecki: I meant MountPointIsFromDisk but is not the most important thing11:49
pstolowskimvo: yep i saw the review (thanks! need to think about your question still),  but missed the tag11:50
mborzeckipedronis: pushed everything but this one https://github.com/snapcore/snapd/pull/9600#discussion_r519714758 which could probably be done in a followup12:15
mupPR #9600: cmd/s-b/initramfs-mounts: refactor recover mode to implement degraded mode <Complex> <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9600>12:15
mborzeckiquick errand, back in 3012:16
mupPR snapcraft#3358 closed: Fix colcon v1 workspace sourcing <Created by artivis> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3358>12:20
mborzeckire, heh quicker than i anticipated12:29
mupPR snapcraft#3352 closed: tests: import sort with isort <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3352>12:30
mupPR snapcraft#3357 closed: project schema tests: ensure json format checkers are loaded <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3357>12:30
pedronismborzecki: should we chat about https://github.com/snapcore/snapd/pull/9600#discussion_r519714758 ?12:38
mupPR #9600: cmd/s-b/initramfs-mounts: refactor recover mode to implement degraded mode <Complex> <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9600>12:38
mborzeckimvo:  something to consider for 2.4813:06
mborzeckimvo:  https://github.com/snapcore/snapd/pull/961013:06
mupPR #9610: interfaces/udev: use distro specific path to snap-device-helper <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9610>13:06
mupPR snapd#9610 opened: interfaces/udev: use distro specific path to snap-device-helper <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9610>13:07
mborzeckiheh, all squares instead of fonts again https://forum.snapcraft.io/t/draw-io-snap-system-dialogs-not-rendering-correct/2102613:12
mborzeckipedronis: sorry missed that, we can chat, i have some changes stashed for that already13:13
pedronismborzecki: HO ?13:14
mborzeckiyup13:14
mupPR snapd#9611 opened: tests: migrate test from boot.sh helper to boot-state tool <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/9611>13:32
ijohnsonmorning folks13:34
cjp256\o13:34
ijohnsonhey cjp25613:35
ijohnsoncjp256: I definitely didn't get a chance to look at that bug we talked about, but I have every intention of looking at it today, I triple promise :-)13:35
cjp256a lovely morning over here13:35
ijohnsonit's a bit rainy and gloomy here, and we are about to get a bunch of snow tomorrow so there's that13:37
cjp256ijohnson: no worries, appreciate it whenever you get to it.  I was debating resorting to an infamous sleep() :D13:38
cjp256well snow is good when it accumulates into something to play in!13:40
mvomborzecki: indeed, approved, thanks for finding this one!13:54
mupPR snapcraft#3360 opened: project loader: advanced grammar support for lists <Created by cjp256> <https://github.com/snapcore/snapcraft/pull/3360>13:56
mupPR snapcraft#3361 opened: extensions: use SNAP_COMMON instead of SNAP_DATA for fonts <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/3361>14:01
mborzeckipedronis: pushed set(Find|Mount)State to #960014:30
mupPR #9600: cmd/s-b/initramfs-mounts: refactor recover mode to implement degraded mode <Complex> <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9600>14:30
pedronismborzecki: thx, looking14:30
mborzeckimvo: hmm src/github.com/snapcore/snapd/daemon/api_system_recovery_keys.go:45:24: rkey.String undefined (type *secboot.RecoveryKey has no field or method String)14:44
mborzeckibut it's somehow passing nosecboot tests14:44
mvomborzecki: is that a test failure?14:46
mvomborzecki: looking14:46
om26erCan I build armhf snap on aarch64 server ?14:47
mborzeckimvo: no, a build on sid: https://github.com/snapcore/snapd/pull/9610/checks?check_run_id=137431802814:47
mupPR #9610: interfaces/udev: use distro specific path to snap-device-helper <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9610>14:47
mvomborzecki: that is confusing indeed, looking14:47
ijohnsonhmm seems I have lost the code suggestion feature from github comments :-/14:50
mvomborzecki: I suspect "go install" in in debina/rules is not passing "-tags nosecboot" :/ but it's strange that this became an issue only now14:50
mborzeckimvo: it used to pass nosecboot14:50
mborzeckimvo: cd _build && go install -trimpath -v -p 1 -pkgdir=/home/gopath/src/github.com/snapcore/snapd/_build/std -buildmode=pie -tags "nosecboot withtestkeys"14:51
mvomborzecki: found it14:51
mvomborzecki: debian has issues with tags https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=95678314:52
mvomborzecki: I push a fix shortly14:52
mvomborzecki: there is another suggestion in the debian bug that I want to check too14:56
mupPR snapd#9612 opened: packaging: keep secboot/encrypt_dummy.go in debian <Simple 😃> <Created by mvo5> <https://github.com/snapcore/snapd/pull/9612>14:58
mupPR snapd#9613 opened: snapd-generator: set standard snapfuse options when generating mount units containers <Bug> <Created by stolowski> <https://github.com/snapcore/snapd/pull/9613>15:18
pstolowskimvo: ^15:19
mvopstolowski: \o/15:21
mborzeckigot to drive the kids a bit, i should be back around 8 to take a look at 960015:37
mupPR snapd#9614 opened: tests: enable main lxd test on 20.10 <Simple 😃> <Created by stolowski> <https://github.com/snapcore/snapd/pull/9614>15:43
ijohnsonpedronis: seems that since we use different secboot functions for run key of data and save, we can only really refactor the run key case for data, there's not much overlap between setting the unlock state for data and save, mostly because UnlockEncryptedVolumeUsingKey doesn't (yet) return an UnlockResult :-/15:45
ijohnsonpedronis: I'm leaning towards leaving unlockSaveRunKey as-is (which is actually fairly readable IMHO), and just refactoring unlockDataRunKey, unlockDataFallbackKey and unlockSaveFallbackKey15:46
ijohnsonthoughts ?15:46
pedronisijohnson: you could construct a UnlockRes to pass along I think15:52
ijohnsonpedronis: hmm interesting proposal, let me try that15:52
pedronisijohnson: to be clear, the fallback cases seems the most interesting because they have quite a bit of code attached to them16:01
ijohnsonyes16:01
ijohnsonI actually skipped the unlockSaveRunKey thing you mentioned and will come back to that after sorting out the fallback stuff16:02
ijohnsonpedronis: at the risk of imposing unnecessary spread runs, I ended up removing {save,data}Device from the state machine struct and since that is a no-test change, I am going to push that now to make it clear that it works independently, then I will push up the helper change since with everything together it can be slightly confusing to review I think16:14
zygare16:24
ijohnsonpedronis: ok, got the helper implemented, pushing it shortly, and moving on to the degraded() impl, I notice that we only save if the disk was encrypted on the state machine struct, not on the recoverDegradedState, do you think we should store whether the disk is encrypted or not on recoverDegradedState too ?16:49
ijohnsonI can certainly write the function without adding that to recoverDegradedState, but I'm thinking maybe it would be nice to have there too16:50
pedronisijohnson: I think the function being on the state machine is fine16:52
pedronisijohnson: but you are asking whether degraded should tell if the disk are suppose to be encrypted?16:53
ijohnsonpedronis: yes, I am wondering if we should put whether the disk is encrypted should be in degraded.json16:54
ijohnsonpedronis: re func on state machine, that's fine that's what I'm doing now16:54
pedronisijohnson: mmh, there's an issue, if we jump straight from failing to mount boot to unlockDataFallbackKey it's a bit unclear that the state on m.isEncryptedDev will be right17:10
ijohnsonpedronis: looking17:10
pedronisthere's an assumption in that code that we went through unlockDataRunKey but is not always the case17:10
ijohnsonpedronis: do you mean the code in ensureConsistentUnlockResult (or whatever I named that function) ?17:11
ijohnsonensureUnlockResConsistency apparently17:12
pedronisah17:12
ijohnsonI think it's ok17:12
ijohnsonbecause we only fail if it m.isEncryptedDev was previously _true_ and we now get false17:13
ijohnsonbut then again I could be missing somethign17:13
pedronisno, it's fine but is confusing17:14
ijohnsonpedronis: I think it is slightly less confusing with the helpers17:14
ijohnsonpedronis: I was holding off on pushing the unlock helpers, but they are done right now and I could push them now for you to look at, I was going to wait until either I EOD or I finish the degraded() impl first17:15
pedronisijohnson: do they look straighforward? or there are unclear bits? if the latter pushing ealier might be easier17:24
ijohnsontbh I'm probably not the best judge of straightforwardness of this code given that I've been staring at just this code for the last week :-/ but I do think this is the least complex the code has looked since I started, so probably more straightforward ?17:25
pedronissounds encouraging at least17:26
pedronisijohnson: anyway because of my confusion I'm wondering if isEncryptedDev is needed/helping or not, I'm not 100% sure atm17:28
ijohnsonpedronis: well I think it is helping at least in some of the states, for example in mountData, we need to decide which is the next state to try in the successful path, and we use isEncryptedDev to decide that17:29
ijohnsonotherwise we would need to carry around unlockRes from unlockData* to mountData somehow17:30
pedroniswe have UnlockState17:30
pedronisbut as I said, not clear cut either way17:30
ijohnsonah good point we do17:30
ijohnsonpedronis: well in any case I should have the degraded() impl done in the next few minutes, just writing some tests for degraded() directly and then will push that up17:31
zyganiemeyer, hi, do you think you could help with my forum account17:46
zyganiemeyer I didn't realize it was associated with my @canonical.com address17:46
zygaI'd love to restore it and change the email address to one of my launchpad.net addresses17:47
ijohnsonpedronis: mvo: well I'm all done with the changes we agreed to this morning, and so with that I'll be EOD17:49
ijohnsonI might be able to squeeze in a little bit of time to respond to comments in my late PM, but hopefully things are "good enough" that y'all can just merge it in 1-2 hours time after spread17:50
* ijohnson EODs17:50
ijohnsonmvo: oh also I didn't get around to talking to dave about the pi bootloader stuff, but happy to sort that out tomorrow if y'all don't get a chance to in your AM17:51
mupPR snapcraft#3290 closed: build providers: unified provider refactoring for provider setup <Created by cjp256> <Closed by cjp256> <https://github.com/snapcore/snapcraft/pull/3290>17:51
pedronisijohnson: thx17:53
ijohnsonmvo: oh also I approved 9607, maybe you can pull that in too today :-)17:57
* ijohnson really EODs now17:57
* cachio lunch17:57
mupPR snapd#9615 opened: tests: new commands for snaps-state tool <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/9615>17:58
zygacachio https://github.com/snapcore/snapd/pull/9615#pullrequestreview-52651372018:02
mupPR #9615: tests: new commands for snaps-state tool <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/9615>18:02
mvoijohnson: thank you!18:34
mborzeckire18:37
mborzeckiwow, 9600 is +2,340 −118 now18:38
mupPR snapd#9607 closed: o/devistate: fix chaining of tasks related to regular snaps when preseeding <Bug> <Run nested> <Created by stolowski> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/9607>18:39
mupPR snapd#9610 closed: interfaces/udev: use distro specific path to snap-device-helper <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/9610>18:44
mupPR snapd#9612 closed: packaging: keep secboot/encrypt_dummy.go in debian <Simple 😃> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/9612>18:44
mborzeckiyay18:44
mupPR snapcraft#3349 closed: cli: allow snap-id for validate <Created by sergiusens> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3349>18:56
mupPR snapd#9608 closed: gadget/install: add progress logging <Run nested> <Simple 😃> <UC20> <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/9608>19:19
cachiozyga, thanks19:39
zyga:-)19:39
mupPR snapcraft#3362 opened: project loader grammar: do not transform build-packages <Created by cjp256> <https://github.com/snapcore/snapcraft/pull/3362>23:37
mwhudsonwhat's failing https://launchpadlibrarian.net/506124953/buildlog_snap_ubuntu_bionic_ppc64el_subiquity-hack_BUILDING.txt.gz23:59
mwhudsonhere?23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!