[02:30] PR snapd#9556 closed: tests: testing new fedora 33 image [07:09] good morning mvo [07:10] mvo: I had a look at the changes to the export manager but ended up just going to sleep yesterday; I think today may be better as lately we are sleep deprived by Lucy who is going through the 2-yo hyperactivity phase [07:11] PR snapd#9664 closed: spread: disable unattended-upgrades on ubuntu [07:14] good morning zyga-x240 [07:14] zyga-x240: no worries! thanks for letting me know [07:22] PR snapd#9652 closed: o/servicestate: unlock state before calling wrappers in doServiceControl [07:23] mvo: I saw that the uboot bug was addressed [07:24] mvo: I understand this unblocks gadget updates across the pi lineup [07:24] mvo: and that this was an additional blocker for uc20 [07:24] zyga-x240: yeah, it's pretty good [07:24] zyga-x240: I need to check if we have updated pi/edge already [07:25] zyga-x240: but the debs got udpated, once that is in we will look into fixing it on a broader scope [07:25] mvo: the debs got updated yes [07:26] please note that while great, this makes the pi break on the dbt skew [07:26] only fresh installs are okay [07:26] zyga-x240: yes, we are working on this too [07:26] but it's inevitable [07:26] I know, that's really cool [07:26] zyga-x240: and there is work to use piboot so that we have proper a/b boot with dtbs, so it's advancing on all fronts [07:26] (also not as fast as I wish we would go) [07:27] mvo: I heard about that as well, but I was not sure if that has already started to approach snapd side [07:27] will it be another bootloader variant in our code or will there be some middleware-like abstraction via hooks [07:28] zyga-x240: I think it will be bootloader like [07:28] zyga-x240: maybe a variant of uboot, i.e. if uboot finds config.txt then it will behave slightly differently [07:28] zyga-x240: but the details are not clear yet, we are still in the prototype phase for this [07:30] mvo: I recall that there was some resitence from the pi foundation to help us in any way that would require code changes [07:31] mvo: do you know how A/B or try mode boot will work? [07:31] zyga-x240: dave told me he tested it from pi3 onward [07:31] zyga-x240: but *maybe* we loose the pi2 :( [07:31] zyga-x240: not sure yet, also this seems to be super recent firmware changes [07:31] ah, that's reassuring then [07:32] perhaps it is an improvement to the boot process [07:32] any kind of conditionality or writable state accessible from the native bootloader is sufficient [07:32] but you know that :) [07:32] I hope they changed their minds on it [07:33] morning [07:33] hey mborzecki [07:33] finally got my tires swapped to the winter set [07:33] zyga-x240: I think they did but we helped them with that AIUI [07:34] good morning mborzecki [07:34] mborzecki: just in time for global warming ;-) [07:34] zyga-x240: haha right [07:34] mvo: hey [07:34] mborzecki: I really wish we have a month of -5 to -10 and lots of snow [07:34] I miss that from my childhood [07:34] mborzecki: when you have a few cycles, could you please look at 9497 ? hopefully straightforward [07:34] zyga-x240: no thanks ;) you're free to enjoy winter in canada though [07:35] mvo: sure [07:35] mborzecki: could as well be a screen saver unless I'm there :) [07:35] zyga-x240: or move to minessota [07:35] zyga-x240: the cold there is quite impressive [07:35] mvo: my new boss tries to move me to Italy instead ;-) [07:36] I wish we had that magic house with a handle that can open in four different ways, to go to four different places [07:36] zyga-x240: tbh this sounds quite nice [07:36] a house by the sea, a house in the mountains, in big city and that big black void IIRC [07:36] zyga-x240: move to the south and enjoy the all year round cycling season [07:36] (I love that movie) [07:37] mborzecki: well, now I'd be happy if lucy stopped running around at 1AM every day :) [07:37] I guess that will pass [07:38] zyga-x240: it will pass and in 10y happen again ;) [07:38] zyga-x240: or maybe 15y [07:38] mvo: yeah but when she has her own room that's okay :D [07:39] zyga-x240: heh … good point! [07:39] mvo: I will look at patching spread soon [07:39] I'm split between a fork and proper upstream cooperation [07:40] I'm going to add new backends to it [07:40] mainly to use a muxpi-exposed ad-hoc new API as "cloud" [07:40] initially a 1-1 but later 1-n model (one host talking to a number of configured muxpi's over lan, each exposing some real hardware and features) [07:40] I guess time will tell, I haven't touched this yet [07:45] zyga-x240: nice, looking forward to that [07:45] zyga-x240: more spread development is most welcome [08:03] fun thing i noticed in the serial log of a failed test: ` Error syncing keystore file /usr/share/secureboot/updates/dbx/dbxupdate_x64.bin` [08:04] interesting :) [08:07] morning [08:07] hey pawel :) [08:07] heya [08:20] hey pstolowski ! [08:21] o/ [08:27] pstolowski: hey [08:27] somehow debug logs in #9640 make no sense [08:27] PR #9640: tests/nested/manual/core20-save: verify handling of ubuntu-save with different system variants <⛔ Blocked> [08:31] mborzecki: hey; merge master, this will fix lxd-services-smoke failure [08:33] pstolowski: it's the test changed by the PR, the debug output makes no sense, things which should have been there given the environment variables are not present [08:33] it's as if the env variables are not set, or something overwrites them [08:36] mborzecki: nested.sh might overwrite some stuff? [08:37] pedronis: it sets some things but it should not overwrite NESTED_{ENABLE_TPM,ENABLE_SECURE_BOOT,BUILD_SNAPD_FROM_CURRENT} [08:38] pedronis: otoh, the debug output suggest that NESTED_BUILD_SNAPD_FROM_CURRENT was not set, because the gadget snap was most likely not repacked [08:39] mborzecki: remember that there is some form of image caching [08:40] maybe it's bugggy in terms of reusing things even if they were built with different params ? [08:40] pedronis: this is a manual test and supposedly nothing ran before it [08:40] pedronis: I re-read your comments on 9667 again this morning - is https://github.com/snapcore/snapd/pull/9667/files#diff-3dedbc3a1986cf905aca293ca6d16560d297253859ecaa8bcea2b7dab7143b3cR1360 what you suggested? [08:40] PR #9667: devicestate: implement boot.HasFDESetupHook

[08:41] mvo: yes, that looks like what I had in mind [08:41] pedronis: nice, let me add tests then [08:41] mborzecki: fwtw we do set NESTED_IMAGE_ID in some manual/ tests [08:42] mborzecki: spread bug? I suppose you should sprinkle "env" calls around [08:51] mvo: ask my review again in it when you think it's ready [08:56] pedronis: I just added tests, so a quick look would be good [08:56] mvo: what shall we do with #9633? [08:56] PR #9633: github: run nested suite when commit is pushed to release branch [08:57] mvo: I put it back into my queue [09:17] pstolowski: could you please have a look at 8943 when you have some spare cycles? [09:17] mvo: yes [09:17] \o/ [09:21] it has conflict though [09:22] jamesh: hey, can you merge master ^ if still around? [09:23] pstolowski: doing it now. [09:24] ty [09:34] pstolowski: I've pushed up a fix for the merge conflict. Thanks for looking into this. [09:45] jamesh: thanks, i'll get to it shortly [09:52] PR snapd#9497 closed: usersession/agent: have session agent connect to the D-Bus session bus [09:52] PR snapd#9641 closed: o/servicestate: preserve order of services on snap restart [09:56] funny how that core20-save test works just fine when running on google from local spread :/ [10:19] mborzecki: I see some issues with #9659 [10:19] PR #9659: osutil: add KernelCommandLineKeyValue; boot: refactor ModeAnd...FromKernelCommandLine [10:23] pedronis: hm good catch label != "" and empty mode, looks like it would hit an internal error in cmd_initramfs_mounts in that case, and other call sites ignore the label and just look at the mode [10:31] heh, gorename just paniced on me when trying to rename KernelCommandLineKeyValue [10:34] backtrace --> https://paste.ubuntu.com/p/zcywxYtfB6/ [10:45] jamesh: is this still needed for snap? https://github.com/flatpak/xdg-desktop-portal/pull/443 [10:45] PR flatpak/xdg-desktop-portal#443: Don't use AppArmor to detect snap confined clients [10:46] vidal72[m]: yeah. We'd like to get that in. [10:46] vidal72[m]: I can look at rebasing if that'd help [10:47] it may help yes [10:54] vidal72[m]: sorry for not being more active on this. I got swamped with other work, and it wasn't clear what would have been needed to get it landed back then. [11:05] pedronis: i've updated #9659 [11:05] PR #9659: osutil: add KernelCommandLineKeyValue; boot: refactor ModeAnd...FromKernelCommandLine [11:20] mvo: are you updating #9667 or should i push the tweaks there? [11:20] PR #9667: devicestate: implement boot.HasFDESetupHook

[11:37] mborzecki: thx, will look in a bit [12:08] PR snapd#9661 closed: osutil/disks: add DiskFromName to get a disk using a udev name [12:09] mborzecki: reviewed [12:20] pedronis: thanks, added a proposal of a name for that var in a comment [12:24] morning folks [12:24] mborzecki: are you working on addressing pedronis' feedback on 9659 [12:24] ? [12:28] ijohnson: yeah [12:29] k, thank you ! [12:32] mvo: I reviewed #9656 [12:32] PR #9656: devicestate: support "storage-safety" defaults during install [12:33] degville: ijohnson: ^ there's a log message there where native speaker input could be valuable [12:33] sure I can have a look [12:35] responded === msalvatore_ is now known as msalvatore [12:36] mborzecki: thx, better but I proposed a slight tweak on the name, sorry. mostly is unclear if "mock" is relevant there or not [12:38] ijohnson: thanks, your message sounds good to me [12:39] pedronis: mvo: did y'all see my comment in the SU doc about the uc20 regression? [12:39] pedronis: ijohnson: me too, although I'm trying to think of something other than 'due', as it could imply prefer-unencrypted was unintentionally set. [12:39] * ijohnson has no strong attachment to the word "due" [12:40] ah, language is hard [12:40] ijohnson: yes, sounds something to discuss in the standup [12:40] turtles all the way down. [12:40] pedronis: ok [13:00] * pstolowski lunch [13:34] mborzecki: \o/ for updating 9667 [13:35] pedronis: thanks for the review! [13:38] pstolowski: is #9409 ready for re-reviews? [13:38] PR #9409: cmd/snap: implement 'snap validate' command <⛔ Blocked> [13:38] PR snapd#9667 closed: devicestate: implement boot.HasFDESetupHook

[13:43] PR snapd#9670 opened: devicestate: make checkEncryption fde-setup hook aware [13:46] pedronis: yes [13:49] pstolowski: ok, I put it back into my queue [13:53] PR snapd#9660 closed: gadget/gadget.go: allow system-recovery-{image,select} as roles in gadget.yaml [14:21] PR snapcraft#3381 opened: multipass build provider: check if instance exists before deleting [14:30] pstolowski: pushed a commit with NESTED_IMAGE_ID to #9640 [14:30] PR #9640: tests/nested/manual/core20-save: verify handling of ubuntu-save with different system variants <⛔ Blocked> [14:37] pstolowski: are you blocked right now? [14:38] PR snapd#9659 closed: osutil: add KernelCommandLineKeyValue; boot: refactor ModeAnd...FromKernelCommandLine [14:39] \o/ [14:39] thanks ijohnson ! [14:40] thanks for merging mvo! [14:41] pedronis: not really; but i think i won't start new validation sets PR until existing ones are ok'ed? [14:41] pstolowski: mostly asking if a re-review of the client one can wait tomorrow? [14:42] pedronis: yes that's fine. when you ack the client api bit then i'll update the second existing PR to match [14:51] 8929 needs a second review, should be relatively easy I hope [14:54] * cachio lunch [16:16] looking [16:28] +1 [16:45] amurray: would you ming giving https://github.com/snapcore/snapd/pull/9263 a final review from security? (I commented on the base decl and removal of device-tree only) [16:45] PR #9263: interfaces/fpga: add fpga interface

[16:54] ......................................... [16:55] why does uboot.go refer to the u-boot bootloader as "uboot", but gadget.yaml requires "u-boot" [16:55] * ijohnson sighes heavily [16:55] pedronis: I could use some help here if you have some time [16:55] not sure which we should re-name [16:55] ijohnson: none [16:56] I'm not quite sure why it matters [16:56] I suppose I could just silently alias "u-boot" as "uboot" [16:56] ijohnson: I fear I'm missing something here [16:56] well firstly the names are inconsistent which is just unfortunate as a fact of matter [16:57] kind of yes [16:57] secondly, I am trying to do the ForGadget thing which uses the name of the bootloader from the gadget.yaml to know which bootloader it should try [16:57] that's the part I don't get [16:57] why the gadget.yaml [16:57] that was not what we discussed [16:57] mmm [16:57] maybe is needed for lk [16:57] but is not what we discussed [16:58] * zyga-mbp looks at https://github.com/snapcore/snapd/pull/9546 [16:58] so if we don't use gadget.yaml how do we know what bootloader is in a given extracted gadget tree ? [16:58] PR #9546: overlord: add inert export manager [16:58] ijohnson: we look at the .conf file, as we did before [16:58] are we supposed to just grep for all "*.conf" files and see which one matches ? [16:59] I guess we could do that, it feels again like we are guessing since folks could put whatever .conf they want there in addition to uboot.conf [16:59] ijohnson: the change I had in mind was very simple [16:59] for example [16:59] ijohnson: but that's how things worked already [16:59] we are not trying to change how that works [17:00] I guess I was just trying to make that nicer since it feels silly how much guessing we end up doing [17:00] we are just changing the implementaion details [17:00] ijohnson: well it changes the mechanics quite a bit [17:00] probably not a good thing to do before 22 [17:00] at this point [17:01] pedronis: did you mean not a good thing to do before 20 ? [17:01] no, I mean, if we want to change the mechaninics of detecting the gadget [17:01] bootloader [17:01] that would be a core 22 thing [17:01] at this point [17:02] ok sure I will just go do the silly grep thing [17:02] ijohnson: is not a grep thing [17:02] ijohnson: maybe we should have a quick chat [17:02] sure [17:03] I'm in the SU [17:07] hey King_InuYasha === ijohnson is now known as ijohnson|lunch [17:59] PR snapd#9671 opened: release: snapd 2.48 [18:00] mvo +1 [18:19] PR snapd#9671 closed: release: snapd 2.48 [18:24] thanks zyga-mbp [18:24] :-) [18:24] I should really thank you instead [18:25] cachio: snapd snap in beta for everything but arm* [18:26] cachio: core as well, arm will come in ~1h or so [18:27] mvo, nice [18:27] perfect, validation already started [18:27] cachio: \o/ [18:27] thanks! [18:27] mvyaw [18:27] mvo, yaw [18:39] PR snapd#9672 opened: vendor: update secboot repo to avoid including secboot.test binary [18:52] PR snapcraft#3382 opened: project loader: purge dead code in Config [19:07] cachio: arm is now also ready in beta [19:09] mvo, perfect [19:09] thanks [19:10] I'll write in the docs with the results [19:11] ta! === ijohnson|lunch is now known as ijohnson [19:13] mvo: approved 9672 [19:13] ijohnson: \o/ [19:14] ijohnson: thanks, I closed/reopened because I forgot the "run-nested" label :/ [19:15] ah right [19:52] for clarity, that brings in also https://github.com/snapcore/secboot/pull/108 [19:52] PR secboot#108: Make AddEFISecureBootPolicyProfile less strict [19:53] yes I looked at the diff in secboot and it looked "safe" to me [21:35] PR snapd#9662 closed: bootloader/many: return error from ConfigFile and new* functions <⛔ Blocked> [21:35] PR snapd#9673 opened: bootloader/many: rm ConfigFile, add Present for indicating presence of bloader [23:11] jdstrand: security review done on https://github.com/snapcore/snapd/pull/9263 [23:11] PR #9263: interfaces/fpga: add fpga interface

[23:12] amurray: thanks! [23:51] PR snapd#9674 opened: bootloader/lkenv: mv v1 to separate file, include/lk/snappy_boot_v1.h: little fixups [23:56] PR snapd#9675 opened: bootloader/lkenv: add v2 struct + support using it