=== mup_ is now known as mup | ||
mup | PR snapd#9841 opened: usersession/agent: change ~/snap perms to 0700 on startup <Bug> <Needs security review> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9841> | 01:04 |
---|---|---|
mborzecki | morning | 06:43 |
zyga | hello | 07:25 |
zyga | mborzecki, mvo is not up yet, please tell him about debian freeze | 07:25 |
zyga | https://lists.debian.org/debian-devel-announce/2021/01/msg00002.html | 07:25 |
mborzecki | zyga_: hey, will do | 07:25 |
zyga | mborzecki, it may be the right moment to update the package | 07:25 |
zyga | mborzecki, there are few releases missing: https://tracker.debian.org/pkg/snapd | 07:26 |
zyga | and all kinds of things not good | 07:26 |
mborzecki | mvo: hey | 07:56 |
mborzecki | mvo: zyga indicated debian freeze is starting https://lists.debian.org/debian-devel-announce/2021/01/msg00002.html | 07:56 |
mborzecki | mvo: and we're bit behind with snapd updates https://tracker.debian.org/pkg/snapd | 07:57 |
mvo | mborzecki: uh, great point. I had 2.48 in the pipeline but one unit test failure caused issues | 07:58 |
mvo | mborzecki: I will cherry-pick the fix | 07:59 |
jamesh | mvo: so, my library dependency checker shows that the snapd snap is missing libz.so.1, libudev.so.1, and libfuse.so.2: https://paste.ubuntu.com/p/m5RHWNs7jn/ | 08:10 |
mvo | jamesh: oh, nice | 08:13 |
mvo | jamesh: thanks for this! | 08:13 |
mvo | jamesh: and a bunch of stuff that is unused or are those false positives? | 08:13 |
pstolowski | morning | 08:14 |
mvo | good morning pstolowski | 08:14 |
jamesh | mvo: some are false positives, since they're probably deps of NSS plugins (which my code is treating as regular libraries) | 08:14 |
jamesh | mvo: I think most of those are deps of the NSS plugins, but it's possible there is some real unused ones. I might try adding a hack to special case libnss_* | 08:15 |
* mvo nods | 08:17 | |
mvo | jamesh: yeah, that would be great | 08:17 |
mborzecki | mvo: jamesh: libudev is required by s-c, and libz for (mk|un)squashfs iirc | 08:17 |
mborzecki | i assumed we don't ship them because they are so comment, should exist in the target system (even for reexec) and have a stable abi | 08:18 |
jamesh | mborzecki: there's a copy of glibc, which you could assume is stable | 08:19 |
mborzecki | jamesh: yeah, that is a bug afaict, when i tried shrinking the snapd snap, i removed glibc, nss and some other stuff | 08:19 |
jamesh | mborzecki: I can produce another version that assumes the libraries in core | 08:20 |
jamesh | mvo, mborzecki: here' | 08:24 |
jamesh | s a version hacked to tread libnss_* as non-libraries, plus a run assuming core snap libs: https://paste.ubuntu.com/p/PfZQSv8HHr/ | 08:24 |
mvo | jamesh: sweet | 08:25 |
mborzecki | jamesh: nice, that looks really great | 08:26 |
mborzecki | jamesh: this is the naiive list of files that are duplicated by the snapd snap https://paste.ubuntu.com/p/jt4XsvQbTJ/, i see a couple of entries that are in your list too, meaning we should really dump them | 08:28 |
jamesh | mborzecki: my code assumes you want the gconv shared libraries since they aren't in libdir | 08:29 |
jamesh | but yeah, you almost certainly aren't using libc iconv() | 08:30 |
dot-tobias | hi all | 10:03 |
pedronis | mborzecki: does tests/main/dirs-not-shared-with-host/task.yaml still need a change in #9819? I'm not sure I get the conclusion of the discussion there | 10:07 |
mup | PR #9819: snap-confine: make host /etc/ssl available for snaps on classic <Needs Samuele review> <Created by mvo5> <https://github.com/snapcore/snapd/pull/9819> | 10:07 |
mborzecki | pedronis: hmm i'll push a cosmetic tweak for https://github.com/snapcore/snapd/pull/9819#discussion_r557471190 | 10:09 |
mup | PR #9819: snap-confine: make host /etc/ssl available for snaps on classic <Needs Samuele review> <Created by mvo5> <https://github.com/snapcore/snapd/pull/9819> | 10:09 |
mborzecki | other than that, i think that PR is good as it is | 10:09 |
pedronis | mborzecki: I thought we wanted to use a different dir again in that test to cover more distros? | 10:10 |
pedronis | mborzecki: this: https://github.com/snapcore/snapd/pull/9819/files#r557194283 | 10:10 |
mup | PR #9819: snap-confine: make host /etc/ssl available for snaps on classic <Needs Samuele review> <Created by mvo5> <https://github.com/snapcore/snapd/pull/9819> | 10:10 |
mborzecki | pedronis: we can't, the only other viable dir is /etc/alternatives, but that is not present in core | 10:11 |
pedronis | mborzecki: ah, that's the part I missed | 10:12 |
mborzecki | sorry, my comments in the PR were probably a bit confusing | 10:12 |
pedronis | they were :) | 10:12 |
mborzecki | pushed taht cosmetic tweak now, i'll add comment about directories | 10:13 |
zyga | cachio, the dependency bump PR is green, thank you for the review | 12:19 |
zyga | do you do regular PR reviews with niemeyer? | 12:19 |
cachio | zyga, I do on demand | 12:19 |
zyga | okay, I'll be done with FOSDEM soon and then I will start pushing more patches | 12:20 |
cachio | zyga, nice | 12:20 |
zyga | it would be good to at least land the first green PR as it's fixing a broken situation of the current CI | 12:20 |
zyga | so that remaining PRs can be given some chance of being tested | 12:20 |
cachio | I'll can review as well | 12:20 |
cachio | which other PRs are comming? | 12:21 |
zyga | cachio, more fixes, then lots of qemu features | 12:21 |
mborzecki | hm the ssl pr broke tests/main/mount-ns test | 12:22 |
mborzecki | looks like the test needs to be updated now | 12:22 |
cachio | zyga, nice, please ping me if you need reviews | 12:24 |
pedronis | pstolowski: I commented on the snapshot conflicts PR and also on the preseed --reset one, the latter seems that instead of changing the test maybe we should change the behavior, see comment | 12:56 |
pstolowski | thanks | 12:56 |
mborzecki | mvo: i'll push a fix for mount-ns spread test to #9819 in a bit, spread run is finishing just now | 13:19 |
mup | PR #9819: snap-confine: make host /etc/ssl available for snaps on classic <Needs Samuele review> <Created by mvo5> <https://github.com/snapcore/snapd/pull/9819> | 13:19 |
zyga | mborzecki, ping me for review | 13:21 |
pstolowski | need 2nd review for https://github.com/snapcore/snapd/pull/9838, it's simple and green | 13:48 |
mup | PR #9838: asserts: sort by revision with Sort interface <validation-sets :white_check_mark:> <Created by stolowski> <https://github.com/snapcore/snapd/pull/9838> | 13:48 |
zyga | pstolowski, on it | 14:02 |
zyga | pstolowski, done | 14:04 |
pstolowski | zyga: thanks! | 14:07 |
zyga | pstolowski, my pleasure :-) | 14:07 |
mborzecki | zyga: the data for mount-ns was updated in https://github.com/snapcore/snapd/pull/9819 | 14:47 |
mup | PR #9819: snap-confine: make host /etc/ssl available for snaps on classic <Needs Samuele review> <Created by mvo5> <https://github.com/snapcore/snapd/pull/9819> | 14:47 |
zyga | mborzecki, looking | 14:50 |
* cachio lunch | 14:56 | |
zyga | mborzecki, found a bug | 15:00 |
mborzecki | zyga: oh? have you posted the review already? | 15:01 |
zyga | mborzecki, https://github.com/snapcore/snapd/pull/9819#pullrequestreview-569328183 | 15:02 |
mup | PR #9819: snap-confine: make host /etc/ssl available for snaps on classic <Needs Samuele review> <Created by mvo5> <https://github.com/snapcore/snapd/pull/9819> | 15:02 |
zyga | just now | 15:02 |
* zyga back to slides, ping if this is unclear please | 15:02 | |
zyga | mborzecki, https://twitter.com/zygoon/status/1350096435480580098 ;-) | 15:04 |
ijohnson | huh the gpg error we see in spread tests happened in a spread run too | 15:50 |
ijohnson | https://pastebin.ubuntu.com/p/DFynyXWzhx/ | 15:50 |
mup | PR snapd#9841 closed: usersession/agent: change ~/snap perms to 0700 on startup <Bug> <Needs Samuele review> <Needs security review> <Squash-merge> <⛔ Blocked> <Created by anonymouse64> <Closed by anonymouse64> <https://github.com/snapcore/snapd/pull/9841> | 15:59 |
zyga | ijohnson, do you think it is real or is expect flaky? | 16:05 |
ijohnson | it's real but it's somewhere deep in gpg code | 16:06 |
ijohnson | I looked at the unit test failure deeply a few weeks ago and determined that it is likely a bug in gpg itself, but I thought it was interesting it showed up in a spread test on arch, which suggests it's not just an issue with using an older gpg, and that the bug is in upstream since I presume arch is very up to date | 16:06 |
zyga | interesting | 16:07 |
zyga | recall how it failed initially - in azure | 16:07 |
zyga | when azure ran unit tests | 16:07 |
zyga | and azure (github I mean) uses a custom image | 16:07 |
zyga | with updated everything | 16:07 |
zyga | lots of custom tools installed | 16:07 |
zyga | so I suspect they may have been using more recent version of gpg than other distros | 16:08 |
zyga | until arch | 16:08 |
zyga | I'm not sure, just more likely than noise that it is related | 16:08 |
zyga | does it happen on any ubuntu as well? | 16:08 |
zyga | ijohnson, changing rooms, brb if offline | 16:12 |
zyga | ok | 16:13 |
ijohnson | zyga: it can be reproduced not on azure as well | 16:18 |
zyga | ijohnson, not on azure? | 16:18 |
ijohnson | zyga: you just have to either be patient, or you have to put the system under a lot of load, then the unit test failure is easily reproduced | 16:18 |
zyga | s/not//? | 16:18 |
zyga | hmmm | 16:18 |
ijohnson | zyga: yes locally on my machine I can reproduce it | 16:18 |
zyga | oh! | 16:18 |
ijohnson | just run one of the affected unit tests in a loop like 1000 times | 16:18 |
ijohnson | and like compile the kernel at the same time or something | 16:18 |
zyga | huh, yeah, I would start looking at debug build of gpg : | 16:18 |
zyga | :/ | 16:18 |
* zyga makes lots of slides about spread today | 16:19 | |
ijohnson | yeah I got as deep into the snapd side of calling gpg as I could then wrote up what I found and a debug branch into a doc to have pedronis look at some time to see if we are using gpg wrongly or otherwise find another reproducer | 16:19 |
zyga | perhaps writing some code that runs gpg by itself would be a good start | 16:19 |
zyga | no go, just gpg | 16:19 |
zyga | if that breaks it's a clear bug report | 16:20 |
* zyga returns to slides | 16:20 | |
ijohnson | yeah that would be a good start, but that would require a fuller understanding of how we use gpg in snapd which I don't yet have, and so I deferred to pedronis on that | 16:43 |
mup | PR snapd#9836 closed: cmd/snap-repair: save base snap and mode in device info; other misc cleanups <Needs Samuele review> <Simple 😃> <UC20> <Created by anonymouse64> <Merged by anonymouse64> <https://github.com/snapcore/snapd/pull/9836> | 17:04 |
mup | PR snapd#9842 opened: store: switch to v2/assertions api <Needs Samuele review> <Created by stolowski> <https://github.com/snapcore/snapd/pull/9842> | 17:24 |
mup | PR snapcraft#3359 closed: repo: key management refactor <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3359> | 18:24 |
mup | PR snapd#9843 opened: packaging: fix arch-indep build on debian-sid <Created by mvo5> <https://github.com/snapcore/snapd/pull/9843> | 19:40 |
mup | PR snapd#9844 opened: cmd: make string/error code more robust against errno leaking <Created by mvo5> <https://github.com/snapcore/snapd/pull/9844> | 20:45 |
=== King_InuYasha is now known as Conan_Kudo | ||
=== Conan_Kudo is now known as King_InuYasha |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!