=== mup_ is now known as mup [01:04] PR snapd#9841 opened: usersession/agent: change ~/snap perms to 0700 on startup [06:43] morning [07:25] hello [07:25] mborzecki, mvo is not up yet, please tell him about debian freeze [07:25] https://lists.debian.org/debian-devel-announce/2021/01/msg00002.html [07:25] zyga_: hey, will do [07:25] mborzecki, it may be the right moment to update the package [07:26] mborzecki, there are few releases missing: https://tracker.debian.org/pkg/snapd [07:26] and all kinds of things not good [07:56] mvo: hey [07:56] mvo: zyga indicated debian freeze is starting https://lists.debian.org/debian-devel-announce/2021/01/msg00002.html [07:57] mvo: and we're bit behind with snapd updates https://tracker.debian.org/pkg/snapd [07:58] mborzecki: uh, great point. I had 2.48 in the pipeline but one unit test failure caused issues [07:59] mborzecki: I will cherry-pick the fix [08:10] mvo: so, my library dependency checker shows that the snapd snap is missing libz.so.1, libudev.so.1, and libfuse.so.2: https://paste.ubuntu.com/p/m5RHWNs7jn/ [08:13] jamesh: oh, nice [08:13] jamesh: thanks for this! [08:13] jamesh: and a bunch of stuff that is unused or are those false positives? [08:14] morning [08:14] good morning pstolowski [08:14] mvo: some are false positives, since they're probably deps of NSS plugins (which my code is treating as regular libraries) [08:15] mvo: I think most of those are deps of the NSS plugins, but it's possible there is some real unused ones. I might try adding a hack to special case libnss_* [08:17] * mvo nods [08:17] jamesh: yeah, that would be great [08:17] mvo: jamesh: libudev is required by s-c, and libz for (mk|un)squashfs iirc [08:18] i assumed we don't ship them because they are so comment, should exist in the target system (even for reexec) and have a stable abi [08:19] mborzecki: there's a copy of glibc, which you could assume is stable [08:19] jamesh: yeah, that is a bug afaict, when i tried shrinking the snapd snap, i removed glibc, nss and some other stuff [08:20] mborzecki: I can produce another version that assumes the libraries in core [08:24] mvo, mborzecki: here' [08:24] s a version hacked to tread libnss_* as non-libraries, plus a run assuming core snap libs: https://paste.ubuntu.com/p/PfZQSv8HHr/ [08:25] jamesh: sweet [08:26] jamesh: nice, that looks really great [08:28] jamesh: this is the naiive list of files that are duplicated by the snapd snap https://paste.ubuntu.com/p/jt4XsvQbTJ/, i see a couple of entries that are in your list too, meaning we should really dump them [08:29] mborzecki: my code assumes you want the gconv shared libraries since they aren't in libdir [08:30] but yeah, you almost certainly aren't using libc iconv() [10:03] hi all [10:07] mborzecki: does tests/main/dirs-not-shared-with-host/task.yaml still need a change in #9819? I'm not sure I get the conclusion of the discussion there [10:07] PR #9819: snap-confine: make host /etc/ssl available for snaps on classic [10:09] pedronis: hmm i'll push a cosmetic tweak for https://github.com/snapcore/snapd/pull/9819#discussion_r557471190 [10:09] PR #9819: snap-confine: make host /etc/ssl available for snaps on classic [10:09] other than that, i think that PR is good as it is [10:10] mborzecki: I thought we wanted to use a different dir again in that test to cover more distros? [10:10] mborzecki: this: https://github.com/snapcore/snapd/pull/9819/files#r557194283 [10:10] PR #9819: snap-confine: make host /etc/ssl available for snaps on classic [10:11] pedronis: we can't, the only other viable dir is /etc/alternatives, but that is not present in core [10:12] mborzecki: ah, that's the part I missed [10:12] sorry, my comments in the PR were probably a bit confusing [10:12] they were :) [10:13] pushed taht cosmetic tweak now, i'll add comment about directories [12:19] cachio, the dependency bump PR is green, thank you for the review [12:19] do you do regular PR reviews with niemeyer? [12:19] zyga, I do on demand [12:20] okay, I'll be done with FOSDEM soon and then I will start pushing more patches [12:20] zyga, nice [12:20] it would be good to at least land the first green PR as it's fixing a broken situation of the current CI [12:20] so that remaining PRs can be given some chance of being tested [12:20] I'll can review as well [12:21] which other PRs are comming? [12:21] cachio, more fixes, then lots of qemu features [12:22] hm the ssl pr broke tests/main/mount-ns test [12:22] looks like the test needs to be updated now [12:24] zyga, nice, please ping me if you need reviews [12:56] pstolowski: I commented on the snapshot conflicts PR and also on the preseed --reset one, the latter seems that instead of changing the test maybe we should change the behavior, see comment [12:56] thanks [13:19] mvo: i'll push a fix for mount-ns spread test to #9819 in a bit, spread run is finishing just now [13:19] PR #9819: snap-confine: make host /etc/ssl available for snaps on classic [13:21] mborzecki, ping me for review [13:48] need 2nd review for https://github.com/snapcore/snapd/pull/9838, it's simple and green [13:48] PR #9838: asserts: sort by revision with Sort interface [14:02] pstolowski, on it [14:04] pstolowski, done [14:07] zyga: thanks! [14:07] pstolowski, my pleasure :-) [14:47] zyga: the data for mount-ns was updated in https://github.com/snapcore/snapd/pull/9819 [14:47] PR #9819: snap-confine: make host /etc/ssl available for snaps on classic [14:50] mborzecki, looking [14:56] * cachio lunch [15:00] mborzecki, found a bug [15:01] zyga: oh? have you posted the review already? [15:02] mborzecki, https://github.com/snapcore/snapd/pull/9819#pullrequestreview-569328183 [15:02] PR #9819: snap-confine: make host /etc/ssl available for snaps on classic [15:02] just now [15:02] * zyga back to slides, ping if this is unclear please [15:04] mborzecki, https://twitter.com/zygoon/status/1350096435480580098 ;-) [15:50] huh the gpg error we see in spread tests happened in a spread run too [15:50] https://pastebin.ubuntu.com/p/DFynyXWzhx/ [15:59] PR snapd#9841 closed: usersession/agent: change ~/snap perms to 0700 on startup

<⛔ Blocked> [16:05] ijohnson, do you think it is real or is expect flaky? [16:06] it's real but it's somewhere deep in gpg code [16:06] I looked at the unit test failure deeply a few weeks ago and determined that it is likely a bug in gpg itself, but I thought it was interesting it showed up in a spread test on arch, which suggests it's not just an issue with using an older gpg, and that the bug is in upstream since I presume arch is very up to date [16:07] interesting [16:07] recall how it failed initially - in azure [16:07] when azure ran unit tests [16:07] and azure (github I mean) uses a custom image [16:07] with updated everything [16:07] lots of custom tools installed [16:08] so I suspect they may have been using more recent version of gpg than other distros [16:08] until arch [16:08] I'm not sure, just more likely than noise that it is related [16:08] does it happen on any ubuntu as well? [16:12] ijohnson, changing rooms, brb if offline [16:13] ok [16:18] zyga: it can be reproduced not on azure as well [16:18] ijohnson, not on azure? [16:18] zyga: you just have to either be patient, or you have to put the system under a lot of load, then the unit test failure is easily reproduced [16:18] s/not//? [16:18] hmmm [16:18] zyga: yes locally on my machine I can reproduce it [16:18] oh! [16:18] just run one of the affected unit tests in a loop like 1000 times [16:18] and like compile the kernel at the same time or something [16:18] huh, yeah, I would start looking at debug build of gpg : [16:18] :/ [16:19] * zyga makes lots of slides about spread today [16:19] yeah I got as deep into the snapd side of calling gpg as I could then wrote up what I found and a debug branch into a doc to have pedronis look at some time to see if we are using gpg wrongly or otherwise find another reproducer [16:19] perhaps writing some code that runs gpg by itself would be a good start [16:19] no go, just gpg [16:20] if that breaks it's a clear bug report [16:20] * zyga returns to slides [16:43] yeah that would be a good start, but that would require a fuller understanding of how we use gpg in snapd which I don't yet have, and so I deferred to pedronis on that [17:04] PR snapd#9836 closed: cmd/snap-repair: save base snap and mode in device info; other misc cleanups [17:24] PR snapd#9842 opened: store: switch to v2/assertions api [18:24] PR snapcraft#3359 closed: repo: key management refactor [19:40] PR snapd#9843 opened: packaging: fix arch-indep build on debian-sid [20:45] PR snapd#9844 opened: cmd: make string/error code more robust against errno leaking === King_InuYasha is now known as Conan_Kudo === Conan_Kudo is now known as King_InuYasha