[01:04] <mup> PR snapd#9841 opened: usersession/agent: change ~/snap perms to 0700 on startup <Bug> <Needs security review> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9841>
[06:43] <mborzecki> morning
[07:25] <zyga> hello
[07:25] <zyga> mborzecki, mvo is not up yet, please tell him about debian freeze
[07:25] <zyga> https://lists.debian.org/debian-devel-announce/2021/01/msg00002.html
[07:25] <mborzecki> zyga_: hey, will do
[07:25] <zyga> mborzecki, it may be the right moment to update the package
[07:26] <zyga> mborzecki, there are few releases missing: https://tracker.debian.org/pkg/snapd
[07:26] <zyga> and all kinds of things not good
[07:56] <mborzecki> mvo: hey
[07:56] <mborzecki> mvo: zyga indicated  debian freeze is starting https://lists.debian.org/debian-devel-announce/2021/01/msg00002.html
[07:57] <mborzecki> mvo: and we're bit behind with snapd updates https://tracker.debian.org/pkg/snapd
[07:58] <mvo> mborzecki: uh, great point. I had 2.48 in the pipeline but one unit test failure caused issues
[07:59] <mvo> mborzecki: I will cherry-pick the fix
[08:10] <jamesh> mvo: so, my library dependency checker shows that the snapd snap is missing libz.so.1, libudev.so.1, and libfuse.so.2: https://paste.ubuntu.com/p/m5RHWNs7jn/
[08:13] <mvo> jamesh: oh, nice
[08:13] <mvo> jamesh: thanks for this!
[08:13] <mvo> jamesh: and a bunch of stuff that is unused or are those false positives?
[08:14] <pstolowski> morning
[08:14] <mvo> good morning pstolowski
[08:14] <jamesh> mvo: some are false positives, since they're probably deps of NSS plugins (which my code is treating as regular libraries)
[08:15] <jamesh> mvo: I think most of those are deps of the NSS plugins, but it's possible there is some real unused ones.  I might try adding a hack to special case libnss_*
[08:17]  * mvo nods
[08:17] <mvo> jamesh: yeah, that would be great
[08:17] <mborzecki> mvo: jamesh: libudev is required by s-c, and libz for (mk|un)squashfs iirc
[08:18] <mborzecki> i assumed we don't ship them because they are so comment, should exist in the target system (even for reexec) and have a stable abi
[08:19] <jamesh> mborzecki: there's a copy of glibc, which you could assume is stable
[08:19] <mborzecki> jamesh: yeah, that is a bug afaict, when i tried shrinking the snapd snap, i removed glibc, nss and some other stuff
[08:20] <jamesh> mborzecki: I can produce another version that assumes the libraries in core
[08:24] <jamesh> mvo, mborzecki: here'
[08:24] <jamesh> s a version hacked to tread libnss_* as non-libraries, plus a run assuming core snap libs: https://paste.ubuntu.com/p/PfZQSv8HHr/
[08:25] <mvo> jamesh: sweet
[08:26] <mborzecki> jamesh: nice, that looks really great
[08:28] <mborzecki> jamesh: this is the naiive list of files that are duplicated by the snapd snap https://paste.ubuntu.com/p/jt4XsvQbTJ/, i see a couple of entries that are in your list too, meaning we should really dump them
[08:29] <jamesh> mborzecki: my code assumes you want the gconv shared libraries since they aren't in libdir
[08:30] <jamesh> but yeah, you almost certainly aren't using libc iconv()
[10:03] <dot-tobias> hi all
[10:07] <pedronis> mborzecki: does tests/main/dirs-not-shared-with-host/task.yaml still need a change in #9819? I'm not sure I get the conclusion of the discussion there
[10:07] <mup> PR #9819: snap-confine: make host /etc/ssl available for snaps on classic <Needs Samuele review> <Created by mvo5> <https://github.com/snapcore/snapd/pull/9819>
[10:09] <mborzecki> pedronis: hmm i'll push a cosmetic tweak for https://github.com/snapcore/snapd/pull/9819#discussion_r557471190
[10:09] <mup> PR #9819: snap-confine: make host /etc/ssl available for snaps on classic <Needs Samuele review> <Created by mvo5> <https://github.com/snapcore/snapd/pull/9819>
[10:09] <mborzecki> other than that, i think that PR is good as it is
[10:10] <pedronis> mborzecki: I thought we wanted to use a different dir again in that test to cover more distros?
[10:10] <pedronis> mborzecki: this: https://github.com/snapcore/snapd/pull/9819/files#r557194283
[10:10] <mup> PR #9819: snap-confine: make host /etc/ssl available for snaps on classic <Needs Samuele review> <Created by mvo5> <https://github.com/snapcore/snapd/pull/9819>
[10:11] <mborzecki> pedronis: we can't, the only other viable dir is /etc/alternatives, but that is not present in core
[10:12] <pedronis> mborzecki: ah, that's the part I missed
[10:12] <mborzecki> sorry, my comments in the PR were probably a bit confusing
[10:12] <pedronis> they were :)
[10:13] <mborzecki> pushed taht cosmetic tweak now, i'll add comment about directories
[12:19] <zyga> cachio, the dependency bump PR is green, thank you for the review
[12:19] <zyga> do you do regular PR reviews with niemeyer?
[12:19] <cachio> zyga, I do on demand
[12:20] <zyga> okay, I'll be done with FOSDEM soon and then I will start pushing more patches
[12:20] <cachio> zyga, nice
[12:20] <zyga> it would be good to at least land the first green PR as it's fixing a broken situation of the current CI
[12:20] <zyga> so that remaining PRs can be given some chance of being tested
[12:20] <cachio> I'll can review as well
[12:21] <cachio> which other PRs are comming?
[12:21] <zyga> cachio, more fixes, then lots of qemu features
[12:22] <mborzecki> hm the ssl pr broke tests/main/mount-ns test
[12:22] <mborzecki> looks like the test needs to be updated now
[12:24] <cachio> zyga, nice, please ping me if you need reviews
[12:56] <pedronis> pstolowski: I commented on the snapshot conflicts PR and also on the preseed --reset one, the latter seems that instead of changing the test maybe we should change the behavior, see comment
[12:56] <pstolowski> thanks
[13:19] <mborzecki> mvo: i'll push a fix for mount-ns spread test to #9819 in a bit, spread run is finishing just now
[13:19] <mup> PR #9819: snap-confine: make host /etc/ssl available for snaps on classic <Needs Samuele review> <Created by mvo5> <https://github.com/snapcore/snapd/pull/9819>
[13:21] <zyga> mborzecki, ping me for review
[13:48] <pstolowski> need 2nd review for https://github.com/snapcore/snapd/pull/9838, it's simple and green
[13:48] <mup> PR #9838: asserts: sort by revision with Sort interface <validation-sets :white_check_mark:> <Created by stolowski> <https://github.com/snapcore/snapd/pull/9838>
[14:02] <zyga> pstolowski, on it
[14:04] <zyga> pstolowski, done
[14:07] <pstolowski> zyga: thanks!
[14:07] <zyga> pstolowski, my pleasure :-)
[14:47] <mborzecki> zyga: the data for mount-ns was updated in https://github.com/snapcore/snapd/pull/9819
[14:47] <mup> PR #9819: snap-confine: make host /etc/ssl available for snaps on classic <Needs Samuele review> <Created by mvo5> <https://github.com/snapcore/snapd/pull/9819>
[14:50] <zyga> mborzecki, looking
[14:56]  * cachio lunch
[15:00] <zyga> mborzecki, found a bug
[15:01] <mborzecki> zyga: oh? have you posted the review already?
[15:02] <zyga> mborzecki, https://github.com/snapcore/snapd/pull/9819#pullrequestreview-569328183
[15:02] <mup> PR #9819: snap-confine: make host /etc/ssl available for snaps on classic <Needs Samuele review> <Created by mvo5> <https://github.com/snapcore/snapd/pull/9819>
[15:02] <zyga> just now
[15:02]  * zyga back to slides, ping if this is unclear please
[15:04] <zyga> mborzecki, https://twitter.com/zygoon/status/1350096435480580098 ;-)
[15:50] <ijohnson> huh the gpg error we see in spread tests happened in a spread run too
[15:50] <ijohnson> https://pastebin.ubuntu.com/p/DFynyXWzhx/
[15:59] <mup> PR snapd#9841 closed: usersession/agent: change ~/snap perms to 0700 on startup <Bug> <Needs Samuele review> <Needs security review> <Squash-merge> <⛔ Blocked> <Created by anonymouse64> <Closed by anonymouse64> <https://github.com/snapcore/snapd/pull/9841>
[16:05] <zyga> ijohnson, do you think it is real or is expect flaky?
[16:06] <ijohnson> it's real but it's somewhere deep in gpg code
[16:06] <ijohnson> I looked at the unit test failure deeply a few weeks ago and determined that it is likely a bug in gpg itself, but I thought it was interesting it showed up in a spread test on arch, which suggests it's not just an issue with using an older gpg, and that the bug is in upstream since I presume arch is very up to date
[16:07] <zyga> interesting
[16:07] <zyga> recall how it failed initially - in azure
[16:07] <zyga> when azure ran unit tests
[16:07] <zyga> and azure (github I mean) uses a custom image
[16:07] <zyga> with updated everything
[16:07] <zyga> lots of custom tools installed
[16:08] <zyga> so I suspect they may have been using more recent version of gpg than other distros
[16:08] <zyga> until arch
[16:08] <zyga> I'm not sure, just more likely than noise that it is related
[16:08] <zyga> does it happen on any ubuntu as well?
[16:12] <zyga> ijohnson, changing rooms, brb if offline
[16:13] <zyga> ok
[16:18] <ijohnson> zyga: it can be reproduced not on azure as well
[16:18] <zyga> ijohnson, not on azure?
[16:18] <ijohnson> zyga: you just have to either be patient, or you have to put the system under a lot of load, then the unit test failure is easily reproduced
[16:18] <zyga> s/not//?
[16:18] <zyga> hmmm
[16:18] <ijohnson> zyga: yes locally on my machine I can reproduce it
[16:18] <zyga> oh!
[16:18] <ijohnson> just run one of the affected unit tests in a loop like 1000 times
[16:18] <ijohnson> and like compile the kernel at the same time or something
[16:18] <zyga> huh, yeah, I would start looking at debug build of gpg :
[16:18] <zyga> :/
[16:19]  * zyga makes lots of slides about spread today
[16:19] <ijohnson> yeah I got as deep into the snapd side of calling gpg as I could then wrote up what I found and a debug branch into a doc to have pedronis look at some time to see if we are using gpg wrongly or otherwise find another reproducer
[16:19] <zyga> perhaps writing some code that runs gpg by itself would be a good start
[16:19] <zyga> no go, just gpg
[16:20] <zyga> if that breaks it's a clear bug report
[16:20]  * zyga returns to slides
[16:43] <ijohnson> yeah that would be a good start, but that would require a fuller understanding of how we use gpg in snapd which I don't yet have, and so I deferred to pedronis on that
[17:04] <mup> PR snapd#9836 closed: cmd/snap-repair: save base snap and mode in device info; other misc cleanups <Needs Samuele review> <Simple 😃> <UC20> <Created by anonymouse64> <Merged by anonymouse64> <https://github.com/snapcore/snapd/pull/9836>
[17:24] <mup> PR snapd#9842 opened: store: switch to v2/assertions api <Needs Samuele review> <Created by stolowski> <https://github.com/snapcore/snapd/pull/9842>
[18:24] <mup> PR snapcraft#3359 closed: repo: key management refactor <Created by cjp256> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3359>
[19:40] <mup> PR snapd#9843 opened: packaging: fix arch-indep build on debian-sid <Created by mvo5> <https://github.com/snapcore/snapd/pull/9843>
[20:45] <mup> PR snapd#9844 opened: cmd: make string/error code more robust against errno leaking <Created by mvo5> <https://github.com/snapcore/snapd/pull/9844>