[00:03] reading https://forum.snapcraft.io/t/snapd-from-hirsute-proposed-wont-allow-snaps-to-run/22733/8 and the home dir change https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/19533 [00:11] some progress, popey https://forum.snapcraft.io/t/snapd-from-hirsute-proposed-wont-allow-snaps-to-run/22733/10 [07:16] morning [08:07] morning [08:08] good morning pstolowski [08:09] mvo: pstolowski; hey [08:10] hey guys [08:11] mborzecki I'll review the suse bits after breakfast and standup [08:11] hey mborzecki [08:11] good morning zyga! [08:12] good morning [08:12] late wake-up, dog wanted to go out at 4AM :D [08:14] zyga: woah, 4am is hard! [08:17] mvo yeah, he was not feeling well lately [08:17] quite responsible dog to wake me up and guide me downstairs to show what he wants [08:18] 4AM is quite serene [08:26] PR snapd#9899 closed: gadget: improve error handling around resolving content sources [08:26] PR snapd#9931 closed: asserts: repeat the authority cross-check in CheckSignature as well [08:31] PR snapd#9825 closed: tests: using labeler action to add automatically a label to run nested tests [08:51] PR snapd#9594 closed: findpartitions rewrite [08:52] mborzecki: do you remember what your branch that implemented ubuntu-image in go was named? [08:54] mvo: yes, this branch: https://github.com/bboozzoo/snapd/commits/bboozzoo/gadget-update-snap-image-rfc [08:57] mborzecki: \o/ [09:00] mborzecki: hi, I thought a bit more about try recovery systems and reseal, I left some notes in the doc but we should probably chat a bit more at some point [09:01] pedronis: thanks, saw them, i'm finishing up some amazon stuff and i'll be looking at the recovery systems again in a bit [09:10] #9901 needs a 2nd review [09:10] PR #9901: o/devicestate,many: introduce DeviceManager.preloadGadget for EarlyConfig [09:29] Hi! is the uc20 rpi image supposed to work on rpi3b? In my case it fails to boot with "cannot open TPM connection: no TPM2 device is available" [09:30] Also, last week I reported an issue where the boot.sel crc was wrong, it is because boot.sel is generated for bootloader with ENV_REDUNDANT enabled, therefore will fail on bootloaders without that option... it should be documented [09:34] jamesh: Morning o/ [09:35] hi Wimpress [09:35] I've been working on integrating Wayland support in the OBS snap. [09:35] I've got to the point when trying to add Screen/Window captures. [09:35] `error: [OBS XDG] Error creating screencast session: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface β€œorg.freedesktop.portal.ScreenCast” on object at path /org/freedesktop/portal/desktop` [09:36] Just checking to see if this might be because screencast support isn't a thing yet? [09:36] Wimpress: the Ubuntu build of xdg-desktop-portal doesn't enable PipeWire support, so those portals aren't available [09:37] Aha! [09:37] I'll have to double check the status in hirsuite, but that might be an option for testing [09:37] So, I'd need to build xdg-desktop-portal as a source part in the snap, with PipeWire support? [09:37] I'm already build current pipewire as a source part. [09:38] and probably have a gnome-shell with PipeWire support. I haven't really investigated the details [09:38] OK. [09:38] So, I may have run out of road here then. [09:38] welcome to the bleeding edge :-) [09:38] * Wimpress looks over the edge [09:39] https://launchpad.net/ubuntu/+source/xdg-desktop-portal/1.8.0-3 <- looks like hirsute-proposed has what you're after [09:42] So, is it xdg-desktop-portal on the host that needs pipewire support? [09:42] yes [09:42] Understood. [09:42] So, if you're running Hirsture or a.n.other distro with pipewire enabled xdg-desktop-portal, should be good to go? [09:43] Yes. I'd expect a recent Fedora would probably also do for testing [09:45] OK, great. Then I think I've done what is required on the OBS snap side of things with the recent Wayland and DMA-BUF commits. [09:46] I'll fire up a 21.10 test system later. [09:46] Thanks. [09:49] I suspect the older Ubuntus simply won't work, even if you install an xdg-desktop-portal/xdg-desktop-portal-gtk [09:49] due to missing gnome-shell support [09:50] hey jamesh, Wimpress :) [09:50] nice to see you guys here [09:50] mborzecki check this out https://github.com/package-url/purl-spec [09:50] jamesh: Thanks for the info. [09:50] zyga-mbp: o/ [09:50] it'd be nice to install packages in spread tests using something like that [09:51] Wimpress how have you been? [09:51] PR snapd#9268 closed: daemon: add API for checking and installing available theme snaps [09:52] Wimpress: no problem. Shout out if you run into more problems. [09:52] hi zyga-mbp [09:53] jamesh: Will do, but I think I have everything I need in the snap. I'll test to confirm... [10:14] pstolowski: hi, what is the status of this https://bugs.launchpad.net/snapd/+bug/1899665 , is it released or at least committed? [10:14] Bug #1899665: Failed refresh of snapd drops current symlink [10:14] checking [10:17] pedronis: fixed, i updated the bug, thanks [10:17] jamesh: what's the status of this bug on the snapd side: https://bugs.launchpad.net/snapd/+bug/1897224 ? [10:17] Bug #1897224: Graphical snaps can't run in Gnome 3.38 Wayland sessions (can't open X display) Released> [10:18] mmh, actually I think the bug contains the answer I need already [10:18] pedronis: independent fixes have landed on both the gnome-shell and snapd sides [10:19] jamesh: was that in 2.48 ? [10:19] seems so [10:20] pedronis: if you've got mutter >= 3.38.2, < 4.0 installed, then it will work with any snapd. If you've got a snapd with zyga's X11 socket changes, then it will work with any gnome-shell [10:20] let me check [10:22] https://github.com/snapcore/snapd/pull/9530 is the PR. It looks like it is in the 2.48 branch yes. [10:22] PR #9530: interfaces: share /tmp/.X11-unix/ from host or provider <⚠ Critical> [10:22] jamesh: thanks for comfirming, was about to ask if indeed 9530 was the fix [10:24] jamesh: your recent work on the desktop interface is addressing this I think right?: https://bugs.launchpad.net/snapd/+bug/1877109 [10:24] Bug #1877109: incompatible host fonts cache causing snap app instability [10:25] mvo: do you know if this one is fixed in the end now: https://bugs.launchpad.net/snapd/+bug/1878541 ? [10:25] Bug #1878541: Grub fails to load kernel from squashfs if mem < 1500mb [10:25] [10:27] pedronis: yes, this is fixed [10:27] pedronis: let me update it [10:27] mvo: thx [10:28] pedronis: yes. Although it is up to snaps to opt in to the change. I'd like to see this as automatic for snaps using one of the Snapcraft extensions though. [10:29] jamesh: is it ok if I assign it to you? [10:29] pedronis: sure. [10:29] as you are working on it [10:29] jamesh: thx [10:32] mvo: did the patch you proposed here get anywhere: https://bugs.launchpad.net/snappy/+bug/1650688 ? [10:32] Bug #1650688: timedatectl set-timezone fails on UC16 [10:35] pedronis: unfortunately not AFAICT :/ [10:35] pedronis: to complete this it would have to be a proper systemd quilt patch/debdiff [10:38] * zyga-mbp needs a coffee [10:38] that dog run has a toll [11:08] mvo I had a look fragile mounts but I didn't write an algorithm that does the right thing yet [11:09] mvo I'll talk to Maciek about this later but I don't have a working patch yet [11:27] PR snapd#9933 opened: packaging/opensuse: sync with openSUSE packaging [11:27] PR snapd#9934 opened: packaging: disable Go modules in snapd.mk [11:51] * pstolowski lunch [11:51] I noticed https://bugs.debian.org/923500 ("snapd: non-classic snap not confined") on the Debian bullseye RC bugs list. Symptoms still seem similar. Is anyone working on this, and would it be possible to communicate something to the bug so that the Debian release team have some idea of the state of things? [11:53] cjwatson: The default AppArmor template gives access to "/". [11:53] cjwatson: it's worth noting that the root directory as seen by a snap is not the host system's root directory though. [11:54] jamesh: Could you possibly update the Debian bug? That's certainly worth noting [11:54] (and maybe enough to make it clearly non-RC) [11:55] * jamesh wonders why the core18 snap now has a file "stdout" at the top level [11:56] cjwatson: it's a while since I've used debbugs. Just sending something to the bug number email address is enough, right? [11:56] jamesh: Yes, though I'd probably manually CC people who've commented [11:57] cjwatson, jamesh unless something major changed debian is probably unconfined [11:57] (if I were still working on debbugs, some kind of better subscription handling would be near the top of the list, shortly after a proper database) [11:57] we had long discussions about this [11:57] and in the end it all got back to apparmor patches upstreaming [11:58] jamesh, $ cat /snap/core18/current/stdout [11:58] Ubuntu Core does not use apt-get, see 'snap --help'! [11:58] apart from Ubuntu, Solus and other distributions that explicitly pick up apparmor patches from Ubuntu, everyone has partial confinement [11:58] and snapd chooses an open profile then IIRC [11:58] jamesh, seems like a bug in the build that something tries to call apt [11:58] zyga-mbp: would they benefit from file based access rules though? [11:58] and it's not that parts of apparmor are not effective [11:59] snapd chooses an open profile to avoid bugs [11:59] jamesh it's a super long topic between jdstrand, me and samuele [11:59] I wanted to enable it but that was nacked [11:59] zyga-mbp: okay. It looks to be orthogonal to this bug though. [11:59] as we don't have time to support anything [11:59] jamesh no, it's not [11:59] debian has no apparmor confinement by choice [11:59] that's my point [12:00] there's a piece of code in snapd that says "no - no confinement for this system" [12:00] okay [12:00] jamesh: I take care of the stdout file from core18, looks like an incrrect script, I will also add a test [12:01] (cc ogra -^) [12:02] mvo, hah, you are to fast (i was about to ping lukasz πŸ™‚ ) [12:03] mvo: okay. I just noticed it when running the steps in that debian bug [12:03] cjwatson, jamesh: https://github.com/snapcore/snapd/blob/master/interfaces/apparmor/backend.go#L614 [12:03] ogra: it's quicker to sent a PR probably than to talk and explain :) [12:04] and the very much related: https://github.com/snapcore/snapd/blob/master/interfaces/apparmor/backend.go#L653 [12:04] yeah [12:06] zyga-mbp: thanks [12:07] jamesh perhaps one way to make progress is to add debian sid to the exception list [12:07] and see what happens [12:07] but it also means that if someone uses snapd on sid and on non-sid, they will get different experience [12:09] Detecting Debian sid as distinct from testing is basically a non-starter I think [12:10] cjwatson: I hadn't realised how late it got here. I probably won't reply until tomorrow morning my time. If you need something sooner, perhaps someone else can post a summary. [12:10] e.g. there's no distinction at the os-release level [12:10] cjwatson yeah sid == testing, I meant sid vs non-testing named release [12:10] jamesh: It's not today-urgent, I just wanted to make sure the snapd team were aware because it seems at least possible that snapd might get kicked out of bullseye if something isn't done one way or another and y'all might care about that [12:11] zyga-mbp: having the experience suddenly change when bullseye goes stable seems not ideal :) [12:11] cjwatson: thanks, raising that is really appreciated [12:11] I also agree [12:11] debian is in soft-freeze mode now [12:11] so any changes now are tricky to say the least [12:56] PR core18#178 opened: hook-tests: fix leaked /stdout file and add test [13:17] PR snapd#9935 opened: data/selinux: allow system dbus to watch /var/lib/snapd/dbus-1 [13:17] pstolowski: can you take a look at ^^ ? [13:19] sure [13:26] pstolowski: thanks! [13:26] funny how dbus became a single point of failure here [13:30] yw [13:37] pstolowski: hi, I looked #9922 finally, yes your question about using Pool is valid and indeed is needed, we should chat about that and how we can have consistent behavior across [13:37] PR #9922: api: validation sets monitor mode (1/2) [13:39] pedronis: great, thanks. sure, let's discuss this when you have a moment (maybe changes to bulk in #9930 will be relevant to this discussion?) [13:39] PR #9930: asserts: pool changes and RefreshValidationSetAssertions method for validation-sets [13:41] pstolowski: maybe tomorrow morning? [13:48] pedronis: that's fine [13:52] hi, can someone point me to the pi-kernel snapcraft.yaml? [16:13] PR snapd#9909 closed: snap: add deprecation noticed to "snap run --gdb" [17:08] PR snapd#9934 closed: packaging: disable Go modules in snapd.mk [17:23] PR snapd#9936 opened: Remove apparmor downgrade feature === ijohnson is now known as ijohnson|lunch === ijohnson|lunch is now known as ijohnson [23:04] PR snapd#9937 opened: tests/lib/prepare.sh: split reflash.sh into two parts