[07:09] <mborzecki> morning
[08:02] <zyga> good morning
[08:06] <mborzecki> mvo: zyga: hey
[08:06] <zyga> :-)
[08:06] <mborzecki> zyga: is https://github.com/snapcore/snapd/pull/9936 related to the debian bug?
[08:06] <mup> PR #9936: interfaces: remove apparmor downgrade feature <Needs security review> <Created by zyga> <https://github.com/snapcore/snapd/pull/9936>
[08:06] <zyga> yes
[08:06] <mborzecki> zyga: this one right? https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923500
[08:07] <zyga> yes
[08:08] <mborzecki> i've left a note in the PR, tbh maybe we should start off by displaying a warning that confinement is partial/incomplete due to build config/runtime support
[08:10] <pstolowski> morning
[08:10] <mborzecki> pstolowski: hey
[08:11] <zyga> mborzecki I don't think that will help TBH
[08:11] <zyga> it will break tests on random output
[08:12] <mborzecki> tests can be fixed (we did that already once for cgroup v2, although i expect there would be more this time)
[08:12] <zyga> yeah but what's the value?
[08:12] <zyga> do you want to let eveyone know confinement is partial?
[08:12] <zyga> what is the next step?
[08:13] <zyga> confinement was _gone_ before and we said nothing
[08:13] <zyga> confinement is really partial with that patch, and now we want to say "actually, you may want to be careful"
[08:15] <mborzecki> pstolowski: can you take a look https://github.com/snapcore/snapd/pull/9933 ?
[08:16] <mup> PR #9933: packaging/opensuse: sync with openSUSE packaging <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9933>
[08:18] <mborzecki> zyga: it's still going to be partial with the full template, rules like unix(..) and dbus will not be enforced afaict, or if those are made `deny unix ..` they could be enforced in an incompatible way
[08:19] <zyga> yes, I'm fully aware of that
[08:19] <zyga> I think it's not my decision
[08:19] <zyga> I could only make the patch
[08:20] <mborzecki> zyga: sure, thanks for making the effort and opening a PR :)
[08:20] <zyga> tumbleweed dies on govendor sync?
[08:22] <mborzecki> zyga: haha, yes still, i should file this bug report for the kernel
[08:22] <mborzecki> (eventually)
[08:23] <mborzecki> zyga: works on my laptop though ;)
=== ogra_ is now known as Guest26551
[08:53] <pedronis> pstolowski: I did a first pass over pool.go in #9930, some bits seems to be missing though, so I didn't go deep on some pieces
[08:53] <mup> PR #9930: asserts: pool changes and RefreshValidationSetAssertions method for validation-sets <Needs Samuele review> <validation-sets :white_check_mark:> <Created by stolowski> <https://github.com/snapcore/snapd/pull/9930>
[08:53] <pedronis> pstolowski: bunch of questions there
[08:54] <pstolowski> pedronis: ok, thanks
[09:03] <zyga> good morning pedronis
[09:28] <jamesh> cjwatson: fyi, I followed up on that bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923500#22
[09:28] <mup> PR #22: add travis status to README.md <Created by mvo5> <Merged by niemeyer> <https://github.com/snapcore/snapd/pull/22>
[09:28] <cjwatson> Thanks!
[09:56] <mup> PR snapd#9933 closed: packaging/opensuse: sync with openSUSE packaging <Simple 😃> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/9933>
[10:06] <mup> PR snapd#9937 closed: tests/lib/prepare.sh: split reflash.sh into two parts <Simple 😃> <Test Robustness> <Created by anonymouse64> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/9937>
[10:58] <mup> Bug #1915807 opened: No splash screen in uc 20 for RPI <Snappy:New> <https://launchpad.net/bugs/1915807>
[12:04] <ogra> ogra@ubuntu:~$ snap install unifi --edge
[12:04] <ogra> error: cannot perform the following tasks:
[12:04] <ogra> - Start snap "unifi" (7) services ([start snap.unifi.unifi.service] failed with exit status 1: Job for snap.unifi.unifi.service failed because the control process exited with error code.
[12:04] <ogra> See "systemctl status snap.unifi.unifi.service" and "journalctl -xe" for details.
[12:04] <ogra> )
[12:04] <ogra> ... not helpful ...
[12:04] <zyga> ogra is that the controller?
[12:05] <ogra> (the hook failed, so it didnt install at all ... pointing me to systemctl status will only return "not found" )
[12:05] <ogra> zyga, well, yeah, someones first attempt at least 😉 and arm64 only
[12:05] <ogra> https://github.com/hairychris/unifi-snap
[12:06] <ogra> i'm more wondering about the error message ...
[12:37] <mborzecki> mvo: can you cherry pick https://github.com/snapcore/snapd/pull/9935 ?
[12:37] <mup> PR #9935: data/selinux: allow system dbus to watch /var/lib/snapd/dbus-1 <Simple 😃> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/9935>
[12:38] <mvo> mborzecki: sure, in a meeting
[12:42] <mup> PR snapd#9935 closed: data/selinux: allow system dbus to watch /var/lib/snapd/dbus-1 <Simple 😃> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/9935>
[12:54] <pedronis> pstolowski: I tried to answer your wondering about account-keys in tests, but maybe I *am* missing something
[13:01] <pstolowski> pedronis: thanks. do you mean we always try to udpdate account & account-key by design?
[13:01] <pedronis> pstolowski: yes, we always ask the store if there are new revisions of any of the prereqs
[13:01] <pedronis> pstolowski: that's logic in pool
[13:01] <pstolowski> pedronis: ah, ok that explains it then
[13:02] <pstolowski> i thought some of them never change
[13:09] <pedronis> pstolowski: no, there are scenarios for all of them to possibly change, rare but possible
[13:10] <pstolowski> pedronis: ack, thanks, that solves my confusion
[13:43] <gbisson> Hi, any why I get "Failed to load plugin: properties failed to load for kernel: Additional properties are not allowed ('kernel-initrd-core-base' was unexpected)" when using a similar snapcraft.yaml as rockpi?
[13:44] <gbisson> Under the same circumstances too (using lxc as ogra suggests in his README) https://github.com/ogra1/rockpi-n10-kernel
[13:44] <gbisson> Here is my snapcraft.yaml: https://github.com/boundarydevices/ubuntu-core/blob/20-armhf/kernel/snapcraft.yaml
[13:44] <ogra> gbisson, note the plugin subdir in that tree
[13:45] <ogra> i'm using ondra's UC20 kernel plugin in that tree
[13:45] <gbisson> ogra: oh I see
[13:45] <gbisson> ogra: should I just copy that plugin folder then
[13:45] <ogra> which has some UC20 specific adjustments
[13:45] <ogra> yeah
[13:45] <ogra> or use a git submodule
[13:46] <gbisson> ogra: it's still unclear to me how to get the uc20-ready initrd properly generated
[13:47] <ogra> https://github.com/kubiko/snapcraft-kernel-plugin
[13:47] <gbisson> ogra: thanks!
[13:47] <ogra> you dont generate it ... it comes from some pre-built thing that xnox generates regulary ... the kernel plugin *can* re-pack that to add extra firmware or modules though
[13:48] <ogra> that then based on the initrd-firmware and nitrd-modules options in snapcraft.yaml (not sure about the correct names of these options from the top of my head)
[13:51] <ogra> s/based/bases/
[13:54] <gbisson> ok, can you also explain the --destructive-mode, I couldn't find what this means
[13:55] <gbisson> nvm found it, just not in the snapcraft --help
[13:55] <ogra> it means it will destructively change the host setup if needed
[13:56] <ogra> whcih is why you should use it only in a clean lxd container
[13:56] <ogra> never on the host itself ...
[13:56] <gbisson> but is it really necessary?
[13:57] <gbisson> I mean, when it's not there it seems to kick multipass which creates the VM for you no?
[13:57] <ogra> yes, else snapcraft will forcefulyl try to buiuld in a multipass VM
[13:58] <ogra> (it will surely work, but it is painful to use VMs during development)
[13:58] <ogra> --destructive-mode means you can immediately build in your tree and see results without spinning up VMs
[13:59] <gbisson> ok, fair enough, hopefully that was my last missing piece to release a uc20 for all our platforms
[13:59] <gbisson> (after the 20 track is created)
[14:00] <gbisson> last thing, can you confirm you only override the toolchain because the rockpi kernel is obsolete (and most likely don't build with gcc9 or 10)
[14:00] <ogra> yes
[14:01] <ogra> you should be able to simply use the cross gcc for newer kernels and non hacked up BSPs 🙂
[14:01] <ogra> note you rae rather on your own with the gadget for now, that rockpi N10 thing is a spare time project and my spare time is rare til end of the month
[14:02] <gbisson> perfect, that's what I do, just wanted to make sure there wasn't another reason ;)
[14:02] <ogra> nope thats the only reason ... and it is an awful hack  too ... 🙂
[14:02] <gbisson> oh i know, I've been on my own on that core20 upgrade, and I have to say it has been much more painful than core16 & core18 ever were
[14:03] <ogra> yes, everything changed
[14:03] <gbisson> but thanks for all your answers, you definitely helped a lot
[14:03] <ogra> (trying to find my way around as well atm)
[14:05] <gbisson> sorry I keep on asking questions: has anyone ever got Mir working on any i.MX platform? (Vivante GPU)
[14:31] <ogra> gbisson, try #mir-server for that
[14:43] <gbisson> ogra: yes but I don't know where to feed the Vivante libraries, because it won't work without them
[14:43] <ogra> the guys in #mir-server should know 😉
[14:45] <gbisson> oh you meant the irc channel ha! I thought you meant the mir-server snap ;-)
[14:45] <ogra> 🙂
[14:46] <ogra> i would expect it to ship the evnativ driver by default though
[14:47] <ogra> (and to kind of work with that)
[14:59] <gbisson> yeah unfortunately that won't be the case, etnaviv mesa libraries only work on etnaviv driver, since NXP kernel uses vivante driver instead...
[14:59] <ogra> right, then you will likely need yur own fork of mir-kiosk ... and add it to your brand store
[15:00] <ogra> (or convince the mir team to ship vivante but i'm not sure they will be willing to do that)
[15:01] <gbisson> yes I don't expect vivante to be part of the generic package, but a mir-viv-kiosk would be nice
[15:15] <gbisson> I now get this when booting up: "assertion is signed with expired public key "blah""
[15:16] <gbisson> how come my key expired? Seems to be properly there in 'snap keys', plus I can upload to the store ok which I believe checks the key
[15:17] <ogra> replace your RTC battery 😛
[15:18] <ogra> (which i'm indeed sure you have plenty on your boards 😛 )
[15:18] <gbisson> urgh
[15:18] <gbisson> really?
[15:18] <gbisson> can't it get the time from the network?
[15:19] <ogra> there is some code in systemd-timesyncd that is supposed to set the clock to a more proper date ba default, but there ere issues ... i think xnox was working on a fix
[15:19] <ogra> *by default
[15:19] <gbisson> ok thanks, let me try that
[15:19] <ogra> you get the time from the network once the entwork is up
[15:20] <ogra> but the key check happens earlier in the boot IIRC
[15:20] <ogra> that said, try with wired network, perhaps your chances are better there
[15:21] <ogra> (we ship a default dhcp setup for eth0 that should come up earlier than wlan, with luck thats enough)
[15:23] <gbisson> ogra: thanks I confirm it works!
[15:23] <ogra> great
[15:23] <gbisson> once I get the 20 track for gadget/kernel I can release an image
[15:23] <ogra> not sure what the bug number was, but i knwo there is a bug open for the systemd fix
[15:24] <ogra> (and i guess xnox isnt watching the channel here to give it to you from the top of his head )
[15:25] <gbisson> that's ok, I want to use stable channel anyway for the issue, it will be part of the known issues that should disappear later
[15:25] <ogra> yeah, thats the spirit with UC20 🙂
[15:32] <mup> PR snapd#9912 closed: snap: provide a useful error message if gdbserver is not installed <Skip spread> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/9912>
[15:38] <gbisson> ogra: finally I got my platform fully booted up and installed properly, thanks again for the help!
[15:41] <ogra> congrats !
[16:19] <zyga_> do you guys remember the name of that thing that lets you deploy openstack or k8s quickly
[16:19] <zyga_> it had a catchy name
[16:19] <zyga_> but it flew out of my head
[16:20] <cjwatson> conjure-up I think?
[16:20] <ijohnson> juju?
[16:21] <zyga_> conjure up!
[16:21] <zyga_> thank you cjwatson :)
=== ijohnson is now known as ijohnson|lunch
[22:23] <mup> PR snapcraft#3437 opened: extensions: check that the platform snap is connected in desktop extensions and bail out if not (LP: #1915712) <Created by oSoMoN> <https://github.com/snapcore/snapcraft/pull/3437>