/srv/irclogs.ubuntu.com/2021/02/22/#snappy.txt

=== benfrancis8 is now known as benfrancis
=== benfrancis6 is now known as benfrancis
=== benfrancis7 is now known as benfrancis
=== benfrancis0 is now known as benfrancis
mborzeckimorning07:27
mborzeckimvo: hey08:00
mborzeckimvo: something hopefully simple: https://github.com/snapcore/snapd/pull/994508:01
mupPR #9945: cmd/snap, boot: add debug set-boot-vars <Simple ๐Ÿ˜ƒ> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9945>08:01
pstolowskimorning08:02
zygahey guys08:07
zygalooong night08:07
mvogood morning mborzecki and pstolowski and zyga08:07
mvozyga: what happend?08:07
mvomborzecki: looking at this PR now08:07
mborzeckihey guys08:07
zygamvo lucy had fever and wasn't sleeping very well08:07
* zyga reviews that simple PR 08:07
mvozyga: oh no!08:07
zygajust tired08:08
* mvo hugs zyga 08:12
zygamborzecki https://github.com/snapcore/snapd/pull/9945#pullrequestreview-59509020808:13
mupPR #9945: cmd/snap, boot: add debug set-boot-vars <Simple ๐Ÿ˜ƒ> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9945>08:13
=== benfrancis3 is now known as benfrancis
mupPR snapd#9880 closed: tests/lib/fakestore: support repair assertions too  <Needs Samuele review> <UC20> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/9880>08:23
mborzeckiuhh slow start today08:31
mupPR snapd#9859 closed: overlord: add manager gadget refresh test <Skip spread> <UC20> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/9859>08:43
dot-tobiasIs there a way (read: interface) to allow my snap read access to /proc/zoneinfo? The latest WPE WebKit version tries to read that file for the internal memory pressure monitor.09:59
ograogra@anubis:~/datengrab/devel/branches/snapd:master$ grep zoneinfo interfaces/builtin/*10:02
ograinterfaces/builtin/timezone_control.go:/usr/share/zoneinf๐Ÿ‘‹     r,10:02
ograinterfaces/builtin/timezone_control.go:/usr/share/zoneinfo/**    r,10:02
ogranot to the proc node it seems10:02
ograit'd only be a one line change (and a security review) away though10:04
ogra๐Ÿ™‚10:04
dot-tobiasogra: Ok thanks, wanted to make sure I didn't overlook something ๐Ÿ˜Š (and LOL at โ€œdatengrabโ€ path ๐Ÿ˜„ ) Asking because I finally managed to get the WPE Mir Kiosk snap running on armhf, so I'm back to debugging AppArmor warnings. One of which is10:05
dot-tobiasโ€œ= AppArmor = Log: apparmor="DENIED" operation="open" profile="snap.wpe-webkit-mir-kiosk.daemon" name="/proc/zoneinfo" pid=11238 comm="PressureMonitor" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 File: /proc/zoneinfo (read) Suggestion: * adjust program to not access '@{PROC}/zoneinfo'"10:05
ograwell, i guess it makes sense that timezone-control has read access to what the kernel thinks about the timezone ...10:07
dot-tobiasogra: to be clear, /proc/zoneinfo has nothing to do with timezones (just learned that)10:07
ograoh !10:07
ograme too now ๐Ÿ™‚10:07
ograi was wondering why a "pressure monitor" would access it ...10:08
dot-tobiasYup. I guess /proc/zoneinfo may be a tad more complicated from a security viewpoint โ€ฆ10:08
ograwell, it seems to be very similar to /proc/vmstat ... which has read permission via system-observe10:10
ograheh ... and browser-support ...10:10
dot-tobiasogra: I'll ask for this on the forum, any name I should @ for โ€œall things interfacesโ€? Read that jdstrand has taken on a new path ๐Ÿ˜Š12:07
ogradot-tobias, try amurray or emitorino ...12:09
mupPR snapcraft#3442 opened: storeapi: reduce the amount of constants and their meaning <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/3442>12:13
mborzeckimvo: can you land https://github.com/snapcore/snapd/pull/9943 ? i'll take care of the failur eon arch in a separate PR13:10
mupPR #9943: boot: introduce good recovery systems, provide compatibility handling <Run nested> <UC20> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9943>13:10
mupPR snapcraft#3435 closed: extensions: Fix Documents, Pictures etc symlinks <Created by diddledan> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3435>13:13
mupPR snapd#9949 opened: spread: disable Go modules support in environment  <Simple ๐Ÿ˜ƒ> <โš  Critical> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9949>13:39
ograso i have snapped thonny on the weekend to be able to play with my Pi Pico's ... on startup thonny tries to detect the attched Pico Pi's by simply running the mount command ... when plugging in a Pico it gets auto mounted as USB disk ... when thonny reads the munt feedback it gets /media/ogra/$DEVICE returned ... but it *also* gets the matching hostfs entry returned ...13:40
ograseemingly mount orders the hostfs entry first ... so thonny tries to access this one ... but that path is not covered by the removable-media interface so everything explodes ... i have to patch the call to the mount command in thonny itself to filter all hostfs entries to make it work at all ...13:41
ograis there a way to hide hostfs somethow on the snap side without having to patch the applications ?13:41
ogra(or should hostfs/media/ogra/$FOO be included in permitted paths for removable-media ?)13:43
=== aluria_ is now known as aluria
om26erMy snap sees `/var/lib/snapd/lib/gl` as empty, even if it's connected to the OpenGL interface. What is broken ?13:54
om26ernote: this is a custom snapd build for the Yocto project13:55
ograwell, does your yocto ship nvidia drivers on the host ?13:55
om26eryes, infact its a Nvidia hardware (Xavier NX)13:55
ograand the drivers are n the expected places ?13:56
ograsnapd only maps what it knows ... i.e. it wont map a driver from /opt to snapd/lib/gl13:56
mvomborzecki: landed13:57
om26erIt has drivers in `/usr/lib/lib` mostly13:57
om26ersorry, `/usr/lib`13:57
om26erogra the drivers are in the right place. What is responsible for actually "mounting" those files. Maybe our installation is missing a systemd service that takes care of that stuff ?13:58
ograon ubuntu desktops they end up in /usr/lib/nvidia-$version ...13:58
ograi think thats snap-confine (not sure though)13:59
ograif so, it should be doing that on the fly at app startup ... not based on any systemd service13:59
mupPR snapd#9943 closed: boot: introduce good recovery systems, provide compatibility handling <Run nested> <UC20> <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/9943>14:00
om26erogra I guess here is a list of libraries that are supposed to get "mounted" under that directory https://github.com/snapcore/snapd/blob/master/cmd/snap-confine/mount-support-nvidia.c#L83 -- They definitely exist on the host but don't get mounted anywhere14:03
om26erour current "hack" is to add `/var/lib/snapd/hostfs/usr/lib` to LD_LIBRARY_PATH14:05
ograhttps://github.com/snapcore/snapd/blob/master/cmd/snap-confine/mount-support-nvidia.c#L50614:05
ograit looks for an arch triplet subdir14:05
ogra(or alternetively for /usr/lib/nvidia)14:07
om26erah, interesting. That's quite different from the structure that Jetson platform follows. I'll see if monkey patching snapd works for us. Then will create a  bug report or forum post for this.14:09
ograjust add bind mounts on the host side ๐Ÿ˜‰14:17
ograway faster for testing than patching snapd14:17
* pstolowski doctor15:14
* cachio lunch16:01
pstolowskire16:32
jdstrandamurray, emitorino: I suspect that /proc/zoneinfo (for dot-tobias) is a candidate for system-observe (man proc)17:27
pedronispstolowski: I finished a full pass on #9930, mostly small things except for the comment for AddSequenceToUpdate17:45
mupPR #9930: asserts: pool changes for validation-sets <Needs Samuele review> <validation-sets :white_check_mark:> <Created by stolowski> <https://github.com/snapcore/snapd/pull/9930>17:45
pstolowskipedronis: that's great, thank you!17:45
pedronispstolowski: let me know if you have questions17:47
pedronispstolowski: thank you17:47
mupPR snapd#9947 closed: tests: find files before using cat command when checking broadcom-asic-control interface <Created by sergiocazzolato> <Merged by sergiocazzolato> <https://github.com/snapcore/snapd/pull/9947>17:50
mupPR snapd#9948 closed: tests: use new path to find kernel.img in uc20 for arm devices <Created by sergiocazzolato> <Merged by sergiocazzolato> <https://github.com/snapcore/snapd/pull/9948>17:50
mupBug #1606510 opened: Mechanism to create system groups <lxd> <Snappy:Confirmed> <https://launchpad.net/bugs/1606510>17:53
mupBug #1606510 changed: Mechanism to create system groups <lxd> <Snappy:Confirmed> <https://launchpad.net/bugs/1606510>17:56
mupBug #1606510 opened: Mechanism to create system groups <lxd> <Snappy:Confirmed> <https://launchpad.net/bugs/1606510>18:05
mupPR snapcraft#3443 opened: extensions: add conditional for GNOME Makefile using bindtextdomain <Created by sergiusens> <https://github.com/snapcore/snapcraft/pull/3443>18:33
tianonis there a ~easy way to run an i386 snapcraft build on an amd64 environment?  (maybe some clever way to change the LXD image that gets used?)20:00
tianon(I found --target-arch which doesn't work with Multipass or LXD and the experimental version that only works with core20 which thus can't work with i386 :D)20:01
tianonmy "best" thought so far is to convince snapcraft to run in "host" mode inside a Docker container, but I figure there's gotta be a better way (especially since my build uses other snaps, so I don't think the Docker method is even gonna work)20:02
=== ShibaInu is now known as Shibe
tianonI guess I could implement the "snapcraft via LXD the hard way" steps, but that sounds really tedious and error-prone for what I was hoping could just be an easy "smoke test" in GitHub actions O:)20:17
ijohnsontianon: one way I can think of for you to try is to manually start a lxd container with the right i386 arch that has the same name that snapcraft would create if it was managing it, then try running SNAPCRAFT_BUILD_ENVIRONMENT=lxd snapcraft (or whatever the env var is), and see what falls out20:34
ijohnsonI don't know if that would work or not tbh, I have done that before to customize some bits in the container OOB from snapcraft but always with the same arch container20:34
tianonah hahaha, I like it; I'll see what I can do20:34
mupPR snapd#9950 opened: tests: fix for preseed test on 21.04 <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/9950>20:46
=== ogra_ is now known as Guest79813
mupPR snapd#9951 opened: tests/regression/lp-1910456: cleanup the /snap symlink when done  <Simple ๐Ÿ˜ƒ> <Test Robustness> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9951>22:21
mupPR snapcraft#3444 opened: snap: explicitly add setuptools-rust package to python-packages <Created by cjp256> <https://github.com/snapcore/snapcraft/pull/3444>23:04
om26erhow to run snapd in "verbose" mode ? I need to checks its errors and warnings23:29
ijohnsonom26er: SNAPD_DEBUG=1 in /etc/environment23:29
ijohnsonalso for snap commands like snap run there is SNAP_CONFINE_DEBUG=123:29
om26erThanks, both would do :+1:23:31
mupPR snapd#9949 closed: spread: disable Go modules support in environment  <Simple ๐Ÿ˜ƒ> <โš  Critical> <Created by bboozzoo> <Merged by anonymouse64> <https://github.com/snapcore/snapd/pull/9949>23:52
amurrayjdstrand: ah thanks for the ping - yeah zoneinfo looks pretty similar to vmstat which is already in system-observe so this feels like a good fit23:56

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!