=== benfrancis8 is now known as benfrancis === benfrancis6 is now known as benfrancis === benfrancis7 is now known as benfrancis === benfrancis0 is now known as benfrancis [07:27] morning [08:00] mvo: hey [08:01] mvo: something hopefully simple: https://github.com/snapcore/snapd/pull/9945 [08:01] PR #9945: cmd/snap, boot: add debug set-boot-vars [08:02] morning [08:07] hey guys [08:07] looong night [08:07] good morning mborzecki and pstolowski and zyga [08:07] zyga: what happend? [08:07] mborzecki: looking at this PR now [08:07] hey guys [08:07] mvo lucy had fever and wasn't sleeping very well [08:07] * zyga reviews that simple PR [08:07] zyga: oh no! [08:08] just tired [08:12] * mvo hugs zyga [08:13] mborzecki https://github.com/snapcore/snapd/pull/9945#pullrequestreview-595090208 [08:13] PR #9945: cmd/snap, boot: add debug set-boot-vars === benfrancis3 is now known as benfrancis [08:23] PR snapd#9880 closed: tests/lib/fakestore: support repair assertions too [08:31] uhh slow start today [08:43] PR snapd#9859 closed: overlord: add manager gadget refresh test [09:59] Is there a way (read: interface) to allow my snap read access to /proc/zoneinfo? The latest WPE WebKit version tries to read that file for the internal memory pressure monitor. [10:02] ogra@anubis:~/datengrab/devel/branches/snapd:master$ grep zoneinfo interfaces/builtin/* [10:02] interfaces/builtin/timezone_control.go:/usr/share/zoneinf👋 r, [10:02] interfaces/builtin/timezone_control.go:/usr/share/zoneinfo/** r, [10:02] not to the proc node it seems [10:04] it'd only be a one line change (and a security review) away though [10:04] 🙂 [10:05] ogra: Ok thanks, wanted to make sure I didn't overlook something 😊 (and LOL at “datengrab” path 😄 ) Asking because I finally managed to get the WPE Mir Kiosk snap running on armhf, so I'm back to debugging AppArmor warnings. One of which is [10:05] “= AppArmor = Log: apparmor="DENIED" operation="open" profile="snap.wpe-webkit-mir-kiosk.daemon" name="/proc/zoneinfo" pid=11238 comm="PressureMonitor" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 File: /proc/zoneinfo (read) Suggestion: * adjust program to not access '@{PROC}/zoneinfo'" [10:07] well, i guess it makes sense that timezone-control has read access to what the kernel thinks about the timezone ... [10:07] ogra: to be clear, /proc/zoneinfo has nothing to do with timezones (just learned that) [10:07] oh ! [10:07] me too now 🙂 [10:08] i was wondering why a "pressure monitor" would access it ... [10:08] Yup. I guess /proc/zoneinfo may be a tad more complicated from a security viewpoint … [10:10] well, it seems to be very similar to /proc/vmstat ... which has read permission via system-observe [10:10] heh ... and browser-support ... [12:07] ogra: I'll ask for this on the forum, any name I should @ for “all things interfaces”? Read that jdstrand has taken on a new path 😊 [12:09] dot-tobias, try amurray or emitorino ... [12:13] PR snapcraft#3442 opened: storeapi: reduce the amount of constants and their meaning [13:10] mvo: can you land https://github.com/snapcore/snapd/pull/9943 ? i'll take care of the failur eon arch in a separate PR [13:10] PR #9943: boot: introduce good recovery systems, provide compatibility handling [13:13] PR snapcraft#3435 closed: extensions: Fix Documents, Pictures etc symlinks [13:39] PR snapd#9949 opened: spread: disable Go modules support in environment <⚠ Critical> [13:40] so i have snapped thonny on the weekend to be able to play with my Pi Pico's ... on startup thonny tries to detect the attched Pico Pi's by simply running the mount command ... when plugging in a Pico it gets auto mounted as USB disk ... when thonny reads the munt feedback it gets /media/ogra/$DEVICE returned ... but it *also* gets the matching hostfs entry returned ... [13:41] seemingly mount orders the hostfs entry first ... so thonny tries to access this one ... but that path is not covered by the removable-media interface so everything explodes ... i have to patch the call to the mount command in thonny itself to filter all hostfs entries to make it work at all ... [13:41] is there a way to hide hostfs somethow on the snap side without having to patch the applications ? [13:43] (or should hostfs/media/ogra/$FOO be included in permitted paths for removable-media ?) === aluria_ is now known as aluria [13:54] My snap sees `/var/lib/snapd/lib/gl` as empty, even if it's connected to the OpenGL interface. What is broken ? [13:55] note: this is a custom snapd build for the Yocto project [13:55] well, does your yocto ship nvidia drivers on the host ? [13:55] yes, infact its a Nvidia hardware (Xavier NX) [13:56] and the drivers are n the expected places ? [13:56] snapd only maps what it knows ... i.e. it wont map a driver from /opt to snapd/lib/gl [13:57] mborzecki: landed [13:57] It has drivers in `/usr/lib/lib` mostly [13:57] sorry, `/usr/lib` [13:58] ogra the drivers are in the right place. What is responsible for actually "mounting" those files. Maybe our installation is missing a systemd service that takes care of that stuff ? [13:58] on ubuntu desktops they end up in /usr/lib/nvidia-$version ... [13:59] i think thats snap-confine (not sure though) [13:59] if so, it should be doing that on the fly at app startup ... not based on any systemd service [14:00] PR snapd#9943 closed: boot: introduce good recovery systems, provide compatibility handling [14:03] ogra I guess here is a list of libraries that are supposed to get "mounted" under that directory https://github.com/snapcore/snapd/blob/master/cmd/snap-confine/mount-support-nvidia.c#L83 -- They definitely exist on the host but don't get mounted anywhere [14:05] our current "hack" is to add `/var/lib/snapd/hostfs/usr/lib` to LD_LIBRARY_PATH [14:05] https://github.com/snapcore/snapd/blob/master/cmd/snap-confine/mount-support-nvidia.c#L506 [14:05] it looks for an arch triplet subdir [14:07] (or alternetively for /usr/lib/nvidia) [14:09] ah, interesting. That's quite different from the structure that Jetson platform follows. I'll see if monkey patching snapd works for us. Then will create a bug report or forum post for this. [14:17] just add bind mounts on the host side 😉 [14:17] way faster for testing than patching snapd [15:14] * pstolowski doctor [16:01] * cachio lunch [16:32] re [17:27] amurray, emitorino: I suspect that /proc/zoneinfo (for dot-tobias) is a candidate for system-observe (man proc) [17:45] pstolowski: I finished a full pass on #9930, mostly small things except for the comment for AddSequenceToUpdate [17:45] PR #9930: asserts: pool changes for validation-sets

[17:45] pedronis: that's great, thank you! [17:47] pstolowski: let me know if you have questions [17:47] pstolowski: thank you [17:50] PR snapd#9947 closed: tests: find files before using cat command when checking broadcom-asic-control interface [17:50] PR snapd#9948 closed: tests: use new path to find kernel.img in uc20 for arm devices [17:53] Bug #1606510 opened: Mechanism to create system groups [17:56] Bug #1606510 changed: Mechanism to create system groups [18:05] Bug #1606510 opened: Mechanism to create system groups [18:33] PR snapcraft#3443 opened: extensions: add conditional for GNOME Makefile using bindtextdomain [20:00] is there a ~easy way to run an i386 snapcraft build on an amd64 environment? (maybe some clever way to change the LXD image that gets used?) [20:01] (I found --target-arch which doesn't work with Multipass or LXD and the experimental version that only works with core20 which thus can't work with i386 :D) [20:02] my "best" thought so far is to convince snapcraft to run in "host" mode inside a Docker container, but I figure there's gotta be a better way (especially since my build uses other snaps, so I don't think the Docker method is even gonna work) === ShibaInu is now known as Shibe [20:17] I guess I could implement the "snapcraft via LXD the hard way" steps, but that sounds really tedious and error-prone for what I was hoping could just be an easy "smoke test" in GitHub actions O:) [20:34] tianon: one way I can think of for you to try is to manually start a lxd container with the right i386 arch that has the same name that snapcraft would create if it was managing it, then try running SNAPCRAFT_BUILD_ENVIRONMENT=lxd snapcraft (or whatever the env var is), and see what falls out [20:34] I don't know if that would work or not tbh, I have done that before to customize some bits in the container OOB from snapcraft but always with the same arch container [20:34] ah hahaha, I like it; I'll see what I can do [20:46] PR snapd#9950 opened: tests: fix for preseed test on 21.04 === ogra_ is now known as Guest79813 [22:21] PR snapd#9951 opened: tests/regression/lp-1910456: cleanup the /snap symlink when done [23:04] PR snapcraft#3444 opened: snap: explicitly add setuptools-rust package to python-packages [23:29] how to run snapd in "verbose" mode ? I need to checks its errors and warnings [23:29] om26er: SNAPD_DEBUG=1 in /etc/environment [23:29] also for snap commands like snap run there is SNAP_CONFINE_DEBUG=1 [23:31] Thanks, both would do :+1: [23:52] PR snapd#9949 closed: spread: disable Go modules support in environment <⚠ Critical> [23:56] jdstrand: ah thanks for the ping - yeah zoneinfo looks pretty similar to vmstat which is already in system-observe so this feels like a good fit