/srv/irclogs.ubuntu.com/2021/02/25/#snappy.txt

mup	Bug #1916816 opened: File picker and other native windows have garbled fonts in Arch & Manjaro <fonts> <Snappy:New> <https://launchpad.net/bugs/1916816>	03:09
mup	Bug #1916816 changed: File picker and other native windows have garbled fonts in Arch & Manjaro <fonts> <Snappy:New> <https://launchpad.net/bugs/1916816>	03:12
mup	Bug #1916816 opened: File picker and other native windows have garbled fonts in Arch & Manjaro <fonts> <Snappy:New> <https://launchpad.net/bugs/1916816>	03:15
padge	oerheks: I ended up nuking the system, reinstalling snapd, then restoring from the snapshot that I made after things went south. Then I installed the Nextcloud snap after that. Everything is fine now -- I didn't lose anything. But my fs was boogered up from crashing, I guess.	03:40
padge	oerheks: I ended up nuking the system, reinstalling snapd, then restoring from the snapshot that I made after things went south. Then I installed the Nextcloud snap after that. Everything is fine now -- I didn't lose anything. But my fs was boogered up from crashing, I guess. (repost in case you missed it, and in case you care)	03:53
mborzecki	morning	06:56
mborzecki	mvo: hey	07:45
mvo	good morning mborzecki	07:48
mup	PR snapd#9884 closed: tests/main/snap-repair: test running repair assertion w/ fakestore <Test Robustness> <UC20> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/9884>	07:53
pstolowski	morning	08:08
jamesh	alan_g: I think https://github.com/MirServer/snapd/pull/4 should help fix the spread failures in your desktop-launch PR	08:09
mup	PR MirServer/snapd#4: usersession/userd: only pass --collect if we have a new enough systemd <Created by jhenstridge> <https://github.com/MirServer/snapd/pull/4>	08:09
mup	PR snapd#9952 closed: interfaces: allow reading the Xauthority file KDE Plasma writes for Wayland sessions <Needs Samuele review> <Needs security review> <Simple 😃> <Created by jhenstridge> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/9952>	08:13
mborzecki	mvo: can you cherry pick https://github.com/snapcore/snapd/pull/9952 to 2.49?	08:18
mup	PR #9952: interfaces: allow reading the Xauthority file KDE Plasma writes for Wayland sessions <Needs Samuele review> <Needs security review> <Simple 😃> <Created by jhenstridge> <Merged by pedronis> <https://github.com/snapcore/snapd/pull/9952>	08:18
mvo	mborzecki: sure, done	08:22
mborzecki	mvo: thank you!	08:22
mborzecki	hmm the version i get in snap/snapd binaries built out of the development tree are weird, they are like `+git1000.gb5e86eb`	08:23
mvo	mborzecki: oh, hm, it should be relativel to the last stable tag	08:24
mborzecki	mkversion didn't change recently	08:24
mborzecki	mvo: https://github.com/snapcore/snapd/pull/9961 fixes it for me	08:31
mup	PR #9961: mkversion: check that version from changelog is set before overriding the output version <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9961>	08:31
mborzecki	(and I can refresh snapcraft again)	08:32
mup	PR snapd#9961 opened: mkversion: check that version from changelog is set before overriding the output version <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9961>	08:33
zyga	hello guys!	08:41
mborzecki	zyga: hey	08:44
zyga	https://git.ostc-eu.org/OSTC/OHOS/components/staging/xts_acts/-/pipelines/1156	08:44
zyga	first spread job in openharmony	08:45
zyga	fingers crossed, it will probably not work okay :)	08:45
zyga	with a bit of luck the results will be displayed in gitlab UI	08:45
zyga	as a nice navigable set of suites and tests	08:45
mborzecki	mvo: intersting, didn't realize we had HostScaledTimeout, should we fixup all the places where settle and other timeouts are used in the tests?	08:46
mvo	mborzecki: it's probably fine, we added it because of the slow risv-v virtual builders but it's been a problem only in some of the tests	08:47
mborzecki	ok	08:47
mvo	mborzecki: in theory it would be good to be consistent but probably not worth it	08:47
zyga	mborzecki, it was added for riscv IIRC	08:47
mvo	zyga: woah, nice	08:47
zyga	mvo, exploring the unknown :)	08:48
mvo	zyga: "To boldly go where no man has gone before!"	08:49
zyga	mvo, I can repeat that, it will be even more interesting in zephyr	08:50
=== oerheks1 is now known as oerheks
mup	PR snapd#9945 closed: cmd/snap, boot: add debug set-boot-vars <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/9945>	09:48
=== TooLmaN_ is now known as TooLmaN
=== jnsgruk0 is now known as jnsgruk
=== padge_ is now known as padge
=== not_phunyguy is now known as phunyguy
=== mborzeck1 is now known as mborzecki
zyga	mvo_, one more patch for spread https://git.ostc-eu.org/OSTC/packaging/spread/-/blob/master/debian/patches/0004-Allow-disabling-kvm-with-SPREAD_QEMU_KVM.patch	10:17
mup	PR snapd#9962 opened: asserts: include the assertion timestamp in error message when outside of signing key validity range <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/9962>	10:48
mborzecki	cachio: hi, did you get a chance to play with the openssue images from yesterday?	11:01
pstolowski	pedronis_: do you think refreshing of validation set asserts on install/remove deserves own task handler? while on install we can do it in validate-snap, for remove i don't see a good candidate	11:20
mup	PR snapd#9963 opened: wrappers: install D-Bus service activation files for snapd session tools on core <Created by jhenstridge> <https://github.com/snapcore/snapd/pull/9963>	11:24
=== pedronis_ is now known as pedronis
pedronis	pstolowski: we can't do it with a task, we need to do it before we do the actual operation	11:27
pedronis	pstolowski: is the same as how we refresh snap-declarations	11:27
pedronis	we do that from daemon or helper, not tasks	11:27
pstolowski	hmm	11:28
pedronis	pstolowski: but yes, it's different from snap-declarations, we really need the snap declaration to do the actual ops, but for validations they matter before and during we talk to the store	11:28
pedronis	not after	11:28
pedronis	basically there is nothing to do in validate-snap about validation sets	11:29
pedronis	pstolowski: you sound a bit confused, maybe we shouuld have a chat	11:29
pstolowski	pedronis: if you have a moment that would be great i think	11:33
pedronis	pstolowski: going to the SU	11:36
cachio	mborzecki, hi	12:00
cachio	yes	12:00
cachio	I created a new image based on the one published for openstack	12:00
mborzecki	cachio: did you manage to get it to boot in gce?	12:01
cachio	it is getting stuck also that one	12:01
mborzecki	cachio: on govendor sync?	12:01
cachio	mborzecki, yes, I had to update that	12:01
cachio	mborzecki, yes	12:01
zyga	hey cachio	12:01
mborzecki	cachio: can i try that somehow?	12:01
cachio	the image is published	12:01
zyga	cachio, I have four patches for spread now	12:02
zyga	cachio, no luck in merging anything recently though	12:02
mborzecki	cachio: ah, so i can just lanuch a test on tw with spread and it should pick up the new image?	12:02
cachio	mborzecki, opensuse-tumbleweed-2-64-base-v20210224	12:02
mborzecki	oh, ok	12:03
mborzecki	thanks	12:03
cachio	no	12:03
cachio	this is the new imaage	12:03
cachio	the disk is not big	12:03
cachio	but it is just for testing	12:03
cachio	zyga, hey	12:03
cachio	nice	12:03
cachio	zyga, it is difficult to merge patches in spread :)	12:03
cachio	zyga, which are the new patches?	12:04
mborzecki	cachio: thanks	12:12
zyga	cachio, I didn't open the PRs yet, they are all here: https://git.ostc-eu.org/OSTC/packaging/spread/-/tree/master/debian/patches	12:13
cachio	zyga, awesome, I'll take a look	12:14
zyga	cachio, I can open a few PRs if you want	12:14
zyga	we can discuss there	12:14
zyga	niemeyer_, do you have some time to review several small spread patches?	12:15
cachio	zyga, it is ok for me, if you have patches it is better to add a pr	12:15
zyga	cachio, yeah, I'll do that in a moment	12:16
cachio	tx	12:18
* cachio afk		12:20
cachio	mborzecki, hey https://paste.ubuntu.com/p/jVYtFCvbgP/	13:04
cachio	this is what I found in tes tsecurity-dev-input-event-denied	13:04
cachio	adter connect the joystick, apparmor is not denying any more	13:05
cachio	something else is doing that	13:05
mup	PR snapd#9964 opened: asserts: use Fetcher in AddSequenceToUpdate <Needs Samuele review> <validation-sets :white_check_mark:> <Created by stolowski> <https://github.com/snapcore/snapd/pull/9964>	13:14
ijohnson	morning folks	13:18
zyga	hey ijohnson	13:38
ijohnson	hello zyga	13:38
zyga	cachio, udev	13:38
zyga	cachio, you can verify that by looking at the device cgroup	13:38
zyga	and listing the set of allowed devices	13:38
zyga	cachio, check out /sys/fs/cgroup/devices/snap.snap-store.ubuntu-software/devices.list (the snap name is just an example)	13:39
zyga	compare that with stat /dev/input/event2	13:40
zyga	it's based on major:minor numbers	13:40
cachio	on that	13:42
cachio	zyga, access is different	13:43
cachio	https://paste.ubuntu.com/p/BtMyBXGVpW/	13:43
cachio	https://paste.ubuntu.com/p/kB6WF8hrp4/	13:44
mborzecki	cachio: got this on opensuse: https://paste.ubuntu.com/p/vZPPTtCy6z/ looks like we need to accept the key somehow	14:25
cachio	mborzecki, yes	14:26
cachio	update the line to zypper --no-gpg-checks ref	14:26
cachio	line 560 in spread.yaml	14:26
mborzecki	ok	14:26
zyga	cachio, stating the device cgroup file is useless, that is not relelevant there	14:44
zyga	cachio, just the major:minor of the input device	14:44
zyga	and the contents of the access list	14:44
zyga	but this should give you everything to debug the rest	14:44
cachio	zyga, sure, let me create a new debug session	14:45
zyga	mborzecki, I know that	14:57
* zyga thinks		14:57
zyga	there's a command line option to agree	14:57
mborzecki	cachio: heh, still fails in the kernel: https://paste.ubuntu.com/p/mH3C3ftRY8/	14:58
cachio	mborzecki, yes	14:59
cachio	it is the same error that we got with the previous image	14:59
mborzecki	cachio: filed https://bugzilla.suse.com/show_bug.cgi?id=1182761	15:05
cachio	mborzecki, awesome	15:07
cachio	thanks	15:07
mborzecki	hmm, maybe on monda i can try to fork their kiwi repo, and build as an image with ext4 instead of xfs	15:08
ijohnson	hey cachio so I looked at your pastebins above about the device group vs apparmor denial and I think I see the problem	15:09
cachio	ijohnson, nice, which is it?	15:09
ijohnson	cachio: in https://paste.ubuntu.com/p/BtMyBXGVpW/ we can see that the device major/minor number for /dev/input/event2 is (in hex) d,42 (or in decimal 13,66)	15:10
ijohnson	but from your other paste, https://paste.ubuntu.com/p/kB6WF8hrp4/ the device cgroup does not have any rules for major number 13	15:10
ijohnson	so for whatever reason /dev/input/event2 on this system has a device major/minor number that we don't allow for	15:10
cachio	ijohnson, ah, well, that explains why it is failing	15:11
zyga	ijohnson, what's the test scenario	15:12
zyga	I mean, we know about several bugs in how this works	15:13
ijohnson	zyga: the security-dev-input-event-denied spread test fails	15:13
ijohnson	zyga: see cachio's PR #9960	15:13
mup	PR #9960: tests: update permission denied message for test-snapd-event on ubuntu 2104 <⛔ Blocked> <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/9960>	15:13
zyga	ijohnson, looking	15:14
ijohnson	hmm although now I'm confused	15:16
ijohnson	that bit of the test is supposed to fail on AppArmor, not on the device cgroup	15:17
ijohnson	so the fact that we don't have rules in the device cgroup makes sense	15:17
zyga	cachio, ijohnson: do we know what changed?	15:21
zyga	is it a new kernel?	15:22
ijohnson	zyga: this test has been sporadically failing on arch, ubuntu 18.04, 20.04, and possibly others for a few months now, at least a couple times a week I have seen this failure	15:23
zyga	ijohnson, weird and interesting	15:23
ijohnson	when I try to reproduce it I always seem to fail, but maybe cachio can now reproduce it consistently with 21.04	15:23
ijohnson	I added some more thoughts to the PR	15:23
zyga	maybe something is racy	15:23
zyga	name="/dev/input/event2" pid=32386 comm="read-evdev-devi"	15:24
zyga	what is that program?	15:24
zyga	read-evdev-device?	15:24
cachio	it always fails for me	15:24
ijohnson	cachio: which system ?	15:24
zyga	is that a test program	15:24
zyga	it's a bit opaque in test-snapd-event	15:25
ijohnson	zyga: that program is tests/lib/snaps/test-snapd-event/bin/read-evdev-device script	15:25
zyga	ah, so not a part of udev or something like that	15:25
ijohnson	it just tries to open the /dev node	15:25
* zyga looks		15:25
ijohnson	cachio: if you can reproduce it please let me know what system you can reproduce it on, I would be really interested in reproducing it here too	15:26
zyga	hmm	15:26
zyga	looks complex	15:26
zyga	but in reality it means that the device just refuses to open	15:26
cachio	ijohnson, well, I reproduce it running -> spread -debug google:ubuntu-21.04-64:tests/main/security-dev-input-event-denied	15:28
zyga	ijohnson, when you run it locally, have a look at the apparmor and device list before trying	15:28
zyga	to see if it makes sense in both cases	15:28
* zyga goes to deploy DCO checks		15:28
ijohnson	zyga: well I think what this means (the err msg being EPERM and not EACCESS) w/ the interface disconnected is that something was let through AppArmor first or for some odd reason we checked the device cgroup first	15:28
ijohnson	thanks for your thoughts zyga, ttyl	15:28
ijohnson	cachio: great, let me have a try here	15:28
zyga	ijohnson, I think those are under kernel control	15:28
zyga	unless something broke and now we check something that was dormant before	15:28
zyga	ping me back, I'll be around	15:28
ijohnson	yeah I dunno, I'm trying to reproduce on hirsute	15:37
* zyga runs 20.04 on the thinkpad and 20.10 on the desktop		15:42
pedronis	pstolowski: I did a pass on the assertstate bits of #9922	16:19
mup	PR #9922: api: validation sets monitor mode <Needs Samuele review> <validation-sets :white_check_mark:> <Created by stolowski> <https://github.com/snapcore/snapd/pull/9922>	16:19
pstolowski	pedronis: ty	16:19
pedronis	pstolowski: let me know if my comment are unclear, anyway worst case we'll chat on Monday as you are off tomorrow	16:32
pstolowski	sure	16:32
* cachio lunch		16:37
ijohnson	cachio: zyga: so I have confirmed that at least on hirsute, indeed the device cgroup is being used _before_ apparmor, so if I add the /dev/input/event2 to the device cgroup for the snap, then instead of getting EPERM from the device cgroup, I now get EACCES from AppArmor, and this is 100% reproducible for me	16:55
ijohnson	so I think something has changed in hirsute for some reason	16:55
zyga	ijohnson, ha	16:55
zyga	interesting	16:55
zyga	yeah, must be the new kernel	16:55
zyga	ijohnson, it's still cgroup v1?	16:55
ijohnson	this could be what changed in the other systems too, but what's weird is we see this same failure in like bionic for example on GCE, which shouldn't be using the new kernel	16:55
ijohnson	zyga: I need to check but I'm fairly confident that the move to cgroups v2 for ubuntu was pushed out to 21.10	16:56
zyga	just type mount	16:56
ijohnson	https://www.irccloud.com/pastebin/T9pMQVDp/	16:57
ijohnson	I think that means hybrid ?	16:57
zyga	yeah but without any controllers in v2	16:58
zyga	so cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) matters	16:58
zyga	so v1 in practice	16:58
ijohnson	right which should be what is in i.e. bionic too	16:58
zyga	ijohnson, my suggestion would be to ask jj or the kernel team	16:59
ijohnson	zyga: ack thanks yeah this does seem some sort of kernel related issue	16:59
zyga	ijohnson, I hope :)	17:04
pstolowski	pedronis: i addressed most of your comments but not all, just pushed what i've but it's not ready for re-review yet, i need to ponder a bit about these tests	17:13
Cuare	o k	17:18
ijohnson	zyga: one more thing if you're curious, I can reproduce this with the generic kernel we have in hirsute, not just the gce one, and interestingly the gcp kernel is 5.8 based, while the "new" one in hirsute is 5.10, so I actually am not sure that it is kernel related	17:21
=== ijohnson is now known as ijohnson\|lunch
zyga	ijohnson\|lunch, oh	17:21
zyga	ijohnson\|lunch, what makes you think this is not related to the kernel?	17:23
ijohnson\|lunch	because it is happening with an older kernel in gce and a new one	17:23
ijohnson\|lunch	but yeah honestly don't know, but I did ask jj	17:24
ijohnson\|lunch	so we'll see what he thinkgs	17:24
ijohnson\|lunch	anyways lunch for realz this time	17:24
zyga	ah, I misread that	17:25
zyga	so it happens with two different kernels (5.8 and 5.10)	17:25
zyga	what was the last working kernel?	17:25
zyga	enjoy :)	17:25
* zyga EODs		17:31
=== ijohnson\|lunch is now known as ijohnson\|groceri
padge	Is there a convention for snap authors (looking at Nextcloud) to release news about upcoming efforts/releases?	19:04
=== dariball_ is now known as dariball
=== ogra_ is now known as Guest97578
=== ba is now known as bandali
=== E_Eickmeyer is now known as Eickmeyer
=== ijohnson\|groceri is now known as ijohnson

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!