/srv/irclogs.ubuntu.com/2021/03/15/#snappy.txt

mborzeckimorning07:05
mupPR snapd#10034 closed: tests/main/uc20-create-partitions: fix tests cleanup <Simple 😃> <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10034>07:42
pstolowskimorning08:00
mborzeckipstolowski: hey08:01
mvogood morning pstolowski and mborzecki08:15
mborzeckimvo: hey!08:22
mborzeckithanks for landing 1003408:22
mupPR snapd#10036 opened: interfaces/apparmor: allow reading /proc/sys/kernel/random/entropy_avail <Needs security review> <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/10036>08:22
mvomy pleasure08:32
pedronismborzecki: hi, I re-reviewed #1000609:54
mupBug #10006: python libglade program crashes on load <pygtk (Ubuntu):Fix Released by seb128> <https://launchpad.net/bugs/10006>09:54
mupPR #10006: cmd/snap-bootstrap: refactor handling of ubuntu-save, do not use secboot's implicit fallback <Run nested> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/10006>09:54
pedronispstolowski: hi, I have a question/consideration in #9959, does it make sense?09:59
mupPR #9959: o/snapstate: update validation sets assertions with auto-refresh <Needs Samuele review> <validation-sets :white_check_mark:> <Created by stolowski> <https://github.com/snapcore/snapd/pull/9959>09:59
pstolowskilooking09:59
pstolowskipedronis: ah yes, makes sense, thank you10:01
pedronismborzecki: #10022 needs a 2nd review10:07
mupBug #10022: don't build-depend on mingw32 if possible <syslinux (Ubuntu):Fix Released by cjwatson> <https://launchpad.net/bugs/10022>10:07
mupPR #10022: boot, o/devicestate: split makeBootable20 into two parts  <Run nested> <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/10022>10:07
mborzeckipedronis: i'll take  a look, and thanks for a review in 1002210:07
mborzeckipedronis: i've updated 1000610:48
pedronismborzecki: can you tell me more about what happens with the locking of keys in that test? you just removed the mocking now10:52
pedronismborzecki: TestInitramfsMountsRecoverModeDegradedEncryptedDataUnencryptedSaveHappy, this is also happy because Save is ignored again?10:54
mborzeckipedronis: yeah, i was confused by the test code previously, testRecoveryHappymode() installs a separate mock which does the right check, but i forgot to remove the one in the test before committing and pushing10:55
mborzeckiand it does indeed check that the lock code is called always10:56
pedronisah, I see that now, thx10:56
mborzeckipedronis: as for the test cases i actually consider them happy in the sense that s-b does not fail, though the one with unencrypted data & encrypted save is rather artificial at this point10:59
pedronismborzecki: I +1ed but it needs a thorough review from Ian, also left a couple final comments10:59
mborzeckithanks!10:59
cachiomborzecki, hi11:12
mborzeckicachio: hi, what's up?11:12
cachioI see some tests show11:12
cachiotests.invariant: it seems snap-confine has crashed11:12
cachioI reproduced that and I see the directory /tmp/snap.rootfs_YwlgKW created is empty11:12
cachioany idea in case the dir is empty it failed?11:13
cachiobecause we are making a test fail but there are not any logs, so no way to understand what happened11:13
cachiodmesg and journal logs are not showing any useful info11:14
mborzeckicachio: yeah, saw that too, but i don't any ideas at this time the directory is supposed to be removed by snap-confine, and it will abort if it cannot do so, hope that #10033 will help tracking it down11:16
mupBug #10033: bittornado: new changes from Debian require merging <Ubuntu:Fix Released by cjwatson> <https://launchpad.net/bugs/10033>11:16
mupPR #10033: tests: run the reset.sh helper and check test invariants while the test is restored <Simple 😃> <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/10033>11:16
pstolowskipedronis: wrt refresh control, is there a good way of knowing upfront if reboot will be required? i'm looking at boot participant but it modifies the system (requests reboot already)11:17
pstolowski(sorry, not requests the reboot but prepares for it, to be precise0`11:18
pstolowski)11:18
cachiopstolowski, hey, could you plase take a quick look to 10026?11:25
pstolowskicachio: sure11:26
cachiotx11:26
pstolowski+111:31
mvopedronis: I added a bunch more tests to 9981, hopefully captures what we discussed last week11:34
mvopedronis: (not urgent)11:34
pedronispstolowski: not in general, I think we need to be conservative for a while11:36
pedronismvo: thx, it's in my queue11:37
pstolowskipedronis: i.e. just assume kernel/gadget triggers reboot?11:38
pedronispstolowski: kernel always does, gadget sometimes, but yes11:38
pedronispstolowski: we can refine this later11:39
pedronisif possible11:39
pstolowskipedronis: ok11:40
mupPR snapd#10026 closed: tests: use retry tool instead a loops <Created by sergiocazzolato> <Merged by sergiocazzolato> <https://github.com/snapcore/snapd/pull/10026>12:08
mborzeckipedronis: do you want to take a look at https://github.com/snapcore/snapd/pull/10036 before I land it?12:14
mupPR #10036: interfaces/apparmor: allow reading /proc/sys/kernel/random/entropy_avail <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/10036>12:14
pedronismborzecki: lgtm12:15
mborzeckiack12:15
mupPR snapd#10036 closed: interfaces/apparmor: allow reading /proc/sys/kernel/random/entropy_avail <Simple 😃> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/10036>12:18
mupPR snapd#10037 opened: boot: export helper for clearing tried system state, add tests <Simple 😃> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/10037>13:18
mupPR snapd#10038 opened: tests: replace while commands with the retry tool <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/10038>13:33
* pstolowski bbl14:09
cachio_mvo, https://github.com/snapcore/spread/pull/8215:17
mupPR spread#82: Introducing tags for the test which allows to filter executions <Created by sergiocazzolato> <https://github.com/snapcore/spread/pull/82>15:17
cachio_this is the pr to add tags toe tests in spread15:18
cachio_perhaps I could add a way to mix tags15:18
cachio_so we run tests wich match with more than 1 tag15:18
cachio_any feedback is appreciated15:19
cachio_pedronis, your feedback is also appreciated15:19
mvocachio_: I have a look15:21
cachio_mvo, tx15:24
pstolowskire15:36
* cachio_ lunch15:58
pedronisijohnson: I reviewed (finally) #9965, the code looks good but the flag/comments/usage seem confusing to me, let me know whether my comments make sense or not16:25
mupPR #9965: sysconfig, o/configstate/configcore: first step to image build pi-config application <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9965>16:25
ijohnsonpedronis: thanks let me take a look at your review16:25
ijohnsonand yes I fully expected the names of things to need some work on that pr16:26
ijohnsonpedronis: I see your points about the some of the flags not making sense or not being clear enough, those all seem reasonable, I will try to address that today16:28
pedronisijohnson: my other main point is that the new function needs to be pointed at something quite different recovery/seed  vs rootfs16:29
pedronisif I understand correctly16:29
ijohnsonpedronis: yes the rootDir is indeed a recovery system for the preinstall vs a rootfs for the early / initramfs fs only config16:30
pedronisok16:30
pedronisat least I understood things, so I think my suggestions are in the right direction16:31
ijohnsonyes I agree they are16:32
ijohnsonmvo: pedronis: could I trouble one of you for a sudo merge of #9924? the store is on fire right now, and the tests that failed there are all unrelated to the pr16:54
mupPR #9924: interfaces/docker-support: add autobind unix rules to docker-support <Needs Samuele review> <Simple 😃> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/9924>16:54
mvoijohnson: sure, let me do that16:55
ijohnsonthanks16:55
mvoijohnson: and you can trouble me anytime16:55
ijohnsoncareful what you wish for!16:55
ijohnsonmvo: while you are sudo merging, you could also merge #10022, it is mostly green except one unrelated failure16:56
mupBug #10022: don't build-depend on mingw32 if possible <syslinux (Ubuntu):Fix Released by cjwatson> <https://launchpad.net/bugs/10022>16:56
mupPR #10022: boot, o/devicestate: split makeBootable20 into two parts  <Run nested> <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/10022>16:56
mvoijohnson: consider it done16:56
ijohnsonoh no, pr numbers in snapd have gotten so high that mup can't tell if we mean lp bugs or snapd prs :-O16:56
mvoijohnson: I think we need to ask gustavo to bump it to 2000016:57
* ogra got curious when we'll see the mingw version of snapd16:57
ijohnsonmvo: yeah probably16:57
ijohnsonogra: we will see mingw snapd when win32 is implemented by wsl16:58
ograhaha16:58
mupPR snapd#9924 closed: interfaces/docker-support: add autobind unix rules to docker-support <Needs Samuele review> <Simple 😃> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/9924>16:59
mupPR snapd#10022 closed: boot, o/devicestate: split makeBootable20 into two parts  <Run nested> <UC20> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10022>16:59
pedronismvo: I looked again at #9981, asked some questions there17:01
mupPR #9981: gadget: policy for gadget/kernel refreshes <Created by mvo5> <https://github.com/snapcore/snapd/pull/9981>17:01
pedronismvo: I looked at the new commits17:03
pedronismostly17:03
ijohnsonpedronis: in #10005, you are limiting yourself to snap-revision timestamps, but xnox made a point on the associated forum topic about using also the account-key which signed the model assertion, as that timestamp will (in the worst case) be the newest thing available, is there a reason we can't use any assertion that is valid to move time forward ?17:04
mupBug #10005: network properties revert after reboot <gnome-system-tools (Ubuntu):Fix Released by seb128> <https://launchpad.net/bugs/10005>17:04
mupPR #10005: seed: ReadSystemEssentialAndBetterEarliestTime <Created by pedronis> <https://github.com/snapcore/snapd/pull/10005>17:04
mvopedronis: thanks, will reply later or in my morning! I need to think about if we need to check for "f the kernel has assets and update: true the gadget does use at least one of the kernel assets" - the helper may be wrong I will double check, maybe silly me17:04
pedronisijohnson: I use the model timestamp too17:04
pedronisitself17:04
ijohnsonoh sorry didn't actually finish reading the function I see that now17:04
pedronisijohnson: no we can't use any assertion, they could be signed by neither the brand nor the store17:05
pedronisand relevant account-key themselves must be older than the things signed with them17:06
pedronismvo: I think the helper does the other direction17:07
pedroniswhich is just failing early17:07
xnoxpedronis:  interesting. Yes, we need to only trust things that are chained to the root of trust.17:08
bdxyou guys are probably aware, but the snapstore is down17:08
xnoxpedronis:  can you detect when assertions are signed by the store though? i.e. if they chain to the root of trust, trust their timestamps?17:08
xnox(well i guess we can't trust the timestamp that one signed locally and pushed to the store)17:09
xnoxsigh17:09
bdxour ci is showing https://paste.ubuntu.com/p/b7w2RdjjbC/17:09
bdxusers and getting "504 Gateway Time-out" in their browsers17:10
pedronishttps://status.snapcraft.io/17:11
bdxpedronis: thx17:12
ijohnsonpedronis: so LoadAssertions() will load assertions into the DB that might not be signed by an unknown account-key ?17:14
ijohnsonpedronis: ah I see the attack where a legitimate user creates an account-key which is signed by the store, then puts it into the image along with another assertion they signed themselves with that key but this account-key would have a root of trust that doesn't involve the brand account-key17:14
ijohnsondo we currently validate that snap-revision assertions are signed by the store account-key and only the store account-key?17:14
pedronisijohnson: yes we do17:14
ijohnsonpedronis: ok, then the code you have is fine I think17:15
ijohnsonwell I should rephrase, I am clear on the intent of the code and it makes sense enough that I can continue with my review17:15
pedronisijohnson: if you want to see how, see (snaprev *SnapRevision) checkConsistency in snap_asserts.go17:19
ijohnsonpedronis: got it thanks for that, what do you think about expanding to also allow snap-declaration assertions given that we have a very similar check for snap-declaration as we do snap-revision assertions?17:24
=== ijohnson is now known as ijohnson|lunch
pedronisijohnson|lunch: please add a comment about that, we can (it's rare but can happen that the snap-declaration has been revised an is newer than the snap-revision)17:27
ijohnson|lunchack17:28
mupPR snapd#10039 opened: daemon: switch preexisting daemon_test tests to apiBaseSuite and .req <Cleanup :broom:> <Skip spread> <Created by pedronis> <https://github.com/snapcore/snapd/pull/10039>17:44
mupPR snapcraft#3471 closed: Add flutter-stable and -beta extension variants <Created by MarcusTomlinson> <Merged by sergiusens> <https://github.com/snapcore/snapcraft/pull/3471>18:10
=== probono9 is now known as probono
=== kali___ is now known as kaliy
micahthis snap prometheus-alertmanager seems to load its config from /var/snap/prometheus-alertmanager/11/alertmanager.yml -- can I change that config?22:39
micahits not in the current/common directory, so I'm unsure22:39
ogramicah, look at "ls -lh /var/snap/prometheus-alertmanagercurrent" ....  and you'll find its just a symlink 😉23:27
micahogra: yeah, but when it gets upgraded (presumably to 12) then my config file in 11 wont be used I guess23:28
ograwhen 12 gets installed the content of 11 gets copied to 12 first ... and after the upgrade the symlink points to 1223:30
micahah ok! I didn't know about copying to the next one23:31
ograand in case you decide t run "snap revert <packagename>" the symlink will point back to 11 and the binary from 11 will be executed23:31
ograthat way the matching config will always run with the corect binary23:31
micahthanks ogra23:40

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!