/srv/irclogs.ubuntu.com/2021/05/12/#snappy.txt

mborzeckimorning06:05
mardy'morning!06:13
mvogood morning mardy06:14
mborzeckimardy: mvo: hello06:31
mvomborzecki: good morning!06:31
mborzeckimvo: i've tweaked https://forum.snapcraft.io/t/extra-kernel-commandline-arguments-on-uc20/24370 a bit06:31
mvomborzecki: awesome, thanks. if you feel it's ready I can publish06:37
mborzeckimvo: yeah, i think we can publish it, graham will still be able to tweak it as needed06:39
mvomborzecki: excellent, I will do a final read and then publish06:46
mborzeckimvo: thanks! and thanks for starting with the doc06:49
mvomborzecki: my pleasure06:49
mvomborzecki: looks perfect, thanks for your edits, much clearer this way. I listed it now06:59
mborzeckimvo: yay, thanks!06:59
pstolowskimorning07:08
mvogood morning pstolowski07:14
mborzeckipstolowski: hey07:14
mupPR snapd#10260 closed: secboot: switch encryption key size to 32 byte (thanks to Chris) <Needs Samuele review> <Run nested> <Squash-merge> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10260>07:25
mupPR snapd#10263 opened: interfaces: fix linter issues <Created by mardy> <https://github.com/snapcore/snapd/pull/10263>07:35
pedronismborzecki: hi, how should I install golangci-lint to try it locally?08:14
mborzeckipedronis: you can grab it from here: https://github.com/golangci/golangci-lint/releases08:28
mborzeckior go get, whichever is more convenient08:28
pedronismborzecki: I'm probably using it wrong but I'm quite confused by its output, there's a lot of typecheck errors which is not even a linter we list08:43
mborzeckipedronis: have you checked the PR? https://github.com/snapcore/snapd/pull/1008208:48
mupPR #10082: github: try out golangci-lint <Needs Samuele review> <Simple 😃> <Skip spread> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/10082>08:48
pedronismborzecki: yes, I'm running it with ~/go/bin/golangci-lint run -c .golangci.yml08:49
pedronisfrom that PR08:49
pedronismaybe I don't even need the -c08:49
pedronisanyway the output doesn't seem useful, I expected testpackage problems but I don't see any, but I get typecheck problems08:50
mborzeckihm it shoudl pick up the config from he repo08:50
pedronisI get the same with -c or without08:50
mborzeckipedronis: which packages it complains about?08:50
mborzecki(typecheck specifically)08:50
pedroniswhich version were you using?08:51
pedronismborzecki: this is the output I'm getting,  https://paste.ubuntu.com/p/bY6cgdbqrx/ it's rather confusing/useless08:53
mborzeckipedronis: i have 1.39 built from source directly, let my try the latest master08:53
pedronisthis is 1.40 binary I think08:54
pedronisgolangci-lint has version 1.40.0 built from 5c6adb63 on 2021-05-10T10:45:21Z08:54
pedronisdid they change the config ?08:55
mborzeckihm 1.40 seems to be working fine here08:56
pedronisanyway if I can't make it work I'm kind of -1 on it08:57
pedronismborzecki: I'm on focal fwiw08:59
mborzeckipedronis: hm this all i see it complaining about with current master: https://paste.ubuntu.com/p/sm6BdD9SB9/08:59
pedronisI get completely different errors08:59
pedronisdid you use go get?09:00
pedronisas I said I grabbed the binary09:00
mborzeckipedronis: hm i think mardy is on focal too, but i don't expect it to be a factor here09:00
mborzeckipedronis: no it's a tarball from the releases page09:00
pedronisI think I got the same09:00
pedronisanyway if it's giving different outputs depending on the phase of the moon is not making me very happy09:01
mborzeckithe way i run it is i'm inside the snapd source tree, and then just call `golangci-lint run`, the config file should be picked up automatically09:02
pedronisyea, I do that09:02
pedronisI get those other errors09:02
pedronisI get those errors also if I pass the config explicitly09:02
mborzeckican you run `golangci-lint run --verbose` ?09:02
mborzeckipedronis: this is what i get with --verbose: https://paste.ubuntu.com/p/jsfMJhNdRx/09:03
pedronisI get the same list of linters, but analyzers has output for example09:05
=== rZr is now known as RzR
pedronismborzecki: I get Issues before processing: 4033012, after processing: 5309:06
RzRogra, hi i am back with my logs "the-tool[207]:  - assertion is signed with expired public key" , I need an RTC module09:07
pedronismborzecki: very different:  https://paste.ubuntu.com/p/qhwgqZ8Rg2/09:07
pedronismborzecki: ah, maybe I know what I'm doing wrong09:08
mborzeckipedronis: hm what is it?09:08
pedronisI might have the gopath set wrong, maybe09:08
mborzeckialso got G111MODULE=off, but not sure that changes anything either09:09
mborzeckifwiw i was overriding GOPATH, but the tool worked fine with that too09:10
mborzecki(though the go-pls version i used was unhappy about changing gopath)09:11
mborzeckipedronis: did you get it to work?09:12
ograRzR, i think ijohnson added a fix for that, try the edge channel for image builds09:20
RzRogra, I tried edge see my versions09:21
RzRhttps://forum.snapcraft.io/t/built-uc20-rasperry-pi-image-hangs-on-boot/23891/22?u=rzr09:21
ograah, sorry, havent checked the forum in 1h or so 🙂09:22
RzRlet me see if I have a RTC module if not I'll rebuild some snaps to update timestamps09:23
pedronismborzecki: it worked, I'm not sure what to think about gosimple, it's both right and to naggy, also it's suggesting things that might be wrong if it gets is type analysis wrong09:23
mborzeckipedronis: the PR sets up the linter to only complain about new things, and the action adds notes rather than review comments, so not a hard fail09:25
pedronismborzecki: that sounds annoying in its own ways09:28
pedronisI mean the added notes09:28
pedronisI struggle already sometimes with preexisting comments when doing reviews09:28
mardypedronis, mborzecki: since running the linter takes ages, I always run it on one package at a time (for example, `golangci-lint run ./interfaces/`)09:28
pedronismborzecki: we should probably run it without gosimple and testpackage, at least for a while, especially until we haven't switched to go1.13 everywhere09:29
mborzeckimardy: results should be cached between runs afaik09:29
pedronismborzecki: fwiw it feels slow here too09:34
mborzeckipedronis: is it slower than runnning each linter separately though? :)09:35
mborzeckiit probably takes a bit longer if you run it on the whole tree, i usually invoke it on the package(s) i modify in the branch09:36
pedronismborzecki: anyway I left some comments in the PR09:36
mborzeckianyways, it's ~15s on the whole tree, vs ~3s after there's some cached data09:37
mborzeckipedronis: thanks, i'll take a look09:37
RzRogra, maybe it also need https://github.com/snapcore/snapd/pull/1008510:35
mupPR #10085:  cmd/snap-bootstrap/initramfs-mounts: move time forward using assertion times (2.49) <Run nested> <Created by mvo5> <https://github.com/snapcore/snapd/pull/10085>10:35
RzRmvo, ^10:35
RzRwell not sure i am using 2.5010:36
RzRsorry for noise, I need to dig deeper10:37
pstolowskipedronis: hi, i've updated the two refresh-control PRs you commented on yesterday11:10
pedronispstolowski: I'll see if I can get back to them today11:10
pedronisthat I also need 2nd reviews though11:10
pedronisthx11:10
pstolowskipedronis: i've also updated #10182 and set as ready to review although it probably makes no sense until phase1 is merged11:13
mupPR #10182: o/snapstate: autorefresh phase1 for refresh-control <Needs Samuele review> <Refresh control> <Created by stolowski> <https://github.com/snapcore/snapd/pull/10182>11:13
mupBug #10182: Can not logout of gnome when xcompmgr is running <gnome-panel (Ubuntu):Invalid by fabbione> <https://launchpad.net/bugs/10182>11:13
mupPR snapd#10252 closed: boot: reseal given keys when the respective boot chain has changed <Needs Samuele review> <Run nested> <Created by bboozzoo> <Merged by bboozzoo> <https://github.com/snapcore/snapd/pull/10252>11:21
mborzeckipedronis: regarding https://github.com/snapcore/snapd/pull/10253#discussion_r630320902 i'm not sure we should also blindly add a system to current list, maybe it's better to error out in such case?11:34
mupPR #10253: boot: helpers for manipulating current and good recovery systems list <Run nested> <â›” Blocked> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/10253>11:34
mborzecki(also pushed master there, so the diff is smaller)11:35
pedronismborzecki: well, we need the various pieces we have to fit together, the issue that we need to be careful with is not to accumulate either tried systems at the end of the list11:42
pedronismborzecki: should we chat on this after the standup?11:44
mborzeckipedronis: hm can we try 1430 maybe? i need to leave at 4 and drop the kids off at school for their training11:45
pedronismborzecki: I have another meeting at 14:3011:45
mborzeckipedronis: ah, ok, let's stay after standup then, we usually make it in half an hour so there should be enough time after11:46
pedronisthx11:46
mardyI noticed that we are not setting the NoNewPrivileges flag in snap-confine, because (as it's written in the comments) it breaks some snaps11:50
mardydo we have some bugs in launchpad to track this?11:50
zygamardy no, because there is no point in no new privs there11:50
zygasnap-confine is a launcher11:50
zygaIIRC having that would block the launched program from doing what it may genuinely want to do11:51
mupPR snapd#10227 opened: test read the file from spread <Created by sergiocazzolato> <https://github.com/snapcore/snapd/pull/10227>11:51
mardyzyga: mmm... maybe that would not be the right place, but I grepped for NO_NEW_PRIV in the snapd source tree, and there's no place where it's set11:51
zygaright but why do you want to have it?11:52
mardyzyga: to make sure that a process running in a snap cannot break outside of its confinement11:53
mardyI just wrote a comment about it in https://github.com/snapcore/snapd/pull/8926, please let me know if I'm not getting the story right :-)11:53
mupPR #8926: interfaces: add microstack-support interface <Needs security review> <Created by dshcherb> <https://github.com/snapcore/snapd/pull/8926>11:53
zygamardy your assumption is wrong, basically12:08
zygamardy I'm away from snapd development so I won't give you a full explanation now12:08
zygabut the assumption that permissions are only reduced is incorrect12:08
zygathere's a bounding box12:08
zygabut transitions are possible within it12:08
mardyzyga: but that's a bug, right?12:09
zygano12:09
mardyI mean, in apparmor12:10
mardyif one sets the NO_NEW_PRIVILEGES flag, one should expect that any child process won't have more permissions that the process that this flag was applied to12:10
mupPR snapd#10227 closed: test read the file from spread <Created by sergiocazzolato> <Closed by sergiocazzolato> <https://github.com/snapcore/snapd/pull/10227>12:21
mborzeckiehh mocking is fun `revision 0 is already the current revision`12:30
zygamardy I'm really not able to answer in detail beyond "that is not the goal", snap-confine is the entry point to the sandbox that is defined by snapd, an it can be as broad as required12:36
zygamardy including not confined at all12:36
zygait all plays with the fact that some interfaces are privileged and you cannot just use them12:36
zyga(at will that is)12:36
jdstrandmardy and zyga (see amurray): hey, I can't get into this now, but I added a comment to the PR. summary> nnp and apparmor haven't historically played well together, but that's ok wrt to snap interface policy since we have different types of interfaces that can be mediated via snap declarations (again, see the comment)12:44
ijohnsoncachio: hey does this error message mean that core-initrd needs to change the spread URL it is using for spread tests ? https://travis-ci.org/github/snapcore/core-initrd/builds/77071680214:01
cachioyes14:02
cachioijohnson, we should use the one I pasted in the notes14:02
ijohnsoncachio: do you have time to propose a PR to core-initrd fixing the problem ?14:02
cachioijohnson, sure14:02
ijohnsoncachio: awesome thank you14:02
ijohnsonthe repo is https://github.com/snapcore/core-initrd/blob/main/spread.yaml14:03
mupPR snapd#10248 closed: tests: adding support for debian 10 on gce <Simple 😃> <Created by sergiocazzolato> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10248>14:06
cachioijohnson, there is a problem14:10
cachiowe need to move to github actions14:10
ijohnsoncachio: what's the problem14:10
ijohnsoncachio: yeah I have known about that, do we need to do it in order to fix their spread tests though ?14:10
cachiootherwise no way to use the gce sa key14:11
ijohnsoncachio can you work with xnox to move them to GitHub actions then?14:12
ijohnsonOr sil2100 if xnox is not working on core-initrd anymore14:12
mardyjdstrand, zyga: thanks, it's way more clear now :-)14:39
mupPR snapd#10264 opened: config: add "virtual" config via config.RegisterVirtualConfig <Created by mvo5> <https://github.com/snapcore/snapd/pull/10264>14:46
xnoxcachio:  ijohnson: move to github actions would be welcomed. I thought at the time it was easier to do travis, hence that's what was done then.14:54
ijohnsonyeah at the time it was easier to do travis but times have changed14:54
ijohnsonsorry in a meeting right now, but will setup a private chat about migration in a little bit14:55
RzRhi I've found a minor mistake in15:34
RzRhttps://github.com/kubiko/roseapple-pi-ubuntuCore-build/pull/115:34
mupPR kubiko/roseapple-pi-ubuntuCore-build#1: docs: Append gcc to PATH env var <Created by rzr> <https://github.com/kubiko/roseapple-pi-ubuntuCore-build/pull/1>15:34
* cachio lunch16:07
pedronismborzecki: I left some comments/questions in the tasks PR16:45
mborzeckipedronis: thanks!17:30

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!