[05:38] <zyga> good morning happy Monday for a change :)
[05:52] <zyga> hey mardy o/
[05:55] <mardy> zyga: hi!
[06:04] <mborzecki> morning
[06:07] <mardy> mborzecki: 'morning! Let me know, when you want to discuss the cgroups issue
[06:08] <mborzecki> mardy: sure, let me set something up in the calendar
[06:45] <mborzecki> mardy: heh, i'm a muppet, added a meeting but haven't added you to it ;)
[06:50] <zyga> heh
[06:50] <zyga> mborzecki, do you want me to listen?
[06:53] <ogra> we seem to have some angry opensuse users on the forum, seems something broke there recently 
[06:54] <zyga> ogra, hey :)
[06:56] <mborzecki> ogra: hey, which topic? can you share a link?
[06:58] <ogra> one sec
[06:58] <ogra> https://forum.snapcraft.io/t/telegram-desktop-stopped-to-work-in-suse-tumbleweed-glibc-error/26741
[06:59] <ogra> (there was at least a second one from another person i can't find now)
[07:00] <mborzecki> ok, let me see
[07:00] <ogra> https://forum.snapcraft.io/t/snap-wont-open-installed-apps-after-nvidia-driver-instalation/26765
[07:00] <ogra> though the second one might be an nvidia bug
[07:02] <pstolowski> morning
[07:04] <zyga> pstolowski, hey
[07:12] <zyga> good morning mvo 
[07:19] <mvo> good mornin gzy
[07:19] <mvo> good morning zyga :)
[07:22] <mup> PR snapd#10841 closed: interfaces/dsp: add a usb rule to the ambarella flavor <⚠ Critical> <Simple 😃> <cherry-picked> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10841>
[07:22] <mup> PR snapd#10842 closed: interfaces/apparmor/template.go: allow inspection of dbus mediation level <Simple 😃> <Created by anonymouse64> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10842>
[07:25] <mvo> pstolowski: is 10737 ready? I see two +1 
[07:27] <mup> PR snapd#10826 closed: cmd/libsnap-confine-private: workaround BPF memory accounting, update apparmor profile <cgroupv2-impish> <Created by bboozzoo> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10826>
[07:27] <mup> PR snapd#10832 closed: tests: skip system-usernames-microk8s when TRUST_TEST_KEYS is false <Simple 😃> <cherry-picked> <Created by sergiocazzolato> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10832>
[07:35] <pstolowski> mvo: yes it is
[07:37] <pstolowski> mvo: failures are unrelated
[07:51] <mvo> ta
[07:56] <mup> Bug #1945172 opened: Too many previous versions by default <Snappy:New> <https://launchpad.net/bugs/1945172>
[08:02] <mup> Bug #1945172 changed: Too many previous versions by default <Snappy:New> <https://launchpad.net/bugs/1945172>
[08:08] <mup> Bug #1945172 opened: Too many previous versions by default <Snappy:New> <https://launchpad.net/bugs/1945172>
[08:25] <mardy> mvo: hi! Can you please enable CI on https://github.com/snapcore/snapd/pull/10838 ?
[08:25] <mup> PR #10838: Component tests <Created by mardy> <https://github.com/snapcore/snapd/pull/10838>
[08:36] <mvo> mardy: I have no idea why it's not running there tbh
[08:36] <mvo> mardy: I don't see anything that I can do to enable it from clicking around a bit
[08:52] <mup> PR snapd#10843 opened: disks: add `Size()` to disks interface <Skip spread> <Created by mvo5> <https://github.com/snapcore/snapd/pull/10843>
[08:57] <mup> PR snapd#10843 closed: disks: add `Size()` to disks interface <Skip spread> <Created by mvo5> <Closed by mvo5> <https://github.com/snapcore/snapd/pull/10843>
[09:00] <mborzecki> fun, so building static go bianries no longer works with the usual flags with g 1.17
[09:00] <mborzecki> or maybe that's glibc
[09:00] <mborzecki> idk
[09:01] <mborzecki> ogra: ^^ also why opensuse is broken
[09:01] <ogra> ouch
[09:05] <pstolowski> ogra: seems we jumped onto #1945172 at about the same time ;)
[09:05] <mup> Bug #1945172: Too many previous versions by default <Snappy:Triaged> <https://launchpad.net/bugs/1945172>
[09:07] <ogra> pstolowski, hah ! at least we didnt contradict each other 😄
[09:08] <pstolowski> ogra: yup :)
[09:24] <mardy> mvo: I think it's because I'm modifying the github actions file
[09:25] <mardy> mvo: try to see if there's a button below, near the secion when it shows the CI results
[09:27] <mvo> mardy: I don't see anything there unfortunately
[09:31] <mardy> mvo: nevermind, I'm not working on them today anyway, I'll have a look maybe tomorrow
[09:31] <mardy> might be because of the merge conflicts
[09:31] <mvo> mardy: yeah, let's chat tomorrow
[09:31] <mardy> (I didn't notice them before)
[09:31] <mborzecki> nvm, seems like it was built correctly
[09:36] <mardy> mborzecki: so, I added a panic() in snap-run after the loop that checks for the scope creation, and the panic didn't not happen, yet our process was moved
[09:36] <mardy> mborzecki: I'll try to play a bit with delegation
[09:37] <mborzecki> mardy: the panic would happen if we're not moved, or we were not moved but it didn't happen?
[09:43] <mborzecki> hmm there's clone3?
[09:49] <mardy> mborzecki: it looks like it's looking for the 0-entry in /proc/self/cgroups
[09:52] <mup> PR snapd#10844 opened: disks: add `Size(path)` helper <Created by mvo5> <https://github.com/snapcore/snapd/pull/10844>
[10:04] <JonathanEsk-Ridd> Sergio Schvezov: me and ian had a look at kdenlive but couldn't work out why it was using the wrong path for loading libraries (kdenlive itself is fine but supporting binaries like kdenlive_render have the problem) if you have any ideas that could be useful https://forum.snapcraft.io/t/kdenlive-cannot-render-any-projects-stuck-in-waiting/26689/4
[10:06] <ogra> JonathanEsk-Ridd, you mean to ping @sergiusens i guess 🙂
[10:13] <mborzecki> mvo: can you take a look at https://github.com/snapcore/snapd/pull/10845 ?
[10:13] <mup> PR #10845: interfaces/seccomp: add clone3 to default template <Simple 😃> <Security-High> <Needs security review> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/10845>
[10:14] <mborzecki> apparently something on opensuse is triggering a codepath in go/glibc that calls clone3 which isn't allowed in our default seccomp profile
[10:17] <mup> PR snapd#10845 opened: interfaces/seccomp: add clone3 to default template <Simple 😃> <Security-High> <Needs security review> <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/10845>
[10:38] <mborzecki> zyga-mbp: can you take a look at https://build.opensuse.org/request/show/921730 ?
[10:42] <mborzecki> zyga-mbp: heh, this one 🙂 https://build.opensuse.org/request/show/921731
[10:43] <ares1028> Hi, I am trying to make a Preconfigured Ubuntu core image without going through the console-conf on the first boot. But when i try to do that it requires a login and a password. Is there a way to provide the snapcraft email id to the Ucore image during image flashing stage so that it can download the keys when it is connected using ethernet?
[10:46] <ogra> ares1028, note i pointed out some solution in #snapcraft already ... 
[10:46] <ogra> *solutions
[10:50] <mardy> mborzecki: I'm now trying with these changes: https://github.com/mardy/snapd/commit/f9a9dcefad311e35288d7243b42368017e72bfa2
[10:53] <ares1028> These solutions are of snaps that can be added during the model assertion so that it would add a new netplan on the first boot. I dont have a store account now, so I can't use them on the first boot right?
[10:53] <duncan_bayne> Hi folks - I have a quick question around publishing apps with service dependencies.  Say I have an (open source) app that itself relies on a bunch of other services - Samba, IPFS, etc.  Should I be bundling builds of those services those _into_ my snap (along the lines of https://snapcraft.io/blog/learn-snapcraft-by-example-multi-app-client-server-snap)?  Is there a dependency management mechanism I'm entirely missing?  Or should I
[10:53] <duncan_bayne> have some sort of meta-install that installs and configures my app's Snap, plus any others (e.g. the ipfs snap)?
[10:53] <ares1028> and I will have to install them later using --dangerous tag
[10:53] <duncan_bayne> I have a suspicion there's a FM somewhere that I should go and R :)
[10:57] <ogra> ares1028, well, you can definitely go the cloud-init route with a self-built gadget as long as you do not try to use any defaults: and connect: statements in gadget.yaml
[10:57] <zyga-mbp> mborzecki accepted suse PR just now
[10:57] <ogra> ares1028, and the USB key methid also alwayys works 
[10:57] <mborzecki> zyga-mbp: thanks!
[10:58] <ogra> *method
[10:58] <zyga-mbp> was that the thing breaking opensuse that ogra mentioned?
[10:58] <ares1028> ok , and I also have another question. Can I auto connect snap interfaces using hooks. Since I dont want to do it manually every time
[10:59] <ares1028> I couldnt find any example regarding this
[10:59] <ogra> ares1028, that requires a signed gagdet ... so only if you have a brand store
[10:59] <ares1028> ohhk thanks
[11:00] <mardy> mborzecki: guess what? with those changes the bug can happen too. Just in that case the PID is moved back to the scope cgroup: https://paste.ubuntu.com/p/548Bwh5TWB/
[11:00] <ogra> (or alternatively you can have store declarations defining auto-connections per app snap ... which you can ask for through the store-requests category in the forum)
[11:01] <zyga-mbp> mardy did your theory about systemd behavior check out?
[11:01] <ogra> duncan_bayne, by default snaps have to be self contained ... so normally you'd ship everything your app/service needs to run ... that said, you *can* split it into multiple snaps and make use of content interfaces (so a samba fix would only update the "duncan-samba-server" snap instead of the whole thing)
[11:03] <ogra> (the auto-connecting of content interfaces only works if the snaps come from the same publisher or have been approved as a default provider in the stroe)
[11:03] <mardy> zyga-mbp: nope, I had a look at the source code, and found no confirmation. systemd seems only to move PIDS when cgroups become empty
[11:04] <zyga-mbp> hmm
[11:04] <zyga-mbp> which pids are moved when a cgroup becomes empty?
[11:05] <mardy> zyga-mbp: I don't remember, I didn't pay much attention, since it didn't seem to be relevant for our case
[11:05] <zyga-mbp> it's just seems weird, cgroup being empty means there are no more processes left
[11:06] <mardy> right
[11:06] <ares1028> Hi ogra, where shoul dcloud.conf be placed when i am building gadget for Rpi4? can i place it in SNAPCRAFT_PART_INSTALL/boot-assets/  ?. Do i have to enable cloud init in gadget yaml in defaults tab?
[11:07] <mardy> but now I also realized that I was looking with the wrong premises; at that time it was not clear to me that we were using a scope already
[11:07] <ogra> ares1028, i think it should go to the toplevel dir of the final gaget ...
[11:07] <mardy> so I need to have a second look at the systemd code, because I disregarded all code paths involving scopes
[11:08] <ogra> ares1028, and the existence of the file should be enough
[11:08] <ares1028> ok i will give it a try
[11:08] <ogra> no need to toggle a switch anywhere
[11:12] <ares1028> if i have a brand store account, i should be able to do it through system user assertions rigth?
[11:13] <mardy> mborzecki, zyga-mbp: is it possible to tell spread to run the test on bionic, but with focal's kernel? It would help in ruling out the kernel
[11:13] <zyga-mbp> yes, just install the kernel in prepare
[11:14] <mborzecki> well and reboot
[11:14] <zyga-mbp> I've done something similar in cerberus spread tests if you remember
[11:14] <mborzecki> and somehow you need to make sure that you boot the right kernel too
[11:14] <zyga-mbp> yes
[11:14] <zyga-mbp> that's tricky
[11:14] <zyga-mbp> defaults will be against you
[11:14] <zyga-mbp> but it's all doable
[11:14] <mardy> zyga-mbp: I didn't look at the spread tests :-)
[11:14] <mardy> should I remove all other kernels?
[11:15] <zyga-mbp> you don't have to
[11:15] <mardy> actually, maybe it's simpler if I first try a newer systemd
[11:17] <duncan_bayne> ogra: Thanks - that's where I was headed, but wondered if I was missing something.  
[11:22] <mup> PR snapd#10846 opened: desktop: implement gtk notification backend and provide minimal notification api <Created by stolowski> <https://github.com/snapcore/snapd/pull/10846>
[11:24] <ares1028> Hi ogra, when i add cloud.conf. Can i not disable console-conf in gadget.yaml?
[11:25] <ares1028> You mentioned that i cannot add any defaults in gadget.yaml when i add cloud.conf
[11:25] <ogra> ares1028, you can try ... "system" options might actually work without signing the gadget, not sure
[11:34] <mborzecki> mardy: aha, caught it https://paste.ubuntu.com/p/YcT8sngRn3/
[11:38] <mup> PR snapd#10820 closed: devicestate: use EncryptionType <Run nested> <Created by mvo5> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10820>
[11:41] <mardy> mborzecki: congrats ;-)
[11:43] <mborzecki> mardy: hmm for your log, it would be useful to see stderr and SNAPD_DEBUG=1 output from snap
[11:43] <mardy> mborzecki: what systemd version is debian using?
[11:43] <mardy> mborzecki: ok
[11:43] <mborzecki> 247
[11:44] <mborzecki> mardy: but i think there' something wrong with the test itself, https://paste.ubuntu.com/p/ZqZbDmrFRz/ we try to create a scope, but cannot as session bus is inaccessible, and proceed
[11:44] <mardy> mborzecki: oh, that's even newer than focal's
[11:45] <mborzecki> mardy: although I don't have a good answer about the right way proceed here
[11:46] <mborzecki> if we continue to run without it, snap device cgroup will not be set up and thus we are missing a piece of the sandbox
[12:17] <mardy> mborzecki: here's the output: https://paste.ubuntu.com/p/RQrdN8ZZ44/
[12:26] <mborzecki> mardy: hmm wondering what happens with the freezer then, we also add the process to a cgroup created by s-c there
[12:28] <mardy> mborzecki: in my case the freezer cgroup is always /, I guess it depends on the snap?
[12:28] <mardy> I mean, on the interfaces used by a snap
[12:43] <mup> PR snapd#10847 opened: cmd/snap-confine: attempt to catch snap processes outside of snap specific cgroup <Created by bboozzoo> <https://github.com/snapcore/snapd/pull/10847>
[12:47] <ares0128> Hi ogra, i tried adding the cloud.conf in the top layer but nothing happend. I still had to manually add my mail address. I have another question, I want to add files into /etc/modules file during image building for RPi4 gadget, do you knwo how i can do that?
[12:48] <ares0128> I even tried usign system-files and giving access to that file to snaps, but it still didnt work
[12:48] <ares0128> i editied /etc/hosts the same way but that works
[12:56] <mardy> mborzecki: I think you are right, about that JobRemoved signal
[12:56] <mardy> mborzecki: at least I see that if instead of that loop, I do a sleep of 1 second, my test never fails
[12:57] <mardy> mborzecki: but waiting for the signal would considerably delay our startup...
[13:08] <mup> PR snapd#10833 closed: tests: fix error trying to create the extra-snaps dir which already exists <Simple 😃> <Run nested> <Created by sergiocazzolato> <Merged by sergiocazzolato> <https://github.com/snapcore/snapd/pull/10833>
[13:12] <ogra> ares0128, you would need to build your own kernel snap 
[13:14] <ares0128> ohh...i have never done that
[14:04] <mardy> mborzecki: weird... so, I can clearly see (with busctl) that I'm passing the right Delegate params to StartTransientUnit, but then, if I run "systemctl show <snap>.scope", I see that it has "Delegate=no"
[14:07] <miguelpires> mvo: can you merge https://github.com/snapcore/snapd/pull/10812 please?
[14:07] <mup> PR #10812: o/ifacestate: don't fail remove if disconnect hook fails <Created by MiguelPires> <https://github.com/snapcore/snapd/pull/10812>
[14:08] <ijohnson[m]> hey zyga-mbp would you mind moving our chat about MS_SHARED to Wednesday same time ? some stuff has come up today that is a bit more pressing to deal with
[14:12] <mvo> miguelpires: sure
[14:13] <mup> PR snapd#10812 closed: o/ifacestate: don't fail remove if disconnect hook fails <Created by MiguelPires> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10812>
[14:14] <miguelpires> ty
[14:27] <mardy> mborzecki: nevermind, my mistake: I was missing the `--user` option in the `systemctl show` command :-)
[14:36] <pstolowski> mvo:  can you merge https://github.com/snapcore/snapd/pull/10737 ?
[14:36] <mup> PR #10737: o/snapstate: validation sets enforcing on update <Needs Samuele review> <validation-sets :white_check_mark:> <Created by stolowski> <https://github.com/snapcore/snapd/pull/10737>
[15:58] <mvo> pstolowski: sure
[15:58] <mup> PR snapd#10737 closed: o/snapstate: validation sets enforcing on update <Needs Samuele review> <validation-sets :white_check_mark:> <Created by stolowski> <Merged by mvo5> <https://github.com/snapcore/snapd/pull/10737>
[16:01]  * cachio_ lunch
[16:04] <pstolowski> ty
[16:39] <mup> PR snapd#10848 opened: interfaces/u2f-devices: add GoTrust Idem Key (https://launchpad.net/bugs/1945182) <Created by oSoMoN> <https://github.com/snapcore/snapd/pull/10848>
[17:14] <mup> PR snapd#10849 opened: o/snapstate: prevent install hang if prereq install fails <Created by MiguelPires> <https://github.com/snapcore/snapd/pull/10849>
[18:04] <mup> PR snapd#10850 opened: o/snapstate: improve install/update tests <Created by MiguelPires> <https://github.com/snapcore/snapd/pull/10850>
[18:14] <mup> PR snapd#10851 opened: many: support "device-setup"/"device-unlock" hooks <⛔ Blocked> <Run nested> <Created by mvo5> <https://github.com/snapcore/snapd/pull/10851>
[22:35] <mup> PR snapd#10852 opened: osutil/disks: add DiskFromDevicePath, other misc changes <Simple 😃> <UC20> <Created by anonymouse64> <https://github.com/snapcore/snapd/pull/10852>