[05:38] good morning happy Monday for a change :) [05:52] hey mardy o/ [05:55] zyga: hi! [06:04] morning [06:07] mborzecki: 'morning! Let me know, when you want to discuss the cgroups issue [06:08] mardy: sure, let me set something up in the calendar [06:45] mardy: heh, i'm a muppet, added a meeting but haven't added you to it ;) [06:50] heh [06:50] mborzecki, do you want me to listen? [06:53] we seem to have some angry opensuse users on the forum, seems something broke there recently [06:54] ogra, hey :) [06:56] ogra: hey, which topic? can you share a link? [06:58] one sec [06:58] https://forum.snapcraft.io/t/telegram-desktop-stopped-to-work-in-suse-tumbleweed-glibc-error/26741 [06:59] (there was at least a second one from another person i can't find now) [07:00] ok, let me see [07:00] https://forum.snapcraft.io/t/snap-wont-open-installed-apps-after-nvidia-driver-instalation/26765 [07:00] though the second one might be an nvidia bug [07:02] morning [07:04] pstolowski, hey [07:12] good morning mvo [07:19] good mornin gzy [07:19] good morning zyga :) [07:22] PR snapd#10841 closed: interfaces/dsp: add a usb rule to the ambarella flavor <⚠ Critical>

[07:22] PR snapd#10842 closed: interfaces/apparmor/template.go: allow inspection of dbus mediation level [07:25] pstolowski: is 10737 ready? I see two +1 [07:27] PR snapd#10826 closed: cmd/libsnap-confine-private: workaround BPF memory accounting, update apparmor profile [07:27] PR snapd#10832 closed: tests: skip system-usernames-microk8s when TRUST_TEST_KEYS is false

[07:35] mvo: yes it is [07:37] mvo: failures are unrelated [07:51] ta [07:56] Bug #1945172 opened: Too many previous versions by default [08:02] Bug #1945172 changed: Too many previous versions by default [08:08] Bug #1945172 opened: Too many previous versions by default [08:25] mvo: hi! Can you please enable CI on https://github.com/snapcore/snapd/pull/10838 ? [08:25] PR #10838: Component tests [08:36] mardy: I have no idea why it's not running there tbh [08:36] mardy: I don't see anything that I can do to enable it from clicking around a bit === alan_g_ is now known as alan_g [08:52] PR snapd#10843 opened: disks: add `Size()` to disks interface [08:57] PR snapd#10843 closed: disks: add `Size()` to disks interface [09:00] fun, so building static go bianries no longer works with the usual flags with g 1.17 [09:00] or maybe that's glibc [09:00] idk [09:01] ogra: ^^ also why opensuse is broken [09:01] ouch [09:05] ogra: seems we jumped onto #1945172 at about the same time ;) [09:05] Bug #1945172: Too many previous versions by default [09:07] pstolowski, hah ! at least we didnt contradict each other 😄 [09:08] ogra: yup :) [09:24] mvo: I think it's because I'm modifying the github actions file [09:25] mvo: try to see if there's a button below, near the secion when it shows the CI results [09:27] mardy: I don't see anything there unfortunately [09:31] mvo: nevermind, I'm not working on them today anyway, I'll have a look maybe tomorrow [09:31] might be because of the merge conflicts [09:31] mardy: yeah, let's chat tomorrow [09:31] (I didn't notice them before) [09:31] nvm, seems like it was built correctly [09:36] mborzecki: so, I added a panic() in snap-run after the loop that checks for the scope creation, and the panic didn't not happen, yet our process was moved [09:36] mborzecki: I'll try to play a bit with delegation [09:37] mardy: the panic would happen if we're not moved, or we were not moved but it didn't happen? [09:43] hmm there's clone3? [09:49] mborzecki: it looks like it's looking for the 0-entry in /proc/self/cgroups [09:52] PR snapd#10844 opened: disks: add `Size(path)` helper [10:04] Sergio Schvezov: me and ian had a look at kdenlive but couldn't work out why it was using the wrong path for loading libraries (kdenlive itself is fine but supporting binaries like kdenlive_render have the problem) if you have any ideas that could be useful https://forum.snapcraft.io/t/kdenlive-cannot-render-any-projects-stuck-in-waiting/26689/4 [10:06] JonathanEsk-Ridd, you mean to ping @sergiusens i guess 🙂 [10:13] mvo: can you take a look at https://github.com/snapcore/snapd/pull/10845 ? [10:13] PR #10845: interfaces/seccomp: add clone3 to default template

[10:14] apparently something on opensuse is triggering a codepath in go/glibc that calls clone3 which isn't allowed in our default seccomp profile [10:17] PR snapd#10845 opened: interfaces/seccomp: add clone3 to default template

[10:38] zyga-mbp: can you take a look at https://build.opensuse.org/request/show/921730 ? [10:42] zyga-mbp: heh, this one 🙂 https://build.opensuse.org/request/show/921731 [10:43] Hi, I am trying to make a Preconfigured Ubuntu core image without going through the console-conf on the first boot. But when i try to do that it requires a login and a password. Is there a way to provide the snapcraft email id to the Ucore image during image flashing stage so that it can download the keys when it is connected using ethernet? [10:46] ares1028, note i pointed out some solution in #snapcraft already ... [10:46] *solutions [10:50] mborzecki: I'm now trying with these changes: https://github.com/mardy/snapd/commit/f9a9dcefad311e35288d7243b42368017e72bfa2 [10:53] These solutions are of snaps that can be added during the model assertion so that it would add a new netplan on the first boot. I dont have a store account now, so I can't use them on the first boot right? [10:53] Hi folks - I have a quick question around publishing apps with service dependencies. Say I have an (open source) app that itself relies on a bunch of other services - Samba, IPFS, etc. Should I be bundling builds of those services those _into_ my snap (along the lines of https://snapcraft.io/blog/learn-snapcraft-by-example-multi-app-client-server-snap)? Is there a dependency management mechanism I'm entirely missing? Or should I [10:53] have some sort of meta-install that installs and configures my app's Snap, plus any others (e.g. the ipfs snap)? [10:53] and I will have to install them later using --dangerous tag [10:53] I have a suspicion there's a FM somewhere that I should go and R :) [10:57] ares1028, well, you can definitely go the cloud-init route with a self-built gadget as long as you do not try to use any defaults: and connect: statements in gadget.yaml [10:57] mborzecki accepted suse PR just now [10:57] ares1028, and the USB key methid also alwayys works [10:57] zyga-mbp: thanks! [10:58] *method [10:58] was that the thing breaking opensuse that ogra mentioned? [10:58] ok , and I also have another question. Can I auto connect snap interfaces using hooks. Since I dont want to do it manually every time [10:59] I couldnt find any example regarding this [10:59] ares1028, that requires a signed gagdet ... so only if you have a brand store [10:59] ohhk thanks [11:00] mborzecki: guess what? with those changes the bug can happen too. Just in that case the PID is moved back to the scope cgroup: https://paste.ubuntu.com/p/548Bwh5TWB/ [11:00] (or alternatively you can have store declarations defining auto-connections per app snap ... which you can ask for through the store-requests category in the forum) [11:01] mardy did your theory about systemd behavior check out? [11:01] duncan_bayne, by default snaps have to be self contained ... so normally you'd ship everything your app/service needs to run ... that said, you *can* split it into multiple snaps and make use of content interfaces (so a samba fix would only update the "duncan-samba-server" snap instead of the whole thing) [11:03] (the auto-connecting of content interfaces only works if the snaps come from the same publisher or have been approved as a default provider in the stroe) [11:03] zyga-mbp: nope, I had a look at the source code, and found no confirmation. systemd seems only to move PIDS when cgroups become empty [11:04] hmm [11:04] which pids are moved when a cgroup becomes empty? [11:05] zyga-mbp: I don't remember, I didn't pay much attention, since it didn't seem to be relevant for our case [11:05] it's just seems weird, cgroup being empty means there are no more processes left [11:06] right [11:06] Hi ogra, where shoul dcloud.conf be placed when i am building gadget for Rpi4? can i place it in SNAPCRAFT_PART_INSTALL/boot-assets/ ?. Do i have to enable cloud init in gadget yaml in defaults tab? [11:07] but now I also realized that I was looking with the wrong premises; at that time it was not clear to me that we were using a scope already [11:07] ares1028, i think it should go to the toplevel dir of the final gaget ... [11:07] so I need to have a second look at the systemd code, because I disregarded all code paths involving scopes [11:08] ares1028, and the existence of the file should be enough [11:08] ok i will give it a try [11:08] no need to toggle a switch anywhere [11:12] if i have a brand store account, i should be able to do it through system user assertions rigth? [11:13] mborzecki, zyga-mbp: is it possible to tell spread to run the test on bionic, but with focal's kernel? It would help in ruling out the kernel [11:13] yes, just install the kernel in prepare [11:14] well and reboot [11:14] I've done something similar in cerberus spread tests if you remember [11:14] and somehow you need to make sure that you boot the right kernel too [11:14] yes [11:14] that's tricky [11:14] defaults will be against you [11:14] but it's all doable [11:14] zyga-mbp: I didn't look at the spread tests :-) [11:14] should I remove all other kernels? [11:15] you don't have to [11:15] actually, maybe it's simpler if I first try a newer systemd [11:17] ogra: Thanks - that's where I was headed, but wondered if I was missing something. [11:22] PR snapd#10846 opened: desktop: implement gtk notification backend and provide minimal notification api [11:24] Hi ogra, when i add cloud.conf. Can i not disable console-conf in gadget.yaml? [11:25] You mentioned that i cannot add any defaults in gadget.yaml when i add cloud.conf [11:25] ares1028, you can try ... "system" options might actually work without signing the gadget, not sure [11:34] mardy: aha, caught it https://paste.ubuntu.com/p/YcT8sngRn3/ [11:38] PR snapd#10820 closed: devicestate: use EncryptionType [11:41] mborzecki: congrats ;-) [11:43] mardy: hmm for your log, it would be useful to see stderr and SNAPD_DEBUG=1 output from snap [11:43] mborzecki: what systemd version is debian using? [11:43] mborzecki: ok [11:43] 247 [11:44] mardy: but i think there' something wrong with the test itself, https://paste.ubuntu.com/p/ZqZbDmrFRz/ we try to create a scope, but cannot as session bus is inaccessible, and proceed [11:44] mborzecki: oh, that's even newer than focal's [11:45] mardy: although I don't have a good answer about the right way proceed here [11:46] if we continue to run without it, snap device cgroup will not be set up and thus we are missing a piece of the sandbox [12:17] mborzecki: here's the output: https://paste.ubuntu.com/p/RQrdN8ZZ44/ [12:26] mardy: hmm wondering what happens with the freezer then, we also add the process to a cgroup created by s-c there [12:28] mborzecki: in my case the freezer cgroup is always /, I guess it depends on the snap? [12:28] I mean, on the interfaces used by a snap [12:43] PR snapd#10847 opened: cmd/snap-confine: attempt to catch snap processes outside of snap specific cgroup [12:47] Hi ogra, i tried adding the cloud.conf in the top layer but nothing happend. I still had to manually add my mail address. I have another question, I want to add files into /etc/modules file during image building for RPi4 gadget, do you knwo how i can do that? [12:48] I even tried usign system-files and giving access to that file to snaps, but it still didnt work [12:48] i editied /etc/hosts the same way but that works [12:56] mborzecki: I think you are right, about that JobRemoved signal [12:56] mborzecki: at least I see that if instead of that loop, I do a sleep of 1 second, my test never fails [12:57] mborzecki: but waiting for the signal would considerably delay our startup... [13:08] PR snapd#10833 closed: tests: fix error trying to create the extra-snaps dir which already exists [13:12] ares0128, you would need to build your own kernel snap [13:14] ohh...i have never done that [14:04] mborzecki: weird... so, I can clearly see (with busctl) that I'm passing the right Delegate params to StartTransientUnit, but then, if I run "systemctl show .scope", I see that it has "Delegate=no" [14:07] mvo: can you merge https://github.com/snapcore/snapd/pull/10812 please? [14:07] PR #10812: o/ifacestate: don't fail remove if disconnect hook fails [14:08] hey zyga-mbp would you mind moving our chat about MS_SHARED to Wednesday same time ? some stuff has come up today that is a bit more pressing to deal with [14:12] miguelpires: sure [14:13] PR snapd#10812 closed: o/ifacestate: don't fail remove if disconnect hook fails [14:14] ty [14:27] mborzecki: nevermind, my mistake: I was missing the `--user` option in the `systemctl show` command :-) [14:36] mvo: can you merge https://github.com/snapcore/snapd/pull/10737 ? [14:36] PR #10737: o/snapstate: validation sets enforcing on update

[15:58] pstolowski: sure [15:58] PR snapd#10737 closed: o/snapstate: validation sets enforcing on update

[16:01] * cachio_ lunch [16:04] ty [16:39] PR snapd#10848 opened: interfaces/u2f-devices: add GoTrust Idem Key (https://launchpad.net/bugs/1945182) [17:14] PR snapd#10849 opened: o/snapstate: prevent install hang if prereq install fails [18:04] PR snapd#10850 opened: o/snapstate: improve install/update tests [18:14] PR snapd#10851 opened: many: support "device-setup"/"device-unlock" hooks <⛔ Blocked> [22:35] PR snapd#10852 opened: osutil/disks: add DiskFromDevicePath, other misc changes