Re: Only Docker snap is allowed to use "docker" and "docker-control" interfaces?

[YC Cheng]

Hi Gustavo,

Good to hear. Let me also publish this article: [Snappy Interfaces revisit]

https://docs.google.com/document/d/1stvuyn6evk9df7s58ZSAq7g5QOV5gxmWCVqiyEuwDDs/edit?usp=sharing

Feel like the work flow in page 3 need to update after you release the new
snapd. YC

2016-12-14 10:40 GMT+08:00 Gustavo Niemeyer 
:

> Hey Peng,
>
> We've overlooked a detail in the new interface system which makes it super
> inconvenient for you to develop with that interface. We're fixing that in
> the release due to go into proposal this week.
>
> Here is the short background, if you're interested: snapd blocks the
> connection because it knows the permissions granted by that specific
> interface into your system are way too wide. So it's protecting your system
> from an unknown snap that wants to do too much. That's a great thing!
> What's bad is that this is your own snap, of course. :-)
>
> So, the release this week will allow you to say --dangerous when
> installing it (thanks to John), and snapd will ignore that issue at your
> discretion. In the future, we'll make the mechanism even nicer by allowing
> you to sign the snap, and snapd will be able to correlate the fact this is
> your system with your signature and let it go through.
>
>
> On Wed, Dec 14, 2016 at 12:05 AM, Peng Liu  wrote:
>
>> Already, in the source code (snapd/interfaces/builtin/docker_support.go),
>> I found the docker-control interface is "reserved". Does that mean
>> third-party snap can not use it?
>>
>> On Tue, Dec 13, 2016 at 8:01 PM, Peng Liu  wrote:
>>
>>> Hi Folks,
>>>
>>> I am trying to build a snap which needs the permission to access docker
>>> related system files. I can build the snap successfully with snapcraft, but
>>> when I tried to installed it, the snap command report error "installation
>>> not allowed by "support" plug rule of interface "docker-support"
>>>
>>> Does snap command disable the support for "docker" and "docker-support"
>>> interfaces for all snaps except docker snap?
>>>
>>> Thanks.
>>>
>>> Peng
>>>
>>
>>
>> --
>> Snapcraft mailing list
>> Snapcraft@lists.snapcraft.io
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailm
>> an/listinfo/snapcraft
>>
>>
>
>
> --
> gustavo @ http://niemeyer.net
>
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snapcraft
>
>
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Snapcraft's state tracking improvements

[Didier Roche]

Le 13/12/2016 à 22:57, Kyle Fazzari a écrit :
> Hey everyone.

Hey Kyle
>
> I feel it coming on... this is going to be a tome. tl;dr... snapcraft
> could be smarter than it is. But would that lead to its doing more for
> you than you want? We'd like to find out.
>
> I've spoken to a few of you individually about this, and I want to open
> this topic up for wider conversation. We have a number of bugs logged
> against snapcraft for its state tracking shortcomings. For example, a
> few of you may have run into these issues:
>
> - You add a stage package to a part in an already-built snap, and run
> `snapcraft` again. It happily says all the steps have already run, and
> generates a snap that doesn't contain your stage package.
>
> - You add (or modify) a file in the local source for a part of an
> already-built snap, and run `snapcraft` again`. It again reports that
> everything has already run, and generates a snap that doesn't contain
> your modifications.

There is another one: there is a remote source which changes. I think
snapcraft can be smarter about that and store the hash of the git/bzr
commit id, and check if new remote hash is the same or not. This is a
little bit more problematic for other kind of assets like tarballs, as
you can only create and check a checksum (if not published) after
downloading… defeating the caching purpose :)

> The point is: snapcraft is/will be smart enough to help a lot more than
> it currently does in these types of situations. The question I'm posing
> to you all is: how much do you want its help?
>
> I see four options for how to handle such situations:
>
>
> *Option 1*: Error out and make you be specific. This is the current
> behavior.
>
> *Option 2*: Automatically take care of everything. If you modify a part
> with dependencies, snapcraft will rebuild those dependencies as it sees
> fit without your needing to say so. Similarly, if you clean a part with
> dependencies, snapcraft will clean those dependencies as it sees fit
> without your needing to say so.
>
> *Option 3*: Prompt. "You've modified part A, but part B depends upon it.
> Would you like to rebuild it as well? (Y/n)" and the like.
>
> *Option 4*: Add the ability to configure this behavior between options
> 1-3. Perhaps the sensible default would be option 3.
>
>
> Our goal here is to do the least surprising thing, which is why we're
> asking for input from our users. Please let your voice be heard!

I would think a good way is always to not try to be too smart. This is
kicking back in some way in the future. I would personally go with
option 1 + a suggestion of command to run to autofix it. Instead of
prompting (option3), add an option like --auto (or --force).

This gives a sane default behavior, and let then integration tools (like
IDE integration or scripts) to use the --auto after detecting a failure.
Then, they can decide themselves to do it right away or to prompt the
user (which is harder if you implement option 3 as a CLI prompt).

Option 4 sounds dangerous to me, because there are mutiple situations
which can triggers this, and so, if you set auto as a default for
everything, you can go trigger surprising behavior for certain cases.
Here is my 2 cents




-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Only Docker snap is allowed to use "docker" and "docker-control" interfaces?

[Gustavo Niemeyer]

One detail: note that once your snap goes into the store and passes
reviews, that issue goes away. Actual users of your snap in the wild don't
have to say --dangerous.

On Wed, Dec 14, 2016 at 12:40 AM, Gustavo Niemeyer <
gustavo.nieme...@canonical.com> wrote:

> Hey Peng,
>
> We've overlooked a detail in the new interface system which makes it super
> inconvenient for you to develop with that interface. We're fixing that in
> the release due to go into proposal this week.
>
> Here is the short background, if you're interested: snapd blocks the
> connection because it knows the permissions granted by that specific
> interface into your system are way too wide. So it's protecting your system
> from an unknown snap that wants to do too much. That's a great thing!
> What's bad is that this is your own snap, of course. :-)
>
> So, the release this week will allow you to say --dangerous when
> installing it (thanks to John), and snapd will ignore that issue at your
> discretion. In the future, we'll make the mechanism even nicer by allowing
> you to sign the snap, and snapd will be able to correlate the fact this is
> your system with your signature and let it go through.
>
>
> On Wed, Dec 14, 2016 at 12:05 AM, Peng Liu  wrote:
>
>> Already, in the source code (snapd/interfaces/builtin/docker_support.go),
>> I found the docker-control interface is "reserved". Does that mean
>> third-party snap can not use it?
>>
>> On Tue, Dec 13, 2016 at 8:01 PM, Peng Liu  wrote:
>>
>>> Hi Folks,
>>>
>>> I am trying to build a snap which needs the permission to access docker
>>> related system files. I can build the snap successfully with snapcraft, but
>>> when I tried to installed it, the snap command report error "installation
>>> not allowed by "support" plug rule of interface "docker-support"
>>>
>>> Does snap command disable the support for "docker" and "docker-support"
>>> interfaces for all snaps except docker snap?
>>>
>>> Thanks.
>>>
>>> Peng
>>>
>>
>>
>> --
>> Snapcraft mailing list
>> Snapcraft@lists.snapcraft.io
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailm
>> an/listinfo/snapcraft
>>
>>
>
>
> --
> gustavo @ http://niemeyer.net
>



-- 
gustavo @ http://niemeyer.net
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Only Docker snap is allowed to use "docker" and "docker-control" interfaces?

[Gustavo Niemeyer]

Hey Peng,

We've overlooked a detail in the new interface system which makes it super
inconvenient for you to develop with that interface. We're fixing that in
the release due to go into proposal this week.

Here is the short background, if you're interested: snapd blocks the
connection because it knows the permissions granted by that specific
interface into your system are way too wide. So it's protecting your system
from an unknown snap that wants to do too much. That's a great thing!
What's bad is that this is your own snap, of course. :-)

So, the release this week will allow you to say --dangerous when installing
it (thanks to John), and snapd will ignore that issue at your discretion.
In the future, we'll make the mechanism even nicer by allowing you to sign
the snap, and snapd will be able to correlate the fact this is your system
with your signature and let it go through.


On Wed, Dec 14, 2016 at 12:05 AM, Peng Liu  wrote:

> Already, in the source code (snapd/interfaces/builtin/docker_support.go),
> I found the docker-control interface is "reserved". Does that mean
> third-party snap can not use it?
>
> On Tue, Dec 13, 2016 at 8:01 PM, Peng Liu  wrote:
>
>> Hi Folks,
>>
>> I am trying to build a snap which needs the permission to access docker
>> related system files. I can build the snap successfully with snapcraft, but
>> when I tried to installed it, the snap command report error "installation
>> not allowed by "support" plug rule of interface "docker-support"
>>
>> Does snap command disable the support for "docker" and "docker-support"
>> interfaces for all snaps except docker snap?
>>
>> Thanks.
>>
>> Peng
>>
>
>
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snapcraft
>
>


-- 
gustavo @ http://niemeyer.net
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: can't log in on ubuntu core console via sso...

[YC Cheng]

IMHO. a password only works for console but not for internet is more secure
and developer will appreciate.

2016-12-14 8:40 GMT+08:00 Mark Shuttleworth :

> On 13/12/16 19:35, Dan Kegel wrote:
> > I'm very confused.  You have SSO.  You tell people to create an SSO
> > account to use the device.  Yet SSO can't be used to log into the
> > system at the console.  ??
>
> SSH keys associated with the SSO account are pulled into the device, so
> you can SSH to it.
>
> We could enable console (as in keyboard-and-monitor-on-device) access
> too, if we want, that's what's open for discussion. There are lots of
> ways to do that, simplistically just by asking for a login password to
> be set during the device activation step that you saw. But the concern
> is that users will reuse an important password when doing so.
>
> We have 2-factor capabilities that might be useful. In general, I would
> say we are open to suggestion but mindful of the opportunity to raise
> the bar for device security.
>
> Also, we're mindful of the fact that these devices will not be used
> every day. So passwords that are unique to the device will easily be
> forgotten.
>
> All of that led us to the SSH approach that you see now. It's not a
> final position, those are just the things to think about in the discussion.
>
> Mark
>
>
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snapcraft
>
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Only Docker snap is allowed to use "docker" and "docker-control" interfaces?

[Peng Liu]

Already, in the source code (snapd/interfaces/builtin/docker_support.go), I
found the docker-control interface is "reserved". Does that mean
third-party snap can not use it?

On Tue, Dec 13, 2016 at 8:01 PM, Peng Liu  wrote:

> Hi Folks,
>
> I am trying to build a snap which needs the permission to access docker
> related system files. I can build the snap successfully with snapcraft, but
> when I tried to installed it, the snap command report error "installation
> not allowed by "support" plug rule of interface "docker-support"
>
> Does snap command disable the support for "docker" and "docker-support"
> interfaces for all snaps except docker snap?
>
> Thanks.
>
> Peng
>
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Only Docker snap is allowed to use "docker" and "docker-control" interfaces?

[Peng Liu]

Hi Folks,

I am trying to build a snap which needs the permission to access docker
related system files. I can build the snap successfully with snapcraft, but
when I tried to installed it, the snap command report error "installation
not allowed by "support" plug rule of interface "docker-support"

Does snap command disable the support for "docker" and "docker-support"
interfaces for all snaps except docker snap?

Thanks.

Peng
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: can't log in on ubuntu core console via sso...

[Dan Kegel]

It's a fine position.  It's just a little confusing for new users.
You could remedy this by adding the line

   Note: the SSO password cannot currently be used to log in at the
console; create a local user if you need that.

to the page
https://developer.ubuntu.com/en/snappy/start/
under '5. Login'.

Thanks for clarifying.
- Dan


On Tue, Dec 13, 2016 at 4:40 PM, Mark Shuttleworth  wrote:
> On 13/12/16 19:35, Dan Kegel wrote:
>> I'm very confused.  You have SSO.  You tell people to create an SSO
>> account to use the device.  Yet SSO can't be used to log into the
>> system at the console.  ??
>
> SSH keys associated with the SSO account are pulled into the device, so
> you can SSH to it.
>
> We could enable console (as in keyboard-and-monitor-on-device) access
> too, if we want, that's what's open for discussion. There are lots of
> ways to do that, simplistically just by asking for a login password to
> be set during the device activation step that you saw. But the concern
> is that users will reuse an important password when doing so.
>
> We have 2-factor capabilities that might be useful. In general, I would
> say we are open to suggestion but mindful of the opportunity to raise
> the bar for device security.
>
> Also, we're mindful of the fact that these devices will not be used
> every day. So passwords that are unique to the device will easily be
> forgotten.
>
> All of that led us to the SSH approach that you see now. It's not a
> final position, those are just the things to think about in the discussion.
>
> Mark
>
>
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io
> Modify settings or unsubscribe at: 
> https://lists.ubuntu.com/mailman/listinfo/snapcraft

-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: can't log in on ubuntu core console via sso...

[Mark Shuttleworth]

On 13/12/16 19:35, Dan Kegel wrote:
> I'm very confused.  You have SSO.  You tell people to create an SSO
> account to use the device.  Yet SSO can't be used to log into the
> system at the console.  ??

SSH keys associated with the SSO account are pulled into the device, so
you can SSH to it.

We could enable console (as in keyboard-and-monitor-on-device) access
too, if we want, that's what's open for discussion. There are lots of
ways to do that, simplistically just by asking for a login password to
be set during the device activation step that you saw. But the concern
is that users will reuse an important password when doing so.

We have 2-factor capabilities that might be useful. In general, I would
say we are open to suggestion but mindful of the opportunity to raise
the bar for device security.

Also, we're mindful of the fact that these devices will not be used
every day. So passwords that are unique to the device will easily be
forgotten.

All of that led us to the SSH approach that you see now. It's not a
final position, those are just the things to think about in the discussion.

Mark


-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: can't log in on ubuntu core console via sso...

[Luther Goh Lu Feng]

I believe SSO account is simply to host your ssh keys that can be used to login 
to the device. Perhaps better documentation will provide improved clarity.

-- Luther



On Wednesday, December 14, 2016 8:36 AM, Dan Kegel  wrote:
This is with a very freshly downloaded image,
329125916 Dec 13 12:04 ubuntu-core-16-pi3.img.xz
Linux localhost.localdomain 4.4.0-1030-raspi2 #37-Ubuntu SMP Thu Oct
20 15:06:25 UTC 2016 armv7l armv7l armv7l GNU/Linux

I'm very confused.  You have SSO.  You tell people to create an SSO
account to use the device.  Yet SSO can't be used to log into the
system at the console.  ??
- Dan

On Tue, Dec 13, 2016 at 4:22 PM, Michael Hudson-Doyle
 wrote:
> What version of core do you have? This should be clearer with the latest
> versions, you shouldn't see the login prompt until you set a password.
>
> Cheers,
> mwh
>
> sent from my phone, please excuse brevity
>
> On 14 Dec 2016 09:47, "Dan Kegel"  wrote:
>
> Trying ubuntu core on the pi3 for the first time.  Install went fine,
> and I can ssh to the box just fine,
> and I can do 'sudo snap login myemail' ok,
> but I can't log in on the console.  It doesn't seem to accept my
> launchpad userid and password :-(
>
> Is that related to
>
> http://askubuntu.com/questions/834331/16-04-ubuntu-single-sign-on-wrong-e-mail-or-password
> /
>  https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1616943 ?
>
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/snapcraft

>
>
>
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/snapcraft
>

-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: can't log in on ubuntu core console via sso...

[Luther Goh Lu Feng]

I am assuming console means the login prompt like this:


==
Ubuntu Core 16 on 192.168.0.10 (ttyO0)
localhost login:

==

I do feel that the current secure default works the best. Those who need to set 
a local password will find a way to do it since it is their requirement for 
ease of dev, etc

Enabling console login by default, imho, is more insecure, and increases 
another avenue for breaching the device. Thanks.


-- Luther 
On Wednesday, December 14, 2016 8:17 AM, Mark Shuttleworth  
wrote:




The thing that worries me is the likelihood of bad passwords being set.
We don't necessarily know what the software is on the device, and people
are likely to reuse passwords that are important to them on other
systems. So we though SSH enablement was the cleaner safer way to tty.
Happy to take feedback and in principle OK to have a local password.

Mark

-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: can't log in on ubuntu core console via sso...

[Dan Kegel]

This is with a very freshly downloaded image,
329125916 Dec 13 12:04 ubuntu-core-16-pi3.img.xz
Linux localhost.localdomain 4.4.0-1030-raspi2 #37-Ubuntu SMP Thu Oct
20 15:06:25 UTC 2016 armv7l armv7l armv7l GNU/Linux

I'm very confused.  You have SSO.  You tell people to create an SSO
account to use the device.  Yet SSO can't be used to log into the
system at the console.  ??
- Dan

On Tue, Dec 13, 2016 at 4:22 PM, Michael Hudson-Doyle
 wrote:
> What version of core do you have? This should be clearer with the latest
> versions, you shouldn't see the login prompt until you set a password.
>
> Cheers,
> mwh
>
> sent from my phone, please excuse brevity
>
> On 14 Dec 2016 09:47, "Dan Kegel"  wrote:
>
> Trying ubuntu core on the pi3 for the first time.  Install went fine,
> and I can ssh to the box just fine,
> and I can do 'sudo snap login myemail' ok,
> but I can't log in on the console.  It doesn't seem to accept my
> launchpad userid and password :-(
>
> Is that related to
>
> http://askubuntu.com/questions/834331/16-04-ubuntu-single-sign-on-wrong-e-mail-or-password
> /
>  https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1616943 ?
>
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/snapcraft
>
>
>
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/snapcraft
>

-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Snapcraft's state tracking improvements

[Seth Arnold]

On Tue, Dec 13, 2016 at 01:57:20PM -0800, Kyle Fazzari wrote:
> *Option 2*: Automatically take care of everything. If you modify a part
> with dependencies, snapcraft will rebuild those dependencies as it sees
> fit without your needing to say so. Similarly, if you clean a part with

This options feels most likely to lead to reliably reproducable results.

Thanks


signature.asc
Description: PGP signature
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: can't log in on ubuntu core console via sso...

[Michael Hudson-Doyle]

What version of core do you have? This should be clearer with the latest
versions, you shouldn't see the login prompt until you set a password.

Cheers,
mwh

sent from my phone, please excuse brevity

On 14 Dec 2016 09:47, "Dan Kegel"  wrote:

Trying ubuntu core on the pi3 for the first time.  Install went fine,
and I can ssh to the box just fine,
and I can do 'sudo snap login myemail' ok,
but I can't log in on the console.  It doesn't seem to accept my
launchpad userid and password :-(

Is that related to
 http://askubuntu.com/questions/834331/16-04-ubuntu-
single-sign-on-wrong-e-mail-or-password
/
 https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1616943 ?

--
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: https://lists.ubuntu.com/
mailman/listinfo/snapcraft
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: can't log in on ubuntu core console via sso...

[Mark Shuttleworth]

The thing that worries me is the likelihood of bad passwords being set.
We don't necessarily know what the software is on the device, and people
are likely to reuse passwords that are important to them on other
systems. So we though SSH enablement was the cleaner safer way to tty.
Happy to take feedback and in principle OK to have a local password.

Mark

-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Snapcraft's state tracking improvements

[XiaoGuo Liu]

Thanks kyle, this is really important! In a hackathon event, when the
network was bad and shared by many people, keeping cleaning the project and
rebuilding the project took a lot of time to build the whole project.
Sometime, it took a few tens minutes to get it done!

Best regards,
XiaoGuo

On Wed, Dec 14, 2016 at 5:57 AM, Kyle Fazzari 
wrote:

> Hey everyone.
>
> I feel it coming on... this is going to be a tome. tl;dr... snapcraft
> could be smarter than it is. But would that lead to its doing more for
> you than you want? We'd like to find out.
>
> I've spoken to a few of you individually about this, and I want to open
> this topic up for wider conversation. We have a number of bugs logged
> against snapcraft for its state tracking shortcomings. For example, a
> few of you may have run into these issues:
>
> - You add a stage package to a part in an already-built snap, and run
> `snapcraft` again. It happily says all the steps have already run, and
> generates a snap that doesn't contain your stage package.
>
> - You add (or modify) a file in the local source for a part of an
> already-built snap, and run `snapcraft` again`. It again reports that
> everything has already run, and generates a snap that doesn't contain
> your modifications.
>
> We used to have even more of these issues, but snapcraft has slowly been
> getting smarter about things like this. You may have noticed that v2.23
> fixed that first problem, for example. Well, sort of. Let me explain.
>
> Snapcraft's state tracking allows us to do some handy things. For
> example, as you probably know, when you run the `stage` or `prime`
> steps, you're combining files from multiple parts into a single
> directory. Thanks to state tracking, snapcraft is able to disentangle
> which files came from which part, and allow you to remove a single
> part's files using per-step cleaning.
>
> However, this is complicated by the ability to have inter-part
> dependencies (using the `after` keyword). If part A depends on part B
> and part B is being cleaned, then snapcraft knows part A needs to be
> cleaned as well. But should it go ahead and clean it for you? What if
> you were offline and part A required the internet to build? Or
> re-building part A took forever and you didn't want to just wipe it? We
> weren't sure when we implemented this ability, so we decided to be safe
> and force you to say exactly what you wanted. For example, if you simply
> said `snapcraft clean part B` we error out, saying something like "Hey
> you're trying to clean part B, but part A depends on it. If you intend
> for both to be cleaned, please say so."
>
> This same mindset can be found elsewhere:
>
> - If you change something in the YAML that makes a part out of date
> (e.g. stage packages) it tells you it's out of date and why, but doesn't
> clean/rebuild it for you.
>
> - Trying to build part A which depends on part B before B itself has
> been staged leads to "Hey, part A has unsatisfied dependencies." If you
> run `snapcraft stage A B` it'll do the right thing.
>
> - Not-yet-released features will know when local sources for a part have
> changed, and build the updates, but what should it do if that part has
> another depending upon it?
>
> The point is: snapcraft is/will be smart enough to help a lot more than
> it currently does in these types of situations. The question I'm posing
> to you all is: how much do you want its help?
>
> I see four options for how to handle such situations:
>
>
> *Option 1*: Error out and make you be specific. This is the current
> behavior.
>
> *Option 2*: Automatically take care of everything. If you modify a part
> with dependencies, snapcraft will rebuild those dependencies as it sees
> fit without your needing to say so. Similarly, if you clean a part with
> dependencies, snapcraft will clean those dependencies as it sees fit
> without your needing to say so.
>
> *Option 3*: Prompt. "You've modified part A, but part B depends upon it.
> Would you like to rebuild it as well? (Y/n)" and the like.
>
> *Option 4*: Add the ability to configure this behavior between options
> 1-3. Perhaps the sensible default would be option 3.
>
>
> Our goal here is to do the least surprising thing, which is why we're
> asking for input from our users. Please let your voice be heard!
>
> --
> Kyle Fazzari (kyrofa)
> Software Engineer
> Canonical Ltd.
> k...@canonical.com
>
>
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snapcraft
>
>


-- 
XiaoGuo, Liu
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Snapcraft 2.23 restricts dump plugin capability

[Kyle Fazzari]

Indeed, from the example it looks like you could make it work with only
the single `part-aa` plus some good use of the organize keyword along
with stage/snap to whitelist only those components.

On 12/13/2016 02:25 PM, Matthew Aguirre wrote:
> Can you do the organize in the build instead of post organizing with the
> dump?  I used to do something similar with copy, but then dump didn't do
> what I needed, so switched it up.
> 
> On Dec 13, 2016 5:21 PM, "Joe Coates"  > wrote:
> 
> My snap includes a part which has an unconventional build process
> (which I don’t control).  It builds and arranges a lot of stuff that
> I don’t need.  For a while now I have been using a second part with
> the dump plugin to pick the files I need out of the build tree of
> the first part, and create directories and files in the snap exactly
> as I need them.  The yaml goes like below.   Unfortunately this
> breaks as of snapcraft 2.23, which seems to check the dump source
> path before the first part is built, and fails.   Any suggestions as
> to how I can achieve the previous function with the current dump
> plugin ?  (Using the organize keyword in the first part does not
> seem to be able to create directories in the install tree).  
> 
> __ __
> 
> __ __
> 
>part-aa:
> 
> source: git@giteng1:part-aa
> 
> source-type: git
> 
> plugin: autotools
> 
> # Don't include anything from here in the snap (done in next part)
> 
> stage: [ "-*" ]
> 
> snap: [ "-*" ]
> 
> 
> 
> # This part just installs from the build tree of part-aa to the snap
> 
> 
>   aa-snap:
> 
> source: ./parts/part-aa/build
> 
> after: [part-aa]
> 
> plugin: dump
> 
> organize: 
> 
>   client/client: usr/bin/myclient
> 
>   other/observer: usr/bin/myobserver
> 
>   datafiles/client-1: etc/myclient/ 
> 
>   datafiles/client-2: etc/myclient/
> 
>   datafiles/observer-id: etc/myobserver/ 
> 
> snap:
> 
>   - usr/bin
> 
>   - etc
> 
> __ __
> 
> __ __
> 
> Thanks,
> 
> Joe Coates
> 
> 
> 
> 
> DISCLAIMER:
> This e-mail and any attachments to it may contain confidential and
> proprietary material and is solely for the use of the intended
> recipient. Any review, use, disclosure, distribution or copying of
> this transmittal is prohibited except by or on behalf of the
> intended recipient. If you have received this transmittal in error,
> please notify the sender and destroy this e-mail and any attachments
> and all copies, whether electronic or printed.
> 
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io 
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/snapcraft
> 
> 
> 
> 

-- 
Kyle Fazzari (kyrofa)
Software Engineer
Canonical Ltd.
k...@canonical.com



signature.asc
Description: OpenPGP digital signature
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Snapcraft 2.23 restricts dump plugin capability

[Matthew Aguirre]

Can you do the organize in the build instead of post organizing with the
dump?  I used to do something similar with copy, but then dump didn't do
what I needed, so switched it up.

On Dec 13, 2016 5:21 PM, "Joe Coates"  wrote:

> My snap includes a part which has an unconventional build process (which I
> don’t control).  It builds and arranges a lot of stuff that I don’t need.
> For a while now I have been using a second part with the dump plugin to
> pick the files I need out of the build tree of the first part, and create
> directories and files in the snap exactly as I need them.  The yaml goes
> like below.   Unfortunately this breaks as of snapcraft 2.23, which seems
> to check the dump source path before the first part is built, and fails.
> Any suggestions as to how I can achieve the previous function with the
> current dump plugin ?  (Using the organize keyword in the first part does
> not seem to be able to create directories in the install tree).
>
>
>
>
>
>part-aa:
>
> source: git@giteng1:part-aa
>
> source-type: git
>
> plugin: autotools
>
> # Don't include anything from here in the snap (done in next part)
>
> stage: [ "-*" ]
>
> snap: [ "-*" ]
>
>
>
> # This part just installs from the build tree of part-aa to the snap
>
>   aa-snap:
>
> source: ./parts/part-aa/build
>
> after: [part-aa]
>
> plugin: dump
>
> organize:
>
>   client/client: usr/bin/myclient
>
>   other/observer: usr/bin/myobserver
>
>   datafiles/client-1: etc/myclient/
>
>   datafiles/client-2: etc/myclient/
>
>   datafiles/observer-id: etc/myobserver/
>
> snap:
>
>   - usr/bin
>
>   - etc
>
>
>
>
>
> Thanks,
>
> Joe Coates
>
> --
>
> DISCLAIMER:
> This e-mail and any attachments to it may contain confidential and
> proprietary material and is solely for the use of the intended recipient.
> Any review, use, disclosure, distribution or copying of this transmittal is
> prohibited except by or on behalf of the intended recipient. If you have
> received this transmittal in error, please notify the sender and destroy
> this e-mail and any attachments and all copies, whether electronic or
> printed.
>
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snapcraft
>
>
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Snapcraft 2.23 restricts dump plugin capability

[Joe Coates]

My snap includes a part which has an unconventional build process (which I 
don't control).  It builds and arranges a lot of stuff that I don't need.  For 
a while now I have been using a second part with the dump plugin to pick the 
files I need out of the build tree of the first part, and create directories 
and files in the snap exactly as I need them.  The yaml goes like below.   
Unfortunately this breaks as of snapcraft 2.23, which seems to check the dump 
source path before the first part is built, and fails.   Any suggestions as to 
how I can achieve the previous function with the current dump plugin ?  (Using 
the organize keyword in the first part does not seem to be able to create 
directories in the install tree).


   part-aa:
source: git@giteng1:part-aa
source-type: git
plugin: autotools
# Don't include anything from here in the snap (done in next part)
stage: [ "-*" ]
snap: [ "-*" ]

# This part just installs from the build tree of part-aa to the snap
  aa-snap:
source: ./parts/part-aa/build
after: [part-aa]
plugin: dump
organize:
  client/client: usr/bin/myclient
  other/observer: usr/bin/myobserver
  datafiles/client-1: etc/myclient/
  datafiles/client-2: etc/myclient/
  datafiles/observer-id: etc/myobserver/
snap:
  - usr/bin
  - etc


Thanks,
Joe Coates



DISCLAIMER:
This e-mail and any attachments to it may contain confidential and proprietary 
material and is solely for the use of the intended recipient. Any review, use, 
disclosure, distribution or copying of this transmittal is prohibited except by 
or on behalf of the intended recipient. If you have received this transmittal 
in error, please notify the sender and destroy this e-mail and any attachments 
and all copies, whether electronic or printed.
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Snapcraft's state tracking improvements

[Kyle Fazzari]

Hey everyone.

I feel it coming on... this is going to be a tome. tl;dr... snapcraft
could be smarter than it is. But would that lead to its doing more for
you than you want? We'd like to find out.

I've spoken to a few of you individually about this, and I want to open
this topic up for wider conversation. We have a number of bugs logged
against snapcraft for its state tracking shortcomings. For example, a
few of you may have run into these issues:

- You add a stage package to a part in an already-built snap, and run
`snapcraft` again. It happily says all the steps have already run, and
generates a snap that doesn't contain your stage package.

- You add (or modify) a file in the local source for a part of an
already-built snap, and run `snapcraft` again`. It again reports that
everything has already run, and generates a snap that doesn't contain
your modifications.

We used to have even more of these issues, but snapcraft has slowly been
getting smarter about things like this. You may have noticed that v2.23
fixed that first problem, for example. Well, sort of. Let me explain.

Snapcraft's state tracking allows us to do some handy things. For
example, as you probably know, when you run the `stage` or `prime`
steps, you're combining files from multiple parts into a single
directory. Thanks to state tracking, snapcraft is able to disentangle
which files came from which part, and allow you to remove a single
part's files using per-step cleaning.

However, this is complicated by the ability to have inter-part
dependencies (using the `after` keyword). If part A depends on part B
and part B is being cleaned, then snapcraft knows part A needs to be
cleaned as well. But should it go ahead and clean it for you? What if
you were offline and part A required the internet to build? Or
re-building part A took forever and you didn't want to just wipe it? We
weren't sure when we implemented this ability, so we decided to be safe
and force you to say exactly what you wanted. For example, if you simply
said `snapcraft clean part B` we error out, saying something like "Hey
you're trying to clean part B, but part A depends on it. If you intend
for both to be cleaned, please say so."

This same mindset can be found elsewhere:

- If you change something in the YAML that makes a part out of date
(e.g. stage packages) it tells you it's out of date and why, but doesn't
clean/rebuild it for you.

- Trying to build part A which depends on part B before B itself has
been staged leads to "Hey, part A has unsatisfied dependencies." If you
run `snapcraft stage A B` it'll do the right thing.

- Not-yet-released features will know when local sources for a part have
changed, and build the updates, but what should it do if that part has
another depending upon it?

The point is: snapcraft is/will be smart enough to help a lot more than
it currently does in these types of situations. The question I'm posing
to you all is: how much do you want its help?

I see four options for how to handle such situations:


*Option 1*: Error out and make you be specific. This is the current
behavior.

*Option 2*: Automatically take care of everything. If you modify a part
with dependencies, snapcraft will rebuild those dependencies as it sees
fit without your needing to say so. Similarly, if you clean a part with
dependencies, snapcraft will clean those dependencies as it sees fit
without your needing to say so.

*Option 3*: Prompt. "You've modified part A, but part B depends upon it.
Would you like to rebuild it as well? (Y/n)" and the like.

*Option 4*: Add the ability to configure this behavior between options
1-3. Perhaps the sensible default would be option 3.


Our goal here is to do the least surprising thing, which is why we're
asking for input from our users. Please let your voice be heard!

-- 
Kyle Fazzari (kyrofa)
Software Engineer
Canonical Ltd.
k...@canonical.com



signature.asc
Description: OpenPGP digital signature
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Development environment for debs and snaps for raspberry pi 3?

[Gregory Lutostanski]

On that note... I haven't been able to get either docker nor lxd working on
my rpi2/3 anybody else been able to?
https://bugs.launchpad.net/snappy/+bug/1606510 is what I hit for lxd.
I didnt know about the classic snap, maybe that will enable me to get lxd
working, which would be my preferred choice.

--Greg


On Tue, Dec 13, 2016 at 3:31 PM, Loïc Minier  wrote:

> Hi!
>
> On Tue, Dec 13, 2016 at 8:46 PM, Dan Kegel  wrote:
>
>> 2) if one were to want to use the official snappy core ubuntu 16.04
>> for raspberry pi 3 as a development host, is there a reasonable way to
>> do that?  e.g. installing lxd on it and running an ubuntu desktop
>> environment inside lxd?
>>
>
> On top of what David Callé said about the classic snap, installing the LXD
> or Docker snaps and running snapcraft in a container would certainly work!
> I haven't tried running a full desktop and would love to hear how that
> fares  :-)
>
> Cheers,
> - Loïc Minier
>
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snapcraft
>
>
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Development environment for debs and snaps for raspberry pi 3?

[Loïc Minier]

Hi!

On Tue, Dec 13, 2016 at 8:46 PM, Dan Kegel  wrote:

> 2) if one were to want to use the official snappy core ubuntu 16.04
> for raspberry pi 3 as a development host, is there a reasonable way to
> do that?  e.g. installing lxd on it and running an ubuntu desktop
> environment inside lxd?
>

On top of what David Callé said about the classic snap, installing the LXD
or Docker snaps and running snapcraft in a container would certainly work!
I haven't tried running a full desktop and would love to hear how that
fares  :-)

Cheers,
- Loïc Minier
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: can't log in on ubuntu core console via sso...

[Dan Kegel]

So... the instructions saying to create an account on launchpad etc.
don't get you a console login, by design?  That's highly confusing,
and could stand clarifying.

On Tue, Dec 13, 2016 at 1:00 PM, Gregory Lutostanski
 wrote:
> https://developer.ubuntu.com/en/snappy/start/raspberry-pi-2/ (at the bottom
> of the page under First login tips) suggests:
> "There is no default ubuntu user on these images, but you can run sudo
> passwd  to set a password in case you need a local console
> login."
>
> A bit hard to find unless you're looking for it I agree. Hit it myself.
>
> --Greg
>
> On Tue, Dec 13, 2016 at 2:46 PM, Dan Kegel  wrote:
>>
>> Trying ubuntu core on the pi3 for the first time.  Install went fine,
>> and I can ssh to the box just fine,
>> and I can do 'sudo snap login myemail' ok,
>> but I can't log in on the console.  It doesn't seem to accept my
>> launchpad userid and password :-(
>>
>> Is that related to
>>
>> http://askubuntu.com/questions/834331/16-04-ubuntu-single-sign-on-wrong-e-mail-or-password
>> /
>>  https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1616943 ?
>>
>> --
>> Snapcraft mailing list
>> Snapcraft@lists.snapcraft.io
>> Modify settings or unsubscribe at:
>> https://lists.ubuntu.com/mailman/listinfo/snapcraft
>
>
>
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/snapcraft
>

-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: can't log in on ubuntu core console via sso...

[Gregory Lutostanski]

https://developer.ubuntu.com/en/snappy/start/raspberry-pi-2/ (at the bottom
of the page under First login tips) suggests:
"There is no default ubuntu user on these images, but you can run sudo
passwd  to set a password in case you need a local console
login."

A bit hard to find unless you're looking for it I agree. Hit it myself.

--Greg

On Tue, Dec 13, 2016 at 2:46 PM, Dan Kegel  wrote:

> Trying ubuntu core on the pi3 for the first time.  Install went fine,
> and I can ssh to the box just fine,
> and I can do 'sudo snap login myemail' ok,
> but I can't log in on the console.  It doesn't seem to accept my
> launchpad userid and password :-(
>
> Is that related to
>  http://askubuntu.com/questions/834331/16-04-ubuntu-
> single-sign-on-wrong-e-mail-or-password
> /
>  https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1616943 ?
>
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/snapcraft
>
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Development environment for debs and snaps for raspberry pi 3?

[Dan Kegel]

On Tue, Dec 13, 2016 at 11:52 AM, David Callé  wrote:
> An easy way to achieve this is to install the "classic" snap

Ah, yeah, I'd forgotten about that, thanks.
- Dan

-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

can't log in on ubuntu core console via sso...

[Dan Kegel]

Trying ubuntu core on the pi3 for the first time.  Install went fine,
and I can ssh to the box just fine,
and I can do 'sudo snap login myemail' ok,
but I can't log in on the console.  It doesn't seem to accept my
launchpad userid and password :-(

Is that related to
 
http://askubuntu.com/questions/834331/16-04-ubuntu-single-sign-on-wrong-e-mail-or-password
/
 https://bugs.launchpad.net/ubuntu/+source/gnome-software/+bug/1616943 ?

-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Error trying to access to dbus

[Jamie Strandboge]

On Tue, 2016-12-13 at 15:32 -0300, Sergio Cazzolato wrote:
> I am trying to access to dbus from a python script in my snap and I am
> getting the error dbus.exceptions.DBusException:
> org.freedesktop.DBus.Error.AccessDenied: Failed to connect to socket
> /var/run/dbus/system_bus_socket: Permission denied, it happens when I do
> bus = dbus.SystemBus(mainloop=DBusGMainLoop())
> 
> Any idea how to fix it?
> 

To unblock yourself, you can install your snap with --devmode and then you
shouldn't be blocked.

If you are trying to make your snap work in strict confinement, you need to plug
an interface that uses the system bus. If your script is trying to use a well-
known service like network-manager, you need only 'plugs: [ network-manager ]'
and then connect your snap to it with the 'snap connect' command. If you are
implementing a new system service, a new interface will need to be created for
it or you can soon try out the about-to-land 'dbus' interface[1].

[1]https://bugs.launchpad.net/snappy/+bug/1590679

-- 
Jamie Strandboge | http://www.canonical.com



signature.asc
Description: This is a digitally signed message part
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Development environment for debs and snaps for raspberry pi 3?

[David Callé]

On 13/12/2016 20:46, Dan Kegel wrote:
> Hi,
> I'm building debs and snaps for a raspberry pi 3.
> Questions:
> 1) when last I did this, https://ubuntu-pi-flavour-maker.org/ was the
> best place to get real ubuntu for the pi 3 (the one listed on the
> ubuntu wiki didn't boot reliably).  Is that still true?  What do other
> folks use?
> 2) if one were to want to use the official snappy core ubuntu 16.04
> for raspberry pi 3 as a development host, is there a reasonable way to
> do that?  e.g. installing lxd on it and running an ubuntu desktop
> environment inside lxd?

An easy way to achieve this is to install the "classic" snap [1]. It
gives you a classic ubuntu environment on top of Ubuntu Core, to install
snapcraft for example.

Here is another piece of doc [2] on this topic, not published yet, that
will be helpful in terms of dev workflow on your pi.

[1]
http://snapcraft.io/docs/build-snaps/build-for-another-arch#on-an-ubuntu-core-device
[2]
https://github.com/ubuntudesign/developer.ubuntu.com/blob/master/templates/pages/core/get-started/developer-setup.md

> 3) more simply, is there a snap for snapcraft yet (aside from whether
> that's useful)?
>
> Thanks,
> Dan
>


-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Development environment for debs and snaps for raspberry pi 3?

[Dan Kegel]

Hi,
I'm building debs and snaps for a raspberry pi 3.
Questions:
1) when last I did this, https://ubuntu-pi-flavour-maker.org/ was the
best place to get real ubuntu for the pi 3 (the one listed on the
ubuntu wiki didn't boot reliably).  Is that still true?  What do other
folks use?
2) if one were to want to use the official snappy core ubuntu 16.04
for raspberry pi 3 as a development host, is there a reasonable way to
do that?  e.g. installing lxd on it and running an ubuntu desktop
environment inside lxd?
3) more simply, is there a snap for snapcraft yet (aside from whether
that's useful)?

Thanks,
Dan

-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Error trying to access to dbus

[Sergio Cazzolato]

I am trying to access to dbus from a python script in my snap and I am
getting the error dbus.exceptions.DBusException:
org.freedesktop.DBus.Error.AccessDenied: Failed to connect to socket
/var/run/dbus/system_bus_socket: Permission denied, it happens when I do
bus = dbus.SystemBus(mainloop=DBusGMainLoop())

Any idea how to fix it?

Thanks
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Daemon: dbus examples

[Ted Gould]

On Tue, 2016-12-13 at 09:31 +1000, Michi Henning wrote:
> > In snapd 2.20 we are working to have the 'dbus' generic interface
> > in place[2]. With it you can specify the bus name (session or
> > system), the well-known name to bind to and then use interface
> > connections to connect your client to your service.
>  I take I’ll be able to specify the dbus name dynamically? We need
> this for storage service, where the client app doesn’t know a-priori
> which exact service it will be talking to. Instead, that’s determined
> by the user, who selects which cloud service they want to use (say,
> for backup). The providers for the different cloud services each use
> a different dbus name, so the actual dbus name an application needs
> to use isn’t know until runtime.
No, it shouldn't be dynamic. The point of the dbus entry is to provide
well-known names for services, it doesn't really make sense for them to
be generated. Also, I don't expect us to allow snaps to install in a
GUI-way that use that feature. Certainly if someone goes to the command
line and explicitly configures an interface, it's their device. But by
default we want to ensure that there is no information leakage about
what you have installed. We will have preinstalled snaps that have dbus
well-known names.
Ted


signature.asc
Description: This is a digitally signed message part
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Daemon: dbus examples

[Jamie Strandboge]

On Tue, 2016-12-13 at 09:31 +1000, Michi Henning wrote:
> > 
> > In snapd 2.20 we are working to have the 'dbus' generic interface in
> > place[2].
> > With it you can specify the bus name (session or system), the well-known
> > name to
> > bind to and then use interface connections to connect your client to your
> > service.
> Thanks for that Jamie!
> 
> I take I’ll be able to specify the dbus name dynamically? We need this for
> storage service, where the client app doesn’t know a-priori which exact
> service it will be talking to. Instead, that’s determined by the user, who
> selects which cloud service they want to use (say, for backup). The providers
> for the different cloud services each use a different dbus name, so the actual
> dbus name an application needs to use isn’t know until runtime.
> 
As implemented, the slot implementation picks the well-known name it is known by
and then 'snap connect' is used to connect plugging clients to the services.
Each provider would claim a well-known name and each client *could* plug and
snap connect any or all of them. Then at runtime the client could choose
whichever they want to use.

Based on your comments though, it sounds like perhaps you would want to have the
storage service plug all the known cloud providers, then expose it via its own
interface and have clients plug the storage service. Clients talk to the storage
service and the storage service mediates communicates with the cloud providers.
In this manner, the storage service only has to ever be updated to plug new
cloud providers (something it would need to do any way) and the clients never
have to be updated.

Feel free to schedule a meeting sometime with me, Tyler/Emily and Thomas Voss if
desired if you want input on the design or a design review.

> > 
> > In a future version of snapd, service activation will be supported[3] (eg,
> > for
> > session services) as well as running daemons on the session bus[4]. AIUI the
> > Ubuntu Personal folks are working on this and they have a design and the
> > implementation should start soon. Thanks!
> So, I take that we’ll be able to use this for things such as thumbnailer and
> mediascanner? I’m asking because, if so, there is no point in me trying to add
> service-specific interfaces for these to snapd.
> 

Maybe. As I see it, there are two main considerations here:

1. the entire DBus API is granted (currently) when using this particular
interface. If these service's entire DBus APIs are safe (ie, they don't violate
application isolation or grant elevated permissions), then this interface could
be appropriate for them.

2. are these services otherwise interesting enough to have their own interface
on their own?

Gustavo may have other considerations or thoughts on the matter. Do note that
the interface as implemented today (ie, without session services or activation)
is meant to allow leaf applications (eg, from GNOME or KDE) to work and talk to
each other and integrate within the user's session. We'll work with Thomas on
the activation and session service bits and then after that see how people want
to use the interface and iterate.

> Do you have a rough ETA for this? (No, I’m not going to hold you to it :-
> )  Just trying to get a feel for where things are at.)
> 
I'm told these are behind the trusty work, that the trusty work is nearing
completion and that this dbus work will start after that. I suggest asking the
Ubuntu Personal folks directly for when this might start/be completed.

-- 
Jamie Strandboge | http://www.canonical.com



signature.asc
Description: This is a digitally signed message part
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Recommended ways of installing configuration files in SNAP_USER_DATA?

[Jacek Nykis]

On 13/12/16 09:42, Stuart Bishop wrote:
>> I might be one step close to getting this to work but I was wondering what
>> is the common/recommended practice to do what I’m trying to achieve here?
> 
> 
> I used the same approach you did, and got it building locally and working (
> https://code.launchpad.net/~stub/+git/pgbouncer-snap/+ref/master , please
> steal freely if there is anything useful there ). I haven't published it
> anywhere because I thought there was a reasonable chance you would be
> looking at it :) Also, I'm holding out hope that we can run non-root
> daemons sooner rather than later since pgbouncer is another app that
> refuses to run as root. I wasn't looking forward to documenting how to
> manually install systemd service definitions :)

I also had similar problem and had to write small wrapper. If you want
one more example to look at you can find source code here:

https://git.launchpad.net/prometheus-pushgateway-snap/tree/

There is an enhancement request in launchpad where we asked for a
standard way to deploy initial config files without need for every snap
to ship with custom wrappers:

https://bugs.launchpad.net/snappy/+bug/1611287

If that would help you you can mark the bug as affecting you to let
developers know.

Regards,
Jacek Nykis




signature.asc
Description: OpenPGP digital signature
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft

Re: Recommended ways of installing configuration files in SNAP_USER_DATA?

[Stuart Bishop]

On 13 December 2016 at 02:27, Ivan Lezhnjov IV 
wrote:

> Hi,
>
> I’m working on pgbouncer snap package and as I’m new to snaps I wanted to
> ask the community what is the current preferred way to install a program’s
> configuration files that are meant to be edited by users?
>
> For example, pgbouncer has a couple of files: pgbouncer.ini and
> userlist.txt. Both normally located under /etc/pgbouncer.
>
> As users need to be able to modify various settings in pgbouncer.ini it
> has to be under $SNAP_USER_DATA/etc/pgbouncer/.
>
> I use a standalone wrapper script that initializes some filesystem paths,
> creates empty log files, etc. which is all required by pgbouncer and is
> never created by the program itself, where I essentially do this:
>
> [ -e "$CNF_DIR/pgbouncer.ini" ] || cp $SNAP/etc/pgbouncer/pgbouncer.ini
> $CNF_DIR/pgbouncer.ini
>
> As you can see I first dump pgbouncer.ini to $SNAP/etc/pgbouncer/ and then
> attempt to copy it to $CNF_DIR, which expands to
> $SNAP_USER_DATA/etc/pgbouncer.
>
> However, this doesn’t work as $SNAP/etc/pgbouncer/pgbouncer.ini is owned
> by root and when the wrapper script is run as a normal user it cannot read
> the $SNAP/etc/pgbouncer/pgbouncer.ini file (permission denied).
>

I think the only problem here is that $SNAP/etc/pgbouncer/pgbouncer.ini was
not world readable when snapped. Maybe a umask issue, or you need to
explicitly set the permissions on this template file.




> I might be one step close to getting this to work but I was wondering what
> is the common/recommended practice to do what I’m trying to achieve here?


I used the same approach you did, and got it building locally and working (
https://code.launchpad.net/~stub/+git/pgbouncer-snap/+ref/master , please
steal freely if there is anything useful there ). I haven't published it
anywhere because I thought there was a reasonable chance you would be
looking at it :) Also, I'm holding out hope that we can run non-root
daemons sooner rather than later since pgbouncer is another app that
refuses to run as root. I wasn't looking forward to documenting how to
manually install systemd service definitions :)



-- 
Stuart Bishop 
-- 
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/snapcraft