Re: Advice for non connected ubuntu-core/snap update scenario
On 01/03/17 15:32, Thibault Jochem wrote: > I'm studying the possibility tu use ubuntu-core and snaps as base OS / > app framework for embedded computers with no access to internet. Yes, we will explicitly support this scenario, and there is quite a lot of deep design and engineering work already in place to do so. > We can connect to those systems with a maintenance laptop, and I was > thinking that this laptop could host a snapd server to push the > updates once connected. > > Is it a good idea or is there a better way to handle such scenario ? In a few releases, you should be able to connect a USB stick to the device and have it detect the updates, verify signatures on all the files, and apply them. No need for an internet connection or maintenance laptop. Presenting the updates by USB stick or other attached storage will be exactly the same as connecting to the store. Since every update is signed, a machine can determine that the updates are valid without being online. The core structure to support this is designed into snapd and already exists, but we haven't prioritised all of the details (things like the CLI to trigger the update scan). I expect this will be available during the course of the year, is that soon enough for your device? If the timing of your device is sensitive then feel free to follow-up off-list. Mark -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
Re: detect video player
On Thu, Mar 02, 2017 at 08:02:53AM +0300, Vasilisc wrote: > For example, > vlc come from snap package (location /snap/vlc/current/...), > smplayer - from deb package (location /usr/bin/smplayer). > > How to find available a video players in host system? Can you trust the PATH to be useful and just blindly call execlp() with the names of the players you support, each in turn, until you succeed or fail? Thanks signature.asc Description: PGP signature -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
Re: detect video player
02.03.2017 03:31, Leo Arias пишет: So, you want to know from the application itself if it's being run from inside a snap, or not? The program (in snap) needs to find a videoplayers in system. For example, vlc come from snap package (location /snap/vlc/current/...), smplayer - from deb package (location /usr/bin/smplayer). How to find available a video players in host system? I don't know if we have something for that, but it certainly seems to be useful. You could check if some of the environment variables are set, but well, of course that can be cheated by exporting the var before running the application. ubuntu@juju-07fb34-remote-devel-0:~$ echo $SNAP ubuntu@juju-07fb34-remote-devel-0:~$ snap run --shell ipfs ubuntu@juju-07fb34-remote-devel-0:/home/ubuntu$ echo $SNAP /snap/ipfs/x1 -- Best regards, vasilisc -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
Re: Reading /etc
I don't have an answer for you, but wanted to add some color to the
problem. The issue lies within a dependency of the latest version of pip.
Previously they vendored in a small library to do rudimentary distribution
checking. In later versions, they've included the nir0s/distro python
package, which does more aggressive checks against things like /etc and is
hard coded.
I submitted a patch to the distro repo
https://github.com/nir0s/distro/issues/149 and it's landed, but it needs
to be pulled into pip and release. Once that's done, UNIXCONFDIR
environment variable could be used to override where to find `/etc`. For my
snap, I ended up moving to classic confinement as it fit better with the
tool (a system utility).
Marco
On Wed, Mar 1, 2017 at 9:07 PM Facundo Batista <
facundo.bati...@canonical.com> wrote:
> Hola!
>
> When calling pip from inside a snap, it (while investigating the system
> it's in) tries to os.listdir("/etc") which is
> denied to it:
>
> Mar 1 15:44:04 tanquita kernel: [16153.906524] audit: type=1400
> audit(1488393844.939:99): apparmor="DENIED"
> operation="open" namespace="root//lxd-fadestest_"
> profile="snap.fades.fades" name="/etc/"
> pid=10606 comm="python" requested_mask="r" denied_mask="r"
> fsuid=165536 ouid=165536
>
> Which interface should I add to the snap for it to have read only access
> to /etc?
>
> Thanks!
>
> --
> . Facundo
> .
> Canonical - Online Services
>
> --
> Snapcraft mailing list
> Snapcraft@lists.snapcraft.io
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/snapcraft
>
--
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/snapcraft
Reading /etc
Hola!
When calling pip from inside a snap, it (while investigating the system it's
in) tries to os.listdir("/etc") which is
denied to it:
Mar 1 15:44:04 tanquita kernel: [16153.906524] audit: type=1400
audit(1488393844.939:99): apparmor="DENIED"
operation="open" namespace="root//lxd-fadestest_"
profile="snap.fades.fades" name="/etc/"
pid=10606 comm="python" requested_mask="r" denied_mask="r" fsuid=165536
ouid=165536
Which interface should I add to the snap for it to have read only access to
/etc?
Thanks!
--
. Facundo
.
Canonical - Online Services
--
Snapcraft mailing list
Snapcraft@lists.snapcraft.io
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/snapcraft
Re: Creating and running tests for a snapcraft plugin
Hello! Thanks for working on a new plugin. On Thu, Feb 23, 2017 at 5:13 PM, Joseph Rushton Wakeling wrote: > Is there a simple way to run the tests for a single plugin, rather than the > whole body of tests? The snapcraft HACKING.md doesn't offer any advice on > this point. To run all the tests related to python, for example, you can do something like this: ./runtests.sh unit *python* ./runtests.sh integration *python* That filter is by file name. You can do fancier things with python's discovery: https://docs.python.org/3.5/library/unittest.html#unittest-test-discovery pura vida. -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
Re: detect video player
So, you want to know from the application itself if it's being run from inside a snap, or not? I don't know if we have something for that, but it certainly seems to be useful. You could check if some of the environment variables are set, but well, of course that can be cheated by exporting the var before running the application. ubuntu@juju-07fb34-remote-devel-0:~$ echo $SNAP ubuntu@juju-07fb34-remote-devel-0:~$ snap run --shell ipfs ubuntu@juju-07fb34-remote-devel-0:/home/ubuntu$ echo $SNAP /snap/ipfs/x1 -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
Re: revoke a gpg key for signing assertions
Hello! Thanks for your report. Can you please report that as a bug? https://bugs.launchpad.net/snapstore -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
Using docker image to run snapd
Hi there, I've been struggling to get an Ubuntu 16.04 based docker image to run `snapd` - TL;DR I now know it is because systemd is not running in the image. As per Geoffroy VanCutsem's message here (https://lists.ubuntu.com/archives/snapcraft/2017-February/003013.html) I can see that one alternative might be to... > start my daemons/services outside of systemd, from a simple script invoked by > CMD in my Dockerfile. Could someone point me at a list of services that need to be running to be able to make a `snap install`? And / or any guidance on the commands required to run those services? If anyone is interested in the error that I'm getting it's like this, in a clean `rastasheep/ubuntu-sshd:16.04` instance where I've sshed in as root: root@be16d952b015:~# apt-get install -y snapd Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: apparmor busybox-initramfs cpio initramfs-tools initramfs-tools-bin initramfs-tools-core klibc-utils kmod libapparmor-perl libklibc liblzo2-2 linux-base snap-confine squashfs-tools udev ... Processing triggers for systemd (229-4ubuntu16) ... Processing triggers for libc-bin (2.23-0ubuntu5) ... Processing triggers for initramfs-tools (0.122ubuntu8.8) ... root@be16d952b015:~# snap install hello-world 2017/03/01 20:37:40.864580 main.go:220: WARNING: cannot create syslog logger error: cannot communicate with server: Post http://localhost/v2/snaps/hello-world: dial unix /run/snapd-snap.socket: connect: no such file or directory This appears to be the same error as asked about here: http://askubuntu.com/questions/849859/error-when-trying-to-run-snap-install-from-ubuntu-on-docker (that's me in the comments). Thanks, James -- James Cooke Backend software developer CV PDF: http://jamescooke.info/docs/james_cooke_cv.pdf Website: http://jamescooke.info/ -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
Re: snapcraft 2.27 has been released
On 02/28/2017 05:51 AM, Roberto Mier Escandón wrote: > Hey guys, > > Couldn't we have environment property pointing also to a file script as > in the case of scriptlets. In the case of needing to set a bunch of > things before launching app I'd prefer having it in that way. That's a question for the snapd folks (as that's where the `environment` feature is actually implemented). I will say that running a script before running the app is not quite the same as defining environment variables since a script can do whatever it wants (it may have nothing to do with the environment). In my opinion, a keyword called `environment` is probably not the best place for such a feature. -- Kyle Fazzari (kyrofa) Software Engineer Canonical Ltd. k...@canonical.com signature.asc Description: OpenPGP digital signature -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
revoke a gpg key for signing assertions
Hi, I hit a problem with key registration e deregistration workflow. I registered a key for my first assertion, then I received a mail from Ubuntu store with the command able to remove a gpg key from backend: snapcraft revoke-key name_of_key This command don't work and produces the following output: snapcraft revoke-key name_of_key Usage: snapcraft [options] [--enable-geoip --no-parallel-build] snapcraft [options] init snapcraft [options] pull [ ...] [--enable-geoip] snapcraft [options] build [ ...] [--no-parallel-build] snapcraft [options] stage [ ...] snapcraft [options] prime [ ...] snapcraft [options] strip [ ...] snapcraft [options] clean [ ...] [--step ] snapcraft [options] snap [ --output ] snapcraft [options] cleanbuild [--remote=] snapcraft [options] login snapcraft [options] logout snapcraft [options] list-registered snapcraft [options] registered snapcraft [options] list-keys snapcraft [options] keys snapcraft [options] create-key [] snapcraft [options] register-key [] snapcraft [options] register [--private] snapcraft [options] sign-build [--key-name=] [--local] snapcraft [options] upload snapcraft [options] push [--release ] snapcraft [options] release snapcraft [options] status [--series=] [--arch=] snapcraft [options] history [--series=] [--arch=] snapcraft [options] close ... snapcraft [options] list-plugins snapcraft [options] plugins snapcraft [options] tour [] snapcraft [options] update snapcraft [options] gated snapcraft [options] validate ... [--key-name=] snapcraft [options] define snapcraft [options] search [ ...] snapcraft [options] enable-ci [] [--refresh] snapcraft [options] help (topics | | ) [--devel] snapcraft (-h | --help) snapcraft --version Snapcraft Launchpad page don't show any bug about this problem. My question: revoke-key function is implemented? Nicolino -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
Advice for non connected ubuntu-core/snap update scenario
Hello, I'm studying the possibility tu use ubuntu-core and snaps as base OS / app framework for embedded computers with no access to internet. We can connect to those systems with a maintenance laptop, and I was thinking that this laptop could host a snapd server to push the updates once connected. Is it a good idea or is there a better way to handle such scenario ? Best regards, -- Thibault Jochem Software Engineer -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
Re: HOWTO: How to snap timg (text image viewer)
On Wed, 2017-03-01 at 21:11 +1000, Michi Henning wrote: > > > > > > That's not true. When a command or daemon in a strict mode snap gets > > executed, it runs in a different mount namespace where the file system > > root is the contents of the "core" snap. You can verify this by > > executing the following: > > > > snap run --shell command_name > > > > .. and use that shell to inspect the file system as seen by that > > particular command. > Ah, OK, I stand corrected. I was probably running in devmode when I picked up > system libs. > To be clear, wrt the mount namespace, devmode and strict mode are identical. Perhaps you were working with classic confinement where the mount namespace is not setup. -- Jamie Strandboge | http://www.canonical.com signature.asc Description: This is a digitally signed message part -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
Re: HOWTO: How to snap timg (text image viewer)
> > That's not true. When a command or daemon in a strict mode snap gets > executed, it runs in a different mount namespace where the file system > root is the contents of the "core" snap. You can verify this by > executing the following: > >snap run --shell command_name > > .. and use that shell to inspect the file system as seen by that > particular command. Ah, OK, I stand corrected. I was probably running in devmode when I picked up system libs. Michi. -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
Re: HOWTO: How to snap timg (text image viewer)
On 1 March 2017 at 07:13, Michi Henning wrote: > >> Upon further thinking, I believe that I did not have to use a fresh >> LXD container, because the "strict" confinement would preclude anyway >> the snap from using any of my desktop's existing system libraries. >> Isn't that indeed the case? > > I don’ think so. System libraries are visible even with strict confinement, > as far as I know. That's not true. When a command or daemon in a strict mode snap gets executed, it runs in a different mount namespace where the file system root is the contents of the "core" snap. You can verify this by executing the following: snap run --shell command_name .. and use that shell to inspect the file system as seen by that particular command. James. -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
weird behaviour related with fonts in a snap
Hey guys, I'm hitting a weird problem related with fonts in collabora office online snap. This product is a kind of libre office google drive, for you to take a reference how it works as user. If I confine the snap in classic mode all works perfectly. However, if I deploy it in devmode, some parts of the document dissapear depending on the font they are using. Also, If I change the font, the selected font disapears in most of cases (depends on the font to change to). Same if I try to set it as bold. However underline or italic works ok. I've set FONTCONFIG_FILE and FONTCONFIG_PATH to fonts.conf and conf.d respectively and fonts are taken from a path accesible by the snap configured in fonts.conf. Also cachedir is set to a snap internal path. Actually, if fonts where not found, one of the daemons wouldn't start and it does. In source code I don't see any reference to any path related with fonts, however something else outside of the snap is needed and I cannot find what. Anybody has hit any issue with fonts in a snap or something similar to this? Thanks. -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
Re: snapcraft 2.27 has been released
Yes, that's what I'am doing. So, the conclusion I get from this is that environment is only valuable in the need of setting a few additional env vars. Btw, forget my last mail about the stop command not taking those values. It is working perfectly. Thanks, Cheers! On 01/03/17 00:37, XiaoGuo Liu wrote: > Hi Roberto, > > In that case, you can just run your own script in the command in stead of > directly launching your app. In your script, just do whatever thing there. > > Best regards, > XiaoGuo > > On Tue, Feb 28, 2017 at 9:51 PM, Roberto Mier Escandón < > roberto.escan...@canonical.com> wrote: > >> Hey guys, >> >> Couldn't we have environment property pointing also to a file script as >> in the case of scriptlets. In the case of needing to set a bunch of >> things before launching app I'd prefer having it in that way. >> >> Cheers. >> >> On 24/02/17 20:05, Kyle Fazzari wrote: >>> >>> >>> On 02/24/2017 10:49 AM, Claudio André wrote: 2017-02-17 10:49 GMT-02:00 Sergio Schvezov mailto:sergio.schve...@canonical.com>>: Hello snapcrafters! ## Setting up environment No more wrapper scripts just to setup on environment entry, this is now tied into an app entry in `apps`. Here's a quick example: ```yaml apps: vim: command: bin/vim environment: VIMRUNTIME: $SNAP/share/vim/vim80 ``` Hi, I tried to append to path (see below). It is not supported. ```yaml environment: PATH: "$SNAP/usr/lib/jvm/default-java/bin:$PATH" ``` I'm ok with it. But, in case this is not by design, I'm mailing you >> guys. >>> >>> I can verify this. To clarify, this builds and runs fine, but actually >>> results in the PATH including the string `$PATH` instead of expanding it. >>> >>> Can a snapd dev comment on this? Is that intended? >>> >>> >>> >> >> -- >> Snapcraft mailing list >> Snapcraft@lists.snapcraft.io >> Modify settings or unsubscribe at: https://lists.ubuntu.com/ >> mailman/listinfo/snapcraft >> > > > > > -- Snapcraft mailing list Snapcraft@lists.snapcraft.io Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
