[05:24] <duluu> I have no luck to install rc release of gutsy on amd64
[05:25] <duluu> it seems package files are broken
[05:41] <kgoetz> duluu: package files?
[05:41] <duluu> that contain package list
[05:42] <kgoetz> duluu: can you run the cd verificatio check ?
[05:42] <kgoetz> *ion
[05:47] <duluu> it failed
[05:48] <kgoetz> duluu: does th disc itself have  good md5sum or is the whole image corrupt?
[05:48] <duluu> iso was good
[05:49] <duluu> this occurred during beta, and still on rc
[05:50] <kgoetz> duluu: hang around - i'm probably not the best person to talk about this with
[05:50] <kgoetz> considering
[09:14] <kraut> moin
[03:43] <ivoks> dendrobates: ccc disclosing company secrets... cccc :D
[03:43] <dendrobates> ivoks: hey now
[03:44] <ivoks> hi
[03:48] <ScottK> lamont: Have you doing anything with Postfix and connecting to milters via a unix socket?
[03:49] <ScottK> lamont: I'm trying to sort out Bug #151850 and getting no where with connecting to clamav-milter due to permissions problems.
[03:49] <ubotu> Launchpad bug 151850 in clamav "clamav-milter postfix defaults fail" [Undecided,New]  https://launchpad.net/bugs/151850
[04:01] <lamont> ScottK: I haven't done anything with postfix milters
[04:02] <ScottK> lamont: OK.  Thanks.  Works great, lasts a long time with a TCP socket, but with a Unix socket, I'm stuck.
[04:02] <ivoks> ScottK: something like this:
[04:02] <ivoks> clamav-milter: ClamAv: Unable to create listening socket on conn local:/var/spool/postfix/clamav/
[04:03] <ivoks> ?
[04:03] <ScottK> ivoks: I unchrooted for my test and so my Postfix can read the socket in the normal location (/var/run/clamav), but I get perimssion denied.
[04:04] <lamont> can the user postfix get into /var/run/clamav?
[04:04] <ScottK> It's 755, so I'd think so.  I tried chgrp to postfix and that didn't help either.
[04:05] <ScottK2> warning: connect to Milter service unix:/var/run/clamav/clamav-milter.ctl: Permission denied is the exact error
[04:05] <lamont> su - postfix and see what happens?
[04:05] <lamont> netcat is love
[04:05] <lamont> at least I think netcat can be bludgeoned into talking to a unix socket
[04:05] <ScottK2> Hmmm
[04:05] <ivoks> ScottK: cause it's srwxrwxr-x?
[04:08] <ivoks> how to check if mail is checked at all? :)
[04:08] <ScottK2> Well if I see Postfix gets permission denied in the mail log, I'm pretty sure it didn't work.
[04:08] <ivoks> i don't get that
[04:08] <ivoks> this is my setup:
[04:09] <ivoks> USE_POSTFIX='yes'
[04:09] <ivoks> SOCKET=local:/var/spool/postfix/clamav
[04:09] <lamont> ScottK: yeah, but gdb and strace can help with figuring things out with netcat easier than with postfix.... :)
[04:09] <ivoks> and in main.cf:
[04:09] <ivoks> smtpd_milters = unix:/clamav
[04:10] <ivoks> i don't get permission denied, but, imho, i should
[04:10] <ScottK2> Well I opened up the permissions a bit more and it worked.  So I'll try ivoks setup and see if it all works.
[04:10] <ivoks> my postfix is chrooted
[04:11] <ScottK2> Right.
[04:11] <ScottK2> Step one for me in troubleshooting is get out of the chroot.
[04:12] <ScottK2> ivoks: Permission denied is what Bug #151850 is about.  It sounds like you have exactly what the reporter says doesn't work.
[04:12] <ubotu> Launchpad bug 151850 in clamav "clamav-milter postfix defaults fail" [Undecided,New]  https://launchpad.net/bugs/151850
[04:13] <ivoks> right...
[04:13] <ivoks> srwxrwxr-x 1 clamav clamav 0 2007-10-12 16:05 /var/spool/postfix/clamav
[04:13] <ivoks> clamav can't create files in /var/spool/postfix/
[04:14] <ScottK2> So how does the socket get created then?
[04:14] <ivoks> i added w+r :/
[04:14] <ivoks> sorry, i forgot about that
[04:15] <ScottK2> ivoks: Is a world writeable socket a good idea?
[04:15] <ivoks> no
[04:15] <ivoks> i added w+r on /var/spool/postfix for testing
[04:15] <ScottK2> OK.
[04:16] <ivoks> we should add clamav in postfix group
[04:16] <ScottK2> So how does one get this to work in a sane configuration?
[04:16] <ivoks> when clamav-milter is installed
[04:16] <ScottK2> That sounds reasonable.
[04:16] <ivoks> and create socket in /var/spool/postfix/somewhere
[04:17] <ScottK2> Just have to make sure we don't break sendmail users.  Their life in painful enough as it is.
[04:17] <ivoks> but this has a downside
[04:17] <ScottK2> OK.
[04:17] <ivoks> if one deinstalls postfix, does he looses /var/spool/postfix?
[04:17] <ScottK2> If one deinstalls postfix, clamav-milter isn't a major problem.
[04:18] <ivoks> it's not, but /var/spool/postfix stays on system
[04:18] <lamont>     purge)
[04:18] <lamont>         rm -rf /var/spool/postfix
[04:18] <lamont>         rm -rf /etc/postfix
[04:18] <lamont> that'd be _gone_
[04:18] <ScottK2> Right.
[04:18] <ivoks> :)
[04:18] <ivoks> ok then
[04:19] <ivoks> but, where in /var/spool/postfix? :)
[04:19] <ScottK2> lamont: How does adding clamav to the postfix group sound to you?
[04:19] <lamont> no issues here
[04:19] <lamont> well...
[04:20] <lamont> that would allow clamav to directly open things in the mail spool, which sounds a bit strange if everything is really passing through a socket with some other (clamav/milter/whatever) defined syntax
[04:20] <ScottK2> I'm thinking I don't like the idea of automagically doing it.
[04:21] <ivoks> we need to rethink this one...
[04:21] <ivoks> postfix user/group can't create anything in /var/spool/postfix
[04:22] <ivoks> so, that wouldn't solve the problem with creating socket
[04:22] <ivoks> there should be a directory inside jail in which postfix group should be able to write
[04:22] <ivoks> atm, i think there i no suck dir
[04:22] <ivoks> such :)
[04:23] <ScottK2> README.Debian has some instructions on Postfix integration for clamav-milter.  I'm going to purge everything, start over and follow those directions to the letter.
[04:23] <ScottK2> Then if it works, I'll mark the bug invalid -RTFM.  If not, I'll go from there.
[04:24] <ivoks> that package has both README.Debian and README.Debian.gz :)
[04:24] <ivoks> and they aren't the same
[04:25] <ivoks> ah, yeah...
[04:25] <ivoks> that makes sense..
[04:25] <ivoks> that should work
[04:28] <ivoks> bug is valid
[04:28] <ivoks>  /etc/default/clamav-milter should contain:
[04:29] <ivoks> SOCKET=local:/var/spool/postfix/clamav/clamav
[04:29] <ivoks> SOCKET can't be file...
[04:29] <ivoks> sorry, directory
[04:29] <ivoks> it must be file
[04:29] <ScottK2> OK.  So it's missing the final clamav
[04:30] <ivoks> or better clamav-milter.ctl
[04:30] <ivoks> there should also be a pointer to README.Debian.gz for howto
[04:30] <ScottK2> Right.
[04:30] <ScottK2> I can fix that.
[04:31] <ivoks> go ahead :)
[04:31] <ivoks> one point tough...
[04:32] <ivoks> purging clamav-milter leaves /var/spool/postfix/clamav/
[04:32] <ivoks> and when you purge clamav.*
[04:32] <ivoks> you get a direcotry with a rw permissions for uid which isn't taken
[04:33] <ivoks> if that uid gets assigned to userbob, userbob will be able to write there and create files as postfix group
[04:35] <ivoks> s/as/owned by/
[04:39] <ScottK2> Right.  Well according to the README.Debian you have to make that dir manually.  So it's on the admin to remove it manually too I'd say.
[04:42] <ivoks> still, debian solution suggests setgid, which should always be last resort
[04:43] <ScottK2> ivoks: True, but it's only a few days befoe release, so I'm taking the least invasive path.
[04:43] <ivoks> :D
[04:43] <ScottK2> Personally I'd use a TCP socket and be done with it.
[04:43] <ivoks> looks like patent war beings...
[04:43] <ivoks> http://www.groklaw.net/article.php?story=20071011205044141
[05:35] <lamont> ScottK: the whole userid thing is why we assign system uid/gids to postfix users...
[05:35] <lamont> id postfix
[05:35] <lamont> uid=113(postfix) gid=109(postfix) groups=109(postfix)
[05:35] <lamont> because userbob won't get that id
[05:47] <ScottK> lamont: This all gets into why I like TCP sockets better.  Urgh.
[05:48] <ScottK> By adding the file name I'm fixing a bug in what the Debian Maintainer has recommended.  I'm not going to re-engineer it less than a week before release.
[05:49] <lamont> ScottK: sounds like a wise decision (not re-engineering at T-6 days)
[05:50] <ScottK> lamont: Heh.  I got a mail from the Debian clamav maintainer a little while ago discussing closer cooperation.  I'll add this to my list for Hardy/Lenny.
[05:50] <lamont> cool
[05:51] <ScottK> lamont: What's your view on the preferability of TCP versus Unix sockets in circumstances like this?
[05:51] <lamont> unix sockets have the advantage of being able to restrict who can connect to them
[05:52] <ScottK> It'd be nice to be able to say "I've talked to the Debian Postfix maintainer and he thinks ..."
[05:52] <lamont> tcp sockets have the advantage of being reasonable an straight forward
[05:52] <lamont> reload will require that there be a way to add additional sockets
[05:53] <lamont> c.f. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311812
[05:53] <ubotu> Debian bug 311812 in postfix "postfix: syslog reconnection" [Important,Open] 
[05:55] <ScottK> lamont: Sorry for being dense: Which kind of socket does that apply to?
[05:55] <lamont> unix
[05:56] <lamont> specifically, /dev/log
[05:56] <ScottK> lamont: Thanks.
[05:59] <ScottK> Clamav-milter currently ships a etc/default file that has the recommended Unix socket for Postfix listed, but commented out.  It seems to me like the best answer is to also provide instructions on TCP socket (and a commented out default) and let the admin decide where they sit on the tradeoffs.
[05:59] <lamont> probably
[07:04] <ScottK> soren: Would you be up for doing a source backport of clamav from Gutsy to Feisty (I need a core-dev to do the upload).  The debdiff in Bug #151308 looks correct to me.
[07:04] <ubotu> Launchpad bug 151308 in feisty-backports "please backport Clamav from Gutsy to Feisty " [Undecided,New]  https://launchpad.net/bugs/151308
[08:20] <soren> ScottK: I'd need to read up on the mechanics of that sort of thing. I have no clue how it works.
[08:20] <soren> I'm just about to eat dinner, though.
[08:20] <soren> I'll stop by later.
[08:21] <ScottK> soren: Great.  It's not very hard.  I can probably talk you through it.
[09:33] <hendrixski> hey, is this the right place to ask this?  I can't get Mysql server to install.  and I'm pulling my hair out over here :-(
[09:34] <leonel> hendrixski: what's the problem ?  I don't use mysql but maybe can help ...
[09:35] <hendrixski> leonel, I apt-get installed it... and halfway through it breaks
[09:35] <hendrixski> I uninstalled it and re-isntalled, and it's not helping
[09:36] <leonel> what errors ?
[09:36] <hendrixski> dpkg: error processing mysql-server-5.0 (--configure):
[09:36] <hendrixski>  subprocess post-installation script returned error exit status 1
[09:37] <hendrixski> ...actually... do you mind if I _don't_ pastebin this.. s ince it's only a few lines, and a not very active channel?
[09:37] <hendrixski> dpkg: dependency problems prevent configuration of mysql-server:
[09:37] <hendrixski>  mysql-server depends on mysql-server-5.0; however:
[09:37] <hendrixski>   Package mysql-server-5.0 is not configured yet.
[09:37] <hendrixski> dpkg: error processing mysql-server (--configure):
[09:37] <hendrixski>  dependency problems - leaving unconfigured
[09:37] <hendrixski> Errors were encountered while processing:
[09:37] <hendrixski>  mysql-server-5.0
[09:37] <hendrixski>  mysql-server
[09:37] <hendrixski> E: Sub-process /usr/bin/dpkg returned an error code (1)
[09:38] <leonel> dpkg -P mysql-server-5.0  mysql-server
[09:38] <leonel> and
[09:38] <leonel> apt-cache clean
[09:38] <leonel> then
[09:38] <leonel> apt-get install mysql-server-5.0
[09:40] <hendrixski> k, it's not being friendly in the removal either
[09:40] <hendrixski> lemme try it after the apt-get clean
[09:41] <leonel> is there a previous error ?
[09:41] <leonel> before the mysql ?
[09:42] <hendrixski> nah, the rest of that is normal I think
[09:44] <hendrixski> :-( crap... now when I ran the apt-get install -f to fix things it's crapping out again
[09:44] <hendrixski> pastebinned  http://paste.ubuntu-nl.org/40442/
[09:45] <hendrixski> it stops and starts the mysqld... but the start fails
[09:45] <hendrixski> I guess that's an error
[09:46] <leonel> hendrixski: you are in a chroot  environment ?
[09:47] <hendrixski> leonel, yes
[09:47] <leonel> there's no /proc  or  something like that  that     mysql  and  all daemons  need to start for networking ..
[09:48] <hendrixski> oh
[09:48] <hendrixski> so... mysql won't work in a chroot?
[09:49] <leonel> i had that same problem  with postgresql
[09:50] <hendrixski> there's a /proc/
[09:50] <leonel> booted into  the os  and did the install fine
[09:50] <leonel> yes but  there's something  missing  that  can't  let  mysql  start  in that  chroot
[09:51] <hendrixski> oh
[09:51] <hendrixski> so how do people get into databases from chroot?
[09:51] <leonel> hendrixski: good  question ..
[09:53] <leonel> I think is that  what causing you that error ..
[09:53] <hendrixski> hhmm, well,, I guess I'll try re-uninstalling it again
[09:55] <hendrixski> except,.... now even when I try to remove it it tries to complete the install
[09:55] <hendrixski> and craps out again and again
[09:58] <sommer> hendrixski: do you have apt-utils installed in the chroot?
[09:59] <sommer> also if you're trying to remove it you might try apt-get --purge remove mysql-server
[10:00] <hendrixski> sommer, yeah, I've tried that... like I said, even the removes try to complete the install
[10:00] <hendrixski> is there a way to trick apt into not knowing that there's something that didn't finish install?
[10:01] <hendrixski> sommer, and do you know how to get databases to work in a chroot?
[10:01] <sommer> hendrixski: sorry I don't have much experience with chroot environments.  Did you have apt-utils in the chroot?
[10:02] <hendrixski> sommer, I may not have... but there's no way to install ANYTHING now
[10:02] <hendrixski> apt-get install apt-utils tries to install the mysql-server
[10:02] <sommer> mmm...can you recreate the chroot?
[10:02] <sommer> or can you copy the apt-utils bin files into the chroot?
[10:02] <hendrixski> sommer, I can, but I'd probably lose a ton of work
[10:03] <sommer> I'd try copying the bin files then.
[10:04] <hendrixski> actually... most of the crap compiled in there is in /home which is mounted separately... I guess I can delete and recreate it... and all I lose is running make install once or twice
[10:05] <hendrixski> sommer, is there anything in apt-utils that would help me stop apt from trying to install mysql server every time it runs?
[10:05] <sommer> not that I'm aware of.
[10:06] <hendrixski> man, this is a pickle... I guess I'm just gonna have to redo the chroot again
[10:08] <sommer> hendrixski: you might wait I'm checking the docs
[10:08] <hendrixski> oh?
[10:10] <sommer> have you tried apt-get --purge --force-yes remove mysql-server
[10:10] <hendrixski> not yet
[10:10] <sommer> may be worth a try
[10:11] <hendrixski> sommer, same thing
[10:11] <hendrixski> $ sudo apt-get --purge --force-yes remove mysql-server
[10:11] <hendrixski> Reading package lists... Done
[10:11] <hendrixski> Building dependency tree
[10:11] <hendrixski> Reading state information... Done
[10:11] <hendrixski> Package mysql-server is not installed, so not removed
[10:11] <hendrixski> 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
[10:11] <hendrixski> 1 not fully installed or removed.
[10:11] <hendrixski> Need to get 0B of archives.
[10:11] <hendrixski> After unpacking 0B of additional disk space will be used.
[10:11] <hendrixski> Setting up mysql-server-5.0 (5.0.38-0ubuntu1) ...
[10:11] <hendrixski>  * Stopping MySQL database server mysqld                                                                                           [ OK ] 
[10:11] <hendrixski>  * Starting MySQL database server mysqld                                                                                           [fail] 
[10:11] <hendrixski> invoke-rc.d: initscript mysql, action "start" failed.
[10:11] <hendrixski> dpkg: error processing mysql-server-5.0 (--configure):
[10:11] <hendrixski>  subprocess post-installation script returned error exit status 1
[10:11] <hendrixski> Errors were encountered while processing:
[10:11] <hendrixski>  mysql-server-5.0
[10:11] <hendrixski> E: Sub-process /usr/bin/dpkg returned an error code (1)
[10:12] <sommer> mmmmm
[10:12] <mathiaz> hendrixski: have a look at /var/log/daemon.log - it should have the output of the mysql init script
[10:12] <hendrixski> mathiaz, lemme check
[10:13] <hendrixski> there's a /var/log/dmesg.log and a dpkg.log
[10:13] <hendrixski> no daemon.log
[10:14] <hendrixski> and dmesg is empty
[10:15] <hendrixski> maybe I should try dpkg-configure -a ??
[10:18] <mathiaz> hendrixski: you said you were in a chroot ?
[10:18] <mathiaz> hendrixski: did you mount /dev ?
[10:19] <hendrixski> mathiaz, I think so, lemme check
[10:20] <hendrixski> Don't think so
[10:21] <hendrixski> the only lines I added into /etc/fstab were for /home/ /tmp  proc-chroot and devpts-chroot
[10:22] <hendrixski> mathiaz, should I mount the regular /dev into my chroots dev?
[10:23] <hendrixski> oh shit... it's almost 4:30 ... I gotta head out soon
[10:23] <mathiaz> hendrixski: you could try - it may help
[10:24] <hendrixski> mathiaz, well... I guess I'll come back to this problem on monday morning
[10:25] <hendrixski> gotta get out of the office, and pick someone up now
[10:25] <hendrixski> thanks for the help so far
[10:27] <sommer> mathiaz: heh... thanks from me as well.  I was out of ideas.
[10:28] <mathiaz> sommer: np.
[10:29] <mathiaz> sommer: I've seen your post on -doc about the server guide.
[10:29] <mathiaz> sommer: is this going in for gutsy ?
[10:30] <sommer> I tested it on gutsy, but I thought it's way too late?
[10:31] <mathiaz> sommer: I don't know. I was just asking.
[10:31] <sommer> ah, I think it'll have to be for hardy.
[10:31] <mathiaz> sommer: I think it's too late, but I'm not familier enough with the documentation process.
[10:31] <mathiaz> sommer: I think so too.
[10:32] <sommer> heh... me either.
[10:33] <sommer> I've almost got a patch for the mediawiki section as well.
[10:33] <mathiaz> sommer: excellent !
[10:34] <mathiaz> sommer: do you think it would be interesting to move the server guide to a wiki page ?
[10:34] <mathiaz> sommer: same thing as the Packaging guide ?
[10:34] <mathiaz> sommer: it's just a random idea
[10:35] <sommer> mathiaz: I'm not sure... I think for some packages it would work better.
[10:35] <sommer> We could also be more detailed.
[10:35] <mathiaz> sommer: yes. OTOH it's hard to keep a version for wiki pages.
[10:36] <mathiaz> sommer: such as - this is for feisty, gutsy, hardy, etc...
[10:36] <sommer> ya... I try to put which releases I've tested on when editing the wiki.
[10:37] <sommer> I think over all it's fine to have the Server Guide in docbook
[10:38] <sommer> would have been nice to get updates for Gutsy in though.
[10:38] <mathiaz> sommer: yes. OTOH we started quit late in the cycle.
[10:38] <mathiaz> sommer: I think we can review and improve the guide for Hardy.
[10:39] <sommer> mathiaz: definitely
[10:40] <soren> ScottK: Surely it must be documented somewhere?
[10:42] <ScottK> soren: I've no idea.  There's not much to it really.  It's a regular upload except it goes to feisty-backports and should have a ~feisty1 version number.
[10:42] <ScottK> soren: Once it's done, I'll subscribe the archive to the bug and they'll release it when they get around to it.
[10:42] <ScottK> That's it.
[10:44] <soren> ScottK: Hm.. I found this: https://wiki.ubuntu.com/BackportRequestProcess
[10:44] <soren> "In addition to syncs, members of [WWW]  ubuntu-core-dev are allowed to upload directly to -backports"
[10:44] <soren> Ok, so far so good.
[10:44] <soren> "Uploaders have to abide a 'backporting' policy"..
[10:44] <ScottK> Yes and the clamav one meets the requirements.
[10:44] <soren> ...so I'm allowed to upload directly, but have to get permission from the backports team?
[10:45] <ScottK> Yes and I'm authorized to give it.
[10:45] <ScottK> It's weird.
[10:45] <ScottK> I can authorize you to upload it, but can't upload it because I don't have archive rights and you have archive rights, but procedurally aren't authorized.  Yeah.
[10:45] <soren> Oh, I've just reread it.
[10:46] <ScottK> But then again, every backport I've seen that broke stuff since I've been doing this was done by an archive admin without following the process....
[10:46] <soren> And this time, I read it as core-dev members don't need approval.
[10:46] <ScottK> OK.  I just know if I upload it it will bounce automagically.
[10:47] <soren> The first paragraph is about how to request backports by asking you. The next bit is the "In addition... core-dev... directly to -backports".
[10:47] <soren> -> #ubuntu-devel