[01:10] <owh> Hmm, I'm reading the stuff about FFE for the patch that kirkland and I are proposing. He's asked me to make a .tgz with all the stuff for his review while he has a sumptuous meal :) - but I'm unsure what to include - the mind is willing, but the flesh is unsure.
[01:12] <owh> My documentation thus far is at: https://wiki.ubuntu.com/OnnoBenschop/ubuntu-server/init.d-status
[01:13] <owh> Any pointers?
[01:14] <mathiaz> owh: why would you need to make a tgz ?
[01:14] <mathiaz> owh: you just need to attach a debdiff to the bug.
[01:14] <mathiaz> owh: are you subscribed to ubuntu-devel@lists.u.c ?
[01:14] <owh> mathiaz: I already did that part :)
[01:15] <owh> mathiaz: Yes, I read the latest message on the subject. Kirkland hasn't seen it yet.
[01:15] <mathiaz> owh: right - so using the LSB argument won't work.
[01:15] <mathiaz> owh: and it seems that the init scripts handling will change for intrepid
[01:16] <mathiaz> owh: with an integration with upstart.
[01:16] <mathiaz> owh: So I'd just concentrate on adding a status action to the init script for daemon processes.
[01:16] <owh> mathiaz: Yes, we saw that already from SJR's comments.
[01:16] <mathiaz> owh: what is the bug number where you've attached your debdiff ?
[01:17] <owh> mathiaz: Bug #203169
[01:17] <ubotu> Launchpad bug 203169 in lsb ""status" function for init scripts" [Undecided,New] https://launchpad.net/bugs/203169
[01:17] <owh> mathiaz: We figured that updating lsb was less code than individually patching each init.d script.
[01:18] <owh> mathiaz: The list of packages affected is on the wiki page.
[01:18] <owh> mathiaz: We were expecting to add them to this bug and fix them one at a time like the bug you showed us a little while ago.
[01:18] <owh> mathiaz: The python-fix thing.
[01:19] <mathiaz> owh: there are multiple lists on your wiki page - which list are you refering too ?
[01:19] <owh> mathiaz: The actual affected packages are at: https://wiki.ubuntu.com/OnnoBenschop/ubuntu-server/init.d-status#head-9fa491ed97b93b78759171771d0c13f82b4784da
[01:19] <owh> mathiaz: "List of unique packages"
[01:20] <mathiaz> owh: libc6 ?
[01:20] <mathiaz> owh: module-init-tools ?
[01:20] <mathiaz> owh: netbase ?
[01:20] <mathiaz> owh: procps ?
[01:20] <owh> mathiaz: Those packages all include scripts that are in init.d
[01:21] <mathiaz> owh: sysv-rc ?
[01:21] <mathiaz> owh: udev ?
[01:21] <mathiaz> owh: util-linux ?
[01:21] <owh> It is possible that they include rc and rcS, in which case we can remove them.
[01:21] <mathiaz> owh: these are packages that don't have daemons running IIRC
[01:21] <mathiaz> owh: so I'd remove them from the list.
[01:21] <owh> mathiaz: If you look at the list above you'll see the relationship.
[01:22] <owh> mathiaz: For example libc6 has a script: /etc/init.d/glibc.sh
[01:22] <owh> mathiaz: module-init-tools has the script: /etc/init.d/module-init-tools
[01:23] <mathiaz> owh: well - I think that what we should aim for is to have status action for daemons
[01:23] <mathiaz> owh: this is the part that always annoys me
[01:23] <owh> mathiaz: The intent is to go through each script that's on the list and check to see if it actually needs a status. README, rc and rcS have already been manually removed from the list.
[01:24] <mathiaz> owh: consedering where we're at in the release cycle, it will be hard to get things included in hardy
[01:24] <mathiaz> owh: ok - so that's not the final list
[01:24] <owh> mathiaz: The hard part is defining a daemon. I'm just basing this on the running processes, but things like postgres aren't even running yet.
[01:24] <owh> mathiaz: No.
[01:24] <mathiaz> owh: postgres should be running
[01:24] <mathiaz> owh: and has a status action
[01:25] <owh> mathiaz: Not on the hardy install that I'm currently running.
[01:25] <mathiaz> owh: if the default install of postgres doesn't work, you should report a bug.
[01:25] <owh> mathiaz: It does already have a status. My point was that it's not running, so there might be others like that.
[01:25] <mathiaz> owh: how did you install it ?
[01:25] <owh> mathiaz: Boot from CD, tick the boxes, wait. Reboot.
[01:26] <mathiaz> owh: ok - it's a bug in the installer
[01:26] <mathiaz> owh: it should be fixed for beta.
[01:26] <mathiaz> owh: if you install with apt-get install once you've rebooted you should have working postgres installation.
[01:27] <owh> mathiaz: What is the executable/daemon that postgress uses?
[01:28] <ajmitch> ajmitch@ubuntu-desktop:~$ /etc/init.d/postgresql-8.2 status
[01:28] <ajmitch> Version Cluster   Port Status Owner    Data directory                     Log file
[01:28] <ajmitch> 8.2     main      5432 online postgres /var/lib/postgresql/8.2/main       /var/log/postgresql/postgresql-8.2-main.log
[01:28] <ajmitch> one that already has a (non-LSB-compliant) status
[01:28] <owh> ajmitch: Well my installation only shows the first line.
[01:29] <mathiaz> owh: yes - it's a known bug in hardy.
[01:29] <mathiaz> owh: you can safely remove postgres from your list - its init script has a status option and is working
[01:29] <owh> mathiaz: Cool, then I don't need to worry about it.
[01:29]  * owh updates list.
[01:32] <owh> mathiaz: Bare in mind that I'm trying to make an automated list so nothing slips through the cracks. I suspect we're now at the end of that and now it becomes manual :)
[01:33]  * mathiaz nods
[01:34]  * ajmitch doesn't know if the usefulness of having a status action will outweigh having to have new uploads & rebuilds of a large number of packages
[01:34] <mathiaz> ajmitch: well - we're already under 10 packages in the list
[01:34] <mathiaz> ajmitch: so I wouldn't say it's a large number of packages.
[01:34] <owh> mathiaz: I have 17 showing at the moment, but I agree with the point.
[01:34] <mathiaz> ajmitch: and I think that having a status action *is* really usefull
[01:35] <owh> mathiaz: The stuff that you showed, that is the ones you questioned, how did you exclude them? (libc6, netbase, etc.)
[01:35] <ajmitch> mathiaz: sure, but the release manager may have other thoughts :)
[01:35] <owh> ajmitch: One step at a time :)
[01:36] <mathiaz> owh: just by looking at them and asking myself: does this stuff runs a daemon ?
[01:36] <mathiaz> owh: if no, I'd exclude it.
[01:36] <owh> mathiaz: So, which of my list are bogus in your opinion?
[01:37] <mathiaz> owh: the list I've just given you
[01:37] <owh> Here's my list: (17 lines)
[01:37] <owh> apache2.2-common
[01:37] <owh> at
[01:37] <owh> bind9
[01:37] <owh> cron
[01:37] <owh> dovecot-common
[01:37] <owh> klogd
[01:37] <owh> libc6
[01:37] <owh> module-init-tools
[01:37] <owh> netbase
[01:37] <owh> openssh-server
[01:37] <owh> procps
[01:37] <owh> samba
[01:37] <owh> sysklogd
[01:37] <owh> sysv-rc
[01:37] <owh> udev
[01:37] <owh> util-linux
[01:37] <owh> winbind
[01:38] <mathiaz> owh: libc6 module-init-tools netbase procps sysv-rc udev util-linux
[01:38] <mathiaz> owh: ^^ these packages don't seem to start daemons.
[01:39]  * owh is adding a '-' to the list to check the actual script and dependencies.
[01:39] <ajmitch> samba+winbind are in a single source package, too
[01:39] <owh> ajmitch: Yes
[01:39] <owh> ajmitch: Uh, no.
[01:40] <owh> ajmitch: Separate packages.
[01:40] <ajmitch> source package, I said :)
[01:40] <owh> Doh
[01:40] <owh> :)
[01:41] <owh> mathiaz: I'm checking the actual init.d scripts for those packages, but if they disappear then we're down to 10 and as ajmitch points out, 9 source packages.
[01:42] <mathiaz> owh: yes - that's more reasonable and less scary for the release manager
[01:42]  * owh likes that :)
[01:42] <mathiaz> owh: and then we can really use the argument that having a status action for a daemon is *really* useful
[01:43] <owh> mathiaz: You don't think that networking status is useful?
[01:43] <owh> mathiaz: That comes from netbase.
[01:43] <mathiaz> owh: it is, but let's first get the daemon going.
[01:44] <owh> mathiaz: WFM
[01:44] <mathiaz> owh: And to be honnest, I tend to use ifconfig to get the status of the networking stack
[01:44] <mathiaz> owh: but I'd like to use init.d/daemon status to know if my service is running
[01:44] <owh> mathiaz: Ah, but we're now creating an argument for ebox :)
[01:44] <mathiaz> owh: without having to ps -ef| grep daemon
[01:45] <owh> mathiaz: If that's all you want then we could write a four line wrapper cmd around the lsb-functions, single script in /bin. No need for any of this.
[01:46] <owh> mathiaz: We'd still need to patch lsb, but nothing else.
[01:47] <mathiaz> owh: I think that patching the init script makes the most sense
[01:47] <mathiaz> owh: as putting common code in lsb, I also think it's usefull.
[01:47] <owh> mathiaz: You'll call it like this: foo "$DAEMON"
[01:48] <mathiaz> owh: but the release team may think it's too much.
[01:48] <mathiaz> owh: this would be uncommon among the distros.
[01:48] <owh> mathiaz: What I'm saying is that you'd get the same functionality and less intrusiveness.
[01:48] <mathiaz> owh: just to give some background: most of the other distros have a status init script
[01:49] <mathiaz> owh: we don't - let's fix this
[01:49] <owh> mathiaz: You mean a switch, or a stand-alone-script that generates status?
[01:49] <mathiaz> owh: patching lsb or adding a new command would be the same thing from the release team POV
[01:49] <mathiaz> owh: I mean a status action in the init script
[01:50] <owh> mathiaz: You mean in each init script right?
[01:50] <mathiaz> owh: yes
[01:51] <owh> mathiaz: What I'm saying - though I've not yet tested it, so I might be barking mad - is that we could create a completely stand-alone shell script that included the current-unpatched lsb functions, called it with the parameter supplied and returned an answer. No impact, no patching, addition of a single script.
[01:52] <owh> mathiaz: Would it be useful to test that?
[01:52] <owh> mathiaz: It may all die the moment I try to include the lsb functions which rely on some environment, but it might just magically work :)
[01:53] <mathiaz> owh: well - you'd add this new script to the lsb package. Which means you'd patch the lsb package.
[01:53] <owh> mathiaz: Sure but there would be no regression because no code changed :)
[01:54] <mathiaz> owh: so from the release managers POV it's the same, whether you include a new script or add a function to the shell script.
[01:54] <owh> mathiaz: Yes, but there would be no initial need to patch anything else.
[01:54] <mathiaz> owh: add a function the lsb library shell script
[01:54] <owh> Huh?
[01:54] <mathiaz> owh: hm.. you'd still have to patch the init scrip to call the new wrapper ?
[01:55] <owh> Nope
[01:55] <mathiaz> owh: ohh - you'd say that the administrator would have to be educated to use this new command specific to Ubuntu to get the status of his daemons ?
[01:56] <owh> mathiaz: Sure, while we're fiddling around getting upstart and intrepid integrated.
[01:56] <mathiaz> owh: I don't think it's a good idea.
[01:57] <mathiaz> owh: like kirkland said - administrators expect init script to have a status action
[01:57] <owh> mathiaz: Strictly from a code management perspective it's the smallest non-invasive change that provides the functionality.
[01:58] <owh> mathiaz: I'm not saying it's the best integrated.
[01:58] <mathiaz> owh: This is something that administrator used to work in redhat environment find the most annoying in ubuntu - and I agree with tem.
[01:58] <owh> mathiaz: You mean, extra scripts that do stuff :)
[01:59] <mathiaz> owh: no - the status action in the init script
[01:59] <mathiaz> owh: sysadmin expect that - we don't provide it -> need to fix it
[02:00] <owh> mathiaz: Cool, I'll continue with the process in hand.
[02:00]  * owh is nearly done eliminating the packages suggested by mathiaz
[02:00] <mathiaz> owh: great - thanks
[02:02] <owh> mathiaz: udev is "kernel event manager", isn't that a process/daemon?
[02:02] <mathiaz> owh: no
[02:02]  * owh removes it
[02:02] <mathiaz> owh: it's a script that is called when a new device is plugged in the system
[02:03] <mathiaz> owh: well - there is a udevd daemon running
[02:03] <owh> mathiaz: So, perhaps it should stay?
[02:03] <mathiaz> owh: so you could leave it on the liest
[02:03] <mathiaz> owh: yes.
[02:04] <owh> mathiaz: Cool, we're down to 11 packages or 10 source packages.
[02:04] <owh> mathiaz: The following are packages: apache2.2-common, at, bind9, cron, dovecot-common, klogd, openssh-server, samba, sysklogd, udev, winbind
[02:04] <mathiaz> owh: however, from a tactic POV, udev is maintained by the Scott, who is also the maintainer of Upstart.
[02:05] <owh> Hmm
[02:05] <mathiaz> owh: so I would try to add a status action to udev init script at last
[02:05] <owh> That shouldn't really play into it though should it.
[02:06] <owh> mathiaz: How do I get dpkg to tell me the source package name of a package?
[02:07] <mathiaz> owh: apt-cache show apache2.2-common | grep ^Source
[02:07] <owh> Doh
[02:07] <mathiaz> owh: the list looks good to me
[02:07] <owh> I was looking for something more complicated:)
[02:09] <ajmitch> you can complicate matters & use something like grep-dctrl if you really want
[02:09] <owh> Hmm, apt-cache show at returns stuff without a Source: line.
[02:10] <ajmitch> then the source name is the same
[02:11]  * ajmitch prefers apt-cache madison
[02:11] <owh> ajmitch: How does that work?
[02:11] <ajmitch> try it & see?
[02:11] <owh> Heh
[02:12] <ajmitch> ajmitch@ubuntu-desktop:~$ apt-cache madison at at | 3.1.10ubuntu4 | http://nz.archive.ubuntu.com gutsy/main Packages at | 3.1.10ubuntu4 | http://nz.archive.ubuntu.com gutsy/main Sources
[02:12] <ajmitch> sigh, that didn't paste well
[02:12] <owh> ajmitch: I saw the output.
[02:12]  * owh is parsing it as we speak.
[02:12] <nxvl> ajmitch: wow, nice, thanx for that hint!
[02:12]  * nxvl HUGS ajmitch 
[02:14] <owh> Cool, that seems to combine sysklogd and klogd as well.
[02:14] <owh> mathiaz: It appears we're down to 9
[02:15] <ScottK2> ajmitch: I've asked around and so far everyone who knows what I'm talking about wants your RC bug tracker running.  Would you be willing to share your setup for it (we've got an ubuntuwire box we can host it on)?
[02:18] <owh> In case anyone is following, Here's the proposed list of source packages affected: https://wiki.ubuntu.com/OnnoBenschop/ubuntu-server/init%2ed-status#head-2b4f2602e168bb1a7185af274a286dc1b1ef6dcd
[02:20] <ajmitch> ScottK2: sure, but it was only useful because I was rsyncing debian bug info
[02:21] <ajmitch> in other words, I'd need to turn on the daily rsync again & push the generated results somewhere
[02:29] <ScottK> ajmitch: Or we could set up the ubuntuwire box to do the same and do it all there.  It's a beefy box on a big pipe, so there's no need to worry about overloading it.
[02:30] <ScottK> ajmitch: Best to discuss it on #ubuntuwire with Fujitsu or Nafallo.
[02:30] <ScottK> Please .......
[02:32] <ajmitch> ok, I'm there
[03:10]  * nealmcb waves at ajmitch
[03:13] <owh> Just out of interest, the spec here: https://wiki.ubuntu.com/EboxSpec suggests, hell it comes right out and says it, that it allows you to boot the Ubuntu CD and choose the ebox option. I must confess that I missed that option. Is it in the installer, or on the cd-boot menu?
[03:15] <ScottK2> I don't think it's there yet.
[03:17] <owh> Does that mean that it will be, or will this miss release?
[03:19] <ScottK2> Dunno.
[03:20] <owh> Tah
[04:12] <owh> My head just exploded. On the hardy-alpha6 install that I have samba does not have a status section. I just downloaded the source to create a patch and I'm seeing a status part. How do I figure out if the package owner just did that or if I made a mistake?
[04:12] <owh> NM, just found the change log :)
[05:30] <soulc> anyone up?
[05:40] <owh> soulc: No, we're all asleep.
[05:57] <owh> I've just created a samba patch for status. Can someone please check if I'm not being a dunce: http://ubuntu.pastebin.com/d701c40e5
[05:57] <owh> That's not the diff, just the code snippet.
[06:02]  * owh just realised that this made no sense - carry on.
[06:15] <kris_ph> Jack_Sparrow:
[06:25] <kris_ph> Hello.. I have apache2 running with php. Is it okay that I will install Django and its database using postgresql? won't it give harm to my existing php and my php apps?
[06:29] <Jeeves_> Morning
[06:30] <kris_ph> gud morning.. do you have a background about django?
[06:33] <Jeeves_> Nope
[06:33] <Jeeves_> What's that?
[06:39] <kris_ph> google it
[06:39] <kris_ph> :)
[06:40] <ere4si> !django
[06:40] <ubotu> django is a high level python web framework that encourages rapid development and clean, pragmatic design. - see http://www.djangoproject.com
[06:46] <Jeeves_> a python
[06:46] <Jeeves_> ah, pyton
[06:46] <ere4si> h
[07:04] <owh> I'm preparing debdiffs for 10 source packages. Is there a mechanism for me to upload those somewhere so that I can get an automagic buildd report - so I can attach them to a FFE request, or should I just roll my own?
[08:16] <kraut> moin
[08:17] <_ruben> mornin
[08:33] <juliux> morning
[08:33] <juliux> has somebody nagios3 packages for gutsy?
[08:37] <_ruben> juliux: let me know when you get your hands on them ;) .. a collegue of me will be deploying a new monitoring box shortly based on ubuntu+nagios3
[08:37] <juliux> _ruben, i will build nagios from source now
[08:40] <_ruben> ah
[08:43] <juliux> that is faster;)
[08:43] <_ruben> wonder how hard it'd be to 'upgrade' the package .. the looks of nagios3 dont differ too much from nagios2 .. doesnt say much about the package though
[08:48] <nijaba> morning
[08:49]  * soren sighs
[08:50] <soren> There's nagios *3* now as well?
[08:50] <_ruben> came out like yesterday or so
[08:50] <soren> I was almost done upgrading to nagios2!
[08:51]  * _ruben gives soren a sympathy hug
[08:53] <henkjan> 03/13/2008 -
[08:53] <henkjan> Nagios 3.0 Released
[08:54] <_ruben> 5 days .. close enough ;)
[09:06] <_ruben> hmm .. just curious, when running a local install/update mirror for ubuntu .. what kind of diskspace and bandwidth requirements should one keep in mind?
[09:08] <soren> _ruben: You can fit {dapper,edgy,feisty,gutsy,hardy}-{amd64,i386} in about 180GB.
[09:19] <henkjan> du -hs nl.archive.ubuntu.com/ 440G	nl.archive.ubuntu.com/
[09:20] <henkjan> hmm, that includes cd images/releases
[09:21] <_ruben> soren: that sounds very doable, since i'd only be interested in gutsy and hardy (when final) for those 2 archs .. what the ammount of updates?
[09:21] <_ruben> +about
[09:22] <soren> _ruben: Well, kernel images are quite large, so that might add a bit. Not more than a GB or two, though, I guess.
[09:23] <_ruben> soren: but those are rather "rare" .. trying to get an idea how much traffic it'd cost to keep the repo up to date
[09:23] <_ruben> damnit .. nasty downside of wireless keyboard, im suffering from "packet/key-loss" :p
[09:24] <soren> _ruben: Keeping it up to date should be relateive cheap.
[09:25] <_ruben> ok .. guess i'll look into it in a while and just set it up and monitor it for a while
[09:25] <henkjan> openoffice updates are large :)
[09:25] <_ruben> damnit .. now my mouse is lagging as well .. grr
[09:27] <_ruben> if the updates would get too "bulky" i could shape them or something to keep things in line .. i dont have as much bw as henkjan and Jeeves_, but should be sufficient :)
[09:29] <henkjan> _ruben: running a local mirror for personal use only wont cost you much traffic
[09:30] <soren> henkjan: Oh, right, didn't think about openoffice.
[09:37] <_ruben> henkjan: figured as much, just thought i'd check to be sure ;)
[09:38] <_ruben> running a local sles9 install/update repo didnt impose a noticeable impact either
[09:41] <henkjan> depending on the number of local servers wich use your local mirror it'll only save on bandwith
[09:42] <henkjan> it may be an good idead to change security.ubuntu.com in /etc/apt/sources.list also to your local mirror
[09:45] <_ruben> henkjan: the main benefit is quick, up2date net installs eventually .. and the speed difference isnt probably all that big .. then again, i'd probably be using more bandwidth with a local repo than without, since the ammount of packages we use is rather limited .. oh well .. its a nice endeavour to dive into
[09:47] <henkjan> _ruben: https://weblog.bit.nl/blog/2008/03/11/bit-pxe-implementatie/
[09:50] <_ruben> henkjan: partitioning including raid config .. interestign!
[09:50] <_ruben> setting up sw raid in the debian installer can be rather tedious :p
[09:50] <_ruben> beerware license .. gotta send you guys a beer if i wanna use it ? ;)
[09:51] <_ruben> doh .. it *is* that
[09:58] <_ruben> guess i'll have to drive to ede someday then :p
[10:21] <juliux> _ruben, i found debian echt nagios3 packages, they are also working on gutsy
[10:23] <_ruben> nice
[10:47] <Folke> Anyone here using Jeos in vmware?
[10:56] <_ruben> not yet
[10:56] <_ruben> that is: im not using it yet, there are other who do tho
[10:57] <Folke> _ruben: We are thinking of using it in our vmware enviroment instead of the "server" edition. But I don't really know all the cons / pros.
[10:58] <_ruben> pro: its even smaller (size/resources/etc) .. con: uhm, less drivers as well which could lead to problems i guess
[11:44] <BCMM> can someone recommend a dynamic dns provider?
[11:45] <_ruben> using no-ip.org myself without any probs
[11:45] <_ruben> hmm .. setting up a local ubuntu repo using rsync is even more simple than i'd thought
[11:46] <kris_ph> hello..can apache2 and zope run on the same machine simultaneously?
[11:49] <VoiDeT> Hi there, anyone there? If someone has time and would like to shed some light on passive ftp connections thatd be great!
[11:50] <_ruben> VoiDeT: what exactly is it that you want to know?
[11:50] <Kamping_Kaiser> _ruben, is it anything harder then running rsync?
[11:51] <_ruben> Kamping_Kaiser: not really ;)
[11:51] <VoiDeT> Well i set up proftpd, got it running fine, iptable rules set, i can ftp into it while its auth against mysql db, locally i can run my clients in active/passive, but when i try use an external ip on passive it connects, but wont iniate the LIST command
[11:51] <_ruben> Kamping_Kaiser: never really used rsync myself tho
[11:51] <_ruben> VoiDeT: do you have nf_conntrack_ftp and nf_nat_ftp kmods loaded?
[11:52] <VoiDeT> how do i check this? i have modprobe ip_conntrack modprobe ip_conntrack_ftp in my iptables script
[11:52] <VoiDeT> and that reports no errors
[11:53] <Kamping_Kaiser> _ruben, :) i'm still using debmirror to make my mirror. need to switch over to the proper debian archive mirror scripts though
[11:53] <_ruben> VoiDeT: ah, older kernel?
[11:53] <VoiDeT> but when in passive mode locally, using only local connections, passive works, so its tracking established connections fine from what i can see
[11:53] <VoiDeT> mm nope, im on 7.10, stock kernel
[11:53] <_ruben> VoiDeT: you allow RELATED as well?
[11:54] <VoiDeT> yup
[11:54] <_ruben> VoiDeT: you need the nf_* mods, ip_* is for older kernls
[11:54] <VoiDeT> "/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT"
[11:54] <_ruben> ok
[11:54] <VoiDeT> "/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT"
[11:54] <_ruben> VoiDeT: lsmod | grep ftp
[11:54] <VoiDeT> nothing
[11:54] <VoiDeT> oh wait
[11:55] <kris_ph> hello..can apache2 and zope run on the same machine simultaneously?
[11:55] <soren> Sure.
[11:55] <_ruben> VoiDeT: the loading of ip_conntrack modules probably fails silently
[11:55] <VoiDeT> http://paste.ubuntu-nl.org/60018/
[11:55] <kris_ph> soren: is that sure for me?
[11:56] <soren> kris_ph: Yes
[11:56] <_ruben> VoiDeT: ah .. the nf_ ones are loaded
[11:56] <kris_ph> soren: okay.. won't it slows down gutsy
[11:56] <VoiDeT> _ruben: not good?
[11:56] <soren> kris_ph: Why would it?
[11:56] <_ruben> VoiDeT: that is good
[11:56] <_ruben> VoiDeT: is the ftp running on a port other than 21?
[11:57] <_ruben> VoiDeT: and/or are you using ssl/tls?
[11:57] <VoiDeT> _ruben: its on 21, externally ppl get in through 23, i have a portforward rule on my router/modem to push it to 21 to my local ip
[11:57] <kris_ph> just asking.... how about installing nginx with apache?
[11:57] <VoiDeT> _ruben: ssl/tls on proftpd?
[11:58] <_ruben> VoiDeT: ssl/tls can be used to encrypt ftp traffic, which breaks the conntrack/nat modules (it cant snoop the traffic)
[11:58] <kris_ph> soren: nginx is already in the repo.. just want to confirm if it hurts gutsy and apache if m going to install nginx...
[11:59] <VoiDeT> _ruben: i see, well i didn't enable it for proftpd, so hows a way of checking if it is enabled
[11:59] <_ruben> VoiDeT: those 2 (encryption and diff port) are the most common problems .. im not aware of any other problems .. ow .. wait .. its behind a nat router, that means its up to your router/modem to do some fancy stuff
[11:59] <_ruben> VoiDeT: you're not using it ;) you'd know if you were
[11:59] <VoiDeT> _ruben: does that mean i have to port forward all the passive port range to the proftpd box
[12:00] <VoiDeT> _ruben: i figured so hehe
[12:00] <_ruben> VoiDeT: yes, unless your modem has a feature to properly nat ftp traffic (which most modems/routers nowadays do, so i thought)
[12:00] <VoiDeT> ill look
[12:00] <kris_ph> hello.. is it okay to install nginx in a machine running apache2?
[12:01] <_ruben> VoiDeT: you can probably restrict the port range within proftpd, so you wont have to open that much ports (i'd go for 1-2 ports per expected concurrent connection)
[12:01] <_ruben> meeting .. bbiab
[12:01] <VoiDeT> _ruben: thanks a heap
[12:01] <soren> kris_ph: I don't know what nginx is.
[12:02] <kris_ph> soren: http://wiki.codemongers.com/Main
[12:04] <soren> kris_ph: Well, as long as you don't try to run two http servers on port 80 at the same time, it should work just fine.
[12:31] <_ruben> back
[12:31] <jjesse> forward
[12:32] <soren> And shake it all about..
[12:32] <soren> ¡Eee, macarena!
[12:33] <jjesse> great now that stupid song is going to be in my head
[12:34] <MenZa> hahaha
[12:37] <_ruben> hehehe
[12:41] <VoiDeT> yo _ruben
[12:43] <VoiDeT> _ruben: i can connect via my external ip fine in passive, only if the iptables are flushed, also the nat routing on my router doesn't need to be changed, because my windows ftp shitbox runs fine in passive
[12:44] <_ruben> VoiDeT: hmm
[12:45] <_ruben> VoiDeT: it could be that the windows ftp software is 'smarter' than proftpd (could be a setting thing) .. ftp behind nat can cause various problems .. i'd compare the actual commands that flow back and forth .. especially the ip address thats communicated by the server to client (which might differ between the windows and ftp server)
[12:46] <VoiDeT> http://paste.ubuntu-nl.org/60023/
[12:47]  * _ruben hates his todo-list .. items appear quicker on it than that they get finished
[12:47]  * VoiDeT hates sleepless nights
[12:47] <VoiDeT> :D
[12:48] <VoiDeT> sorry _ruben
[12:48] <_ruben> VoiDeT: first thing i'd test if setting the output policy to accept .. setting output policy to anything other than accept is for advanced users only and should only be used when you really know what you are doing
[12:49] <_ruben> VoiDeT: and take a very close look at the logs that your ftp client shows (from external) .. especially the ip addresses that are mentioned
[12:49] <VoiDeT> sure
[12:51] <VoiDeT> what the hell, now i turn iptables back up
[12:51] <VoiDeT> and its workin
[12:52] <VoiDeT> gotta love consistency
[12:52] <_ruben> VoiDeT: could be a connection tracking 'issue'
[12:53] <_ruben> VoiDeT: perhaps your traffic is accepted because its seen as established, which was allowed in the first place with the limited firewall rules
[12:56] <VoiDeT> _ruben: pm
[12:57] <_ruben> VoiDeT: you're not identified to services, hence cant send private messages
[12:57] <VoiDeT> ah
[12:57] <VoiDeT> tru
[13:20] <ere4si> the basic server install users 1.1Gb - any way to reduce that?
[13:22] <sommer> ere4si: is that without the optional packages?
[13:22] <sommer> every base install I've done is around 500MB
[13:22] <ere4si> sommer, no lamp or anyting
[13:23] <sommer> ere4si: that's strange then, what file system are you using?
[13:24] <ere4si> sommer, gutsy minimal cd - typed install server - had option for dhcp server, lamp server etc  - chose none - df -h after login said 1.1GB
[13:24] <sommer> ere4si: so it wasn't the actual gutsy server iso file?
[13:24] <ere4si> sommer, no
[13:25] <ere4si> net install cd sommer
[13:25] <sommer> ya, that would probably be why, if you use the server iso the install will be smaller
[13:25] <ere4si> sommer, will try that - thnx
[13:25] <sommer> np
[13:25] <ere4si> :)
[13:26] <_ruben> 700-800MB for an 1 day old install (incl openssh)
[13:26] <ere4si> sommer,  - but the net install cd has options for cli, server or desktop ?
[13:27] <sommer> ere4si: sure, but I think the installer process is different then when using the server iso
[13:28] <sommer> ere4si: I would imagine the net iso, installs more network config type packages and such
[13:29] <ere4si> sommer, I'll try in the morning then
[13:29] <_ruben> hmm .. is there some sort of preseed file generator or smth ?
[13:29] <sommer> I'm not an expert on the iso creation process, so you might want to double check :-)
[13:29] <_ruben> or extensive documentation on how to properly write one
[13:29] <ivoks> hm... i have an idea
[13:29] <ivoks> let's create additiong binary inside dovecot source package
[13:30] <sommer> ivoks: what's up
[13:30] <ere4si> it came up with a menu for dhcp server,lamp server etc - I took that as a basic server install with additional extras
[13:30] <ivoks> sommer: nothing much :)
[13:31] <sommer> ivoks: I wrote up a bacula guide, and had a couple of questions about the bacula packages
[13:31] <ivoks> yeah... right...
[13:31] <ivoks> sommer: when i finish this sasl thing with postfix/dovecot, i'll start squashing bacula's bugs
[13:31] <sommer> is the sqlite3 going to be the default catalog, or whatever
[13:32] <ivoks> default will be mysql
[13:32] <ivoks> but sqlite3 should be in main; that's what i've been told
[13:32] <sommer> oh, doh... I'll need to adjust that
[13:36] <sommer> ivoks: the other issue I noticed was that when using the sqlite3 back end the package fails, because there's no Archive Device under FileStorage in bacula-sd.conf
[13:37] <nealmcb> sommer: I also just noticed that the server guide doesn't seem to contain the words "ubuntu server guide" on each page, making searches not work as well.  And based on the "Question on JeOS"  recently it seems that it would make sense to have a link to the draft version from the help.u.c server guide pages also
[13:38] <ivoks> sommer: please, report it as a bug and i'll work on them all, as soon as i finish this sasl thing
[13:38] <sommer> ivoks: sure, will do
[13:39] <sommer> nealmcb: jeos question?
[13:43] <nijaba> ivoks: as we are unsure that sql3 will be in main, the current proposal is to only include bacula-director-mysql and bacula-director-pgsql in main
[13:44] <nijaba> *sqlite3
[13:46] <VoiDeT_> mmm
[13:46] <sommer> nijaba: what was the "question on jeos" ?
[13:46] <_ruben> crap .. "You currently cannot use preseeding to set up RAID." .. thats from the 7.04 install guide tho
[13:47] <zul> ivoks: I thought I fixed that in my last upload basically what happens that bacula install fails because it tries to the bacula servers but it cant because bacula is not configured properly yet
[13:47] <nijaba> sommer: a translator was wondering if there was going to be a 8.04 jeos as doc was still reffering to 7.10
[13:48] <nijaba> sommer: you should have it in the doc team ml
[13:48] <sommer> nijaba: ah, oh ya... seem to remember something about that.  I worked on adjusting some of that, but wasn't sure about the entire document
[13:48] <sommer> nijaba: want me to send it to you?
[13:49] <nijaba> push it on doc.u.c, I'll read it there
[13:49] <sommer> nijaba: will do
[13:49] <nijaba> sommer: I should really update this tuto to speak about u-v-b anyway
[13:50] <sommer> since it was you and soren's article I was a little hesitant about changing much
[13:57] <nijaba> sommer: heh, it is now part of the official guide, so feel free to change it
[13:58] <sommer> nijaba: cool, I commited the changes, so they should be on doc.u.c sometime today
[14:00] <ivoks> nijaba: zul ack
[14:00] <ivoks> zul: i would ask for your opinion, if you have 5 minutes of free time :)
[14:00] <zul> ivoks: indeed I do
[14:01] <ivoks> zul: there's QT version of bacula console; for it we need only one library in main - qwt
[14:01] <ivoks> zul: qwt is small and doesn't bring anything new; do you think it's a worthwile to ask for inclusion in main?
[14:02] <ivoks> zul: cause, we now don't have gui version of console; while we had two before :/
[14:02] <zul> ivoks: I think it might be worth it
[14:02] <ivoks> zul: i'm just not sure qwt is in active development :/
[14:02] <zul> ivoks: lemme have a quick look
[14:02] <ivoks> http://qwt.sourceforge.net/
[14:03] <ivoks> last version is from 2007-06-10
[14:04] <ivoks> oh, it is active
[14:04] <ivoks> last svn upload was 5 days ago
[14:04] <zul> yep according to this http://sourceforge.net/project/stats/detail.php?group_id=13693&ugn=qwt&type=svn
[14:04] <zul> yeah I think it would be worth it
[14:04] <ivoks> deal
[14:05] <zul> how is debian maintainenace
[14:05] <ivoks> 0 bugs
[14:05] <sommer> ivoks:
[14:05] <sommer> Bug #203557 filed
[14:05] <ubotu> Launchpad bug 203557 in bacula "bacula-sd-sqlite3 package fails during install" [Undecided,New] https://launchpad.net/bugs/203557
[14:06] <ivoks> sommer: great
[14:06] <ivoks> zul: last debian update was 2007-18-10
[14:06] <zul> yeah MIR should be good for qwt
[14:06] <ivoks> zul: so, just 12 days after release
[14:06] <ivoks> https://wiki.ubuntu.com/MainInclusionReportqwt
[14:07] <ivoks> i already started :)
[14:07] <zul> sweet
[14:07] <zul> thanks
[14:07] <zul> sommer: I think I fixed that in -ubuntu2
[14:08] <sommer> zul: ah, cool.  I only used it because I thought sqlite3 was going to be the default, either way :-)
[14:08] <zul> but the archive is frozen ;)
[14:09] <zul> mysql should be if you install the bacula-server metapackage
[14:09] <sommer> meh, there's a work around in the bug
[14:10] <zul> heh
[14:13] <nealmcb> sommer: sorry to be cryptic there - my assumption was just that it seemed that a translator didn't realize that there was a newer version of the server guide, and it got me thinking that links from the published ones to the draft version would give everyone a taste of what is to come, and promote more contribution to the documentation in general.  then they would all be linked together in both directions - one happy family of documentation
[14:20] <sommer> nealmcb: okay I see what you're saying... but I think there's going to be some heavy resistnce to the idea of linking to the dev docs from the released ones
[14:22] <sommer> nealmcb: I'm also not sure about how to get "Ubuntu Server Guide" on every page since there already is a header on the site
[14:22] <sommer> wouldn't putting "ubuntu server guide", or whatever, in the meta data help searching as well?
[14:25] <nxvl> hello everyone
[14:26] <sommer> nxvl: yo
[14:27] <nxvl> dendrobates: the new version of likewise-open has unused quilt instructions
[14:27] <dendrobates> nxvl: they will be used with the next upload
[14:28] <nxvl> dendrobates: i uploaded a patch on Bug #196778 commenting all of them
[14:28] <ubotu> Launchpad bug 196778 in likewise-open "Provide likewise-open-gui and likewise-open binaries rather than domainjoin-gui and domainjoin-cli" [Low,Triaged] https://launchpad.net/bugs/196778
[14:30] <dendrobates> nxvl: I saw that, thanks.
[14:30] <sommer> dendrobates: so just so I'm clear, the binary names are going to change?
[14:32] <ivoks> zul: done: https://wiki.ubuntu.com/MainInclusionReportqwt
[14:33] <dendrobates> sommer: no
[14:33] <zul> ivoks: you might want to get rid of the TODO
[14:34] <sommer> dendrobates: okay, just wanted to update the docs if need be
[14:34] <ivoks> zul: heh, good catch :)
[14:35] <zul> and "The general purpose and context of the package should be clear from the package's debian/control filed. " but other than that looks ok to me, subscribe me to the MIR as well
[14:35] <ivoks> zul: well, 'is clear'
[14:36] <zul> yep that works :)
[14:47] <nxvl> keescook: around?
[14:47] <nxvl> for Bug #203449, is better to sync with the new version or just to add the patch?
[14:47] <ubotu> Launchpad bug 203449 in dovecot "[dovecot] [CVE-2008-1199, CVE-2008-1218] privilege escalation" [Unknown,Fix released] https://launchpad.net/bugs/203449
[14:52] <AnRkey> how can i delete a partition table or wipe a master boot record on a drive with fdisk?
[14:54] <ivoks> nxvl: that's CVE bug? oh, lol
[14:56] <ivoks> i don't see how 'Allows unauthorized disclosure of information' applys to this bug
[14:57] <soulc> can anyone direct me to some help with fail2ban?
[15:08] <soulc> I show up and everybody leaves?  What do I smell?
[15:25] <nealmcb> sommer: I wonder why linking to hardy doc would be resisted - e.g. we link to the dev packages from the released packages.  http://packages.ubuntu.com/gutsy/web/ebox
[15:28] <sommer> nealmcb: I was going by one of Matt Easts last comments on a ml thread...
[15:29] <nealmcb> it's very puzzling to me
[15:30] <sommer> the thought was that the dev docs aren't complete, may have errors, etc
[15:30] <nealmcb> sommer: sure - and that was a big problem when they weren't properly labelled as draft, with version info etc
[15:31] <nealmcb> but that is what we need to fix...
[15:31] <nealmcb> and often they have the best info, even for older stuff
[15:31] <nealmcb> should we try to hide the wiki also?
[15:31] <nealmcb> incomplete, inaccurate at times, etc
[15:32] <sommer> nealmcb: ah, the last comment on bug #122297
[15:32] <ubotu> Launchpad bug 122297 in ubuntu-doc "Server Guide draft has higher Google rank than released version" [Medium,Confirmed] https://launchpad.net/bugs/122297
[15:33] <jjesse> i thought for that bug we implemented something to block dco.ubuntu.com from being indexed
[15:33] <sommer> jjesse: yep, but mdke spells out his argument for linking to dev docs in his last post
[15:34] <jjesse> sommer: ah have't followed that email lately
[15:34] <sommer> it sort of meandered some :-)
[15:35] <jjesse> maybethat's why i ignored it
[15:36] <mogli> hi, can anyone tell me the difference between running tftpd as a daemon and starting it with inetd ?
[15:38] <sommer> nealmcb: I don't see the link to the dev packages on http://packages.ubuntu.com/gutsy/web/ebox ?
[15:39] <sommer> mogli: not much I'd think, just a different way to execute the service
[15:40] <nealmcb> sommer: there is a "hardy" tab there
[15:41] <sommer> nealmcb: ah, I see it
[15:42] <sommer> nealmcb: the other issue is that some of the instructions are very different for some applications between releases
[15:43] <sommer> and that may just cause more confusion when copy and pasting say a hardy instruction into dapper
[15:43] <mogli> does anyone have experience booting a macbook over the network ?
[15:44] <sommer> nealmcb: also, what do you then recommend to users the released docs or the dev docs?
[15:44] <sommer> nealmcb: personally I don't think adding a link is a big deal, but seems that others do ;-)
[15:46] <sommer> nealmcb: maybe if we got the opinion of an "interface designer person", or whatever, because it seems to me the real issue is the overall website design, and making it more user freindly
[15:49] <nealmcb> sommer: we recommend the released docs.  but we don't go out of our way to tell every web-based app, including mirroring utilities, search engines, indexing tools, etc, that the documents must not be visited by robots.  that is what robots.txt is about.
[15:51] <sommer> nealmcb: sure I agree, but is that the same as linking from the released docs to the dev docs?
[15:54] <nealmcb> true - I was reacting to the comment you referenced which is a bit different.  I think the link to the dev versions should be clearly marked, both in the packages pages and in the doc pages - "work-in-progress, for development use" or whatever
[15:56] <nealmcb> it would help me to have a bigger perspective here - e.g. a diff of the current hardy tree and the gutsy tree - how much is catch-up documentation and how much is new/different/dangerous
[15:56] <sommer> nealmcb: I'm with ya, and my thinking is that based on that bug comment the reaction to the idea is going to be the same
[15:56] <sommer> nealmcb: it depends there are instructions in the hardy version that won't work at all for gutsy
[15:57] <nealmcb> sure.  and there are hardy packages that would trash a gutsy system
[15:57] <sommer> but OTOH there are some that will :-)
[15:57] <nealmcb> so labelling them is #1 priority, and would lead people there in preference to the wiki, forums, etc which are not well labeled by release in general
[15:58] <sommer> it's really a case by case basis, and if we keep the docs up to date it should resolve itself... in a year or so
[15:59] <nealmcb> but I also want to make it easy for developers - google and relative links are just more friendly than following some of the official links - so when someone stumbles on  ebox in hardy I want them to also stumble across the documentation for it
[15:59] <nealmcb> documentation requires testing also
[16:00] <nealmcb> and vice versa - I want them to stumble on the documentation for ebox, and decide to try to test the package
[16:00] <sommer> sure, but are you talking about testing if the instructions work or if you can find the instructions?
[16:00] <nealmcb> both
[16:01] <sommer> the instructions work :-)
[16:01]  * nealmcb writes that down
[16:01] <nealmcb> :-)
[16:02] <sommer> maybe the subject is better discussed with the site maintainers?  I'm just not sure how much you can add to the content of the html to influence google
[16:03] <sommer> but aren't there google "apps", or whatever, that can up your page rank?
[16:03] <nealmcb> good titles and keyword usage in the text of the page are important for search engine optimization
[16:04] <nealmcb> a good site map is another very helpful thing
[16:04] <nealmcb> links are also very important
[16:04] <sommer> ya, sitemap that's what I was looking for.  who controls that though?
[16:05] <nealmcb> it is just more content on the site
[16:05] <sommer> gotcha, but the docs are generated from the xml, and are only a fraction of the content... so wouldn't you need to talk to someone at canonical?
[16:06] <sommer> at least for the sitemap
[16:27] <nealmcb> sommer: a sitemap can be for an entire host, or for subsets of it - so there could  be one for https://help.ubuntu.com/7.10/ or one for just the server guide underneath that - https://www.google.com/webmasters/tools/docs/en/protocol.html#sitemapLocation
[16:29] <nealmcb> so we don't have to figure it all out first.  note the "priority" field for specifying relative priorities for pages on your site
[16:32] <baffle> Is anyone actually booting from a SAN using multipath here? I'm trying to set up a hardy server using multipath-tools/multipath-tools-boot but it doesn't really seem to work as intended.. I was under the impression that it was kindof "out of the box"? At least from looking at the very sparse documentation. :-)
[16:36] <nealmcb> sommer: hmm - but since doc.u.c and help.u.c are different sites, we can't use a sitemap to affect the priority of one vs the other - just for intra-site priority settings
[16:36] <nealmcb> huh - why is this still there? https://help.ubuntu.com/ubuntu/serverguide/C/index.html
[16:38] <nealmcb> instead of redirecting to https://help.ubuntu.com/6.06/ubuntu/serverguide/C/index.html
[16:38] <nealmcb> which has all the tabs...
[16:39] <sommer> nealmcb: I think that's the old version?
[16:39] <faulkes-> nijaba: email ok?
[16:40] <sommer> nealmcb: I'm not sure what the priority for updating the site is, but it doesn't seem to be very high
[16:40] <nijaba> faulkes-: great, thanks
[16:50] <LiENUS> what do i need to have an ubuntu server support printing to a shared printer?
[16:50] <faulkes-> let me know if you need more info or anything
[16:50] <LiENUS> i want to configure my server to share a printer over samba but have it so iuts a queue containing two printers and it prints to whichever is optimum
[16:51] <LiENUS> its a hp1300 which iirc is well supported in linux
[17:28] <sommer> jdstrand: should I document putting the slapd apparmor profile in complain mode to use slapadd or slapcat?
[17:28] <jdstrand> sommer: no-- not yet
[17:28] <jdstrand> sommer: I am looking at it today
[17:29] <sommer> ah, coolness
[17:32] <keescook> nxvl: generally we just apply the patches.  dovecot will be a special case due to the config differences that were addressed.
[17:32] <nxvl> keescook: i applied the patch just in case, the debdiff is on the bug report
[17:55] <Jeeves_> kgoetz: I'm booting Ubuntu on the T1000 as we speak
[18:07] <jdstrand> sommer: can you give me specific slapadd/slapcat commands that aren't working (so we are on the same page)
[18:09] <sommer> jdstrand: slapcat -l example.com.ldif and slapadd -l example.com.ldif... more slapadd than slapcat, but I noticed slapcat has the same issue
[18:10] <jdstrand> sommer: right-- will be working on it today
[18:10] <jdstrand> sommer: thanks!
[18:10] <sommer> np, thank you
[18:46] <zul> mathiaz: has anyone tested dapper->hardy yet?
[18:47] <mathiaz> zul: what do you mean ? dapper-hardy upgrades ?
[18:47] <zul> moving from dapper to hardy
[18:47] <mathiaz> zul: mvo is doing some work on that
[18:47] <zul> ok
[18:48] <mathiaz> zul: but I'd like to test things like a samba upgrade
[18:48] <mathiaz> zul: or a LAMP upgrade
[18:48] <mathiaz> zul: something higher level
[18:48] <mathiaz> zul: I don't know if mvo is testing these use cases
[18:48] <zul> ill do a a couple of run throughs and see what happens
[18:58] <keescook> nxvl: cool, thanks
[18:59] <keescook> I wonder who had a T1000 first, James Cameron or Sun.  I assume not Sun, in which case, I have to wonder, did they pick that model # intentionally?
[19:01] <zul> because t999 was patented? ;)
[19:02] <sommer> heh, it's the predecessor to doomsday!
[19:02] <sommer> bum bum bum bumbum
[19:03] <Jeeves_> Either way, it's still not installed. :/
[19:04] <methods> you guys seriously don't support apache 1.x ?
[19:05] <Jeeves_> methods: That's that webserver from the eighties, isn't it?
[19:06] <methods> lol no 2.x is rather recent and when i use to use apache a few years ago 2.x was not thread safe
[19:06] <methods> this was a major issue for scripting languages
[19:09] <radone> After apt-get update && apt-get upgrade I have unmet dependency on package gs-common
[19:10] <radone> unfortunatelly suggested: apt-get install -f fails
[19:11] <radone> dpkg: error processing /var/cache/apt/archives/gs-common_0.3.9ubuntu1_all.deb (--unpack):
[19:11] <radone>  trying to overwrite `/var/lib/defoma', which is also in package defoma
[19:11] <radone> is there any chance to resume from this problem?
[19:21] <twb> Hi, how can I determine if DSA 1524-1 (CVE-2008-0062 CVE-2008-0063 CVE-2008-0947) has been addressed by a USN?
[19:21] <ubotu> ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062)
[19:21] <ubotu> ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063)
[19:21] <ubotu> ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947)
[19:21]  * twb is slightly impressed.
[19:30] <keescook> twb: they have not yet -- krb5 went public 1 hour ago, USN is pending.
[19:31] <twb> Thank you.
[19:32] <twb> In general, how can I go from a DSA to a USN or vice versa?
[19:39]  * Jeeves_ tries the gutsy installer
[19:42] <keescook> twb: they don't map well, usually.  Debian's DSAs cover a wider set of software.  Ubuntu's USNs cover packages in "main".  Best is via CVEs, and there should be a public list soon
[19:42] <Jeeves_> This seems to work
[19:46] <twb> Historically I've been too lazy to look up the CVEs themselves; do CVE pages link to DSAs and USNs when they (DSA/USN) are published?
[19:47] <twb> Ah, http://cve.mitre.org/data/refs/index.html seems to be such a mapping
[19:48] <twb> On a related note, is there a security team for Universe?
[19:48] <Nafallo> yes
[19:49] <twb> Do you have a URL for their project page?
[19:49] <twb> *subproject page, I guess
[20:43] <mogli> hi, cant add a user to samba.. says Failed to modify password entry for user guest
[20:46] <sommer> mogli: what is the command your using?
[20:46] <mogli> smbpasswd -a guest
[20:47] <mogli> in smb.conf , security = share
[20:47] <sommer> is there a linux user named guest?
[20:47] <mogli> so no system account is required, am i right ?
[20:47] <mogli> no
[20:48] <sommer> I thought that you had to have a system account, unless samba is configured to use a different backend, like ldap
[20:50] <mogli> ok.. then ill use security=user
[20:50] <sommer> easy way to test would be to add a system account... you can always delete it later :-)
[20:50] <mogli> yep
[20:51] <mrpoundsign> is there a tool for ubuntu server that will email the admin about out-of-date packages?
[20:52] <mrpoundsign> I have been trying to get apt-listchanges to work, but it doesn't seem to automatically scan.
[20:53] <twb> Maybe cron-apt plus a cron.daily script doing something like aptitude --dry-run full-upgrade ?
[20:56] <Jeeves_> Still installing.
[20:56] <Centaur5> How can I make a perl script show the output from doing apt-get install so I know if I need to provide input?
[20:57] <Jeeves_> Centaur5: You're typing a perl-script around apt?
[21:15] <Centaur5> Jeeves_: yes, unless there's a better way to have a list of applications installed automatically without user interaction.
[21:15] <Jeeves_> Centaur5: Have a look at cfengine/autoapt.pl
[21:16] <Jeeves_> Centaur5: http://www.debian-administration.org/articles/398/autoapt.pl.txt
[21:16] <Centaur5> Jeeves_: Well I'm attempting to put this into the kickstart post-install script area.
[21:18] <Jeeves_> kgoetz: I've won!
[21:18] <Centaur5> Jeeves_: I'll check that out. Thanks.
[21:18] <Jeeves_> Linux webserver2 2.6.22-14-sparc64-smp #1 SMP Tue Feb 12 04:16:25 UTC 2008 sparc64 GNU/Linux
[21:19] <Jeeves_> bit-beheer@webserver2:~$ dmesg | grep -i cpu
[21:19] <Jeeves_> [   80.715803] SLUB: Genslabs=23, HWalign=32, Order=0-2, MinObjects=8, CPUs=256, Nodes=1
[21:19] <Jeeves_> [   80.803938] Brought up 32 CPUs
[21:35] <Centaur5> Jeeves_: Do you think I'm better off rebuilding the Ubuntu cd?
[21:35] <Jeeves_> Centaur5: What do you want to achieve?
[21:35] <Jeeves_> A machine that boots automatically and installs and configures itselve?
[21:36] <Centaur5> pre-install OEM installations on new machines with a few applications lots of people might want included.
[21:37] <Centaur5> and yes configure itself as well
[21:38] <nxvl> jdstrand: on Bug #203710 the problem is with debconf, doesn't it?
[21:38] <ubotu> Launchpad bug 203710 in mysql-dfsg-5.0 "mysql-server-5.0 does not prompt for conffile update on upgrades" [High,New] https://launchpad.net/bugs/203710
[21:39] <jdstrand> nxvl: dpkg handles conffiles, so I don't know what is going on there
[21:40] <nxvl> jdstrand: ok, i will take a look
[21:40] <jdstrand> nxvl: *awesome*
[21:40] <jdstrand> nxvl: I don't know if something is getting overridden or what-- but you should be able to reproduce based on what's in the bug
[21:41] <nxvl> jdstrand: i will try to reproduce it by installing it on my gutsy pbuilder environment and then upgrade it
[21:41] <jdstrand> nxvl: I witnessed this on hardy
[21:42] <nxvl> jdstrand: yep but if i install it on hardy i won't be able to upgrade the package
[21:42] <jdstrand> nxvl: for the purposes of debugging, may just be able to install gutsy binaries on hardy, and then upgrade
[21:42] <jdstrand> nxvl: well, however you need to do the upgrade scenario
[21:43] <nxvl> jdstrand: with pbuilder is easier :D
[21:43] <Jeeves_> Centaur5: And you really want to do that via upstart?
[21:43] <jdstrand> that's fine.  just know that it's a hardy target
[21:43] <nxvl> jdstrand: but thanks for the tip
[21:46] <nxvl> jdstrand: sis you confirm that it is also present on my.cnf file?
[21:46] <Centaur5> Jeeves_: Well I do a network pxe install and use kickstart to make it so we don't have to answer the pre-install questions. Then it would be nice to have a few applications installed and the machine updated automatically. kickstart has the ability to copy a script to execute after the install but perhaps it would be easier to build an installation?
[21:46] <jdstrand> nxvl: I did not, as my.cnf is provided by mysql-common
[21:46] <nxvl> jdstrand: so i need to check is also affects it
[21:46] <jdstrand> nxvl: I can confirm that it is a problem with /etc/apparmor.d/usr.sbin.mysqld though
[21:47] <jdstrand> nxvl: but it's clearly a more general problem
[21:47] <jdstrand> nxvl: yea, you should check mysql-common as well
[21:47] <Jeeves_> Centaur5: You should really look into cfengine
[21:48] <jdstrand> that should have been 'yeah'
[21:48] <Jeeves_> Although that might be overkill for you, it is very flexible
[21:48] <nxvl> jdstrand: yes, i understud that, and that's the important part :D
[21:48] <Centaur5> Jeeves_: Okay, I will do that.  Thank you.  :)
[21:49] <jdstrand> nxvl: well, my.cnf is clearly very important, but all those little buggers can break your sytem if not upgrade properly ;)
[21:52] <nxvl> jdstrand: yes, but is not good to fix one and left the other one
[21:59] <nxvl> jdstrand: it doesn't affect debconf
[21:59] <nxvl> jdstrand: err my.conf
[21:59] <nxvl> jdstrand: also it doesn't touch my debian-start file
[22:16] <mogli> must a computer, accessing an nfs share have an entry in hosts ?
[22:16] <sommer> mogli: hosts or dns
[22:16] <mogli> i have dns
[22:16] <sommer> can you ping?
[22:16] <mogli> yes
[22:17] <mogli> do i have to set the fqdn ?
[22:17] <sommer> what about the exports file?  does the client have rights?
[22:17] <sommer> might try the fqdn
[22:17] <nxvl> do we have plans to split apparmor-profiles in separate packages?
[22:17] <sommer> nxvl: there is a apparmor-profile package :-)
[22:18] <Jeeves_> mogli: You might experience locking issues if the client isn't in /etc/hosts on the server
[22:18] <nxvl> sommer: yes, i mean to split that package in separate service-based packages
[22:18] <sommer> nxvl: but some packages have profiles... like bind9, cupsys, etc
[22:18] <nxvl> sommer: like apparmor-bind9 apparmor-mysql, etc..
[22:19] <sommer> nxvl: I wouldn't think so, but you might double check with jdstrand or mathiaz
[22:19] <nxvl> sommer: i will open a blueprint and propose it on UDS
[22:19] <mogli> sommer: cant ping.. thought it was ok ..
[22:20] <mogli> i think i have to set the computer in the forward lookup zone
[22:20] <nxvl> dendrobates: did you know if this is already planned?
[22:20] <sommer> mogli: you might add "search domain.com" to your /etc/resolv.conf
[22:20] <sommer> mogli: replacing domain.com with your domain
[22:20] <mogli> or no.. i use dhcp and dns.. so this cant be
[22:20] <mogli> ok
[22:21] <sommer> mogli: ah, you can add the domain using dhcp as well... I forget the options though
[22:21] <sommer> mogli: does the nfs server have a firewall, might double check that the ports are open
[22:22] <nxvl> mm i need to learn how to split packages
[22:22] <sommer> nxvl: so you'd put one file in a package?
[22:23] <nxvl> sommer: i don't understand the point of having 6 or 7 profiles on a one service profile
[22:23] <nxvl> sommer: so yes i will :D
[22:23] <mogli> yes all ports are open in lan now, im connected through ssh to the server, but i cant ping the notebook from the server, perhaps thats the problem
[22:24] <sommer> nxvl: thought that's why the application package includes the profile?
[22:25] <nxvl> sommer: are you sure about that?
[22:25] <sommer> nxvl: I'm sure about the bind9 apparmor_profile :-)
[22:25] <nxvl> sommer: checking
[22:25] <nxvl> sommer: mysql for example doesn't
[22:26] <sommer> nxvl: and the cupsys one
[22:26] <sommer> nxvl: ah, might be on the conversion list or something... I guess my thought is that it would be a lot of work to package one file
[22:27] <sommer> but if you want to discuss it at UDS, I'm not going to stop ya ;-)
[22:28] <nxvl> sommer: you are right, bind9 comes with his profile
[22:29] <sommer> nxvl: I would imagine it's a matter of gradually implementing the profiles
[22:29] <nxvl> but also i don't understand why do i have to install a profile if i don't use apparmor
[22:29] <nxvl> sommer: yes, maybe i can change my proposal to that
[22:30] <sommer> nxvl: it's going to be enabled by default in hardy I believe... in enforce mode for some services
[22:30] <jdstrand> nxvl: bind9, cupsys, mysql-server-5.0 and slapd all ship with a profile
[22:30] <soneil> anyone use xen with disk images on hardy?   trying to figure out if this inability to losetup is 'normal'
[22:30] <jdstrand> nxvl: mysql and bind9 migrated into the package in this cycle from apparmor-profiles
[22:30] <Kamping_Kaiser> Jeeves_, awsome work :)
[22:30] <nxvl> jdstrand: on gutsy to or is a "new feature" of hardy?
[22:30] <jdstrand> nxvl: if you are not using apparmor, it is harmless
[22:31] <jdstrand> nxvl: slapd, mysql-server-5.0 and bind9 shipping their own profiles is new in hardy
[22:31] <nxvl> jdstrand: mmm ok so we better eliminate the apparmor-profile package and include the profiles on the service packages
[22:32] <jdstrand> tnxthe idea has always been AFAIK, to create a profile, put it in apparmor-profiles, and migrate it to the package once it gets testing
[22:32] <jdstrand> nxvl: ApparmorProfileMigration
[22:32] <nxvl> jdstrand: oh ok, thnx
[22:32] <nxvl> jdstrand: btw, i can't reproduce the bug
[22:32] <jdstrand> nxvl: the migration of usr.sbin.mysqld and usr.sbin.named from apparmor-profiles is already done
[22:33] <jdstrand> nxvl: this is on hardy?
[22:33] <jdstrand> (not producing the bug)
[22:34] <jdstrand> nxvl: you can't reproduce on hardy?
[22:35] <nxvl> jdstrand: i have install mysql-server on gutsy, then upgraded the packages to hardy and nothing was touched
[22:35] <nxvl> jdstrand: i put the steps i used to try to reproduce the bug on the bug report
[22:35] <nxvl> https://bugs.edge.launchpad.net/ubuntu/+source/mysql-dfsg-5.0/+bug/203710
[22:35] <ubotu> Launchpad bug 203710 in mysql-dfsg-5.0 "mysql-server-5.0 does not prompt for conffile update on upgrades" [High,Incomplete]
[22:35] <jdstrand> nxvl: what do you mean by 'nothing was touched'?
[22:36] <jdstrand> nxvl: that is the bug
[22:36] <jdstrand> nxvl: upgrade should have prompted you because the conffile changed
[22:37] <jdstrand> nxvl: mysql-server-5.0 upgrades without updating the file with no confirmation, even though the md5sum is different for /etc/mysql/debian-start than what is in /var/lib/dpkg/status.
[22:37] <nxvl> jdstrand: oh! sorry, i understand it backwards
[22:37] <jdstrand> nxvl: will you fix the report accordingly?
[22:37] <nxvl> i thought it updated the file without asking
[22:37] <nxvl> :P
[22:37] <nxvl> sorry, my bad
[22:37] <jdstrand> np
[22:37] <nxvl> jdstrand: yup
[22:38] <nxvl> btw
[22:38] <nxvl> can i update a comment i did?
[22:39] <jdstrand> nxvl: unfortunately no
[22:39] <jdstrand> nxvl: only the description can be updated
[22:40] <nxvl> mmm, i also add a comment saying it was my bad and that it is confirmed
[22:40] <jdstrand> nxvl: cool thanks!
[22:41] <mogli427> ok, got nfs working, but can't i share ntfs volumes ?
[22:43] <nxvl> jdstrand: can it be because as it doesn't end on conf or cnf debconf isn't recognizing it?
[22:43] <jdstrand> nxvl: not a debconf thing
[22:44] <jdstrand> nxvl: this are conffiles as listed in /var/lib/dpkg/status
[22:44] <jdstrand> nxvl: dpkg is supposed to detect that
[22:44] <jdstrand> nxvl: I doubt it is a bug in dpgkg, so there might be some problem or overriding in the package
[22:45] <jdstrand> man, I am typing too quickly
[22:45] <jdstrand> anyhoo
[22:45] <nxvl> :D
[22:46] <jdstrand> nxvl: you might ask on #ubuntu-devel what might cause the behavior
[23:02] <mogli427> .
[23:56]  * ScottK2 dist-upgrades is test server to Hardy ...
[23:58] <VoiDeT> Hey everyone, i'm going insane from trying to get proftpd workin with passive ports behind nat. Anyone care to lend a hand please?