/srv/irclogs.ubuntu.com/2008/07/11/#ubuntu-server.txt

=== fReAkY[t] is now known as freaky[t]
osmosis_	Im still stuck with this apache thread high memory usage problem.	00:41
kees	is that the python-dns affected by CVE-2008-1447 bug?	00:53
uvirtbot	kees: The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via certain cache poisoning techniques against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability.	00:53
kees	lp is timing out on me	00:53
runes	What is the officially supported mail server in Ubuntu 8	01:28
runes	or moreso the safest MDA and MTA for someone new to it	01:29
hads	exim and postfix are probably the most common. I prefer postfix myself.	01:33
runes	I see a lot of postings on postfix I take it it's been around a lot longer than exim?	01:55
Chipzz	I should investigate what I'm about to say, but I think you're wrong, and postfix is actually quite recent	01:57
Chipzz	FSVO 'recent'	01:57
hads	Yeah, I'm not sure on the histories but Postfix isn't old at all.	01:58
runes	Oh hmm now I take it I will need a separate pop server on top of postfix?	01:59
hads	It is well used and proven though	01:59
runes	that's what I was looking for!	01:59
runes	proven	01:59
hads	Yes the MTA is separate to IMAP/POP. I use Dovecot for that myself, there are plenty of others.	01:59
Chipzz	courier is quite popular	02:00
Chipzz	you can also hand the mail to courier or postfix and have them deliver local mail	02:00
Chipzz	which has the advantage of being able to do sieve	02:01
hads	Dovecot too	02:01
Chipzz	errr	02:01
Chipzz	right :)	02:01
Chipzz	s/or postfix/or dovecot/	02:01
hads	Ah, I get it :)	02:01
* hads is slow today		02:01
Chipzz	sieve = serverside filtering/sorting of mail	02:02
Chipzz	something like procmail	02:02
hads	Too much messing with threads is breaking my brain	02:02
Chipzz	but less dangerous	02:02
runes	The challenge is: I just figured out virtual hosting on Apache for two of my sites. Now I want to have a small mail server (if there is such a thing) so that I can access my mail remotely	02:03
runes	also this is my way of getting away from windows server and into linux--head first.	02:03
Chipzz	postfix with dovecot or courier, with system users or virtual users	02:03
hads	There are quite a few howtos for those setups around - they are quite popular.	02:04
runes	ok time to get reading I just set up the mx record (have to wait about 24hrs) and I'll need at least a weekend to drill through the basics	02:08
runes	then another week of questions.	02:08
runes	so I am not sure if this channel is appropriate or will I need to find a specific channel to ask questions on the specifics?	02:09
hads	This channel is appropriate for questions regarding how to do things with an Ubuntu server, for really specific things you may be better off with #postfix or whatever.	02:10
runes	that's fair well you both gave me a good head start I'm at the beginning of the Ubuntu help on postfix..figured I'd start there for reading.	02:11
Chipzz	runes: first thing you want to figure out is wether you want to use system users or virtual users	02:12
Chipzz	lots of things will depend on that	02:13
hads	virtual is usually a good idea if you have multiple domains	02:15
Chipzz	system users mostly only when you have users with shell accounts that expect to read their mail to (remotely or not)	02:15
uvirtbot	New bug: #247439 in openldap2.3 (main) "Remove openldap2.3 source package from intrepid archive" [Undecided,New] https://launchpad.net/bugs/247439	02:16
Chipzz	virtual users is harder to set up though	02:16
hads	Agreed.	02:16
hads	Although if you may need to move to it later on it's probably a good idea just to bite the bullet.	02:17
Chipzz	akthough you should be aware that unless you use the secure versions of POP and IMAP you will be sending your system password over the wire in clear text	02:17
Chipzz	which tends to be... well, not a good idea :P	02:18
hads	Yeah :)	02:18
ScottK	kees: Yes.	04:18
ScottK	kees: That's already been disclosed in the Debian bug. My uncertainty was about the rest of the discussion.	04:19
kgoetz	hi all. other then wondershaper, does anyone know an easy way to get started with some form of shaping/trafic control?	04:34
osmosis	Why is it that apache seems to have a 120MB ram limit per thread ?	05:10
=== freaky[t] is now known as fReAkY[t]
=== jords_ is now known as jords
jords	I'm having a issue with getting ntop to think that my local traffic is local - eg I've set the "Virtual NetFlow Interface Network Address" to 192.168.1.1/255.255.255.0, but It still seems to think that 192.168.1.101 is a remote ip...	07:06
RockHound	good day everyone ...	09:18
RockHound	any chance that amavisd-new 2.6.x will be backported for 8.04? DKIM support is a big plus in this version	09:19
venil	Hi Guys	09:20
venil	is there a console way to search files that contain certain text line?	09:20
venil	i'm a newbie	09:20
soren	Look at grep.	09:21
venil	is not a combination of grep and something	09:21
soren	grep looks for stuff in files.	09:22
RockHound	venil: grep "text" files	09:22
soren	'grep -r "Shopping list" .' (without the single quotes) will search recursively starting in the current directory for a file containing the string "Shopping list"	09:22
RockHound	venil: -i = case insenstivie ; -n line number ; -R recursive directory search	09:23
RockHound	err -r	09:23
soren	RockHound: Same.	09:25
venil	thanks, i'll try that	09:26
soren	RockHound: -r, -R, and --recursive have the same effect.	09:26
soren	i think there's even one more way to do it.	09:26
RockHound	soren: well ... good ;)	09:27
=== chmac7 is now known as chmac
=== chmac is now known as chmac_away
pubo	Hi,	11:24
pubo	Do anybody know how can I change the eth3 name to eth1? My Network Card was broken and I had to buy another one, but now Ubuntu recognices it as eth3 instead of eth1	11:26
maswan	pubo: check /etc/iftab	11:27
pubo	maswan, ok, thanks!	11:28
pubo	maswan, do you know which package creates iftab? I see that I don't have it on my /etc: $ /usr/lib/udev/migrate-iftab.pl	11:30
pubo	/etc/iftab does not exist to convert	11:30
RockHound	pubo: udev generates the names ... don't have iftab either	11:33
RockHound	on gentoo there was a persistant rule for the names based on mac address	11:34
maswan	Hm. If you don't have an iftab, then I don't know what generates the names.	11:34
maswan	We set it up during (FAI) installation	11:34
RockHound	maswan: udev does not generate those names? via /etc/udev/rules.d/75-persistent-net-generator.rules	11:36
RockHound	?	11:36
maswan	RockHound: Hm. it might on a default install, I wouldn't know. I don't have any of those. :)	11:39
_ruben	you need to edit /etc/udev/rules.d/70-persistent-net.rules	11:41
_ruben	(or just delete it, it will be generated at boot)	11:41
RockHound	_ruben: that is what I was looking for	11:41
RockHound	perfect	11:41
jdstrand	ScottK: bug #247409 is public debian bug #490217 (as you know-- you commented on it)	11:41
uvirtbot	jdstrand: Bug 247409 on http://launchpad.net/bugs/247409 is private	11:41
uvirtbot	Debian bug 490217 in python-dns "python-dns vulnerable to CVE-2008-1447 DNS source port guessable" [Grave,Open] http://bugs.debian.org/490217	11:41
RockHound	so pubo: see _ruben's post	11:42
jdstrand	ScottK: ah you unprivated it already	11:42
jdstrand	oh, that was the debian bug-- anyhoo, I unprivated the launchpad bug	11:44
jdstrand	(between that and the stub resolver Debian advisory, there is really nothing that isn't already publuic in there)	11:45
jdstrand	public	11:45
pubo	_ruben, sorry, I was on coffe :P	12:06
pubo	_ruben, then, I only have to delete that archive and linux will generate a new one at the next system start?	12:07
micheluntu	hi all, question regarding routing... where is the best place to put static route?	12:08
pubo	7	12:08
pubo	ups, sorry :)	12:09
_ruben	pubo: yeah .. any nics that arent configured in that file, will be after a reboot	12:12
_ruben	micheluntu: in /etc/network/interfaces .. as an "up" script	12:13
pubo	_ruben, I've deleted it, but eth3 still being eth3 :(. I'm going to edit now to see...	12:13
_ruben	and you did reboot?	12:13
micheluntu	_ruben: is it executed if i do ifdown ethx	12:14
micheluntu	?	12:14
micheluntu	sorry, ifup ethx	12:15
_ruben	micheluntu: no, thats what "down" scripts are for ;)	12:15
micheluntu	sure :-/	12:15
pubo	_ruben, yes :S	12:15
micheluntu	ok.. i'll try, thanks	12:15
_ruben	pubo: strange .. pastebin the contents of the rules file	12:16
pubo	_ruben, but the reboot didn't generate a new one file... maybe using: ip link set dev eth3 name eth1.... I'm going to test tit	12:17
_ruben	pubo: which one did you delete ? /etc/udev/rules.d/75-persistent-net-generator.rules or /etc/udev/rules.d/70-persistent-net.rules ?	12:18
ScottK	jdstrand: Thanks. I wasn't sure.	12:24
jdstrand	np	12:24
pubo	_ruben, 75	12:29
pubo	I've tested with ip link set... and it appears that works	12:29
=== Vernon is now known as CrummyGummy
RockHound	pubo: it was 70 which you should have deleted	12:32
pubo	RockHound, ok, I'm going to test ti	12:32
RockHound	if you delete 75, then it will not work	12:35
RockHound	as 75 generated 70 ...	12:35
RockHound	so you will have to restore 75	12:35
nandersson	Great videos from Daniel Holbach on the UbuntuDeveloper-channel regarding MOTU-development. I write an article about them om Swedish TechWorld Open Source-mag.	12:35
nandersson	"I wrote"	12:35
pubo	RockHound, now it works :).... Fortunately I moved 75 to /root instead of delete it. I undo the changes and removed 70 and now everything works!! Thanks all!!	12:38
RockHound	pubo: yw	12:41
=== ogra_ is now known as ogra
emgent	heya	12:46
=== fReAkY[t] is now known as freaky[t]
gegema	after doing an apt-get update, is there a flag to view/list upgradable packages without needing to get into aptitude?	13:52
soren	"apt-get upgrade" ?	13:53
soren	And just say "no"?	13:53
soren	Or "apt-get upgrade -s" if you must.	13:53
gegema	soren: Thanks	13:55
gegema	and when apt says "the following packages have been kept back", that means?	13:58
gegema	they should be marked for removal I guess?	13:58
_ruben	no, they most likely depend on extra packages to be installed	13:59
_ruben	apt-get dist-upgrade would pull those in as well	13:59
gegema	when was 8.04.1 released?	14:00
gegema	or what should the current issue read?	14:01
_ruben	not so long ago	14:01
_ruben	one week ago	14:01
gegema	and doing an apt-get upgrade should get me on that issue withouth needing to do a dist-upgrade correct?	14:01
lukehasnoname	gegema: right	14:02
_ruben	no, kernel upgrades among others usually (always?) are pulled in via dist-upgrade	14:02
gegema	sorry for asking dumb Q.s... I am still learning	14:02
gegema	hrrm.. . not _ruben and lukehasnoname are giving me contradicting answers	14:03
_ruben	as long as there are "kept back" packages, you are not fully up to date	14:03
lukehasnoname	go with _r	14:06
lukehasnoname	_ruben:	14:06
kirkland	zul: ping	14:06
zul	kirkland: yo	14:06
kirkland	zul: yo, so about bug 247389	14:07
uvirtbot	Launchpad bug 247389 in ecryptfs-utils "ecryptfs-utils build should not depend on libltspi or libopencryptoki-dev " [Unknown,Fix released] https://launchpad.net/bugs/247389	14:07
kirkland	zul: debian upstream is not going to drop those build deps	14:07
zul	kirkland: why not?	14:07
kirkland	zul: but i think we should for now	14:07
kirkland	zul: because they don't really care about main vs. universe ;-)	14:07
zul	kirkland: yeah	14:08
kirkland	zul: what do you recommend?	14:08
zul	thats fine with me then	14:08
kirkland	zul: if we take that patch, removing those 2 build deps, it saves us 3+ more MIRs	14:08
kirkland	zul: and we're not using/needing the support	14:09
zul	sounds good	14:09
kirkland	zul: if the MIRs go very well, or if we want TPM and opencryptoki support in the future, well then we just MIR them, right?	14:09
zul	yeah what do those packages do in the first place?	14:10
kirkland	TPM is the trusted computing chip that's on most modern motherboards	14:10
kirkland	ecryptfs has basic support for it	14:10
kirkland	for instance, you could use a key embedded in your TPM for your ecryptfs mount	14:11
kirkland	which would mean that that ecryptfs mount COULD ONLY work with your motherboard	14:11
zul	kirkland: im thinking we just might as well add those MIR then so we dont have have a delta with debian and we might want those features in the future	14:12
kirkland	zul: okay	14:13
zul	sound reasonable?	14:13
=== jjesse_ is now known as jjesse
* freeflying		15:48
freeflying	sorry, type wrong	15:55
kirkland	jdstrand: hiya, you around?	16:19
jdstrand	kirkland: hi!	16:20
kirkland	jdstrand: i could use a few minutes of your time today ideally to get auth-client-config handling the ecryptfs pam module	16:20
jdstrand	kirkland: no problem-- do you have the profiles already?	16:20
kirkland	jdstrand: i don't	16:21
kirkland	jdstrand: see https://wiki.ubuntu.com/EncryptedPrivateDirectory	16:21
kirkland	jdstrand: the Testing section	16:21
kirkland	jdstrand: i need to add one line to /etc/pam.d/common-auth, and one to /etc/pam.d/common-session	16:22
kirkland	jdstrand: and I pulled the source to auth-client-config	16:22
jdstrand	kirkland: right, just at the end of a standard configuration, correct?	16:22
kirkland	jdstrand: yes, that's fine	16:22
jdstrand	kirkland: this should be shipped as part of the pam ecryptsfs package-- is that the plan?	16:23
jdstrand	(nice spelling)	16:23
kirkland	jdstrand: I think so, until which point slangasek has his magic pam configurator operational	16:23
* jdstrand is a fan of ecryptsfs _and_ the interwebs		16:24
kirkland	^^^ spoken as Emperor Palpitine	16:24
uvirtbot	kirkland: Error: "^^" is not a valid command.	16:24
kirkland	^^^ spoken as Emperor Palpitine	16:24
bdmurray	it's Palpatine	16:24
emgent	jdstrand: if you have little bit time take a look in Bug #247612	16:25
uvirtbot	emgent: Bug 247612 on http://launchpad.net/bugs/247612 is private	16:25
* kirkland isn't right after the last round of lightning bolts from the Emp, after misspelling his name :-)		16:25
jdstrand	kirkland: all you need to do is setup a proistine system for ecryptfs (ie no other pam changes), then do:	16:25
jdstrand	auth-client-config -S	16:25
jdstrand	kirkland: this outputs your current pam and nss to to stdout	16:25
kirkland	jdstrand: http://pastebin.ubuntu.com/26683/	16:26
kirkland	lemme fix the spacing	16:26
jdstrand	kirkland: redirect that to a file, remove the nss_* and pam_account and pam_password lines, name it something sensible, and it's done	16:26
kirkland	wowsers	16:26
jdstrand	kirkland: well, you need to add it to the package still (drop it in /etc/auth-client-config/profile.d)	16:27
kirkland	jdstrand: would this be something to give to debian, or Ubuntu-only change?	16:27
jdstrand	kirkland: a-c-c isn't in debian	16:27
kirkland	jdstrand: ah	16:27
jdstrand	that will likely change, but for now, that is how it is	16:29
jdstrand	kirkland: don't bother with the spacing-- just make it right in /etc/pam.d, then use auth-colient-config -S	16:30
kirkland	jdstrand: yup	16:30
jdstrand	kirkland: what you pasted doesn't have the session entry	16:30
kirkland	jdstrand: i just fixed that	16:31
jdstrand	can you repaste?	16:31
kirkland	jdstrand: sure	16:31
kirkland	jdstrand: http://pastebin.ubuntu.com/26684/	16:31
kirkland	jdstrand: do you have a sample package I can model the packaging bits after?	16:32
jdstrand	kirkland: ok, now remove nss_* pam_account and pam_password, and change the date string to be something meaningful, like [ecryptfs_standard]	16:32
kirkland	jdstrand: http://pastebin.ubuntu.com/26685/	16:34
kirkland	jdstrand: i wrote that to a file called: pam_ecryptfs.auth-client-config	16:35
jdstrand	kirkland: you didn't change anything in pam_account or pam_password, so remove those lines too	16:36
jdstrand	kirkland: I mean, if they need to be that, then leave them, but if not, remove them	16:37
kirkland	jdstrand: http://pastebin.ubuntu.com/26686/	16:37
jdstrand	kirkland: I suggest naming it 'ecrypts', so that you have the file /etc/auth-client-config/ecryptfs	16:39
kirkland	k	16:39
jdstrand	kirkland: once you put it in there, you can do: 'auth-client-config -l' and see if the profile pops up	16:39
kirkland	jdstrand: well, the packaging can install it as such	16:39
* jdstrand nods		16:39
kirkland	jdstrand: within the package, though, i was going to call it debian/pam_ecryptfs.auth-client-config	16:40
jdstrand	kirkland: but for testing it, just drop it in there now and moake sure it works	16:40
* jdstrand nods again		16:40
kirkland	jdstrand: do you have a package that uses this, that I might emulate?	16:41
jdstrand	kirkland: ldap-auth-config	16:42
* delcoyote hi		16:43
jdstrand	kirkland: once it's in there, can do:	16:43
jdstrand	auth-client-config -n -p ecryptfs_standard -t pam-auth ; auth-client-config -n -p ecryptfs_standard -t pam-session	16:44
jdstrand	for a dry run	16:44
jdstrand	kirkland: remove the '-n' for a real run	16:44
kirkland	k	16:44
* jdstrand notes it is probably convenient to use a comma separated list for '-t'		16:45
* jdstrand goes to fix that		16:45
Thorsten11	I am looking to swap my servers hard drive with a larger one. How do I go about doing that and keeping all the data? Any help would be great!	16:47
kirkland	jdstrand: hmm, "auth-client-config -p ecryptfs_standard -t pam-auth ; auth-client-config -n -p ecryptfs_standard -t pam-session,pam-auth" ... does that go in debian/rules?	16:48
jdstrand	kirkland: that second command needs to drop ',pam-auth' (a-c-c can only handle one -t option at a time right now)	16:49
kirkland	oh	16:49
kirkland	okay, so two calls	16:49
jdstrand	kirkland: re rules> no, that is what the user will run to enable ecryptfs in pam	16:49
jdstrand	kirkland: in a bit, those two commands will become:	16:50
jdstrand	auth-client-config -p ecryptfs_standard -t pam-auth,pam-session	16:50
kirkland	jdstrand: right	16:50
kirkland	jdstrand: okay, i suppose this helps somewhat	16:50
kirkland	jdstrand: but it still doesn't solve what I thought i was solving	16:50
kirkland	jdstrand: avoiding having to do the pam setup post installation	16:51
jdstrand	kirkland: there are mechanisms in place in auth-client-config to make it work in packaging, but as a policy isn't in effect and slangasek is doing a different implementation, then just leave it to the user	16:51
kirkland	jdstrand: okay, thanks.	16:51
kirkland	jdstrand: let me get a debdiff tested and available for your review	16:51
jdstrand	kirkland: you can read /usr/share/doc/auth-client-config/README for ideas on package integration	16:52
kirkland	jdstrand: well, i'll hold off until we see whether or not slangasek's implementation is good to go	16:52
jdstrand	kirkland: but that is likely more than you want to do right now	16:52
kirkland	jdstrand: right ;-)	16:53
jdstrand	kirkland: keep in mind, while this doesn't help greatly in terms of what is outlined in Testing, it does allow you to ship a configuration that is known to work, and the wiki won't have to change. You can also add other profiles to /etc/auth-client-config/ecrypts-- eg [ecryptfs_advanced], or whatever	16:55
jdstrand	kirkland: it also provides an easy way to disable ecryptfs (one command as opposed to hand editing to config files)	16:56
jdstrand	s/to config/two config/	16:56
kirkland	jdstrand: that's a good point, thanks.	16:56
kirkland	jdstrand: something like http://pastebin.ubuntu.com/26689/	16:58
jdstrand	kirkland: but the use of auth-client-config, or steve's method, or a combination is really what needs to be implemented :) use of auth-client-config just makes it easier	16:58
kirkland	jdstrand: oh, yeah, i totally understand that	16:58
jdstrand	kirkland: you don't need a Pre-Depends-- just add /etc/auth-client-config/profile.d to 'dirs' (which you've already done)	16:59
jdstrand	kirkland: I suggest using 'Suggests' instead of Pre-Depends	16:59
jdstrand	kirkland: ecryptfs will work just fine aithout a-c-c	17:00
kirkland	k	17:00
kirkland	jdstrand: build gripes: dh_install --fail-missing --sourcedir=debian/tmp	17:00
kirkland	cp: cannot stat `debian/tmp/pam_ecryptfs.auth-client-config': No such file or directory	17:00
* jdstrand goes to download the thing		17:00
jdstrand	there are a lot of build-deps...	17:09
delly84	does anyone know the best way to purge an ldap database besides just removing /var/lib/ldap/* and /var/backups/unknown-...ldapdb and re inserting the nodes via dpkg-reconfigure slapd and ldapadd?	17:10
delly84	is that even the right way to do this?	17:11
kirkland	jdstrand: to ecryptfs-utils?	17:12
kirkland	jdstrand: i'm working a couple of MRs related to that now	17:12
jdstrand	kirkland: from a pristine schroot, yeah	17:12
kirkland	zul: doko approved pkcs11-helper \o/	17:12
kirkland	jdstrand: hmm, i'm missing something obvious	17:29
jdstrand	kirkland: the problem is that the profile is not copied into debian/tmp/etc/auth-client-config/profile.d	17:29
kirkland	jdstrand: right	17:29
kirkland	jdstrand: what should handle that? something rules, I suspect	17:30
jdstrand	kirkland: your libecryptfs0.dirs file makes etc/auth-client-config/profile.d created in debian/libecryptfs0	17:30
jdstrand	but the profile is copied there either	17:30
kirkland	jdstrand: is my syntax in libecryptfs0.install correct?	17:31
kirkland	jdstrand: should it be ../pam_ecryptfs.auth-client-config etc/auth-client-config/profile.d	17:31
jdstrand	kirkland: I'm not used to seeing it like that	17:33
jdstrand	kirkland: I think just having /etc would be enough	17:33
jdstrand	kirkland: your syntax looks fine based on the manpage (hey, I learned something!)	17:40
kirkland	jdstrand: the ../ bit?	17:40
kirkland	jdstrand: b/c, that actually works!	17:40
jdstrand	kirkland: no, just the <file> <dir> bit	17:40
kirkland	jdstrand: oh, i got that straight from ldap-auth-config	17:41
kirkland	jdstrand: see ldap-auth-config.install	17:41
jdstrand	hmm, I might have actually did that	17:41
jdstrand	(ldap-auth-config.install)	17:41
kirkland	jdstrand: you're so money you don't even know it!	17:41
jdstrand	apparently I'm flaking out right now :)	17:41
jdstrand	kirkland: a cleaner approach is in debian/libecryptfs0.install have:	17:46
jdstrand	/etc/auth-client-config/profile.d/pam_ecryptfs.auth-client-config	17:46
jdstrand	kirkland: then in rules:	17:46
jdstrand	dh_install --list-missing --sourcedir=debian/tmp -Xpam_ecryptfs.auth-client-config	17:46
jdstrand	and in rules:	17:47
jdstrand	cp $(CURDIR)/debian/pam_ecryptfs.auth-client-config $(CURDIR)/debian/libecryptfs0/etc/auth-client-config/profile.d	17:47
jdstrand	after the MAKE command	17:47
kirkland	jdstrand: would s/pam_ecryptfs.auth-client-config/acc-ecryptfs/g be more consistent?	17:47
jdstrand	kirkland: basically, we install the file into the libecrypts0 dir (as expected), then tell dh_install to skip that file when doing debian/tmp	17:48
jdstrand	kirkland: I have no preference as to the name	17:49
kirkland	jdstrand: which section of rules does the -Xacc-ecryptfs bit go?	17:49
jdstrand	kirkland: it should not be named 'acc-ecryptfs' after install though-- files with acc- are installed by auth-client-config itself	17:50
kirkland	jdstrand: oh	17:50
jdstrand	it's a convention, not a hard-n-fast rule	17:50
jdstrand	but there is no reason not to follow it	17:50
kirkland	jdstrand: that's fine	17:50
kirkland	jdstrand: i'll call it ecryptfs.acc in the source package	17:51
kirkland	compact enough	17:51
jdstrand	kirkland: I like the installed named as 'ecryptfs'-- it is easy	17:51
kirkland	jdstrand: okay, and i'll install it as 'ecryptfs'	17:51
jdstrand	kirkland: as for the -X... part-- just add it to the end of the dh_install line that already exists in binary-arch	17:51
kirkland	jdstrand: the existing line has "fail-missing" ... yours "list-missing" ?	17:52
* kirkland tries a build...		17:53
jdstrand	kirkland: err, yeah-- good point. it should be fail-missing	17:53
zul	kirkland: coolness please add it to the seeds then :)	17:53
kirkland	jdstrand: k, i'm building with that now	17:53
jdstrand	kirkland: I tried list-missing in testing	17:53
kirkland	zul: i may need some instruction/documentation on doing that (later)	17:55
zul	kirkland: cool you might not have access either	17:56
* kirkland doesn't have much access at all		17:56
* kirkland is entirely at the mercy of bribing a bunch of other people to sponsor his work :-)		17:56
kirkland	jdstrand: okay, cool, that built, and installed properly!	18:00
jdstrand	\o/	18:00
kirkland	jdstrand: let me try the runtime command to enable....	18:00
kirkland	jdstrand: what do you think of http://pastebin.ubuntu.com/26708/ ?	18:11
jdstrand	kirkland: hold on	18:15
jdstrand	kirkland: you reference debian/acc-ecryptfs in the changelog.	18:30
kirkland	jdstrand: shite, okay	18:31
jdstrand	kirkland: I've updated it-- other than that it looks good	18:31
jdstrand	kirkland: do you want me to upload?	18:31
kirkland	jdstrand: let me attach it to the bug	18:31
jdstrand	kirkland: I build on amd64, did package upgrade testing, and tested auth-client-config profile integration	18:31
kirkland	jdstrand: same here	18:32
jdstrand	kirkland: let me know when to upload	18:32
kirkland	jdstrand: patch at https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/247641	18:33
uvirtbot	Launchpad bug 247641 in ecryptfs-utils "pam_ecryptfs.so insertion into the pam stack" [Wishlist,In progress]	18:33
jdstrand	kirkland: does that mean it's ready to fly?	18:33
kirkland	jdstrand: yup, good by me, i fixed the changelog	18:34
kirkland	jdstrand: other than that it's identical	18:34
kirkland	jdstrand: sad that we have to diverge from debian, but hopefully it's temporary	18:34
jdstrand	ecryptfs-utils fly, ecryptfs-utils fly	18:35
jdstrand	into the light of the dark black night	18:36
jdstrand	kirkland: uploaded	18:36
kirkland	jdstrand: thanks, i'm updating the wiki page now	18:36
jdstrand	kirkland: it's a minor divergence that will help our users	18:36
kirkland	jdstrand: definitely, a million thanks for your help	18:36
jdstrand	np	18:36
jdstrand	:)	18:36
kirkland	jdstrand: do we care about hppa build failure?	18:40
jdstrand	jdstrand: well, yes, but what do you mean specifically?	18:40
kirkland	jdstrand: i just got a failed-to-build error for ecryptfs-utils with your upload for hppa	18:41
jdstrand	that was fast	18:41
kirkland	jdstrand: okay, instructions updated at: https://wiki.ubuntu.com/EncryptedPrivateDirectory#head-4a2aa7460fdca18bfe78bb1283becff406bbc13c	18:41
jdstrand	jdstrand: it built last time	18:41
jdstrand	kirkland: it's an apt error	18:43
kirkland	jdstrand: i was just investigating that	18:43
kirkland	jdstrand: okay, not our fault :-)	18:43
jdstrand	kirkland: no	18:43
kirkland	jdstrand: no, it is our fault?	18:44
jdstrand	kirkland: it is not our fault	18:44
kirkland	jdstrand: ;-)	18:44
jdstrand	I submitted to retry the build	18:44
jdstrand	kirkland: it built fine the 2nd time	18:55
kirkland	jdstrand: cool, thanks.	18:57
kirkland	jdstrand: i just need the fix from Debian in 50-2 that makes mount.ecryptfs_private setuid	18:58
kirkland	jdstrand: ideally, i'll get that in and merged by Monday, and we can have an ~/Private setup party in Lexington next week ;-)	18:59
jdstrand	kirkland: guess you get to practice merging :)	18:59
jdstrand	ok cool	18:59
kirkland	jdstrand: yup	18:59
jdstrand	\o/	18:59
bdmurray	mathiaz: I might be able to help regarding moving bugs to a renamed package	19:00
kirkland	mathiaz: any progress on the web app packaging standard?	19:01
kirkland	mathiaz: i have a couple of simple, small PHP web apps that I'd like to get some assistance packaging from scratch next week	19:02
kirkland	mathiaz: the good news is that they don't use a DB	19:02
Chipzz	kirkland: have you looked at the packaging of phpmyadmin?	19:05
kirkland	Chipzz: negative	19:06
Chipzz	kirkland: take a look at that; maybe that will give you some idea's?	19:06
Chipzz	s/'//	19:06
kirkland	Chipzz: mathiaz had raised some issues with the way webapps are/not packaged with Ubuntu at UDS	19:06
kirkland	Chipzz: if phpmyadmin's packaging is a model to be followed, i can do that	19:07
kirkland	Chipzz: however, i was under the impression that none were considered "ideal"	19:07
Chipzz	I'm not saying it's a model; it is however something you can take a look at to get some inspiration	19:08
kirkland	Chipzz: cool, thanks for the pointer	19:08
tolun	hi everyone...	19:14
tolun	how can I increase entropy in kernel?	19:14
tolun	is there anybody...	19:16
lukehasnoname	be patient, a lot of these guys are working. they'll get to you in time, most of the time.	19:17
tolun	:-/	19:19
mathiaz	bdmurray: kwel - where is your magic script ?	19:28
mathiaz	kirkland: no progress on the web app packaging standard	19:28
bdmurray	mathiaz: I don't have one yet but ogasawara or I should be able to help	19:29
mathiaz	bdmurray: ok - persia suggested to move them by hand while reviewing them	19:29
mathiaz	bdmurray: which could be a good idea in this case as there aren't so many bugs	19:30
bdmurray	mathiaz: right, I saw that. I think it really depends on the volume. If you are on top of them and know they are all valid just move them - otherwise reviewing during the process makes sense.	19:30
nealmcb	Is there a tool (web query engine?) to easily determine if a given dns resolver (not under my control) is now properly doing random source ports (e.g. a tool that asks it to resolve an address at a domain that the tool can work with to see what source port the requests come in on?)	19:34
ScottK	Not that I know of. If you control the DNS server it's asking, you can capture data via tcpdump and check.	19:36
Nicke__	nealmcb: Have you tried http://www.doxpara.com/ ?	19:41
Deeps	urr, surely you can see the source port of incoming packets	19:42
gegema	this may be a rediculous Q... but here goes. When doing a "history" command and I get a list of my previous commands, is there a way to select say the 200th command, so I doint have to up arrow 200 times to get to it?	19:45
gegema	or is my only option to just copy and paste that command	19:45
zul	!<history number>	19:45
gegema	hmm.. tried history number before asking this Q... and just tried !history number and I get -bash: history: too many arguments	19:47
nealmcb	Nicke_ yup - that's the ticket! Dan's own checker on the sidebar at http://www.doxpara.com/ . Though I suggest you don't expect it to be too smart. I see a lack of randomness that it didn't in my dns server	19:49
Nicke__	nealmcb: yeah.. I only know that it detected my own dns server as vulnerable before I updated it, and said it was fine after.. but I don't see that as any guarantee ;)	19:52
tolun	how can I increase entropy in kernel?	19:56
nealmcb	tolun: get the machine to do interesting things - maybe df /usr or something like that	19:57
nealmcb	or move your mouse etc	19:58
tolun	nealmcb, it is a server which is far away and i am connecting via ssh	20:02
tolun	and ubuntu server does not accepts my inputs	20:02
tolun	from ssh	20:02
tolun	I want that server should do entropy by itself	20:03
tolun	:(	20:03
tolun	I mean that it is not accepts inputs as an entropy action....	20:04
tolun	does not server generate random bytes for entropy by itself?	20:07
nealmcb	tolun: yes, but if it isn't doing much it can take time. disk activity should help which is why I suggested df /usr	20:09
tolun	owwww	20:11
tolun	sorry...	20:11
tolun	let me check this pls...	20:11
tolun	;)	20:11
nealmcb	dooh - I mean du /usr ....	20:12
nealmcb	df is much too efficient :/	20:12
=== freaky[t] is now known as fReAkY[t]
nealmcb	tolun: ^	20:18
tolun	nealmcb, still I am testing...	20:18
tolun	and still it did not achived my problem...	20:18
tolun	:(	20:18
trakinas	im having troubles with ssh	20:21
trakinas	first thing: the keys arent being loaded. though i have removed and re-generated them	20:22
trakinas	second thing: i cannot connect to the server anymore.	20:22
trakinas	even after doing this: http://markus.revti.com/index.php/2007/12/05/245/	20:22
nealmcb	so I'd like to run dan's script at doxpara.com/, which uses javascript, from a server. what handy javascript-enabled text mode browsers are out there again? our elinks doesn't seem to have spidermonkey which would do some javascript	20:24
Wicky656	how do you set limits in /etc/security/limits.conf to unlimited or is that even possible?	20:24
* nealmcb hoped he'd eventually find a relevant, on-topic question :)		20:24
tolun	nealmcb, it did not worked	20:25
tolun	:(	20:25
nealmcb	did you run du (not df like I said at first)?	20:25
nealmcb	and exactly what are you doing?	20:26
tolun	yes	20:28
tolun	it has been stoped	20:28
nealmcb	tolun: see e.g. http://bentham.k2.t.u-tokyo.ac.jp/notebook/?p=241	20:30
tolun	ok	20:31
tolun	and what else?	20:31
nealmcb	I'd say, maybe, at a shell do this in the background just before generating your key: "du / &" or "ls -Rl / > /dev/null &"	20:32
nealmcb	so it runs while you generate	20:32
tolun	thank you nealmcb...	20:32
tolun	i will try all of them...	20:33
nealmcb	tolun: or generate it on a desktop and copy it to the server....	20:36
tolun	i think i found it... which included in your link address...	20:38
tolun	egd is a solution i think...	20:38
tolun	of course i have to try it...;)	20:38
tolun	nealmcb, really thanks for all... I will try it and inform you... of course if you need know...;)	20:40
nealmcb	tolun: np	20:42
bitsbam_	hello anyone use a dell poweredge ?	21:35
nealmcb	bitsbam_: you might get better answers if you ask your underlying question	21:45
bitsbam_	thanks, i need to know the procedure to power down a hard drive for a hot-swap replacement	21:45
* nealmcb doesn't know :(		21:46
Nafallo	ehrm. hotswap is yank out, put in new? :-)	21:46
Nafallo	that's how I do it on HPs anyway. works fine.	21:46
nealmcb	the "hammer" approach :) I would have guessed it, but didn't want to steer someone wrong	21:47
Nafallo	just take care if the machine starts rebuilding the array or something.	21:48
Nafallo	you want to wait until it doesn't do that before you put in the new drive or you might loose the array.	21:49
nealmcb	cool - I learned a nice emacs tip last night: tramp has a "sudo" mode, so you can edit /sudo::/etc/resolv.conf without firing up another emacs	21:52
bitsbam_	well, last night, i yanked a drive, and slid a new one in place, but it never showed anything other than the blinking amber lights for drive failure, put the old drive back in it blinked amber for a bit, then green	21:53
bitsbam_	I suppose most of this would point to a drive failure ? It is a brand new drive.	22:08
solexious_	[q] My server seems to hang on restarts, how can i find out how as it seend to be after ssh is stopped	22:11
solexious_	seems*	22:11
uvirtbot	New bug: #247727 in mysql-dfsg-5.0 (main) "mysql ignores view order when selecting with group by" [Undecided,New] https://launchpad.net/bugs/247727	22:41
=== fReAkY[t] is now known as freaky[t]
Chipzz	hrrrrm	23:30
Chipzz	anyone here running debian testing?	23:30
Chipzz	I just upgraded some servers from php5 5.2.5 to 5.2.6, and I hit max connections pretty fast	23:31
Chipzz	appears to be a problem with apache threads (especially those to localhost; for the server reloading - WTF is apache doing this crap in the first place) hanging in the closing state for too long	23:32
Chipzz	mentioning this because that version may be hitting intrepid...	23:34
bitsbam_	anyone have a more correct procedure for readying a drive to be removed and hot swapped than just yanking the thing out of a dell poweredge server?	23:37

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!