/srv/irclogs.ubuntu.com/2008/11/11/#ubuntu-installer.txt

xivuloncjwatson, I'like to know if you have any good idea to remove the mountbind to /boot in wubi, as that is a bottleneck for a few other things11:50
cjwatsonwell, I can't say anyone has convinced me about the reliability of any replacement for that yet :(11:51
cjwatsonhow're you going to guarantee that the ntfs copy gets updated if a user fiddles about in /boot by hand?11:51
xivulonwe need a syncfs :)11:52
xivulonany approach I can think of will involve copying the files from /boot to /host/ubuntu/disks/boot at some stage11:53
xivulonand of course you can always think of cases where the 2 dirs are out of sync at boot time11:54
cjwatsondo you have a current list of problems traceable to the bind-mount?11:55
xivulonOn top of my head, there is this issue with kernel upgrades in vfat (apt does the hard link trink) and the issue about using a CD content instead of the ISO11:56
xivulonlet me fetch the bugs11:56
yannickm_hi... does anyone knows how to make it so that in the installer process, a certain package is run at a higher debconf priority, without having to change it globally ?11:56
cjwatsonyannickm_: no way to do that at present11:57
cjwatsonfix the package to ask the questions at the priority you want, or preseed the answers to the questions if that isn't possible11:57
xivulon252900 243105 20713711:58
xivulon20104611:59
yannickm_ugh... i would rather not want to have to mess with the standard ubuntu package (in this case slapd), there's no other way ?11:59
yannickm_ha11:59
yannickm_too bad11:59
yannickm_I guess i'll file a RFE to debian installer lol... thanks anyway12:00
cjwatsonbah, he left. what's wrong with preseeding?12:04
xivuloncjwatson could you apply 289791?12:05
cjwatsonxivulon: done with minor modifications12:09
cjwatson243105 has never been diagnosed and might well be fixable if we could figure it out12:09
CIA-2grub-installer: cjwatson * r758 ubuntu/ (debian/changelog grub-installer):12:09
CIA-2grub-installer: Hide GRUB menu if grub-installer/bootdev_directory is preseeded; this is12:09
CIA-2grub-installer: used in the Wubi case where GRUB is used as a secondary boot loader, and12:09
CIA-2grub-installer: so the user already had a chance to boot from another operating system12:09
CIA-2grub-installer: (thanks, Agostino Russo; LP: #289791).12:09
cjwatson207137 does not obviously have anything to do with the bind-mount12:09
cjwatsonditto 20104612:10
xivulonWell in the sense that 243105 blocks both12:10
xivulonso yes addressing 243105 will also fix such issues12:10
cjwatsondon't just list lots of tenuously related bugs, I'm only interested in the ones that are actually directly related12:10
xivulonthen the first 212:11
cjwatsonit might be worth checking for link() errno == ENOSYS in dpkg12:11
cjwatsonand falling back to copying the file12:11
xivulonThat will work, it is similar to an old fix we had in the past (in update-initramfs IIRC)12:12
xivulonIn fact it would be great if that could be pushed to intrepid updates12:13
cjwatsonno.12:13
cjwatsonI'm not pushing any such dpkg change to a stable release12:13
cjwatsonscares me *far* too much12:13
xivulonok anyway,. people deserve to be punished for using fat...12:14
cjwatsonI wasn't saying that, I just don't think it's worth the risk12:14
cjwatsonit's awkward that link() gets EPERM rather than ENOSYS though12:15
cjwatsonif it were ENOSYS then I'd be comfortable with providing a replacement12:15
cjwatsonEPERM can also mean that the source of the link is a directory though12:16
cjwatsonI've created a task on dpkg though12:17
kirklandcjwatson: hiya15:18
cjwatsonhi15:18
kirklandcjwatson: i've actually committed a couple of minor patches upstream that enables mount.ecryptfs_private to encrypt/mount/decrypt your entire /home/kirkland directory ;-)15:18
cjwatsonyow15:19
cjwatsonI don't think I have the nerve to use that myself :)15:19
kirklandcjwatson: ;-)15:19
kirklandcjwatson: the changes to the binary are actually remarkably simple15:20
kirklandcjwatson: the fs layout of /home/kirkland and /home/.kirkland are, um, innovative ;-)15:20
cjwatsonthat means a user can't do this for themselves15:20
kirklandcjwatson: correct15:21
cjwatsonif it requires a new directory under /home15:21
kirklandcjwatson: that's what brings me here15:21
kirklandcjwatson: it would require patching adduser, as well as ecryptfs-setup-private15:21
kirklandcjwatson: actually .....15:21
kirklandcjwatson: you've just triggered something interesting in my mind15:22
kirklandcjwatson: i'll go play with that15:22
cjwatsonglad to serve as a potted plant :-)15:23
kirklandcjwatson: :-)15:23
kirklandcjwatson: but, not doing it themself is a requirement i think i'm going to need15:23
kirklandcjwatson: because "migration" of a non-encrypted home dir to an encrypted-homedir is a really dicey operation15:24
kirklandcjwatson: would need to ensure that there are no other readers/writers on that user's home dir during the "migration"15:24
cjwatsonyeah, I think it's OK15:24
kirklandcjwatson: seems like an impossible situation if the migration ran as the user15:25
kirklandcjwatson: so it would be something that you'd want at adduser time, or not15:25
kirklandcjwatson: i can wiki up some instructions how to do the migration safely, as root, in runlevel 115:25
kirklandcjwatson: which is what i did to bootstrap my system15:25
kirklandcjwatson: but i don't want to publish a tool to do this for someone, as it's riddled with complexity :-)15:26
kirklandcjwatson: I understand that you won't be at UDS, but I'm asking Rick to schedule another Encrypted Home Directory session, where I'd like to demo what I've done so far, and seek some discussion/concerns/etc15:28
* kirkland expects no lack of forceful opinions ;-)15:30
kirklandcjwatson: encrypted filename patches are undergoing review/revision on LKML right now15:34
cjwatsonkirkland: I think you should explicitly look at what the ubiquity UI might look like15:52
cjwatsonit seems to me that it ought to go on the user page, but exactly how it should be laid out I'm not sure15:53
kirklandcjwatson: okay, i'll make sure i have a proposal about that15:53
kirklandcjwatson: i got a bug report recently, saying that MacOSX encrypts home dirs by default (not confirmed by me), requesting Ubuntu provide the option;  got me thinking about this, and it's starting to actually appear doable  ;-)15:55
kirklandcjwatson: but I will definitely think about the Ubiquity aspect15:55
evandI don't think Mac OSX encrypts home directories by default.  FileVault apparently does not play well with Time Machine.15:59
robbiewI can check now...wife has a Powerbook15:59
evandAnd it definitely does not do it in my copy of OSX (I'm assuming 10.4)15:59
persia10.5 doesn't do it either.  Maybe it's a new feature for 10.6?16:04
kirklandhttps://bugs.edge.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/27789416:12
ubottuLaunchpad bug 277894 in ecryptfs-utils "anyone with a livecd can acces data on ubuntu -- encrypt home directories" [Wishlist,In progress]16:12
kirklandthat was the bug report, albeit somewhat noobish16:12
kirklandhe marked it a "security vulnerability" :-)16:13
robbiewkirkland: http://docs.info.apple.com/article.html?path=Mac/10.5/en/8736.html16:45
robbiewfrom what I can see on OSX 10.5.5 it doesn't appear that the home directories are encrypted by default16:46
robbiewbut this machine was upgraded...so maybe on fresh install it provides the option16:46
* evand ponders https://bugs.launchpad.net/ubuntu/+source/linux/+bug/29215916:46
ubottuLaunchpad bug 292159 in linux "MASTER update-initramfs is disabled since running on a live CD but it is running from a flash drive. " [Low,Triaged]16:46
kirklandrobbiew: *great* link ...16:47
kirklandrobbiew: that's some skillful text there, cjwatson16:47
cjwatsonkirkland: which is?16:47
kirklandi remember vacillating over the different ways of stating that16:47
kirklandcjwatson:  http://docs.info.apple.com/article.html?path=Mac/10.5/en/8736.html16:47
cjwatsonoh right16:47
cjwatsonevand: odd, sounds like it's copying the casper-ified filesystem rather than the squashfs!16:48
cjwatsonevand: oh, running as a live image, not installed?16:48
evandja16:49
evandit explodes when there's a new kernel16:49
evandwhich is particularly bad when you're running off a USB disk with persistence16:49
cjwatsonhow about making that casper script conditional on persistence?16:49
cjwatsonand fix whatever bug it is that makes it explode in non-persistent mode rather than just silently doing nothing16:50
cjwatsonbut in persistent mode it should definitely let update-initramfs work as normal16:50
evandindeed16:50
evandI'm also going to conditionalize setting the clock to UTC, if that's fine by you16:51
cjwatsonyeah, I think so16:52
evandok, great16:53
superm1would it be worthwhile to check for persistence and disable the cron daemon's init script if persistence is off? I seem to remember reading a report somewhere that a syslog rotation script could cause /var/log/syslog to be renamed and the wrong file copied into the resultant install16:54
cjwatsoncron is already supposed to be disabled17:01
cjwatson./scripts/casper-bottom/25configure_init17:01
cjwatsonif that isn't working then somebody should work out why17:01
superm1i'll try to find the original report of it17:03
cjwatsonI've seen such reports myself before and tried to debug them, and run up against "er, well, it's supposed to work already"17:04
cjwatsonnot claiming for sure that it *does* work17:04
evandcjwatson: is there any historical reason why we overwrite /etc/localtime in casper?  It's already UTC on the squashfs.17:06
evands/any/a/17:06
evandI'm tempted to just remove the script entirely if we don't need it.17:07
cjwatsonperhaps it just predates that being the case in the squashfs17:08
cjwatsonif the script isn't necessary, go ahead and remove it17:08
evandwill do, thanks17:08
CIA-2casper: evand * r565 casper/ (scripts/casper-bottom/02timezone debian/changelog):17:17
CIA-2casper: * scripts/casper-bottom/02timezone:17:17
CIA-2casper:  - Remove as it's no longer needed and resets the timezone when17:17
CIA-2casper:  persistence is enabled (LP: #296855).17:17

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!