| === nxvl_ is now known as nxvl | ||
| tjaalton | cjwatson: should the gtk-frontend work yet? I get a DirectFBError when it tries to initialize the screen | 08:17 |
|---|---|---|
| cjwatson | tjaalton: that's known, thanks | 10:38 |
| cjwatson | tjaalton: gtk/directfb needs some work ... | 10:39 |
| manzur | i was banned from #ubuntu-es | 15:53 |
| manzur | how can i fix it | 15:54 |
| manzur | ? | 15:54 |
| cjwatson | (congratulations, now you're banned from another channel for trying to use it as a stunningly inappropriate escalation method) | 16:10 |
| ogra | heh | 16:14 |
| kirkland | evand: hiya | 18:00 |
| kirkland | evand: i just tried the daily iso for encrypted home ... there's at least two issues | 18:01 |
| kirkland | evand: rtg is working on the kernel module issue | 18:01 |
| kirkland | evand: it seems that they need the kernel crypto modules as well as the ecryptfs filesystem module | 18:01 |
| kirkland | evand: he says that he's going to take care of that | 18:01 |
| kirkland | evand: additionally, however, ecryptfs-utils did not get installed, when I selected "encrypted home" | 18:02 |
| kirkland | cjwatson: why does the server iso boot a generic kernel? | 18:19 |
| cjwatson | kirkland: too much effort to build a separate d-i for the server kernel, and relatively little value | 18:40 |
| cjwatson | kirkland: I agree with apw that ecryptfs should be loaded outside the chroot if it's to be used in the installer, which means that it will need to be made available in a udeb | 18:41 |
| cjwatson | kirkland: relying on modprobe in the target system from the installer is always wrong | 18:42 |
| kirkland | cjwatson: understood. | 18:42 |
| kirkland | cjwatson: okay, i'm struggling a bit in the installer, with the encrypted-home option | 18:46 |
| cjwatson | kirkland: oh? | 19:39 |
| kirkland | cjwatson: i need to actually perform the ecryptfs mount in the chroot'd target | 19:40 |
| kirkland | cjwatson: such that the /etc/skel gets copied into the ecryptfs mountpoint | 19:40 |
| kirkland | cjwatson: that's proving to be more difficult than i though, with current iso's | 19:41 |
| kirkland | cjwatson: seems that the next kernel (-3) will have ecryptfs and aes built in | 19:41 |
| kirkland | cjwatson: hopefully that one will work better | 19:41 |
| cjwatson | the other option would've been to put the modules in the crypto-modules udeb | 19:42 |
| cjwatson | that would have been my suggestion, actually | 19:42 |
| cjwatson | then user-setup could anna-install crypto-modules and modprobe ecryptfs | 19:42 |
| kirkland | cjwatson: hmm, yeah, that one i didn't think of | 19:42 |
| kirkland | cjwatson: the server installer has the ecryptfs.ko | 19:42 |
| cjwatson | can you mention that alternative possibility to the kernel team? | 19:42 |
| kirkland | cjwatson: but the alternate does not | 19:42 |
| cjwatson | err | 19:42 |
| cjwatson | where does it have ecryptfs.ko? | 19:42 |
| kirkland | cjwatson: /lib/modules/..../kernel/fs | 19:43 |
| cjwatson | in the target system you mean? | 19:43 |
| kirkland | cjwatson: no | 19:43 |
| kirkland | cjwatson: in the installer / | 19:43 |
| kirkland | cjwatson: it's in -generic in the installer, but in -server in the target system | 19:43 |
| cjwatson | well, they're the same installer ... | 19:43 |
| kirkland | cjwatson: i pull today's server and alternate iso's | 19:44 |
| kirkland | cjwatson: find / | ecryptfs | 19:44 |
| kirkland | cjwatson: shows different results | 19:44 |
| cjwatson | well that's just bizarre | 19:45 |
| cjwatson | in order for that to happen, ecryptfs.ko would have to be in some udeb | 19:46 |
| cjwatson | and, according to the archive, it isn't ... | 19:46 |
| CIA-61 | debian-installer: cjwatson * r1007 ubuntu/ (4 files in 2 dirs): Move mainline architectures to 2.6.28-3 kernels. | 19:48 |
| kirkland | cjwatson: okay, i'm seeing really different behavior between alternate and server iso's | 19:52 |
| kirkland | cjwatson: on alternate, i can't get past configuring-apt | 19:53 |
| kirkland | cjwatson: i dropped to a shell, chroot'd to target, and tried to apt-get install ecryptfs-utils, but it can't | 19:53 |
| cjwatson | is this an unmodified system - i.e. one where I could reproduce the problem? | 19:54 |
| cjwatson | you should use apt-install in the installer for installing extra packages in /target, in general | 19:54 |
| kirkland | cjwatson: yes, very reproducible | 19:55 |
| kirkland | cjwatson: i'll try apt-install | 19:55 |
| kirkland | cjwatson: i would much appreciate your help, as I was sort of hoping for this to make alpha-2 | 19:55 |
| kirkland | i targeted all of the bugs/patches at alpha2 | 19:55 |
| kirkland | that can be adjusted, i suppose | 19:55 |
| kirkland | cjwatson: so i'm running today's alternate 64-bit jaunty installer 41ce2c80ebd9ec94cfc44f19f0f49842 | 19:57 |
| kirkland | cjwatson: default on all questions up to the username/password | 19:57 |
| kirkland | cjwatson: i select "Yes" for encrypt home, which does not succeed, however, the user is not warned | 19:57 |
| kirkland | (at least at that point) | 19:57 |
| cjwatson | I'll be attempting it on i386 for practicality reasons | 19:57 |
| kirkland | cjwatson: fair enough | 19:58 |
| kirkland | cjwatson: okay, i just got through the user pages | 20:00 |
| cjwatson | (I'm waiting for jigdo to download all this) | 20:01 |
| kirkland | cjwatson: okay, i got a red-page failure, on "Select and install software" | 20:02 |
| cjwatson | check syslog | 20:02 |
| kirkland | libnewt0.52 doesn't exist | 20:03 |
| cjwatson | ok, the bustage has probably not got much to do with your changes | 20:03 |
| kirkland | right, so now i'll drop to a shell | 20:04 |
| kirkland | mount -o bind /dev /target/dev | 20:04 |
| kirkland | mount -o bind /sys /target/sys | 20:04 |
| kirkland | mount -o bind /proc /target/proc | 20:04 |
| kirkland | right? | 20:04 |
| cjwatson | I guess | 20:05 |
| kirkland | well, it seems it needs at least sys and proc | 20:06 |
| kirkland | chroot /target | 20:06 |
| kirkland | bash | 20:06 |
| kirkland | lsmod | grep ecryptfs = nothing | 20:06 |
| kirkland | modprobe ecryptfs -> success | 20:06 |
| kirkland | modprobe aes -> success | 20:07 |
| cjwatson | right, not guaranteed though | 20:07 |
| cjwatson | that'll break in -server | 20:07 |
| cjwatson | you're just lucky this time | 20:07 |
| kirkland | definitely true | 20:07 |
| kirkland | cjwatson: well, in the server, i can do this outside of the chroot | 20:07 |
| kirkland | b/c those .ko's are available | 20:08 |
| kirkland | not so in the alternate install | 20:08 |
| kirkland | i must do it in the /target | 20:08 |
| cjwatson | (a) I still don't see how that's possible with current images (b) kernel bug, those modules *should* be made available outside of the chroot, as I said above and on #kernel | 20:08 |
| kirkland | cjwatson: fair enough on that point -- it's something that will need to be worked around | 20:09 |
| kirkland | cjwatson: worked around, for now, as you said, "I'm lucky" ... can't rely on that | 20:10 |
| kirkland | cjwatson: so now, in the chroot /target, i need to install ecryptfs-utils | 20:10 |
| kirkland | apt-install -> command not found (only available outside the chroot?) | 20:10 |
| kirkland | apt-get install (doesn't work either, no installation candidate) | 20:11 |
| cjwatson | apt-install is only available outside the chroot | 20:11 |
| cjwatson | is ecryptfs-utils on the CD? | 20:11 |
| cjwatson | only CD sources are available at that point | 20:11 |
| kirkland | cjwatson: yes on the server, no on the alternate | 20:11 |
| cjwatson | ok, seed change needed then | 20:12 |
| kirkland | cjwatson: okay, so for now, i'll scp them in | 20:13 |
| kirkland | cjwatson: okay, so now i've got the userspace utilities, and their (defined) dependencies | 20:17 |
| kirkland | cjwatson: trying a test mount within the target chroot fails, with the following in syslog: | 20:17 |
| kirkland | mount.ecryptfs: Error initializing the key module [/usr/lib/ecryptfs/libecryptfs_key_mod_gpg.so] ... which is an error thrown inside the ecryptfs mount helper | 20:18 |
| kirkland | possible a library is missing | 20:18 |
| kirkland | hmm, but that's odd.... | 20:19 |
| kirkland | we're using passphrase | 20:19 |
| kirkland | cjwatson: it seems that the kernel is very displeased when trying to initialize the aes cipher | 20:26 |
| CIA-61 | debian-installer: cjwatson * r1008 ubuntu/debian/changelog: releasing version 20081029ubuntu5 | 21:38 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!