=== nxvl_ is now known as nxvl
[08:17] <tjaalton> cjwatson: should the gtk-frontend work yet? I get a DirectFBError when it tries to initialize the screen
[10:38] <cjwatson> tjaalton: that's known, thanks
[10:39] <cjwatson> tjaalton: gtk/directfb needs some work ...
[15:53] <manzur> i was banned from #ubuntu-es
[15:54] <manzur> how can i fix it
[15:54] <manzur> ?
[16:10] <cjwatson> (congratulations, now you're banned from another channel for trying to use it as a stunningly inappropriate escalation method)
[16:14] <ogra> heh
[18:00] <kirkland> evand: hiya
[18:01] <kirkland> evand: i just tried the daily iso for encrypted home ... there's at least two issues
[18:01] <kirkland> evand: rtg is working on the kernel module issue
[18:01] <kirkland> evand: it seems that they need the kernel crypto modules as well as the ecryptfs filesystem module
[18:01] <kirkland> evand: he says that he's going to take care of that
[18:02] <kirkland> evand: additionally, however, ecryptfs-utils did not get installed, when I selected "encrypted home"
[18:19] <kirkland> cjwatson: why does the server iso boot a generic kernel?
[18:40] <cjwatson> kirkland: too much effort to build a separate d-i for the server kernel, and relatively little value
[18:41] <cjwatson> kirkland: I agree with apw that ecryptfs should be loaded outside the chroot if it's to be used in the installer, which means that it will need to be made available in a udeb
[18:42] <cjwatson> kirkland: relying on modprobe in the target system from the installer is always wrong
[18:42] <kirkland> cjwatson: understood.
[18:46] <kirkland> cjwatson: okay, i'm struggling a bit in the installer, with the encrypted-home option
[19:39] <cjwatson> kirkland: oh?
[19:40] <kirkland> cjwatson: i need to actually perform the ecryptfs mount in the chroot'd target
[19:40] <kirkland> cjwatson: such that the /etc/skel gets copied into the ecryptfs mountpoint
[19:41] <kirkland> cjwatson: that's proving to be more difficult than i though, with current iso's
[19:41] <kirkland> cjwatson: seems that the next kernel (-3) will have ecryptfs and aes built in
[19:41] <kirkland> cjwatson: hopefully that one will work better
[19:42] <cjwatson> the other option would've been to put the modules in the crypto-modules udeb
[19:42] <cjwatson> that would have been my suggestion, actually
[19:42] <cjwatson> then user-setup could anna-install crypto-modules and modprobe ecryptfs
[19:42] <kirkland> cjwatson: hmm, yeah, that one i didn't think of
[19:42] <kirkland> cjwatson: the server installer has the ecryptfs.ko
[19:42] <cjwatson> can you mention that alternative possibility to the kernel team?
[19:42] <kirkland> cjwatson: but the alternate does not
[19:42] <cjwatson> err
[19:42] <cjwatson> where does it have ecryptfs.ko?
[19:43] <kirkland> cjwatson: /lib/modules/..../kernel/fs
[19:43] <cjwatson> in the target system you mean?
[19:43] <kirkland> cjwatson: no
[19:43] <kirkland> cjwatson: in the installer /
[19:43] <kirkland> cjwatson: it's in -generic in the installer, but in -server in the target system
[19:43] <cjwatson> well, they're the same installer ...
[19:44] <kirkland> cjwatson: i pull today's server and alternate iso's
[19:44] <kirkland> cjwatson: find / | ecryptfs
[19:44] <kirkland> cjwatson: shows different results
[19:45] <cjwatson> well that's just bizarre
[19:46] <cjwatson> in order for that to happen, ecryptfs.ko would have to be in some udeb
[19:46] <cjwatson> and, according to the archive, it isn't ...
[19:48] <CIA-61> debian-installer: cjwatson * r1007 ubuntu/ (4 files in 2 dirs): Move mainline architectures to 2.6.28-3 kernels.
[19:52] <kirkland> cjwatson: okay, i'm seeing really different behavior between alternate and server iso's
[19:53] <kirkland> cjwatson: on alternate, i can't get past configuring-apt
[19:53] <kirkland> cjwatson: i dropped to a shell, chroot'd to target, and tried to apt-get install ecryptfs-utils, but it can't
[19:54] <cjwatson> is this an unmodified system - i.e. one where I could reproduce the problem?
[19:54] <cjwatson> you should use apt-install in the installer for installing extra packages in /target, in general
[19:55] <kirkland> cjwatson: yes, very reproducible
[19:55] <kirkland> cjwatson: i'll try apt-install
[19:55] <kirkland> cjwatson: i would much appreciate your help, as I was sort of hoping for this to make alpha-2
[19:55] <kirkland> i targeted all of the bugs/patches at alpha2
[19:55] <kirkland> that can be adjusted, i suppose
[19:57] <kirkland> cjwatson: so i'm running today's alternate 64-bit jaunty installer 41ce2c80ebd9ec94cfc44f19f0f49842
[19:57] <kirkland> cjwatson: default on all questions up to the username/password
[19:57] <kirkland> cjwatson: i select "Yes" for encrypt home, which does not succeed, however, the user is not warned
[19:57] <kirkland> (at least at that point)
[19:57] <cjwatson> I'll be attempting it on i386 for practicality reasons
[19:58] <kirkland> cjwatson: fair enough
[20:00] <kirkland> cjwatson: okay, i just got through the user pages
[20:01] <cjwatson> (I'm waiting for jigdo to download all this)
[20:02] <kirkland> cjwatson: okay, i got a red-page failure, on "Select and install software"
[20:02] <cjwatson> check syslog
[20:03] <kirkland> libnewt0.52 doesn't exist
[20:03] <cjwatson> ok, the bustage has probably not got much to do with your changes
[20:04] <kirkland> right, so now i'll drop to a shell
[20:04] <kirkland> mount -o bind /dev /target/dev
[20:04] <kirkland> mount -o bind /sys /target/sys
[20:04] <kirkland> mount -o bind /proc /target/proc
[20:04] <kirkland> right?
[20:05] <cjwatson> I guess
[20:06] <kirkland> well, it seems it needs at least sys and proc
[20:06] <kirkland> chroot /target
[20:06] <kirkland> bash
[20:06] <kirkland> lsmod | grep ecryptfs = nothing
[20:06] <kirkland> modprobe ecryptfs -> success
[20:07] <kirkland> modprobe aes -> success
[20:07] <cjwatson> right, not guaranteed though
[20:07] <cjwatson> that'll break in -server
[20:07] <cjwatson> you're just lucky this time
[20:07] <kirkland> definitely true
[20:07] <kirkland> cjwatson: well, in the server, i can do this outside of the chroot
[20:08] <kirkland> b/c those .ko's are available
[20:08] <kirkland> not so in the alternate install
[20:08] <kirkland> i must do it in the /target
[20:08] <cjwatson> (a) I still don't see how that's possible with current images (b) kernel bug, those modules *should* be made available outside of the chroot, as I said above and on #kernel
[20:09] <kirkland> cjwatson: fair enough on that point -- it's something that will need to be worked around
[20:10] <kirkland> cjwatson: worked around, for now, as you said, "I'm lucky" ... can't rely on that
[20:10] <kirkland> cjwatson: so now, in the chroot /target, i need to install ecryptfs-utils
[20:10] <kirkland> apt-install -> command not found (only available outside the chroot?)
[20:11] <kirkland> apt-get install (doesn't work either, no installation candidate)
[20:11] <cjwatson> apt-install is only available outside the chroot
[20:11] <cjwatson> is ecryptfs-utils on the CD?
[20:11] <cjwatson> only CD sources are available at that point
[20:11] <kirkland> cjwatson: yes on the server, no on the alternate
[20:12] <cjwatson> ok, seed change needed then
[20:13] <kirkland> cjwatson: okay, so for now, i'll scp them in
[20:17] <kirkland> cjwatson: okay, so now i've got the userspace utilities, and their (defined) dependencies
[20:17] <kirkland> cjwatson: trying a test mount within the target chroot fails, with the following in syslog:
[20:18] <kirkland> mount.ecryptfs: Error initializing the key module [/usr/lib/ecryptfs/libecryptfs_key_mod_gpg.so] ...  which is an error thrown inside the ecryptfs mount helper
[20:18] <kirkland> possible a library is missing
[20:19] <kirkland> hmm, but that's odd....
[20:19] <kirkland> we're using passphrase
[20:26] <kirkland> cjwatson: it seems that the kernel is very displeased when trying to initialize the aes cipher
[21:38] <CIA-61> debian-installer: cjwatson * r1008 ubuntu/debian/changelog: releasing version 20081029ubuntu5