KeybukHobbsee: kernel update?00:04
Keybukno, ignore me00:04
Keybuk2.6.29 is current HEAD and that's where the X-related fun is happening00:05
Keybukjaunty only has .2800:05
HobbseeKeybuk: ah.  I have the X log, if anyone's interested in seeing it00:05
=== rbelem is now known as rbelem-pinhole-g
=== rbelem-pinhole-g is now known as pinhole-glasses
=== pinhole-glasses is now known as rbelem
bryceasac: Xorg.0.log and lspci -vvnn, description of symptoms when running EXA.  Title it something like, "[rNNN] High CPU when EXA enabled; needs XAA quirk" where rNNN is your chip type, r350, r500 or whatever02:06
=== asac_ is now known as asac
bluefoxicyIs there anything about how to make a repo from source packages?03:51
bluefoxicyi.e. build my own copy of main, from source, into debs03:52
Hobbseepbuilder with some extensions + a repository thing?  reprepo / falcon / etc?03:54
bluefoxicyis there documentation?03:54
Hobbseei've no idea03:55
Hobbseebut that's how i'd go about doing it03:55
bluefoxicya friend of mine wants to build some generalized security stuff into Ubuntu (toolchain modifications, hardened kernels, etc) and the best I can come up with is to rebuild the repos03:55
ScottKfalcon is broken in Intrepid and later.03:55
ScottKbluefoxicy: I know NCommander has done this recently.03:55
Hobbseeuseful.  why?03:55
bluefoxicyHobbsee: was that for me or scottK?03:56
ScottKHobbsee: Not updated for the Django 1.0 api changes.03:56
NCommanderbluefoxicy, rebuilding the archive is a sheer pain in the ass, and not something trivial to do.03:56
* bluefoxicy notes to ask NCommander03:56
HobbseeScottK: ah, darn.03:56
PovAddictthere you go03:56
ScottKThus NCommander has done it more than once, just for 'fun'.03:57
bluefoxicyNCommander:  dude, there is a build server that does this continuously; and since like Hardy all I've ever heard is "it's  really non-trivial"03:57
NCommanderScottK, I like pain, 'nuf said03:57
ion_scottk: It should depend on the correct version of django then.03:57
NCommanderbluefoxicy, I assume your referring to UWSA's archive rebuild setup03:57
ScottKion_: It should and if I was the maintainer, I'd fix it.03:57
bluefoxicyNCommander: yeah.03:58
ScottKseveas has been going to rename falcon and get it fixed up, real soon now, for most of a year.03:58
NCommanderbluefoxicy, That's not what you want, since it depends on currently existing packages to rebuild the archive. If I read you right, you don't want to use th existing packages, which means bootstrapping the archive03:58
bluefoxicyNCommander: what I'm thinking is iterate all of main and get the package source, rebuild every package in main, and stick it in a folder, then generate a packages.gz off it03:58
bluefoxicyi.e. let's say I want to install Ubuntu, but build everything with 'gcc -Os' instead of -O203:59
PovAddictbluefoxicy: to rebuild certain packages you need to build other packages first, so yes what you want is "bootstrapping"03:59
NCommanderLike I said, non-trivial to redo03:59
NCommanderbluefoxicy, there is no mechanism in place for automagic rebootstrapping03:59
NCommanderits a long, slow, and UGLY process03:59
bluefoxicyNCommander: hmm.03:59
NCommanderbluefoxicy, that being said, if its just -O2 -> -Os, you might be able to cheat by using existing packages04:00
bluefoxicyPovAddict:  I don't suppose a host ubuntu system can simply install the existing packages and rebuild...04:00
NCommanderbluefoxicy, wgrant is the guy who runs UWSA archive rebuilds04:00
bluefoxicyNCommander: nods.04:00
PovAddictbluefoxicy: if you tell ubuntu to build package X from source, it will get *binaries* for packages Y, Z, and W it depends on04:01
PovAddictso it can build04:01
bluefoxicyNCommander: the actual problem I have in mind is compiling all binaries as PIC, linking executables as PIE, and using a kernel that's patched to load said executables with a randomized executable base and random heap base04:01
NCommanderbluefoxicy, PovAddict is right, hence the difficulty, bootstrapping Ubuntu is a lot (and I mean *a lot* of grudge work)04:01
bluefoxicyok that makes sense04:01
NCommanderbluefoxicy, we're already doing that.04:01
NCommanderbluefoxicy, not for jaunty, but jaunty+1, MAYBE04:01
NCommanderbluefoxicy, its not trivial, you really do need to rebootstrap to make it happen due to the interdependencies in the base system.04:02
bluefoxicyI have someone that wants to do that plus some other stuff04:02
bluefoxicybut the only thing that's stopping him is rebuilding world04:02
bluefoxicyfrom scratch04:02
bluefoxicynon-trivial... no kidding.04:02
NCommanderbluefoxicy, trust me when I say if it was that easy, it would have been done already ;-)04:03
keesbluefoxicy: what toolchain modifications does your friend want to see?04:31
keesbluefoxicy: but, if you want, look at "hardening-wrapper" and see how it works.  Then you could do archive rebuilds with it installed and enabled.  see https://wiki.ubuntu.com/Security/HardeningWrapper and/or http://wiki.debian.org/Hardening04:32
keesbluefoxicy: the stock kernel in ubuntu already supports PIE load randomization04:33
keesbluefoxicy: also, there is a up to a 15% performance loss on 32bit for PIE04:33
keesI would recommend only doing this on 64bit.04:33
bluefoxicykees: I can't see that.  Is that theoretical?04:34
keesbluefoxicy: it's not theoretical.  I've measured it for certain workloads (like, say all of python)04:34
keesas far as 64bit PIE, see https://wiki.ubuntu.com/64BitPIEDefaultSpec04:34
bluefoxicyI did a complete system profile once using oprofile and the overall real impact was about 0.02%  <_<04:35
keesbluefoxicy: but most stuff isn't .text heavy (like most scripting languages) and in those cases, it's about 5% loss04:35
bluefoxicyhowever, microbenchmarks did allow me to produce a 6% performance impact under special conditions (notably, -fomit-frame-pointer gives a 5% speedup, but it's impossible in PIC text)04:35
keesbluefoxicy: 32bit has _very_ few general registers, so stealing one for the relocation thunking really turns up the heat on moving data in and out of memory04:35
keesbut, for some people, it's worth it.04:36
bluefoxicythe flip side of  that is you  really  don't spend any time in the main executable :P04:36
keesas far as doing an archive rebuild, NCommander knows a great deal more than I do about that.  :)04:36
bluefoxicy(except, apparently, with python)04:36
keesI gotta split, hopefully the above links will be helpful.04:37
bluefoxicyyeah, very, thanks04:38
=== bluesmoke is now known as Amaranth
=== warp10_ is now known as warp10
=== thekorn_ is now known as thekorn
=== warp10_ is now known as warp10
=== LucidFox_ is now known as LucidFox
* Keybuk likes git reset13:45
Keybuknow I've figured it out, it's quite useful13:45
maxbDoesn't that sentiment apply to all of git? :-)13:47
Keybukno, lots of git is "ugh", and "wtf", and "why does it behave like *that*"13:47
Keybukother bits are "ok, that's as good as bzr"13:47
Keybukgit reset is special in that it's better than bzr, because bzr is sorely missing such a thing!13:47
jpdsDoes git have an "ignore" function yet?13:47
persiaOooh.  That is nice.  It's the thing that would make me stop doing everything outside VCS just so I can avoid that sort of mistake.13:51
StevenKbzr has uncommit ...13:51
KeybukStevenK: it's not the same13:51
persiaNot at all.13:51
persiaStevenK, It resets the VCS info, while not touching your files, so your files stay dirty (with the changes you wanted).13:52
persiaThe bzr workaround is to always push to somewhere on commit, and run bzr diff before each commit, so you can reapply the patch to the last commit to restore the state when you mess up the next commit.13:53
persia(which is annoying and painful)13:53
=== elkbuntu is now known as elkeee
=== elkeee is now known as elkbuntu
Keybuklool: you didn't commit that watershed change to bzr?15:14
loolKeybuk: Hmm I thought I had checked there was no Vcs-Bzr URL, but I missed it in the showsrc output15:17
loolKeybuk: Will commit now, sorry15:17
lool(I was actually surprized it didn't use Bzr)15:17
loolKeybuk: Pushed, but as a single commit15:20
lool(and tagged)15:20
Keybukthx! :)15:20
gscWhat policy is Ubuntu actually using to push updates to the users? Are they toroughly tested or pushed out asap?15:54
persiagsc, Depends on the type of update.  For the development release, there's usually only developer testing.  For updates to releases, there is significantly more testing.15:55
gscAnd for example a zero-day bugfix?15:56
gscpersia: I can immagine that sometimes an update can break something and the smaller circle of developers cannot forsee all the possible problems on so many different setups and hardware.15:58
persiazero-day bugfix?15:58
gscpersia: I mean a very urgent update that fixes a very serious bug or exploit.15:59
persiaThose go to -proposed, and get tested.  I don't know of anything that went out without testing, although I could be mistaken.  In cases of extreme urgency, I would expect the tests to be performed more quickly, rather than skipped.16:00
gscpersia: why not involve the power-users in this regard? An extra option in the dialog 'installation sources' which power-users can select to get the updates a bit earlier than the rest. That way, a fix/update can be tested on a lot more different setups.16:02
persiagsc, Anyone is welcome to help test -proposed.  I'd recommend joining #ubuntu-testers and reading https://wiki.ubuntu.com/Testing/EnableProposed16:03
Laneygsc: That exists and is called -proposed16:04
persiaI believe (although I've not checked) that a majority of the people who test the updates are not current developers.16:04
directhexgsc, did you file a security bug on launchpad?16:05
gscpersia: i'll look at it. Thanks for the info. I'm not using (k)Ubuntu that long. Always been a (Open)SUSE since 2000.16:05
gscdirecthex: no, I was just curious about the policy.16:06
persiagsc, Thanks for your interest.  I do hope you'd be willing to help test.  One of the biggest blockers to getting good updates out is lack of testers, so more are always welcome.16:07
gscpersia: I already checked the option for proposed. What is the mean time for tested updates via proposed to go mainstream?16:26
persiaI'd say a week or two.16:26
persiaAlso, while I'm glad to introduce you to the testing procedures here, it's a bit off-topic for the channel.  I do encourage you to join #ubuntu-testing and ask more there.16:27
ogragsc, https://wiki.ubuntu.com/StableReleaseUpdates16:28
ograand https://wiki.ubuntu.com/SecurityUpdateProcedures16:29
gscogra: checking those, thanks.16:29
=== asac_ is now known as asac
=== Mez_ is now known as Mez
bluefoxicyinstall security updates without confirmation... seems to not continuously download, or install.  Is it on a schedule?19:09
ZorryNCommander, ping19:47
juliankdocumentation makes developers happy. http://people.debian.org/~jak/python-apt-doc/20:25
PovAddicttranslations indeed got messed up20:50
PovAddictremember yesterday I said the translation packages had gone from 6MB to 22KB?20:50
PovAddictnow things indeed started showing in English20:51
PovAddictreported #31617420:58
ion_lssy cmprsson20:59
=== TheMuso_ is now known as TheMuso
bluefoxicyanyone here good with gdb?23:35
bluefoxicyhttp://rafb.net/p/m1zi2P91.html ok that's a start.23:39
bluefoxicynm, screw gdb.23:40
PovAddicttype bt23:41

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!