[00:09] <ebroder> kees: ++ for "block rare net module autoloading: INPROGRESS" :)
[00:12] <kees> ebroder: hehe :)
[00:12] <kees> ebroder: https://lists.ubuntu.com/archives/kernel-team/2011-January/013990.html
[02:55] <lifeless> mathiaz: https://bugs.launchpad.net/launchpad/+bug/650487
[11:45] <PetrHH> Hello
[11:45] <PetrHH> my program is using mysqld and stores data in user's home directories
[11:46] <PetrHH> so I have to add one rule to /etc/apparmor.d/usr.sbin.mysqld
[11:46] <PetrHH> but I'm afraid what happens after update apparmor. Will be this file restored with default values?
[11:47] <PetrHH> May I create my own rule file and put it somewhere? Where?
[11:47] <PetrHH> Thank you for help.
[11:57] <soren> PetrHH: Your changes won't be overwritten.
[11:57] <shankao> I think that you'll be offered to keep, replace or diff the changes
[11:57] <soren> PetrHH: The user will be prompted about the changes.
[11:57] <soren> PetrHH: What I recommend instead is a separate file.
[11:57] <soren> PetrHH: That grants the additional privileges.
[12:00] <PetrHH> soren, Thank you. Separate file will be better. Do you have any idea where to place it and the name of file? I tried to find it in apparmor documentation but is is huge and very complicated.
[12:10] <soren> PetrHH: I'd rather leave that to someone who's actually any good with apparmour. jdstrand, perhaps? ^^
[12:14] <PetrHH> soren, Thank you for your help. I'll wait for jdstrand and will ask him.
[12:28] <sbeattie> PetrHH: /etc/apparmor.d/usr.sbin.mysqld is a conf file, and so on updates you'd be prompted to keep or drop your changes to that file.
[12:28] <sbeattie> PetrHH: if you're running maverick, you can make your changes to /etc/apparmor.d/local/usr.sbin.mysqld and it will keep them and avoid prompting you on updates.
[12:29] <sbeattie> (remember to do /etc/init.d/apparmor reload after making your changes)
[12:29] <PetrHH> sbeattie, I'm afraid whe user will be prompted, he will click to drop changes and it will be gone :-)
[12:30] <PetrHH> I'd like to have packages for version 10.04 and newer
[12:30] <PetrHH> and now using 10.04
[12:33] <soren> sbeattie: Is it possible to add a completely separate file that grants additional privileges to /usr/sbin/mysqld?
[12:34] <soren> sbeattie: Or will whichever is loaded last take precedence or something like that?
[12:34] <soren> sbeattie: ...since this doesn't really seem like "local" modifications. They're modifications that another package wants to make.
[12:37] <sbeattie> soren: the shipped apparmor policy needs to be constructed to do that, but yes, it's possible to arrange things so that additional packages can drop files into a .d/ directory that gets automatically included.
[12:38] <soren> sbeattie: Hm... Ok. What were to happen if I just added another file in /etc/apparmor.d/ that also tried to set some rules for a file that was covered by another file?
[12:38] <sbeattie> soren: we do this right now for the example apache2 profile we ship in (I think) the apparmor-profiles package; it automatically imports stuff from /etc/apparmor.d/apache2.d/
[12:40] <sbeattie> soren: they'll be treated as separate profiles, and one will be loaded instead of the other (last one wins, probably)
[12:40] <soren> sbeattie: Ok, that's what I thought.
[12:40] <soren> sbeattie: Thanks!
[12:40] <sbeattie> soren: sure
[12:41] <soren> PetrHH: So, it seems you want to file a bug against the mysql packages, asking for such a directory, and then you'd provide such a file in your package.
[12:41] <soren> jdstrand: Never mind, we sorted it out.
[12:43] <PetrHH> I add this @{HOME}/.config/cqrlog/database/** rwk, line to usr.sbin.mysqld
[12:44] <PetrHH> I'm not sure what you mean. I should add bug to mysql package and ask for add my line to apparmor profile?
[12:45] <soren> PetrHH: No.
[12:45] <soren> PetrHH: 12:37 < sbeattie> soren: the shipped apparmor policy needs to be constructed to do that, but yes, it's possible to arrange things so that
[12:45] <soren>                   additional packages can drop files into a .d/ directory that gets automatically included.
[12:46] <soren> PetrHH: So, you file a bug asking for such a .d/ directory, and then you adjust your package to drop a file into that directory, granting this additional privilege to mysqld.
[12:46] <sbeattie> PetrHH: after you file the bug, please add me as a subscriber to it (my launchpad id is the same as my irc nick)
[12:50] <PetrHH> sbeattie, I just tried to create new file called usr.sbin.mysqld-cqrlog and add my rules to it
[12:50] <PetrHH> and after that I restarted apparmor
[12:51] <PetrHH> and it is working
[12:51] <PetrHH> It looks like no bugs needed
[12:52] <sbeattie> PetrHH: no, the bug is still needed; in your case, your mysql profile with the added rules happens to be winning (or really, losing) a "race" and if the apparmor int script decides to load the policies in a different order in the future, it will stop working.
[12:55] <sbeattie> (also, if we ship a mysql update with an update to its apparmor profile, your copied profile won't get the changes.)
[12:55] <PetrHH> sbeattie, Now I understand. It works because my fire rewrites rules whis were set before
[13:19] <PetrHH> sbeattie, Is there any way how to do it? I have ask for that directory all distributions using apparmor and wait if they agree and add directory for me
[13:20] <PetrHH> I don't thing that is good.
[13:22] <PetrHH> I know that akonadi is also using mysqld
[13:22] <PetrHH> but it looks they have their own mysqld called mysqld-akonadi
[13:23] <PetrHH> so they just add their own rule to apparmor.d
[15:45] <cdbs> Any idea why this FTBFS is happening? http://launchpadlibrarian.net/62113228/buildlog_ubuntu-natty-amd64.haveged_0.9-3ubuntu1_FAILEDTOBUILD.txt.gz Is GCC broken in natty?
[15:45] <cdbs> doko: ^
[15:56] <cdbs> Okay thanks, I got it
[16:00] <cr3> when preseeding, what's the difference between partman-partitioning/confirm_write_new_label and partman/confirm_write_new_label?
[16:01] <JackyAlcine> cr3: One writes a drive label, while the other a volume label.
[16:02] <cr3> JackyAlcine: thanks, exactly what I needed to know
[16:02] <JackyAlcine> No problem.
[16:03] <cjwatson> JackyAlcine: no, that is not correct.
[16:03] <cjwatson> cr3: the former exists, while the latter does not (any more).
[16:03] <cr3> cjwatson: since when?
[16:04] <cjwatson> cr3: partman-base 114, so hardy.
[16:05] <cr3> cjwatson: man, someone dropped the ball and that's me :)
[16:05] <cjwatson> in both cases, "label" refers to the partition table (traditionally called "disklabel" especially by the BSDs)
[16:05] <cjwatson> (I know they aren't quite the same thing but the abstraction is similar)
[16:08] <hallyn> tseliot: SpamapS is having broadcom troubles - dkms failed to build the module.  what manual steps can he take to get it up so he can run?
[16:09] <tseliot> hallyn: I need to see the error
[16:09] <hallyn> tseliot: he did symlink bcm43xx-0.fw under /lib/firmware/brcm
[16:09] <hallyn> hm
[16:09] <hallyn> tseliot: /var/lib/dkms/bcmwl/.../build/src/wl/sys/wl_linux.c: IN function 'wl_attach':
[16:09] <hallyn> 487:3: error: implicit declaration of function 'init_MUTEX'
[16:10] <doko> cdbs: look at the config.log?
[16:10] <cdbs> doko: I got it.
[16:10] <tseliot> hallyn: that happens without the patch that I uploaded
[16:10] <cdbs> doko: it was a simple change, the CC var was being set improperly
[16:10] <hallyn> he just updated this morning
[16:10] <hallyn> nm,
[16:10] <hallyn> tseliot: apparently he did not :)
[16:10] <hallyn> tseliot: thanks
[16:10] <tseliot> hallyn: np
[16:11] <hallyn> tseliot: however, i did a dpkg -i of the kernel package this morning (to revert some test changes), and lost the firwmare links again.
[16:11] <hallyn> tseliot: i just symlinked them and was back up, but assume i shouldn't have lost them
[16:11] <tseliot> hallyn: firmware links?
[16:12] <hallyn> /lib/firmware/brcm/bcm43xx-0.fw and bcm43xx_hdr-0.fw
[16:12] <hallyn> after dpkg -r linux-image; dpkg -i /var/cache/apt/archive/linux-image....deb, they were gone
[16:12] <tseliot> hallyn: what problem are you trying to solve?
[16:13] <hallyn> tseliot: what do you mean?  i had a custom linux-image that i wanted to revert (with higher version # than current kernel)
[16:13] <hallyn> tseliot: point is just that 'dpkg -r; dpkg -i' seemed to kill my broadcom firwmare setup
[16:14] <hallyn> tseliot: so someone might end up having problems, is all i'm saying
[16:15] <tseliot> hallyn: the modules that dkms provides should override whatever the kernel has. I'm not sure about firmwares though
[16:15] <tseliot> this is why I was asking
[16:17] <hallyn> tseliot: after wireless wasn't working i tried to remove and install 'linux-firmware', but that didn't do it.  So basically I have no idea (a) why the firmware first disappeared, or (b) where it is *supposed* to come from  (am i supposed to do some dkms command?)
[16:21] <tseliot> hallyn: wait a second, the broadcom package shouldn't have anything to do with that firmware file. It only blacklists bcm43xx when you install it (it also does modprobe -r)
[16:22] <hallyn> tseliot: i have no idea what removed that firmware file
[16:23] <hallyn> if/when it happens again i'll try to pay more attention :)
[16:24] <tseliot> ok
[16:37] <apw> pitti, hey ... seems a huge hunk of kernel's WIs have gone missing: http://people.canonical.com/~platform/workitems/natty/canonical-kernel-team.html
[16:37] <apw> pitti, aware of the cause ?
[16:41] <pitti> apw: I wasn't aware of that, no
[16:41] <pitti> apw: I added some extra textual "over time" report, but didn't change anything in the collector
[16:42] <apw> pitti, hrm, i wonder if it happened to anyone else
[16:42] <pitti> so it wasn't just your team dropping WIs for natty
[16:43] <apw> pitti, not that i am aware of, i see desktop has a smaller drop at the same time, much smaller
[16:44] <apw> pitti, but perhaps someone broke a work item list during an update
[16:44] <apw> pitti, so will investigate on that angle for now
[16:48] <apw> pitti, ok it seems to be all of one of my team members items which are gone, it must be user error, panic over
[16:50] <micahg> doko: a build error, foo is defined in DSO /usr/lib/bar.so is a no-add-needed error?
[16:50] <doko> micahg: most likely, yes. build log?
[16:50] <micahg> doko: https://bugs.launchpad.net/ubuntu/+source/libxml++2.6/+bug/699897/+attachment/1787247/+files/last_operation.log
[16:51] <micahg> I just want to get the terminology right when upstreaming the patch
[16:51] <apw> jdstrand, hey .. have you been post-poning work items on n-security-apparmor ?
[16:51] <SpamapS> Hm, so I just updated to natty and it seems like many of my gnome settings are being ignored
[16:51] <SpamapS> err. updated to the latest natty, been on natty a while now
[16:52] <SpamapS> keyboard settings.. gtk theme.. all stuck at default
[16:52] <doko> micahg: "so try adding it to the linker command line" together with the information that the referenced symbol is not in a library but in examples/dom_build/main.o
[16:52] <micahg> doko: yeah, that works, I just wanted to know what to call it
[16:54] <pitti> apw: did your team structure change recently?
[17:00] <apw> pitti, turns out it is security ... they have posponed a bunch of stuff without marking them postponed, but by moving them over to a new invalid title
[17:00] <apw> i think i need to get them to copy them back ... will poke
[17:01] <pitti> apw: ah, that explains it, thanks!
[17:01] <kees> apw: right, we moved a huge chunk of future work out. we can dup it back as postponed if you want?
[17:01] <pitti> *phew*
[17:04] <robert_ancell> ScottK, The recent WebKit build failed due to differing C++ symbols (there is one .symbols file in the WebKit debian/ dir).  I tried the instructions in http://pkg-kde.alioth.debian.org/symbolfiles.html, but it only modifies one symbol and the build failures show multiple symbols that conflict.  Do you know a method of making the .symbols file work in natty?
[17:17] <pitti> apw: evo says "room to be announced"
[17:24] <robert_ancell> doko, do you have any ideas about this symbol issue? ^^^
[17:25] <doko> robert_ancell: use the unmangled name?
[17:26] <robert_ancell> doko, how do I do that?  I tried the pkg-kde method but it didn't seem to work
[17:26] <doko> robert_ancell: dpkg-gensymbols(1)
[17:28]  * SpamapS just gives up and gets back to work on his ugly grey circa 1999 gnome desktop
[17:30] <robert_ancell> doko, thanks
[17:46] <mpt> YokoZar, hi, I'm doing the Wine-in-USC spec now. Is there a name for that standard you've come up with for finding+removing "managed" Wine applications?
[18:18] <ebroder> RAOF: by the way, having dug more deeply into the g-s-d code, it does set a mode when it launches, it just does so using completely different logic from when a monitor gets hotplugged. so the X patch would not be strictly necessary, but would likely make the transition a bit less flickery
[18:20] <SpamapS> slangasek: I tried 8 nfs mounts with the new portmap/statd and delays inserted in fsck/statd/portmap .. seems to work though I'm not sure why.
[18:22] <jussi> I remember Scott Remnant was working on android apps natively in ubuntu - does anyone know what happened to this? do they work, are the bits available somewhere?
[18:25] <RAOF> ebroder: The g-s-d modeset-on-startup is kinda a bug - seb patched it (in Maverick?) to check a gconf key to determine whether or not to actually do that.
[18:45] <robbiew> jussi: you might try asking rickspencer3
[18:46] <jussi> robbiew: ok, thanks!
[20:32] <SpamapS> slangasek: ok I figured it out. The reason it works ok is that mountall blocks *before* forking to run the mount command.
[20:36] <jhunt_> apw: just noticed that magic sysrq appears to be enabled in natty, although /proc/sys/kern/sysrq is 0... ?
[20:41] <hockebocke> are there any ubuntu gnome devs channel?
[20:42] <kklimonda> hockebocke: most of the team responsible for gnome on Ubuntu sits in the #ubuntu-desktop
[20:42] <ogra> Daviey, http://www.grawert.net:81/rooms/, http://fhem.de/fhem.html and the hw is http://www.elv.de/Sensoren/x.aspx/cid_74/detail_1/detail2_1738 and http://www.elv.de/output/controller.aspx?cid=74&detail=10&detail2=28194&flv=1&bereich=&marke= .... sorry, all german
[20:43] <hockebocke> kklimonda: thanks!
[20:43] <ogra> Daviey, its operating on 868,35 MHz wireless
[20:46] <Daviey> ogra, thanks!
[20:48] <kamal> cjwatson, or other GRUB2 folk:  Various references claim that you need to hold the *left* shift key to get the GRUB2 menu to come up, but I find that the right shift key works just as well on the couple of machines I've tried.   Is there any truth to that "left shift only" requirement?
[20:48] <apw> jhunt_, define enabled?  which thing can you do which you expect to be disabled ??
[20:49] <cjwatson> kamal: no truth AFAIK
[20:49] <jhunt_> apw: use magic sysrq keys (ie alt+sysrq+u)
[20:49] <kamal> cjwatson: ok thanks
[20:49] <apw> jhunt_, doens't seem to work on mine ... sysrq h works when it is 1 and not when 0
[20:49] <apw> jhunt_, does h work for you?
[20:49] <cjwatson> kamal: the code explicitly checks both left and right shift
[20:49] <jhunt_> apw: The machine is sitting next to me if you're interested.
[20:49] <cjwatson> +  if (mods >= 0 &&
[20:49] <cjwatson> +      (mods & (GRUB_TERM_STATUS_LSHIFT | GRUB_TERM_STATUS_RSHIFT)) != 0)
[20:49] <cjwatson> +    return 1;
[20:50] <kamal> cjwatson: that's pretty convincing :-)
[20:50] <apw> cjwatson, heh thanks
[20:50] <apw> jhunt_, where are you
[20:51] <jhunt_> apw: alamo 1
[20:54] <achiang> speaking of grub, is it possible for a system that is already using grub1 to migrate to grub2?
[20:55] <cjwatson> yes, just install grub-pc
[20:56] <cjwatson> https://help.ubuntu.com/community/Grub2#Upgrading%20to%20GRUB%202
[20:57] <achiang> thank you
[21:01] <achiang> does anyone know where software-properties stores its configuration information, such as frequency of updates, etc.? i'm poking around in there and in python-apt, but nothing is jumping out at me
[21:05] <achiang> ah, narrowing in
[21:06] <cjwatson> achiang: /etc/apt/apt.conf.d/ somewhere IIRC
[21:06]  * achiang finds a write_config() method in software-properties that does indeed write to /etc/apt/apt.conf.d
[21:06] <achiang> thanks cjwatson
[21:07] <achiang> oh, and it writes to /etc/cron.daily/apt, etc.
[21:07] <cjwatson> no, it just makes sure that's executable
[21:10] <bigon> is there a public list of blacklisted packages ?
[21:11] <micahg> bigon: http://people.canonical.com/~ubuntu-archive/sync-blacklist.txt
[21:11] <bigon> thx
[21:11] <achiang> cjwatson: hm, yeah. actually, i wonder if i made any progress at all on this question
[21:15] <ScottK> robert_ancell: So far it's worked for me.  Not sure what's up.
[21:20] <apw> jhunt_, yep after reboot i have the same, and the bug is obvious ... bah
[21:20] <apw> thanks
[21:21] <jhunt_> apw: np
[21:50] <bigcx2> hey all
[21:50] <bigcx2> i have a question about cdbs, namely the autotools makefile
[21:51] <bigcx2> there's a flag called DEB_CONFIGURE_SCRIPT_ENV
[21:51] <bigcx2> where the options passed into that can get pushed through to the ./configure script
[21:52] <bigcx2> is there any way to set the flag without hardcoding it in debian/rules?
[21:52] <bigcx2> aka passing it into dpkg-buildpackage, pbuilder, etc.
[21:52] <bigcx2> ?
[21:53] <cjwatson> you can set an environment variable on calling dpkg-buildpackage and that may be passed through if you're lucky
[21:53] <bigcx2> what if i'm unlucky :/
[21:54] <JackyAlcine> bigcx2: Good chances you aren't.
[21:54] <bigcx2> yea, i'm thinking i'm unlucky
[21:54] <bigcx2> i'm trying it right now, but i don't think it will work
[21:55] <bigcx2> i was also thinking of using dpatch, but i don't think that will work for patching debian/rules either...
[21:55] <cjwatson> no.  why not just change debian/rules?
[21:56] <cjwatson> also, note that if you're using debuild then you have to pass environment variables in a special way; see its manual page
[21:57] <bigcx2> the way the source of the package works is you have to pass a special environment variable to ./configure to set it up based on a given directory
[21:57] <bigcx2> i'd rather not have to have the package builder edit debian/rules if possible
[21:58] <bigcx2> looks like i'm unlucky
[22:01] <bigcx2> poop, i don't think there's any other way to get around it
[22:47] <sconklin> pitti: do you know what happened to the verification tags?
[22:48] <cody-somerville> cjwatson, re: LP #664115, is there a test case I can perform to verify that removing the 'udevadm settle' call doesn't break whatever it was originally added in for.
[22:48] <cody-somerville> ?
[22:48] <pitti> sconklin: I think so; most bugs have them, but I found those which don't: bug 669279 bug 493156
[22:49] <pitti> sconklin: the problem with those is that these bugs are filed against the wrong package
[22:49] <pitti> sconklin: the latter was fixed in linux-ec2, not linux
[22:50] <cjwatson> cody-somerville: not as such.  the original change was for either LVM or RAID installs, possibly both.
[22:50] <sconklin> it looks to me like none of the lucid ones have them. https://kernel-tools.canonical.com/srus.html
[22:51] <sconklin> all the ones with the triangle logo don't have the tags
[22:58] <pitti> sconklin: unsure; I just might have forgotten to run the script for lucid, doing now
[22:59] <bjf> pitti, if you look at the url sconklin pointed you too, you can see that it needs to be run for maverick as well
[23:00] <pitti> sconklin, bjf: sorry, LP just pulled the rug underneath me; need to run maverick later
[23:00] <bjf> pitti, ack
[23:00] <ogra> cjwatson, can you let ti-omap4-software-channel-0.1 into the archive (its in NEW) so i can close the WI
[23:03] <StevenK> I'd suggest that isn't now, due to LP being down
[23:05] <cjwatson> indeed
[23:07] <ogra> grmbl ... yeah, cant close WIs
[23:08] <ogra> (though the LP message is "will be down very soon")