[00:00] kirkland: definitely jealous of your trip.. Plitvice has been on my todo since I saw pics. [00:10] SpamapS: heh, yeah, you'd love it ;-) [00:16] hmmm [00:16] i've got a kernel panic [00:16] on a rubbish KVM [00:16] is there a way to RSEIUB without the sysrq key? [00:16] I can hold alt, but not sysrq [00:17] i can only 'tap' print screen rather than simulate a hold [00:24] lbor/win 2 [00:24] lol === jjohansen is now known as jj-afk [01:20] why is aptitude shipped as part of UEC? [01:21] oh, nm, tasksel depends on it. Shutting up now :-) (although I'm still confused on why its Task: uec) [02:58] Can anyone here help me with a question about load balancing [04:26] New bug: #787312 in samba (main) "package smbclient 2:3.4.7~dfsg-1ubuntu3.6 failed to install/upgrade: subprocess dpkg-deb --fsys-tarfile returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/787312 [05:04] Hey guys. Have a cron question. I'm trying to do a rolling backup across all nodes in our cluster. Each node will need to run every 6 hours. I can do all the maths in chef, but I'm unsure the best way to enter them into cron. Essentially every node will run ever 6 hours, but with our 3 nodes they need to be in 2 hour offsets. I, I. N1: 0,6,12,18 N2: 2, 8, 14, 20, etc [05:05] Is it possible to do this with the */6 syntax, or do I need to list the hours explicity? [05:11] toddnine: you may want to look into something like bacula [05:12] SpamapS: Thanks for the response [05:12] I'm actually good on the backup solution itself. It's a custom program we've written to sync our Cassandra data with S3 for disaster recovery [05:12] toddnine: it has more sophisticated capabilities for scheduling and can very easily do differential/incrementals ... plus it uses a database to track files so restoring is generally very very efficient [05:13] Staggering it across the nodes is the issue, and across 2 DCs on 2 sides of the world :) [05:13] ah you're out there on the edge. :) [05:13] yeah Bacula can automatically stagger servers in groups [05:13] but.. you probably have to run some "dump my data" thing out of cassandra [05:14] Yeah, exactly [05:14] the script and the backup itself works really well [05:14] it's the timing of the automation. I can work out the math in my chef recipes, but I'd rather not :) [05:14] looks like I don't have much of an option [05:15] so, you can just do something really lame and have the servers you want offset sleep for 3 hours.. [05:16] how so ? [05:16] Or, what I'd do.. I'd have one script that manages all of the backups.. so it would just make sure that no more than X ran at once, and start itself every 6 hours. [05:17] Yeah, who controls the backup though? [05:18] the server backer upper [05:18] :p [05:19] and what if it crashes :) [05:19] there is no "it" in the cloud [05:19] always "they" [05:19] exactly [05:19] otherwise its not webscale [06:13] SpamapS: around ? [06:14] * lifeless looks for ubuntu server team members to help diagnose an lp issue with their team === smb` is now known as smb [09:01] Hey guys, I need some help getting a script to run even after I close the SSH window [09:02] fastveg: start-stop-daemon, nohup, screen. the last one is kind of dirty and you should use one of the first two. [09:02] Someone said that you could basically just put an & symbol at the end of the command and it should work, but I'm not having any luck with that [09:03] fastveg: no, just sending the process to the background (with the ampersand) won't work. it's still attached to the login session [09:03] joschi, thanks... let me show you the script and if you could help me format it.... one sec [09:04] scrapy crawl domain.com --set FEED_URI=filename.json --set FEED_FORMAT=json [09:05] so this is a python script that crawls a bunch of urls and returns the output as a .json file [09:05] (using the scrapy python framework) [09:06] I actually did try to use screen, but didn't have luck witht hat either.... but I'm not sure I formatted correctly [09:08] joschi: someone said to use screen like this: screen -dmS my_app python bla.py -- but how would that look on the script above? [09:10] fastveg: exactly as you wrote it ;) [09:10] instead of bla.py put in your script call [09:11] does the word python still need to be there? because I took that out last time. [09:11] also, thanks for the info about &, I was trying to google exactly what it did, which was entirely impossible [09:13] fastveg: see section JOB CONTROL in bash's man page [09:14] fastveg: the "python" just calls the script as a parameter of the python interpreter. if it has a proper she-bang (#!/usr/bin/python or similar in the first line), it'll work without the "python" [09:15] joschi: thanks. why is screen considered hacky compared to the other two methods? [09:16] and will screen still work if I exit the ssh session (unlike ampersand?) [09:16] fastveg: screen's purpose is to multiplex terminals for interactive usage. it has far too many features you won't need [09:16] fastveg: yes, it'll work [09:16] you just have to detach the session instead of quitting screen [09:16] dude, thanks so much, great info. have a good day. [09:18] joschi: detach the session = closing the terminal window? or something else? [09:18] fastveg: try ctrl-a + d ;) [10:03] I've installed openssh-server and /etc/ssh/sshd_config is empty, is that ok? [10:22] <_ruben> nope [12:26] New bug: #787496 in tomcat6 (main) "tomcat6-user 6.0.24 with confluence deadlocks" [Undecided,New] https://launchpad.net/bugs/787496 [13:14] SpamapS, so i ran fsck -yf /dev/mapper/volume_name -- it ran, says everything is clean but i still have issues with that folder [13:15] any ideas? [13:16] am i running fsck wrong ? i booted into single user mode and unmounted /dev/mapper/volume_name [13:18] like right now, ls -al is taking 10% of my cpu.. [13:18] trying to read that folder [13:51] would anyone know why logwatch delivers it's email to me everyday at 6:25am, but when I check mail it says no new mail. if i go into my Maildir I see the new mail sitting in the new folder [13:59] hggdh, console output (get-console-output) is your only hope at that point. [13:59] smoser: so I was not wrong... and jj-afk confirmed it is an issue, anyway [14:00] smoser: thanks [14:00] what was the problem ? [14:00] maverick proposed does not boot on m1.small [14:20] morning all [14:20] Morning [14:22] smoser: hi, are you the "owner" of uec-images.ubuntu.com basically? [14:22] smoser: I ask because I'm switching the way we access that query directory from http to https [14:23] smoser: seems to work, ssl is available, but I wanted to ping you about it [14:29] ahasenack, yes. you should use https, and it is available by design. and yes, i supposed i "own" it as no one else does [14:29] but hopefully that will be moving to more "release team" at some point soon [14:30] smoser: cool, thanks [14:30] ahasenack, remember, rsync is also available. [14:31] but there would be no way to do ssl over that i dont think. [14:31] smoser: but it's such a small file [14:31] and we don't sign that data. [14:31] yeah, we got a request for some sort of detached gpg signature for that file, or inline [14:31] but one step at a time [14:32] hggdh, smoser Am on it (maverick ec2) [14:32] ahasenack, what file would you want signed? [14:33] smoser: released.latest.txt === hito_jp0 is now known as hito_jp [14:33] smb, i was about to bother you about lucid-updates. its still just '-proposed'. we expect new kernel in -updates sometime soon still? [14:34] ahasenack, is that enough for you though? [14:34] smoser: that and https, I think we are covered [14:34] why would you need signed *and* https? [14:34] probably signed would be enough too [14:34] smoser: I can switch to https right now with a one-line change in the code, but switching to verifying a signature is much more involved [14:34] right. [14:35] and why would you not want /query/maverick/server/released.txt signed also ? [14:35] "%s/server/released.current.txt" % ubuntu_release) [14:35] that one too [14:35] I'm just looking through the code [14:35] and finding all the bits we fetch [14:36] New bug: #787551 in ntp (main) "ntpdate 4.2.6p2@1.2194-o: "no server suitable for synchronization found" - works with 4.2.4p8@1.1612-o " [Undecided,New] https://launchpad.net/bugs/787551 [14:36] smoser, I would not be the authoritative source there. I lost track a bit. Probably best ask sconklin or bjf [14:37] k [14:37] ahasenack, right. === marrusl_ is now known as marrusl [14:46] New bug: #787558 in openvpn (main) "package openvpn 2.1.3-2ubuntu3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/787558 [14:51] anyone using a Drobo (specifically Drobo-s) with server? any tips on formatting, lun size, etc? [14:59] Hello. Is there any way of installing a package with PHP 5.2 in Ubuntu Server 10.04? [15:00] A customer had a lot of apps and they're not working with PHP 5.3. I'd rather not have to compile it... [15:02] I'm having some trouble getting a command to continue to run after I disconnect ssh [15:03] The command is formatted like this, it's a python script: scrapy crawl domain.com --set FEED_URI=filename.json --set FEED_FORMAT=json [15:03] I tried to use screen and did this: screen -dmS my_app python scrapy crawl domain.com --set FEED_URI=filename.json --set FEED_FORMAT=json [15:04] but nothing happened. is the my_app supposed to be in there? [15:04] first time using screen [15:06] ahasenack, so... i guess to effectively sign things, i'd probably just put a top level file with MD5SUMS (and/or SHA1SUMS) and then a signature on that file. [15:12] fastveg: have you tried #screen? [15:13] haven't ;) [15:16] smoser: works [15:49] hallyn: what are you calling "escape mode" ? [15:51] 'ctrl-a escape'. [15:51] guess i'm not sure what screen calls it [15:51] hallyn: okay, okay, in scrollback mode [15:51] hallyn: screen calls it "copy" mode [15:51] hallyn: i call it "scrollback" mode [15:52] hallyn: okay, so you'd like screen to obey more vi-bindings when in scrollback/copy mode? [15:52] right [15:53] these days i pretty much exclusively use that for cut/paste on terminal [15:53] (bc the S10-3 touchpad sucks so bad) [15:53] hallyn: okay, http://manpg.es/screen.1 [15:53] but it's too slow bc i have to think about only using b/w [15:53] hallyn: search for " copy" [15:53] hallyn: I think it's the second hit [15:54] hallyn: this is definition of what's available keybinding-wise, while in scrollback mode [15:54] meh, thanks [15:55] hallyn: to add more, we'll need to patch/enhance screen itself [15:57] what percent of the file are you at? I don't see a list of available commands. I do see a list of the default bound ones [16:00] all right i guess i'm gonna have to patch that === unreal_ is now known as unreal [16:18] lifeless: I wasn't around then, around now. [16:18] andygraybeal: *interesting* [16:18] SpamapS, it's totally my fault [16:18] omg, i had a script that was going wacko and i'll explain more when i get time to the ubuntu-server mail list... i need some help [16:19] fsck checked fine and everything fine, it's that i'm an idiot [16:19] giddie goat... [16:20] SpamapS, thank yuo for the hand holding [16:20] i had a script that was making files exponentially [16:20] gah!!!!!!!!!!! === mconigliaro_ is now known as mconigliaro [16:25] andygraybeal: sweeeeet [16:25] andygraybeal: so there were like, a bazillion files in there? [16:25] yea [16:25] why didn't I think of that? :-P [16:25] hahahaha [16:25] ;) [16:26] oh well now you got a little maintenance on the FS out of it. :) [16:26] 0 bytes.. all of them [16:26] ya, i need help from the list to re-write my script.. i'll get to that soon. yuo can laugh when you see what i was doing. [16:28] If you've never crashed a server by doing something recursive or exponential, you haven't worked on Unix. :) [16:29] * patdk-wk loves recursive functions :) [16:29] easy to get yourself in trouble though [16:29] SpamapS, :)))) [16:30] * genii-around remembers a server which kept trying to write to /var/log about /var not being able to mount [16:30] hah, nice [16:47] genii-around: using /var on dedicated filesystem isn't really what I do with most servers (anymore) [16:47] * ScottK remembers discovering that the fish protocol would try to transfer all files in parallel when he tried to move about a quarter million small files all at once. [16:48] That was also the day I learned about fork bombs. [16:48] lol [16:49] * RoyK somewhat misses the days of CGI - I DoSed a server all by myself once, back in 1998 or so, just by trying to 'fix' a poll === jj-afk is now known as jjohansen [17:07] Hi. On my production servers I'd like for Users to be prompted to enter a description of what work they're performing upon SSHing in. Ideally I'd log the message to the auth.log or something similar. Anyone have experience doing something like this? I'm trying to determine the best place to do this. Should I specify a PROMPT_COMMAND in my authorized keys files? Do I need to create a custom shell that invokes bas [17:19] CharlieSu: my first thought is to put a forced command (script) that will ① execute a separate script asking & processing the info and ② proceed to log in normally [17:30] ScottK: you're telling me not to bother with the packaging request bugs? [17:30] I think they are a waste of time. [17:31] ScottK: I was following https://wiki.ubuntu.com/UbuntuDevelopment/NewPackages [17:31] It's optional. [17:31] hm [17:31] If you want to do UDD.. [17:31] you won't show up in the sponsoring queue w/o a bug [17:31] so what is the alternative? just ask someone to sponsor and dput? [17:31] "just ask someone" is not exactly scalable.. [17:31] given it's 4 or 5 packages, i'd prefer to avoid one bug per [17:32] SpamapS: you can't scale me anyway, foo! [17:32] Neither is the sponsoring queue for new packages [17:32] Daviey: let me know when you send the email [17:32] 99% of the time the new packages should go into Debian anyway. [17:32] Since it's several related packages, my advice is find a dev that's at least sort of interested and work with them. [17:32] Agreed. [17:33] the maintainer relationship there is stronger, so unless there's a good reason not to put it in Debian, you should man up and be the Debian maintainer, or the package won't be taken care of on the right level in Ubuntu. [17:33] SpamapS: SPICE does have some reasons for going to Ubuntu first. [17:33] but hallyn is beter placed to answer that. [17:33] SpamapS: yes, there's good reason not to put it in debian [17:33] Daviey can sponsor then. [17:34] Such as, we want to make sure Debian doesn't have it first? ;-) [17:34] Daviey: mind sponsoring? [17:34] like, DFSG reasons? === NG_ is now known as ng_ [17:34] SpamapS: Speaking of which, are you in NM yet? [17:34] hallyn: show me the mone^D branches / dsc's [17:35] SpamapS: no... hallyn will answer this better, but it was more aligned with versioing of things... and Debian being "somewhat" off another stable release. [17:35] ScottK: I've got key signatures and I'm maintaining a few packages. I think next is finding a DD to carry my flag. [17:35] SpamapS: see bug 787220 [17:35] Launchpad bug 787220 in ubuntu "[needs-packaging] celt051" [Wishlist,New] https://launchpad.net/bugs/787220 [17:35] Did I see a DM application from you recently? [17:35] I don't remember. [17:35] ScottK: no [17:35] SpamapS: Ask your Debian sponsor if you're ready for DM. [17:36] Daviey: lemme clean up the copyright files today. but the sources are all in ppa:serge-hallyn/spice2 [17:36] Daviey: if you prefer, i can push a tarball to p.c.c [17:37] hallyn: either way suites me. [17:37] hallyn: can you explain the reasoning again for going to Ubuntu first? [17:37] ScottK: I've had 5 different sponsors. :-P [17:37] SpamapS: You only need one to say yes. [17:38] Daviey: sure. there's a few interlocking reasons, first is that we want it in main (preferably) by 12.04. Debian doesn't care to rush it bc they have no release for 2 years. [17:38] Daviey: now, spice depends on celt (for now), which is under development. Each new version of it is not compatible with the previous [17:39] pmatulis: I'm actually doing this PROMPT_COMMAND="other.sh;$PROMPT_COMMAND"; [17:39] Daviey: spice may drop celt at some point, but they won't switch versions until celt hits a stable release (which may never happen) [17:39] ScottK: I will be working closely w/ Nobert on MySQL, and slangasek on upstart stuff in Debian this cycle. [17:39] Great. [17:39] pmatulis: in /etc/profile.d/question.sh where other.sh logs to my logger [17:39] ScottK: I figure they'll get tired of me bugging them and we can do it then. [17:39] Daviey: we (and ubuntu) have celt 0.7.1 packaged. spice requires 0.5.1. Debian won't package celt051 for the reasons cited above. So Debian is just waiting. [17:40] Daviey: we coudl patch spice to use celt0.7.1, but then we wouldn't be able to use our client with redhat server and vice versa [17:41] Daviey: let me know if i've not blabbed enough yet :) I htink I outlined it better in the packaging request bug [17:46] hallyn: sounds good to me [18:06] how would I open a website in text only from the command prompt [18:07] fastveg: links2 [18:07] fastveg: w3m http://google.com [18:07] w3m should be installed on ubuntu-server by default [18:08] pici: awesome, thanks. not installed on mine for some reason but I can grab it [18:08] fastveg: links2 has X support [18:08] ahh ok [18:10] haha w3m is sweet. loving the text based google [18:12] * RoyK just tested links2 with X and probably won't use it again :P [18:16] Daviey: ok, so when filling iin the list of copyrights in debian/copyright, do i include things like FSF copyright for install.sh that came through autogen? [18:28] Hi. I'd like to make a custom shell like this https://gist.github.com/989190 so that I can get the reason why people are logging in when they do. Is there a way to something like this without having to do this? If not, is there a way to tell /etc/passwd to try this and then /bin/bash if this file isn't present? === hallyn is now known as hallyn_afk [18:31] Daviey: ok, i think the copyright files are pretyt much sorted out. I prolly went overboard on the spice one and should yank some out. But all of the *oneiric* targeted ones in ppa:serge-hallyn/spice2 are the ones [18:31] Daviey: if i disappear, kim0 is a good one to re-test if you like, once they hit universe [18:31] * hallyn_afk bbl [18:31] hallyn_afk, sorry [18:31] hallyn_afk, no, keep the copyright limited to the upstream files... autogenerated files don't normally matter. [18:34] how do I set fqdn? [18:35] bencc: /etc/defaultdomain and /etc/hostname should do [18:42] bencc: perhaps adding your domain to the search path in /etc/resolv.conf too [18:43] heh, I always hate that :) [18:44] I refuse to ever add a search domain, just causes all kinds of bad dns requests to my recursors [18:46] patdk-wk: how? [18:47] everytime it gets a failed lookup, it appends the search domain to it, and tries again === RoyK is now known as Neverwhere === Neverwhere is now known as RoyK [19:17] is there a "best" or perfered ssh package? for a website production box running 10.4 [19:18] scott[8]: The standard openssh-server package is pretty much the standard. [19:18] thanks. [19:18] With less redundancy in that sentence ;) [19:18] haha === unreal_ is now known as unreal [19:56] New bug: #787733 in apache2 (main) "bug in lamp-server" [Undecided,New] https://launchpad.net/bugs/787733 [20:01] adam_g o/ [20:01] heyo === negronjl_ is now known as negronjl === hallyn_afk is now known as hallyn [20:15] <64MAAJY2L> When changing the port number for ssh in /etc/ssh/sshd_config how do you know which port numbers are safe to use? [20:17] 64MAAJY2L: any port is generally safe, or unsafe [20:18] 64MAAJY2L: if you want to stop people brute-forcing your machine on ssh, use something like fail2ban or denyhosts [20:18] I use the latter, since it's distributed in terms of lists of attackers [20:20] <64MAAJY2L> If I changed the port for ssh in /etc/ssh/sshd_config from 22 to say 80 I'm assuming that would cause problems because port 80 is for http right? [20:21] 64MAAJY2L, it's not going to stop all traffic going to that port [20:21] 64MAAJY2L: just leave it at port 22 [20:21] ^ [20:22] 64MAAJY2L: and just install denyhosts to block bots scanning for passwords [20:22] <64MAAJY2L> Ok I will install denyhosts [20:23] 64MAAJY2L: also, using something like john to probe the passwords of your users might be good - or cracklib to make sure they don't choose passwords like 'beer' [20:24] 64MAAJY2L: moving the ssh port to something else won't help much - a simple scan will show which ports listen to what [20:24] <64MAAJY2L> RoyK: john the ripper right? [20:24] yep [20:24] kirkland: ping ;) [20:24] henninge: howdy [20:25] kirkland: Hi, can you give me a hint about encrypted homedirs? [20:25] henninge: probably ... what's your question(s)? [20:26] kirkland: the man pages seem to only refer to the old "Private" setup (a subdirectory). [20:26] 64MAAJY2L: /etc/services lists what services commonly use certain ports, but in general you could put ssh on any port that doesnt already have a service on it [20:26] kirkland, how is does that change when a complete homedir is encrypted? [20:27] henninge: okay, so you have a user already installed and you want to convert that user to an encrypted home dir? [20:27] no ;) [20:27] 64MAAJY2L: you can use 'netstat -anp' to see what services are bound to what ports [20:27] henninge: okay ... you want to .... install from scratch and have your home dir encrypted? [20:27] kirkland, I have a user with an encrypted homedir but somehow that config got lost. [20:27] henninge: "that config" ... you mean your ~/.ecryptfs directory? [20:27] <64MAAJY2L> right.. can't believe I forgot about using netstat [20:28] kirkland, right [20:28] henninge: okay, and this is 11.04? [20:28] kirkland, I mean it is there but it is for my old config [20:28] yes [20:28] kirkland, full story: [20:28] henninge: what "old config"? [20:28] * RoyK wouldn't use Zimbra on anything != LTS [20:28] I backed up my old homedir which was not encrypted but had a Private dir. [20:29] then I installed 11.04 and created the user with an encrypted homedir [20:29] after that I restored my old homedir. [20:29] henninge: which overwrote your .ecryptfs? [20:30] kirkland, exactly [20:30] kirkland, I have the key,though [20:30] the new key [20:30] henninge: perfect, that was my next question :-) [20:30] ;-) [20:30] henninge: and, are you using encrypted filenames? [20:30] yes [20:30] henninge: perfect ... [20:30] henninge: okay, do this: [20:31] henninge: cd $HOME/.ecryptfs [20:31] henninge: touch auto-mount auto-umount [20:31] henninge: echo "$HOME" > Private.mnt [20:32] henninge: ecryptfs-wrap-passphrase ./wrapped-passphrase [20:32] henninge: (enter your new mount passphrase, that you recorded) [20:32] Ah, already did that last one [20:32] ;) [20:32] henninge: logout, and back in [20:32] henninge: that should do it [20:32] oh, cool [20:32] henninge: give it a try [20:34] kirkland, I guess it does not matter if I use graphical or console login? [20:34] henninge: should not [20:34] henninge: but console fails more gracefully [20:35] henninge: in case it fails [20:35] henninge: i recommend testing console first [20:35] kirkland, I tried, nothing happens [20:35] I mean, I am in the blank homedir [20:36] config file should have 0644 or 0600 mode? for example /etc/nginx/nginx.conf [20:36] it has 0644 but I don't understand why not 600 [20:36] henninge: okay, you've logged in, and you're that user [20:37] henninge: but your home dir is not mounted [20:37] henninge: mount | grep ecryptfs [20:37] henninge: shows nothing, right? [20:37] nada [20:37] right [20:38] guys any idea when i do this i ahve this error----------------> http://pastebin.com/YWCcWKZf [20:38] henninge: okay, ls -alF $HOME | pastebinit [20:39] henninge: let me check that your symlinks are setup correctly [20:39] !info php-imap [20:39] Package php-imap does not exist in natty [20:40] ruben23: I think you want php5-imap instead [20:41] kirkland, will do, have to do "man pastebinit" first ... ;) [20:41] henninge: or just pastebin the output [20:42] not easy from the console [20:42] New bug: #787755 in samba (main) "Samba does not notice added or removed CUPS printers" [Undecided,New] https://launchpad.net/bugs/787755 [20:43] henninge: hence, pastebinit :-) [20:43] http://paste.ubuntu.com/612431 [20:43] kirkland, still need to do that number manually ;) [20:44] I think that .cache was created by Gnome on the first failed login [20:44] henninge: and ls -alF $HOME/.ecryptfs | pastebinit [20:44] right [20:44] url++ ;-) [20:44] http://paste.ubuntu.com/612432 [20:45] argh [20:45] try again [20:45] kirkland: http://paste.ubuntu.com/612434 [20:46] kirkland, shouldn't I be able to search for error messages somewhere? [20:47] henninge: sure, syslog [20:47] henninge: sudo grep -i ecryptfs /var/log/* [20:48] henninge: and the contents of $HOME/.Private/ ... they look encrypted? [20:49] kirkland, it does [20:49] ECRYPTFS_FNEK_... [20:49] henninge: okay, I'm at a loss, then ... [20:49] henninge: try this: [20:49] henninge: ecryptfs-mount-private [20:49] henninge: enter your passphrase [20:49] henninge: oh, wait [20:49] henninge: we forgot one thing :-) [20:50] henninge: doh [20:50] "not setup properly" [20:50] henninge: cd $HOME/.ecryptfs [20:50] henninge: yup, i just remembered ... [20:50] henninge: keyctl clear @u [20:50] huh? [20:50] henninge: first, clear your keyring ^ [20:50] henninge: then: [20:50] henninge: ecryptfs-insert-wrapped-passphrase-into-keyring [20:51] henninge: you should get a message that two keys were inserted into your keyring [20:51] henninge: and there will be a signature for each [20:51] man page says to pass in a file as a parameter? [20:52] ok, works without [20:52] kirkland, only one key [20:52] henninge: okay, that's fine [20:52] henninge: now, do: keyctl list @u [20:52] henninge: should show you two keys, right? [20:53] sudo? [20:53] henninge: no sudo [20:53] henninge: as your user [20:53] "list is not a legal command" [20:53] keyctl list @u [20:54] sorry, tab completion took be to keytool ... [20:54] 2 keys in keyring ;-) [20:54] kirkland, try again (logout/login) ? [20:54] henninge: not yet ... [20:55] henninge: we need to put those two key signatures into $HOME/.ecryptfs/Private.sig [20:55] henninge: one per line [20:55] ah, that one [20:55] actually, I had meant to ask about that file in the first place ... ;) [20:55] forgot [20:55] henninge: the first one needs to be the one that came back from ecryptfs-insert-wrapped-passphrase-into-keyring [20:55] henninge: and the second line needs to be "the other one" in your key sig list [20:55] ok [20:56] henninge: yeah, sorry, i barfed on this one [20:56] henninge: once you've done that [20:56] henninge: try ecryptfs-mount-private [20:57] ok, standby [21:00] kirkland, yeah!!! ;-D [21:00] henninge: ;-) [21:00] henninge: sorry about that [21:00] kirkland, I'll try the login/logout now [21:00] kirkland, no need to be sorry [21:01] kirkland, thank you very much ;) [21:01] henninge: welcome [21:01] login/logout worked, too [21:01] kirkland, will you be in Dublin? [21:01] henninge: yep [21:02] kirkland: Cool, I'll see you there and buy you a drink [21:02]