/srv/irclogs.ubuntu.com/2011/10/25/#ubuntu-devel.txt

RAOFSpamapS: With linux 3.1?00:03
SpamapSRAOF: been following this https://help.ubuntu.com/community/MacBookAir4-200:12
SpamapSRAOF: not sure which magical thing it did to enable the graphics, but it disabled the touchpad :(00:13
SpamapSahh00:13
SpamapSit patched bcm5974 for the 4,200:13
SpamapSbut the 4,1 only seems to work with the regular 3.0.0-12-generic version00:14
SpamapSall is well now00:14
* SpamapS does a dance00:14
SpamapSXRANDR .. [check]00:17
SpamapSooo suspend/resume even works00:18
* SpamapS can actually consider *not* lugging his 15" MBP to UDS now00:18
SpamapSw00t00:19
=== dendro-afk is now known as dendrobates
RAOF@pilot in00:25
=== udevbot_ changed the topic of #ubuntu-devel to: Precise open for uploads | Ubuntu 11.10 Released! | Development of Ubuntu (not support, not app development) | build failures -> http://bit.ly/or6CHJ | #ubuntu for support and general discussion for hardy -> oneiric | #ubuntu-app-devel for application development on Ubuntu | http://wiki.ubuntu.com/UbuntuDevelopment | See #ubuntu-bugs for http://bit.ly/lv8soi | Patch Pilots: RAOF
=== AaronMT|away is now known as AaronMT
=== dendrobates is now known as dendro-afk
RAOFBah.  It's really annoying that I can't change the status on any of these merge proposals.01:16
micahgRAOF: you need a tech board member most likely01:20
RAOFYeah, I know.01:21
broderit's unfortunate that nobody actively working on udd is on ~ubuntu-branches01:21
RAOFOr to be a member of ubuntu-branches.01:21
broderotherwise i would advocate the "harass them until they fix it" approach01:21
RAOFJames Westby's in ~ubuntu-branches :)01:22
broderi thought he was doing linaro stuff these dyas01:22
RAOFOh, yeah.  He is, isn't he.  Damn!01:22
ajmitchthat would make things a bit awkward01:23
ajmitchmaybe the TB should be asked to look at the ownership of those branches01:24
=== luist_ is now known as luist
stgraberRAOF: either poke me with the changes you want or make a list in your e-mail to ubuntu-devel (assuming you'll send one at the end of your shift)01:48
RAOFstgraber: Ta. I'll be sure to list them all in an email then.01:50
smoserhow do i force debuild to create a .dsc that references the .orig file ?02:06
micahgsmoser: -S -sa02:07
smoserthank you, kind sir.02:09
micahgyou're welcome02:09
wgrantRAOF/micahg: Or escalate the bug.02:18
RAOFwgrant: Know what that bug is, offhand?02:19
lifelessbroder: james_w is in online services now02:19
wgrantlifeless: Wha?02:19
wgrantWhen did that happen?02:19
lifelessdanilo -> linaro02:19
lifelessjames_w -> jml's offsider02:19
wgrantAh, interesting.02:19
wgrantMakes sense, though :)02:20
wgrantRAOF: Bug #540250 looks relevant, but is meant to be fixed...02:20
ubottuLaunchpad bug 540250 in Launchpad itself "Cannot edit merge proposals for packaging branches" [High,Fix released] https://launchpad.net/bugs/54025002:20
=== dendro-afk is now known as dendrobates
wgrantAhh.02:21
wgrantNow I remember.02:21
wgrantRAOF: What's an example merge proposal?02:21
wgrantIs it for a stable series?02:21
RAOFwgrant: Yes, I think they are.02:22
RAOF is ahttps://code.launchpad.net/~om26er/ubuntu/natty/libdbusmenu/dbusmenu-fix-618587/+merge/71892n is an example.02:22
wgrantRight.02:22
wgrantThat would be the problem.02:22
wgrantMP edit access is delegated to people with edit access on the branch. And upload permissions don't grant branch write access to stable series.02:23
wgrantBecause those branches are meant to be frozen.02:23
wgrantI'm not sure if there is a bug for this...02:23
RAOFAha.02:23
micahgsmoser: you also want to use -vOLD_UBUNTU_VERSION when merging from Debian02:23
wgrantBug #61239102:24
ubottuLaunchpad bug 612391 in Launchpad itself "Cannot change status for merge proposals that target a released series" [High,Triaged] https://launchpad.net/bugs/61239102:24
wgrantIf you can escalate that, it might get done :)02:24
smosermicahg, thanks... too late though. i should have know that.02:24
micahgsmoser: I try to remember to check the source.changes file to make sure the other entries are there before uploading02:25
RAOFwgrant: Sweet, thanks for that.02:26
slangasekYokoZar: multiarching -dev packages> that's not relevant, you don't get to build-depend on packages other than those for the current arch...02:53
YokoZarslangasek: Err yeah you're right, multiarch is the solution that works around that problem02:53
YokoZarslangasek: cause we build the 32-bit bits on 32 that have the 32 bit dev packages02:54
slangasekyep - at least, I hope it works around it :)02:54
YokoZarslangasek: do you know the status of OpenCL by chance?02:55
RAOFJust as long as the WoW64 stuff can use the 32bit build :)02:55
YokoZarRAOF: Yup.  I may have to do some weird copying in the package build script though, as we (unusually) want some files to be part of multiple packages here02:56
YokoZarRAOF: namely in the 32 bit package as well as the 32 bit foreign package02:56
slangasekthe 32-bit package is not a different package than the 32-bit foreign package02:56
slangasekit's one package, built on i386 and installable on either i386 or amd6402:57
YokoZarslangasek: actually nevermind, that's the proper way to do it, have the 32 bit-only package depend on that too02:57
slangasekyep02:57
slangasekYokoZar: I don't think I know what opencl is02:57
YokoZarslangasek: It's the library for getting the graphics cards to do GPU tasks without actually being 3d rendering, if I remember right02:58
slangasekYokoZar: ok; not my department :)02:58
micahgslangasek: I thought that the amd64 buildds could use 32 bit packages, is that not correct?02:58
YokoZarCurrent Linux implementations may be driver specific (eg, only in the proprietary NVidia packages...despite the openness)02:58
slangasekmicahg: nope02:59
YokoZarmicahg: You can depend on a package that only has a 32 bit component, but you can't build-depend on that.02:59
slangasekmicahg: there's no way to specify it in build-deps, for starters02:59
micahgslangasek: so how does one build a 64 bit app that has some 32 bit components?02:59
YokoZarmicahg: The rationale for this that made the most sense when I was learning it to just imagine that each architecture has to be built separately and independently.  So things like cross-arch build-deps don't work, while binary dependencies do (unless your package itself is a reverse depends...)03:00
* micahg thought wine was like that03:00
slangasekmicahg: if it requires anything beyond the compiler and libc to build the 32-bit stuff, it should be done as an i386 package and use multiarch to install it03:00
micahgok03:01
YokoZarmicahg: This is why we're discussing Wine, as it needs some unusual splitting to make 64/32 mode work on 64.  The executive summary is the 32-bit parts are being built on 32.03:01
YokoZarwhereas in oneiric they're built on 64 via ia32-libs03:01
RAOFYokoZar: What are you particularly interested in re: OpenCL?03:02
micahgI guess that makes sense, someone had a question a few weeks ago about pbuilder using the amd64 and i386 sources, I guess I gave the wrong answer (I thought that was normal for oneiric)03:02
YokoZarRAOF: Wine already has an implementation of it so any Windows app that uses it would need it to work03:02
YokoZarRAOF: I'm not sure what Windows apps use OpenCL off the top of my head though03:04
RAOFYokoZar: Ah, ok.  Currently there's no real solid open implementation standardised, which means there's no standard way to depend on it.  In the P+1 timeframe I'd expect us to have an open implementation, possibly even in precise.03:04
YokoZarRAOF: Well, I hope I can speed things along by being your use case then ;)03:04
RAOFHm.  There doesn't seem to be a Khronos ABI for OpenCL.  Fundamentally it's likely that you'll end up wanting to Depend: or Recommend: libcl1 or somesuch.03:08
pittiGood morning04:02
pittijcastro: right now it says "error updating", but will try later04:02
ajmitchmorning pitti04:02
pittihey ajmitch, how are you?04:02
ajmitchgood, how are you?04:02
pittipretty well, although still a bit tired, thanks!04:03
* ajmitch wishes that the long weekend here was a few days longer :)04:03
RAOF@pilot out04:23
=== udevbot_ changed the topic of #ubuntu-devel to: Precise open for uploads | Ubuntu 11.10 Released! | Development of Ubuntu (not support, not app development) | build failures -> http://bit.ly/or6CHJ | #ubuntu for support and general discussion for hardy -> oneiric | #ubuntu-app-devel for application development on Ubuntu | http://wiki.ubuntu.com/UbuntuDevelopment | See #ubuntu-bugs for http://bit.ly/lv8soi | Patch Pilots:
=== yofel_ is now known as yofel
=== sraue_ is now known as sraue
pittidoko_: FYI, keeping binutils in proposed queue, as the previous SRU hasn't been verified yet05:09
pittidoko_: if you want the second upload in -proposed now, please reupload with -v to include the previous changelog05:09
pittislangasek: how did you build samba? http://launchpadlibrarian.net/83357418/samba_3.5.11~dfsg-1ubuntu2.1_source.changes doesn't have a Launchpad-Bugs-Fixed: header05:13
micahgpitti: FYI, bug 881250, SRU period might need to be truncated06:54
ubottuLaunchpad bug 881250 in tzdata (Ubuntu) "Clocks in Ukraine move back October 30, 2011" [High,Triaged] https://launchpad.net/bugs/88125006:54
pittimicahg: yes, we generall move them to -updates right after verification, as they often tend to be urgent06:54
pittithere's a tzdata 2011m already06:54
micahgright, already in unstable06:55
=== tkamppeter__ is now known as tkamppeter
tkamppeterpitti, are you not on the Sprint?07:07
pittitkamppeter: no, I'll arrive on the weekend; only for UDS07:07
tkamppeterpitti, interesting, as technical lead of the desktop team.07:07
dholbachgood morning! :)07:07
pittitkamppeter: it's a DX sprint07:08
pittitkamppeter: seb128 and didrocks are there07:08
tkamppeterpitti, OK, thought it was an all-Canonical Sprint.07:08
tkamppeterpitti, good to know to know who is in which time zone currently.07:09
cjwatsonwgrant: I'm pretty sure it's not just that bug.  During the Oneiric release cycle, well after that bug was fixed, developers were unable to reject MPs for Oneiric branches.07:46
wgrantcjwatson: That's worrying. If you can find a current example, I would love to see it.07:47
cjwatsonwgrant: Try bug 728012 instead.07:47
ubottuLaunchpad bug 728012 in Launchpad itself "ubuntu developers are not able to reject merge proposals on official packaging branches they can upload to" [High,Triaged] https://launchpad.net/bugs/72801207:47
micahgcjwatson: he later added Bug #61239107:47
ubottuLaunchpad bug 612391 in Launchpad itself "Cannot change status for merge proposals that target a released series" [High,Triaged] https://launchpad.net/bugs/61239107:47
wgrantLet's see.07:47
cjwatsonmicahg: Indeed, but AFAIK this still happens for development series.07:47
micahgah07:48
cjwatsonwgrant: Unfortunately I have sufficient privilege that it's hard for me to hunt out an example myself, but I guess anything for precise on the sponsoring list should do it.07:48
wgrantThe problem here is probably that upload permissions don't grant review privileges.07:49
wgrantAnd there's no review team set.07:50
wgrantSo only ~ubuntu-branches has those superpowers... hm.07:50
micahgwgrant: here's an example: https://code.launchpad.net/~samuel-taylor/ubuntu/oneiric/pidgin-skype/fix-for-657125/+merge/7570107:50
cjwatsonI think we'd like it to be keyed off upload permissions rather than setting a single team.07:51
cjwatsonmicahg: that's a released series07:51
wgrantcjwatson: Indeed.07:51
micahgI don't think I could've changed it before eitehr07:51
wgrantIt currently checks for membership in one of (branch owner, branch reviewer, LP admin).07:51
wgrantWhich made sense until package branches.07:51
wgrantBecause branch editing was restricted to the branch owner and LP admins.07:51
jamespagedoes anyone know if there is a tool already in main that will convert markdown to html?07:52
wgrantSo isPersonTrustedReviewer should probably just check if they can edit the branch or are in the review team.07:52
micahgI can change this one: https://code.launchpad.net/~barry/ubuntu/precise/ubuntu-dev-tools/bug-881049/+merge/8025307:52
ubottuLaunchpad bug 80253 in debconf (Ubuntu) "Can't launch ubiquity on 20070117 feisty-desktop-i386.iso" [Undecided,Fix released]07:52
wgrantmicahg: To Approved/Rejected?07:53
tumbleweedjamespage: python-docutils07:53
micahgwgrant: no, but I don't think I can ever set those07:53
wgrantRight, that's the bug.07:53
cjwatsonmicahg: I can; that's the bug.07:53
jamespagetumbleweed: sweet - thanks for the pointer07:53
micahgcjwatson: wgrant: sorry for the noise07:54
cjwatsonthat's ok07:54
cjwatsonman, switching from homegrown scripts to pull-lp-source and pull-debian-source has improved my life surprisingly much07:55
pittiI find them quite nice, saves having tons of deb-src lines07:56
pittis/saves/avoids/07:56
pittijcastro: guidebook seems better now, thanks!08:22
jamespage@pilot in08:33
=== udevbot_ changed the topic of #ubuntu-devel to: Precise open for uploads | Ubuntu 11.10 Released! | Development of Ubuntu (not support, not app development) | build failures -> http://bit.ly/or6CHJ | #ubuntu for support and general discussion for hardy -> oneiric | #ubuntu-app-devel for application development on Ubuntu | http://wiki.ubuntu.com/UbuntuDevelopment | See #ubuntu-bugs for http://bit.ly/lv8soi | Patch Pilots: jamespage
* dholbach hugs jamespage08:34
\shdoko_, do you mind when I take some of the  universe packages (from MoM) with your last uploader  name tag?09:36
jamespagewhy can I 'Reject' some merge proposal but not others?09:36
* jamespage scratches his head09:36
lifelessjamespage: natty / not-natty09:46
lifelessjamespage: there is a bug.09:46
doko_\sh, not at all09:51
=== doko_ is now known as doko
dokopitti, can we move the first one to -updates first?09:51
pittidoko: that's what happens by default if you don't want to replace the current SRU, yes09:56
pitti(still needs verification, as I said)09:56
\shdoko, thx09:59
\shbtw...are there any hints on how to fix format-security issues?09:59
dokopitti, done the verification09:59
pitti\sh: usually it's from something like printf(variable), i. e. handing a non-constant string to a function which evaluates % format codes10:05
pitti\sh: a common pattern is to prepend a "%s", if you really don't want interpolation10:05
\shpitti: I just saw this error inside10:07
\shpitti: I just saw this error inside a function which is using gtk_message_dialog_new10:07
\shand I'm not sure if gtk_message_dialog_new(...,...,...,...,"%s",message) is enough10:08
pitti\sh: using "%s" for the message will work fine10:08
pitti\sh: as I said, it depends: if message is _supposed_ to have format strings in it, then this will break10:08
pittibut if it's not, then "%s" is fine; then any % characters in message will appear verbatim10:09
\shpitti, kk :) thx :)10:10
Daviey!regression-alert11:48
ubottucjwatson, jdong, pitti, skaet, ScottK, kees, Daviey, pgraner: reporting regression in a stable release update; investigate severity, start an incident report, perhaps have the package blacklisted from the archive11:48
Davieybug 881361, impact not yet determined.  Non-default package.11:48
ubottuLaunchpad bug 881361 in puppet (Ubuntu Precise) "puppetmaster-passenger fails to install with puppet 2.6.4-2ubuntu2.5" [High,Confirmed] https://launchpad.net/bugs/88136111:48
Riddelljasoncwarner_: can you approve the desktop-p-kubuntu specs for uds-p please https://blueprints.launchpad.net/sprints/uds-p?searchtext=kubuntu11:57
jamespage@pilot out12:10
=== udevbot_ changed the topic of #ubuntu-devel to: Precise open for uploads | Ubuntu 11.10 Released! | Development of Ubuntu (not support, not app development) | build failures -> http://bit.ly/or6CHJ | #ubuntu for support and general discussion for hardy -> oneiric | #ubuntu-app-devel for application development on Ubuntu | http://wiki.ubuntu.com/UbuntuDevelopment | See #ubuntu-bugs for http://bit.ly/lv8soi | Patch Pilots:
jdstrandDaviey: mdeslaur is looking into it now12:10
Davieyjdstrand: yep, tracking in #ubuntu-server. Thanks.12:17
=== kenvandine is now known as kenvandine[flush
=== kenvandine[flush is now known as kenvandine_afk
mterry@pilot in12:35
=== udevbot_ changed the topic of #ubuntu-devel to: Precise open for uploads | Ubuntu 11.10 Released! | Development of Ubuntu (not support, not app development) | build failures -> http://bit.ly/or6CHJ | #ubuntu for support and general discussion for hardy -> oneiric | #ubuntu-app-devel for application development on Ubuntu | http://wiki.ubuntu.com/UbuntuDevelopment | See #ubuntu-bugs for http://bit.ly/lv8soi | Patch Pilots: mterry
=== yofel_ is now known as yofel
sabdflhello folks13:05
ogra_hey sabdfl13:06
pittihey sabdfl, how are you?13:08
sabdflgreat thanks pitti, enjoying orlando already :-)13:08
pittisabdfl: twisting^Wsprinting by the pool ♪ ♫ ?13:09
ogra_pitti, grrr, you implanted an earworm !13:09
ogra_:)13:09
ionNot to me.13:09
* ogra_ guesses thats a matter of age :)13:10
ogra_or of musical taste13:10
mdeslaurpitti: it seems linux-ec2, linux-mvl-dove and linux-fsl-imx51 on lucid got binaries demoted to universe...was that intentional, or a script error?13:33
mdeslaurpitti: I got them moved now, but want to make sure it's not a script issue13:33
=== Quintasan_ is now known as Quintasan
GunnarHjpitti: are you there?13:39
jamespagedoko: OK if I pickup the jffi merge? its borked at the moment in precise13:40
dokojamespage, sure13:42
jamespagedoko: ta13:43
=== kenvandine_afk is now known as kenvandine
=== zyga is now known as zyga-afk
psusido I have to register for UDS if I'm not staying in the hotel ( I live nearby ), or can I just drop by?14:25
ogra_psusi, you should register in LP, so people know you are there and can i.e. subscribe you to sessions they want you to attend etc14:26
ogra_its not about the hotel, but about the automatic scheduler that needs to know you are there14:26
psusiok14:27
ogra_8unless you just want to hang out in corridors indeed :) )14:27
jcastropsusi: please register in LP, that's how they figure out the food and stuff14:27
ogra_oh, food, right :)14:28
* ogra_ forgot about that unimportant bit14:28
psusihehe.... I'm not sure how much time I can get away from work to get over there, but I definately want to do some meet and greet as long as everyone's in town14:30
jcastrothat would be awesome14:30
RoAkSoAxis merges.u.c no longer been updated?14:37
jbichaI was surprised at my first UDS that lunch was included for all attendees, free OS and free food? sweet!14:37
tumbleweedRoAkSoAx: it should be. Don't forget we're syncing from testing14:39
cjwatsonit's running right now, indeed14:39
cjwatsonlooks healthy to me14:39
RoAkSoAxtumbleweed: ahh right!!14:39
RoAkSoAxthought we were from unstable14:40
tumbleweedcjwatson: any opinions on bug 881288? you were vaguely around for that conversation...14:40
ubottuLaunchpad bug 881288 in ubuntu-sponsoring "Syncs using the LP API are showing up as sponsored uploads" [Undecided,New] https://launchpad.net/bugs/88128814:40
cjwatsonI'm afraid I've been failing to get my head around the details of that thus far14:41
cjwatsonit's probably better to bring it up with LP folks14:42
tumbleweedok, I'll file a bug14:42
hallynWas trying bzr merge-package again;  is there a reason why it doesn't first pop all quilt patches and rm -rf .pc in both trees?14:47
slangasekpitti: samba> oh, sorry, built it in a Debian env by mistake, forgot to watch out for the closure header15:09
Davieyslangasek: Hey!  Are you looking at the samba issue?15:10
slangasekDaviey: no15:10
slangasekI was looking at an unrelated samba issue15:11
Davieyslangasek: Would you be able to, please? :)15:12
Davieyover 100 dupes now :(15:12
pittimdeslaur: no, of course not intentional -- it's the usual "LP picks random components" problem; I thought that would be uncovered during verification15:33
mdeslaurpitti: ok, cool, thanks15:34
=== zyga-afk is now known as zyga
dobeyanyone notice any issues with builders? i uploaded something to my PPA 40 minutes ago, and LP is saying "Start 2011-10-26"15:54
slangasekDaviey: I certainly don't hold a maintainer lock on the Ubuntu package, I'm not sure why it waits on me - there seem to be several different proposals for addressing it, someone should just pick one and upload it?15:55
Davieyslangasek: Well, there reason i'm turning to you is because you were vocal in the discussion - and clearly understand the package and issue.15:57
slangasekRiddell: ScottK has a significant number of merges that he's TIL on for https://merges.ubuntu.com/main.html - with him taking a break, are these a concern for the Kubuntu team?15:58
slangasekDaviey: sorry, I probably should have just kept my mouth shut on the bug to begin with ;)  I was meaning only to provide a historical perspective of why the code is the way it is15:58
rbasakslangasek: this is also a Debian bug and you're a maintainer :-)15:59
slangasekrbasak: yeah, but the bug hasn't been tripped in Debian yet and I'm likely to be painfully slow about deciding how I want to fix it there15:59
slangasekso you guys should pick whatever fix that you think is appropriate to cover the gap now16:00
Davieyslangasek: Well, the frustrating thing is that we could have had 'a' fix before release, but we held back pending a better solution.16:00
rbasakslangasek: wouldn't it be nice if debian and ubuntu agreed how to fix it so we don't have to carry a delta and/or the delta gets carried upstream?16:00
* Daviey launches a *sigh*16:00
rbasakslangasek: it's just a waste of effort if we fix it one way and then debian chooses to fix it another16:01
slangasekrbasak: it's easy enough to fix it twice and in the meantime it's causing pain for users16:01
slangasekso more effort is being wasted talking / worrying about it than would be wasted by implementing 2 different fixes16:01
=== beuno is now known as beuno-lunch
rbasakWell I did submit a patch and it got rejected on the basis of being unsuitable. So I'm still waiting to hear from somebody what will be suitable.16:02
Davieycjwatson: Do you have thoughts on this?16:03
rbasakOr should I just keep submitting patches without any feedback in the hope that one will be acceptable?16:03
DavieyIt is really, really frustrating that we blocked on this for us to just throw anything into an SRU16:03
infinityrbasak: I don't think your patch would have fixed it anyway, after we investigated what was happening.16:04
rbasakinfinity: fine, but that's not my point.16:06
slangasekDaviey, rbasak: frankly, I think the *right* fix is to make update-inetd more robust by not depending on perl-modules; but that's not quick, and won't necessarily help the current round of upgrade breakage16:06
infinityrbasak: Mangling update-inetd to not require perl-modules would certainly help, but it won't necessarily be upgraded before samba, which is irksome.16:06
htorque_hi all! i sent a mail to -devel which didn't yet come through. anything wrong with it?16:07
cjwatsonDaviey: at this point I am not sure that adding another semi-informed opinion is going to help matters; too many cooks and all that16:10
cjwatsonmy opinion was to move update-inetd to the prerm, but AIUI slangasek had a reason not to do that16:11
slangasekI had a reason why I didn't think update-inetd in the prerm was actually the right thing to do16:11
slangasekdoesn't mean it's not an appropriate workaround to fix users' upgrades in this case16:11
infinityActually, it doesn't solve the upgrade issue.16:12
slangasekalso, I'm still not sure update-inetd is guaranteed to be reliable in that case16:12
infinityIt's not.16:12
slangasekbecause unpack perl -> unpack samba -> unpack perl-modules would still break16:12
infinityThe real problem is that perl-modules is completely broken when it's half-configured during the 5.10->5.12 transition.16:12
infinityWhat's curious is that unpacking perl-modules 5.12 on a clean system allows update-inetd to work fine. :/16:13
infinityIt's only the bizarre half-upgraded state that breaks.16:13
infinityMaking the release upgrader forcefully re-order perl/perl-modules to upgrade as a unit might work around it, but it's obviously not the solution.16:14
cjwatsonwell, that's because the modules all move from /usr/lib/perl/5.10 to 5.12 ...16:15
cjwatson(isn't it perl-base/perl-modules that matters?)16:15
infinityErr, that.16:15
slangasekso as I look at the postrm, I'm actually not sure at all why the non-purge case is being handled here instead of in prerm16:15
slangasekand we probably should just move that16:16
infinityslangasek: Oh, I'm still convinced the maintainer scripts are a bit wrong, but either way, changing them won't actually make a difference here.16:16
infinityThe synthetic reproduction of the bug isn't actually the bug that's being duped 100 times (the latter is an upgrade thing, not people removing/purging in weird orders)16:17
Riddellslangasek: we'll get them done right enough, although I'm on holiday for the two weeks after UDS so it may not be immediate16:17
slangasekyes16:17
slangasekRiddell: ok - no hurry, just thought I'd check if it's something on your radar16:18
elgatonHi, I'm fixing a small bug (missing dependency in debian/control) and have a few questions: 1) should I generate the patch against the debian/ directory only (as explained in https://wiki.ubuntu.com/MOTU/Contributing) or a debdiff? 2) Since I need to get a sponsor for my patch and I'm working on the fix, is it right to subscribe ubuntu-sponsors and add the "patch" tag to the LP bug, but to set the bug status to "In Progress" and assign it to myself?16:18
elgatonThanks.16:18
slangasekinfinity: right - I just looked at tkamppeter's report, and see no perl, so perl-modules is already broken by that point16:18
cjwatsonhowever, if it were in the prerm, then you could force things with Depends: perl, couldn't you?16:21
slangaseknope16:21
infinityDepends gives you unpacked, not configured.16:21
slangasekthis is the "everything's ok, we're just upgrading and things are currently broken, don't mind our dust"16:21
slangasekinfinity: er, no16:21
rbasakyeah I couldn't find a way to simulate what's happening during an upgrade as dpkg doesn't have an --unconfigure that I could find, so I had to do combinations of --purge and --unpack. So I triggered _a_ problem with the same root cause, but not the problem people are seeing16:21
cjwatsonif you get the sequence of unpack/configure events, you could issue them by hand starting from a natty chroot16:22
slangasekinfinity: depends is meant to give you configured; it's just that there are corner cases where configured doesn't mean usable. ;)16:22
Daviey(sorry for being absent, chairing a meeting)16:22
slangasek(because dpkg doesn't care that a dependency of an already-configured package has been removed)16:23
cjwatsonslangasek: update-inetd configured doesn't mean usable in this case, but perl configured should16:23
cjwatsonor maybe perl-modules configured16:23
infinityslangasek: Eh?  perl-modules is pretty clearly unconfigured in these upgrade logs.16:23
slangasekinfinity: can you give me an example log?16:24
slangasek(that shows perl state)16:24
Davieybtw, there are two tracking bugs now16:24
infinityslangasek: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/85630916:25
ubottuLaunchpad bug 862129 in samba (Ubuntu Precise) "duplicate for #856309 samba postrm depends on packages not guaranteed to be configured" [High,Triaged]16:25
Davieybug 877852 is the second master bug (due to LP bug)16:25
ubottuLaunchpad bug 877852 in samba (Ubuntu) "samba failed to install when updating from ubuntu 11.04 to 11.10" [Undecided,Confirmed] https://launchpad.net/bugs/87785216:25
slangasekinfinity: oh, that's interesting; it shows both of perl and perl-modules unpacked at version 5.1216:26
slangasekand actually, at this stage there's no strong guarantee that the dependencies are even unpacked, let alone configured... only postinst gets that as a hard guarantee16:26
slangasek(but apt tries to DTRT)16:27
slangasekpossibly the problem is perl-base not being unpacked yet?16:27
infinityslangasek: perl-base is configured.16:27
slangaseksure16:28
slangasekbut not at the new version?16:28
infinityslangasek: Yes.16:28
infinityslangasek: Search through the terminal log.16:28
slangasekoh16:28
slangasekright, found it16:28
infinityslangasek: perl-modules is unpacked, perl-base is unpacked and configured, samba explodes, perl-modules is never configured.16:28
slangasekthis is what we get for using unreliable interpreters like perl; let's rewrite update-inetd in python16:29
infinityI'm too sick to detect reliably if that was sarcasm.16:30
slangaseka pity16:30
=== TheDaniel0108 is now known as Daniel0107
=== Daniel0107 is now known as Daniel0108
rbasakI'm not sure it'd be that hard to rewrite update-inetd to not depend on perl-modules16:34
rbasakFile::Copy: `cp`; File::Temp: `tempfile`. Well, close.16:34
slangasekinfinity: right, I can't reproduce the problem by just plucking the relevant perl bits out of that log16:36
infinityslangasek: It's been a couple of weeks now, but ISTR it couldn't be reproduced by just unpacking perl-modules on a clean chroot, but could be reproduced by unpacking perl-modules 5.12 over perl-modules 5.10... Or something like that.16:38
slangasekinfinity: I had perl-modules installed16:38
infinityActually, what's responsible for setting @INC?16:40
slangasekdunno, but something clearly has it set to the old path16:41
slangasekthe initial value appears to be embedded in libperl16:43
slangasek(where I would expect)16:43
slangasekso how can perl be 5.10.1 after perl-base 5.12.4 has been unpacked?16:43
infinityExcept that libperl is unpacked at 5.12 at that point too.16:43
slangasekyeah, and if it wasn't, you'd get a linker error16:44
infinityOkay, so, perl-modules configuration is a red herring anyway, since perl-modules doesn't have a postinst.16:45
infinityunpacked == configured.16:45
barryjtaylor: ping16:49
jtaylorbarry: pong16:58
infinityslangasek: Nevermind, I've gone crosseyed grepping that log.  libperl and perl-base are upgraded after samba's unpack failure.16:58
infinityslangasek: Which then leads to wondering why we get perl-modules upgraded so early, if it depends on perl (>= 5.12)16:59
barryjtaylor: hi.  i'm looking at merging m2crypto from wheezy and i have a few questions.  since you touched the package last i thought i'd ask you.  first, i don't want to step on your toes if you've already started working on this16:59
infinityslangasek: (Well, okay, perl gets unpacked early too, but libperl and perl-base don't come until much later -- after samba)16:59
=== dendrobates is now known as dendro-afk
jtaylorbarry: with what do you ahve an issue?17:01
jtaylorI had actually hopped it could be synced for precise with the new debian maintainer17:01
barryjtaylor: second question: you removed proxylib.py because it was nonfree, but i don't see any bug report in ubuntu or debian about that.  wouldn't it be best to report that in debian and it get managed there?17:02
barryjtaylor: ultimately, that's my goal too17:02
jtaylorbarry: yes it turned out to be free after all17:02
barryjtaylor: excellent, we can drop that delta17:02
barryjtaylor: i think we can also drop the dhpy2 and sslv2 deltas17:02
jtaylorI failed to remove it correctly (readded via a patch) but the debian maintainer asked the author who said it was free17:02
infinityslangasek: So, the reproduction steps would be "install perl 5.10 and update-inetd, unpack perl-modules 5.12, watch things (obviously) fail"17:03
jtaylorbarry: one of the patches contains two seperate changesets17:03
barrycool.  so i just need to double check the d/control and d/rules changes you made and if those are in the debian version, then i think we can sync17:03
barryjtaylor: can you think of any other reason why we can't just sync?  (i'm guessing "no" since you suggested it above :)17:04
jtaylordoes the debian package enable the tests?17:04
barryah, maybe fix_kill_signal.patch too17:04
barryjtaylor: that's the d/rules change i need to double check17:04
jtaylorchangelog does not mention it :/17:04
jtaylorbad, because 21.1-1 in debian was broken which would have been caught by the test17:05
barryyep, it doesn't run the tests17:05
jtaylorso no sync, the tests are important17:05
barryjtaylor: okay, i'll merge it and forward all the deltas to debian17:05
barryall *remaining* deltas17:05
barryjtaylor: thanks17:05
jtaylorthis splits one patch into two http://bazaar.launchpad.net/~jtaylor/ubuntu/oneiric/m2crypto/cosmetics/revision/2517:06
infinityAnd a cable guy is here.  Might lose internets intermittently for a while.17:06
jtaylorbut I guess that should be in debian already17:06
barryjtaylor: i think so, but thanks for the link; i'll double check it all17:08
=== deryck is now known as deryck[lunch]
=== beuno-lunch is now known as beuno
slangasekinfinity: ah, right17:14
hallynwell this is odd.  I do a 'bzr merge-package', and it randomly removes some source files (which are all identical in both trees)17:23
slangasekhallyn: curious.  what branches?17:24
hallynslangasek, lxc from precise and sid17:24
hallyn(I first did 'quilt pop -a; bzr remove .pc; bzr ci' in both)17:25
hallyndiff -Nrup src ../lxc-sid/src shows no differences before the merge-package attempt17:25
hallynafter, things like src/lxc/arguments.h go away17:25
slangasekhallyn: hmm, the 'bzr remove .pc' is going to cause problems later, given that you don't actually have access to push that change to the sid branch17:27
hallynoh i dont want to push that to the sid branch :)  i just did 'bzr merge-package ../lxc-sid'17:27
hallynthen i'll quilt push -a; bzr add .pc'17:28
hallynif i don't do that, then bzr gets all confuddled about the 'conflicts' in .pc17:28
slangasekright, but that means the branch you're merging doesn't match the UDD branch anymore17:28
slangasekso it will cause problems for future merges17:28
hallynhm, it keeps track kof that?17:28
slangasekyes, the .pc conflicts are a horror, but doing it this way just defers the reckoning17:28
hallynin the end i was probably going to just sling back a debdiff anyway :)17:29
slangasekah17:29
slangasekif you're not pushing to *either* branch, then that's fine ;)17:29
slangasekbut in that case, maybe MoM would be easier?17:29
hallyni don't know, in the past bzr-mergepackage has don e agreat job (and now, apart from this glitch, debian/ is all settled for the sync)17:30
hallyni've not used MoM though.  but purely by hand it was a bit hairy.17:30
slangasekbzr merge-package output (w/o munging .pc): The merge resulted in 28 conflicts. Please resolve these and commit the changes with "bzr commit".17:31
slangasekconflicts from MoM's merge: 1417:32
hallynhow does one run mom?17:32
slangasek'grab-merge lxc'17:32
slangasekit downloads the pre-staged merge from merges.ubuntu.com17:32
slangasek(from ubuntu-dev-tools package)17:32
hallynslangasek, ok, thanks - i'll try that for my next merge for practice.  For this one i think i'll just build the debdiff now and be done with it :)17:33
slangasekhallyn: and the Contents conflicts in src/lxc/ are because this is a new upstream version, meaning that there are *two* merges happening - first one for the upstream, then one for the packaging17:34
hallynhm?  there shouldn't be a new upstream version17:34
slangasekhmm17:34
slangasekthat's how the output reads to me, but I see that you're right17:35
slangasekok, I don't know what's causing that conflict then17:35
stgraberhallyn: for LXC, the easiest is probably to just take the Debian package, re-apply the few patches we have on top of them (unless dlezcano feels like releasing ;)), re-add the upstart stuff and the cgroup-lite change (as I guess Debian doesn't have cgroup-lite yet), I guess that's pretty much it for LXC17:35
slangasekhowever, it is probably related to the 'criss-cross merge' warning at the top17:35
hallynstgraber, yes, that's what it amounts to :)17:35
hallynstgraber, i'll let you review if you don't mind17:35
stgraberhallyn: I guess we can probably convince Daniel to release a new LXC at the end of next week (assuming we'll push some more stuff to git at UDS), then our changes should be back to a minimal set17:36
hallynstgraber, that'll be nice17:36
stgraberhallyn: sure, send me the debdiff and I'll review + upload if it looks good17:36
hallynthx17:36
hallynslangasek, i'll have to go read up on criss-cross merge later :)17:37
slangasekhallyn: summary: branch A merged into branch B, now you're merging branch B into branch A.  In this case, I think it's because the new upstream version was introduced separately on each branch17:38
stgraberhallyn: I also need to look at libnih again with James Hunt, once this one is ported to multiarch (he may have already done it on his laptop ;)), I'll commit support for containers using non-native architecture (using qemu + a multi-arch version of libnih and upstart)17:38
slangaseknot an error at all, just means bzr's poor little brain sometimes gets confused about what it should do with such a merge17:38
stgraberhallyn: then we'll be able to use "-a armel" on x86 and get a working container17:38
hallyncool17:39
hallyni was meaning to look at libcap2 wrt multiarch.  haven't yet though.17:39
slangasekstgraber: yes, jhunt and I have multiarch libnih sorted out, I guess he'll be pushing soon17:39
stgraberslangasek: awesome! I might be able to show a working armel or powerpc container on x86 as a lightning talk on Friday then17:40
stgraber(unless I discover that something else than upstart heavily depends on ptrace() in our boot sequence :))17:40
slangasekheh17:40
* slangasek thinks that over briefly17:41
slangaseknope, shouldn't be anything else17:41
stgraberwell, obviously strace and gdb won't work in that container, but you already get that behaviour using a simple chroot with the qemu-<arch>-static stuff17:42
* slangasek nods17:44
slangasekneither of those should be triggering at boot ;)17:44
hallynstgraber, is linux-any a valid target in ubuntu debian/control?17:55
hallynwell, debuild doesn't warn me about it...17:57
hallynvim syntax highlighting just doesn't like it maybe :)17:58
geserhallyn: yes, linux-any is valid and also supported by LP18:16
hallynthx18:17
=== negronjl_mobile is now known as negronjl
=== deryck[lunch] is now known as deryck
=== dendro-afk is now known as dendrobates
mterry@pilot out18:49
=== udevbot_ changed the topic of #ubuntu-devel to: Precise open for uploads | Ubuntu 11.10 Released! | Development of Ubuntu (not support, not app development) | build failures -> http://bit.ly/or6CHJ | #ubuntu for support and general discussion for hardy -> oneiric | #ubuntu-app-devel for application development on Ubuntu | http://wiki.ubuntu.com/UbuntuDevelopment | See #ubuntu-bugs for http://bit.ly/lv8soi | Patch Pilots:
adam_gif i'm about to propose a merge for an SRU to a package that doesn't have an lp:ubuntu/$release-updates/pkg branch, do i just propose merge into lp:ubuntu/$release/pkg instead?18:57
mterryadam_g, yeah18:58
mterryadam_g, I think that's typical18:58
adam_gmterry: thanks18:58
Davieyadam_g: UDD is messed up for SRU's :/19:05
DavieyThe target should be -proposed, but that would never have a -security upload in there, messing up the stacking.19:05
* micahg wonders if one can branch from -updates and propose a merge against -proposed19:06
macodont see why not19:06
micahgdepends on how the branches are stacked on LP19:07
slangasekmicahg: you can branch from -updates and propose a merge against -proposed *if there's already a -proposed branch to target*...19:11
slangasekit'd be really nice to be able to do UDD-driven SRUs - i.e., build-from-branch for all SRUs, so the SRU team just lands the branch to approve the upload19:12
slangasekbut that's not high on the priority list, I think :)19:12
hallynstgraber, our /etc/default/lxc has been storing MIRROR= for lxc-create (along with the RUN= for /etc/init.d/lxc).19:33
hallynstgraber, with the new debian package, the pre-inst does 'rm /etc/default lxc' if that file has 'RUN=' in it19:33
hallynstgraber, then it creates a new one in .postinst19:34
hallynare we ok with that?19:34
stgraberhallyn: is it looking for ^RUN or for RUN? if it's simply looking for RUN, that means destroying a configuration file for everyone on upgrade which I really don't think we should do19:35
stgraberwe could instead look at the md5 of the file or some similar approach to only replace it if it's indeed the exact same one that was shipped with the earlier version19:35
hallyn                if grep -qs 'RUN=' /etc/default/lxc19:36
hallynok,19:36
hallynso i'm thinking i'll just sed over the file to get rid of RUN ?19:36
hallyni hate adding more delta from debian, but...19:36
stgraberwhy did he remove RUN= to start with?19:36
hallynhe switched to having /etc/lxc/local/ store data about autostart19:37
hallynand now added LXC_AUTO=ture anyway19:37
hallyntrue that is19:37
hallynso really, i don't know19:37
stgraberfun...19:37
hallynhe's in #lxcontainers usually so we could ask him,19:38
stgraberI'm wondering why he's actually messing with it in postinst instead of just shipping the file as conffile and letting dpkg deal with it19:38
hallynright.  dunno19:38
hallynfor that matter i don't know why he's changing the mechanism for choosing autostart containers anyway19:39
stgraberI'd much rather carry and extra delta with Debian than removing a user's configuration file without warning (or even changing it)19:39
stgraber*an19:39
hallynok.  so get rid of both?19:39
hallyn(pre+postinst)?19:40
hallynmaybe i should just push what i have to you, and let you decide :)19:40
hallynit's all looking good aside from that bit19:40
stgraberyeah, I think the easiest is to get rid of that change and have the new init script check for RUN=yes instead of LXC_AUTO=true19:40
hallynyou think thta's better than shipping a new lxc.default with LXC_AUTO=true and letting the user decide (with comments inthe file to help)?19:41
stgraberoh, and that means that config files are no longer in /etc/lxc/auto/? what's that new /etc/lxc/local thing? ...19:41
hallyniirc you symlink containers in there19:42
hallynthat you wnat autostarted19:42
hallynno, wait19:42
stgraberhmm, in Oneiric I'd simply symlink their config into /etc/lxc/auto and they'll auto-start, that was working fine!19:42
hallynno, debian/local is just for his own scripts19:43
* stgraber starts to think we should just move the init script and all that stuff into the upstream branch and be done with it, no more distro delta ;)19:44
hallynworth discussing at uds.  especially once we start introducing our own network bridge for default config :)19:44
hallynstgraber, ok, LXC_AUTO defaults to true. but it's new.  so, should I just keep the same lxc.default we've had and avoid debconf questions, or should I add LXC_AUTO to our lxc.default so ppl know about it?19:47
hallynin either case, I figure I'm nuking .preinst and .postinst19:47
hallyn(defaults to true if it's not in /etc/default/lxc, i mean)19:47
hallyni'll add it in.19:48
rbasakslangasek: thanks, re: bug 86212919:53
ubottuLaunchpad bug 862129 in update-manager (Ubuntu Precise) "samba postrm depends on packages not guaranteed to be configured" [High,Triaged] https://launchpad.net/bugs/86212919:53
mwhudsonso my x220 completely reliably suspends and resumes19:58
mwhudsononce19:58
mwhudsonthe second resume fails, 100% of the time19:58
hallynstgraber, http://people.canonical.com/~serge/lxc-sync.debdiff is working for me19:58
stgrabermwhudson: do you have cgroup-bin installed? if so, replace it by cgroup-lite20:03
mwhudson$ dpkg-query -W cgroup-\*20:05
mwhudsonNo packages found matching cgroup-*.20:05
mwhudsonalthough hm, now things are just being strange20:06
mwhudsoni tried to reproduce using pm-suspend and it worked, but i'm on ac power now20:06
sorenstgraber: If that were the problem, the second *suspend* would be failing, IIRC. Not the second resume.20:07
mwhudsonand then i closed the lid and it didn't seem to suspend properly and when i opened the lid again it went to mirrored displays20:08
* mwhudson filed https://bugs.launchpad.net/ubuntu/+source/linux/+bug/88164720:08
ubottuLaunchpad bug 881647 in linux (Ubuntu) "lenovo x220 fails to resume more than once" [Undecided,Confirmed]20:08
stgrabersoren: last I had this bug was a while ago, couldn't remember if it was the second suspend or resume that was hanging because of cgroup-bin :)20:08
gordmy x220 suspends/resumes fine 100% of the time no matter how many times i do it =\20:09
mwhudsongord: oneiric?20:09
mwhudsonhm20:09
gordyup20:09
mwhudsonhm20:09
* mwhudson remembers something else20:09
mwhudsongord: does shutdown/reboot work properly for you?20:09
* hallyn doesn't have a single laptop, of many, that'll suspend/resume right now :(20:10
gordyeah all works fine20:10
gordsaying that though the X220 has quite a few customisations you can make so we might just have different hardware20:11
stgraberhallyn: any reason you kept lxc.template and lxc.config?20:11
mwhudsongord: yeah, likely i guess -- i have i7, ssd, intel wifi20:12
hallynthe .template is just for his default/lxc tweaking script?  guess that can go.  I thought lxc.config had something to do with the -dbg or -dev package20:12
gordintel wifi here, i3 and hd20:12
mwhudsonhm20:12
* mwhudson plays around -- will probably drop off :)20:12
hallynI see now20:13
hallynmy bad20:13
hallynyeah both of those can go20:13
stgraberhallyn: lxc.config prompts the user for the debconf keys from lxc.templates, my understanding is that these two were used for the templating of the defaults file done by the scripts you removed20:13
stgraberhallyn: ok, removed and added a comment to the changelog, continuing the review :)20:14
hallynstgraber: well, do you think we should rather keep the pre/postinst and add saving of MIRROR?20:14
hallynI don't like all that code for something like that;  but ...20:14
=== dendrobates is now known as dendro-afk
stgraberhallyn: any reason not to move lxc-start-ephemeral to that new local directory?20:16
hallynstgraber, no, and lxc-is-container coudl go there too20:16
stgraberok, I'll move them20:16
hallynis that location conventional?20:16
stgraberfirst time I saw that, I saw some others use debian/scripts/ too, I don't remember reading about a standard location20:17
barryany buildd admins around who can rescore a PPA build for me?20:18
stgraberI'm not too sure what to do with /etc/default/lxc to be honest, moving to debconf may be interesting but we need to make sure we don't end up prompting everyone who'll be upgrading from oneiric or lucid20:18
stgraberbarry: link?20:18
barrystgraber: https://launchpad.net/~barry/+archive/python/+build/287722420:18
barrystgraber: https://launchpad.net/~barry/+archive/python/+build/287722520:19
barry(the first is amd64, second i386)20:19
barrystgraber: thanks!20:19
stgraberbarry: there you go for a very small bump ;)20:19
barrystgraber: awesome, very nice! thanks20:20
stgraberhallyn: I'd be tempted to go without debconf for that initial merge, then if we feel the need, merge/extend that bit later in the cycle20:20
=== dendro-afk is now known as dendrobates
hallynstgraber, if you don't want the user to be prompted, then we should undo the changes i made to lxc.default altogether?20:21
stgraberhallyn: I don't want to have them prompted when they didn't touch the config file. I'm fine with prompting them if they changed something20:22
mwhudsonwell that was a bit strange, it suspends and resumes fine on ac power20:22
mwhudsonand pm-suspend is fine, but if i close the lid on battery power, then pm-suspend it oopses20:23
hallynok20:23
stgraberhallyn: any reason " debian/lxc.install - README gets (mis-)installed under --with-rootdir." isn't in Debian? doesn't that affect them too?20:24
hallynno, bc they don't use --with-rootdir=/usr/lib/lxc/root20:25
hallynwhich means, lxc-sshd wont' work for them20:25
stgraberok20:26
stgraberhallyn: http://paste.ubuntu.com/719149/20:26
hallynI assume lxcguest.install and lxc.install got updates reflecting the new locations for lxc-start-ephemeral and lxc-is-contaienr?20:28
stgraberI updated your section a bit and listed the changes I made20:28
stgraberyep, I dropped the lines from these two20:28
stgraberIIRC he simply copies everything from local to usr/bin20:28
hallyngreat.  looks good, thanks.  regarding the README, of course I don't know WHY it ends up in .../root20:28
hallynstgraber, thanks20:29
stgraberrest of the diff looks sane. I haven't looked at exactly what's changing in the diffs but that's what they have in Debian, so that should work :)20:29
stgraberI'll upload it now and will hopefully test it soon (need to upgrade a VM to precise, only have containers at the moment)20:30
lifelesshallyn: btw did I file a bug about rmmod working in containers ?20:30
lifeless[by default]20:30
stgraberlifeless: I'd be happy to +1 on that bug report ;) it's a major pain when upgrading containers20:31
lifelessstgraber: I have a rmmod iwlagn; modprobe iwlagn thing I run regularly.20:31
lifelessstgraber: my host is 64bit, containers 32bit.20:31
lifelessstgraber: finally I bind mount home into them, so I have a shared bash history...20:32
lifelessstgraber: guess what happened when I didn't check the host portion of my prompt, and my wifi did its 'I'm going to suck' thing.20:32
stgrabererr, my eyes don't work today ;) I read mknod instead of rmmod which is a completely different issue though just as annoying :)20:32
lifelessstgraber: heh :)20:32
stgraberlifeless: oh, and what happened to the kernel when you did that? :)20:33
lifelessstgraber: anyhow, iwlagn was removed, then modprobe failed spectacularly20:33
lifelessI can't recall if it tried to insert the 32 bit version or quite what went wrong20:33
stgraberI've noticed something similar with my automated d-i testing in a container, d-i tries to modprobe/insmod quite a bunch of modules into my kernel ;)20:34
lifelessstgraber: yah, that will be similar20:34
stgraberfor now I simply override modprobe and insmod with a simple "exit 0" ;)20:34
lifelessbug 85068720:34
ubottuLaunchpad bug 850687 in lxc (Ubuntu) "Should disable cap_module by default" [Wishlist,Triaged] https://launchpad.net/bugs/85068720:34
stgraberhallyn: user namespaces will solve all that right? :)20:34
hallynyup!20:36
hallynthey already solve that - you just can't then use the container :)20:36
stgraberhallyn: "can't then use the container", because of the VFS part?20:38
hallynlifeless, stgraber, well if the modprobe/rmmod one seriously bugs you now, then we should push the fix into the package instead of wiating for an upstream release...20:39
hallyni thought it ws just a security concern20:39
lifelesshallyn: bit of both20:39
hallynstgraber, not just that, there are lots of places that we default to denying containers privilege to resources which they own anyway20:39
hallynif i can get this last set of 8 patches into the kernel, then we can work on relaxing the security checks (and handling files)20:40
stgraberhallyn: did any of that patch that was written/pushed during the sprint make it to the kernel? I'd have thought the pid ns attach and reboot/shutdown one would be upstream by now...20:41
hallynno, it didn't.20:41
hallyndaniel's laptop got stolen, and eric's been busy with his dayjob20:41
hallynso both lxc-attach and reboot patches got lost20:42
hallyni'm hoping we can push both again next week20:42
slangasekouch20:42
hallynyeah20:43
stgraberargh, didn't know for Daniel's laptop, that really sucks...20:43
hallynthat also postponed some merging of lxc patches20:43
* hallyn tries hard to not be tied down to any one machine or phsyical location :)20:43
stgraberat least we have the patches on lkml/git, it's just going to be short if we want these upstream for 12.0420:44
stgraberunless we can convince our friend in the kernel team to carry these as an Ubuntu delta ;)20:44
hallyna few 6-packs might help20:44
hallynbut, maybe I should see if we can prod to have those pushed this week20:45
stgraberif that's what it takes, I'm sure we can get some ARM server company to sponsor that :)20:45
hallynexcellent20:45
stgraberhallyn: lxc uploaded20:45
=== dendrobates is now known as dendro-afk
barrystgraber: that amd64 build is going in the wrong direction.  first 2 minutes, than 9 minutes, now 14 minutes 'til it builds :).  no need to change anything, i just thought it was funny.  the i386 build gave me the information i need.20:47
hallynstgraber, great, thanks.20:47
stgraberbarry: interesting ;) I'm guessing that's because the buildds are busy with long running builds20:48
barrystgraber: that, or there's a little robot on an exercise wheel behind lp's web ui, rolling dice and laughing at us.  your explanation seems more plausible, but i'm sticking to mine.20:49
stgraber:)20:50
hallynstgraber, http://people.canonical.com/~serge/lxc-drop-sys_module.debdiff  (though that's against my tree, but apply against yours)  if you wanted to quickly push a fix for cap_sys_module too.20:53
hallyn(actually i wonder if dropping cap_mac_admin will end up breaking packages)20:55
=== mpt_ is now known as mpt
hallyn(that'd be fun)20:55
stgraberhallyn: is cap_sys_module also restricting reading the module list  (lsmod)? just wondering as I think we want that change anyway, I'd just need to update my default config when doing d-i testing20:55
hallynno. lsmod should still work20:55
hallyni can lsmod as unprivileged user20:56
stgrabergood20:56
stgraberwhat's cap_mac_admin doing? don't remember seeing that one before (do we have a list of all the cap_* somewhere? :))20:57
hallynuh, sure - linux-2.6/include/linux/capability.h :)20:57
hallynLSMs use that to gauge who can change policy20:57
stgrabergot to love kernel documentation :)20:58
hallynand mac_override, who can bypass it20:58
hallynso I assume this will keep containers from loading apparmor policies.20:58
hallynwe need to talk to jjohansen at uds about apparmor namespaces and how to handle all of this, of course20:58
hallynwell, oneiric container starts up fine though (without those caps)20:58
* hallyn installs apache2 as another test20:58
stgraberso we'd probably have to revert the cap_mac_* ones once we have the apparmor namespace change done in lxc or will that just work without the capability?21:00
* stgraber has no clue how apparmor actually works (if that wasn't clear ;))21:00
slangasekin a way that is comically incompatible with how selinux works :)21:01
* jjohansen reads back scroll21:01
dobeyis there an update to make pbuilder/etc know about precise, on older Ubuntus yet?21:01
barrytumbleweed: rock.  thanks for the confirmation.21:02
slangasek(Debian bug #634081 is a beautiful thing)21:02
ubottuDebian bug 634081 in slapd "/usr/sbin/slap* hard links break SELinux" [Normal,Open] http://bugs.debian.org/63408121:02
tumbleweedbarry: you did make it nice and easy :)21:02
sbeattiestgraber: capabilities(7) contains an overview of what each capability is, though definitely not in enough detail.21:02
barrytumbleweed: :)21:02
hallynstgraber, well, amusingly, cap_mac_admin will be targeted at the user namespace21:02
hallynso we shouldn't have to relax the check *if* we can use them21:03
hallynwait - no they wont21:03
hallynso yes, probably :)21:03
tumbleweeddobey: running into any particular problems?21:04
dobeytumbleweed: i can't do pbuilder create to make a chroot for it?21:05
tumbleweeddobey: on what release?21:05
dobeyon 11.0421:05
tumbleweeddobey: right. natty and maverick haven't got debootstrap backports21:06
tumbleweedI think there's also a ubuntu-dev-tools/distro-info thing I need to do for one or two of them21:07
dobeywhat's the best way to make a pbuilder chroot then? is there a base.tgz i can just download from somewhere?21:08
geserdobey: cd /usr/share/debootstrap/scripts && sudo ln -s gutsy precise21:08
tumbleweedwhat geser said :)21:08
dobeyah ok21:09
stgraberhallyn: I'm confused ;)21:13
hallynstgraber, so yes, we may end up re-enabling mac_admin in containers21:21
stgraberhallyn: ok :)21:22
stgraberhallyn: I'll wait for LXC to build on everything, then push that extra change then21:22
hallyndepends on what we can do with apparmor namespaces21:22
hallynstgraber, ok, thanks.  and hopefull i don't break anyone...21:22
hallyn(maybe libvirt in a container - but who'd do that? :)21:23
stgraberat least I seem to remember jjohansen being marked as essential for the LXC session at UDS, so we'll hopefully know more then21:23
hallynyup21:24
jjohansenheh yeah I am planning on being there, but I can provide info now if you would like21:24
jjohansencurrently apparmor need MAC_ADMIN to load policy21:25
jjohansenbut I am more than open to discussion revisions/changes that maybe needed.21:26
hallynjjohansen, are there any packages that will just fail to install or run without MAC_ADMIN?  or will they just not end up installing a policy?21:30
jjohansenhallyn: the packages shouldn't fail, but the policy will fail to load21:30
hallynjjohansen, fwiw, if, when apparmor namespaces are done, a child namespace will be contained by an overall policy, then I think we can let containers have CAP_MAC_ADMIN.21:31
hallyncool21:31
jjohansenright, even as they are right now the child namespace can't manipulate the parent's namespace with CAP_MAC_ADMIN, but that doesn't mean much as it has access to the rest of the system if it wants.21:32
hallynjjohansen, i suppose i should check for any apparmor uds sessions too21:48
jjohansenhallyn: heh if your interested sure, but don't feel compelled, we can discuss lxc bits in lxc sessions, etc21:50
hallynok, great!21:50
=== AaronMT is now known as AaronMT|away
hallynhm, there seems to be a bug in tunctl.  'tunctl -u 1000' is *not* making 1000 own tapN22:24
=== AaronMT|away is now known as AaronMT
=== AaronMT is now known as AaronMT|away
=== gallth is now known as tgall_foo
=== dendro-afk is now known as dendrobates

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!