[13:22] * highvoltage starts syncing current isos [20:07] "For this release we focused on quality and stability and refrained from any important feature change. [20:07] " [20:08] stgraber: can I "s/important/significant/g"? [20:08] "iTalc, our classroom management tool was replaced by Epoptes, that's more stable and better integrated with Edubuntu and LTSP." [20:08] highvoltage: sure, sounds better [20:08] "s/that's/which is/g"? [20:08] highvoltage: +1 [20:09] * stgraber does ISO testing in very-picky mode, reporting everything he sees as a bug (only two so far) [20:13] stgraber: I'm temtped to mention the gnome-fallback improvements too, since we're the only derivative shipping it (even though it's an option) [20:13] highvoltage: yeah, we can probably at least mention that we still ship it [20:14] highvoltage: I didn't get a session that looks as good as omgubuntu's by default but close enough to it and at least it didn't crash on me this time [20:17] highvoltage: looking at it again, the only difference is that I don't have the ubuntu icon next to the menu (or edubuntu in this case) [20:25] stgraber: yeah and that we can easily fix [20:25] alkisg: hmm, we don't have epoptes-client installed by default in the edubuntu chroot, we need it right? [20:25] stgraber: heh, we have a big puppet text logo in the resolv.conf in the default chroot in ltsp in edubuntu [20:26] highvoltage: so and so. We lose some functionality, but not all [20:26] We lose the ability to control the clients before login (shut them down, vnc to them) [20:26] stgraber: I thought we fixed that by cp'ing resolv.conf and sources.list from the host after installation, but aparantly I'm mistaken :( [20:26] And x11vnc then runs in the user session instead of locally, so it's just a bit slower [20:27] So it's not very important, but yeah it'd be nice if it was installed. But you'd need the server certificate in the chroot. [20:27] (a file copy, or epoptes-client -c in the chroot) [20:27] ok [20:28] alkisg: ah, we extract the ltsp image when installing, and then we're able to make some changes before doign a ltsp-update-image again [20:28] alkisg: so it's possibly something we could fix still [20:28] highvoltage: it wasn't easy to install epoptes by default and still make it work with ltsp-live in a secure way [20:28] Cool! We just need /etc/epoptes/server.key [20:28] Copied in the same location in the chroot [20:29] stgraber: if needed, we can easily regenerate the certificate, or symlink to the snakeoil one [20:29] *server.crt [20:29] alkisg: the problem is with ltsp-live, the chroot is built on a completely different machine and architecture as the rest of the CD [20:30] alkisg: we use 4 machines to build the Edubuntu media [20:30] 1) builds our ltsp i386 chroot and sends a .squashfs back to nasukan [20:30] stgraber: yeah if we can at least have it work for the installed system out of the box, that would be good [20:30] 2) builds our i386 live system and sends it to nasukan [20:30] 3) builds our amd64 live system and sends it to nasukan [20:30] (but I don't care so much for ltsp-live and epoptes atm) [20:30] 4) (nasukan) generates the .iso including all the .squashfs it received [20:31] stgraber: I can add an epoptes-client option to make it run without verifying the certificate, if it helps. Maybe even check for an lts.conf option for that. [20:31] nasukan never unpacks/repacks .squashfs, so there's no way to copy a file from the live media to the chroot for ltsp-live [20:31] E.g. EPOPTES_CLIENT_VERIFY_CERTIFICATE=False in lts.conf [20:31] allowing it to run without certificate would work for ltsp-live indeed, then let the ltsp-server package mangle the chroot when installing [20:31] And of course that won't be put in the installed system [20:31] but I won't do that for 12.04 [20:31] might do it for 12.10 [20:32] alkisg: cool, that doesn't sound any worse than the ssh security we currently bypass in ltsp-live, so I guess that would work [20:32] If it's going in 12.04, I'll do it next week, otherwise I'll leave it for later [20:32] I guess for 12.04 we should at the very least remember to document how to use epoptes on edubuntu [20:32] it won't be going in 12.04, adding the extra package will require a change to the Canonical build infrastructure which by itself can take over a week [20:33] (since we say that it's well integrated) [20:33] but for 12.10 we can certainly do it [20:33] and create a bug so long for 12.10 [20:33] highvoltage: as for resolv.conf, it's weird it got in there but it's not a big concern as it gets replaced at boot time anyway [20:34] highvoltage: with epoptes preinstalled, and without epoptes-client in the chroot, there's nothing to document, one only needs to launch it :) [20:34] highvoltage: sources.list is a bit more annoying though [20:35] alkisg: ah, it didn't work for me and mgariepy like that [20:35] I'd like to hear why, it should [20:35] highvoltage: can you file a bug against ltsp and assign it to me? I'll make sure I get these two fixed in the next upload, simply re-generating sources.list [20:35] For ltsp, that is [20:35] stgraber: yeah but I don't need to change the chroot for that, iirc we did fix that in ltsp-live at some point [20:35] highvoltage: Ooops sorry the user needs to be added in the epoptes group [20:35] You're right [20:36] stgraber: so it would extract the image, then copy over the host's sources.list and resolv.conf and then ltsp-update-image [20:36] alkisg: ok, mgariepy says there wasn't a certificate on the server, but it's possible that he *might have looked on the wrong place [20:36] stgraber, highvoltageI wonder if it would be a good idea to make the socket owned by sudo:epoptes, so that sudoers can run epoptes without using sudo and without being in the epoptes group [20:36] (brb rebooting thin client where my session is currently displayed) [20:36] highvoltage: the certificate is auto-generated on postinst, it should be here [20:37] alkisg: ah right, that resulted in a bug where all the certificates on the live media were the same [20:37] alkisg: I believe stgraber recently fixed that, perhaps that's what broke it again :) [20:38] highvoltage: http://paste.ubuntu.com/904529/ [20:39] highvoltage: please just give me a bug number to go with it :) [20:40] highvoltage: ubiquity is supposed to generate a new one at install time [20:40] but failed at doing it apparently... [20:41] highvoltage: can you get me a bug report for that one too please? (against edubuntu-live) [20:41] alkisg: epoptes is working very nicely :) [20:41] After spending more than a month stabilizing it, it'd better be! :D [20:42] I'll do that sudo-group change though for precise, in order to avoid having to add users in the epoptes group for common cases [20:42] And I'll put that lts.conf var option to run without a certificate verification, even if it's not going to be used for 12.04 [20:43] I hope vagrantc can upload it on debian on monday, so I'll do the last epoptes upload on tuesday [20:43] highvoltage: I found a fix for the epoptes missing-certificate bug, just file a bug against edubuntu-live [20:43] stgraber: ah, great! I'll go ahead and file that bug for the files [20:44] http://paste.ubuntu.com/904537/ is the fix [20:44] something in epoptes' postinst changed that make the rm -Rf of the whole dir break the postinst :) [20:44] I declared that in debian/dirs instead, yeah [20:46] well, that's the right place for it ;) sadly my code was depending on you creating it in postinst. easy fix anyway [20:47] * alkisg loves the idea of the lts.conf var, which would help troubleshooting a lot of cases where people don't read the installation instructions about epoptes-client -c in the chroot, and the sudo group change, which will make epoptes run out of the box on edubuntu live and on most other cases too [20:49] Bah. sudo is a group, not a user, the socket can't be owned by sudo:epoptes :( [20:52] I could automatically add all sudo members to the epoptes group, since they'd be able to add themselves to the epoptes group anyway, but I don't really like the idea [20:58] 'night guys [20:59] highvoltage: I'm taking care of filing the LTSP bug (so I can finally commit that stuff) [20:59] stgraber: ok great [21:01] highvoltage: also taking care of the edubuntu-live one [21:01] stgraber: that won't be fixed for the beta (I'm assuming), so can I release not it? [21:01] *note [21:02] * highvoltage adds it so long anyway [21:02] highvoltage: yeah, I'll mark them all on the tracker so we can get them from there if we forget to add them as we find them [21:09] what's the gnome command to add/remove users and change a users (advanced) permissions? [21:09] highvoltage: can you try reporting a bug at https://bugs.launchpad.net/ubuntu/+source/edubuntu-live/+filebug see if it oops for you too? [21:09] highvoltage: I'm trying to report the epoptes one but LP no longer likes me for some reason [21:12] stgraber: which one should I file a bug for? the ltsp-live one for sources.list and resolv.conf? [21:14] highvoltage: nope ltsp-live is the one I filed before (and worked fine), I'm trying to file the epoptes one [21:30] stgraber: heh, mine just got slow to the point that loading the page timed out [21:30] highvoltage: yeah, spm in #launchpad just told me that they messed up a LP rollout [21:30] ah ok [21:30] highvoltage: I'll post my bug again when he tells me that's fixed [21:46] edubuntu is now fully tested [23:08] highvoltage: Edubuntu 12.04 will ship by Epoptes by => s/by // [23:08] highvoltage: (post on G+) [23:14] oops [23:15] highvoltage: at least on G+ it's fixable, if you posted somewhere else, well, too bad ;) [23:20] some guy on facebook complained about the pic on user 3's desktop [23:20] (silly people)