[13:22]  * highvoltage starts syncing current isos
[20:07] <highvoltage> "For this release we focused on quality and stability and refrained from any important feature change.
[20:07] <highvoltage> "
[20:08] <highvoltage> stgraber: can I "s/important/significant/g"?
[20:08] <highvoltage> "iTalc, our classroom management tool was replaced by Epoptes, that's more stable and better integrated with Edubuntu and LTSP."
[20:08] <stgraber> highvoltage: sure, sounds better
[20:08] <highvoltage> "s/that's/which is/g"?
[20:08] <stgraber> highvoltage: +1
[20:09]  * stgraber does ISO testing in very-picky mode, reporting everything he sees as a bug (only two so far)
[20:13] <highvoltage> stgraber: I'm temtped to mention the gnome-fallback improvements too, since we're the only derivative shipping it (even though it's an option)
[20:13] <stgraber> highvoltage: yeah, we can probably at least mention that we still ship it
[20:14] <stgraber> highvoltage: I didn't get a session that looks as good as omgubuntu's by default but close enough to it and at least it didn't crash on me this time
[20:17] <stgraber> highvoltage: looking at it again, the only difference is that I don't have the ubuntu icon next to the menu (or edubuntu in this case)
[20:25] <highvoltage> stgraber: yeah and that we can easily fix
[20:25] <highvoltage> alkisg: hmm, we don't have epoptes-client installed by default in the edubuntu chroot, we need it right?
[20:25] <highvoltage> stgraber: heh, we have a big puppet text logo in the resolv.conf in the default chroot in ltsp in edubuntu
[20:26] <alkisg> highvoltage: so and so. We lose some functionality, but not all
[20:26] <alkisg> We lose the ability to control the clients before login (shut them down, vnc to them)
[20:26] <highvoltage> stgraber: I thought we fixed that by cp'ing resolv.conf and sources.list from the host after installation, but aparantly I'm mistaken :(
[20:26] <alkisg> And x11vnc then runs in the user session instead of locally, so it's just a bit slower
[20:27] <alkisg> So it's not very important, but yeah it'd be nice if it was installed. But you'd need the server certificate in the chroot.
[20:27] <alkisg> (a file copy, or epoptes-client -c in the chroot)
[20:27] <highvoltage> ok
[20:28] <highvoltage> alkisg: ah, we extract the ltsp image when installing, and then we're able to make some changes before doign a ltsp-update-image again
[20:28] <highvoltage> alkisg: so it's possibly something we could fix still
[20:28] <stgraber> highvoltage: it wasn't easy to install epoptes by default and still make it work with ltsp-live in a secure way
[20:28] <alkisg> Cool! We just need /etc/epoptes/server.key
[20:28] <alkisg> Copied in the same location in the chroot
[20:29] <alkisg> stgraber: if needed, we can easily regenerate the certificate, or symlink to the snakeoil one
[20:29] <alkisg> *server.crt
[20:29] <stgraber> alkisg: the problem is with ltsp-live, the chroot is built on a completely different machine and architecture as the rest of the CD
[20:30] <stgraber> alkisg: we use 4 machines to build the Edubuntu media
[20:30] <stgraber> 1) builds our ltsp i386 chroot and sends a .squashfs back to nasukan
[20:30] <highvoltage> stgraber: yeah if we can at least have it work for the installed system out of the box, that would be good
[20:30] <stgraber> 2) builds our i386 live system and sends it to nasukan
[20:30] <stgraber> 3) builds our amd64 live system and sends it to nasukan
[20:30] <highvoltage> (but I don't care so much for ltsp-live and epoptes atm)
[20:30] <stgraber> 4) (nasukan) generates the .iso including all the .squashfs it received
[20:31] <alkisg> stgraber: I can add an epoptes-client option to make it run without verifying the certificate, if it helps. Maybe even check for an lts.conf option for that.
[20:31] <stgraber> nasukan never unpacks/repacks .squashfs, so there's no way to copy a file from the live media to the chroot for ltsp-live
[20:31] <alkisg> E.g. EPOPTES_CLIENT_VERIFY_CERTIFICATE=False in lts.conf
[20:31] <stgraber> allowing it to run without certificate would work for ltsp-live indeed, then let the ltsp-server package mangle the chroot when installing
[20:31] <alkisg> And of course that won't be put in the installed system
[20:31] <stgraber> but I won't do that for 12.04
[20:31] <stgraber> might do it for 12.10
[20:32] <highvoltage> alkisg: cool, that doesn't sound any worse than the ssh security we currently bypass in ltsp-live, so I guess that would work
[20:32] <alkisg> If it's going in 12.04, I'll do it next week, otherwise I'll leave it for later
[20:32] <highvoltage> I guess for 12.04 we should at the very least remember to document how to use epoptes on edubuntu
[20:32] <stgraber> it won't be going in 12.04, adding the extra package will require a change to the Canonical build infrastructure which by itself can take over a week
[20:33] <highvoltage> (since we say that it's well integrated)
[20:33] <stgraber> but for 12.10 we can certainly do it
[20:33] <highvoltage> and create a bug so long for 12.10
[20:33] <stgraber> highvoltage: as for resolv.conf, it's weird it got in there but it's not a big concern as it gets replaced at boot time anyway
[20:34] <alkisg> highvoltage: with epoptes preinstalled, and without epoptes-client in the chroot, there's nothing to document, one only needs to launch it :)
[20:34] <stgraber> highvoltage: sources.list is a bit more annoying though
[20:35] <highvoltage> alkisg: ah, it didn't work for me and mgariepy like that
[20:35] <alkisg> I'd like to hear why, it should
[20:35] <stgraber> highvoltage: can you file a bug against ltsp and assign it to me? I'll make sure I get these two fixed in the next upload, simply re-generating sources.list
[20:35] <alkisg> For ltsp, that is
[20:35] <highvoltage> stgraber: yeah but I don't need to change the chroot for that, iirc we did fix that in ltsp-live at some point
[20:35] <alkisg> highvoltage: Ooops sorry the user needs to be added in the epoptes group
[20:35] <alkisg> You're right
[20:36] <highvoltage> stgraber: so it would extract the image, then copy over the host's sources.list and resolv.conf and then ltsp-update-image
[20:36] <highvoltage> alkisg: ok, mgariepy says there wasn't a certificate on the server, but it's possible that he *might have looked on the wrong place
[20:36] <alkisg> stgraber, highvoltageI wonder if it would be a good idea to make the socket owned by sudo:epoptes, so that sudoers can run epoptes without using sudo and without being in the epoptes group
[20:36] <highvoltage> (brb rebooting thin client where my session is currently displayed)
[20:36] <alkisg> highvoltage: the certificate is auto-generated on postinst, it should be here
[20:37] <highvoltage> alkisg: ah right, that resulted in a bug where all the certificates on the live media were the same
[20:37] <highvoltage> alkisg: I believe stgraber recently fixed that, perhaps that's what broke it again :)
[20:38] <stgraber> highvoltage: http://paste.ubuntu.com/904529/
[20:39] <stgraber> highvoltage: please just give me a bug number to go with it :)
[20:40] <stgraber> highvoltage: ubiquity is supposed to generate a new one at install time
[20:40] <stgraber> but failed at doing it apparently...
[20:41] <stgraber> highvoltage: can you get me a bug report for that one too please? (against edubuntu-live)
[20:41] <highvoltage> alkisg: epoptes is working very nicely :)
[20:41] <alkisg> After spending more than a month stabilizing it, it'd better be! :D
[20:42] <alkisg> I'll do that sudo-group change though for precise, in order to avoid having to add users in the epoptes group for common cases
[20:42] <alkisg> And I'll put that lts.conf var option to run without a certificate verification, even if it's not going to be used for 12.04
[20:43] <alkisg> I hope vagrantc can upload it on debian on monday, so I'll do the last epoptes upload on tuesday
[20:43] <stgraber> highvoltage: I found a fix for the epoptes missing-certificate bug, just file a bug against edubuntu-live
[20:43] <highvoltage> stgraber: ah, great! I'll go ahead and file that bug for the files
[20:44] <stgraber> http://paste.ubuntu.com/904537/ is the fix
[20:44] <stgraber> something in epoptes' postinst changed that make the rm -Rf of the whole dir break the postinst :)
[20:44] <alkisg> I declared that in debian/dirs instead, yeah
[20:46] <stgraber> well, that's the right place for it ;) sadly my code was depending on you creating it in postinst. easy fix anyway
[20:47]  * alkisg loves the idea of the lts.conf var, which would help troubleshooting a lot of cases where people don't read the installation instructions about epoptes-client -c in the chroot, and the sudo group change, which will make epoptes run out of the box on edubuntu live and on most other cases too
[20:49] <alkisg> Bah. sudo is a group, not a user, the socket can't be owned by sudo:epoptes :(
[20:52] <alkisg> I could automatically add all sudo members to the epoptes group, since they'd be able to add themselves to the epoptes group anyway, but I don't really like the idea
[20:58] <alkisg> 'night guys
[20:59] <stgraber> highvoltage: I'm taking care of filing the LTSP bug (so I can finally commit that stuff)
[20:59] <highvoltage> stgraber: ok great
[21:01] <stgraber> highvoltage: also taking care of the edubuntu-live one
[21:01] <highvoltage> stgraber: that won't be fixed for the beta (I'm assuming), so can I release not it?
[21:01] <highvoltage> *note
[21:02]  * highvoltage adds it so long anyway
[21:02] <stgraber> highvoltage: yeah, I'll mark them all on the tracker so we can get them from there if we forget to add them as we find them
[21:09] <rtdos> what's the gnome command to add/remove users and change a users (advanced) permissions?
[21:09] <stgraber> highvoltage: can you try reporting a bug at https://bugs.launchpad.net/ubuntu/+source/edubuntu-live/+filebug see if it oops for you too?
[21:09] <stgraber> highvoltage: I'm trying to report the epoptes one but LP no longer likes me for some reason
[21:12] <highvoltage> stgraber: which one should I file a bug for? the ltsp-live one for sources.list and resolv.conf?
[21:14] <stgraber> highvoltage: nope ltsp-live is the one I filed before (and worked fine), I'm trying to file the epoptes one
[21:30] <highvoltage> stgraber: heh, mine just got slow to the point that loading the page timed out
[21:30] <stgraber> highvoltage: yeah, spm in #launchpad just told me that they messed up a LP rollout
[21:30] <highvoltage> ah ok
[21:30] <stgraber> highvoltage: I'll post my bug again when he tells me that's fixed
[21:46] <stgraber> edubuntu is now fully tested
[23:08] <stgraber> highvoltage: Edubuntu 12.04 will ship by Epoptes by => s/by //
[23:08] <stgraber> highvoltage: (post on G+)
[23:14] <highvoltage> oops
[23:15] <stgraber> highvoltage: at least on G+ it's fixable, if you posted somewhere else, well, too bad ;)
[23:20] <highvoltage> some guy on facebook complained about the pic on user 3's desktop
[23:20] <highvoltage> (silly people)