/srv/irclogs.ubuntu.com/2013/02/07/#ubuntu-release.txt

=== Ursinha_ is now known as Ursinha
=== rsalveti_ is now known as rsalveti
cjwatsonstgraber: I was hoping you could verify that a UEFI (and preferably SB) machine still boots with the grub-efi-amd64-signed in -proposed09:09
cjwatsonstgraber: precise-proposed, that is09:09
jamespagefreaky - I was about to ask for iscsitarget to be accepted :-)09:26
psivaacjwatson: I assume that the fix for precise d-i kernel mismatch issue is still pending09:29
=== mmrazik is now known as mmrazik|otp
cjwatsonpsivaa: Yeah, pending my request to stgraber above09:39
cjwatson(So that I can promote grub2-signed to -updates, so that I can promote debian-installer to -updates)09:39
psivaacjwatson: ack, thanks09:39
=== yofel_ is now known as yofel
=== henrix_ is now known as henrix
=== mmrazik|otp is now known as mmrazik
=== doko_ is now known as doko
plarscjwatson, balloons: are we going to see the iso tracker open soon for 12.04.2?14:15
stgrabercjwatson: I'll do that today14:19
plarsstgraber: awesome, thanks14:22
cjwatsonI think he was talking about something else :)14:23
cjwatsonplars: no point until stgraber's done with this verification step for me, but after that, yes14:23
* plars sees the scrollback and realizes his confusion :)14:23
plarsbut thanks for that too stgraber... I'd like to see about how we might include some uefi in the automated smoke tests that get run too14:24
plarsiirc, someone looked at this at one point and determined that something was blocking it at the time14:24
stgraberplars: for the tracker, I actually prepared everything yesterday, so it's just a matter of creating the milestone once we think we're ready (and I realise it's kinda blocking on me, so I'll try to do the UEFI test soon ;))14:27
plarsstgraber: is there anything that would cause problems with automation of uefi/secure boot testing still?14:29
plarsstgraber: I'd like to see if we can get a machine in the lab capable of that and just make it one of the normal daily automated tests14:29
stgraberplars: well, I'm not sure how good our SB PXE boot story is, so chances are you'd need to boot from a media which makes it a bit harder to automate14:32
stgraberplars: you'd also typically want two machines, one with SB and one without as you can't simply switch between the two modes (requires a change in the firmware UI which only a local user should be able to access)14:33
plarsstgraber: right, iirc it was an issue with pxe booting14:33
stgraberyeah, we need a signed grub2 with the tftp module (which apparently had some problems of its own), then a signed kernel. With the right DHCP configuration, the firmware should be able to grab grub verify the signature, then let it grab the kernel, verify the signature and finally boot d-i14:34
stgraberbut AFAIK we don't ship a signed grub2 with tftp support at the moment and our netboot images don't include a signed kernel14:35
stgraberan alternative is to test secureboot in a VM. I believe slangasek is packaging those bits and it's been working relatively well for me here when doing some grub2/shim debugging, though I never tried to actually run a full install on it (I usually just do it on metal as it's faster)14:36
cjwatsonstgraber: the problem with SB in a VM is that AFAIK there's no way to get it to load nvram state14:40
cjwatsonstgraber: we do ship a signed grub2 with tftp support, but it (reportedly) doesn't work14:40
cjwatsonactually, sorry, I'm wrong14:41
cjwatsonI think I didn't bother *because* it was reported not to ork14:41
cjwatson*work14:41
stgrabercjwatson: I actually have a trick for the nvram not being persistent. I have a very simple .efi binary which loads all the signature keys into the firmware and enables secureboot. That binary is put into a minimal disk image along with a startup script that calls it and then calls whatever you want.14:43
stgrabercjwatson: so when the VM starts, the startup script is detect and called, it then loads the keys and turn on secureboot, anything you try to load after that needs to be signed14:44
stgraberif we really needed that, I guess we could dump all the variables and have the same efi binary restore all the variables at boot time too (not just the PKI bits)14:45
cjwatsonDoes that work for efibootmgr variables too?14:48
stgraberI only have a vague understanding of how the UEFI variables work, but I guess we could save and restore the efibootmgr variables too yeah.14:53
stgrabercjwatson: though isn't the nvram at least persistent accross reboot? if so, then we don't even have to worry about this for automated install testing (as they don't usually shut down the VM in the middle of the test)14:54
stgraberbut it'd certainly be nice for people who actually want to setup a test environment where they don't need to manually browse and call grub2 every time they want to boot ;)14:54
stgraber(I only poked at that stuff because I'm writting some UEFI-SB challenges for a security contest I help organise and we needed to automate testing of the binaries we'd receive from the contestants)14:56
cjwatsonstgraber: I don't *think* it's been for me with kvm/ovmf15:02
stgraberin theory we don't actually need the boot variables for automated testing, as grub always end up at the same place, we could just call its path from the startup script, but that means we can't test the output of efibootmgr -v post-reboot and that this test should be done as a post-install hook then15:04
stgraber(btw, almost done installing precise on my laptop, so should have test results for grub2 real soon now)15:04
jdstrandstgraber, plars: fyi, this page has some stuff for testing in a vm for when I was looking at secureboot-db: https://wiki.ubuntu.com/SecurityTeam/SecureBoot15:05
jdstrandI've run full installs with secure boot enabled in a vm. it doesn't do pxe boot and doesn't automatically preconfigure the databases. warm reboots are fine15:06
stgraberok, cool, so yeah, combined with the efi binary I have here to setup the databases at boot time, we should be able to automate secureboot testing15:06
plarsjdstrand: thanks, I certainly prefer testing on real hardware, but this looks like a good option to investigate15:08
* jdstrand nods15:08
jdstrandplars: I imagine there is quit a bit in there you could consume that isn't VM specific15:09
jdstrands/quit/quite/15:09
plarsjdstrand: indeed, thanks for the link15:09
jdstrandnp15:09
stgraberfully up to date 12.04.2 system works fine on SB, now trying the new grub215:21
rtgtyhicks, when does libaudit-dev get promoted to main ?15:24
stgrabercjwatson: all good, updated grub-efi-amd64-signed, that pulled secureboot-db, rebooted and everything still works15:28
cjwatsonstgraber: yay15:36
mdeslaurcan someone please reject that postgresql ^16:27
mdeslaurwrong pocket16:27
xnoxthere are folks that really really want lvm2 accepted into -proposed (but not for 12.04.2)16:28
mdeslaurstgraber: could you reject postgresql, please? ^16:29
cjwatsonmdeslaur: done16:29
mdeslaurcjwatson: thanks!16:29
mdeslaurstgraber: nm16:29
cjwatsonxnox: hmm, caribou didn't seem that desperate on #ubuntu-devel?16:29
xnoxcjwatson: yeah, he was more desperate in private message =)16:30
xnoxcjwatson: he has folks that can test it / want to test it asap.16:30
stgrabermdeslaur: I'm not an archive admin or SRU team member so I can only reject stuff from the dev release anyway ;)16:32
mdeslaurstgraber: oh! for some reason I though your possessed all of those superpowers :P16:33
mdeslaurs/your/you/16:33
cjwatsonxnox: reviewing16:33
stgrabermdeslaur: hehe, I think those two are pretty much the only ones I don't have ;)16:34
mdeslaurhehe16:34
cjwatsonxnox: ok, looks fine for -proposed, preferably not rammed into 12.04.216:36
xnoxcjwatson: ok. thank you. I will be gatekeeping it away from 12.04.216:36
cjwatsonxnox: no need, I'm unlikely to accept it ;-)16:39
cjwatsonany further changes to .2 are manual at this point ...16:39
cjwatsonspeaking of:16:40
xnox\o/ good16:40
* cjwatson promotes debian-installer16:40
cjwatsonand I want this unity change so I think I'll need to waive the waiting period16:40
cjwatsonRight, I think that's the door shut for 12.04.2, barring any validation failures16:44
cjwatsonWill be respinning for the new d-i once it publishes16:44
cjwatson(I promoted unity too, waiving the waiting period, in case that comment got eaten by my ADSL dropping)16:45
seb128cjwatson, sorry I didn't upload the 12.04(.1) -> 12.04.2 logo updates yet for gnome-control-center/unity-greeter, waiting on design to send the image (rosie is just working on it atm) ... if that missed the image I guess that can still get in an update16:48
seb128the greeter says "12.04 LTS" atm, not .1, so that's ok16:48
seb128the system settings -> details is not the most visible panel so it's no big deal16:48
seb128(that one says 12.04.1)16:49
ogra_in a graphic ?16:49
cjwatsonOh, yes16:49
cjwatsonseb128: 12.04 LTS I think is fine as it is, TBH16:49
cjwatsonThat's a name for the whole series16:49
seb128right16:49
seb128well, system settings has 12.04.116:49
cjwatsonseb128: But I agree we should fix the system settings - give me a shout once that's uploaded16:49
seb128I would be fine with either 12.04 or 12.04.216:49
seb128thanks16:49
seb128will do16:50
cjwatsonI'd forgotten about that16:50
ogra_having the text in the logo seems pretty pointelss at that place, there would be enough space to just have pango text rendered there16:51
stgraberseb128: any chance this can eventually be changed to just using lsb?16:51
ogra_(which could be read from lsb)16:51
seb128patches are welcome16:51
seb128if the rendering is the same16:52
seb128I'm also unsure what's the performance cost of running lsb and generate the logo at every boot, but probably low16:52
cjwatsonNot for 12.04 though please?16:52
ogra_why at every boot ?16:52
stgraberthe unity-greeter text used to be rendered and was moved to an image, so there must have been some reason, is the system settings stuff also using an image? (it looks like simple text without anything fancy around)16:53
ogra_you would just render it on the fly if the tab is open or when g-c-c is started or so16:53
stgrabercalling lsb_release is indeed pretty slow, parsing /etc/lsb-release is pretty quick though16:53
seb128stgraber, yes it is16:53
ogra_stgraber, well, if we wait for the design team to update "the logo" for reading 12.04.2 ...16:53
stgraberseb128: fun ;)16:53
seb128cjwatson, no worry, I don't plan to change that in a SRU16:53
ogra_heh16:54
cjwatsonIf it's a significant hassle for design, we should just make it say 12.04 LTS so that they have to update it less often16:54
ogra_or ask them to use an svg16:54
ogra_the text could be seeded at build time into it16:54
seb128cjwatson, I've a call in one min, I uploaded g-c-c with new logo, I will handle the bug to be SRU compliant etc after my call16:59
seb128the logo says 12.04.2 LTS16:59
seb128we can change back to 12.04 LTS later16:59
seb128or I can do that after my call if you prefer16:59
cjwatsonI don't mind.  I'll wait 'til you've fixed up the bug so I don't have to :-)17:01
cjwatsonThanks17:01
tyhicksrtg: re libaudit-dev> The audit package will need to go through a main inclusion review17:16
rtgtyhicks, I thought that was the whole point of that bug ?17:16
tyhicksrtg: It is. I did the upfront leg work and now the MIR team will need to take over from here.17:17
tyhicksrtg: I'm not sure how long it will take, but I'll be pushing for it to be done during this cycle. Some of our AppArmor work needs libaudit.17:18
rtgtyhicks, as does the kernel17:18
tyhicksrtg: perf, right? (I added that to the bug description yesterday)17:19
rtgyep17:19
antaruscjwatson: .... ;)17:29
antaruscjwatson: now I get to go rip those unity packages out of Goobuntu so we get yours ;p17:30
antaruscjwatson: no irc alerts for promoting stuff to updates?17:30
cjwatsonAfraid not, they're based on the queues and this isn't a queue operation17:31
cjwatson(But stgraber runs that bot, not me)17:32
rtgherton, so, what knobs am I supposed to twist in a release tracking bug ? bug #111856817:36
ubot2Launchpad bug 1118568 in linux (Ubuntu Raring) "linux: 3.8.0-5.10 -proposed tracker" [Medium,In progress] https://launchpad.net/bugs/111856817:36
rtg-EWRONGCHAN17:36
stgraberyeah, detecting promotions isn't that easy as you essentially need to monitor the whole content of -updates which I believe is pretty large for releases like precise ;)17:37
stgrabereasiest way is to subscribe to precise-changes ;)17:37
antarusstgraber: I am on precise-changes ;p17:38
antarusstgraber: it mostly goes in a spambox where I just query it later ;p17:38
antaruscjwatson: thank you for the quick push in any case ;)17:44
=== henrix is now known as henrix_
=== henrix_ is now known as henrix
seb128cjwatson, g-c-c in the queue, bug SRU compliant, I opted for "12.04 LTS", that's what we have on the login screen and will avoid having the issue again for .318:27
seb128cjwatson, that's 0ubuntu0.9, I'm uploaded a 0ubuntu0.10 with a fix which was waiting in the queue but that one can go after .218:29
=== joshuahoover1 is now known as joshuahoover
stgraberDaviey: there you go, lxc for both precise and quantal with the UEFI fix (and a bunch of others)19:36
Davieystgraber: thanks19:46
=== henrix is now known as henrix_
antarusahh days when I hate irc ;)21:15
antarus:(21:29
antarusI wonder if marga tested that gnome-control-center patch before she sent it in ;p21:29

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!