[00:25] Hello, I seem to have run into an issue with two files not appearing in KDE's menu, however, when attempting to rescan and re-add these, I get the following errors. [00:25] kbuildsycoca4(16401) KConfigGroup::readXdgListEntry: List entry Keywords in "/usr/share/applications/firefox.desktop" is not compliant with XDG standard (missing trailing semicolon). [00:25] kbuildsycoca4(16401) KConfigGroup::readXdgListEntry: List entry Categories in "/usr/share/applications/kde4/k4dirstat.desktop" is not compliant with XDG standard (missing trailing semicolon). [00:25] However, I noticed that not all files in the folder have a trailing semicolon, so I was wondering if anyone could either paste their files listed in that folder, or if they could show me a way to replace those files through a reinstall or something? [00:25] Because purge doesn't remove the files. [00:28] GH0: you may wish to try #ubuntu, most servers don't have desktops installed :) [00:28] Lol, well, I figured that because I was running a server build, the best thing to do was ask in here first before being told to bring it in this channel. Will do though. [00:28] GH0: the difference is more in package selection than anything else :) === Smark is now known as Smark[Gone] [00:42] i have a ubuntu VPS linode server running 10.04. i want to upgrade to ubuntu 12.04. its giving me a warning about doing it over SSH... any precautions i should take? [00:44] arooni-mobile__: make sure the linode console lets you request "reboots" or whatever it is you get to do there when things go wrong :) [00:58] my vps has the option for a reverse dns for all my ips. What is this used for? [00:59] for my ubuntu 12.04 server; is there a way to run updates on it automatically? or do i have to manually do upgrades for packages? im thinking specifically for security issues [01:00] arooni-mobile__: install the unattended-upgrades package [01:01] sarnold, so that will auto download security updates and install them? [01:01] dont need to do antyhing else? [01:01] https://help.ubuntu.com/community/AutomaticSecurityUpdates [01:02] arooni-mobile__: I believe it can also be easily configured to get other updates, not just security updates, if you wish [01:29] sarnold: i'll have to reread it later, but i didn't quite get your dnsmasq proposal [01:29] maybe it'll make sense to me next time :) [01:29] hallyn, darn, I was afraid of that. I _knew_ waving my hands about would have helped.. [01:30] sarnold: you talk about having containers put dnsmasq-libvirt into their resolv.conf. but the whole point (istm) is that dnsmasq doesn't want to do secondary dns servers [01:30] i.e. every dns server should be a primary [01:30] hallyn: but I _think_ glibc's resolver is more forgiving [01:30] so if we're giogn that route, then it seems tome wejust need to teach people to put server=/lxc/10.0.3.1 and the like into their dnsmasq.conf [01:30] interesting [01:31] that would explain why the other guy wasn't having a problem when dnsmasq-lxc is not in strict-order [01:31] hallyn: and since the bug you pointed out has ~25 people affected, it might even be worth writing a forwarder that behaves as we'd like it... [01:31] my argumetn was that dnsmasq should still half the time be failing - but maybe glibc is "magically" making it work [01:31] sarnold: there is a patch shipped with the dnsmasq source to do it [01:31] hallyn: oh? [01:31] :) [01:32] but nto applied [01:32] and in face there are two versions,a nd both are again out of date [01:32] hallyn: I'll have to admit, after I spent two weeks trying to backport a security fix through all five versions of dnsmasq that we support, I kinda of grew some serious distaste for it. heh. [01:32] but there's that bug which i think i quoted in your bug, which poses and does nto answer the fundamental question: do we want dnsmasq to behave that way or not [01:33] you and i, i think, agree it should [01:33] but kelley, the dnsmasq author,d oes not [01:33] (I even spent two hours tring to smack a powerdns recursor in front of the whole thing, but got stymied by the lack of .lxc and .libvirt TLDs to forward to, as appropriate..) [01:33] and thood wants to respect the author i iiuc [01:33] and I'm even reasonably certain kelley's got very good reasons. at least when I read them, they make sense. [01:33] stgraber had mentinoed some other rsolver he had considered, but dnsmasq was already in main [01:33] but the sum total of what we've got is a very frustrating experience. :( [01:34] sarnold: well i can sum it up like this: [01:34] we can solve this problem pretty easily using server=/domain/resolver in dnsmasq.conf, but [01:34] that does NOT solve it generically, whereas resolv.conf did [01:34] so in that sens this is a regression [01:34] I have a feeling that dnsmasq is trying to do too many things at once. It feels like dhcp+authoritative should be one part. and forwarding+caching shuold be another part. and maybe even outright recursive a third part. but having all of them in one big blob is just .. a lot. [01:35] well, you might be right, but i don't think that really needs to affect this :) this seems like just a question of teaste [01:35] taste [01:35] "all resolvers should be primary" vs "we should allow secondaries" [01:35] hey folks; recently upgraded my ubuntu 10.04 box to 12.04 ... now the SSH is FUBARd... i cant ssh in on my port. i'm logged in as rot; how can i fix? [01:36] yeah, that's just me redesigning the world to fit my preconcieved notions. :) But I _do_ think the problem might be more easily solved if we pretend it worked that way... [01:36] arooni-mobile__: is sshd running? did you have a custmo config? [01:36] sarnold: I think "allowing secondaries allows more general solutions" is compelling [01:36] hallyn: or, at least, I thought it'd be worth floating past thood and you.. [01:36] Any time that libvirt docs have to say "if you're running dnsmqsq, do this; if you're running optimus, do that" we lose [01:37] sarnold: but i still didn't grok what you were saying in the email :) [01:37] i'll reread in the morning though [01:37] hallyn, sshd appears to be running; and yes my config file is custom; just changed the port; really [01:37] heh, libvirt "fixed" it by putting the whole configuration in C source anyway. damn near impossible to modify. :( [01:37] sarnold: yeah, that's a pain [01:38] taht's why i only mentioned lxc in my server=/lxc/10.0.3.1 example :) [01:38] arooni-mobile__: have you checked the config file to make sure it hasn't been overwritten? [01:38] arooni-mobile__: does netstat -lntp show sshd listening? [01:38] hallyn: please do let me know if it makes more sense in the morning. just go to bed thinking "flat dns" rather than "chained dns" and see if that helps... :) [01:39] sarnold: ok :) [01:39] hallyn, checked config file already; not overritten [01:40] tcp6 0 0 :::22222 :::* LISTEN 2247/sshd ...its listening on the right port [01:40] arooni-mobile__: ipv6 okay? :) [01:41] ooh its because linode moved my IP address during the migration [01:41] o_O [01:41] and i was SSH'ing directly to the IP address [01:41] no wait [01:41] the IP address is the same [01:42] so im missing why i cant ssh from my box; i just checked to make sure my keys are in ~/username/.ssh/authorized_keys [01:42] they are [01:42] on the connecting computer debug says: "debug1: Connecting to 70.87.XX.XX [70.87.XX.XX] port 22222." === peter is now known as Guest93788 [01:42] dont' get past htat [01:43] arooni-mobile__: can netcat connect and collect a banner? [01:43] arooni-mobile__: (echo "" | netcat ip-address 22222) [01:44] netcat: getaddrinfo: Temporary failure in name resolution [01:44] ugh dns resolution again? [01:51] can someone help me getting DNS resolution fixed? i'm seeing "/etc/network/interfaces:11: misplaced option" on line: dns-nameservers 8.8.8.8 8.8.4.4 [01:51] sarnold, typical main channel. lol, no one answers. [01:52] GH0: sigh :) [01:53] i can probably find the files online.l and fix it that way. Or just k owibg what would replacw the foles [01:53] Oh dear god the misspellings [01:54] arooni-mobile__: I don't see it obviously.. can you pastebin the whole thing? [01:54] sarnold, one sec [01:55] sarnold, http://paste.ubuntu.com/5964666/ [01:55] sorry [01:55] thats from my desktop [01:56] one sec [01:56] arooni-mobile__: hrm, is that comma supposed to be there? I don't see commas in the resolvconf(8) manpage.. [01:56] https://gist.github.com/anonymous/6190558 [01:57] sarnold, the second one is actual file [01:57] arooni-mobile__: looks like you're missing an 'iface eth0' line [01:58] sarnold, what should it look like ? iface eth0 ... dhcp ? [01:58] i think ubuntu 12.04 overwrote whatever i had before that was working [01:59] GH0: try debsums -cs firefox [01:59] arooni-mobile__: try "inet eth0 inet dhcp" [02:00] sarnold, will do, hold on [02:01] sarnold, cool, getting a different error on networking restart "ifup: couldn't read interfaces file "/etc/network/interfaces" [02:01] " [02:01] arooni-mobile__: woo. :) I'd put that 'auto eth0' line up near the other 'auto' line. [02:02] sarnold, cool; now it restarts; but i'm still not getting dns resolution [02:02] sarnold, is it supposed to report anything back? [02:03] It seems to newline after pressing enter [02:03] GH0: that means there were no corrupted files in the package [02:03] GH0: so your firefox.desktop is just as it should be. [02:03] well, just as it was delivered. :) [02:04] arooni-mobile__: any nameserver lines in /etc/resolv.conf? [02:05] sarnold, nope nothing there [02:05] arooni-mobile__: do you have a /etc/resolvconf/update.d/libc file? [02:05] sarnold, dont know if it matters but lrwxrwxrwx 1 root root 31 May 16 2011 resolv.conf -> /etc/resolvconf/run/resolv.conf ... its a symlink [02:06] sarnold, -rwxr-xr-x 1 root root 5093 Jul 18 2012 libc ... [02:06] hrm, that should have written the new nameserver lines for you.. [02:06] should i try rebooting? [02:06] haha [02:07] only if the vps makes it easy to get back without working networking on the system :) hehe [02:07] my ubuntu never wants to talk to the outside world [02:19] fixed it sarnold ; thanks [02:20] htere was a bad symlink apparently in /etc/resolv.conf [02:22] arooni-mobile__: really? how odd. could you file a bug against resolvconf (ubuntu-bug resolvconf) and copy-and-paste some of your more enlightening commands and results? [02:22] arooni-mobile__: upgrades from 10.04 to 12.04 really ought to work :) [02:22] arooni-mobile__: thanks :) [02:35] sarnold, geez i wish i would have kept better track of what it linked to before [02:36] arooni-mobile__: this is what you pasted before.. lrwxrwxrwx 1 root root 31 May 16 2011 resolv.conf -> /etc/resolvconf/run/resolv.conf [02:36] oh good; cuz i straight up deleted that bad symlink [02:36] it wasnt pointing to anything [02:36] :) [02:37] I'm sorry I didn't recognize it at the time; I'm on 13.04, mostly, and I figured the path had changed from 12.04. :( [02:37] i should have noticed it as a bad symlink [02:37] i have color highligting on my terminal [02:38] ahhh i know [02:38] i was logged in as root [02:38] so i didnt have color highlighting [02:38] otherwise i would have noticed it was red [02:42] sarnold, correct me if im wrong but isnt this the same issue: https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/1000244 [02:42] Launchpad bug 1000244 in resolvconf "Symlink /etc/resolv.conf does not exist after installation or upgrade of resolvconf -- various causes" [Undecided,Confirmed] [02:45] arooni-mobile__: that looks like it. wow.. [02:46] https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/1000244/comments/66 [02:46] Launchpad bug 1000244 in resolvconf "Symlink /etc/resolv.conf does not exist after installation or upgrade of resolvconf -- various causes" [Undecided,Confirmed] [02:48] sarnold, i guess checking the bugs on a package when im having troubles with it is a good idea === virusuy is now known as tuviejaentanga [04:59] i have a problem switching luks passphrase authorization to key file for root fs on 13.04 https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/238163/comments/18 anyone? =) [04:59] Launchpad bug 238163 in cryptsetup "keyfile doesn't work in initramfs" [Undecided,New] === Smark[Gone] is now known as Smark === failmaster is now known as failmaster_faile === failmaster_faile is now known as failmasterfailed === failmasterfailed is now known as unfailedagain [06:34] Hi. Is there a way for me to block access to a particular domain from my machine? [06:34] This is for my Ubuntu desktop. I was suggested to ask here when I asked the same in #ubuntu [06:36] Would adding an entry like ALL : my.domain.com to /etc/hosts.deny be the right approach? [06:36] cheap-and-kinda-busted is to put 127.0.0.1 domainname.com into your /etc/hosts file. That will only screw up domain resolution for the specific hostnames you list: it won't kill the whole domain, and if someone resolves the IPs elsewhere, they'll be able to use the IPs to connect... [06:36] I tried that but I can still access that my.domain.com via telnet [06:37] you'd need to add in my.domain.com as well... it can get exhausting :) [06:37] It's just one domian.. so its ok. [06:37] if the domain is entirely hosted in one netblock, you could use iptables to block access to the network. that'll be far more reliable, right up until they change their IPs. [06:37] Furthermore this is not from a security standpoint. I just want to block access to that domain temporarily. [06:40] i have a problem switching luks passphrase authorization to key file for root fs on 13.04 https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/238163/comments/18 anyone? =) [06:40] Launchpad bug 238163 in cryptsetup "keyfile doesn't work in initramfs" [Undecided,New] [06:46] unfailedagain: http://paste.ubuntu.com/5965290/ [06:46] sarnold, it works without one for sdb1 [06:46] unfailedagain: does that KEYSCRIPT look familiar? [06:47] unfailedagain: sdb1 isn't going to be used for root [06:47] sarnold, so what's the difference, it's being mounted during boot [06:47] unfailedagain: the difference is I found that string in this file in the source package: debian/initramfs/cryptroot-hook [06:47] as well as / was on 12.04 without keyscript= [06:47] unfailedagain: .. perhaps that hook doesn't care about the other targets? [06:48] i knwo about this hook, i even was able to find out the moment where it was suggested [06:49] but if i was that good enough - i would already fix it [06:51] sarnold, hm, the strange thing is that i somehow thought it should be grepable under /etc/ and appears there is none [06:51] unfailedagain: check /usr/share/initramfs-tools/hooks/ ? [06:52] sorry, my bad [06:53] good luck :) bed time here [06:53] sarnold, many thanks! [06:53] i'll investigate around hooks [06:53] unfailedagain: if you find it, let me know, I'm curious what it ought to be.. [06:53] definitely i will [06:53] :) thanks === smb` is now known as smb [07:36] looking at cryptroot hook i really don't get it, how that thing "# If keyscript is set, the "key" is just an argument to the script" is related popping-up a warning [07:36] most probably because i'm too noob === unfailedagain is now known as srsly === srsly is now known as wtffailor === wtffailor is now known as rtfmdude [08:15] is it necessary to have a keyscript option in order to use luks authorization based on a key file for drive with mount point on / (root fs)? [08:16] jdstrand, any security updates in the pipe for openstack? putting together a new SRU batch [08:44] does ubuntu use vixie cron? I noticed crontab(5) says Vixie. [08:44] not anacron then [08:45] just wondering because I have a problem with a crontab file on two ubuntu 12.04 servers, but none of my debian servers (anacron). I always use /etc/cron.d and very basic format MAILTO=me PATH=/to/script 0 4 * * * root script.sh [08:45] and it never runs [08:45] but manually it works [08:45] manually the script works [08:47] and cron.allow does not exist [08:59] is it necessary to have a keyscript option in order to use luks authorization based on a key file for drive with mount point on / (root fs)? [09:03] adam_g, zul, Daviey, smoser: just flushed everything in havana proposed CA through to updates. [09:04] jamespage, nice [09:04] adam_g, there are a few deps that need a resync - I'll look at those later today [09:04] jamespage, non-neutron havana is deploying and testing good [09:04] adam_g, also looking to push in a rc for the next ceph LTS later as well [09:04] adam_g, yeah - I guess we need todo the charm work to deal with that upgrade now [09:04] jamespage, we need to have the quantum + nova charms be naming aware [09:05] lol - snap [09:05] anyway - back later [09:05] ttfn [09:05] jamespage, i think we can handle it easy enough in the new py redux, but maybe we can just temporarily fix in the qa charm branches [09:24] is it necessary to have a keyscript option in order to use luks authorization based on a key file for drive with mount point on / (root fs)? === DenBeiren is now known as zz_DenBeiren === zz_DenBeiren is now known as DenBeiren === jibel_ is now known as jibel [10:34] How much memory will ubuntu server on average for a default setup? [10:35] .5G or so, is my guesstimate. of course, then you want memory for your services too. [10:36] I'm gettin 125MB [10:39] anyone know what sendmail: MTA: is for? [10:45] apw: ping [10:47] freze: mail transfer agent. That isn't on a default install, though. [10:51] do I need it? [10:52] it came with my vps ubuntu image [10:52] along with apache which I delted [11:04] freze: You might not need (or even want) sendmail specifically, but you probably want some kind of local MTA so that the server can send mail. If nothing else you might want your server to be able to send cron mail and stuff. [11:05] freze: Oh, and for extra fun, there is a bit confusion regarding the sendmail name. In addition to it being the name of mail server, it is also the name of a system binary, which also other mail servers use, for compability reasons. [11:08] Thanks andol. I guess my VPS by default included additional packages in the iso image. [11:09] freze: The default MTA for Ubuntu is Postfix, which (as hinted earlier) do provide a /usr/sbin/sendmail binary. === DenBeiren is now known as zz_DenBeiren [12:07] anyone here using fail2ban? [12:08] I'm following this guide: http://felipeferreira.net/?p=47. However I do not see a [ssh-iptables] block in my config file. [12:13] hi, i'm running 12.04 server (upgraded from 10.04 server), and i've run into some dependency issues while installing samba that i am unable to resolve. apt output: http://pastebin.com/PHbAQ8wL, sources.list: http://pastebin.com/zdTbEJbq [12:13] samba had been installed before the dist-upgrade, but seems to have been removed in the process (i assume - it's been a while, i can't remember) [12:15] ciss: please pastebin the output of "apt-cache policy samba". [12:17] rbasak: http://pastebin.com/MJyLS6qz [12:18] ciss: looks like you're trying to install a different samba from the one in the archive. [12:18] ciss: the 9v-shaun-42 ppa that you have enabled there. === dosaboy_ is now known as dosaboy [12:21] rbasak: ah, i remember now. thanks a lot, now i have something to work with :) [12:21] adam_g: yes, a whole slew of them just came through [12:21] adam_g: they should be pushed out next week === zz_DenBeiren is now known as DenBeiren [12:22] jdstrand, affecting which packages? i guess i can just move forward and rebase as necessary === DenBeiren is now known as zz_DenBeiren [12:35] apw: ping? [12:37] adam_g: please give me a few minutes [12:40] adam_g: looks like python-glanceclient, swift, cinder, nova, keystone and python-keystoneclient [12:40] hallyn, sarnold: uploaded lxc to saucy-proposed with hardening-wrapper enabled, so that should be all for that MIR. [12:40] sarnold: if you could confirm that you're fine with that change, I'll seed lxc and promote it [12:41] adam_g: actually, keystone may not be on the list-- I need to deep dive into the python-keystoneclient one [12:44] stgraber: scary [12:47] stgraber: did you rip the mkifname source from mktemp in libc by chance? or whip it up from scratch? [12:48] hallyn: mostly from scratch [12:49] hallyn: it was intiially roughly based on bionic's mktemp implementation but I don't think I really kept much as they were using some random number generation function that didn't exist in eglibc [12:49] (and extracting the equivalent function from eglibc was too painful thanks to all their generated code...) [12:50] however I did run a bunch of tests to confirm it does the right thing when getting a name conflict and that it's not racy (won't return the same thing twice, no matter how fast it runs), also ran it under valgrind to make sure I didn't forget to free anything [12:51] i've gotta go over a 20M of valgrind data at some point :( [12:52] hehe, it's much easier to deal with when adding single self contained functions than running against something like lxc-start ;) [12:52] stgraber: but how cna there not be a memory leak? [12:53] you strdup name ina loop but dno't free it [12:53] that i can see [12:53] i must be missing something (/me keeps looking) [12:57] hallyn: oh, yeah, I probably should free it when I don't break out of the loop [12:57] surprisedh valgrind didn't spot that [12:58] well, I'd have to go through that specific code path which I guess wasn't the case when run under valgrind [12:59] if the first name it comes up with doesn't already exist, then it's fine [12:59] it's only if it already exists and it needs to generate another one that the leak happens [12:59] stgraber: one more: [12:59] hallyn: http://paste.ubuntu.com/5966322/ [12:59] i think you need to do padchar[random() % (strlen(padchar)-1)] [13:00] though really that number should probably be set with a #define :) [13:00] stgraber: lastly, really should check that strdup() didn't return null [13:02] stgraber: say, is it safe to install dnsmasq on a running precise server, or will precise hit some snafus and i'll lose network? [13:02] (istr it was phased in at or right after precise, so i worry) [13:03] hallyn: I "think" we backported all the needed bits [13:03] hallyn: http://paste.ubuntu.com/5966334/ ? [13:03] heh, i\'d only want it to do the server=/lxc/10.0.3.1, maybe i shouldn't risk it [13:04] stgraber: +1, you can just add my Acked-by too then [13:04] hallyn: ok, thanks [13:04] no no, thank you :) [13:06] erm, i just dist-upgraded and apache 2.4 just broke everything :) [13:06] is there a way to get back? [13:11] smoser: thanks, i agree i didn't like the clone() name there :) reviewing, will push to staging soon. [13:12] neat, thanks. [13:12] (in general we prefer patchsets sent to lxc-devel rather than pushed though github, but this is specific to lxc-ubuntu-cloud, which noone will comment on anyway :) [13:12] ah. [13:12] do you want me to squash it? [13:12] to one commit [13:14] nah [13:14] i've already pulled it, just looking over the commits now [13:16] smoser: i also wonder if these commits fix any of the open bugs against lxc-ubuntu-cloud [13:17] smoser: oh, but you didn't sign off on your commits [13:18] smoser: so if you dno't mind signing them off - squash them or not - then i'll sign-off and push [13:18] i can do that. [13:18] thanks [13:28] hallyn, [13:28] ok. so i push --forced over [13:28] https://github.com/smoser/lxc/tree/uc-clone-hook [13:29] ok, and the pull request figured that out [13:34] if a package install fails due to an exception during interactive configuration (and thus the package is in a broken state), how can i force another configuration dialog when reinstalling? (right now it seems to always use the last provided inputs) [13:34] smoser: how weird, git pull acted differently this time (asking for a merge msg). oh - i see [13:35] jamespage :https://code.launchpad.net/~yolanda.robla/charms/precise/jenkins/fix_nogroup/+merge/179434 === zz_DenBeiren is now known as DenBeiren [13:36] smoser: pushed [13:36] thanks [13:38] hallyn, awesome. thank you. [13:39] wtf - containers don't have 'ed' by default? [13:42] hallyn: we've got vim, why would you want ed? ;) [13:42] alex88: in what way did it break everything? [13:44] stgraber: so i can edit a file while keeping the compiler errors on teh screen :) [13:44] stgraber: woohoo, i'm creating N, and no more than N, veths as unpriv user. re-integrating into lxc will be uglier than i'd like though [13:44] hallyn: ah, I just background vim in such cases ;) [13:44] hallyn: nice! [13:45] might just post the standalone toy i'm testing with for comment first [13:45] cause boy does this have the potential for disaster :) === DenBeiren is now known as zz_DenBeiren [13:46] rbasak: new modules, changed configuration [13:47] I'm currently running proftpd on 10.04, but I'm concerned about passwords being passed in clear text... has anyone set up sftp for proftpd and/or have any recommendations for me? [13:47] alex88: please can you be more specific? Apache 2.2 -> 2.4 is a major change so it's expected that if you have a custom setup you will need to update it. So I'd like to understand whether your breakage is reasonable for the package, or if there are bugs that need to be fixed. [13:48] rbasak: well first it doesn't support dav svn [13:49] alex88: which package is that, please? [13:49] libapache2-svn [13:49] and for some reason, it was installed but still apache2 and related upgraded to 2.4 breaking it [13:49] hallyn: connecting to mysql with today's precise images return "ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)" [13:50] with lamp server installations [13:50] psivaa: from -proposed? [13:50] psivaa: bug 1121874 - SRU verification failure. [13:50] Launchpad bug 1121874 in mysql-5.5 "MySQL launch fails silently if < 4MB of disk space is available" [Medium,Fix committed] https://launchpad.net/bugs/1121874 === lborda is now known as lborda_afk [13:53] alex88: looks like the problem is that subversion doesn't support apache 2.4 yet. [13:53] yeah [13:53] but shouldn't it block apache upgrade? [13:53] rbasak: i dont think it's from proposed, the versions are of 5.5.32-0ubuntu0.12.04.2 [13:53] alex88: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712004 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666794 [13:53] Debian bug 712004 in libapache2-svn "/usr/lib/apache2/modules/mod_dav_svn.so: undefined symbol: ap_log_perror_" [Grave,Fixed] [13:53] rbasak: uh ok thanks! [13:53] bkfitz: what information are you looking for ? [13:53] alex88: the solution was to disable the subversion module in Debian for now, so as not to block apache moving to 2.4 [13:54] rbasak: those pkgs are in main [13:55] rbasak: ok thanks for the info, btw I've now installed first libapache2-svn to it installed 2.2 [13:56] iknonia: well... I guess advise on using proftpd's sftp module vs openssh [13:57] iknonia: and/or suggestions for allowing my dev to upload content to my wwwroot folder securely [13:57] psivaa: 5.5.32-0ubuntu0.12.04.2 was from -proposed, though it's been deleted now. AIUI, it's never been in -updates. [13:57] !tab | bkfitz [13:57] bkfitz: You can use your key for autocompletion of nicknames in IRC, as well as for completion of filenames and programs on the command line. [13:58] Pici, yeah... knew it just wasn't thinking [14:00] rbasak: ack, thanks [14:05] ikonia, any advise? [14:05] bkfitz: what's wrong with just connecting to sshd via sftp ? [14:06] bkfitz: I'm assuming you've got ssh running, so any reason not to use it ? [14:32] hallyn: debugged and fixed the autopkgtest failure which prevented the past 3 lxc uploads from reaching the archive (it was adt-run messing with TMPDIR and confusing debootstrap, adding an unset TMPDIR did the trick) [14:32] and now all fixed? [14:32] I got a succesful run on my laptop and just uploaded to the archive, so hopefully Jenkins will succeed too [14:33] rbasak: d'oh, sorry for breaking apache2 [14:33] mdeslaur: np, it wasn't you. [14:35] ikonia, i do have ssh (openssh) running, but i need sftp to be run over port 21 [14:35] bkfitz: ok, then setup an sftp server [14:35] I noticed the problem weeks ago, but wanted to write a dep8 test. Which involved writing adt-virt-lxc so that I could test my test. Took a while :) [14:36] ikonia, proftpd with modsftp suggested? [14:36] ikonia, or vsftpd [14:37] up to you [14:37] they all do the same thing really [14:38] hallyn, suck. [14:38] can you pull tip of my staging [14:38] https://github.com/smoser/lxc/commit/5215d38b121076bf23960c87047c75047ea96a3b [14:38] hold on. you want signed off by [14:39] https://github.com/smoser/lxc/commit/384dc9c011422ab6ebc424d5f5571ee561104ce6 [14:43] ikonia, so will running proftpd with modsftp conflict with my openssh service? [14:44] ikonia, i'd like to run ssh on 22 and sftp on 21 [14:45] bkfitz: why would it conflict with open ssh ? [14:45] bkfitz: I assume you know that regular ssh usually also handles sftp? But no, running a separate sftp on port 21 wuldn't conflict, even it it might possibly confure. [14:47] *confuse [14:48] andol, yeah... but i need ssh to run on 22 and sftp to run on 21... so i'm assuming i need two daemons [14:48] openssh -> ssh -> 22 [14:48] proftpd or some other sftp server -> sftp -> 21 [14:48] they are two seperate services [14:49] openssh is nthing to do with proftp/vsftpd etc etc [14:49] why do you need it running on port 21 thought ? [14:50] hallyn: damn, lxc no longer builds on Android... I really need to add that to my build server so we catch those earlier. [14:50] ikonia, because my devs are inside our lan which doesn't allow port 22 traffic outside... only 21 [14:51] i use my mifi to get out on 22 [14:51] ikonia, don't ask why the policy is to close 22 [14:51] just run an sftp server then, nice and simple [14:51] ikonia, yeah... just doing some reading on that now... thx [14:52] stgraber: is that bc of an alloca or somesuch that i threw in? [14:53] hallyn: nope, utils.h the __NR_* defines don't include the values for arm [14:53] smoser: trying to figure out how to get that with a git cmomand (git fetch isn't doing it). maybe i'll just hand-apply :) [14:54] oh there we go [14:55] smoser: ok, pushed [14:57] * hallyn biab [15:03] stgraber: nah i guess i'll pull the lxc-user-nic into lxc before i post it, which only means i need to think about how to port the tests. bbl [15:03] hopefully will post something tonight [15:23] Daviey, smoser, et al: Is this where cloud-image contents are defined? http://bazaar.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/ubuntu.saucy/files/ (wihin cloud-image). Is this where the default contents of a cloud-image are set? === medberry_ is now known as med_ === marcoceppi is now known as marcoceppi|away === nate-finch is now known as natefinch [15:42] is it necessary to have a keyscript option in order to use luks authorization based on a key file for drive with mount point on / (root fs)? [15:43] rtfmdude: that, or modify the initramfs scripts that do so. [15:43] rtfmdude: you may notice in the scripts that plymouth is prefered over keyscript, you may want to revert it locally. [15:43] xnox, is it defined somewhere across references? [15:44] because is that case i see the reason to file a bug report =) [15:44] rtfmdude: what do you mean "across references"? Sorry, i don't understand. [15:44] xnox, man pages? [15:44] e.g. [15:46] rtfmdude: i have no idea. I'm telling you what's in the code. [15:47] xnox, many thanks, mate! [15:49] but honestly i don't get it, why it works for non-root devices and can't work for / [15:49] and why it was working for all drives presented into system in 12.04 for me [15:53] Hi guys I just setup a webserver to host sites using niginx on an ubuntu server in a VPS. what are the most important things that I should be aware of when running a server/what do you wish you knew when running your webserver [15:55] freze, basically until you really care looking through logs from time to time, it's already more than many others do lol [15:57] on my ubuntu box: apt-get upgrade gave this error: Errors were encountered while processing: /var/cache/apt/archives/nginx_1.4.2-1~lucid_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1) [15:57] any ideas how to fix this? [15:58] rtfmdude: yeah. what about security? I have secured ssh and installed fail2ban [15:58] anything else I should look at? [15:59] i usually start removing login shells against users that don't need it, tuning things to keep only established connections, setting ssh auth over key files, setting up portsentry sometimes, if it's vds - ksplice, fail2ban too maybe, but consider also moving ssh default port somewhere else [15:59] freze, but not everyone finds it necessary [15:59] soz for my english btw [16:02] ssh auth over key files? what do you mean? Alsoo what is a VDS? virtual disk? [16:03] my bad, sorry for messing up with words, was meaning certificates, vds again oh gosh... i'd better shut up dedicated server lol [16:03] no, i definitely should talk less [16:03] lol [16:10] hallyn: wow, that's quite a few changes needed to get lxc to build with bionic again... [16:19] anyway to repair bootmanager grub was on 3.2 kernel i update to 3.5 never came back online via ssh. So in ovh set it to kernel network rescue that booted fine...But now I'm stuck on this kernel i was trying to go back to 3.2 but still wouldn't work i even changed the /boot/grub/grub.cfg to the 3.2 kernel [16:27] stgraber: do you have a diff up i can look at, or are you comfortable with it? [16:28] sarnold, i got rid of warning changing the order of devices in crypttab, which is total bs [16:29]