/srv/irclogs.ubuntu.com/2013/12/06/#ubuntu-devel.txt

sveinse	Is there a (dpkg/dh_*) tool for listing a debian/control file's dependencies for a specific architecture? (The control file at hand contains [arch] and '\|' conditions, and I'd rather avoid having to make my own parser if I can)	00:03
geofft	sveinse: Deps, or build-deps? (Deps generally also involve ${misc:Depends} etc. which isn't really knowable without doing the build)	00:05
geofft	For build-deps, /usr/lib/pbuilder/pbuilder-satisfydepends in some form might be useful	00:06
sveinse	geofft: Deps. If I can get a list where ${misc:Depends} is one of them, I would be happy. It's the arch specific constraints I need to filter out	00:09
sveinse	geofft: OOI and slightly OT, what is ${misc:Depends} replaced by normally? I always use it, but I've never asked why	00:10
sveinse	well, for the latter, Google is a friend, so forget it	00:12
geofft	also grep misc:Depends /usr/bin/dh_* :)	00:12
geofft	hm, looks like last time I wanted this, I used the Dpkg::Deps perl module, which gives me a deps_parse function	00:13
geofft	http://web.mit.edu/geofft/debathena/dh-ifexists/dh_ifexists	00:14
geofft	(note that that command is a slightly terrible idea, I'm only posting it as sample code)	00:14
sveinse	Do I understand things correctly that dh_* never actually parses Deps, only put it into the pkg's control file? So a dep of "pkg1[armel] \| pkg2[armhf] \| pkg3" is never actually parsed by dh_*	00:15
sveinse	hmm. Seems like a custom parser is unavoidable :(	00:18
infinity	sveinse: That has nothing to do with debhelper at all, it's dpkg-gencontrol. But if what you want to say is "if I'm on armel, I want pkg1, if I'm on armhf, I want pkg2, else I want pkg3", you want "pkg1 [armel], pkg2 [armhf], pkg3 [!armel !armhf]" and dpkg-gencontrol filters the right ones for the right arch builds.	00:19
sveinse	infinity: Ah, so you can put more than one constraint (e.g. [!armel !armhf]). I was looking for that in the policy manual, but could not find any about that	00:20
=== freeflying_away is now known as freeflying
=== _salem is now known as salem_
=== salem_ is now known as _salem
=== GridCube_ is now known as GridCube
psusi	xnox, just saw your comment about installing grub on fakeraid arrays.. it will need some work to keep that going with the mdadm transition... looking for that thread I started on it a while back now	02:13
=== saurik_ is now known as saurik
=== shuduo_afk is now known as shuduo
pitti	Good morning	05:35
pitti	infinity: can I talk you into accepting the SRUs for bug 1257211? (fairly mechanical; all upstream/distro tested, no packaging changes, has MRE); it's a relatively important data loss fix this time	05:36
ubottu	bug 1257211 in postgresql-9.1 (Ubuntu Saucy) "New upstream microreleases 9.1.11, 8.4.19" [High,In progress] https://launchpad.net/bugs/1257211	05:36
infinity	pitti: Let me have a quick look.	05:42
infinity	pitti: 6 of them? Okay, a slightly less quick look.	05:43
pitti	infinity: yeah, I'm afraid so :/ they all look the same though	05:43
infinity	pitti: The 0 changes to debian/* is comforting. Do the orig tarballs come directly from upstream, or get repacked in annoying ways?	05:46
pitti	infinity: nope, straight from upstream	05:47
pitti	shared between upstream, debian, ubuntu, and apt.postgresql.org	05:47
infinity	Oh, heh, found one with a change to debian. :)	05:47
infinity	(Just the update-maintainer flip)	05:48
pitti	ah yes, first SRU to saucy	05:48
infinity	Indeed.	05:48
infinity	So, I think I'll just verify hashes on the upstream tarballs and call it good enough, due to the MRE.	05:48
pitti	dpkg-buildpackage would otherwise barf at me, so update-maintainer is less annoying than always rebuilding with DEBEMAIL=	05:48
infinity	pitti: Yeah, I always listen to dpkg-buildpackage about that too.	05:48
infinity	pitti: Which is good, since that was the point of the policy. :P	05:49
infinity	pitti: Right, those all match, thanks for making my life easy.	05:52
pitti	infinity: fortunately the days when we had an upstream tar.bz wrapped in a custom debian orig.tar.gz are over with hardy being EOL	05:53
infinity	pitti: Yeah. I maintain packages that need to dfsg cleansing business, so it's nice to run into ones that don't. :P	05:54
infinity	s/to/the/	05:54
pitti	infinity: yeah, it's really quite mechanical, but always better to have four eyes on it (and cross-check that I put in the right bug number, etc.)	05:54
pitti	of course I did not (no, no!) rebuild the sources ever because I accidentally put in the one for the previous SRU cough	05:54
infinity	;)	05:55
infinity	pitti: I assume we're moving to 9.2 for trusty?	05:56
pitti	infinity: 9.3	05:56
infinity	Ooo, or that. Shiny.	05:56
pitti	infinity: I have it on my list to weed out the remaining 9.1 rdeps, and reduce p-9.1 to -plperl	05:56
pitti	we need that for upgrades due to libperl non-coinstallability	05:56
pitti	(similar to what I do in unstable for wheezy)	05:56
infinity	It never ceases to amaze me that people implementing a decades-old spec keep finding new ways to add features and pump out new versions.	05:56
lifeless	infinity: postgresql?	05:57
lifeless	infinity: or perl?	05:57
infinity	lifeless: psql.	05:57
lifeless	infinity: I think they could be there another few decades; sql was a very theoretical spec, so there's huge sets of optimisations folk are only just touching on	05:58
infinity	(That wonderment is a bit ironic, given that my largest upstream involvement is in a project implementing POSIX/SUS C)	05:58
infinity	pitti: Alright, I think that's all of 'em.	06:00
pitti	infinity: cheers	06:00
pitti	I'll treat them with my p-common test torture for verification once they are built/published	06:01
=== jono is now known as Guest52213
tjaalton	is there a way to add an apport hook for a project?	06:29
tjaalton	aiui it's possible to file bugs against source/binary packages	06:29
tjaalton	but dunno if the same is true for projects	06:29
lifeless	pretty sure you can	06:29
tjaalton	mainly for attaching bug logs	06:29
pitti	tjaalton: you can add an apport hook to a package which makes bugs go to the project	06:30
pitti	(common for e. g. PPA packages)	06:30
tjaalton	pitti: how about private projects then?	06:30
pitti	tjaalton: the hook can also check easily if the package is from ubuntu or not	06:30
pitti	tjaalton: if you put it into a PPA which only people can access that can also file bugs to that private project, sure	06:31
tjaalton	ahh, yeah that works then	06:31
tjaalton	tammy: ^ :)	06:31
tjaalton	pitti: thanks	06:31
dholbach	good morning	07:33
jibel	barry, pitti I fixed adt notifications. LP credentials had not been migrated from previous server. It is now saved in a non-default launchpadlib_dir that will make migration easier just in case this service had to move again.	08:23
=== funkyHat_ is now known as funkyHat
=== EntropyWorks_ is now known as EntropyWorks
=== czchen_ is now known as czchen
=== warp10_ is now known as warp10
=== mvo_ is now known as mvo
=== pitti_ is now known as pitti
pitti	sarnold, roaksoax: is maas heavily dependent on the psql version 9.1? (I just filed bug 1258442)	08:49
ubottu	bug 1258442 in maas (Ubuntu) "Move to postgresql-9.3" [Undecided,New] https://launchpad.net/bugs/1258442	08:49
pitti	if it isn't very version sensitive, then I'd recommend the versionless metapackage as an alternative; if you'd rather only allow explicitly tested psql versions, then just "-9.3" will do for now (but prevent usage with newer psqls)	08:50
=== mthaddon` is now known as mthaddon
=== ochosi_ is now known as ochsoi
=== ochsoi is now known as ochosi
=== cjwatson_ is now known as cjwatson
=== yofel_ is now known as yofel
=== wedgwood is now known as Guest45906
tseliot	pitti: is even suggesting a package from universe prohibited for packages in main?	10:40
pitti	tseliot: no, that's fine; suggests aren't installed by default	10:40
tseliot	pitti: so that could work for bug #1255583, couldn't it?	10:41
ubottu	bug 1255583 in bbswitch (Ubuntu) " [MIR] Main inclusion request for bbswitch" [Medium,Incomplete] https://launchpad.net/bugs/1255583	10:41
pitti	tseliot: well, not really; we really want such stuff to use dkms, not m-a	10:42
tseliot	ok, I'll tell the maintainer	10:42
=== DzAirmaX_ is now known as DzAirmaX
=== shuduo is now known as shuduo_afk
Riddell	pitti, ev: apport is off for releases right? which makes whoopsie off too?	11:33
ev	Riddell: no	11:33
Riddell	ev: no to which?	11:33
ev	apport doesn't report to Launchpad post-release	11:33
ev	but it still reports to daisy.ubuntu.com (via whoopsie)	11:33
Riddell	ev: ah hah	11:33
ev	sorry for the terseness there	11:33
pitti	Riddell: more precisely, we stop sending crash reports to LP post-release; "ubuntu-bug" (i. e. no-crash manual bug reports) still works	11:34
pitti	Riddell: I was talking to apachelogger about apport/KDE yesterday, did you see this in scrollback? (to avoid duplicate work/discussions)	11:35
Riddell	pitti: I'm working with him now, seems apport has been broken in kubuntu for the last couple of releases and we didn't notice (because it's not used for kde apps)	11:35
=== _salem is now known as salem_
rbasak	@pilot in	11:47
=== udevbot changed the topic of #ubuntu-devel to: Ubuntu 13.10 released! \| Archive: open \| Devel of Ubuntu (not support or app devel) \| build failures -> http://qa.ubuntuwire.com/ftbfs/ \| #ubuntu for support and discussion of lucid -> saucy \| #ubuntu-app-devel for app development on Ubuntu http://wiki.ubuntu.com/UbuntuDevelopment \| See #ubuntu-bugs for http://bit.ly/lv8soi \| Patch Pilots: rbasak
* dholbach hugs rbasak		11:51
rbasak	o/	11:51
=== ivoks_ is now known as ivoks
mpt	mvo, hi, what’s the simplest way you can think of to produce a package that Synaptic will label as “Broken”? :-)	12:00
mpt	(e.g. by messing with an existing package)	12:03
seb128	mpt, you can probably dpkg -r a depends of an installed package	12:06
seb128	mpt, e.g sudo dpkg -r --force-depends evince-common	12:07
mvo	mpt: indeed, what seb128 said - sudo apt-get install 4g8; sudo dpkg -r --force-depends libnet1	12:07
seb128	that should make evince unhappy	12:07
* mvo hugs seb128		12:08
mpt	I think I’ll try with 4g8 rather than my favorite PDF viewer 3-)	12:08
mvo	mpt: why do you care about synaptic?	12:08
mpt	thanks	12:08
* seb128 hugs mvo back ;-)		12:08
mpt	mvo, just folloing up on an old bug report	12:10
rbasak	Will arm64 build failures block proposed migration for unseeded packages? I'm wondering if I can upload a merge that has never worked on arm64 without fixing it.	12:43
Laney	rbasak: They will, but only if it has built there before (same as for all architectures: https://wiki.ubuntu.com/ProposedMigration point 1.)	12:46
xnox	rbasak: "it must not regress" in architecture list where it does succeed to be built/installable.	12:53
rbasak	Laney, xnox: aha. Thank you!	12:54
barry	jibel: cool, thanks	14:02
smoser	is there any options to apt to get it to log timestamps during apt-get dist-upgrade ?	14:07
smoser	i'd like to time an apt-get dist-upgrade and have some info on where the time goes	14:08
hloeung	smoser: does running it using annotate-output help?	14:09
smoser	hloeung, i was unaware of that program. i hacked something similar just now.	14:10
smoser	thanks.	14:10
smoser	i think log data from apt would probably be more correct. but this might suffice.	14:11
psusi	xnox: ddf and imsm aren't quite the same... iirc, there was a check in the grub-install script to see if you were trying to install to a /dev/mapper device that was managed by dmraid, aand allow it to procee, and the grub device iterator code assigned a grub device to the array assuming it was bios accessible	14:30
xnox	psusi: can you give me pointers in grub code?	14:33
psusi	xnox: iirc, it was in a file named deviter.c	14:45
psusi	xnox: and of course, the grub-install script	14:45
psusi	xnox: I had a discussion on the mailing lists back in 2010 and I wanted a way to ask mdadm what kind of raid it is and if it is recognizable to the bios... not sure if it was ever added to mdadm	14:47
xnox	psusi: there is now, --detail-platform or somesuch, which will print / notify if there are bios recognisable raid devices (that is ddf/ISW controllers that are recognised on boot)	14:48
xnox	psusi: subsequently one can start that controller as "container" and see which raid arrays are defined within it, and thus confirm that those raid arrays will be available on boot.	14:49
psusi	xnox: the idea is that if you run grub-install /dev/md0 and mdadm says it's a bios recognizable array, then go ahead with installing, and assume it's (hd0) or some other number	14:53
psusi	ohh, and there was some logic somewhere to figure out whether grub needs the raid module.. it doesn't if it's a fakeraid	14:54
psusi	that was based on where /boot is.. if /boot is on a software raid, it needs the raid module, fakeraid, it doesn't...	14:55
xnox	psusi: i've tried grubinstall patch from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699434 but it didn't work for me on an ISW/RAID0	14:55
ubottu	Debian bug 699434 in grub-installer "grub-installer: support for Intel Matrix Raid" [Normal,Open]	14:55
xnox	psusi: i see. that patch added a dummy echo "(md/0)$md_bootdev" >> $ROOT/boot/grub/device.map	14:56
xnox	which imho is fragile, given that i can have multiple raid devices regornised on boot.	14:56
psusi	things are a bit muddied by the fact that Ubuntu is still carrying patches to auto assign grub devices and not use device.map	14:57
xnox	(e.g. one for windows and one for debian/ubuntu)	14:57
cjwatson	device.map is deprecated, please don't add new stuff relying on it	14:57
cjwatson	psusi: that statement is exactly the opposite of reality ...	14:57
psusi	it is?	14:57
xnox	cjwatson: right. what should be used instead of device.map? and how can i make it recognise "fakeraid ISW and DDF" properly?	14:57
cjwatson	psusi: upstream removed grub-mkdevicemap altogether; Ubuntu is carrying patches to put it back because we needed it for some packaging-level code	14:57
xnox	(or verify that it does / doesn't)	14:58
pkern	Hey. Ubuntu Trusty uses :powerpc specifiers in dependency fields. Is there a spec for that? (Allowing cross-arch deps.)	14:58
psusi	I thuoght last time I asked about why I couldn't find deviter.c upstream you said it was ubuntu specific?	14:58
cjwatson	psusi: the use of device.map is deprecated	14:58
xnox	pkern: :arch are not allowed, where is that? one is allowed to use :any in the Depends:	14:58
cjwatson	psusi: indeed, but its purpose is not as you describe. the purpose of deviceiter.c is to help generate device.map - i.e. it's part of grub-mkdevicemap	14:58
xnox	pkern: and :any is allowed in Debian as well.	14:58
pkern	That's not my question.	14:58
psusi	cjwatson: I thought it was also used to generate the temporary in memory map so that grub-install could figure out what device is what	14:59
cjwatson	psusi: no	14:59
pkern	xnox: crossbuild-essential-powerpc	14:59
pkern	Depends: libc6-dev:powerpc	14:59
psusi	then how does grub-install decide what grub device to reference?	14:59
psusi	I could have sworn that was from deviceiter.c assigning an (hdX) to each disk and an (mdX) to each raid array, etc...	15:00
cjwatson	xnox,psusi: ok, so. there are two cases. for the userspace tools, mostly all we need to be able to do is check whether two devices are the same. for that, it's sufficient to just have an arbitrary sequence that's stable within the run of a given tool.	15:00
xnox	pkern: right, that package is a bit special (no wonder it gets stuck in britney proposed migration). The spec is https://wiki.ubuntu.com/MultiarchSpec but at the moment officially supported/endorsed suffixes are ":any" in Depends: in both ubuntu & debian.	15:00
pkern	xnox: We're parsing dependencies and our mirroring of trusty is stuck, too.	15:01
pkern	It makes sense to me but if you didn't intend to allow it...	15:01
xnox	pkern: the fact that :$arch works is nice, but it relies on one adding foreign-arch and have archives available for it.	15:01
pkern	Doesn't it "just work" if you have ppc in your cache?	15:01
pkern	Yeah, I know that.	15:01
cjwatson	xnox,psusi: the other case is for generating config files (i.e. things that will be used at boot time). for that, we actually don't care whether we know what the GRUB device names are; we generate some in a best effort kind of way, but what we actually depend on in reality is "search --fs-uuid".	15:01
psusi	cjwatson: right... and deviceiter.c generates that arbitrary sequence... but without that, then there would be no (hd0) unless you have a device.map wouldn't there?	15:02
pkern	People didn't like that for the qemu case.	15:02
xnox	pkern: well, we rely on it to enable cross-compilation with multiarch enabled.	15:02
cjwatson	psusi: that's not true, the grub userspace tools will synthesise an arbitrary sequence if you don't have a device.map	15:02
cjwatson	psusi: and in practice this will all be fine	15:02
xnox	pkern: in the cross-build-depends package only as it seems at the moment. no other packages should be doing it...	15:02
psusi	cjwatson: I thoguht they did that using the code in deviceiter.c	15:02
xnox	pkern: i wonder if wine started doing it as well or not.	15:02
cjwatson	psusi: nope	15:03
pkern	xnox: I don't have a problem with cross-amd64-i386 stuff, because we enable both. :P	15:03
cjwatson	psusi: deviceiter.c is essentially a doomed effort to guess what order devices will be iterated in at boot time; we try rather hard to avoid actually relying on it for anything important. it's basically stub code	15:03
psusi	I'm confused.... "synesis an arbitrary sequence if you don't have a device.map" is what deviceiter.c does, isn't it?	15:03
xnox	pkern: for parsing, it is save to strip ":*" from the package name, to get the package name only.	15:03
xnox	pkern: the ":*" is arch qualifier in dpkg.	15:03
pkern	I know. This is about validation.	15:04
cjwatson	psusi: no, deviceiter.c walks through all the devices it can think of on your system and assigns a sequence that way. what I'm talking about is basically just a simple counter incremented each time a tool notices a device it hasn't seen yet.	15:04
pkern	We don't want to accept stuff which might break later. And the dev argues with me that I should find out if that presence is not a bug.	15:04
cjwatson	psusi: except in grub-mkdevicemap, we no longer try to go and aggressively discover all block devices on your system, which is what deviceiter.c was trying to do.	15:04
cjwatson	(in userspace, that is)	15:05
pkern	xnox: So if it's going to stay and not a mistake and cjwatson fixes up britney, I shall communicate that. :P	15:05
pkern	(This is not a question with Debian background, fwiw.)	15:05
cjwatson	pkern: I gave up on fixing it properly in britney, I just fauxpkged it	15:05
cjwatson	or something similar	15:06
psusi	cjwatson: so for fakeraid, somewhere it needs to decide whether the device /boot is on should be designated (mdX) or (hdX)... where is that?	15:06
cjwatson	psusi: grub_util_get_grub_dev I believe	15:06
xnox	pkern: it is here to stay. in fact all packages can be refered to with :$arch suffix, dpkg inplicitely uses native-arch or any it can find when not specified.	15:06
psusi	xnox: there you go	15:07
xnox	psusi: let me catch up on the grub conversation.	15:07
psusi	xnox: just the last bit that was important... sounds like it's grub_util_get_grub_dev you'll need to modify	15:07
cjwatson	there's already an IMSM test nearby	15:07
cjwatson	to avoids tagging it as the RAID abstraction if it finds IMSM	15:08
psusi	cjwatson: ahh, I thought the existing code looked for dmraid ( /dev/mapper ) and would need modified for the mdadm switch	15:08
cjwatson	which would have the effect of making it be (hdX)	15:08
pkern	cjwatson, xnox: Thanks.	15:09
cjwatson	psusi: you're in part describing old code, I think	15:09
psusi	figures ;)	15:09
cjwatson	psusi: there's certainly some mdadm code in here already	15:09
psusi	last time I was looking at this was apparently 2010	15:09
cjwatson	xnox: if you're looking at this, please look at git master, not our current packaging; I'll be switching to a snapshot soon	15:09
cjwatson	and there's better support for grabbing stuff from subprocesses in master anyway	15:10
cjwatson	http://git.savannah.gnu.org/gitweb/?p=grub.git	15:10
xnox	cjwatson: right, and grub-installer patches are against wheezy. I'll just shelf installing onto IMSM patches for now, until snapshot arrives.	15:11
xnox	cjwatson: grub are rebels =) not using the GNU DVCS ? =)	15:11
cjwatson	switched away recently	15:11
psusi	very few gnu projects use it ;)	15:11
cjwatson	I think emacs is the main big one left	15:11
xnox	psusi: the only important one does.... yeap emacs.	15:12
pkern	Just use vi.	15:12
xnox	pkern: M-x viper-mode	15:12
xnox	latest Microsoft ergonomic keyboard is sooo emacs friendly =)	15:13
pkern	I tried that. I was not convinced. And apparently it's despised by many.	15:13
psusi	I couldn't be chatting with you on irc while running two shells, editing code, and have my git commit log entries pop up in a window with vi ;)	15:13
ogra_	pkern, huh ? shouldnt you promote gobby ?	15:13
xnox	pkern: the new one? sculpt?	15:13
pkern	vi with youcompleteme \o/	15:13
pkern	ogra_: If gtksourceview had vi keybindings.	15:13
ogra_	:)	15:13
pkern	Also apparently the market decided that web apps are better than desktop apps.	15:13
* psusi goes back to reading IEEE 802.3		15:14
cjwatson	youcompleteme> interesting	15:14
=== freeflying is now known as freeflying_away
=== freeflying_away is now known as freeflying
xnox	cjwatson: grub.git looks very sane will try it out. thanks a lot.	15:20
=== freeflying is now known as freeflying_away
xnox	jcastro: can you please reopen http://askubuntu.com/questions/59475/how-to-correctly-add-a-fake-raid-entry-to-fstab for me?	16:20
xnox	jcastro: i'll provide a proper answer in a second.	16:20
jcastro	on it	16:22
jcastro	xnox, done	16:26
rbasak	@pilot out	16:53
=== udevbot changed the topic of #ubuntu-devel to: Ubuntu 13.10 released! \| Archive: open \| Devel of Ubuntu (not support or app devel) \| build failures -> http://qa.ubuntuwire.com/ftbfs/ \| #ubuntu for support and discussion of lucid -> saucy \| #ubuntu-app-devel for app development on Ubuntu http://wiki.ubuntu.com/UbuntuDevelopment \| See #ubuntu-bugs for http://bit.ly/lv8soi \| Patch Pilots:
=== wedgwood is now known as Guest77125
=== Guest77125 is now known as wedgwood
bdmurray	slangasek: I've tested a change to update-manager to support an upgrade from Q to T per some discussion at vUDS. Basically, upgrader only wants to upgrade from Q to R so I could hard code something to have it allow upgrades from Q to T and only put that in update-manager in raring-proposed. Or maybe do something smart with a switch for update-manager.	17:18
seb128	could somebody review aptdaemon in the trusty SRU queue? it should fix the most report e.u.c error on the daily view	17:19
bdmurray	seb128: saucy?	17:20
seb128	ups, yes, sorry	17:20
seb128	bdmurray, you uploaded so I guess you can't review	17:20
bdmurray	seb128: yeah, I'd prefer not to review it	17:20
seb128	slangasek, isn't friday your SRU day? ;-) that's an easy few liner of python changes	17:21
seb128	bdmurray, slangasek: btw not sure if you saw, but I would appreciate a review from you on https://code.launchpad.net/~seb128/apturl/dont-decode-str/+merge/197804 (you wrote that code/changed it)	17:21
bdmurray	seb128: I'll have a look at it today	17:24
seb128	bdmurray, thanks	17:25
jamesh	no godoc in the new golang packages :(	17:36
stgraber	cjwatson, slangasek, mdeslaur, hallyn_: hey, so I'm playing with unprivileged containers and I currently can't ssh in because pam_loginuid is failing (/proc/self/loginuid isn't writable in a userns). How bad would it be to change that specific plugin from required to optional?	17:37
cjwatson	Apart from things just not generally working as well, the main effect I can think of which could cause problems would be that getlogin() would return "root"	17:40
cjwatson	Of course if /proc/self/loginuid isn't writable it's not clear what we could do about that	17:41
ersi	Kind announcement: Today is the last day to do the FLOSS survey 2013: http://floss2013.libresoft.es/	17:41
ersi	(In particulary aimed at FLOSS contributors)	17:41
hallyn_	getlogin uses loginuid? what did it do before loginuid existed?	17:41
cjwatson	dunno, I'm just going by bug 1067779	17:42
ubottu	bug 1067779 in shadow (Ubuntu) "missing pam_loginuid.so breaks getlogin()" [High,Confirmed] https://launchpad.net/bugs/1067779	17:42
stgraber	http://paste.ubuntu.com/6530814/	17:44
* stgraber goes to look at that bug report		17:44
stgraber	hmm, I can't seem to reproduce what the reporter describes with my test...	17:48
hallyn_	stgraber: cjwatson: well I guess say the word if http://lkml.org/lkml/2013/12/4/156 becomes more important	17:48
hallyn_	but loginuid had a purpose, and letting a contaienr set it seems wrong	17:49
hallyn_	i've not looked closely at the patchset though	17:49
hallyn_	yet :)	17:49
stgraber	hallyn_: so I'd definitely prefer it if we could get a kernel fix instead of having to patch userspace (I'd love to save myself all the backports ;)). It doesn't seem entirely unreasonable to let uid 0 in a userns set loginuid as confusing as that may be when looked at from the outside.	17:51
hallyn_	stgraber: slangasek: so, sorry, i finally realized that dbus from a userns is getting a REJECTED EXTERNAL DBUS_COOKIE_SH<...> where in same userns it gets OK there	17:51
hallyn_	stgraber: it's nto about being confusing,	17:52
hallyn_	it's about knowing the uid which "owns" the tasks	17:52
hallyn_	but ok, i'll aim to take a look in a bit. though i really have to spend some time on qemu soon	17:52
stgraber	hallyn_: the whole concept of owernship becomes blurry once your user owns a few thousands uids ;)	17:53
stgraber	ownership too	17:53
hallyn_	not my pirate ship though	17:54
mdeslaur	stgraber: would this help any? https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=45cdd2489e68465c2d2202370c350069d2a391b8	17:54
hallyn_	stgraber: so my uneducated guess is that the sha1 cookie which the dbus client sends hashes up its uid!	17:55
hallyn_	stgraber: rsince client's uid is not the uid that the server end sees, that fails	17:55
hallyn_	mdeslaur: you an expert on dbus auth?	17:55
mdeslaur	hallyn_: nope, sorry	17:55
hallyn_	mdeslaur: know anyone who is?	17:56
mdeslaur	tyhicks: do you know how that works? ^	17:56
stgraber	mdeslaur: I doubt it... in our case, loginuid is already set to -1 (well, 4294967295) as the actual uid can't be mapped to the userns. So even with that change, pam_loginuid will still attempt to set it to the right value (1000 in my case) and fail with permision denied	17:58
tyhicks	mdeslaur: nope, I haven't looked at that before	17:58
hallyn_	ok thanks - i'll read over http://dbus.freedesktop.org/doc/dbus-specification.html again	17:58
mdeslaur	stgraber: ah, ok	17:59
hallyn_	"Thus the security of DBUS_COOKIE_SHA1 depends on a secure home directory" <-- not good	17:59
stgraber	mdeslaur: if it's too hard to fix in the kernel and can't be done for 14.04, then I think the fallback will be to patch pam_loginuid to ignore (just log) failures to write to loginuid, then SRU that change to all releases.	18:00
stgraber	that'll still prevent anyone from running non-Ubuntu containers in a userns though, so I'd love to avoid that...	18:00
hallyn_	slangasek: ^ unless there's another auth mech i can use, this may mean that dbus can't be used for the cgmanager (^)	18:01
hallyn_	stgraber: i'll look at the patchset this afternoon.	18:02
stgraber	hallyn_: I guess you'll need to talk to the kernel team too because with the 3.13 merge window closed, it's doubtful we'll get that change in our kernel from upstream, so we'll need to apply that set ourselves and/or cherry-pick once that's upstream	18:02
mdeslaur	stgraber: would that be pretty much the equivalent of setting it as optional? or is there a way for you to only the failure only in an unprivileged container?	18:02
slangasek	bdmurray: wouldn't you want the behavior change SRUed into Q rather than into R?	18:02
hallyn_	or maybe i can disable auth?	18:02
stgraber	mdeslaur: it'd be similar to setting it as optional but with the benefit of not having to patch all packages that ship their own pam profile	18:03
slangasek	seb128: yep, SRU day for me today	18:03
bdmurray	slangasek: right, my mistype	18:03
mdeslaur	stgraber: I suppose ignoring the error only if it's not writable is better than setting it as optional, now that I think about it	18:03
stgraber	mdeslaur: yeah, that was my thought too. The only case you'd get a permission denied in is userns or if another MAC is preventing writes to the path, in all those cases, it's fine to ignore I think.	18:04
slangasek	stgraber: I don't think changing loginuid to optional is reasonable; anyone who wants loginuid expects it to work reliably, and you don't want all errors to be silently ignored	18:05
seb128	slangasek, hey, great ;-)	18:05
hallyn_	+1	18:06
slangasek	hallyn_: auth mech> hum, ok then. :/	18:06
slangasek	bdmurray: right - so I think that's a reasonable strategy	18:06
stgraber	slangasek: how about only ignoring permission denied (with a suitable log message)? (only discussing this as a fallback if hallyn_ can't get us to ship the audit userns kernel patch)	18:06
slangasek	stgraber: if loginuid is failing with a permissions error, and it's wrong to change the kernel to allow the operation, then I think pam_loginuid needs to be changed to not fail under those circumstances	18:06
cjwatson	Yeah, I think it would be a design error to do that in all the services	18:07
=== pmahent is now known as ptmahent
bdmurray	slangasek: Just having a version of update-manager that supports Q to T upgrades hanging out in -proposed? or also requiring a command-line option for that to work?	18:09
stgraber	slangasek: ok. I think the implementation would be something like "ignore permission denied when writing loginuid if loginuid doesn't belong to the owner of the process" which should be specific enough to only match the userns case in reality.	18:09
stgraber	gah no, won't work... I was vaguely hoping uid -1 would own loginuid but that's not the case... it appears as owned by the process owner but just isn't writable...	18:11
slangasek	bdmurray: hmm, do we want it to go straight from Q->T, or should it be Q->S?	18:12
stgraber	anyway, will only spend more time thinking about the workaround if hallyn_ doesn't manage to get us the kernel fix	18:12
slangasek	bdmurray: since R goes EOL before Q, but S does not	18:12
slangasek	(I'm asking because I don't remember what we discussed)	18:12
slangasek	stgraber: ok, sounds good	18:12
bdmurray	I believe we discussed to T because Q was closer to P the last lts	18:12
stgraber	slangasek: from what i remember of the upgrade testing vUDS session, we said P -> T and Q -> T	18:13
slangasek	ok. I thought maybe we did it because Q->S only buys you 3 more months of support before you have to upgrade again	18:13
slangasek	12.10 (Q) EOLs in 14.04, 13.04 (R) EOLs in 14.01, 13.10 (S) EOLs in 14.07	18:14
slangasek	so we can't offer Q users to upgrade to T until T releases	18:15
slangasek	right?	18:15
slangasek	which means it's already EOL at that point	18:15
slangasek	so I think we actually need to do Q->S instead	18:15
bdmurray	don't we control the day 12.10 goes EOL?	18:17
stgraber	if it's just a matter of days, it'd be better to postpone the 12.10 EOL a bit than have to SRU every single LTS to LTS fixes to S...	18:18
slangasek	bdmurray: yes, but we don't want users of 12.10 to be /stuck/ on 12.10 from January to April	18:21
slangasek	which is what they'll be after 13.04 goes EOL	18:21
bdmurray	ah, got it. okay from Q to S then, but the requiring a command line option still remains.	18:22
slangasek	yeah, I think we shouldn't require a commandline option	18:22
slangasek	we should just flip the switch when R goes EOL	18:22
bdmurray	slangasek: and does move the package from -proposed to -updates count as "flipping the switch"? The potential issue is people unexpectedly upgrading from Q to S instead of R if they use the version of update-manager from -proposed. I guess it is rather close to R's EOL though.	18:25
slangasek	bdmurray: yeah, I would count -proposed->-updates as flipping the switch, and think it's ok to have users who have -proposed enabled and who upgrade wind up skipping R	18:26
=== bfiller is now known as bfiller_afk
hallyn_	slangasek: so in a userns the client gets http://paste.ubuntu.com/6531031/ - whereas not in a userns, in place of the first REJECTED msg it gets an OK. I note the client DOES seem to get past auth, as it gets AGREE_UNIX_FD. <shrug>	18:37
bdmurray	slangasek: oh, that'll mean an SRU for the saucy release upgrader too	18:45
slangasek	hallyn_: so... the cookie is rejected, but the auth succeeds? hmm.	18:52
slangasek	hallyn_: at this point I'd say we need the dbus upstream mailing list	18:52
slangasek	bdmurray: right, I figured that would be the case	18:55
hallyn_	grrr	18:56
hallyn_	hm, and now i get Failed to open connection to "session" message bus: Unable to autolaunch a dbus-daemon without a $DISPLAY for X11	19:06
hallyn_	oh, nm, user error	19:10
hallyn_	slangasek: ah, going by http://lists.freedesktop.org/archives/dbus/2008-May/009761.html and http://lists.freedesktop.org/archives/dbus/2008-May/009831.html it seems I'm "walking on experimental ground"	19:21
hallyn_	but yeah i guess i may have to mail upstream to get their "Why tf would you want to do that"	19:22
slangasek	hallyn_: long-running experiment, what is this, CERN? :)	19:27
slangasek	or the dbus pitch drop	19:27
sarnold	hahaha	19:29
hallyn_	new insight - the first step done by both is to attempt AUTH EXTERNAL. But the working one sends AUTH EXTERNAL 31303030, while the broken one sends AUTH EXTERNAL 30	19:30
* sarnold idly wonders how many free software projects have been started _and_ stopped in the time between two pitch drop events...		19:30
slangasek	sarnold: all of them!	19:30
slangasek	(well, all the defunct ones anyway :)	19:31
sarnold	slangasek: that's gotta say something about our attention span!	19:31
sarnold	poor poor multics.	19:31
sarnold	at least fortran and cobol are going strong :)	19:31
hallyn_	and now my laptop shut itself down (thermal) during release-upgrade to trusty. nwo drops me at grub-rescue	19:38
hallyn_	maybe it's time to get a chromebook	19:39
=== doko_ is now known as doko
zer0def	why hello there! any fglrx package maintainers here by any chance? ;)	20:21
zer0def	eh, i'll just mail the proper person - at least then i can count for getting sh...tuff done	20:25
zer0def	ok, so apparently i should mail the core dev list, which i'm not going to do, so i'll just leave it here: any fglrx packages providing drivers (be it fglrx or fglrx-updates) provides virtual packages opencl-icd and libopencl1 - would be kind if someone handled this in a timely manner; would definitely save future users some torn hair, despite this issue sitting in limbo for 2+ years	20:29
tarpman	zer0def: I think you might be looking for tseliot, but he seems afk	20:30
zer0def	eh, i don't care, i've already moved on from ubuntu a long time ago	20:30
zer0def	just trying to prevent others from violating their heads too much	20:31
zer0def	especially since there's no good reason for denying people the ability to dev opencl using amd cards on ubuntu	20:32
zer0def	well, at least those who rather stick to repository packages rather than do their thing.	20:33
zer0def	anyway, message delivered; cheers	20:33
=== retoaded is now known as retoaded_biab
hallyn_	stgraber: slangasek: http://lists.freedesktop.org/archives/dbus/2013-December/015867.html	20:54
Noskcaj	Is a faster build really enough to not sync sdcc from debian? This issue is now partially fixed anyway	20:58
Noskcaj	BenC, Can you check if sra-sdk is syncable? I didn't really understand why you made it x86 only	21:05
infinity	Noskcaj: https://buildd.debian.org/status/package.php?p=sra-sdk <-- Should make it obvious why it's x86-only.	21:14
Noskcaj	thanks	21:15
infinity	Noskcaj: Also, no point in syncing it when it's FTBFS even on i386. :P	21:15
hallyn_	stgraber: regarding loginuid in userns,	21:15
hallyn_	hm, hold on	21:15
hallyn_	well, yeah. so (1) everywhere I am, it seems to be unset, and (2) once it is set it should not be re-setable; so	21:16
hallyn_	if it's so crucial thaqt it be set, then it should be set on all my logins; and in that case, starting a container would m ean all those tasks would have my loginuid,	21:17
hallyn_	so the conatiner wouldn't be able to set it anyway	21:17
hallyn_	so i'm confused	21:17
infinity	Noskcaj: That said, once the i386 FTBFS is fixed, it could be synced and just fail on !x86, I'm fine with that. I think Ben was probably just on a crusade to remove the red from the FTBFS list. :P	21:17
=== retoaded_biab is now known as retoaded
Noskcaj	ok	21:18
Noskcaj	Is anyone around willing to give me a testimonial for MOTU? https://wiki.ubuntu.com/Noskcaj#MOTU	21:19
hallyn_	hm, how does this 'loginuid_immutable' kernel 'feature' work? boot cmdline?	21:21
stgraber	hallyn_: yeah, it seems like it's only getting set for ssh sessions at the moment and soon for jobs started by at	21:21
stgraber	hallyn_: /proc/self/loginuid sure seems to be writable here...	21:22
stgraber	hallyn_: oh but indeed write once	21:22
stgraber	hallyn_: I'm just surprised that as a regular user I can echo any value in there though ;)	21:22
hallyn_	even ssh isn't doing it for me	21:23
hallyn_	(that's precise though)	21:24
stgraber	it sure does here (on precise)	21:24
stgraber	stgraber@shell01:~$ cat /proc/self/loginuid	21:24
hallyn_	wonder what the difference is	21:24
stgraber	201105	21:24
hallyn_	serge@ac100:~$ ssh hetzner.hallyn.com cat /proc/self/loginuid	21:24
hallyn_	4294967295serge@ac100:~$	21:24
hallyn_	now,	21:24
hallyn_	ok yeah in ubuntu we don't set the immutable flag - so root can clear out your loginuid.	21:25
hallyn_	if that were set, then even root could not	21:25
hallyn_	all in all, this has a use case - but to us, the way things are set up, it's useless	21:25
hallyn_	so i think we should simply go with the workaround you and mdeslaur were talking about	21:26
hallyn_	the 20 patch audit patchset doesn't even include a fix for loginuid!	21:26
hallyn_	just prep work :)	21:26
stgraber	hmm, ok	21:26
stgraber	the main issue with the workaround is the need to apply it to all Ubuntu releases and to any other distro we wish to run in a userns	21:26
stgraber	hallyn_: is there an easy check I can do to detect whether we are in a userns or not? ideally I'd like to avoid ignoring all EPERM and only ignore them when in a userns	21:28
hallyn_	well you can compare /proc/$$/ns/user stat.st_ino, or just check for '0 0' in uid_map	21:30
hallyn_	(0 0 4294967295)	21:30
stgraber	hallyn_: I guess I'll have to parse uid_map, I can't find a good way to determine whether I'm in the host namespace or not based on stat.st_ino of ns/user	21:34
hallyn_	hm, yeah, i was thinking of a server in init_user_ns (bc that's my mindset this week :)	21:37
stgraber	anyway, it's not too difficult, check if the file exists, if it does, open it and read the first 3 char, if that's '0 0', we're in the host namespace	21:38
hallyn_	well i think someone could mess with you and create an ns with 0 mapped to 0, but only 1 uid :)	21:40
hallyn_	but i don't think you care about them.	21:40
stgraber	well, if 0 is mapped to 0, then we're still actual root so should try to write loginuid	21:41
hallyn_	they'll fail	21:41
hallyn_	!init_user_ns so no capable(CAP_SYS_AUDIT). (it's not ns_capable(ns, CAP_SYS_AUDIT))	21:42
ubottu	hallyn_: I am only a bot, please don't think I'm intelligent :)	21:42
hallyn_	\sorry ubottu	21:42
stgraber	hallyn_: fine, I'll specifically look for ' 0 0 4294967295' then, that should do it :)	21:44
stgraber	hallyn_: uid_t is guranteed to always be uint32 right?	21:45
hallyn_	stgraber: well there is uid16 support somewhere...	21:46
hallyn_	no that's just legacy syscalls	21:48
hallyn_	shouldn't affect /proc	21:48
stgraber	hallyn_: good, so I don't need to care about it and can hardcode 4294967295 :)	21:49
=== salem_ is now known as _salem
charlie	first timer.. cannot bzr init-repo.... getting Permission Denied (Public Key) error..help	21:58
hallyn_	charlie: usually when i get that it means i've not added my launchpad ssh key ito my ssh-agent keychain	22:01
charlie	how i do that?	22:06
charlie	nvm...got it ...thanks	22:11
charlie	:( am still getting the permission denied error, even after adding the ssh key	22:27
hallyn_	sorry, don't know then. you've done a bzr lp-login?	22:31
Noskcaj	Can someone please rebuild ceilometer, it failed because a dependency was building	22:39
charlie	ya	22:42
infinity	Noskcaj: The verb you want is "retry", not "rebuild". The latter implies someone reuploading it.	22:48
Noskcaj	infinity, oh, ok. Thanks	22:48
hallyn_	infinity: so the arm64 patchset needs some work. i'll likely drop it altogether from 1.7 until i get the set under control, since it appears to be introducing regressions in other arches	22:54
infinity	hallyn_: Ahh, that's a shame. I guess I can abuse that PPA build for now if I need it.	23:11
=== tiaz_ is now known as tiaz
=== freeflying_away is now known as freeflying
bdmurray	stgraber: is looking for "debconf (developer)" in ubiquity debug logs a reasonable way to see if ubiquity was run in debug mode	23:25
stgraber	bdmurray: I'm not sure, I haven't seen one of those logs in a while, but if that's a string that appears whenever we see a debconf transaction that'd be good	23:43
stgraber	hallyn_, slangasek: that patch appears to do the trick for me, opinions? http://paste.ubuntu.com/6532325/	23:44
bdmurray	stgraber: bug 986550 (reported by you) looks to me like it was run in debug mode	23:44
ubottu	bug 986550 in ubiquity (Ubuntu) "Ubiquity crashes with "Illegal instruction" right after starting the slideshow" [Medium,Confirmed] https://launchpad.net/bugs/986550	23:45
stgraber	bdmurray: yeah, that was in debug mode, so yes, looking for "debconf (developer)" should work	23:46
bdmurray	stgraber: okay, thanks!	23:48
hallyn_	stgraber: I would change it just a hair - skip the access() check, and do check return value of open()	23:49
hallyn_	otherwise looks good - thanks	23:49
slangasek	stgraber: you seem to have some extra unused variable declarations (fd_uid, count_uid). Also, please get upstream eyeballs on this, I don't want to change the behavior of such a core security-sensitive module out of sync with upstream	23:49
stgraber	slangasek: oops, nice catch, I meant to use those...	23:50
stgraber	hallyn_: hmm, good point, will do	23:50
slangasek	stgraber: well, I think they're unneeded so better to drop them :)	23:51
stgraber	slangasek: no, they are needed as I don't want to override the existing ones.	23:52
slangasek	stgraber: you don't need two 'fd's, this code path is only used when fd < 0	23:52
stgraber	slangasek: doh, yeah, you're right and count is also unused in that path, so yeah, I can just reuse them	23:52
hallyn_	slangasek: pshaw, if loginuid was so critical then something other than ssh shoudl be setting it :)	23:54
hallyn_	(but i'm curious to hear upstream response)	23:54
slangasek	hallyn_: well, we aren't heavy users of auditd out of the box in Ubuntu, but there are those who do feel strongly about it :)	23:55
sarnold	lol	23:55
slangasek	and while stgraber's change looks correct to me, messing this up would give us quite the black eye ;)	23:55
hallyn_	yup i'm curious to hear the response	23:56
Noskcaj	Is there a way to test if glew 1.10 is safe to merge?	23:56

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!