/srv/irclogs.ubuntu.com/2014/07/22/#ubuntu-devel.txt

=== timrc is now known as timrc-afk
=== _salem is now known as salem_
pittiGood morning03:10
pittislangasek: wrt. ddeb-retriever rollout> I noticed yesterday that a lot of ddebs can't be mapped to package indexes because they were built for the train PPAs or will be in binNEW03:11
pittislangasek: so ddeb-retriever needs to grow a "queue" mechanism to try and process them until they do get published; so still can't roll out yet :/03:11
=== salem_ is now known as _salem
pittixnox: I don't fully understand bug 1326327, but this should go to Debian as well, right? it sounds related to debian bug 749400?04:20
ubottubug 1326327 in debhelper (Ubuntu) "dh_installinit should generated update-rc.d remove to remove rc*.d symlinks" [Undecided,New] https://launchpad.net/bugs/132632704:20
ubottuDebian bug 749400 in debhelper "dh_installinit: disable init scripts on removal of package" [Normal,Open] http://bugs.debian.org/74940004:20
pittixnox: perhaps you can forward it, with some more explanation?04:20
=== ohnivy_kon is now known as lisca
spacetimeHey, I'm trying to add a new seed but when I update, I get http://paste.ubuntu.com/7834499/  . Could someone help me figure out what I'm doing wrong?06:54
cjwatsonspacetime: Looks like you didn't add it to STRUCTURE properly07:12
spacetimecjwatson: where's STRUCTURE?07:23
spacetimecancel that. found it.07:24
RiddellStevenK: wish hobbsee a happy birthday08:33
xnoxpitti: i thought that it's a bit reverse, in Ubuntu we had delta on top of Debian to do the opposite.08:38
xnoxpitti: and I'm not yet sure if everything is correct, cause e.g. I've seen really strange generated postinst in qemu.08:38
* xnox reads the pointed out bugs again.08:38
Laneyis anyone else getting BADSIG on ddebs.u.c?08:42
Laneyhrm, yeah, looks like Release.gpg is out of date08:44
Laneyhttp://ddebs.ubuntu.com/dists/utopic/08:44
pittiLaney: yeah, sorry; current ddeb-retriever has run for almost a day already, seems I touched a lot of .debs or so and apt-ftparchive takes aaages08:45
Laneypitti: and dists/ is updated in a racy way?08:47
pittiLaney: yes, currently not atomic08:47
Laneymmm, I see08:47
pittianother deficiency of the temporary hack from 8 years ago *sigh*08:48
pittiLaney: unless apt-ftparchive already does that by itself, but seems not?08:48
* pitti puts that at the end of the long queue of TODOs for current rewrite08:48
LaneyI'd think that it would, but I've not used it myself to say for sure08:49
LaneyMaybe you have to do this yourself actually, looking at its manpage08:52
jodhpitti: fyi http://anonscm.debian.org/gitweb/?p=autopkgtest/autopkgtest.git;a=blob_plain;f=doc/README.package-tests;hb=HEAD shows "404 - Cannot find file"09:52
jodhpitti: (as linked to from http://dep.debian.net/deps/dep8/)09:53
pittijodh: I know, it was renamed to .rst09:53
pittijodh: hm, I updated that in svn ages ago; seems that doesn't automatically get rolled out09:53
pittijodh: thanks, I'll find out who to contact about this09:53
jodhpitti: ta. Is there any capability in the dep8 framework to look for core files left behind by tests, or is it up to each test to implement those checks?09:54
pittihttp://lists.alioth.debian.org/pipermail/dep-commits/2014-July/000316.html FTR09:54
pittijodh: the latter; I don't want to search the entire file system for core file, that would be quite inefficient09:55
pittithe test knows where to look for them (and most tests don't use core dumps)09:55
pittiyou can put them into $ADT_ARTIFACTS if you want to export them09:55
pitti(but please compress them first :) )09:55
pittijodh: we could collect apport crash reports though, if that's sufficient09:56
jodhpitti: ack. I've found a couple of commands recently that core dump but there is no dep8 test. so I was kinda hoping I could create a NOP dep8 test and get the rest for free. However, copy+paste it is... :)09:56
jodhpitti: might be a nice extension to have a way for a dep8 test to request that core files be checked for in say '/', any directory specified by a *.install file and any directory in or below the ADT test run directory though.09:58
jodhpitti: I agree that we don't want to trawl the entire FS though :)09:59
pittipoked10:00
pittiand we don't want to routinely pick up all core files, I think; they are quite huge, and we basically store them forever10:00
jodhpitti: I'm not suggesting we pick them up necessarily, just that iff a test specifies an interest in core files, that test would be failed if any were found.10:01
pittiI think it makes more sense to (1) either collect and post-process apport reports (without core)10:01
pittior (2) locally run the test with -s10:01
pittito get a shell, and debug in the testbed10:01
jodhpitti: cheaper to find the problems earlier imho10:02
pittijodh: but woudl that actually buy you much? you still need to reproduce the same test environment10:02
pittiso you could just as well re-run the test10:02
jodhpitti: yes, but if we atleast flag it at the dep8 stage, we could avoid releasing versions of programs that dump core everywhere :)10:03
pittiright10:04
pittijodh: you mean your test succeeds, but something still crashes?10:04
jodhpitti: I'm not talking about any of my tests. There are a couple of bugs I've hit recently in packages with no dep8 tests. The commands in these packages core dump when run.10:06
pittiah, so a smoke test like running the program with some sensible/easy options succeeds would help there?10:07
jodhpitti: yeah.10:10
=== pitti is now known as somedude
=== somedude is now known as pitti
pittiLaney: hm, I just had a quick attempt at atomically updating dists/, but that's utterly hard :/11:12
pittimeh, I already have half a soyuz implementation in ddeb-retriever; I really don't want to pile more hacks upon it11:13
pittiLaney: it does update Packages.gz atomically, but not the whole dists/11:13
Laneypitti: Dare I ask if ddebs in launchpad is coming soon anyway? ...11:14
cjwatsonLaney: Blocked on prodstack 411:14
cjwatsonThe Launchpad side is done11:14
LaneyYeah so I understand11:15
pittiis that ddebs in librarian, or actual archive generation, too?11:15
cjwatsonBut we need the new librarian or it'll run out of space11:15
cjwatsonpitti: librarian11:15
cjwatsonEr, wait11:15
pittithat's already a huge progress in terms of stopping to lose ddebs11:15
cjwatsonJust the librarian bit is blocked on prodstack.  As far as I know the ddebs implementation in Launchpad covers archive generation too.11:15
pittimy main difficulty is to re-model binNEW, component changes, copying from PPA, and all the other funny stuff that can happen to the main indexes11:15
wgrantWe don't do archive generation for the primary archive today.11:16
pittioh, way cool!11:16
wgrantThe primary archive's ddebs, that is.11:16
wgrantIt's difficult to implement.11:16
cjwatsonAh, I'm misinterpreting r16629 then, sorry11:16
wgrantThat's only for PPAs atm.11:17
cjwatsonI assumed that since that touched lp.archivepublisher.model.ftparchive that it affected primary too11:17
Laneypitti: In the meantime I'd go ask #debian-ftp for help if you're motivated11:17
pittiLaney: still fighting with my code to properly queue ddebs to cope with PPA/binary NEW, and other fun exceptions11:17
=== juliank0 is now known as juliank
BluefoxicyAny thoughts on making /tmp and /run/user btrfs subvolumes, mounted as noexec,nodev,nosuid ?11:53
Bluefoxicy(yes, I realize nobody has told the system perl/python/bash interpreters to check for noexec and refuse to load scripts)11:54
xnoxBluefoxicy: /run/user may not be btrfs.11:55
xnoxthat would be violation of XDR Directory Spec.11:55
xnoxand it's already noexec.11:57
xnoxby default we don't do anything for /tmp. there were plans to make /tmp on tmpfs by default, and thus hence noexec would be possible but that hasn't been implemented.11:57
xnoxBluefoxicy: for reference see /lib/init/fstab11:59
Bluefoxicyxnox:  wait, what?11:59
Bluefoxicyoh12:00
Bluefoxicyit's a tmpfs12:00
Bluefoxicyxnox:  I didn't notice that, somehow, in the pile of mount output12:00
xnoxBluefoxicy: locally i have /tmp on tmpfs with noexec, nodev, nosuid.... but we can't  / don't have that by default.12:01
Bluefoxicynod12:01
BluefoxicyI've been mounting @home that way12:01
=== MacSlow is now known as MacSlow|lunch
mdeslauryou'd probably want to mount /var/tmp noexec also, else, there's no point12:02
mdeslaur(well, I personally think there's no point for /tmp either, but meh)12:03
=== _salem is now known as salem_
Bluefoxicyheh12:23
pittixnox: thanks for fixing lava-dispatcher! can you please send this fix to Debian?12:37
xnoxpitti: yeah, i will.12:37
pittixnox: danke12:37
xnoxthat should help with parted transition.12:38
=== MacSlow|lunch is now known as MacSlow
pittislangasek: pressed the big red ddeb button; *phew*12:59
seb128barry, hey, why did you change my patch pilot schedule for tomorrow?13:13
barryseb128: um, what?13:14
seb128barry, just got an email13:14
barryseb128: how weird!  i haven't touched the pp calendar.13:15
seb128barry, from google calendar, say you changed my patch pilot invitation for wed jul 2313:15
seb128saying13:15
seb128barry, that's the patch pilot schedule I think13:15
barryseb128: that's mysterious ;)13:15
seb128yet happened, fwded you the email in case you don't believe me13:16
seb128barry, didrocks mentioned recently you edit his as well13:16
seb128barry, I wonder if your workflow is doing thing you don't expect or something?13:16
barryseb128: oh, i believe you got the email13:16
barryseb128: like, every time i upload a package, someone's patch pilot gets changed? :)13:17
seb128lol13:17
seb128you didn't open google calendar?13:18
seb128k, dunno what that happened then13:18
seb128but I would like to know what changed13:18
seb128like was I scheduled for tomorrow, or did you just move the invitation to another day?13:18
barryseb128: i see the email.  i have no clue why that's coming from me!13:18
barryseb128: i only opened my canonical calendar when you pinged me, but that would violate causality13:18
seb128k, dunno what happened then :/13:19
seb128strange13:19
barryme neither!  i guess dholbach isn't around.  i think he owns that calendar13:19
barryseb128: i'll forward that to him and cc you13:20
seb128barry, thanks13:23
xnoxinfinity: pkg-util-linux ftbfs on i38613:26
cjwatsonxnox: lava-dispatcher> oh, thanks, I was going to look at that once I was back off 3G tethering13:29
xnoxcjwatson: isp bonding in progress?13:34
xnox=)13:34
cjwatsonxnox: No, disk trouble on my router13:34
cjwatsonIt never rains but it pours13:34
cjwatsonThe actual ADSL line is fine :)13:34
=== lisca is now known as diskzokej
ogra_cjwatson, SES Astra offers pretty cheap 20MBit sattelite lines in germany recently ... i wonder if they have something similar for the UK13:37
xnoxshadeslayer: cjwatson: ubiquity upload has a strange dep change. "s/python3-dbus/python2-dbus" on ubiquity-frontend-kde. What's up with that, shadeslayer ?13:38
xnoxshould I fix it?13:38
juliankogra_: cjwatson: See http://uk.ses-broadband.com/10390967/uk13:45
cjwatsonxnox: I completely missed that.  Looks like a typo.  Please fix13:45
cjwatsonogra_,juliank: No thanks, just switched ISP and not in a rush to have any more hassle13:45
ogra_juliank, heh, in germany they actually founded a sub-company https://www.orbitcom.de/shop/astra-connect-xxl.html13:46
xnoxjuliank: satelite is crap uplink, no?!13:46
juliankxnox: 2 mbit/s uplink.13:46
juliankBut you can get much faster offerings13:46
cjwatsonAnd my trouble today has nothing to do with my ADSL anyway13:46
* xnox likes to upload tarballs & binaries into debian.....13:46
julianksymmetrical elsewhere13:46
mlankhorstxnox: with debug symbols :-D13:47
ogra_xnox, well, i would keep the DSL i have and use the sat as a cheap download line :) the latency is surely awful13:47
ogra_but 20MBit vs 2MBit DSL that i can get here without replacing the whole wiring of the house ;)13:48
xnoxjuliank: ogra_: i have 120 MBit / 20 MBit at the moment with Virgin media cable.13:49
ogra_lucky you13:49
juliankI have 10/10 at university town home and 16/1 at parent home13:49
* ogra_ pays a fortune for a 2MBit SDSL line ... the fastest i can get in this house 13:49
cjwatsonxnox: Looks like fixing ubiquity should be the last piece of the parted transition, indeed13:52
xnoxuploaded.13:58
=== kentb-out is now known as kentb
cjwatsonthanks!14:01
juliankogra_: Get Sat internet then. 20 down / 6 up at http://www.skydsl.eu/de-DE/Satelliten-Internet/tariff/skydsl2p/sky2pt814:02
juliankUsing Eutelsat, not Astra.14:03
ogra_that means i need a second dish i guess14:03
ogra_i already have a TV dish pointing to astra14:03
juliankogra_: You should be able to use a single dish. If less upstream is OK, get an SES Astra one.14:04
shadeslayerxnox: not my doing14:04
juliankYou can usually reach both Eutelsat and Astra with a single dish14:04
ogra_well, we'll see :)14:04
juliankogra_: SkyDSL is a bit expensive, but is a real flatrate, the Astra Connect stuff had traffic limits.14:05
ogra_juliank, not the XXL offer14:05
ogra_thats flat for 69€14:05
juliankAh cool14:05
xnoxshadeslayer: is this not your commit? http://bazaar.launchpad.net/~rohangarg/ubiquity/plasma5/revision/619914:05
ogra_and i doubt i actually want to do uploads via sat :)14:06
juliankogra_: Why?14:06
ogra_dunno ... latency ?14:06
juliankSky DSL only costs 60€ after 12 months have passed, BTW.14:06
ogra_do you have any first hand experience with it ?14:06
juliankogra_: But that does not matter for package uploads :)14:07
ogra_indeed14:07
* juliank only had a 1-way downstream sat connection (upstream via 56k modem). No idea about the bi-directional stuff.14:07
juliankogra_: Latency is about 700ms according to SkyDSL14:09
shadeslayerxnox: oh uh14:14
shadeslayerhow did that happen 0.o14:14
argescjwatson: hey today's my sru day, are there any freezes I should be aware of before reviewing the upload queue?14:14
cjwatsonarges: coordinate with infinity14:17
argescjwatson: ok14:18
cjwatsonarges: you probably at least want to be pretty careful about trusty14:18
argesI figured as much; infinity anything that would be constructive for me to review in the trusty upload queue or pending SRUs?14:19
stokachustgraber, ive run into a weird issue with lxc -- sudo lxc-create -t ubuntu -n maas -- --packages maas,maas-dns,maas-dhcp fails where as running apt-get install after lxc creation allows maas to install14:30
flexiondotorgcjwatson, Can I ask you a quick question about live-build?14:31
stokachustgraber, http://paste.ubuntu.com/7832005/14:31
cjwatsonflexiondotorg: just ask, don't ask to ask :)14:31
stokachustgraber, you seen anything like that before?14:31
flexiondotorgI'm working on Ubuntu MATE Remix. I'm using the following script to make to iso images.14:32
flexiondotorghttp://bazaar.launchpad.net/~ubuntu-mate-dev/ubuntu-mate/ubuntu-mate-iso/view/head:/build-ubuntu-iso14:32
flexiondotorgThe resulting .iso is missing to pool and dist directories that I see in the official flavours.14:32
flexiondotorgIs there a way to enable/mimic that behaviour?14:32
ogra_not easily14:33
ogra_Laney, wasnt that your script initially ? ^^^14:33
ogra_(iirc popey based on it)14:33
Laneyumm14:33
flexiondotorgIt is adapted from a script by Laney14:33
LaneyI can't really provide support for that14:34
cjwatsonflexiondotorg: live-build has some features a bit like that (dpkg -L live-build | xargs grep -s pool), but we only use live-build to build the actual squashfs, we don't use it for the whole thing14:34
flexiondotorgcjwatson, Yeah so I've seen.14:34
cjwatsonwe use lp:ubuntu-cdimage plus the various other bits listed in configs/devel there to put the top-level ISO stuff together14:34
flexiondotorgI've read  lp:ubuntu-cdimage14:34
ogra_why not simply start working on making it a real flavour14:35
cjwatsonI guess you might be able to do something with config/package-lists/ in live-build, but I have no idea really14:35
flexiondotorgI'm just trying to mimic the official iso image as much as posisble while we are not an official remix.14:35
ogra_thats most likely easier than trying to get cdimage/debian-cd to work with the script14:35
flexiondotorgOK, that is a useful pointer.14:35
cjwatsonRight, ubuntu-mate seems like the kind of thing that might be on a relatively short path to being official if you asked14:35
ogra_yeah14:35
flexiondotorgcjwatson, We do want official status.14:36
flexiondotorgI just wanted to get all the initial work completed up front to ease the merge.14:36
flexiondotorgI'm about there.14:36
ogra_flexiondotorg, but proper builds :)14:36
cjwatsonI wouldn't worry about this part of it for that purpose14:36
cjwatsonCertainly not if it's going to involve a ton of duplicated work14:36
ogra_flexiondotorg, we have ubuntu-desktop-next ... thats probably years from being something official ... and still we build daily images for it14:37
cjwatsonI mean, it absolutely is possible to set up cdimage locally, all the code is public, but it involves things like a full mirror14:37
flexiondotorgogra_, I really want to benefit from the official builds. I've had to get EFI and SecureBoot without access to either hardware.14:37
cjwatsonIt's a pain14:37
cjwatsonSo while I'm happy to help if that's what you actually need, I'd prefer to only go through that for things that can't be official RSN14:38
flexiondotorgcjwatson, I did review your code. But decided it wasn't worth the effort in re-implementing it utside the official infrastructure.14:38
flexiondotorgcjwatson, Not sure I follow. But what I'd like to do is merge my livecd-rootfs changes (minimal) , seeds and meta-packages so that Ubuntu MATE could be built officially.14:39
flexiondotorgIs that something that is possible without going through all the "official flavour" process?14:39
cjwatsonSure14:41
flexiondotorgThat would be great.14:41
ogra_we have a process for that ?14:41
cjwatsonunhelpful14:41
ogra_just curious14:41
cjwatsonit may not be written down clearly but there is certainly a process (as in series of steps)14:41
ogra_i thought having a seed and building from the archive would be enough14:42
flexiondotorgcjwatson, Is that something you can share so I can start the process?14:42
cjwatsonit would normally involve talking to the tech board14:42
cjwatsonfeel free to CC me (cjwatson@u.c)14:42
flexiondotorgcjwatson, Can I do that or do I need a "sponsor"?14:42
cjwatsonAnd https://wiki.ubuntu.com/RecognizedFlavors14:42
cjwatsonflexiondotorg: whoever's the project lead ought to do it; you're going to want people who can actually upload stuff directly as soon as possible14:43
flexiondotorgcjwatson, Thanks. I am the project lead.14:43
slangasekpitti: ah, so the ddeb-retriever update is deployed now? \o/  Sorry for not making any progress on this on Friday for you, ran out of time :(14:43
pittislangasek: yes, it is (I kept a backup of the old files too, just to be sure)14:44
=== Sweetsha1k is now known as Sweetshark
apacheloggermvo_: we've just been wondering... is there a reason apt-xapian-index doesn't register a APT::Update::Post-Invoke-Success hook to update the database?15:33
mvo_apachelogger: the only reason that its expensive to run and would make each apt-get update very slow (and even rebuilding in the background is a bit anoying as it tends to consume quite a bit of io/cpu)15:34
apacheloggermvo_: aren't incremental updates relatively fast? the thing is... currently all kde software using libqapt needs to explicitly update the database which is highly annoying and causes unintended side effects when someone forgets to do that, so we've been wondering about how to remove the requirement globally15:36
mvo_apachelogger: they are sort of fast, we had problems in the past with corruption though, this is iirc why the --update part got disabled15:37
mvo_apachelogger: might be worthwhile to see if that is still a sissue15:37
apacheloggermvo_: thanks, I'll put down a todo to look into this in detail15:39
mvo_thanks15:39
bdmurraypitti: I've seen a few cases where an apport retraced crash does not have a Stacktrace in it. Would we need the CoreDump to definitively sort out what happened?15:45
pittibdmurray: yes, I think it would certainly be helpful for debugging the underlying gdb problem15:56
bdmurraypitti: okay, so this is insufficient? https://pastebin.canonical.com/113960/15:57
pittiinfinity, kees, slangasek, mdeslaur: TB meeting in 3 mins reminder15:57
mdeslaurpitti: ack15:57
slangasekpitti: yes; I have conflicting meetings, I'm afraid I have to send my regrets15:58
pittibdmurray: fun, that has a StacktraceTop, so it shoudl have had a Stacktrace, too15:58
pittislangasek: noted15:58
keespitti: thanks!15:58
pittibdmurray: could also be funny characters/breaks/etc. which confuse the parsing of the stack trace (but I wouldn't know without seeing the original raw gdb output :/)15:59
bdmurraypitti: okay, I'll work on saving the CoreDumps then16:00
pittibdmurray: is this a "sun ray glitch" thing, or did you see this more often?16:00
bdmurraypitti: looking at the statsd counters for this there is a very low volume, so I think I'll file a bug for some day later16:05
pittibdmurray, jibel: btw, I haven't yet had time to look into/respond to the retracing armhf thread, will do ASAP16:08
* pitti has been stuck with other high-prio things, sorry16:08
bdmurraypitti: a fair number of things are retracing - https://errors.ubuntu.com/?release=Ubuntu%2014.10&period=day&pkg_arch=armhf16:09
infinitypitti: Gah.  Not even remotely paying attention to things like meeting reminders.16:10
pittiinfinity: it's just over; you still have a carried "review/reply to juju MRE proposal"16:10
infinitypitti: Right, I didn't do that, so carried it is.  Sorry about the no-show.16:11
pittiinfinity: no worries16:11
* pitti waves good night16:11
pittibdmurray: hm, I can't click on any of these errors, I always get the "computer over" fail page; so these are all ok?16:13
pittibdmurray: ah, some work16:14
pittibdmurray: but e. g. https://errors.ubuntu.com/oops/94734414-1180-11e4-8bdd-fa163e78b027 failed to retrace16:14
pittibdmurray: none of these show "stacktrace", for privacy reasons I suppose?16:14
pittiah no, e. g. https://errors.ubuntu.com/problem/eb8fe775c22d5210f56ad7ac038ac1b1895f4465 is just fine16:15
pittibdmurray: so that part was (hopefully) due to the broken gdb-multiarch, and should be fixed now16:15
pittianyway, tomorrow; it's been too long today16:15
* pitti waves16:15
=== timrc-afk is now known as timrc
=== roadmr is now known as roadmr_afk
=== hallyn_ is now known as hallyn
=== roaksoax_ is now known as roaksoax
=== wedgwood is now known as Guest45740
=== timrc is now known as timrc-afk
=== roadmr_afk is now known as roadmr
PiciIs /3620:20
=== timrc-afk is now known as timrc
=== salem_ is now known as _salem
achianghallyn: hey, i'm experimenting with something in lxc and i'd like to do something i know is dangerous... how do i grant permission to /proc?22:38
achiangCannot chdir into /proc/ directory: Permission denied22:38
=== timrc is now known as timrc-afk
elopiohello22:40
elopiois there a core dev around to review the packaging changes in this branch?22:40
elopiohttps://code.launchpad.net/~canonical-platform-qa/url-dispatcher/fake_dispatcher/+merge/22777822:40
hallynachiang: ?  you should be able to cd into /proc....22:41
achianghallyn: hm, maybe my problem is something else... i'm attempting to run our own webbrowser-app in a container22:42
hallynachiang: edit /etc/apparmor.d/abstractions/lxc/container-base22:42
achianghallyn: and we essentially have a thin layer over the blink runtime.22:42
achianghallyn: i notice from here that we start chrome with --disable-setuid-sandbox - https://www.stgraber.org/2014/02/09/lxc-1-0-gui-in-containers/22:42
achiangso maybe our webbrowser-app (oxide) has the same issue22:43
hallynyeah, i'm running it like that22:43
cjwatsonelopio: looks fine to me as long as the resulting url-dispatcher-testability binary package only contains python3 modules22:43
cjwatsonelopio: actually don't you want ${python3:Depends} in url-dispatcher-testability too?22:43
achianghallyn: "running it like that" -- what is "it" ?22:43
hallynchrome instide a container following stgraber's instructions :)22:43
hallynthe rason to disable seccomp is bc by default we now have the container already inside seccomp22:44
achianghallyn: ah. well maybe oxide doesn't respect that cmdline arg yet22:44
cjwatsonelopio: I would generally include ${python3:Depends} in the dependencies of packages shipping python3 modules even if it doesn't expand to anything at that point22:45
elopiocjwatson: right, the packaging guid of python3 mentions that.22:45
hallynachiang: anyway yes, if you just set lxc.aa_profile = unconfined you should have full access to /proc22:45
elopiocjwatson: can I add it in a following branch? This is not my branch, and I wouldn't like to delay it more.22:45
hallynif htat works, then from there you can write a policy that works for you22:45
achianghallyn: where do i set that? in the file you pointed me at above?22:45
hallyn(lemme know if you need help wit htat)22:45
hallynno, in the contaienr configuration file22:45
hallyn.local/share/lxc/u1/config or /var/lib/lxc/u1/config22:45
cjwatsonelopio: I'd rather it went in this branch, seeing that this is likely to have to wait for silo 8 to get sorted out anyway22:45
achianghallyn: ok, i have that...22:46
cjwatsonelopio: as a matter of form I don't think it's good to pressure people into giving acks22:46
achianghallyn: well, i have lots of things in there.22:46
elopiocjwatson: ok, I'll tell brendan to update it.22:46
cjwatsonthe point of getting core-dev acks on things is to fix the packaging before it lands so fixes aren't forgotten :)22:47
cjwatsonthanks22:47
elopiocjwatson: sorry, I didn't understand that last message.22:47
elopiooh, yes, you are right.22:47
hallynachiang: not sure what you mean.  lots of things in that file?22:47
achianghallyn: this is my config for the container - http://pastebin.ubuntu.com/7838928/22:47
cjwatsonelopio: if you can verify that it makes no difference to the generated dependencies either way, then I'd be OK with fixing it in a follow-up22:47
hallynachiang: looks good22:47
hallynfire it up22:48
achianghallyn: and this is my default.conf - http://pastebin.ubuntu.com/7838930/22:48
elopiocjwatson: no, I think you are right. Better to get it as good as possible on this branch. I thought this would auto-land, but it goes through a silo, so we wouldn't be delaying anything.22:48
hallynachiang: you're saying it was already like that?22:48
elopioactually, I can push to this branch.22:49
achianghallyn: i just made those edits, stopped the container, and restarted it... now getting - http://pastebin.ubuntu.com/7838936/22:49
elopiowould it be bad manners to modify somebody else's branch?22:49
cjwatsonif you can commit to it I don't see why it's bad22:50
cjwatsonpresumably it's team-owned for a reason22:50
cjwatsonelopio: yeah, silo not yet assigned and we only have one free right now, would prefer to reserve that for emergencies in any event ...22:50
cjwatson(silly system, but)22:51
hallynachiang: strace the app22:51
elopiocjwatson: ok, pushed.22:56
achianghallyn: huh. kinda interesting - http://pastebin.ubuntu.com/7838964/22:58
cjwatsonelopio: thanks, looks good to me22:59
elopiothanks to you.23:00
elopiothis is nice :D the testability packages are making me happy.23:00
hallynachiang: hm, I suppose try "sudo strace -f -ff -u ubuntu -o oxide webbrowser-app"23:00
achianghallyn: neat - http://pastebin.ubuntu.com/7838978/23:02
hallynhaha23:02
hallynachiang: ok, well can you "cd /proc" ?23:03
slangasekhallyn: hmm, so why is cgmanager no longer in the Debian NEW queue, nor in Debian unstable?23:03
achianghallyn: yes23:03
hallynslangasek: well, dba raised a stink;23:03
achianghallyn: http://pastebin.ubuntu.com/7838982/23:04
hallynslangasek: there's a trail both in the ITP and in private emails including the debian ftp admins23:04
hallynslangasek: short story is dba is supposed to push a new version based on my 0.28 upstream.  he said he'd do that last friday.23:04
hallynuh, i think it was last friday.  anyway, this morning he said he'd upload today23:05
slangasekhallyn: um.  so on what grounds was your package rejected from the NEW queue?  Or dba's package, for that matter?23:05
hallyni can fwd you some amusing emails if you like.  i also asked him in private (after he pmd me) if there was any advantage to his packaging;  no answer to that.23:05
hallynon the grounds that there was conflict.  I was seen as usurping his submission.23:06
hallynso ftpadmin (paultag) dropped both23:06
hallynsaid for us to work out out23:06
hallynmy only complaint in all this is,23:06
hallynat teh same time they take months to accept NEW packages, while they complained that we pushed cgmanager to ubuntu without waiting for debian23:06
slangasekok23:06
hallyn(paultag did)23:06
infinityWorking things out with dba is often entertaining.  Good luck.23:07
hallyni like teh guy, but that stance was annoying23:07
slangasekI think I'll be taking that up with paultag, because I don't consider that grounds for a reject ;)23:07
hallynas i told dba in private, i dont' give a rats ass who maintains the package, but if he doesn't have time, why the hell push this way?23:07
hallyn(that is, i don't care about me being the maintainer;  but i do care taht someone i can work with maintains it)23:08
hallynanyway.  achiang - i'm perplexed.23:08
hallynoh.23:08
=== timrc-afk is now known as timrc
hallynachiang: you showed me a grep.  can you pastebin the full strace output?23:09
achianghallyn: oh erm... there are lots of files.23:09
hallynachiang: drop -ff and rerun?23:09
hallynshould then all go to one file23:09
achianghallyn: i'll pastebin the one with the chdir23:09
hallyn(re-run with new filename else it'll append :)23:09
hallynwell i need to follow all the creds changes23:09
hallynslangasek: I assuem you're saying there is not yet a new cgmanager in NEW?23:10
hallynthat makes me sad23:10
achianghallyn: ok23:10
slangasekhallyn: there is not23:10
achianghallyn: giant pastebin - http://pastebin.ubuntu.com/7839005/23:12
hallynachiang: ah, thanks.  looking23:15
hallyntwo instances of 7979  prctl(PR_SET_NO_NEW_PRIVS, 0x1, 0, 0, 0) = 023:18
hallynand 7979  prctl(PR_SET_SECCOMP, 0x2, 0x7fffbe55f810, 0xffffffffffffffff, 0) = 023:20
hallynachiang: can you grep -i seccomp /proc/self/status int he container?23:21
hallynboth tasks 7979 and 7989 tried to set NNP, then set seccomp filters, then exited with 7979  +++ exited with 100 +++23:21
achiang$ grep -i seccomp /proc/self/status23:23
achiangSeccomp:023:23
hallynhm23:26
hallynand i assume this works outside of a container?23:26
achianghallyn: well... kinda. i at least get a window that pops up on my desktop (although it is blank)23:27
achianghallyn: that would be running outside the container on a trusty host23:27
achiangjust running the trusty version of webbrowser-app from the cmdline23:27
hallynachiang: so if you strace it on the host, what happens after the PR_SET_SECCOMP ?23:29
achiangis anyone running utopic natively? perhaps they could just try to launch webbrowser-app from the cmdline and see if that works23:29
achianghallyn: http://pastebin.ubuntu.com/7839069/23:32
achianghallyn: i'd say don't worry about spending more time on me today. i'll send a mail to chrisccoulson asking for some help... it could be as easy as supporting the same --disable-setuid-sandbox for oxide23:34
achianghallyn: thanks a ton already23:35
hallynachiang: my utopic laptop is the one that died recently;  so i'm not until my new one arrives.  lenovo keeps pushing the ship date back day by day :)23:39
achiangnice23:39

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!