[00:00] <sarnold> I don't allow password access to my sshd
[00:00] <sarnold> keys only
[00:00] <Matt3o12> Why?
[00:00] <sarnold> there's just too many brute-forcers on the internet
[00:01] <Matt3o12> And.. what about the key or a password + a pam module (2 step authentication using google's authenticator)?
[00:02] <sarnold> Matt3o12: I'm paranoid but also lazy :)
[00:03] <Matt3o12> So am I (that why I use 20 letter password, generated and almost unique)...But what do you think about a password + google authenticator. I may need to log into the server in school...
[00:03] <sarnold> Matt3o12: some friends do use e.g. pam_duo, though. if it makes sense to you, go for it
[00:03] <sarnold> Matt3o12: ah, using a machine you don't control? that's always iffy..
[00:06] <Matt3o12> Yeah, I know, that's why I have 2 user accounts (one with limited access)... But I just hate to work with windows and I sometimes need to use unix...
[00:08] <Matt3o12> Anyway. what is your opinion about 2FA instead of a key.. I might lose it any booting the server with init=/bin/sh is really what I want to do least...
[00:09] <sarnold> if I had to use passwords I'd definitely use 2fa
[00:09] <Matt3o12> Ok...
[00:09] <Matt3o12> How can I su into root once I removed the password.
[00:10] <sarnold> sudo -s
[00:15] <Matt3o12> One last thing: what's the difference between sudo -i and sudo -s ?
[00:17] <sarnold> Matt3o12: sudo -i tries to act like you just logged in via getty or sshd; sudo -s just starts a shell with the right user privileges. e.g. -s doesn't change directories or goof around with environment variables..
[00:19] <Matt3o12> Ok. Thank you very much for your help :)
[02:44] <zartoosh__> Hi which package install this directory: /boot/grub/x86_64-efi/    Thanks
[03:44] <TJ-> zartoosh__: "apt-file search <file-name>" ... but I happen to know it's created by grub-install and gets copies of the GRUB modules from the package "grub-efi-amd64-bin" (/usr/lib/grub/x86_64-efi/)
[03:54] <Icabash> I haven't made any progress so far - x86 Ubuntu 14.04 install is stopping at "load debconf preconfigruation file" (I can still access the terminal with ctrl+alt+f2, though)
[03:58] <Icabash> Wondering if I should try CentOS or Debian
[03:59] <kernel13> is there a way to generate preseed file from existing server
[06:54] <Icabash> Figured out the problem - I was too impatient and didn't give the install enough time to proceed. (Although waiting for 2 hours seems a bit much for one step of the install)
[09:26] <poobutt> at ssh login 14.04 says 7 Packages can be updated 7 Packages are security updates. But update/upgrade does nto install or find anyhting. reboot still shows this msg
[09:56] <rbasak> poobutt: try "sudo apt-get dist-upgrade".
[10:10] <poobutt> rbasak: thanks this shows a headers upgrade i am actualy currently already on 14.04.1 LTS should i still go ahead with the dist-upgrade?
[10:10] <rbasak> poobutt: pastebin the output please?
[10:12] <poobutt> paste.ubuntu.com/8052540
[10:13] <rbasak> poobutt: that's just a kernel update. You probably want to take that. It has been issued for 14.04 users. "dist-upgrade" is needed to get kernel updates, since they use a metapackage that depends on a new kernel package.
[10:14] <rbasak> poobutt: you'll need to reboot afterwards to boot the new kernel. Note that there is a (small) regression risk so you should be prepared to handle that.
[10:15] <poobutt> ok thanks, going for it now
[10:18] <poobutt> rbasak: thanks worked and no more available update msg at log in, and on another note after pasting in paste.ubuntu.com hitting the back button in browser alows you to edit / add to paste never knew that b4
[10:20] <poobutt> scratch that paste note.ubuntu.com comment it only does that in local browser it seems
[10:31] <poobutt> thats nice...
[11:48] <technocf> Where can I find a good tutorial for setting up an Ubuntu mail server with virtual mailboxes.  I've found some tutorials but they only go into setting up postfix, not all the other bits.
[11:54] <technocf> Found one
[11:56] <obi12341> technocf, https://www.exratione.com/2012/05/a-mailserver-on-ubuntu-1204-postfix-dovecot-mysql/
[11:57] <technocf> obi12341: Thanks, that's better than the one I found
[11:57] <obi12341> ;)
[11:58] <obi12341> we used this tutorial for a really big customer, so this tutorial is proofen
[11:58] <obi12341> *proofed
[11:58] <technocf> Great! Setting up my new company... we need emails. :P
[11:58] <obi12341> :P
[11:59] <technocf> Soon I should have ceo@deviotion.com
[12:00] <technocf> What do I do if the server is more than just mail?
[12:00] <technocf> It says make the hostname  "mail."
[12:01] <obi12341> then just use the "normal" hostname without mail
[12:01] <technocf> ok, I just wasn't sure
[12:14] <technocf> I followed the instructions word for word and https://mail.deviotion.com/postfixadmin/setup.php doesn't exist...
[12:16] <technocf> Fixed it
[12:55] <samba35> i am trying to install wireless card (netgear wg311v3) with ndiswrapper after driver is installed when i run iwconfig its not able to detect card ,can you please tell me what could be wrong i am doing
[12:55] <samba35> i am trying this card with server and desktop with no luck
[13:09] <JoeyJoeJo> I've got a new software raid 5 made out of 3 3TB drives, but it's showing up as 4TB. Shouldn't it be 5.4TB?
[14:03] <Kunzem1984> Hi is there a easy way of checking which hdd in my raid 1 setup has block errors? I get "status: { DRDY ERR }" with lots of other errors in syslog . googled them and it seems hdd failure.
[14:06] <rbasak> coreycb, jamespage, gnuoy, beisner, rharper, lutostag, smoser, hallyn: it's the scheduled time for another merge sprint now.
[14:06] <rbasak> Who is here and will attend, please?
[14:06] <lutostag> lutostag: cant for first hour, will join after that
[14:06] <lutostag> lol, rbasak ^^
[14:07] <rbasak> OK no problem, thanks.
[14:07] <coreycb> o/
[14:07] <beisner> rbasak, elbow deep in a bug and an RT, need to wrap those up, will be joining biab
[14:07] <rbasak> OK beisner
[14:08] <rbasak> Hi coreycb!
[14:08] <coreycb> rbasak, hi!
[14:08]  * rbasak waits to see who else is here
[14:19] <coreycb> rbasak, is there any priority in which packages require merge?
[14:20] <rbasak> Let me take a look at the list as it stands today.
[14:22] <hallyn> pad url?
[14:22] <rbasak> coreycb: without looking at changelogs or if anybody else has taken it, so not considering complexity...
[14:22] <hallyn> (I'm merging qemu right now, but will look at anything blocked)
[14:22] <rbasak> hallyn: http://pad.ubuntu.com/server-team-merges
[14:22] <hallyn> thx
[14:23] <rbasak> I'd say amavisd-new, maybe dovecot, exim4 (again! but may be OK after feature freeze), logwatch (possibly complex)...
[14:23] <rbasak> mod-wsgi may want a sync - version looks significant.
[14:24] <rbasak> nginx is in progress (me) but is important.
[14:24] <rbasak> Maybe openldap, but looks maybe complex
[14:24] <rbasak> That's everything that stands out to me right now.
[14:25] <rbasak> Everything would be good, but I'd say those are the headline ones we probably want to do for server users.
[14:25] <rbasak> openldap less so - few will probably run an LDAP server in production on Utopic.
[14:26] <coreycb> rbasak, cool thanks.  have an tips on determining priority in the future or does priority == most commonly used packages?
[14:26] <rbasak> coreycb: very much a subjective judgement call. I'm going by my impression of how people use the server distribution, and what they will miss the most.
[14:26] <hallyn> btw, merge of slof, build failed.  probably a bug in the cross-compiler.
[14:26] <coreycb> rbasak, ok
[14:26] <rbasak> So big version bump, or a small bump that indicates bugfixes that might be valuable.
[14:27] <rbasak> Or a package where I know that having the latest is important to the user demographic (eg. nginx)
[14:28] <coreycb> rbasak, thanks
[14:42] <j^> whats the new way of creating a new vm for libvirt/kvm (vmbuilder kvm ubuntu --suite=trusty fails and lp lists some bugs that its deprecated, but could not find what replaces it)
[14:46] <rbasak> j^: https://help.ubuntu.com/14.04/serverguide/cloud-images-and-uvtool.html
[14:47] <j^> uvtool depends on avahi-daemon?
[14:48] <rbasak> No, but it did use avahi-daemon in the guest in the past. What makes you think that?
[14:48] <j^> apt-get install uvtool wants to install avahi-daemon on my server
[14:48] <rbasak> Which release?
[14:49] <j^> 14.04
[14:49] <Pici> You may need to use --no-install-recommends
[14:49] <j^> I upgraded that system from 12.04, was the default changed for install recommends?
[14:50] <rbasak> j^: ah, that's because uvtool-libvirt recommends libnss-mdns
[14:50] <rbasak> I should probably drop that recommendation, but you aren't required to follow it.
[14:50] <rbasak> I used to use libnss-mdns for IP address detection in the guest.
[14:51] <rbasak> With avahi-daemon on the guest to publish it.
[14:51] <rbasak> I gave up on that though. It wasn't reliable enough. Instead I now parse the libvirt-specific dnsmasq's leases file.
[14:51] <rbasak> Which is a hack, but it works reliably and by default at least.
[14:52]  * rbasak has filed bug 1357400
[15:17] <j^> https://help.ubuntu.com/14.04/serverguide/cloud-images-and-uvtool.html could mention where disk images are located. is there some way to specify this?
[15:19] <j^> whats the second disk image name-ds.qcow used for? it shows up as unformated emtpy disk
[15:25] <j^> uvt-simplestreams-libvirt purge looks dangerous, it also removes disks of running vms
[15:25] <rbasak> j^: see the manpage.
[15:26] <rbasak> The second disk image is for the cloud-init data source
[15:26] <rbasak> It passes in cloud-init userdata and metadata.
[15:26] <rbasak> uvt-simplestreams-libvirt purge *is* dangerous, and it says so in the manpage.
[15:27] <rbasak> --source can override the disk image source, but the source must publish metadata in the simplestreams format.
[15:27] <rbasak> There are mirroring tools in the simplestreams packaging.
[15:27] <j^> saw that, if its removed does not matter, otherwise destroying running vms before deleting the images might be better though.
[15:28] <rbasak> I added to handle breakages during development.
[15:28] <rbasak> It shouldn't ever be needed in production use. Destroying the VM removes running VMs before deleting the images.
[15:29] <j^> im just pushing all buttons to see what happens :)
[15:29] <rbasak> :)
[15:32] <j^> adding an --autostart option to create would be usefull but can also call virsh autostart $name after creating a new vm
[15:32] <rbasak> IIRC, it enables autostart by default.
[15:33] <rbasak> Oh, perhaps not.
[15:35] <rbasak> j^: filed bug 1357420. Thanks!
[16:13] <Guest35236> hey guys
[16:14] <Guest35236> im having an issue where a new build server (12.04) with nginx and openssl is reporting as vulnerable to heartbleed under nessus and nmap, but slightly less updated servers are not
[16:14] <Guest35236> does anyone know of any issues with the newest update?
[16:15] <rbasak> Guest35236: can you confirm your package versions of the relevant nginx and openssl packages?
[16:16] <rbasak> The most common case asked here seems to be when packages aren't fully up to date.
[16:16] <Guest35236> root@dev-upload01:/etc/nagios# nginx -v
[16:16] <Guest35236> nginx version: nginx/1.1.19
[16:17] <Guest35236> root@dev-upload01:/etc/nagios# openssl version -a
[16:17] <Guest35236> OpenSSL 1.0.1 14 Mar 2012
[16:17] <rbasak> No, the *package* version.
[16:17] <rbasak> dpkg-query -W nginx
[16:17] <rbasak> dpkg-query -W nginx-core
[16:17] <Guest35236> nginx   1.1.19-1ubuntu0.6
[16:17] <rbasak> dpkg-query -W libssl1.0.0
[16:17] <rbasak> etc
[16:17] <Guest35236> libssl1.0.0     1.0.1-4ubuntu5.17
[16:18] <rbasak> OK it looks like you are indeed up to date. Thank you for confirming.
[16:19] <rbasak> e version does not exhibit this behaviour?
[16:19] <rbasak> Do you know what package version does not exhibit this behaviour?
[16:19] <Guest35236> ok
[16:19] <Guest35236> hang on, ill have a look
[16:20] <Guest35236> libssl1.0.0     1.0.1-4ubuntu5.12
[16:20] <Guest35236> doesnt
[16:22] <rbasak> Guest35236: that's interesting, thanks.
[16:22] <rbasak> mdeslaur: ^^
[16:23] <mdeslaur> Guest35236: how is nessus determining it's vulnerable?
[16:23] <Guest35236> very good question lol
[16:24] <Guest35236> ill see if i can get a look at the plugin
[16:24] <mdeslaur> Guest35236: can you paste me the plugin somewhere?
[16:24] <Guest35236> the nmap script is more accessible
[16:24] <rbasak> I'll leave this to mdeslaur - thanks. It seems likely to be a false positive to me but probably worth checking.
[16:25] <Guest35236> https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
[16:25] <Guest35236> thats the nmap script
[16:25] <Guest35236> yeah i think it must be as well
[16:25] <RoyK> Guest35236: commercial nessus, or old OSS nessus? If it's the latter, why not openvas? It should be a wee bit more updated
[16:25] <Guest35236> its just strange that other servers arent showing it
[16:25] <Guest35236> commercial nessus
[16:26] <RoyK> ok
[16:26] <Guest35236> i just got a trial licence this morning
[16:26] <RoyK> Guest35236: try openvas
[16:26] <Guest35236> ive got that as well
[16:26] <RoyK> ok
[16:26] <Guest35236> its not as pretty tbh
[16:26] <Guest35236> harder to sell to the boss :P
[16:26] <RoyK> Guest35236: it is? openvas is free :D
[16:26] <Guest35236> seems to do a better job than qualsys though
[16:26] <Guest35236> haha true
[16:27] <Guest35236> but wed probably have to get a support contract somewhere
[16:27] <mdeslaur> Guest35236: and what response did that script give?%
[16:27] <RoyK> Guest35236: what for?
[16:27] <Guest35236> ill get a pastie for you
[16:27] <Fishscene> Greetings. I'm running Ubuntu server 14.04 x64 and have set up an LTSP environment. I'm looking to update the i386 image, but when I run the commane "sudo ltsp-update-image —arch i386", it doesn't recognize the arch option. Multiple tutorials reference this command, but it appears the option was removed: http://manpages.ubuntu.com/manpages/trusty/man8/ltsp-update-image.8.html  How do I update the i386 LTSP image?
[16:29] <Guest35236> the problem with openvas is that it uses CPEs to keep you updated on patch versions
[16:29] <Guest35236> which dont have the ubuntu versions of updates in them
[16:29] <Guest35236> so it throws up a lot of errors that have been fixed
[16:30] <Guest35236> qualsys does the same thing i think
[16:31] <patdk-wk> any idea why the changelog is missing?
[16:31] <patdk-wk> http://changelogs.ubuntu.com/changelogs//main/o/openssl/openssl_1.0.1-4ubuntu5.17/changelog
[16:32] <Guest35236> Heres the output:
[16:32] <Guest35236> http://pastie.org/9476008
[16:34] <Guest35236> its on here:
[16:34] <Guest35236> https://launchpad.net/ubuntu/precise/+source/openssl/+changelog
[16:38] <RoyK> Guest35236: AFAIK openvas/nessus just checks for the version running, so if it says openssl 1.0.0, it decides it's a bad version, but then, most distros don't upgrade core packages to the latest patch level, they just backport the fixes and don't include new stuff
[16:39] <mdeslaur> Guest35236: I'm not sure how to debug that...have you filed a bug with commercial nessus to see what they say about it?
[16:40] <Guest35236> not yet
[16:40] <Guest35236> i thought that would be the case
[16:40] <Guest35236> but the older version doesnt do this
[16:40] <Guest35236> and nmap definitely didnt do that
[16:40] <Guest35236> (the stuff i linked)
[16:41] <mdeslaur> the only thing I can do when I get a minute is to try to run one of the original heartbleed test script on our package
[16:41] <RoyK> heartbleed is evil (tm)
[16:42] <Guest35236> its really very strange
[16:42] <patdk-wk> atleast my updated server is not vaulnerable
[16:43] <Guest35236> ah hang on
[16:43] <Guest35236> it seems to be related to nrpe
[16:43] <Guest35236> it only fails on port 5666
[16:44] <patdk-wk> what is nrpe
[16:44] <Guest35236> nagios client
[16:44] <Guest35236> ill check the pkg
[16:44] <Guest35236> ii  nagios-nrpe-server               2.12-5ubuntu1.2                     Nagios Remote Plugin Executor Server
[16:45] <patdk-wk> does that package depend on libssl?
[16:45] <patdk-wk> odd, it does
[16:45] <RoyK> patdk-wk: nrpe uses ssl
[16:45] <patdk-wk> you have restarted it since heartbleed?
[16:45] <Guest35236> im not sure how i double check depencies, but it transmits using ssl
[16:45] <patdk-wk> royk, I know, the question was if it was compiled in or linked
[16:45] <RoyK> ok
[16:46] <Guest35236> i actually checked this, hang on
[16:47] <Guest35236> root@dev-upload01:/etc/nagios# ldd /usr/sbin/nrpe | grep ssl
[16:47] <Guest35236>         libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007fc908570000)
[16:47] <Guest35236> which is afaik the ubuntu library
[16:48] <patdk-wk> yes, has it been restarted in the last 4 months or so?
[16:48] <Guest35236> hmmm
[16:48] <Guest35236> yes, but possibly not till after the ssl update i suppose
[16:49] <patdk-wk> well, we want it restarted after the ssl update
[16:49] <patdk-wk> or else it won't notice the update
[16:49] <Guest35236> yeah true
[16:49] <patdk-wk> I would restart it, then retest
[16:49] <Guest35236> ill double check
[16:50] <Guest35236> you guys have full permission to slap me
[16:50] <Guest35236> lol
[16:50] <Fishscene> NVM! I think I figured it out… "sudo ltsp-update-image i386"
[16:51] <rbasak> jamespage: mongodb \o/
[16:51] <Guest35236> my puppet scripts must not notify nrpe on an openssl update
[16:51] <Guest35236> hadnt even thought about it
[16:51] <Guest35236> thanks guys
[16:51] <Guest35236> seriously stupid
[16:52] <Fishscene> Don't beat yourself up too badly. I stared at my own answer for a couple of minutes before it dawned on me that "CHROOT" was the same thing as the Architecture in an old command. lol.
[16:53] <rbasak> Guest35236: check out checkrestart(1). Might be an idea to run a nagios monitor for that.
[16:56] <Guest35236> good idea
[16:57] <Guest35236> i always like overengineering nagios checks, seems like a perfect candidate :)
[16:59] <LucidGuy> Anyone using zfsonlinux?
[17:08] <hallyn> zul: around?
[17:08] <zul> hallyn:  not really
[17:08] <hallyn> jsut a quick q,
[17:08] <hallyn> ii  libvirt-bin                        1.2.6-0ubuntu5                      amd64        programs for the libvirt library
[17:08] <hallyn> ii  libvirt0                           1.2.6-0ubuntu5                      amd64        library for interfacing with different virtualization systems
[17:08] <hallyn> ii  python-libvirt                     1.2.5-0ubuntu1                      amd64        libvirt Python bindings
[17:08] <hallyn> is python-libvirt spuposed to be at 1.2.6-0ubuntu5?
[17:08] <Pici> :|
[17:09] <hallyn> zul: qa-regresion-tests are failing so i can't tell if it's my new qemu or the old python-libvirt :)
[17:09] <zul> its suppose to be 1.2.6-0ubuntu1
[17:09]  * hallyn checks publish history
[17:09] <zul> ill upload it if its not there
[17:10] <hallyn> yeah it doesn't seem to be in proposed
[17:10] <zul> hallyn:  ill get to it
[17:10] <hallyn> zul: ok, thanks. meanwhile i'm going to go ahead and push new qemu.
[17:11] <zul> hallyn:  ack
[19:47] <s0m3b0dy> Hello, I wanted to know how to install one package from a different repository without having to upgrade all the dependencies?
[19:48] <genii> It doesn't work that way.
[19:48] <s0m3b0dy> would it be possible?
[19:48] <s0m3b0dy> Well, I actually use debian, but their support channel sucks so here I am
[19:49] <s0m3b0dy> I need to install this on debian sqeeze: https://packages.debian.org/sid/rhnsd
[19:51] <Pici> Try their official channels on oftc then.
[19:52] <s0m3b0dy> Pici: who's channel is that?
[19:52] <Pici> iirc, they were on #freenode and moved to #oftc, there is just some leftover things here.
[19:53] <s0m3b0dy> debian?
[19:53] <Pici> er, I don't know why I put hashes in from of those.
[19:53] <s0m3b0dy> yeah was gonna say :p
[19:54] <Pici> It's been a long day.
[19:55] <s0m3b0dy> I spent all morning figuring out how to install spacewalk on centos, with almost no documentation available for any of the issues I had
[19:58] <patdk-wk> sometimes the package will work as is
[19:58] <patdk-wk> sometimes you have to recompile it
[19:59] <patdk-wk> and other times, you have to actually install all the deps
[20:33] <darkxploit> hello guys i got ubuntu server 13.04 .. how do i upgrade to latest version?. because each time i made an upgrade it gives me error 404
[20:34] <sarnold> you're far enough back that downloading a 14.04 LTS image and starting there might be easier
[20:34] <sarnold> there is an old-releases.ubuntu.com archive that might help you if you want to try upgrading in place without downloading new images
[20:34] <darkxploit> sarnold, its on a vps i dont want to lose everything
[20:35] <s0m3b0dy> but to answer your question darkxploit run: dist-upgrade
[20:35] <darkxploit> s0m3b0dy, thats too same error
[20:36] <s0m3b0dy> what is the error?
[20:36] <s0m3b0dy> darkxploit: you have to run apt-get update first though
[20:36] <darkxploit> s0m3b0dy, sorry i mean there is no thing available on dist-upgrade
[20:37] <darkxploit> apt-get update and apt-get upgrade gives me error 404
[20:37] <s0m3b0dy> what error?
[20:37] <s0m3b0dy> paste the whole error here
[20:39] <s0m3b0dy> darkxploit: ?
[20:40] <darkxploit> s0m3b0dy, This is for the apt-get update http://pastebin.com/m5s4zb9Q
[20:41] <s0m3b0dy> darkxploit: try to run a traceroute to this IP: 91.189.92.200
[20:42] <s0m3b0dy> what happens if you run "apt-get dist-upgrade
[20:43] <darkxploit> s0m3b0dy, here is the traceroute result http://pastebin.com/KzJV3yve
[20:44] <s0m3b0dy> darkxploit: sudo /etc/init.d/nscd restart
[20:44] <s0m3b0dy> that will flush the DNS cache
[20:44] <s0m3b0dy> then try doing an apt-get update again
[20:46] <darkxploit> s0m3b0dy, i dont have nscd
[20:53] <darkxploit> s0m3b0dy, i dont have nscd
[20:53] <s0m3b0dy> darkxploit: sorry was afk
[20:54] <s0m3b0dy> darkxploit: can you restart the whole server? the DNS cache is stuck and Im not sure why it can't find the IP
[20:55] <darkxploit> s0m3b0dy, i have restarted it as well.. then start network service
[20:55] <darkxploit> same error
[20:56] <s0m3b0dy> hm
[20:56] <s0m3b0dy> did you try "apt-get dist-upgrade" instead of just "dist-upgrade" ?
[20:56] <darkxploit> s0m3b0dy, are you sure its the cache or that version dont have any more update.
[20:57] <s0m3b0dy> oh crap, that's what it is x.x
[20:58] <s0m3b0dy> I didn't check the repos before, sorry
[21:03] <darkxploit> s0m3b0dy, this is the repos http://pastebin.com/ahAmgK9F
[21:04] <darkxploit> s0m3b0dy,  cat /etc/issue
[21:04] <darkxploit> Ubuntu 13.04 \n \l
[21:04] <s0m3b0dy> darkxploit: and which ubuntu version are you running?
[21:05] <s0m3b0dy> no idea what to say then darkxploit :/
[21:05] <s0m3b0dy> do you need all the repos there?
[21:05] <s0m3b0dy> delete the last one if anything
[21:06] <s0m3b0dy> and this one
[21:06] <s0m3b0dy> http://security.ubuntu.com/ubuntu/dists/raring-security/
[21:06] <darkxploit> i need to make an upgrade to latest version.. because right now i cant install anything for example i can install aptitude
[21:06] <darkxploit> i cant install aptitude*
[21:09] <darkxploit> s0m3b0dy, i have comment the last 2 lines in the repo.. same error
[21:23] <zartoosh__> HI I am using ubuntu 14.04. When I type apt-get upgrade it tries to install newer kernel version. I do not want to get the newer kernel, is there a way I can automate this please? Thanks
[22:17] <Patrickdk> zartoosh__, heh?
[22:17] <Patrickdk> apt-get upgrade does NOT install newer kernels
[22:26] <zartoosh__> Patrickdk, so the something else does it, thanks, now I have to find out what does it.
[22:26] <Patrickdk> dist-upgrade :)
[22:26] <Patrickdk> upgrade just *warns* you that it can't install them, cause you didn't use dist-upgrade
[22:26] <sarnold> apt-get dist-upgrade will upgrade your kernel for you
[22:27] <Patrickdk> no, he wanted upgrade
[22:27] <Patrickdk> he doesn't want a kernel
[22:27] <Patrickdk> he doesn't understand the difference
[22:27] <sarnold> ah he likes his vulnerabilities :)
[22:27] <Patrickdk> upgrade *upgrades* existing packages
[22:27] <Patrickdk> sar, no, upgrade would do that ok :)
[22:27] <Patrickdk> dist-upgrade, upgrades and upgrades things that require new dependencies (the kernel being one of those)
[22:28] <Patrickdk> like say you install mysql-server, and it installs mysql-server-5.1
[22:28] <Patrickdk> then later mysql-server is upgraded to mysql-server-5.5
[22:29] <Patrickdk> upgrade would never install that new mysql version
[22:29] <Patrickdk> dist-upgrade would
[22:29] <sarnold> .. only if some set of package dependencies asked for the new 5.5 or 5.6..
[22:29] <Patrickdk> ya, the generic top level package *mysql-server* would ask for mysql-server-5.5 :)
[22:30] <Patrickdk> ya, that is exactly how it works in ubuntu (had to check, I haven't used mysql in ubuntu for a long time)
[22:30] <Patrickdk> same with kernel
[22:31] <Patrickdk> linux-generic depends on the actual linux kernel version
[22:31] <Patrickdk> so it's always a new dependency on upgrades
[22:31] <Patrickdk> less common, is a package having a new dependency, like adding in liblz4 or something
[22:31] <zartoosh__> apt-get -q --force-yes -y upgrade   I guess this command was upgrading my kernel.
[22:32] <sarnold> zartoosh__: seems unlikely to me
[22:32] <Patrickdk> it defently wouldn't
[22:32] <zartoosh__> sarnold, then I am lost what make my kernel upgrades ...
[22:32] <Patrickdk> how do you know it's upgrading?
[22:34] <zartoosh__> My kernel has changed from 3.12-24 to 3.12.32
[22:34] <sarnold> zartoosh__: do you perhaps have unattended-upgrades installed?
[22:35] <Patrickdk> I didn't even think unattended upgrades does reboots too
[22:35] <zartoosh__> sarnold, I hope not, this is a server so no gui stuff running
[22:35] <Patrickdk> what does that have to do with gui?
[22:35] <sarnold> Patrickdk: it shouldn't, but it could be a surprising reason why a kernel update might be installde
[22:35] <zartoosh__> the destop enviroment adds more applications which I am not aware of all ... that what I meant
[22:36] <Patrickdk> zartoosh__, what does unattended-upgrades have to do with gui
[22:36] <Patrickdk> is it installed or not? :)
[22:36] <Patrickdk> unattended-upgrades - automatic installation of security upgrades (nothing to do with gui)
[22:37] <Patrickdk> it is *automatically* installed if you install a gui
[22:37] <zartoosh__> Patrickdk, a newer kernel is installed, never mind the gui, I provided the wrong info, I am using server
[22:37] <Patrickdk> heh? you still haven't answered the question
[22:37] <Patrickdk> is unattended-upgrades installed or not
[22:37] <sarnold> zartoosh__: dpkg -l unattended-upgrades   :)
[22:38] <zartoosh__> let me check sorry I did not understood that one sec
[22:38] <zartoosh__> no it is not
[22:39] <Patrickdk> most everything in /etc/apt/apt.conf.d/50unattended-upgrades commented out?
[22:39] <Patrickdk> except like 2 lines at the top?
[22:39] <zartoosh__> let me check
[22:39] <sarnold> zartoosh__: check out /var/log/dpkg.log -- it can tell you when the new packages were installed, you miht be able to use that to figure out who might have installed it..
[22:40] <Patrickdk> just wanted to double check, it wasn't turned on manually, isntead of via the package :)
[22:40] <sarnold> :)
[22:41] <zartoosh__> Patrickdk,  there is no /etc/apt/apt.conf.d/50xxx in my system.
[22:42] <Patrickdk> heh
[22:42] <Patrickdk> odd
[22:42] <zartoosh__> setting GRUB_DEFAULT does not help to boot to older kernel either ..