[01:45] <delinquentme> say I have a brand new instance of ubuntu ... and I want to install git ... TYPICALLY I need to $ apt-get update .. before doing this ... however that installs a ton of other stuff ... is there a way to ONLY get the packages I need to install git ?
[01:46] <Patrickdk> ok, what is the REAL issue?
[01:46] <Patrickdk> apt-get update, installs NOTHING, EVER
[01:46] <Patrickdk> NEVER EVER
[01:47] <Patrickdk> where is the logs of it INSTALLING TONS of crap?
[01:48] <delinquentme> Patrickdk, apt-get update + apt-get upgrade
[01:48] <Patrickdk> now your changing your statement
[01:48] <Patrickdk> WHY would you run apt-get upgrade?
[01:48] <Patrickdk> what does that have to do with installing git?
[01:48] <delinquentme> Patrickdk, let me fire up an instance and get the failing message
[01:51] <delinquentme> Patrickdk, preferrred paste service?
[01:52] <delinquentme> https://gist.github.com/carlcrott/da81282980a8f8cdbe7a
[01:52] <delinquentme> " has no installation candidate "
[01:52] <Patrickdk> did you do a apt-get update
[01:53] <delinquentme> Patrickdk, I know that will solve it but Im looking to run fewer operations
[01:54] <Patrickdk> you ALWAYS must run apt-get update
[01:54] <Patrickdk> it's REQUIRED
[01:55] <Patrickdk> if you don't run it, you have your issue
[01:55] <Patrickdk> you want to *install* packages that NO LONGER EXIST
[06:12] <m_anish> Hi I am trying to setup an ubuntu server (to serve as an LTSP server) .. and I have 2 NICs .. one for the WAN where I get an IP thru DHCP, and one for the LAN which the server will manage
[06:12] <m_anish> during install I'm being asked "Choose the primary network interface" which will be used during the setup, listing the 2 nics I have
[06:12] <m_anish> which should I pick? WAN?
[06:15] <m_anish> guess it shud be WAN, it's doing dhcp
[06:16] <Thumpxr> Guys, could you tell me, why i dont see ä,ö,ü in my ssh client? my locales are all de_DE and i'm on UTF-8
[06:19] <sarnold> Thumpxr: check out locale-gen on the server, perhaps de_DE.utf8 doesn't exist on the server?
[06:19] <sarnold> Thumpxr: also check outputof 'locale', perhaps a shell script is setting stupid variables
[06:21] <Thumpxr> sarnold: output of locale is everywhere the same "UTF8-de_DE" or sth like that. did the locale-gen.. must i relogin afterwards ?
[06:22] <sarnold> Thumpxr: hmm, maybe...
[06:24] <Thumpxr> sarnold: it worked. Thank you :)
[06:24] <sarnold> sweet :)
[07:26] <lordievader> Good morning.
[07:57] <jamespage> zul, jdstrand: lp:~james-page/horizon/juno-b3-fixes
[08:57] <jamespage> zul, jdstrand: there is a build of that in https://launchpad.net/~james-page/+archive/ubuntu/junk
[08:57] <jamespage> it appears to work OK
[10:13] <lynxman> jamespage: o/
[10:13] <jamespage> hey lynxman
[10:13] <lynxman> jamespage: ello ello :)
[10:49] <jamespage> rbasak, ping re websocket clietn
[10:49] <jamespage> rbasak, looking through hazmats requested jujuclient and deployer updates (which I've ignored for to long)
[10:49] <jamespage> needs > 0.18 for websocket client and we only have 0.13 now - any thoughts?
[10:57]  * rbasak looks to remind himself
[11:00] <jamespage> rbasak, merging with debian looks good as we can drop your patches tests
[11:01] <jamespage> rbasak, 0.18 unit tests OK and is fixes only over 1.16 as in debian
[11:02] <rbasak> jamespage: looks OK to sync. Do need an FFe for this? I see only Juju, python-socketio-client and python-docker as reverse deps.
[11:03] <rbasak> jamespage: for 0.18, Debian doesn't have it yet, but it is DPMT so maybe update Debian and sync?
[11:03] <jamespage> rbasak, I'm not DPMT - maybe barry can
[11:04] <jamespage> rbasak, yeah we can sync tho - the breaks/replaces is no longer required
[11:06] <jamespage> rbasak, your reverse deps are correct
[11:06] <rbasak> jamespage: agreed we can sync - b/r was in Trusty, so all supported upgrade paths should be fine.
[11:07] <jamespage> rbasak, it probably does need a FFe I think
[11:08] <rbasak> jamespage: there is a testsuite, so that should mitigate any regression.
[11:08] <jamespage> rbasak, yah
[11:09] <jamespage> rbasak, I pinged barry in #ubuntu-devel
[11:09] <rbasak> hallyn: fyi, I've uploaded your fix for bug 1372368 as a workaround for now at least. I think there's a much deeper libvirt bug though. I'm still looking into it.
[11:26] <zul> jamespage: +1 for horizon, although I think the README.Debian should be updated to reflect how you generated the xstatic tarball
[12:43] <jamespage> zul, ok - ack
[12:47] <jdstrand> jamespage: looked at the debian/changelog. that seems fine to me. it is more like what we have now. you can make sure the right xstatic packages are available. nothing else will start using them
[12:49] <jdstrand> jamespage: thanks for working on that!
[12:53] <jamespage> jdstrand, np - I just added a README.source to explain why and how to use all that stuff
[13:10] <jdstrand> nice
[13:22] <rbasak> jamespage: while you're working on horizon, have you seen https://code.launchpad.net/~cjohnston/ubuntu/utopic/horizon/1308651/+merge/235741 ?
[13:27] <Azaril> hey guys]
[13:27] <Azaril> looking at unattended-upgrades
[13:27] <Azaril> what does "sudo dpkg-reconfigure -plow unattended-upgrades" do exactly?
[13:30] <Azaril> is the only thing the creation of 20auto-upgrades, 50unattended-upgrades
[13:30] <Azaril> ?
[14:29] <Scrix0> Hello, I am looking for assistance with nfs userid mapping
[14:29] <juice23> Can somebody explain Ubuntu's support policy for PHP 5.2. PHP 5.2 is discontinued upstream, but included in editions of Ubuntu server that are still supported. Did Canonical force users to upgrade to PHP 5.3 to continue receiving security updates? or what is the story with it? how does it differ from debian-lts as it is 'limited support' in debian-lts.
[14:30] <mdeslaur> juice23: do you mean PHP 5.3?
[14:30] <mdeslaur> juice23: we don't have 5.2 in any supported versions of Ubun
[14:30] <mdeslaur> Ubuntu
[14:31] <juice23> mdslaur: i thought 5.2 was in ubuntu 12.04 lts, or was. no?
[14:31] <mdeslaur> juice23: no, 12.04 lts shipped with 5.3.10 to which we've been backporting all the security fixes
[14:32] <juice23> mdslaur: and what about ubuntu 10.04 lts for server? even if it isn't 5.2 it would have been an earlier version that was discontinued.
[14:32] <mdeslaur> 10.04 lts has 5.3.2 to which we backport security fixes
[14:32] <mdeslaur> basically, we backport security fixes to whatever php version we shipped, whether or not the versions are discontinued upstream
[14:32] <juice23> mdselaur: ok, so in other words i'll probably run into this problem again.
[14:33] <mdeslaur> juice23: into what problem?
[14:33] <juice23> mdeslaur: 10.04 lts wouldn't have shipped with 5.3.x though back in 2010. right?
[14:33] <mdeslaur> juice23: yes, it originally shipped with 5.3.2, and we've backported all the security fixes to it since then
[14:34] <jamespage> zul, just got enought of a +1 on #ubuntu release for that horizon upload
[14:34] <jamespage> can you +1 my mp - https://code.launchpad.net/~james-page/horizon/juno-b3-fixes/+merge/235959
[14:34] <jamespage> and I'll upload for release
[14:34] <juice23> mdslaur: the problem is content management systems dependent on specific versions of php that are then discontinued by ubuntu and other distributions.
[14:34] <mdeslaur> juice23: whatever version we ship a release with is supported for the lifetime of the release
[14:34] <juice23> mdeslaur: OK, thanks for the info. i guess my choice of distribution was poor (well, maybe not, back when we setup the server in 2008, but currently).
[14:35] <juice23> mdselaur: thanks, i think i might move to ubuntu then
[14:35] <mdeslaur> juice23: np
[14:35] <zul> jamespage:  +1ed
[15:22] <Azaril> are there firewall rules to allow security updates through?
[15:22] <Azaril> ie
[15:22] <Azaril> whats the server ip i should allow?
[15:23] <arrrghhh> most firewalls will block inbound traffic but are permissive for outbound... are you blocking outbound as well?
[15:23] <arrrghhh> most firewalls by default I should say ^^
[15:27] <ses1984> hi, i'm trying to get postfix installed and configured as a gmail smtp relay, and i'm running into some weird problems
[15:27] <ses1984> http://paste.ubuntu.com/8426161/
[15:27] <ses1984> i've tried to purge sendmail, and install --reinstall postfix, and for some reason, i can't get the postfix service to start
[15:28] <ses1984> service postfix start *says* it's starting, but status says it's not running and the mail.err log says that port 25 is already bound
[15:28] <arrrghhh> ses1984, have you checked what is hogging port 25 with netstat?
[15:29] <ses1984> yes, it's in my paste, it says, 20604/sendmail: MTA, which i dont understand because i purged sendmail
[15:30] <ses1984> but then i read that postfix includes a drop in sendmail binary so i dont know what i'm seeing...is *part* of postfix running but the postfix service is not?
[15:38] <JayJ_> Anybody have any pointers on how to slipstream a driver into Ubuntu PXE server? My server need a RAID driver to see the volumes
[15:47] <Azaril> arrrghhh: we are blocking outbound as well
[15:47] <arrrghhh> Azaril, well then you need to determine how to allow that out I spose ;)
[15:47] <arrrghhh> look at your apt source list, see which mirror you chose... and allow that host
[15:47] <arrrghhh> choose*
[15:48] <arrrghhh> maybe it's chose.  blah.
[15:48] <Azaril> sure, but if i run an nslookup on security.ubuntu.com i get 7 ips
[15:49] <arrrghhh> Azaril, might want to pick a specific mirror
[16:02] <rostam> HI I am using ubuntu 14.04, where could I get the patch for ubuntu bash security issue? thanks
[16:03] <bazzzb> sudo apt-get update && sudo apt-get upgrade
[16:04] <rostam> bazzzb, thanks
[16:06] <JayJ_> ANy help to preload a driver into ubuntu installation?
[16:12] <dmsimard> Any ETA on the proposed patch to bash for it to merge to stable ?
[16:12] <jdstrand> rostam: the main issue is fixed in http://www.ubuntu.com/usn/usn-2362-1/ . all you need to do is apply your regular security updates. a followup fix is forthcoming
[16:22] <jamespage> jdstrand, we have a few new MIR's that are pending security team review - specifically pysnmp and kazoo - http://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg
[16:22] <jamespage> jdstrand, just checking these are on your list ;-)
[16:25] <jdstrand> I'm not sure they are
[16:25]  * jdstrand looks
[16:35] <jamespage> jdstrand, thanks
[16:43] <axisys> why would bash upgrade stuck at kernel dependecy?
[16:44] <axisys> http://pastebin.com/RjFQ2gHd
[16:45] <ogra_> where do you see bash in there ?
[16:45] <jamespage> coreycb, can you unsubscribe ubuntu-release from the xstatic sync requests pls; we've agreed a different way forward for this cycle
[16:46] <ogra_> your package system is messed up  and it wants to fix itself ... even "apt-get install foo" would have triggered that
[16:46] <jrwren> axisys: nothing to do with bash, your apt is messed up to begin with.  apt-get remove linux-headers-server && apt-get install bash
[16:46] <coreycb> jamespage, ok will do
[16:46] <axisys> ogra_: I only have unattended upgrade running nightly for security patches
[16:46] <jamespage> coreycb, fyi the approach was to embed the xstatic bits within horizon; using a multi orig.tar.gz approach
[16:46] <axisys> jrwren: apt-get remove linux-headers-server won't hurt my server?
[16:47] <axisys> jrwren, ogra_ : may be unattended upgrade broke it?
[16:47] <jamespage> coreycb, https://launchpad.net/ubuntu/utopic/+queue/?queue_state=1&queue_text=horizon
[16:48] <jrwren> axisys: they are header files, you only need them if you are compiling kernel modules.
[16:48] <ogra_> axisys, no idea how it happened, but it isnt realted to bash
[16:48] <jrwren> axisys: i don't know much about unattended upgrade.
[16:49] <axisys> jrwren: did not let me remove the header
[16:49] <axisys> jrwren: http://pastebin.com/CLP0rfg2
[16:49] <axisys> jrwren: how do you address zero day exploit? I am using unattended for security to address just that
[16:50] <jrwren> axisys: I don't sufficiently understand the vulnerability to do a risk assessment.
[16:51] <ogra_> axisys, i dont get that, why dont you just let "apt-get -f install" do its job ?
[16:53] <axisys> because it will try to remove a newer kernel than what I have
[16:53] <axisys> ogra_: ^
[16:53] <axisys> ogra_: My guess some upgrade is pending a reboot
[16:53] <axisys> ogra_: and it will apply the newer kernel.. so I dont want to prematurely remove it
[16:54] <ogra_> axisys, oh, you dont have 3.2.0-69 installed ?
[16:54] <axisys> I am on
[16:54] <axisys> 3.2.0-59-generic
[16:54] <ogra_> well, it wont "just remove" kernels
[16:54] <axisys> so those might be in the queue and pending to be applied
[16:55] <ogra_> (it even tells you that you have to do that yourself)
[16:55] <ogra_> your first paste:  http://pastebin.com/RjFQ2gHd
[16:56] <ogra_> $ sudo apt-get install bash
[16:56] <ogra_> ....
[16:56] <ogra_> E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).
[16:56] <ogra_> ... thats what i read in the first paragraph
[16:56] <ogra_>  sudo apt-get -f install
[16:56] <ogra_> ...
[16:56] <ogra_> Use 'apt-get autoremove' to remove them. (your old kernels ... and only if you want to)
[16:56] <ogra_> ...
[16:57] <ogra_> and then it just wants to fix package conflicts for you
[16:57] <ogra_> i donrt see anything related to your 3.2.0-59-generic
[16:58] <jrwren> ogra_: to answer your question - i don't have CGI enabled. I'm the only user of my servers or all my server users are trusted. I haven't figured out where else I'd be vulnerable.
[16:58] <ogra_> (if you are worried you can even hardcode the kernel in your grub config)
[16:58] <axisys> ogra_: I am few kernel version behind.. so I would reboot first to make the change..
[16:58] <axisys> but you guys already answered my question
[16:58] <axisys> it is not bash dependcy .. it is apt related
[16:59] <ogra_> yes, your local setup is a little out of sync
[17:01] <axisys> ogra_: unattended upgrade might have a security update which forced the new kernel..
[17:01] <ogra_> could be
[17:01] <ogra_> that stil doesnt mean you need to run it :)
[17:01] <axisys> http://www.ubuntu.com/usn/usn-2359-1/
[17:01] <ogra_> it just wants to install it
[17:02] <ogra_> to solve the packaging issues
[17:03] <axisys> there are few linux kernel vulnerability from 23rd
[17:03] <axisys> even APT vulnerability from 23rd
[17:36] <RoyK> [offtopic] http://techreport.com/review/27062/the-ssd-endurance-experiment-only-two-remain-after-1-5pb/4 <-- interesting
[17:39] <ikonia> RoyK: don't need the [offtopic] posts please, as you know
[17:39] <LucidGuy> Need to order me a new 1U SuperMicro server to run Ubuntu 12.04..  finding it difficult to determine what hardware 12.04 will support.  Tips?
[17:40] <ikonia> research the hardware
[17:41] <LucidGuy> ikonia, thats what I'm doing.  Is there a simple way to list supported hardware?
[17:41] <ikonia> no
[17:41] <ikonia> the HCL is poorly maintained
[17:45] <LucidGuy> for example where do these kernel modules come from /lib/modules/3.11.0xxxx/kernal/drivers  ?
[17:46] <LucidGuy> Did my distribution bundle these in and create these during the install .. or some how from the kernel itself?
[17:46] <RoyK> LucidGuy: why 12.04? 14.04 has been stable for a while
[17:46] <LucidGuy> RoyK, we sit on an LTS for quite some time, no need to upgrade
[17:47] <RoyK> 14.04.1 is LTS
[17:47] <LucidGuy> I know
[17:48] <RoyK> LucidGuy: I've used a lot of supermicro systems, and haven't had issues with drivers
[17:48] <RoyK> last thing was setup with debian wheezy - no issues
[17:49] <axisys> I have lots of supermicros running ubuntu server
[17:49] <axisys> no issue either
[17:49] <axisys> I even have systems with ssd
[17:49] <axisys> with only SSDs
[17:49] <LucidGuy> axisys, version of Ubuntu?
[17:49] <axisys> Ubuntu 12.04.3 LTS
[17:50] <RoyK> LucidGuy: I've used 10.04 and 12.04 and debian with those systems - no issues
[17:50] <axisys> 64bit
[17:50] <RoyK> (and obviously, 64bit)
[18:32] <pmatulis> jamespage: do you know why slapd in utopic is still at 2.4.31 while debian unstable is at 2.4.39 ?
[19:09] <budman> ubuntu 14.04 stuck booting after nonblocking pool is initialized
[19:17]  * patdk-wk feels dirty
[19:32] <jamespage> pmatulis, because no-one has noticed and merged it
[19:32] <pmatulis> jamespage: so too late?
[19:33] <jamespage> pmatulis, without looking at the upstream changelog I could not say - it would need a FFe from the release team and we are in final freeze now
[19:33] <pmatulis> jamespage: ah well.  i thought these things were automatic
[19:54] <Lapadine> anyone know how I can upgrade bash on saucy? it doesn't seem to want to, it is showing latest version as 4.2-5ubuntu3 which is vulnerable to "shell shock"
[19:55] <lordievader> Lapadine: Saucy is EOL and won't receive updates.
[19:55] <lordievader> Lapadine: You should upgrade to Trusty.
[19:55] <Seveas> Lapadine: grab the sources from trusty/utopic and rebuild on saucy. Then do it again when the final fix is out :)
[20:10] <keithzg> Man, that was far more harrowing than it should have been, updating bash on the old server we use as a router at work.
[20:11] <keithzg> It was still running Bash 2.05b!
[20:15] <Lapadine> do-release-upgrade == not fun over ssh...
[20:15] <lordievader> Lapadine: Never had any trouble with it, it opens a screen anyhow.
[20:16] <Lapadine> am running it in screen so should be ok, just dont like it
[20:21] <keithzg> ehh, I've never had it fail. It opens a second ssh session you can connect to in case of failure, too.
[20:24] <jamespage> pmatulis, not merges - sorry
[20:37] <claude2> does anyone here know why snmpd wants to install mysql in 14.04?
[20:41] <TJ-> claude2: It depends on "libmysqlclient18"
[20:42] <claude2> but why is that and mysql-common necessary? that seems odd
[20:55] <Lapadine> server unreachable :/ reboot seems to have failed....
[21:03] <ayr-ton> My friends, how to use cloud-init to create ISOs? I do need to generate a bunch of images for a dark hypervisor.
[21:05] <ikonia> what's a dark hypervisor ?
[21:08] <ayr-ton> ikonia: A hypervisor with thousands of instances without openstack support.
[21:08] <ikonia> I've never heard of a dark hypervisor before.
[22:28] <dmsimard> Has the second bash patch hit the repos outside proposed yet ?
[22:30] <mdeslaur> dmsimard: which one?
[22:30] <mdeslaur> in stable releases?
[22:30] <dmsimard> mdeslaur: The one you made :)
[22:30] <mdeslaur> I pushed out the one for CVE-2014-6271 about 10 minutes ago
[22:31] <mdeslaur> sorry, not that one
[22:31] <dmsimard> mdeslaur: Looking to get the proposed patch in the stable branches for precise and trusty
[22:31] <mdeslaur> I pushed out CVE-2014-7169 about 10 minutes ago
[22:31] <dmsimard> Right
[22:31] <mdeslaur> uvirtbot: will you shut up
[22:31] <dmsimard> lol
[22:31] <mdeslaur> uvirtbot: die
[22:31] <dmsimard> So an apt-get update should get it ?
[22:31] <mdeslaur> dmsimard: yes, it'll take a few minutes for the mirrors to catch up
[22:31] <mdeslaur> and the USN should be going out in about 5 minutes
[22:31] <dmsimard> mdeslaur: Thanks for your work.
[22:32] <mdeslaur> you're welcome
[22:43] <mdeslaur> http://www.ubuntu.com/usn/usn-2363-1/
[22:45] <Patrickdk> :)
[22:45] <Patrickdk> my cache servers have it :)
[22:45] <Patrickdk> now to repatch lenny and fc9 systems :(
[22:45] <Patrickdk> why did they have to dump those onto me last month
[22:46] <sarnold> fc9..
[22:46] <Patrickdk> yes!
[22:47] <Patrickdk> I'm suppost to migrate them
[22:47] <Patrickdk> we where still in phase one, figuring out what they did, cause no one knew
[22:48] <sarnold> did anyone propose "turn them off one at a time and see who screams"? .. cause fc9. wow.
[22:48] <Patrickdk> :)
[22:49] <Patrickdk> yes, they where all confirmed working and production
[22:49] <Patrickdk> they had another cluster too
[22:49] <Patrickdk> those where running ubuntu 13.10
[22:50] <Patrickdk> those are halfway migrated
[22:50] <Patrickdk> I just patched bash in it
[22:50] <Patrickdk> and for fc9 :(
[22:50] <Patrickdk> and lenny, and squeeze
[22:52] <Patrickdk> ovious what my day was spent doing :)
[23:06] <hurin_> hello, sorry, i'm just a newbie looking for some help about how i should configure my apache2 in the purpose to get my vhost working, i'm trying to do so since 2 hours and 3 tutorials and i still can't figure out what's going on
[23:07] <sarnold> hurin_: this guide is well-suited to the ubuntu / debian configuration style: https://help.ubuntu.com/14.04/serverguide/httpd.html
[23:08] <hurin_> whatever i'm doing i still see only my default virtual host, even if i write my virtual hosts name,...
[23:08] <hurin_> sarnold: i'm going to look at it, thank you
[23:08] <sarnold> hurin_: is there anything interesting in the apache logs?
[23:09] <hurin_> sarnold: no, all i see are http 200, as if all was working perfectly
[23:10] <hurin_> but i keep see only my default website, and never any of my vhosts
[23:48] <MrPPS> any of you folks know off-hand if there's a regex to grep for checking to see if any "shell shock" exploits have been attempted?
[23:52] <sarnold> MrPPS: pals were grepping for :; in their apache logs earlier, finding all kinds of fun things
[23:54] <MrPPS> sarnold: I'll take a look, thanks kindly :)