funtafolks is it secure to use apt-get install as root?00:11
tewardfunta: is it secure to run `sudo apt-get update` or `sudo apt-get install` as a non-root user with sudo access?00:12
tewardfunta: the bigger security question is "Is it secure to use the root user instead of a non-root user"00:12
teward(this is why `sudo` actually exists)00:13
funtause means operate via putty?00:13
funtafor example00:13
funtaif I set root login to no password and using key only?00:13
funtais thats fine?00:13
tewardyou missed my point00:13
funtaas it not obvious to me00:13
funtawhen I install stuff as root something is not good?00:14
tewardfunta: is it safe to use the root user irregardless of authentication requirements in place of a non-root, unprivileged user, who can sometimes run some commands using `sudo`00:14
funtaseems so00:14
tewardfunta: `apt-get install` will only run with superuser access and work, i.e. `sudo apt-get install` or just `apt-get install` as root.  That answers your initial question.  I would suggest DISABLING the root user, though, and just use `sudo` from a user with sudo access00:14
funtaok so totally disable root?00:15
funtawhen use apt-get where does it install stuff it compiles? /usr something?00:16
funtaif its usr/bin all users can access00:16
funtalol i am using windows mostly yet I understand linux too00:18
funtaok sudo usermod -p '!' root ?00:20
funtathats the one?00:20
funtais there some easy way to propagate existing server to new one?00:27
funtalike ruby setup, some apps00:27
=== apb_ is now known as apb1963
=== igurd is now known as Guest79210
=== Sachiru_ is now known as Sachiru
=== markthomas|away is now known as markthomas
lordievaderGood morning.06:22
=== thresh_ is now known as thresh
threshthanks for whoever pushed the updated ubuntu amis to ec2.08:44
threshalthough bash in there lacks the Recent Fixes08:44
thresh4.3-7ubuntu1.3 vs 4.3-7ubuntu1.4, but I guess will be updated as well?08:45
=== Lcawte|Away is now known as Lcawte
=== Lcawte is now known as Lcawte|Away
rbasakjamespage: please could you subscribe ~ubuntu-server to src:bcache-tools?09:48
jamespagerbasak, done09:49
=== Lcawte|Away is now known as Lcawte
blackyboyHi everyone i want to redierct http to https and if some one access in mysite.com it want to forward to www.mysite.com this both want to be done for my domain but i have done the mysite.com to www.mysite.com but i cant redirect my http to https if i enable the virtual host redirect rule for http to https page not getting loaded.  im using apache2 in ubuntu server 14.04LTS here is my virtualhost entry in pastebin http://paste.ubuntu.com/8454609/11:21
rbasakjpds_: any news on bug 1330504 please?11:22
uvirtbotLaunchpad bug 1330504 in strongswan "strongSwan 5.1.3" [High,Confirmed] https://launchpad.net/bugs/133050411:22
jpds_rbasak: Got held up by other things last week.11:23
jpds_rbasak: But I've not forgotten about it.11:23
=== Lcawte is now known as Lcawte|Away
YamakasYis it possible to reunt a trusty upgrade ?12:24
YamakasYsomething went wrong12:24
cfhowlettYamakasY, what went wrong?12:30
cfhowlett!details | YamakasY,12:30
ubottuYamakasY,: Please elaborate; your question or issue may not seem clear or detailed enough for people to help you. Please give more detailed information, errors, steps, and possibly configuration files (use the !pastebin to avoid flooding the channel)12:30
=== Lcawte|Away is now known as Lcawte
jamespagecoreycb, zul: so all of the oslo updates we did last week are blocked by bug 137162012:34
uvirtbotLaunchpad bug 1371620 in keystone "Setting up database schema with db_sync fails in migration 039 (SQLITE)" [Medium,Fix committed] https://launchpad.net/bugs/137162012:34
jamespageneeds a pick of this patch: https://github.com/openstack/keystone/commit/7dfccb705ac9c0cbcd7394bf37b356d84dbaa0ba.patch12:34
jamespagezul, I'm assuming you are re-working the flex package based on cjwatsons feedback right?12:37
zuljamespage:  yes and yes12:38
jamespagezul, are you dealing with keystone as well or do you need coreycb or I to parallize that for you?12:38
jamespagethat was bad spelling12:39
patdk-wkYamakasY, normally, rerun, is just to do apt-get dist-upgrade12:39
zuljamespage:  get corey to do that please, more packaging familarily for him would be awesome12:40
jamespagecoreycb, you OK todo that? I can review and sponsor; also we need to re-enable the keystone test suite12:41
zuljamespage:  i was looking at the keystone test suite on friday we need to sync python-pysaml2 from debian and MIR it12:43
zulcoreycb:  ^^^12:43
jamespagezul, is it just pysaml2?12:44
zuljamespage:  i believe so12:44
jamespagecoreycb, zul: pysaml2 would also require MIR's of:12:55
jamespage * python-repoze.who binary and source package is in universe12:55
jamespage * xmlsec1 binary and source package is in universe12:55
zuljamespage:  ok maybe we can get away with it12:56
jamespagezul, its only a test-requirement12:56
zuljamespage:  right...lets see if we can skip the tests then12:56
jamespagezul, so we could skip those tests for this cycle, and MIR early next12:56
zuljamespage:  +112:56
jamespagezul, lets make that upstreamable - like qpid in oslo.messaging12:56
zuljamespage:  ok want me to do it?12:57
jamespagezul, thinking12:57
jamespagezul, no - leave it for corey or me - you focus on flex12:57
mdev"Bismillah writes Google security researcher Michael 'lcamtuf' Zalewski says he's discovered a new remote code execution vulnerability in the Bash parser (CVE-2014-6278) that is essentially equivalent to the original Shellshock bug, and trival to exploit."13:25
uvirtbotmdev: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278)13:25
mdevanyone looking into this?13:25
jamespagecoreycb, whilst my test env rebuilds, taking a look at keystone13:26
jamespagehazmat, waiting on a release team ack for https://bugs.launchpad.net/ubuntu/+source/websocket-client/+bug/137433513:28
uvirtbotLaunchpad bug 1374335 in websocket-client "FFe: Sync websocket-client 0.18.0-1 (universe) from Debian unstable (main), juju-deployer 0.4.2, python-jujuclient 0.18.4" [Medium,New]13:29
gnuoyjamespage, with regards to https://code.launchpad.net/~gnuoy/nova/bug1314677/+merge/236321 , can point 1 follow shortly or will you block on it?13:29
jamespagegnuoy, as it takes like 30 seconds todo point 1) yes I would block13:30
jamespageif you do it that way you can just use the patch from the upstream review for your packaging patch and forget about DEp-513:30
hazmatjamespage, awesome.. going to do a minor future compatibility fix for jujuclient as their changing some behavior incompatibily in trunk and release (0.18.5)13:31
jamespagelifeless, is there any way to make testr a little more friendly in the event of a missing import somewhere in a test codebase?13:31
mdeslaurmdev: this update mitigates that CVE: http://www.ubuntu.com/usn/usn-2364-1/13:31
jamespagelifeless, we hit this quite frequently during dev cycles as new deps are introduced and it would be nice if testr could identify thse13:32
patdk-wkmdev heh?13:37
patdk-wkmdev equiv to the origional? it's a stack issue, and the linking lib doesn't allow it to do any harm, other than to yourself13:38
patdk-wkand the last patch that went in, fixed it so that issue can't be triggered anymore, possible yes, but it's fixed before it gets there now13:38
coreycbjamespage, thanks!14:04
jrgiffordQuick question - is a question about linaro on-topic here?14:06
rbasakjrgifford: depends on the question I guess.14:07
rbasakjrgifford: there are also the #linaro and #linaro-enterprise channels which might be relevant.14:07
jrgiffordI'm trying to figure out where to route that question on stackexchange.14:08
jrgiffordseems on-topic, but also doesn't seem on-topic.14:08
jrgiffordWould that question be on-topic *here*?14:08
jrgifford(If it was asked here directly)14:08
rbasakI would recommend re-installing rather than upgrading.14:08
rbasakSee http://askubuntu.com/questions/91815/how-to-install-software-or-upgrade-from-old-unsupported-release if you have to upgrade though.14:09
rbasakYour issue is that your system appears to be based on Raring, which is EOL.14:09
jrgiffordRight, but that's not my question ;)14:09
jrgiffordMy question is "Is this a Linaro-specific question, or is it a Ubuntu question?"14:09
jamespagerbasak, looking at the failing DEP-8 mysql-5.6 tests:14:10
jamespageFailing test(s): main.ctype_uca main.mysqlhotcopy_archive main.mysqlhotcopy_myisam14:10
rbasakTechnically, it's a Linaro-specific question, since Linaro/13.09 was done outside of Ubuntu.14:10
jamespageI think I fixed the hotcopy ones in mysql-5.5 already14:10
rbasakBut we are friendly enough that it doesn't have to matter :)14:10
jrgiffordrbasak: thanks, that's what I wanted to know.14:10
jamespagethey require writable /usr/lib or something14:10
rbasakjamespage: can we punt those upstream?14:11
coreycbjamespage, anything else need work, how about pysaml2?14:11
jamespagerbasak, maybe14:11
jamespagecoreycb, I think it would be good to get pysaml2 into universe this cycle - it will still need a FFe for the sync from debian14:12
jamespagecoreycb, please feel free to request!14:12
jamespageif it lands we can add it to the suggests of python-keystone14:12
YamakasYpatdk-wk: did a reinstall14:12
coreycbjamespage, Ok, I'll do that14:13
jamespagecoreycb, ta!14:13
mndohi, I am having problems with bridge networking from a host (trusty) to the guest (also truty, using virtio the guest does not even detect a link and with other drivers it detects the link but there's no connectivity14:25
mndoany ideas?14:26
mndoI am using the same config I have on another hosts14:26
jamespagehazmat, did you get your zmq test cases proposed?14:33
jamespagecoreycb, zul: OK _ keystone fixed up14:37
zuljamespage:  cool14:38
coreycbjamespage, ok - I opened bug 137528914:38
uvirtbotLaunchpad bug 1375289 in ubuntu "[FFE] Please sync python-pysaml2 (2.0.0-1) from Debian (unstable)" [Undecided,New] https://launchpad.net/bugs/137528914:38
zuljamespage:  just fixing flex with what i have in my ppa14:38
jamespagecoreycb, thanks14:39
jamespagecoreycb, "OpenStack Keystone's test suite depends on python-pysaml2." well thats true but thats not why we want it14:39
jamespagewe can ignore pysaml2 in the context of the test suite; this is to allow users to feature preview the federation aspect of keystone, without doing another MIR this late in cycle.14:40
jamespageit reflects the amount of testing we have done of it == zero14:40
coreycbjamespage, ok thanks I'll update it14:42
jamespagecoreycb, thanks - I'll confirm it once you have  :-)14:42
jamespagezul, python-eventlet (>= 0.15.1)15:02
jamespagehow important? might take a look15:02
zuljamespage:  in the requirements repo?15:03
zuljamespage:  makes me nervous15:03
jamespagezul, indeed - https://github.com/eventlet/eventlet/issues/12215:07
jamespage15.1 appears to have some issues15:07
jamespagezul, the bump was only for ironic and paramiko ssh handling15:07
zuljamespage:  then we should be ok15:08
jamespageadam_g, how critical was the eventlet version bump for ironic? I might try cherry pick the commits we need ontop of 0.13 if its super criticial15:08
zulhallyn:  so wanna package libvirt 1.2.9? ;)15:10
=== bladernr_30kFeet is now known as bladernr_
=== kickinz1|afk is now known as kickinz1
=== Guest13468 is now known as balloons_
smbzul, Just keep in mind that I'll bring my bean-filled whack bonk to the next sprint if you silently drop my patches again. ;-P15:26
=== kickinz1 is now known as kickinz1|afk
=== kickinz1|afk is now known as kickinz1
zulsmb: too late to merge :)15:27
smbLucky you. :)15:28
=== kickinz1 is now known as kickinz1|afk
=== kickinz1|afk is now known as kickinz1
=== Lcawte is now known as Lcawte|Away
jamespagecoreycb, can you take a look at mterry's feedback on https://bugs.launchpad.net/ubuntu/+source/python-django-pyscss/+bug/1370452 please15:43
uvirtbotLaunchpad bug 1370452 in python-django-pyscss "[MIR] python-django-pyscss, python-pyscss" [High,Fix committed]15:43
coreycbjamespage, yep15:44
jamespagecoreycb, thanks15:44
coreycbjamespage, any tips on getting re "unexpected upstream changes" with python-pysnmp2?15:47
jamespagecoreycb, hmm15:48
jamespagecoreycb, are you working from the branch or from a raw source package?15:48
coreycbjamespage, lp:debian/python-pysnmp215:49
jamespagecoreycb, I'm not seeing that15:49
coreycbjamespage, hmm15:50
DelemasAnyone know if the current Trusty bash is immune to CVE-2014-6277 and CVE-2014-6278? The Ubuntu web pages I can find say no. Redhat says they are already patched for those.15:54
uvirtbotDelemas: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277)15:54
uvirtbotDelemas: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278)15:54
DelemasBasically I'm wondering if this also applies to the existing bash patches Ubuntu is using: "Yes, that is one of the CVEs that Red Hat builds are already immune to, by virtue of moving the function exports out of the regular variable namespace."15:55
=== matsubara is now known as matsubara-lunch
RoyKDelemas: http://paste.ubuntu.com/8459566/15:59
coreycbjamespage,  pull-debian-source FTW!15:59
=== kickinz1 is now known as kickinz1|afk
DelemasRoyK: Those are listing the other three CVEs which I know are patched...16:06
ianwardDoes anyone know if new EC2 AMIs will be created for http://www.ubuntu.com/usn/usn-2364-1/ ?16:06
RoyKDelemas: erm - how many others are there?16:07
DelemasThere are two which I referenced which I'm trying to figure out whether we are already immune.16:07
DelemasThis shows them as needs-triage/needed but I'm not sure if they are accurate: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6277.html http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-6278.html16:08
uvirtbotDelemas: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277)16:08
* RoyK somewhat reflects over the fact that the pronunciation of 'bash' is similar to the norweigan 'bæsj', meaning 'feces' :P16:08
uvirtbotDelemas: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278)16:09
DelemasThink I just answered my own question. Both are mitigated by existing patches. It is weird those pages say they are already fixed but then list status as needs-triage and needed.16:11
=== Lcawte|Away is now known as Lcawte
=== niemeyer_ is now known as niemeyer
=== matsubara-lunch is now known as matsubara
adam_gjamespage, it was pretty high, this was the bug that prompted it: https://bugs.launchpad.net/ironic/+bug/132178717:40
uvirtbotLaunchpad bug 1321787 in python-eventlet "Paramiko does not properly work with eventlet concurrency" [Undecided,Confirmed]17:40
adam_gjamespage, this was the patch that fixed it, https://github.com/eventlet/eventlet/commit/da87716714689894f23d0db7b003f26d97031e83 tho i think a subsequent patch may be required as well17:41
=== cmagina_ is now known as cmagina
=== Lcawte is now known as Lcawte|Away
geniiDows anyone know where I can find the MD5 for ubuntu-14.04.1-server-i386.iso ?19:34
sarnoldgenii: http://cdimage.ubuntu.com/releases/14.04.1/release/SHA256SUMS and .gpg19:35
=== balloons_ is now known as balloons
geniisarnold: Thanks19:35
sarnoldgenii: and MD5SUMS if you really want those :)19:35
=== balloons is now known as Guest63150
=== Guest63150 is now known as balloons_
geniisarnold: i386 is not listed there19:36
sarnoldgenii: interesting, I hadn't even noticed that the i386 images aren't there...19:37
lifelessjamespage: yes, its awaiting review in http://bugs.python.org/issue1974619:39
lifelessjamespage: right now the behaviour you should be seeing is the failed imports listed19:39
lifelessjamespage: that patch will make it possible to show the actual exception as well19:40
=== Lcawte|Away is now known as Lcawte
bastidrazorwhere does 14.04 keep it's motd information? i have a custom motd i would like displayed on login20:00
sarnoldbastidrazor: see update-motd(5) for details20:01
bastidrazorsarnold: nice. i knew it had been moved a few years back. thanks20:02
geniiBah, from 3 different i386 images now I'm getting same error of "could not open builtin file '/lib/modules/3.13.0-32-generic/modules.builtin.bin'" .20:03
rostamhi I am using ubuntu 14.04. Have a question on 'tc' utility, could it rate limit at millisecond range, like 50kb per 10ms ? thx20:08
sarnoldrostam: probably not.20:10
rostamsarnold, is there a good source of info on tc I can read other than man pages...20:11
sarnoldrostam: http://lartc.org/lartc.html#LARTC.QDISC20:12
sarnoldrostam: good luck :)20:12
rostamsarnold, thanks so much.20:12
=== jhenke_ is now known as jhenke
geniiHm, I've got identical symptoms as bug 137138620:15
uvirtbotLaunchpad bug 1371386 in linux-meta-lts-trusty "No loop block dev support on trusty server install" [Undecided,New] https://launchpad.net/bugs/137138620:15
jamespagelifeless, awesome20:18
=== bilde2910 is now known as bilde2910|away
lifelessjamespage: what symptoms are you seeing today? it may indicate you have old testr in the archive ..20:19
jamespagelifeless, here's and example - https://launchpadlibrarian.net/184677391/buildlog_ubuntu-utopic-i386.keystone_1%3A2014.2~b3-0ubuntu1_UPLOADING.txt.gz20:20
jamespage0.0.18 of testrepository right now20:20
lifelessthats two releases stale20:23
lifelessyeah, you'll get much nicer output if you update the testrepository package20:24
lifelessjamespage: that bug was fixed march 3rd20:24
user123323What are good ways to measure the time taken for a server failover? (eg: 2 Servers with HAProxy LB, when one server goes down, the LB could redirect the connections to the 2nd one)20:34
user1233232 servers and one LB*20:34
=== balloons_ is now known as balloons
qman__Is shellshock patched in 13.10? I'm not seeing it in the security advisories20:47
qman__Oh, its already EOL, nevermind20:49
qman__That was short20:49
lordievaderqman__: Was about to say that. 13.10 was the first with a 9 month support period.20:56
qman__Vendors building images with non-LTS versions are so frustrating21:01
qman__Down to 26 unpatched servers, 7 of which are ubuntu, all EOL versions21:05
patdk-wkqman__, not bad,21:11
geniiOdd. That error I'm having is linked somehow to network discovery. If network setup is skipped the rest of the install goes fine.21:34
=== Lcawte is now known as Lcawte|Away
hallynzul: btw i assume you were joking about merging 1.2.9 :)22:04
=== thumper is now known as thumper-afk
jamespagelifeless, ack - I'll take a look tomorrow22:28
zulhallamigo:  i was22:29
zulhallyn: i was totally serious ;)22:31
=== thumper-afk is now known as thumper

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!