dholbachgood morning07:43
=== hikiko-lpt is now known as hikiko
=== greyback__ is now known as greyback
=== spineau is now known as spineau_afk
=== marcusto_ is now known as marcustomlinson
=== ikonia_ is now known as ikonia
=== spineau_afk is now known as spineau
=== cjwatson_ is now known as cjwatson
=== marcusto_ is now known as marcustomlinson
=== _salem is now known as salem_
=== hikiko__ is now known as hikiko|ln
dokoRiddell, sitter: fixing kdepim, updating symbols files12:52
smoserpitti, did you see i opened and subscribed you to bug https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/150103313:02
ubottuLaunchpad bug 1501033 in open-iscsi (Ubuntu) "transient error results in /etc/resolv.conf not populated in iscsi root" [High,Confirmed]13:02
mardyseb128: hi! What is your opinion on bug 1453549? Shall we continue waiting for Yorba, or should we create a facebook key for Shotwell in Ubuntu and distro-patch?13:31
ubottubug 1453549 in shotwell (Ubuntu) "Cannot publish to Facebook" [High,Confirmed] https://launchpad.net/bugs/145354913:31
seb128mardy, hey, I mentioned it during the desktop team meeting yesterday13:32
seb128willcooke, ^ opinion? I'm unsure you stated one yesterday13:32
willcookeseb128, I didnt13:32
seb128mardy, I think the consensus was to try to find somebody to get in touch with the unactive maintainers and talk to GNOME about taking over if needed and creating a new key13:33
seb128if that fails then make our own13:33
seb128mardy, k, I guess willcooke doesn't want to get involved in that and other felt like we should wait more on upstream/GNOME so I guess that's what we are doing...13:41
mardyseb128: fine by me13:48
seb128mardy, not so much by me, I'm going to wait another week and nag again, would be a shame to get wily out with that bug13:48
willcookeseb128, mardy - sorry was otp and didn't read the log properly13:50
willcookeFeels like if u/s is not going to get a new key etc arranged in short order then, as seb128 says, it would be bad to go out without that feature.  mardy, do we have a key from OA that we can use?13:51
=== juliank0 is now known as juliank
mardywillcooke: not really, I recently registered a key with the same permissions for our Facebook webapp, but it says "Ubuntu Web App"13:59
mardywillcooke: we should register one specifically for shotwell13:59
willcookemardy, ack.  Can you remember the process of registering one, and who keeps the credentials and all that sort of thing?14:00
mardywillcooke: but if the hidden question is whether I can register a Facebook key for shotwell, then the answer is yes :-)14:00
mardywillcooke: the simplest thing is if I register the key myself, and then transfer it to IS14:01
willcookethanks mardy!  I don't think there is any problem with going ahead and registering a key anyway and then if something changes in the next few days we can simply not use it.  seb128 what do you think?>14:02
mardywillcooke, seb128: the best scenario would be is Yorba can add me as an admin for their key, so I update it as needed, and then they can remove me when done14:04
seb128mardy, did you try to email them directly about that? maybe they would say yes14:04
mardyseb128: no, I didn't14:05
seb128can you try that?14:05
mardyseb128: sure14:05
mardyseb128: I wrote to Jim Nelson, let's see14:14
seb128mardy, thanks14:14
seb128Laney, larsu, ^14:15
kenvandine@pilot out14:29
=== udevbot_ changed the topic of #ubuntu-devel to: Archive: feature freeze, user interface freeze, final beta freeze | Devel of Ubuntu (not support or app devel) | build failures: http://qa.ubuntuwire.com/ftbfs/ | #ubuntu for support and discussion of precise-vivid | #ubuntu-app-devel for app development on Ubuntu http://wiki.ubuntu.com/UbuntuDevelopment | See #ubuntu-bugs for http://bit.ly/lv8soi | Patch Pilots:
kenvandinewhoops :)14:29
argescyphermox: bug 1486931, i'm not completely clear where that patch comes from. Can you make the patch match the upstream commits?14:56
ubottubug 1486931 in ipmitool (Ubuntu Trusty) "[LTCTest][Opal][OP810] ipmitool 1.8.13-1ubuntu0.3 version is still not working for in-band HPM upgrade" [High,In progress] https://launchpad.net/bugs/148693114:56
cyphermoxnot really14:57
cyphermoxit's been ported for us from later commits by an upstream developer.14:57
cyphermox(comment 5 points out it's from David Wise, he posted it at https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/1481780/comments/16)14:58
ubottuLaunchpad bug 1481780 in ipmitool (Ubuntu Vivid) "ipmitool 1.8.13 needs 2 patches for OpenPower systems" [High,Fix released]14:58
argescyphermox: so the existing patch only had some features? and why wasn't it added as a new patch?14:59
cyphermoxthe previous patch was incomplete in some way. it was missing integration in some other features of ipmitool15:00
cyphermoxarges: I'm mostly sponsoring this fix for someone else; leitao would know much more about it than I would15:00
argescyphermox: ok. I'll look into it more, and ask questions on the bug if necessary15:01
cyphermoxarges: alright15:01
cyphermoxsorry I couldn't be more helpful outright15:01
argescyphermox: its always nice to know where a patch comes from , is it upstream, and if it matches what upstream actually committed etc15:01
argesand in this case it wasn't readily obvious, so I'll keep digging15:01
cyphermoxfor that, like I said David Wise is an upstream ipmitool developer working for AMI AIUI15:02
argesok makes sense15:02
cyphermoxI agree perhaps we should list the specific commits this matches15:02
cyphermox(but I have no idea which those are)15:02
argesyea if i can't find it in 5-10m, i'll just ask on the bug15:02
Riddellpitti: kdeplasma-addons false regression? http://people.canonical.com/~ubuntu-archive/proposed-migration/update_excuses.html#sonnet15:11
pittiRiddell: thanks, will fix15:12
* arges thanks autoconf for making debdiffs easy to read15:32
dokoarges, use dh-autoreconf ;p15:38
argesdoko: unfortunately, I'm reviewing others packages so I don't have control of it15:39
juliankarges: you can still encourage it :)15:41
=== pat_ is now known as Guest33589
=== ogra_ is now known as ogra
=== dude is now known as Guest18590
=== dosaboy_ is now known as dosaboy
dokocjwatson, cyphermox:  o biosdevname: biosdevname-udeb  ... wants to demote. is this ok?16:15
dokosame for o grub-efi-arm64-signed                                        {grub2-signed}16:16
pittidoko: biosdevname demote is okay (I was talking to cyphermox about it)16:17
pittiI don't know about grub-efi-arm64-signed16:17
smbpitti, can I distract you with an adt question... well I guess I can with the distract part... https://launchpad.net/ubuntu/+source/dahdi-linux/1:
smbpitti, Somehow that dkms build is failing but any local run I do is working ok... I wondered whether that testbed could be running somewhere which has external downloads blocked16:23
smbWeirdly the build that behaves the same for wily does work, which is a bit odd16:24
smbslangasek, and while in whine mode... any luck I may have with dpdk progressing?16:26
pittismb: your URL was for a .deb -- you mean http://autopkgtest.ubuntu.com/packages/d/dahdi-linux/ on trusty?16:26
smbpitti, yes the pure trusty run, vivid on trusty would be broken for different reasons right now16:27
jtaylordoes -fno-stack-smashing not work in 15.10?16:27
jtaylorI compiled with that flag but the program still aborts with stack smashed ...16:28
jtaylorno-stack-protector I mean16:28
smbpitti, Unfortunately the whole package is a bit nasty since the dkms build wgets some firmware on build time. But since it was working for wily I assumed it should be ok for adt testing in trusty, too16:30
tdaitxsil2100, are you working on squid3? I have the required patches for building it against libecap2, but I need to transition libecap216:36
tdaitxyou cant build squid using libecap3 because we are still running squid 3.316:37
sil2100tdaitx: hey! I could work on that if I'm not getting in your way ;) I just think we can't leave it build-depping on libecap216:37
sil2100tdaitx: I would just like to investigate how much effort would be needed to get it working with libecap3 - if too much, then the only option I see is to pull in the latest squid3 from debian16:38
sil2100But as I said, I might be wrong with my reasoning16:38
tdaitxsil2100, http://wiki.squid-cache.org/Features/eCAP#line-5416:38
tdaitxops, wrong page16:38
smbpitti, anyhow, not super urgent and your day is running as late as mine. :) I am just puzzled why this failed and you got a bit more insight in the physical layout of the testbeds. I would not rule out that both (w and t) runs may have ended up on different hosts with different fw rules in place...16:38
pittismb: sorry, sprint..16:39
smbpitti, even worse...16:39
smbarges, btw, I pushed the copyright file change up to the git repo, so just in case we get an ok for the rest, you could rebundle the package after pulling from there16:41
argessmb: so does that need to get re-sponsored?16:42
pittismb: it fails for me locally as well16:42
smbarges, yes but there might also be further changes I do not know of yet16:43
pittismb: but my output is different from https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-trusty/trusty/amd64/d/dahdi-linux/20150923_172802@/log.gz16:43
smbpitti, huh... I just did an adt-run and in a vm and both worked16:44
pittiadt-run dahdi-linux --- qemu /srv/vm/adt-trusty-amd64-cloud.img16:44
pittismb: is what I ran16:44
tdaitxsil2100, found it: http://wiki.squid-cache.org/ConfigExamples/ContentAdaptation/eCAP#Build_eCAP_library16:45
smbpitti, if proposed is not enabled it would fail I believe because the status is not without warnings16:45
smbpitti, actually arges may just have released the version where I added proper dep-8 code to the updates16:45
tdaitxsil2100, maybe you can help me figure out one vtable symbol that is missing from libecap216:45
sil2100tdaitx: ok, so it seems there's more changes required - so I think we need to pull in the latest squid3 version from debian then16:46
argessmb: i have not yet16:46
pittismb: ah, I didn't run against -proposed, let me retry16:46
sil2100tdaitx: otherwise libecap3 will be forever blocked in -proposed16:46
tdaitxsil2100, rbasak was working on that16:47
smbarges, yes sorry that was dkms itself which I saw16:47
pittismb: indeed, passes in -proposed17:03
smbpitti, ah cool. Som my "plan" right now would be to ask arges to let that version out into the wilds so we can follow up with fixes to handle the vivid lts kernel and try to figure out the odd failure somewhat while that is still waiting in proposed17:06
pittismb: but then it shold have succeeded on the production infrastructure too17:07
pittismb: let's investigate this another time, dinner o'clock..17:07
smbpitti, well if that production environment allows external downloads17:08
smbbut ok dinner o'clock indeed17:08
pittismb: it does, but through a proxy17:08
pittismb: so if the download thingy doesn't respect $http_proxy → lose17:09
=== lamont is now known as lamont`
=== lamont` is now known as lamont
=== lamont is now known as lamont_
=== lamont_ is now known as lamont
=== lamont is now known as lamont2
=== lamont2 is now known as lamont
=== lamont is now known as lamont__
=== lamont__ is now known as lamont
dokoseb128, Laney: could you tell SweetShark that he has to subscribe the release team to his FFE reports?17:43
=== tvoss is now known as tvoss|test
=== tvoss|test is now known as tvoss
rcjinfinity, Can you take a look tzdata/pytz issue we have on trusty -> wily... http://pad.lv/150145618:45
ubottuLaunchpad bug 1501456 in tzdata (Ubuntu) "pytz.country_names UnicodeDecodeError exception" [Undecided,New]18:45
rcjinfinity, it has been silently (our fault) breaking simplestreams image indexing since tzdata version 2015f-0ubuntu0.14.04 (mid-aug)18:46
ShockHello folks. I'm seeing some weirdness with ubuntu updates: I got a warning that I'm installing unsigned packages even though that shouldn't have been the case. I managed to get rid of the error by deleting and re-adding it to software sources,.18:47
ShockIs it possible that the ppa key was changed?18:48
=== alvesadrian is now known as adrian
ShockI got a bit spooked after reading this: https://answers.microsoft.com/en-us/windows/forum/windows_7-update/windows-7-update-appears-to-be-compromised/e96a0834-a9e9-4f03-a187-bef8ee62725e18:48
mdeslaurShock: you probably just needed to refresh your sources list with "apt-get update"18:49
=== adrian is now known as Guest20317
Shockmdeslaur: did that18:49
Shockseveral times18:49
mdeslaurShock: hrm, not sure then. perhaps your key went missing18:49
Shockmdeslaur: why would it tell me that I'm installing unsigned packages since the packages in the ppa are signed?18:50
=== Guest20317 is now known as adrian
mdeslaurShock: because the key was no longer present in your apt keychain for some reason?18:50
mdeslaurhow did you put the ppa back? manually or with apt-add-repository?18:51
Shockmdeslaur: software-sources-gtk18:51
mdeslaurShock: ok, so that reinstalled the key from the ppa18:51
mdeslaurwell, the ppa key from the keyserver rather18:51
Shockmdeslaur: I assume so, but that weirds me out because the ppa has been on my system for a while18:52
Shockmdeslaur: and I can see no reason for the key to go missing18:52
=== ljp is now known as lpotter
mdeslaursorry, I can't either18:52
Shockmdeslaur: I also got 404s from two mirrors when doing apt-get update18:53
infinityrcj: Oh, fun.18:54
TJ-Shock: I often witness that when the package list is out of date, and doing "apt-get update" usually solves it.18:55
infinityrcj: The most "correct" answer would probably be to make wily's pytz assume utf-8, and hack backports of tzdata to force the file back to ascii.  Maybe.18:55
ShockTJ-: thanks18:55
infinityrcj: I consider it broken by design that the file was ever ascii, and extra special that pytz cares, but I suppose we should shoot for maximum compat.18:56
TJ-Shock: mirror 404s sometimes happen when there's an archive update in progress, and other times when there's a HTTP proxy in the loop18:56
infinityrcj: But I'm actually asleep right now, so I'll form a better opinion on it $later.18:56
rcjinfinity, okay.  Thanks for the quick look.  I'll defer to $later18:57
sarnoldShock: the PPA page on launchpad should have a "technical details about this PPA" drop-down triangle thing that shows the signing key, when you click on the keyid it shows details about when that key was generated18:59
Shocksarnold: generated in 200919:01
sarnoldShock: hunh. that's not what I expected. :)19:02
Shocksarnold: call me paranoid but I think the "easy" way to compromise a linux system is via a mitm attack on the update system19:05
sarnoldShock: I think most common is still people using guessable passwords and allowing ssh to use passwords like it's 1994 :)19:06
sarnoldShock: but you're right, it's an easy invitation for code to be downloaded and run..19:07
TJ-Shock: how would a MITM attack work?19:14
mdeslaurShock: you can't, packages are cryptographically signed19:17
mdeslaurunless you accept to install packages that aren't, but the graphical tools won't allow that19:18
sarnoldTJ-: the "best" that I think a MITM could do against a PPA is to return old package lists to apt-get update requests to prevent or delay the clients from finding updated packages.19:21
sarnoldTJ-: I honestly don't know if apt will eventually complain "these package lists are two months old" or ont19:21
TJ-sarnold: Yes, I've been wishing for a while all the archive servers use HTTPS, even if mirrors won't/don't. It'd also help minimise the captive-portal/proxy issues19:24
cjwatsonsarnold,TJ-: https://bugs.launchpad.net/launchpad/+bug/71653519:34
ubottuLaunchpad bug 716535 in Launchpad itself "Please support Valid-Until in release files for security.ubuntu.com" [Low,Triaged]19:34
cjwatson(the thing that needs thought there is that we don't currently republish Release files for stable releases at all, so we need to do something non-trivial about that)19:34
TJ-cjwatson: looking at the dates in that report it'd be faster to switch to HTTPS :)19:36
sarnoldcjwatson: heh, there's always something, isn't there? :)19:36
cjwatsonTJ-: My understanding is that that would be pretty expensive.19:37
cjwatson(Though my understanding is perhaps a couple of years old)19:38
TJ-cjwatson: really? in what way? Most organisations that have evaluated it have found that the perceived additional CPU costs are actually relatively small19:38
cjwatsonTJ-: I'm only going on sysadmin estimates from a while back19:38
TJ-I do wonder if the HTTP Headers could be used for the Valid-Until part19:38
sarnoldTJ-: iff you use https, sure19:39
TJ-sarnold: it can be done with HTTP if there's a signature header too19:40
sarnoldTJ-: wouldn't that require more work server-side? i think those are currently apache boxes behind squids19:41
TJ-sarnold: precisely; any solution requires some work somewhere.19:42
sarnoldtrue :)19:44
=== mnepton is now known as mneptok
mdeslaurcjwatson: the Valid-Until headers are problematic if all you need to do is send files from an earlier ubuntu release, no?20:07
mdeslaurand I assume the issue with mirrors is certs, not the extra cpu cost20:08
elmothe idea that SSL is "cheap" or even "free" from a CPU perspective is deeply flawed20:15
elmofor a site like security.u.c, it would absolutely not work with the current hardware allocation and the cost to beef it up to where it would need to be is significant20:16
=== mako_ is now known as mako
cjwatsonmdeslaur: apt checks Codename (or similar) and will complain if it doesn't match what it expects; the send-files-from-earlier-release attack doesn't work21:21
=== salem_ is now known as _salem
mdeslaurcjwatson: oh! interesting, thanks22:01
cjwatsonmdeslaur: I ran into this experimentally recently when testing InRelease support :-)22:02
cjwatsonmdeslaur: Hm, or I may be misremembering what it did.  I should probably recheck before making grand claims22:03
mdeslaurcjwatson: I seem to recall this being the issue every time I've discussed it with infinity22:03
mdeslaurbut I've been known to misremember stuff :P22:03
=== Elimin8r is now known as Elimin8er
tdaitxslangasek, infinity: I need a hand to figure out what to do with a missing vtable symbol in libecap2 (I'm working on its gcc5 transition), so far I haven't been able to find good documentation on how to decide whether this is ok or why it is now missing22:23
dokorobert_ancell, just the ppc64el ftbfs left ;)22:29
dokotdaitx, please could you paste the issue?22:30
tdaitxdoko, line 48-49 http://paste.ubuntu.com/12627595/22:35
dokotdaitx, libecap already had a soname transition upstream, and none of the rdepends were able to build22:39
dokojust delete the symbol22:39
dokoand make sure that the rdepends build22:39
tdaitxdoko, thanks22:39
dokojust CC me, highlight issues like these please22:40
=== mnepton is now known as mneptok

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!