[00:01] <teward> pmatulis: again, no rush, not a huge issue :)
[08:07] <lordievader> Good morning.
[08:18] <th3s3_3y3s> morning lordievader
[11:11] <soulisson> Hi, does Ubuntu has a repo for security updates?
[11:14] <ogra_> soulisson, yes, it is enabled by default in your reposoitory list in /etc/apt/sources.list
[11:17] <soulisson> ogra_, trusty-security?
[11:18] <ogra_> on a trusty install, yes (and with the correct server name)
[11:22] <soulisson> ogra_, do the security packages contain the version provided by the editor or is this is the work of the ubuntu team?
[11:26] <rbasak> soulisson: the Ubuntu security team cherry-pick security fixes
[11:27] <andol> Well, at least that's the general rule.
[11:28] <soulisson> rbasak, sorry english is not my first language what does it mean?
[11:28] <rbasak> soulisson: the Ubuntu security team take the security fix patch from upstream and apply it to the package version that is in the stable release.
[11:28] <rbasak> soulisson: as andol says this is the general case - there are occasional exceptions
[11:29] <soulisson> rbasak, ok, thanks
[12:39] <enleeten> ah a little chmoding never hurt anybody
[16:01] <ztyuio> hi
[16:01] <ztyuio> i need your help to setup nomachine 4.3.3 on windows 10 with ubuntu trusty
[16:02] <ztyuio> anyone using nomachine here ?
[16:02] <ztyuio> seems not working with port 22
[16:02] <ztyuio> i can able to join my machine over putty a putty session
[16:02] <ztyuio> but not with nomachine
[16:33] <roaksoax> smoser: have you seen this before? http://pastebin.ubuntu.com/12980715/
[16:35] <smoser> not enough context, but it would seem something is pretty wrong.
[16:35] <smoser> it is always helpful to post entire logs.
[16:35] <smoser> probably there is a WARN somewhere.
[16:35] <roaksoax> smoser: yeah, the person doesn't seem to have the full set of logs
[16:38] <roaksoax> smoser: http://paste.ubuntu.com/12980737/
[16:40] <smoser> still not much context, but it really seems like package is not installed, or cloud-init is foobarred badkly somewhere.
[16:41] <roaksoax> smoser: http://paste.ubuntu.com/12980749/
[16:41] <roaksoax> smoser: it seems so
[17:51] <hallyn> dannf: hey - so no problems using the qemu from ppa from a few weeks ago?
[17:51] <th3s3_3y3s> Is single user mode no longer supported or runlevels at all?
[17:52] <hallyn> dannf: if not i'll push that with changelog tweak to xenial
[17:52] <dannf> hallyn: no, it worked fine. most of the problems i had were backporting it to trusty. i worked through those, but there's probably some changes you'd want to bring in
[17:52] <dannf> that i need to clean up
[17:52] <dannf> hallyn: def good enough for the initial xenial upload imo :)
[17:52] <hallyn> cool, thx.
[17:53] <hallyn> hm, but why does x have a newer version than nw
[17:53] <hallyn> oh, rharper
[17:53] <hallyn> well that complicates the merge :(
[17:54] <hallyn> screw it i'll fake it in git
[17:55] <dannf> hallyn: here's one patch you might want to bring in: http://lists.nongnu.org/archive/html/qemu-devel/2015-10/msg04627.html
[17:55] <dannf> hallyn: it'll land upstream differently because they're doing some other configure changes
[17:55] <hallyn> dannf: but it's ok/safe as is?
[17:56] <dannf> yeah
[17:56] <hallyn> hm,
[17:56] <dannf> not needed for xenial, but is for trusty - i just assume that i won't be the only one that needs to backport it (e.g. cloud archive)
[17:56] <hallyn> right, i see
[17:56] <hallyn> had to check rmadison then groked
[17:57] <hallyn> all right, i'll try to get something into x today - thx
[17:57] <hallyn> wow no zul
[17:58] <hallyn> life is meaningless.  alea jacta est
[18:01] <hallyn> i really need to set something up to notify me on all new devel-release qemu uploads
[18:32] <th3s3_3y3s> Does the instal cd come with a pxe bootable kernel?
[18:32] <bekks> Every Ubuntu kernel can be booted using PXE.
[18:33] <th3s3_3y3s> looking at this command to copy from the ubuntu server install cd : sudo cp -fr install/netboot/* /var/lib/tftpboot/
[18:35] <gzoo> I'm trying to setup a mail server. I installed the mail-stack-delivery package, but I want to use virtual users.
[18:35] <gzoo> I set up dovecot so it recognizes users with `doveadm user <user>`
[18:36] <gzoo> but I'm not sure on the postfix part... I got up to the point where the mail is delivered to my server, but "user" is getting the mail instead of "user@nicedomain", so the postfix thinks theres no such user
[18:38] <patdk-wk> odd
[18:38] <patdk-wk> you are using lmtp right? to deliever it to dovecot?
[18:42] <gzoo> patdk-wk, yes, I use dovecot-lmtp. But I think I'm confusing many, many things.
[18:43] <gzoo> can postfix check whether a user exists when talking to dovecot by lmtp?
[19:00] <patdk-wk> yes, but you really shouldn't bother doing that
[19:06] <teward> sarnold: around?
[19:06] <th3s3_3y3s> no?
[19:06] <sarnold> hey teward :)
[19:06] <teward> sarnold: incoming PM :)
[19:06] <th3s3_3y3s> patdk-lap, specifiy that
[19:11] <patdk-wk> heh?
[19:11] <patdk-wk> specify what?
[19:16] <th3s3_3y3s> what you shouldn't nother with
[19:16] <th3s3_3y3s> specify
[19:49] <teward> sarnold: can I pick your brain with a packaging question in the interim?
[19:50] <sarnold> teward: you can try but if it's about the conflicts: thing from the other channel, I've got no idea :)
[19:50] <sarnold> teward: learning packaging on the security team I really only deal with the easy cases where we just do tiny bumps of version numbers and make sure that version numbers are monotonically increasing..
[19:51] <sarnold> I really am clueluess about the finer points of long-term packaging
[20:08] <gzoo> patdk-wk, (sorry for reviving an old comment), how do I tell postfix to use dovecot properly? after that all should be set? no virtual user maps on the postfix side?
[20:09] <patdk-wk> why is there no virtual user mapings?
[20:10] <patdk-wk> you just said you didn't want system user accounts
[20:10] <patdk-wk> but full email address accounts
[20:10] <gzoo> patdk-wk, yes, I have virtual users on the dovecot side
[20:10] <gzoo> no system users
[20:10] <patdk-wk> normally, one sets up virtual users in postfix
[20:11] <patdk-wk> postfix at a min, will need to know all the virtual domains
[20:11] <patdk-wk> but you generally need 2 tables to do all the mapping
[20:11] <patdk-wk> dovecot users
[20:11] <patdk-wk> map this to postfix mailboxes
[20:12] <patdk-wk> or you could let postfix figure them out by asking dovecot via lmtp, but seems kindof overkill
[20:12] <patdk-wk> and a alias map table, for email addresses to mailboxes, for postfix
[20:12] <patdk-wk> but this is way too much for an irc channel
[20:12] <patdk-wk> lots of people in #postfix will help with the postfix part though
[20:13] <gzoo> well, I didn't like the idea of having the same data about users in both dovecot and postfix
[20:13] <gzoo> I guess I'll head off to #postfix for more in-depth help
[20:13] <patdk-wk> why not?
[20:13] <patdk-wk> if they use the *same source data*, why not let many programs use the same data directly?
[20:14] <patdk-wk> less points of failure and other things to go wrong
[20:14] <patdk-wk> or, less castcading failures
[20:15] <gzoo> how come having a table on the postfix side, and another one on the dovecot side is the 'same source data'?
[20:15] <gzoo> it's the same data duplicated
[20:15] <patdk-wk> heh?
[20:15] <patdk-wk> it's one table
[20:15] <gzoo> err, ok i'm missing something
[20:15] <patdk-wk> your using static hash-key files?
[20:16] <patdk-wk> not sql/ldap/....
[20:16] <patdk-wk> I would highly recommend using sqlite instead if your doing that
[20:17] <patdk-wk> but yes, doing it that way would be a royal pain
[20:17] <patdk-wk> cause you have too many different pieces of info about one user all over the place
[20:17] <patdk-wk> if you really must do it that way, no idea why you would, make one file to hold it, and use a make file to create the seperate parts
[20:19] <gzoo> can't I just have a passwd-like file like they show on the dovecot docs, instead of sqlite. I only need to have 1-few users on the server, and using sql on this would be the overkill opposed to simple files
[20:19] <patdk-wk> that won't handle your aliases and mappings for postfix
[20:19] <gzoo> which creates the duplication problem.
[20:19] <patdk-wk> if you want something simple like that, it sounds like you want to use system users
[20:19] <gzoo> if I go sqlite, I can have postfix play with sqlite as well?
[20:19] <patdk-wk> not virtual
[20:21] <gzoo> I prefer it be virtual users actually
[20:21] <patdk-wk> you can perfer it all you want
[20:21] <patdk-wk> but by definition, you have to duplicate all the work, local/system users does automatically for you
[20:21] <patdk-wk> making it *not as simple*
[20:22] <patdk-wk> you can't have everything
[20:22] <sarnold> though you do then have to worry about those users trying to ssh in to the system, heh
[20:23] <gzoo> I have to note that this is a hobby exercise, so even if I'm scratching my right ear with my left hand I'd rather have it scratched
[20:23] <gzoo> Some googling seems to show postfix+sqlite hopes
[20:23] <patdk-wk> sarnold, no
[20:23] <patdk-wk> you just set it to /bin/false, done
[20:24] <gzoo> patdk-wk, set the system user's shell to /bin/false?
[20:24] <patdk-wk> yes
[20:35] <gzoo> well, thanks for clarifying some things. I will try going the SQLite way.
[20:38] <patdk-wk> tables makes it much easier
[20:38] <patdk-wk> basically a mailbox table, a alias table, and a domain table
[20:38] <patdk-wk> should solve all your needs, or you can make it more complex
[20:39] <patdk-wk> should be tons of examples on google
[20:39] <patdk-wk> the bad thing, almost all the examples have issues too :(
[22:22] <ponyofdeath> anyone know if its possible to write a app armor policy to only allow a process to append to files and not be able to erase or clear them?
[23:10] <sarnold> ponyofdeath: the 'a' permission should do exactly that
[23:10] <ponyofdeath> sarnold: thanks! i was just reading that in the man page :)
[23:16] <lamont> the whole "don't boot with incomplete swraid" option... what package is that in>?
[23:18] <TJ-> lamont: do you mean the old requirement for bootdegraded=true thing?
[23:19] <Elion> Hi, i have an ubuntu server and i want to install multiple services on it like gitlab, owncloud, mumble, web server, monitoring system, .... What do you advise me to use to get services in boxes : docker, vm, whatever... and should i use something like chef to manage it ?
[23:20] <BrianBlaze420> hello beautifuls
[23:20] <BrianBlaze420> I seem to have openvpn server running
[23:20] <BrianBlaze420> as the service says it is and syslog looks good
[23:21] <BrianBlaze420> but netstat -lntp shows only ssh is there I don't see my vpn port
[23:21] <BrianBlaze420> anyone know where I messed up?
[23:21] <sarnold> BrianBlaze420: remove the 't'
[23:21] <BrianBlaze420> lol
[23:21] <sarnold> BrianBlaze420: that shows tcp but openvpn probably runs on udp
[23:21] <BrianBlaze420> true it does
[23:22] <BrianBlaze420> okay so I use u instead
[23:22] <BrianBlaze420> and see it lol
[23:22] <BrianBlaze420> thanks
[23:22] <sarnold> yay :)
[23:22] <BrianBlaze420> so now I gotta figure out whats blocking me out of thurrr
[23:22] <BrianBlaze420> thanks a lot tho
[23:22] <BrianBlaze420> :)
[23:23] <lamont> TJ-: yeah that
[23:23] <lamont> (trusty system)
[23:23] <TJ-> lamont: as I recall, in trusty, either on release, or very soon thereafter, there was an update that stripped that out - I remember because it caught me out!
[23:23] <sarnold> BrianBlaze420: do you get any error messages from either peer? check service logs, syslog, dmesg on both
[23:24] <lamont> TJ-: I know that I have a machine that doesn't boot when I have a one-device raid1
[23:24] <lamont> TJ-: that when I force my way into busybox and mdadm --add the second partitoin, and then reboot, it comes up just fine
[23:24] <TJ-> lamont: 3.2.5-5ubuntu3 : http://changelogs.ubuntu.com/changelogs/pool/main/m/mdadm/mdadm_3.2.5-5ubuntu4/changelog
[23:24] <BrianBlaze420> nah I am actually using amazon aws and it's funny when I open ports it's like they don't open but I wanted to really make sure it wasn't my server
[23:24] <BrianBlaze420> because everything looks grand server side
[23:25] <TJ-> lamont bug 1279741
[23:25] <sarnold> BrianBlaze420: ah, yes, the security groups also need to be managed :)
[23:26] <BrianBlaze420> I have done that
[23:26] <lamont> TJ-: oh hell.  that reads like exatly what I most donot want
[23:26] <BrianBlaze420> but I swear they don't open
[23:26] <TJ-> lamont: I recall I was hit in a similar way as you seem to be, and I did some debugging and decided the patch xnox added wasn't working for all circumstances, but I can't recall where that led
[23:27] <lamont> my issue is that I want the machine UP and I'll deal with recovering the RAID at that point.  Given the size of the drives, a 2 day reboot is unacceptable.
[23:28] <TJ-> lamont: yeah, that was my scenario too
[23:29] <lamont> esp when, since the second drive wound up not being in the array at all, it's not a 2 day outage, it's a drive there and hookup the keyboard and monitor and manually intervene
[23:30]  * lamont has to run
[23:30] <TJ-> lamont: I had the advantage of network KVM, but yes, it isn't good
[23:33] <BrianBlaze420> you don't know of a way to kick in an updated security group do you>
[23:33] <BrianBlaze420> I heard it was right away... I have yet to see it right away lol
[23:35] <sarnold> BrianBlaze420: if you've had time to type about it on irc then perhaps there's something else wrong.. it seems most likely to me that perhaps the one you added might not be sufficient for the job..
[23:36] <BrianBlaze420> I went this through my other server with opening port 80 too
[23:36] <BrianBlaze420> and magically it just started working
[23:36] <BrianBlaze420> so I guess I wait lol
[23:51] <BrianBlaze420> well i stand corrected other ports opened so its all on me this time
[23:54] <BrianBlaze420> and it works :)