[04:50] <tarpman> lunaphyte: ah right! I found the place debconf priority is documented. https://www.debian.org/releases/jessie/amd64/ch05s03.html.en#installer-args :P
[05:35] <cooldharma06> hi all
[05:35] <cooldharma06> i am trying to access pudb from my remote machine via ssh
[05:35] <cooldharma06> keys are not working
[07:46] <trimas> is SHA1 used in Ubuntu's default FDE setup less secure than using SHA256/512? SHA1 has been deemed insecure since 2005, or am I misinformed?
[08:34] <jamespage> morning all
[08:41] <RoyK> morning
[10:55] <jamespage> coreycb, ddellav: SRU's mainly caught up with - Kilo is all in proposed and tested OK
[10:56] <jamespage> nova and keystone point releases in the sru team queue for wily
[11:13] <Slashman> hello, I'm trying out lxd on ubuntu 15.10 and it works great but I have an issue when I start a container with debian jessie, I can't stop it: "lxc stop" get stuck and running "poweroff" inside the container get me "Failed to talk to init daemon.", with ubuntu container, there is no issue so my question is: how do you stop a debian container?
[11:14] <Slashman> btw the container is unprivileged
[11:38] <coreycb> jamespage, awesome, thanks
[11:38] <jamespage> coreycb, np
[11:59] <httperr418> hi folks, I have an automount question
[12:00] <httperr418> I'm actually running ubuntu desktop but I wanted to do this via CLI so they suggested asking here
[12:00] <httperr418> I want to ensure that automounting is disabled for any device by default
[12:00] <httperr418> er, any external device
[12:01] <httperr418> I know it's possible because I've done it before, but I can't find the guide I located last time
[12:41] <ddellav> jamespage cool, ty
[13:09] <mojtaba> I can create proxy server using ssh -D locally and configure network manager manually to use it. Is there a way to select which addresses use this proxy? (By specifying something special in the URL, like http_proxy instead of http?) What is configuration URL for?
[13:28] <jamespage> coreycb, added some bug management features to the tools that push stuff between uca pockets this morning as well:
[13:28] <jamespage> https://bugs.launchpad.net/cloud-archive/+bug/1546445
[13:29] <jamespage> for an example...
[13:30] <coreycb> jamespage, oh I like that, that last comment is automated then?
[13:30] <jamespage> coreycb, yes
[13:30] <jamespage> coreycb, also adopting the tag based verification approach that the sru team uses...
[13:31] <coreycb> jamespage, that's nice.  and does it auto-mark status as fix released?
[13:34] <jamespage> coreycb, it should do - not tried that bit yet
[13:35] <coreycb> jamespage, ok.  thanks for all that!
[13:38] <coreycb> jamespage, I'm still debating if it makes sense to have a barbican-api init script or if directly using the apache2 init script makes more sense
[13:46] <jamespage> coreycb, if you're running it under apache2, no init script required
[13:48] <coreycb> jamespage, ok, that is the case.  it's a change for users though since it used to run under uwsgi and had barbican-api init scripts. but we had to drop uwsgi to try and get it into main.
[13:55] <jamespage> coreycb, can you take a read through this please - https://wiki.debian.org/Apache/PackagingFor24
[13:55] <coreycb> jamespage, yep
[13:55] <jamespage> coreycb, you're doing alot of work in maintainer scripts you don't need to right now
[13:56] <jamespage> coreycb, infact if you install the conf files directly to /etc/apache2/conf-avaliable and us dh_apache2 it will generate most of the required bits for you
[13:57] <coreycb> jamespage, ah that's nice. I'll revisit that after reading.
[13:57] <jamespage> coreycb, actually its even nicer that that
[13:58] <jamespage> you just have to have a .apache2 file in debian/ listing the conf files you want to enable...
[13:58] <coreycb> jamespage, very nice
[14:12] <Slashman> to answer my own question from this morning, to stop a container that do not want to stop with "lxc stop", you must use the command "lxc stop <container> --force" which is undocumented
[14:13] <jjrabbit543> hello
[14:14] <jjrabbit543> ICMP protocol doesn't use a port?
[14:14] <jjrabbit543> how is that possible
[14:15] <rbasak> IP doesn't define ports. TCP and UDP do. ICMP is not TCP and UDP. It layers directly on IP.
[14:18]  * patdk-wk kindof wishes we had 32bit ports
[14:20] <jjrabbit543> found the cisco guy
[14:21] <jjrabbit543> just joking. thanks man that makes more sense
[14:22] <jjrabbit543> can anyone tell me why  Your nick is owned by user [~user@104.131.1.159]
[14:22] <jjrabbit543> it says that?
[14:22] <jjrabbit543> woops sorry meant to send to different channel
[14:49] <cyphermox> rharper: how is multipath-tools?
[15:07] <rharper> cyphermox: xnox was going to look at the FFE/merge and upload on Friday IIRC; I haven't looked yet
[15:08] <rharper> cyphermox: https://bugs.launchpad.net/ubuntu/+source/multipath-tools/+bug/1551952
[15:08] <rharper> cyphermox: stgraber said it was OK to upload, so it just needs a sponser
[15:08] <cyphermox> yeah, stgraber acked it
[15:08] <cyphermox> xnox: ?
[15:09] <rharper> cyphermox: I also pushed a fix upstream to debian re systemd.service file (the disable systemd for udeb broke linking against libsystemd for the non-udev, which broke notification via sd_notify);  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817940
[15:10] <rharper> need to pull that fix in (instead of disabling systemd) in our package
[15:33] <ndee> I'm looking for following tool: a user can create a payload in the browser and adds it to a queue. The queue payload gets executed by the root user, since some special privileges are needed. Does anyone know of some sort of queue tool?
[15:34] <Sling> sounds like a horrible idea
[15:34] <Sling> what problem are you trying to solve with this? or are you trying to create malware?
[15:35] <ndee> Sling: haha, no. What I'm trying to do is sync a staging environment of a CMS to a live environment. At the moment, I have an extension for that CMS which creates a file and a cronjob checks if that file exists and if it does, executes a task. That's the workflow I created 8 years ago and I'm wondering if there might be something "smarter" around the way.
[15:36] <patdk-wk> there are hundreds of queue tools to use, pick one and use it
[15:36] <patdk-wk> the issue is, the whole idea is flawed from the start
[15:36] <ndee> patdk-wk: it is some sort of deployment and I'm not sure what a better way would be.
[15:36] <patdk-wk> something that doesn't use a webserver :)
[15:37] <patdk-wk> it sounds like you already solved it
[15:37] <patdk-wk> cms creates a backup file, and cron job that checks if file exists and deploys it
[15:37] <patdk-wk> so sounds like the only thing you have to do is create another cron job
[15:37] <patdk-wk> if new backup file exists, copy it to the production server
[15:37] <ndee> patdk-wk: so that's not a bad way to deploy something?
[15:38] <patdk-wk> only if, anyone is allowed to make that file
[15:38] <ndee> I sometimes get insecure with all those new flash tools and think that I also have to use it :D
[15:38] <patdk-wk> if a webuser can upload that file, and let it audodeploy, whatever they want :)
[15:38] <patdk-wk> make sure that file location is well outside of what the webserver is allowed to touch
[15:38] <patdk-wk> and permissions are tight
[15:39] <ndee> patdk-wk: the location of the file has to be writeable by the webserver, otherwise, the file can't be generated.
[15:40] <patdk-wk> no
[15:40] <patdk-wk> from your dev enviroment, sure
[15:40] <ndee> ah
[15:40] <patdk-wk> that dev enviroment shouldn't be accessable to the outside
[15:40] <patdk-wk> but on the live/production one, you should take care that file is protected
[15:40] <ndee> of course
[15:41] <patdk-wk> or rather, firewall rules should be protecting the dev one
[15:41] <patdk-wk> so file level access, isn't strictly required, nice, but
[15:48] <jamespage> rbasak, kickinz1: hey - just reviewing the pacemaker merge from debian - I've tested the upgrade as I wanted to ensure that the package splits upgraded ok - works fine
[15:48] <jamespage> are you both happy we want todo that this cycle?
[15:56] <kickinz1> jamespage, rbasak thanks jamespage for having taken the time to look after it, I think that we want it this cycle yes.
[16:01] <jamespage> kickinz1, rbasak: ok uploaded
[16:02] <kickinz1> jamespage: thanks!
[16:07] <daften_> hi, i have a problem on a server with sudo, it won't use the users password
[16:07] <daften_> the users password is correct, i've checked this by issuing passwd and entering the current password, which is accepted
[16:08] <daften_> the sudo config is also correct. i've changed the file in /etc/sudoers.d/ that gives sudo rights to the group so it gives sudo rights without password entry, and then i can issue sudo commands
[16:08] <daften_> so there's something very strange going on, and i have no clue. can somebody help me?
[18:04] <jeeves_moss> what is the best cliserable VPN server that uses an HTTP client that is free?  We have a bunch of IoT devices that we would like to connect to the network (to a NATed system), and not to have to worry about a bunch of open devices floating around
[18:11] <patdk-wk> none?
[18:11] <patdk-wk> http is not secure, so don't use it for a vpn
[18:13] <jeeves_moss> patdk-wk: I meant https.  missed a letter.  we're looking for something that will punch through a NAT router
[18:13] <patdk-wk> sounds like openvpn
[18:13] <patdk-wk> unless you need to be http proxy aware
[18:16] <jjrabbit543> hello
[18:16] <jjrabbit543> anyone know if there is a more recent project of this tool?
[18:16] <jjrabbit543> https://sourceforge.net/projects/ldaptool/
[18:18] <sarnold> jjrabbit543: that sounds kind of like https://directory.apache.org/studio/
[18:19] <sarnold> jjrabbit543: i'm normally hesistant to recommend anything from the apache project but .. i'm not sure where else you'll find this sort of thing.
[18:20] <teward> rbasak: ping - who do i bother when i see something that prevents testcases from being completed in the server dailies?
[18:20] <teward> is that matsubara still, or someone else?
[18:21] <matsubara> teward, Hi, I can take a look. What's up?
[18:22] <teward> matsubara: refer to today's server testcase, i filed a failed testcase, can't select keyboard layout per the testcase, possibly bug 1559507
[18:22] <teward> (initially observed 20160318 Lubuntu alt, then 20160319 Server, by phillw, poked to me in another channel to test/confirm)
[18:23] <teward> confirmed today by myself, both Lubuntu alt and Server
[18:23] <teward> matsubara: i'd poke the release team, but i'd like more eyes on it first :)
[18:24] <teward> note this is on the iso tracker
[18:24] <teward> not on our autotests (if we do them)
[18:26] <teward> matsubara: i'd set the bug as "high" because we may have cases where people have foreign keyboard layouts that need selected (or can't be autodetected), but again, i wanted some extra opinions
[18:28] <teward> matsubara: note that installation progresses as it should, apparently, but that means that either we're deprecating and removing keyboard layout selection, or our testcase is bugged, or the bug is actually something missing
[18:28] <teward> i'm not qualified, I think, to make that determination
[18:29] <matsubara> teward, thanks for raising that. I think you're right. It should be high or if this is an intentional change the testcase needs update
[18:29] <teward> matsubara: thank phillw (the one who brought up the 'no 32bit qa iso manual test cases' problem a while ago) for pinging me randomly on it
[18:29]  * teward usually avoids testing unless he has to
[18:30] <teward> matsubara: I'll set it to High for now, but can you poke around to see if this is an intentional change?
[18:30] <matsubara> teward, yep, I'll check it out. In any case I'll add a topic for discussion in tomorrow's meeitng
[18:31] <teward> matsubara: thanks!  i'm making a comment that i'm setting high after discussing with you :)
[18:31] <matsubara> thanks teward
[18:31] <teward> you're welcome
[18:33] <teward> matsubara: and thanks for replying promptly :)
[18:44] <teward> matsubara: confirmed that the install is otherwise unaffected, though, with regards to the test case - the testcase in its current form just can't be completed, but installations apparently can
[18:49] <teward> though i wouldn't put faith in that
[19:06] <j^2> Hi!
[19:06] <j^2> I was just convinced to come here per dobey from #ubuntu-quality
[19:07] <j^2> I work for Chef software, (what used to be opscode) and I wanted to talk about the version of chef that comes in when you do an apt-get install -y chef
[19:07] <j^2> it seem in 16.04 chef_12.3.1-1_i386.deb comes in, which is great
[19:07] <j^2> but that’s not the must up-to-date
[19:07] <j^2> we are at chef_12.8.1-1_i386.deb now
[19:08] <j^2> not to mention we have another SDK called the chefdk that we would like to add as an option
[19:08] <j^2> who can i talk to about who owns these, and work with them?
[19:08] <teward> j^2: we're past feature-freeze, so any updates and feature additions would need individual exceptions.
[19:08] <sarnold> j^2: https://wiki.ubuntu.com/FreezeExceptionProcess#FeatureFreeze_Exceptions
[19:08] <teward> and testing
[19:08] <teward> and review by the release team for inclusion
[19:08] <teward> the link sarnold provided gives details
[19:09] <j^2> awesome, thanks! I’ll start reading through this :D
[19:09] <teward> j^2: obvious question: is this in Debian yet
[19:09] <teward> aaaand rmadison answered my question
[19:09] <teward> it is not
[19:09] <j^2> so that’s the problem, i’m not sure because i don’t know how it’s getting there. No one seems to know
[19:10] <teward> i assume we're talking about the 'chef' package
[19:10] <j^2> somebody has to own this
[19:10] <j^2> yep
[19:10] <sarnold> it seems like there's a reasonable chance, chef is in universe and it looks like a 'leaf' package
[19:10] <teward> sarnold: no Debian updates, though, so it'd need more testing
[19:10] <j^2> ok
[19:10] <sarnold> bummer though, logan did a merge just five days ago..
[19:11] <j^2> yeah it seems that isn’t the official chef package either from debian
[19:11] <j^2> it’s not ours, it was created by someone else
[19:11] <j^2> we have our packages posted: https://downloads.chef.io/chef-client/ubuntu/
[19:12] <j^2> so does that mean i should go to debian to get this fixed or through y’all?
[19:12] <sarnold> probably both
[19:12] <j^2> lovely
[19:12] <sarnold> a month ago maybe justdebian would have sufficed
[19:12] <sarnold> but, feature freeze and all
[19:12] <j^2> grrrr
[19:12] <j^2> ok, well this is my task, i’ll make it happen
[19:13] <j^2> lets start with y’all, i’m assuming i should go through the exception docs to get myself informed here?
[19:13] <sarnold> yeah, that's a good starting point
[19:13] <j^2> start that process, then who/where should i go for the debian group?
[19:14] <sarnold> I -think- this is the most recent chef changelog from debian http://metadata.ftp-master.debian.org/changelogs/main/c/chef/chef_11.12.8-2_changelog
[19:14] <jcastro> https://qa.debian.org/developer.php?email=pkg-ruby-extras-maintainers%40lists.alioth.debian.org
[19:14] <sarnold> I -think- you won't go too far wrong if you email the three or four most recent uploaders; maybe filing a bug?
[19:14] <jcastro> that's what the PTS lists as the chef maintainers
[19:14] <jcastro> https://tracker.debian.org/pkg/chef
[19:14] <sarnold> ah, go with jcastro's link instead :)
[19:15] <j^2> woah, that’s not great, that’s not us at all
[19:15] <sarnold> that's usual
[19:15] <j^2> :-/
[19:15] <jcastro> most packaged software is not done by the people who write it
[19:16] <teward> ^ that
[19:16] <j^2> jcastro: i guess that makes sense
[19:16] <teward> (nginx as a prime example)
[19:16] <jcastro> though IME most packagers prefer to have a good relationship with their respective upstream and just teamwork it all
[19:16] <teward> ^
[19:16] <j^2> but we have packages that are packaged by us… it’s odd y’all don’t just take them right?
[19:17] <teward> j^2: we inherit our packages for the most part from Debian, I believe.  Nginx is in your type of case as well - they provide official packages on their own "official" repository, but many people use what's just in Ubuntu
[19:17] <jcastro> ideally, the upstream and the distro would share the same source packaging
[19:17] <teward> ^ that
[19:17] <j^2> ah interesting
[19:17] <teward> and yes i'm referring to nginx a lot because I work in that package :)
[19:17] <jcastro> but not, we need to be able to rebuild the entire archive from source so we don't just copy binaries into the archive
[19:17] <j^2> ;)
[19:18] <j^2> hmm, ok so there are a handful of things/conversations i need to have no it seems
[19:18] <j^2> now*
[19:18] <jcastro> yeah, but there's no reason it can't happen all at once
[19:18] <j^2> jcastro: sorry i’m not following
[19:18] <jcastro> if you fix it in debian then for us it's just a sync
[19:18] <j^2> ah!
[19:19] <jcastro> it's not "debian fix problem A, ubuntu fix problem A" It's "Debian let's fix problem A, ubuntu grab that."
[19:19] <jcastro> though, one thing worth investigating right off
[19:19] <sarnold> .. but at this point in the 16.04 LTS release cycle, you'll still need the paperwork finsihed even if it is just a sync from debian :)
[19:19] <jcastro> is find the difference between your packages and the debian packages
[19:19] <jcastro> like, are they carrying patches?
[19:20] <j^2> yeah there are a ton of updates iirc
[19:20] <jcastro> https://sources.debian.net/src/chef/12.3.0-3/debian/patches/
[19:20] <jcastro> for example
[19:20] <j^2> I’ll have to figure it out
[19:21] <sarnold> .. and figure out what to do with ubuntu's difference from debian, too https://patches.ubuntu.com/c/chef/
[19:21] <jcastro> ideally someone says "ok let's just take all these changes and fix them in one place"
[19:21] <jcastro> that one place probably being upstream
[19:23] <jcastro> j^2: well, you haven't quit the channel yet so I guess that's a good sign, heh.
[19:23] <j^2> heh
[19:23] <j^2> yeah i’m trying to figure out the diff
[19:23] <j^2> ;)
[19:23] <sarnold> hehehe
[19:24] <j^2> maaayybeee this is it?
[19:24] <j^2> https://github.com/chef/chef/compare/master...12.3-stable
[19:24] <j^2> wait
[19:24] <j^2> shit
[19:24] <j^2> there we go
[19:24] <j^2> https://github.com/chef/chef/compare/12.3-stable...master
[19:24] <j^2> 4k commits
[19:25] <j^2> between the version on debian and our newest
[19:25] <j^2> stable
[19:26] <j^2> so for that, i’m betting yall want me to go to debian eh?
[19:26] <j^2> let them build the pkg from us, then sync down (after the paperwork)
[19:27]  * jcastro nods
[19:27] <j^2> yeah i have a feeling i’m going to have to keep an eye on this for a while to make sure everyone is getting the correct software :-/
[19:27] <jcastro> j^2: also, there are ways to get newer versions into the LTS down the road
[19:28] <j^2> this type of oversight is probably due to everyone was assuming someone else was watching this stuff
[19:28] <jcastro> via backports and whatnot, so I wouldn't sweat about the deadline. I would of course try to get everything in as quick as you can but I wouldn't panic.
[19:28] <j^2> jcastro: awesome, thanks for that. I’ll start the conversation with debian, and i’ll be around here to ask questions? cool?
[19:29] <jcastro> I'm always around
[19:29] <j^2> \o/
[19:29] <jcastro> or you can mail me at jorge@ubuntu.com
[19:29] <j^2> rock on thanks!
[19:29] <jcastro> I owe you guys since we broke the maas<->chef integration, heh
[19:29] <j^2> ha!
[19:29] <j^2> yeah that was going to be the next task after me getting this done ;)
[19:30] <j^2> hey it worked i tested maas 1.8? it worked swimmingly
[19:30] <jcastro> though, posting to the debian list quickly will get eyeballs on it quick
[19:30] <j^2> is there a package ml?
[19:30] <j^2> <— the guy that wrote the maas integration :D
[19:30] <jcastro> I can't speak for those maintainers but most packagers I know love to work with their upstream
[19:30] <j^2> awesome
[19:31] <jcastro> https://qa.debian.org/developer.php?email=pkg-ruby-extras-maintainers%40lists.alioth.debian.org
[19:31] <jcastro> looks to be the list
[19:31] <j^2> awesome
[19:31] <j^2> already making progress :D
[19:32] <jcastro> ubuntu-devel-discuss@lists.ubuntu.com is listed as the maintainer list for the ubuntu version of the package
[19:34] <j^2> awesome
[20:20] <nacc> hallyn: stgraber: there is some discusion on #ubuntu-devel about this just now, but having lxc-dns's dnsmasq installed by default (in cloud/server, as lxc is installed by default) means that many (all?) dns-server packages will fail to install
[20:28] <mahmoh> j^2: so you're pretty good then?  need to also ask about a firefox-like package that pulls the latest chef for the LTS releases and beyond
[20:28] <j^2> mahmoh: awesome yeah that would be perfect
[20:28] <j^2> but i need to get debian updated first
[20:28] <j^2> which is the next step if i understand everything
[20:29] <mahmoh> j^2: start an exception for that too then, might be too late though but maybe not
[20:29] <j^2> per the email earlier ;)
[20:29] <mahmoh> gr8
[20:29] <j^2> mahmoh: hey man you know you love me ;)
[20:29] <mahmoh> j^2: let me know if you need anything
[20:29] <j^2> :D
[20:41] <stgraber> nacc: that won't be a problem by the time we release 16.04
[20:53] <nacc> stgraber: thanks, and thanks hallyn for clarifying
[23:20] <unomie> One of my sites is now pointing to my Docroot directory. The .conf file looks fine. Enabled/Disabled & restarted apache to make sure it wasn't using an outdated .conf - https://bpaste.net/show/caf1b10096f6 -  Any ideas?
[23:20] <unomie> other sites are working fine & so was this one up until a few days ago,
[23:20] <unomie> can't find anything in the logs other than it loading the favicon. No errors...
[23:20] <sarnold> try removing the trailing / on DocumentRoot /var/www/html/pagenation.co.uk/
[23:21] <sarnold> apache is quite picky about that trailing / and it always feels like it gets it exactly wrong
[23:22] <unomie> sarnold: Same result
[23:23] <sarnold> unomie: dang. how about the logs? anything in the site-specific error or access logs, or the generic error or access logs?
[23:24] <unomie> checked the syslog in /var/log, and other_vhosts_access.log error.log in /var/log/apache2
[23:25] <unomie> site-specific error log hasnt been updated in a month. Trying to the site-specific error log now but that hasn't been updated in an hour and I've been refreshing the site
[23:26] <unomie> *access.log for the second one
[23:27] <unomie> just spiders crawling the site....
[23:32] <shauno> is there any sign that file's being loaded at all?  I noticed at some point apache started including sites-enabled/*conf instead of sites-enabled/*
[23:33] <shauno> (eg, 'a2query -s')
[23:33] <unomie> shauno: Not sure - where would I check? Yeah I switched over all my sites to .conf a year or so ago (whenever the switch happened)
[23:35] <unomie> shauno: Ta, yeah it's there - pagenation.co.uk (enabled by site administrator)
[23:35] <shauno> fair enough.  just thought I'd ask since that one made things mysteriously disappear for me
[23:36] <unomie> Think it might have something to do with the FQDN. I was messing about with that a month ago as it's set to pagenation.pagenation.co.uk (duplication - I was never able to sort it but the site that wasn't sending out mail started working so I abandoned it)
[23:56] <Pinkamena_D> Has anyone ever tried to join ubuntu to windows active directory with PBIS? I have had success with it, but now I am trying to add a network printer as well. How can I let users use their active directory credentials for the network printer?
[23:57] <bekks> Whats "PBIS"?
[23:58] <tarpman> bekks: http://www.powerbrokeropen.org/
[23:59] <bekks> Never heard of it.