[00:00]  * teward turns his attention back to diagnosing his postfix install
[00:26] <infinity> teward: debootstrap should be working now.
[00:27] <teward> infinity: checking
[00:50] <infinity> Man, I hate it when that happens.
[00:51] <infinity> I just asked "who's the idiot who made nova-compute-kvm depend on qemu-system?"
[00:51] <infinity> Checked the changelog.
[00:51] <infinity> The idiot was me.
[00:55] <teward> infinity: heh
[00:55] <teward> infinity: looks like it works now
[00:55] <teward> thanks
[01:05] <infinity> rharper: Oh, so you did prep a version with Breaks, but never got it uploaded?  Fun.
[17:15] <Bluefoxicy> any reason linux-signed-image doesn't provide linux-image ?
[17:16] <Bluefoxicy> if you remove linux-image-4.4.0-22-generic when you have linux-signed-image-4.4.0-22-generic, apt wants to remove linux-image-generic-4.4.0-22-extras and all other stuff that requires linux-image-4.4.0-22-generic
[17:17] <Bluefoxicy> (for that matter, why have unsigned images at all?)
[17:42] <dobey> Bluefoxicy: do you not have "linux-signed-generic" installed?
[18:04] <infinity> Bluefoxicy: linux-signed-image-4.4.0-22-generic only contains the signed image, none of the modules.
[18:04] <infinity> Bluefoxicy: (In fact, it really only contains the signature)
[18:05] <infinity> Bluefoxicy: Which is why signed depends on image.
[18:06] <infinity> Bluefoxicy: dpkg -L linux-image-4.4.0-22-generic versus dpkg -L linux-signed-image-4.4.0-22-generic would probably have answered your question.
[18:08] <Bluefoxicy> ah
[18:09] <Bluefoxicy> infinity:  I was just looking in boot, re
[18:09] <Bluefoxicy> -rw------- 1 root root 6.7M May  5 15:03 vmlinuz-4.4.0-22-generic
[18:09] <Bluefoxicy> -rw------- 1 root root 6.7M May 14 14:08 vmlinuz-4.4.0-22-generic.efi.signed
[18:11] <infinity> Bluefoxicy: Yeah, vmlinuz-4.4.0-22-generic.efi.signed is the combination of vmlinuz-4.4.0-22-generic and the detached signature shipped by -signed.
[18:12] <Bluefoxicy> I'm guessing grub just automatically uses the signed image if present?  Doesn't seem to get its own menu entry.
[18:12] <infinity> Bluefoxicy: update-grub goes looking for it and prefers it.  I have no boot entries for unsigned.
[18:14] <Bluefoxicy> 'grep signed /boot/grub/grub.cfg' returns nothing after update-grub
[18:15] <Bluefoxicy> (aside:  optionally selecting a signed kernel doesn't seem to provide any security if your rootkit can just tell grub to boot an unsigned kernel)
[18:15] <infinity> Bluefoxicy: Are you booting on an efi system?
[18:16] <infinity> (base)root@nosferatu:/etc/grub.d# grep signed *
[18:16] <infinity> 10_linux:  if test -d /sys/firmware/efi && test -e "${linux}.efi.signed"; then
[18:16] <infinity> 10_linux:	linux	${rel_dirname}/${basename}.efi.signed root=${linux_root_device_thisversion} ro ${args}
[18:16] <infinity> 10_linux:    *.efi.signed)
[18:16] <Bluefoxicy> looks like I'm not
[18:16] <infinity> That's the logic.  It should Just Work if you're EFI.  If you're not, the signed kernel is useless.
[18:16] <Bluefoxicy> ah
[18:17] <Bluefoxicy> I can probably convert this system to efi.  LAst time I did that it took black magic.
[18:17] <Bluefoxicy> thanks for the info