| -queuebot:#ubuntu-release- Unapproved: gtksourceview2 (zesty-proposed/universe) [2.10.5-2ubuntu2 => 2.10.5-2ubuntu3] (ubuntu-desktop) | 00:44 | |
| handsome_feng | Hi, Could someone there can help check the two update request: bug: #1677432 bug: #1677157 Thank you! | 02:33 |
|---|---|---|
| ubot5 | bug 1677432 in ubuntukylin-wallpapers (Ubuntu) "[FFe] Update ubuntukylin-wallpapers to 17.04.0" [Undecided,New] https://launchpad.net/bugs/1677432 | 02:33 |
| ubot5 | bug 1677157 in ubuntukylin-theme (Ubuntu) "[FFe] Update ubuntukylin-theme to 1.7.0" [Undecided,New] https://launchpad.net/bugs/1677157 | 02:33 |
| === salem_ is now known as _salem | ||
| === Guest76522 is now known as valorie | ||
| -queuebot:#ubuntu-release- Unapproved: ubuntukylin-theme (zesty-proposed/universe) [1.6.2 => 1.7.0] (ubuntukylin) | 04:56 | |
| -queuebot:#ubuntu-release- Unapproved: ubuntukylin-wallpapers (zesty-proposed/universe) [16.10.1 => 17.04.0] (ubuntukylin) | 05:01 | |
| -queuebot:#ubuntu-release- Unapproved: rpi.gpio (zesty-proposed/universe) [0.6.3-1 => 0.6.3-1ubuntu1] (no packageset) | 05:04 | |
| -queuebot:#ubuntu-release- Unapproved: accepted rpi.gpio [source] (zesty-proposed) [0.6.3-1ubuntu1] | 05:04 | |
| -queuebot:#ubuntu-release- New binary: rpi.gpio [arm64] (zesty-proposed/universe) [0.6.3-1ubuntu1] (no packageset) | 05:08 | |
| -queuebot:#ubuntu-release- New binary: rpi.gpio [armhf] (zesty-proposed/universe) [0.6.3-1ubuntu1] (no packageset) | 05:09 | |
| -queuebot:#ubuntu-release- Unapproved: squid3 (zesty-proposed/main) [3.5.23-1ubuntu1 => 3.5.23-1ubuntu2] (ubuntu-server) | 05:43 | |
| === agateau_ is now known as agateau | ||
| === maclin1 is now known as maclin | ||
| Saviq | hi all, could someone please approve the packages coming from https://bileto.ubuntu.com/#/ticket/2626? thanks! | 07:43 |
| -queuebot:#ubuntu-release- Unapproved: imagemagick (zesty-proposed/main) [8:6.9.7.0+dfsg-2ubuntu1 => 8:6.9.7.4+dfsg-2ubuntu1] (desktop-core, ubuntu-server) | 07:54 | |
| -queuebot:#ubuntu-release- Unapproved: kdevelop (zesty-proposed/universe) [4:5.0.4-0ubuntu1 => 4:5.0.4-0ubuntu2] (kubuntu, ubuntu-desktop) | 07:58 | |
| -queuebot:#ubuntu-release- Unapproved: mate-control-center (zesty-proposed/universe) [1.18.0-0ubuntu1 => 1.18.0-0ubuntu2] (ubuntu-mate, ubuntukylin) | 08:04 | |
| tjaalton | Laney: added debug notes on #1671799 | 08:06 |
| tjaalton | bug #1671799 | 08:06 |
| ubot5 | bug 1671799 in xorg-server (Ubuntu) "FFe: xserver 1.19.3" [Undecided,Confirmed] https://launchpad.net/bugs/1671799 | 08:06 |
| LocutusOfBorg | hello release team, feature request: is it possible when receiving the "your package is stuck in proposed since foo days", to have also the changelog of the latest upload attached? this way I can understand if this was a transition, a no change rebuild, or a bad merge | 08:13 |
| -queuebot:#ubuntu-release- Unapproved: brisk-menu (zesty-proposed/universe) [0.3.0-0ubuntu1 => 0.3.5-0ubuntu1] (ubuntu-mate) | 08:32 | |
| -queuebot:#ubuntu-release- Unapproved: mate-themes (zesty-proposed/universe) [3.22.7-0ubuntu1 => 3.22.8-0ubuntu1] (ubuntu-mate) | 08:38 | |
| LocutusOfBorg | (I can open a bug if needed, just I don't know where that service is located) | 08:41 |
| -queuebot:#ubuntu-release- Unapproved: unity-greeter-session-broadcast (zesty-proposed/main) [0.1+14.10.20140601-0ubuntu4 => 0.1+14.10.20140601-0ubuntu5] (ubuntu-desktop) | 09:28 | |
| -queuebot:#ubuntu-release- Unapproved: aethercast (zesty-proposed/universe) [0.1+16.10.20160808-0ubuntu4 => 0.1+17.04.20170328.1-0ubuntu1] (no packageset) (sync) | 09:46 | |
| -queuebot:#ubuntu-release- Unapproved: accepted aethercast [sync] (zesty-proposed) [0.1+17.04.20170328.1-0ubuntu1] | 09:46 | |
| -queuebot:#ubuntu-release- Unapproved: bluez (xenial-proposed/main) [5.37-0ubuntu5 => 5.37-0ubuntu6] (ubuntu-desktop) | 10:50 | |
| -queuebot:#ubuntu-release- New: accepted ldns [amd64] (zesty-proposed) [1.7.0-1ubuntu1] | 11:24 | |
| -queuebot:#ubuntu-release- New: accepted ldns [armhf] (zesty-proposed) [1.7.0-1ubuntu1] | 11:24 | |
| -queuebot:#ubuntu-release- New: accepted ldns [ppc64el] (zesty-proposed) [1.7.0-1ubuntu1] | 11:24 | |
| -queuebot:#ubuntu-release- New: accepted ldns [arm64] (zesty-proposed) [1.7.0-1ubuntu1] | 11:24 | |
| -queuebot:#ubuntu-release- New: accepted ldns [s390x] (zesty-proposed) [1.7.0-1ubuntu1] | 11:24 | |
| -queuebot:#ubuntu-release- New: accepted ldns [i386] (zesty-proposed) [1.7.0-1ubuntu1] | 11:24 | |
| cpaelzer | Hi, could one please reject squid3 3.5.23-1ubuntu2 from zesty unapproved queue? | 12:08 |
| cpaelzer | While technically correct on the work with Debian we spottet some licence things that should be sorted out before. | 12:08 |
| apw | cpaelzer, looking | 12:08 |
| -queuebot:#ubuntu-release- Unapproved: rejected squid3 [source] (zesty-proposed) [3.5.23-1ubuntu2] | 12:10 | |
| cpaelzer | thanks apw | 12:14 |
| === _salem is now known as salem_ | ||
| smoser | hey. can someone NACK a cloud-init upload for me ? | 13:24 |
| smoser | the one in the queue is missing a bug reference. | 13:24 |
| Saviq | hi release team, any chance of approving the packages synced from this silo https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/2626/+packages?field.series_filter=zesty ? | 13:25 |
| -queuebot:#ubuntu-release- Unapproved: parallax (zesty-proposed/universe) [1.0.1-2 => 1.0.1-3] (no packageset) (sync) | 13:25 | |
| -queuebot:#ubuntu-release- Unapproved: accepted parallax [sync] (zesty-proposed) [1.0.1-3] | 13:27 | |
| === jjohansen1 is now known as jj-cloaked | ||
| === jj-cloaked is now known as jjohansen | ||
| apw | smoser: looking | 14:22 |
| -queuebot:#ubuntu-release- Unapproved: rejected cloud-init [source] (zesty-proposed) [0.7.9-82-g0e2030ca-0ubuntu1] | 14:31 | |
| -queuebot:#ubuntu-release- Unapproved: cloud-init (zesty-proposed/main) [0.7.9-77-g4a2b2f87-0ubuntu1 => 0.7.9-82-g0e2030ca-0ubuntu1] (edubuntu, ubuntu-cloud, ubuntu-server) | 14:47 | |
| -queuebot:#ubuntu-release- Unapproved: vulkan (zesty-proposed/universe) [1.0.42.0+dfsg1-1 => 1.0.42.0+dfsg1-1ubuntu1] (no packageset) | 14:58 | |
| -queuebot:#ubuntu-release- Unapproved: accepted vulkan [source] (zesty-proposed) [1.0.42.0+dfsg1-1ubuntu1] | 14:59 | |
| -queuebot:#ubuntu-release- Unapproved: python-xkcd (zesty-proposed/universe) [2.4.1-1 => 2.4.2-1] (no packageset) (sync) | 15:02 | |
| -queuebot:#ubuntu-release- Unapproved: accepted python-xkcd [sync] (zesty-proposed) [2.4.2-1] | 15:02 | |
| rbasak | Do I need an FFe to drop something from a seed? | 15:13 |
| rbasak | bug 1667195 | 15:13 |
| ubot5 | bug 1667195 in mdbtools (Ubuntu) "Drop mdbtools-gmdb from main" [Undecided,New] https://launchpad.net/bugs/1667195 | 15:13 |
| -queuebot:#ubuntu-release- Unapproved: lttng-modules (xenial-proposed/universe) [2.8.0-1ubuntu1~16.04.1 => 2.8.0-1ubuntu1~16.04.2] (no packageset) | 15:13 | |
| rbasak | If unsure, can a release team member give me an ack on it at least please? | 15:13 |
| rbasak | 16:15 <jbicha> my opinion is that since it wasn't shipped but only listed as "supported" that it wouldn't need a FFe | 15:21 |
| rbasak | 16:15 <rbasak> Good point. It wouldn't make any changes to an image. | 15:21 |
| rbasak | So I did it. | 15:21 |
| flexiondotorg | Ubuntu MATE would like to run a testathon this weekend, we've got a few packages pending, could someone eye them over please? | 15:22 |
| flexiondotorg | brisk-menu, mate-menu, mate-control-center, ubuntu-mate-artwork, mate-themes | 15:22 |
| maclin | hi, release team, Ubuntu Kylin image building was failed yesterday. The build log shows there was a conflict of dependencies: "libmagickwand-6.q16-2 : Depends: imagemagick-6-common (= 8:6.9.6.6+dfsg-1ubuntu3) but 8:6.9.7.0+dfsg-2ubuntu1 is to be installed" Could someone help to check the problem? | 15:50 |
| maclin | This package was not directly depend by our packages. There were only some "oxideqt" related packages update yesterday, but we can't confirm the relation. So I am afraid other image building may face this problem today? | 15:55 |
| maclin | If this is a problem only affecting Ubuntu Kylin, could someone help to confirm it? thanks :) | 16:02 |
| nacc | maclin: it might be from the transition as we finally got imagemagick migrated yesterday and there was a ABI bump | 16:03 |
| nacc | maclin: ah i see, i think we need to do some NBS cleanup too | 16:08 |
| maclin | nacc, is there anything we have to change? | 16:10 |
| nacc | maclin: no i think it's my cleanup to resolve | 16:11 |
| maclin | nacc, I got it, thanks:) | 16:12 |
| nacc | maclin: can you paste me a link to the build log? | 16:15 |
| maclin | https://launchpadlibrarian.net/313471764/buildlog_ubuntu_zesty_amd64_ubuntukylin_BUILDING.txt.gz | 16:15 |
| nacc | maclin: thanks! | 16:16 |
| nacc | maclin: probably need to some no change rebuilds as well | 16:16 |
| nacc | maclin: will work on that now | 16:16 |
| maclin | nacc: ok, we will wait for the new image tomorrow, thanks:) | 16:21 |
| nacc | slangasek: confused by something: http://people.canonical.com/~ubuntu-archive/nbs.html says sunflow and usbview depend on specific older binaries, but looking at those packages, i don't see the deps? What am I missig? | 16:27 |
| infinity | nacc: Probably dependencies on virtual packages. | 16:48 |
| infinity | nacc: Also, it's referring to build-depends, not depends. | 16:49 |
| nacc | infinity: "Packages which depend on NBS packages" refers to build depends? | 16:50 |
| infinity | nacc: And, indeed, sunflow build-depends on libmagickcore-6.q16-2-extra | 16:50 |
| infinity | nacc: It does, if you read the whole line. :P | 16:50 |
| bdmurray | infinity: I typed the wrong i package name and released initramfs-tools for trusty. Can anything be done? | 16:51 |
| infinity | nacc: The last column helpfully tells you which arch's binaries have the issue. When it's build-depends instead of binary, it says "build". | 16:51 |
| nacc | infinity: ah i see it now! | 16:51 |
| nacc | infinity: sorry for the noise, will fix | 16:51 |
| bdmurray | infinity: its verified but has linux-lts autopkgtest failures | 16:52 |
| infinity | bdmurray: Like, JUST now? | 16:52 |
| bdmurray | infinity: yes JUST now | 16:52 |
| infinity | Yeah, we can just delete it. It hasn't published yet. | 16:52 |
| infinity | And then copy the old version back. | 16:52 |
| infinity | I'll sort that. | 16:52 |
| bdmurray | Great, thanks. | 16:53 |
| infinity | bdmurray: Although, the linux autopkgtest failures, do they really have anything to do with initramfs-tools? They're not exactly known for their stability. | 16:53 |
| bdmurray | infinity: I didn't look at them so can't say | 16:54 |
| bdmurray | they certainly do look flakey | 16:54 |
| infinity | I'm more inclined to say "hey kernel people, fix your tests" than hold off the SRU indefinitely. :P | 16:54 |
| infinity | I'll spot check a few of these before I do the delete and copy thing. | 16:54 |
| infinity | Oh, in fact, these are failing for entirely other reasons. | 16:55 |
| infinity | So, yeah. | 16:55 |
| infinity | bdmurray: Not reverting. | 16:56 |
| bdmurray | infinity: okay | 16:56 |
| infinity | bdmurray: I'll have some chats at the kernel sprint next week about how we can get a green baseline on all these kernel tests. | 16:56 |
| bdmurray | where's that? | 16:56 |
| infinity | (And then maybe actually implement the results of said chats) | 16:56 |
| infinity | Londres. | 16:56 |
| -queuebot:#ubuntu-release- Unapproved: libdrm (zesty-proposed/main) [2.4.75-2 => 2.4.76-1] (core, xorg) (sync) | 17:03 | |
| infinity | nacc: Were/are you driving this imagemagick transition? | 17:04 |
| nacc | infinity: yeah i suppose so | 17:05 |
| nacc | infinity: by virtue of keeping it migrating recently | 17:05 |
| infinity | nacc: Pretty sure that https://bugs.launchpad.net/ubuntu/+source/jxrlib/+bug/1666687 isn't going to get resolved by release, so that Recommends should drop to a Suggests, IMO. | 17:06 |
| ubot5 | Ubuntu bug 1666687 in jxrlib (Ubuntu) "[MIR] jxrlib" [Undecided,Incomplete] | 17:06 |
| nacc | infinity: ack, on my list too | 17:06 |
| nacc | infinity: i plan on uploading those three after breakfast :) | 17:06 |
| infinity | nacc: Arguably, it should be a suggests anyway, and the code should actually TEST for the binary and suggest installing libjxr-tools, rather than just throwing ugly errors. | 17:07 |
| nacc | infinity: ack | 17:07 |
| infinity | nacc: Or, to be more verbose about my reasoning there, the fact that it throws hard errors makes it a Depends, per policy, not Recommends. If it didn't throw errors, it would be a Suggests, because one would only call it a Recommends if a major/common use-case of imagemagick was converting that specific file type, which seems like quite a stretch to argue. | 17:11 |
| infinity | nacc: But, for now, an incorrect Suggests will do, unless you have the time to also fix the hard error. | 17:11 |
| nacc | infinity: yep, understood -- i think there are a number of things like this in the imagemagick code. I will take a look but probably just drop it to a suggests for now | 17:12 |
| * infinity nods. | 17:12 | |
| infinity | Also, the docs depending on some random JS library is kinda fun. But if that's a hard dep for a good reason, we can just blacklist the docs from main. | 17:16 |
| infinity | nacc: ^-- Lemme know on that score, and I'll adjust the seeds if appropriate. | 17:16 |
| nacc | infinity: will do | 17:20 |
| -queuebot:#ubuntu-release- Unapproved: usbview (zesty-proposed/universe) [2.0-21-g6fe2f4f-1 => 2.0-21-g6fe2f4f-1ubuntu1] (no packageset) | 17:21 | |
| slangasek | infinity: tzdata required->important as discussed | 17:21 |
| -queuebot:#ubuntu-release- Unapproved: accepted usbview [source] (zesty-proposed) [2.0-21-g6fe2f4f-1ubuntu1] | 17:21 | |
| infinity | slangasek: Fun, fnu. | 17:22 |
| infinity | fnu! | 17:22 |
| infinity | slangasek: Thanks for changing the archive as well this time. ;) | 17:24 |
| -queuebot:#ubuntu-release- Unapproved: sunflow (zesty-proposed/universe) [0.07.2.svn396+dfsg-14 => 0.07.2.svn396+dfsg-14ubuntu1] (no packageset) | 17:25 | |
| -queuebot:#ubuntu-release- Unapproved: accepted sunflow [source] (zesty-proposed) [0.07.2.svn396+dfsg-14ubuntu1] | 17:26 | |
| nacc | infinity: can you reject the imagemagick in the unapproved queue? then i'll upload the same version with the fixed component mismatch | 17:39 |
| flexiondotorg | infinity Any chance I can ask for some reviews of zesty uploads? | 17:39 |
| flexiondotorg | Would like to get the last bits in for an Ubuntu MATE testathon this weekend. | 17:40 |
| flexiondotorg | ubuntu-mate-artwork, brisk-menu, mate-menu, mate-control-center, mate-themes | 17:40 |
| infinity | nacc: Oh just upload ubuntu2 with your changes, so you're not mangling history? | 17:51 |
| infinity | nacc: s/Oh/Or/ | 17:51 |
| nacc | infinity: yeah i'm happy to do that too | 17:51 |
| nacc | infinity: will upload shortly then | 17:51 |
| infinity | nacc: Yeah. Just grab the one from the queue and build on it. | 17:51 |
| infinity | flexiondotorg: The queue will be empty by my EOD, either by accepting or rejecting. | 17:52 |
| infinity | flexiondotorg: History went wonky in mate-menu. Expected? | 17:52 |
| flexiondotorg | infinity I'm checking mate-menu... | 17:53 |
| infinity | flexiondotorg: http://launchpadlibrarian.net/313265955/mate-menu_17.04.2-0ubuntu2_17.04.3-0ubuntu1.diff.gz | 17:53 |
| nacc | infinity: oh i see the docs reference, sorry -- will examine it now | 17:54 |
| flexiondotorg | infinity wtf. Reject that, their is a glitch in the matrix. I'll upload a replacement promptly. | 17:54 |
| infinity | flexiondotorg: heh. | 17:54 |
| flexiondotorg | *there even | 17:54 |
| -queuebot:#ubuntu-release- Unapproved: rejected mate-menu [source] (zesty-proposed) [17.04.3-0ubuntu1] | 17:55 | |
| infinity | dput needs an eliza frontend that goes something like "Did you debdiff before you uploaded?" (response) "And how did that make you feel?" | 17:56 |
| infinity | "I'm not sure what you mean by 'Just upload the friggin package, can you elaborate?" | 17:57 |
| infinity | s/package/package'/ | 17:57 |
| === pete-woods_ is now known as pete-woods | ||
| nacc | infinity: it would appear the doc dep is a real one, rather than using the version bundled with the source so i think a blacklist may be appropriate | 18:00 |
| nacc | infinity: would you like a bug filed to refer to? | 18:00 |
| wxl | infinity: s/\(package\)/\1'/ would have been shorter ;) | 18:03 |
| infinity | nacc: Nah, I'll just refer to the MIR. | 18:03 |
| nacc | infinity: ok, thanks | 18:03 |
| infinity | wxl: My regular expressions in IRC are usually written for readability, not length. | 18:03 |
| wxl | infinity: well you get points for that :) | 18:04 |
| flexiondotorg | infinity Thanks for the reject, correct upload for mate-menu incoming. | 18:04 |
| -queuebot:#ubuntu-release- Unapproved: mate-menu (zesty-proposed/universe) [17.04.2-0ubuntu2 => 17.04.3-0ubuntu1] (ubuntu-mate) | 18:04 | |
| -queuebot:#ubuntu-release- Unapproved: imagemagick (zesty-proposed/main) [8:6.9.7.0+dfsg-2ubuntu1 => 8:6.9.7.4+dfsg-2ubuntu2] (desktop-core, ubuntu-server) | 18:14 | |
| infinity | nacc: Err, why did you change the previous changelog entry? | 18:37 |
| infinity | nacc: Or was it a lie that it was locutusofborg's upload, and you're correcting that? :P | 18:38 |
| nacc | infinity: um, strange | 18:39 |
| nacc | so i also uploaded 8:6.9.7.4+dfsg-2ubuntu1 to the queue | 18:39 |
| infinity | nacc: Not the one I downloaded from the queue... | 18:39 |
| infinity | Oh! | 18:39 |
| infinity | You both uploaded one. | 18:39 |
| nacc | infinity: right, i didn't realize it had been superseded | 18:39 |
| nacc | well 'superseded' :) | 18:40 |
| nacc | infinity: totally my fault, as i thought it was my upload that i was looking for the ubuntu1 | 18:40 |
| infinity | Okay, to be fair, they're basically identical. | 18:40 |
| nacc | yeah, contentfully the same | 18:40 |
| nacc | infinity: you can reject and i can refresh from the queue | 18:40 |
| infinity | nacc: Nah, all good. | 18:40 |
| nacc | infinity: ok, sorry about that! | 18:40 |
| infinity | nacc: Your upload beat his. So, if it wasn't a freeze, you would have won. :P | 18:40 |
| nacc | heh | 18:41 |
| infinity | nacc: queue fetch just got me the newer one. | 18:41 |
| nacc | also, mine closes the bug filed for the FFe :) | 18:41 |
| infinity | nacc: Not that it'll make a big difference (since the bug has no imagemagick task), but his bug ref with the intentional parse error is more correct for referencing a bug, rather than closing it. | 18:41 |
| infinity | nacc: (The MIR bug, not the FFe bug) | 18:41 |
| -queuebot:#ubuntu-release- Unapproved: rejected imagemagick [source] (zesty-proposed) [8:6.9.7.4+dfsg-2ubuntu1] | 18:43 | |
| -queuebot:#ubuntu-release- Unapproved: accepted imagemagick [source] (zesty-proposed) [8:6.9.7.4+dfsg-2ubuntu2] | 18:43 | |
| -queuebot:#ubuntu-release- Unapproved: rejected imagemagick [source] (zesty-proposed) [8:6.9.7.4+dfsg-2ubuntu1] | 18:43 | |
| nacc | infinity: ah yes, sorry about that! | 18:44 |
| nacc | infinity: regardless, sorry for the noise with all that | 18:51 |
| tjaalton | slangasek, infinity: Laney seems absent, so could you check if my analysis of the onscripter test failures are enough to let xserver enter zesty https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1671799/comments/37 | 19:15 |
| ubot5 | Ubuntu bug 1671799 in xorg-server (Ubuntu) "FFe: xserver 1.19.3" [Undecided,Confirmed] | 19:15 |
| infinity | tjaalton: Any idea what's up with the yorick/s390x regression? | 19:18 |
| tjaalton | infinity: no.. not the most important platform for X anyway | 19:19 |
| infinity | No, but regressions still point to bugs somewhere. | 19:19 |
| tjaalton | I don't know how to debug that one | 19:20 |
| infinity | xnox: ^ | 19:20 |
| infinity | tjaalton: As for your onscripter analysis, it sort of creates more questions than it answers. | 19:23 |
| infinity | tjaalton: I was hoping it was a simple "qemu sucks, and we're detecting CPU features that get masked" bug, but your indication that it works from other shells in the same VM throws that out. | 19:23 |
| infinity | error: ("/usr/lib/powerpc64le-linux-gnu/ada/adalib/gmpada/gnu_multiple_precision.ali" is obsolete and read-only) | 19:27 |
| infinity | doko: ^-- Are we supposed to be doing gnat transitions of some sort, and did we fail to do one properly? | 19:27 |
| wxl | new xorg would be nice | 19:29 |
| tjaalton | infinity: yeah it's a weird issue.. real hw is fine, lxc is fine | 19:31 |
| Saviq | hi release team, can we please have the packages from this silo https://bileto.ubuntu.com/#/ticket/2626 approved to zesty? | 19:34 |
| infinity | tjaalton: On a hunch, does "kvm -cpu host" work? I mean, that might confirm my original claim, though makes your findings even more bizarre. :P | 19:34 |
| infinity | Saviq: I'll have a look at that bunch after lunch. | 19:38 |
| Saviq | infinity, thanks | 19:40 |
| tjaalton | infinity: what exactly do you mean? running just that does run qemu but doesn't boot anything | 19:42 |
| tjaalton | oh you mean running the qemu image with host cpu model? | 19:43 |
| infinity | tjaalton: I mean using "-cpu host" as the cpu spec for the test, rather than whatever the default is. | 19:43 |
| tjaalton | got it, trying.. | 19:44 |
| tjaalton | infinity: heh, I get a segfault instead | 19:59 |
| tjaalton | (EE) Floating point exception at address 0x7fdb9a9e2d19 | 19:59 |
| tjaalton | this is from swrast_dri.so | 19:59 |
| tjaalton | so now Xvfb crashes | 20:00 |
| tjaalton | I'll try again after dist-upgrade.. | 20:03 |
| tjaalton | had to use another instance that has working network | 20:04 |
| tjaalton | right, fails the same way after upgrade, so -cpu host didn't change anything | 20:29 |
| -queuebot:#ubuntu-release- Unapproved: cloud-init (zesty-proposed/main) [0.7.9-77-g4a2b2f87-0ubuntu1 => 0.7.9-87-gd23543eb-0ubuntu1] (edubuntu, ubuntu-cloud, ubuntu-server) | 20:51 | |
| === salem_ is now known as _salem | ||
| nacc | infinity: i think the imagemagick packages that are NBS can all be removed now | 21:21 |
| nacc | and looks like once the tests finish the component-mismatch should go away | 21:22 |
| -queuebot:#ubuntu-release- Unapproved: accepted qtmir-gles [sync] (zesty-proposed) [0.5.1+17.04.20170328-0ubuntu1] | 21:31 | |
| -queuebot:#ubuntu-release- Unapproved: accepted qtubuntu-gles [sync] (zesty-proposed) [0.64+17.04.20170328.1-0ubuntu1] | 21:31 | |
| -queuebot:#ubuntu-release- Unapproved: accepted unity8 [sync] (zesty-proposed) [8.15+17.04.20170328.3-0ubuntu1] | 21:31 | |
| -queuebot:#ubuntu-release- Unapproved: accepted qtmir [sync] (zesty-proposed) [0.5.1+17.04.20170328-0ubuntu1] | 21:31 | |
| -queuebot:#ubuntu-release- Unapproved: accepted qtubuntu [sync] (zesty-proposed) [0.64+17.04.20170328.1-0ubuntu1] | 21:31 | |
| slangasek | infinity, apw: so I want to give you both a heads-up regarding a discussion cyphermox and I are having about how to make available a grub that enforces kernel signatures, before we're ready to turn that on for the distro as a whole | 21:32 |
| -queuebot:#ubuntu-release- Unapproved: accepted libertine [sync] (zesty-proposed) [1.7.1+17.04.20170328-0ubuntu1] | 21:32 | |
| -queuebot:#ubuntu-release- Unapproved: accepted ubuntu-app-launch [sync] (zesty-proposed) [0.11+17.04.20170328-0ubuntu1] | 21:32 | |
| slangasek | infinity, apw: we /could/ be ready to turn it on for the distro as a whole, except that I think we need some upgrade logic around detecting systems where the currently-configured kernel is not signed and warn instead of leaving the system unbootable. :P | 21:33 |
| apw | slangasek: sounds like a great idea | 21:33 |
| infinity | s/upgrade logic/preinst logic/ | 21:34 |
| infinity | So, how are we going to prevent people from shooting themselves in the foot by removing linux-signed? | 21:34 |
| infinity | Other than going back in time and agreeing that linux-signed is a silly idea, and linux-image should just be signed by default. :P | 21:35 |
| slangasek | infinity, apw: so of the many options on the table, we think that the most straightforward option that gives us what we need - namely, *a* signed (with Ubuntu key) grub.efi that doesn't allow fallback to unsigned kernels, that we can put in a gadget snap for a customer (doesn't need to be in a grub-signed .deb at the moment) is to just build two grub.efi, one with the linux module, one without, | 21:35 |
| slangasek | and let them be accepted into the archive | 21:35 |
| infinity | slangasek: Sure, seems reasonable. Put them both in the efi tarball, sign both, but have grub-signed pick up the non-enforcing one. | 21:36 |
| infinity | slangasek: Which, if you name the new one something else, happens by default. | 21:36 |
| slangasek | UX for the one without the 'linux' grub module is probably going to be a weird 'missing module' message rather than a 'security failed' message, but we mostly don't care for the present use case, because this is for a product that's SB-enforcing and anybody managing to point grub at an unsigned kernel can keep both pieces anyway | 21:36 |
| apw | infinity: could we use a provides: kernel-signed to ensure you have at least one bootable kernel | 21:37 |
| slangasek | and the policy of this new binary isn't special, it's the next step along our path of turning on enforcement, we're just not ready to do it yet | 21:37 |
| infinity | slangasek: So, I might be unfamiliar with the process here, but why remove a module? Isn't there just an "enforce or not" option at build time? | 21:37 |
| slangasek | so I don't feel like we're signing an artifact we shouldn't be | 21:37 |
| slangasek | infinity: we would have to build the grub source twice with different patches; there's no build time flag in the patchset | 21:38 |
| slangasek | oh | 21:38 |
| slangasek | shoot | 21:38 |
| infinity | You're building it twice anyway, no? | 21:38 |
| slangasek | infinity: the idea would be we wouldn't need to build it twice, only run the build-efi-image script twice | 21:38 |
| cyphermox | not twice for efi. | 21:38 |
| infinity | Or just linking it twice, I guess. But same-same, it's just machine time. | 21:38 |
| cyphermox | slangasek: not even run build-efi-image twice, I can just add a grub-mkimage. | 21:39 |
| slangasek | right | 21:39 |
| cyphermox | it's very nearly a one-liner. | 21:39 |
| slangasek | infinity: setting aside the implementation details of how this gets done in the grub package - no objections to having two signed .efi binaries for grub starting now-ish in zesty? | 21:39 |
| infinity | slangasek: Nope. | 21:40 |
| slangasek | and yes, the fact that you can currently get your signed kernel removed on a SB system and be none the wiser is something we also need to tackle | 21:40 |
| infinity | slangasek: Perfectly fine with that idea, so long as the one we're shipping in grub-signed doesn't regress in any way. | 21:40 |
| slangasek | ack | 21:40 |
| cyphermox | infinity: the grub$arch.efi we ship would be exactly as it was, untouched. I'd add a "enfore_grubx64.efi" or something like that | 21:41 |
| infinity | apw: Depending on kernels works really poorly, which is why we almost always try to avoid it. | 21:41 |
| infinity | cyphermox: *nod* | 21:41 |
| infinity | cyphermox: Well, surely not exactly, as it sounds like there's patches involved here. | 21:41 |
| cyphermox | infinity: nah, I think I can circumvent that | 21:42 |
| cyphermox | ie. removing the 'linux' module breaks the fallback to loading unsigned. | 21:42 |
| infinity | Maybe it would help if I knew what "remove the linux module" actually means. | 21:42 |
| cyphermox | (if it works) | 21:42 |
| cyphermox | grub is modular, every command (or nearly) is a "module" | 21:42 |
| infinity | Sure, I know that. | 21:42 |
| cyphermox | obviously, this is what I'm about to test | 21:43 |
| infinity | But the implication here is that the efi module requires SB chaining, while the linux module doesn't, and it's that fallback we currently rely on? | 21:43 |
| apw | infinity: would it serve us well to switch linux-image to install signed | 21:43 |
| infinity | apw: Yes, that's what we should have done years ago. | 21:43 |
| infinity | apw: But we never got around to implementing our discussions. | 21:43 |
| apw | on everything, now in advance | 21:44 |
| cyphermox | infinity: yeah, currently if linuxefi fails to validate the signature, it silently goes to start the kernel using the 'linux' command. | 21:44 |
| infinity | apw: Basically, we should do what Ben was doing, where the buildds upload foo-unsigned.deb, and then we package it as foo.deb. | 21:44 |
| apw | so if they upgrade it gets reinstalled | 21:44 |
| infinity | apw: The inverse of the current status quo. | 21:44 |
| apw | we can likely retrofit that | 21:44 |
| apw | discussion for now+4? | 21:44 |
| infinity | apw: Sure, we can. The only problem is that old kernels won't have it. So, if we intend to enforce in old stables, we'll still need to think of a way forward. But maybe just a preinst guard and grub that just refuses to upgrade unless you're on a kernel that's packaged the New Way would suffice, cause once you're on that track, accidentally removing your signed kernel is kinda a "duh, don't do that" thing, instead of an honest mistake. | 21:45 |
| infinity | apw: Discussion for the sprint, but probably we should carve out some pair programming time to *implement* at the sprint. Given we've discussed this literally for years, more talk won't help us much. ;) | 21:46 |
| infinity | apw: Err, of course, the immediate path forward, if we were in a hurry, is much simpler. Given we rely on meta for upgrades anyway (derp), we should just make linux-image point to linux-signed. | 21:47 |
| infinity | apw: It's not like anyone will get an upgrade to a new packaging method without meta installed anyway, so... | 21:48 |
| infinity | I really wish I could understant the paranoia that originally led to us thinking there was a reason to have an unsigned option. | 21:49 |
| infinity | Other than for testing, I suppose. | 21:49 |
| infinity | apw: So, yeah. linux-image-flavour Depends linux-signed-image-flavour, done. | 21:49 |
| infinity | apw: Much simpler than reworking all the packaging. :P | 21:49 |
| infinity | (Throw an [amd64] in there) | 21:49 |
| infinity | apw: Belt and bracers that with linux-image-$abi-flavour Depends linux-signed-image-$abi-flavour, and even people who install individual linux-image packages can't screw themselves. | 21:51 |
| infinity | The latter would actually remove the need for the former. | 21:51 |
| infinity | And the linux-signed metas could just go away. | 21:51 |
| infinity | Oh. But that has a chicken and egg issue where you (incorrectly) build-depend on linux-image to create linux-signed. ;) | 21:51 |
| infinity | Meh. | 21:51 |
| infinity | apw: Okay, shutting up. Put it on the agenda for next week please. | 21:52 |
| slangasek | cyphermox: hurr, not building in the 'linux' module means we also don't have the 'linux' command; makes our grub.cfgs a bit broken | 21:52 |
| cyphermox | doh. | 21:52 |
| infinity | alias linux linuxefi? | 21:52 |
| infinity | Doubt that grub.cfg allows aliases, mind you. :P | 21:52 |
| slangasek | that sounds like something requiring a change to grub.cfg also :) | 21:52 |
| slangasek | we *can* work around that by changing grub.cfg | 21:53 |
| slangasek | but that means it's not just a drop-in replacement | 21:53 |
| infinity | Well, that could go in grub.d, if it was a thing. | 21:53 |
| slangasek | ... not on ubuntu-core | 21:53 |
| apw | infinity: yep | 21:53 |
| infinity | Heh. Right. | 21:53 |
| infinity | cyphermox: BUILD_PACKAGES += grub-efi-enforce, REAL_PACKAGES += grub-efi-enforce, and add configure and build stamps, applying patchset in the latter? | 21:57 |
| infinity | Perhaps after copying the source around, so you can (a) avoid parallelism issues with applying a patch mid-build and (b) rm -rf the patched source when done with it. | 21:59 |
| cyphermox | or I could maybe cheat and really alias linux to linuxefi in the binary itself. | 22:02 |
| slangasek | infinity: so then you're build-time-applying patches in a 3.0 (quilt) package, WIN :) | 22:08 |
| infinity | slangasek: Hey, what could possibly go wrong? | 22:26 |
| -queuebot:#ubuntu-release- Unapproved: clutter-gst-3.0 (zesty-proposed/main) [3.0.22-1 => 3.0.24-1] (kubuntu, ubuntu-desktop) (sync) | 22:56 | |
| === Guest86599 is now known as RAOF | ||
| -queuebot:#ubuntu-release- Unapproved: accepted multipath-tools [source] (yakkety-proposed) [0.5.0+git1.656f8865-5ubuntu7.3] | 23:08 | |
| -queuebot:#ubuntu-release- Unapproved: ubuntu-docs (zesty-proposed/main) [17.04.2 => 17.04.3] (personal-gunnarhj, ubuntu-desktop) | 23:11 | |
| -queuebot:#ubuntu-release- Unapproved: accepted multipath-tools [source] (xenial-proposed) [0.5.0+git1.656f8865-5ubuntu2.5] | 23:12 | |
| -queuebot:#ubuntu-release- Unapproved: accepted dnsmasq [source] (yakkety-proposed) [2.76-4ubuntu0.1] | 23:21 | |
| -queuebot:#ubuntu-release- Unapproved: accepted dnsmasq [source] (xenial-proposed) [2.75-1ubuntu0.16.04.2] | 23:22 | |
| -queuebot:#ubuntu-release- Unapproved: accepted sane-backends [source] (yakkety-proposed) [1.0.25+git20150528-1ubuntu2.16.10.1] | 23:29 | |
| -queuebot:#ubuntu-release- Unapproved: accepted sane-backends [source] (xenial-proposed) [1.0.25+git20150528-1ubuntu2.16.04.1] | 23:31 | |
| -queuebot:#ubuntu-release- Unapproved: accepted rabbitmq-server [source] (yakkety-proposed) [3.5.7-1ubuntu0.16.10.1] | 23:35 | |
| -queuebot:#ubuntu-release- Unapproved: accepted rabbitmq-server [source] (xenial-proposed) [3.5.7-1ubuntu0.16.04.1] | 23:36 | |
| -queuebot:#ubuntu-release- Unapproved: imagemagick (zesty-proposed/main) [8:6.9.7.4+dfsg-2ubuntu2 => 8:6.9.7.4+dfsg-2ubuntu3] (desktop-core, ubuntu-server) | 23:38 | |
| nacc | infinity: urgh, sorry, i missed one more component mismatch for the libjxr-tools change (another binary package from src:imagemagick). Just uploaded ubuntu3 --^ | 23:39 |
| -queuebot:#ubuntu-release- Unapproved: asterisk (xenial-proposed/universe) [1:13.1.0~dfsg-1.1ubuntu4 => 1:13.1.0~dfsg-1.1ubuntu4.1] (no packageset) | 23:48 | |
| -queuebot:#ubuntu-release- Unapproved: accepted nfs-utils [source] (yakkety-proposed) [1:1.2.8-9.2ubuntu1.1] | 23:56 | |
| -queuebot:#ubuntu-release- Unapproved: accepted nfs-utils [source] (xenial-proposed) [1:1.2.8-9ubuntu12.1] | 23:57 | |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!