/srv/irclogs.ubuntu.com/2017/06/30/#ubuntu-devel.txt

=== ssweeny__ is now known as ssweeny
Laneymwhudson: yeh08:03
juliankI just synced apt 1.5~alpha1 to artful, with HTTPS support in the http method, but note that ~alpha1 loads the system CA store even if specified a custom one. ~alpha2 tried to fix that but had a regression that is fixed in ~alpha3 (which I'll sync later today)10:02
infinityjuliank: What dependencies does this introduce to the base system?10:10
juliankinfinity: It  adds a dependency on libgnutls10:11
infinityjuliank: Yeah, just found that.10:12
infinityjuliank: libgnutls30 was already prio:important for other reasons, so that seems pleasantly alright by me.10:12
juliankApparently, we don't have gnutls in the base system yet (compared to Debian, where wget uses gnutls, we use openssl )10:12
juliankignore that10:13
juliankI was looking at my build chroot, and that does not even have wget10:13
infinityjuliank: Anyhow, +1 for gnutls instead of curl-gnutls.  I think this'll shrink some annoying cruft from the LP buildd chroots when we can switch.10:15
infinityjuliank: How do I select one over the other?10:17
juliankinfinity: Currently you have to set Dir::Bin::Methods::https to http (and the same for tor+https for people who use that...)10:17
juliankAlthough, tor actually only works in alpha 310:17
juliankinfinity: Eventually it will become the default, but support for CONNECT proxies (and HTTPS proxies) is not there yet10:18
infinityjuliank: So, I'm not against us doing that in the artful chroot configs if/when you think we're ready to hammer on it a bit.10:18
infinityjuliank: Then all private PPAs building for artful would use the new method.10:18
juliankAs long as the PPAs don't use proxies, you can switch them as soon as it landed (if you set a CaInfo file, you might want to wait until alpha 3)10:19
cjwatsonPPA building doesn't use proxies; snap building does10:19
cjwatson(in LP)10:19
infinitycjwatson: For apt?10:19
juliankproxies for https, that is10:19
cjwatsonnot specifically for apt, but snap builds set up a proxy in order that they can fetch stuff from non-DC sources10:20
cjwatsonso apt will (IIRC) end up using that10:20
infinityAhh, but I can configure apt to skip proxies.10:20
juliankI'll try to write CONNECT support (and the https proxy support) soon.10:21
cjwatsonsure, but we have a thing that works at the moment :)10:21
infinityWhich maybe we should for that very scenario.  Unless you think it's sane to cache our own stuff in squid.internal.10:21
cjwatsonI'm mostly disinclined to fiddle much with the config since it's been a time-sink10:21
juliankIt's just Acquire::https::Proxy "DIRECT" that needs to be set, really10:22
cjwatsonand this isn't squid.internal10:22
infinitysquid.whatever. :P10:22
cjwatsonhttps::proxy direct is the wrong fix for snap builds, because it's quite possible that they'll want to use https archives outside of the datacentre, which can only possibly work through the proxy10:24
cjwatsonprivate PPAs are really not my primary concern there, because private snap builds in LP aren't yet a thing10:24
cjwatson(BTW, I'm not intending to give juliank a hard time for not having done this yet - sounds like great work so far)10:24
infinityKay, we can just wait for the support to be complete.10:24
infinityI'm just excited to see apt-transport-https, and half of its deps, go away. :P10:25
cjwatsondefinitely10:25
juliankOK, I'm reading now :)10:25
juliankAnd luckily for us, I do have a proxy here, so I really need this10:26
infinity"luckily".10:26
juliankinfinity: Yeah, otherwise it might take longer. But if I don't do this soon, I end up exceeding my data limit at some point (and the proxy works around the data limit ...)10:29
elopioTrevinho: ping, check your email.10:44
juliankinfinity: Seems to be working now11:15
juliankBut the code is a bit hacky so far11:15
Trevinhoelopio: is the video already live on youtube or what?11:49
juliankinfinity: Have a look at it and tell me if you see something scary https://github.com/Debian/apt/compare/master...julian-klode:feature/https-proxy?expand=111:54
infinityjuliank: I'd recommend sarnold, if you want a "is it scary" code review.11:58
juliankinfinity: well, then tell me if you see something odd :)11:58
juliankDid I say that I like that C++ has lambdas now?11:59
juliankinfinity: I tested: anonymous HTTP proxy, and an HTTPS proxy with Basic auth, BTW :)12:02
juliankinfinity: I think the transition to http being the default https will start later today, now that it's feature complete.12:04
juliankExciting times :)12:05
juliankOh, maybe I should probably talk to the proxy in HTTP/1.0 CONNECT, instead of HTTP/1.1 CONNECT12:06
juliankor read the spec for it12:06
juliankThe RFC says I'm doing everything right :)12:08
xnoxjuliank, not using HTTP/2.0 and push the relevant metadata and packages from the server in parallel?12:44
juliankxnox: No HTTP/2 yet12:45
juliankxnox: But we do pipeline12:45
juliankI think HTTP/2 is really hard actually, if you want to fully do parallel streams12:46
juliankOur code only handles receiving one file at a time12:46
juliankAnyway, pipelining works well for apt, as we can integrity check everything :)12:47
xnoxjuliank, not sure we want parallel downloads. i believe mirrors complained when people do that12:55
juliankxnox: I meant the parallel stream thingy that http2 does12:55
juliankWhere it multiplexes multiple responses12:55
ricotzinfinity, hi, is there some eta to update builder-choots for https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1699772 ?12:56
ubottuLaunchpad bug 1699772 in scilab (Ubuntu) "linux-image-4.10.0-24-generic, linux-image-4.8.0-56-generic, linux-image-4.4.0-81-generic, linux-image-3.13.0-121-generic Regression: many user-space apps crashing" [Undecided,Confirmed]12:56
cjwatsonricotz: Kernels aren't in the chroots.13:46
cjwatsonricotz: The builder VM images are updated automatically from cloud images on cloud-images.ubuntu.com, so they should pick it up once it turns up in cloud images.13:49
ricotzcjwatson, ok, you know what I mean ;), so I am hoping this happens soon13:54
=== King_InuYasha is now known as Son_Goku
=== King_InuYasha is now known as Son_Goku
=== klebers_ is now known as klebers
=== tdaitx_ is now known as tdaitx
=== JanC_ is now known as JanC

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!