[08:03] <Laney> mwhudson: yeh
[10:02] <juliank> I just synced apt 1.5~alpha1 to artful, with HTTPS support in the http method, but note that ~alpha1 loads the system CA store even if specified a custom one. ~alpha2 tried to fix that but had a regression that is fixed in ~alpha3 (which I'll sync later today)
[10:10] <infinity> juliank: What dependencies does this introduce to the base system?
[10:11] <juliank> infinity: It  adds a dependency on libgnutls
[10:12] <infinity> juliank: Yeah, just found that.
[10:12] <infinity> juliank: libgnutls30 was already prio:important for other reasons, so that seems pleasantly alright by me.
[10:12] <juliank> Apparently, we don't have gnutls in the base system yet (compared to Debian, where wget uses gnutls, we use openssl )
[10:13] <juliank> ignore that
[10:13] <juliank> I was looking at my build chroot, and that does not even have wget
[10:15] <infinity> juliank: Anyhow, +1 for gnutls instead of curl-gnutls.  I think this'll shrink some annoying cruft from the LP buildd chroots when we can switch.
[10:17] <infinity> juliank: How do I select one over the other?
[10:17] <juliank> infinity: Currently you have to set Dir::Bin::Methods::https to http (and the same for tor+https for people who use that...)
[10:17] <juliank> Although, tor actually only works in alpha 3
[10:18] <juliank> infinity: Eventually it will become the default, but support for CONNECT proxies (and HTTPS proxies) is not there yet
[10:18] <infinity> juliank: So, I'm not against us doing that in the artful chroot configs if/when you think we're ready to hammer on it a bit.
[10:18] <infinity> juliank: Then all private PPAs building for artful would use the new method.
[10:19] <juliank> As long as the PPAs don't use proxies, you can switch them as soon as it landed (if you set a CaInfo file, you might want to wait until alpha 3)
[10:19] <cjwatson> PPA building doesn't use proxies; snap building does
[10:19] <cjwatson> (in LP)
[10:19] <infinity> cjwatson: For apt?
[10:19] <juliank> proxies for https, that is
[10:20] <cjwatson> not specifically for apt, but snap builds set up a proxy in order that they can fetch stuff from non-DC sources
[10:20] <cjwatson> so apt will (IIRC) end up using that
[10:20] <infinity> Ahh, but I can configure apt to skip proxies.
[10:21] <juliank> I'll try to write CONNECT support (and the https proxy support) soon.
[10:21] <cjwatson> sure, but we have a thing that works at the moment :)
[10:21] <infinity> Which maybe we should for that very scenario.  Unless you think it's sane to cache our own stuff in squid.internal.
[10:21] <cjwatson> I'm mostly disinclined to fiddle much with the config since it's been a time-sink
[10:22] <juliank> It's just Acquire::https::Proxy "DIRECT" that needs to be set, really
[10:22] <cjwatson> and this isn't squid.internal
[10:22] <infinity> squid.whatever. :P
[10:24] <cjwatson> https::proxy direct is the wrong fix for snap builds, because it's quite possible that they'll want to use https archives outside of the datacentre, which can only possibly work through the proxy
[10:24] <cjwatson> private PPAs are really not my primary concern there, because private snap builds in LP aren't yet a thing
[10:24] <cjwatson> (BTW, I'm not intending to give juliank a hard time for not having done this yet - sounds like great work so far)
[10:24] <infinity> Kay, we can just wait for the support to be complete.
[10:25] <infinity> I'm just excited to see apt-transport-https, and half of its deps, go away. :P
[10:25] <cjwatson> definitely
[10:25] <juliank> OK, I'm reading now :)
[10:26] <juliank> And luckily for us, I do have a proxy here, so I really need this
[10:26] <infinity> "luckily".
[10:29] <juliank> infinity: Yeah, otherwise it might take longer. But if I don't do this soon, I end up exceeding my data limit at some point (and the proxy works around the data limit ...)
[10:44] <elopio> Trevinho: ping, check your email.
[11:15] <juliank> infinity: Seems to be working now
[11:15] <juliank> But the code is a bit hacky so far
[11:49] <Trevinho> elopio: is the video already live on youtube or what?
[11:54] <juliank> infinity: Have a look at it and tell me if you see something scary https://github.com/Debian/apt/compare/master...julian-klode:feature/https-proxy?expand=1
[11:58] <infinity> juliank: I'd recommend sarnold, if you want a "is it scary" code review.
[11:58] <juliank> infinity: well, then tell me if you see something odd :)
[11:59] <juliank> Did I say that I like that C++ has lambdas now?
[12:02] <juliank> infinity: I tested: anonymous HTTP proxy, and an HTTPS proxy with Basic auth, BTW :)
[12:04] <juliank> infinity: I think the transition to http being the default https will start later today, now that it's feature complete.
[12:05] <juliank> Exciting times :)
[12:06] <juliank> Oh, maybe I should probably talk to the proxy in HTTP/1.0 CONNECT, instead of HTTP/1.1 CONNECT
[12:06] <juliank> or read the spec for it
[12:08] <juliank> The RFC says I'm doing everything right :)
[12:44] <xnox> juliank, not using HTTP/2.0 and push the relevant metadata and packages from the server in parallel?
[12:45] <juliank> xnox: No HTTP/2 yet
[12:45] <juliank> xnox: But we do pipeline
[12:46] <juliank> I think HTTP/2 is really hard actually, if you want to fully do parallel streams
[12:46] <juliank> Our code only handles receiving one file at a time
[12:47] <juliank> Anyway, pipelining works well for apt, as we can integrity check everything :)
[12:55] <xnox> juliank, not sure we want parallel downloads. i believe mirrors complained when people do that
[12:55] <juliank> xnox: I meant the parallel stream thingy that http2 does
[12:55] <juliank> Where it multiplexes multiple responses
[12:56] <ricotz> infinity, hi, is there some eta to update builder-choots for https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1699772 ?
[13:46] <cjwatson> ricotz: Kernels aren't in the chroots.
[13:49] <cjwatson> ricotz: The builder VM images are updated automatically from cloud images on cloud-images.ubuntu.com, so they should pick it up once it turns up in cloud images.
[13:54] <ricotz> cjwatson, ok, you know what I mean ;), so I am hoping this happens soon