/srv/irclogs.ubuntu.com/2017/06/30/#ubuntu-server.txt

naccrbasak: ok, frustrating time beating my head against the pristine-tar stuff. I think it's going to be a lot of pain to write what `gbp import-orig --pristine-tar` does with all the corner cases, without basically copying all of their code. I've spent (I think) far too much time on it already. I think I see what the problem is with `gbp-import-orig`'s pristine-tar support for multiple tarballs00:29
tomreynis anyone around here aware of an openjdk 8 PPA for 14.04? i can't seem to find any that's just half way current. and some java applications now switch to that as a minimal requirement, citing 'java 7 is EOL'. https://issues.jenkins-ci.org/browse/JENKINS-2762400:33
tomreynmany web sites point to matthias kloses' PPA at https://launchpad.net/~openjdk-r/+archive/ubuntu/ppa?field.series_filter=trusty but his package is 8 months old00:41
RoyKtomreyn: 16.04 is current now, with java 8 and 9 - guess an upgrade to that should be the simple way05:17
RoyK16.04.2, that is - ubuntu is usually quite stable at .1 LTS releases, .2 should be even better05:18
cpaelzergood morning05:20
lordievaderGood morning06:17
ahasenackrbasak: hey, 'morning/afternoon11:53
ahasenackrbasak: remember that bind9 merge, where I split out a test hunk from a patch into its own patch?11:53
ahasenackrbasak: turns out debian, in one of the other patches, did decide to grab test changes too11:54
ahasenackrbasak: so that now conflicts :/11:54
ahasenackrbasak: I'm thinking to just drop the new patch about tests, so we are fully in sync with debian, and whenever debian updates the upstream version, the test changes will be there11:54
ahasenackwe don't run the tests as far as I can see: not in debian/rules, nor as DEP8 tests (there are none)11:54
cpaelzernot at all?11:55
cpaelzerinteresting11:55
cpaelzerwhere did they add the test then?11:55
cpaelzerso TL;DR Debian took test and fix - just in two parts and you now drop all of our delta which was test+fix in one11:56
cpaelzersounds right11:56
cpaelzeryet I wonder about the not running test - can you point me to a hunk in your repo with the test in a patch or so?11:56
cpaelzerahasenack: you didn't upload any bind9 to https://code.launchpad.net/~ahasenack/+git yet11:59
cpaelzerahasenack: if you would I could try to think with you11:59
cpaelzerwhere the test might be used (or not)11:59
ahasenackok, 1sec11:59
fallentreeahasenack: hey, remember when I asked yesterday if there's a bind9 vuln pending? kinda had a premonition :)12:00
ahasenackoh gosh12:01
ahasenackis it public, or embargoed still?12:01
ahasenackcpaelzer: pushing, almost done12:02
ahasenackchecking which other tags I have to push as well12:02
fallentreeahasenack: CVE-2017-3142 and -3143? public.12:02
cpaelzerfor now I'm likely happy with logical12:02
cpaelzerseems reserved but still hidden https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-314312:04
ahasenackcpaelzer: I pushed to https://code.launchpad.net/~ahasenack/ubuntu/+source/bind9/+git/bind9/+ref/bind9-merge-1%9.10.3.dfsg.P4-12.3 but lp doesn't like that link12:04
ahasenackthe % perhaps12:04
cpaelzerhttps://git.launchpad.net/~ahasenack/ubuntu/+source/bind912:05
cpaelzerworks12:05
ahasenackyeah12:05
ahasenackcpaelzer: so12:05
cpaelzerwhich patch contained the test so that one can see it?12:05
ahasenackquilt push -a12:05
ahasenackpatch that fails straight from debian: cve-2017-3137-212:05
ahasenackit changes a test file12:05
ahasenackthe other patch is12:05
ahasenack8864-regression.patch12:06
ahasenackdebian's doesn't have test changes, ours did. So I moved our test changes to 8864-regression-test.patch12:06
ahasenackand now these two are conflicting because of the context. It's a simple conflict12:06
ahasenackthe file is example.db12:06
ahasenackif we remove our 8864-regression-test.patch, then we are in sync with debian and all patches apply12:07
fallentreewhich begs the question, why aren't these fixes synced up? committed to debian first, so they're cleanly downstreamed to ubuntu?12:07
ahasenackdifferent decisions by different security teams12:07
ahasenackwe have some odd hunks in our CVE patches, like copyright year changes12:08
ahasenackcertainly not security related12:08
ahasenackjust to give an example12:08
fallentreeyes, but why? in which case, isn't it easier (and therefore better) for Ubuntu to just use sources directly from ISC?12:08
ahasenackI'm not privy how the patches are distributed to the linux distros12:08
ahasenackand isc's bug tracker is private12:08
ahasenackI assume they hand out a commit hash, and each team picks it up from there12:09
ahasenackor maybe not even that12:09
ahasenackthis 8864 patch in particular was a nightmare, it had TWO regressions12:09
ahasenackCVE-2017-3137 also had regressions. Ubuntu has one big patch file, debian has 3 for the same issue12:09
ahasenackwe are talking about security patches 30kbytes big :/12:10
ahasenack31337: fix foo12:11
ahasenack31337-2: reimplement fix12:12
ahasenackops, number is 313712:12
ahasenack3137-3: fix regresion in fix12:12
fallentreethe company I work for uses sources directly from ISC. No patching or backporting, we just download and compile new source. As ISC is maintaining versions in a LTS style, recompiling upstream directly brings only bug/security fixes.12:12
ahasenackyeah, if we upgraded the version most of these patches would be gone, but we follow debian12:12
fallentreeperhaps it'd be time to re-evaluate "following debian" as closely.12:13
ahasenackdepends on the package12:13
ahasenackand the time of the year (i.e. close to a release or not)12:13
fallentreethe regressions introduced by trying to backport patches upon patches are really a bad thing.12:13
cpaelzerahasenack: I agree I only see it built but not used (the tests)12:14
ahasenackcpaelzer: and the README hints that it is a bit complicated to run them12:14
ahasenackyou have to prepare a network, with a specific CIDR12:14
cpaelzerwhich might be the reason they are not part of build/dep8 tests12:15
ahasenackexactly12:15
cpaelzerdidn't find a reference in the qa tests either - most of the time they add explicit tests per CVE12:16
ahasenackyou mean our secteam's automated tests?12:17
cpaelzeryes12:17
ahasenackok, I hadn't checked that12:17
ahasenackmdeslaur: hi, general question about the bind9 cve patches13:29
ahasenackmdeslaur: for some of them, you guys pulled in test cases together with the actual security fix13:30
ahasenackmdeslaur: but ubuntu doesn't run these tests, right?13:30
ahasenackor do you do a manual run somehow before the packages are released?13:30
ahasenackrbasak: I ended up moving our regression test patches (new relative to Debian) to the end of the d/p/series (and refreshed them a bit), so we can still apply all the debian patches14:00
rbasakahasenack: sounds good. Thanks!14:16
friendlyguyhi there. i am using landscape to manage a few virtual machines. i am wondering if there is a possibility within landscape to autoremove old kernels from boot?14:19
friendlyguyjust configure the vms with: Unattended-Upgrade::Remove-Unused-Dependencies "true" or is there some checkbox i could enable for the upgrade profile?14:20
friendlyguyread: something like a checkbox. so that it would automatically enable it on all upgrade targets?14:23
friendlyguywould be neat to configure this centrally from landscape rather than setting it on every vm14:23
ahasenackfriendlyguy: nope, that feature has been requested though14:28
ahasenacklet me see if I can find the bug14:28
ahasenackfriendlyguy: there is a bug, but it's private: #120839314:29
ahasenackbut it's exactly about that: adding some sort of autoremove call14:29
friendlyguyyup, would be neat :)14:35
friendlyguyi thought maybe i didnt search for the right things, but i came up empty handed for this one14:36
friendlyguythanks for your help!14:39
zuljamespage: do you need someone to review your vif changes?15:03
jamespageI'd like 2 x +2's before landing please15:04
jamespagezul: ^^ and I need to think through if upgraders are impacted15:04
zulok ill try to find some time to review it15:04
jamespagezul: ta15:20
mdeslaurahasenack: we do run the test cases before we release the security updates15:30
dprophitThe #courier channel is dead. Anyone have any experience with maildrop filters?16:13
=== efm__ is now known as efm
ahasenackmdeslaur: the upstream, in-source test cases? Or your own?16:41
sbeattieahasenack: both. for bind9, we do manually run the the upstream, in-source test cases, thanks to mdeslaur's helpful documentation.17:16
ahasenacksbeattie: I'd like to run them, do you have something written down?17:16
sarnoldahasenack: https://git.launchpad.net/qa-regression-testing/tree/build_testing/bind9/bind9-testing.txt18:03
ahasenackthx18:03
jbrazHello. I have installed 16.04.2 server and was wanting to install openstack.  I follow the directions from ubuntu site for conjure up to us snap install conjure up --classic but I get   a failure for conjure-up not found...18:11
stokachujbraz: try hash -r18:11
stokachuthen see if `which conjure-up` shows up in /snap/bin18:11
j-brazOk sorry got disconnected18:14
sarnoldj-braz: < stokachu> jbraz: try hash -r < stokachu> then see if `which conjure-up` shows up in /snap/bin18:14
j-brazroot@jupiter:~# hash -r18:17
j-brazroot@jupiter:~# which conjure-up18:17
stokachuj-braz: sounds like your $PATH is missing snap directories18:18
stokachuand you should be running conjure-up as non root18:18
sarnolddoes df show the snaps mounted?18:18
j-brazHang on I it found one in /usr/bin18:18
j-braz.  /usr/bin/conjure-up18:19
stokachuhmm thats an olddd version18:19
stokachujust type /snap/bin/conjure-up -h18:19
sarnoldyou might want to apt-get purge conjure-up to remove the packaged version18:19
stokachuj-braz: ^ yes please do18:20
j-brazOk..18:20
j-brazOk now which conjure-up returns nothing18:21
stokachuj-braz: does /snap/bin/conjure-up exist?18:21
j-brazNo snap folder is empty18:22
j-brazSnap version 2.25 series 1618:23
stokachuwhat does snap list show18:25
j-brazroot@jupiter:/snap# snap list18:26
j-brazNo snaps are installed yet. Try "snap install hello-world".18:26
j-brazI can't find any info online about it.18:30
sarnoldj-braz :(18:30
sarnoldj-braz: you could try in #snappy -- I don't know if they do user support in irc or prefer their forums18:30
j-brazI didn't know snappy was related.. thanks.18:31
stokachuso what does snap install conjure-up --classic give you18:31
j-brazerror: cannot install "conjure-up": snap not found18:34
stokachuwell...18:35
stokachuj-braz: https://gist.github.com/battlemidget/1a513e3a6ae59f368a3e73856094eb3d18:36
stokachuso im not really sure why you can't see them18:36
stokachuoh18:36
stokachuwhat architecture are you on?18:36
stokachuif it's not x86_64, ppc64, arm64 then you wont be able to install it18:36
j-braz4x quad core and Opteron 8360SE18:37
j-brazOh18:38
sarnoldsigh I wish amd had something like ARK18:38
j-brazSo I have no options?18:39
sarnoldthat's probably compatible18:39
dpb1ya, should be fine18:39
dpb1j-braz: snap find conjure-up shows... ?18:39
j-brazNothing. If I do  snap find with no parameters it list 4 packages.. Docker, LXD, NEXTCLOUD, HUGO18:41
stokachuj-braz: whats `uname -a` show18:42
dpb1j-braz: can you pastebin: dpkg -l |grep snap18:42
j-brazAlso I should mention it's a fresh install. Only added xubuntu desktop18:42
stokachudpb1: mine first18:42
dpb1NO NO NO, me me me18:42
stokachulol18:42
dpb1:)18:42
j-brazLol18:42
j-brazroot@jupiter:/snap# uname -a                          Linux jupiter 4.4.0-83-generic #106-Ubuntu SMP Mon Jun 26 17:54:25 UTC 2017 i686 athlon i686 GNU/Linux18:43
stokachuwell that would be why18:43
stokachuyou got yourself an x86 installation18:43
dpb1stokachu: 64-bit only?18:44
j-brazWhat? I swear I thought I downloaded 64.. I'm sorry guys.. thanks.18:44
stokachuj-braz: np :)18:44
stokachudpb1: x86_64, arm64, ppc6418:45
stokachuso yes18:45
* dpb1 nods18:45
dpb1til18:45
sarnoldstokachu: ha :) nicely done18:46
stokachu:) ty18:46
pmatuliswhat is a decent household file sharing solution these days? i'd rather avoid Samba (based on bad memories from 2.x days)20:07
pmatulis('buntu-only clients)20:08
Postersamba has come a long way, but if you wish to avoid it, something like NFS or webdav comes to mind20:10
pmatulisPoster, thanks20:12
dasjoeI'd stick with samba20:38
PosterYeah if you look at where the Linux kernel was at version 2.x and where it is now at 4.x, a lot has changed20:40
pmatulisok21:16
pmatulisi'm looking at FreeNAS, which can use Samba. not sure if i should just install Ubuntu + Samba. right now i have just Ubuntu clients. i need to also buy hardware21:22
pmatulisthere's a lot of tech in FreeNAS. i could use it as a source of education for my two sons21:25
dpb1freenas is cool.  I just use ubuntu, since I don't really need the higher level interface21:26
pmatulisyeah, i appreciate 'simple' too21:27
dpb1same.  freenas is certainly a good option.  I'm not going to disparage it.21:28
pmatulisand FreeBSD, well, it's been a while. staying with Ubuntu everywhere would make things easy21:29
dpb1now that ubuntu has ZFS as well...21:29
pmatulisyeah21:29
gheorghe_ubuntu is doing some wonderful things that always amaze me22:31
gheorghe_but anyway i need to sleep gn22:32
=== JanC_ is now known as JanC
=== efm__ is now known as efm

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!