mike802hi all, i'm new to ubuntu server.  i'm currently stuck trying to install my lamp stack.  i installed apache2 with a vhost and ssl, then tried to install the moinmoin wiki with very frustrating results00:40
blackflowmike802: any specific problem?00:41
=== markthomas_ is now known as markthomas
mike802just a 404 not found00:49
mike802the default apache2 page shows up (with ssl) on the root00:49
mike802and, i put a test html in my vhost which works00:50
sarnolddo you need to a2enable a module or two to make the wiki work?00:50
sarnoldare there more detailed errors in the apache logs?00:50
mike802i was just going by the ubuntu server documentation00:51
mike802they only mention a2enable for actual apache2 stuff00:51
mike802and no mention of logs....00:51
sarnoldlogs should be /var/log/apache*/00:51
mike802first log says  server certificate does NOT include an ID which matches the server name00:58
jak2000*/1 * * * * root /home/scripts/reboot.sh   <--- this command run every minute?03:12
whislockYes, but that's awfully frequent for a cronjob. Why?03:14
jak2000my question is, is hard for server check every minute?03:15
jak2000My question is, is not it very hard for the server to be checking every minute? Does not saturate the server?03:16
naccno, once a minute is nothing03:16
naccjak2000: what is your *actual* question03:16
jak2000if saturate the server...03:18
whislockWhat is that script doing is a better question.03:19
jak2000i am try follow: https://stackoverflow.com/questions/5226728/how-to-shutdown-ubuntu-with-exec-php/4577528003:29
jak2000first answer, i am on a local network03:29
whislockDoesn't matter, this is a horrible idea.03:29
jak2000i need create a page for restart server, for restar a system, etc.03:31
whislockIt's called SSH. Use it.03:32
jak2000any better idea?03:32
* whislock sighs.03:32
kzismeHi all - recently installed a fresh copy of 16.04 I can login just fine on one machine, but I cannot ping the server when I switch the drive to my other machine (I can login just fine and such)03:34
jak2000any better idea?03:34
whislockjak2000: Use SSH. It supports strong authentication.03:34
jak2000php + ssh?03:35
whislock... No. Just SSH.03:35
whislockStop trying to use PHP for this.03:35
jak2000other question03:35
kzismeOn Desktop 1 I can ping/ssh just fine on Desktop 2 I cannot ping it or ssh to it03:35
kzismeboth are on LAN03:35
whislockSeriously, I wouldn't trust PHP to serve a lunch menu securely, let alone as a gateway for system-level functions.03:35
jak2000i can program crontab for every sunday at 11pm restart the server. but after restarted i need execute a command how to do?03:36
whislockDepends on the command and its complexity.03:36
whislockAnd what version of Ubuntu you're running.03:36
kzismeWho me whislock ?  16.04 LTS03:41
whislockkzisme: No, sorry. Was talking to jak2000.03:45
kzismeAh sry03:45
cpaelzergood morning04:58
lordievaderGood morning06:12
cadoganHello, I am trying to solve problem with authentication using kerberos. So we have Firewall on our network which uses kerberos. When I try to do "sudo apt update" i get Err:1 http://XXXXXXX:XXXX/browser_challenge.php?vsys=2&rule=35&url=http://security.ubuntu.com/ubuntu xenial-security InRelease . is there way to authenticate towards kerberos without using browsers challange?08:48
cadoganI am new to using kerberos, so just pointing to right direction would be helpful :)08:50
=== miguel is now known as Guest58415
jamespagetobias-urdin: no - its been split out of neutron I think - https://github.com/openstack/neutron-tempest-plugin09:12
jamespageand no package so no provision via distro for that now09:12
tobias-urdinjamespage: yeah tried finding a package for it, but there is none in ubuntu?09:25
tobias-urdinweird, wonder where i get neutron-lbaas, neutron-vpnaas and neutron-dynamic-routing plugins on ubuntu hm09:25
tobias-urdinsince those depend on the neutron tempest plugin, they fail09:25
jamespagetobias-urdin: I suspect those install from the parent project still09:27
jamespagerather than being split out09:27
jamespagebut depend on the now split out neutron-tempest-plugin project09:27
tobias-urdinhm so pretty much <python package>/neutron_lbaas/tests/tempest something like that which tempest then loads and fails because neutron tempest is not available09:28
boriteki am trying to commission a dell server in maas but it says no rack controllers can access the BMC node09:36
boriteki tried to setup an IPMI for that09:48
boritekthe IP address also should be for the BMC there right as well as the power mac09:48
boritekI do not get why it cannot reach it09:49
boritekwhat is the best way to configure a dell power edge 630?10:02
boritekis it not ipmi?10:02
boriteki mean the way to configure it for maas10:03
tobias-urdinjamespage: any plans on packaging the tempest plugins that has been moved out of project repo trees?11:17
jamespageboritek: the MAAS rack controller must be able to container the IPMI network address for the servers11:17
jamespagetobias-urdin: tbh no not really11:17
jamespagetobias-urdin: afaik the puppet modules project is the only group making use of them11:17
jamespagetobias-urdin: for all of our tempest testing we make use of venvs and install from source11:17
tobias-urdinjamespage: ok, i will investigate if we can do that way as well for ubuntu atleast11:18
jamespagetobias-urdin: they got package originally as a side effect of being in=tree for existnig packaged projects11:19
jamespageit was never really intentional IMHO11:19
tobias-urdinok, i c11:20
jamespagecpaelzer: thanks for the update on that bug11:47
cpaelzerjamespage: was that what you wanted to ask about?11:53
cpaelzerI set Friday as a deadline for the upload to make sure I get yours fixed at soem point11:54
cpaelzerbut review of the MP is slow (as it is huge)11:54
cpaelzerjamespage: let me know if you want to volunteer (someone else) to review the libvirt MP :-)11:54
jamespagecpaelzer: it was12:21
ahasenackcpaelzer: does bileto also test if the new packages are installable with dependencies from the archive? Like migration/excuses?12:29
ahasenackor is it just build + dep8?12:29
mike-zalI have a serious problem: after adding cache to site and adding it to cloudflare, my systems stop respoding to hosfile, meaning I forward domain to other server (developer version) but browser still opens it from the production server12:36
mike-zalcache on wordpress shouldn't trigger that effect so I'm leaning toward cloudflare making this issue12:37
mike-zalany idea how to work around it? using hostfile is a very useful thing when working on a site so without it, my options are limited12:38
ahasenackrbasak: are you around? Could you please click on the "lander signoff" dropdown menu at https://bileto.ubuntu.com/#/ticket/3351 so bileto can start the dep8 tests for the squid packages from the test ppa?12:40
rbasakahasenack: done12:47
cpaelzerahasenack: no installation test12:52
tewardsdeziel: given that your suggestion on #1782226 SEGVs in recent Ubuntu to remove the header from `ss`, and `-H` doesn't exist as a valid flag in older Ubuntu releases such as Xenial, unless you have a way to strip the header out in a way that doesn't provide the requirement of additional dependencies, I'm not sure if there's a way to skip using lsof (I commented with some details about how the current detection works - and it works well)13:56
teward(or rather, the current detection in that proposed package in that PPA13:56
sdezielteward: how about "ss -nto state listening 'sport = 80' | grep -v ^Recv-Q"13:58
tewardthat might work13:58
sdezielteward: or "ss -nlt 'sport = 80' | grep -v ^State"13:58
tewardboth would work for Xenial, and so long as it doesn't output data if the port isn't in use that should be fine13:59
sdezielyup, no output when nothing listens14:00
sdezieltested on both Xenial and Bionic14:00
tewardindeed.  now let's just hope that `ss` in Cosmic doesn't randomly start segfaulting heh14:01
teward(I'm also not awake yet, or i'd have tried the greps.  alas i'm still waking up >.>)14:01
sdezielthe ss segfault was reported to LP: #178739614:02
ubottuLaunchpad bug 1787396 in iproute2 (Ubuntu) "ss crashes when using --no-header" [Undecided,New] https://launchpad.net/bugs/178739614:02
sdezielI'll check with a cosmic container14:02
tewardthe next question is whether we're confident `ss` will always be present in Ubuntu, is there any case where `iproute2` is not installed in an ubuntu system?14:03
sdezielteward: I'd add a "Depends: iproute2".14:08
sdezielbut I think that most install will already have this dep installed as ubuntu-minimal pulls it in14:08
tewardwe'd have to do the same for `lsof` if we use that either.  Both ways work, though I just pushed another version to the PPA that uses 'ss', and didn't add the depends yet (oops?  guess ~lp1782226.8 will have the Depends then)14:09
tewardsdeziel: yeah that was my main concern14:09
tewardsince there's quite a few people recently posting on Ask Ubuntu using ubuntu-minimal instead of the full server install14:09
tewardso long as the smallest Ubuntu includes `iproute2` that's fine, though I'll add it as a depends before getting this into Cosmic.14:09
sdezielgreat, thanks!14:10
tewardroaksoax: ccing you to ^ since you were also testing.  Assuming this works, then this is a candidate to be added to Cosmic, and then we can work on the SRU bits.  (I'll be glad when people stop filing bugs just because they have something else listening on Port 80 already and try to install NGINX...)14:14
teward~lp1782226.8 pushed up to that PPA, now we let it build :P14:15
blackflowsdeziel: I just replicated with --no-header and a filter with no mathces. eg.    ss --no-header 'dport = 123456'   => segfault14:21
sdezielblackflow: thanks, the LP was also confirmed by others (you?)14:21
blackflowkinda makes sense. no header + no output + something_something = segfault14:23
dpb1rbasak: we are trying to have standup early, can you make it?14:44
ahasenackkstenerud: so have you cloned a package repo with git ubuntu yet?16:45
kstenerudok, so I have git ubuntu installed16:50
ahasenacktry cloning a package16:50
ahasenackgit ubuntu clone <sourcepackagename>16:50
ahasenackpostfix, or strongswan16:50
ahasenackor both16:50
ahasenackit may prompt you to configure ~/.gitconfig16:50
kstenerudfatal: could not read Username for 'https://git.launchpad.net': terminal prompts disabled16:51
ahasenackadd a [gitubuntu] section to ~/.gitconfig16:52
ahasenackhere is mine16:52
ahasenacklpuser = ahasenack16:52
kstenerudalready there16:52
kstenerudlpuser = kstenerud16:52
ahasenackdid it download stuff before that message?16:52
ahasenackah, ok, then it's just because you haven't pushed anything yet16:52
naccthe fatal message is nothing16:52
naccwell, it's a known issue16:52
naccone sec, let me find the bug16:53
naccit has no impact16:53
ahasenackkstenerud: do you also have a [user] section with full name and email?16:53
ahasenackcanonical email?16:53
kstenerudah, no it's my gmail account16:54
naccLP: #176182116:54
ubottuLaunchpad bug 1761821 in usd-importer "fatal: could not read Username for 'https://git.launchpad.net': terminal prompts disabled" [Undecided,New] https://launchpad.net/bugs/176182116:54
naccthe user seciton shouldn't matter to git-ubuntu, fwiw16:54
kstenerudhmm so that means I'll have to switch accounts in .gitconfig when managing my github stuff?16:54
naccsorry, what's the symptom here?16:55
ahasenackI don't know how that can be controlled16:55
ahasenacknacc: nothing, I was just going over my ~/.gitconfig16:55
naccahasenack: ah ok :)16:55
ahasenackto get him started16:55
naccno, you don't need per-remote git user16:55
nacckstenerud: were you able to clone with git-ubuntu?16:55
kstenerudyup it did clone16:56
ahasenackkstenerud: ok, go over this blog post now: https://blog.ubuntu.com/2017/08/09/git-ubuntu-clone16:56
nacckstenerud: the only thing i can imagine you running into, which has not much to do with git-ubuntu itself, is who you want to commit as when using the git-ubuntu repositories16:56
naccthe email should match your lp email16:56
nacc(afaik, so that lp will do the right linkage)16:56
ahasenackthat sounds important :)16:56
ahasenackkstenerud: what I would like you to know is the different branches that are available for the packages17:00
ahasenackkstenerud: i.e., pkg/ubuntu/devel meaning the current ubuntu development package17:00
ahasenackpkg/ubuntu/xenial-devel being the current xenial package17:01
ahasenackand so on17:01
ahasenackand the several tags for package versions, representing each package version as it was imported at that version17:01
kstenerudthere are 233 branches for postfix17:01
kstenerudunder applied17:02
ahasenackapplied means the branch has the patches from debian/patches applied17:02
ahasenackwe tend to work with the ubuntu/ ones, which have the patches unapplied17:03
nacckstenerud: each applied/ubuntu branch has the corresponding ubuntu/ branch as an ancestro (it's the result of doing `quilt push` iteratively on the unapplied until no patches are left to apply)17:04
ahasenackkstenerud: you can ignore applied/ for now17:05
nacckstenerud: it's mostly an implementation detail for you :)17:05
ahasenackkstenerud: so to fix https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1753470, we want to inspect pkg/ubuntu/devel (git-ubuntu should have landed you in ubuntu/devel after the clone)17:06
ubottuLaunchpad bug 1753470 in postfix (Ubuntu Bionic) "Postconf segfaults every 5 minutes" [Low,Triaged]17:06
ahasenackto see what the fix was17:07
ahasenackand then we want that fix in bionic, so for bionic you could create a local branch based on pkg/ubuntu/bionic-devel17:07
tewardsdeziel: i just got around to testing the ss-powered packages for that NGINX bug, and it seems to work.  Feel free to test if you want.  I intend to wait until I hear anything bad about it, or confirmation that it works as intended before I start prepping for its inclusion in Cosmic17:08
tewardroaksoax: anything to note about the daemon-only NGINX package as well?17:08
tewardsince i'm gearing up to patch things and then push to Cosmic17:08
sdezielteward: alright, I'll give it a try and report in the bug17:09
tewardyep no rush17:09
kstenerudahasenack: ok so: git checkout -b pkg/ubuntu/bionic-devel remotes/pkg/ubuntu/bionic-devel17:10
ahasenackI suggest:17:10
tewardsdeziel: because i won't be getting around to pushing it out until, what, Saturday?  (tomorrow's a day filled with busy busy work and meetings, while the rest of today is network maintenance on site here and I'll be busy reconfiguring switches heh)17:10
ahasenackgit checkout -b bionic-postconf-segfault-1753470 pkg/ubuntu/bionic-devel17:10
ahasenackhow you name it is up to you, of course. As a matter of preference, I like to include the ubuntu release, package/issue and bug number17:10
rbasakI have my ~/.gitconfig configured to personal email, and try to remember to change it to my Canonical email when doing stuff sponsored by Canonical (ie. when I'm "at work")17:11
ahasenackbecause I tend to acumulate a lot17:11
* sdeziel is happy to watch the git-ubuntu walk-through!17:11
ahasenacksdeziel: \o/17:11
ahasenackkstenerud: git-ubuntu should have set up a default remote of "pkg"17:12
kstenerudok I have my local branch17:14
ahasenackcosmic or bionic?17:18
ahasenackcreate both17:18
kstenerudok done17:19
ahasenackswitch to the cosmic one, and take a look at git log17:19
ahasenackI suggest this in ~/.gitconfig17:19
ahasenack    decorate = short17:19
sdezielno need to have the local cosmic branch. On the bionic branch: git log -p -b pkg/ubuntu/cosmic-devel17:21
ahasenackworks too17:21
sdezielthis save the branch switching17:21
sdeziel(just found out about -b)17:21
ahasenackwhat is -b for?17:22
nacci don't thjink you need -b17:22
naccgit-log should understand the argument as ref, which the remote-tracking branch is17:22
sdezielnacc: you are right17:22
nacctechincally, you never need to switch branches with git anymore :)17:23
naccuse working trees and go crazy17:23
ahasenackkstenerud: ok, so the cosmic log17:24
kstenerudlast entry is from git-ubuntu import17:24
sdeziel-b was not even unneeded, it was wrong as it changes how diffs are displayed17:24
ahasenackkstenerud: ah, another command for you: rmadison17:24
ahasenackkstenerud: that will show you the current versions of a package in each release17:25
naccsdeziel: yeah, i was looking in the manpage for what it does, as i've never used it :)17:25
ahasenackkstenerud: anyway, the tip of cosmic, shows the import of 3.3.0-1ubuntu117:25
ahasenackand all the accompaining tags17:25
ahasenackand branches17:25
ahasenackag: pkg/import/3.3.0-1ubuntu1, tag: import/3.3.0-1ubuntu1, pkg/ubuntu/devel, pkg/ubuntu/cosmic-proposed, pkg/ubuntu/cosmic-devel, pkg/ubuntu/cosmic, ubuntu/devel17:25
ahasenacka bit down you will see the previous cosmic package17:25
ahasenackbetween the two, two commits from me17:26
ahasenackone with the fix17:26
ahasenackanother one saying "changelog"17:26
ahasenackif you do git log -p you will see what was done in each17:26
ahasenackour standard workflow is to commit a change, then commit the corresponding debian/changelog entry17:26
ahasenackusing the same as the commit message17:26
kstenerudso in the changelog commit your message is simply "changelog"17:28
ahasenackbut the contents, i.e., what was committed, is identical to the change I introduced in the previous commit17:28
ahasenackwe just say "changelog" so they are easily recognized later on when dealing with merges from debian, a topic for another time17:29
ahasenackI've seen people saying "changelog: <actual change description>"17:29
ahasenackbut don't worry about that now, you will get your preference as time goes by17:30
naccit's mostly convention what the commit messages say at this point17:30
ahasenackkstenerud: how familiar are you with the debian/patches structure?17:30
naccthere are no hard and fast "requirements"17:30
kstenerudahasenack: not at all17:30
ahasenackkstenerud: ok, so take a look at the debian/patches directory in that branch17:31
ahasenackyou will see one file called "series", and then a bunch of other files17:31
ahasenackkstenerud: the series file contains a list of patches that will be applied before the binary build starts, and in that order17:31
kstenerudOK. Is there a reason for the numbering?17:32
ahasenackconvention by some people17:32
ahasenackit's free-form17:32
naccdebian is stricter about it than ubuntu, imo17:32
naccwell, 'stricter' :)17:32
ahasenackideally one should follow the established pattern in the package17:32
ahasenackI don't remember why I didn't do it here17:32
ahasenackprobably because I wanted to avoid a possible future conflict with a patch from debian that started with the same number17:32
naccyeah, and it's also less required once it's in Git (at least for this team) IMO17:33
sdezieltls_version.diff broke the uniformity before you did17:33
ahasenackand that was added by debian17:33
ahasenackso meh :)17:33
ahasenackkstenerud: you should setup quilt, have you heard of that before?17:34
ahasenacklet me fetch you some config files17:34
ahasenackkstenerud: create these two files in your home: https://pastebin.ubuntu.com/p/bxQr552PGY/17:35
ahasenackkstenerud: and add this bash alias somewhere: alias dquilt="quilt --quiltrc=${HOME}/.quiltrc-dpkg"17:35
ahasenack(assuming you use bash :)17:36
ahasenackif you use ksh or something else, you are on your own :)17:36
ahasenackkstenerud: once you have that done, and the alias sources, try "dquilt push -a" and afterwards "dquilt pop -a" inside the package branch directory17:37
ahasenackpush -a means apply all patches, and pop -a means deapply17:37
ahasenackall of them17:37
ahasenackyou can push up to an individual patch by giving its name17:37
Ussatewww.....just had a request to install Mate GUI on a server...17:39
UssatI feel all sullied now17:39
ahasenackUssat: go over to #ubuntu-desktop :D17:39
ahasenackj/k :)17:39
kstenerudDamn that's cool!17:39
UssatOH no.....anything but that.........17:40
ahasenackUssat: :)17:40
sdezielahasenack: both ~/.quiltrc and ~/.quiltrc-dpkg are identical, expected?17:40
ahasenacksdeziel: oh man, I set that up so long ago17:40
sdezielahasenack: tabs vs spaces diff only17:40
ahasenackhah :)17:40
ahasenackdquilt (the alias) uses the -dpkg one17:41
ahasenackfor raisins17:41
ahasenackoh well17:41
sdezielquilt uses ~/.quiltrc by default17:41
ahasenackmaybe at some point I wanted separate configs, who knows. I don't remember17:42
sdezielsorry for nitpicking, just trying to follow17:42
ahasenackno, it's helpful17:42
ahasenackkeep the picks coming17:42
ahasenackkstenerud: how are you doing?17:42
naccquilt uses --quiltrc option, then ~/.quiltrc, then /etc/quilt.quiltrc17:42
kstenerudI'm taking down notes on all of this so be as pedantic as possible :)17:42
ahasenackkstenerud: so you can see that d4cb4562480496f8a1b25ddc397cef45dd45d855 then adds the quilt patch, and adds its name to the series file17:42
ahasenackbut does not touch the actual source code from postfix17:42
ahasenackso we are adding a patch with git17:43
ahasenackkstenerud: two things about the patch17:43
naccactual source code = upstream part of the packaging17:43
ahasenackkstenerud: a) we want to mention in the commit message which files we are touching17:43
ahasenackkstenerud: that's why you see the commit message prefixed with debian/patches/fix-postconf-segfault.diff:17:44
ahasenack(we don't mention d/p/series because that's "obvious")17:44
ahasenackkstenerud: and b) the patch we added to debian/patches/ has quite the verbose header17:44
ahasenackkstenerud: we call that header DEP317:45
ahasenackkstenerud: there's a whole spec about that17:45
ahasenack(and I just misplaced the url to it, and google is failing me)17:46
ahasenackkstenerud: here is a summary: https://pastebin.ubuntu.com/p/X3KnfftthK/17:46
ahasenackor template, if you will17:46
ahasenackthanks nacc17:46
naccall the DEP are there, iirc17:46
naccDEP14 being the other relevant one to g-u17:46
ahasenackoh, and it's in the header template I pasted even17:47
naccyeah, i thought `dpkg-source --commit` added a link :)17:47
ahasenackyou can also use dquilt to add this header: dquilt header -e --dep3 <patchname>17:47
ahasenackto an existing patch, that is17:47
sdezielwow, that's nice ^17:49
ahasenackkstenerud: we really want all patches we are adding to have a dep3 header, it helps soooo much when doing package maintenance later on17:49
ahasenacknot all existing patches have it, though, but we enforce it for new patches17:49
ahasenackin our team, that is17:50
ahasenackkstenerud: with me still? :)17:52
kstenerudyup :)17:53
sdezielahasenack: is there a tool that you use when merging that uses the "Applied-Upstream" field to know if a given patch should be dropped?17:53
ahasenacksdeziel: not that I know of17:53
sdezielI'm asking cause that specific bug was fixed by upstream in 3.3.117:53
sdezielOK, thanks17:53
ahasenackit wasn't applied yet when the patch was made17:54
ahasenackkstenerud: ok, so we need to apply that fix to the bionic version17:54
ahasenackkstenerud: this might be as easy as cherry-picking the cosmic fix17:55
sdezielyeah, was just asking how much manual work was required for merges17:55
naccsdeziel: i'd file a bug against git-ubuntu for that feature :)17:55
* sdeziel obliges17:55
ahasenackkstenerud: now, of course the cherry-pick itself will probably apply17:55
ahasenackbut that doesn't mean the patch might apply in the bionic version17:55
ahasenackhence cherry-pick, and then try "dquilt push -a" to see if it applies17:55
kstenerudok so cherry-pick d4cb45?17:56
ahasenackkstenerud: you can also run "rmadison postfix" to see which versions of postfix were released into each uuntu release17:56
ahasenackkstenerud: yep17:56
ahasenackin this case, bionic has the same major version as cosmic, so it should be fine17:57
sdezielnacc: LP: #178745517:57
ubottuLaunchpad bug 1787455 in usd-importer "[wishlist] create a tool that process dep3 "Applied-Upstream" field" [Undecided,New] https://launchpad.net/bugs/178745517:57
kstenerudok which branch am I cherry-picking on to?17:58
ahasenackthe bionic one you created before17:58
ahasenackbased on pkg/ubuntu/bionic-devel17:58
ahasenackpro-tip: compare the version at the top of debian/changelog with what is actually released in bionic17:58
naccsdeziel: thx17:58
ahasenacksometimes the git-ubuntu importer failed and wasn't restarted, and it could be lagging behind17:58
ksteneruder.. but d4cb45 is already in that branch17:59
ahasenackare you sure you are not on the cosmic one still17:59
ahasenackor that you created the bionic branch based on cosmic, instead of bionic?17:59
kstenerudoh wait wrong branch :P17:59
ahasenackah, I use a PS1 change to always have the branch name in my prompt18:00
ahasenackyou may want to do something similar, if you haven't already got something like it18:00
ahasenackannoying drawback is that the prompt gets confused when typing a long line, because of the colors :/18:00
kstenerudyeah I have it on one of my machines somewhere.. This is a fresh install18:00
kstenerudNow at patch fix-postconf-segfault.diff18:01
ahasenacktry applying it with quilt18:01
ahasenacksee if it applies cleanly18:01
kstenerudyup it did18:01
ahasenackrevert that then18:01
ahasenackget back to a clean branch18:01
kstenerudor at least it didn't complain :P18:01
ahasenackgit status should only show .pc18:01
ahasenack.pc is the control directory for the quilt patches18:01
ahasenackyou can rm -rf it to get a clean state, once you have unapplied all patches18:02
ahasenackok, now changelog18:02
ahasenacksometimes the hardest part, heh18:02
naccahasenack: fwiw, `git clean` can do it as well18:02
nacc(-fdx, iirc)18:02
ahasenacknacc: yeah, I do git clean -f -x -d18:02
dpb1there is a social aspect to the changelog. :)18:02
ahasenackand a version part18:02
ahasenackkstenerud: bookmark this, you will refer to it often: https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation18:03
ahasenack(I do)18:03
ahasenackspecifically, go to https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging18:03
ahasenackand look at that table of version examples18:03
ahasenackthe version in bionic is 3.3.0-118:04
ahasenackthe version in cosmic is, as of this moment, 3.3.0-1ubuntu118:04
naccdpb1: definitely, it's a large social engineering project in some sense. It's the 'shared' bit18:04
ahasenackkstenerud: we need a version that is higher than 3.3.0-1, but lower than 3.3.0-1ubuntu118:05
dpb1it's true18:05
kstenerudwhy lower than ubuntu1?18:06
ahasenackbecause that is in cosmic already, and we want a release upgrade from bionic to cosmic to upgrade to the cosmic package18:06
ahasenackinstead of leaving the bionic package installed18:06
kstenerudok, so ubuntu0.1?18:07
kstenerudOr some other scheme in case we're putting this fix in multiple releases?18:07
ahasenackthe "1" before ubuntu means it's based on debian's -1 release18:07
sdeziel1ubuntu0.18.04.1 ?18:08
ahasenackjust 1ubuntu0.1 in this case18:08
ahasenackbut it's a good question whether the bug happens in other releases18:08
ahasenackthat's something that the bug triager should have checked, but you can check too18:09
ahasenackthis is where lxd containers help a lot18:09
kstenerudso if the bug did trigger in earlier versions as well, would that affect the naming scheme?18:09
ahasenackor, if you just want to check code, you can checkout the branches for each past ubuntu release18:09
ahasenackkstenerud: depends on what version is in the other releases18:10
ahasenackif they all had 3.3.0-1, they perhaps18:10
ahasenackhence, check "rmadison postfix"18:10
dpb1versions are only slightly less hard than the changelog18:10
ahasenackkstenerud: so we have a version, here is another tip to reconstruct the changelog18:12
ahasenackkstenerud: following the pattern of using the same text for the commit message and the d/changelog entry, there is a script that can do this for us18:13
ahasenackpart of the git-ubuntu snap18:13
ahasenackgive it a base, and it will populate d/changelog with the commit messages from base to head18:13
ahasenackin this case, the base could be pkg/ubuntu/bionic-devel for example18:13
ahasenackjust prior to your cherry-pick18:13
ahasenackit will try to guess the version number to use, and it does that correctly most of the time for uploads to the devel release, but not for SRUs18:14
ahasenackso you will have to adjust that bit, and the ubuntu release (it will say UNRELEASED by default)18:14
sdezielshouldn't "git-ubuntu.reconstruct-changelog" assume the base to be the currently checkout branch if not specified as "$1" ?18:16
naccsdeziel: it's never 'wrong' to use the full numeric release, IMO. rbasak and i have gone back and forth on it, as it's not strictly necessary in some cases.18:16
naccit won't know what to do if not given an option18:16
naccit needs to start somewhere *before* current branch18:16
naccand reconstruct d/changelog entries from there to HEAD18:16
sdezielnacc: OK, I was trying to find edge cases of using the full numeric release but couldn't18:17
naccsdeziel: right, it's the 'safer' option, but isn't necessary in some well-defined case (but using it can break future cases, etc. :)18:18
naccerr, not using it can break future cases18:18
ahasenackkstenerud: let me know when you have a d/changelog ready to commit, and commit it18:18
ahasenackI'll grab some coffee, brb18:18
kstenerudkarl@karl-tp:~/work/postfix$ git-ubuntu.reconstruct-changelog18:19
kstenerudkarl@karl-tp:~/work/postfix$ git diff18:19
ksteneruddiff --git a/debian/changelog b/debian/changelog18:19
kstenerudindex 6d9e6754..44046d9e 10064418:19
kstenerud--- a/debian/changelog18:19
kstenerud+++ b/debian/changelog18:19
kstenerud@@ -1,3 +1,8 @@18:19
kstenerud+postfix (3.3.0-1ubuntu1) UNRELEASED; urgency=medium18:19
nacckstenerud: use a pastebin :)18:19
kstenerud+ -- Karl <karl@karl-tp>  Thu, 16 Aug 2018 11:19:05 -070018:20
dpb1there is a thing18:20
dpb1!pastebin | kstenerud18:20
ubottukstenerud: For posting multi-line texts into the channel, please use https://paste.ubuntu.com | To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.18:20
dpb1there you go!18:20
naccand/or | nc termbin.com 999918:21
sdezielnacc: I don't understand why git-ubuntu.reconstruct-changelog could assume the currently checked out branch to be like passing it as $118:21
sdeziels/could/could not/18:23
sdezielkstenerud: git-ubuntu.reconstruct-changelog pkg/ubuntu/bionic-devel18:24
ahasenackkstenerud: back18:24
naccsdeziel: wait, that's not your current branch, that's the branch you are based off of18:24
naccsdeziel: sorry, i'm otp right now, so i need more context18:24
naccsdeziel: in general, if you're checkout to a branch, `git-ubuntu.reconstruct-changelog <current branhc name>` is a no-op18:25
naccas HEAD=<current branch name> and there are no commits betweeen them18:25
ahasenackkstenerud: you didn't give it a committish where to start18:25
sdezielnacc: err, sorry my bad18:25
naccsdeziel: does that make sense?18:25
kstenerudok so https://pastebin.ubuntu.com/p/Gtgx4QFKFk/18:25
sdezielnacc: yes, absolutely, I was not making sense ;)18:25
ahasenackkstenerud: do git log, and use the commitish just before the cherry pick, or any of its tags18:26
ahasenackkstenerud: that's better18:26
ahasenackkstenerud: but you need to fix your email :)18:26
ahasenackand full name18:26
naccsdeziel: we would love to be able to detect it perfect automatically, it's just not easy to always do right18:26
ksteneruder how do I do that?18:26
ahasenackkstenerud: your ~/.gitconfig is correct in that regard?18:27
ahasenackhm, maybe it's using that18:27
dpb1and DEBFULLNAME18:27
ahasenack$ env|grep DEB18:27
ahasenackDEBFULLNAME=Andreas Hasenack18:27
ahasenackI assumed it used ~/.gitconfig18:27
kstenerudI don't have any DEB envs. .gitconfig has my full name and gmail address18:27
ahasenackbut I also had those vars set18:27
ahasenackok, then set those vars in some .bashrc file for later, and now just export them18:28
ahasenacktrash the changes, and run the script again18:28
sdezielnacc: how about looking at the branch's ancestor by default then?18:30
sdezielthat's assuming that one always does `git checkout -b bionic-postconf-segfault-1753470 pkg/ubuntu/bionic-devel` prior to cherry picking18:31
naccsdeziel: right, which i think i thought was fragile :)18:31
sdezielnacc: alright. reconstruct-changelog is pretty cool even if we have to provide that commitish arg18:33
dpb1what about UNRELEASED ahasenack ?18:34
ahasenackkstenerud: better18:34
ahasenackkstenerud: now we need to fix the version number, as discussed before, and the ubuntu release, which is what dpb1 just asked about18:34
ahasenackunreleased should be replaced with "bionic"18:35
naccsdeziel: yeah :)18:35
kstenerudok so the bionic change, and then 1ubuntu0.1?18:37
ahasenackone more thing about the changelog entry: the "(LP: #1753470)" string is special18:38
ubottuLaunchpad bug 1753470 in postfix (Ubuntu Bionic) "Postconf segfaults every 5 minutes" [Low,Triaged] https://launchpad.net/bugs/175347018:38
ahasenackit will auto-close that bug once the package is published to updates18:39
ahasenackif you open the bug url, you will see it has an open "bionic" task18:39
ahasenackkstenerud: feel free to assign that task to yourself, and switch "status" to "in progress"18:39
kstenerudwhere is the task link?18:40
ahasenackit's the row that starts with "bionic"18:40
ahasenacknext to each name in each collumn should be a small yellow pencil icon18:41
ahasenackand the "assigned to" column has the entry "unassigned"18:41
ahasenackcan you click on that pencil, or you don't have it?18:41
ahasenackmight be a permissions problem18:41
kstenerudok got it18:41
ahasenackeach one of those rows we call "tasks", because one bug can affect multiple projects18:42
dpb1specifically, launchpad calls them tasks18:42
dpb1(and doesn't expose that they are called tasks very well)18:43
ahasenacklots of tricks there18:43
dpb1tasks, bug tasks18:43
ahasenackkstenerud: can you change status as well?18:43
kstenerudto fix committed?18:44
ahasenackno, to "in progress"18:45
ahasenackthat task, the bionic update, is in progress now, since you are working on it18:45
ahasenackit's not yet in the archive, nor uploaded, so fix committed or released are incorrect at the moment18:45
ahasenackok, so where do we stand18:46
ahasenackyou have a local branch with a proposed fix18:46
ahasenackyou need to test it18:46
ahasenackthere are a few ways to do it18:46
ahasenackI like two, and it depends on the package18:46
ahasenacka) build it locally and test18:46
ahasenackb) build it in a ppa, and then test18:46
ahasenackit depends if the package takes a while to build, how fast your computer is, etc18:47
ahasenackwe can try both18:47
ahasenacksometimes ppas are slow, if we are approaching a release, for example18:47
ahasenackthen the builders are busy18:47
ahasenacklet's try a ppa first, to expose you to them18:47
kstenerudyup let's do it18:48
ahasenackok, so another versioning trick we will need18:48
ahasenackwe are proposing 3.3.0-1ubuntu0.1 for ibonic18:48
ahasenackif it works, that's the version that will land in bionic18:48
ahasenackfor the ppa, we will want to use a version that's lower than 3.3.0-1ubuntu0.1, because if somebody installed the package from the ppa, and the release happens, we will want that person to uprade to the official package from the archive18:49
ahasenackso the trick is to append ~ppaN18:49
ahasenackfor example, 3.3.0-1ubuntu0.1~ppa118:49
ahasenackthat is higher than the current version of postfix in bionic (3.3.0-1), is lower than the version we want to propose as a fix (3.3.0-1ubuntu0.1)18:49
ahasenackso go ahead and add ~ppa1 to the verison in d/changelog, and make a simple commit. for example, "git commit debian/changelog -m ppa1"18:50
ahasenackwe need to commit because of the step that comes next18:50
kstenerudok so the previous changelog change should be commited before I do this?18:50
ahasenackbut we would not push that to a remote git repo18:50
ahasenackyes please18:50
ahasenackkstenerud: let's do it like this then:18:50
kstenerudwith the message "changelog"?18:50
ahasenackcommit that, without the ~ppa1 suffix18:51
ahasenackthen push that to launchpad18:51
ahasenackand then commit the ppa118:51
ahasenackto push, use your launchpad name as a remote18:51
ahasenacklike this18:51
ahasenackgit push kstenerud/<branchname>18:51
ahasenack(assuming I didn't mispell your name)18:51
ahasenackit's git push kstenerud <branch>18:51
dpb1git ubuntu push?18:52
ahasenackno, just push18:52
dpb1and there is a remote called kstenerud?18:52
kstenerudok so I'm going to call: git push kstenerud bionic-postconf-segfault-175347018:52
kstenerud * [new branch]        bionic-postconf-segfault-1753470 -> bionic-postconf-segfault-175347018:53
ahasenackdpb1: git ubuntu clone set that up beforehand iirc18:53
ahasenackthe remote as lp username18:53
ahasenackkstenerud: cool: http://code.launchpad.net/~kstenerud/+git18:53
ahasenackkstenerud: now add the ~ppa1 suffix to the version in d/changelog, commit that (but do not push)18:54
kstenerud+postfix (3.3.0-1ubuntu0.1~ppa1) bionic; urgency=medium18:55
kstenerudlike that?18:55
kstenerudok what commit msg should I use?18:55
ahasenacka dummy one, just so you can keep track yourself18:55
ahasenackthat will never be published18:55
ahasenackI use -m ppa118:55
kstenerudok done18:55
ahasenackok, now we will build a source package that we can upload to a ppa18:55
ahasenackkstenerud: git-ubuntu has a nice feature that works *most* of the time ;)18:56
ahasenackkstenerud: git ubuntu build-source18:56
ahasenackkstenerud: the parameters I would use are:18:56
ahasenackgit ubuntu build-source -v --lxd-image <bionic-lxd-image-name> --sign18:56
ahasenack-v for verbose, --sign to sign the upload (otherwise the ppa won't accept it)18:56
ahasenackand --lxd-image needs the name of your ubuntu bionic lxd image18:56
ahasenacklxc image list and get it from there18:57
ahasenackcan be an alias or fingerprint18:57
ahasenackbuild-source needs a clean branch to work, that's why we had to commit the ppa1 change18:57
sdezielahasenack: omitting the --lxd-image arg seems to pick something that worked for me in the past, what's the added benefit of providing it?18:58
ahasenacksdeziel: it will try to guess the name of the image18:58
ahasenackI think it assumes the name is the ubuntu release name18:58
ahasenackmy images happen to have a different name18:58
ahasenackfor historical reasons: juju wanted a particular name that was not just "bionic"18:58
dpb1and you are still doing that?18:59
ahasenackI type fast18:59
ahasenackI also have images for debian, centos, etc19:00
ahasenackso prefixing the names with ubuntu- sounded fine19:00
kstenerudlxd image or lxc image?19:00
ahasenackkstenerud: "yes" :)19:00
ahasenackit's all lxd19:00
ahasenackbut the command line is lxc19:00
dpb1unless you are using 'lxc-command' names19:00
dpb1that's the *old* lxc19:00
dpb1you shouldn't use anymore19:00
kstenerud$ sudo lxd image19:00
kstenerudEROR[08-16|12:00:39] Failed to start the daemon: LXD is already running19:00
kstenerudError: LXD is already running19:00
ahasenacktake it up to management :P19:01
dpb1(not for this type of work anyway)19:01
ahasenackit's "lxc image list"19:01
kstenerudok so I'll be calling: git ubuntu build-source -v --lxd-image bbb592c417b6 --sign19:02
ahasenackbut let's check something else first19:02
ahasenackto not waste time if it fails later19:03
ahasenackthe --sign step19:03
ahasenackit will call debsign on the resulting .changes file19:03
ahasenackdo you have your gpg key with the same email as DEBEMAIL19:03
kstenerudumm not sure actually19:04
ahasenackdo a gpg --list-secret-key19:04
kstenerudit's using my gmail account19:04
ahasenackyou should add another email to it19:05
ahasenackdo a gpg --edit-key <email>19:05
ahasenackthen "adduid" at the prompt19:06
ahasenackanswer the questions19:06
ahasenackexit with save, when back at the prompt19:06
ahasenackand push the key to the keyserver again like we did yesterday (gpg --keyserver keyserver.ubuntu.com --send-keys <email>)19:06
kstenerudwhich email do I use?19:07
ahasenackthe same as DEBEMAIL19:08
ahasenackthe canonical one19:08
ahasenackit's how you will sign your source package19:08
kstenerudgpg: "karl.stenerud@canonical.com" not a key ID: skipping19:08
ahasenackis that what you used with adduid?19:08
ahasenackdoes the @canonical email show up in gpg --list-keys now, alongside your gmail one?19:09
kstenerud[ultimate] (1)  Karl Stenerud <kstenerud@gmail.com>19:09
kstenerud[ unknown] (2). Karl Stenerud <karl.stenerud@canonical.com>19:09
ahasenackuse the keyid then19:09
ahasenackthe hex-md5-like string just above that19:09
kstenerudok that worked19:09
ahasenackwhat is it? let me fetch your key as well19:10
ahasenackgpg: key 9E9C224744EF2A5A: public key "Karl Stenerud <karl.stenerud@canonical.com>" imported19:10
ahasenackcool, got it19:10
ahasenackback to the build-source command, go ahead and run it19:10
kstenerud08/16/2018 12:11:32 - ERROR:Failed to run apt-get in ephemeral build container (attempt 2/6)19:12
ahasenackit tries apt-get before the network is up19:12
ahasenackso it keeps trying19:12
kstenerudah ok. Yeah I had to put 5s delays in my containers for that19:12
ahasenackafaik there is no standard/clean way to determine that from the outside19:12
ahasenackit will install build tools, then the build dependencies of the package, and then build the source package19:14
ahasenackand pull the files out of the container and place them in ../19:14
kstenerudok, build completed19:15
ahasenackdid it sign it as well? Did you get a prompt for your gpg passphrase?19:15
ahasenackcheck the changes file in ../, it should have gpg markers inside it19:16
ahasenackkstenerud: oh, do you need a break for lunch?19:16
ahasenackwe like to respect local time :)19:17
kstenerudyeah, but let's get this part done first19:17
kstenerudI didn't get prompted to sign19:17
ahasenackbut is it signed?19:17
kstenerud08/16/2018 12:14:06 - INFO:Signing changes file ../postfix_3.3.0-1ubuntu0.1~ppa1_source.changes19:18
ahasenackso either it was cached, from a previous usage, or you didn't set a passphrase19:18
ahasenackyou can check later19:18
ahasenackcat you paste that file please?19:19
kstenerudOh I got prompted when I added the new email19:19
ahasenackso leave that terminal for a moment, you now have to create a ppa in the launchpad gui19:19
ahasenackgo to https://code.launchpad.net/~kstenerud19:19
ahasenackI mean https://launchpad.net/~kstenerud19:19
ahasenacklooks good19:20
ahasenackin that lp page, look for the "personal package archives"19:20
ahasenackand "create a new ppa"19:20
ahasenackclick on that19:20
ahasenackfirst field in the form, url, use a name that will help you later. I suggest "postfix-postconf-segfault-1753470"19:21
ahasenackor something like that, but at least keep the bug number19:21
ahasenackit's free form, you may decide you like other naming schemes better, up to you19:21
ahasenackuse the same name in the next field19:21
ahasenack"display name"19:22
ahasenackdescription you can leave empty19:22
ahasenackthen "activate"19:22
* sdeziel wish git-ubuntu could support uploading to a PPA19:22
ahasenackyou can change these later, except the url bit I think19:22
kstenerudok done19:22
ahasenackok, see it19:22
ahasenacknow let's upload19:23
ahasenackfirst, let's configure dput19:23
ahasenackcreate this file: https://pastebin.ubuntu.com/p/XMkkRdmYbr/19:23
ahasenackand leave the unspecified bit there as is19:23
ahasenackI'll explain it later19:23
ahasenacknow the command:19:24
ahasenackdput ppa:kstenerud/postfix-postconf-segfault-1753470 ../postfix_3.3.0-1ubuntu0.1~ppa1_source.changes19:24
ahasenackit's dput <target> <changes-file>19:24
ahasenackyou should get an email shortly19:25
ahasenacktelling you if it was accepted or not19:25
ahasenacklooks like it was accepted19:26
ahasenackhttps://launchpad.net/~kstenerud/+archive/ubuntu/postfix-postconf-segfault-1753470/+packages is listing your build19:26
ahasenackok, wanna have lunch now?19:28
kstenerudyeah, then we do the local build approach after?19:28
ahasenackI'll be around for 2h more19:28
kstenerudok cool19:28
ahasenackgood job!19:28
kstenerudI'll get it eventually :P19:29
ahasenackping when ready to continue19:29
=== jdstrand_ is now known as jdstrand
kstenerudahasenack: ready when you are20:44
ahasenackkstenerud: the local way,20:44
ahasenackkstenerud: the command is simimlar20:44
ahasenackgit ubuntu build -v --lxd-image <image>20:44
ahasenackno --sign needed, and it's build instead of build-source20:44
ahasenackit will do the same, create a container, but this time build the binaries20:45
ahasenackand pull them out, and then shutdown the container it use20:45
kstenerudok built20:50
ahasenacknext step would be to test it20:50
ahasenackyou should bring up a cosmic container,20:51
ahasenackinstall the normal cosmic version, reproduce the bug20:51
ahasenackthen install the updated package, confirm the bug is gone20:51
ahasenackit also helps to write down the steps you take, because you will need them later on when preparing the bug for the update. It needs test steps;20:52
ahasenackyou can install the updated version from these binaries you just build, or the ppa that we used previously20:53
ahasenackthe ppa is always good to have, because at some point you will submit this change for review, and it helps reviewers if there is a ppa already with the fix, so they don't have to build it themselves20:53
kstenerudok so I'm in the cosmic container20:53
sdeziels/cosmic/bionic/ ^ ?20:55
keithzgWelll great, those hardware lockups on the internal-facing ethernet adapter that I was experiencing on the router at work are happening again now.20:55
ahasenacksorry, bionic20:56
ahasenacksdeziel: thanks20:56
kstenerudok hang on20:56
kstenerudok so first off just apt install postfix?20:57
dpb1keithzg: hrm20:57
ahasenackthat will get you the one that is currently the latest in bionic, and has the bu20:57
dpb1keithzg: can  you remove the hardware and see if the lock ups persist?  or is it not that kind of equipment20:57
keithzgdpb1: Alas it's a built-in adapter (two, in fact, although the external-facing built-in NIC on the motherboard isn't showing any issues)20:59
kstenerudhmm I'm not getting a crash when I call postconf virtual_alias_map21:00
ahasenackit has to be as a user who cannot read the map file21:00
keithzgHrmm wait, I bet the patched and recompiled network driver got overwritten by the latest kernel update!21:01
ahasenackand it has to be a db map21:01
kstenerudok how do I set up a db map?21:02
ahasenackI think there is an example in the bug21:02
kstenerudwhat I get is /usr/sbin/postconf: fatal: open /etc/postfix/main.cf: No such file or directory21:02
ahasenackadd this to /etc/postfix/main.cf (the file should exist already):21:03
ahasenackvirtual_alias_maps = pgsql:/etc/postfix/valiases.cf21:03
ahasenackthen greate /etc/postfix/valiases.cf with any content21:03
ahasenackand chmod 0600 /etc/postfix/valiases.cf21:03
ahasenackthen run postconf as a non-root user21:03
ahasenackthat would be one way to trigger the bug21:03
ahasenackthat was comment #8 in the bug, more or less21:03
ahasenackand comment #921:03
kstenerudah ok got the crash21:06
ahasenacknow leave config files as they are, add the ppa, and dist-upgrade to the new packages you prepared21:07
ahasenackhttps://launchpad.net/~kstenerud/+archive/ubuntu/postfix-postconf-segfault-1753470/ has instructions on how to add the ppa21:07
ahasenackbasically sudo add-apt-repository ppa:kstenerud/postfix-postconf-segfault-175347021:08
kstenerudthen apt upgrade?21:09
ahasenacksometimes dist-upgrade, shouldn't make a difference in this case21:09
ahasenackyou may get other updates, not coming from the ppa21:09
ahasenackas good practice I always dist-upgrade the container right after it started21:09
kstenerudok the fix works :)21:10
ahasenackI guess now we can make a merge proposal21:11
ahasenackand tomorrow we can run the dep8 tests, since postfix has some in debian/tests21:11
kstenerudso if I weren't using the ppa, is it still possible to test?21:11
ahasenackthis test you just made?21:11
kstenerudyeah. We pulled from ppa this time21:12
ahasenackyes, you would copy the ../*.deb files that were produced by git ubuntu build previously21:12
ahasenackinto the test container21:12
ahasenackthere you would then just "sudo dpkg -i *.deb"21:12
ahasenackor, instead of *.deb, check which postfix pcakages you have, and dpkg -i just those21:12
kstenerudok, but it didn't produce a .deb file. only a tar.xz file21:12
naccdid you build or build-source?21:12
ahasenackthat was the build-source one21:12
ahasenackdidn't you run "build" before, without the --sign?21:12
ahasenackthat produces debs21:13
kstenerudyeah that's what I did21:13
ahasenackif that worked, the parent dir (../) should have deb files21:13
kstenerudoh wait no21:13
kstenerudI did builld-source :P21:13
ahasenackyou repeated the previous one?21:13
kstenerudSo when signing, I use build-source, and when building locally I use build?21:13
ahasenackthe signing is about uploading to the ppa21:13
ahasenackthe remote server only accepts signed uploads21:14
ahasenackit's the authentication21:14
kstenerudSo the original I did was:21:14
kstenerudgit ubuntu build-source -v --lxd-image bbb592c417b6 --sign21:14
ahasenackonly you can upload packages to that ppa21:14
ahasenackand ppas only take source uploads21:14
ahasenackthat builds the source, signs it, and you can upload that to a ppa, or even to the ubuntu archive once you have upload permission21:14
kstenerudand then for just building the deb locally, I use:21:14
ahasenackthe same command with just "build" instead of build-source will produce binary debs21:14
kstenerudgit ubuntu build -v --lxd-image bbb592c417b621:14
ahasenackwhich can also be signed, but won't matter in this case21:15
ahasenacksince you won't upload binary deps anywhere21:15
kstenerudok, so next a merge proposal?21:17
ahasenackgo to the launchpad url for your branch21:17
ahasenackhttps://code.launchpad.net/~kstenerud/+git lists all your git repositories21:17
ahasenackclick your way through until you are viewing your branch21:18
ahasenackare you there?21:18
ahasenackyou should have landed at https://code.launchpad.net/~kstenerud/ubuntu/+source/postfix/+git/postfix/+ref/bionic-postconf-segfault-175347021:19
kstenerudyup. I see the commit msgs21:19
keithzgHmm. If reinstalling the patched kernel module works, then that definitely implies that that was *previously* working, which is odd since initially when I installed that, the problem persisted for a few hours after a reboot, so I was just assuming it hadn't helped.21:19
ahasenackok, click on "propose for merge"21:19
ahasenackkstenerud: target repository should be correct already21:19
ahasenack lp:ubuntu/+source/postfix21:20
ahasenackkstenerud: target branch now, we have to fill in21:20
ahasenackkstenerud: since this is for a bionic update, the branch is ubuntu/bionic-devel21:20
ahasenackthat's where you branched from even21:20
ahasenackkstenerud: commit message leave empty21:21
* keithzg wonders what's up with the Intel e1000e driver then, particularly considering the long silence in https://sourceforge.net/p/e1000/bugs/_discuss/thread/9048ab8e/21:21
ahasenackkstenerud: description you have to fill in (we will get back to this)21:21
ahasenackkstenerud: for reviewer, type canonical-server21:21
ahasenackkstenerud: good so far? Then lets get back to the description. We will also add a second reviewer later on21:22
ahasenackkstenerud: ok, in the description, which is free form, you basically say what you did21:22
ahasenackkstenerud: you should mention that you grabbed the fix that is in cosmic already,21:23
ahasenackkstenerud: also that you tested it and how, so others can try repeating your testing steps21:23
ahasenackkstenerud: also mention the ppa that has test packages built21:23
ahasenackkstenerud: you can also say you will run dep8 tests still. You can start reading up on that today if you still have time, but we will get to that tomorrow21:24
ahasenackit needs a bit of infra setup on your machine21:24
ahasenackthen click "propose merge" at the bottom21:25
ahasenackthis description text you can change after proposing, that's fine21:25
kstenerudOK so something like this?21:26
ahasenackkstenerud: the test user won't exist by default, will, it?21:27
ahasenackI suggest to use ubuntu, which is the default user21:27
kstenerudno, there's a "useradd test" command21:27
kstenerudoh ok21:28
ahasenackah, I missed that21:28
ahasenackyeah, that's fine21:28
kstenerudOK, so putting that in the description field21:29
kstenerudthen propose?21:30
ahasenacknow add another reviewr21:30
ahasenackthere are three options21:30
ahasenackdepending on what type of package it is21:30
ahasenackif it's a universe package, the reviewer is canonical-server-motu-reviewers21:31
ahasenackif it's a server package, then we use canonical-server-packageset-reviewers21:31
ahasenackthe rest, which is core/main, we use canonical-server-core-reviewers21:31
ahasenackpostfix is in main, so that leaves motu out21:31
ahasenack(you can see with rmadison postfix, or apt-cache policy postfix)21:31
ahasenackto see if it's core or server-packageset, I use "ubuntu-upload-permission -a postfix"21:32
ahasenackthat will list who can upload postifx21:32
ahasenackit only lists core21:32
ahasenackso the extra reviewer slot is canonical-server-core-reviewers21:32
ahasenackhopefully this will be automatic someday21:32
ahasenackbut we are not there yet21:32
kstenerudok so how do I add an extra reviewer?21:35
ahasenackyou should see a button/link just below the existing reviewer21:35
kstenerudAll I see is "claim review"21:36
ahasenack"request another review" on the right?21:36
ahasenackgreen link21:36
kstenerudah ok21:36
ahasenackthe mp part is done21:37
ahasenackbookmark this link: https://code.launchpad.net/~canonical-server/+activereviews21:37
ahasenackthat shows all reviews21:37
ahasenackor rather, all mps21:37
ahasenacknow we need to touch the bug again, since this is an update for a stable release (bionic)21:38
ahasenackkstenerud: https://wiki.ubuntu.com/StableReleaseUpdates#SRU_Bug_Template21:38
ahasenackthe bug description needs to be filled out with that information21:38
ahasenackwhat I do is edit the bug description (click on the pencil icon), write "[Original Description]" at the very top, so that the existing description is below it,21:39
ahasenackand paste the template above it all21:39
ahasenackso you will have something like21:39
ahasenacksru template21:39
ahasenack[original descrption]21:39
ahasenack(here goes on what the original description was)21:39
ahasenackand then you have to really fill out that template. Think about how this is affecting users21:40
ahasenackhow the fix was done21:40
ahasenackwhy the fix is safe (committed upstream?)21:40
ahasenackadd testing steps (in this case, omit the ppa, bceause if the sru is accepted, your package will be uploaded to a special proposed pocket). Just assume people know how to get it21:40
ahasenackthat page with the sru template has links to existing sru bugs where you can see some examples21:41
ahasenackhttps://bugs.launchpad.net/bugs/1583324 is a recent one I worked on21:41
ubottuLaunchpad bug 1583324 in samba (Ubuntu Xenial) "Samba won't start when an include statement in smb.conf has a variable substitution " [Undecided,In progress]21:41
ahasenackkstenerud: ah, and if you go back to the postfix bug, you'll see your branch and merge proposal attached to it: https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/175347021:42
ubottuLaunchpad bug 1753470 in postfix (Ubuntu Bionic) "Postconf segfaults every 5 minutes" [Low,In progress]21:42
ahasenackthat's because of the special (LP: #xxxx) in the changelog entry21:42
ahasenackkstenerud: I have to go now, shoot me an email if you have any questions, and we will continue tomorrow21:44
kstenerudok sounds good. Thanks! Lots to digest here :)21:44
ahasenackcheers :)21:44
keithzgWell I just spent a long long time trying to get systemd ethernet renaming to work, I swear that's how I have things currently named "external0" and "internal0", but changing the entries in /etc/systemd/network doesn't change anything, and I can't find where else I could have set those . . .22:59
sarnoldthe usual place is /etc/udev/rules.d/70-persistent-net.rules23:00
keithzgsarnold: Yeah that's the classic, udev (rather than systemd) place, but I have no files there at all.23:02
sarnoldoh. hrm.23:02
keithzgLike, the entire /etc/udev/rules.d directory is empty.23:02
keithzgThis all was to try to make the spare PCIe adapter I've shoved in now be "internal0" so that I wouldn't have to change anything else, but I eventually gave up and just changed the /etc/network/interfaces and iptables rules to refer to "enp1s0" (the autogenerated name for the PCIe NIC) instead. Which has generally worked, although somehow OpenVPN clients seeing our internal network now, which is . . . bad :(23:06
keithzg(And that also doesn't make sense really, since the OpenVPN conf only specifies routing rules, not specific adapters, although maybe I need to re-do the tun bridge? Yeah that's probably it.)23:08
keithzg(Hmm no, that's just created by the OpenVPN service. Hrmmm.)23:09
sdezieltun bridge is a weird combo ... tap+bridge maybe?23:10
keithzgsdeziel: I think I was just mistakenly presuming it was a bridge, since that would explain why changing adapters would break it. But it's definitely tun0 that's being brought up and theoretically used by OpenVPN.23:12
sdezielkeithzg: gotcha23:13
keithzgI wonder if this is the problem: "Thu Aug 16 17:16:00 2018 us=759598 /sbin/ip route del | RTNETLINK answers: Operation not permitted | Thu Aug 16 17:16:00 2018 us=760404 ERROR: Linux route delete command failed: external program exited with error status: 2"23:17
sdezielkeithzg: usually harmless23:17
sdezielkeithzg: that's openvpn trying to cleanup something that's cleaned automatically afterwards anyways23:18
keithzgsdeziel: Fair enough, although *something* is making the VPN entirely fail to work, and with multiple people who work only remotely this is a problem I really gotta figure out!23:18
sdezielkeithzg: could you pastebin the journalctl output of the openvpn service?23:21
keithzgsdeziel: Oh that's not gonna help any, haha, it just says "Starting OpenVPN service..." whenever I start it and "Stopped OpenVPN service." "Started OpenVPN service." when I stop it ;) I'll grab an excerpt of the actual log though . . .23:23
sdezielkeithzg: would that be "journalctl -u openvpn" by any chance?23:23
sdezielkeithzg: the real deal is in "journalctl -u openvpn@$INSTANCE" where instance is /etc/openvpn/$INSTANCE.conf23:24
keithzgsdeziel: That's true, but the config file is just openvpn.conf and `journalctl -u openvpn@openvpn only differs in that it gives some errors from last week when the troubles that led me to now changing physical adapters started. Nothing other than logging the starting and stopping today.23:27
sdezielkeithzg: maybe you have a very low "verb" param in that conf23:27
keithzgHowever, it //is// logged to a file and here's the output from the most recent start of the service and while some clients connected and failed to get anything: https://paste.kde.org/pwd9kfb5y23:27
keithzg(As of this moment no more has been written to the log)23:28
sdezielkeithzg: do you have IP forwarding enabled?23:30
sdezielkeithzg: now that your internal0 NIC is named differently, have you updated your firewall FORWARD rules?23:30
sdeziel(if you use -i/-o in those rules)23:30
keithzgsdeziel: Yes, I changed the iptables rules accordingly. To be clear, the internal0 NIC is still named the same (mysteriously), I changed the rules and the /etc/network/interfaces entry to refer to enp1s0 rather than internal0.23:31
sdezielkeithzg: OK, cause that android client seems to have successfully connected23:32
keithzgsdeziel: Indeed, the clients seem to connect successfully, but now cannot access anything on our internal network.23:32
sdezielkeithzg: have you tried tcpdump'ing while the client tries to connect to the internal net?23:33
keithzgsdeziel: Hmm. Well, `tcpdump -i tun0` doesn't show much, https://paste.kde.org/p9n8wz4wu23:39
keithzgAnd I do see stuff like "17:38:43.586600 IP > boots: ICMP echo request, id 13, seq 3, length 64" when dumping enp1s023:41
keithzgSo in theory the ping requests are being forwarded, although they (and any other form of traffic) certainly don't seem to be making it back to the clients.23:42
sdezielkeithzg: try with tcpdump -ni any icmp23:42
sdezielerr: tcpdump -nei any icmp23:42
sdezielkeithzg: do you mind sharing iptables-save?23:44
sdezielkeithzg: I have to go, sorry. Good luck though!23:47
keithzgsdeziel: https://paste.kde.org/pbt8yxxyo is the ICMP dump23:47
keithzgsdeziel: Fair enough, thanks for the help!23:47
sdezielkeithzg: looks like systemd-resolved is not running but that's not related ;)23:49
sdezielkeithzg: I'd check on and see if you get the ICMP packets23:49
sdezielkeithzg: if you do get them, check how it tries to respond to them with "ip route get". It should send packets toward the VPN server23:50
keithzgsdeziel: Yeah on the receiving end I'm seeing "17:50:18.190642  In 00:00:00:00:00:00 ethertype IPv4 (0x0800), length 128: > ICMP host unreachable, length 92"23:50
keithzg(`ip route get` returns the adapter I'd expect it to be using to reply)23:51
sdezielkeithzg: the interesting part of ip route get is the gateway/via used23:51
keithzgsdeziel: Hrmm, it doesn't say anything more than " dev br0  src" and then "cache" on the next line.23:52
sdezielkeithzg: hmm, that's wrong23:53
sdezielit means it thinks that is in the same LAN as the VPN client23:54
sdezielbut they are not as you have a router (the VPN server) between the 223:54
keithzgsdeziel: Hmm? *is* the VPN client, though?23:55
* keithzg is very tempted to just try the udev method for adapter renaming and hope that magically fixes everything, heh23:56
sdezielkeithzg: thinks that is in the same LAN23:56
sdezielkeithzg: didn't you say the NIC was renamed somehow though?23:56
keithzgsdeziel: Yeah I suppose that's not true, although they *do* have the same gateway.23:56
sdezielkeithzg: please pastebin: "cat /etc/network/interfaces; ip link; ip ro; iptables-save" from the VPN server23:58
keithzgsdeziel: The exact situation is, the internal adapter is called "internal0" . . . somehow. I know that was me, but the only settings I have for that are in /etc/systemd/network, and changing those and rebooting changes nothing. The 'internal0' adapter is experiencing hardware lockups, so I put in a PCIe adapter to use instead.23:58
keithzgsdeziel: Here ya go, from our router (which is also the VPN server): https://paste.kde.org/pi4tooz7a23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!