/srv/irclogs.ubuntu.com/2019/11/04/#ubuntu-devel.txt

ejathi .. anyone can take a look into this bug03:55
ejathttps://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/177268303:55
ubottuLaunchpad bug 1772683 in libreoffice (Ubuntu) "[snap] Cannot sign a document, gpg keys are not listed" [Medium,Triaged]03:55
xnoxdoko:  so, not so fast with django, need to fix 5 more packages or so =/11:18
dokothat's what I thought ...11:19
xnoxdoko:  if i do $ tox -e py37 => during a package build, it works. But if I do $ tox -e py38 => it does not.11:56
xnoxdoko:  are our wheels off the wheels somehow?11:56
cjwatsonAny time I've tried to use tox in a package build, I've ended up giving up and using some other test runner instead11:57
cjwatsonAnd finding that roughly nothing else in the archive is using tox in package builds11:57
cjwatsonIt's great upstream, I use it nearly everywhere I can, so this seems like a bit of a shame11:57
xnoxcjwatson:  all i need is to make pybuild execute ./runtests.py and i naively thought that PYBUILD_TEST_TOX=1 will make it so11:57
cjwatsonYeah, I've naively thought that multiple times11:57
cjwatsonBut survey has always said no11:58
xnoxi've added all the things I need into - debian/pybuild.testfiles11:58
xnoxbut failing to force pybuild to use a "custom" test runner11:58
* xnox will just override the dh_auto_test i guess11:58
dokoxnox: you'll have to ask the pybuild developer, and persist after his initial "see pybuild(1)" reply12:04
dokoor "it's in the man page"12:04
xnoxi'm ended up doing12:08
xnoxoverride_dh_auto_test:12:08
xnox        pybuild --system=custom --test --test-args='python{version} runtests.py'12:08
xnoxdoko:  but it does seem like something is broken with tox, in focal for py38 at the moment.12:08
xnoxand it's pip usage12:08
dokoxnox: looking at the upstream git, I can't see any 3.8 specific issues, however a 14.x release seems to be planned12:23
dokoand tox didn't migrate yet due to an arm64 autopkg test failure12:24
xnoxdoko:   i don't see any issues in tox itself, but in its inability to find a python3.8 pip when initializing 3.8 env12:41
dokoxnox: hmm, why not? that's arch-indep. or is this marked as 3.7 only?12:43
xnoxdoko:  for example, pyvenv-3.8 does not exist12:46
xnoxdoko:  i thought tox creates a venv, and needs 3.8 wheel for pip, no?12:46
cjwatsonEven if you fix that, IIRC the usual problem with using tox in package builds is that it tends not to have the pile of sdists it needs available to build the rest of the virtualenv12:47
cjwatsonsdists or wheels12:47
cjwatsonI think there was some problem with using system-site-packages too any time I tried, but don't remember what it was12:48
cjwatsonPossibly trouble locating tests or something12:48
xnoxsure, i'm not planning to use tox in the package build anymore. It's just I suspect our py3.8 as supported, is incomplete in the archive w.r.t. venvs.12:48
xnoxwhilst 3.7 works12:48
xnoxhm, outside of chroot, on the host, it works.....12:50
dokohttps://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-focal/focal/arm64/n/natsort/20191104_094524_acaa7@/log.gz12:59
ahasenackrbasak: hm, I'm having an interesting problem with mysql8 in focal, due to fakeroot13:00
dokocjwatson, xnox: ^^^ so that downloads everything, and ignores everything in the distro ...13:00
ahasenackrbasak: d/rules calls out to d/setup-mysql.sh, which has:13:01
dokotrying to understand what is getting tested13:01
ahasenackhttps://pastebin.ubuntu.com/p/Cr7wGg5NcH/13:01
ahasenackdue to fakeroot, id -u returns 0, so it thinks it's running as root13:01
ahasenackthen it does: + chown mysql: /home/ubuntu/git/packages/php7.3/php7.3/mysql_db13:01
cjwatsondoko: Right, I think the only legitimate way to use tox in a package build would have to use --system-site-packages or however it's spelled13:01
cjwatsonAs opposed to upstream where you probably don't want that13:02
ahasenackand starts mysql, which fails: mysqld: Can't create directory '/home/ubuntu/git/packages/php7.3/php7.3/mysql_db/data/' (OS errno 13 - Permission denied)13:02
ahasenackhm, mysql shouldn't have been able to switch users, so it's still running as my build user... hmm....13:02
xnoxcjwatson:  is there CI running on launchpad pull requests? or do I need to run things locally myself?13:02
* xnox hasn't done a launchpad merge request in ages13:02
cjwatsonLocally13:02
cjwatsonWe do post-landing CI but that's not what you want for making sure your MP is good13:03
cjwatsonIf you have an old tree lying around, note that we're on git now13:03
cjwatsonFor what I imagine you're doing, "bin/test -vvct lp.snappy" shouldn't take too long13:04
rbasakahasenack: this is the PHP 7.3 FTBFS, or something else?13:07
ahasenackrbasak: that one, yes13:07
rbasakI thought Marc had resolved it?13:07
rbasakHe pasted a solution somewhere13:08
ahasenackjust wondering if you have seen that before, and also wondering how it worked before, but I've heard people comment that the tests were never run before correctly13:08
rbasakOr am I mixing things up?13:08
ahasenackrbasak: he disabled the tests in the end he said13:08
rbasakAh13:08
ahasenackI'm going into more detail now13:08
rbasakNo I've never really delved into this area13:08
rbasakI usually defer to Skuggen for this kind of thing :-)13:08
dokocjwatson: ouch, this test doesn't even test the built package, but downloads the package zip file from the net ;p13:21
cjwatsonI'm not surprised13:22
cjwatsonxnox: If you have trouble running the tests then I don't mind running them here for something simple like that branch13:39
ahasenackrbasak: it's the apparmor profile that's denying mysql's datadir in that directory13:51
ahasenack[Mon Nov  4 13:22:00 2019] audit: type=1400 audit(1572873722.995:988): apparmor="DENIED" operation="mkdir" namespace="root//lxd-andreas-focal-php73-mysql8_<var-snap-lxd-common-lxd>" profile="/usr/sbin/mysqld" name="/home/ubuntu/git/packages/php7.3/php7.3/mysql_db/data/" pid=18671 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=1001000 ouid=100100013:51
rbasakAh!13:53
ahasenackrbasak: don't know yet how it was working before, afaik this profile is enabled by default13:57
=== terry__ is now known as trudd
rafaeldtinocoinfinity: would u mind approving bionic sru for https://bugs.launchpad.net/ubuntu/+source/sg3-utils/+bug/1833618 ?14:34
ubottuLaunchpad bug 1833618 in sg3-utils (Ubuntu Bionic) "MAAS can't deploy Ubuntu if ID_SERIAL of any block device is broken (USB pendrive in this case)." [High,In progress]14:34
rafaeldtinocoi just verified disco (ok to migrate) but bionic hasn't been approved to -proposed yet.14:35
rbasakahasenack, bryce: so I think I'm finally ready with the importer test branch originally from Nish. I've resubmitted his MP, which means that Andreas is already listed as a reviewer. I added Bryce. I don't mind who reviews but I think it'll probably be Bryce?14:36
* ahasenack thinks so too14:38
infinityahasenack: I don't recall who on your team had context the last time (years ago?) I whined about this, but is there any intend to fix the "squid halts shutdown forever" bug for the upcoming LTS?18:15
ahasenackinfinity: I could be convinced to work on it, I have a card even18:17
ahasenackinfinity: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898469 right?18:17
ubottuDebian bug 898469 in squid "Squid waits on shutdown even though there are no active clients" [Normal,Open]18:17
infinityahasenack: That's the one.18:19
infinityahasenack: I like the comment about "squid 3.4 blah blah" and we're on 4.818:20
infinityahasenack: I imagine it's a pain point for people who run all the squids ever in clouds and grump at slow instance reboot times, but for people like me, it's totally squid-deb-proxy making my laptop take forever to reboot that drives me nuts. ;)18:28
infinityahasenack: I guess I could mask the service to just shoot it in the head, but then I'm ignoring a bug that affects others, which I tend to prefer not to do.18:29
ahasenackinfinity: I've been using it with a lower setting for shutdown_lifetime18:36
infinityahasenack: See above, re: ignore bug that affects others. :)18:36
ahasenackbut I also every now and then get an error about it failing to fetch an object from the cache, and I wonder if some corruption is happening18:36
ahasenackyeah< i mean that his recommendation of just lowering that value is probably not correct18:37
infinityI remember looking into it and, indeed, there's an intricate maze of fds and sockets it needs to close to shutdown cleanly, but there must be some way when that's done to signal "I got it all!" and then end the process, instead of just waiting and hoping for the best.18:37
infinityI mean, even the 30s timeout could be too short for some instances, while being too long for most.18:38
ahasenackcorrect18:38
ahasenackI'll try reaching out again18:38
ahasenacknot in that bug, though, something different18:39
infinityTelepathy?18:39
sarnoldI've always wondered why it cares to shut down cleanly. clients and servers ought to be prepared to get RSTs at crazy times. I don't know why it doesn't just _exit(0) and be done with it. harumph.18:52
infinitysarnold: Upstream's argument is that it isn't about shutting down client connections, it's about shutting down internal sockets/fds cleanly to avoid corruption of data, logs, etc.19:25
infinitysarnold: Still seems like a piss-poor argument for what amounts to poor design choices, IMO.19:25
sarnoldinfinity: I'm not too shocked that a program designed so long ago has such poor design choices, but even then, I'm not sure how a graceful cleanup would take more than half a second on the typical dev laptop, or maybe two seconds on a busy system..19:27
* infinity nods.19:28
infinitysarnold: And, to be clear, it probably *is* only taking half a second or less on my laptop.  But, because they've entirely failed to write a way to record and signal a clean shutdown, the whole thing just sits in a wait loop and then hard muders itself with hope and bunnies.19:29
sarnoldand "rewrite it with sqlite3 so we don't have to think so hard about corruption" is probably a fair amount of work19:29
infinitysarnold: So, for 99% of people, it's waiting 29 seconds too long, for 1%, it's still not shutting down cleanly.19:29
sarnoldhah19:29
sarnoldand to think this is the caching thingy that gave me the *least* amount of trouble19:30
infinityYep.19:30
infinityrafaeldtinoco: I don't see an upload of sg3-utils in bionic's queue, so not much for me to review...19:40
rafaeldtinoco:/ I thought it was sponsored already, will check, sorry for the noise19:42
infinitydannf: Feel free to JFDI on the versioning fix if that's all you're waiting on to sponsor sg3-utils.19:45
ahasenacksarnold: infinity: what other cacheing proxy servers are out there? Anything promising that you know of?19:47
ahasenack"apt-cache search proxy | grep cache" isn't encouraging19:47
dannfinfinity, rafaeldtinoco ack19:48
sarnoldahasenack: apt-cacher-ng was the one that gave me trouble, endless chasing hash sum mismatches. funny thing is, I know folks who've switched from squid-deb-proxy to apt-cacher-ng because squid gave them the hash sum mismatches..19:49
ahasenackok, but that's just for debs anyway19:49
ahasenackI get hash sum mismatches on mirrors directly even19:49
infinityReally?  Still?19:49
infinityI haven't seen one since we switched to by-hash indexes.19:49
ahasenackyeah, the br mirror every now and then19:49
ahasenackI do have a proxy, but when I get that, i disable it, clean run apt get update, and it fails19:50
ahasenackthen I switch to archive.u.c19:50
infinitysarnold: My complaint with apt-cacher-ng is that over time, it seems to corrupt its data just enough that the weekly cronjobs end up whining until you delete it all and start over.19:50
infinityMaybe that's fixed now, but I gave up and switched to squid and didn't look back.19:51
sarnoldsame here, squid's been a lot better for me, just the shutdown / reboot experience is bad news :)19:51
infinityPlus, squid is dogfooding an actually useful proxy server that thousands/millions use for all sorts of things, apt-cacher-ng is weird boutique software just for nerds like us.19:51
ahasenackkanashiro: your target branch in your MPs for merges from debian is incorrect, it should be debian/sid19:52
ahasenackthat's why you have conflicts on those mps19:52
kanashiroahasenack, ah, just noticed this... fixing them now19:54
kanashirothanks btw19:54
ahasenacknp19:54
rafaeldtinocodannf: thx for the version fix19:55
rafaeldtinocodannf: should I do something or u have already uploaded ?19:55
dannfrafaeldtinoco: np - its here now: https://launchpad.net/ubuntu/bionic/+queue?queue_state=119:55
rafaeldtinocogreat. thx!19:55
melodiehi21:09
ahasenackkanashiro: what cpaelzer and I do sometimes when a merge becomes a sync is to just file an MP anyway, showing that all delta can be dropped, for review purposes21:10
melodieI have used a few commands in the shell to try to get which package contains the /etc/passwd file and I didn't find any. I would like to know who is in charge of this file in the *ubuntu editions?21:10
melodieI have a premice related to computing and digital skills and I found a sensitive bug in one of my client's computer. So I'd like to send a mail to the right person21:11
ahasenackmelodie: it's created in base-passwd's postinst21:11
melodieahasenack thanks, let me see21:11
daxwhich also means it doesn't show up in the output of the usual "which package owns this" tools, because it's generated, not installed21:11
ahasenackor rather, preinst21:11
rbasakmelodie: please don't just email the maintainer of base-passwd though21:12
melodieI should find a mail in the output of apt-cache show base-passwd I think?21:12
melodierbasak why that? Who then?21:12
rbasakmelodie: if you think you found a security bug in base-files package, please file a bug and mark it as either Public Security or Private Security as appropriate.21:12
melodieaha21:13
melodielet me have a look at the lauchpad bugs section21:13
kanashiroahasenack, re a merge becoming a sync: nice, I'll submit a MP for review purpose21:13
rbasakmelodie: because we use bug trackers to track issues so we can work on them collectively - private email is usually inappropriate for matters relating to public work like this21:13
melodiegood to know21:14
melodieI see, maintainer shows Colin Watson. I'll do as you say and search for a "Private Security" option21:15
melodieI guess Colin Watson might have his plate full :D21:15
rbasakmelodie: and also for security matters Ubuntu has a security team who are on a rota. For all you know, Colin is on vacation (though he isn't as it happens) :)21:15
melodienever mind rbasak everyone deserves his vacation, even if still here online21:16
rbasak:)21:16
melodie:)21:17
melodierbasak ahasenack this is bug #185130021:28
ubottuError: Launchpad bug 1851300 could not be found21:28
melodieand thanks for your help!21:28
melodieok ubottu bot, https://bugs.launchpad.net/ubuntu/+source/base-passwd/+bug/185130021:29
infinitymelodie: The bot can't find it because it's private. :P21:29
sarnoldone moment..21:29
melodieinfinity I thought so21:29
infinity/etc/passwd shouldn't have passwords in it at all, plain or hashed.21:31
sarnoldmelodie: how did this user change the password on her system?21:31
infinityAnd there's no way in our default installations for that to happen.21:32
infinityGonna need a lot more info to figure out who/what did that. /21:32
infinity:/21:32
melodiesarnold she didn't. She is an old lady who would never be able to do that. An the "computer tech" who installed probably just did an regular install not complicated, through the install option in the live21:34
melodieI can tell as I have had several clients coming to me after served at his shop21:34
infinityI suspect you'll need to ask this "tech" how he's setting up user accounts.21:34
infinityHe might be imaging systems and then echoing users/passwords into /etc/passwd or something equally insane.21:35
melodieinfinity what I might be able to do: see if I shows again in other Xubuntu 18 installs21:35
melodieI perform some, once a while, as tomorrow I have one scheduled21:35
melodieif it shows again*21:35
melodieinfinity not possible, he is a very simple tech who performs simple services21:36
melodieI can't ask him. He is a "lone wolf" kind of guy :D21:37
melodiestill I don't fancy this guy doing crazy technical things, he doesn't use his time this way. He just wants to earn money and provide not too expensive services (even if he does not understand well the ins and outs in at gnu/linux distribution)21:38
infinitymelodie: You say that's not possible, but I'm telling you that the scenario of "no one ever changed the password after ubiquity created the user" can't possible lead to anything in /etc/passwd other than "x"21:38
infinitymelodie: I'd be open to the idea that some random xfce utility for user/password changes has done something very bad.  Or that the tech doing the install did something silly.21:38
infinityBut if she didn't change it, and he didn't do it weird, we're at a bit of an impasse.21:39
melodieinfinity all I can do is report a bug which I have recently seen, and when possible have a close look to see if it pops up again21:39
melodieand I have read a few years ago that this issue already arised once, in Ubuntu which was then fixed.21:39
melodieso I don't want to raise concerns among the users, I want it to be checked and looked closely. nothing more.21:40
infinitymelodie: Err, when was this issue?21:40
melodieI am proud of being a GNU/Linux user, which I started almost right away after I got my first computer, 15 years ago.21:40
melodieinfinity I met with it a few days ago.21:41
infinitymelodie: I meant your claim that you "read a few years ago..."21:41
infinitymelodie: I don't recall ever having a "clear text passwords in /etc/passwd" issue.21:41
melodieinfinity this one, I don't remember21:42
infinityNot that we haven't had other issues, like passwords in log files (in 2005!) and wifi passwords in clear text...21:42
melodieI do remember about it21:42
melodieanyway I have always read that a security issue in a free software should first be brought to the people in charge of the concerned software, in order to get a fix for everyone before anything else21:43
melodienow, if you will all excuse me, I have to get up early tomorrow, I'll be back for more if I find more clues or other examples of this issue.21:44
melodiethanks for your help.21:45
sarnoldthanks melodie :)21:45
melodieso, good night/week/evening...21:45
melodiesarnold welcome. :)21:45
Phruiswhere is the code linux uses to save its state on hibernation?22:23
tewardslashd: FYI the nginx upload was accepted and has been in focal for a bit now, and should Just Work now for the nginx IPv6 stuff, please double check, my tests seem to reflect it's fixed but a second set of eyes and tests never hurts :)22:53

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!