mwhudsongtest-nux-windowcompositor.cpp:143:40: error: field ‘wnd_thread’ has incomplete type ‘boost::shared_ptr<nux::WindowThread>’00:47
mwhudsoni don't wanna now00:47
mwhudsonoh just a missing #include probably00:51
=== helio|afk is now known as heliocastro
ograjuliank, tickle ... i'm trying something hackish over here to inject a packageproxy into an lxd container before the first "apt update" runs ... this seems to work fine for the "apt update" but the next apt comand doesnt find any packages then and i can see that sources.list was reverted when i enter the container  ... is there some special apt feature that re-sets it or am i hitting some lxd issue ?11:49
ograhere is a log https://paste.ubuntu.com/p/6tVQNvMpnv/ of the container output11:49
juliankogra: you have to wait until cloud-init is done, basically11:49
juliankogra: or well, set the proxy via cloud-init11:49
ograwell, i'm not aware that i'm running cloud-init at all in that container11:49
ograis that a new default ?11:50
juliankogra: I only know that the lxd images run cloud-init11:50
ogranot at all what i want (and nothing in the output indicates cloud-init running)11:51
juliankogra: so you can configure your lxd profile in https://paste.ubuntu.com/p/x8Sgd7z7fv/11:51
julianks/in/like this/11:51
juliankThat's what I have in my default profile to configure all (Ubuntu) lxd containers to use my squid-deb-proxy11:51
ograyeah, i know how to mangle cloud-init ... i neither want it installed nor do i want it to run though ... thanks for the pointer ... i'll talk to stephane11:52
juliankI understand, it causes some annoyances like these11:52
ogra(i was assuming somehow that the minimal images are actually minimal 🙂 )11:52
juliankIt's quite useful though, I have a dev lxd profile that automatically adds a user with my name that way (and has $HOME mounted into the container, and UID/GID mapped accordingly)11:53
juliankSo, yeah not sure I like or not like11:54
ograright, but i'm building an lxd based ubuntu core appliance image which means my lxd config is hardcoded in the gadget snap ... and i want to be able to define the proxy dynamically when starting a build ...11:55
ograwell, changing both files fixes it ... ugly but works for my little hack for the moment12:01
=== Eighth_Doctor is now known as Conan_Kudo
=== Conan_Kudo is now known as Eighth_Doctor
=== Eighth_Doctor is now known as Eleventh_Doctor
=== Eleventh_Doctor is now known as Eighth_Doctor
rbasakxnox: your requested reimiports are complete. Please keep an eye out for any apparent errors and let me know. It'd be good to spot any problem now before we declare the repos stable.13:08
xnoxrbasak:  thanks! on it.13:30
=== cpaelzer_ is now known as cpaelzer
=== heliocastro is now known as helio|afk
rbasakxnox: for bug triage/cleanup purposes, are you tracking https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177?16:30
ubottuLaunchpad bug 1861177 in libseccomp (Ubuntu) "seccomp_rule_add is very slow" [High,Triaged]16:30
rbasakIs it OK to remove any action for the server team there?16:30
xnoxrbasak:  no, foundations is not aware of that bug report at all.16:39
xnoxrbasak:  and we are not tracking it at all.16:39
xnoxrbasak:  security team maintains libseccomp.16:39
xnoxrbasak: and normal process is to use rls-gg-incoming or some such.16:39
xnoxrbasak:  but i advise to ping security team about it16:40
* xnox tags it "Public Security" they seem to react to such changes ;-)16:40
rbasakOK, thanks16:40
xnox(or rather change the "type" of the bug)16:40
rbasakRight now the implication in the bug is that you will work on it, so you might want to deny that to make it clear ;)16:40
rbasakUnless they mean a different Dimitri?16:40
xnoxrbasak:  how? why?16:41
rbasakNope I think they mean you16:41
rbasakxnox: https://bugs.launchpad.net/ubuntu/+source/libseccomp/+bug/1861177/comments/716:41
ubottuLaunchpad bug 1861177 in libseccomp (Ubuntu) "seccomp_rule_add is very slow" [High,Triaged]16:41
xnoxrbasak:  there are multiple libseccomp issues inflight16:41
xnoxrbasak:  there is inflight backport of new seccomp16:41
xnoxrbasak:  it was reverted / patched / reintroduced / etc16:41
rbasakAnyway, I'm just triaging here :)16:42
xnoxrbasak:  amurray or somesuch are dealing with it16:42
xnoxrbasak:  i think you should remove server-next and move on =)16:42
rbasakYep :)16:42
xnoxit is being worked on by the security team, and it's not "high" any more16:42
xnox(there were things done to ensure it is not "high")16:42
xnoxrbasak:  updated status closer to reality "medium" and "inprogress"16:43
=== ijohnson is now known as ijohnson|lunch
jdstrandrbasak (cc amurray, xnox): a 2.4.3 SRU is in flight (by amurray), but looking at https://github.com/seccomp/libseccomp/pull/180 (the fix for the bug), https://github.com/seccomp/libseccomp/issues/187 (2.4.3 backports), and code inspection, the fix for the bug is not in 2.4.3 and will come in 2.516:50
xnoxhm, right16:50
xnoxjdstrand:  unless we cherrypick it into groovy, and when we do the next libseccomp backport we do it then?16:50
jdstrandxnox: we are not currently working on it. That could be changed via the stakeholder process16:53
jdstrandit will come at some point16:53
jdstrand2.5 will have riscv64 support and we are looking to update libseccomp more refularly16:54
jdstrand(we aren't doing the riscv64 stuff, but that would be nice for focal)16:54
jdstrandrbasak: once 2.4.3 lands everywhere, bryce's patch should be easy enough to apply, but would need extensive testing. I suggest reaching out to joeubuntu, CC'ing amurray and myself if you want us to prioritize that16:57
jdstrandrbasak: or if your team wanted to do it, we could perhaps help with testing. ie, there are options to discuss :)16:57
rbasakjdstrand: I think the only reason Bryce flagged it is because it's a contributed patch and we try to prioritise those. I don't know that there's any other need to prioritise from the server team end.16:59
rbasak(and I removed the flag as it doesn't look like it'd be the server team sponsoring anyway)17:00
jdstrandrbasak: ack, thanks (amurray, perhaps we discuss that ^ with joeubuntu?)17:00
rbasakFWIW, I don't think we'd prioritise it any more anyway even if we were sponsoring - unless the contributor was willing to take on the effort of the extensive testing,e tc.17:01
jdstrandI don't think the contributor would be up for doing the testing as it relates to snap17:11
jdstrandbut that is good info17:11
kyrofaI'm trying to understand why libceres1 isn't available on arm64. Is it because of this test failure? https://launchpad.net/ubuntu/+source/ceres-solver/1.14.0-4ubuntu1/+build/1909117917:37
kyrofaErr, for focal, sorry17:37
kyrofaSpecifically: if I SRU a fix for that test failure, will that be enough to get libceres1 and libceres-dev on arm64 in focal?17:45
tumbleweedkyrofa: yes17:47
kyrofaThanks for the confirmation tumbleweed17:48
=== ijohnson|lunch is now known as ijohnson
ahasenackhttps://code.launchpad.net/update-notifier/+git is out of sync with what's in groovy, does someone check that periodically and updates the master branch?19:50
ahasenackbdmurray: specifically your groovy 3.192.31 upload isn't in https://code.launchpad.net/update-notifier/+git19:51
bdmurrayahasenack: that's because somebody converted update-notifier to git without notifying the foundations team and didn't update the update-notifier project in Launchpad19:54
bdmurraynotifying or consulting19:55
ahasenackbdmurray: I followed the Vcs-Git header, it's currently pointing at git, let me check when that was changed19:55
bdmurrayahasenack: I know who the somebody was and haven't gotten around to talking to them about it19:56
ahasenackbdmurray: but going forward, it's git?19:57
ahasenackor tbd19:57
bdmurrayahasenack: tbd as its in focal but I think the change was premature19:58
ahasenackbdmurray: foundations has a meeting on thursday? This could be brought up there19:58
bdmurrayahasenack: sure19:59
vorlonsbeattie: hey, would it be possible for the security team to help us out with an archive search to find out if anything is still using the GetConnectionAppArmorSecurityContext bus method in dbus as of focal, to determine whether we can drop the Ubuntu delta in groovy?  (That the Security Team introduced ;-)21:09
tyhicksvorlon, sbeattie: I'm pretty sure that it was only Ubuntu phone stuff that used the old method but an archive search would be a good idea21:22
vorlonyeah that was also my expectation, but some of the phone stuff did get dual-purposed onto the unity desktop, so21:22
sbeattiesarnold: can you take the above ^^^21:31
sarnoldsbeattie: yeah21:32
tyhickssarnold: to give a little background, GetConnectionAppArmorSecurityContext() was the initial attempt at allowing a dbus client to get another peer's AppArmor label21:36
jdstrandsbeattie: I think we need to do more than focal when considering snapd since snaps can stage things from xenial21:36
jdstrandsarnold: ^21:36
jdstrandhey tyhicks :)21:36
tyhickssarnold: upstream dbus opted to go with a more generic mechanism: GetConnectionCredentials() which is documented at https://dbus.freedesktop.org/doc/dbus-specification.html#bus-messages-get-connection-credentials21:36
jdstrandsarnold: since a snap staging something from xenial might be running on focal and expect the api21:36
tyhickshey jdstrand :)21:37
jdstrandxenial dropped a lot of the unity8 stuff iirc correctly, so hopefully we are ok21:37
tyhicksI'd be very surprised if xenial or newer has anything using that old method21:38
jdstrandhopefully that's the case21:38
jdstrandwe'll know soon enought though! :)21:39
sarnoldluckily/unluckliy, actually restricting a search to a subset of the archive is pretty difficult for me; "search everything" is my usual approach (unless we can get lucky and search only eg .c or .py or similar..)21:39
jdstrandsarnold: are you using forarchive?21:39
sarnoldjdstrand: no.. I've never quite gotten the hang of the N layers of indirection.. (and that machine doesn't have any credentials or git trees on it at all..)21:45
jdstrandsarnold: ok, cause I have some recipes for it I would've shared :) fyi, I just extracted the single tool from git and plopped it on there-- mine also doesn't have git trees, etc, etc21:46
sarnoldjdstrand: ooohhhh, well please do share, I'll see if I can get them to work out here :)21:47
jdstrandsarnold: I'll share that with you in a bit21:49
sarnoldyay thanks21:49

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!