=== rbmarliere_ is now known as marliere
=== marliere is now known as zaratustra
zhsjhi, could someone retry these builds https://launchpad.net/ubuntu/+source/golang-1.19/1.19.12-1/+build/26471493 and https://launchpad.net/ubuntu/+source/golang-1.20/1.20.7-1/+build/26471501 they all succeed in debian03:35
mwhudsonzhsj: retried. makes a change to have to retry riscv64! usually it's just armhf04:59
=== JanC_ is now known as JanC
=== nibbon_3 is now known as nibbon_
=== lesbraz is now known as sbraz
=== JanC_ is now known as JanC
nteodosiorbasak, did you get any response for bug 2029089, or is there ongoing discussion somewhere?08:03
-ubottu:#ubuntu-devel- Bug 2029089 in distro-info (Ubuntu) "Please backport UbuntuDistroInfo().get_all(result='object') to Xenial" [Undecided, Incomplete] https://launchpad.net/bugs/202908908:03
=== nishit is now known as nishit_
rbasaknteodosio: I had one response from an SRU team member who agreed with me, and no objections. I suppose that's enough given that nobody else responded. I'll comment in the bug.09:07
nteodosioThank you.09:08
nteodosiobdrung, do you want me to write the SRU for it?09:52
bdrungnteodosio, yes. please add the SRU paperwork to that bug09:53
tjaaltonLocutusOfBorg: llvm-16 still doesn't produce the full libclc-16 I'm afraid..10:40
=== d1b_ is now known as d1bv
=== d1bv is now known as d1b
=== d1b is now known as d1b_
=== d1b_ is now known as d1b
=== JanC is now known as Guest8450
=== JanC_ is now known as JanC
LocutusOfBorgtjaalton, examples of missing files?12:05
tjaaltonthe rest is there12:08
tjaaltonlike before12:08
tjaaltonllvm-spirv: LLVM_SPIRV-NOTFOUND12:12
tjaaltonwhich is weird, as it's installed12:13
tjaaltonLocutusOfBorg: it's disabled in rules12:14
tjaaltonsince august last year12:15
LocutusOfBorgok but somebody still have to fix mips*12:22
LocutusOfBorgfor Ubuntu we should be good, on next auto-sync12:22
tjaaltonwell, mips* needs to be dropped from the arch list for llvm-spirv-16 build-dep for a start12:44
LocutusOfBorgtjaalton, exactly what I did :)13:20
LocutusOfBorgbut its not enough to fix the build :p13:20
ahasenackcoreycb: hi, anybody up for the lunar verification of https://bugs.launchpad.net/ubuntu/+source/cinder/+bug/2025491 ? It's been in proposed for a long time, maybe it was missed, since there is a verification done for the cloud archive?14:20
-ubottu:#ubuntu-devel- Launchpad bug 2025491 in nova (Ubuntu Lunar) "[SRU] antelope stable releases" [High, Fix Committed]14:20
coreycbahasenack: hi, it's on my radar but our lunar charms are having issues so we're working on getting those fixed.15:03
ahasenackcool, thx15:03
jawn-smithAnyone need anything sponsored? I've got some time to review and upload15:10
dbungertjawn-smith: :wave: have you peeked at the sponsor queue lately?  it's surprisingly not awful15:10
jawn-smithHey dbungert! I haven't, but I'll go check it out15:22
bdrungjuergh, have you seen https://bugs.launchpad.net/ubuntu/+source/linux-firmware/+bug/1942260/comments/13?15:47
-ubottu:#ubuntu-devel- Launchpad bug 1942260 in linux-firmware-raspi2 (Ubuntu Mantic) "compress firmware in /lib/firmware" [Undecided, Confirmed]15:47
tsimonq2There we are, finally on a stable bouncer.15:55
tsimonq2@pilot in15:55
=== ChanServ changed the topic of #ubuntu-devel to: Archive: Mantic Open | Devel of Ubuntu (not support) | Build failures: http://qa.ubuntuwire.com/ftbfs/ | #ubuntu for support and discussion of Bionic-Lunar | Patch Pilots: tsimonq2
juerghbdrung: I have now. For some reason LP doesn't like sending me bug update notification emails.15:58
bdrungjuergh, since when? I haven't got an bug update that I am subscribed to. The last email is 10 hours old.16:05
cjwatsonstuck cron job, dealing with it16:15
dbungertdarn, the uploader field is null on the json output on https://merges.ubuntu.com/16:18
cjwatsonLooks like MoM tries to get that from `gpg --verify` rather than from LP ... seems ambitious16:20
* tsimonq2 looks16:20
cjwatson(also probably not something I'll ever have time to fix, but maybe that's useful direction?)16:20
tsimonq2cjwatson: ta16:21
tsimonq2cjwatson: Also, do you know much about the infra it's on?16:21
cjwatsonjuergh,bdrung: send-bug-notifications unstuck and it's catching up now16:21
cjwatsontsimonq2: yes, what do you need to know?16:21
tsimonq2cjwatson: I reported a bug about the logo being outdated. Honestly, it would be easier if it was all in the same repo, but maybe it's intertwined with something else.16:21
tsimonq2cjwatson: Also, I'm not sure if my changes from the other day ever updated/if something errored/if I need to fix something.16:22
cjwatsonat the moment it's a bionic VM some bits of which were clumsily lifted-and-shifted from an ancient artisanal installation16:22
cjwatsonin an ideal world it'd be fully charmed (which would probably also involve migrating its state into PostgreSQL and its files into RadosGW), but I've never had the time16:23
tsimonq2Would that be a prerequisite for moving it/cleaning it up?16:23
cjwatsonanyway I have full access to the current VM, so let me see if I can fix that logo16:24
cjwatsonI'm not sure what you mean by your changes from the other day16:24
tsimonq2bzr lp:merge-o-matic was pushed to, not sure if that autopulls.16:24
cjwatsonno, that's manual16:24
tsimonq2Would it be possible to throw that on a cronjob/uncomment the line from cron.daily? :)16:25
cjwatsonnot sure I'm comfortable with that at the moment16:25
cjwatsonit's a bit too rickety16:25
cjwatsonanyway, our production services are typically deploy-on-request rather than completely auto-deploy16:26
tsimonq2The sponsorship queue led me to believe otherwise ;)16:26
tsimonq2Regardless, thank you16:26
cjwatsondeployed your changes16:28
tsimonq2ta :)16:29
cjwatsontsimonq2: icons updated (very very manually)16:43
tsimonq2Thanks again :)16:45
smosero/. I was looking/thinking about checking files integrity on a system (or snapshot/archive of one).17:40
smoser /var/lib/dpkg/info/<package>.md5sums contains checksums of files. so i can go through files and verify they match what those files state they should.17:41
ahasenacklike debsums17:43
smoseri can look at /var/lib/apt/lists/*InRelease and connect the Packages file to a signature17:43
smoserbut is there anything on the system that i can use to verify a <package>.md5sums file ?17:44
julianksmoser: no17:45
juliankalso I mean it's md5sums, so it's not really all that useful :D17:45
smoserthat is what i thought. is there any work or consideration on doing that ?17:45
smoser(and yeah... slmething other than md5sum woudl be good)17:45
juliankThere's the mtree feature which allows recording attributes for files like hashes in a dpkg branch upstream17:46
juliankthat's all I can say for now17:46
juliankOf course the hashes you can't verify either, so you want signed IMA xattrs17:47
juliankwhich is very expensive17:47
juliankOr sign the mtree which is less expensive but hard too17:47
smoserthank you for your response.  i was looking at an SBOM tool that uses dpkg info to say "these packages were installed at these versions" (producing SPDX info https://spdx.dev/)17:47
smoserand i'd like to be able to add to it "and those packaegs were signed by ubuntu archive key" or whatever key they were signed by.17:48
juliankyeah you won't get lucky there17:48
juliankthe best you can do is check if the version you have installed was in the ubuntu archive by querying launchpad for the version in ubuntu17:49
smoserwith the internet it can be done. but just requires me to have a big cache of deb info.17:49
juliankbut no hashes17:49
juliankso if you want a cryptographic chain you also need to consider old packages and they may not be available anymore in the archive17:50
smoseri'm glad i came here to ask. i'd have been  happier with an answer of "Yes! here is how", but having someone else validate my assemsment is very useful. thank you.17:50
smoserjuliank: yeah, i'd have to have another source of trust with a database.  but at least for ubuntu, old packages never actually die if you know where to look in launchpad.17:51
juliankthere'll be a snapshot service that you can use to query old archive generations but finding the one containing your package version may be hard17:51
juliankso you can query launchpad for publish date and then request snapshot for that publish data17:51
juliankwell you will be able to request17:52
smoseryeah. i've went down part of the way down this rabbit hole before.17:52
juliankYou might have seen the work in apt to enable the snapshot service integration17:52
juliankbut that service is not fully public yet17:53
smoseri did not. i only knew of snapshot.debian.org . i assumed you were talking about that.17:53
julianksame thing for ubuntu but cooler17:55
juliankyou can try it out in mantic by adding Snapshot: enable to a deb822 sources entry (or [snapshot=enable]) option; or use yes, and then specify --snapshot <timestamp> (same format as Debian)17:56
juliankor assign a snapshot id to the snapshot sources field directly17:56
smoserthat is really neat. i have previously gone looking for that service for ubuntu also.17:57
smoserthe solution i have is to run a caching proxy that does not delete old debs and keep package files locally and never run apt-get update.17:58
juliankif you try it out let me know if it works for you18:01
juliankI don't think anyone other than me actually did any amount of playing with it yet18:01
juliank(it being the client side in apt)18:02
smoserif i play with it, i'll let you know. thank you for your time.18:12
rbasaksmoser: I would write a function that speaks to the Launchpad API and converts a binary package name and version into a list of files and their hashes. Then arrange that function to cache. How you populate the cache would then be up to you. You could do it given a Packages file, for example.19:12
rbasak(name, version, arch) I think should uniquely identify a deb.19:12
rbasak(for Ubuntu)19:12
smoseryou're saying the launchpad api has that information ?19:14
tsimonq2Looks like I did accidentally break the formatting on MoM a little bit.19:26
rbasaklp.distributions["ubuntu"].main_archive.getPublishedBinaries. Use exact_match=True19:27
rbasakOh you mean the hashes? No - you'd have to download, extract and derive them.19:27
rbasakBut the Launchpad API will give you the download URL for any* binary package I think.19:28
rbasakFrom the https://launchpad.net/+apidoc/devel.html#binary_package_publishing_history object, there's the binaryFileUrls() method19:28
smoserah. right.19:29
rbasakIn [1]: list(lp.distributions["ubuntu"].main_archive.getPublishedBinaries(binary_nam19:30
rbasak   ...: e='hello', version='2.10-2ubuntu2', exact_match=True))[0].binaryFileUrls()19:30
rbasakOut[1]: ['https://launchpad.net/ubuntu/+archive/primary/+files/hello_2.10-2ubuntu2_s390x.deb']19:30
rbasak(I didn't bother with the arch filter but you can add that)19:30
smoseri had an experience recently with a "container image scanner" that tried to identify where files came from.  i was moderately surprised that it did not appear to have a giant database of shasums for all linux distro released files.19:32
smoserand then google didn't seem to show me one either. maybe i just wasn't using the right terms. i just kind of expected that *something* could take a shasum and say: that content is named /bin/bash in (ubuntu/amd64/bash-1.2.3, ..other-packages-here...)19:34
tsimonq2cjwatson: If you get another chance (I would assume in the morning), I pushed more changes to MoM that should fix things up.19:52
cjwatsontsimonq2: deployed20:09
bdrungcjwatson, i still haven't got the launchpad bug mail20:17
cjwatsonhung again, that's weird20:19
cjwatsonbut I really need to EOD20:19
cjwatsonhard to see what even could hang there, unless it's like a database connection or something20:21
tsimonq2cjwatson: ta :)21:52
tsimonq2PSA: Merge O Matic now has the option to hide long lists of binaries, so you aren't scrolling through half a page of GCC. :)21:54
mwhudson@pilot in22:14
=== ChanServ changed the topic of #ubuntu-devel to: Archive: Mantic Open | Devel of Ubuntu (not support) | Build failures: http://qa.ubuntuwire.com/ftbfs/ | #ubuntu for support and discussion of Bionic-Lunar | Patch Pilots: tsimonq2, mwhudson
mwhudsontsimonq2: are you still actively patch piloting?22:37
mwhudsontsimonq2: and have you looked at anything that's still showing on the queue :)22:38
Unit193I removed him yesterday because he'd forgotten.22:38
LocutusOfBorg-rw-r--r-- root/root   2635360 2023-08-03 12:20 ./usr/lib/clc/spirv-mesa3d-.spv22:38
LocutusOfBorg-rw-r--r-- root/root   2636344 2023-08-03 12:20 ./usr/lib/clc/spirv64-mesa3d-.spv22:38
LocutusOfBorg16.0.6-9 should be good now22:38
mwhudsonUnit193: ah hm so when i checked in he got added again?22:39
Unit193mwhudson: No, I suspect he's forgotten again.22:39
tsimonq2mwhudson: yes :)23:11
tsimonq2Unit193: Thanks for that23:11
tsimonq2mwhudson: Not claiming any particular package, if you're looking to patch pilot too.23:11
mwhudsonthe docker one -> want server team to look23:28
mwhudsonrsyslog -> seems a commit is missing? might take a look at that23:29
mwhudsonmultipath-tools -> yikes23:29
mwhudson(also server team)23:29
mwhudsonthe davmail one has some comments already23:29
mwhudsonso um23:30
Unit193So I should ping you with all the stuff to fix!? :D23:31
mwhudsonwell patches to be sponsored sure23:38
mwhudsonactually trying to understand the multipath situation now23:38
Unit193While I was joking, that reminds me that I should look into fastforwarding Debian #1040011 to Ubuntu.23:40
-ubottu:#ubuntu-devel- Debian bug 1040011 in src:mate-polkit "mate-polkit: Allow mate-polkit to be used in Xfce, Cinnamon, and other desktops" [Wishlist, Open] https://bugs.debian.org/104001123:40
Unit193See also: Debian #99027123:40
-ubottu:#ubuntu-devel- Debian bug 990271 in policykit-1-gnome "policykit-1-gnome: unmaintained upstream, should not be included in trixie" [Serious, Open] https://bugs.debian.org/99027123:40
mwhudsonmaybe lunch will help23:41
sarnoldlunch *always* helps23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!