/srv/irclogs.ubuntu.com/2024/02/26/#ubuntu-devel.txt

=== jfsimon1981 is now known as jfs
=== jfs is now known as jfsimon
adrienhey, is it possible to sync from experimental? xz 5.6.0 got released and decompression is massively faster (+60% on my intel and amd machines; unchanged on my pi5 but configure options could help) and I'd like to get that in10:08
=== sem2peie- is now known as sem2peie
=== tomreyn_ is now known as tomreyn
blucahi, any chance the SRU for dpkg in jammy could be looked at, please? it fixes using build profiles and we need that for the systemd CI - thanks10:45
blucahttps://launchpad.net/ubuntu/jammy/+queue?queue_state=1&queue_text=dpkg10:46
xnoxbdmurray: schopin: for the glibc autopkgtest with user namespace mitigation, i do wanter if on the autopkgtest instance types you should undo /usr/lib/sysctl.d/10-apparmor.conf11:27
xnoxin /etc11:27
xnoxwith like11:27
xnox# If it is desired to disable this restriction, it is preferable to create an11:27
xnox# additional file named /etc/sysctl.d/20-apparmor.conf which will override this11:27
xnox# current file and sets this value to 0 rather than editing this current file11:27
xnoxkernel.apparmor_restrict_unprivileged_userns = 111:27
xnoxas mentioned inside that file.11:27
xnoxif you want it to = 0 in /etc then things will work as before and hopefully we can start getting glibc autopkgtest as passing; whilst we figure out how to do this more fine grained11:27
schopinxnox: I thought I'd *already* fixed the userns namespace thing!11:28
schopinThe testsuite now gracefully handles EACCES on unshare(CLONE_USER) to mark the tests as UNSUPPORTED. This worked fine with 6.6, did the policy change with 6.8?11:30
xnoxschopin: we see "regressions" in the v6.8 autopkgtest test result11:32
xnoxschopin: maybe something else? https://ubuntu-archive-team.ubuntu.com/proposed-migration/noble/update_excuses.html#linux-meta11:32
schopinYeah that's my point, it sounds like userns isn't the culprit.11:33
xnoxautopkgtest for glibc/2.39-0ubuntu2: amd64: Regression ♻11:34
xnoxah11:34
xnoxhmmmm..... given it's my last day, i don't want to read glibc tests logs https://objectstorage.prodstack5.canonical.com/swift/v1/AUTH_0f9aae918d5b4744bf7b827671c86842/autopkgtest-noble/noble/amd64/g/glibc/20240225_094321_7d892@/log.gz =) can you please tell me if it's kernel or glibc problem?11:35
xnoxapw: schopin says it's likely not yet still apparmor thing again.... but something new11:35
schopinxnox: apw: hard to tell at a glance (although the tests were fine with 6.6 ;) ) and I can't reproduce locally just yet because autopkgtest is uncooperative. I figure the mount namespace failure might be apparmor again?11:42
xnoxschopin: we did get "newer patch set"11:45
georgiagthe behavior did change, unfortunately. now when there's an unconfined unprivileged userns, there's a transition to the unprivileged_userns profile which doesn't allow capabilities (if the /etc/apparmor.d/unprivileged_userns file/profile exists)11:48
georgiagso if the test needs capabilities after unshare(CLONE_USER), that's when it will fail11:49
georgiagI just looked and there's no mount permissions in the unprivileged_userns profile, so that's my best guess on why it's failing.11:57
blucais launchpad having the monday blues?12:03
ahasenackyes, check status.canonical.com12:08
ahasenackit's recovering now12:08
schopingeorgiag: where could I find some actual documentation on the topic? Best I have is https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces which is for the previous behavior.12:15
georgiagschopin: https://gitlab.com/apparmor/apparmor/-/wikis/unprivileged_userns_restriction12:18
ahasenack:q12:18
ahasenackops12:18
ahasenackalways gets me12:18
LocutusOfBorg<LocutusOfBorg> autopkgtest for dh-ada-library/8.9: amd64: Pass, arm64: Regression ♻ , armhf: Regression ♻ , i386: Not a regression, ppc64el: Pass, s390x: Pass12:34
LocutusOfBorg<LocutusOfBorg> juliank, ??12:34
LocutusOfBorg<LocutusOfBorg> 287s standard-gpr         FAIL stderr: dpkg-shlibdeps: warning: diversions involved - output may be incorrect12:34
LocutusOfBorg<LocutusOfBorg> this looks like something done by glibc?12:34
LocutusOfBorg* KGB-2 (~kgb@kgb-2.bot.oftc.net) has joined12:34
LocutusOfBorg<LocutusOfBorg> for now I did migration-reference/0 and debhelper should migrate next run, but I don't know if we should ignore stderr, patch dpkg to emit just stdout instead of stderr, or whatever12:34
LocutusOfBorg<LocutusOfBorg> any idea?12:34
LocutusOfBorgjuliank, ^^ please lets discuss here :D12:34
schopingeorgiag: any documentation on the capabilities that are restricted? Just so that I don't play whack-a-mole when fixing the glibc test suite.12:35
georgiagschopin: all of them are denied. and anything that needs capabilities to work (like mount needs CAP_SYS_ADMIN). sorry but I don't have an explicit list, but capabilities(7) lists all capabilities and what uses it. I'll work on the apparmor documentation to improve this12:42
juliankLocutusOfBorg: possibly the DEP17 M4 protective diversions in base-files12:48
schopingeorgiag: thanks, I should have realised we were talking about *those* capabilities.12:59
schopinI'm a bit amused that unshare(CLONE_NEWUSER | CLONE_NEWNS) seems to work, though. Presumably {unshare(CLONE_NEWUSER); unshare(CLONE_NEWNS);} would fail?13:03
LocutusOfBorgjuliank, so where is the bug?13:42
juliankLocutusOfBorg: Where is what bug?13:45
juliankIt is currently being evaluated over the next days whether the diversions are actually necessary, if they are, packages that weirdly get broken by it like this would need fixing13:46
juliankThe reason they are there is such that when the last binary from /bin is moved to /usr/bin, dpkg doesn't go and delete your /bin symlink because it got confused by having it recorded as a directory (now empty) [and a symlink, now in noble]13:47
juliankHence /bin is diverted to /bin.usr-is-merged13:47
LocutusOfBorgautopkgtest for dh-ada-library/8.9: amd64: Pass, arm64: Regression ♻ , armhf: Regression ♻ , i386: Not a regression, ppc64el: Pass, s390x: Pass13:49
LocutusOfBorgthe bug is dh-ada-library autopkgtest regression in release for arm*13:49
LocutusOfBorgI don't like migration-reference/0 when the bug is release too, because nobody will ever look at it to fix :)13:49
juliankRest assured it will get resolved in March in Debian13:50
LocutusOfBorgbut if this is already something you are working on, I'm really happy to hear13:50
LocutusOfBorgand I move to next package on update_excuses page :D13:50
LocutusOfBorgdebhelper just migrated, so I'm already happy13:50
juliankLocutusOfBorg: Please do report more such issues, you may also choose to report them to Debian directly, I just sent one for this instance to https://bugs.debian.org/106484014:04
-ubottu:#ubuntu-devel- Debian bug 1064840 in src:dh-ada-library "dh-ada-library: Tests will fail after glibc DEP17 migration" [Normal, Open]14:04
LocutusOfBorgI wasn't sure about where the bug was located (and if it was Debian or Ubuntu only)14:05
juliankLocutusOfBorg: It *will be* a Debian bug :D14:07
LocutusOfBorgand this is really a good news14:07
gpsHi!  I am looking for pointers on the best way to get a package update into Ubuntu for 24.04.  I filed https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/2054895 requesting package update.15:57
-ubottu:#ubuntu-devel- Launchpad bug 2054895 in lighttpd (Ubuntu) "please upgrade: lighttpd 1.4.74" [Undecided, New]15:57
gpsAny additional steps that I can take?  Thank you.  (I am a lighttpd developer (upstream))15:58
* sudip can see https://bugs.debian.org/1064572 is waiting for a sponsor16:07
-ubottu:#ubuntu-devel- Debian bug 1064572 in sponsorship-requests "RFS: lighttpd/1.4.74-1 -- light, fast, functional web server" [Normal, Open]16:07
=== sem2peie- is now known as sem2peie
cgmbI'm trying to determine why roct-thunk-interface 5.7.0-1 failed to build on noble (amd64). There are no logs linked, so it's unclear to me what the problem was. https://launchpad.net/ubuntu/+source/roct-thunk-interface/5.7.0-119:01
cgmbJust FYI, the Debian Sync Freeze will probably occur while the Debian ROCm packages are halfway through the process of being updated from clang-15 to clang-17. If Noble is to ship with working GPU compute libraries for AMD hardware, there will probably need to be somebody helping to bring Debian updates into Noble.19:04
ginggscgmb: no log usually means the builder died19:06
ginggsi've retried roct-thunk-interface on amd64 and riscv6419:07
cgmbginggs: Thanks! If I spot other stuck packages, is the best way to get them moving to ping chat here, or is there a better way for me to help?19:09
ginggscgmb: i think pinging here should work19:11
ginggsif there are updated packages in debian after feature freeze, you can always requestsync https://wiki.ubuntu.com/SyncRequestProcess#requestsync19:12
=== enr0n_ is now known as enr0n
blucaanyone who can approve SRUs around? would be great to have this fix in jammy: https://launchpad.net/ubuntu/jammy/+queue?queue_state=1&queue_text=dpkg20:08
=== JanC is now known as Guest4767
=== JanC_ is now known as JanC

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!