=== chris14_ is now known as chris14
[01:23] <mybalzitch> does anyone in prod really want their server to dhcp on all interfaces by default?
[01:27] <oerheks> mybalzitch, no, i would do static in router
[01:27] <oerheks> one beyond dhcp.
[01:27] <oerheks> dhcp 1-128, server 129
[01:28] <oerheks> no standard ports, 22, and such
[01:29]  * oerheks checking state of fail2ban
=== BarnabasDK_ is now known as BarnabasDK
[13:21] <mjt0k> ahasenack: can you give me at least the current git repo for samba in ubuntu? I've some spare minutes so I can get some stuff merged..
[13:22] <ahasenack> mjt0k: https://code.launchpad.net/ubuntu/+source/samba
[13:22] <ahasenack> but it's down atm
[13:22] <ahasenack> big outage going on
[13:22] <ahasenack> status.canonical.com
[13:22] <mjt0k> oh ok
[13:22] <mjt0k> I'm just in time, it looks like :)
[13:22] <ahasenack> the branches are: ubuntu/devel -> tip (oracular, currently)
[13:22] <ahasenack> ubuntu/<release>-devel: tip of that release (for example, ubuntu/jammy-devel)
[13:24] <mjt0k> is it the same for qemu?
[13:24] <mjt0k> the repo and layout that is
[13:24] <ahasenack> being down? Yes
[13:24] <ahasenack> branch structure? Yes
[13:24] <ahasenack> qemu git repo would be https://code.launchpad.net/ubuntu/+source/qemu
[13:25] <mjt0k> got it, thanks!
[13:25] <ahasenack> that's the web ui, the git clone argument would be...
[13:25] <ahasenack> pkg	https://git.launchpad.net/ubuntu/+source/qemu (fetch)
[13:25] <ahasenack> pkg	ssh://<yourlpid>@git.launchpad.net/ubuntu/+source/qemu (push)
[13:27] <mjt0k> I plan, for samba, to eliminate samba-vfs-modules (it makes no sense), and due to gluster, the extra package with the gluster module will stay.  It'd be nice to name it samba-vfs-gluster perhaps, but I'm not sure for this (since ubuntu already has -modules-supplemental)
[13:27] <ahasenack> I thought perhaps other modules in the future would join gluster, but I don't mind renaming
[13:28] <mjt0k> and for qemu, either qemu-block-gluster or qemu-block-extra-extra (whatever it was, I forgot)
[13:28] <ahasenack> qemu-block-extra existed, I added qemu-block-supplemental
[13:28] <mjt0k> yeah
[13:29] <mjt0k> rh ships each module in its own package, fwiw
[13:29] <mjt0k> but I'd love something in-between :)
[13:29] <ahasenack> as long as there is a meta package pulling them back together, that would also work
[13:31] <mjt0k> ok. It'd be nice still if you had something which I can merge in one way or another.  Maybe just a list of commits which should be picked up, so I'll not study them all one by one
[13:31] <ahasenack> let's see
[13:31] <mjt0k> like, eg, 980381b3331f1e7895725ce80de53e410c638b29 for qemu
[13:31] <ahasenack> we try to keep the delta tidy
[13:32] <mjt0k> hmm. this commit disables vnc for microvm..
[13:33] <ahasenack> mjt0k: this one for qemu? https://paste.debian.net/1320894/
[13:34] <mjt0k> yes, that's the one in question, - either keep it this way or rename it to -gluster
[13:35] <mjt0k> I can just pick it up (hopefully it wont break debian)
[13:35] <ahasenack> in samba it's 3: https://paste.debian.net/1320895/
[13:35] <mjt0k> is that all??  I thought there's much more..
[13:35] <mjt0k> heh
[13:35] <ahasenack> gluster had delta before because of i386
[13:35] <ahasenack> but I think you have that one too now
[13:36] <mjt0k> yup
[13:37] <mjt0k> ok. that makes sense. I'll just merge that stuff for samba (plus some logic to d/rules) and for qemu
[13:37] <mjt0k> thanks!
[13:38] <ahasenack> awesome
[13:41] <mjt0k> btw, is there an "ubuntu" build profile?
[13:42] <mjt0k> so that the same source can be built on both debian and ubuntu but with different build-deps
[13:42] <mjt0k> and maybe with different set of packages
[13:42] <ahasenack> I don't think there is
[13:42] <ahasenack> qemu has some smarts in d/control-in, but it's not a build profile
[13:43] <mjt0k> these smarts exists exactly *because* there's no such profile, I'd say :)
[13:43] <ahasenack> heh
[14:52] <mybalzitch> in the login banner, what temperature is it referencing
[14:56] <frickler> mybalzitch: "the temperature reported in MOTD is the highest temperature of all thermal zones reported by Sysfs API, at login" was the answer aonth ago
[14:57] <mybalzitch> oh thanks
[15:42] <mjt0k> ahasenack: 980381b3331f1e7895725ce8 (qemu) is needed too, right?  Can you tell me why vnc has been disabled? It was explicitly asked feature in debian..
[15:43] <ahasenack> just a sec, in a call
[15:44] <ahasenack> mjt0k: that one I don't know about, or remember. sergiodj?
[15:44] <mjt0k> I can't reach LP#2045594 now either :)
[15:45] <ahasenack> :/
[15:46] <mjt0k> btw, for qemu, I can pick up ubuntu-specific machine types change too, - I see no reason why not.  Maybe it's more difficult for you to update the patch this way, though
[15:47] <ahasenack> mjt0k: sergiodj is maintaining qemu nowadays, I don't know how hard that delta is to maintain
[15:47] <mjt0k> should be pretty easy (±d/patches/series clashes)
[15:48] <ahasenack> yeah, that's fine
[16:45] <sergiodj> (meeting)
[18:10] <mjt0k> sergiodj: new qemu (in qemu-block-extra too) also ships block-blkio, with libblkio written in rust
[18:11] <mjt0k> sergiodj: I guess this one should go to -supplemental in ubuntu too
[18:12] <sergiodj> oh, we're already seeing rust creeping into qemu as well?
[18:12] <sergiodj> heh
[18:12] <sergiodj> mjt0k: thanks for the heads up
[18:12] <mjt0k> not yet
[18:13] <mjt0k> libblkio is written in rust, but it provides an .so (libblkio.so) which is used as a regular shared lib from C code in qemu
[18:13] <sergiodj> got it
[18:13] <mjt0k> but there are multiple attempts already to provide parts of qemu itself in rust
[18:14] <mjt0k> including rewriting some already existing pieces 
[18:14] <mjt0k> I had hard time packaging libblkio for debian
[18:14] <sergiodj> yeah, not surprised
[18:15] <sergiodj> so, about the whole -supplemental thing, do you have another approach in mind for the problem?
[18:15] <mjt0k> I just kept your package name for now
[18:15] <sergiodj> OK, fair
[18:17] <mjt0k> since I re-did saving modules on upgrades while you introduced the new package, I updated the saving procedure now to handle multiple packages. it becomes a bit more complicated but it is now generic, can be used for any modules
[18:18] <mjt0k> doing a test build now, will push the commits shortly
[18:20] <mjt0k> *sigh*.  list=$(ls -1 ...); cat <<EOF ;  ... ${list} ... EOF   -- how to stop ${list} from expanding into multiple lines?
[18:21] <sergiodj> | xargs?
[18:23] <sergiodj> or just $(echo ${list}) inside the cat
[18:23] <mjt0k> yeah
[18:26] <mjt0k> extra indirection :)
[20:06] <mjt0k> sergiodj: see top 3 commits in salsa:debian/master
[20:11] <sergiodj> mjt0k: thanks! without having tested it, it looks good
[20:12] <sergiodj> btw, you were also asking about the reason for removing a few features from microvm. that came up during an internal discussion with cpaelzer, where we decided that those features were either not useful in a microvm scenario, or introduced attack surfaces without much benefits
[20:13] <mjt0k> sergiodj: "some features" = vnc
[20:13] <sergiodj> it was also done as part of our efforts to consolidate the qemu configurations that we (Ubuntu) and LXD used.  as part of that effort, LXD has now been using our qemu instead of compiling their own
[20:14] <sergiodj> mjt0k: right, vnc fell under the "attack surface" category
[20:14] <sergiodj> bear in mind that that's only for microvm
[20:14] <mjt0k> sure
[20:14] <mjt0k> I had a bug in debian asking to enable vnc for microvm
[20:14] <sergiodj> oh?
[20:14] <mjt0k> iirc anyway
[20:14] <sergiodj> recent bug?
[20:14] <mjt0k> no
[20:15] <sergiodj> fair.  btw, we can revisit the list of disabled/enabled features, it's no big deal
[20:15] <sergiodj> on the one hand I was happy to see a smaller attack surface, but OTOH I was not happy to see our delta grow :-/
[20:16] <mjt0k> apparently I'm wrong. --enable-vnc was there since microvm is created
[20:16] <sergiodj> aha
[20:18] <mjt0k> which display microvm uses anyway?
[20:18] <mjt0k> 3962d7f612cbd9205718856c964ca5e74d122ce7: d/rules: enable vnc for microvm build
[20:19] <mjt0k> (aug 2021)
[20:19] <mjt0k> aha. Now I remember. It was me who didn't know how to test microvm without display
[20:20] <sergiodj> ah, that's fair :)
[20:21] <mjt0k> so, how to use it?
[20:22] <sergiodj> we have some documentation here: https://ubuntu.com/server/docs/using-qemu-for-microvms
[20:22] <mjt0k> what good --enable-pixman is for, without vnc?
[20:24] <mjt0k> that doc is outdated (wrt the package name and the name of the binary)
[20:24] <mjt0k> and, do not run qemu with sudo
[20:25] <sergiodj> heh
[20:25] <sergiodj> yeah, we're going over some of our outdated docs
[20:26] <mjt0k> -display curses makes no sense with -nographic 
[20:27] <sergiodj> isn't -nographic alone enough?
[20:28] <mjt0k> actually I don't remember anymore (I did a few tweaks to -nographics already, it's one of the uglier options of qemu)
[20:29] <mjt0k> I mean, -nographic redirects many things, but I don't remember if it's possible to have a display after it
[20:30] <sergiodj> let me try here
[20:32] <mjt0k> qdict_put_str(machine_opts_dict, "graphics", "off");
[20:35] <mjt0k> sergiodj: let's move to #debian-qemu @oftc so not to hijack #ubuntu-server :)
[20:35] <sergiodj> sure
[20:35] <mjt0k> (though I dont have much time for all this already :))
[20:36] <sergiodj> me neither, TBH