from:"Christian"

Pings done, in a perfect world (if all reply) that would cover more than
we ever need, but then there is 0% guarantee they even have time or care
about this at the moment :-)

If anyone has connections as well, please ask them to participate too.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop";
  SUPPORT_URL="http://support.system76.com";
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues";
  PRIVACY_POLICY_URL="https://system76.com/privacy";
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

I want to try to avoid that this becomes too stale, so I wondered
what we can do from here. Two things came to my mind.

On one hand I will try to use some indirect relations to pull in some
HW manufacturer experts. They often have large performance teams tracking
things like that against different workloads.

And on the other hand, due to the request seemingly to close in on
"please consider not making it the default on desktop" (server is more likely
to have these large scaling workloads that are more likely to benefit) we need
to pull in someone from Desktop a bit more.
I'll do a few direct pings for that as well to ensure to get their voice too.

Doing so now ...

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop";
  SUPPORT_URL="http://support.system76.com";
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues";
  PRIVACY_POLICY_URL="https://system76.com/privacy";
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

Hi Paride

> Back in the day I asked upstream their take on irqbalance usefulness with
> newer kernels, here is their reply:
> https://github.com/Irqbalance/irqbalance/issues/151

Thanks for this and the other extra pointers.
The Debian bug was referenced before, AFAIC it is mostly around
a) the kernel got smarter in many cases (true)
b) bad in virtual environments (we already removed it from those)

And in that discussion the upstream comments (it is good to see that
they are still convinced of their code) revolved around:
c) There should be no conflict with running irqbalance (with the new kernel)
d) The kernel policy is driver centric (irqbalance has a full picture)

Both - as I read them - are more arguments to keep it than to remove.
But as all other, not with enough data to make it a clear yes/no.

As I said much earlier in this case, I feel this is system and workload
dependent and hence there will never be a clear generic yes/no.
The best we can achieve is finding sets (like images used in virtual
environments - or as suggested desktop systems) and drop it being the
default there.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop";
  SUPPORT_URL="http://support.system76.com";
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues";
  PRIVACY_POLICY_URL="https://system76.com/privacy";
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

Hi Dough

> If irqbalance is to be included by default, then there should be due
> diligence to demonstrate a clear benefit.

You are right that we should have that as well.
But this would be even more ture if this would be about "making it the default
when it was not before".
Right now (purely opinion) the lack of data can IMHO neither be used to keep
it nor to remove it - which sadly locks this up a bit.

> The results were:

I want to thank you a lot, this won't be enough but it is a masterpiece
demonstration of dedicating time to start providing such data.
Thank you.

I do not know the ping pong test, but on iperf, I think that is in the noise
range as far as I remember. If you'd just re-run that as-is what is the delta
on your test box?

Hoping that this will be extended by more contributing different workloads
on different systems let me ask, what kind of system (cpu, size, nodes, ...)
was that. I know you are good at writing up things, you might set the standard
how others might report to this :-)

Your results show no change or minimal degradation while at the same time losing
a bit of power. Have you also had a chance to try the powerthresh argument
that Steve mentioned above?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop";
  SUPPORT_URL="http://support.system76.com";
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues";
  PRIVACY_POLICY_URL="https://system76.com/privacy";
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

Hi Mike

> SUSE ... says that the first step to get there is to disable
irqbalance

I've read the same, IMHO that is just "if you want to manually tune, disable
it" which does not imply that it is bad to have it. But this is how I read
it, I have not talked to the authors to get their underlaying reasoning.


> Applications vendors ... currently recommend removing irqbalance

The only one that does so AFAICS is cpufreq and everyone else just links
to their reasoning and follows. And even some statements there like
"If you are still running irqbalance, you are not getting the maximum
performance your system is capable of!" are hard to believe as a general
statement - especially without data across a wide variety of system types
and workload.
As we have seen as well in the references linked, irqbalance helps just as
much for "maximum performance" in many other cases.

> I found this blog (https://blogs.oracle.com/linux/post/irqbalance-
design-and-internals)

Thanks, every extra background we find will only help (except for those
joining later to read more).

> The question I have is, if Ubuntu is Debian Branch, and we long ago went
> from having different kernels for desktop & server in ubuntu-base, but do
> have ubuntu-server packages and ubuntu-desktop packages, where things could
> be different, why is this still a broad sweep as a default install "for all"?

Because there was no well-funded conclusion like "it really is bad for
environment X" to remove it. You are right that there are no technical blockers
to make it e.g. kept in servers but no more the default in Desktop.
After all it is already dropped in cloud-images used in virtual environemnts as
it had a more clear reasoning and argument there.

And there are also cases where irqbalance missing caused performance impact
and bug reports like the already mentioned [1] (clearly high scale server
though)


> I am happy that this is getting discussed properly now so that we can
> relook at this, and what it means to us today.

Ack, that is why I tried to compile all I've found into one place.


[1]: https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/2038573

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop";
  SUPPORT_URL="http://support.system76.com";
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues";
  PRIVACY_POLICY_URL="https://system76.com/privacy";
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

Hi Ethanay
> All I can find is a recommendation not to use it on CPUs with 2 or fewer
> cores as the overhead is said to be too high

This isn't a real problem anyway, the service will stop immediately if only
running on one core - even if running on multiple cores with the same
cache (as the intended benefit is due to cache hotness by having all I/O
hitting the same cache).

> I can imagine it might still add undesirable or even critical latency in
> applications that are highly latency sensitive

I understand your line of thought, but it might even improve latency.
If there is no bottleneck on the cores assigned to handle an IRQ then
the improved cache hit rate will make even latency better.
And if there is a strong bottleneck, then some drivers without IRQbalance
would end up locked on one cpu - so again these might gain lower latency.
But I have no data on this either (just like no one seems to have on almost
any of this).

Just like others I'd personally more expect the drawback to be on a potential
lack of power saving.

> This website gave me some clarity on the theory and purpose:
> https://www.baeldung.com/linux/irqbalance-modern-hardware

Hah, didn't find this one yet - thank you!
But to me it only underlines the "it can help as much or even more often"
expectation.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop";
  SUPPORT_URL="http://support.system76.com";
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues";
  PRIVACY_POLICY_URL="https://system76.com/privacy";
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

Hi Steve,

> I see a lot of strong opinions ... I would want any decision to remove
> irqbalance from the desktop to be based on evidence, not conjecture.

I agree that there is plenty of opinion (often backing up each other with cyclic
links) and not much data. Hence my compilation of the history to make it
somehwat consumable.

I wasn't entirely sure on my own but I agree that we'd need data to back
up changes, thanks for empowering that branch of the decision tree.

Yet on the other hand, that most likely means not much will move quickly.
Which is fine, but also makes it unlikely to conclude before Noble freezes.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  Confirmed
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop";
  SUPPORT_URL="http://support.system76.com";
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues";
  PRIVACY_POLICY_URL="https://system76.com/privacy";
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

After all the history I was looking at where we are right now:
- irqbalance already is not in ubuntu-cloud-minimal images
- irqbalance is in normal cloud images and installed systems via the dep from 
ubuntu-server

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  New
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop";
  SUPPORT_URL="http://support.system76.com";
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues";
  PRIVACY_POLICY_URL="https://system76.com/privacy";
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

I subscribed a few people directly to get their input.

@Steve
I've subscribed you after trying to find, refer and summarize all of the past 
to allow you and anyone else to read into this in one go. I think I'll need 
your input as Architect and as participant of these discussions right from when 
they started 14 years ago.

@Phil/@John
Some past discussions, especially the backpedaling of Debian referred to 
virtual environments and/or large cloud providers. Is irqbalance anything you 
got asked to disable (or keep) for their environment?
No need to share names, but reasoning or data points would be helpful :-)

@Dimitri
Is there a more clear "this is what userspace should do in regard to this in 
2024" form the kernel? I couldn#t find it, but maybe you know or know who'd 
know ...

@Sebastien
Since most problems reported have been around Desktops (to be fair, that could 
be an coincidence because that is where people do more experiments and have 
more diverse special cases). But I think it is fair to ask you if requests or 
discussion like the above have come up towards Desktop that are worth to refer 
here?


Maybe one of you has more details that help to make the decision more clear and 
easy.
Or a gut feeling that is even stronger than mine, strong enough even to pick 
one of the options?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  New
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop";
  SUPPORT_URL="http://support.system76.com";
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues";
  PRIVACY_POLICY_URL="https://system76.com/privacy";
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

# Summary

This discussion was seeminly easier to make the more dedicated to a singluar
use case you are - as then you have less "but what if" cases to consider.
That wide usage is great for Ubuntu but sometimes delays decisions.

List of reasons to remove it from the default dependencies:
- Seems to cause issues more often on Desktop environments
- cpufreq, thermald and similar struggle to save energy
- Impacts due to unepexcted throttling
- Conflicts with enabling/disabling threads/cores
- Problematic in virtual environments
- It is mostly an x86 thing but we pull it in everywhere
- It conflicts with manually fine tuned IRQ affinity e.g. in
  ultra low latency setups
- It is less useful on cpus with large and wide shared caches
  as well as in virtual environments without fix pinning

List of reasons to keep it in the set of default dependencies:
- Benefits seem mostly for large scale servers
- lacking irqbalance can be a performance degradation in some
  large scale high traffic cases

I think from all I've found - old and new - it seems it still has its purpose
in some scenarios, but the HW/SW world evolved and it is nowadays less often
useful and more often harmful than it was in the past.
On the other hand there is almost no clear cut "it is bad and that is why",
most issues were individual issues and special cases, nothing that would
apply to everyone.

And irqbalance still has is purpose, so we should surely keep it around.

In a perfect worlds this would have half a year of time or more and two people
to run all kinds of workloads on all kinds of HW to compare. But let us be
honest that will not happen and that would then also be not be worth the effort.
We'll have to decide with what we have.
Have the others that switched have more time to evaluate in depth, I do not
know. But usually once a significant amount of the ecosystems changed and you
lack better data it is better to also follow or common hints and optimizations
will no more apply due to being the one outlier in regard to behavior.

To me this seems to be a perfect case for a few special images/deployments
known to match the workload profile that needs this to enable it.
It is also more likely that a professional admin of such a large scale machine
(or cluster thereof) can make the opt-in decision and evaluation better than
expectint every user of Ubuntu to think about an opt-out.


---

Options IMHO:
A) Change it from an opt-out to an opt-in and remove the dependency
   from ubuntu-standard
B) Remove it from ubuntu-standard to get rid of it in Desktops and images
   used in virtual environments. But try to keep it in a place that is mostly
   used for bare metal which tend to be closer to the kind that benefits more
C) Do nothing, keep it as is

D) Any of the above, but let us not touch Noble more than half way through the
cycle, but do that early in 24.10 to have enough exposure before a release in
an LTS.

My gut feeling (and it can't be much more without much more time for much
deeper investigations) would be (A).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  New
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop";
  SUPPORT_URL="http://support.system76.com";
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues";
  PRIVACY_POLICY_URL="https://system76.com/privacy";
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

# Actions by Others

Times have changes, as mentioned above the kernel learned many new tricks.
More new I/O hardware virtual or physical appeared that tries to be smart
and thereby sometimes conflict with what irqbalance does.

Some are mostly based on the links referred above, the Debian disucssion
was more about it being harmful (or at least not helpful) in virtual
environments and hence removed from cloud images (we close in on workload
specific again).

Indeed many projects already removed it from the default
- https://github.com/pop-os/iso/pull/288
- https://github.com/ValveSoftware/Proton/issues/3243
- https://lists.debian.org/debian-cloud/2019/04/msg00040.html

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  New
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop";
  SUPPORT_URL="http://support.system76.com";
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues";
  PRIVACY_POLICY_URL="https://system76.com/privacy";
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

Hi,
this was overlooked for too long but came up in bug 2046470 again which made me 
see this for the first time.

I'd wish we'd have had that even a bit earlier e.g. to release it with
mantic and not half way through noble, but still now is the time to
still change the next LTS.

I needed to make up my mind on this to come to a conclusion and so I wrote a
summary mostly for myself, but also for others that I want to ack to the
decision as well as for anyone to later be able to understand what changed
and why.

I must admit that I'm slightly biased, having looked at it ages ago, even
before I was more active in Ubuntu development and already wondering if that
should be used by default.

And yes, some people had a stronger wish to get it out of the default.
So as already reported, many have already asked to remove it.

I'll try to break up my answers to be more easily referable.


** Also affects: irqbalance (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  New
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop";
  SUPPORT_URL="http://support.system76.com";
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues";
  PRIVACY_POLICY_URL="https://system76.com/privacy";
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

# Referred Arguments

An argument that might not have been so strong more than a decade ago
but is much more today is power savings and that is an aspect that comes up
over and over.
It also had reports of conflicts with power saving [10] and e.g. dynamically
disabling/enabling cores which is much more a thing nowadays as long ago
this was only reliably working on mainframes anyway.

I don't buy the "games need 100%" as even games need their I/O to happen,
but OTOH irqbalance just doesn't help much nowadays either as the kernel learned
many more tricks to do well - like to name just one all the traffic aware
and potentially offloaded rps/xps [2]. And irqbalance is not mutually exclusive
with most of those technologies not with RSS [18] nor with kernel policies [15].

Some report about conflicting with their custom tweaking of IRQs [8][16].
It is actually a common conflict between irqbalance being smart [9] and other
things like a particular device firmware being smart leading to a conflict of
interest.
=> But TBH that is why it is removable for such rare cases.

On one hand it clearly has some impact and various cases of bad impacts by it
have come up as well for frame rates [11], stuttering [14] or even network
traffic [12].

But on the other hand, there have been reports and cases where a broken
irqbalance led to impacted high-performance network traffic [7], so it is
not that it is clearly always bad [13]. While we never know how outdated
any such source might be, it proves that it is most likely workload and
system dependent. Many documentations also sitll refer to it only older RH,
Arch [19], ... you'll find it everywhere.

It is an interesting case, and the workload dependency leads many discussions
to even be contradicting - in one case it saves cpu power in the other it makes
it worse. In one it helps traffic in the other is degrades it. That is all a
consqeuence of it being workload and system dependent.
This back and forther is perfectly encapsulated in this phornix thread [15].
Which quotes interesting other POVs like kernel solutions often being "driver
centric" optimizing throughput, but maybe not always the best as policy for
the full system as irqbalance pilicies and tunables are configurable.

An interim summary might be:
"""
It could cause rare issues or conflicts, especially on Desktop,
but might be still wanted on Servers especially those with a
high rate of I/O
"""

Which is interestingly quite close to the arguments floating around when it
was added more than a decade ago (see further below).

[2]: https://www.kernel.org/doc/html/latest/networking/scaling.html
[7]: https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/2038573
[8]: https://groups.google.com/g/gce-discussion/c/Ns8hgOUW9GY
[9]: https://docs.xilinx.com/r/en-US/ug1523-x3522-user/Interrupt-Affinity
[10]: https://konkor.github.io/cpufreq/faq/#irqbalance-detected
[11]: 
https://askubuntu.com/questions/1067866/ubuntu-18-04-steam-games-frame-rate-drop
[12]: 
https://serverfault.com/questions/410928/irqbalance-on-linux-and-dropped-packets
[13]: https://bookofzeus.com/harden-ubuntu/server-setup/disable-irqbalance/
[14]: 
https://www.reddit.com/r/linux_gaming/comments/emnu3k/removing_irqbalance_fixed_major_stuttering_in/
[15]: 
https://www.phoronix.com/forums/forum/hardware/processors-memory/1335986-amd-zen-1-linux-performance-hit-from-retbleed-accumulated-cpu-mitigation-impact/page4
[16]: 
https://documentation.suse.com/sbp/server-linux/pdf/SBP-performance-tuning_en.pdf
[18]: 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/performance_tuning_guide/network-rss
[19]: https://wiki.archlinux.org/title/Improving_performance#irqbalance

** Bug watch added: Debian Bug tracker #577788
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577788

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  New
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop";
  SUPPORT_URL="http://support.system76.com";
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues";
  PRIVACY_POLICY_URL="https://system76.com/privacy";
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

[Touch-packages] [Bug 1833322] Re: Consider removing irqbalance from default install on desktop images

# Integration and maintenance

Despite some saying it is for the past only, it is regularly updated
and has multiple releases per year throughout all the time [4]. Those
updates flow well into Debian and Ubuntu - so it is not a classic "old
and outdated" case. And while not much changes in those updates, it means
it still learns like about thermal events in 1.9.1 or about isolcpus in 1.0.9.
I'm not saying it is super modern doing it all, but it gets updates.

Currently this is seeded in ubuntu-standard [1], which is what makes it
default installed everywhere. But it is intentionally only a recommends,
so the set of people that want to remove it can do so.

It was added a long time ago [3] back when multi-core was a rare thing
at least for Desktop systems. This was based on a discussion [5] and was
related to the kernel [6] actively delegating this to userspace. Debian
did a similar change a bit later [17] for the same reasons.
But again this was the time of single-core being common.


[1]: 
https://git.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/+git/platform/tree/standard?h=noble#n19
[3]: 
https://git.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/+git/platform/commit/?h=noble&id=dcd02266953547e11221979eb17eb740a76a62b5
[4]: https://github.com/Irqbalance/irqbalance/tags
[5]: https://lists.ubuntu.com/archives/ubuntu-devel/2010-January/029939.html
[6]: 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8b8e8c1bf7275eca859fe551dfa484134eaf013b
[17]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577788


** Bug watch added: github.com/ValveSoftware/Proton/issues #3243
   https://github.com/ValveSoftware/Proton/issues/3243

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1833322

Title:
  Consider removing irqbalance from default install on desktop images

Status in irqbalance package in Ubuntu:
  New
Status in ubuntu-meta package in Ubuntu:
  Confirmed

Bug description:
  as per https://github.com/pop-os/default-settings/issues/60

  Distribution (run cat /etc/os-release):

  $ cat /etc/os-release
  NAME="Pop!_OS"
  VERSION="19.04"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Pop!_OS 19.04"
  VERSION_ID="19.04"
  HOME_URL="https://system76.com/pop";
  SUPPORT_URL="http://support.system76.com";
  BUG_REPORT_URL="https://github.com/pop-os/pop/issues";
  PRIVACY_POLICY_URL="https://system76.com/privacy";
  VERSION_CODENAME=disco
  UBUNTU_CODENAME=disco

  Related Application and/or Package Version (run apt policy $PACKAGE
  NAME):

  $ apt policy irqbalance
  irqbalance:
  Installed: 1.5.0-3ubuntu1
  Candidate: 1.5.0-3ubuntu1
  Version table:
  *** 1.5.0-3ubuntu1 500
  500 http://us.archive.ubuntu.com/ubuntu disco/main amd64 Packages
  100 /var/lib/dpkg/status

  $ apt rdepends irqbalance
  irqbalance
  Reverse Depends:
  Recommends: ubuntu-standard
  gce-compute-image-packages

  Issue/Bug Description:

  as per konkor/cpufreq#48 and
  http://konkor.github.io/cpufreq/faq/#irqbalance-detected

  irqbalance is technically not needed on desktop systems (supposedly it
  is mainly for servers), and may actually reduce performance and power
  savings. It appears to provide benefits only to server environments
  that have relatively-constant loading. If it is truly a server-
  oriented package, then it shouldn't be installed by default on a
  desktop/laptop system and shouldn't be included in desktop OS images.

  Steps to reproduce (if you know):

  This is potentially an issue with all default installs.

  Expected behavior:

  n/a

  Other Notes:

  I can safely remove it via "sudo apt purge irqbalance" without any
  apparent adverse side-effects. If someone is running a situation where
  they need it, then they always have the option of installing it from
  the repositories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/irqbalance/+bug/1833322/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2015562] Re: [SRU] Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream)

2024-01-04 Thread Christian Ehrhardt 

Hey, while passing by I admit I only looked at the test plan and tried to get 
this moving by executing it.
Thanks for hinting at these further things to check ...

I still had the environment around

root@Jdnsmasq:~# apt-cache policy dnsmasq
dnsmasq:
  Installed: 2.86-1.1ubuntu0.4
  Candidate: 2.86-1.1ubuntu0.4

That resolved well, asking the configured dns (8.8.8.8 in my case) and
returning a proper answer.

root@Jdnsmasq:~# dig +short A www.thekelleys.org.uk @127.0.0.1
thekelleys.org.uk.
85.119.82.65
root@Jdnsmasq:~# dig +short A www.thekelleys.org.uk @127.0.0.1
thekelleys.org.uk.
85.119.82.65
root@Jdnsmasq:~# dig +short A www.thekelleys.org.uk @127.0.0.1
thekelleys.org.uk.
85.119.82.65

Since the original issue was about repeating queries (in other context and 
situation) I ran it a few times.
The log (we still have verbose logging enabled from the first test) shows the 
forward resolving just as expected:
Jan 05 07:32:56 Jdnsmasq dnsmasq[255]: query[A] www.thekelleys.org.uk from 
127.0.0.1
Jan 05 07:32:56 Jdnsmasq dnsmasq[255]: forwarded www.thekelleys.org.uk to 
8.8.8.8
Jan 05 07:32:56 Jdnsmasq dnsmasq[255]: reply www.thekelleys.org.uk is 
Jan 05 07:32:56 Jdnsmasq dnsmasq[255]: reply thekelleys.org.uk is 85.119.82.65


---


Now dnsmasqs version of a static entry

root@Jdnsmasq:~# echo "address=/domain/1.2.3.4" >> /etc/dnsmasq.conf
root@Jdnsmasq:~# systemctl restart dnsmasq
root@Jdnsmasq:~# dig +short A domain
1.2.3.4


---


Since I had that running over night I also see in the verbose logs all kind of 
expected background action and all that worked as well.
Like:
Jan 05 07:30:43 Jdnsmasq dnsmasq[255]: cached api.snapcraft.io is 185.125.188.54
Jan 05 07:30:43 Jdnsmasq dnsmasq[255]: cached api.snapcraft.io is 185.125.188.59
Jan 05 07:30:43 Jdnsmasq dnsmasq[255]: cached api.snapcraft.io is 185.125.188.58
Jan 05 07:30:43 Jdnsmasq dnsmasq[255]: cached api.snapcraft.io is 185.125.188.55
Jan 05 07:30:44 Jdnsmasq dnsmasq[255]: query[] 
canonical-bos01.cdn.snapcraftcontent.com from 127.0.0.1
Jan 05 07:30:44 Jdnsmasq dnsmasq[255]: forwarded 
canonical-bos01.cdn.snapcraftcontent.com to 8.8.8.8
Jan 05 07:30:44 Jdnsmasq dnsmasq[255]: query[A] 
canonical-bos01.cdn.snapcraftcontent.com from 127.0.0.1
Jan 05 07:30:44 Jdnsmasq dnsmasq[255]: forwarded 
canonical-bos01.cdn.snapcraftcontent.com to 8.8.8.8
Jan 05 07:30:44 Jdnsmasq dnsmasq[255]: reply 
canonical-bos01.cdn.snapcraftcontent.com is NODATA-IPv6
Jan 05 07:30:44 Jdnsmasq dnsmasq[255]: reply 
canonical-bos01.cdn.snapcraftcontent.com is 91.189.91.43
Jan 05 07:30:44 Jdnsmasq dnsmasq[255]: reply 
canonical-bos01.cdn.snapcraftcontent.com is 91.189.91.42
Jan 05 07:30:51 Jdnsmasq dnsmasq[255]: query[] api.snapcraft.io from 
127.0.0.1
Jan 05 07:30:51 Jdnsmasq dnsmasq[255]: cached api.snapcraft.io is NODATA-IPv6
Jan 05 07:30:51 Jdnsmasq dnsmasq[255]: query[A] api.snapcraft.io from 127.0.0.1
Jan 05 07:30:51 Jdnsmasq dnsmasq[255]: forwarded api.snapcraft.io to 8.8.8.8
Jan 05 07:30:51 Jdnsmasq dnsmasq[255]: reply api.snapcraft.io is 185.125.188.58
Jan 05 07:30:51 Jdnsmasq dnsmasq[255]: reply api.snapcraft.io is 185.125.188.55
Jan 05 07:30:51 Jdnsmasq dnsmasq[255]: reply api.snapcraft.io is 185.125.188.54
Jan 05 07:30:51 Jdnsmasq dnsmasq[255]: reply api.snapcraft.io is 185.125.188.59
...
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply archive.ubuntu.com is 
185.125.190.39
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply archive.ubuntu.com is 91.189.91.81
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply archive.ubuntu.com is 91.189.91.83
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply archive.ubuntu.com is 
2620:2d:4000:1::16
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply archive.ubuntu.com is 
2620:2d:4002:1::103
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply archive.ubuntu.com is 
2620:2d:4002:1::102
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply archive.ubuntu.com is 
2620:2d:4000:1::19
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply archive.ubuntu.com is 
2620:2d:4002:1::101
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 
185.125.190.36
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 91.189.91.81
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 91.189.91.83
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 91.189.91.82
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 
185.125.190.39
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 
2620:2d:4000:1::16
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 
2620:2d:4002:1::101
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 
2620:2d:4002:1::103
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 
2620:2d:4000:1::19
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: reply security.ubuntu.com is 
2620:2d:4002:1::102
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: query[SRV] _https._tcp.motd.ubuntu.com 
from 127.0.0.1
Jan 05 07:38:29 Jdnsmasq dnsmasq[765]: forwarded _https._tcp.motd.ubuntu.com to

[Touch-packages] [Bug 2037703] Re: dpkg-reconfigure openssh-server doesn't ask questions again

2024-01-04 Thread Christian Ehrhardt 

** Tags removed: server-triage-discuss

** Changed in: openssh (Ubuntu)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2037703

Title:
  dpkg-reconfigure openssh-server doesn't ask questions again

Status in openssh package in Ubuntu:
  New

Bug description:
  openssh-server does provide a couple of configuration options:

  [~]$ sudo debconf-get-selections |grep openssh-server
  openssh-serveropenssh-server/listenstream-may-failerror   
  openssh-serveropenssh-server/password-authentication  boolean true
  openssh-serveropenssh-server/permit-root-loginboolean true

  
  I want to change those options now interactively but nothing I tried worked 
and showed a dialog:

  [~]$ sudo dpkg-reconfigure -p low openssh-server  
  Warning: Stopping ssh.service, but it can still be activated by:
ssh.socket
  rescue-ssh.target is a disabled or a static unit not running, not starting it.

  [~]$ sudo dpkg-reconfigure -p low --force --frontend dialog openssh-server
  Warning: Stopping ssh.service, but it can still be activated by:
ssh.socket
  rescue-ssh.target is a disabled or a static unit not running, not starting it.


  But the documentation (https://manpages.debian.org/testing/debconf-
  doc/debconf.7.en.html#Reconfiguring_packages) does state that those
  commands should ask those questions again.

  
  p.s. also tried with a lxc debian-sid container and had the same problem 
there.

  ProblemType: Bug
  DistroRelease: Ubuntu 23.10
  Package: openssh-server 1:9.3p1-1ubuntu3
  ProcVersionSignature: Ubuntu 6.5.0-5.5-generic 6.5.0
  Uname: Linux 6.5.0-5-generic x86_64
  NonfreeKernelModules: zfs
  ApportVersion: 2.27.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Fri Sep 29 10:35:33 2023
  InstallationDate: Installed on 2023-05-10 (142 days ago)
  InstallationMedia: Ubuntu 23.04 "Lunar Lobster" - Release amd64 (20230418)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/usr/bin/zsh
   TERM=xterm-256color
   XDG_RUNTIME_DIR=
  SourcePackage: openssh
  UpgradeStatus: Upgraded to mantic on 2023-07-19 (71 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2037703/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2047719] Re: package slapd 2.4.49+dfsg-2ubuntu1.9 failed to install/upgrade: new slapd package pre-installation script subprocess returned error exit status 1

Thank you for taking the time to report bugs and help make Ubuntu
better.

This looks like a local configuration issue rather than a bug in the
software itself. Please check your configuration to make sure it's
correct. If you need help configuring, you can get community support in
the Ubuntu channels on libera.chat, or in
http://www.ubuntu.com/support/community

I'm marking this "Invalid" because it doesn't appear to be a bug, but if
I'm wrong, please change it back to "New" and add some more info to
point me in the right direction. Use this link as a guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html

** Changed in: openldap (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/2047719

Title:
  package slapd 2.4.49+dfsg-2ubuntu1.9 failed to install/upgrade: new
  slapd package pre-installation script subprocess returned error exit
  status 1

Status in openldap package in Ubuntu:
  Incomplete

Bug description:
  Happened while upgrading ubuntu distro

  ProblemType: Package
  DistroRelease: Ubuntu 22.04
  Package: slapd 2.4.49+dfsg-2ubuntu1.9
  ProcVersionSignature: Ubuntu 5.15.0-1053.61~20.04.1-azure 5.15.131
  Uname: Linux 5.15.0-1053-azure x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  Date: Fri Dec 29 23:55:31 2023
  ErrorMessage: new slapd package pre-installation script subprocess returned 
error exit status 1
  ProcCmdline: BOOT_IMAGE=/boot/vmlinuz-5.15.0-1053-azure 
root=UUID=b9df59e6-c806-4851-befa-12402bca5828 ro console=tty1 console=ttyS0 
earlyprintk=ttyS0 rootdelay=300
  Python3Details: /usr/bin/python3.10, Python 3.10.12, python3-minimal, 
3.10.6-1~22.04
  PythonDetails: N/A
  RebootRequiredPkgs: Error: path contained symlinks.
  RelatedPackageVersions:
   dpkg 1.21.1ubuntu2.2
   apt  2.4.11
  SourcePackage: openldap
  Title: package slapd 2.4.49+dfsg-2ubuntu1.9 failed to install/upgrade: new 
slapd package pre-installation script subprocess returned error exit status 1
  UpgradeStatus: Upgraded to jammy on 2023-12-29 (0 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2047719/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2047719] Re: package slapd 2.4.49+dfsg-2ubuntu1.9 failed to install/upgrade: new slapd package pre-installation script subprocess returned error exit status 1

Hi and thanks for the report,
it seems that the automatic "try to backup and upgrade" failed.
That is usually due to local config that does not behave well as it needs 
knowledge or assumptions the package can't have. Or at other times by using 
features that have been removed.

The log output is actually quite clear on what it tried, and that it
suggests to the admin to overcome this to continue.

"""
Preparing to unpack .../20-slapd_2.5.16+dfsg-0ubuntu0.22.04.1_amd64.deb ...
Saving current slapd configuration to 
/var/backups/slapd-2.4.49+dfsg-2ubuntu1.9...
  Dumping to /var/backups/slapd-2.4.49+dfsg-2ubuntu1.9: 
  - directory 
dc=1tmfm1mfbauutnso5ahdvmpnma,dc=gx,dc=internal,dc=cloudapp,dc=ne... slapcat: 
slap_init no backend for 
"dc=1tmfm1mfbauutnso5ahdvmpnma,dc=gx,dc=internal,dc=cloudapp,dc=ne"
failed.
[?1049h[?1h=[1;43r[4l[?25l[m[37m[40m[1;43r[H[J[1;1H[1m[37m[45m  


[2;1H  

[3;1H  


[4;1H  

[5;1H  


 [6;1H 

 [7;1H 


 [8;1H 

 [9;1H 


 [10;1H

   
[11;1H 

 [12;1H


  [13;1H   

   [14;1H  


[15;1H 

  [16;1H   


   [17;1H  

[18;1H 


 [19;1H

  [20;1H   


   [21;1H

[Touch-packages] [Bug 2047082] Re: upgrading openssh-server always shows error: rescue-ssh.target is a disabled or a static unit not running, not starting it.

** Tags added: server-todo

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2047082

Title:
  upgrading openssh-server always shows error: rescue-ssh.target is a
  disabled or a static unit not running, not starting it.

Status in openssh package in Ubuntu:
  New

Bug description:
  In our project we regularly build Ubuntu VM images for current 23.10
  (stable). In https://github.com/cockpit-project/bots/issues/5691 we
  ran into an upgrade failure of openssh-server. It starts with the
  current cloud image and then apt upgrades it, with
  "DEBIAN_FRONTEND=noninteractive". openssh was updated a few days ago
  indeed:

Setting up openssh-server (1:9.3p1-1ubuntu3.1) ...
Creating SSH2 ECDSA key; this may take some time ...
256 SHA256:UqrRSpQNM7SIixVivYP/WwZRjt7Sv89P31W/Gxaf+Z8 root@ubuntu (ECDSA)
Creating SSH2 ED25519 key; this may take some time ...
256 SHA256:hy9AEDydfnZeY9nf9P4Sb90kx39Oqr101A6tz5j4RQw root@ubuntu (ED25519)
rescue-ssh.target is a disabled or a static unit not running, not starting 
it.
Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 145.
dpkg: error processing package openssh-server (--configure):
 installed openssh-server package post-installation script subprocess 
returned error exit status 1

  I.e. of course that security update itself [1] didn't introduce the
  regression, but earlier VM builds just didn't have a pending openssh
  update -- looks like this has been a luring upgrade trap in the
  release already.

  As a first naïve reproducer I tried

apt update
DEBIAN_FRONTEND=noninteractive apt update openssh-server

  on our current VM (with the release version 1:9.3p1-1ubuntu3), and
  that worked fine. Same with installing all 9 available packages.
  rescue.target is loaded/inactive/static, as it should be. Updating
  without DEBIAN_FRONTEND does show me a conffile prompt about
  /etc/ssh/sshd_config, which is justified as we do modify the config:

# Allow root login with password
sed -i 's/^[# ]*PermitRootLogin .*/PermitRootLogin yes/' 
/etc/ssh/sshd_config
# Prevent SSH from hanging for a long time when no external network access
echo 'UseDNS no' >> /etc/ssh/sshd_config

  this also leads to a merge conflict. However, I suppose all of that is
  tangential to the rescue-ssh.target issue. In all my interactive
  upgrades, it seemed to handle that just fine:

Setting up openssh-server (1:9.3p1-1ubuntu3.1) ...
rescue-ssh.target is a disabled or a static unit not running, not starting 
it.

  So this seems to be related to the first-time installation of openssh-
  server -- it is part of the cloud image, but it does the host key
  generation during our image builds.

  So reproducing this is a bit tricky, but aside from that: Why does it
  even do this in the first place?

  # Automatically added by dh_installsystemd/13.11.6ubuntu1
  if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = 
"abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
  if [ -d /run/systemd/system ]; then
  systemctl --system daemon-reload >/dev/null || true
  if [ -n "$2" ]; then
  _dh_action=restart
  else
  _dh_action=start
  fi
  deb-systemd-invoke $_dh_action 'rescue-ssh.target' >/dev/null 
|| true
  fi
  fi

  It feels like the postinst should *never* try to start rescue-
  ssh.target. That's an alternative boot mode, and should never run un
  multi-user.target, isn't it?

  [1] https://launchpad.net/ubuntu/+source/openssh/1:9.3p1-1ubuntu3.1

  DistroRelease: Ubuntu 23.10
  PackageVersion: openssh-server 1:9.3p1-1ubuntu3.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2047082/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2037703] Re: dpkg-reconfigure openssh-server doesn't ask questions again

** Tags added: server-triage-discuss

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2037703

Title:
  dpkg-reconfigure openssh-server doesn't ask questions again

Status in openssh package in Ubuntu:
  New

Bug description:
  openssh-server does provide a couple of configuration options:

  [~]$ sudo debconf-get-selections |grep openssh-server
  openssh-serveropenssh-server/listenstream-may-failerror   
  openssh-serveropenssh-server/password-authentication  boolean true
  openssh-serveropenssh-server/permit-root-loginboolean true

  
  I want to change those options now interactively but nothing I tried worked 
and showed a dialog:

  [~]$ sudo dpkg-reconfigure -p low openssh-server  
  Warning: Stopping ssh.service, but it can still be activated by:
ssh.socket
  rescue-ssh.target is a disabled or a static unit not running, not starting it.

  [~]$ sudo dpkg-reconfigure -p low --force --frontend dialog openssh-server
  Warning: Stopping ssh.service, but it can still be activated by:
ssh.socket
  rescue-ssh.target is a disabled or a static unit not running, not starting it.


  But the documentation (https://manpages.debian.org/testing/debconf-
  doc/debconf.7.en.html#Reconfiguring_packages) does state that those
  commands should ask those questions again.

  
  p.s. also tried with a lxc debian-sid container and had the same problem 
there.

  ProblemType: Bug
  DistroRelease: Ubuntu 23.10
  Package: openssh-server 1:9.3p1-1ubuntu3
  ProcVersionSignature: Ubuntu 6.5.0-5.5-generic 6.5.0
  Uname: Linux 6.5.0-5-generic x86_64
  NonfreeKernelModules: zfs
  ApportVersion: 2.27.0-0ubuntu2
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Fri Sep 29 10:35:33 2023
  InstallationDate: Installed on 2023-05-10 (142 days ago)
  InstallationMedia: Ubuntu 23.04 "Lunar Lobster" - Release amd64 (20230418)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/usr/bin/zsh
   TERM=xterm-256color
   XDG_RUNTIME_DIR=
  SourcePackage: openssh
  UpgradeStatus: Upgraded to mantic on 2023-07-19 (71 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2037703/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2015562] Re: [SRU] Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream)

Verifying according to the instructions - Before the update I got this as 
expected:

root@Jdnsmasq:~# dig A netflix.com @127.0.0.1
;; communications error to 127.0.0.1#53: timed out
;; communications error to 127.0.0.1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> A netflix.com @127.0.0.1
;; global options: +cmd
;; no servers could be reached


Jan 02 11:13:01 Jdnsmasq systemd[1]: dnsmasq.service: Main process exited, 
code=dumped, status=11/SEGV
Jan 02 11:13:01 Jdnsmasq systemd[1]: dnsmasq.service: Failed with result 
'core-dump'.


---

Upgrade

...
Preparing to unpack .../12-dnsmasq-base_2.86-1.1ubuntu0.4_amd64.deb ...
Unpacking dnsmasq-base (2.86-1.1ubuntu0.4) over (2.86-1.1ubuntu0.3) ...
Preparing to unpack .../13-dnsmasq_2.86-1.1ubuntu0.4_all.deb ...
Unpacking dnsmasq (2.86-1.1ubuntu0.4) over (2.86-1.1ubuntu0.3) ...
...
worked without issues


---

root@Jdnsmasq:~# systemctl status dnsmasq
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
 Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor 
preset: enabled)
 Active: active (running) since Tue 2024-01-02 11:18:03 UTC; 3s ago
Process: 4327 ExecStartPre=/etc/init.d/dnsmasq checkconfig (code=exited, 
status=0/SUCCESS)
Process: 4335 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, 
status=0/SUCCESS)
Process: 4344 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf 
(code=exited, status=0/SUCCESS)
   Main PID: 4343 (dnsmasq)
  Tasks: 1 (limit: 38247)
 Memory: 588.0K
CPU: 45ms
 CGroup: /system.slice/dnsmasq.service
 └─4343 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 
/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service 
--trust-anchor=.,20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bb>

Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: using standard nameservers for 
netflix.com
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: reading /etc/resolv.conf
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: using nameserver 8.8.8.8#53
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: ignoring nameserver 127.0.0.1 - local 
interface
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: using standard nameservers for 
example.com
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: using standard nameservers for 
nflxext.com
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: using standard nameservers for 
netflix.net
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: using standard nameservers for 
netflix.com
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: read /etc/hosts - 7 addresses
Jan 02 11:18:03 Jdnsmasq systemd[1]: Started dnsmasq - A lightweight DHCP and 
caching DNS server.


---


Trying the issue trigger again:

root@Jdnsmasq:~# dig +short -tA ubuntu.com @127.0.0.1
185.125.190.29
185.125.190.20
185.125.190.21
root@Jdnsmasq:~# dig +short -t ubuntu.com @127.0.0.1
2620:2d:4000:1::27
2620:2d:4000:1::28
2620:2d:4000:1::26
root@Jdnsmasq:~# dig A netflix.com @127.0.0.1

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> A netflix.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63180
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;netflix.com.   IN  A

;; ANSWER SECTION:
netflix.com.60  IN  A   18.200.8.190
netflix.com.60  IN  A   54.155.246.232
netflix.com.60  IN  A   54.73.148.110

;; Query time: 16 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Jan 02 11:18:36 UTC 2024
;; MSG SIZE  rcvd: 88

root@Jdnsmasq:~# dig A netflix.com @127.0.0.1

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> A netflix.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29034
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;netflix.com.   IN  A

;; ANSWER SECTION:
netflix.com.52  IN  A   54.73.148.110
netflix.com.52  IN  A   54.155.246.232
netflix.com.52  IN  A   18.200.8.190

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Tue Jan 02 11:18:44 UTC 2024
;; MSG SIZE  rcvd: 88


---


working fine now, no segfault

log only has the start:
Jan 02 11:18:03 Jdnsmasq dnsmasq[4343]: compile time options: IPv6 GNU-getopt 
DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash 
DNSSEC loop-detect inotify dumpfile

---


Setting as verified


** Tags removed: verification-needed verification-needed-jammy
** Tags added: verification-done verification-done-jammy

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launc

[Touch-packages] [Bug 2046624] Re: apparmor breaks surfshark vpn

2023-12-17 Thread Christian Boltz

> with the new apparmor Candidate: 4.0.0~alpha2-0ubuntu7
>  DistroRelease: Ubuntu 24.04

This bug smells like a userns issue - programs using userns (often used
for sandboxing) now _must have_ an AppArmor profile.

Can you please save the following as /etc/apparmor.d/surfshark? (Adjust
the path to surfshark to the real path - /PATH/TO/ is for sure incorrect
;-)


abi ,
include 

profile surfshark /PATH/TO/surfshark flags=(unconfined) {
  userns,

  # Site-specific additions and overrides. See local/README for details.
  include if exists 
}


Note: If I get comment #5 right, the actual executable might be /usr/bin/gjs. 
You can use this path in the profile _for testing_, but the real solution is to 
have a profile specific to surfshark, possibly with AppArmorProfile=surfshark 
in the systemd unit.

After creating the profile, reload the AppArmor profiles to enable the
new profile.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2046624

Title:
  apparmor breaks surfshark vpn

Status in apparmor package in Ubuntu:
  New

Bug description:
  with the new   apparmor Candidate: 4.0.0~alpha2-0ubuntu7
  Breaks my VPN

 *surfshark
  [33104:1216/072144.904027:FATAL:credentials.cc(127)] Check failed: . : 
Permission denied (13)
  Trace/breakpoint trap

  It will work with --no-sandbox "surfshark --no-sandbox" not ideal.
  I removed apparmor for proof

  *apt policy apparmor
  apparmor:
Installed: (none)
Candidate: 4.0.0~alpha2-0ubuntu7
Version table:
   4.0.0~alpha2-0ubuntu7 500
  500 http://us.archive.ubuntu.com/ubuntu noble/main amd64 Packages
  Now my VPN works as expected, spent 2 hrs this morning with surfshark 
support, they will get back to me in a day or two, but they can't find anything 
wrong on their end.

  So far it points to apparmor

  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: apparmor (not installed)
  ProcVersionSignature: Ubuntu 6.5.0-9.9-generic 6.5.3
  Uname: Linux 6.5.0-9-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia zfs
  ApportVersion: 2.27.0-0ubuntu6
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: XFCE
  Date: Sat Dec 16 10:40:00 2023
  InstallationDate: Installed on 2023-12-10 (6 days ago)
  InstallationMedia: Xubuntu 24.04 "Noble Numbat" - Daily amd64 (20231127)
  SourcePackage: apparmor
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.default.apport:
   # set this to 0 to disable apport, or to 1 to enable it
   # you can temporarily override this with
   # sudo service apport start force_start=1
   enabled=0
  mtime.conffile..etc.default.apport: 2023-12-12T09:43:48.905263

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2046624/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2045577] Re: Demote isc-dhcp-server to universe

2023-12-15 Thread Christian Ehrhardt 

I've discussed with MAAS and Dimitri, we moved it to the community-maas seed.
=> https://code.launchpad.net/~paelzer/ubuntu-seeds/+git/platform/+merge/457339
Thereby it should (tm) no more be in component mismatches.

The other AAs haven't replied yet if they'd need something else, that
answer might only happen in 2024.

But after the seed updates we should already be much better, demoting
again.

Right now there is only 4.4.3-P1-4ubuntu1 in noble, nothing in proposed
- maybe the former loss was due to that not correctly being carried over
when moving to -release?

Override component to universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble amd64: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble arm64: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble armhf: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble ppc64el: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble riscv64: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble s390x: main/net/optional/100% -> 
universe
Override [y|N]? y
6 publications overridden.


** Changed in: isc-dhcp (Ubuntu)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/2045577

Title:
  Demote isc-dhcp-server to universe

Status in isc-dhcp package in Ubuntu:
  Fix Released

Bug description:
  Following up on the isc-kea promotion (LP: #2002861) as the new
  supported DHCP server, it is now time to demote isc-dhcp-server.

  All the packages that are in.

  While we are not ready to demote all isc-dhcp packages (there are
  still packages in main that reverse depend/recommend isc-dhcp-client),
  we are ready to demote isc-dhcp-server.

  $ reverse-depends isc-dhcp-server
  Reverse-Recommends
  ==
  * fai-server

  Reverse-Depends
  ===
  * fai-quickstart
  * isc-dhcp-server-ldap [amd64 arm64 armhf ppc64el s390x]

  Packages without architectures listed are reverse-dependencies in:
  amd64, arm64, armhf, i386, ppc64el, s390x

  $ reverse-depends -b isc-dhcp-server
  Reverse-Testsuite-Triggers
  ==
  * chrony
  * dracut

  As shown there are no reverse dependencies for isc-dhcp-server in
  main. There are Reverse-Testsuite-Triggers in main, but these should
  not be considered for demotion matters here.

  The seeds at https://git.launchpad.net/~ubuntu-core-dev/ubuntu-
  seeds/+git/platform/tree/?h=noble contain 2 entries for isc-dhcp-
  server:

  $ grep -r isc-dhcp-server *
  supported-maas: * isc-dhcp-server
  supported-misc-servers: * isc-dhcp-server

  I will proceed with removing the supported-misc-servers entry. Once
  this is removed from supported-maas, the package will no longer be
  seeded (we should then get a component mismatch) and can be safely
  demoted to universe.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/2045577/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2045771] Re: [MIR] isc-dhcp-server

2023-12-12 Thread Christian Ehrhardt 

** Description changed:

+ This isn't really MIR, but a reminder found by the tooling that tells us
+ why it is no more in main >=Noble.
+ 
+ ---
+ 
  This was demoted due to LP: #2045577.
  
  This will keep showing in component mismatches as needed from MAAS (just
  like ipmitool did for years) for now.
  
  MAAS is no more part of the Archive and planned to move off of using
  isc-dhcp in PF-3898, that has had some changes over time (not committed
  in last cycle, changed the approach this cycle) - but either way they
  will move off of it and we are no more holding it in main in Ubuntu just
  like that.
  
  Please, do not move it back to main for the time being.
  
  See LP: #2045577 for further reference.

** Description changed:

  This isn't really MIR, but a reminder found by the tooling that tells us
  why it is no more in main >=Noble.
  
  ---
  
  This was demoted due to LP: #2045577.
  
  This will keep showing in component mismatches as needed from MAAS (just
  like ipmitool did for years) for now.
  
- MAAS is no more part of the Archive and planned to move off of using
- isc-dhcp in PF-3898, that has had some changes over time (not committed
- in last cycle, changed the approach this cycle) - but either way they
- will move off of it and we are no more holding it in main in Ubuntu just
- like that.
+ MAAS is no more part of the Archive and planned to move off of using isc-dhcp 
in PF-3898, that has had some changes over time (communicated in late 2022, 
filed as a need in 23.04, changed the approach while in 24.04).
+ But either way they will move off of it and we are no more holding it in main 
in Ubuntu just for that (there are good reasons it is demoted).
  
  Please, do not move it back to main for the time being.
  
  See LP: #2045577 for further reference.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/2045771

Title:
  [MIR] isc-dhcp-server

Status in isc-dhcp package in Ubuntu:
  Won't Fix

Bug description:
  This isn't really MIR, but a reminder found by the tooling that tells
  us why it is no more in main >=Noble.

  ---

  This was demoted due to LP: #2045577.

  This will keep showing in component mismatches as needed from MAAS
  (just like ipmitool did for years) for now.

  MAAS is no more part of the Archive and planned to move off of using isc-dhcp 
in PF-3898, that has had some changes over time (communicated in late 2022, 
filed as a need in 23.04, changed the approach while in 24.04).
  But either way they will move off of it and we are no more holding it in main 
in Ubuntu just for that (there are good reasons it is demoted).

  Please, do not move it back to main for the time being.

  See LP: #2045577 for further reference.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/2045771/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2045771] Re: [MIR] isc-dhcp-server

2023-12-12 Thread Christian Ehrhardt 

** Description changed:

- This was demoted due to LP: #2045577. This will keep showing in
- component mismatches as ipmitool for now.
+ This was demoted due to LP: #2045577.
+ 
+ This will keep showing in component mismatches as needed from MAAS (just
+ like ipmitool did for years) for now.
+ 
+ MAAS is no more part of the Archive and planned to move off of using
+ isc-dhcp in PF-3898, that has had some changes over time (not committed
+ in last cycle, changed the approach this cycle) - but either way they
+ will move off of it and we are no more holding it in main in Ubuntu just
+ like that.
  
  Please, do not move it back to main for the time being.
  
  See LP: #2045577 for further reference.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/2045771

Title:
  [MIR] isc-dhcp-server

Status in isc-dhcp package in Ubuntu:
  Won't Fix

Bug description:
  This was demoted due to LP: #2045577.

  This will keep showing in component mismatches as needed from MAAS
  (just like ipmitool did for years) for now.

  MAAS is no more part of the Archive and planned to move off of using
  isc-dhcp in PF-3898, that has had some changes over time (not
  committed in last cycle, changed the approach this cycle) - but either
  way they will move off of it and we are no more holding it in main in
  Ubuntu just like that.

  Please, do not move it back to main for the time being.

  See LP: #2045577 for further reference.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/2045771/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2045577] Re: Demote isc-dhcp-server to universe

2023-12-06 Thread Christian Ehrhardt 

Hi Athos,
agreed:

According to [1] all that is holding it back is MAAS still referrring to it.
But I'm afraid of doing the demotion last minute as a surprise to the wider 
Ubuntu.

The MAAS team has been involved in planning and preparing for this.
They have committed to get rid of their dependency.

And then OTOH the supported-maas seed also does depend and show imptools
all the time and it was left open.

So ack, we want to demote this right now to make sure everyone, and not
just MAAS, is more even more aware.

The source can not yet move as Foundations works on letting the client
fully go.

Demoted in proposed and will go to noble in full once 4.4.3-P1-4ubuntu1
migrates.

Override component to universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble amd64: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble arm64: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble armhf: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble ppc64el: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble riscv64: main/net/optional/100% -> 
universe
isc-dhcp-server 4.4.3-P1-4ubuntu1 in noble s390x: main/net/optional/100% -> 
universe
Override [y|N]? y
6 publications overridden


@Athos - please create a MIR bug saying "Won't Fix" and some reference to this 
and the rest of the history. To be found by component mismatches, otherwise 
another friendly archive admin will just re-promote it.

[1]: https://ubuntu-archive-team.ubuntu.com/germinate-
output/ubuntu.jammy/rdepends/isc-dhcp/isc-dhcp-server

** Changed in: isc-dhcp (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/2045577

Title:
  Demote isc-dhcp-server to universe

Status in isc-dhcp package in Ubuntu:
  Fix Released

Bug description:
  Following up on the isc-kea promotion (LP: #2002861) as the new
  supported DHCP server, it is now time to demote isc-dhcp-server.

  All the packages that are in.

  While we are not ready to demote all isc-dhcp packages (there are
  still packages in main that reverse depend/recommend isc-dhcp-client),
  we are ready to demote isc-dhcp-server.

  $ reverse-depends isc-dhcp-server
  Reverse-Recommends
  ==
  * fai-server

  Reverse-Depends
  ===
  * fai-quickstart
  * isc-dhcp-server-ldap [amd64 arm64 armhf ppc64el s390x]

  Packages without architectures listed are reverse-dependencies in:
  amd64, arm64, armhf, i386, ppc64el, s390x

  $ reverse-depends -b isc-dhcp-server
  Reverse-Testsuite-Triggers
  ==
  * chrony
  * dracut

  As shown there are no reverse dependencies for isc-dhcp-server in
  main. There are Reverse-Testsuite-Triggers in main, but these should
  not be considered for demotion matters here.

  The seeds at https://git.launchpad.net/~ubuntu-core-dev/ubuntu-
  seeds/+git/platform/tree/?h=noble contain 2 entries for isc-dhcp-
  server:

  $ grep -r isc-dhcp-server *
  supported-maas: * isc-dhcp-server
  supported-misc-servers: * isc-dhcp-server

  I will proceed with removing the supported-misc-servers entry. Once
  this is removed from supported-maas, the package will no longer be
  seeded (we should then get a component mismatch) and can be safely
  demoted to universe.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/2045577/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2039294] Re: apparmor docker

2023-11-19 Thread Christian Boltz

Slightly related:

> /usr/sbin/runc flags=(unconfined) {

Shouldn't that nowadays be(come)

profile runc /usr/sbin/runc flags=(unconfined) {

Ideally please fix this now, so that the upstream docker profile can use
peer=runc

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2039294

Title:
  apparmor docker

Status in docker:
  New
Status in apparmor package in Ubuntu:
  Incomplete

Bug description:
  No LSB modules are available.
  Distributor ID: Ubuntu
  Description:Ubuntu 23.10
  Release:23.10
  Codename:   mantic

  
  Docker version 24.0.5, build 24.0.5-0ubuntu1

  
  Graceful shutdown doesn't work anymore due to SIGTERM and SIGKILL (maybe all 
signals?) doesn't reach the target process. Works when apparmor is uninstalled.

  
  [17990.085295] audit: type=1400 audit(1697213244.019:981): apparmor="DENIED" 
operation="signal" class="signal" profile="docker-default" pid=172626 
comm="runc" requested_mask="receive" denied_mask="receive" signal=term 
peer="/usr/sbin/runc"
  [17992.112517] audit: type=1400 audit(1697213246.043:982): apparmor="DENIED" 
operation="signal" class="signal" profile="docker-default" pid=172633 
comm="runc" requested_mask="receive" denied_mask="receive" signal=kill 
peer="/usr/sbin/runc"

To manage notifications about this bug go to:
https://bugs.launchpad.net/docker/+bug/2039294/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2030684] Re: tzname[1] empty after tzset() with env TZ="UTC"

2023-09-20 Thread Christian Ehrhardt 

This bug is no more an issue marking fixed

** Changed in: python-django (Ubuntu)
   Status: New => Fix Released

** Changed in: django-mailman3 (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to tzdata in Ubuntu.
https://bugs.launchpad.net/bugs/2030684

Title:
  tzname[1] empty after tzset() with env TZ="UTC"

Status in django-mailman3 package in Ubuntu:
  Fix Released
Status in php8.2 package in Ubuntu:
  Triaged
Status in postgresql-15 package in Ubuntu:
  Fix Committed
Status in python-django package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Invalid
Status in tzdata package in Ubuntu:
  Fix Released
Status in tzdata package in Debian:
  Fix Released

Bug description:
  The following program prints different output when run with tzdata
  2023c-7ubuntu1 from mantic, versus tzdata 2023c-8ubuntu1 from mantic-
  proposed:

  root@mantic:~# cat bug.c 
  #include 
  #include 
  #include 
  #include 
  #include 

  int main(void) {
  int r;

  r = setenv("TZ", ":UTC", 1);
  if (r < 0) {
  printf("Failed to set TZ env var: %s\n", strerror(errno));
  return 1;
  }

  tzset();

  printf("timezone = %lu, daylight = %d\n", timezone, daylight);
  printf("tzname[0] = %s, tzname[1] = %s\n", tzname[0], tzname[1]);
  }

  root@mantic:~# gcc bug.c
  root@mantic:~# ./a.out 
  timezone = 0, daylight = 0
  tzname[0] = UTC, tzname[1] = UTC
  root@mantic:~# apt-cache policy tzdata
  tzdata:
Installed: 2023c-7ubuntu1
Candidate: 2023c-7ubuntu1
Version table:
   *** 2023c-7ubuntu1 500
  500 http://archive.ubuntu.com/ubuntu mantic/main amd64 Packages
  100 /var/lib/dpkg/status

  If I install tzdata from mantic-proposed, I get different output:

  root@mantic:~# vi /etc/apt/sources.list
  root@mantic:~# apt update && apt install tzdata
  Hit:1 http://archive.ubuntu.com/ubuntu mantic InRelease
  Hit:2 http://security.ubuntu.com/ubuntu mantic-security InRelease
  Get:3 http://archive.ubuntu.com/ubuntu mantic-proposed InRelease [118 kB]
  Hit:4 http://archive.ubuntu.com/ubuntu mantic-updates InRelease
  Hit:5 http://archive.ubuntu.com/ubuntu mantic-backports InRelease
  Get:6 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 Packages 
[35.9 kB]
  Get:7 http://archive.ubuntu.com/ubuntu mantic-proposed/main Translation-en 
[14.8 kB]
  Get:8 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 DEP-11 
Metadata [2376 B]
  Get:9 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 c-n-f 
Metadata [1004 B]
  Get:10 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted amd64 
Packages [15.9 kB]
  Get:11 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted 
Translation-en [3564 B]
  Get:12 http://archive.ubuntu.com/ubuntu mantic-proposed/restricted amd64 
c-n-f Metadata [336 B]
  Fetched 192 kB in 1s (324 kB/s) 
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  72 packages can be upgraded. Run 'apt list --upgradable' to see them.
  root@mantic:~# apt install tzdata=2023c-8ubuntu1
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  The following packages were automatically installed and are no longer 
required:
libefiboot1 libefivar1
  Use 'apt autoremove' to remove them.
  The following packages will be upgraded:
tzdata
  1 upgraded, 0 newly installed, 0 to remove and 72 not upgraded.
  Need to get 269 kB of archives.
  After this operation, 142 kB disk space will be freed.
  Get:1 http://archive.ubuntu.com/ubuntu mantic-proposed/main amd64 tzdata all 
2023c-8ubuntu1 [269 kB]
  Fetched 269 kB in 0s (867 kB/s)
  Preconfiguring packages ...
  (Reading database ... 39935 files and directories currently installed.)
  Preparing to unpack .../tzdata_2023c-8ubuntu1_all.deb ...
  Unpacking tzdata (2023c-8ubuntu1) over (2023c-7ubuntu1) ...
  Setting up tzdata (2023c-8ubuntu1) ...

  Current default time zone: 'Etc/UTC'
  Local time is now:  Mon Aug  7 21:18:35 UTC 2023.
  Universal Time is now:  Mon Aug  7 21:18:35 UTC 2023.
  Run 'dpkg-reconfigure tzdata' if you wish to change it.

  Scanning processes... 


 
  Scanning candidates...


 

  Restarting services...
  Service restarts being deferred:
   systemctl restart systemd-logind.service
   systemctl restart unattended-upgrades.s

[Touch-packages] [Bug 2033569] Re: suddenly choked on multiseat config in a way that survives reboots and even purging it

2023-09-07 Thread Christian Pernegger

Found a solution.

There were two separate issues:

FIRST ISSUE

Apparently systemd likes to start up lightdm early, so early that on a
reasonably fast system the GPU driver won't be ready in time ...

(I thought this was what systemd's dependency handling was for, but
never mind.)

This seems to be a long-standing issue; it's neither multiseat- nor GPU-
driver-specific. And considering this is just a budget AMD box, albeit a
new one, it's going to bite more and more people in future.

My hypothesis re. why the first few boots with lightdm worked is that I
was still in the middle of setting up the box, i.e. a lot changed from
one boot to the next. Either one of those changes triggered the timing
issue, or "clean" boots are faster per se.

The workarounds detailed in the Arch Wiki
(https://wiki.archlinux.org/title/LightDM#LightDM_does_not_appear_or_monitor_only_displays_TTY_output)
both work, to wit:

1) Add

[LightDM]
logind-check-graphical=true

in /etc/lightdm/lightdm.conf

- OR -

2) Enable early KMS by adding your GPU driver module to /etc/initramfs-
tools/modules and running update-initramfs -k all -u.

SECOND ISSUE:
At some point while trying to fix this I deleted /var/lib/lightdm as well,
which is lightdm's home directory. Since purging lightdm does not remove the
lightdm user, reinstalling it will not (re)create this directory. Unfortunately
the symptoms are the same as above--lightdm goes into a restart loop, then
gives up.

Now, the second issue probably isn't a bug, though the postinst script could at
least print a warning if the home directory isn't present and writeable, but
the first one is, IMHO.

--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/2033569

Title:
suddenly choked on multiseat config in a way that survives reboots and
even purging it

Status in lightdm package in Ubuntu:
New

Bug description:
I have a bog-standard loginctl multiseat setup, using lightdm because
of #2033323. Except for the lack of session locking, it worked
beautifully, across multiple reboots. Until it didn't.

Box woke from suspend, and to be fair was acting strangely even then
(Steam suddenly tried to launch using the iGPU), so suspend may well
be broken on this box, but if so, that's a separate issue. Anyway, I
rebooted, no lightdm greeter to be seen, the screen on seat1 was
black. I did not have easy access to seat0 at the time.

The journal has, looping:
systemd[1]: Failed to start Detect the available GPUs and deal with any
system changes.
systemd[1]: lightdm.service: Start request repeated too quickly.
token systemd[1]: lightdm.service: Failed with result 'exit-code'.
token systemd[1]: Failed to start Light Display Manager.

The first line is from gpu-manager.service, whose log contains
Vendor/Device Id: 1002:164e
BusID "PCI:110@0:0:0"
Is boot vga? no
Error: can't access /sys/bus/pci/devices/:6e:00.0/driver
The device is not bound to any driver.
Vendor/Device Id: 1002:73ff
BusID "PCI:3@0:0:0"
Is boot vga? yes
Error : Failed to open /dev/dri
Error : Failed to open /dev/dri
Error : Failed to open /dev/dri
Error : Failed to open /dev/dri

x-0 log has
vesa: Ignoring device with a bound kernel driver
vesa: Ignoring device with a bound kernel driver
(EE)
Fatal server error:
(EE) no screens found(EE)

Scary.

Thing is, both the iGPU and the dGPU are claimed by amdgpu, their
"driver" symlink is accessible just fine. Switch back to gdm via dpkg-
reconfigure, it boots up fine again. It's just lightdm that's hosed.

I tried purging lightdm and lightdm-gtk-greeter, along with and
/var/lib/lightdm, and reinstalling the packages, but no dice. What
does work is starting lightdm.service manually over ssh: It takes
about 1-4 tries for both gpu-manager and lightdm to successfully
launch and bring up both greeters. Reboot, and it fails again.

Some kind of race condition due to too lax timing and/or dependencies
in the lightdm service file? Something unrelated changed the order and
or speed at which systemd executes the service files, i.e. it worked
by accident before and now it doesn't?

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: lightdm 1.30.0-0ubuntu5
Uname: Linux 6.4.12-060412-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: pass
Date: Thu Aug 31 03:16:56 2023
InstallationDate: Installed on 2023-08-25 (5 days ago)
InstallationMedia: Ubuntu 22.04.3 LTS "Jammy Jellyfish" - Release amd64
(20230807.2)
SourcePackage: lightdm
UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/2033569/+subscriptions

--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsu

[Touch-packages] [Bug 2033569] Re: suddenly choked on multiseat config in a way that survives reboots and even purging it

2023-09-02 Thread Christian Pernegger

gpu-manager.service is probably a red herring, or a separate bug. I 
(sometimes?) get "Error: can't access /sys/bus/pci/devices/:6e:00.0/driver 
\ The device is not bound to any driver." when booting with gdm as well; yet 
gpu-manager.service doesn't fail, and gdm comes up normally.
 I

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/2033569

Title:
  suddenly choked on multiseat config in a way that survives reboots and
  even purging it

Status in lightdm package in Ubuntu:
  New

Bug description:
  I have a bog-standard loginctl multiseat setup, using lightdm because
  of #2033323. Except for the lack of session locking, it worked
  beautifully, across multiple reboots. Until it didn't.

  Box woke from suspend, and to be fair was acting strangely even then
  (Steam suddenly tried to launch using the iGPU), so suspend may well
  be broken on this box, but if so, that's a separate issue. Anyway, I
  rebooted, no lightdm greeter to be seen, the screen on seat1 was
  black. I did not have easy access to seat0 at the time.

  The journal has, looping:
  systemd[1]: Failed to start Detect the available GPUs and deal with any 
system changes.
  systemd[1]: lightdm.service: Start request repeated too quickly.
  token systemd[1]: lightdm.service: Failed with result 'exit-code'.
  token systemd[1]: Failed to start Light Display Manager.

  The first line is from gpu-manager.service, whose log contains
  Vendor/Device Id: 1002:164e
  BusID "PCI:110@0:0:0"
  Is boot vga? no
  Error: can't access /sys/bus/pci/devices/:6e:00.0/driver
  The device is not bound to any driver.
  Vendor/Device Id: 1002:73ff
  BusID "PCI:3@0:0:0"
  Is boot vga? yes
  Error : Failed to open /dev/dri
  Error : Failed to open /dev/dri
  Error : Failed to open /dev/dri
  Error : Failed to open /dev/dri

  x-0 log has
  vesa: Ignoring device with a bound kernel driver
  vesa: Ignoring device with a bound kernel driver
  (EE) 
  Fatal server error:
  (EE) no screens found(EE) 

  Scary.

  Thing is, both the iGPU and the dGPU are claimed by amdgpu, their
  "driver" symlink is accessible just fine. Switch back to gdm via dpkg-
  reconfigure, it boots up fine again. It's just lightdm that's hosed.

  I tried purging lightdm and lightdm-gtk-greeter, along with and
  /var/lib/lightdm, and reinstalling the packages, but no dice. What
  does work is starting lightdm.service manually over ssh: It takes
  about 1-4 tries for both gpu-manager and lightdm to successfully
  launch and bring up both greeters. Reboot, and it fails again.

  Some kind of race condition due to too lax timing and/or dependencies
  in the lightdm service file? Something unrelated changed the order and
  or speed at which systemd executes the service files, i.e. it worked
  by accident before and now it doesn't?

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: lightdm 1.30.0-0ubuntu5
  Uname: Linux 6.4.12-060412-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: pass
  Date: Thu Aug 31 03:16:56 2023
  InstallationDate: Installed on 2023-08-25 (5 days ago)
  InstallationMedia: Ubuntu 22.04.3 LTS "Jammy Jellyfish" - Release amd64 
(20230807.2)
  SourcePackage: lightdm
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/2033569/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2033569] [NEW] suddenly choked on multiseat config in a way that survives reboots and even purging it

2023-08-30 Thread Christian Pernegger

Public bug reported:

I have a bog-standard loginctl multiseat setup, using lightdm because of
#2033323. Except for the lack of session locking, it worked beautifully,
across multiple reboots. Until it didn't.

Box woke from suspend, and to be fair was acting strangely even then
(Steam suddenly tried to launch using the iGPU), so suspend may well be
broken on this box, but if so, that's a separate issue. Anyway, I
rebooted, no lightdm greeter to be seen, the screen on seat1 was black.
I did not have easy access to seat0 at the time.

The journal has, looping:
systemd[1]: Failed to start Detect the available GPUs and deal with any system 
changes.
systemd[1]: lightdm.service: Start request repeated too quickly.
token systemd[1]: lightdm.service: Failed with result 'exit-code'.
token systemd[1]: Failed to start Light Display Manager.

The first line is from gpu-manager.service, whose log contains
Vendor/Device Id: 1002:164e
BusID "PCI:110@0:0:0"
Is boot vga? no
Error: can't access /sys/bus/pci/devices/:6e:00.0/driver
The device is not bound to any driver.
Vendor/Device Id: 1002:73ff
BusID "PCI:3@0:0:0"
Is boot vga? yes
Error : Failed to open /dev/dri
Error : Failed to open /dev/dri
Error : Failed to open /dev/dri
Error : Failed to open /dev/dri

x-0 log has
vesa: Ignoring device with a bound kernel driver
vesa: Ignoring device with a bound kernel driver
(EE) 
Fatal server error:
(EE) no screens found(EE) 

Scary.

Thing is, both the iGPU and the dGPU are claimed by amdgpu, their
"driver" symlink is accessible just fine. Switch back to gdm via dpkg-
reconfigure, it boots up fine again. It's just lightdm that's hosed.

I tried purging lightdm and lightdm-gtk-greeter, along with and
/var/lib/lightdm, and reinstalling the packages, but no dice. What does
work is starting lightdm.service manually over ssh: It takes about 1-4
tries for both gpu-manager and lightdm to successfully launch and bring
up both greeters. Reboot, and it fails again.

Some kind of race condition due to too lax timing and/or dependencies in
the lightdm service file? Something unrelated changed the order and or
speed at which systemd executes the service files, i.e. it worked by
accident before and now it doesn't?

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: lightdm 1.30.0-0ubuntu5
Uname: Linux 6.4.12-060412-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: pass
Date: Thu Aug 31 03:16:56 2023
InstallationDate: Installed on 2023-08-25 (5 days ago)
InstallationMedia: Ubuntu 22.04.3 LTS "Jammy Jellyfish" - Release amd64 
(20230807.2)
SourcePackage: lightdm
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: lightdm (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: amd64 apport-bug jammy third-party-packages

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/2033569

Title:
  suddenly choked on multiseat config in a way that survives reboots and
  even purging it

Status in lightdm package in Ubuntu:
  New

Bug description:
  I have a bog-standard loginctl multiseat setup, using lightdm because
  of #2033323. Except for the lack of session locking, it worked
  beautifully, across multiple reboots. Until it didn't.

  Box woke from suspend, and to be fair was acting strangely even then
  (Steam suddenly tried to launch using the iGPU), so suspend may well
  be broken on this box, but if so, that's a separate issue. Anyway, I
  rebooted, no lightdm greeter to be seen, the screen on seat1 was
  black. I did not have easy access to seat0 at the time.

  The journal has, looping:
  systemd[1]: Failed to start Detect the available GPUs and deal with any 
system changes.
  systemd[1]: lightdm.service: Start request repeated too quickly.
  token systemd[1]: lightdm.service: Failed with result 'exit-code'.
  token systemd[1]: Failed to start Light Display Manager.

  The first line is from gpu-manager.service, whose log contains
  Vendor/Device Id: 1002:164e
  BusID "PCI:110@0:0:0"
  Is boot vga? no
  Error: can't access /sys/bus/pci/devices/:6e:00.0/driver
  The device is not bound to any driver.
  Vendor/Device Id: 1002:73ff
  BusID "PCI:3@0:0:0"
  Is boot vga? yes
  Error : Failed to open /dev/dri
  Error : Failed to open /dev/dri
  Error : Failed to open /dev/dri
  Error : Failed to open /dev/dri

  x-0 log has
  vesa: Ignoring device with a bound kernel driver
  vesa: Ignoring device with a bound kernel driver
  (EE) 
  Fatal server error:
  (EE) no screens found(EE) 

  Scary.

  Thing is, both the iGPU and the dGPU are claimed by amdgpu, their
  "driver" symlink is accessible just fine. Switch back to gdm via dpkg-
  reconfigure, it boots up fine again. It's just lightdm that's hosed.

  I tried purging lightdm and lightdm-gtk-greeter, along with and
  /var/lib/lightdm, and reinstalling the packages, but no dice. What
  does wor

[Touch-packages] [Bug 2004551] Re: upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

2023-07-26 Thread Christian Ehrhardt 

@Steve
Since the machines original use case is blocked until we know if we can go on.
Is the above enough for your to have a deeper look together with us?

If so please let Miriam know when once she can reset the machine to go
on with the MRE verifications that this was supposed to do :-)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2004551

Title:
  upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

Status in openssh package in Ubuntu:
  New

Bug description:
  Hi,
  I just upgraded a system from Jammy to Lunar and openssh-server refuses to 
upgrade well.

  Setting up openssh-server (1:9.0p1-1ubuntu8) ...
  Replacing config file /etc/ssh/sshd_config with new version
  Replacing config file /etc/ssh/sshd_config with new version
  Synchronizing state of ssh.service with SysV service script with 
/lib/systemd/systemd-sysv-install.
  Executing: /lib/systemd/systemd-sysv-install disable ssh
  rescue-ssh.target is a disabled or a static unit not running, not starting it.
  Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 145.
  dpkg: error processing package openssh-server (--configure):
   installed openssh-server package post-installation script subprocess 
returned error exit status 1
  Processing triggers for man-db (2.11.2-1) ...
  Processing triggers for libc-bin (2.36-0ubuntu4) ...
  Errors were encountered while processing:
   openssh-server
  Error: Timeout was reached
  needrestart is being skipped since dpkg has failed
  E: Sub-process /usr/bin/dpkg returned an error code (1)

  I'm not sure what exactly it is.
  This output complains about rescue-ssh.target and indeed that can not be 
started even directly.

  $ sudo systemctl start rescue-ssh.target
  A dependency job for rescue-ssh.target failed. See 'journalctl -xe' for 
details.

  And in postinst is a try to start it:
  $  grep rescue /var/lib/dpkg/info/openssh-server.postinst 
deb-systemd-invoke $_dh_action 'rescue-ssh.target' >/dev/null 
|| true

  
  But I think the underlying issue is that ssh is already on, and I'm logged in 
via it.
  And that makes the service restart of the ssh socket which was added break.

  Feb 02 10:40:56 node-horsea systemd[104560]: ssh.socket: Failed to create 
listening socket ([::]:22): Address already in use
  Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to receive 
listening socket ([::]:22): Input/output error
  Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to listen on 
sockets: Input/output error
  Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed with result 
'resources'.

  
  Now, whichever it is, it is hard to resolve.
  The only way to get the socket to own it would be rebooting so that sshd lets 
go and systemd can take over.
  I could reboot, but that is not the point.
  What if I'd want to get the service and upgrade completed before reboot.
  Because as of now dpkg considers the system unhappy, and that would usually 
be a sign for "better not reboot before being resolved" to me.

  One thing though, I have not upgraded with do-release-upgrade - would
  we / do we have magic there to make the ssh socket activation
  transition smoother?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2004551/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2027712] Re: Switch from usrmerge to usr-is-merged

2023-07-17 Thread Christian Ehrhardt 

FYI Change of the way this shall be tackled.

Per Steves very helpful comment in the MR to the seeds:
"I don't think we want either of these packages in main. They are transitional 
packages; while the transition is still ongoing in Debian, in Ubuntu the 
transition completed two LTS cycles ago.

We should just patch init-system-helpers in Ubuntu to drop the
dependency which is no longer needed."


@Foundations
I'm adding a task for init-system-helpers to represent the work for that change.

@CPC
The cloud-image tasks can stay to eventually verify that the image builds 
(after that change to init-system-helpers) really have neither installed.

** Also affects: init-system-helpers (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to init-system-helpers in
Ubuntu.
https://bugs.launchpad.net/bugs/2027712

Title:
  Switch from usrmerge to usr-is-merged

Status in cloud-images:
  Confirmed
Status in init-system-helpers package in Ubuntu:
  New

Bug description:
  Last year in Debian we added the 'usr-is-merged' binary package to the
  'usrmerge' source package. Its purpose is to be an empty metapackage
  that simply asserts that the system is usr-merged. This is done via
  the postinst. Contrary to usrmerge, it doesn't ship any additional
  code, perform any additional action or have any additional
  dependencies.

  In Debian, we have an essential package (init-system-helpers) that
  depends on usrmerge | usr-is-merged, so that on upgrade for already
  installed images usrmerge is pulled in and all systems are forcibly
  merged.

  But for new images being built, the boostrap (eg: debootstrap) process
  will instead pull in usr-is-merged, which will save space and reduce
  the overall code footprint.

  The problem in Ubuntu is that while usrmerge is in main, usr-is-merged
  is in universe, so unless the bootstrap tool enables universe for the
  initial bootstrap phase, usrmerge is always pulled in.

  Refs:

  https://packages.ubuntu.com/mantic/usr-is-merged
  https://packages.ubuntu.com/mantic/usrmerge
  https://packages.ubuntu.com/mantic/init-system-helpers

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/2027712/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1815101] Re: [master] Restarting systemd-networkd breaks keepalived, heartbeat, corosync, pacemaker (interface aliases are restarted)

2023-07-05 Thread Christian Ehrhardt 

** Changed in: keepalived (Ubuntu Xenial)
 Assignee: (unassigned) => Athos Ribeiro (athos-ribeiro)

** Changed in: keepalived (Ubuntu Bionic)
 Assignee: (unassigned) => Athos Ribeiro (athos-ribeiro)

** No longer affects: keepalived (Ubuntu Xenial)

** Changed in: keepalived (Ubuntu Focal)
 Assignee: (unassigned) => Athos Ribeiro (athos-ribeiro)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1815101

Title:
  [master] Restarting systemd-networkd breaks keepalived, heartbeat,
  corosync, pacemaker (interface aliases are restarted)

Status in netplan:
  Triaged
Status in heartbeat package in Ubuntu:
  Won't Fix
Status in keepalived package in Ubuntu:
  In Progress
Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Xenial:
  Won't Fix
Status in keepalived source package in Bionic:
  Confirmed
Status in systemd source package in Bionic:
  Fix Released
Status in systemd source package in Disco:
  Won't Fix
Status in systemd source package in Eoan:
  Fix Released
Status in keepalived source package in Focal:
  Confirmed
Status in systemd source package in Focal:
  Fix Released

Bug description:
  [impact]

  - ALL related HA software has a small problem if interfaces are being
  managed by systemd-networkd: nic restarts/reconfigs are always going
  to wipe all interfaces aliases when HA software is not expecting it to
  (no coordination between them.

  - keepalived, smb ctdb, pacemaker, all suffer from this. Pacemaker is
  smarter in this case because it has a service monitor that will
  restart the virtual IP resource, in affected node & nic, before
  considering a real failure, but other HA service might consider a real
  failure when it is not.

  [test case]

  - comment #14 is a full test case: to have 3 node pacemaker, in that
  example, and cause a networkd service restart: it will trigger a
  failure for the virtual IP resource monitor.

  - other example is given in the original description for keepalived.
  both suffer from the same issue (and other HA softwares as well).

  [regression potential]

  - this backports KeepConfiguration parameter, which adds some
  significant complexity to networkd's configuration and behavior, which
  could lead to regressions in correctly configuring the network at
  networkd start, or incorrectly maintaining configuration at networkd
  restart, or losing network state at networkd stop.

  - Any regressions are most likely to occur during networkd start,
  restart, or stop, and most likely to involve missing or incorrect ip
  address(es).

  - the change is based in upstream patches adding the exact feature we
  needed to fix this issue & it will be integrated with a netplan change
  to add the needed stanza to systemd nic configuration file
  (KeepConfiguration=)

  [other info]

  original description:
  ---

  Configure netplan for interfaces, for example (a working config with
  IP addresses obfuscated)

  network:
  ethernets:
  eth0:
  addresses: [192.168.0.5/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth2:
  addresses:
    - 12.13.14.18/29
    - 12.13.14.19/29
  gateway4: 12.13.14.17
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth3:
  addresses: [10.22.11.6/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth4:
  addresses: [10.22.14.6/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth7:
  addresses: [9.5.17.34/29]
  dhcp4: false
  optional: true
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  version: 2

  Configure keepalived (again, a working config with IP addresses
  obfuscated)

  global_defs   # Block id
  {
  notification_email {
  sysadm...@blah.com
  }
  notification_email_from keepali...@system3.hq.blah.com
  smtp_server 10.22.11.7 # IP
  smtp_connect_timeout 30  # integer, seconds
  router_id system3  # string identifying the machine,
   # (doesn't have to be hostname).
  vrrp_mcast_group4 224.0.0.18 # opti

[Touch-packages] [Bug 1993370] Re: Cannot install proprietary Broadcom WiFi drivers on Ubuntu Studio Jammy 22.04.2 and Kinetic

2023-07-02 Thread Christian Hujer

As https://bugs.launchpad.net/ubuntu/+source/kubuntu-driver-
manager/+bug/1994035 is marked a duplicate and just affected me twice in
a month, I believe this to be still open. In my case, it was the
VirtualBox extensions and Nvidia drivers that got trashed by an
automatic system kernel update.

What happened?
• System installed updates, including a new kernel.
• After updates, on the next boot with eGPU, X11 didn't load, and I got an 
error message during boot that the VirtualBox kernel extensions couldn't be 
loaded.

What workaround helped?
• Boot without eGPU.
• uname -a to check the kernel version
• sudo apt-get install linux-headers-… matching the kernel version
• reboot

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to software-properties in
Ubuntu.
https://bugs.launchpad.net/bugs/1993370

Title:
  Cannot install proprietary Broadcom WiFi drivers on Ubuntu Studio
  Jammy 22.04.2 and Kinetic

Status in software-properties package in Ubuntu:
  Fix Committed
Status in software-properties source package in Jammy:
  Confirmed
Status in software-properties source package in Kinetic:
  Fix Committed

Bug description:
  Hardware: HP Elitebook 8570p, 16 GB RAM, 120 GB SSD, 3rd Gen Intel
  Core i5, UEFI, no secure boot, Broadcom WiFi.

  OS: Ubuntu Studio Kinetic, Final ISO

  Steps to reproduce:

  1. Boot the Ubuntu Studio ISO on a system with Broadcom WiFi, and install the 
system normally. (No encryption, allow Internet access during installation 
using some method of connectivity other than WiFi.)
  2. Reboot and log into the newly installed system.
  3. Open a terminal and run "sudo software-properties-kde".
  4. Click "Additional Drivers" in the window that pops up.
  5. Click "Using Broadcom 802.11 Linux STA wireless driver source from 
bcmwl-kernel-source (proprietary)".

  Expected result: The Apply Changes button should become clickable,
  allowing the user to install the driver.

  Actual result: The button remains grayed out, and the following error
  message is printed in the terminal:

  Traceback (most recent call last):
File 
"/usr/lib/python3/dist-packages/softwareproperties/qt/SoftwarePropertiesQt.py", 
line 1063, in on_driver_selection_changed
  modules_package_obj = self.apt_cache[modules_package]
  TypeError: Expected a string or a pair of strings

  ProblemType: Bug
  DistroRelease: Ubuntu 22.10
  Package: software-properties-qt 0.99.27
  ProcVersionSignature: Ubuntu 5.19.0-1007.7-lowlatency 5.19.7
  Uname: Linux 5.19.0-1007-lowlatency x86_64
  ApportVersion: 2.23.1-0ubuntu3
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  Date: Tue Oct 18 21:33:51 2022
  InstallationDate: Installed on 2022-10-19 (0 days ago)
  InstallationMedia: Ubuntu-Studio 22.10 "Kinetic Kudu" - Release amd64 
(20221017.1)
  PackageArchitecture: all
  SourcePackage: software-properties
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1993370/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1815101] Re: [master] Restarting systemd-networkd breaks keepalived, heartbeat, corosync, pacemaker (interface aliases are restarted)

2023-06-21 Thread Christian Ehrhardt 

** Changed in: keepalived (Ubuntu)
 Assignee: (unassigned) => Athos Ribeiro (athos-ribeiro)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1815101

Title:
  [master] Restarting systemd-networkd breaks keepalived, heartbeat,
  corosync, pacemaker (interface aliases are restarted)

Status in netplan:
  Triaged
Status in heartbeat package in Ubuntu:
  Won't Fix
Status in keepalived package in Ubuntu:
  In Progress
Status in systemd package in Ubuntu:
  Fix Released
Status in keepalived source package in Xenial:
  Confirmed
Status in systemd source package in Xenial:
  Won't Fix
Status in keepalived source package in Bionic:
  Confirmed
Status in systemd source package in Bionic:
  Fix Released
Status in systemd source package in Disco:
  Won't Fix
Status in systemd source package in Eoan:
  Fix Released
Status in keepalived source package in Focal:
  Confirmed
Status in systemd source package in Focal:
  Fix Released

Bug description:
  [impact]

  - ALL related HA software has a small problem if interfaces are being
  managed by systemd-networkd: nic restarts/reconfigs are always going
  to wipe all interfaces aliases when HA software is not expecting it to
  (no coordination between them.

  - keepalived, smb ctdb, pacemaker, all suffer from this. Pacemaker is
  smarter in this case because it has a service monitor that will
  restart the virtual IP resource, in affected node & nic, before
  considering a real failure, but other HA service might consider a real
  failure when it is not.

  [test case]

  - comment #14 is a full test case: to have 3 node pacemaker, in that
  example, and cause a networkd service restart: it will trigger a
  failure for the virtual IP resource monitor.

  - other example is given in the original description for keepalived.
  both suffer from the same issue (and other HA softwares as well).

  [regression potential]

  - this backports KeepConfiguration parameter, which adds some
  significant complexity to networkd's configuration and behavior, which
  could lead to regressions in correctly configuring the network at
  networkd start, or incorrectly maintaining configuration at networkd
  restart, or losing network state at networkd stop.

  - Any regressions are most likely to occur during networkd start,
  restart, or stop, and most likely to involve missing or incorrect ip
  address(es).

  - the change is based in upstream patches adding the exact feature we
  needed to fix this issue & it will be integrated with a netplan change
  to add the needed stanza to systemd nic configuration file
  (KeepConfiguration=)

  [other info]

  original description:
  ---

  Configure netplan for interfaces, for example (a working config with
  IP addresses obfuscated)

  network:
  ethernets:
  eth0:
  addresses: [192.168.0.5/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth2:
  addresses:
    - 12.13.14.18/29
    - 12.13.14.19/29
  gateway4: 12.13.14.17
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth3:
  addresses: [10.22.11.6/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth4:
  addresses: [10.22.14.6/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth7:
  addresses: [9.5.17.34/29]
  dhcp4: false
  optional: true
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  version: 2

  Configure keepalived (again, a working config with IP addresses
  obfuscated)

  global_defs   # Block id
  {
  notification_email {
  sysadm...@blah.com
  }
  notification_email_from keepali...@system3.hq.blah.com
  smtp_server 10.22.11.7 # IP
  smtp_connect_timeout 30  # integer, seconds
  router_id system3  # string identifying the machine,
   # (doesn't have to be hostname).
  vrrp_mcast_group4 224.0.0.18 # optional, default 224.0.0.18
  vrrp_mcast_group6 ff02::12   # optional, default ff02::12
  enable_traps # enable SNMP traps
  }
  vrrp_sync_group collection {
  group {

[Touch-packages] [Bug 2022927] Re: Busybox mount fails to mount Snaps

2023-06-19 Thread Christian Ehrhardt 

This is somewhat opinion, so I'm happy to be convinced, but without either
- upstream progress to merge it there
  or
- a good explanation why you think that wouldn't lock us in into hard to 
maintain delta and issues to users
=> This won't be uploaded IMHO.

When that upstream response or explanation is ready please post it and
subscribe ubuntu-sponsors again.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/2022927

Title:
  Busybox mount fails to mount Snaps

Status in busybox package in Ubuntu:
  New

Bug description:
  Snapd tries to mount squashfs Snaps with non-standard mount flags like
  "x-gdu.hide" and "x-gvfs-hide", both of which are used to indicate to
  userspace programs that a given mount should not be shown in a list of
  mounted partitions/filesystems. Busybox does not support these flags,
  and so fails with "Invalid argument".

  $ sudo busybox mount -t tmpfs -o x-gdu-hide test /tmp/test
  mount: mounting test on /tmp/test failed: Invalid argument

  These flags can likely be be safely ignored, as they don't actually
  affect the functionality of the mount. This goes for all mount options
  starting with "x-", as these generally denote non-standard mount
  option "extensions".

  I've created a patch against Busybox which adds an optional
  configuration item to ignore all mount options beginning with "x-". An
  additional verbose option has also been added to enable the ability to
  report that the mount flags have been ignored, rather than silently
  ignoring them.

  This is a requirement for a customer project, where we are limited to
  using Busybox (due to coreutils' GPL-3.0 licence) but would also
  require using Snaps like checkbox for testing and verification. This
  was posted on the Busybox mailing list a few months ago
  (http://lists.busybox.net/pipermail/busybox/2023-March/090202.html)
  but patch acceptance there seems to take quite a long time, and we
  need this for the customer.

  A PPA containing the patched Busybox version is available on the
  project's Launchpad team: https://launchpad.net/~nemos-
  team/+archive/ubuntu/ppa

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/2022927/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2022927] Re: Busybox mount fails to mount Snaps

2023-06-19 Thread Christian Ehrhardt 

Debian is at 1.36 already, but without your change landing upstream that
doesn't help us :-/ (This was released before on January 2023 anyway)

The upstream contribubution was nice, but stalled with 
http://lists.busybox.net/pipermail/busybox/2023-March/090211.html
It didn't come up again in April-June :-/
Was there any follow up to avoid this being Ubuntu delta forever?

Especially with something that changes behavior so that e.g. guides and howtos 
would behave differently between linux variants you'd usually want upstreams 
buy-in to avoid maintenance nightmare.
Would you mind following up with them and summarizing here about that progress 
to get it upstream?

P.S. by now you might want to set "mantic" in your debdiff changelog
stanza as that is what someone will eventually sponsor it to.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to busybox in Ubuntu.
https://bugs.launchpad.net/bugs/2022927

Title:
  Busybox mount fails to mount Snaps

Status in busybox package in Ubuntu:
  New

Bug description:
  Snapd tries to mount squashfs Snaps with non-standard mount flags like
  "x-gdu.hide" and "x-gvfs-hide", both of which are used to indicate to
  userspace programs that a given mount should not be shown in a list of
  mounted partitions/filesystems. Busybox does not support these flags,
  and so fails with "Invalid argument".

  $ sudo busybox mount -t tmpfs -o x-gdu-hide test /tmp/test
  mount: mounting test on /tmp/test failed: Invalid argument

  These flags can likely be be safely ignored, as they don't actually
  affect the functionality of the mount. This goes for all mount options
  starting with "x-", as these generally denote non-standard mount
  option "extensions".

  I've created a patch against Busybox which adds an optional
  configuration item to ignore all mount options beginning with "x-". An
  additional verbose option has also been added to enable the ability to
  report that the mount flags have been ignored, rather than silently
  ignoring them.

  This is a requirement for a customer project, where we are limited to
  using Busybox (due to coreutils' GPL-3.0 licence) but would also
  require using Snaps like checkbox for testing and verification. This
  was posted on the Busybox mailing list a few months ago
  (http://lists.busybox.net/pipermail/busybox/2023-March/090202.html)
  but patch acceptance there seems to take quite a long time, and we
  need this for the customer.

  A PPA containing the patched Busybox version is available on the
  project's Launchpad team: https://launchpad.net/~nemos-
  team/+archive/ubuntu/ppa

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/busybox/+bug/2022927/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1815101] Re: [master] Restarting systemd-networkd breaks keepalived, heartbeat, corosync, pacemaker (interface aliases are restarted)

2023-06-14 Thread Christian Ehrhardt 

Marking todo to recheck how the situation is today.

** Tags removed: server-triage-discuss
** Tags added: server-todo

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1815101

Title:
  [master] Restarting systemd-networkd breaks keepalived, heartbeat,
  corosync, pacemaker (interface aliases are restarted)

Status in netplan:
  Triaged
Status in heartbeat package in Ubuntu:
  Won't Fix
Status in keepalived package in Ubuntu:
  In Progress
Status in systemd package in Ubuntu:
  Fix Released
Status in keepalived source package in Xenial:
  Confirmed
Status in systemd source package in Xenial:
  Won't Fix
Status in keepalived source package in Bionic:
  Confirmed
Status in systemd source package in Bionic:
  Fix Released
Status in systemd source package in Disco:
  Won't Fix
Status in systemd source package in Eoan:
  Fix Released
Status in keepalived source package in Focal:
  Confirmed
Status in systemd source package in Focal:
  Fix Released

Bug description:
  [impact]

  - ALL related HA software has a small problem if interfaces are being
  managed by systemd-networkd: nic restarts/reconfigs are always going
  to wipe all interfaces aliases when HA software is not expecting it to
  (no coordination between them.

  - keepalived, smb ctdb, pacemaker, all suffer from this. Pacemaker is
  smarter in this case because it has a service monitor that will
  restart the virtual IP resource, in affected node & nic, before
  considering a real failure, but other HA service might consider a real
  failure when it is not.

  [test case]

  - comment #14 is a full test case: to have 3 node pacemaker, in that
  example, and cause a networkd service restart: it will trigger a
  failure for the virtual IP resource monitor.

  - other example is given in the original description for keepalived.
  both suffer from the same issue (and other HA softwares as well).

  [regression potential]

  - this backports KeepConfiguration parameter, which adds some
  significant complexity to networkd's configuration and behavior, which
  could lead to regressions in correctly configuring the network at
  networkd start, or incorrectly maintaining configuration at networkd
  restart, or losing network state at networkd stop.

  - Any regressions are most likely to occur during networkd start,
  restart, or stop, and most likely to involve missing or incorrect ip
  address(es).

  - the change is based in upstream patches adding the exact feature we
  needed to fix this issue & it will be integrated with a netplan change
  to add the needed stanza to systemd nic configuration file
  (KeepConfiguration=)

  [other info]

  original description:
  ---

  Configure netplan for interfaces, for example (a working config with
  IP addresses obfuscated)

  network:
  ethernets:
  eth0:
  addresses: [192.168.0.5/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth2:
  addresses:
    - 12.13.14.18/29
    - 12.13.14.19/29
  gateway4: 12.13.14.17
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth3:
  addresses: [10.22.11.6/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth4:
  addresses: [10.22.14.6/24]
  dhcp4: false
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  eth7:
  addresses: [9.5.17.34/29]
  dhcp4: false
  optional: true
  nameservers:
    search: [blah.com, other.blah.com, hq.blah.com, cust.blah.com, 
phone.blah.com]
    addresses: [10.22.11.1]
  version: 2

  Configure keepalived (again, a working config with IP addresses
  obfuscated)

  global_defs   # Block id
  {
  notification_email {
  sysadm...@blah.com
  }
  notification_email_from keepali...@system3.hq.blah.com
  smtp_server 10.22.11.7 # IP
  smtp_connect_timeout 30  # integer, seconds
  router_id system3  # string identifying the machine,
   # (doesn't have to be hostname).
  vrrp_mcast_group4 224.0.0.18 # optional, default 224.0.0.18
  vrrp_mcast_group6 ff02::12   # optional, default ff02::12
  enable_traps # enable SNMP traps
  }
  vrrp_sync_group collecti

[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite

2023-06-13 Thread Christian Ehrhardt 

There has been not further update for too long, for now we consider it invalid.
Feel free to re-open if there is effort backing it up and motivation to bring 
it to main.

** Changed in: opensc (Ubuntu)
   Status: Incomplete => Invalid

** Changed in: pcsc-lite (Ubuntu)
   Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1892559

Title:
  [MIR] ccid opensc pcsc-lite

Status in ccid package in Ubuntu:
  In Progress
Status in opensc package in Ubuntu:
  Invalid
Status in pam-pkcs11 package in Ubuntu:
  Invalid
Status in pcsc-lite package in Ubuntu:
  Invalid
Status in pcsc-perl package in Ubuntu:
  Invalid
Status in pcsc-tools package in Ubuntu:
  Invalid

Bug description:
  ==> ccid <==
  [Availability]
  ccid is in universe, and builds on all architectures.

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  No CVEs for ccid are listed in our database.
  Doesn't appear to bind to a socket.
  No privileged executables, but does have udev rules.
  Probably needs a security review.

  [Quality assurance]
  No test suite.
  Does require odd hardware that we'll probably need to buy.
  I don't see debconf questions.
  ccid is well maintained in Debian by upstream author.
  One open wishlist bug in BTS, harmless.

  One open bug in launchpad, not security, but looks very frustrating
  for the users. The upstream author was engaged but it never reached
  resolution.  https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465

  Has a debian/watch file.
  Quilt packaging.

  P: ccid source: no-dep5-copyright
  P: ccid source: package-uses-experimental-debhelper-compat-version 13

  [Dependencies]
  Minimal dependencies, in main

  [Standards compliance]
  Appears to satisfy FHS and Debian policy

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  ccid provides drivers to interact with usb-connected smart card readers.

  ==> libpam-pkcs11 <==
  [Availability]
  Source package pam-pkcs11 is in universe and builds on all architectures.

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  No CVEs in our database.
  Doesn't appear to bind to sockets.
  No privileged executables (but is a PAM module).
  As a PAM module this will require a security review.

  [Quality assurance]
  The package does not call pam-auth-update in its postinst #1650366
  Does not ask questions during install.
  One Ubuntu bug claims very poor behaviour if a card isn't plugged in.
  No Debian bugs.
  Occasional updates in Debian by long-term maintainer.
  Does require odd hardware that we'll probably need to buy.
  Does not appear to run tests during build.
  Has scary warnings in the build logs.
  Has a debian/watch file.

  Ancient standards version; other smaller lintian messages, mostly
  documentation problems.

  Quilt packaging.

  [Dependencies]
  Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1
  All are in main.

  [Standards compliance]
  The package does not call pam-auth-update in its postinst #1650366
  Otherwise looks to conform to FHS and Debian policies

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  This PAM module can use CRLs and full-chain verification of certificates.
  It can also do LDAP, AD, and Kerberos username mapping.

  ==> libpcsc-perl <==
  [Availability]
  Source package pcsc-perl is in universe, builds for all architectures,
  plus i386

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  There are no cves for pcsc-perl in our database.
  No privileged executables.
  Doesn't appear to bind to sockets.
  Probably needs a security review.

  [Quality assurance]
  Library package not intended to be used directly.
  No debconf questions.
  No bugs in Debian.
  No bugs in Ubuntu.
  Does require odd hardware that we'll probably need to buy.
  Tests exist, not run during the build; probably can't run during the build.
  Includes debian/watch file.
  A handful of lintian issues
  Quilt packaging.

  [Dependencies]
  libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0.
  All are in main.

  [Standards compliance]
  One oddity, Card.pod is stored in 
/usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/
  Many other perl packages have .pod files in these directory trees so maybe
  it's fine, but it seems funny all the same.

  Otherwise appears to satis

[Touch-packages] [Bug 2015562] Re: Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream)

2023-05-17 Thread Christian Ehrhardt 

** Merge proposal linked:
   
https://code.launchpad.net/~mirespace/ubuntu/+source/dnsmasq/+git/dnsmasq/+merge/442007

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2015562

Title:
  Segfault in dnsmasq when using certain static domain entries + DoH
  (bugfix possibly exists upstream)

Status in dnsmasq package in Ubuntu:
  Fix Released
Status in dnsmasq source package in Jammy:
  In Progress

Bug description:
  Hi folks,

  I've been using dnsmasq for my home DNS needs, which includes
  returning null entries for certain domain queries. The specific case
  in which I found this segfault was returning null  records for
  Netflix (to ensure Netflix does not try to use my IPv6 tunnel to
  egress traffic through).

  I've been using very simple configuration snippet to achieve this,
  this is attached as netflix-nov6.conf (the full file contains more
  entries).

  Ever since I've upgraded from Ubuntu 20.04 to 22.04, dnsmasq kept
  segfaulting at random occasions. I also attempted do an apt
  update&&upgrade, but there are no newer versions of this package
  available.

  Further research into this issue showed that a surefire way to trigger
  this segfault was to go to a website blocked via this method (for
  testing purposes, a dig query works quite well). The segfault can be
  reproduced reliably, and always occurs after one or a few queries
  towards the "blocked" domain entries.

  I found a commit in the upstream dnsmasq git repo which seems to fix this 
issue, the fix made it into 2.87:
  
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=de372d6914ae20a1f9997815f258efbf3b14c39b

  Would it be possible to backport this into the version used in the
  current LTS Ubuntu release? Thanks!

  --

  $ lsb_release -d
  Description:  Ubuntu 22.04.2 LTS
  $ apt-cache policy dnsmasq
  dnsmasq:
    Installed: 2.86-1.1ubuntu0.2
    Candidate: 2.86-1.1ubuntu0.2
    Version table:
   *** 2.86-1.1ubuntu0.2 500
  500 http://de.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 
Packages
  100 /var/lib/dpkg/status
   2.86-1.1ubuntu0.1 500
  500 http://de.archive.ubuntu.com/ubuntu jammy-security/universe amd64 
Packages
   2.86-1.1 500
  500 http://de.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages

  --

  Excerpt from the dnsmasq logs, with debugging enabled, after I loaded 
fast.com:
  Apr 07 13:47:41 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and 
caching DNS server.
  Apr 07 13:47:42 budgie dnsmasq[109976]: query[type=65] 
fast.dradis.netflix.com from 192.168.10.82
  Apr 07 13:47:42 budgie dnsmasq[109976]: config error is REFUSED (EDE: network 
error)
  Apr 07 13:47:43 budgie dnsmasq[109976]: query[type=65] 
ichnaea-web.netflix.com from 192.168.10.82
  Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Main process exited, 
code=dumped, status=11/SEGV
  Apr 07 13:47:43 budgie systemd[1]: dnsmasq.service: Failed with result 
'core-dump'.

  Core dump is also attached.

  Reproduction steps:
  - 1. Install dnsmasq on Ubuntu 22.04 (or any Ubuntu release using dnsmasq 
2.86)
  - 1.5. Configure one or multiple DNS servers for dnsmasq
  - 2. Copy netflix-nov6.conf into /etc/dnsmasq.d/
  - 3. Restart/reload dnsmasq
  - 3.5 Verify that dnsmasq resolves domains correctly:

  root@budgie:~# dig +short -tA ubuntu.com @127.0.0.1
  185.125.190.21
  185.125.190.20
  185.125.190.29
  root@budgie:~# dig +short -t ubuntu.com @127.0.0.1
  2620:2d:4000:1::28
  2620:2d:4000:1::26
  2620:2d:4000:1::27

  - 4. Perform a type65 / HTTPS recordtype query for netflix.com towards
  the dnsmasq server once or twice:

  root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1
  root@budgie:~# dig +short -tTYPE65 netflix.com @127.0.0.1
  ;; communications error to 127.0.0.1#53: timed out
  ;; communications error to 127.0.0.1#53: connection refused
  ;; communications error to 127.0.0.1#53: connection refused
  ;; no servers could be reached

  - 5. Check logs to verify segfault:

  Apr 07 14:03:28 budgie systemd[1]: Started dnsmasq - A lightweight DHCP and 
caching DNS server.
  Apr 07 14:03:32 budgie dnsmasq[111585]: query[type=65] netflix.com from 
127.0.0.1
  Apr 07 14:03:32 budgie dnsmasq[111585]: config error is REFUSED (EDE: network 
error)
  Apr 07 14:03:33 budgie dnsmasq[111585]: query[type=65] netflix.com from 
127.0.0.1
  Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Main process exited, 
code=dumped, status=11/SEGV
  Apr 07 14:03:33 budgie systemd[1]: dnsmasq.service: Failed with result 
'core-dump'.

  --
  netflix-nov6.conf:
  # Null  response on these domains
  server=/netflix.com/#
  address=/netflix.com/::
  server=/netflix.net/#
  address=/netflix.net/::
  server=/nflxext.com/#
  address=/nflxext.com/::

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/

[Touch-packages] [Bug 2019424] Re: Heimdal can be synced

2023-05-16 Thread Christian Ehrhardt 

@Steve / @Vorlon

As outlined above we still can't see the diff in dependencies due to LTO.
But I'm sure you have seen it or you wouldn't have said so and we want to spot 
where in our work the mistake was ...
Therefore let me ask - was that a local build that you did or is that somewhere 
we could have a look at for comparison?

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to heimdal in Ubuntu.
https://bugs.launchpad.net/bugs/2019424

Title:
  Heimdal can be synced

Status in heimdal package in Ubuntu:
  Confirmed

Bug description:
  After heimdal merge process, I was trying to figure out if the delta that is 
still not dropped is required or not.
  So, to test it, I have created 2 PPAs, one in which lto is disabled, and the 
second one, where the lto is enabled. I have built them and downloaded the debs 
for i386 and amd64.
  Then I have compared amd64 deb from PPA1 with amd64 deb from PPA2. The same 
story with i386. The binary dependencies were identical. There is no difference 
between the files. So in that case, the delta can possibly be dropped.

  The package has already been merged again, with the change:

  heimdal (7.8.git20221117.28daf24+dfsg-2ubuntu1) mantic; urgency=low

    * Merge from Debian unstable. Remaining changes:
  - d/rules: Disable lto, to regain dep on roken, otherwise
    dependencies on amd64 are different than i386 resulting in
    different files on amd64 and i386.

   -- Steve Langasek  Tue, 02 May 2023
  09:56:10 +0200

  heimdal (7.8.git20221117.28daf24+dfsg-1ubuntu1) lunar; urgency=low

    * Merge from Debian unstable. Remaining changes:
  - d/rules: Disable lto, to regain dep on roken, otherwise
    dependencies on amd64 are different than i386 resulting in
    different files on amd64 and i386.
    (LP #1934936)

   -- Steve Langasek  Tue, 24 Jan 2023
  19:14:54 -0800

  Due to this, syncpackage doesn't run.
  The package can be sync'd next time it comes up.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/2019424/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2019424] Re: Heimdal can be synced

2023-05-16 Thread Christian Ehrhardt 

Hmm - odd,
Michal has checked the files and the build logs as he outlined above.
And in addition to all those checks being done, if we just grep for all final 
dependencies and compare there is no difference (other than a glibc min version 
level).

I know names are not too helpful:
- ~ppa1 = LTO-off
- ~ppa2 = LTO-on

This compares amd64 vs i386 without LTO enabled

$ grep "Depends" 
buildlog_ubuntu-lunar-amd64.heimdal_7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2_BUILDING.txt
  > amd64.deps
$ grep "Depends" 
buildlog_ubuntu-lunar-i386.heimdal_7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2_BUILDING.txt
  > i386.deps
$ diff -Naur amd64.deps i386.deps
--- amd64.deps  2023-05-16 10:18:49.754334825 +0200
+++ i386.deps   2023-05-16 10:18:51.106344323 +0200
@@ -8,10 +8,10 @@
  Depends: debconf (>= 0.5.00) | debconf-2.0, heimdal-clients, krb5-config, 
lsb-base, openbsd-inetd | inet-superserver, libasn1-8-heimdal (>= 
1.4.0+git20110226), libc6 (>= 2.34), libcap-ng0 (>= 0.7.9), libgssapi3-heimdal 
(>= 1.4.0+git20110226), libhcrypto5-heimdal (>= 1.4.0+git20110226), 
libhdb9-heimdal (>= 1.6~git20131117), libheimntlm0-heimdal (>= 
1.4.0+git20110226), libkadm5srv8-heimdal (>= 7.8.git20221115.a6cf945+dfsg), 
libkdc2-heimdal (>= 1.4.0+git20110226), libkrb5-26-heimdal (>= 
1.7~git20160418), libroken19-heimdal (>= 1.7~git20150920), libsl0-heimdal (>= 
1.4.0+git20110226)
  Depends: comerr-dev, libasn1-8-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libgssapi3-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libhcrypto5-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libhdb9-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libheimbase1-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libhx509-5-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libkadm5clnt7-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libkadm5srv8-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libkafs0-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libkdc2-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libkrb5-26-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libwind0-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libotp0-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libsl0-heimdal (= 
7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2), libc6 (>= 2.34), libcom-err2 (>= 
1.43.9), libroken19-heimdal (>= 1.4.0+git20110226)
  Depends: krb5-config, openbsd-inetd | inet-superserver, libc6 (>= 2.34), 
libkrb5-26-heimdal (>= 1.4.0+git20110226), libroken19-heimdal (>= 
1.4.0+git20110226)
- Depends: libc6 (>= 2.14), libcom-err2 (>= 1.43.9), libroken19-heimdal (>= 
1.4.0+git20110226)
+ Depends: libc6 (>= 2.8), libcom-err2 (>= 1.43.9), libroken19-heimdal (>= 
1.4.0+git20110226)
  Depends: libasn1-8-heimdal (>= 1.4.0+git20110226), libc6 (>= 2.34), 
libcom-err2 (>= 1.43.9), libhcrypto5-heimdal (>= 1.4.0+git20110226), 
libheimntlm0-heimdal (>= 1.4.0+git20110226), libkrb5-26-heimdal (>= 
1.6~git20131117), libroken19-heimdal (>= 1.7~git20150920)
  Depends: libasn1-8-heimdal (>= 1.4.0+git20110226), libc6 (>= 2.36), 
libheimbase1-heimdal (>= 1.4.0+git20110226), libroken19-heimdal (>= 
1.7~git20150920)
- Depends: libasn1-8-heimdal (>= 1.6~git20120311g), libc6 (>= 2.14), 
libcom-err2 (>= 1.43.9), libdb5.3, libkrb5-26-heimdal (>= 1.7~git20161112), 
libldap2 (>= 2.6.2), libroken19-heimdal (>= 1.7~git20150920), libsqlite3-0 (>= 
3.5.9)
+ Depends: libasn1-8-heimdal (>= 1.6~git20120311g), libc6 (>= 2.8), libcom-err2 
(>= 1.43.9), libdb5.3, libkrb5-26-heimdal (>= 1.7~git20161112), libldap2 (>= 
2.6.2), libroken19-heimdal (>= 1.7~git20150920), libsqlite3-0 (>= 3.5.9)
  Depends: libc6 (>= 2.34)
  Depends: libc6 (>= 2.4), libhcrypto5-heimdal (>= 1.4.0+git20110226), 
libkrb5-26-heimdal (>= 1.4.0+git20110226), libroken19-heimdal (>= 
1.7~git20150920), libwind0-heimdal (>= 1.4.0+git20110226)
  Depends: libasn1-8-heimdal (>= 1.4.0+git20110226), libc6 (>= 2.34), 
libcom-err2 (>= 1.43.9), libhcrypto5-heimdal (>= 1.4.0+git20110226), 
libheimbase1-heimdal (>= 1.6~git20131117), libroken19-heimdal (>= 
1.7~git20150920), libwind0-heimdal (>= 1.4.0+git20110226)
@@ -23,4 +23,4 @@
  Depends: libc6 (>= 2.33), libdb5.3, libhcrypto5-heimdal (>= 1.4.0+git20110226)
  Depends: libc6 (>= 2.36), libcrypt1 (>= 1:4.1.0)
  Depends: libc6 (>= 2.11), libedit2 (>= 2.11-20080614-0)
- Depends: libc6 (>= 2.14), libcom-err2 (>= 1.43.9)
+ Depends: libc6 (>= 2.4), libcom-err2 (>= 1.43.9)


And checking the PPAs build if LTO was really back on I indeed see "... 
-ffat-lto-objects ..." used in
https://launchpadlibrarian.net/646899573/buildlog_ubuntu-lunar-amd64.heimdal_7.8.git20221117.28daf24+dfsg-1ubuntu1~ppa2_BUILDING.txt.gz

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to heimdal in Ubuntu.
https://bugs.launchpad.net/bugs/2019424

Title:
  Heimdal can be synced

Status in heimdal package in Ubuntu:
  Confirmed

Bug description:
  After heimd

[Touch-packages] [Bug 2017990] Re: package linux-image-5.15.0-71-generic 5.15.0-71.78~20.04.1 failed to install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1

2023-05-15 Thread Christian Neumann

Warum /root 0 bit vorhanden? Festplatte zeigt über 90 G frei.
LG Christian

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to initramfs-tools in Ubuntu.
https://bugs.launchpad.net/bugs/2017990

Title:
  package linux-image-5.15.0-71-generic 5.15.0-71.78~20.04.1 failed to
  install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools
  exited with return code 1

Status in initramfs-tools package in Ubuntu:
  Confirmed

Bug description:
  None

  ProblemType: Package
  DistroRelease: Ubuntu 20.04
  Package: linux-image-5.15.0-71-generic 5.15.0-71.78~20.04.1
  ProcVersionSignature: Ubuntu 5.15.0-69.76~20.04.1-generic 5.15.87
  Uname: Linux 5.15.0-69-generic x86_64
  NonfreeKernelModules: nvidia_modeset nvidia
  ApportVersion: 2.20.11-0ubuntu27.26
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Fri Apr 28 07:53:45 2023
  ErrorMessage: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with 
return code 1
  InstallationDate: Installed on 2021-12-16 (497 days ago)
  InstallationMedia: Ubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 
(20210209.1)
  Python3Details: /usr/bin/python3.8, Python 3.8.10, python3-minimal, 
3.8.2-0ubuntu2
  PythonDetails: N/A
  RelatedPackageVersions:
   dpkg 1.19.7ubuntu3.2
   apt  2.0.9
  SourcePackage: initramfs-tools
  Title: package linux-image-5.15.0-71-generic 5.15.0-71.78~20.04.1 failed to 
install/upgrade: run-parts: /etc/kernel/postinst.d/initramfs-tools exited with 
return code 1
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2017990/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1641272] Re: Debug symbols package doesnt exist

2023-05-11 Thread Christian Ehrhardt 

Jorge very likely doesn't work on this anymore, so much time has passed.
The assignment created wrong expectations, let us unassign it to reflect that.

Also this isn't ubuntu specific, if tackled it should be done together with 
Debian
which has this bug as well 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844989

** Bug watch added: Debian Bug tracker #844989
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844989

** Changed in: dnsmasq (Ubuntu)
 Assignee: Jorge Niedbalski (niedbalski) => (unassigned)

** Also affects: dnsmasq (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844989
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1641272

Title:
  Debug symbols package doesnt exist

Status in dnsmasq package in Ubuntu:
  New
Status in dnsmasq package in Debian:
  Unknown

Bug description:
  On Yakkety with ddebs repos enabled there is no debug packages for
  dnsmasq

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1641272/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1838151] Re: Poor quality audio with modern Bluetooth headsets in HSP/HFP. Missing wide band speech support (Bluetooth A2DP codecs).

2023-04-13 Thread Christian Huck

Thank you for your response Konrad.

I followed the docs for replacing pulseaudio with pipewire which worked well.
Now the bluetooth app offers more codecs to use.
I figured out "mSBC" offers the best quality.
Compared to A2DP it still sucks and sounds horrible.
You dont want to accept this if you bought a bluetooth headset for 250 EUR with 
brilliant audio capabilities.

So I ended up to use a separate mic from my webcam.
Hope this will be fixed soon.
Thank you so far.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bluez in Ubuntu.
https://bugs.launchpad.net/bugs/1838151

Title:
  Poor quality audio with modern Bluetooth headsets in HSP/HFP.  Missing
  wide band speech support (Bluetooth A2DP codecs).

Status in PulseAudio:
  Fix Released
Status in bluez package in Ubuntu:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in pulseaudio package in Ubuntu:
  Fix Released
Status in Arch Linux:
  New

Bug description:
  Bluetooth HSP/HFP audio quality is poor on Ubuntu comparative to all
  other major platforms (Windows, MacOS, ChromeOS, Android, iOS).

  Modern Bluetooth headsets (such as the Bose QC series headphones, many
  others) are capable of using HFP 1.6 with mSBC 16kHz audio encoding.
  As it currently stands, Ubuntu defaults to only supporting HSP
  headsets using 8kHz CVSD, and is incapable of supporting HFP 1.6 at
  this time.

  The ChromiumOS team recently tackled this issue -
  https://bugs.chromium.org/p/chromium/issues/detail?id=843048

  Their efforts may assist in bringing this to Ubuntu, however it
  appears that there are quite a lot of differences considering they
  have developed their own audio server solution etc.

  The Bluetooth Telephony Working Group published the HFP 1.6 spec in
  May 2011 -
  https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=238193

  Patches have been proposed in the past for this issue to the kernel
  and PulseAudio:

  PulseAudio: https://patchwork.freedesktop.org/patch/245272/
  Kernel: https://www.spinics.net/lists/linux-bluetooth/msg76982.html

  It appears that the Chromium OS team applied the same kernel patch:
  
https://chromium.googlesource.com/chromiumos/third_party/kernel/+/77dd0cb94c1713a8a12f6e392955dfa64c430e54

  ProblemType: Bug
  DistroRelease: Ubuntu 19.04
  Package: pulseaudio 1:12.2-2ubuntu3
  ProcVersionSignature: Ubuntu 5.0.0-20.21-generic 5.0.8
  Uname: Linux 5.0.0-20-generic x86_64
  ApportVersion: 2.20.10-0ubuntu27.1
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  jnappi 2777 F pulseaudio
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Jul 27 11:08:29 2019
  EcryptfsInUse: Yes
  InstallationDate: Installed on 2017-11-04 (629 days ago)
  InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018)
  ProcEnviron:
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: pulseaudio
  UpgradeStatus: Upgraded to disco on 2019-07-18 (9 days ago)
  dmi.bios.date: 06/07/2016
  dmi.bios.vendor: LENOVO
  dmi.bios.version: R07ET67W (2.07 )
  dmi.board.asset.tag: Not Available
  dmi.board.name: 20FW000TUS
  dmi.board.vendor: LENOVO
  dmi.board.version: SDK0J40705 WIN
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: None
  dmi.modalias: 
dmi:bvnLENOVO:bvrR07ET67W(2.07):bd06/07/2016:svnLENOVO:pn20FW000TUS:pvrThinkPadT460p:rvnLENOVO:rn20FW000TUS:rvrSDK0J40705WIN:cvnLENOVO:ct10:cvrNone:
  dmi.product.family: ThinkPad T460p
  dmi.product.name: 20FW000TUS
  dmi.product.sku: LENOVO_MT_20FW_BU_Think_FM_ThinkPad T460p
  dmi.product.version: ThinkPad T460p
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/pulseaudio/+bug/1838151/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1838151] Re: Poor quality audio with modern Bluetooth headsets in HSP/HFP. Missing wide band speech support (Bluetooth A2DP codecs).

2023-04-13 Thread Christian Huck

Hi,
now it's 2023 and I still have this problem.
Using Mint 21.1 and Teams for Linux.
When I switch to A2DP I cannot use the headset mic.
When I switch to HFP the sound in conversations is horrible.
Would appreciate a fix here.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bluez in Ubuntu.
https://bugs.launchpad.net/bugs/1838151

Title:
  Poor quality audio with modern Bluetooth headsets in HSP/HFP.  Missing
  wide band speech support (Bluetooth A2DP codecs).

Status in PulseAudio:
  Fix Released
Status in bluez package in Ubuntu:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in pulseaudio package in Ubuntu:
  Fix Released
Status in Arch Linux:
  New

Bug description:
  Bluetooth HSP/HFP audio quality is poor on Ubuntu comparative to all
  other major platforms (Windows, MacOS, ChromeOS, Android, iOS).

  Modern Bluetooth headsets (such as the Bose QC series headphones, many
  others) are capable of using HFP 1.6 with mSBC 16kHz audio encoding.
  As it currently stands, Ubuntu defaults to only supporting HSP
  headsets using 8kHz CVSD, and is incapable of supporting HFP 1.6 at
  this time.

  The ChromiumOS team recently tackled this issue -
  https://bugs.chromium.org/p/chromium/issues/detail?id=843048

  Their efforts may assist in bringing this to Ubuntu, however it
  appears that there are quite a lot of differences considering they
  have developed their own audio server solution etc.

  The Bluetooth Telephony Working Group published the HFP 1.6 spec in
  May 2011 -
  https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=238193

  Patches have been proposed in the past for this issue to the kernel
  and PulseAudio:

  PulseAudio: https://patchwork.freedesktop.org/patch/245272/
  Kernel: https://www.spinics.net/lists/linux-bluetooth/msg76982.html

  It appears that the Chromium OS team applied the same kernel patch:
  
https://chromium.googlesource.com/chromiumos/third_party/kernel/+/77dd0cb94c1713a8a12f6e392955dfa64c430e54

  ProblemType: Bug
  DistroRelease: Ubuntu 19.04
  Package: pulseaudio 1:12.2-2ubuntu3
  ProcVersionSignature: Ubuntu 5.0.0-20.21-generic 5.0.8
  Uname: Linux 5.0.0-20-generic x86_64
  ApportVersion: 2.20.10-0ubuntu27.1
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  jnappi 2777 F pulseaudio
  CurrentDesktop: ubuntu:GNOME
  Date: Sat Jul 27 11:08:29 2019
  EcryptfsInUse: Yes
  InstallationDate: Installed on 2017-11-04 (629 days ago)
  InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018)
  ProcEnviron:
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: pulseaudio
  UpgradeStatus: Upgraded to disco on 2019-07-18 (9 days ago)
  dmi.bios.date: 06/07/2016
  dmi.bios.vendor: LENOVO
  dmi.bios.version: R07ET67W (2.07 )
  dmi.board.asset.tag: Not Available
  dmi.board.name: 20FW000TUS
  dmi.board.vendor: LENOVO
  dmi.board.version: SDK0J40705 WIN
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: None
  dmi.modalias: 
dmi:bvnLENOVO:bvrR07ET67W(2.07):bd06/07/2016:svnLENOVO:pn20FW000TUS:pvrThinkPadT460p:rvnLENOVO:rn20FW000TUS:rvrSDK0J40705WIN:cvnLENOVO:ct10:cvrNone:
  dmi.product.family: ThinkPad T460p
  dmi.product.name: 20FW000TUS
  dmi.product.sku: LENOVO_MT_20FW_BU_Think_FM_ThinkPad T460p
  dmi.product.version: ThinkPad T460p
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/pulseaudio/+bug/1838151/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2012298] Re: PasswordAuthenticaion in sshd_config.d

2023-03-29 Thread Christian Ehrhardt 

FYI: might be related (or even dup) of bug 2002994

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2012298

Title:
  PasswordAuthenticaion in sshd_config.d

Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Focal:
  Confirmed

Bug description:
  The stanza
  Match User 
PasswordAuthentication no

  in /etc/ssh/sshd_config works as expected.

  The same stanza in /etc/ssh/sshd_config.d/username.conf does not work.

  The Include in /etc/ssh/sshd_config is not commented out, and

  /usr/sbin/sshd -D -ddd

  shows the username.config file being parsed.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: openssh-server 1:8.2p1-4ubuntu0.5
  ProcVersionSignature: Ubuntu 5.4.0-131.147-generic 5.4.210
  Uname: Linux 5.4.0-131-generic x86_64
  NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_kal 
falcon_lsm_pinned_14713
  ApportVersion: 2.20.11-0ubuntu27.25
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Mon Mar 20 13:34:14 2023
  InstallationDate: Installed on 2022-11-04 (136 days ago)
  InstallationMedia:
   
  SSHDConfig: Error: command ['pkexec', '/usr/sbin/sshd', '-T'] failed with 
exit code 127: pkexec must be setuid root
  SourcePackage: openssh
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2012298/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2000739] Re: Window actions (like maximize) no more work in wayland for QEMU using GTK backend once the guest UI is intialized.

2023-03-20 Thread Christian Ehrhardt 

** Also affects: gtk+3.0 (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+3.0 in Ubuntu.
https://bugs.launchpad.net/bugs/2000739

Title:
  Window actions (like maximize) no more work in wayland for QEMU using
  GTK backend once the guest UI is intialized.

Status in gtk+3.0 package in Ubuntu:
  New
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  Window actions (like maximize) no more work in wayland for QEMU using
  GTK backend once the guest UI is intialized.

  This can be seen by running an installed or even a trial Ubuntu from
  an ISO like:

  $ qemu-system-x86_64 \
    -boot d \
    -cdrom ubuntu-22.04.1-desktop-amd64.iso \
    -m 4096M \
    -machine type=q35,accel=kvm \
    -cpu host \
    -smp 2 \
    -device qxl-vga

  The GTK UI of qemu has a feature called "fullscreen" which disables
  the screen decorations and sets the window to maximize. The
  decorations go away, but maximize doesn't work.

  
  The following details were found so far:
  - running with GDK_BACKEND=x11 works
  - using sdl instead of gtk backend works
  - using the old qemu of Focal, or the newest from upstream git in jammy all 
fails (no qemu change AFAICS)
  - host UI widgets (the square at the window top) do not work either
  - hotkeys (super-up) do not work either

  It seems that once the guest has enabled the desktop something changes
  and the maximize/minimize/... actions are no more processed. Not sure
  were to debug next in regard to the gnome/wayland UI handling of this
  - any idea?

  P.S. We can reproduce this in git builds of qemu, so we can debug of
  modify the code as needed. The code for this is mostly in [1]

  [1]: https://gitlab.com/qemu-project/qemu/-/blob/master/ui/gtk.c

  --- original report ---

  Running QEMU version 4.2.1 on Ubuntu 20.04 via

  qemu-system-x86_64 \
    -boot d \
    -cdrom ubuntu-22.04.1-desktop-amd64.iso \
    -m 4096M \
    -machine type=q35,accel=kvm \
    -cpu host \
    -smp 2 \
    -device qxl-vga

  and pressing ctrl+alt+f after booting the Ubuntu 22.04 live ISO and
  adjusting the display resolution to match the native resolution, works
  as expected, i.e., the VM screen is correctly displayed in fullscreen.

  However, after running the same command for QEMU version 6.2.0 on
  Ubuntu 22.04 and pressing ctrl+alt+f after making the resolution
  adjustment, yields a fullscreen view where the space occupied by the
  GNOME top bar (top panel with date in center) of the host is not used.
  The top bar itself is not visible but instead the purple background is
  shown where the top bar resides.

  The problem also occurs when replacing '-device qxl-vga' by '-device
  VGA,vgamem_mb=64'. The problem however does not occur when using
  '-device virtio-vga'.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/2000739/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1967593] Re: kernel modules going missing after reboot

2023-03-08 Thread Christian Ehrhardt 

** Changed in: cloud-initramfs-tools (Ubuntu)
 Assignee: (unassigned) => Dave Jones (waveform)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-meta in Ubuntu.
https://bugs.launchpad.net/bugs/1967593

Title:
  kernel modules going missing after reboot

Status in cloud-initramfs-tools package in Ubuntu:
  Confirmed
Status in linux-kvm package in Ubuntu:
  New
Status in linux-lowlatency package in Ubuntu:
  New
Status in ubuntu-meta package in Ubuntu:
  New

Bug description:
  EDIT: There are no accurate results in the package search, but it is
  for the kernel shown below Linux 5.15.0-23-generic x86_64. Also for
  the low latency kernel and other versions 5.4, 5.13, 5.14, 5.17. So it
  is not kernel specific. It must be a problem with configuration, but
  reinstalling doesnt fix it.

  EDIT2: it turns out this is caused by the cloud-initramfs-copymods
  package mounting over modules locations. Removed it and reinstalled
  kernel modules package (extras didnt seem necessary, but probably
  prudent too).


  This affects several different kernels I've tried in 22.04.

  This post basically sums it up:
  
https://unix.stackexchange.com/questions/405146/removed-lib-modules-folder-after-every-reboot
  detailed answer: https://unix.stackexchange.com/a/499580/346155

  And this one from upgrading from 20.04 to 22.04:
  
https://askubuntu.com/questions/1400470/kernel-module-not-getting-installed-after-upgrade

  Basically, for some reason the kernel modules are being mounted over
  after reboot.

  My image was built on top of a cloud-init image, but removing the recommeded 
package "cloud-initramfs-copymods" that mounts over modules didnt work for me. 
Adding the snd_hda_intel module to the boot config /etc/initramfs-tools/modules 
did fix my issue for this module. But how many others will not be available?
  ---
  ProblemType: Bug
  ApportVersion: 2.20.11-0ubuntu80
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  user   2189 F pulseaudio
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  DistroRelease: Ubuntu 22.04
  IwConfig:
   lono wireless extensions.

   enp1s0no wireless extensions.

   virbr0no wireless extensions.
  Lsusb:
   Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd QEMU USB Tablet
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
   Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
   Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
   Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
  Lsusb-t:
   /:  Bus 04.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M
   /:  Bus 03.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M
   /:  Bus 02.Port 1: Dev 1, Class=root_hub, Driver=uhci_hcd/2p, 12M
   /:  Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/6p, 480M
   |__ Port 1: Dev 2, If 0, Class=Human Interface Device, Driver=usbhid, 
480M
  MachineType: QEMU Standard PC (Q35 + ICH9, 2009)
  Package: linux (not installed)
  ProcFB: 0 virtio_gpudrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.15.0-23-generic 
root=UUID=5d51cbd2-a1de-48f6-b8b6-00709c787fa0 ro
  ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27
  RelatedPackageVersions:
   linux-restricted-modules-5.15.0-23-generic N/A
   linux-backports-modules-5.15.0-23-generic  N/A
   linux-firmware 20220329.git681281e4-0ubuntu1
  RfKill:

  Tags:  jammy uec-images
  Uname: Linux 5.15.0-23-generic x86_64
  UpgradeStatus: Upgraded to jammy on 2022-04-01 (1 days ago)
  UserGroups: libvirt sudo
  WifiSyslog:

  _MarkForUpload: True
  dmi.bios.date: 04/01/2014
  dmi.bios.release: 0.0
  dmi.bios.vendor: SeaBIOS
  dmi.bios.version: 1.13.0-1ubuntu1.1
  dmi.chassis.type: 1
  dmi.chassis.vendor: QEMU
  dmi.chassis.version: pc-q35-4.2
  dmi.modalias: 
dmi:bvnSeaBIOS:bvr1.13.0-1ubuntu1.1:bd04/01/2014:br0.0:svnQEMU:pnStandardPC(Q35+ICH9,2009):pvrpc-q35-4.2:cvnQEMU:ct1:cvrpc-q35-4.2:sku:
  dmi.product.name: Standard PC (Q35 + ICH9, 2009)
  dmi.product.version: pc-q35-4.2
  dmi.sys.vendor: QEMU
  ---
  ProblemType: Bug
  ApportVersion: 2.20.11-0ubuntu80
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  user   2189 F pulseaudio
  CasperMD5CheckResult: unknown
  CurrentDesktop: KDE
  DistroRelease: Ubuntu 22.04
  IwConfig:
   lono wireless extensions.

   enp1s0no wireless extensions.

   virbr0no wireless extensions.
  Lsusb:
   Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd QEMU USB Tablet
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
   Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
   Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
   Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
  Lsusb-t:
   /:  Bus 04.Port 1: Dev 1, Class=root

[Touch-packages] [Bug 1981697] Re: KDC: weak crypto in default settings

2023-03-08 Thread Christian Ehrhardt 

** Changed in: krb5 (Ubuntu Jammy)
 Assignee: (unassigned) => Andreas Hasenack (ahasenack)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1981697

Title:
  KDC: weak crypto in default settings

Status in krb5 package in Ubuntu:
  Fix Released
Status in krb5 source package in Jammy:
  Triaged
Status in krb5 source package in Kinetic:
  Fix Released
Status in krb5 package in Debian:
  Fix Released

Bug description:
  Default setting in /etc/krb5kdc/kdc.conf, as installed from krb5-kdc in 
Ubuntu 22.04 Server:
  master_key_type = des3-hmac-sha1

  3DES was deprecated by NIST in 2017, i.e. give years ago! Reference:
  https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-
  of-TDEA . This should not be a default since a very long time, and
  particularly not for new installations. If a compatibility with out-
  of-date installations is necessary, this should be explicitly made be
  the administrator.

  SHA-1 was deprecated as well, in 2011, i.e. eleven years ago!
  Reference:
  https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-131a.pdf
  .

  A reasonable default would probably be:
  master_key_type = aes256-cts-hmac-sha384-192

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: krb5-kdc 1.19.2-2
  ProcVersionSignature: Ubuntu 5.15.0-40.43-generic 5.15.35
  Uname: Linux 5.15.0-40-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: amd64
  CasperMD5CheckResult: pass
  Date: Thu Jul 14 12:34:22 2022
  InstallationDate: Installed on 2022-05-30 (45 days ago)
  InstallationMedia: Ubuntu-Server 22.04 LTS "Jammy Jellyfish" - Release amd64 
(20220421)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=
   LANG=en_IE.UTF-8
   SHELL=/bin/bash
  SourcePackage: krb5
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1981697/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1993387] Re: Merge bridge-utils from Debian unstable for lunar

2023-03-07 Thread Christian Ehrhardt 

This was done by Graham Inggs in
https://launchpad.net/ubuntu/+source/bridge-utils/1.7.1-1ubuntu1 and no
other merge was needed.

 bridge-utils | 1.7.1-1ubuntu1 | lunar   | source, amd64, arm64, armhf,
ppc64el, riscv64, s390x

=> Done (and thanks Graham)

** Changed in: bridge-utils (Ubuntu)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bridge-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1993387

Title:
  Merge bridge-utils from Debian unstable for lunar

Status in bridge-utils package in Ubuntu:
  Fix Released

Bug description:
  Scheduled-For: ubuntu-22.12
  Upstream: 1.7.1
  Debian:   1.7-2
  Ubuntu:   1.7-1ubuntu3

  ### New Debian Changes ###

  bridge-utils (1.7-2) unstable; urgency=medium

* Add BRIDGE_DISABLE_LINKLOCAL_IPV6_ALSO_PHYS to /etc/default/bridge-utils
  to stop disabling IPv6 on physical interfaces of vlan ports if set to no. 
  Closes: #989162.
* Update interfaces man page, IPv6 works with STP on after DAD was fixed.
  Closes: #980507.
* Treat vlan ports the same as ifupdown, avoid octal vlans. Closes: #995627.
* Update NEWS file to fix us blaming the kernel for the MAC address
  selection that is really overridden by systemd.

   -- Santiago García Mantiñán   Mon, 03 Oct 2022
  23:11:46 +0200

  
  ### Old Ubuntu Delta ###

  bridge-utils (1.7-1ubuntu3) jammy; urgency=medium

    * No-change rebuild for ppc64el baseline bump.

   -- Łukasz 'sil2100' Zemczak   Wed, 23 Mar
  2022 10:44:35 +0100

  bridge-utils (1.7-1ubuntu2) impish; urgency=medium

    * No-change rebuild to build packages with zstd compression.

   -- Matthias Klose   Thu, 07 Oct 2021 12:09:41 +0200

  bridge-utils (1.7-1ubuntu1) impish; urgency=low

    * Merge from Debian unstable. Remaining changes:
  - Don't call ifup from bridge-network-interface, instead just call brctl
    and let udev/upstart bring the interface up.
  - debian/ifupdown.sh: Handle bridge params which use port and value
  - debian/bridge-utils-interface.5:
    + Update max, default value for path cost
    + Update unsettable gcint value for newer kernels

   -- Steve Langasek   Wed, 17 Mar 2021
  12:32:22 -0700

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bridge-utils/+bug/1993387/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2008465] Re: apt repository broken when having only jammy and jammy-security apt-repos enabled

2023-03-02 Thread Christian Ehrhardt 

Hey,
it turns out this worked for most people but if you go into enough detail they 
start to disagree.
This was discussed [1], got "no it is not supported" [2] and people saying "yes 
we do" [3] and some people stating what I'd have expected [4] to be related to 
only-auto-update.

But no matter which is entirely true, this needs to be sorted out and 
documented better.
As well as then been made part of some testing and more considerations.
I'll try to organize a meeting at the next sprint with the right people.

Until then this isn't really an openldap question, it is more a release-
team tasks on documentation. Depending where the discussion ends it
might be something entirely else eventually, but for now that at least
represents the state better.

[1]: https://irclogs.ubuntu.com/2023/03/01/%23ubuntu-release.html#t18:33
[2]: https://irclogs.ubuntu.com/2023/03/01/%23ubuntu-release.html#t18:38
[3]: https://irclogs.ubuntu.com/2023/03/01/%23ubuntu-release.html#t18:49
[4]: https://irclogs.ubuntu.com/2023/03/01/%23ubuntu-release.html#t19:05

** Also affects: ubuntu-docs
   Importance: Undecided
   Status: New

** Tags removed: server-triage-discuss

** Changed in: ubuntu-docs
 Assignee: (unassigned) => Ubuntu Release Team (ubuntu-release)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/2008465

Title:
  apt repository broken when having only jammy and jammy-security apt-
  repos enabled

Status in Ubuntu:
  New

Bug description:
  Having installed Ubuntu 22 server from server-live-cd 
https://releases.ubuntu.com/22.04/ubuntu-22.04.1-live-server-amd64.iso
  (md5sum e8d2a77c51b599c10651608a5d8c286f)

  without network connection to internet (so no connection to ubuntu apt
  repositories). After offline installation completed, we remove the
  "jammy-updates" from the /etc/apt/sources.list so it looks like so:

  # cat /etc/apt/sources.list
  deb http://de.archive.ubuntu.com/ubuntu jammy 
  main restricted universe multiverse
  deb http://de.archive.ubuntu.com/ubuntu jammy-security
  main restricted universe multiverse

  Now we give the host network access and do "apt update" to refresh the
  apt repository.

  We assume that the installed package libldap-2.5-0 version 
2.5.12+dfsg-0ubuntu0.22.04.1
  was installed from the ubuntu installer cd which is a version from 
jammy-updates.

  Now we are unable to install package "ldap-utils" because that depends
  on package libldap-2.5-0 version 2.5.11+dfsg-1~exp1ubuntu3.1 (which is
  older than the offline installed version 2.5.12+dfsg-0ubuntu0.22.04.1)

  # lsb_release -a
  No LSB modules are available.
  Distributor ID: Ubuntu
  Description:Ubuntu 22.04.1 LTS
  Release:22.04
  Codename:   jammy

  # apt-cache policy libldap-2.5-0
  libldap-2.5-0:
    Installed: 2.5.12+dfsg-0ubuntu0.22.04.1
    Candidate: 2.5.12+dfsg-0ubuntu0.22.04.1
    Version table:
   *** 2.5.12+dfsg-0ubuntu0.22.04.1 100
  100 /var/lib/dpkg/status
   2.5.11+dfsg-1~exp1ubuntu3.1 500
  500 http://de.archive.ubuntu.com/ubuntu jammy-security/main amd64 
Packages
   2.5.11+dfsg-1~exp1ubuntu3 500
  500 http://de.archive.ubuntu.com/ubuntu jammy/main amd64 Packages

  # apt install --simulate ldap-utils
  Reading package lists... Done
  Building dependency tree... Done
  Reading state information... Done
  Some packages could not be installed. This may mean that you have
  requested an impossible situation or if you are using the unstable
  distribution that some required packages have not yet been created
  or been moved out of Incoming.
  The following information may help to resolve the situation:
  The following packages have unmet dependencies:
   ldap-utils : Depends: libldap-2.5-0 (= 2.5.11+dfsg-1~exp1ubuntu3.1) but 
2.5.12+dfsg-0ubuntu0.22.04.1 is to be installed
  E: Unable to correct problems, you have held broken packages.

  --
  The problem is solved when adding line

  deb http://de.archive.ubuntu.com/ubuntu jammy-updates
  main restricted universe multiverse

  to /etc/apt/sources.list

  But we want _only_ security updates, to keep the updates minimal.

  Other workaround is "apt remove libldap-2.5-0", then when installing
  ldap-utils that fetches the older libldap-2.5-0 version
  2.5.11+dfsg-1~exp1ubuntu3.1 and repo is consistent.

  Questions:
  - Can you confirm that the package version from the server-live-cd see above 
is the version from the jammy-updates repository?
  - Do you agree that when the above question is answered yes, having 
jammy-updates apt-repository is mandatory?
  - if jammy-updates repo should be mandatory should this be documented?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/2008465/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch

[Touch-packages] [Bug 2007837] Re: Regression in stderr handling in 3.2.3 breaks BackupPc on 22.04; fix available in 3.2.4

2023-03-01 Thread Christian Ehrhardt 

** Changed in: rsync (Ubuntu Jammy)
 Assignee: (unassigned) => Sergio Durigan Junior (sergiodj)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to rsync in Ubuntu.
https://bugs.launchpad.net/bugs/2007837

Title:
  Regression in stderr handling in 3.2.3 breaks BackupPc on 22.04; fix
  available in 3.2.4

Status in rsync package in Ubuntu:
  Fix Released
Status in rsync source package in Jammy:
  Triaged
Status in rsync package in Debian:
  Unknown

Bug description:
  rsync 3.2.3 (packaged in Ubuntu 22.04) changes stderr handling,
  leading another bug in libfile-rsyncp-perl (in Ubuntu 18.04 and 20.04)
  to surface [1].

  It practically makes using BackupPC 3 impossible with clients using
  rsync 3.2.3, as is packaged for 22.04. The fact that BackupPC on 20.04
  can't be used to back up machines with 22.04 is rather surprising and
  has bitten other users [2].

  It's unclear whether the bug will be fixed in 18.04's and 20.04's
  libfile-rsyncp-perl package (for status, see [3]).

  Because of this, the rsync maintainer has included a patch in 3.2.4
  that fixes this regression [4] (even though not strictly an rsync
  bug). As a result, rsync 3.2.3 is the only affected version, which
  happens to be the one packaged in 22.04.

  This report is to request backporting that fix [4] to Ubuntu 22.04, so
  that things don't silently break in scenarios where the backup server
  is left at 20.04, and some backup clients happen to upgrade to 22.04.

  I'm not sure what the criteria for security releases are, but as the
  issue causes backup denial of service and has easy mitigation, I think
  it would make sense to put it through the security channel.

  [1]: https://github.com/WayneD/rsync/issues/95#issuecomment-699185358
  [2]: 
https://www.mail-archive.com/backuppc-users@lists.sourceforge.net/msg32673.html
  [3]: 
https://bugs.launchpad.net/ubuntu/+source/libfile-rsyncp-perl/+bug/2007833
  [4]: 
https://github.com/WayneD/rsync/commit/4adfdaaf12db26c348b4d6150119b377f9b622c8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/2007837/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1647285] Re: SSL trust not system-wide

2023-02-15 Thread Christian Ehrhardt 

** Tags removed: server-triage-discuss

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ca-certificates in Ubuntu.
https://bugs.launchpad.net/bugs/1647285

Title:
  SSL trust not system-wide

Status in ca-certificates package in Ubuntu:
  Confirmed
Status in firefox package in Ubuntu:
  Confirmed
Status in nss package in Ubuntu:
  Confirmed
Status in p11-kit package in Ubuntu:
  Fix Released
Status in sssd package in Ubuntu:
  Confirmed
Status in thunderbird package in Ubuntu:
  Confirmed

Bug description:
  When I install a corporate CA trust root with update-ca-certificates,
  it doesn't seem to work everywhere. Various things like Firefox,
  Evolution, Chrome, etc. all fail to trust the newly-installed trusted
  CA.

  This ought to work, and does on other distributions. In p11-kit there
  is a module p11-kit-trust.so which can be used as a drop-in
  replacement for NSS's own libnssckbi.so trust root module, but which
  reads from the system's configured trust setup instead of the hard-
  coded version.

  This allows us to install the corporate CAs just once, and then file a
  bug against any package that *doesn't* then trust them.

  See https://fedoraproject.org/wiki/Features/SharedSystemCertificates
  for some of the historical details from when this feature was first
  implemented, but this is all now supported upstream and not at all
  distribution-specific. There shouldn't be any significant work
  required; it's mostly just a case of configuring and building it to
  make use of this functionality. (With 'alternatives' to let you
  substitute p11-kit-trust.so for the original NSS libnssckbi.so, etc.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1647285/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2004551] Re: upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

2023-02-02 Thread Christian Ehrhardt 

Thank you Steve, documenting what kind of debug data you'd expect helps
me or anyone else who might run into this next time.

Once I'm done with my current tasks on this system I'll try to redeploy
and re-upgrade to check if it happens again.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2004551

Title:
  upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  Hi,
  I just upgraded a system from Jammy to Lunar and openssh-server refuses to 
upgrade well.

  Setting up openssh-server (1:9.0p1-1ubuntu8) ...
  Replacing config file /etc/ssh/sshd_config with new version
  Replacing config file /etc/ssh/sshd_config with new version
  Synchronizing state of ssh.service with SysV service script with 
/lib/systemd/systemd-sysv-install.
  Executing: /lib/systemd/systemd-sysv-install disable ssh
  rescue-ssh.target is a disabled or a static unit not running, not starting it.
  Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 145.
  dpkg: error processing package openssh-server (--configure):
   installed openssh-server package post-installation script subprocess 
returned error exit status 1
  Processing triggers for man-db (2.11.2-1) ...
  Processing triggers for libc-bin (2.36-0ubuntu4) ...
  Errors were encountered while processing:
   openssh-server
  Error: Timeout was reached
  needrestart is being skipped since dpkg has failed
  E: Sub-process /usr/bin/dpkg returned an error code (1)

  I'm not sure what exactly it is.
  This output complains about rescue-ssh.target and indeed that can not be 
started even directly.

  $ sudo systemctl start rescue-ssh.target
  A dependency job for rescue-ssh.target failed. See 'journalctl -xe' for 
details.

  And in postinst is a try to start it:
  $  grep rescue /var/lib/dpkg/info/openssh-server.postinst 
deb-systemd-invoke $_dh_action 'rescue-ssh.target' >/dev/null 
|| true

  
  But I think the underlying issue is that ssh is already on, and I'm logged in 
via it.
  And that makes the service restart of the ssh socket which was added break.

  Feb 02 10:40:56 node-horsea systemd[104560]: ssh.socket: Failed to create 
listening socket ([::]:22): Address already in use
  Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to receive 
listening socket ([::]:22): Input/output error
  Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to listen on 
sockets: Input/output error
  Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed with result 
'resources'.

  
  Now, whichever it is, it is hard to resolve.
  The only way to get the socket to own it would be rebooting so that sshd lets 
go and systemd can take over.
  I could reboot, but that is not the point.
  What if I'd want to get the service and upgrade completed before reboot.
  Because as of now dpkg considers the system unhappy, and that would usually 
be a sign for "better not reboot before being resolved" to me.

  One thing though, I have not upgraded with do-release-upgrade - would
  we / do we have magic there to make the ssh socket activation
  transition smoother?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2004551/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2004551] Re: upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

2023-02-02 Thread Christian Ehrhardt 

As expected, on reboot all is fine for the service status


ubuntu@node-horsea:~$ systemctl status ssh.service
● ssh.service - OpenBSD Secure Shell server
 Loaded: loaded (/lib/systemd/system/ssh.service; disabled; preset: enabled)
Drop-In: /etc/systemd/system/ssh.service.d
 └─00-socket.conf
 Active: active (running) since Thu 2023-02-02 10:54:40 UTC; 12min ago
TriggeredBy: ● ssh.socket
   Docs: man:sshd(8)
 man:sshd_config(5)
Process: 2689 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 2690 (sshd)
  Tasks: 1 (limit: 38220)
 Memory: 5.3M
CPU: 894ms
 CGroup: /system.slice/ssh.service
 └─2690 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Feb 02 11:06:27 node-horsea sshd[14629]: Accepted publickey for ubuntu from 
10.172.196.173 port 47348 ssh2: RSA 
SHA256:KyONnhWWzlbscZNTHPZ25GWCXDQY5u/UD72EtQcwtqU
Feb 02 11:06:27 node-horsea sshd[14629]: pam_unix(sshd:session): session opened 
for user ubuntu(uid=1000) by (uid=0)
Feb 02 11:06:27 node-horsea sshd[14629]: pam_env(sshd:session): deprecated 
reading of user environment enabled
Feb 02 11:06:58 node-horsea sshd[14735]: Accepted publickey for ubuntu from 
10.172.196.173 port 55016 ssh2: RSA 
SHA256:KyONnhWWzlbscZNTHPZ25GWCXDQY5u/UD72EtQcwtqU
Feb 02 11:06:58 node-horsea sshd[14735]: pam_unix(sshd:session): session opened 
for user ubuntu(uid=1000) by (uid=0)
Feb 02 11:06:59 node-horsea sshd[14735]: pam_env(sshd:session): deprecated 
reading of user environment enabled
Feb 02 11:07:03 node-horsea sshd[14796]: Accepted publickey for ubuntu from 
10.172.196.173 port 57034 ssh2: RSA 
SHA256:KyONnhWWzlbscZNTHPZ25GWCXDQY5u/UD72EtQcwtqU
Feb 02 11:07:03 node-horsea sshd[14796]: pam_unix(sshd:session): session opened 
for user ubuntu(uid=1000) by (uid=0)
Feb 02 11:07:03 node-horsea sshd[14796]: pam_env(sshd:session): deprecated 
reading of user environment enabled
Feb 02 11:07:03 node-horsea sshd[14796]: pam_unix(sshd:session): session closed 
for user ubuntu
ubuntu@node-horsea:~$ systemctl status ssh.socket
● ssh.socket - OpenBSD Secure Shell server socket
 Loaded: loaded (/lib/systemd/system/ssh.socket; enabled; preset: enabled)
 Active: active (running) since Thu 2023-02-02 10:54:21 UTC; 12min ago
  Until: Thu 2023-02-02 10:54:21 UTC; 12min ago
   Triggers: ● ssh.service
 Listen: [::]:22 (Stream)
  Tasks: 0 (limit: 38220)
 Memory: 8.0K
CPU: 894us
 CGroup: /system.slice/ssh.socket

Feb 02 10:54:21 node-horsea systemd[1]: Listening on OpenBSD Secure
Shell server socket.


And out of this condition it can even complete the package
configuration.

ubuntu@node-horsea:~$ sudo dpkg-reconfigure openssh-server
/usr/sbin/dpkg-reconfigure: openssh-server is broken or not fully installed
ubuntu@node-horsea:~$ sudo apt-get install --fix-broken
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up openssh-server (1:9.0p1-1ubuntu8) ...
Replacing config file /etc/ssh/sshd_config with new version
Replacing config file /etc/ssh/sshd_config with new version
Synchronizing state of ssh.service with SysV service script with 
/lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable ssh
Warning: Stopping ssh.service, but it can still be activated by:
  ssh.socket
rescue-ssh.target is a disabled or a static unit not running, not starting it.
ubuntu@node-horsea:~$ echo $?
0

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2004551

Title:
  upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

Status in openssh package in Ubuntu:
  New

Bug description:
  Hi,
  I just upgraded a system from Jammy to Lunar and openssh-server refuses to 
upgrade well.

  Setting up openssh-server (1:9.0p1-1ubuntu8) ...
  Replacing config file /etc/ssh/sshd_config with new version
  Replacing config file /etc/ssh/sshd_config with new version
  Synchronizing state of ssh.service with SysV service script with 
/lib/systemd/systemd-sysv-install.
  Executing: /lib/systemd/systemd-sysv-install disable ssh
  rescue-ssh.target is a disabled or a static unit not running, not starting it.
  Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 145.
  dpkg: error processing package openssh-server (--configure):
   installed openssh-server package post-installation script subprocess 
returned error exit status 1
  Processing triggers for man-db (2.11.2-1) ...
  Processing triggers for libc-bin (2.36-0ubuntu4) ...
  Errors were encountered while processing:
   openssh-server
  Error: Timeout was reached
  needrestart is being skipped since dpkg has failed
  E: Sub-process /usr/bin/dpkg r

[Touch-packages] [Bug 2004551] [NEW] upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

2023-02-02 Thread Christian Ehrhardt 

Public bug reported:

Hi,
I just upgraded a system from Jammy to Lunar and openssh-server refuses to 
upgrade well.

Setting up openssh-server (1:9.0p1-1ubuntu8) ...
Replacing config file /etc/ssh/sshd_config with new version
Replacing config file /etc/ssh/sshd_config with new version
Synchronizing state of ssh.service with SysV service script with 
/lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable ssh
rescue-ssh.target is a disabled or a static unit not running, not starting it.
Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 145.
dpkg: error processing package openssh-server (--configure):
 installed openssh-server package post-installation script subprocess returned 
error exit status 1
Processing triggers for man-db (2.11.2-1) ...
Processing triggers for libc-bin (2.36-0ubuntu4) ...
Errors were encountered while processing:
 openssh-server
Error: Timeout was reached
needrestart is being skipped since dpkg has failed
E: Sub-process /usr/bin/dpkg returned an error code (1)

I'm not sure what exactly it is.
This output complains about rescue-ssh.target and indeed that can not be 
started even directly.

$ sudo systemctl start rescue-ssh.target
A dependency job for rescue-ssh.target failed. See 'journalctl -xe' for details.

And in postinst is a try to start it:
$  grep rescue /var/lib/dpkg/info/openssh-server.postinst 
deb-systemd-invoke $_dh_action 'rescue-ssh.target' >/dev/null 
|| true


But I think the underlying issue is that ssh is already on, and I'm logged in 
via it.
And that makes the service restart of the ssh socket which was added break.

Feb 02 10:40:56 node-horsea systemd[104560]: ssh.socket: Failed to create 
listening socket ([::]:22): Address already in use
Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to receive listening 
socket ([::]:22): Input/output error
Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to listen on 
sockets: Input/output error
Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed with result 
'resources'.


Now, whichever it is, it is hard to resolve.
The only way to get the socket to own it would be rebooting so that sshd lets 
go and systemd can take over.
I could reboot, but that is not the point.
What if I'd want to get the service and upgrade completed before reboot.
Because as of now dpkg considers the system unhappy, and that would usually be 
a sign for "better not reboot before being resolved" to me.

One thing though, I have not upgraded with do-release-upgrade - would we
/ do we have magic there to make the ssh socket activation transition
smoother?

** Affects: openssh (Ubuntu)
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2004551

Title:
  upgrade to lunar fails due to rescue-ssh.target or port 22 takeover

Status in openssh package in Ubuntu:
  New

Bug description:
  Hi,
  I just upgraded a system from Jammy to Lunar and openssh-server refuses to 
upgrade well.

  Setting up openssh-server (1:9.0p1-1ubuntu8) ...
  Replacing config file /etc/ssh/sshd_config with new version
  Replacing config file /etc/ssh/sshd_config with new version
  Synchronizing state of ssh.service with SysV service script with 
/lib/systemd/systemd-sysv-install.
  Executing: /lib/systemd/systemd-sysv-install disable ssh
  rescue-ssh.target is a disabled or a static unit not running, not starting it.
  Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 145.
  dpkg: error processing package openssh-server (--configure):
   installed openssh-server package post-installation script subprocess 
returned error exit status 1
  Processing triggers for man-db (2.11.2-1) ...
  Processing triggers for libc-bin (2.36-0ubuntu4) ...
  Errors were encountered while processing:
   openssh-server
  Error: Timeout was reached
  needrestart is being skipped since dpkg has failed
  E: Sub-process /usr/bin/dpkg returned an error code (1)

  I'm not sure what exactly it is.
  This output complains about rescue-ssh.target and indeed that can not be 
started even directly.

  $ sudo systemctl start rescue-ssh.target
  A dependency job for rescue-ssh.target failed. See 'journalctl -xe' for 
details.

  And in postinst is a try to start it:
  $  grep rescue /var/lib/dpkg/info/openssh-server.postinst 
deb-systemd-invoke $_dh_action 'rescue-ssh.target' >/dev/null 
|| true

  
  But I think the underlying issue is that ssh is already on, and I'm logged in 
via it.
  And that makes the service restart of the ssh socket which was added break.

  Feb 02 10:40:56 node-horsea systemd[104560]: ssh.socket: Failed to create 
listening socket ([::]:22): Address already in use
  Feb 02 10:40:56 node-horsea systemd[1]: ssh.socket: Failed to receive 
listening socket ([::]:22): Input/output error
  Feb 02 10:40:56 node

[Touch-packages] [Bug 2002994] Re: sshd_config makes some changes awkward

2023-01-18 Thread Christian Ehrhardt 

I agree as well, it is great that we have .d function at all, but it could be 
better.
As reported there is no control yet at what goes early or late and that would 
be a great enhancement. Just including it late isn't an easy option either as 
you might unintentionally to a different section that was at the end of the 
former config.

A bit of history:
- initially added via
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845315
  - https://salsa.debian.org/ssh-team/openssh/-/commit/cb37f2bf1
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862316
(unclosed, but in theory adressed by the above)
- having some troubles to work
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961007
  - https://bugzilla.mindrot.org/show_bug.cgi?id=3122
- good but not yet as good as other .d config inclusions
  - this bug
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998834
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954965

Overall a problem that I see after going through all those is that some
settings seem to be "the earliest set wins" so including at the top is
good. And others are "overwritten by later statements" which asks for an
inclusion at the end of the file.

This needs to be analyzed, maybe the behavior changed over time or there
are different categories of settings? To do so I recommend to read
through those bugs, some have more examples and how to debug them. Once
that check is done one can propose a solution and it might very well be
what Kevin suggested here which is to put the main config into the .d
directory as well and include them in numerical order. That might not
solve/address the behavior of different statements, but at least it
would give full control to the admin without touching the package owned
config file.


Either way this is worth having a look, but needs more time than a usual bug 
fix.
Therefore I've added it to a set of ideas that we pick the most important ones 
from each Ubuntu release cycle. If anyone else wants to tackle this before we 
get to it - great, keep the bug updated in that case.

** Bug watch added: Debian Bug tracker #845315
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845315

** Bug watch added: Debian Bug tracker #862316
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862316

** Bug watch added: Debian Bug tracker #961007
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961007

** Bug watch added: OpenSSH Portable Bugzilla #3122
   https://bugzilla.mindrot.org/show_bug.cgi?id=3122

** Bug watch added: Debian Bug tracker #998834
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998834

** Bug watch added: Debian Bug tracker #954965
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954965

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2002994

Title:
  sshd_config makes some changes awkward

Status in openssh package in Ubuntu:
  Confirmed

Bug description:
  As distribted, the file sshd_config has apparently been modified from
  an upstream version -- those lines that are NOT comments.  There is no
  good way for me to change any of them, even though there is a
  sshd_config.d directory for my changes.  That is because the files in
  the sshd_config.d directory are invoked early, and the uncommented
  lines in the sshd_config file override them.  I would have to modify
  the sshd_config file which defeats the purpose of having the
  directory.

  I suggest to adopt a method that I have seen elsewhere: put all of
  your changes in a file and put the file in the .d directory.  Start
  the filename with something like '50' so that it can sort before or
  after any file contributed by the local admin.  Keep the sshd_config
  file as you get it from upstream.

  This is, after all, the reason that the .d directories exist.

  In this way, admins do not have to modify distributed files, which
  avoids awkwardness when the package is updated.

  The same applies to ssh_config.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: openssh-server 1:8.2p1-4ubuntu0.5
  ProcVersionSignature: Ubuntu 5.4.0-122.138-generic 5.4.192
  Uname: Linux 5.4.0-122-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: XFCE
  Date: Mon Jan 16 06:29:16 2023
  SourcePackage: openssh
  UpgradeStatus: Upgraded to focal on 2021-02-19 (696 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2002994/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2002994] Re: sshd_config makes some changes awkward

2023-01-18 Thread Christian Ehrhardt 

** Tags removed: server-triage-discuss

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2002994

Title:
  sshd_config makes some changes awkward

Status in openssh package in Ubuntu:
  Confirmed

Bug description:
  As distribted, the file sshd_config has apparently been modified from
  an upstream version -- those lines that are NOT comments.  There is no
  good way for me to change any of them, even though there is a
  sshd_config.d directory for my changes.  That is because the files in
  the sshd_config.d directory are invoked early, and the uncommented
  lines in the sshd_config file override them.  I would have to modify
  the sshd_config file which defeats the purpose of having the
  directory.

  I suggest to adopt a method that I have seen elsewhere: put all of
  your changes in a file and put the file in the .d directory.  Start
  the filename with something like '50' so that it can sort before or
  after any file contributed by the local admin.  Keep the sshd_config
  file as you get it from upstream.

  This is, after all, the reason that the .d directories exist.

  In this way, admins do not have to modify distributed files, which
  avoids awkwardness when the package is updated.

  The same applies to ssh_config.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: openssh-server 1:8.2p1-4ubuntu0.5
  ProcVersionSignature: Ubuntu 5.4.0-122.138-generic 5.4.192
  Uname: Linux 5.4.0-122-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.20.11-0ubuntu27.24
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: XFCE
  Date: Mon Jan 16 06:29:16 2023
  SourcePackage: openssh
  UpgradeStatus: Upgraded to focal on 2021-02-19 (696 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2002994/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1964636] Re: Incorrect handling of apparmor `bpf` capability

2023-01-10 Thread Christian Boltz

> # new python script to create vim profiles with
>
> python create-apparmor.vim.py

For the records: create-apparmor.vim.py exists since years, and ...

> # generates a new file called apparmor.vim.in

... it uses apparmor.vim.in as _input_ and generates the apparmor.vim
file (syntax highlighting for vim), but (unless the Ubuntu packaging
does this) this file does _not_ get installed in a location where vim
finds it. (In openSUSE, I regularly submit it to the vim package
manually. No idea if/how this is handled in Ubuntu.)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1964636

Title:
  Incorrect handling of apparmor `bpf` capability

Status in apparmor package in Ubuntu:
  In Progress
Status in snapd package in Ubuntu:
  Incomplete
Status in apparmor source package in Focal:
  Fix Committed

Bug description:
  [ Impact ]

  The apparmor_parser before the 3.0 release would build its capability list 
from the installed kernel headers. The apparmor_parser was built against a 
kernel without support for cap 'bpf'
  This was fixed in 3.0 by having a static caps list (with full mapping info) 
and the dynamic auto-generated list (against the kernel headers) that is used 
to check that the static list has not become stale. In addition the parser can 
pull kernel supported caps straight from the apparmor kernel module (it will 
however be missing the mapping info).
  Backporting the patches from 3.0 fixes the issue.

  [ Test Plan ]

  Before the fix, the following profile fails loading:

  # echo "profile foo { capability bpf, }" | apparmor_parser -Q
  AppArmor parser error, in stdin line 1: Invalid capability bpf.
  # echo $?
  1

  After the fix, it works as expected:

  # echo "profile foo { capability bpf, }" | apparmor_parser -Q
  # echo $?
  0

  [ Where problems could occur ]

  With these changes, the parser can change its behavior based on a few things.
  1. the kernel its built against. This would not change behavior when run in a 
container vs at system level.

  2. If a feature-file is specified, via --features-file, --policy-
  features, or --kernel-features. This allows overriding the normal
  policy and kernel examination that the parser does when compiling
  policy.

  3. If /sys/kernel/security/apparmor/features is not available. The
  parser will fallback to an old set of features available in a kernel
  before the kernel module started exporting what the kernel module
  supports on the running kernel.

  [ Other Info ]

  The patches for focal (apparmor-2.13) can be found at:
  https://launchpad.net/~georgiag/+archive/ubuntu/mqueue-sru/
  As mentioned before, these patches are already running on apparmor-3.0.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1964636/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 2000739] Re: Window actions (like maximize) no more work in wayland for QEMU using GTK backend once the guest UI is intialized.

2023-01-09 Thread Christian Ehrhardt 

** Description changed:

+ Window actions (like maximize) no more work in wayland for QEMU using
+ GTK backend once the guest UI is intialized.
+ 
+ This can be seen by running an installed or even a trial Ubuntu from an
+ ISO like:
+ 
+ $ qemu-system-x86_64 \
+   -boot d \
+   -cdrom ubuntu-22.04.1-desktop-amd64.iso \
+   -m 4096M \
+   -machine type=q35,accel=kvm \
+   -cpu host \
+   -smp 2 \
+   -device qxl-vga
+ 
+ The GTK UI of qemu has a feature called "fullscreen" which disables the
+ screen decorations and sets the window to maximize. The decorations go
+ away, but maximize doesn't work.
+ 
+ 
+ The following details were found so far:
+ - running with GDK_BACKEND=x11 works
+ - using sdl instead of gtk backend works
+ - using the old qemu of Focal, or the newest from upstream git in jammy all 
fails (no qemu change AFAICS)
+ - host UI widgets (the square at the window top) do not work either
+ - hotkeys (super-up) do not work either
+ 
+ It seems that once the guest has enabled the desktop something changes
+ and the maximize/minimize/... actions are no more processed. Not sure
+ were to debug next in regard to the gnome/wayland UI handling of this -
+ any idea?
+ 
+ P.S. We can reproduce this in git builds of qemu, so we can debug of
+ modify the code as needed. The code for this is mostly in [1]
+ 
+ [1]: https://gitlab.com/qemu-project/qemu/-/blob/master/ui/gtk.c
+ 
+ --- original report ---
+ 
  Running QEMU version 4.2.1 on Ubuntu 20.04 via
  
  qemu-system-x86_64 \
-   -boot d \
-   -cdrom ubuntu-22.04.1-desktop-amd64.iso \
-   -m 4096M \
-   -machine type=q35,accel=kvm \
-   -cpu host \
-   -smp 2 \
-   -device qxl-vga
+   -boot d \
+   -cdrom ubuntu-22.04.1-desktop-amd64.iso \
+   -m 4096M \
+   -machine type=q35,accel=kvm \
+   -cpu host \
+   -smp 2 \
+   -device qxl-vga
  
  and pressing ctrl+alt+f after booting the Ubuntu 22.04 live ISO and
  adjusting the display resolution to match the native resolution, works
  as expected, i.e., the VM screen is correctly displayed in fullscreen.
  
  However, after running the same command for QEMU version 6.2.0 on Ubuntu
  22.04 and pressing ctrl+alt+f after making the resolution adjustment,
  yields a fullscreen view where the space occupied by the GNOME top bar
  (top panel with date in center) of the host is not used. The top bar
  itself is not visible but instead the purple background is shown where
  the top bar resides.
  
  The problem also occurs when replacing '-device qxl-vga' by '-device
  VGA,vgamem_mb=64'. The problem however does not occur when using
  '-device virtio-vga'.

** Also affects: wayland (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to wayland in Ubuntu.
https://bugs.launchpad.net/bugs/2000739

Title:
  Window actions (like maximize) no more work in wayland for QEMU using
  GTK backend once the guest UI is intialized.

Status in qemu package in Ubuntu:
  Confirmed
Status in wayland package in Ubuntu:
  New

Bug description:
  Window actions (like maximize) no more work in wayland for QEMU using
  GTK backend once the guest UI is intialized.

  This can be seen by running an installed or even a trial Ubuntu from
  an ISO like:

  $ qemu-system-x86_64 \
    -boot d \
    -cdrom ubuntu-22.04.1-desktop-amd64.iso \
    -m 4096M \
    -machine type=q35,accel=kvm \
    -cpu host \
    -smp 2 \
    -device qxl-vga

  The GTK UI of qemu has a feature called "fullscreen" which disables
  the screen decorations and sets the window to maximize. The
  decorations go away, but maximize doesn't work.

  
  The following details were found so far:
  - running with GDK_BACKEND=x11 works
  - using sdl instead of gtk backend works
  - using the old qemu of Focal, or the newest from upstream git in jammy all 
fails (no qemu change AFAICS)
  - host UI widgets (the square at the window top) do not work either
  - hotkeys (super-up) do not work either

  It seems that once the guest has enabled the desktop something changes
  and the maximize/minimize/... actions are no more processed. Not sure
  were to debug next in regard to the gnome/wayland UI handling of this
  - any idea?

  P.S. We can reproduce this in git builds of qemu, so we can debug of
  modify the code as needed. The code for this is mostly in [1]

  [1]: https://gitlab.com/qemu-project/qemu/-/blob/master/ui/gtk.c

  --- original report ---

  Running QEMU version 4.2.1 on Ubuntu 20.04 via

  qemu-system-x86_64 \
    -boot d \
    -cdrom ubuntu-22.04.1-desktop-amd64.iso \
    -m 4096M \
    -machine type=q35,accel=kvm \
    -cpu host \
    -smp 2 \
    -device qxl-vga

  and pressing ctrl+alt+f after booting the Ubuntu 22.04 live ISO and
  adjusting the display resolution to match the native resolution, works
  as expected, i.e., the VM screen is correctly displayed in fullscreen.

  However, after running the same command for QEMU version 6.2.0 on
  Ubun

[Touch-packages] [Bug 2000817] [NEW] Wrong SHA256-value computed on kinetic

2022-12-31 Thread Christian Froemmel

Public bug reported:

The OpenLDAP-contrib module sha2 (located in contrib/slapd-
modules/passwd/sha2/) computes a wrong SHA256/SSHA256-hash on Ubuntu
kinetic. This breaks our current password-authentication in ldap.


The problematic computation:

$ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2
{SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54=

The (correct) reference-value on the same system (or older ubuntu
Versions):

$ echo -n "secret" | openssl dgst -sha256 -binary | openssl enc -base64
K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=


We nailed the problem down to a bug in the gcc-optimizer for strict-aliasing. 
so most probably the gcc-version on kinetic (v12.2.0) is the reason. The 
workaround is to compile the sha2-Module with the flag "-fno-strict-aliasing". 
Then the correct value is computed. An example taken from a git-compiled 
version of OpenLDAP 2.5.13:

$ ./servers/slapd/slappasswd -T passwd -s secret -h '{SHA256}' -o 
module-load=pw-sha2 -o module-path=contrib/slapd-modules/passwd/sha2/.libs
{SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=


Ubuntu:

Description:Ubuntu 22.10
Release:22.10

OpenLDAP-Package: 2.5.13+dfsg-1ubuntu1

** Affects: openldap (Ubuntu)
 Importance: Undecided
 Status: New

** Patch added: "openldap-contrib-sha2.patch"
   
https://bugs.launchpad.net/bugs/2000817/+attachment/5638696/+files/openldap-contrib-sha2.patch

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/2000817

Title:
  Wrong SHA256-value computed on kinetic

Status in openldap package in Ubuntu:
  New

Bug description:
  The OpenLDAP-contrib module sha2 (located in contrib/slapd-
  modules/passwd/sha2/) computes a wrong SHA256/SSHA256-hash on Ubuntu
  kinetic. This breaks our current password-authentication in ldap.

  
  The problematic computation:

  $ slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2
  {SHA256}WIrrpN3OjEVOUf6yrH1j+o+ODuUuNBo979Od4UXnu54=

  The (correct) reference-value on the same system (or older ubuntu
  Versions):

  $ echo -n "secret" | openssl dgst -sha256 -binary | openssl enc -base64
  K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=

  
  We nailed the problem down to a bug in the gcc-optimizer for strict-aliasing. 
so most probably the gcc-version on kinetic (v12.2.0) is the reason. The 
workaround is to compile the sha2-Module with the flag "-fno-strict-aliasing". 
Then the correct value is computed. An example taken from a git-compiled 
version of OpenLDAP 2.5.13:

  $ ./servers/slapd/slappasswd -T passwd -s secret -h '{SHA256}' -o 
module-load=pw-sha2 -o module-path=contrib/slapd-modules/passwd/sha2/.libs
  {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=


  
  Ubuntu:

  Description:Ubuntu 22.10
  Release:22.10

  OpenLDAP-Package: 2.5.13+dfsg-1ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2000817/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1926802] Re: qt5-default package is missed in 21.04

2022-12-21 Thread Christian Lampe

But the package name says `qt5-*`. Are the `qt6-*` packages for Qt 5 ?!?

** Also affects: unity-linux
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to qtbase-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/1926802

Title:
  qt5-default package is missed in 21.04

Status in qtbase-opensource-src package in Ubuntu:
  Invalid
Status in Unity Linux:
  New

Bug description:
  Previous 20.10 version has the qt5-default package in place (see
  https://packages.ubuntu.com/groovy/qt5-default ).

  Please upload the  qt5-default package for 21.04 Ubuntu version.

  What is interesting - all its dependencies can be simply installed
  with `sudo apt-get install qtbase5-dev qtchooser qt5-qmake
  qtbase5-dev-tools` .

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qtbase-opensource-src/+bug/1926802/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1999018] [NEW] Firefox updated via snap eventhough ppa with higher priority is present

2022-12-07 Thread Christian Connert

Public bug reported:

As I use KeePassXC-Browser integration I had to switch to plain firefox.
To achive that I followed the instructions
https://www.omgubuntu.co.uk/2022/04/how-to-install-firefox-deb-apt-
ubuntu-22-04.

Every now and then my firefox get's replaced with the snap package even
though I properly assigned priorites to the PPA repository:

$ cat /etc/apt/preferences.d/mozilla-firefox

Package: *
Pin: release o=LP-PPA-mozillateam
Pin-Priority: 1001

This is a bit annoying as I have to remove firefox via apt and snap and
install it again. Then I get back the PPA packages.

I am unsure if it is a issue with apt or snapd.

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: apt 2.4.8
ProcVersionSignature: Ubuntu 5.17.0-1021.22-oem 5.17.15
Uname: Linux 5.17.0-1021-oem x86_64
ApportVersion: 2.20.11-0ubuntu82.2
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: XFCE
Date: Wed Dec  7 09:32:41 2022
InstallationDate: Installed on 2021-07-22 (503 days ago)
InstallationMedia: Xubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 
(20210209.1)
SourcePackage: apt
UpgradeStatus: Upgraded to jammy on 2022-08-26 (102 days ago)

** Affects: apt (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: amd64 apport-bug jammy

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1999018

Title:
  Firefox updated via snap eventhough ppa with higher priority is
  present

Status in apt package in Ubuntu:
  New

Bug description:
  As I use KeePassXC-Browser integration I had to switch to plain
  firefox. To achive that I followed the instructions
  https://www.omgubuntu.co.uk/2022/04/how-to-install-firefox-deb-apt-
  ubuntu-22-04.

  Every now and then my firefox get's replaced with the snap package
  even though I properly assigned priorites to the PPA repository:

  $ cat /etc/apt/preferences.d/mozilla-firefox

  Package: *
  Pin: release o=LP-PPA-mozillateam
  Pin-Priority: 1001

  This is a bit annoying as I have to remove firefox via apt and snap
  and install it again. Then I get back the PPA packages.

  I am unsure if it is a issue with apt or snapd.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: apt 2.4.8
  ProcVersionSignature: Ubuntu 5.17.0-1021.22-oem 5.17.15
  Uname: Linux 5.17.0-1021-oem x86_64
  ApportVersion: 2.20.11-0ubuntu82.2
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: XFCE
  Date: Wed Dec  7 09:32:41 2022
  InstallationDate: Installed on 2021-07-22 (503 days ago)
  InstallationMedia: Xubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 
(20210209.1)
  SourcePackage: apt
  UpgradeStatus: Upgraded to jammy on 2022-08-26 (102 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1999018/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1995260] Re: dnsmasq focal 2.80 NODATA instead of NXDOMAIN bug

2022-11-29 Thread Christian Ehrhardt 

FYI proposed migration tests should be happy as soon as the migration-
reference run for ubuntu-fan completed (but queues are long)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1995260

Title:
  dnsmasq focal 2.80 NODATA instead of NXDOMAIN bug

Status in dnsmasq package in Ubuntu:
  Fix Released
Status in dnsmasq source package in Focal:
  Fix Committed

Bug description:
  [SRU]

  [ Impact ]

  Sometimes dnsmasq is incorrectly returning NODATA instead of NXDOMAIN.
  This can lead to erroneous actions by clients who need to determine
  whether a domain name exists or not.

  [ Test Plan ]

  In a focal VM, install dnsmasq (apt install dnsmasq) if it wasn't
  installed yet.

  #0 Disabling systemd-resolved service and enabling resolution through
  dnsmasq.

  # systemctl disable --now systemd-resolved.service
  # rm -f /etc/resolv.conf
  # cat > /etc/resolv.conf << __EOF__
  nameserver 8.8.8.8
  __EOF__
  # systemctl start dnsmasq.service

  #1 Bad case

  # for i in srv txt  a  a txt srv; do host -t $i test.foo. 127.0.0.1 | 
tail -n 1; done
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  test.foo has no A record
  Host test.foo. not found: 3(NXDOMAIN)
  test.foo has no A record
  test.foo has no TXT record
  test.foo has no SRV record

  #2 Good case

  #2.1 Installing new package

  # ls -1 *.deb
  dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb
  dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb
  dnsmasq_2.80-1.1ubuntu1.6_all.deb

  # dpkg -i *.deb
  (Reading database ... 32073 files and directories currently installed.)
  Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ...
  Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
  Selecting previously unselected package dnsmasq-utils.
  Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ...
  Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ...
  Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ...
  Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
  Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ...
  Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ...
  Setting up dnsmasq (2.80-1.1ubuntu1.6) ...
  Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
  Processing triggers for man-db (2.9.1-1) ...
  Processing triggers for systemd (245.4-4ubuntu3.18) ...

  # dpkg -l | grep dnsmasq
  ii  dnsmasq2.80-1.1ubuntu1.6 all  
Small caching DNS proxy and DHCP/TFTP server
  ii  dnsmasq-base   2.80-1.1ubuntu1.6 amd64
Small caching DNS proxy and DHCP/TFTP server
  ii  dnsmasq-utils  2.80-1.1ubuntu1.6 amd64
Utilities for manipulating DHCP leases

  #2.2 Testing OK

  # for i in srv txt  a  a txt srv; do host -t $i test.foo. 127.0.0.1 | 
tail -n 1; done
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)

  [ Where problems could occur ]

  It changes the program's behaviour by classifying as NXDOMAIN what
  used to be NODATA in some situations, so if a user had a workaround
  for this (in the form of a script or other kind of automatization) it
  will probably start to malfunction.

  The last rebuilding of the package for Focal was in May, so if any new
  dependencies or libs have been upgraded on this Ubuntu series this can
  impact the new rebuild.

  [ Other Info ]

  The patch is applied upstream and originated from a bug filed on
  Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067

  [Original Report]
  ---
  We upgraded our openstack containers which host dnsmasq services from bionic 
to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which 
introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.

  This is already fixed upstream with the following commit [1].

  The Ubuntu dnsmasq 2.80 package should get a backport with a release
  for the focal packages which includes this bug fix.

  [1]
  
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1995260/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1995260] Re: dnsmasq focal 2.80 NODATA instead of NXDOMAIN bug

2022-11-28 Thread Christian Ehrhardt 

@SRU team - please consider accepting and merging the test hint [1] to
resolve the current blocker for this SRU.

[1]: https://code.launchpad.net/~paelzer/britney/+git/hints-
ubuntu/+merge/433770

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1995260

Title:
  dnsmasq focal 2.80 NODATA instead of NXDOMAIN bug

Status in dnsmasq package in Ubuntu:
  Fix Released
Status in dnsmasq source package in Focal:
  Fix Committed

Bug description:
  [SRU]

  [ Impact ]

  Sometimes dnsmasq is incorrectly returning NODATA instead of NXDOMAIN.
  This can lead to erroneous actions by clients who need to determine
  whether a domain name exists or not.

  [ Test Plan ]

  In a focal VM, install dnsmasq (apt install dnsmasq) if it wasn't
  installed yet.

  #0 Disabling systemd-resolved service and enabling resolution through
  dnsmasq.

  # systemctl disable --now systemd-resolved.service
  # rm -f /etc/resolv.conf
  # cat > /etc/resolv.conf << __EOF__
  nameserver 8.8.8.8
  __EOF__
  # systemctl start dnsmasq.service

  #1 Bad case

  # for i in srv txt  a  a txt srv; do host -t $i test.foo. 127.0.0.1 | 
tail -n 1; done
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  test.foo has no A record
  Host test.foo. not found: 3(NXDOMAIN)
  test.foo has no A record
  test.foo has no TXT record
  test.foo has no SRV record

  #2 Good case

  #2.1 Installing new package

  # ls -1 *.deb
  dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb
  dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb
  dnsmasq_2.80-1.1ubuntu1.6_all.deb

  # dpkg -i *.deb
  (Reading database ... 32073 files and directories currently installed.)
  Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ...
  Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
  Selecting previously unselected package dnsmasq-utils.
  Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ...
  Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ...
  Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ...
  Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
  Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ...
  Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ...
  Setting up dnsmasq (2.80-1.1ubuntu1.6) ...
  Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
  Processing triggers for man-db (2.9.1-1) ...
  Processing triggers for systemd (245.4-4ubuntu3.18) ...

  # dpkg -l | grep dnsmasq
  ii  dnsmasq2.80-1.1ubuntu1.6 all  
Small caching DNS proxy and DHCP/TFTP server
  ii  dnsmasq-base   2.80-1.1ubuntu1.6 amd64
Small caching DNS proxy and DHCP/TFTP server
  ii  dnsmasq-utils  2.80-1.1ubuntu1.6 amd64
Utilities for manipulating DHCP leases

  #2.2 Testing OK

  # for i in srv txt  a  a txt srv; do host -t $i test.foo. 127.0.0.1 | 
tail -n 1; done
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)

  [ Where problems could occur ]

  It changes the program's behaviour by classifying as NXDOMAIN what
  used to be NODATA in some situations, so if a user had a workaround
  for this (in the form of a script or other kind of automatization) it
  will probably start to malfunction.

  The last rebuilding of the package for Focal was in May, so if any new
  dependencies or libs have been upgraded on this Ubuntu series this can
  impact the new rebuild.

  [ Other Info ]

  The patch is applied upstream and originated from a bug filed on
  Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067

  [Original Report]
  ---
  We upgraded our openstack containers which host dnsmasq services from bionic 
to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which 
introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.

  This is already fixed upstream with the following commit [1].

  The Ubuntu dnsmasq 2.80 package should get a backport with a release
  for the focal packages which includes this bug fix.

  [1]
  
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1995260/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1995260] Re: dnsmasq focal 2.80 NODATA instead of NXDOMAIN bug

2022-11-28 Thread Christian Ehrhardt 

Great finding Miriam,
I've looked into it and fully agree.
Since I had all the data at that moment I filed bug 1998184 for ubuntu-fan.
Based on that we need to mask the tests and we can ignore them here in regard 
to this SRU (until fixed in ubuntu-fan).

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/1995260

Title:
  dnsmasq focal 2.80 NODATA instead of NXDOMAIN bug

Status in dnsmasq package in Ubuntu:
  Fix Released
Status in dnsmasq source package in Focal:
  Fix Committed

Bug description:
  [SRU]

  [ Impact ]

  Sometimes dnsmasq is incorrectly returning NODATA instead of NXDOMAIN.
  This can lead to erroneous actions by clients who need to determine
  whether a domain name exists or not.

  [ Test Plan ]

  In a focal VM, install dnsmasq (apt install dnsmasq) if it wasn't
  installed yet.

  #0 Disabling systemd-resolved service and enabling resolution through
  dnsmasq.

  # systemctl disable --now systemd-resolved.service
  # rm -f /etc/resolv.conf
  # cat > /etc/resolv.conf << __EOF__
  nameserver 8.8.8.8
  __EOF__
  # systemctl start dnsmasq.service

  #1 Bad case

  # for i in srv txt  a  a txt srv; do host -t $i test.foo. 127.0.0.1 | 
tail -n 1; done
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  test.foo has no A record
  Host test.foo. not found: 3(NXDOMAIN)
  test.foo has no A record
  test.foo has no TXT record
  test.foo has no SRV record

  #2 Good case

  #2.1 Installing new package

  # ls -1 *.deb
  dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb
  dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb
  dnsmasq_2.80-1.1ubuntu1.6_all.deb

  # dpkg -i *.deb
  (Reading database ... 32073 files and directories currently installed.)
  Preparing to unpack dnsmasq-base_2.80-1.1ubuntu1.6_amd64.deb ...
  Unpacking dnsmasq-base (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
  Selecting previously unselected package dnsmasq-utils.
  Preparing to unpack dnsmasq-utils_2.80-1.1ubuntu1.6_amd64.deb ...
  Unpacking dnsmasq-utils (2.80-1.1ubuntu1.6) ...
  Preparing to unpack dnsmasq_2.80-1.1ubuntu1.6_all.deb ...
  Unpacking dnsmasq (2.80-1.1ubuntu1.6) over (2.80-1.1ubuntu1.5) ...
  Setting up dnsmasq-base (2.80-1.1ubuntu1.6) ...
  Setting up dnsmasq-utils (2.80-1.1ubuntu1.6) ...
  Setting up dnsmasq (2.80-1.1ubuntu1.6) ...
  Processing triggers for dbus (1.12.16-2ubuntu2.3) ...
  Processing triggers for man-db (2.9.1-1) ...
  Processing triggers for systemd (245.4-4ubuntu3.18) ...

  # dpkg -l | grep dnsmasq
  ii  dnsmasq2.80-1.1ubuntu1.6 all  
Small caching DNS proxy and DHCP/TFTP server
  ii  dnsmasq-base   2.80-1.1ubuntu1.6 amd64
Small caching DNS proxy and DHCP/TFTP server
  ii  dnsmasq-utils  2.80-1.1ubuntu1.6 amd64
Utilities for manipulating DHCP leases

  #2.2 Testing OK

  # for i in srv txt  a  a txt srv; do host -t $i test.foo. 127.0.0.1 | 
tail -n 1; done
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)
  Host test.foo. not found: 3(NXDOMAIN)

  [ Where problems could occur ]

  It changes the program's behaviour by classifying as NXDOMAIN what
  used to be NODATA in some situations, so if a user had a workaround
  for this (in the form of a script or other kind of automatization) it
  will probably start to malfunction.

  The last rebuilding of the package for Focal was in May, so if any new
  dependencies or libs have been upgraded on this Ubuntu series this can
  impact the new rebuild.

  [ Other Info ]

  The patch is applied upstream and originated from a bug filed on
  Fedora side: https://bugzilla.redhat.com/show_bug.cgi?id=1674067

  [Original Report]
  ---
  We upgraded our openstack containers which host dnsmasq services from bionic 
to focal. With this we got an update of dnsmasq from 2.79 to 2.80 which 
introduced a bug in our setup where dnsmasq returns NODATA instead of NXDOMAIN.

  This is already fixed upstream with the following commit [1].

  The Ubuntu dnsmasq 2.80 package should get a backport with a release
  for the focal packages which includes this bug fix.

  [1]
  
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=162e5e0062ce923c494cc64282f293f0ed64fc10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1995260/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.

[Touch-packages] [Bug 1997224] Re: [NUC12WSKi5, Realtek ALC269VB, Green Headphone Out, Left] Playback problem with startup applications

2022-11-22 Thread Christian Stussak

I managed to get audio output going using amixer:
amixer sset Master mute unmute 1- 1+

Both parts are necessary (mute/unmute and volume adjustment). Just
muting/unmuting or adjusting the volume does not bring back audio
output.

I can put it in my start script without adding any possibly insufficient
delay prior to it.

I still don't understand why this is needed. If playback is delayed long
enough, the "audio system" (I don't know which component) seems to do
something similar internally and it magically works. However, this is
not how it is supposed to work, because a user (or a start script) can
not know how long the delay actually needs to be.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to alsa-driver in Ubuntu.
https://bugs.launchpad.net/bugs/1997224

Title:
  [NUC12WSKi5, Realtek ALC269VB, Green Headphone Out, Left] Playback
  problem with startup applications

Status in alsa-driver package in Ubuntu:
  New

Bug description:
  I am starting an audio application (a.g. aplay, paplay, any media
  player) automatically after login (through the "Startup
  Applications"). I can see that the app is playing some audio through
  PulseAudio by checking pavucontrol. However, no sound is output to the
  speaker.

  When I delay the startup of the app a couple of seconds (e.g. via
  sleep 5), the sound is played as expected.

  We tried to analyze the issue here:
  https://answers.launchpad.net/ubuntu/+question/703840

  It seems that there is something wrong with the mixer when audio apps
  are launched very early after boot (or login?): The "Master Playback
  Volume" is set to 0 at the ALSA level, and it seems that PulseAudio is
  not able to raise it if audio playback is started so early. Attempts
  to automatically raise the "Master Playback Volume" through amixer
  also failed. The "Master Playback Volume" stays at 0. As mentioned
  above, when the start of the playback is delayed a bit, the "Master
  Playback Volume" is at 100 as expected.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: alsa-base 1.0.25+dfsg-0ubuntu7
  ProcVersionSignature: Ubuntu 5.15.0-53.59-generic 5.15.64
  Uname: Linux 5.15.0-53-generic x86_64
  ApportVersion: 2.20.11-0ubuntu82.1
  Architecture: amd64
  AudioDevicesInUse:
   USERPID ACCESS COMMAND
   /dev/snd/controlC0:  kiosk  1081 F pulseaudio
   /dev/snd/pcmC0D0c:   kiosk  1081 F...m pulseaudio
   /dev/snd/pcmC0D0p:   kiosk  1081 F...m pulseaudio
  CasperMD5CheckResult: pass
  Date: Mon Nov 21 10:35:48 2022
  InstallationDate: Installed on 2022-11-21 (0 days ago)
  InstallationMedia: Ubuntu 22.04.1 LTS "Jammy Jellyfish" - Release amd64 
(20220809.1)
  PackageArchitecture: all
  SourcePackage: alsa-driver
  Symptom: audio
  Symptom_AlsaPlaybackTest: ALSA playback test through plughw:PCH successful
  Symptom_Card: Built-in Audio - HDA Intel PCH
  Symptom_Jack: Green Headphone Out, Left
  Symptom_PulsePlaybackTest: PulseAudio playback test successful
  Symptom_Type: None of the above
  Title: [NUC12WSKi5, Realtek ALC269VB, Green Headphone Out, Left] Playback 
problem
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 07/18/2022
  dmi.bios.release: 5.26
  dmi.bios.vendor: Intel Corp.
  dmi.bios.version: WSADL357.0085.2022.0718.1739
  dmi.board.name: NUC12WSBi5
  dmi.board.vendor: Intel Corporation
  dmi.board.version: M46425-302
  dmi.chassis.type: 35
  dmi.chassis.vendor: Intel Corporation
  dmi.chassis.version: 2.0
  dmi.modalias: 
dmi:bvnIntelCorp.:bvrWSADL357.0085.2022.0718.1739:bd07/18/2022:br5.26:svnIntel(R)ClientSystems:pnNUC12WSKi5:pvrM46708-302:rvnIntelCorporation:rnNUC12WSBi5:rvrM46425-302:cvnIntelCorporation:ct35:cvr2.0:skuNUC12WSKi5000:
  dmi.product.family: WS
  dmi.product.name: NUC12WSKi5
  dmi.product.sku: NUC12WSKi5000
  dmi.product.version: M46708-302
  dmi.sys.vendor: Intel(R) Client Systems

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/alsa-driver/+bug/1997224/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite

2022-11-15 Thread Christian Ehrhardt 

** Changed in: pcsc-lite (Ubuntu)
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to pcsc-lite in Ubuntu.
https://bugs.launchpad.net/bugs/1892559

Title:
  [MIR] ccid opensc pcsc-lite

Status in ccid package in Ubuntu:
  In Progress
Status in opensc package in Ubuntu:
  Incomplete
Status in pam-pkcs11 package in Ubuntu:
  Invalid
Status in pcsc-lite package in Ubuntu:
  Incomplete
Status in pcsc-perl package in Ubuntu:
  Invalid
Status in pcsc-tools package in Ubuntu:
  Invalid

Bug description:
  ==> ccid <==
  [Availability]
  ccid is in universe, and builds on all architectures.

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  No CVEs for ccid are listed in our database.
  Doesn't appear to bind to a socket.
  No privileged executables, but does have udev rules.
  Probably needs a security review.

  [Quality assurance]
  No test suite.
  Does require odd hardware that we'll probably need to buy.
  I don't see debconf questions.
  ccid is well maintained in Debian by upstream author.
  One open wishlist bug in BTS, harmless.

  One open bug in launchpad, not security, but looks very frustrating
  for the users. The upstream author was engaged but it never reached
  resolution.  https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1175465

  Has a debian/watch file.
  Quilt packaging.

  P: ccid source: no-dep5-copyright
  P: ccid source: package-uses-experimental-debhelper-compat-version 13

  [Dependencies]
  Minimal dependencies, in main

  [Standards compliance]
  Appears to satisfy FHS and Debian policy

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  ccid provides drivers to interact with usb-connected smart card readers.

  ==> libpam-pkcs11 <==
  [Availability]
  Source package pam-pkcs11 is in universe and builds on all architectures.

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  No CVEs in our database.
  Doesn't appear to bind to sockets.
  No privileged executables (but is a PAM module).
  As a PAM module this will require a security review.

  [Quality assurance]
  The package does not call pam-auth-update in its postinst #1650366
  Does not ask questions during install.
  One Ubuntu bug claims very poor behaviour if a card isn't plugged in.
  No Debian bugs.
  Occasional updates in Debian by long-term maintainer.
  Does require odd hardware that we'll probably need to buy.
  Does not appear to run tests during build.
  Has scary warnings in the build logs.
  Has a debian/watch file.

  Ancient standards version; other smaller lintian messages, mostly
  documentation problems.

  Quilt packaging.

  [Dependencies]
  Depends on libcurl4, libldap-2.4-2, libpam0g, libpcsclite1, libssl1.1
  All are in main.

  [Standards compliance]
  The package does not call pam-auth-update in its postinst #1650366
  Otherwise looks to conform to FHS and Debian policies

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  This PAM module can use CRLs and full-chain verification of certificates.
  It can also do LDAP, AD, and Kerberos username mapping.

  ==> libpcsc-perl <==
  [Availability]
  Source package pcsc-perl is in universe, builds for all architectures,
  plus i386

  [Rationale]
  The desktop team and security team are interested in bringing smartcard
  authentication to enterprise desktop environments.

  [Security]
  There are no cves for pcsc-perl in our database.
  No privileged executables.
  Doesn't appear to bind to sockets.
  Probably needs a security review.

  [Quality assurance]
  Library package not intended to be used directly.
  No debconf questions.
  No bugs in Debian.
  No bugs in Ubuntu.
  Does require odd hardware that we'll probably need to buy.
  Tests exist, not run during the build; probably can't run during the build.
  Includes debian/watch file.
  A handful of lintian issues
  Quilt packaging.

  [Dependencies]
  libpcsc-perl depends upon libpcsclite1, libc6, perl, perlapi-5.30.0.
  All are in main.

  [Standards compliance]
  One oddity, Card.pod is stored in 
/usr/lib/x86_64-linux-gnu/perl5/5.30/Chipcard/PCSC/
  Many other perl packages have .pod files in these directory trees so maybe
  it's fine, but it seems funny all the same.

  Otherwise appears to satisfy FHS and Debian policy.

  [Maintenance]
  The desktop team will subscribe to bugs, however it is expected that the
  security team will assist with security-relevant questions.

  [Background information]
  Dependency of pcsc-tools; thi

[Touch-packages] [Bug 1989073] Re: AppArmor DENIES reading of /sys/devices/system/cpu/possible

Hi Marius,

> What actually is the effect of the denial? Will qemu not use more than one 
> CPU, 
> or is it something less harmful?

Since the new interface is arch specific and new the code does fall back
tot he old way.

  226 /* On some architectures it is possible to distinguish between configured 
   
  227and active cpus.  */   
   
  228 int   
   
  229 __get_nprocs_conf (void)  
   
  230 { 
   
  231   int result = read_sysfs_file ("/sys/devices/system/cpu/possible");  
   
  232   if (result != 0)
   
  233 return result;
   
  234   
   
  235   /* Fall back to /proc/stat and sched_getaffinity.  */   
   
  236   return get_nprocs_fallback ();  
   
  237 }   

Due to that, even when denied it gets the right number (as it had
before).

Once with and without isolation blocking access.

ubuntu@k2:/tmp$ ./testsysconf 
_SC_NPROCESSORS_CONF 3

ubuntu@k2:/tmp$ sudo aa-exec -p test -- ./testsysconf
_SC_NPROCESSORS_CONF 3

It only has a real difference on systems where the new code was needed in the 
first place.
Those are usually rather massive systems which start at lower cpu counts but 
might hot-plug them later - on those with the denial falling back you'd only 
get a lower than the real potential max number.
The code that hits this in your case is libnuma on initialization, unless you 
are very deep into numa control on very huge systems using cpu hotplug you 
won't see any effect.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1989073

Title:
  AppArmor DENIES reading of /sys/devices/system/cpu/possible

Status in apparmor package in Ubuntu:
  Confirmed
Status in apparmor source package in Kinetic:
  Confirmed

Bug description:
  libvirt 8.6.0-0ubuntu1
  apparmor 3.0.7-1ubuntu1

  Creating a VM with virt-install produces this AppAmore denial:

  AVC apparmor="DENIED" operation="open"
  profile="libvirt-974c9859-e682-4f5d-b0cb-dcf3d60185fc"
  name="/sys/devices/system/cpu/possible" pid=2522 comm="qemu-
  system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0

  Creation of the VM is successful.  This is with nested virtualization.

  This did not happen with libvirt 8.0.0-1ubuntu8 and apparmor
  3.0.7-1ubuntu1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1989073/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1989073] Re: AppArmor DENIES reading of /sys/devices/system/cpu/possible

Submitted upstream:
 https://lists.ubuntu.com/archives/apparmor/2022-November/012528.html

Once discussed and accepted there I suggest a backport to Kinetic.

I hope this debug and patch helps, but to manage expectations, I'd
hope/expect that someone usually looking after apparmor does that follow
on step then. Could someone please agree to take it over from here and
comment on this bug?

P.S. I mostly want to avoid stepping on someones toes, if you want me to
upload it to kinetic I can do so, let me know.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1989073

Title:
  AppArmor DENIES reading of /sys/devices/system/cpu/possible

Status in apparmor package in Ubuntu:
  Confirmed
Status in apparmor source package in Kinetic:
  Confirmed

Bug description:
  libvirt 8.6.0-0ubuntu1
  apparmor 3.0.7-1ubuntu1

  Creating a VM with virt-install produces this AppAmore denial:

  AVC apparmor="DENIED" operation="open"
  profile="libvirt-974c9859-e682-4f5d-b0cb-dcf3d60185fc"
  name="/sys/devices/system/cpu/possible" pid=2522 comm="qemu-
  system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0

  Creation of the VM is successful.  This is with nested virtualization.

  This did not happen with libvirt 8.0.0-1ubuntu8 and apparmor
  3.0.7-1ubuntu1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1989073/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1989073] Re: AppArmor DENIES reading of /sys/devices/system/cpu/possible

Reported upstream at https://gitlab.com/apparmor/apparmor/-/issues/283

** Bug watch added: gitlab.com/apparmor/apparmor/-/issues #283
   https://gitlab.com/apparmor/apparmor/-/issues/283

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1989073

Title:
  AppArmor DENIES reading of /sys/devices/system/cpu/possible

Status in apparmor package in Ubuntu:
  Confirmed
Status in apparmor source package in Kinetic:
  Confirmed

Bug description:
  libvirt 8.6.0-0ubuntu1
  apparmor 3.0.7-1ubuntu1

  Creating a VM with virt-install produces this AppAmore denial:

  AVC apparmor="DENIED" operation="open"
  profile="libvirt-974c9859-e682-4f5d-b0cb-dcf3d60185fc"
  name="/sys/devices/system/cpu/possible" pid=2522 comm="qemu-
  system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0

  Creation of the VM is successful.  This is with nested virtualization.

  This did not happen with libvirt 8.0.0-1ubuntu8 and apparmor
  3.0.7-1ubuntu1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1989073/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1989073] Re: AppArmor DENIES reading of /sys/devices/system/cpu/possible