Re: Upcoming change: rsyslog's apparmor enforced by default

2023-02-11 Thread Steve Langasek 
Hi Andreas,

On Sat, Feb 11, 2023 at 02:45:17PM -0300, Andreas Hasenack wrote:
> Hi,

> In the next few days, if all goes according to plan, I'll upload
> rsyslogd to lunar with a change[1] to the way its apparmor profile is
> applied.

> The confinement status won't be changed during upgrades, but fresh
> installs will have the apparmor profile enforced by default. Up until
> now, it's been disabled.

Can you elaborate on this decision not to change the behavior on upgrade? 
It's expected on upgrade between releases that behavior will change; and to
not enforce for upgrading users means a difference in configs between new
installs and upgrades that complicates the support matrix over the long
term.

I am strongly in favor of making the behavior on upgrade conform to the
behavior on new installs - even if that means there might be some unpleasant
surprises where the package fails to configure because of apparmor being
enabled.  That seems unlikely to me in any case; even if the user has
diverged from the stock rsyslog config, it seems more likely to me that the
daemon would still start up but might in some cases fail to log.  Again,
behavior changes are expected across release upgrades.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developer   https://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: PGP signature
-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

RE: unixodbc-dev 2.3.11 seems broken

2023-02-11 Thread Thomas Ward 
Unfortunately here your choices are limited.  The ODBC from Microsoft is 
different than the one in the repos and the two packages conflict.

>From my experience you will have to pick one or the other - use Microsoft's 
>packaged ODBC and no headers, or use the one in the repos with the headers and 
>not use Microsoft.



Sent from my Galaxy



 Original message 
From: Robert Ayrapetyan 
Date: 2/11/23 18:56 (GMT-05:00)
To: ubuntu-devel-discuss@lists.ubuntu.com
Subject: Re: unixodbc-dev 2.3.11 seems broken

Seems it comes as part of msodbcsql18 from official MS repository...

On Sat, Feb 11, 2023 at 3:46 PM Robert Ayrapetyan 
mailto:robert.ayrapet...@gmail.com>> wrote:
You're right, it came from:

https://packages.microsoft.com/ubuntu/20.04/prod focal/main amd64 unixodbc-dev 
amd64 2.3.11 [42.1 kB]

What's the best way to install the right package (2.3.11-2) without removing MS 
repo?

On Sat, Feb 11, 2023 at 3:09 PM Colin Watson 
mailto:cjwat...@ubuntu.com>> wrote:
On Sat, Feb 11, 2023 at 10:13:13AM -0800, Robert Ayrapetyan wrote:
> # lsb_release -a
> No LSB modules are available.
> Distributor ID: Ubuntu
> Description:Ubuntu 20.04.5 LTS
> Release:20.04
> Codename:   focal
>
>
> # apt show unixodbc-dev
> Package: unixodbc-dev
> Version: 2.3.11

This is not a package that comes from Ubuntu 20.04, and in fact it
doesn't appear to have come from any version of Ubuntu at all (versions
of unixodbc-dev provided by Ubuntu have some kind of suffix after the
upstream version number - for example, the version in Ubuntu 22.10 is
2.3.11-2).  Where did you get it from?  The package is clearly broken,
but that isn't an Ubuntu problem - perhaps you should reinstall the
working version from Ubuntu.

--
Colin Watson (he/him)  
[cjwat...@ubuntu.com]

--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: unixodbc-dev 2.3.11 seems broken

2023-02-11 Thread Robert Ayrapetyan 
Seems it comes as part of msodbcsql18 from official MS repository...

On Sat, Feb 11, 2023 at 3:46 PM Robert Ayrapetyan <
robert.ayrapet...@gmail.com> wrote:

> You're right, it came from:
>
> https://packages.microsoft.com/ubuntu/20.04/prod focal/main amd64
> unixodbc-dev amd64 2.3.11 [42.1 kB]
>
> What's the best way to install the right package (2.3.11-2) without
> removing MS repo?
>
> On Sat, Feb 11, 2023 at 3:09 PM Colin Watson  wrote:
>
>> On Sat, Feb 11, 2023 at 10:13:13AM -0800, Robert Ayrapetyan wrote:
>> > # lsb_release -a
>> > No LSB modules are available.
>> > Distributor ID: Ubuntu
>> > Description:Ubuntu 20.04.5 LTS
>> > Release:20.04
>> > Codename:   focal
>> >
>> >
>> > # apt show unixodbc-dev
>> > Package: unixodbc-dev
>> > Version: 2.3.11
>>
>> This is not a package that comes from Ubuntu 20.04, and in fact it
>> doesn't appear to have come from any version of Ubuntu at all (versions
>> of unixodbc-dev provided by Ubuntu have some kind of suffix after the
>> upstream version number - for example, the version in Ubuntu 22.10 is
>> 2.3.11-2).  Where did you get it from?  The package is clearly broken,
>> but that isn't an Ubuntu problem - perhaps you should reinstall the
>> working version from Ubuntu.
>>
>> --
>> Colin Watson (he/him)  [cjwat...@ubuntu.com]
>>
>> --
>> Ubuntu-devel-discuss mailing list
>> Ubuntu-devel-discuss@lists.ubuntu.com
>> Modify settings or unsubscribe at:
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>>
>
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: unixodbc-dev 2.3.11 seems broken

2023-02-11 Thread Robert Ayrapetyan 
You're right, it came from:

https://packages.microsoft.com/ubuntu/20.04/prod focal/main amd64
unixodbc-dev amd64 2.3.11 [42.1 kB]

What's the best way to install the right package (2.3.11-2) without
removing MS repo?

On Sat, Feb 11, 2023 at 3:09 PM Colin Watson  wrote:

> On Sat, Feb 11, 2023 at 10:13:13AM -0800, Robert Ayrapetyan wrote:
> > # lsb_release -a
> > No LSB modules are available.
> > Distributor ID: Ubuntu
> > Description:Ubuntu 20.04.5 LTS
> > Release:20.04
> > Codename:   focal
> >
> >
> > # apt show unixodbc-dev
> > Package: unixodbc-dev
> > Version: 2.3.11
>
> This is not a package that comes from Ubuntu 20.04, and in fact it
> doesn't appear to have come from any version of Ubuntu at all (versions
> of unixodbc-dev provided by Ubuntu have some kind of suffix after the
> upstream version number - for example, the version in Ubuntu 22.10 is
> 2.3.11-2).  Where did you get it from?  The package is clearly broken,
> but that isn't an Ubuntu problem - perhaps you should reinstall the
> working version from Ubuntu.
>
> --
> Colin Watson (he/him)  [cjwat...@ubuntu.com]
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: unixodbc-dev 2.3.11 seems broken

2023-02-11 Thread Colin Watson 
On Sat, Feb 11, 2023 at 10:13:13AM -0800, Robert Ayrapetyan wrote:
> # lsb_release -a
> No LSB modules are available.
> Distributor ID: Ubuntu
> Description:Ubuntu 20.04.5 LTS
> Release:20.04
> Codename:   focal
> 
> 
> # apt show unixodbc-dev
> Package: unixodbc-dev
> Version: 2.3.11

This is not a package that comes from Ubuntu 20.04, and in fact it
doesn't appear to have come from any version of Ubuntu at all (versions
of unixodbc-dev provided by Ubuntu have some kind of suffix after the
upstream version number - for example, the version in Ubuntu 22.10 is
2.3.11-2).  Where did you get it from?  The package is clearly broken,
but that isn't an Ubuntu problem - perhaps you should reinstall the
working version from Ubuntu.

-- 
Colin Watson (he/him)  [cjwat...@ubuntu.com]

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: unixodbc-dev 2.3.11 seems broken

2023-02-11 Thread Robert Ayrapetyan 
More details:

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:Ubuntu 20.04.5 LTS
Release:20.04
Codename:   focal


# apt show unixodbc-dev
Package: unixodbc-dev
Version: 2.3.11
Status: install ok installed
Priority: extra
Section: devel
Source: unixodbc
Maintainer: Ubuntu Developers 
Original-Maintainer: Steve Langasek 
Installed-Size: 1,739 kB
Depends: unixodbc (= 2.3.11), odbcinst1debian2 (= 2.3.11), libltdl3-dev
Conflicts: libiodbc2-dev, remembrance-agent (<< 2.11-4)
Homepage: http://www.unixodbc.org/
Download-Size: unknown
APT-Manual-Installed: yes
APT-Sources: /var/lib/dpkg/status
Description: ODBC libraries for UNIX (development files)


# cat /usr/include/sqltypes.h | grep unixodbc.h
 * In these cases, the compiler uses #defines stored in unixodbc.h to
determine the
#include "unixodbc.h"


# find / -name 'unixodbc*'
/var/lib/dpkg/info/unixodbc.list
/var/lib/dpkg/info/unixodbc-dev.list
/var/lib/dpkg/info/unixodbc-dev.md5sums
/var/lib/dpkg/info/unixodbc.md5sums
/usr/share/doc/unixodbc
/usr/share/doc/unixodbc-dev
/usr/include/x86_64-linux-gnu/unixodbc_conf.h


On Fri, Feb 10, 2023 at 8:40 PM Robert Ayrapetyan <
robert.ayrapet...@gmail.com> wrote:

> Hello, I've started to get:
>
> /usr/include/sqltypes.h:56:10: fatal error: unixodbc.h: No such file or
> directory
>56 | #include "unixodbc.h"
>
> when building certain packages.
> As per list of files:
> https://packages.ubuntu.com/focal/amd64/unixodbc-dev/filelist, unixodbc.h
> is not part of it, but it's part of
> ftp://ftp.unixodbc.org/pub/unixODBC/unixODBC-2.3.11.tar.gz.
>
> Am I missing something? Thanks.
>
>
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Upcoming change: rsyslog's apparmor enforced by default

2023-02-11 Thread Andreas Hasenack 
Hi,

In the next few days, if all goes according to plan, I'll upload
rsyslogd to lunar with a change[1] to the way its apparmor profile is
applied.

The confinement status won't be changed during upgrades, but fresh
installs will have the apparmor profile enforced by default. Up until
now, it's been disabled.

A summary is in the README.apparmor[2] file, and d/NEWS was also
updated/created. I tried a mix of fixed and dynamic profile snippets,
and packages can install their own snippets if needed. These would
usually be packages that alter the rsyslog configuration to log
somewhere else where the normal apparmor profile would have denied
that, but at the same time we don't want to allow that by default if
it's not needed.

There are a few more use cases I would like to tackle, including more
test cases, and the `omprog` plugin is an obvious one. This is not yet
covered, and I hope to get more data about its usage before coming up
with a solution. It's hard to try to detect its usage in the config
file because the config can be in so many different formats. Maybe we
can come up with generic sandbox of some sort for binaries used with
the omprog plugin, or maybe we will just have to leave users to adjust
that via the existing /etc/apparmor.d/local/usr.sbin.rsyslogd
mechanism.

This adds a lot of delta to the package, at least in line count, but I
don't think it's hard to maintain. I'll also of course try to submit
this to debian, once we settled on the approach in lunar.

1. 
https://code.launchpad.net/~ahasenack/ubuntu/+source/rsyslog/+git/rsyslog/+merge/436955
2. 
https://git.launchpad.net/~ahasenack/ubuntu/+source/rsyslog/tree/debian/README.apparmor?h=lunar-rsyslog-enable-apparmor-dep8-take4-dot-d

-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

[ubuntu-studio-devel] Ubuntu Studio daily CD health check

2023-02-11 Thread noreply+ubuntu-cdimage 
This is a daily health check report on the Ubuntu Studio CD images.
If you have any questions, contact Colin Watson .

ubuntustudio/dvd: jammy-dvd-amd64.iso oversized by 41424384 bytes (5041424384)

-- 
ubuntu-studio-devel mailing list
ubuntu-studio-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-devel