Wednesday, 16 August 2017

Ubuntu Foundations Team - Weekly Newsletter, 2017-08-10

*Thursday, August 10, 2017*

This newsletter is to provide a status update from the Ubuntu Foundations
Team. There will also be highlights provided for any interesting subjects
the team may be working on.


If you would like to reach the Foundations team, you can find us at the
#ubuntu-devel channel on freenode.


Highlights

* Updated cloud images have been released with fix for CVE-2017-7533

* https://github.com/OddBloke/jenkins-job-linter has been released, to lint
jenkins-job-builder output


The State of the Archive

* After no small amount of effort, the perl 5.26 and gcc-7 transitions
migrated to artful on the 10th, unblocking many of the packages that had
been stuck in -proposed.

* As GCC 7 is now the default compiler in artful, the build failures
reported at
https://qa.ubuntuwire.org/ftbfs/rebuilds/test-rebuild-20170706-gcc7-artful.h
tml now apply to 17.10. Please help us resolve these failing packages for
the release.

* Next in line we have the Qt 5.9 transition. Look for more news about
this next week!


Upcoming Ubuntu Dates

* 17.10 Feature Freeze - August 24, 2017


Weekly Meeting

* IRC Log:
http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-08-03-15.06.moin.txt

Potential indirect fallout due to toolchain updates

Hi,
all of this is just FYI in case you run into something similar.

Recently nut became an FTBFS package, triggered by a combo of:
1. nut's build system having an error
2. nut has default hardening=+all
3. net-snmp configure options disabled -pie
4. changes to our toolchain around PIE

TL;DR:
- due to PIE now being default chaning hardening= now behaves differently (former "-fPIE" became "", and former "" became "-specs=/usr/share/dpkg/no-pie-compile.specs")
- if set on cflags in general LDflags need the matching no-pie-link.specs to work
- if you had cases where cflags and ldflags didn't match properly there are chances they break while before tolerating the issue


--
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd

Tuesday, 15 August 2017

Re: "git ubuntu clone": what tags do you expect to see locally?



On 16 August 2017 at 11:46, Nish Aravamudan <[email protected]> wrote:
On Thu, Aug 10, 2017 at 6:24 PM, Michael Hudson-Doyle
<[email protected]> wrote:
> On 11 August 2017 at 07:19, Robie Basak <[email protected]> wrote:
>>
>> "git ubuntu clone <package>" is like "git clone", but also knows the URL
>> and some sensible default refspecs.
>>
>> If you then run "git tag", which tags do you expect to have
>> automatically been fetched for you?
>
>
> I think I would expect to get all tags, but maybe I'm failing to grasp the
> number of tags you are talking about. Can you point to a repo on lp that has
> a worryingly large number of tags?

Define "worryingly large" :)

$ git ubuntu clone samba
$ git tag | wc -l
1364
$ git branch -r | wc -l
248

OK :)
 
The "correct" import for samba will actually have more tags, as we
will have a tag for every orig tarball in Debian and Ubuntu
(pkg/upstream/{debian,ubuntu}/<version>.<extension>), a tag for every
patches-unapplied import in Debian and Ubuntu (pkg/import/<version>)
and a tag for every patches-applied import in Debian and Ubuntu
(pkg/applied/<version>). I say "correct" because in the currently
imported repository, we did not distinguish between the ubuntu and
debian pristine-tar data and that led to issues.

I think having all of those things sounds better than not having them.
 
TBH, I agree with Robie that `git checkout import/<tab>` becomes
relatively useless, but I rarely am going to a specific version, but
to a specific branch, of which there are far fewer. When I want to see
the diff between two imported versions, I don't check them out, I do
`git diff import/<upstream of version1><tab> import/<upstream of
version2><tab>` It might still take a few iterations of <tab> and
adding characters, but it's not terrible, in my experience so far.

I also think it's important to stay closer to git's behavior unless we
have a strong reason to do so.

 +1

Cheers,
mwh

Re: "git ubuntu clone": what tags do you expect to see locally?

On Thu, Aug 10, 2017 at 6:24 PM, Michael Hudson-Doyle
<[email protected]> wrote:
> On 11 August 2017 at 07:19, Robie Basak <[email protected]> wrote:
>>
>> "git ubuntu clone <package>" is like "git clone", but also knows the URL
>> and some sensible default refspecs.
>>
>> If you then run "git tag", which tags do you expect to have
>> automatically been fetched for you?
>
>
> I think I would expect to get all tags, but maybe I'm failing to grasp the
> number of tags you are talking about. Can you point to a repo on lp that has
> a worryingly large number of tags?

Define "worryingly large" :)

$ git ubuntu clone samba
$ git tag | wc -l
1364
$ git branch -r | wc -l
248

The "correct" import for samba will actually have more tags, as we
will have a tag for every orig tarball in Debian and Ubuntu
(pkg/upstream/{debian,ubuntu}/<version>.<extension>), a tag for every
patches-unapplied import in Debian and Ubuntu (pkg/import/<version>)
and a tag for every patches-applied import in Debian and Ubuntu
(pkg/applied/<version>). I say "correct" because in the currently
imported repository, we did not distinguish between the ubuntu and
debian pristine-tar data and that led to issues.

TBH, I agree with Robie that `git checkout import/<tab>` becomes
relatively useless, but I rarely am going to a specific version, but
to a specific branch, of which there are far fewer. When I want to see
the diff between two imported versions, I don't check them out, I do
`git diff import/<upstream of version1><tab> import/<upstream of
version2><tab>` It might still take a few iterations of <tab> and
adding characters, but it's not terrible, in my experience so far.

I also think it's important to stay closer to git's behavior unless we
have a strong reason to do so.

Thanks,
Nish

--
ubuntu-devel mailing list
[email protected]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Re: Ubuntu Kernel Team - Weekly Newsletter, 2017-08-15

Sorry, the formatting was lost in the last email:

August 08 through August 14
-----------------------

##Development (Artful / 17.10)##

We intend to target a 4.13 kernel for the Ubuntu 17.10 release. The
artful kernel is now based on Linux 4.11. The Ubuntu 17.10 Kernel Freeze
is Thurs Oct 5, 2017.

* The kernel in the artful-proposed pocket of the Ubuntu archive has
been updated to v4.12.7
* The kernel in the Artful staging repository has been updated to v4.13-rc5

##Stable (Released & Supported)##

* Embargoed CVEs CVE-2017-1000111 and CVE-2017-1000112 have been made
public and the fixes released for all the affected kernels (including
their derivatives and rebases):

trusty 3.13.0-128.177
xenial 4.4.0-91.114
zesty 4.10.0-32.36


* The Xenial and Xenial-based kernels have been re-spun to fix a
regression with OpenStack (LP: #1709032) and the following packages are
on the way of getting promoted to -updates:

xenial 4.4.0-92.115
xenial/raspi2 4.4.0-1070.78
xenial/snapdragon 4.4.0-1072.77
xenial/aws 4.4.0-1031.40
xenial/gke 4.4.0-1027.27
trusty/lts-xenial 4.4.0-92.115~14.04.1


* Current cycle: 04-Aug through 26-Aug


04-Aug Last day for kernel commits for this cycle.
07-Aug - 12-Aug Kernel prep week.
13-Aug - 25-Aug Bug verification & Regression testing.
28-Aug Release to -updates.


* Next cycle: 25-Aug through 16-Sep


25-Aug Last day for kernel commits for this cycle.
28-Aug - 02-Sep Kernel prep week.
03-Sep - 15-Sep Bug verification & Regression testing.
18-Sep Release to -updates.


###Misc###
* eventstat 0.04.00 for 17.10 has been released. This now uses kernel
trace events rather than the deprecated /proc/timer_stat interface.
* If you would like to reach the kernel team, you can find us at the
#ubuntu-kernel
channel on FreeNode. Alternatively, you can mail the Ubuntu Kernel
Team mailing
list at: [email protected].
* [The current CVE
status](http://people.canonical.com/~kernel/cve/pkg/ALL-linux.html)



> The Ubuntu Kernel Team has published this weeks newsletter, which is in
> the body of this email. It will also be published on the insights blog[0].
>
> The Newsletter is published weekly. It contains highlights from the
> week, announcements regarding the development and stable kernels, as
> well as any other news the Kernel Team may have.
>
> Sincerely,
>
> The Ubuntu Kernel Team
>
> [0] https://insights.ubuntu.com/
>
>
> August 08 through August 14
>
>
> Development (Artful / 17.10)
>
> We intend to target a 4.13 kernel for the Ubuntu 17.10 release. The
> artful kernel is now based on Linux 4.11. The Ubuntu 17.10 Kernel Freeze
> is Thurs Oct 5, 2017.
>
> * The kernel in the artful-proposed pocket of the Ubuntu archive has
> been updated to v4.12.7
> * The kernel in the Artful staging repository has been updated to
> v4.13-rc5
>
>
> Stable (Released & Supported)
>
> *
>
> Embargoed CVEs CVE-2017-1000111 and CVE-2017-1000112 have been made
> public and the fixes released for all the affected kernels
> (including their derivatives and rebases):
>
> trusty 3.13.0-128.177
> xenial 4.4.0-91.114
> zesty 4.10.0-32.36
>
> *
>
> The Xenial and Xenial-based kernels have been re-spun to fix a
> regression with OpenStack (LP: #1709032) and the following packages
> are on the way of getting promoted to -updates:
>
> xenial 4.4.0-92.115
> xenial/raspi2 4.4.0-1070.78
> xenial/snapdragon 4.4.0-1072.77
> xenial/aws 4.4.0-1031.40
> xenial/gke 4.4.0-1027.27
> trusty/lts-xenial 4.4.0-92.115~14.04.1
>
> *
>
> Current cycle: 04-Aug through 26-Aug
>
> 04-Aug Last day for kernel commits for this cycle.
> 07-Aug - 12-Aug Kernel prep week.
> 13-Aug - 25-Aug Bug verification & Regression testing.
> 28-Aug Release to -updates.
>
> *
>
> Next cycle: 25-Aug through 16-Sep
>
> 25-Aug Last day for kernel commits for this cycle.
> 28-Aug - 02-Sep Kernel prep week.
> 03-Sep - 15-Sep Bug verification & Regression testing.
> 18-Sep Release to -updates.
>
>
> Misc
>
> * eventstat 0.04.00 for 17.10 has been released. This now uses kernel
> trace events rather than the deprecated /proc/timer_stat interface.
> * If you would like to reach the kernel team, you can find us at the
> #ubuntu-kernel channel on FreeNode. Alternatively, you can mail the
> Ubuntu Kernel Team mailing list at: [email protected].
> * The current CVE status
> <http://people.canonical.com/%7Ekernel/cve/pkg/ALL-linux.html>
>
>



--
ubuntu-devel mailing list
[email protected]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Ubuntu Kernel Team - Weekly Newsletter, 2017-08-15

Hello,

The Ubuntu Kernel Team has published this weeks newsletter, which is in
the body of this email. It will also be published on the insights blog[0].

The Newsletter is published weekly. It contains highlights from the
week, announcements regarding the development and stable kernels, as
well as any other news the Kernel Team may have.

Sincerely,

The Ubuntu Kernel Team

[0] https://insights.ubuntu.com/


August 08 through August 14


Development (Artful / 17.10)

We intend to target a 4.13 kernel for the Ubuntu 17.10 release. The
artful kernel is now based on Linux 4.11. The Ubuntu 17.10 Kernel Freeze
is Thurs Oct 5, 2017.

* The kernel in the artful-proposed pocket of the Ubuntu archive has
been updated to v4.12.7
* The kernel in the Artful staging repository has been updated to
v4.13-rc5


Stable (Released & Supported)

*

Embargoed CVEs CVE-2017-1000111 and CVE-2017-1000112 have been made
public and the fixes released for all the affected kernels
(including their derivatives and rebases):

trusty 3.13.0-128.177
xenial 4.4.0-91.114
zesty 4.10.0-32.36

*

The Xenial and Xenial-based kernels have been re-spun to fix a
regression with OpenStack (LP: #1709032) and the following packages
are on the way of getting promoted to -updates:

xenial 4.4.0-92.115
xenial/raspi2 4.4.0-1070.78
xenial/snapdragon 4.4.0-1072.77
xenial/aws 4.4.0-1031.40
xenial/gke 4.4.0-1027.27
trusty/lts-xenial 4.4.0-92.115~14.04.1

*

Current cycle: 04-Aug through 26-Aug

04-Aug Last day for kernel commits for this cycle.
07-Aug - 12-Aug Kernel prep week.
13-Aug - 25-Aug Bug verification & Regression testing.
28-Aug Release to -updates.

*

Next cycle: 25-Aug through 16-Sep

25-Aug Last day for kernel commits for this cycle.
28-Aug - 02-Sep Kernel prep week.
03-Sep - 15-Sep Bug verification & Regression testing.
18-Sep Release to -updates.


Misc

* eventstat 0.04.00 for 17.10 has been released. This now uses kernel
trace events rather than the deprecated /proc/timer_stat interface.
* If you would like to reach the kernel team, you can find us at the
#ubuntu-kernel channel on FreeNode. Alternatively, you can mail the
Ubuntu Kernel Team mailing list at: [email protected].
* The current CVE status
<http://people.canonical.com/%7Ekernel/cve/pkg/ALL-linux.html>


--
ubuntu-devel mailing list
[email protected]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Monday, 14 August 2017

Re: Polling for opinions on removing vm-builder, sandbox-upgrader and auto-upgrade-tester



On Tue, Jul 18, 2017 at 8:25 AM, Christian Ehrhardt <[email protected]> wrote:
On Tue, Jul 18, 2017 at 8:10 AM, Chris Puttick <[email protected]> wrote:
[...] 
So if you want to define us as "upstream" we'd be proud to be making a
contribution (but in the end we're just scratching our collective itch
and have found nothing that does it better in the context we work in
(small-medium size deployments on multiple sites)).

If it solves things for you it might be a solution for more people.
We might remove the unused dependent test packages thou depending how the feedback looks like.

There was no further call on these (other than stating to be no more used) so I intend to get them removed by an AA.
  
We'll review the open bugs on Launchpad and any we are up to
addressing, as sys admins rather than devs ;) , we'll open an issue
report on our fork (and report back to Launchpad once fixed?). Sound
like a way forward?

[...] 
If you need assistance on the Launchpad bug processing let me (and probably Serge) know.
Likely initially it is all about commenting on the bugs that you pick (or reject) and linking the github issues that you open.

I saw that Emilian already updated one of the bugs that it is fixed.
Also there is a lot recent activity on [1] which I appreciate - given what I read there maybe even more bugs could be updated to be fixed (or nacked for a reason).

I updated the bug [2] with the concluding actions.
Thank you everybody for your participation.

[1]: https://github.com/newroco/vmbuilder/commits/master
[2]: https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/1260062

P.S. All of this might still be a bit bumpy for Artful given that the Feature Freeze is just a week out but I look forward to see vmbuild getting usable again from now on.

--
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd