[Bug 1905156] Re: netplan KeyError with gretap in bridge

2020-11-23 Thread Dimitri John Ledkov
** Also affects: netplan.io (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905156 Title: netplan KeyError with gretap in bridge To manage notifi

[Bug 1904549] Re: MTU is not set on vlan interface

2020-11-23 Thread Dimitri John Ledkov
I wonder if you need more mtu settings on: * ens10f2 * ens10f3 * bond-manlan I don't think that MTU is allowed to be higher on a vlan, than on bond- man, than on physical interfaces. Why did you not set mtu: 9000 on bond- manlan? however that does not explain how come the vlans on top of bond-co

[Bug 1904549] Re: MTU is not set on vlan interface

2020-11-23 Thread Dimitri John Ledkov
this could be udevd/networkd bug which both fiddle with mtu. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1904549 Title: MTU is not set on vlan interface To manage notifications about this bug go

[Bug 1905274] [NEW] enable u-boot spl for riscv64

2020-11-23 Thread Dimitri John Ledkov
Public bug reported: enable u-boot spl for riscv64 1) build with opensbi specified 2) ship uboot-spl for unleashed ** Affects: u-boot (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to U

[Bug 1905274] Re: enable u-boot spl for riscv64

2020-11-23 Thread Dimitri John Ledkov
** Also affects: livecd-rootfs (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905274 Title: enable u-boot spl for riscv64 To manage notification

[Bug 1905274] Re: enable u-boot spl for riscv64

2020-11-24 Thread Dimitri John Ledkov
** Description changed: enable u-boot spl for riscv64 - 1) build with opensbi specified - 2) ship uboot-spl for unleashed + 1) backport opensbi 0.8 to focal + 2) build u-boot with opensbi specified + 3) ship uboot-spl in the cloud image -- You received this bug notification because you are

[Bug 1905274] Re: enable u-boot spl for riscv64

2020-11-24 Thread Dimitri John Ledkov
Probs https://github.com/canonical/cloud-init/pull/687/files is wanted too. ** Also affects: opensbi (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/

[Bug 1905456] [NEW] OpenSBI 0.8 backport

2020-11-24 Thread Dimitri John Ledkov
Public bug reported: OpenSBI 0.8 backport [Impact] * OpenSBI is used to create RISC-V images for various boards and to boot RISC-V virtual machines. * 0.7 & 0.8 add support for more hardware, but are otherwise backwards compatible. * qemu/virt file location got moved to generic, add backwar

[Bug 1905456] Re: OpenSBI 0.8 backport

2020-11-24 Thread Dimitri John Ledkov
** Also affects: opensbi (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: opensbi (Ubuntu) Status: New => Won't Fix ** Changed in: opensbi (Ubuntu) Status: Won't Fix => Fix Released ** Changed in: opensbi (Ubuntu Focal) Status: New => Triaged -- Yo

[Bug 1905456] Re: OpenSBI 0.8 backport

2020-11-24 Thread Dimitri John Ledkov
** Changed in: opensbi (Ubuntu Focal) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905456 Title: OpenSBI 0.8 backport To manage notifications about this bug

[Bug 1905412] Re: LVM install broken if other disks have meta-data on the VG name already

2020-11-25 Thread Dimitri John Ledkov
One can make these things unambiguous. curtin could generate a uuid on the fly, and then pass vg_uuid to all the commands it uses. or we could start making slightly more unique vg names, i.e. ubuntu-vg- 3a185. I'm not sure what's best. Indeed this is a long standing issue we have been observing

[Bug 1905456] Re: OpenSBI 0.8 backport

2020-11-25 Thread Dimitri John Ledkov
** Description changed: OpenSBI 0.8 backport [Impact] - * OpenSBI is used to create RISC-V images for various boards and to +  * OpenSBI is used to create RISC-V images for various boards and to boot RISC-V virtual machines. - * 0.7 & 0.8 add support for more hardware, but are oth

[Bug 1905274] Re: enable u-boot spl for riscv64

2020-11-25 Thread Dimitri John Ledkov
** No longer affects: opensbi (Ubuntu) ** Description changed: enable u-boot spl for riscv64 1) backport opensbi 0.8 to focal + https://bugs.launchpad.net/ubuntu/focal/+source/opensbi/+bug/1905456 + 2) build u-boot with opensbi specified + 3) ship uboot-spl in the cloud image -- Yo

[Bug 1905491] Re: Recent (Nov 2020) ISO copied to USB Drive cannot load

2020-11-25 Thread Dimitri John Ledkov
@vorlon "Startup Disk Creator" is the name in the desktop.file of the usb-creator that we do ship in the archive, and I think we created... However, I do wish people would use "GNOME Disks" to restore .iso on usb stick =/ ** Also affects: usb-creator (Ubuntu) Importance: Undecided Statu

[Bug 1835660] Re: initramfs unpacking failed

2020-11-25 Thread Dimitri John Ledkov
So lz4 compressed initrd looks like this with hexdump 568f580 0523 00ac 54bf 4152 4c49 5245 2121 0021 568f590 0001 1cff 0050 568f59a I do wonder what ram is initialized too, and how those things look when kernel reads initrd from memory as loaded by the bootloader / qemu.

[Bug 1905620] [NEW] please promote modules from extra to modules for HiFive Unleashed

2020-11-25 Thread Dimitri John Ledkov
Public bug reported: please promote modules from extra to modules for HiFive Unleashed The following modules are used by the HiFive Unleashed board from extra Please install them in modules. linux-modules-extra-5.4.0-24-generic: /lib/modules/5.4.0-24-generic/kernel/drivers/net/phy/mscc.ko lin

[Bug 1835660] Re: initramfs unpacking failed

2020-11-26 Thread Dimitri John Ledkov
** Also affects: grub2 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835660 Title: initramfs unpacking failed To manage notifications about thi

[Bug 1835660] Re: initramfs unpacking failed

2020-11-26 Thread Dimitri John Ledkov
NAK on the linux patch. I think this is a grub bug. When loading multiple initrds, grub aligns_up each one of them at 4bytes boundary, and allocates pages for that. And it declares and passes ramdisk_image as the total allocated memory. Rather than the true size of the initrds. ** Changed in: gr

[Bug 1835660] Re: initramfs unpacking failed

2020-11-26 Thread Dimitri John Ledkov
(Ubuntu) Assignee: (unassigned) => Dimitri John Ledkov (xnox) ** Changed in: grub2 (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835660 Title: ini

[Bug 1905807] [NEW] insecure W+X mapping

2020-11-26 Thread Dimitri John Ledkov
Public bug reported: [ 19.051518] Freeing unused kernel memory: 308K [ 19.062326] [ cut here ] [ 19.066219] riscv/mm: Found insecure W+X mapping at address (ptrval)/0xffdff800 [ 19.074930] WARNING: CPU: 0 PID: 1 at arch/riscv/mm/ptdump.c:200 note_p

[Bug 1835660] Re: initramfs unpacking failed

2020-11-30 Thread Dimitri John Ledkov
@twetzel21 this is not related to those changes at all. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835660 Title: initramfs unpacking failed To manage notifications about this bug go to: https:/

[Bug 1906320] [NEW] fake-device-wrapper should bind-mount efivars

2020-11-30 Thread Dimitri John Ledkov
Public bug reported: /usr/share/ubuntu-drivers-common/fake-devices-wrapper should bindmount efivars under testbed.get_root_dir(). Ie. such that /sys/firmware/efi/efivars is correctly available under the umockdev test-bed. That way when testing subiquity, it should correctly observe if it was boo

[Bug 1835660] Re: initramfs unpacking failed

2020-11-30 Thread Dimitri John Ledkov
** Changed in: grub2 (Ubuntu) Status: Triaged => Invalid ** Changed in: linux (Ubuntu) Status: Invalid => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835660 Title: initramf

[Bug 1835660] Re: initramfs unpacking failed

2020-11-30 Thread Dimitri John Ledkov
so what grub is doing is correct. It pads/aligns every initrd by 4, which is fine, and as per spec. https://www.kernel.org/doc/html/latest/driver-api/early-userspace /buffer-format.html initramfs size can be filled with arbitrary amount of "\0" all the way upto initramfs_size. "In human terms,

[Bug 1865032] Re: [UBUNTU] zipl/libc: Fix potential buffer overflow in printf

2020-12-01 Thread Dimitri John Ledkov
** Changed in: ubuntu-z-systems Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1865032 Title: [UBUNTU] zipl/libc: Fix potential buffer overflow in printf

[Bug 1892369] Re: Impossible to skip integrity test for ubuntu-server 20.04.1 iso

2020-12-02 Thread Dimitri John Ledkov
You can boot with a cmdline option to skip that. http://manpages.ubuntu.com/manpages/hirsute/en/man7/casper.7.html#recognized%20boot%20options fsck.mode=skip Let you skip the file system check on boot. Can you ellaborate a bit more, and make sure that the console you are observing

[Bug 1892369] Re: Impossible to skip integrity test for ubuntu-server 20.04.1 iso

2020-12-02 Thread Dimitri John Ledkov
live-server bugs go against subiquity project, rather than ubiquity. and casper is the thing that does the integrity check. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892369 Title: Impossible t

[Bug 1892369] Re: Impossible to skip integrity test for ubuntu-server 20.04.1 iso

2020-12-02 Thread Dimitri John Ledkov
separately remote iso mounting may be slow, thus you should try netbooting instead. one can copy the kernel & initrd out of the iso. Boot them, with cmdline: ip=dhcp url=http://hostname/url/to/matching-full.iso That way, initrd will establish networking and will download iso into ram, validate i

[Bug 1835660] Re: initramfs unpacking failed

2020-12-02 Thread Dimitri John Ledkov
** Description changed: "initramfs unpacking failed: Decoding failed", message appears on boot up. If I "update-initramfs" using gzip instead of lz, then boot up passes without decoding failed message. --- However, we currently believe that the decoding error reported in dmes

[Bug 1905790] Re: Make SSSD in 20.04 using OpenSSL and p11-kit (instead of NSS) for p11_child

2020-12-03 Thread Dimitri John Ledkov
** Also affects: ca-certificates (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1905790 Title: Make SSSD in 20.04 using OpenSSL and p11-kit (inste

[Bug 1905790] Re: Make SSSD in 20.04 using OpenSSL and p11-kit (instead of NSS) for p11_child

2020-12-03 Thread Dimitri John Ledkov
This does raise a question as to why we don't provide a system nssdb. I think we should. I wonder if libnss or libnss3-tools could ship ca- certificates hook to provide a system nssdb certificate store. If we are changing backends, and certs were provided for the nss backend, imho we should automa

[Bug 1905790] Re: Make SSSD in 20.04 using OpenSSL and p11-kit (instead of NSS) for p11_child

2020-12-03 Thread Dimitri John Ledkov
If we want to change the main sssd backend from nss to openssl, imho it would be prudent enough to use http://manpages.ubuntu.com/manpages/hirsute/en/man3/SSL_set_security_level.3ssl.html APIs to set_security_level to 1. -- You received this bug notification because you are a member of Ubuntu Bug

[Bug 1905790] Re: Make SSSD in 20.04 using OpenSSL and p11-kit (instead of NSS) for p11_child

2020-12-03 Thread Dimitri John Ledkov
Actually, I don't see sssd at all using TLS connections, does it? It seems that to perform ldaps connections, it uses libldap from openldap which in turn uses GnuTLS. And any and all TLS LDAPS options are simply passed through to the libldap. Inspecting all sssd binary packages I can see that only

[Bug 1906668] [NEW] [MIR] opensbi

2020-12-03 Thread Dimitri John Ledkov
Public bug reported: Availability: in universe Rationale: opensbi is a bootloader/firmware component for riscv64. It is used by qemu-system-riscv64 to load uboot-qemu firmware which then can load kernel/initrd of a cloud-image to boot it. It is also used as a build-dependency by u-boot, to crea

[Bug 1906671] [NEW] [MIR] usrmerge

2020-12-03 Thread Dimitri John Ledkov
Public bug reported: [Availability] In universe. [Rationale] Since Disco, Ubuntu has defaulted to merged usr systems, specifically that /lib is a symlink to /usr/lib. However, we have not yet completed this transition for systems that were installed pre-disco. This package performs such trans

[Bug 1914279] Re: linux from security may force reboots without complete dkms modules

2021-02-23 Thread Dimitri John Ledkov
@kernel team please check which dkms packages in -updates fix FTBFS, and if they need to be rebuilt in -security pocket and released in -security pocket. ** Changed in: linux-meta (Ubuntu) Status: New => Triaged ** Changed in: linux (Ubuntu) Status: Confirmed => Triaged -- You re

[Bug 1915536] Re: one grub

2021-02-23 Thread Dimitri John Ledkov
** Description changed: [Impact] -  * The proposal is to rename modules in -bin to be shipped in the - $platfrom-unsigned directory. +  * The proposal is to split src:grub2 into two source packages -  * And make -signed-bin package ship modules + src:grub2 will continue to build most thing

[Bug 1914574] Re: [21.04 FEAT] Upgrade s390-tools to latest version (2.16.0)

2021-02-23 Thread Dimitri John Ledkov
** Changed in: s390-tools (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914574 Title: [21.04 FEAT] Upgrade s390-tools to latest version (2.16.0) To man

[Bug 1892367] Re: [UBUNTU 20.04] udev rule change did not get applied

2021-02-23 Thread Dimitri John Ledkov
** Changed in: s390-tools (Ubuntu Hirsute) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892367 Title: [UBUNTU 20.04] udev rule change did not get applied To ma

[Bug 1913388] Re: clucene-core: please pull in patch to stabilize API on s390x during upgrade to glibc 2.33

2021-02-23 Thread Dimitri John Ledkov
** Changed in: clucene-core (Ubuntu) Status: Triaged => In Progress ** Changed in: clucene-core (Ubuntu) Assignee: (unassigned) => Balint Reczey (rbalint) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launch

[Bug 1887933] Re: [21.04 FEAT] wireshark: Update to include SMC support

2021-02-23 Thread Dimitri John Ledkov
** Information type changed from Private to Public ** Changed in: wireshark (Ubuntu) Status: Incomplete => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1887933 Title: [21.04 F

[Bug 1914740] Re: IPs are not assigned for Hipersockets in DHCP mode

2021-02-24 Thread Dimitri John Ledkov
systemd-networkd has this option in systemd.network RequestBroadcast= Request the server to use broadcast messages before the IP address has been configured. This is necessary for devices that cannot receive RAW packets, or that cannot receive packets at all befo

[Bug 1914740] Re: IPs are not assigned for Hipersockets in DHCP mode

2021-02-24 Thread Dimitri John Ledkov
For netplan yaml of: network: version: 2 ethernets: enc8f00: dhcp4: yes It would be interesting to see if L3 dhcp starts to work if one does: $ sudo mkdir -p /etc/systemd/network/10-netplan-enc8f00.network.d $ cat

[Bug 1914740] Re: IPs are not assigned for Hipersockets in DHCP mode

2021-02-24 Thread Dimitri John Ledkov
My preference would be to fix networkd, if that fails netplan, and isc- dhcp only if there is syntax to online the device in the right l2/l3 state via kernel cmdline and that one needs to complete install over it. For example, does automatic chzdev device enablement provides autoconfiguration for

[Bug 1914740] Re: IPs are not assigned for Hipersockets in DHCP mode

2021-02-24 Thread Dimitri John Ledkov
Would turning on RequestBroadcast=yes for ID_NET_DRIVER=qeth_l3 interfaces be good enough in networkd? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914740 Title: IPs are not assigned for Hipersock

[Bug 1916749] Re: plf-colony simple.cc test fails with "stderr: dis_syslink(ppc)(theInstr)" on ppc64el with glibc 2.33

2021-02-25 Thread Dimitri John Ledkov
** Also affects: valgrind (Ubuntu) Importance: Undecided Status: New ** Changed in: glibc (Ubuntu) Status: New => Incomplete ** Changed in: plf-colony (Ubuntu) Status: New => Incomplete ** Changed in: valgrind (Ubuntu) Status: New => In Progress -- You received t

[Bug 1913321] Re: [MIR] iniparser (dependency of mtd-utils)

2021-02-26 Thread Dimitri John Ledkov
man dh_clean: path ... Delete these paths too. Note that directories passed as arguments must end with a trailing slash. Any content in these directories will be removed as well. i don't think obj-$() without '/' at the end will work. Normally in override_dh_cl

[Bug 1914740] Re: IPs are not assigned for Hipersockets in DHCP mode

2021-02-26 Thread Dimitri John Ledkov
I've started drafting this patch. I want to prepare a PPA for you to try, can you please let me know which Ubuntu release is best / easiest for you to test? Hirsute? Focal? Bionic? ** Patch added: "dhcp_broadcast_qeth_l3.patch" https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1914740/+a

[Bug 1914740] Re: IPs are not assigned for Hipersockets in DHCP mode

2021-03-01 Thread Dimitri John Ledkov
** Patch removed: "dhcp_broadcast_qeth_l3.patch" https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1914740/+attachment/5467722/+files/dhcp_broadcast_qeth_l3.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.la

[Bug 1914740] Re: IPs are not assigned for Hipersockets in DHCP mode

2021-03-01 Thread Dimitri John Ledkov
** Patch added: "0001-s390x-For-qeth_l3-set-dhcp_broadcast-to-true-by-defa.patch" https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1914740/+attachment/5471481/+files/0001-s390x-For-qeth_l3-set-dhcp_broadcast-to-true-by-defa.patch -- You received this bug notification because you are a

[Bug 1914740] Re: IPs are not assigned for Hipersockets in DHCP mode

2021-03-01 Thread Dimitri John Ledkov
** Patch added: "focal_qeth_l3_request_broadcast.patch" https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1914740/+attachment/5471480/+files/focal_qeth_l3_request_broadcast.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1914740] Re: IPs are not assigned for Hipersockets in DHCP mode

2021-03-01 Thread Dimitri John Ledkov
I have made this PPA https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4477 It has packages for focal versioned above current focal-updates version, but lower than the next SRU. sudo add-apt-repository ppa:ci-train-ppa-service/4477 sudo apt install systemd Should be enough to upgrade

[Bug 1914740] Re: IPs are not assigned for Hipersockets in DHCP mode

2021-03-01 Thread Dimitri John Ledkov
https://github.com/systemd/systemd/pull/18829 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914740 Title: IPs are not assigned for Hipersockets in DHCP mode To manage notifications about this bug

[Bug 1915005] Re: Please merge findutils 4.8.0 from Debian unstable

2021-03-01 Thread Dimitri John Ledkov
** Changed in: findutils (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915005 Title: Please merge findutils 4.8.0 from Debian unstable To mana

[Bug 1915536] Re: one grub

2021-03-02 Thread Dimitri John Ledkov
** Changed in: grub2-signed (Ubuntu) Status: Fix Released => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915536 Title: one grub To manage notifications about this bug go to: https://b

[Bug 1915536] Re: one grub

2021-03-02 Thread Dimitri John Ledkov
** Also affects: grub2 (Ubuntu Groovy) Importance: Undecided Status: New ** Also affects: grub2-signed (Ubuntu Groovy) Importance: Undecided Status: New ** Also affects: grub2 (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: grub2-signed (Ubuntu Xe

[Bug 1915536] Re: one grub

2021-03-02 Thread Dimitri John Ledkov
** Merge proposal unlinked: https://code.launchpad.net/~xnox/grub/+git/grub/+merge/398407 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915536 Title: one grub To manage notifications about this

[Bug 1917555] [NEW] UC20 Online Key signing request for grub2-signed 1.164

2021-03-02 Thread Dimitri John Ledkov
Private bug reported: This is the UC20 Online Signing Key Request for grub2-signed Package versions: grub2-unsigned 2.04-1ubuntu42 grub2-signed 1.164 grub2 build PPA to copy from: https://launchpad.net/~canonical- foundations/+archive/ubuntu/uc20-build-ppa signing PPA to use: ~canonical-signing

[Bug 1881006] Re: Incorrect ESP mount options

2021-03-02 Thread Dimitri John Ledkov
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881006 Title: Incorrect ESP mount options To manage notifications about this bug

[Bug 1899878] Re: Python's test_ssl fails starting from Ubuntu 20.04

2021-03-03 Thread Dimitri John Ledkov
Fedora & Debian & Ubuntu implement openssl differently. In Ubuntu, as an Ubuntu-specific patch, we set default security level to 2, and prohibit protocols lower than TLSv1.2 / DTLSv1.2. This is documented in the Ubuntu manpages for OpenSSL http://manpages.ubuntu.com/manpages/hirsute/en/man3/SSL_

[Bug 1899878] Re: Python's test_ssl fails starting from Ubuntu 20.04

2021-03-03 Thread Dimitri John Ledkov
But Debian & Fedora implementation are buggy, because they break 1.0.2x users & they do not prohibit DTLSv1.1 whilst enforcing TLSv1.2+. So although Debian & Fedora look "nice" they are security vulnerable configurations. I can set min_version to TLSv1.2, in addition to security level 2 but that

[Bug 1915536] Re: one grub

2021-03-03 Thread Dimitri John Ledkov
** Tags added: block-proposed block-proposed-hirsute -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915536 Title: one grub To manage notifications about this bug go to: https://bugs.launchpad.net/u

[Bug 1928648] [NEW] expiring trust anchor compatibility issue

2021-05-17 Thread Dimitri John Ledkov
*** This bug is a security vulnerability *** Public security bug reported: https://community.letsencrypt.org/t/openssl-client-compatibility- changes-for-let-s-encrypt-certificates/143816 Currently gnutls28 in bionic and earlier will not establish a connection, if any parts of the trust chain hav

[Bug 1928674] [NEW] due to a new recommends grub-efi-arm64-signed is installed which does not have postinst.d script

2021-05-17 Thread Dimitri John Ledkov
*** This bug is a security vulnerability *** Public security bug reported: [Impact]  * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on arm64 with grub-efi-arm64-signed installed, without grub-efi-arm64.  * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on amd64 with grub-e

[Bug 1928674] Re: due to a new recommends grub-efi-arm64-signed is installed which does not have postinst.d script

2021-05-17 Thread Dimitri John Ledkov
** Description changed: [Impact]  * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on arm64 with grub-efi-arm64-signed installed, without grub-efi-arm64.  * /etc/kernel/{postinst.d,postrm.d}/zz-update-grub missing on amd64 with grub-efi-amd64-signed installed without grub

[Bug 1928679] [NEW] Support importing mokx keys into revocation list from the mok table

2021-05-17 Thread Dimitri John Ledkov
*** This bug is a security vulnerability *** Public security bug reported: [Impact] * Ubuntu's 15.4 based shim ships a very large vendor-dbx (aka mokx) which revokes many Ubuntu kernel hashes and 2012 signing key. * Kernel should import those into it's %:.blacklist keyring such that it prohib

[Bug 1914279] Re: linux from security may force reboots without complete dkms modules

2021-05-17 Thread Dimitri John Ledkov
** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1914279 Title: linux from securi

[Bug 1928434] Re: shim-signed does not boot on EFI 2.40 by Apple

2021-05-17 Thread Dimitri John Ledkov
@kebkeb you can download that efivariable as a file into the efivars dir. Or you need to compile the new mokutil that supports setting that on non-secureboot systems too. See https://github.com/lcp/mokutil/commit/03bb7af4a84c39f2417fd14ef20b11b2e8d1ad51 Is this something you can compile yourself,

[Bug 1903288] Re: Power guest secure boot with static keys: kernel portion

2021-05-18 Thread Dimitri John Ledkov
@Nayna Jain @Daniel Hm but we have CONFIG_LOAD_PPC_KEYS=y already which I would expect to be the only thing that loads keys into .platform keyring which was enabled as part of https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1866909 LTC-184073 . Which keys are present in firmware / get loa

[Bug 1903288] Re: Power guest secure boot with static keys: kernel portion

2021-05-18 Thread Dimitri John Ledkov
** Attachment added: "opal-2017-ppc64el.pem" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1903288/+attachment/5498448/+files/opal-2017-ppc64el.pem -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/b

[Bug 1903288] Re: Power guest secure boot with static keys: kernel portion

2021-05-18 Thread Dimitri John Ledkov
** Attachment added: "opal-2019-ppc64el.pem" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1903288/+attachment/5498449/+files/opal-2019-ppc64el.pem -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/b

[Bug 1903288] Re: Power guest secure boot with static keys: kernel portion

2021-05-18 Thread Dimitri John Ledkov
** Attachment added: "opal.esl" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1903288/+attachment/5498450/+files/opal.esl -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1903288 Title: Powe

[Bug 1903288] Re: Power guest secure boot with static keys: kernel portion

2021-05-18 Thread Dimitri John Ledkov
We should not add opal keys to the built_trusted_keys_keyring as that's not the purpose of these keys. We could add them direct to .platform or .ima keyrings, but it would be best to load them from firmware direct. Are the above attached keys & ESL available from the "powerpc:db"? -- You received

[Bug 1928674] Re: grub-efi-amd64 from grub2-unsigned has lost kernel/postinst.d script

2021-05-18 Thread Dimitri John Ledkov
How can you introduce conffiles in grub-efi-amd64 & grub-efi-arm64 which is shared across releases? If in later series they have been removed from said package. That will cause a mess in focal+ then, since it will conflict with grub2-common there. Given that the future is for these conffiles to li

[Bug 1928648] Re: expiring trust anchor compatibility issue

2021-05-18 Thread Dimitri John Ledkov
** Description changed: - https://community.letsencrypt.org/t/openssl-client-compatibility- - changes-for-let-s-encrypt-certificates/143816 + https://community.letsencrypt.org/t/openssl-client-compatibility-changes-for-let-s-encrypt-certificates/143816 + https://community.letsencrypt.org/t/quest

[Bug 1928648] Re: expiring trust anchor compatibility issue

2021-05-18 Thread Dimitri John Ledkov
** Description changed: + [Impact] + + * gnutls28 fails to talk to letsencrypt website past September 2021, + despite trusting the letsencrypt root certificate. + + [Test Plan] + + * Import staging cert equivalent to ISRG Root X1 https://letsencrypt.org/certs/staging/letsencrypt-stg-root-x1.

[Bug 1928648] Re: expiring trust anchor compatibility issue

2021-05-18 Thread Dimitri John Ledkov
** Description changed: [Impact] - * gnutls28 fails to talk to letsencrypt website past September 2021, +  * gnutls28 fails to talk to letsencrypt website past September 2021, despite trusting the letsencrypt root certificate. [Test Plan] - * Import staging cert equivalent to ISRG

[Bug 1928648] Re: expiring trust anchor compatibility issue

2021-05-19 Thread Dimitri John Ledkov
** Tags added: letsencrypt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928648 Title: expiring trust anchor compatibility issue To manage notifications about this bug go to: https://bugs.launchpa

[Bug 1928989] [NEW] expiring trust anchor compatibility issue

2021-05-19 Thread Dimitri John Ledkov
Public bug reported: [Impact] * openssl fails to talk to letsencrypt website past September 2021, despite trusting the letsencrypt root certificate. [Test Plan] * Import staging cert equivalent to ISRG Root X1 https://letsencrypt.org/certs/staging/letsencrypt-stg-root-x1.pem * Import expire

[Bug 1928989] Re: expiring trust anchor compatibility issue

2021-05-19 Thread Dimitri John Ledkov
** Information type changed from Public to Public Security ** Tags removed: letsencrypt ** Tags added: letsencryptexpiry -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928989 Title: expiring trust

[Bug 1928648] Re: expiring trust anchor compatibility issue

2021-05-19 Thread Dimitri John Ledkov
** Description changed: [Impact]  * gnutls28 fails to talk to letsencrypt website past September 2021, despite trusting the letsencrypt root certificate. [Test Plan]  * Import staging cert equivalent to ISRG Root X1 https://letsencrypt.org/certs/staging/letsencrypt-stg-root-x1

[Bug 1928674] Re: grub-efi-amd64 from grub2-unsigned has lost kernel/postinst.d script

2021-05-20 Thread Dimitri John Ledkov
Steve I'm not sure one gets valid grub2 binaries by building with bionic's toolchain on neither amd64 nor arm64. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928674 Title: grub-efi-amd64 from grub

[Bug 1929059] [NEW] Maybe needs update for smbios handling

2021-05-20 Thread Dimitri John Ledkov
Public bug reported: Currently this package generates /boot/grub/gfxblacklist.txt which is processed with hwmatch which is only available on grub-pc platform and not on the uefi platform. on uefi platform we instead have smbios command. Can we update grub-gfxpayload-lists & grub to generate some

[Bug 1929059] Re: Maybe needs update for smbios handling

2021-05-20 Thread Dimitri John Ledkov
** Description changed: Currently this package generates /boot/grub/gfxblacklist.txt which is processed with hwmatch which is only available on grub-pc platform and not on the uefi platform. on uefi platform we instead have smbios command. Can we update grub-gfxpayload-lists & grub

[Bug 1928709] Re: Can't launch hirsute VM using LXD

2021-05-20 Thread Dimitri John Ledkov
i still want to somehow eliminate efivars being missbuilt and not garbage collected. separately juliank is working on making shim _not_ mirror variables which should make things better. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1929413] [NEW] linux-aws-hwe missing from bionic+ failing to upgrade from xenial on arm64

2021-05-24 Thread Dimitri John Ledkov
Public bug reported: linux-aws-hwe missing from bionic+ failing to upgrade from xenial on arm64 Possibly linux-aws must specify migration flavours, on arm64 from linux- aws-hwe to linux-aws. ** Affects: linux-meta-aws-hwe (Ubuntu) Importance: Undecided Status: New -- You received

[Bug 1929413] Re: aws arm64 shipped tracking linux-aws-edge and never rolled off

2021-05-24 Thread Dimitri John Ledkov
** Summary changed: - linux-aws-hwe missing from bionic+ failing to upgrade from xenial on arm64 + aws arm64 shipped tracking linux-aws-edge and never rolled off ** Description changed: - linux-aws-hwe missing from bionic+ failing to upgrade from xenial on - arm64 + Looks like xenial instances w

[Bug 1929413] Re: aws arm64 shipped tracking linux-aws-edge in xenial and never rolled off

2021-05-24 Thread Dimitri John Ledkov
** Tags added: bionic xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1929413 Title: aws arm64 shipped tracking linux-aws-edge in xenial and never rolled off To manage notifications about th

[Bug 1925209] Re: No iwilwifi driver in Linux 5.4.0-1034-raspi

2021-05-25 Thread Dimitri John Ledkov
Hi, 5.4.0-1036.39 kernel is in focal-proposed. As a snap it is in 20/beta channel. You should be able to refresh pi-kernel from --channel 20/beta. If that doesn't work, please boot and try one of the daily beta images for your board. Regards, Dimitri. -- You received this bug notification bec

[Bug 1929213] Re: Ubuntu server LVM creates clone partitions and crash installation

2021-05-25 Thread Dimitri John Ledkov
wwn: '0x5000' is not a valid wwn and should have been rejected by udev & probert. All zeros are not allowed, and 5 is just a prefix. I think this is an OEM / whitelabel drive, with expectation that somebody who ships these drives will use their WWN prefix and flash their own WWN as the

[Bug 1929255] Re: update-initrd-links creates incorrect symlinks

2021-05-25 Thread Dimitri John Ledkov
** Tags added: regresion-proposed regression-update -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1929255 Title: update-initrd-links creates incorrect symlinks To manage notifications about this bu

[Bug 1928700] Re: new postinst hook requires initramfs-tools

2021-05-25 Thread Dimitri John Ledkov
Possibly a regression is being reported https://bugs.launchpad.net/ubuntu/+source/linux-base/+bug/1929255 Please investigate, and if that needs fixing, please take appropriate action. If determined to not be a regression, please remove the validation-failed tags. ** Tags removed: verification-don

[Bug 1877088] Re: [UBUNTU 20.04] installkernel script does not symlink /boot/initrd.img which is required with the default zipl.conf

2021-05-25 Thread Dimitri John Ledkov
Possibly a regression is being reported https://bugs.launchpad.net/ubuntu/+source/linux-base/+bug/1929255 Please investigate, and if that needs fixing, please take appropriate action. If determined to not be a regression, please remove the validation-failed tags. ** Tags added: verification-faile

[Bug 1929255] Re: update-initrd-links creates incorrect symlinks

2021-05-25 Thread Dimitri John Ledkov
I'm also not sure why that script exists at all in the current form. I would have thought we could switch to linux package themselves to call linux-update-symlinks like it is done in debian. Or at least not reimplement the wheel and just call linux-update- symlinks directly. -- You received thi

[Bug 1929255] Re: update-initrd-links creates incorrect symlinks

2021-05-26 Thread Dimitri John Ledkov
linux-update-symlinks install 4.15.0-144-generic /boot/vmlinuz-4.15.0-144-generic => generates correct symlinks for vmlinuz{.old} with both link_in_boot and without link_in_boot. I am confused how come Debian kernels call linux-update-symlinks and Ubuntu kernels (and upstream) do not. -- You rec

[Bug 1929255] Re: update-initrd-links creates incorrect symlinks

2021-05-26 Thread Dimitri John Ledkov
On a given system we can have the following symlinks /vmlinuz.old -> boot/vmlinuz-4.15.0-144-lowlatency /vmlinuz -> boot/vmlinuz-4.15.0-144-generic /boot/vmlinuz.old -> vmlinuz-4.15.0-144-lowlatency /boot/vmlinuz -> vmlinuz-4.15.0-144-generic which is controlled by /etc/kernel-img.conf setting li

[Bug 1929255] Re: update-initrd-links creates incorrect symlinks

2021-05-26 Thread Dimitri John Ledkov
But we do call linux-update-symlinks in the maintainer scripts. why doesn't installkernel call that, horum. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1929255 Title: update-initrd-links crea

[Bug 1877088] Re: [UBUNTU 20.04] installkernel script does not symlink /boot/initrd.img which is required with the default zipl.conf

2021-05-26 Thread Dimitri John Ledkov
Ubuntu Kernels in their postinst call linux-update-symlinks $change $version $image_path to setup correct links. This was not done by installkernel script, and a broken xx-update- initrd-links script is being added to postinst.d that does not correctly handle link_in_boot setting and breaks upgrad

[Bug 1929255] Re: update-initrd-links creates incorrect symlinks

2021-05-27 Thread Dimitri John Ledkov
Untested yet, but here is a proposed patch which hopefully will fix installkernel in all link_in_boot modes, without regressing anything. ** Patch added: "lp1929255.patch" https://bugs.launchpad.net/ubuntu/+source/linux-base/+bug/1929255/+attachment/5500663/+files/lp1929255.patch -- You rece

[Bug 1929255] Re: update-initrd-links creates incorrect symlinks

2021-05-27 Thread Dimitri John Ledkov
** Description changed: + [Impact] + ## Problem description Executing the `/etc/kernel/postinst.d/xx-update-initrd-links` script incorrectly detects symbolic links targets and then creates malformed (hence broken) ones instead: /initrd.img -> initrd.imgboot/vmlinuz-5.3.0-53-generi

  1   2   3   4   5   6   7   8   9   10   >