Postings by Julian Andres Klode

Should we be reverting iptables to iptables-legacy for eoan?

Hi folks,

it turns out that lxd is broken by iptables now using the nft
based stuff, because lxd is still using the legacy one from
inside the snap.

This provides a terrible experience because networking in lxd
is not working at all once you enable ufw.

I'd suggest we increase the priority of iptables-legacy for eoan,
so that it is the default, and move the switch to xtables-nft-based
one to next release.

This will allow us to have working lxd networking, and gives
the lxd team some breathing room.

Fwd: Dropping Release and Release.gpg support from APT

Do we have any repositories that do not have InRelease files for eoan+?

See below for details, sorry about the forwarding, but it's a bit messy
with cross-posting to ubuntu-devel.

Also, of course 19.10, not 18.10, upstream me is silly.

----- Forwarded message from Julian Andres Klode < ... at debian dot org> -----

Message-ID: <20190709204321. ... at debian dot org>
Accept-Language: de-DE, de, en-GB, en-US, e

regressions from switching to https?


I plan to upload the changes in ubuntu-release-upgrader/
update-manager to use https for (which
contains meta release info) to xenial (LP: #1744318).

I do remember one regression from that, LP: #1771914 - does
anyone remember anything else?


APT 1.9.0 transition

Hi folks,

I uploaded apt 1.9.0 to eoan today, and fixed up some rdeps
to work with it already. apt 1.9 breaks the ABI and API by
removing unneeded includes and deprecated methods and struct
members, so it's a bit much in terms of breakage.

This also means that the bindings for Python and Perl will
share some of the API breaks.

Uncompressed and gzip compressed Translation indices on archive

Hi folks,

I just noticed we are shipping uncompressed and gzip-compressed
Translation indices in the archive. This seems a bit wasteful, is
there a reason for that, or could we drop them?

Also, do we need Sources.gz? We probably do need Packages.gz for
a lot of stupid tools, but I'd be surprised if Sources.gz is as


Socket-activated PackageKit debconf helper in eoan

Hi folks,

I just switched the debconf helper in eoan that shows prompts
in PackageKit to be run as a socket-activated service. Now,
it's time to do some testing.

So please, install some packages using DebConf (after starting
the helper, see caveats), and monitor the journalctl --user-unit pk-debconf-helper.service

Also, aptdaemon makes use of that same helper now instead
of using its own; but you might need to restart aptd to ensure
that it sees the pk-debconf socket.


post-disco software-properties port to PackageKit ready for testing

Hi folks,

I just finished porting disco's software-properties to PackageKit,
so we have less aptdaemon around. Target here is early ee, as disco
is about to release, so for now I put a build into the PPA at:

<a href="" title=""></a>

If you have some time to spare, possibly after the release is done,
give it a go and leave me some feedback.

Version regression report

I just rediscovered my script that calculates which versions in a newer release
are lower than updates in the previous release. These packages won't be upgraded
when the user upgrades, which means they might end up with problems, or new installs
miss out on fixes in older releases.

I ran this two times: One time with -security enabled, one time with -updates enabled
as well.

Changing $PATH for apt installs

Hi folks,

I'm planning to have apt set PATH to a sane value for running
dpkg, so that maintainer scripts are executed in a sanitized
environment. That value will be:


The effect:

(1) There is no /usr/local, which prevents breakage from custom perl
or python installation

(2) /snap/bin is not included either.

Version regressions in cosmic compared to bionic

I recently saw some packages in cosmic that have older
versions than the one in bionic, so I wrote a script to
check that, and here are the results.

I think we need to be more careful when it comes to this,
and regressions in security fixes (e.g. having a list
of CVE regressions in devel compared to stable).

The script used for this list is attached, I'd like to polish
it up a bit, add team info, make it generate html and json and
have it run periodically.

Note that the script compares released versions from the
old release to the new release.

Live images now get less packages marked as manually installed

Starting today, live images of cosmic will have most packages
marked as automatically installed instead of manually installed,
so autoremoval works correctly.

The algorithm that does the marking marks all dependencies of
manually installed metapackages as automatically installed, so
it should be entirely safe.

That said, you might want to double check images and installs
from them to see if it looks halfway sane. We can watch this
for some time and if all goes well, backport it to bionic for
the .2 point release.

mass SRUing for changing triggers to noawait in progress

Hi ubuntu-devel,

just a quick note that there is a mass SRUing going on (into xenial
mostly) for converting await triggers to noawait, the progress is being
tracked in <a href="" title=""></a>. Help is welcome,
just assign yourself a task first and then complete it. Do note that
there are some pitfalls where triggers cannot be converted to noawait,
like gsettings schemas.

Forwarding this to ubuntu-devel.

----- Forwarded message from Julian Andres Klode < ... at debian dot org> -----

Message-ID: <20180618200724. ... at debian dot org>
Accept-Language: de-DE, de, en-GB, en-US, en
User-Agent: NeoMutt/20180512

Hi folks,

With frontend locking in dpkg git, I think it's time I clear up
some potential confusion as to how this is supposed to work in the
APT world.

The idea is that the current _system-

zstd compression for packages

Hey folks,

We had a coding day in Foundations last week and Balint and Julian added support for zstd compression to dpkg [1] and apt [2].

[1] <a href="" title=""></a>
[2] <a href="" title=""></a>

Zstd is a compression algorithm developed by Facebook that offers far
higher decompression speeds than xz or even gzip (at roughly constant
speed and memory usage across all levels), while offering 19 compression
levels ranging from roughly comparable to gzip in size (but much faster)
to 19, which is roughly comparable to xz -6: