| *** weshay_ has joined #openstack-infra-incident | 00:28 | |
| *** myoung|off has quit IRC | 00:31 | |
| *** weshay has quit IRC | 00:32 | |
| *** myoung has joined #openstack-infra-incident | 00:33 | |
| *** myoung_ has joined #openstack-infra-incident | 00:43 | |
| *** weshay has joined #openstack-infra-incident | 00:43 | |
| *** weshay_ has quit IRC | 00:44 | |
| *** myoung has quit IRC | 00:44 | |
| *** rosmaita has quit IRC | 02:56 | |
| *** rlandy|rover|bbl is now known as rlandy|rover | 04:10 | |
| *** lifeless has quit IRC | 07:02 | |
| *** lifeless has joined #openstack-infra-incident | 07:02 | |
| *** lifeless has quit IRC | 07:22 | |
| *** lifeless has joined #openstack-infra-incident | 07:28 | |
| *** lifeless has quit IRC | 09:05 | |
| *** lifeless has joined #openstack-infra-incident | 09:42 | |
| *** lifeless has quit IRC | 10:26 | |
| *** lifeless has joined #openstack-infra-incident | 10:27 | |
| *** lifeless_ has joined #openstack-infra-incident | 10:57 | |
| *** lifeless has quit IRC | 10:57 | |
| *** rosmaita has joined #openstack-infra-incident | 11:58 | |
| *** lifeless_ has quit IRC | 13:16 | |
| *** myoung_ is now known as myoung | 13:21 | |
| *** myoung is now known as myoung|lunch | 16:50 | |
| clarkb | ubuntu has packages | 18:09 |
|---|---|---|
| clarkb | still no centos packages or tumbleweed packages :/ | 18:10 |
| clarkb | 2.7.4-0ubuntu1.4 is the pckage we want on ubuntu xenial | 18:11 |
| clarkb | more accurately 1:2.7.4-0ubuntu1.4 | 18:11 |
| clarkb | infra-root I am going to start updating git on zuul infrastructure | 18:13 |
| clarkb | do we want to run it on a zuul merger for a little while before udpating everything? | 18:13 |
| clarkb | (I don't expect it will cause us problems) | 18:14 |
| corvus | clarkb: context? | 18:14 |
| clarkb | corvus: git CVE from last week finally patched in ubuntu. Allows arbitrary code execution through carefully crafted submodule config | 18:14 |
| clarkb | jgit is not affected | 18:14 |
| corvus | ah, thx | 18:14 |
| clarkb | additionally they updated git fsck to cehcek for this case so I will run git fsck against my local copy of all the repos | 18:15 |
| clarkb | I updated git on zm01 | 18:17 |
| clarkb | we can let it run for a few there before doing the global update | 18:17 |
| *** myoung|lunch is now known as myoung | 18:18 | |
| clarkb | on zm01 at least the two packages we want to update are git and git-man | 18:23 |
| clarkb | dpkg -l | grep git should show you if there are others on other systems | 18:23 |
| clarkb | hrm maybe I misread that fsck would check for this. Still looking int othat | 18:32 |
| clarkb | ok git has been used a bit on zm01 since I updated it I am going to use ansible to update zm* ze* and zuul01 | 18:43 |
| clarkb | zuul01, zm* and ze* have updated git | 18:52 |
| clarkb | puppetmaster too | 18:52 |
| clarkb | I've got a local fsck running now too across all the repos. | 19:01 |
| clarkb | probably a decent idea for someone else to do this too just to make sure I don't miss something silly and not actualyl verify what we want to verify | 19:01 |
| clarkb | looks like about half or maybe a little more of our instances are already updated by autoupdates | 19:08 |
| fungi | thanks for spotting. i just walked back in the door | 19:12 |
| clarkb | fungi: in general I think the important hosts are patched. We should make sure all of them are though | 19:12 |
| fungi | i _think_ you needed to set an explicit git option to check for this stuff after updating? | 19:12 |
| clarkb | fungi: you do if accepting pushes from git clients using C git | 19:13 |
| clarkb | fungi: but separate fsck itself seems to have a check for this | 19:13 |
| fungi | ahh, that's what it was | 19:13 |
| fungi | so fsck will check that regardless | 19:13 |
| clarkb | http://launchpadlibrarian.net/372600366/git_1%3A2.17.0-1ubuntu1_1%3A2.17.1-1ubuntu1.diff.gz grep for 'fsck detects symlinked' | 19:13 |
| fungi | yep, looks right | 19:14 |
| clarkb | my process was to clone all the repos as of after we got zuul updated, then do a for loop of git remote update && git fsck --full over all of them | 19:20 |
| clarkb | so far it hasn'ed errexited | 19:20 |
| *** lifeless has joined #openstack-infra-incident | 19:35 | |
| clarkb | my local fsck got through all the projects without erroring | 19:41 |
| *** myoung is now known as myoung|off | 21:06 | |
| *** lifeless_ has joined #openstack-infra-incident | 21:22 | |
| *** lifeless has quit IRC | 21:23 | |
| *** lifeless_ has quit IRC | 22:34 | |
| *** lifeless has joined #openstack-infra-incident | 22:34 | |
| *** rlandy|rover is now known as rlandy|rover|bbl | 22:37 | |
| *** lifeless has quit IRC | 23:46 | |
| *** lifeless has joined #openstack-infra-incident | 23:46 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!