[01:00] <wgrant> ychaouche: Only the owner of a branch can write to it, so if you want shared access you need it to be owned by a team.
[01:01] <ychaouche> wgrant: ok thanks
[01:01] <ychaouche> but people can still propose merges, right ?
[01:01] <wgrant> Right
[05:19] <FourDollars> Hi, when I try to access https://api.launchpad.net/1.0/people/+me by my own program, it always returns 'This nonce has been used already.', is it normal?
[05:19] <wgrant> FourDollars: You're reusing an OAuth nonce value.
[05:19] <wgrant> That's not permitted.
[05:21] <FourDollars> wgrant: My nonce value comes from 'Math.floor(Math.random() * +new Date);' in JavaScript.
[05:21] <FourDollars> wgrant: It should not be reused.
[05:24] <wgrant> FourDollars: Well, it clearly is reused :)
[05:25] <wgrant> FourDollars: Oh, does it only happen for /people/+me?
[05:25] <FourDollars> wgrant: You got it.
[05:25] <wgrant> That will redirect. If you're following the redirect without resigning the request with a new nonce, it will do that
[05:32] <FourDollars> wgrant: Yes, you are right. It is 303.
[05:32] <FourDollars> wgrant: Thank you. :)
[05:35] <wgrant> np
[06:15] <lifeless> wgrant: could you please rename https://launchpad.net/os-config-applier to os-apply-config ?
[06:15] <wgrant> lifeless: With alias?
[06:16] <lifeless> wgrant: it would be nice
[06:16] <wgrant> lifeless: Done
[06:17] <lifeless> thanks!
[06:17] <wgrant> np
[08:22] <czajkowski> morning
[08:28] <FourDollars> I have a question about 'Using the credentials' of https://help.launchpad.net/API/SigningRequests .
[08:28] <FourDollars> If I want to use POST method, where should I put those keys?
[08:31] <FourDollars> Now I only get '401 Unauthorized' from POST method. :(
[08:38] <wgrant> FourDollars: The Authorization header, as described in that section
[08:38] <FourDollars> wgrant: Thanks.
[08:41] <FourDollars> I get '401 Unauthorized' from a private PPA, but 'Archive must be private.' from a public PPA. Err...
[08:42] <FourDollars> By using getArchiveSubscriptionURL of https://api.launchpad.net/1.0/~<name> .
[08:43] <wgrant> FourDollars: Is your token authorized to access private objects?
[08:44] <FourDollars> wgrant: I can access https://api.launchpad.net/1.0/<distribution>/+archive/<archive.name> .
[08:45] <FourDollars> wgrant: I can access https://api.launchpad.net/1.0/<distribution>/+archive/<archive.name>?ws.op=getPublishedBinaries .
[08:49] <FourDollars> I can use GET method to getPublishedBinaries from a private PPA but can not use POST method to getArchiveSubscriptionURL of it?
[08:51] <wgrant> FourDollars: What is the body of the 401 Unauthorized response?
[08:51] <FourDollars> wgrant: Empty.
[08:53] <wgrant> FourDollars: Can you post to getPublishedBinaries?
[08:54] <FourDollars> wgrant: I don't see the usage on https://launchpad.net/+apidoc/1.0.html .
[08:55] <wgrant> FourDollars: It's not documented, but a POST to a read operation should still work, or at least give an invalid method error after authorization
[08:55] <wgrant> I suspect you're not signing POST requests properly; this will test that.
[08:55] <FourDollars> I see.
[08:56] <FourDollars> Let me try it.
[08:59] <FourDollars> wgrant: it returns 'No such operation: getPublishedBinaries'.
[09:00] <wgrant> FourDollars: Can you show me the getPublishedBinaries and getArchiveSubscriptionURL request headers, omitting the oauth token and signature?
[09:01] <FourDollars> OK. Wait a minute.
[09:25] <FourDollars> wgrant: The headers of GET /1.0/~oem-archive/+archive/somerville?ws.op=getPublishedBinaries HTTP/1.1\r\nAccept: application/json\r\nAuthorization: OAuth realm="https://api.launchpad.net/",oauth_consumer_key="
[09:25] <FourDollars> just+testing",oauth_token="C0WQmN1jP1cb489Zwb26",oauth_signature_method="PLAINTEXT",oauth_signature="&tk2PRZzG8sQMCsGXBfNxtSKNT8Sbh6mJD9VC2wv3zWJ3XQTtzksC33sp3F07gcsvGNgSn5XDTDd5F5GN",oauth_timestamp="13
[09:25] <FourDollars> 74052977.539",oauth_nonce="1270871078501",oauth_version="1.0"\r\nhost: api.launchpad.net\r\nConnection: keep-alive\r\n\r\n
[09:25] <FourDollars> Oops
[09:26] <FourDollars> I can revoke it. :)
[09:28] <FourDollars> wgrant: 'POST /1.0/~oem-archive HTTP/1.1\r\nAccept: application/json\r\nAuthorization: OAuth realm="https://api.launchpad.net/",oauth_consumer_key="just+testing",oauth_token="C0WQmN1jP1cb489Zwb2
[09:28] <FourDollars> 6",oauth_signature_method="PLAINTEXT",oauth_signature="&tk2PRZzG8sQMCsGXBfNxtSKNT8Sbh6mJD9VC2wv3zWJ3XQTtzksC33sp3F07gcsvGNgSn5XDTDd5F5GN",oauth_timestamp="1374053227.348",oauth_nonce="995638075736",oauth
[09:28] <FourDollars> _version="1.0"\r\nhost: api.launchpad.net\r\ncontent-type: application/x-www-form-urlencoded; charset=utf-8\r\ncontent-length: 118\r\nConnection: keep-alive\r\n\r\n'
[09:45] <FourDollars> wgrant: Well formatted version http://paste.ubuntu.com/5883638/
[09:52] <wgrant> FourDollars: Are you sure the response body is empty?
[09:53] <FourDollars> wgrant: Yes, but let me check again.
[09:54] <wgrant> Oh
[09:54] <wgrant> FourDollars: I don't think it's an OAuth problem
[09:55] <wgrant> FourDollars: I think you're requesting the subscription URL for someone that isn't you
[09:56] <FourDollars> wgrant: https://api.launchpad.net/1.0/~<name> is a private team, but I only have some read and download perssions.
[09:56] <FourDollars> s/perssions/permissions/
[09:56] <wgrant> FourDollars: You can only request your own subscription URL to a PPA, not someone else's.
[09:58] <FourDollars> wgrant: Yes! You are right!
[09:58] <FourDollars> wgrant: I use it in wrong way. Orz...
[09:59] <FourDollars> wgrant: Thank you very much.
[10:00] <wgrant> np
[10:00] <wgrant> Glad it's working
[10:40] <FourDollars> wgrant: Do you have any idea that I often get '503 Service Unavailable' with http://paste.ubuntu.com/5883756/ when using GET /1.0/~oem-archive/+archive/somerville?ws.op=getPublishedBinaries?
[10:42] <wgrant> FourDollars: That's a timeout. You probably want to add some filtering so you're not retrieving the whole history.
[10:43] <FourDollars> wgrant: I see.
[13:46] <jonathas> hi, i have a question about launchpad and RSA/GPG keys, someone can answer?
[13:48] <dobey> just ask your question. if anyone can answer, they will
[13:49] <jonathas> ok, i think that is easy..
[13:50] <jonathas> i create a account and generate my RSA and GPG keys, but i had to format my computer and lost my keys..
[13:51] <jonathas> have i generate again? or has someway to recovery this keys?
[13:51] <cjwatson> Launchpad doesn't have a copy of your private keys (it would be very bad if it did).  There's no way to recover them if you don't have a copy.  You'll have to generate new ones and attach them to your account.
[13:52] <jonathas> fine, is a good way save my private keys in somewhere?
[13:52] <cjwatson> You should make backups, but keep them tightly under your control as they can be used to impersonate you.
[13:53] <cjwatson> For example, a USB storage drive on your keyring.
[13:54] <jonathas> i understand.. thanks cjwatson
[13:54] <jonathas> ubuntu one is a good idea?
[13:54] <cjwatson> The brand of the drive doesn't matter
[13:55] <cjwatson> Er, I mean, "yes, buy our merchandise" :-)
[13:55] <wgrant> But don't store them on Ubuntu One
[13:55] <wgrant> You want your private keys under your control
[13:55] <wgrant> Not on some server that you someone else can access.
[13:55] <cjwatson> Oh, I read that as "an Ubuntu one", not as "Ubuntu One"
[13:55] <cjwatson> Indeed, storing your private keys on Ubuntu One is not a good idea
[13:56] <jonathas> its not secure?
[13:56] <wgrant> It's as secure as anything else
[13:56] <cjwatson> It doesn't matter how secure it is; you should never let your private keys out of your sole control
[13:57] <cjwatson> On a remote server somewhere in a cloud isn't in your sole control, even if you trust the hoster
[13:57] <wgrant> But an online service is probably easier to compromise, particularly without you noticing, than your pocket.
[13:58] <beuno> jonathas, https://one.ubuntu.com/help/faq/are-my-files-stored-on-the-server-encrypted/
[13:58] <jonathas> cjwatson, wgrant: you have a backup of the keys?
[13:58] <wgrant> I'm not sure it'd be awfully wise to have the keys in the cloud even if they were encrypted :)
[13:59] <cjwatson> jonathas: I have a backup of my keys, but not of yours. :-)
[13:59] <cjwatson> wgrant: That would just move the problem to "where do you back up your decryption key", anyway
[13:59] <wgrant> Yeah
[14:00] <jonathas> cjwatson, hasuhasua.. good..
[14:01] <jonathas> ok, i just need to know if the keys is more or less disposable..
[14:02] <jonathas> i mean, if a lost, "thats ok, i generate other"..
[14:02] <jonathas> but you dont think this way.. right?
[14:04] <jonathas> bueno, thanks by the link
[14:04] <saiarcot895> jonathas: Ideally, you shouldn't lose your private keys
[14:04] <jonathas> beuno, thanks by the link
[14:11] <jonathas> saiarcot895, yes, thats it!
[14:11] <jonathas> i needed that..
[14:12] <jonathas> thanks guys..
[14:54] <hannie> I twice tried the dput command, first according to my personal page: dput ppa:lafeber-dumoleyn/ubuntuhandleiding <source.changes>
[14:54] <hannie> Rejected
[14:54] <hannie> Second try from this example: https://help.launchpad.net/Packaging/PPA/Uploading $  dput my-ppa P_V_source.changes
[14:54] <hannie> Rejected
[14:54] <hannie> I created the .dput.cf file
[14:56] <hannie> First time rejected: Could not find distribution 'ppa'.
[14:57] <hannie> Second time rejected: Could not find a PPA named 'ppa' for 'lmy_name'.
[14:57] <hannie> in Launchpad, for most users creating their first PPA the PPA name will be literally just the string ppa.
[14:59] <hannie> Could anyone here tell me exactly how the dput command should be?
[15:00] <cjwatson> It looks like you tried to use ppa:lafeber-dumoleyn/ubuntuhandleiding/ppa rather than ppa:lafeber-dumoleyn/ubuntuhandleiding ...
[15:00] <hannie> ah, let me see....
[15:00] <cjwatson> You don't need a special .dput.cf for this - the stock /etc/dput.cf should do it
[15:01] <hannie> ok, I will delete .deput.cf first
[15:02] <hannie> * dput
[15:03] <hannie> I'll try again
[15:04] <hannie> I'll do dput ppa:lafeber-dumoleyn/ubuntuhandleiding ubuntumanualnl_12.04ubuntu1_source.changes
[15:05] <cjwatson> That should be fine
[15:18] <hannie> May I ask one more question (it is the first time I am packaging ): )
[15:18] <hannie> Rejected: ubuntumanualnl_12.04ubuntu1.dsc: Unknown section 'unknown'
[15:19] <hannie> I do not know what section expects me to use
[15:19] <hannie> I did notice it in the control file I think
[15:21] <hannie> Indeed. In control I see: Section: unknown
[15:26] <cjwatson> "Section: doc" sounds appropriate for a manual
[15:26] <hannie> I uses "Books & Magazines" which is a category in USC
[15:27] <cjwatson> Not a valid archive section
[15:27] <hannie> ok, I'll change it to doc
[15:27] <cjwatson> http://www.debian.org/doc/debian-policy/ch-archive.html#s-subsections lists the allowed ones (for Debian, but they're either in sync or only very slightly different)
[15:27] <hannie> thanks for the link
[15:43] <hannie> I have changed my control file Section: doc Architecture all. Is it necessary to do debuild -S -sa again?
[15:46] <cjwatson> Yes
[15:46] <hannie> thanks I'll do it right away :)
[15:50] <hannie> cjwatson, thank you for your help so far. I got to go. Hope everything works now
[16:54] <wedgwood> is this a good place to ask questions about bzrlib?
[17:01] <dobey> wedgwood: #bzr might be better
[17:01] <wedgwood> ta
[17:22] <Dougie187> What does this mean, as a rejection message? "already exists in Primary Archive for Ubuntu"
[17:25] <Dougie187> And, how do I find out the name of it in the primary archive?
[17:25] <maxb> It's difficult to say more than 'it means exactly what it says' unless you give us more context
[17:26] <Dougie187> Specifically: "File modules_3.2.10.orig.tar.gz already exists in Primary Archive for Ubuntu"...
[17:26] <Dougie187> I'm trying to package this http://modules.sourceforge.net/
[17:26] <Dougie187> And when I uploaded the .changes, it gave me that error.
[17:27] <maxb> http://archive.ubuntu.com/ubuntu/pool/universe/m/modules/modules_3.2.10.orig.tar.gz  <--- already exists
[17:28] <Dougie187> Oh cool. It's called environment-modules.
[17:28] <Dougie187> Thanks
[17:28] <maxb> The message, combined with your confusion, suggests that you are trying to upload to a PPA but are actually sending the upload to the actual real Ubuntu distribution archive itself
[17:29] <Dougie187> dput ppa:douglasjacobsen/mpas-test *.changes
[17:29] <Dougie187> That's what I used.
[17:36] <Dougie187> It
[17:36] <Dougie187> It's weird that even in precise it's rejected. Though the package isn't backported for precise yet.
[17:41] <saiarcot895> Dougie187: did you previously upload the file to your PPA?
[17:41] <Dougie187> No, this is the first time.
[17:42] <saiarcot895> Dougie187: in debian/changelog, what is the first line?
[17:43] <Dougie187> modules (3.2.10-1ubuntu1ppa1~raring1) raring; urgency=low
[17:43] <Dougie187> and s/raring/precise/g
[17:43] <dobey> you do want a ~ between 1ubuntu1 and ppa1 though
[17:44] <Dougie187> Oh ok. So I want it to be 3.2.10-1ubuntu1~ppa1~precise1?
[17:45] <dobey> yes
[17:47] <Dougie187> Thanks. I'll give that a shot.
[17:47] <saiarcot895> Dougie187: If this try doesn't work, instead of specifying the ppa in the command line, can you try editing .dput.cf to add you ppa's entry and then use that?
[17:47] <saiarcot895> Dougie187: https://help.launchpad.net/Packaging/PPA/Uploading
[17:47] <Dougie187> sure
[17:48] <dobey> the ~ won't fix the upload problem
[17:49] <dobey> i was just pointing out that it kind of needs to be at that spot :)
[17:49] <Dougie187> I don't really understand what the difference between the ~ and - are. but it's not a big deal.
[17:50] <saiarcot895> Dougie187: it's in the sorting/ordering
[17:51] <saiarcot895> Dougie187: if you were to sort all allowed characters A-Z style, ~ would be the first character, while - would appear somewhere later (is it after the letters?)
[17:51] <Dougie187> Oh ok
[17:51] <Dougie187> I think - would be after the letters and numbers.
[17:51] <Dougie187> but I could be wrong.
[17:51] <Dougie187> I thought all symbols were after the numbers.
[17:52] <saiarcot895> Dougie187: ~ is an exception specifically made by dpkg
[17:52] <Dougie187> Yeah
[17:53] <saiarcot895> Dougie187: I saw a perl script somewhere online that allowed you to plug in two versions, and it would tell you which one was greater (and therefore be considered more recent)
[17:53] <Dougie187> That's pretty cool
[17:54] <dobey> - separates the upstream version and the debian version
[17:55] <dobey> there should only ever be ONE - character in a version string in the changelog.
[17:55] <Dougie187> ok
[17:55] <dobey> ~ tells dpkg that what follows it should be sorted lower than what preceeds it.
[17:55] <Dougie187> Ok, I setup the version name properly, and the .dput.cf and re-uploaded.
[17:56] <Dougie187> let's see what happens.
[17:56] <dobey> saiarcot895: dpkg --compare-versions
[17:56] <saiarcot895> dobey: ooh, nice
[17:57] <Dougie187> ok, well I have to run to a meeting. but I'll let you guys know how it works out.
[17:57] <Dougie187> Thanks
[18:39] <Dougie187> Just so you guys know, they were rejected again
[18:40] <Dougie187> Same error message too
[18:44] <Ampelbein> You can build a changes file that only includes the debian diff. debuild -S -sd is your friend. The ppa builder will pull the orig.tar.gz from the main archive.
[18:50] <Dougie187> That was rejected too
[18:51] <dobey> it really sounds like you're trying to upload into the ubuntu archive, and not your ppa
[18:52] <Ampelbein> Dougie187: What is the topmost entry of debian/changelog of your package? (Post to paste.ubuntu.com)
[18:52] <saiarcot895> Dougie187: can you re-post the command you used to upload the changes file?
[18:52] <Dougie187> saiarcot895: dput mpas-test-ppa modules*precise*.changes
[18:53] <saiarcot895> Dougie187: and you set up the .dput.cf file, right?
[18:53] <Dougie187> Yeah, one sec. I'll put my changelog (top line) and my .dput.cf in a pastebine
[18:53] <Dougie187> bin*
[18:53] <Ampelbein> Dougie187: And can you pastebin the .upload file?
[18:54] <Dougie187> http://pastebin.com/wfKg1Dug
[18:55] <Dougie187> that has all of them in it
[18:57] <Dougie187> I have to run to another meeting now, but let me know if I should try anything and I'll do it when I get back
[18:57] <Dougie187> thanks
[18:58] <Ampelbein> Can you post the reject message when you do an upload without the orig.tar.gz?
[19:34] <Dougie187> Ampelbein: it's the same
[19:34] <Dougie187> Ampelbein: "File modules_3.2.10.orig.tar.gz already exists in Primary Archive for Ubuntu," ...
[19:37] <Ampelbein> Dougie187: Can you upload after building with debuild -S -sd and show the .upload and the .changes file please?
[19:37] <Ampelbein> Because that sounds like you aren't actually uploading without orig.tar.gz
[19:37] <Dougie187> The upload file is the one I pastebinned earlier (for debuild -S -sd). Let me paste the .changes.
[19:39] <Dougie187> http://pastebin.com/xbh4cWEK
[19:39] <Dougie187> That's the changes file.
[19:39] <Ampelbein> Hmm, ok. I'm at a loss then.
[19:40] <Dougie187> me too. :/
[19:44] <Ampelbein> Dougie187: Could you put your packaging somewhere to investigate? A bzr branch maybe?
[19:44] <Dougie187> You just want the debian folder?
[19:45] <Ampelbein> yeah
[19:47] <Dougie187> Ampelbein: https://github.com/douglasjacobsen/modules-packaging (I don't know bzr :/)
[19:47] <Ampelbein> It's ok, I can work with that
[19:57] <Ampelbein> Dougie187: http://paste.debian.net/16626/ - works here.
[19:58] <Ampelbein> debuild -S -sd ; dput ppa:amoog modules*.changes
[20:00] <Dougie187> It doesn't get rejected?
[20:00] <Ampelbein> Nope.
[20:01] <Ampelbein> Dougie187: https://launchpad.net/~amoog/+archive/ppa/+packages There it is, in all it's glory, waiting to be build.
[20:01] <Dougie187> That's weird.
[20:01] <Dougie187> I wonder what's different.
[20:05] <Ampelbein> Just an idea: Did you already earlier upload the same orig.tar.gz to your ppa and then deleted the package?
[20:08] <Dougie187> No, this is the first time I've tried this package.
[20:10] <Dougie187> So, what did you do to get it to work? Just clone my git repo, and then debuild -S -sd?
[20:14] <Ampelbein> Dougie187: Yes, cloned the repo, got the orig.tar.gz from the archive, debuild -S -sd, dput.
[20:22] <cjwatson> dobey: No, I checked the logs, Dougie187 is definitely uploading to a PPA
[20:22] <dobey> weird
[20:22] <cjwatson> Looks like archiveuploader looks up the file by name
[20:23] <cjwatson> http://paste.ubuntu.com/5885451/
[20:23] <cjwatson> Seems a bit tenuous to me for PPAs
[20:23] <dobey> right, but i never get such errors when backporting packages from the archive to a ppa
[20:23] <dobey> even when using -sa
[20:24] <cjwatson> No doubt you have a matching orig
[20:24] <cjwatson> The workaround is just to make the orig be an exact match
[20:24] <Dougie187> Oh ok
[20:24] <Dougie187> so, my problem is my modules*.orig.tar.gz is different.
[20:24] <dobey> oh. someone is trying to upload an invalid tarball
[20:24] <cjwatson> Dougie187: Right
[20:24] <cjwatson> dobey: different != invalid
[20:24] <Dougie187> I made my tarball, because at the time I didn't realize I was backporting something that existed.
[20:25] <cjwatson> Right, a repack would have that effect.
[20:25] <dobey> a repack shouldn't. it would only have that effect if it was actually a different version of the contents, or produced in a different way which resulted in different contents
[20:26] <cjwatson> Repacks almost invariably wind up being not bitwise-identical.
[20:26] <cjwatson> Not least because gzip has a timestamp field unless you take care to suppress it.
[20:27] <cjwatson> I do think this is a bug that you should file against Launchpad itself.  Arguably it shouldn't throw that error at all; but at the very least the message is very confusing.
[20:27] <Dougie187> So, how do I get the orig from the archive? Do I just manually download it? or is there a command to do it?
[20:27] <cjwatson> Just wget it - maxb gave you the URL earlier.
[20:28] <Dougie187> k
[20:28] <Dougie187> I just wasn't sure if I should use some apt-src or something command.
[20:28] <cjwatson> Or pull-lp-source will download it along with the rest of the source package
[20:28] <cjwatson> You probably want the -d option so that it doesn't unpack it over your working tree
[20:28] <Dougie187> eh. I can always just make a new dir for it.
[20:28] <cjwatson> No need though
[20:29] <cjwatson> You just need the .orig.tar.gz, you don't need it unpacked
[20:29] <Dougie187> ok
[20:33] <Dougie187> Thanks for your help btw.
[20:33] <Dougie187> And everyone else. :P
[20:35] <Dougie187> I submitted a bug report too.
[20:35] <Dougie187> And that upload worked fine.