[01:37] <darkblue_b> hi all - working with our project Debian Developer, I have suffered through four+ hours of making two packages, and I would like to add them to a PPA in Launchpad
[01:37] <darkblue_b> anyone available to walk me through debsign ?
[02:34] <darkblue_b> ok - that didnt work
[04:43] <darkblue_b> hm keyid - hello ?
[11:47] <renatosilva> can someone please take a look at https://answers.launchpad.net/launchpad/+question/295629? thanks
[16:56] <darkblue_b> hi all - it seems it is far simpler to copy form one PPA to another, rather than build on the OS..
[16:56] <darkblue_b> BUT I should complete the exercise and setup my keys the right way...
[16:57] <darkblue_b> anyone available to walk me through setting up gpg and debsign on a client ?
[17:26] <mapreri> cjwatson: is the machine running the debian importer using -updates?  or do we need to wait for the next precise (or trusty?) point release to have packages shipping .asc be imported in ubuntu? :)
[17:26] <cjwatson> darkblue_b: my suggestion would be to work through https://help.launchpad.net/Packaging/PPA/BuildingASourcePackage and tell us where you get stuck
[17:27] <cjwatson> mapreri: yes, it's using -updates, it'll be upgraded automatically at some point this coming week
[17:27] <cjwatson> usual napalm upgrades are on Thursday I think
[17:27] <cjwatson> (ICBW)
[17:28] <mapreri> well, of course I know nothing about how the ubuntu infra is distributed inside canonical's DCs...
[17:28] <mapreri> but ok, will check back next Friday, then
[17:28] <cjwatson> I can ask for an earlier upgrade if absolutely necessary, but I prefer not to use sysadmin time if I don't have to
[17:30] <mapreri> nah, no need to.
[17:30] <mapreri> also, istr precise/trusty . releases are not that far away
[17:30] <cjwatson> possibly, but they have no bearing on upgrades :)
[17:31] <mapreri> -eparse
[17:31] <cjwatson> "have no bearing on" -> "do not affect"
[17:32] <cjwatson> or "are not relevant to"
[17:34] <mapreri> ah, yeah, I intended that after the .releases they tend to have to upgrade, I guess, even if they don't run -updates, or for some reasons they don't upgrade this time.
[17:34] <mapreri> (btw, that was a serious "Englishism" :P)
[17:35] <cjwatson> ok, that isn't how it works in our infrastructure, and I wouldn't expect it to be how it works generally; point releases in Ubuntu don't correspond to packages being copied into the release suite, unlike in Debian, they just stay in -updates
[17:35] <cjwatson> so you have to have -updates enabled to get a point release *anyway*, and at that point you might as well just apply updates more frequently to make it easier to diagnose problems caused by upgrades if they occur
[17:35] <mapreri> oh, meh.
[17:36] <mapreri> that goes me only running the last release on a couple of non-important end-user machines, evidently I'm not up to speed on how ubuntu stable stuff works.
[17:43] <darkblue_b> cjwatson: those are the pages I had open.. I am stuck, and I said where
[17:44] <cjwatson> darkblue_b: can you be more specific about exactly what you're stuck with?  you've said "gpg and debsign" but I need a bit more information about exactly what you've tried so far
[17:45] <darkblue_b> .. I have a Launchpad account now, and I initialized a key pair on the Launchpad side.. but on the client VM, the dput is not working
[17:45] <cjwatson> darkblue_b: what error message is it producing?
[17:46] <cjwatson> darkblue_b: and what exactly do you mean by initialising a key pair on the Launchpad side?  the way this works is that you generate a key pair yourself and upload the public half to Launchpad
[17:46] <darkblue_b> debsign ..  skipped "Brian M Hamlin <maplabs@light42.com>": secret key not available
[17:46] <cjwatson> darkblue_b: https://help.launchpad.net/YourAccount/ImportingYourPGPKey may be helpful
[17:47] <cjwatson> darkblue_b: sounds like the system where you're running debsign doesn't have the secret key.  where did you generate it?
[17:47] <darkblue_b> I will look, but I am saying.. the Launchpad side is set up.. its the client in a VM that is stuck
[17:47] <cjwatson> darkblue_b: Launchpad does not and cannot generate secret keys for you
[17:48] <darkblue_b> duh
[17:48] <cjwatson> so I'm asking you, where did you generate the secret key?
[17:48] <darkblue_b> .. on the VM where the packages were built, with a generic user
[17:48] <cjwatson> darkblue_b: run "gpg --list-secret-keys" and see what that says
[17:49] <cjwatson> (in the VM)
[17:49] <darkblue_b> ok - this is what I was asking about,  trying
[17:49] <darkblue_b> gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
[17:49] <cjwatson> darkblue_b: also, as far as I can see it is *not* set up on the Launchpad side - the account attached to that email address has no GPG keys associated with it
[17:49] <darkblue_b> .. thats all
[17:49] <cjwatson> darkblue_b: are you running this as the same user as which you generated the key?
[17:50] <darkblue_b> my account is called screenlight, I set it up years ago
[17:50] <darkblue_b> no not at all.. I am a human being with several computers
[17:50] <cjwatson> darkblue_b: ok, there may be a bit of confusion since https://launchpad.net/~maplabs also exists with the email address you quoted above
[17:50] <cjwatson> but anyway
[17:50] <darkblue_b> I dont know anything about launchpad/maplabs
[17:50] <cjwatson> darkblue_b: if you generated the key on some other system, then you will have to copy it to the VM where you want to sign it
[17:50] <cjwatson> er, where you want to use it for signing, that is
[17:51] <cjwatson> you can just copy over the whole ~/.gnupg directory if the VM has nothing important there already
[17:51] <darkblue_b> I generated a new key pair on the VM I am building on..
[17:52] <cjwatson> then why did you say "no not at all" when I asked if you were running this as the same user as which you generated the key?
[17:52] <cjwatson> I'm afraid I'm very confused about your arrangements
[17:52] <darkblue_b> I am not enthusiastic about repeated requirements on me as a human, to do contribution work
[17:53] <darkblue_b> maybe I am a human and not a cog
[17:53] <cjwatson> look, you're asking me for help, I'm very happy to give it despite it being a Sunday evening, but I just don't understand your setup
[17:53] <darkblue_b> ok - thats fair, I am happy to explain it
[17:53] <darkblue_b> I am asking for help and I aprpeciate your time
[17:53] <cjwatson> at the moment there's no evidence that you generated a key pair on that VM, or at least not as the same user, since in that case "gpg --list-secret-keys" would have listed it
[17:54] <darkblue_b> there is only one user on the VM, called user
[17:54] <cjwatson> would it perhaps be easier for you to do the signing remotely (from the perspective of the VM)?  perhaps you can SSH into the VM, for instance?
[17:54] <darkblue_b> I did generate a key pair, for this exercise, on the VM
[17:54] <cjwatson> or SSH out of the VM to a location where your normal key is stored?
[17:54] <darkblue_b> I am open to suggestions.. something isnt working
[17:55] <darkblue_b> I dont have a normal key on the Launchpad system
[17:55] <darkblue_b> .. this is one of the few time I have tried to do this..
[17:55] <cjwatson> it is not really usual to need to generate a separate key pair for the VM - you *can* do that sort of thing but that is a choice on your part that makes things more complicated
[17:55] <cjwatson> https://launchpad.net/~screenlight shows a normal key, with the short ID B0A9785A
[17:56] <cjwatson> do you have that either somewhere where you can SSH to the VM, or somewhere that you can SSH to from the VM?
[17:56] <darkblue_b> you mean the "Open PGP Keys" ?
[17:56] <cjwatson> yes
[17:56] <darkblue_b> .. looking
[17:57] <cjwatson> OpenPGP is a standard; gpg is an implementation of it
[17:57] <darkblue_b> oh ok
[17:58] <darkblue_b> that key is from 2013
[17:58] <darkblue_b> .. I may have to boot an older system
[18:00] <cjwatson> that may be the easiest way (and then you can copy ~/.gnupg to somewhere more convenient).  failing that, perhaps tell me as exactly as you can what you did to generate the key pair on the VM
[18:01] <cjwatson> the good news is you should only have to work through this once!
[18:01] <darkblue_b> I can tell you what I did yesterday far better than the 2013 actions
[18:02] <cjwatson> so the reason I ask about SSH is that there are variants of debsign that will let you run it with a key on a different system from the package you're trying to sign
[18:02] <cjwatson> which is what I'd do if I were building source packages in a VM (I don't, but it's certainly conceivable)
[18:02] <darkblue_b> as far as I recall, I tried to build something in 2013 and gave up.. and the host system is now turned off, although I very likely do have it
[18:03] <darkblue_b> I will try to read what you just said carefully
[18:03] <cjwatson> if you don't have the key handy, you can certainly generate a fresh one and upload that to Launchpad, but from all the information available to me so far I think something must have gone wrong in your attempt to do so
[18:04] <cjwatson> I would still tend to suggest keeping keys somewhere less ephemeral than a VM
[18:04] <darkblue_b> yesterday I spent more than four hours building two pacakges, along with a mentor.. in the course of doing so, I made an RSA  key pair too
[18:05] <darkblue_b> I uploaded the public portion of that pair to Launchpad, with the super-easy paste box
[18:05] <darkblue_b> you can see it as user@live10
[18:05] <cjwatson> aha
[18:05] <cjwatson> now I understand your error
[18:05] <cjwatson> that is an SSH key, not a GPG key
[18:05] <cjwatson> they are completely different things
[18:05] <darkblue_b> I had no idea
[18:05] <darkblue_b> new to me
[18:06] <cjwatson> follow https://help.launchpad.net/YourAccount/ImportingYourPGPKey
[18:06] <darkblue_b> ok reading.. biab.. thx
[18:08] <cjwatson> SSH keys are used for connecting to a remote system via the secure shell protocol; from Launchpad's perspective, this is mainly used for pushing code to our Bazaar or Git code hosting; you can also use it for uploading packages as a substitute for anonymous FTP, but it's just a transport in that case
[18:09] <cjwatson> GPG keys are used for general-purpose signing and encryption; from Launchpad's perspective, you use them to sign packages to authenticate that they came from you
[18:09] <cjwatson> possibly in an ideal world it would be possible for them to be the same key, but there are some cryptographic advantages to them being separate and anyway we're constrained by the behaviour of the lower-level tools we depend on
[18:25]  * cjwatson -> dinner