| guruprasad | cjwatson, we have deployed changes to have Launchpad generate a replacement (which doesn't yet replace the old key) 4096-bit RSA signing key for PPAs which only have a 1024-bit RSA key atm and the publisher dual-signs an archive if it has more than one key. Your PPA, https://launchpad.net/~cjwatson/+archive/ubuntu/ppa, had a new key generated for it and I would like to test the dual-signing. So when you get the time, can you upload something | 11:08 |
|---|---|---|
| guruprasad | to this PPA and/or mark a relevant suite dirty so that it gets picked up in the next publisher run? Thanks! | 11:08 |
| guruprasad | (I am reaching out to a few known users whose PPAs got a new key generated, in order to test things out) | 11:09 |
| cjwatson | guruprasad: OK, I ran "copy-package --from ubuntu --from-suite noble --to ppa:cjwatson/ubuntu/ppa --to-suite noble -b hello" | 11:12 |
| guruprasad | Thanks! | 11:14 |
| guruprasad | I will keep an eye on what happens during the next publisher run and verify that the results are expected. | 11:15 |
| guruprasad | The publisher appears to have processed your upload but I don't see any information corresponding to actually publishing the package though. And the PPA page says that the publishing hasn't happened yet. | 12:20 |
| guruprasad | I see the same for another user whom I had requested to upload a package. | 12:20 |
| guruprasad | cjwatson, I think something could be wrong with publishing the package. These are the only lines that I see regarding publishing the hello package to noble - a lot of lines regarding translations but nothing about publishing the actual packages - https://pastebin.ubuntu.com/p/XWv9tznCrS/ | 13:32 |
| guruprasad | Does this appear familiar? | 13:32 |
| cjwatson | guruprasad: that doesn't seem very related. | 13:33 |
| cjwatson | guruprasad: and also I think that's a different phase of the publisher? | 13:33 |
| cjwatson | guruprasad: process-accepted vs. publish-distro | 13:33 |
| cjwatson | guruprasad: IIRC publish-distro skips archives where it thinks they need keys that aren't generated yet, so I suspect the place you should be looking is the logs of the key generation script | 13:34 |
| cjwatson | guruprasad: ppa-generate-keys.log I think | 13:34 |
| guruprasad | Sure. Will do. | 13:34 |
| guruprasad | This is an existing archive that has had packages published to it. So surely it must have a signing key already? | 13:35 |
| guruprasad | Or maybe not - let me check my code changes too to make sure that it has all the data it needs to determine whether it can sign this archive or not. | 13:36 |
| cjwatson | guruprasad: I haven't looked at what changes you'd made, but I'd expect them to affect this decision | 13:36 |
| guruprasad | Yes. That is what I suspect too. Thanks for the pointers. | 13:37 |
| cjwatson | I could be wrong though since it looks like process-accepted also checks Archive.can_be_published | 13:39 |
| cjwatson | Have you checked that the PPA publisher isn't crashing before it gets to this PPA? | 13:39 |
| guruprasad | There were no other log lines that had your username or the package name mentioned. So I just assumed there may not be any other relevant things to check. | 13:40 |
| cjwatson | Sure, but if there's a crash before it would have got there ... | 13:40 |
| cjwatson | Always a good idea to search for "Traceback" just in case | 13:40 |
| guruprasad | There are no tracebacks. But I see a lot of log lines mentioning OOPS. Let me quickly scan those to see if there is anything relevant. | 13:45 |
| guruprasad | Found nothing relevant. Now I will check if my changes are adversely affecting the 'can this repository be signed?' check. | 14:11 |
| guruprasad | cjwatson, can you submit something for publishing again so that I can check what is happening? | 14:15 |
| guruprasad | (not urgent, please do it when you can) | 14:17 |
| cjwatson | guruprasad: I ran "copy-package --from ubuntu --from-suite noble --to ppa:cjwatson/ubuntu/ppa --to-suite noble -b man-db". Let me know if you need something other than a copy | 15:49 |
| guruprasad | cjwatson, thanks for the help. I found an issue with the publisher that is breaking the publishing of the first PPA with 2 keys and raising an exception that is likely preventing the processing of all subsequent PPAs. | 15:51 |
| guruprasad | I am currently working on changes to add some relevant logging to debug the issue further, cowboy it, and hopefully identify enough about the issue (lp-signing is returning a 400) to then fix it. | 15:52 |
| ernstp | Right, I saw publishing was stuck | 20:48 |
| ernstp | Would be interesting to look into the new key stuff, though I might be busy the coming days... | 20:49 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!