| arraybolt3 | Have RSA1024 algorithms been entirely disabled for PPA use in Oracular already? | 04:18 |
|---|---|---|
| arraybolt3 | I'm getting this: | 04:18 |
| arraybolt3 | Err:3 https://ppa.launchpadcontent.net/lubuntu-dev/next/ubuntu oracular InRelease | 04:18 |
| arraybolt3 | The following signatures were invalid: 91732A319F3E38EEEDBDF51AC8BEB4C320E36F2F (untrusted public key algorithm: rsa1024) The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E6FD03F22091EA2E | 04:18 |
| arraybolt3 | in an sbuild build. | 04:19 |
| arraybolt3 | there appears to be an RSA4096 key for the same repo | 04:21 |
| arraybolt3 | anyway, /me resorts to HTTPS and trusted=yes | 04:22 |
| * arraybolt3 has second thoughts about that and just uses the RSA4096 key even though I can't verify its safety, but *also* uses HTTPS so it's still secure | 04:23 | |
| Unit193 | "secure" :> | 04:31 |
| arraybolt3 | you don't trust HTTPS? :P | 04:55 |
| cpaelzer | thanks bdmurray for confirming that the unexpected operator is unrelated and orthogonal to the issue we look at | 06:19 |
| LocutusOfBorg | mitchdz, you ready to upload the fix? | 07:02 |
| Skia | cpaelzer: quoting #ubuntu-quality, where the topic was discussed: "those logs were experimentations in trying to get arm64 to spawn VMs faster, it shouldn't have impacted the test itself" — it's also been fixed since last Friday, so any test triggered after that won't even have it. | 07:02 |
| mitchdz | LocutusOfBorg: not yet, got distracted with another bug. Updated my findings in the LP bug I made though and will find a fix first thing tomorrow morning. | 07:05 |
| adrien | arraybolt3: I don't think RSA1024 signatures are supposed to be disabled currently but maybe I missed something | 07:34 |
| adrien | Unit193: the point about HTTPS being secure is rather that it's not less secure than your system | 07:34 |
| LocutusOfBorg | mitchdz, I tried an upload | 08:10 |
| LocutusOfBorg | git config --global --add safe.directory test1/.git | 08:10 |
| LocutusOfBorg | this might be sufficient? | 08:10 |
| mitchdz | I tried that quickly in my lxc container and it still seemed unhappy | 08:29 |
| mitchdz | Even tried just labeling * as safe | 08:30 |
| adrien | arraybolt3: sorry, it is disabled in oracular, I got confused with the state in noble for which there were discussions until recently (and probably some more) | 08:44 |
| guruprasad | arraybolt3, we, the Launchpad team, have generated a replacement 4096-bit RSA signing keys for all the PPAs that only had a 1024-bit RSA signing key. We are now in the process of dual-signing all the affected PPAs so that we can transition to the new key. | 09:36 |
| guruprasad | The version of apt that throws an error about 1024-bit RSA signing keys will make into Noble before the .1 release and it has already made its way into oracular. | 09:37 |
| === cpaelzer_ is now known as cpaelzer | ||
| LocutusOfBorg | mirespace, that failed, indeed | 10:28 |
| LocutusOfBorg | :/ | 10:28 |
| LocutusOfBorg | I marked as block-proposed that bug | 10:28 |
| LocutusOfBorg | feel free to unblock if you have better news | 10:28 |
| mirespace | sorry, LocutusOfBorg, I missed something... which one? | 10:33 |
| LocutusOfBorg | mitchdz, ^^ | 10:40 |
| LocutusOfBorg | sorry mirespace :) | 10:40 |
| mirespace | :) Nothing to be sorry about :) | 10:40 |
| cpaelzer | fnordahl: do you know right away a way to force the OVS tests to leave detailed logs (as they do on failure) even when they pass? | 10:47 |
| cpaelzer | fnordahl: in the good case the log gives me all the environment info, but then just "All 5 tests were successful." | 10:57 |
| cpaelzer | fnordahl: while the bad variant has a nice "Summary of the failures" section following | 10:58 |
| cpaelzer | fnordahl: now having the full output for the good case as well is what I'm after. As it would allow to see where both paths start to diverge | 10:58 |
| slyon | @pilot in | 11:04 |
| === ChanServ changed the topic of #ubuntu-devel to: Archive: open | Devel of Ubuntu (not support) | Build failures: http://qa.ubuntuwire.com/ftbfs/ | #ubuntu for support and discussion of Focal-Noble | Patch Pilots: slyon | ||
| cpaelzer | fnordahl: I think I found all we need in _debian/tests/system-dpdk-testsuite.dir/... | 11:04 |
| bluca | hi slyon - would you be able to help and sponsor a backport upload, please? https://bugs.launchpad.net/ubuntu/+source/package-notes/+bug/2067544 | 11:07 |
| -ubottu:#ubuntu-devel- Launchpad bug 2067544 in package-notes (Ubuntu Noble) "[BPO] package-notes/13 from oracular" [Undecided, New] | 11:07 | |
| mitya57 | dviererbe: Hi, as you touched unzip last (excluding the no-change rebuild), do you want to review these changes before I upload them to Oracular? | 11:09 |
| mitya57 | https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4979/+sourcepub/16169299/+listing-archive-extra | 11:09 |
| dviererbe | Yes, I would like to. Thanks! | 11:09 |
| mitya57 | Thank you! It's an amendment to Ubuntu's 20-unzip60-alt-iconv-utf8.patch, but we also forwarded both to Debian in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779207#51 | 11:10 |
| -ubottu:#ubuntu-devel- Debian bug 779207 in unzip "unzip fails to unpack filenames containing 'ä' 'ö' 'ü' -> results in '(invalid encoding)'" [Wishlist, Open] | 11:10 | |
| seb128 | mitya57, great, I put https://bugs.launchpad.net/ubuntu/+source/zip/+bug/2062535 on my backlog some days ago but it seems your upload will fix the issue :) | 11:33 |
| -ubottu:#ubuntu-devel- Launchpad bug 2062535 in zip (Ubuntu) "zip fails when filenames contain unicode characters" [High, Triaged] | 11:33 | |
| seb128 | or maybe not? need to check | 11:34 |
| * mitya57 asks the patch author | 11:36 | |
| mitya57 | seb128: well, that's a bug in zip, but the patch is for unzip which is a different package | 11:41 |
| seb128 | mitya57, ah, lol, sorry I didn't check specifics, was just commenting from memory ... I will keep that zip one in my backlog! | 11:51 |
| slyon | bluca: yes, let me take a look. | 12:03 |
| dviererbe | mitya57: Will you open an MP where I can add comments to, or should I just write here? | 12:12 |
| mitya57 | dviererbe: let me opan an MP | 12:16 |
| mitya57 | dviererbe: https://code.launchpad.net/~mitya57/ubuntu/+source/unzip/+git/unzip/+merge/466860 | 12:21 |
| dviererbe | Thanks! | 12:21 |
| slyon | bluca: lgtm https://bugs.launchpad.net/ubuntu/+source/package-notes/+bug/2067544/comments/3 | 12:27 |
| -ubottu:#ubuntu-devel- Launchpad bug 2067544 in package-notes (Ubuntu Noble) "[BPO] package-notes/13 from oracular" [Undecided, New] | 12:27 | |
| bluca | thank you! | 12:36 |
| philroche | RAOF: As part of SRU duty - would you have capacity to look at noble SRU for livecd-rootfs https://launchpad.net/ubuntu/noble/+queue?queue_state=1&queue_text=livecd-rootfs ? this unblocks several bugs including a bug which is blocking noble daily server builds. | 12:57 |
| seb128 | philroche, Chris is in Australia and eod at this hour, you probably want to try pinging bdmurray instead | 13:02 |
| philroche | Thank you. bdmurray: Would you be able to look? | 13:03 |
| adrien | I created https://code.launchpad.net/~adrien/ubuntu/+source/python-googleapi/+git/python-googleapi/+merge/466862 and in order to upgrade from 1.17.2 to 2.131.0, I added upstream's git repository as a remote | 13:07 |
| adrien | will all that go away after a pass through the git-ubuntu importer? and how can I know if it will? | 13:08 |
| ahasenack | adrien: I'm not sure I understand the question. You added a remote to your local checkout, right | 13:08 |
| adrien | yeah, then I ran git merge --allow-unrelated-histories, and now I pushed that and actually used that for the MR | 13:09 |
| ahasenack | what matters to git ubuntu is that what was uploaded matches the vcs tags in the changes file, if that does, it will adopt that rich history I beklieve | 13:10 |
| ahasenack | did you upload already? If yes, we shall know soon :) | 13:10 |
| adrien | I'm not an uploader so no! and I realized pretty quickly after pushing (I think it's still not on the sponsoring page) | 13:11 |
| ahasenack | then the uploader will have to remember to use $(git ubuntu prepare-upload args) in the dpkg-buildpackage command line | 13:13 |
| adrien | I don't know if I should re-spin the MR: the content is good and easy to review with a local checkout; if I re-spin, it becomes slightly more difficult to review | 13:13 |
| adrien | hmmm, rich history is either complete or not present at all; I guess it's too likely and risky that it is preserved here | 13:15 |
| adrien | by the way, a style question: I need to import the new sources, drop a patch, add lintian overrides, help autodep8-python and change dependencies; should I import the sources in the same commit as the rest or as a separate one? | 13:17 |
| rbasak | adrien: I strongly recommend against trying to pull upstream history into git-ubuntu repositories. You can do it, but it'll commit an extreme mess in the commit graph. | 13:18 |
| rbasak | You'll end up with commits that correspond in source tree but do not correspond in the commit graph and that's just confusing. | 13:19 |
| rbasak | I understand the desire to have everything in git including upstream. But the opportunity to do that rests with the Debian maintainer (FWIW, the Debian Python Modules Team has a policy *not* to do that). | 13:21 |
| adrien | yeah, I only wanted to do it for conflict resolution, and then forgot about it | 13:21 |
| rbasak | If you try to do it afterwards, then you get a mess :-/ | 13:21 |
| rbasak | adrien: it might be an idea to mention in the MP for the sponsor *not* to upload with git-ubuntu rich history preservation. | 13:43 |
| adrien | I thought about doing that but that was putting burden upon the reviewer/uploader which is poor form and also a bit risky so I re-created an MR as https://code.launchpad.net/~adrien/ubuntu/+source/python-googleapi/+git/python-googleapi/+merge/466866 | 13:46 |
| adrien | I rebased and squashed all upstream's commits together, checked out a new branch, cherry-picked that, and then cherry-picked all my packaging commits | 13:47 |
| adrien | (finding the right commit to rebase on wasn't obvious and took some time; also, this works because upstream "releases" are only GH git archives) | 13:48 |
| rbasak | Nice. Thanks! | 14:20 |
| tsimonq2 | @pilot in | 14:48 |
| === ChanServ changed the topic of #ubuntu-devel to: Archive: open | Devel of Ubuntu (not support) | Build failures: http://qa.ubuntuwire.com/ftbfs/ | #ubuntu for support and discussion of Focal-Noble | Patch Pilots: tsimonq2, slyon | ||
| tsimonq2 | slyon: Hey! Are you going in any particular order/anything I should avoid? | 14:49 |
| * tsimonq2 starts with hjd's sync bugs | 14:49 | |
| slyon | tsimonq2: I'm usually going top-down, prioritizing non-canonical contributions (and _simple_ pings on IRC). | 14:50 |
| slyon | but my shift is basically over, so you can take whatever is left :) there's plenty to choose from | 14:51 |
| slyon | @pilot out | 14:51 |
| === ChanServ changed the topic of #ubuntu-devel to: Archive: open | Devel of Ubuntu (not support) | Build failures: http://qa.ubuntuwire.com/ftbfs/ | #ubuntu for support and discussion of Focal-Noble | Patch Pilots: tsimonq2 | ||
| tsimonq2 | slyon: Sounds good :) thanks! | 14:52 |
| slyon | have fun! | 14:53 |
| tsimonq2 | of course :D | 15:00 |
| arraybolt3 | guruprasad, adrien: thanks for the info. Is there any chance that the signing key shown in the "Fingerprint" section of a PPA can be switched over to the RSA4096 one? That's what bit me last night - manually downloading and attempting to use the RSA1024 key. | 16:01 |
| guruprasad | arraybolt3, we want to dual-sign all the affected PPAs before we serve the new key's fingerprint via Launchpad - it is a lot easier to do so for every affected archive than do it on a per-archive basis. | 16:18 |
| guruprasad | And dual-signing all the affected archives will take some time to complete. So while we are in that process, I am looking to optimize the key creation/propagation for new PPAs under an account with a default 1024R key - all keys are currently propagated and the optimization is to copy only the stronger key. | 16:19 |
| guruprasad | This will at least solve the blocking dependency for new PPAs under accounts that are affected. | 16:19 |
| tsimonq2 | @pilot out | 16:19 |
| === ChanServ changed the topic of #ubuntu-devel to: Archive: open | Devel of Ubuntu (not support) | Build failures: http://qa.ubuntuwire.com/ftbfs/ | #ubuntu for support and discussion of Focal-Noble | Patch Pilots: N/A | ||
| tsimonq2 | https://discourse.ubuntu.com/t/patch-pilot-hand-off-24-10/44839/12 | 16:20 |
| === sudip_ is now known as sudip | ||
| arraybolt3 | makes sense, thank you! | 16:31 |
| arraybolt3 | guruprasad: ^ | 16:31 |
| john-cabaj | Reaching out again this week. involflt has been on the Jammy (https://launchpad.net/ubuntu/jammy/+queue?queue_state=0&queue_text=involflt) and Focal (https://launchpad.net/ubuntu/focal/+queue?queue_state=0&queue_text=involflt) upload queues for about a month. Is anyone able to look at them to get them out the door? | 17:10 |
| tsimonq2 | john-cabaj: I'm just as confused as you are, I think queue size has generally increased across the board: https://ubuntu-release.kpi.ubuntu.com/d/yIC34LpGk/ubuntu-metrics?viewPanel=6&orgId=1&from=now-30d&to=now | 17:13 |
| john-cabaj | tsimonq2: Things were looking ok around May 10, the day after my submission. Must have just missed a good window. | 17:16 |
| mitchdz | LocutusOfBorg: Sorry for the delay, got injured and had to get it checked out. Have a fix here - https://code.launchpad.net/~mitchdz/ubuntu/+source/fcgiwrap/+git/fcgiwrap/+merge/466889 | 18:13 |
| === stgraber is now known as Guest491 | ||
| mitchdz | If someone is around to sponsor the fcgiwrap oracular dep8 fix, it's a pretty simple fix that will help git/nginx migrate https://code.launchpad.net/~mitchdz/ubuntu/+source/fcgiwrap/+git/fcgiwrap/+merge/466889 | 22:14 |
| liushuyu | LocutusOfBorg: Hi, I have opened https://code.launchpad.net/~liushuyu-011/ubuntu/+source/llvm-toolchain-18/+git/llvm-toolchain-18/+merge/466901 to help with the issues where clang-built binaries can't be analyzed for how they are built (which is not an issue for GCC) | 22:55 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!