[Bug 2075505] Re: Add distribution-gpg-keys 1.104+ds-2 to noble

Luca Boccassi 2075505 at bugs.launchpad.net
Wed Aug 7 09:05:57 UTC 2024 

It would provide more value in noble proper, however if there are
external reasons like a long review queue, I am perfectly ok with having
this in noble-backports.

I'd like to have it in the archive though rather than out of tree, as
this is useful for users of image building tool in general, to provide a
fully verified way of retrieving the keyrings. It's a good thing that
all distributions ship the keys for all other distributions, so that you
can securely bootstrap one from another. ubuntu-archive-keyring is
available in Debian and Fedora, for example.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2075505

Title:
  Add distribution-gpg-keys 1.104+ds-2 to noble

Status in distribution-gpg-keys package in Ubuntu:
  Fix Released
Status in distribution-gpg-keys source package in Noble:
  In Progress

Bug description:
  [Impact]

  distribution-gpg-keys is a package in Oracular that provides an
  archive of GPG keys for RPM-based distributions.

  As stated by the reporter, this package allows users to bootstrap and
  build RPM distributions, useful for CI and image building purposes.

  The package should be added to noble as well to provide the
  functionality to LTS users.

  [Test Plan]

  To test, the package should be installed on noble, and gpg keys should
  be checked. This can be done with the following commands:

  $ sudo apt update
  $ sudo apt upgrade
  $ sudo apt install distribution-gpg-keys distribution-gpg-keys-copr
  $ gpg --import /usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-10 
  gpg: /root/.gnupg/trustdb.gpg: trustdb created
  gpg: key 05B555B38483C65D: public key "CentOS (CentOS Official Signing Key) <security at centos.org>" imported
  gpg: Total number processed: 1
  gpg:               imported: 1
  $ gpg --import /usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-9 
  gpg: key 05B555B38483C65D: "CentOS (CentOS Official Signing Key) <security at centos.org>" 1 new signature
  gpg: Total number processed: 1
  gpg:         new signatures: 1

  etc.

  [Where problems could occur]

  Since the package will be new to noble, it has not yet been tested in
  that version. Therefore if problems were to occur, it would most
  likely be in interactions with other packages. This could show up as
  conflicts in the /usr/share directory, or failures when using the
  contained gpg keys.

  [Original Description]
  Impact

  This package was introduced in Oracular and is a simple archive of GPG keys for RPM-based distributions like Fedora, CentOS, Azure Linux and many more. It ships nothing but these keys, in a package-specific subdirectory.
  It is useful to bootstrap and build those distributions on Noble, like we do in the systemd upstream CI using the mkosi image builder.
  A simple rebuild with a new changelog entry is sufficient.

  Scope

  Backport version 1.104+ds-2 from oracular to noble-backports

  Other Info

  The package has no reverse dependencies in noble as it's new in
  oracular, so risk is very low. The GPG archive is updated a few times
  a year and might use follow-ups to update the keys.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/distribution-gpg-keys/+bug/2075505/+subscriptions

More information about the Ubuntu-sponsors mailing list