[Bug 2075505] Re: Add distribution-gpg-keys 1.104+ds-2 to noble
Luca Boccassi
2075505 at bugs.launchpad.net
Wed Aug 7 09:05:57 UTC 2024
It would provide more value in noble proper, however if there are
external reasons like a long review queue, I am perfectly ok with having
this in noble-backports.
I'd like to have it in the archive though rather than out of tree, as
this is useful for users of image building tool in general, to provide a
fully verified way of retrieving the keyrings. It's a good thing that
all distributions ship the keys for all other distributions, so that you
can securely bootstrap one from another. ubuntu-archive-keyring is
available in Debian and Fedora, for example.
--
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2075505
Title:
Add distribution-gpg-keys 1.104+ds-2 to noble
Status in distribution-gpg-keys package in Ubuntu:
Fix Released
Status in distribution-gpg-keys source package in Noble:
In Progress
Bug description:
[Impact]
distribution-gpg-keys is a package in Oracular that provides an
archive of GPG keys for RPM-based distributions.
As stated by the reporter, this package allows users to bootstrap and
build RPM distributions, useful for CI and image building purposes.
The package should be added to noble as well to provide the
functionality to LTS users.
[Test Plan]
To test, the package should be installed on noble, and gpg keys should
be checked. This can be done with the following commands:
$ sudo apt update
$ sudo apt upgrade
$ sudo apt install distribution-gpg-keys distribution-gpg-keys-copr
$ gpg --import /usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-10
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 05B555B38483C65D: public key "CentOS (CentOS Official Signing Key) <security at centos.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
$ gpg --import /usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-9
gpg: key 05B555B38483C65D: "CentOS (CentOS Official Signing Key) <security at centos.org>" 1 new signature
gpg: Total number processed: 1
gpg: new signatures: 1
etc.
[Where problems could occur]
Since the package will be new to noble, it has not yet been tested in
that version. Therefore if problems were to occur, it would most
likely be in interactions with other packages. This could show up as
conflicts in the /usr/share directory, or failures when using the
contained gpg keys.
[Original Description]
Impact
This package was introduced in Oracular and is a simple archive of GPG keys for RPM-based distributions like Fedora, CentOS, Azure Linux and many more. It ships nothing but these keys, in a package-specific subdirectory.
It is useful to bootstrap and build those distributions on Noble, like we do in the systemd upstream CI using the mkosi image builder.
A simple rebuild with a new changelog entry is sufficient.
Scope
Backport version 1.104+ds-2 from oracular to noble-backports
Other Info
The package has no reverse dependencies in noble as it's new in
oracular, so risk is very low. The GPG archive is updated a few times
a year and might use follow-ups to update the keys.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/distribution-gpg-keys/+bug/2075505/+subscriptions
More information about the Ubuntu-sponsors
mailing list