[Bug 2075505] Re: Add distribution-gpg-keys 1.104+ds-2 to noble

Mon Aug 12 15:35:05 UTC 2024

> I'm declining to process these without consensus amongst Ubuntu
developers that constant SRUs of these packages is the right
architecture to use.

I don't think "constant" is an accurate description, I don't plan to ask for a backport for every release (there's one once a month on average or so), but only a couple of times a year. I will do the same in Debian stable, where I am the maintainer.
Also there's not really any "architecture" here, it's just a collection of keys, shipped as inert data. There's no running code, no scripts, no clients, nothing that changes, it's simply inert data that is shipped and is updated from time to time. The clients are zypper and dnf, and they are maintained separately and independently.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2075505

Title:
  Add distribution-gpg-keys 1.104+ds-2 to noble

Status in distribution-gpg-keys package in Ubuntu:
  Fix Released
Status in distribution-gpg-keys source package in Noble:
  In Progress

Bug description:
  [Impact]

  distribution-gpg-keys is a package in Oracular that provides an
  archive of GPG keys for RPM-based distributions.

  As stated by the reporter, this package allows users to bootstrap and
  build RPM distributions, useful for CI and image building purposes.

  The package should be added to noble as well to provide the
  functionality to LTS users.

  [Test Plan]

  To test, the package should be installed on noble, and gpg keys should
  be checked. This can be done with the following commands:

  $ sudo apt update
  $ sudo apt upgrade
  $ sudo apt install distribution-gpg-keys distribution-gpg-keys-copr
  $ gpg --import /usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-10
  gpg: /root/.gnupg/trustdb.gpg: trustdb created
  gpg: key 05B555B38483C65D: public key "CentOS (CentOS Official Signing Key) <security at centos.org>" imported
  gpg: Total number processed: 1
  gpg:               imported: 1
  $ gpg --import /usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-9
  gpg: key 05B555B38483C65D: "CentOS (CentOS Official Signing Key) <security at centos.org>" 1 new signature
  gpg: Total number processed: 1
  gpg:         new signatures: 1

  etc.

  The package should also be tested by using its gpg keys for image
  building, such as with mkosi.

  [Where problems could occur]

  Since the package will be new to noble, it has not yet been tested in
  that version. Therefore if problems were to occur, it would most
  likely be in interactions with other packages. This could show up as
  conflicts in the /usr/share directory, or failures when using the
  contained gpg keys.

  [Original Description]
  Impact

  This package was introduced in Oracular and is a simple archive of GPG keys for RPM-based distributions like Fedora, CentOS, Azure Linux and many more. It ships nothing but these keys, in a package-specific subdirectory.
  It is useful to bootstrap and build those distributions on Noble, like we do in the systemd upstream CI using the mkosi image builder.
  A simple rebuild with a new changelog entry is sufficient.

  Scope

  Backport version 1.104+ds-2 from oracular to noble-backports

  Other Info

  The package has no reverse dependencies in noble as it's new in
  oracular, so risk is very low. The GPG archive is updated a few times
  a year and might use follow-ups to update the keys.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/distribution-gpg-keys/+bug/2075505/+subscriptions