Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use armored keyring for APT repository #772

Merged
merged 2 commits into from
Jan 9, 2025
Merged

Use armored keyring for APT repository #772

merged 2 commits into from
Jan 9, 2025

Conversation

kenhys
Copy link
Contributor

@kenhys kenhys commented Jan 8, 2025

Since apt 2.9.16, it rejects the keybox format files. So we should use
the armored format instead.

ref. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088656#35

> The only format which is GnuPG specific, are for example its internal
> keybox keyrings, which I don't think has ever been used as any kind
> of public interchange format.

In practical use case, Debian 13 (trixie) or Ubuntu 25.04 will be
affected. Without it, it causes verification error with apt-get update.

kenhys added 2 commits January 8, 2025 16:53
@kenhys
Use armored keyring for APT repository
687c5b7 
Since apt 2.9.16, it rejects the keybox format files. So we should use
the armored format instead.

ref. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088656#35

> The only format which is GnuPG specific, are for example its internal
> keybox keyrings, which I don't think has ever been used as any kind
> of public interchange format.

In practical use case, Debian 13 (trixie) or Ubuntu 25.04 will be
affected. Without it, it causes verification error with apt-get update.

Signed-off-by: Kentaro Hayashi <[email protected]>
@kenhys
Drop old distributions
4368be2 
Signed-off-by: Kentaro Hayashi <[email protected]>
@kenhys kenhys marked this pull request as ready for review January 9, 2025 06:16
@kenhys
Copy link
Contributor Author

kenhys commented Jan 9, 2025
edited
Loading

Steps to verify:

  • apt install -y vim curl sudo
  • execute install script which is documented on fluent.org
  • change /etc/apt/sources.list.d/fluent.sources or fluent-lts.sources, point to test/experimental
  • apt update
  • apt upgrade -y, fluent-apt-source or fluent-lts-apt-source should be updated.
  • apt update should be succeed

Result:

  • bullseye v5 OK
  • bullseye lts OK
  • bookworm v5 OK
  • bookworm lts NG (fluent-package depends libssl1.1, it should be fixed as another issue)
  • focal v5 OK
  • focal lts OK
  • jammy v5 OK
  • jammy lts OK
  • noble v5 OK
  • noble lts OK

NOTE: tested with docker.io/debian/bookworm

@kenhys kenhys requested review from daipom and Watson1978 January 9, 2025 06:25
Watson1978
Watson1978 approved these changes Jan 9, 2025
View reviewed changes
Copy link
Contributor

@Watson1978 Watson1978 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍🏻

daipom
daipom approved these changes Jan 9, 2025
View reviewed changes
Copy link
Contributor

@daipom daipom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

@daipom daipom merged commit fa42ade into fluent:master Jan 9, 2025
122 of 123 checks passed
@kenhys kenhys deleted the fix-keybox branch January 9, 2025 08:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daipom daipom daipom approved these changes

@Watson1978 Watson1978 Watson1978 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kenhys @Watson1978 @daipom