This is an automated email from the ASF dual-hosted git repository.
kou pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow.git
The following commit(s) were added to refs/heads/main by this push:
new 65da4adbbc GH-45118: [Packaging] Use armored keyring for APT
repository (#45131)
65da4adbbc is described below
commit 65da4adbbc8575a5e8c019d6db4dfb964116083c
Author: Sutou Kouhei <[email protected]>
AuthorDate: Tue Dec 31 11:48:36 2024 +0900
GH-45118: [Packaging] Use armored keyring for APT repository (#45131)
### Rationale for this change
We're using the keybox format for keyring because we have multiple GPG
keys. It seems that we should use the armored format for keyring.
libapt-pkg 2.9.16 or later shipped by Debian trixie rejects the keybox
format files. So we should use the armored format.
### What changes are included in this PR?
Use `.asc` not `.gpg` for keyring.
### Are these changes tested?
Yes.
### Are there any user-facing changes?
Yes.
* GitHub Issue: #45118
Authored-by: Sutou Kouhei <[email protected]>
Signed-off-by: Sutou Kouhei <[email protected]>
---
dev/release/verify-apt.sh | 7 ++++++-
dev/tasks/linux-packages/apache-arrow-apt-source/debian/rules | 11 ++++++++---
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/dev/release/verify-apt.sh b/dev/release/verify-apt.sh
index 8c54fe5c11..7cef30357d 100755
--- a/dev/release/verify-apt.sh
+++ b/dev/release/verify-apt.sh
@@ -124,8 +124,13 @@ if [ "${TYPE}" = "local" ]; then
if [ -f "${keys}" ]; then
gpg \
--no-default-keyring \
- --keyring /usr/share/keyrings/apache-arrow-apt-source.gpg \
+ --keyring /tmp/apache-arrow-apt-source.kbx \
--import "${keys}"
+ gpg \
+ --no-default-keyring \
+ --keyring /tmp/apache-arrow-apt-source.kbx \
+ --armor \
+ --export > /usr/share/keyrings/apache-arrow-apt-source.asc
fi
else
case "${TYPE}" in
diff --git a/dev/tasks/linux-packages/apache-arrow-apt-source/debian/rules
b/dev/tasks/linux-packages/apache-arrow-apt-source/debian/rules
index bf7a85c8c8..382611f6ec 100755
--- a/dev/tasks/linux-packages/apache-arrow-apt-source/debian/rules
+++ b/dev/tasks/linux-packages/apache-arrow-apt-source/debian/rules
@@ -12,8 +12,13 @@ export DH_OPTIONS
override_dh_auto_build:
gpg \
--no-default-keyring \
- --keyring ./apache-arrow-apt-source.gpg \
+ --keyring ./apache-arrow-apt-source.kbx \
--import KEYS
+ gpg \
+ --no-default-keyring \
+ --keyring ./apache-arrow-apt-source.kbx \
+ --armor \
+ --export > apache-arrow-apt-source.asc
( \
distribution=$$(lsb_release --id --short | tr 'A-Z' 'a-z'); \
@@ -22,12 +27,12 @@ override_dh_auto_build:
echo "URIs:
https://apache.jfrog.io/artifactory/arrow/$${distribution}/";; \
echo "Suites: $${code_name}"; \
echo "Components: main"; \
- echo "Signed-By: /usr/share/keyrings/apache-arrow-apt-source.gpg"; \
+ echo "Signed-By: /usr/share/keyrings/apache-arrow-apt-source.asc"; \
) > apache-arrow.sources
override_dh_install:
install -d debian/tmp/usr/share/keyrings/
- install -m 0644 apache-arrow-apt-source.gpg \
+ install -m 0644 apache-arrow-apt-source.asc \
debian/tmp/usr/share/keyrings/
install -d debian/tmp/etc/apt/sources.list.d/
