Bug#907290: propellor: Apt.trustsKey should not call apt-key

Sat, 25 Aug 2018 17:33:28 -0700 

Package: propellor
Version: 5.3.6-1
Severity: normal

Prior to upstream commit 1d39a530, Propellor did something like

    (proc "gpg" ["--no-default-keyring", "--keyring", f, "--import", "-"])

which created a a gpg keyring, and the format of those changed at some
point to something that apt-key does not support. To fix this breakage
Propeller switched to calling apt-key add, which works, for now, but
it complains, and will probably break at some point.

According to the apt-key manpage

 "Instead of using this [add] command a keyring should be placed
   directly in the /etc/apt/trusted.gpg.d/ directory with a
   descriptive name and either "gpg" or "asc" as file extension."

As far as I can tell, if the privdata is in the right format (which is
always an issue with propellor), no call to gpg should be necessary,
and trustsKey could be implimented e.g. with File.hasPrivContent.

The documentation / --set hints should probably be updated to
recommend gpg --export, since (again from the apt-key manpage)

 "Binary keyring files intended to be used with any apt version should
  therefore always be created with gpg --export."

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.17.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages propellor depends on:
ii  cabal-install                  2.0.0.1-1
ii  ghc [libghc-transformers-dev]  8.2.2-4
ii  git                            1:2.18.0-1
ii  libc6                          2.27-5
ii  libffi6                        3.2.1-8
ii  libghc-ansi-terminal-dev       0.8.0.2-1
ii  libghc-async-dev               2.1.1.1-2
ii  libghc-exceptions-dev          0.8.3-8
ii  libghc-hashable-dev            1.2.7.0-2
ii  libghc-hslogger-dev            1.2.10+dfsg-4
ii  libghc-ifelse-dev              0.85-14
ii  libghc-mtl-dev                 2.2.2-1
ii  libghc-network-dev             2.6.3.5-1
ii  libghc-propellor-dev           5.3.6-1
ii  libghc-split-dev               0.2.3.3-1
ii  libghc-stm-dev                 2.4.5.0-1
ii  libghc-text-dev                1.2.3.0-1
ii  libghc-unix-compat-dev         0.5.0.1-1
ii  libgmp10                       2:6.1.2+dfsg-3

propellor recommends no packages.

propellor suggests no packages.

-- no debconf information

Reply via email to