On Mon, Sep 23, 2013 at 10:30:11AM +0200, Sandro Mani wrote:
>
> On 23.09.2013 02:01, Zbigniew Jędrzejewski-Szmek wrote:
> >On Mon, Sep 23, 2013 at 12:14:29AM +0200, Sandro Mani wrote:
> >>On 20.09.2013 06:37, Zbigniew Jędrzejewski-Szmek wrote:
> >>>On Thu, Sep 19, 2013 at 06:41:03PM +0200, Sandro Mani wrote:
> >>>>Hi,
> >>>>
> >>>>In the hope to continue the effort of getting pbuilder (and hence an
> >>>>easy way to build deb packages from fedora) into the repos (review
> >>>>here: [1]), I've packaged devscripts, debian-keyring, ubuntu-keyring
> >>>>and jetring. Reviews are here:
> >>>>
> >>>>- jetring: https://bugzilla.redhat.com/show_bug.cgi?id=1009996
> >>>>- debian-keyring: https://bugzilla.redhat.com/show_bug.cgi?id=1009997
> >>>>- ubuntu-keyring: https://bugzilla.redhat.com/show_bug.cgi?id=1009998
> >>>>- perl-Parse-DebControl:
> >>>>https://bugzilla.redhat.com/show_bug.cgi?id=1009999
> >>>>- devscripts: https://bugzilla.redhat.com/show_bug.cgi?id=1010000
> >>>>
> >>>>A question concerning the keyrings: currently, the only other
> >>>>package (afaics) containing distro keyrings is archlinux-keyring.
> >>>>That package installs the keyrings in /usr/share/pacman/keyrings.
> >>>Pacman installs the keyrings into /usr/share/pacman/keyrings
> >>>because that's what Arch does. I guess that archlinux.gpg may
> >>>move to /usr/share/keyrings, but there are other files (lists
> >>>of trusted and revoked keys), which are specific to pacman's libalpm,
> >>>so I think they deserve a directory on it's own. If archlinux.gpg
> >>>moves, it can be symlinked into /usr/share/pacman/keyrings.
> >>>
> >>>>The debian-keyring and ubuntu-keyring packages I've posted for
> >>>>review install the keyrings in /usr/share/keyrings. This directory
> >>>>is however unowned. I see two options:
> >>>>- install {debian,ubuntu} keyrings in
> >>>>/usr/share/{ubuntu,debian}/keyrings, and have them own the
> >>>>directories
> >>>>- have gnupg own the directory /usr/share/keyrings (and possibly
> >>>>have archlinux-keyring also install the keyrings there)
> >>>This has the downside that it'll add the dependency on gnupg,
> >>>which is not great. Maybe simply create a keyrings-filesystem
> >>>package with this directory and have whoever installs keyrings
> >>>depend on it.
> >>>
> >>Any other opinions on this?
> >>Or would it be appropriate to file a fpc
> >>ticket for this?
> >I guess that we two are currently the only interested parties. I'm
> >sure we can agree on a solution without involing the FPC. An FPC
> >ticket means probably a month delay, and I don't think there's
> >anything controversial here.
> >
> >Please see https://bugzilla.redhat.com/show_bug.cgi?id=998690#c3,
> >for some rationale for a -filesystem package.
> >
> >I'll try to do some reviews of the remaining packages tomorrow. This
> >should help to finish this faster.
> >
> Ok, thanks. I've gone ahead and created a keyrings-filesytem
> package, review is here:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1010857
>
> I've also update the other reviews to use this package.
Hi Sandro,
it's great to see that this is progressing so quickly.
I've started to add a dependency on keyrings-filesystem to
archlinux-keyring, but there's a problem:
/usr/share/pacman/keyrings/archlinux.gpg is a text file:
% head -n3 /usr/share/pacman/keyrings/archlinux.gpg
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBE7VXhABEAC7AB9vHjR4b/lXq/HANeeN2vWQYK3xL2/01nvUPwycjDbCkOg2
...
while /usr/share/keyrings/debian-archive-keyring.gpg is a real gpg2
(binary) keyring.
I could
(a) symlink archlinux.gpg into /usr/share/keyrings/ as is
(b) convert archlinux.gpg to the gpg2 binary format, but that would
probably require duplicating the file, since pacman expects
the text format.
So the question is, what is the purpose/intended user of
/usr/share/keyring/*.gpg ?
Zbyszek
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
