NACK: [linux-snap][bionic][PATCH] trusted.gpg.d directly supports .asc keys without gnupg/agent/etc.
stefan.bader at canonical.com
Mon Aug 12 13:05:18 UTC 2019
On 01.08.19 05:01, Dimitri John Ledkov wrote:
> As per apt-key manpage one can ship armored keys with .asc extension
> since apt 1.4 (bionic and up). For prior releases, gpg1 exported
> binary .gpg keys are supported. No need to install gnupg, run
> gnupg-agent, or execute apt-key.
> Signed-off-by: Dimitri John Ledkov <xnox at ubuntu.com>
Though maybe more complicated than it needs to but why change a running system?
If we remember till then, this is something for doing better in core20
> Sample build with this change in place is shown at:
> Makefile | 9 +--------
> 1 file changed, 1 insertion(+), 8 deletions(-)
> diff --git a/Makefile b/Makefile
> index b2c5ea5..00d3b25 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -93,14 +93,7 @@ all:
> # Enable ppa:snappy-dev/image inside of the chroot and add the PPA's
> # public signing key to apt:
> - # - gnugpg is required by apt-key
> - # - gnugpg 2.x requires gpg-agent to be running
> - # - procfs must be bind-mounted for gpg-agent
> - # - running apt-key as a child process of gpg-agent --daemon stops the
> - # agent shortly after apt-key executes
> - $(ENV) chroot chroot apt-get -y install gnupg
> - mkdir --mode=0600 chroot/tmp/gnupg-home
> - cat snappy-dev-image.asc | $(ENV) chroot chroot gpg-agent --homedir /tmp/gnupg-home --daemon apt-key add -
> + cp snappy-dev-image.asc chroot/etc/apt/trusted.gpg.d/
> # Copy in the sources.list just before modifying it (on build envs this already
> # seems to be present, otherwise those would not fail).
> cp /etc/apt/sources.list chroot/etc/apt/sources.list
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the kernel-team