NACK: [linux-snap][bionic][PATCH] trusted.gpg.d directly supports .asc keys without gnupg/agent/etc.

Stefan Bader stefan.bader at canonical.com
Mon Aug 12 13:05:18 UTC 2019


On 01.08.19 05:01, Dimitri John Ledkov wrote:
> As per apt-key manpage one can ship armored keys with .asc extension
> since apt 1.4 (bionic and up). For prior releases, gpg1 exported
> binary .gpg keys are supported. No need to install gnupg, run
> gnupg-agent, or execute apt-key.
> 
> Signed-off-by: Dimitri John Ledkov <xnox at ubuntu.com>
> ---

Though maybe more complicated than it needs to but why change a running system?
If we remember till then, this is something for doing better in core20

-Stefan

>  Sample build with this change in place is shown at:
>  https://launchpad.net/~xnox/+snap/pc-kernel-bionic/+build/633218
> 
>  Makefile | 9 +--------
>  1 file changed, 1 insertion(+), 8 deletions(-)
> 
> diff --git a/Makefile b/Makefile
> index b2c5ea5..00d3b25 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -93,14 +93,7 @@ all:
>  
>  	# Enable ppa:snappy-dev/image inside of the chroot and add the PPA's
>  	# public signing key to apt:
> -	# - gnugpg is required by apt-key
> -	# - gnugpg 2.x requires gpg-agent to be running
> -	# - procfs must be bind-mounted for gpg-agent
> -	# - running apt-key as a child process of gpg-agent --daemon stops the
> -	#   agent shortly after apt-key executes
> -	$(ENV) chroot chroot apt-get -y install gnupg
> -	mkdir --mode=0600 chroot/tmp/gnupg-home
> -	cat snappy-dev-image.asc | $(ENV) chroot chroot gpg-agent --homedir /tmp/gnupg-home --daemon apt-key add -
> +	cp snappy-dev-image.asc chroot/etc/apt/trusted.gpg.d/
>  	# Copy in the sources.list just before modifying it (on build envs this already
>  	# seems to be present, otherwise those would not fail).
>  	cp /etc/apt/sources.list chroot/etc/apt/sources.list
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190812/ed74cc47/attachment.sig>


More information about the kernel-team mailing list