[Bug 1961454] [NEW] [SRU] Package unusable due to yearly key changes
Launchpad Bug Tracker
1961454 at bugs.launchpad.net
Sat Feb 19 00:34:22 UTC 2022
You have been subscribed to a public bug by Ryan Finnie (fo0bar):
[Impact]
* ftp.ports.debian.org changes keys every year, and updates debian-
ports-archive-keyring 2 years ahead of time.
* Packages in bionic and focal do not have 2022's key, making the
packages unusable.
* SRU falls under "Updates that need to be applied to Ubuntu packages
to adjust to changes in the environment, server protocols, web services,
and similar"
* Package can be synced directly from Debian
[Test Plan]
sudo debootstrap --arch=riscv64 --force-check-gpg --foreign
--keyring=/usr/share/keyrings/debian-ports-archive-keyring.gpg sid
/tmp/sid http://ftp.ports.debian.org/debian-ports/
Expected:
I: Checking Release signature
I: Valid Release signature (key id CBC70A60B9ED6F237A5F5B0BE852514F5DF312F6)
I: Retrieving Packages
I: Validating Packages
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
[...]
Currently:
I: Checking Release signature
E: Release signed by unknown key (key id E852514F5DF312F6)
The specified keyring /usr/share/keyrings/debian-ports-archive-keyring.gpg may be incorrect or out of date.
You can find the latest Debian release key at https://ftp-master.debian.org/keys.html
[Where problems could occur]
* Very old keys are removed from the keyring by subsequent package
updates. An existing program might be looking for old keys and start
failing, but this scenario is probably unlikely.
[Other Info]
** Affects: debian-ports-archive-keyring (Ubuntu)
Importance: Undecided
Status: New
** Tags: bionic focal
--
[SRU] Package unusable due to yearly key changes
https://bugs.launchpad.net/bugs/1961454
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list