[Bug 2075505] Re: Add distribution-gpg-keys 1.104+ds-2 to noble

Tue Oct 15 18:20:52 UTC 2024

Unsubscribing sponsors - the package is currently in New state in the
noble queue -
https://launchpad.net/ubuntu/noble/+queue?queue_state=0&queue_text=distribution-
gpg-keys - no further action for sponsors.  Feel free to resubscribe
sponsors if needed.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2075505

Title:
  Add distribution-gpg-keys 1.104+ds-2 to noble

Status in distribution-gpg-keys package in Ubuntu:
  Fix Released
Status in distribution-gpg-keys source package in Noble:
  In Progress

Bug description:
  [Impact]

  distribution-gpg-keys is a package in Oracular that provides an
  archive of GPG keys for RPM-based distributions.

  As stated by the reporter, this package allows users to bootstrap and
  build RPM distributions, useful for CI and image building purposes.

  The package should be added to noble as well to provide the
  functionality to LTS users.

  [Test Plan]

  To test, the package should be installed on noble, and gpg keys should
  be checked. This can be done with the following commands:

  $ sudo apt update
  $ sudo apt upgrade
  $ sudo apt install distribution-gpg-keys distribution-gpg-keys-copr
  $ gpg --import /usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-10
  gpg: /root/.gnupg/trustdb.gpg: trustdb created
  gpg: key 05B555B38483C65D: public key "CentOS (CentOS Official Signing Key) <security at centos.org>" imported
  gpg: Total number processed: 1
  gpg:               imported: 1
  $ gpg --import /usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-9
  gpg: key 05B555B38483C65D: "CentOS (CentOS Official Signing Key) <security at centos.org>" 1 new signature
  gpg: Total number processed: 1
  gpg:         new signatures: 1

  etc.

  The package should also be tested by using its gpg keys for image
  building, such as with mkosi.

  [Where problems could occur]

  Since the package will be new to noble, it has not yet been tested in
  that version. Therefore if problems were to occur, it would most
  likely be in interactions with other packages. This could show up as
  conflicts in the /usr/share directory, or failures when using the
  contained gpg keys.

  [Original Description]
  Impact

  This package was introduced in Oracular and is a simple archive of GPG keys for RPM-based distributions like Fedora, CentOS, Azure Linux and many more. It ships nothing but these keys, in a package-specific subdirectory.
  It is useful to bootstrap and build those distributions on Noble, like we do in the systemd upstream CI using the mkosi image builder.
  A simple rebuild with a new changelog entry is sufficient.

  Scope

  Backport version 1.104+ds-2 from oracular to noble-backports

  Other Info

  The package has no reverse dependencies in noble as it's new in
  oracular, so risk is very low. The GPG archive is updated a few times
  a year and might use follow-ups to update the keys.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/distribution-gpg-keys/+bug/2075505/+subscriptions