Merge lp:~smoser/vmbuilder/mfdiff-apt-key-transition into lp:~ubuntu-on-ec2/vmbuilder/mfdiff
Status: | Work in progress |
---|---|
Proposed branch: | lp:~smoser/vmbuilder/mfdiff-apt-key-transition |
Merge into: | lp:~ubuntu-on-ec2/vmbuilder/mfdiff |
Diff against target: |
28 lines (+9/-0) 1 file modified
mfdiff (+9/-0) |
To merge this branch: | bzr merge lp:~smoser/vmbuilder/mfdiff-apt-key-transition |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Dan Watkins (community) | Needs Resubmitting | ||
Review via email: mp+313797@code.launchpad.net |
Unmerged revisions
- 19. By Scott Moser
-
Add and use local keyring for verification of apt data.
A transition is being made from signing with the dsa1024 'Archive'
signing key below to the newer rsa4096 Archive key.
In zesty, the package installed keyring no longer contains the
older keys.Without this, if running on zesty, then mfdiff will fail to download
changelogs (using apt.cache), as it will not trust the data.The solution here is to check in the gpg keyring that was provided
by the Ubuntu 16.04 (xenial) package ubuntu-keyring, and to use that
for verification.$ gpg keyring.gpg
pub dsa1024 2004-09-12 [SC]
630239CC130E1A7FD81A27B1 40976EAF437D05B 5
uid Ubuntu Archive Automatic Signing Key <email address hidden>
sub elg2048 2004-09-12 [E]
pub dsa1024 2004-12-30 [SC]
C5986B4F1257FFA86632CBA7 46181433FBB7545 1
uid Ubuntu CD Image Automatic Signing Key <email address hidden>
pub rsa4096 2012-05-11 [SC]
790BC7277767219C42C86F93 3B4FE6ACC0B21F3 2
uid Ubuntu Archive Automatic Signing Key (2012) <email address hidden>
pub rsa4096 2012-05-11 [SC]
843938DF228D22F7B3742BC0 D94AA3F0EFE2109 2
uid Ubuntu CD Image Automatic Signing Key (2012) <email address hidden>
You can choose to trust /usr/share/ keyrings/ ubuntu- archive- removed- keys.gpg and /usr/share/ keyrings/ ubuntu- archive- keyring. gpg, however everything should be dual-signed, and just one valid trusted signature should be sufficient (aka just the /usr/share/ keyrings/ ubuntu- archive- keyring. gpg).