Deploy new Ubuntu archive signing key
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
High
|
Colin Watson | ||
ubuntu-archive-publishing |
Fix Released
|
High
|
Colin Watson |
Bug Description
We've generated a new Ubuntu archive signing key (4096R/
As preparatory work, I've set default_key in /srv/launchpad.
Following this, though, we need some way to start selectively using the new key. The way this is done should obey the following properties:
* Subject to testing, it should be possible to sign Ubuntu <= precise with both old and new keys.
* After a transition period, we should start signing Ubuntu >= quantal with only the new key.
* Key IDs must not be hardcoded in Launchpad code and I think probably ought not to live in the database either, since that would break the dogfood publisher which does not (and must not) have access to the production signing keys. It should be possible to change the signing key used for a given distroseries range independently for production and dogfood.
* Ideally, the scheme we come up with should allow us to switch to new signing keys more frequently in future without having to think about it quite so hard.
I'd welcome comments on possible approaches. My best idea so far is to add key IDs to the archivepublisher config, but I'm not sure how to deal with the per-distroserie
Related branches
- Steve Kowalik (community): Approve (code)
-
Diff: 269 lines (+11/-164)10 files modifiedcronscripts/publishing/distro-parts/ubuntu/finalize.d/10-germinate (+0/-6)
cronscripts/publishing/distro-parts/ubuntu/finalize.d/40-timestamp-trace-file (+0/-9)
cronscripts/publishing/distro-parts/ubuntu/finalize.d/90-trigger-mirrors (+0/-21)
cronscripts/publishing/distro-parts/ubuntu/finalize.d/README.txt (+0/-22)
cronscripts/publishing/distro-parts/ubuntu/publish-distro.d/10-sign-releases (+0/-30)
cronscripts/publishing/distro-parts/ubuntu/publish-distro.d/20-remove-uncompressed-listings (+0/-11)
cronscripts/publishing/distro-parts/ubuntu/publish-distro.d/30-copy-indices (+0/-12)
cronscripts/publishing/distro-parts/ubuntu/publish-distro.d/README.txt (+0/-25)
lib/lp/archivepublisher/scripts/publish_ftpmaster.py (+1/-8)
lib/lp/archivepublisher/tests/test_publish_ftpmaster.py (+10/-20)
description: | updated |
Changed in launchpad: | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in ubuntu-archive-publishing: | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Colin Watson (cjwatson) |
Changed in launchpad: | |
status: | Triaged → In Progress |
No LP code should be harmed in the making of this feature. Here's what we should do:
- ftpmaster- publish/ launchpad- lazr.conf: run_parts_ location: cronscripts/ publishing/ distro- parts
reconfigure to use a new location and copy the existing scripts there
- edit publish- distro. d/10-sign- releases to do what you need
When happy, remove the ubuntu-specific stuff from the LP tree.
Profit!