Merge ~ebarretto/ubuntu-security-tools:apt-key into ubuntu-security-tools:master
Status: | Merged |
---|---|
Approved by: | Paulo Flabiano Smorigo |
Approved revision: | 64a63eb3ab0ada7f24956525e6b468841b05a2af |
Merged at revision: | 64a63eb3ab0ada7f24956525e6b468841b05a2af |
Proposed branch: | ~ebarretto/ubuntu-security-tools:apt-key |
Merge into: | ubuntu-security-tools:master |
Diff against target: |
48 lines (+15/-4) 2 files modified
build-tools/build-sources-list (+14/-4) build-tools/umt (+1/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Ubuntu Security Team | Pending | ||
Review via email: mp+451206@code.launchpad.net |
Description of the change
This is a proposal on fixing umt compare-bin on systems that already don't use /etc/apt/
In this proposal we are using /etc/apt/keyrings, that is not an official directory but a recommendation for thirdparty keyrings:
"If future updates to the certificate will be managed by an apt/dpkg package as recommended below, then it SHOULD be downloaded into /usr/share/keyrings using the same filename that will be provided by the package. If it will be managed locally , it SHOULD be downloaded into /etc/apt/keyrings instead."
https:/
Also altered build-sources-list as it was setting the signed-by entry only for trusty, xenial and bionic, and for newer systems we should have the signed-by for all running releases.
Any feedbacks or suggestions are very much appreciated.
I thought /etc/apt/keyrings was untrusted by default, so we should still need the "signed-by=" in build-sources-list, but changed to the new path, no?