On Mon, Sep 23, 2013 at 10:30:11AM +0200, Sandro Mani wrote: > > On 23.09.2013 02:01, Zbigniew Jędrzejewski-Szmek wrote: > >On Mon, Sep 23, 2013 at 12:14:29AM +0200, Sandro Mani wrote: > >>On 20.09.2013 06:37, Zbigniew Jędrzejewski-Szmek wrote: > >>>On Thu, Sep 19, 2013 at 06:41:03PM +0200, Sandro Mani wrote: > >>>>Hi, > >>>> > >>>>In the hope to continue the effort of getting pbuilder (and hence an > >>>>easy way to build deb packages from fedora) into the repos (review > >>>>here: [1]), I've packaged devscripts, debian-keyring, ubuntu-keyring > >>>>and jetring. Reviews are here: > >>>> > >>>>- jetring: https://bugzilla.redhat.com/show_bug.cgi?id=1009996 > >>>>- debian-keyring: https://bugzilla.redhat.com/show_bug.cgi?id=1009997 > >>>>- ubuntu-keyring: https://bugzilla.redhat.com/show_bug.cgi?id=1009998 > >>>>- perl-Parse-DebControl: https://bugzilla.redhat.com/show_bug.cgi?id=1009999 > >>>>- devscripts: https://bugzilla.redhat.com/show_bug.cgi?id=1010000 > >>>> > >>>>A question concerning the keyrings: currently, the only other > >>>>package (afaics) containing distro keyrings is archlinux-keyring. > >>>>That package installs the keyrings in /usr/share/pacman/keyrings. > >>>Pacman installs the keyrings into /usr/share/pacman/keyrings > >>>because that's what Arch does. I guess that archlinux.gpg may > >>>move to /usr/share/keyrings, but there are other files (lists > >>>of trusted and revoked keys), which are specific to pacman's libalpm, > >>>so I think they deserve a directory on it's own. If archlinux.gpg > >>>moves, it can be symlinked into /usr/share/pacman/keyrings. > >>> > >>>>The debian-keyring and ubuntu-keyring packages I've posted for > >>>>review install the keyrings in /usr/share/keyrings. This directory > >>>>is however unowned. I see two options: > >>>>- install {debian,ubuntu} keyrings in > >>>>/usr/share/{ubuntu,debian}/keyrings, and have them own the > >>>>directories > >>>>- have gnupg own the directory /usr/share/keyrings (and possibly > >>>>have archlinux-keyring also install the keyrings there) > >>>This has the downside that it'll add the dependency on gnupg, > >>>which is not great. Maybe simply create a keyrings-filesystem > >>>package with this directory and have whoever installs keyrings > >>>depend on it. > >>> > >>Any other opinions on this? > >>Or would it be appropriate to file a fpc > >>ticket for this? > >I guess that we two are currently the only interested parties. I'm > >sure we can agree on a solution without involing the FPC. An FPC > >ticket means probably a month delay, and I don't think there's > >anything controversial here. > > > >Please see https://bugzilla.redhat.com/show_bug.cgi?id=998690#c3, > >for some rationale for a -filesystem package. > > > >I'll try to do some reviews of the remaining packages tomorrow. This > >should help to finish this faster. > > > Ok, thanks. I've gone ahead and created a keyrings-filesytem > package, review is here: > > https://bugzilla.redhat.com/show_bug.cgi?id=1010857 > > I've also update the other reviews to use this package. Hi Sandro, it's great to see that this is progressing so quickly. I've started to add a dependency on keyrings-filesystem to archlinux-keyring, but there's a problem: /usr/share/pacman/keyrings/archlinux.gpg is a text file: % head -n3 /usr/share/pacman/keyrings/archlinux.gpg -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBE7VXhABEAC7AB9vHjR4b/lXq/HANeeN2vWQYK3xL2/01nvUPwycjDbCkOg2 ... while /usr/share/keyrings/debian-archive-keyring.gpg is a real gpg2 (binary) keyring. I could (a) symlink archlinux.gpg into /usr/share/keyrings/ as is (b) convert archlinux.gpg to the gpg2 binary format, but that would probably require duplicating the file, since pacman expects the text format. So the question is, what is the purpose/intended user of /usr/share/keyring/*.gpg ? Zbyszek -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
