On 04.10.2013 20:49, Zbigniew Jędrzejewski-Szmek wrote:
On Mon, Sep 23, 2013 at 10:30:11AM +0200, Sandro Mani wrote:
On 23.09.2013 02:01, Zbigniew Jędrzejewski-Szmek wrote:
On Mon, Sep 23, 2013 at 12:14:29AM +0200, Sandro Mani wrote:
On 20.09.2013 06:37, Zbigniew Jędrzejewski-Szmek wrote:
On Thu, Sep 19, 2013 at 06:41:03PM +0200, Sandro Mani wrote:
Hi,
In the hope to continue the effort of getting pbuilder (and hence an
easy way to build deb packages from fedora) into the repos (review
here: [1]), I've packaged devscripts, debian-keyring, ubuntu-keyring
and jetring. Reviews are here:
- jetring: https://bugzilla.redhat.com/show_bug.cgi?id=1009996
- debian-keyring: https://bugzilla.redhat.com/show_bug.cgi?id=1009997
- ubuntu-keyring: https://bugzilla.redhat.com/show_bug.cgi?id=1009998
- perl-Parse-DebControl: https://bugzilla.redhat.com/show_bug.cgi?id=1009999
- devscripts: https://bugzilla.redhat.com/show_bug.cgi?id=1010000
A question concerning the keyrings: currently, the only other
package (afaics) containing distro keyrings is archlinux-keyring.
That package installs the keyrings in /usr/share/pacman/keyrings.
Pacman installs the keyrings into /usr/share/pacman/keyrings
because that's what Arch does. I guess that archlinux.gpg may
move to /usr/share/keyrings, but there are other files (lists
of trusted and revoked keys), which are specific to pacman's libalpm,
so I think they deserve a directory on it's own. If archlinux.gpg
moves, it can be symlinked into /usr/share/pacman/keyrings.
The debian-keyring and ubuntu-keyring packages I've posted for
review install the keyrings in /usr/share/keyrings. This directory
is however unowned. I see two options:
- install {debian,ubuntu} keyrings in
/usr/share/{ubuntu,debian}/keyrings, and have them own the
directories
- have gnupg own the directory /usr/share/keyrings (and possibly
have archlinux-keyring also install the keyrings there)
This has the downside that it'll add the dependency on gnupg,
which is not great. Maybe simply create a keyrings-filesystem
package with this directory and have whoever installs keyrings
depend on it.
Any other opinions on this?
Or would it be appropriate to file a fpc
ticket for this?
I guess that we two are currently the only interested parties. I'm
sure we can agree on a solution without involing the FPC. An FPC
ticket means probably a month delay, and I don't think there's
anything controversial here.
Please see https://bugzilla.redhat.com/show_bug.cgi?id=998690#c3,
for some rationale for a -filesystem package.
I'll try to do some reviews of the remaining packages tomorrow. This
should help to finish this faster.
Ok, thanks. I've gone ahead and created a keyrings-filesytem
package, review is here:
https://bugzilla.redhat.com/show_bug.cgi?id=1010857
I've also update the other reviews to use this package.
Hi Sandro,
it's great to see that this is progressing so quickly.
I've started to add a dependency on keyrings-filesystem to
archlinux-keyring, but there's a problem:
/usr/share/pacman/keyrings/archlinux.gpg is a text file:
% head -n3 /usr/share/pacman/keyrings/archlinux.gpg
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBE7VXhABEAC7AB9vHjR4b/lXq/HANeeN2vWQYK3xL2/01nvUPwycjDbCkOg2
...
while /usr/share/keyrings/debian-archive-keyring.gpg is a real gpg2
(binary) keyring.
I could
(a) symlink archlinux.gpg into /usr/share/keyrings/ as is
(b) convert archlinux.gpg to the gpg2 binary format, but that would
probably require duplicating the file, since pacman expects
the text format.
So the question is, what is the purpose/intended user of /usr/share/keyring/*.gpg ?
I'd say the main purpose is to stay consistent with the layout found on
debian systems for their keyrings, so that for instance the how-tos
found on the net also apply to fedora. But if archlinux expects its
keyring in /usr/share/pacman/keyrings/, and references in the net also
point to that directory, then maybe there is little value in placing a
symlink in /usr/share/keyrings, so I'd just leave it as is.
Sandro
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
