Re: debian-archive-keyring installing ubuntu keys?

To: debian-devel@lists.debian.org
Subject: Re: debian-archive-keyring installing ubuntu keys?
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Wed, 26 Mar 2014 09:03:17 +0000
Message-id: <[🔎] fb6af1ae9f456894d43ea389b01abd17@mail.adsl.funky-badger.org>
In-reply-to: <[🔎] 53329253.4090300@pocock.com.au>
References: <[🔎] 53329253.4090300@pocock.com.au>

On 2014-03-26 8:39, Daniel Pocock wrote:

I have a project that is building in the travis-ci.org environment
(based on Ubuntu)

[...]

Unpacking debian-archive-keyring (from
.../debian-archive-keyring_2010.08.28_all.deb) ...
Setting up debian-archive-keyring (2010.08.28) ...


That package is older than the version in squeeze (i.e. oldstable).

However, even fetching the package from Ubuntu trivially shows that itdoes not contain any non-Debian keys:

$ wgethttp://mirrors.kernel.org/ubuntu/pool/universe/d/debian-archive-keyring/debian-archive-keyring_2010.08.28_all.deb

$ mkdir debtmp
$ dpkg-deb -x debian-archive-keyring_2010.08.28_all.deb debtmp

$ gpg --no-default-keyring --keyringdebtmp/usr/share/keyrings/debian-archive-keyring.gpg --list-keys


debtmp/usr/share/keyrings/debian-archive-keyring.gpg
----------------------------------------------------
pub   1024D/F42584E6 2008-04-06 [expired: 2012-05-15]

uid Lenny Stable Release Key<debian-release@lists.debian.org>


pub   4096R/55BE302B 2009-01-27 [expired: 2012-12-31]

uid Debian Archive Automatic Signing Key (5.0/lenny)<ftpmaster@debian.org>


pub   2048R/6D849617 2009-01-24 [expired: 2013-01-23]

uid Debian-Volatile Archive Automatic Signing Key(5.0/lenny)


pub   4096R/B98321F9 2010-08-07 [expires: 2017-08-05]

uid Squeeze Stable Release Key<debian-release@lists.debian.org>


pub   4096R/473041FA 2010-08-27 [expires: 2018-03-05]

uid Debian Archive Automatic Signing Key (6.0/squeeze)<ftpmaster@debian.org>

<ftpmaster@ubuntu.com>" not changed
gpg: key FBB75451: "Ubuntu CD Image Automatic Signing Key
<cdimage@ubuntu.com>" not changed
gpg: Total number processed: 2
gpg:              unchanged: 2

This suggests that you've got ubuntu-keyring installed in theenvironment.

You'll notice that the messages all say "not changed". There are no newkeys being added at this point. What's happening is this:


if which apt-key > /dev/null; then
    apt-key update
fi

[from debian-archive-keyring's postinst]

[...]

Is this simply because I'm trying to use packages from sid?  Or is this
"debian-archive-keyring" package at fault?

As far as I can tell, neither of these is the case. If you don't wantyour environment to contain Ubuntu keys, don't install ubuntu-keyring init.

I can't see how to easily tell from your setup exactly what's installedin the environment before your job started, or I'd supply a link.

My understanding is that
because the package has debian in the name, it will give me Debian
project keys.


It does.

Regards,

Adam

Reply to:

Follow-Ups:
- Re: debian-archive-keyring installing ubuntu keys?
  - From: Daniel Pocock <daniel@pocock.com.au>

References:
- debian-archive-keyring installing ubuntu keys?
  - From: Daniel Pocock <daniel@pocock.com.au>

Prev by Date: debian-archive-keyring installing ubuntu keys?
Next by Date: Re: debian-archive-keyring installing ubuntu keys?
Previous by thread: debian-archive-keyring installing ubuntu keys?
Next by thread: Re: debian-archive-keyring installing ubuntu keys?
Index(es):
- Date
- Thread