Hi,
I want to make 3rd party keyring package (ITP). In the advance, I
want to know a best practice about *keyring* packaging. Any hints?
Background:
When install packages from 3rd party repository,
--allow-insecure-repositories must be specified to execute "apt
update".
sudo apt update --allow-insecure-repositories
Then, need to install keyring package which 3rd party provides
sudo apt install -y -V --allow-unauthenticated foobar-keyring
This is reasonable because there is no correct key yet before
installing it. But, if keyring is already available from Debian
official repository, it makes easy to install for user which needs
3rd party package.
Steps without keyring in Debian (Before)
1. enable 3rd party repository in /etc/apt/sources.list.d/foobar.list
2. sudo apt update --allow-insecure-repositories
3. sudo apt install -y -V --allow-unauthenticated foobar-keyring
4. sudo apt update
5. sudo apt install foobar-*
Steps with keyring in Debian (After) without warnings
1. enable 3rd party repository in /etc/apt/sources.list.d/foobar.list
2. sudo apt install -y foobar-keyring
3. sudo apt update
4. sudo apt install foobar-*
So, I plan to make one more 3rd party keryring into Debian.
What I think that package requirements for keyring:
I've looked into some -keyring package, so I've learned from them
but not convinced.
* package name should be foobar-archive-keyring
* package install keyring under /usr/share/keyrings
* it is better to create symlink to actual keyring
e.g. /etc/apt/trusted.gpg.d/foobar-archive-keyring.gpg to
/usr/share/keyrings/foobar-archive-keyring.gpg
* confirm user to install keyring to /etc/apt/trusted.gpg.d/ by
debconf. MUST or RECOMMENDED?
Regards,
--