[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Stateless OpenPGP command-line interface for package management

On Thu, Feb 06, 2020 at 03:28:28PM +0100, Johannes Schauer wrote:
>    "I have a keyring I know that I want to use (like
>    /usr/share/keyrings/ubuntu-archive-keyring.gpg) -- is the key material from
>    that keyring fully included in the keys trusted by apt?"

That is a question though you should ideally ask apt instead of trying
to peak inside its trusted keyrings and figure it out by yourself.
Who knows what might change in the keyring setup in the future. [0]

So if you can outline an interface I guess we can add it to apt-key
to decouple mmdebstrap from this (I didn't mention your bootstrap
specifically as I thought you were one of the lucky ones by delegate
all these problems to apt).

That said, I wonder why you are trying to answer that at all. Just place
the keyring in apts trusted store for the bootstrap and remove it
afterwards. Duplicated keys are no problem and the chroot hopefully ends
up with the keyring package(s) it needs? (Anyway, different topic)

Best regards

David Kalnischkies

[0] If I ever get back to
the answer to which keyring is in the trusted set becomes a lot harder
and/or undefined without additional knowledge. It is sorta-blocked by me
realizing I would have to interact more with gpg(v) for this…

Attachment: signature.asc
Description: PGP signature

Reply to: