[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#476570: marked as done (apt: support for keyring pointers to drop hard-dependency on gnupg)

Your message dated Fri, 5 Nov 2010 19:18:38 +0100
with message-id <AANLkTi=WGsUCscFoeR39_M0FmhcxU8s=awKSjk+QmGnA@mail.gmail.com>
and subject line Close: apt: support for keyring pointers to drop hard-dependency on gnupg
has caused the Debian Bug report #476570,
regarding apt: support for keyring pointers to drop hard-dependency on gnupg
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

476570: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476570
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: apt
Version: 0.7.11
Severity: wishlist


I would like to see somehow to be possible to drop gnupg from systems,
leaving only the (smaller) gpgv.

As I understand it, gnupg is at the moment needed because the keyring
apt uses is /etc/apt/trustdb.gpg, which has to be created/updated on
each debian-archive-keyring upload.

The idea I'm offering here is adding support in apt for an
/etc/apt/keys.d directory, that contains files like:
    % cat /etc/apt/keyfiles.d/debian-archive-keyring

Keys are shipped separately in orden to retain the (current) ability to
drop some from the keyring apt uses. AFAIK, it should be possible to
pass several key files to gpgv with --keyring.

With this scheme, there would be no need for gnupg installed anymore. I
guess trusted.gpg could be retained for compatibility reasons, and maybe
as a simpler interface for local key addition, via apt-key.


Adeodato Simó                                     dato at net.com.org.es
Debian Developer                                  adeodato at debian.org
                                         Listening to: Polar - Snow song

--- End Message ---
--- Begin Message ---
Version: 0.8.2

Something similar to what is requested here was implemented with
as we have now a /etc/apt/trusted.gpg.d file in which keyrings can be dropped
instead of added to the trusted.gpg file with apt-key (see also #304846).

The fixed version above is higher as the initial implementation didn't had
e.g. support in cdrom and a few other (more or less) minor problems.

The effect is at least that squeeze will ship with support for it, so that we
can work in wheezy on softly switching to it for the archive keys available.
See #558784 for details on that and why its good (beside a dropped gnupg).

Best regards

David Kalnischkies

--- End Message ---

Reply to: