Will gpg 1.x remain supported for the foreseeable future?
dank at kegel.com
Fri Jan 19 04:58:52 CET 2018
On Thu, Jan 18, 2018 at 7:52 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> if this is the only thing happening, apt will indeed fail, because it
> has never heard of the "new key" that was just created -- why should it
> accept signatures from that new key?
> how are you configuring the target system to point to the repo? how are
> you telling it where to find the key?
By installing my package, which drops the key into /usr/share/keyrings
and creates the lists.d entries with signed-by. That ought to suffice,
I gather, but I'm tripping over shoelaces somewhere.
> this looks strange to me -- you seem to be using a --keyring that is
> *inside* the GNUPGHOME that you've set
> that GnuPG homedir is really not part of the GnuPG API contract -- and
> anything you put in that homedir could potentially be overwritten by
> GnuPG itself. How is
> /tmp/obs_localbuild_gpghome_dank.tmp/keyrings/localhost.gpg being
It's just a regression test script. I'm cleaning it up and will post
it once it's legible and avoids sins like that.
> The keys referred to via signed-by are the only acceptable keys for the
> associated apt repo.
> does that make sense?
That'd be great if it worked. Since it's hard to explain what's broken
without a simple script showing exactly what I'm doing, let's just
hold that thought until I post one.
More information about the Gnupg-users