Review swaps: perl-Parse-DebControl, devscripts, debian-keyring, ubuntu-keyring, jetring + question: where to install keyrings?

Sun Oct 6 09:53:40 UTC 2013

On 04.10.2013 20:49, Zbigniew Jędrzejewski-Szmek wrote:
> On Mon, Sep 23, 2013 at 10:30:11AM +0200, Sandro Mani wrote:
>> On 23.09.2013 02:01, Zbigniew Jędrzejewski-Szmek wrote:
>>> On Mon, Sep 23, 2013 at 12:14:29AM +0200, Sandro Mani wrote:
>>>> On 20.09.2013 06:37, Zbigniew Jędrzejewski-Szmek wrote:
>>>>> On Thu, Sep 19, 2013 at 06:41:03PM +0200, Sandro Mani wrote:
>>>>>> Hi,
>>>>>>
>>>>>> In the hope to continue the effort of getting pbuilder (and hence an
>>>>>> easy way to build deb packages from fedora) into the repos (review
>>>>>> here: [1]), I've packaged devscripts, debian-keyring, ubuntu-keyring
>>>>>> and jetring. Reviews are here:
>>>>>>
>>>>>> - jetring: https://bugzilla.redhat.com/show_bug.cgi?id=1009996
>>>>>> - debian-keyring: https://bugzilla.redhat.com/show_bug.cgi?id=1009997
>>>>>> - ubuntu-keyring: https://bugzilla.redhat.com/show_bug.cgi?id=1009998
>>>>>> - perl-Parse-DebControl: https://bugzilla.redhat.com/show_bug.cgi?id=1009999
>>>>>> - devscripts: https://bugzilla.redhat.com/show_bug.cgi?id=1010000
>>>>>>
>>>>>> A question concerning the keyrings: currently, the only other
>>>>>> package (afaics) containing distro keyrings is archlinux-keyring.
>>>>>> That package installs the keyrings in /usr/share/pacman/keyrings.
>>>>> Pacman installs the keyrings into /usr/share/pacman/keyrings
>>>>> because that's what Arch does. I guess that archlinux.gpg may
>>>>> move to /usr/share/keyrings, but there are other files (lists
>>>>> of trusted and revoked keys), which are specific to pacman's libalpm,
>>>>> so I think they deserve a directory on it's own. If archlinux.gpg
>>>>> moves, it can be symlinked into /usr/share/pacman/keyrings.
>>>>>
>>>>>> The debian-keyring and ubuntu-keyring packages I've posted for
>>>>>> review install the keyrings in /usr/share/keyrings. This directory
>>>>>> is however unowned. I see two options:
>>>>>> - install {debian,ubuntu} keyrings in
>>>>>> /usr/share/{ubuntu,debian}/keyrings, and have them own the
>>>>>> directories
>>>>>> - have gnupg own the directory /usr/share/keyrings (and possibly
>>>>>> have archlinux-keyring also install the keyrings there)
>>>>> This has the downside that it'll add the dependency on gnupg,
>>>>> which is not great. Maybe simply create a keyrings-filesystem
>>>>> package with this directory and have whoever installs keyrings
>>>>> depend on it.
>>>>>
>>>> Any other opinions on this?
>>>> Or would it be appropriate to file a fpc
>>>> ticket for this?
>>> I guess that we two are currently the only interested parties. I'm
>>> sure we can agree on a solution without involing the FPC. An FPC
>>> ticket means probably a month delay, and I don't think there's
>>> anything controversial here.
>>>
>>> Please see https://bugzilla.redhat.com/show_bug.cgi?id=998690#c3,
>>> for some rationale for a -filesystem package.
>>>
>>> I'll try to do some reviews of the remaining packages tomorrow. This
>>> should help to finish this faster.
>>>
>> Ok, thanks. I've gone ahead and created a keyrings-filesytem
>> package, review is here:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1010857
>>
>> I've also update the other reviews to use this package.
> Hi Sandro,
> it's great to see that this is progressing so quickly.
>
> I've started to add a dependency on keyrings-filesystem to
> archlinux-keyring, but there's a problem:
> /usr/share/pacman/keyrings/archlinux.gpg is a text file:
>
> % head -n3 /usr/share/pacman/keyrings/archlinux.gpg
> -----BEGIN PGP PUBLIC KEY BLOCK-----
>
> mQINBE7VXhABEAC7AB9vHjR4b/lXq/HANeeN2vWQYK3xL2/01nvUPwycjDbCkOg2
> ...
>
> while /usr/share/keyrings/debian-archive-keyring.gpg is a real gpg2
> (binary) keyring.
>
> I could
> (a) symlink archlinux.gpg into /usr/share/keyrings/ as is
> (b) convert archlinux.gpg to the gpg2 binary format, but that would
>      probably require duplicating the file, since pacman expects
>      the text format.
> So the question is, what is the purpose/intended user of /usr/share/keyring/*.gpg ?
I'd say the main purpose is to stay consistent with the layout found on 
debian systems for their keyrings, so that for instance the how-tos 
found on the net also apply to fedora. But if archlinux expects its 
keyring in /usr/share/pacman/keyrings/, and references in the net also 
point to that directory, then maybe there is little value in placing a 
symlink in /usr/share/keyrings, so I'd just leave it as is.

Sandro