Ubuntu
debian-ports-archive-keyring package

[SRU] Package unusable due to yearly key changes

Bug #1961454 reported by Ryan Finnie
0
Affects Status Importance Assigned to Milestone
debian-ports-archive-keyring (Ubuntu)
Fix Released
Medium
Unassigned
Bionic
New
Medium
Unassigned
Focal
New
Medium
Unassigned

Bug Description

[Impact]

 * ftp.ports.debian.org changes keys every year, and updates debian-ports-archive-keyring 2 years ahead of time.

 * Packages in bionic and focal do not have 2022's key, making the packages unusable.

 * SRU falls under "Updates that need to be applied to Ubuntu packages to adjust to changes in the environment, server protocols, web services, and similar"

 * Package can be synced directly from Debian

[Test Plan]

sudo debootstrap --arch=riscv64 --force-check-gpg --foreign --keyring=/usr/share/keyrings/debian-ports-archive-keyring.gpg sid /tmp/sid http://ftp.ports.debian.org/debian-ports/

Expected:

I: Checking Release signature
I: Valid Release signature (key id CBC70A60B9ED6F237A5F5B0BE852514F5DF312F6)
I: Retrieving Packages
I: Validating Packages
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
[...]

Currently:

I: Checking Release signature
E: Release signed by unknown key (key id E852514F5DF312F6)
   The specified keyring /usr/share/keyrings/debian-ports-archive-keyring.gpg may be incorrect or out of date.
   You can find the latest Debian release key at https://ftp-master.debian.org/keys.html

[Where problems could occur]

 * Very old keys are removed from the keyring by subsequent package updates. An existing program might be looking for old keys and start failing, but this scenario is probably unlikely.

[Other Info]

Tags: bionic focal
Ryan Finnie (fo0bar)
tags: added: bionic focal
Mathew Hodson (mhodson)
Changed in debian-ports-archive-keyring (Ubuntu):
status: New → Fix Released
importance: Undecided → Medium
Changed in debian-ports-archive-keyring (Ubuntu Bionic):
importance: Undecided → Medium
Changed in debian-ports-archive-keyring (Ubuntu Focal):
importance: Undecided → Medium
Revision history for this message
Julian Andres Klode (juliank) wrote :

This bug doesn't make much sense to me (it seems to be a rolling issue) and there's nothing to sponsor here. Please update the bug to be specific about the issue being fixed this cycle, and include tested debdiffs to sponsor, presumably against the version in devel if it's a straightforward backport like ~22.04.1 and like that.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.