Your message dated Wed, 04 Jun 2025 11:52:19 +0000
with message-id <e1ummfl-005i9j...@respighi.debian.org>
and subject line unblock open-infrastructure-compute-tools
has caused the Debian Bug report #1107262,
regarding unblock: open-infrastructure-compute-tools/20250604-1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1107262: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107262
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
User: release.debian....@packages.debian.org
Usertags: unblock
Hi,
tl;dr: debian-archive-keyring 2025.1 did change some file content
arround, this needs an update in open-infrastructure-compute-tools and
the new version contains only this exact fix (debdiff attached).
please unblock open-infrastructure-compute-tools 20250604-1.
long story:
* o-i-compute-tools creates containers by (de)bootstrapping them
during which it also populates apt sources.lists.
* with (almost) making Signed-by mandatory for apt sources in trixie
(I like that, thanks!), the keyrings need to be referenced in
sources.lists.
* debian-archive-keyring contains each keys in individual files,
as well as one file containing all keys.
* from a theoretical point of view, it could be argued, that
using the exact individual key for each of debians suite
repositories in sources.list entry is more "secure" than using the
whole keyring for all debian repositories indiscriminately.
* the current version of o-i-compute-tools uses individual keys
for each debian suite, this works fine with anything upto and
including bookworm as well as with trixie/sid for anything with
debian-archive-keyring < 2025.1.
* for trixie/sid and debian-archive-keyring >= 2025.1 this doesn't
work anymore.
* debian, on official media, uses the whole keyring and doesn't
distinguish matching individual suite repos and keys. therefore,
I've changed this in o-i-compute-tools to do the same and that's
what's in the debdiff.
* with the updated package, containers for all currently supported
debian releases, including trixie, can be created (again). without
it, trixie containers cannot be build successfully.
Regards,
Daniel
debdiff.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Unblocked open-infrastructure-compute-tools.
--- End Message ---
