On 12.08.24 16:48, Julian Andres Klode wrote:
Control: severity -1 wishlist
On Mon, Aug 12, 2024 at 04:35:38PM GMT, Lee Garrett wrote:
Package: apt
Version: 2.6.1
Severity: normal
X-Debbugs-Cc: deb...@rocketjump.eu
Hi,
it would be nice if the sources.list man page would write more verbosely in what
format the Signed-By: field in a deb822-styles .sources file should be.
I converted a binary key into ASCII-armored via:
gpg --enarmor < files/artifacts.elastic.co.gpg
An enarmored key is generated by using --export -a, not by storing
the unenarmored key as an enarmored file. It should be self-evident,
but it's also made clear by the comment.
Eh? That's not self-evident at all. Maybe for someone who is very familiar with
the details of how pgp works? The pubkey of the 3rd party repo is only offered
in binary format. The command above converts it correctly (sans boilerplate
lines), whereas import/export it to my keyring involves extra steps. Notice that
the ASCI-armored pubkey is identical in both cases except for the boilerplate lines.
The only info on what key format apt expects in-line key to be is from this in
the man page:
"The option may also be set directly to an embedded GPG public key block."
And there's an example below, too.
I don't think we can be much clearer than that, you have gone to
extraordinary trouble to end up with the wrong format, and we probably
shouldn't tell you how to use gpg in there.
I find the response needlessly sassy for a quite reasonable request to be a bit
clearer on what apt expects here, especially since there is no helpful output at
all when the parsing fails (see #1051079).
Regards,
Lee
