These keyrings contain OpenPGP certificates, and are not vendor specific, so naming them with an extension after GnuPG in detriment to the other multiple OpenPGP implementations does not promote the interoperability one would expect from that ecosystem.
Given that these files are API, and will have external references, we add new symlinks with the .pgp extension using the .gpg ones as targets, and leaving the keyrings with .gpg extension as is, which should then be considered deprecated, but should stay until its clear they are not being used from the Debian infrastructure, and potentially a transition has been coordinated or announced about their fate for the rsync endpoints. This matches the intent after the changes being discussed as part of <https://bugs.debian.org/1101418>. Where after those changes in debian-keyring and ones being prepared for userdir-ldap have been deployed, the symlink targets in dsa-puppet can be changed to use the canonical .pgp pathnames, with a subsequent patch. --- modules/roles/manifests/keyring_debian_org_mirror.pp | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/modules/roles/manifests/keyring_debian_org_mirror.pp b/modules/roles/manifests/keyring_debian_org_mirror.pp index ca3c633be..6fddb3a50 100644 --- a/modules/roles/manifests/keyring_debian_org_mirror.pp +++ b/modules/roles/manifests/keyring_debian_org_mirror.pp @@ -6,14 +6,26 @@ class roles::keyring_debian_org_mirror { ensure => 'link', target => '/var/lib/misc/thishost/debian-keyring.gpg' } + file { '/srv/keyring.debian.org/keyrings/debian-keyring.pgp': + ensure => 'link', + target => '/var/lib/misc/thishost/debian-keyring.gpg' + } file { '/srv/keyring.debian.org/keyrings/debian-maintainers.gpg': ensure => 'link', target => '/var/lib/misc/thishost/debian-maintainers.gpg' } + file { '/srv/keyring.debian.org/keyrings/debian-maintainers.pgp': + ensure => 'link', + target => '/var/lib/misc/thishost/debian-maintainers.gpg' + } file { '/srv/keyring.debian.org/keyrings/debian-nonupload.gpg': ensure => 'link', target => '/var/lib/misc/thishost/debian-nonupload.gpg' } + file { '/srv/keyring.debian.org/keyrings/debian-nonupload.pgp': + ensure => 'link', + target => '/var/lib/misc/thishost/debian-nonupload.gpg' + } file { '/srv/keyring.debian.org/keyrings/buildd-keyrings': ensure => 'link', -- 2.49.0
