[Touch-packages] [Bug 1798073] Re: [SRU] Provide 2018 archive signing key on stable releases

Dimitri John Ledkov Thu, 29 Nov 2018 01:42:02 -0800

$ schroot -u root -c bionic-amd64
(bionic-amd64)root@ottawa:~# apt-key list
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
------------------------------------------------------
pub   rsa4096 2012-05-11 [SC]
      790B C727 7767 219C 42C8  6F93 3B4F E6AC C0B2 1F32
uid           [ unknown] Ubuntu Archive Automatic Signing Key (2012) 
<ftpmas...@ubuntu.com>


/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
pub   rsa4096 2012-05-11 [SC]
      8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092
uid           [ unknown] Ubuntu CD Image Automatic Signing Key (2012) 
<cdim...@ubuntu.com>

(bionic-amd64)root@ottawa:~# gpg --no-default-keyring --keyring 
/usr/share/keyrings/ubuntu-
ubuntu-archive-keyring.gpg       ubuntu-archive-removed-keys.gpg  
ubuntu-master-keyring.gpg
(bionic-amd64)root@ottawa:~# gpg --no-default-keyring --keyring 
/usr/share/keyrings/ubuntu-archive-keyring.gpg -k       
gpg: /root/.gnupg/trustdb.gpg: trustdb created
/usr/share/keyrings/ubuntu-archive-keyring.gpg
----------------------------------------------
pub   rsa4096 2012-05-11 [SC]
      790BC7277767219C42C86F933B4FE6ACC0B21F32
uid           [ unknown] Ubuntu Archive Automatic Signing Key (2012) 
<ftpmas...@ubuntu.com>

pub   rsa4096 2012-05-11 [SC]
      843938DF228D22F7B3742BC0D94AA3F0EFE21092
uid           [ unknown] Ubuntu CD Image Automatic Signing Key (2012) 
<cdim...@ubuntu.com>

(bionic-amd64)root@ottawa:~# dpkg-query -W ubuntu-keyring
ubuntu-keyring  2016.10.27


Upgrading ubuntu-keyring

(bionic-amd64)root@ottawa:~# dpkg-query -W ubuntu-keyring
ubuntu-keyring  2018.09.18.1~18.04.0

# apt-key list
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
------------------------------------------------------
pub   rsa4096 2012-05-11 [SC]
      790B C727 7767 219C 42C8  6F93 3B4F E6AC C0B2 1F32
uid           [ unknown] Ubuntu Archive Automatic Signing Key (2012) 
<ftpmas...@ubuntu.com>

/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
pub   rsa4096 2012-05-11 [SC]
      8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092
uid           [ unknown] Ubuntu CD Image Automatic Signing Key (2012) 
<cdim...@ubuntu.com>

/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
------------------------------------------------------
pub   rsa4096 2018-09-17 [SC]
      F6EC B376 2474 EDA9 D21B  7022 8719 20D1 991B C93C
uid           [ unknown] Ubuntu Archive Automatic Signing Key (2018) 
<ftpmas...@ubuntu.com>

(bionic-amd64)root@ottawa:~# gpg --no-default-keyring --keyring 
/usr/share/keyrings/ubuntu-archive-keyring.gpg -k
/usr/share/keyrings/ubuntu-archive-keyring.gpg
----------------------------------------------
pub   rsa4096 2012-05-11 [SC]
      790BC7277767219C42C86F933B4FE6ACC0B21F32
uid           [ unknown] Ubuntu Archive Automatic Signing Key (2012) 
<ftpmas...@ubuntu.com>

pub   rsa4096 2012-05-11 [SC]
      843938DF228D22F7B3742BC0D94AA3F0EFE21092
uid           [ unknown] Ubuntu CD Image Automatic Signing Key (2012) 
<cdim...@ubuntu.com>

pub   rsa4096 2018-09-17 [SC]
      F6ECB3762474EDA9D21B7022871920D1991BC93C
uid           [ unknown] Ubuntu Archive Automatic Signing Key (2018) 
<ftpmas...@ubuntu.com>


No keys are removed, and only the 2018 key added as a snippet and in the 
keyring.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1798073

Title:
  [SRU] Provide 2018 archive signing key on stable releases

Status in ubuntu-keyring package in Ubuntu:
  Fix Released
Status in ubuntu-keyring source package in Bionic:
  Fix Committed

Bug description:
  [Impact]

   * For LTS releases to be able to bootstrap dual and single signed
  future releases, and validate all signatures, 2018 archive signing key
  should be SRUed back

   * Also build process has improved documentation and vague validation
  that all key snippets are signed correctly

  [Test Case]

   * $ apt-key list
  ...
  /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
  ------------------------------------------------------
  pub   rsa4096 2018-09-17 [SC]
        F6EC B376 2474 EDA9 D21B  7022 8719 20D1 991B C93C
  uid           [ unknown] Ubuntu Archive Automatic Signing Key (2018) 
<ftpmas...@ubuntu.com>
  ...

  apt-key list should contain the 2018 archive key.

  [Regression Potential]

   * Build-process, key algo, and key size, and file format are the same
  as previous key snippets thus supported by all of gpg1 gpg2 gpgv1
  gpgv2.

  [Other Info]

   * 2018 key is to be used for dual-signing in DD series and up

   * Bileto PPA is built against security pocket only, suitable to be
  released into both -security and -updates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-keyring/+bug/1798073/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1798073] Re: [SRU] Provide 2018 archive signing key on stable releases

Reply via email to