diffstat of debian/ for ubuntu-keyring_2018.02.06-1 ubuntu-keyring_2018.02.28 README.Debian | 11 --- README.source | 15 +++++ changelog | 120 +++++++++++++++--------------------------- compat | 2 config | 11 --- control | 53 ++++++++++++++---- copyright | 59 ++++++++------------ docs | 1 install | 1 po/POTFILES.in | 1 po/templates.pot | 42 -------------- postinst | 35 ------------ postrm | 19 ------ rules | 25 ++++++-- source/format | 1 templates | 12 ---- tests/checkgpg | 11 --- tests/control | 2 ubuntu-cloud-keyring.install | 3 + ubuntu-cloud-keyring.postinst | 18 ++++++ ubuntu-dbgsym-keyring.install | 3 + ubuntu-keyring-udeb.install | 1 ubuntu-keyring-udeb.postinst | 6 ++ ubuntu-keyring.install | 7 ++ ubuntu-keyring.postinst | 18 ++++++ 25 files changed, 201 insertions(+), 276 deletions(-) diff -Nru ubuntu-keyring-2018.02.06/debian/README.Debian ubuntu-keyring-2018.02.28/debian/README.Debian --- ubuntu-keyring-2018.02.06/debian/README.Debian 2018-12-22 02:17:28.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/README.Debian 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -ubuntu-archive-keyring for Debian ---------------------------------- - - This package does not enable Ubuntu's GPG keys as system trusted keyring by - default (since 2016.05.13-2). If you want to do so, run below command. - . - # dpkg-reconfigure --priority=low ubuntu-archive-keyring - . - However, it is not recommended because not necessary in most cases. - - -- Hideki Yamane Wed, 29 Aug 2018 16:30:23 +0900 diff -Nru ubuntu-keyring-2018.02.06/debian/README.source ubuntu-keyring-2018.02.28/debian/README.source --- ubuntu-keyring-2018.02.06/debian/README.source 1970-01-01 00:00:00.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/README.source 2016-09-19 18:14:35.000000000 +0000 @@ -0,0 +1,15 @@ +The fingerprints currently in use by The Ubuntu Project are currently +listed at: + + https://wiki.ubuntu.com/SecurityTeam/FAQ#GPG_Keys_used_by_Ubuntu + +The sha512sums of the keyrings and fragments can be verified using: + + $ gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --decrypt SHA512SUMS.txt.asc | sha512sum -c - + $ gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --decrypt md5sums.txt | md5sum -c - + +It is left as an excercise to the reader to establish trust path to +the Debian Project strongly connect set of keys. + + + -- Dimitri John Ledkov , Mon, 19 Sep 2016 19:14:35 +0100 diff -Nru ubuntu-keyring-2018.02.06/debian/changelog ubuntu-keyring-2018.02.28/debian/changelog --- ubuntu-keyring-2018.02.06/debian/changelog 2018-12-22 02:17:28.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/changelog 2018-02-28 16:31:17.000000000 +0000 @@ -1,98 +1,66 @@ -ubuntu-keyring (2018.02.06-1) unstable; urgency=medium +ubuntu-keyring (2018.02.28) bionic; urgency=medium - [ Hideki Yamane ] - * New upstream version 2018.02.06 + * Drop Depends|Recommends on gpgv/gpg, as the package is purely static + keyring. The maintainer scripts are there only for the upgrade cases, + which fail gracefully in the absence of the optional tools. - [ Ondřej Nový ] - * d/copyright: Use https protocol in Format field - * d/changelog: Remove trailing whitespaces + -- Dimitri John Ledkov Wed, 28 Feb 2018 16:31:17 +0000 - -- Hideki Yamane Sat, 22 Dec 2018 11:17:28 +0900 +ubuntu-keyring (2018.02.06) bionic; urgency=medium -ubuntu-keyring (2016.05.13-2) unstable; urgency=medium + * Add the cloud simple streams signing key, in addition to the cloud + image signing key. + * Add a compat, dummy migration package for ubuntu-cloudimage-keyring. - [ Hideki Yamane ] - * debian/control - - add Vcs-* - - set Build-Depends: debhelper (>= 11) - - set Standards-Version: 4.2.1 - - add Build-Depends: po-debconf - * debian/compat - - set 11 - * debian/copyright - - eliminate "global-files-wildcard-not-first-paragraph-in-dep5-copyright" - lintian warning - - use https - * Use debconf to not enable ubuntu-archive-keyring as trusted GPG key by - default. It should be enebled by user's intention (Closes: #826558) - * Add README.Debian about above change + -- Dimitri John Ledkov Tue, 06 Feb 2018 17:15:58 +0000 - -- Hideki Yamane Wed, 29 Aug 2018 16:34:00 +0900 +ubuntu-keyring (2018.02.05) bionic; urgency=medium -ubuntu-keyring (2016.05.13-1) unstable; urgency=medium + * Ship the current ubuntu-cloudimage-keyring in the ubuntu-keyring + package. LP: #1331057 + * Ship ubuntu-cloud-keyring for Cloud Archive signing keys, as a + separate keyring in /etc/apt/trusted.gpg.d/, and remove it from the + trusted.gpg keyring as no longer needed to be there. + * Ship ubuntu-dgbsym key + * Specify udeb Package-Type and bump priority to standard. + * Bump standards version - * New upstream release - * debian/control - - add Conflicts: ubuntu-keyring since some people who put it into Debian - from Ubuntu cannot install ubuntu-archive-keyring package - (Closes: #823775) - - set Standards-Version: 3.9.8 - * debian/post{inst,rm} - - simply it. - - create symlink keyrings to /etc/apt/trusted.gpg.d/ (Closes: #823776) - Thanks to Konstantin Demin for the suggestion. + -- Dimitri John Ledkov Wed, 17 Jan 2018 16:01:45 +0000 - -- Hideki Yamane Sat, 04 Jun 2016 21:24:14 +0900 +ubuntu-keyring (2016.10.27) zesty; urgency=medium -ubuntu-keyring (2012.05.19-5) unstable; urgency=medium + * Drop 1024D key fragments. LP: #1363482 + * Remove 1024D keys from ubuntu-archive-keyring. + * Add 1024D keys to ubuntu-archive-removed-keys.gpg. + * Remove the md5sums.asc file, no longer valid. + * Regenerate SHA512SUMS.txt.asc file. - * debian/postrm - - fix "postrm called with unknown argument `upgrade'" (Closes: #813259) + -- Dimitri John Ledkov Thu, 27 Oct 2016 15:31:35 +0100 - -- Hideki Yamane Mon, 01 Feb 2016 21:54:21 +0900 +ubuntu-keyring (2016.09.19) yakkety; urgency=medium -ubuntu-keyring (2012.05.19-4) unstable; urgency=medium + * Ship each active key in a separate keyring in /etc/apt/trusted.gpg.d/ + as conffiles for simpler usage of apt-secure(8). + * Remove all active keys from /etc/apt/trusted.gpg as they are shipped + now as fragment files. + * Depend on gpgv and only recommend gnupg. + * Stop calling apt-key update LP: #1619444 + * Generate SHA512SUMS.txt.asc file, signed by me, and verified against + debian-keyring at build time as a weak consistency check. - * debian/postinst - - fix regression that introduced in 2012.05.19-3 + -- Dimitri John Ledkov Fri, 16 Sep 2016 14:36:10 +0100 - -- Hideki Yamane Sun, 03 Jan 2016 15:44:17 +0900 +ubuntu-keyring (2016.09.01) yakkety; urgency=medium -ubuntu-keyring (2012.05.19-3) unstable; urgency=medium + * Depend on "gnupg | gnupg1". LP: #1615039 - * debian/postinst - - fix lintian "command-with-path-in-maintainer-script" warning, - see https://www.debian.org/doc/manuals/developers-reference/best-pkging-practices.html#bpp-debian-maint-scripts - for the reference. + -- Dimitri John Ledkov Thu, 01 Sep 2016 18:44:10 +0100 - -- Hideki Yamane Wed, 06 May 2015 21:40:18 +0900 +ubuntu-keyring (2016.05.13) yakkety; urgency=medium -ubuntu-keyring (2012.05.19-2) unstable; urgency=medium + * Depend on "gnupg | gnupg2" for apt-key now that apt itself doesn't. - * debian/control - - set Standards-Version: 3.9.6 - * debian/copyright - - fix "space-in-std-shortname-in-dep5-copyright" lintian warning - - -- Hideki Yamane Sat, 24 Jan 2015 21:38:33 +0900 - -ubuntu-keyring (2012.05.19-1) unstable; urgency=medium - - * Imported to Debian (Closes: #457899) - - not make udeb package, remove ubuntu-keyring-udeb.postinst and more. - - set binary package name as ubuntu-archive-keyring - - rewrite debian/rules to modern dh style - + add debian/compat and debian/source/format - - debian/postinst - + fix lintian warning: hardcoded path - + don't touch /etc/apt/trusted.gpg permission - + add debhelper token - + set -e - - add debian/postrm - - debian/copyright - + format it as Machine-readable debian/copyright file 1.0 - - -- Hideki Yamane Mon, 23 Dec 2013 11:54:55 +0900 + -- Adam Conrad Fri, 13 May 2016 14:59:35 -0600 ubuntu-keyring (2012.05.19) quantal; urgency=low @@ -173,7 +141,7 @@ * keyrings/ubuntu-master-keyring.gpg: - added new master signing key * debian/rules: - - install keyrings/ubuntu-master-keyring.gpg + - install keyrings/ubuntu-master-keyring.gpg -- Michael Vogt Wed, 16 Jan 2008 17:33:10 +0100 diff -Nru ubuntu-keyring-2018.02.06/debian/compat ubuntu-keyring-2018.02.28/debian/compat --- ubuntu-keyring-2018.02.06/debian/compat 2018-12-22 02:17:28.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/compat 2018-02-01 08:39:28.000000000 +0000 @@ -1 +1 @@ -11 +10 diff -Nru ubuntu-keyring-2018.02.06/debian/config ubuntu-keyring-2018.02.28/debian/config --- ubuntu-keyring-2018.02.06/debian/config 2018-12-22 02:17:28.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/config 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -#!/bin/sh - -set -e - -. /usr/share/debconf/confmodule -db_version 2.0 - -db_input low ubuntu-archive-keyring/keyring || true -db_go - -exit 0 diff -Nru ubuntu-keyring-2018.02.06/debian/control ubuntu-keyring-2018.02.28/debian/control --- ubuntu-keyring-2018.02.06/debian/control 2018-12-22 02:17:28.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/control 2018-02-28 16:31:13.000000000 +0000 @@ -1,20 +1,51 @@ Source: ubuntu-keyring Section: misc Priority: optional -Maintainer: Hideki Yamane -Build-Depends: debhelper (>= 11), po-debconf -Standards-Version: 4.2.1 -Homepage: https://launchpad.net/ubuntu/+source/ubuntu-keyring -Vcs-Git: https://salsa.debian.org/debian/ubuntu-keyring.git -Vcs-Browser: https://salsa.debian.org/debian/ubuntu-keyring +Maintainer: Dimitri John Ledkov +Standards-Version: 4.1.3 +Build-Depends: gnupg, debian-keyring, debhelper (>= 10) -Package: ubuntu-archive-keyring +Package: ubuntu-keyring +Priority: important Architecture: all Multi-Arch: foreign -Pre-Depends: debconf -Depends: ${misc:Depends} -Recommends: gpgv -Conflicts: ubuntu-keyring +Breaks: ubuntu-cloudimage-keyring (<< 2018.02.05) +Replaces: ubuntu-cloudimage-keyring (<< 2018.02.05) Description: GnuPG keys of the Ubuntu archive The Ubuntu project digitally signs its Release files. This package contains the archive keys used for that. + +Package: ubuntu-keyring-udeb +Package-Type: udeb +Priority: standard +Architecture: all +Section: debian-installer +Recommends: gpgv-udeb +Description: GnuPG keys of the Ubuntu archive + The Ubuntu project digitally signs its Release files. This package + contains the archive keys used for that, in a minimal form for use + in the installer. + +Package: ubuntu-cloud-keyring +Priority: optional +Architecture: all +Description: GnuPG keys of the Ubuntu Cloud Archive + The Ubuntu project digitally signs its Release files. This package + contains the archive keys used for the ubuntu-cloud.archive.canonical.com + repository. + +Package: ubuntu-dbgsym-keyring +Priority: optional +Architecture: all +Description: GnuPG keys of the Ubuntu Debug Symbols Archive + The Ubuntu project digitally signs its Release files. This package + contains the archive keys used for the ddebs.ubuntu.com repository. + +Package: ubuntu-cloudimage-keyring +Priority: optional +Architecture: all +Multi-Arch: foreign +Depends: ubuntu-keyring (>= 2018.02.06) +Description: dummy transitional package for GnuPG keys of cloudimage keyring + This package can be safely removed, as cloudimage keyring is now + shipped in the ubuntu-keyring package diff -Nru ubuntu-keyring-2018.02.06/debian/copyright ubuntu-keyring-2018.02.28/debian/copyright --- ubuntu-keyring-2018.02.06/debian/copyright 2018-12-22 02:17:28.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/copyright 2010-05-27 16:53:12.000000000 +0000 @@ -1,34 +1,25 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: ubuntu-keyring -Upstream-Contact: michael.vogt@canonical.com -Source: https://launchpad.net/ubuntu/+source/ubuntu-keyring - -Files: * -Copyright: 1998-2004 James Troup - 2004-2012 Michael Vogt - 2013-2018 Hideki Yamane -License: GPL-2+ - This program is free software; you can redistribute it - and/or modify it under the terms of the GNU General Public - License as published by the Free Software Foundation; either - version 2 (or later) of the License. - . - This program is distributed in the hope that it will be - useful, but WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR - PURPOSE. See the GNU General Public License for more - details. - . - You should have received a copy of the GNU General Public - License along with this package; if not, write to the Free - Software Foundation, Inc., 51 Franklin St, Fifth Floor, - Boston, MA 02110-1301 USA - . - On Debian systems, the full text of the GNU General Public - License version 2 can be found in the file - `/usr/share/common-licenses/GPL-2'. - -Files: keyrings/* -Copyright: no copyright (it's just a archive of GPG public keys) -License: public-domain - The keys in the keyrings don't fall under any copyright. +This is Ubuntu GNU's GnuPG keyrings of archive keys. + +This package was originally put together by Michael Vogt + + +The keys in the keyrings don't fall under any copyright. Everything +else in the package is covered by the GNU GPL. + +Ubuntu support files Copyright (C) 2004 Michael Vogt based on the debian-keyring package maintained by James Troup + +Ubuntu support files for ubuntu-keyring are free software; you can +redistribute them and/or modify them under the terms of the GNU +General Public License as published by the Free Software Foundation; +either version 2, or (at your option) any later version. + +Ubuntu support files for ubuntu-keyring are distributed in the hope +that they will be useful, but WITHOUT ANY WARRANTY; without even the +implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License with +your Ubuntu system, in /usr/share/common-licenses/GPL, or with the +Ubuntu GNU ubuntu-keyring source package as the file COPYING. If not, +write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth +Floor, Boston, MA 02110-1301 USA. diff -Nru ubuntu-keyring-2018.02.06/debian/docs ubuntu-keyring-2018.02.28/debian/docs --- ubuntu-keyring-2018.02.06/debian/docs 2018-12-22 02:17:28.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/docs 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -SHA512SUMS.txt.asc diff -Nru ubuntu-keyring-2018.02.06/debian/install ubuntu-keyring-2018.02.28/debian/install --- ubuntu-keyring-2018.02.06/debian/install 2018-12-22 02:17:28.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/install 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -keyrings/*.gpg usr/share/keyrings/ diff -Nru ubuntu-keyring-2018.02.06/debian/po/POTFILES.in ubuntu-keyring-2018.02.28/debian/po/POTFILES.in --- ubuntu-keyring-2018.02.06/debian/po/POTFILES.in 2018-12-22 02:17:28.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/po/POTFILES.in 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -[type: gettext/rfc822deb] templates diff -Nru ubuntu-keyring-2018.02.06/debian/po/templates.pot ubuntu-keyring-2018.02.28/debian/po/templates.pot --- ubuntu-keyring-2018.02.06/debian/po/templates.pot 2018-12-22 02:17:28.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/po/templates.pot 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ -# SOME DESCRIPTIVE TITLE. -# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER -# This file is distributed under the same license as the ubuntu-keyring package. -# FIRST AUTHOR , YEAR. -# -#, fuzzy -msgid "" -msgstr "" -"Project-Id-Version: ubuntu-keyring\n" -"Report-Msgid-Bugs-To: ubuntu-keyring@packages.debian.org\n" -"POT-Creation-Date: 2018-12-26 10:12+0900\n" -"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -"Last-Translator: FULL NAME \n" -"Language-Team: LANGUAGE \n" -"Language: \n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=CHARSET\n" -"Content-Transfer-Encoding: 8bit\n" - -#. Type: multiselect -#. Description -#: ../templates:1001 -msgid "Which keyring is trusted GPG key used by apt to authenticate packages?" -msgstr "" - -#. Type: multiselect -#. Description -#: ../templates:1001 -msgid "" -"If you want to use Ubuntu archive as same as Debian archive in some " -"situation (e.g. chdist from devscripts package), you should enable ubuntu-" -"archive-keyring as whole system trusted GPG key (and also ubuntu-archive-" -"removed-keys for obsolete Ubuntu archive)." -msgstr "" - -#. Type: multiselect -#. Description -#: ../templates:1001 -msgid "" -"However, note that adding those keyring as system trusted key is not " -"necessary in most cases (e.g. debootstrap) and may be a risk for your system." -msgstr "" diff -Nru ubuntu-keyring-2018.02.06/debian/postinst ubuntu-keyring-2018.02.28/debian/postinst --- ubuntu-keyring-2018.02.06/debian/postinst 2018-12-22 02:17:28.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/postinst 1970-01-01 00:00:00.000000000 +0000 @@ -1,35 +0,0 @@ -#!/bin/sh - -set -e - -case "$1" in - install|configure) - - . /usr/share/debconf/confmodule - db_version 2.0 - db_get ubuntu-archive-keyring/keyring - - if [ -n "$RET" ]; then - for keyring in "$RET" - do - rm -f /etc/apt/trusted.gpg.d/"$keyring".gpg - ln -sf /usr/share/keyrings/"$keyring".gpg /etc/apt/trusted.gpg.d/ - done - fi - - db_stop - - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -#DEBHELPER# - -exit 0 diff -Nru ubuntu-keyring-2018.02.06/debian/postrm ubuntu-keyring-2018.02.28/debian/postrm --- ubuntu-keyring-2018.02.06/debian/postrm 2018-12-22 02:17:28.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/postrm 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ -#!/bin/sh - -set -e - -case "$1" in - purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) - - rm -f /etc/apt/trusted.gpg.d/ubuntu-archive-keyring.gpg \ - /etc/apt/trusted.gpg.d/ubuntu-archive-removed-keys.gpg - ;; - *) - echo "postrm called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -#DEBHELPER# - -exit 0 diff -Nru ubuntu-keyring-2018.02.06/debian/rules ubuntu-keyring-2018.02.28/debian/rules --- ubuntu-keyring-2018.02.06/debian/rules 2018-12-22 02:17:28.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/rules 2018-02-01 13:31:22.000000000 +0000 @@ -1,13 +1,24 @@ #!/usr/bin/make -f -# Uncomment this to turn on verbose mode. -#export DH_VERBOSE=1 %: dh $@ -override_dh_installchangelogs: - dh_installchangelogs -Xchangelog +binary: checkkeyrings -override_dh_clean: - dh_clean - debconf-updatepo +regenerate-key-fragments: + rm -f keyrings/ubuntu-keyring-*.gpg + gpg --no-default-keyring --keyring ./keyrings/ubuntu-archive-keyring.gpg --output keyrings/ubuntu-keyring-2012-archive.gpg --export 0x790BC7277767219C42C86F933B4FE6ACC0B21F32 + gpg --no-default-keyring --keyring ./keyrings/ubuntu-archive-keyring.gpg --output keyrings/ubuntu-keyring-2012-cdimage.gpg --export 0x843938DF228D22F7B3742BC0D94AA3F0EFE21092 + gpg --no-default-keyring --keyring ./keyrings/ubuntu-cloud-keyring.gpg --output keyrings/ubuntu-keyring-2012-cloud-archive.gpg --export 0x391A9AA2147192839E9DB0315EDB1B62EC4926EA + gpg --no-default-keyring --keyring ./keyrings/ubuntu-dbgsym-keyring.gpg --output keyrings/ubuntu-keyring-2016-dbgsym.gpg --export 0xF2EDC64DC5AEE1F6B9C621F0C8CAB6595FDFF622 + sha512sum keyrings/*.gpg | gpg --clearsign > SHA512SUMS.txt.asc + +#TODO this does not check for *missing* / extra files not part of the checksum file +checkkeyrings: + HOME=$(CURDIR) gpg --no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg --decrypt SHA512SUMS.txt.asc | sha512sum -c - + rm -rf .gnupg/ + +override_dh_installdeb: + dh_installdeb + # currently all keyring snippets are _not_ conffiles, keep it that way. + rm -f debian/*/DEBIAN/conffiles diff -Nru ubuntu-keyring-2018.02.06/debian/source/format ubuntu-keyring-2018.02.28/debian/source/format --- ubuntu-keyring-2018.02.06/debian/source/format 2018-12-22 02:17:28.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/source/format 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -3.0 (quilt) diff -Nru ubuntu-keyring-2018.02.06/debian/templates ubuntu-keyring-2018.02.28/debian/templates --- ubuntu-keyring-2018.02.06/debian/templates 2018-12-22 02:17:28.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/templates 1970-01-01 00:00:00.000000000 +0000 @@ -1,12 +0,0 @@ -Template: ubuntu-archive-keyring/keyring -Type: multiselect -Choices: ubuntu-archive-keyring, ubuntu-archive-removed-keys -Default: -_Description: Which keyring is trusted GPG key used by apt to authenticate packages? - If you want to use Ubuntu archive as same as Debian archive in some situation - (e.g. chdist from devscripts package), you should enable - ubuntu-archive-keyring as whole system trusted GPG key (and also - ubuntu-archive-removed-keys for obsolete Ubuntu archive). - . - However, note that adding those keyring as system trusted key is not - necessary in most cases (e.g. debootstrap) and may be a risk for your system. diff -Nru ubuntu-keyring-2018.02.06/debian/tests/checkgpg ubuntu-keyring-2018.02.28/debian/tests/checkgpg --- ubuntu-keyring-2018.02.06/debian/tests/checkgpg 2018-12-22 02:17:28.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/tests/checkgpg 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -#!/bin/sh - -pkg="ubuntu-archive-keyring" -trusted_keyid="CAC2D8B9CD2CA5F9" - -(cd /usr/share; \ -gpg --no-default-keyring \ - --keyring /usr/share/keyrings/debian-keyring.gpg \ - --trusted-key "$trusted_keyid" \ - --no-auto-check-trustdb \ - --decrypt "/usr/share/doc/$pkg/SHA512SUMS.txt.asc" | sha512sum -c -) diff -Nru ubuntu-keyring-2018.02.06/debian/tests/control ubuntu-keyring-2018.02.28/debian/tests/control --- ubuntu-keyring-2018.02.06/debian/tests/control 2018-12-22 02:17:28.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/tests/control 1970-01-01 00:00:00.000000000 +0000 @@ -1,2 +0,0 @@ -Tests: checkgpg -Depends: @, gnupg, debian-keyring diff -Nru ubuntu-keyring-2018.02.06/debian/ubuntu-cloud-keyring.install ubuntu-keyring-2018.02.28/debian/ubuntu-cloud-keyring.install --- ubuntu-keyring-2018.02.06/debian/ubuntu-cloud-keyring.install 1970-01-01 00:00:00.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/ubuntu-cloud-keyring.install 2018-02-01 13:34:25.000000000 +0000 @@ -0,0 +1,3 @@ +keyrings/ubuntu-keyring-2012-cloud-archive.gpg etc/apt/trusted.gpg.d/ +keyrings/ubuntu-cloud-keyring.gpg usr/share/keyrings/ +keyrings/ubuntu-cloud-removed-keys.gpg usr/share/keyrings/ diff -Nru ubuntu-keyring-2018.02.06/debian/ubuntu-cloud-keyring.postinst ubuntu-keyring-2018.02.28/debian/ubuntu-cloud-keyring.postinst --- ubuntu-keyring-2018.02.06/debian/ubuntu-cloud-keyring.postinst 1970-01-01 00:00:00.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/ubuntu-cloud-keyring.postinst 2018-02-01 08:57:12.000000000 +0000 @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +if [ "$1" = 'configure' -a -n "$2" ]; then + # remove keys from the trusted.gpg file as they are now shipped in fragment files in trusted.gpg.d + if dpkg --compare-versions "$2" 'lt' "2018.02.01" && which gpg > /dev/null && which apt-key > /dev/null; then + TRUSTEDFILE='/etc/apt/trusted.gpg' + eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring) + eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f) + if [ -e "$TRUSTEDFILE" ]; then + for KEY in 5EDB1B62EC4926EA; do + apt-key --keyring "$TRUSTEDFILE" del $KEY > /dev/null 2>&1 || : + done + fi + fi +fi + diff -Nru ubuntu-keyring-2018.02.06/debian/ubuntu-dbgsym-keyring.install ubuntu-keyring-2018.02.28/debian/ubuntu-dbgsym-keyring.install --- ubuntu-keyring-2018.02.06/debian/ubuntu-dbgsym-keyring.install 1970-01-01 00:00:00.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/ubuntu-dbgsym-keyring.install 2018-02-01 12:54:50.000000000 +0000 @@ -0,0 +1,3 @@ +keyrings/ubuntu-keyring-2016-dbgsym.gpg etc/apt/trusted.gpg.d/ +keyrings/ubuntu-dbgsym-keyring.gpg usr/share/keyrings/ +keyrings/ubuntu-dbgsym-removed-keys.gpg usr/share/keyrings/ diff -Nru ubuntu-keyring-2018.02.06/debian/ubuntu-keyring-udeb.install ubuntu-keyring-2018.02.28/debian/ubuntu-keyring-udeb.install --- ubuntu-keyring-2018.02.06/debian/ubuntu-keyring-udeb.install 1970-01-01 00:00:00.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/ubuntu-keyring-udeb.install 2018-02-01 08:50:39.000000000 +0000 @@ -0,0 +1 @@ +keyrings/ubuntu-archive-keyring.gpg usr/share/keyrings/ diff -Nru ubuntu-keyring-2018.02.06/debian/ubuntu-keyring-udeb.postinst ubuntu-keyring-2018.02.28/debian/ubuntu-keyring-udeb.postinst --- ubuntu-keyring-2018.02.06/debian/ubuntu-keyring-udeb.postinst 1970-01-01 00:00:00.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/ubuntu-keyring-udeb.postinst 2010-05-27 16:53:12.000000000 +0000 @@ -0,0 +1,6 @@ +#!/bin/sh +set -e +DIR=/usr/share/keyrings +if [ ! -e $DIR/archive.gpg ]; then + ln -s ubuntu-archive-keyring.gpg $DIR/archive.gpg +fi diff -Nru ubuntu-keyring-2018.02.06/debian/ubuntu-keyring.install ubuntu-keyring-2018.02.28/debian/ubuntu-keyring.install --- ubuntu-keyring-2018.02.06/debian/ubuntu-keyring.install 1970-01-01 00:00:00.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/ubuntu-keyring.install 2018-02-05 14:45:04.000000000 +0000 @@ -0,0 +1,7 @@ +keyrings/ubuntu-keyring-2012-archive.gpg etc/apt/trusted.gpg.d/ +keyrings/ubuntu-keyring-2012-cdimage.gpg etc/apt/trusted.gpg.d/ +keyrings/ubuntu-archive-keyring.gpg usr/share/keyrings/ +keyrings/ubuntu-archive-removed-keys.gpg usr/share/keyrings/ +keyrings/ubuntu-master-keyring.gpg usr/share/keyrings/ +keyrings/ubuntu-cloudimage-keyring.gpg usr/share/keyrings/ +keyrings/ubuntu-cloudimage-removed-keys.gpg usr/share/keyrings/ diff -Nru ubuntu-keyring-2018.02.06/debian/ubuntu-keyring.postinst ubuntu-keyring-2018.02.28/debian/ubuntu-keyring.postinst --- ubuntu-keyring-2018.02.06/debian/ubuntu-keyring.postinst 1970-01-01 00:00:00.000000000 +0000 +++ ubuntu-keyring-2018.02.28/debian/ubuntu-keyring.postinst 2016-09-19 18:11:40.000000000 +0000 @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +if [ "$1" = 'configure' -a -n "$2" ]; then + # remove keys from the trusted.gpg file as they are now shipped in fragment files in trusted.gpg.d + if dpkg --compare-versions "$2" 'lt' "2016.09.19" && which gpg > /dev/null && which apt-key > /dev/null; then + TRUSTEDFILE='/etc/apt/trusted.gpg' + eval $(apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring) + eval $(apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f) + if [ -e "$TRUSTEDFILE" ]; then + for KEY in 40976EAF437D05B5 46181433FBB75451 3B4FE6ACC0B21F32 D94AA3F0EFE21092; do + apt-key --keyring "$TRUSTEDFILE" del $KEY > /dev/null 2>&1 || : + done + fi + fi +fi +