Debian Bug report logs - #1101418
debian-keyring: Update OpenPGP nomenclature usage

version graph

Package: debian-keyring; Maintainer for debian-keyring is Debian Keyring Maintainers <[email protected]>; Source for debian-keyring is src:debian-keyring (PTS, buildd, popcon).

Reported by: Guillem Jover <[email protected]>

Date: Thu, 27 Mar 2025 09:15:01 UTC

Severity: wishlist

Tags: patch

Found in version debian-keyring/2025.03.23

Full log

🔗 View this message in rfc822 format

X-Loop: [email protected]
Subject: Bug#1101418: Please help confirm: Does #1101418 sound like it will break havoc?
Reply-To: "Adam D. Barratt" <[email protected]>, [email protected]
Resent-From: "Adam D. Barratt" <[email protected]>
Resent-To: [email protected]
Resent-CC: Debian Keyring Maintainers <[email protected]>
X-Loop: [email protected]
Resent-Date: Wed, 23 Apr 2025 16:15:01 +0000
Resent-Message-ID: <[email protected]>
Resent-Sender: [email protected]
X-Debian-PR-Message: followup 1101418
X-Debian-PR-Package: debian-keyring
X-Debian-PR-Keywords: patch
References: <[email protected]>  <9a76d31e2cedec4a9fcb13e0f2a8a318f8c1b8c5.camel@adam-barratt.org.uk>  <[email protected]> <[email protected]>
X-Debian-PR-Source: debian-keyring
Received: via spool by [email protected] id=B1101418.17454247972479551
          (code B ref 1101418); Wed, 23 Apr 2025 16:15:01 +0000
Received: (at 1101418) by bugs.debian.org; 23 Apr 2025 16:13:17 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
	(2021-04-09) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=4.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS
	autolearn=ham autolearn_force=no
	version=3.4.6-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 15; hammy, 150; neutral, 197; spammy,
	0. spammytokens: hammytokens:0.000-+--H*u:Evolution,
	0.000-+--H*F:D*adam-barratt.org.uk,
	0.000-+--H*rp:D*adam-barratt.org.uk, 0.000-+--H*M:barratt,
	0.000-+--H*RU:1098
Received: from adsbarratt.vs.mythic-beasts.com ([2a00:1098:86:f9::1]:41652)
	by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
	(Exim 4.94.2)
	(envelope-from <[email protected]>)
	id 1u7cir-00AP28-GU
	for [email protected]; Wed, 23 Apr 2025 16:13:17 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=adam-barratt.org.uk; s=ab20190809; h=MIME-Version:Content-Transfer-Encoding
	:Content-Type:References:In-Reply-To:Date:Cc:To:From:Subject:Message-ID:
	Sender:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:
	List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=ks2ji8HOsP0PLQAQh3OAyc3Y1snsYQeqUl+9LU3ubuA=; b=NiZZPKjXqkoVACrer7e/9Tmg/a
	UeRFRCgMI9ICFShgEZlxYFpZfbRILaRvi8EUNyeRwVEg0ze6ud1gPzpDmczlWB9M6svLsSU0Kpbhc
	jKqwpDzkEdHiUd39gM5la8qeHeEKKQ6PcpVr65Khitb8qpYnOkchmof8BOr/G62Jf5yyOS9y7O06e
	BtnKFFFKaV/DSBZjkBRno6gPqdJe+i9HNRhcRiymV3J4BIEArTb/UnO0Htzgche2PCLuIxKVSdObw
	ODv/u8FPi7ukJz0eme5FRPlV9vkUv/Akj/BXah+OHLO4vBZLK8PhA/K0inFVI0t0SbRluv0gLFVyt
	hOEvoddw==;
Received: from bb.adam-barratt.org.uk ([188.64.38.69]:55288 helo=darzee.fritz.box)
	by adsbarratt.vs.mythic-beasts.com with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
	(Exim 4.96 #2 (Debian))
	(envelope-from <[email protected]>)
	id 1u7cim-001pzb-0m;
	Wed, 23 Apr 2025 17:13:12 +0100
Received: from [::1]
	by darzee with esmtp (Exim 4.96)
	(envelope-from <[email protected]>)
	id 1u7cih-00A7ls-0l;
	Wed, 23 Apr 2025 17:13:07 +0100
Message-ID: <e16bf41498c5ba06c3f3970bf958a0100583c6a4.camel@adam-barratt.org.uk>
From: "Adam D. Barratt" <[email protected]>
To: Guillem Jover <[email protected]>
Cc: Gunnar Wolf <[email protected]>, [email protected], 
 [email protected], Debian Keyring Maintainers
 <[email protected]>
Date: Wed, 23 Apr 2025 17:13:07 +0100
In-Reply-To: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.46.4-2 
MIME-Version: 1.0
X-ADSB-Scan-Signature: 7096da63661227909c5b3a67054cf26c

On Wed, 2025-04-23 at 02:24 +0200, Guillem Jover wrote:
> Hi!
> 
> On Mon, 2025-04-21 at 22:00:09 +0100, Adam D. Barratt wrote:
> 
[...]
> > userdir-ldap maintains its own list of keyrings which are deployed
> > to those hosts requesting them (e.g. ftp-master). While the
> > keyrings are copied from db.d.o to each host via rsync, the
> > preparation of the rsync source area uses Python's shutil.copy(),
> > so AFAICS would follow the new symlinks and continue to deploy
> > *.gpg to var/lib/misc/thishost/ on relevant hosts as real files.
> > That should mean that things would continue to work, but does mean
> > that the rename would *not* propagate to client hosts.
> 
> Ah, then this would seem to be safe to deploy now, and the file types
> problem could be fixed later on. I have had several changes for
> userdir-ldap pending submission, but not this one about
> shutil.copy(), thanks. Will see how to improve that, and then send
> patches for userdir-ldap to DSA (I think I already sent out patches
> for userdir-ldap-cgi).

"Probably". If it doesn't work for some reason, however, the effects
could include things such as dak no longer accepting any uploads from
DDs because it can no longer find their public keys.

I'd therefore be tempted to disable both the "pull" and "push" sides on
db.d.o shortly before the keyring side is deployed, and test them by
hand afterwards.

I can't personally guarantee being around at any particular time this
week though I'm afraid.

> I think though, the other related patch I sent for dsa-puppet, might
> self-heal the symlinks?

Unless I missed a patch, I think it only adds symlinks in the new
names, to the existing .gpg files? If so then it still relies on the
files shipped by ud-ldap being named .gpg.

> Also, (I'm not sure whether I mentioned this before, besides Gunnar),
> something I noticed while trying to make sense how this all works was
> that:
> 
>   * At least on usper.debian.org, the
>     /srv/keyring.debian.org/keyrings/ directory contains a non-
> symlink
>     debian-maintainer.gpg file (missing final «s»).

I think that was me fat-fingering something when testing a while back;
removed.

>   * On keyring.debian.org there's an extra-keys.pgp leftover(?) file,
>     perhaps as part of some old transition?

That I'd have to defer to keyring-maint on.

Regards,

Adam

Send a report that this bug log contains spam.

Debian bug tracking system administrator <[email protected]>. Last modified: Tue May 13 14:37:14 2025; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.