=== frankban|afk is now known as frankban | ||
juliank | cjwatson: Do you think it's possible to have launchpad directly provide us binary GPG public keys for PPAs to store in trusted.gpg.d? Avoids GPG on the client | 14:37 |
---|---|---|
juliank | xnox: ^ here we go | 14:37 |
juliank | It should end in .gpg I think. I have some weird things I'm thinking about regarding TOFU repository adding. :D (list Key URI in Release file, and generalize add-apt-repository) | 14:39 |
xnox | the "best" thing I could come of with, to approximate that is: | 14:39 |
xnox | $ curl 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=<FINGERPRINT>' | gpg --no-default-keyring --import --import-options import-minimal,import-export > /etc/apt/trusted.gpg.d/<FINGERPRINT>.gpg | 14:40 |
xnox | but ideally we would just do a REST call to launchpad, to get a minimal, clean public key. | 14:40 |
cjwatson | juliank: That would be https://bugs.launchpad.net/launchpad/+bug/1667725 . I don't think it's particularly terrible, just needs code | 14:46 |
mup | Bug #1667725: [feature request] make full ppa signing public key available over https <cpe-onsite> <Launchpad itself:New> <https://launchpad.net/bugs/1667725> | 14:46 |
cjwatson | juliank: Why the constraint on the URL? | 14:47 |
juliank | cjwatson: APT supports both .asc and .gpg files (armored and binary); and I'd like to know what I'm fetching. I'm thinking about extending Release files with a "link to key" field. | 14:48 |
cjwatson | Right, but is there any particular reason to have that as an extension-style suffix in the URL? | 14:48 |
cjwatson | We should clearly define which is which. Is there a positive reason to have the binary variant? | 14:48 |
juliank | It does not need to be dearmored on the client side | 14:49 |
juliank | older apts support it | 14:49 |
cjwatson | OK, so you'd actually need to process that? Fair enough | 14:49 |
cjwatson | In which case, is there a positive reason for LP to expose the armoured variant? :) | 14:49 |
juliank | I don't think so. Unless you want to provide human-consumable variants | 14:51 |
cjwatson | I think I care more about having less code | 14:51 |
juliank | :D | 14:52 |
juliank | cjwatson: I don't think we need to worry about the extension, I can encode that differently if I come up with some format | 15:11 |
juliank | (for Release file metadata) | 15:11 |
xnox | the argument that armored is somehow is more human readable, than binary, is dubious -> both look like jibberish; one is simply formatted to be justified. | 16:53 |
xnox | it would be more useful to have the .asc format; if the comments had URLs where one can get the updated new key; or which repository it belongs to. | 16:53 |
cjwatson | This sounds like feature creep. | 17:04 |
=== frankban is now known as frankban|afk | ||
juliank | xnox: not readable, but consumable - e.g. can be copy pasted into something | 19:28 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!