** Changed in: ubuntu-keyring (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1801762
Title:
Dual-signed things should be
Julian - I hadn't realised there are two gpgv's!
Having found apt's own /usr/lib/methods/gpgv
I have been able to create a shell wrapper that can feed it the expected
request headers and parse the response headers to ensure a GPGVOutput:
GOODSIG ...
It's a proof of concept right now; if this
** Tags added: id-5be079b42925080db15a8378
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ubuntu-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1801762
Title:
Dual-signed things should be easy to verify with one key
That wrapper is conceptually wrong. It should be using --status-fd.
I'm in favour of not duplicating that stuff and see if we can reuse the
existing apt code, by moving it into the library and providing a tool in
apt-helper.
--
You received this bug notification because you are a member of
I've created a shell wrapper than might be useful for this called
"gpgpv-multisig" which is a multi-call executable. Given /usr/bin/gpgv-
multisig
ln -s gpgv-multisig /usr/bin/gpgv-aptkeys
and called as 'gpgv-aptkeys' it will assume the keyring to be used is
/etc/apt/trusted.gpg (set by
5 matches
Mail list logo
