Hi, Here's a proposal debdiff patch for ubuntu-archive-keyring. Could you check it, please?
diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..d48f552 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,11 @@ +ubuntu-archive-keyring for Debian +--------------------------------- + + This package does not enable Ubuntu's GPG keys as system trusted keyring by + default (since 2016.05.13-2). If you want to do so, run below command. + . + # dpkg-reconfigure --priority=low ubuntu-archive-keyring + . + However, it is not recommended because not necessary in most cases. + + -- Hideki Yamane <henr...@debian.org> Wed, 29 Aug 2018 16:30:23 +0900 diff --git a/debian/changelog b/debian/changelog index b3e2cba..8adc382 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,22 @@ +ubuntu-keyring (2016.05.13-2) unstable; urgency=medium + + * debian/control + - add Vcs-* + - set Build-Depends: debhelper (>= 11) + - set Standards-Version: 4.2.1 + - add Build-Depends: po-debconf + * debian/compat + - set 11 + * debian/copyright + - eliminate "global-files-wildcard-not-first-paragraph-in-dep5-copyright" + lintian warning + - use https + * Use debconf to not enable ubuntu-archive-keyring as trusted GPG key by + default. It should be enebled by user's intention (Closes: #826558) + * Add README.Debian about above change + + -- Hideki Yamane <henr...@debian.org> Wed, 29 Aug 2018 16:34:00 +0900 + ubuntu-keyring (2016.05.13-1) unstable; urgency=medium * New upstream release diff --git a/debian/compat b/debian/compat index ec63514..b4de394 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -9 +11 diff --git a/debian/config b/debian/config new file mode 100644 index 0000000..249fdfd --- /dev/null +++ b/debian/config @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule +db_version 2.0 + +db_input low ubuntu-archive-keyring/keyring || true +db_go + +exit 0 diff --git a/debian/control b/debian/control index 435b806..0a8f459 100644 --- a/debian/control +++ b/debian/control @@ -2,13 +2,16 @@ Source: ubuntu-keyring Section: misc Priority: optional Maintainer: Hideki Yamane <henr...@debian.org> -Build-Depends: debhelper (>= 9) -Standards-Version: 3.9.8 +Build-Depends: debhelper (>= 11), po-debconf +Standards-Version: 4.2.1 Homepage: https://launchpad.net/ubuntu/+source/ubuntu-keyring +Vcs-Git: https://salsa.debian.org/debian/ubuntu-keyring.git +Vcs-Browser: https://salsa.debian.org/debian/ubuntu-keyring Package: ubuntu-archive-keyring Architecture: all Multi-Arch: foreign +Pre-Depends: debconf Depends: ${misc:Depends} Recommends: gpgv Conflicts: ubuntu-keyring diff --git a/debian/copyright b/debian/copyright index e36086e..c6df047 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,17 +1,12 @@ -Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: ubuntu-keyring Upstream-Contact: michael.v...@canonical.com Source: https://launchpad.net/ubuntu/+source/ubuntu-keyring -Files: keyrings/* -Copyright: no copyright (it's just a archive of GPG public keys) -License: public-domain - The keys in the keyrings don't fall under any copyright. - Files: * Copyright: 1998-2004 James Troup <james.tr...@canonical.com> 2004-2012 Michael Vogt <michael.v...@canonical.com> - 2013 Hideki Yamane <henr...@debian.org> + 2013-2018 Hideki Yamane <henr...@debian.org> License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public @@ -33,3 +28,7 @@ License: GPL-2+ License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'. +Files: keyrings/* +Copyright: no copyright (it's just a archive of GPG public keys) +License: public-domain + The keys in the keyrings don't fall under any copyright. diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 0000000..cef83a3 --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] templates diff --git a/debian/po/templates.pot b/debian/po/templates.pot new file mode 100644 index 0000000..b7ae6d5 --- /dev/null +++ b/debian/po/templates.pot @@ -0,0 +1,42 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the ubuntu-keyring package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: ubuntu-keyring\n" +"Report-Msgid-Bugs-To: ubuntu-keyr...@packages.debian.org\n" +"POT-Creation-Date: 2018-08-29 16:28+0900\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <l...@li.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: multiselect +#. Description +#: ../templates:1001 +msgid "Select keyring as whole system trusted GPG key" +msgstr "" + +#. Type: multiselect +#. Description +#: ../templates:1001 +msgid "" +"If you want to use Ubuntu archive as same as Debian archive in some " +"situation (e.g. chdist from devscripts package), you should enable ubuntu-" +"archive-keyring as system trusted GPG key (and also ubuntu-archive-removed-" +"keys for obsolete Ubuntu archive)." +msgstr "" + +#. Type: multiselect +#. Description +#: ../templates:1001 +msgid "" +"However, note that adding those keyring as system trusted key is not " +"necessary in most cases (e.g. debootstrap) and may be a risk for your system." +msgstr "" diff --git a/debian/postinst b/debian/postinst index 0f914e4..9cdc7ff 100644 --- a/debian/postinst +++ b/debian/postinst @@ -2,10 +2,33 @@ set -e -for keyring in ubuntu-archive-keyring ubuntu-archive-removed-keys -do - ln -sf /usr/share/keyrings/$keyring.gpg /etc/apt/trusted.gpg.d/ -done +case "$1" in + install|configure) + + . /usr/share/debconf/confmodule + db_version 2.0 + db_get ubuntu-archive-keyring/keyring + + if [ -n "$RET" ]; then + for keyring in "$RET" + do + rm -f /etc/apt/trusted.gpg.d/"$keyring".gpg + ln -sf /usr/share/keyrings/"$keyring".gpg /etc/apt/trusted.gpg.d/ + done + fi + + db_stop + + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac #DEBHELPER# diff --git a/debian/postrm b/debian/postrm index 4cb5fe6..c8e79ec 100644 --- a/debian/postrm +++ b/debian/postrm @@ -5,10 +5,8 @@ set -e case "$1" in purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) - for keyring in ubuntu-archive-keyring ubuntu-archive-removed-keys - do - rm /etc/apt/trusted.gpg.d/$keyring.gpg || true - done + rm -f /etc/apt/trusted.gpg.d/ubuntu-archive-keyring.gpg \ + /etc/apt/trusted.gpg.d/ubuntu-archive-removed-keys.gpg ;; *) echo "postrm called with unknown argument \`$1'" >&2 diff --git a/debian/rules b/debian/rules index efd9ac0..a980d00 100755 --- a/debian/rules +++ b/debian/rules @@ -7,3 +7,7 @@ override_dh_installchangelogs: dh_installchangelogs -Xchangelog + +override_dh_clean: + dh_clean + debconf-updatepo diff --git a/debian/templates b/debian/templates new file mode 100644 index 0000000..e2209dd --- /dev/null +++ b/debian/templates @@ -0,0 +1,12 @@ +Template: ubuntu-archive-keyring/keyring +Type: multiselect +Choices: ubuntu-archive-keyring, ubuntu-archive-removed-keys +Default: +_Description: Which keyring is trusted GPG key used by apt to authenticate packages? + If you want to use Ubuntu archive as same as Debian archive in some situation + (e.g. chdist from devscripts package), you should enable + ubuntu-archive-keyring as whole system trusted GPG key (and also + ubuntu-archive-removed-keys for obsolete Ubuntu archive). + . + However, note that adding those keyring as system trusted key is not + necessary in most cases (e.g. debootstrap) and may be a risk for your system.