public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
* [pve-devel] [RFC proxmox-ve/proxmox-archive-keyring 0/3] split out archive keyring into separate
@ 2020-08-06 15:17 Fabian Grünbichler
  2020-08-06 15:17 ` [pve-devel] [PATCH proxmox-archive-keyring] initial commit Fabian Grünbichler
                   ` (5 more replies)
  0 siblings, 6 replies; 8+ messages in thread
From: Fabian Grünbichler @ 2020-08-06 15:17 UTC (permalink / raw)
  To: pve-devel

with proxmox-ve as proof of concept - the other meta packages shipping
keys should be updated in the fashion if we go down this route.




^ permalink raw reply	[flat|nested] 8+ messages in thread

* [pve-devel] [PATCH proxmox-archive-keyring] initial commit
  2020-08-06 15:17 [pve-devel] [RFC proxmox-ve/proxmox-archive-keyring 0/3] split out archive keyring into separate Fabian Grünbichler
@ 2020-08-06 15:17 ` Fabian Grünbichler
  2020-09-17  9:55   ` [pve-devel] applied: " Thomas Lamprecht
  2020-08-06 15:17 ` [pve-devel] [PATCH proxmox-ve 1/2] remove archive keys from proxmox-ve Fabian Grünbichler
                   ` (4 subsequent siblings)
  5 siblings, 1 reply; 8+ messages in thread
From: Fabian Grünbichler @ 2020-08-06 15:17 UTC (permalink / raw)
  To: pve-devel

taking over from product-specific meta packages, which can now depend on
proxmox-archive-keyring and drop their copies of the keys.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
note: new repo ;)

 Makefile                               |  31 +++++++++++++++++++++++++
 debian/changelog                       |   5 ++++
 debian/compat                          |   1 +
 debian/control                         |  12 ++++++++++
 debian/copyright                       |  21 +++++++++++++++++
 debian/proxmox-archive-keyring.docs    |   1 +
 debian/proxmox-archive-keyring.install |   2 ++
 debian/proxmox-release-buster.gpg      | Bin 0 -> 1202 bytes
 debian/proxmox-release-stretch.gpg     | Bin 0 -> 1181 bytes
 debian/rules                           |  28 ++++++++++++++++++++++
 10 files changed, 101 insertions(+)
 create mode 100644 Makefile
 create mode 100644 debian/changelog
 create mode 100644 debian/compat
 create mode 100644 debian/control
 create mode 100644 debian/copyright
 create mode 100644 debian/proxmox-archive-keyring.docs
 create mode 100644 debian/proxmox-archive-keyring.install
 create mode 100644 debian/proxmox-release-buster.gpg
 create mode 100644 debian/proxmox-release-stretch.gpg
 create mode 100755 debian/rules

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..ddb0ef4
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,31 @@
+include /usr/share/dpkg/pkg-info.mk
+
+PACKAGE=proxmox-archive-keyring
+
+GITVERSION:=$(shell git rev-parse HEAD)
+
+DEB=${PACKAGE}_${DEB_VERSION_UPSTREAM_REVISION}_all.deb
+
+BUILD_DIR=build
+
+all: deb
+deb: ${DEB}
+
+${DEB}: debian
+	rm -rf ${BUILD_DIR}
+	mkdir -p ${BUILD_DIR}/debian
+	cp -ar debian/* ${BUILD_DIR}/debian/
+	echo "git clone git://git.proxmox.com/git/proxmox-archive-keyring.git\\ngit checkout ${GITVERSION}" > ${BUILD_DIR}/debian/SOURCE
+	cd ${BUILD_DIR}; dpkg-buildpackage -b -uc -us
+	lintian ${DEB}
+
+.PHONY: upload
+upload: ${DEB}
+	tar cf - ${DEB}|ssh repoman@repo.proxmox.com -- upload --product pve,pmg,pbs --dist buster --arch ${ARCH}
+
+.PHONY: distclean
+distclean: clean
+
+.PHONY: clean
+clean:
+	rm -rf *~ ${BUILD_DIR} *.deb *.dsc *.changes *.buildinfo
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..42bc438
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,5 @@
+proxmox-archive-keyring (1.0) pbs pmg pve; urgency=medium
+
+  * unify keyring handling for all products into single package
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 6 Aug 2020 16:33:01 +0200
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..48082f7
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+12
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..692bc23
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,12 @@
+Source: proxmox-archive-keyring
+Section: misc
+Priority: optional
+Build-Depends: debhelper (>=12~),
+               lintian,
+Maintainer: Proxmox Support Team <support@proxmox.com>
+
+Package: proxmox-archive-keyring
+Architecture: all
+Description: Proxmox APT archive keyring
+ This package contains the release keyrings used to sign APT repositories for
+ various Proxmox products.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..891c52f
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,21 @@
+Copyright (C) 2020 Proxmox Server Solutions GmbH
+
+This software is written by Proxmox Server Solutions GmbH <support@proxmox.com>
+
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 dated June, 1991.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+   MA 02110-1301 USA
+
+The complete text of the GNU General
+Public License can be found in `/usr/share/common-licenses/GPL-2'.
diff --git a/debian/proxmox-archive-keyring.docs b/debian/proxmox-archive-keyring.docs
new file mode 100644
index 0000000..8696672
--- /dev/null
+++ b/debian/proxmox-archive-keyring.docs
@@ -0,0 +1 @@
+debian/SOURCE
diff --git a/debian/proxmox-archive-keyring.install b/debian/proxmox-archive-keyring.install
new file mode 100644
index 0000000..e8c35af
--- /dev/null
+++ b/debian/proxmox-archive-keyring.install
@@ -0,0 +1,2 @@
+debian/proxmox-release-stretch.gpg etc/apt/trusted.gpg.d/
+debian/proxmox-release-buster.gpg etc/apt/trusted.gpg.d/
diff --git a/debian/proxmox-release-buster.gpg b/debian/proxmox-release-buster.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..efebf1c5fec7ca8522a06f4b42e04b554f9d079c
GIT binary patch
literal 1202
zcmV;j1Wo&y0u2OP@^=0K5CE#PtzH*^erG>N(h`YFy^<1#%GhkWYn&PUcK8mln{DvA
zemc%?diZ9uI~#s^Og=|@y0dU<@g_J1z<<BPtWn8{Vk105{#txcmE4*pM;qf9V3Yc*
zZ%taZ#B!tP>WT5%+|A0-$WtpSP*0|U7468wdnrRAr?$fatadM*LL*-^8Y}g|(v$@K
zn}DTGZy|Flj+qe5@|S9>_O^wba6F)0M`al>!N<}M_he(b3A_WfrFaqW{M=r3<DnG7
z$!S<smM7<oy*fF;`bo|38B#d2T?Rs#v%VL|pGlPkJ!SmbwROaV%v}zvhyo9w{cme7
zlJn(o25(`KHu9@enk|gyR620<lT#@c=<G{0R%9X(pDZ7l56fy8DB}hWtpd#$BVE4(
zAa4f)^weWQ!`+Rqc)*iUvS#5G;0iw>e5ZL|^#uoGb!XNgi0bQmb9<^%{Us{<qppID
zbNEF{2Pg5h0s9>eoS`?!NTM3SG9+=aRv7Z!TNwTwQZ~~$?QA6XJYzQMsq3iOaXY+z
zg3X7Zt@>eXqP>{t%t}<7>v6wpUjBGulmKN&?_{oEo}-pcYQ$zp?KHXuiz}8nPqs#i
zleG{w+V54CZbJT7ZWu1wk+nu$-zac8>f+u=$j#fRUFfdv^BHX+LJJSUxe#&ln!s5Q
zlwkwS{Zp-U+J68M0RRECNl<cccx`WZAXaH|bai2DAVqF=X>xCFZDnqBAT};|AW~&)
zWnpt=AWLO=AUtq#Z+LBQcr9{eY-M3{Wk7IpZ+LBQcrIgaZ9a(tR0I<N2mn47Ap|uv
zdH6Sh*ZA#UTE%<vfi8+}h~NbRTk>}P0viJb2@=c$00j#P2nPZN6$l9m3jzcd0s{d8
z9svRufB*^!5PR~0E{bl5;Lv3d0HaA4b5C@n+ay#v^r#-w+aDB49B&JeI*MjT0V=<`
zEpT_0o{QzAK0XW+{c-~OOsv2v+_u{y35RSNv$3cUY2y6y^{3^{4YxZh%z701sd-+o
zr*3(d27rcA2$utU>d;o6nLOVJ5vLsX>^g(xymn(;`{|s+sF>~jqg-0UV{-BMVZW|*
z3Nz^|u+SHhs4{KKb~VB3dM*;ONn|_JXxWA~5#iu`)`;Yb$)P+?MJ!PrN2qBtz5zBm
z><^9Qg&>4aDd>U~us)hmAHl!Ng6@UjK8UdYz9QR(=?<8T3Msg*&|bO4q&L83WGrsO
zppvSf<=nf(5<pJikC90|sK8oywQ7(9YSigjlEc%lEw}g8Jl-z7#==cofI$mFS1DzQ
zrmkJ}k@V!_{lgX!+v2w#Xn4N)Gja+H5xK>zT<IU@hLLP>Wi3D&6A1-zq?&DBTed|(
zTzaESJ#}PJs5(1RNmVrRCbfI4qj|`}<^|K>@96i0@I)3ao&`W*<!DM2nSpMDjAB?_
zZ3)G?QEa+=NL2yF+iX1uy-3pPlKmj6ayekh1zi)#t_zqDGidO8mNp*{5E8wk)hIU-
zy{@nj&p*5lj%r=MEmu(SF}Zmf?OPX_#gveed-T6@AwKBxKi6@-5?^LzSt$&Ep!ft>
QS%$d}Ac1>LWWW6HVu#o=bN~PV

literal 0
HcmV?d00001

diff --git a/debian/proxmox-release-stretch.gpg b/debian/proxmox-release-stretch.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..8488f4597a19764cefa9f505198cf9cade46a7a7
GIT binary patch
literal 1181
zcmV;O1Y-M{0u2OL!^(#N5CFlbWz^cmS$iU3j`tWHxifM%&-CJff<xw{qek*W{(V1=
zv40d4ASNKC%sJopeP~@u{?*(4$!Z}cv5EC-Th@e$U=}@<qH#ZAFG;GUyRzyXN{RGu
zotHNZQHsNwrA{;u<phl(p`leSywgRIawaH8Z6XZS%OOI4YGe5|!5L^yv@1$>@AGol
zsH@ILM|Nb@iX<c`Xyf~lQ?|sGV$BqErX#q(Q+?x^PMITfDaA2r(YJZ~zDPlXkc)(i
zlF>iJR!?bucn(rCU?!EmI{EML$~s&c;(5!^@tb|ry{`aO#N9+z^lU6`^U=!f7Tc$!
zoJu!T$l!B7y`0~@JAD*={9he%hY3_<s<Go{0wQJ!NESbv9DiOlS*f9ts2UP30zS;C
zjyy^z>Mf^*m_n{^#=7AZ`V;vucOl(~YCCW7VZe`h<2?yaA!=_po7;jXswMD!B8Z8z
zv~|Y_Wr@@QYUi%aIdM4CyU;e1HqVb+HdJ^)i{)PH%+mr(Dvyg5H|>w4qss@3b=}2B
zJVsD78XMLlq!+f)>p@F#6Hg?f4tz~`wNZO%${Xjm>06*^Ldp3*24+}O`)fDgL+eY0
zly<6cva%?+#m{)d>C-*cJO03{B;`!5Q)oB~kK)iFk$rTH+FUqC)t^o&dlK4i?MM<{
z1SU1+FvTC!pxXcu0RRECNl<cccx`WZAXaH|bai2DAVqF=X>xCFZDnqBAT=&{AW~&)
zWnpt=AWLO=AUtq#Z+LBQcr9{eY-M3{Wk7IpZ+LBQcrIgaZ9a(tKLis22mmPs0$0Pz
zhXNY|1ql+&0{{mL2?z%R0s#gU2m%QT3j`Jd0|5da0Rk6*0162Z4VoEH;_n6nIz$it
zD62qC$c7Ov6A}vxxO3<;ku+a|R)os7jNY@JZ0P1f6_|CzlY;Si>S;290<q46GJwnW
zehlVrSgKMO0?zzOykkkw?4<XV+xQQ90K@%HE63xZ7|>2em#|7NW2>mD{k4seJ&(fq
zKbBzToOheFC9lLCveIcBXbe2>4;<$fAUb)={>gB0=oB}<=IWOsdVX6XII*|BN~?M$
z<D9rb8RTF&=z23JmMO#sg*K`8WQklvrvlmcxTz|Suptj^GO47i%vGU1{rHkZNDvw%
z?a$ZKQYIqpHaQQbgGDsv2}b7F_W=F>WHpZ-)zgJP<2#`Onrs!pt^LXQD@AhXs*iy{
zGRVl$2mg#JlK<m3MRJ@n>I=JbN2)Q^@YYqmVS#jA2w}xrp0`|ERjkM#gJ6>YiM-?0
zaGVG(Nrs}d?IiohfiKng(O8Fh`a?mMW0(T@+itGYCodZ!=xW5$W~QiniSA{$&RDk0
zDO5xvT6p{&cgVhKc5_1n_QDP5TpK`u=3se|ZVQ8}8h6U(82z8})ztXRz)7WwAwxA2
z&KNr8DY^SB8XS6U+M3NBD;MArAN}nLN+un7G|s#2IFOq*#h4IJ1CUQG9M6?lxOwS=
v%Kl)1hf;D({;(*NGd#D)wu}8xdg|eIA%q2|pVoL}OgjDN+!-q6Et(MSB{?cK

literal 0
HcmV?d00001

diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..c482a3c
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,28 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+
+install:
+	dh_install
+	dh_installdocs
+	dh_lintian
+	dh_installchangelogs
+	dh_installman
+	dh_strip_nondeterminism
+	dh_compress
+	dh_fixperms
+
+binary: install
+	dh_strip
+	dh_makeshlibs
+	dh_shlibdeps
+	dh_installdeb
+	dh_gencontrol
+	dh_md5sums
+	dh_builddeb
+
+.PHONY: build clean
+build clean:
-- 
2.20.1





^ permalink raw reply	[flat|nested] 8+ messages in thread

* [pve-devel] [PATCH proxmox-ve 1/2] remove archive keys from proxmox-ve
  2020-08-06 15:17 [pve-devel] [RFC proxmox-ve/proxmox-archive-keyring 0/3] split out archive keyring into separate Fabian Grünbichler
  2020-08-06 15:17 ` [pve-devel] [PATCH proxmox-archive-keyring] initial commit Fabian Grünbichler
@ 2020-08-06 15:17 ` Fabian Grünbichler
  2020-08-06 15:17 ` [pve-devel] [PATCH proxmox-ve 2/2] bump version to 6.2-2 Fabian Grünbichler
                   ` (3 subsequent siblings)
  5 siblings, 0 replies; 8+ messages in thread
From: Fabian Grünbichler @ 2020-08-06 15:17 UTC (permalink / raw)
  To: pve-devel

and depend on proxmox-archive-keyring instead, which ships them for all
Proxmox products.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 debian/control                      |   1 +
 debian/postinst                     |   2 ++
 debian/postrm                       |   1 +
 debian/proxmox-ve-release-5.x.gpg   | Bin 1181 -> 0 bytes
 debian/proxmox-ve-release-6.x.gpg   | Bin 1202 -> 0 bytes
 debian/proxmox-ve.install           |   2 --
 debian/proxmox-ve.lintian-overrides |   1 -
 debian/proxmox-ve.maintscript       |   3 +++
 8 files changed, 7 insertions(+), 3 deletions(-)
 delete mode 100644 debian/proxmox-ve-release-5.x.gpg
 delete mode 100644 debian/proxmox-ve-release-6.x.gpg
 delete mode 100644 debian/proxmox-ve.lintian-overrides
 create mode 100644 debian/proxmox-ve.maintscript

diff --git a/debian/control b/debian/control
index 47d300d..b3fc438 100644
--- a/debian/control
+++ b/debian/control
@@ -17,6 +17,7 @@ Replaces: proxmox-ve-3.10.0,
 Depends: apt,
          openssh-client,
          openssh-server,
+         proxmox-archive-keyring,
          pve-kernel-5.4,
          pve-kernel-helper,
          pve-manager,
diff --git a/debian/postinst b/debian/postinst
index fe97608..a4b6716 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -12,4 +12,6 @@ case "$1" in
     ;;
 esac
 
+#DEBHELPER#
+
 exit 0
diff --git a/debian/postrm b/debian/postrm
index 2ee5c14..c2614d4 100755
--- a/debian/postrm
+++ b/debian/postrm
@@ -17,3 +17,4 @@ case "$1" in
     ;;
 esac
 
+#DEBHELPER#
diff --git a/debian/proxmox-ve-release-5.x.gpg b/debian/proxmox-ve-release-5.x.gpg
deleted file mode 100644
index 8488f4597a19764cefa9f505198cf9cade46a7a7..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1181
zcmV;O1Y-M{0u2OL!^(#N5CFlbWz^cmS$iU3j`tWHxifM%&-CJff<xw{qek*W{(V1=
zv40d4ASNKC%sJopeP~@u{?*(4$!Z}cv5EC-Th@e$U=}@<qH#ZAFG;GUyRzyXN{RGu
zotHNZQHsNwrA{;u<phl(p`leSywgRIawaH8Z6XZS%OOI4YGe5|!5L^yv@1$>@AGol
zsH@ILM|Nb@iX<c`Xyf~lQ?|sGV$BqErX#q(Q+?x^PMITfDaA2r(YJZ~zDPlXkc)(i
zlF>iJR!?bucn(rCU?!EmI{EML$~s&c;(5!^@tb|ry{`aO#N9+z^lU6`^U=!f7Tc$!
zoJu!T$l!B7y`0~@JAD*={9he%hY3_<s<Go{0wQJ!NESbv9DiOlS*f9ts2UP30zS;C
zjyy^z>Mf^*m_n{^#=7AZ`V;vucOl(~YCCW7VZe`h<2?yaA!=_po7;jXswMD!B8Z8z
zv~|Y_Wr@@QYUi%aIdM4CyU;e1HqVb+HdJ^)i{)PH%+mr(Dvyg5H|>w4qss@3b=}2B
zJVsD78XMLlq!+f)>p@F#6Hg?f4tz~`wNZO%${Xjm>06*^Ldp3*24+}O`)fDgL+eY0
zly<6cva%?+#m{)d>C-*cJO03{B;`!5Q)oB~kK)iFk$rTH+FUqC)t^o&dlK4i?MM<{
z1SU1+FvTC!pxXcu0RRECNl<cccx`WZAXaH|bai2DAVqF=X>xCFZDnqBAT=&{AW~&)
zWnpt=AWLO=AUtq#Z+LBQcr9{eY-M3{Wk7IpZ+LBQcrIgaZ9a(tKLis22mmPs0$0Pz
zhXNY|1ql+&0{{mL2?z%R0s#gU2m%QT3j`Jd0|5da0Rk6*0162Z4VoEH;_n6nIz$it
zD62qC$c7Ov6A}vxxO3<;ku+a|R)os7jNY@JZ0P1f6_|CzlY;Si>S;290<q46GJwnW
zehlVrSgKMO0?zzOykkkw?4<XV+xQQ90K@%HE63xZ7|>2em#|7NW2>mD{k4seJ&(fq
zKbBzToOheFC9lLCveIcBXbe2>4;<$fAUb)={>gB0=oB}<=IWOsdVX6XII*|BN~?M$
z<D9rb8RTF&=z23JmMO#sg*K`8WQklvrvlmcxTz|Suptj^GO47i%vGU1{rHkZNDvw%
z?a$ZKQYIqpHaQQbgGDsv2}b7F_W=F>WHpZ-)zgJP<2#`Onrs!pt^LXQD@AhXs*iy{
zGRVl$2mg#JlK<m3MRJ@n>I=JbN2)Q^@YYqmVS#jA2w}xrp0`|ERjkM#gJ6>YiM-?0
zaGVG(Nrs}d?IiohfiKng(O8Fh`a?mMW0(T@+itGYCodZ!=xW5$W~QiniSA{$&RDk0
zDO5xvT6p{&cgVhKc5_1n_QDP5TpK`u=3se|ZVQ8}8h6U(82z8})ztXRz)7WwAwxA2
z&KNr8DY^SB8XS6U+M3NBD;MArAN}nLN+un7G|s#2IFOq*#h4IJ1CUQG9M6?lxOwS=
v%Kl)1hf;D({;(*NGd#D)wu}8xdg|eIA%q2|pVoL}OgjDN+!-q6Et(MSB{?cK

diff --git a/debian/proxmox-ve-release-6.x.gpg b/debian/proxmox-ve-release-6.x.gpg
deleted file mode 100644
index efebf1c5fec7ca8522a06f4b42e04b554f9d079c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1202
zcmV;j1Wo&y0u2OP@^=0K5CE#PtzH*^erG>N(h`YFy^<1#%GhkWYn&PUcK8mln{DvA
zemc%?diZ9uI~#s^Og=|@y0dU<@g_J1z<<BPtWn8{Vk105{#txcmE4*pM;qf9V3Yc*
zZ%taZ#B!tP>WT5%+|A0-$WtpSP*0|U7468wdnrRAr?$fatadM*LL*-^8Y}g|(v$@K
zn}DTGZy|Flj+qe5@|S9>_O^wba6F)0M`al>!N<}M_he(b3A_WfrFaqW{M=r3<DnG7
z$!S<smM7<oy*fF;`bo|38B#d2T?Rs#v%VL|pGlPkJ!SmbwROaV%v}zvhyo9w{cme7
zlJn(o25(`KHu9@enk|gyR620<lT#@c=<G{0R%9X(pDZ7l56fy8DB}hWtpd#$BVE4(
zAa4f)^weWQ!`+Rqc)*iUvS#5G;0iw>e5ZL|^#uoGb!XNgi0bQmb9<^%{Us{<qppID
zbNEF{2Pg5h0s9>eoS`?!NTM3SG9+=aRv7Z!TNwTwQZ~~$?QA6XJYzQMsq3iOaXY+z
zg3X7Zt@>eXqP>{t%t}<7>v6wpUjBGulmKN&?_{oEo}-pcYQ$zp?KHXuiz}8nPqs#i
zleG{w+V54CZbJT7ZWu1wk+nu$-zac8>f+u=$j#fRUFfdv^BHX+LJJSUxe#&ln!s5Q
zlwkwS{Zp-U+J68M0RRECNl<cccx`WZAXaH|bai2DAVqF=X>xCFZDnqBAT};|AW~&)
zWnpt=AWLO=AUtq#Z+LBQcr9{eY-M3{Wk7IpZ+LBQcrIgaZ9a(tR0I<N2mn47Ap|uv
zdH6Sh*ZA#UTE%<vfi8+}h~NbRTk>}P0viJb2@=c$00j#P2nPZN6$l9m3jzcd0s{d8
z9svRufB*^!5PR~0E{bl5;Lv3d0HaA4b5C@n+ay#v^r#-w+aDB49B&JeI*MjT0V=<`
zEpT_0o{QzAK0XW+{c-~OOsv2v+_u{y35RSNv$3cUY2y6y^{3^{4YxZh%z701sd-+o
zr*3(d27rcA2$utU>d;o6nLOVJ5vLsX>^g(xymn(;`{|s+sF>~jqg-0UV{-BMVZW|*
z3Nz^|u+SHhs4{KKb~VB3dM*;ONn|_JXxWA~5#iu`)`;Yb$)P+?MJ!PrN2qBtz5zBm
z><^9Qg&>4aDd>U~us)hmAHl!Ng6@UjK8UdYz9QR(=?<8T3Msg*&|bO4q&L83WGrsO
zppvSf<=nf(5<pJikC90|sK8oywQ7(9YSigjlEc%lEw}g8Jl-z7#==cofI$mFS1DzQ
zrmkJ}k@V!_{lgX!+v2w#Xn4N)Gja+H5xK>zT<IU@hLLP>Wi3D&6A1-zq?&DBTed|(
zTzaESJ#}PJs5(1RNmVrRCbfI4qj|`}<^|K>@96i0@I)3ao&`W*<!DM2nSpMDjAB?_
zZ3)G?QEa+=NL2yF+iX1uy-3pPlKmj6ayekh1zi)#t_zqDGidO8mNp*{5E8wk)hIU-
zy{@nj&p*5lj%r=MEmu(SF}Zmf?OPX_#gveed-T6@AwKBxKi6@-5?^LzSt$&Ep!ft>
QS%$d}Ac1>LWWW6HVu#o=bN~PV

diff --git a/debian/proxmox-ve.install b/debian/proxmox-ve.install
index e482438..5780d2a 100644
--- a/debian/proxmox-ve.install
+++ b/debian/proxmox-ve.install
@@ -1,4 +1,2 @@
 debian/apthook/10pveapthook etc/apt/apt.conf.d/
 debian/apthook/pve-apt-hook usr/share/proxmox-ve/
-debian/proxmox-ve-release-5.x.gpg etc/apt/trusted.gpg.d/
-debian/proxmox-ve-release-6.x.gpg etc/apt/trusted.gpg.d/
diff --git a/debian/proxmox-ve.lintian-overrides b/debian/proxmox-ve.lintian-overrides
deleted file mode 100644
index ee8331c..0000000
--- a/debian/proxmox-ve.lintian-overrides
+++ /dev/null
@@ -1 +0,0 @@
-proxmox-ve: package-installs-apt-keyring etc/apt/trusted.gpg.d/proxmox-ve-release-*
diff --git a/debian/proxmox-ve.maintscript b/debian/proxmox-ve.maintscript
new file mode 100644
index 0000000..d1b0d38
--- /dev/null
+++ b/debian/proxmox-ve.maintscript
@@ -0,0 +1,3 @@
+# moved to proxmox-archive-keyring under more generic paths
+rm_conffile /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg 6.2-2~~
+rm_conffile /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg 6.2-2~~
-- 
2.20.1





^ permalink raw reply	[flat|nested] 8+ messages in thread

* [pve-devel] [PATCH proxmox-ve 2/2] bump version to 6.2-2
  2020-08-06 15:17 [pve-devel] [RFC proxmox-ve/proxmox-archive-keyring 0/3] split out archive keyring into separate Fabian Grünbichler
  2020-08-06 15:17 ` [pve-devel] [PATCH proxmox-archive-keyring] initial commit Fabian Grünbichler
  2020-08-06 15:17 ` [pve-devel] [PATCH proxmox-ve 1/2] remove archive keys from proxmox-ve Fabian Grünbichler
@ 2020-08-06 15:17 ` Fabian Grünbichler
  2020-08-10  9:51 ` [pve-devel] [RFC proxmox-ve/proxmox-archive-keyring 0/3] split out archive keyring into separate Oguz Bektas
                   ` (2 subsequent siblings)
  5 siblings, 0 replies; 8+ messages in thread
From: Fabian Grünbichler @ 2020-08-06 15:17 UTC (permalink / raw)
  To: pve-devel

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 debian/changelog | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index ab247bd..c0a395b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+proxmox-ve (6.2-2) pve; urgency=medium
+
+  * split out APT repository keys into own package 'proxmox-archive-keyring'
+
+ -- Proxmox Support Team <support@proxmox.com>  Thu, 6 Aug 2020 16:57:31 +0200
+
 proxmox-ve (6.2-1) pve; urgency=medium
 
   * depend on Linux LTS Kernel 5.4 by default
-- 
2.20.1





^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [pve-devel] [RFC proxmox-ve/proxmox-archive-keyring 0/3] split out archive keyring into separate
  2020-08-06 15:17 [pve-devel] [RFC proxmox-ve/proxmox-archive-keyring 0/3] split out archive keyring into separate Fabian Grünbichler
                   ` (2 preceding siblings ...)
  2020-08-06 15:17 ` [pve-devel] [PATCH proxmox-ve 2/2] bump version to 6.2-2 Fabian Grünbichler
@ 2020-08-10  9:51 ` Oguz Bektas
  2020-09-03 16:28 ` [pve-devel] ACK: " Thomas Lamprecht
  2020-09-17 15:28 ` [pve-devel] applied-series: " Thomas Lamprecht
  5 siblings, 0 replies; 8+ messages in thread
From: Oguz Bektas @ 2020-08-10  9:51 UTC (permalink / raw)
  To: Proxmox VE development discussion

On Thu, Aug 06, 2020 at 05:17:47PM +0200, Fabian Grünbichler wrote:
> with proxmox-ve as proof of concept - the other meta packages shipping
> keys should be updated in the fashion if we go down this route.
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 

hi,

thanks for the patch

i've just tested it and it seems to work as expected.

------------------------------------------------------------------------------------------
root@pmx:~/pkgs# dpkg -i proxmox-archive-keyring_1.0_all.deb
Selecting previously unselected package proxmox-archive-keyring.
(Reading database ... 57272 files and directories currently installed.)
Preparing to unpack proxmox-archive-keyring_1.0_all.deb ...
Unpacking proxmox-archive-keyring (1.0) ...
Setting up proxmox-archive-keyring (1.0) ...
root@pmx:~/pkgs# dpkg ^C
root@pmx:~/pkgs# dpkg -i proxmox-ve_6.2-2_all.deb
(Reading database ... 57278 files and directories currently installed.)
Preparing to unpack proxmox-ve_6.2-2_all.deb ...
Unpacking proxmox-ve (6.2-2) over (6.2-2) ...
Setting up proxmox-ve (6.2-2) ...
Removing obsolete conffile /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg ...
Removing obsolete conffile /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg ...
root@pmx:~/pkgs# ls -alr /etc/apt/trusted.gpg.d/proxmox-release-*
-rw-r--r-- 1 root root 1181 Aug  6 16:33 /etc/apt/trusted.gpg.d/proxmox-release-stretch.gpg
-rw-r--r-- 1 root root 1202 Aug  6 16:33 /etc/apt/trusted.gpg.d/proxmox-release-buster.gpg

------------------------------------------------------------------------------------------





^ permalink raw reply	[flat|nested] 8+ messages in thread

* [pve-devel] ACK: [RFC proxmox-ve/proxmox-archive-keyring 0/3] split out archive keyring into separate
  2020-08-06 15:17 [pve-devel] [RFC proxmox-ve/proxmox-archive-keyring 0/3] split out archive keyring into separate Fabian Grünbichler
                   ` (3 preceding siblings ...)
  2020-08-10  9:51 ` [pve-devel] [RFC proxmox-ve/proxmox-archive-keyring 0/3] split out archive keyring into separate Oguz Bektas
@ 2020-09-03 16:28 ` Thomas Lamprecht
  2020-09-17 15:28 ` [pve-devel] applied-series: " Thomas Lamprecht
  5 siblings, 0 replies; 8+ messages in thread
From: Thomas Lamprecht @ 2020-09-03 16:28 UTC (permalink / raw)
  To: Proxmox VE development discussion, Fabian Grünbichler

On 06.08.20 17:17, Fabian Grünbichler wrote:
> with proxmox-ve as proof of concept - the other meta packages shipping
> keys should be updated in the fashion if we go down this route.
> 

ACK from me, we'll soon-ish start to ship a new key for the bullseye release
next year, would be great if we could do that already in the new repo for
all projects at once.





^ permalink raw reply	[flat|nested] 8+ messages in thread

* [pve-devel] applied: Re: [PATCH proxmox-archive-keyring] initial commit
  2020-08-06 15:17 ` [pve-devel] [PATCH proxmox-archive-keyring] initial commit Fabian Grünbichler
@ 2020-09-17  9:55   ` Thomas Lamprecht
  0 siblings, 0 replies; 8+ messages in thread
From: Thomas Lamprecht @ 2020-09-17  9:55 UTC (permalink / raw)
  To: Proxmox VE development discussion, Fabian Grünbichler

On 8/6/20 5:17 PM, Fabian Grünbichler wrote:
> taking over from product-specific meta packages, which can now depend on
> proxmox-archive-keyring and drop their copies of the keys.
> 
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> ---
> note: new repo ;)
> 
>  Makefile                               |  31 +++++++++++++++++++++++++
>  debian/changelog                       |   5 ++++
>  debian/compat                          |   1 +
>  debian/control                         |  12 ++++++++++
>  debian/copyright                       |  21 +++++++++++++++++
>  debian/proxmox-archive-keyring.docs    |   1 +
>  debian/proxmox-archive-keyring.install |   2 ++
>  debian/proxmox-release-buster.gpg      | Bin 0 -> 1202 bytes
>  debian/proxmox-release-stretch.gpg     | Bin 0 -> 1181 bytes
>  debian/rules                           |  28 ++++++++++++++++++++++
>  10 files changed, 101 insertions(+)
>  create mode 100644 Makefile
>  create mode 100644 debian/changelog
>  create mode 100644 debian/compat
>  create mode 100644 debian/control
>  create mode 100644 debian/copyright
>  create mode 100644 debian/proxmox-archive-keyring.docs
>  create mode 100644 debian/proxmox-archive-keyring.install
>  create mode 100644 debian/proxmox-release-buster.gpg
>  create mode 100644 debian/proxmox-release-stretch.gpg
>  create mode 100755 debian/rules
> 
>

applied, thanks!




^ permalink raw reply	[flat|nested] 8+ messages in thread

* [pve-devel] applied-series: Re: [RFC proxmox-ve/proxmox-archive-keyring 0/3] split out archive keyring into separate
  2020-08-06 15:17 [pve-devel] [RFC proxmox-ve/proxmox-archive-keyring 0/3] split out archive keyring into separate Fabian Grünbichler
                   ` (4 preceding siblings ...)
  2020-09-03 16:28 ` [pve-devel] ACK: " Thomas Lamprecht
@ 2020-09-17 15:28 ` Thomas Lamprecht
  5 siblings, 0 replies; 8+ messages in thread
From: Thomas Lamprecht @ 2020-09-17 15:28 UTC (permalink / raw)
  To: Proxmox VE development discussion, Fabian Grünbichler

On 8/6/20 5:17 PM, Fabian Grünbichler wrote:
> with proxmox-ve as proof of concept - the other meta packages shipping
> keys should be updated in the fashion if we go down this route.
> 

applied the proxmox-ve patches now too, thanks!

I mirrored the changes in proxmox-backup-meta, proxmox-mailgateway is still to
be done - @Stoiko you want to? :)




^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2020-09-17 15:29 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-06 15:17 [pve-devel] [RFC proxmox-ve/proxmox-archive-keyring 0/3] split out archive keyring into separate Fabian Grünbichler
2020-08-06 15:17 ` [pve-devel] [PATCH proxmox-archive-keyring] initial commit Fabian Grünbichler
2020-09-17  9:55   ` [pve-devel] applied: " Thomas Lamprecht
2020-08-06 15:17 ` [pve-devel] [PATCH proxmox-ve 1/2] remove archive keys from proxmox-ve Fabian Grünbichler
2020-08-06 15:17 ` [pve-devel] [PATCH proxmox-ve 2/2] bump version to 6.2-2 Fabian Grünbichler
2020-08-10  9:51 ` [pve-devel] [RFC proxmox-ve/proxmox-archive-keyring 0/3] split out archive keyring into separate Oguz Bektas
2020-09-03 16:28 ` [pve-devel] ACK: " Thomas Lamprecht
2020-09-17 15:28 ` [pve-devel] applied-series: " Thomas Lamprecht

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal