features icon indicating copy to clipboard operation
features copied to clipboard
verified publisher icon devcontainers

Use asc format instead of gpg for not to install gnupg2

Open eitsupi opened this issue 3 years ago • 5 comments

This change may reduce the installation of unnecessary packages.

eitsupi avatar Oct 30 '22 14:10 eitsupi

Hi @eitsupi could you sync the PR with main? It should help fix oryx tests.

samruddhikhandale avatar Nov 04 '22 18:11 samruddhikhandale

Hi @eitsupi could you sync the PR with main? It should help fix oryx tests.

I did, but the test does not run automatically, so I do not know if it was resolved or not.

I know I'm not a first-time contributor, but is it intentional that non-maintainers always require the approval of the maintainer to run tests? (I recall a similar change was accidentally made at Apache some time ago, but was quickly restored.)

eitsupi avatar Nov 05 '22 05:11 eitsupi

Thank you for running the tests. Does it appear to be only test failures unrelated to this update?

eitsupi avatar Nov 05 '22 05:11 eitsupi

I know I'm not a first-time contributor, but is it intentional that non-maintainers always require the approval of the maintainer to run tests?

Yes, looks intentional - it is made restrictive to avoid GitHub Actions workflow's modifications for abusive purposes. 😅

samruddhikhandale avatar Nov 08 '22 01:11 samruddhikhandale

@samruddhikhandale The failures here look like they are related to other issues. Namely:

  1. PHP seems to try to install a package not available on Ubuntu bionic. It's likely there's another similar package required... or PHP has dropped support for it. You'd need to check. Otherwise you can do . /etc/os-release and check VERSION_CODENAME for bionic to vary behaviors without additional utilities installed. (e.g. while common-utils includes lsb_release given its use in install instructions, I'd avoid using it since it drags in python-minimal).

  2. Debian 9 is out of support, so we've since dropped those tests.

That said, yes, we're following guidance from Debian here. At one point asc failed completely - so it's interesting it now appears to be working. Something may have changed that the wiki does not reflect yet - but it is certainly not what people are being guided to do.

Looks like gnupg2 is a ~19mb addition to debian with nothing else added. Given the usefulness of gpg and the unclear nature of whether asc is really officially supported, we may want to hold off on switching. I'd love to know if the guidance here as changed - but haven't found anything so far. Anyone else seen anything?

Chuxel avatar Nov 08 '22 18:11 Chuxel

Ok, it seems there is little value in merging this, so I will close it.

eitsupi avatar Dec 12 '22 15:12 eitsupi

Looks like gnupg2 is a ~19mb addition to debian with nothing else added. Given the usefulness of gpg and the unclear nature of whether asc is really officially supported, we may want to hold off on switching. I'd love to know if the guidance here as changed - but haven't found anything so far. Anyone else seen anything?

@Chuxel FYI

bullseye is the final Debian release to ship apt-key. Keys should be managed by dropping files into /etc/apt/trusted.gpg.d instead, in binary format as created by gpg --export with a .gpg extension, or ASCII armored with a .asc extension.

https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#deprecated-components

eitsupi avatar Feb 09 '23 10:02 eitsupi