Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rebuild-todo: Add the --import-keys option #87

Merged
merged 1 commit into from
Jan 10, 2025
Merged

rebuild-todo: Add the --import-keys option #87

merged 1 commit into from
Jan 10, 2025

Conversation

Antiz96
Copy link
Member

@Antiz96 Antiz96 commented Jan 7, 2025
edited
Loading

Allows to import PGP keys for packages source verification into the user's keyring before rebuilding packages (including support for offloaded builds).

@felixonmars
Copy link
Member

While I like this feature...

  • I'd really like it to be part of pkgctl as it's much more widely useful than only here at rebuild-todo
  • The keys we currently exported are sometimes broken (see https://gitlab.archlinux.org/archlinux/devtools/-/issues/93). I've been struggling with this for two years and have to generally prefer the keyservers instead of our exported keys.

@Antiz96
Copy link
Member Author

Antiz96 commented Jan 7, 2025
edited
Loading

While I like this feature...

I'd really like it to be part of pkgctl as it's much more widely useful than only here at rebuild-todo

Makes sense.
This MR is rather a quick workaround to address the pain point of having to manually import each PGP keys for each packages that require it for verification sources when using rebuild-todo; but I can look at upstreaming such a feature in a pkgctl import-keys subcommand if that's of interest.

The keys we currently exported are sometimes broken (see https://gitlab.archlinux.org/archlinux/devtools/-/issues/93). I've been struggling with this for two years and have to generally prefer the keyservers instead of our exported keys.

Correct me if I'm wrong but, while indeed annoying, that sounds like a separate issue to me. My idea here was solely to provide an easy way to massively import keys (for building purposes). If the keys haven't been exported correctly in the first place (for whatever reason) and are thus broken, it's a separate matter in my opinion. That should either be fixed at the export-pkgbuild-keys and / or at our packaging guidelines level from my perspective.

@Antiz96
Copy link
Member Author

Antiz96 commented Jan 7, 2025
edited
Loading

While I like this feature...
I'd really like it to be part of pkgctl as it's much more widely useful than only here at rebuild-todo

Makes sense. This MR is rather a quick workaround to address the pain point of having to manually import each PGP keys for each packages that require it for verification sources when using rebuild-todo; but I can look at upstreaming such a feature in a pkgctl import-keys subcommand if that's of interest.

@felixonmars I wrote a related comment in devtools repo at https://gitlab.archlinux.org/archlinux/devtools/-/issues/164#note_235778. We'll see how it goes. I'm putting this MR as a draft while waiting for some input on the devtools side.

@Antiz96 Antiz96 changed the title rebuild-todo: Add the --import-keys option Draft: rebuild-todo: Add the --import-keys option Jan 7, 2025
@Antiz96 Antiz96 marked this pull request as draft January 7, 2025 18:55
@Antiz96 Antiz96 changed the title Draft: rebuild-todo: Add the --import-keys option rebuild-todo: Add the --import-keys option Jan 7, 2025
@Antiz96 Antiz96 marked this pull request as ready for review January 7, 2025 20:12
@Antiz96
Copy link
Member Author

Antiz96 commented Jan 7, 2025
edited
Loading

Levente told me there are already some ongoing efforts to implement a keyring subcommand in devtools allowing to manage PGP keys with pkgctl :)
However, this seems like a rather big implementation that includes a re-definition of the way the keyring and keys will be managed for source verification (for instance to not rely on user's keyring anymore).

As such, I'm personally still interested for this solution to be implemented in rebuild-todo in the mean time. We can still update it to use the future pkgctl implementation later if it becomes a thing before rebuild-todo itself is integrated in pkgctl.

@Antiz96 Antiz96 force-pushed the PGP_keys_rebuild-todo branch from debfa5d to 4e2d0c1 Compare January 9, 2025 14:20
jelly
jelly reviewed Jan 9, 2025
View reviewed changes
package/rebuild-todo Outdated Show resolved Hide resolved
@Antiz96 Antiz96 force-pushed the PGP_keys_rebuild-todo branch from 4e2d0c1 to 8729cc5 Compare January 9, 2025 16:17
@Antiz96 Antiz96 requested a review from jelly January 9, 2025 16:21
@Antiz96 Antiz96 force-pushed the PGP_keys_rebuild-todo branch from 8729cc5 to c04354b Compare January 9, 2025 16:29
christian-heusel
christian-heusel reviewed Jan 9, 2025
View reviewed changes
package/rebuild-todo Outdated Show resolved Hide resolved
package/rebuild-todo Outdated Show resolved Hide resolved
package/rebuild-todo Outdated Show resolved Hide resolved
package/rebuild-todo Outdated Show resolved Hide resolved
@Antiz96 Antiz96 force-pushed the PGP_keys_rebuild-todo branch from 58598fb to 5c80a32 Compare January 9, 2025 19:34
@Antiz96 Antiz96 force-pushed the PGP_keys_rebuild-todo branch 3 times, most recently from 38ed5b7 to 3f27a6e Compare January 9, 2025 19:47
@christian-heusel
Copy link
Member

Please drop the additional merge commit, then I think this is good to go 👍🏻

@Antiz96 Antiz96 force-pushed the PGP_keys_rebuild-todo branch 4 times, most recently from a4d93f5 to ba5c991 Compare January 9, 2025 21:48
@Antiz96
Copy link
Member Author

Antiz96 commented Jan 9, 2025

Please drop the additional merge commit, then I think this is good to go 👍🏻

Done ;)

Foxboron
Foxboron reviewed Jan 10, 2025
View reviewed changes
package/rebuild-todo Outdated Show resolved Hide resolved
Foxboron
Foxboron reviewed Jan 10, 2025
View reviewed changes
package/rebuild-todo Outdated Show resolved Hide resolved
Foxboron
Foxboron reviewed Jan 10, 2025
View reviewed changes
package/rebuild-todo Outdated Show resolved Hide resolved
@Antiz96
rebuild-todo: Add the --import-keys option
683d9b0 
Allows to import PGP keys for packages source verification into the user's keyring before rebuilding packages (including support for offloaded builds).
@Antiz96 Antiz96 force-pushed the PGP_keys_rebuild-todo branch from 73b2a7e to 683d9b0 Compare January 10, 2025 08:54
@Antiz96 Antiz96 requested a review from Foxboron January 10, 2025 08:54
@Antiz96 Antiz96 merged commit 435e2bd into master Jan 10, 2025
1 check passed
@Antiz96 Antiz96 deleted the PGP_keys_rebuild-todo branch January 10, 2025 09:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Foxboron Foxboron Foxboron approved these changes

@christian-heusel christian-heusel christian-heusel approved these changes

@jelly jelly Awaiting requested review from jelly

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Antiz96 @felixonmars @christian-heusel @jelly @Foxboron