Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Debian/Ubuntu: Aptly only compatible with GPG v1, installs v2 anyway #1138

Open
DClabaut opened this issue Dec 19, 2022 · 1 comment
Open

Debian/Ubuntu: Aptly only compatible with GPG v1, installs v2 anyway #1138

DClabaut opened this issue Dec 19, 2022 · 1 comment

Comments

@DClabaut
Copy link

DClabaut commented Dec 19, 2022
edited
Loading

Detailed Description

Per the documentation here, Aptly is only compatible with GPG v1.

However, the dependencies for the packages ( debian, ubuntu) force installation of gnupg which is gpg version 2.

This can be tested by building and running this Dockerfile:

FROM debian:latest

RUN apt-get update && \
apt-get install gnupg1 -y && \
apt-get clean

RUN apt-get install aptly ca-certificates -y && \
apt-get clean

ADD aptly.conf /etc/aptly.conf
VOLUME ["/aptly"]
VOLUME ["/public"]
EXPOSE 8080

ENTRYPOINT ["aptly", "api", "serve"]

$ sudo docker build . -t aptly:0.0.1

$ sudo docker run --entrypoint="" aptly:0.0.1 gpg --version
gpg (GnuPG) 2.2.27

$ sudo docker run --entrypoint="" aptly:0.0.1 gpgv1 --version
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "gpgv1": executable file not found in $PATH: unknown.
ERRO[0000] error waiting for container: context canceled

Context

Packages hosted on Debian and Ubuntu default repositories are not functional.

Possible Implementation

The cleanest way would be to make Aptly work with GPG v2, which has been the default for many years. Fixing the dependencies in the Debian packaging would be a good quick-win though.

Your Environment

See Dockerfile above to reproduce

Other

Possibly the same as:
@ghost
Copy link

ghost commented Dec 29, 2022
edited by ghost
Loading

aptly works with gpg2:

However, it requires the additional -keyring option, I guess the reason is that it still tries to find the trustedkeys.gpg file (gpg1 keyring format) by default.

-keyring=trustedkeys.gpg: gpg keyring to use when verifying Release file (could be specified multiple times)

https://www.aptly.info/doc/aptly/mirror/create/

Or edit the documentation to reflect this?

@r4co0n r4co0n mentioned this issue Jun 23, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@DClabaut