Move to gpg keyring for non-EOL images #705
Conversation
Signed-off-by: Mikael Arguedas <[email protected]>
Signed-off-by: Mikael Arguedas <[email protected]>
Signed-off-by: Mikael Arguedas <[email protected]>
This reverts commit 2e16009.
Signed-off-by: Mikael Arguedas <[email protected]>
Signed-off-by: Mikael Arguedas <[email protected]>
Signed-off-by: Mikael Arguedas <[email protected]>
| export GNUPGHOME="$(mktemp -d)"; \ | ||
| gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ | ||
| mkdir -p /usr/share/keyrings; \ | ||
| gpg --batch --export "$key" > /usr/share/keyrings/pkgs-osrf-archive-keyring.gpg; \ |
There was a problem hiding this comment.
@j-rivero I followed the install location from the gazebo docs
Do you confirm the keyring should be installed in /usr/share/keyrings and not in /etc/apt/keyrings?
Same for the ROS ones ? (@nuclearsandwich ?)
There was a problem hiding this comment.
Do you confirm the keyring should be installed in
/usr/share/keyringsand not in/etc/apt/keyrings?
Same for the ROS ones ? (@nuclearsandwich ?)
Following https://wiki.debian.org/DebianRepository/UseThirdParty
If future updates to the certificate will be managed by an apt/dpkg package as recommended below, then it SHOULD be downloaded into /usr/share/keyrings using the same filename that will be provided by the package. If it will be managed locally , it SHOULD be downloaded into /etc/apt/keyrings instead.
Our intention is to manage the ROS/Gazebo keys using a package )hopefully sometime in the short future). So I'm inclined to use /usr/share/keyrings as suggested by the Debian documentation.
Will close #621 and follow guidelines provided in docker-library/official-images#15809 (comment)
Will result in docker-library/official-images#15936