Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.devel > #119414

Re: Hard Rust requirements from May onward

From Simon Josefsson <simon@josefsson.org>
Newsgroups linux.debian.devel
Subject Re: Hard Rust requirements from May onward
Date 2025-11-02 10:40 +0100
Message-ID <LMCJ3-9S05-3@gated-at.bofh.it> (permalink)
References (4 earlier) <LMj3H-9EEC-9@gated-at.bofh.it> <LMjZL-9FhE-1@gated-at.bofh.it> <LMkVP-9FTx-3@gated-at.bofh.it> <LMpC9-9JdA-1@gated-at.bofh.it> <LMq5b-9JG6-1@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

Philipp Kern <pkern@debian.org> writes:

> In trying to retrofit this I also ran into the classic "and now I have
> an additional file to InRelease to provide the inclusion proof"
> problem.

What do you think about putting all signatures in the InRelease file?

The content to sign would be the same as the text in the PGP-armored
InRelease file, which (modulo the long-standing final newline
misbehaviour) is the same as the content of the Release file.

There is no need to care about Release and Release.gpg files, they can
continue to exist or be removed eventually.

Trixie's InRelease file could look like this to support both PGP,
SSHSIG, Sigstore cosign and Sigsum:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Origin: Debian
Label: Debian
Suite: stable
...
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEETLUBkCB7R1ij9zp5btDnuCZD4TEFAmi8AkkACgkQbtDnuCZD
4THZRw/+JCX/UBnkXLs9jmaE2JULHisBWMKO7VgKZkpzLqcM5slUSDAqCsZ2rZgJ
QdPwsxRHsbQS6y0LtjUHoXTglSarkuR8GjKx6vzjravq8mOgd2/COkm8RbZud/ou
CA5A2iU+x9dmpf/iI7lUkPDSgbAisEWJ4Heqkh2L53n5oce2JVKcEhg6TKZgi2o+
...
-----END PGP SIGNATURE-----
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgJKxoLBJBivUPNTUJUSslQTt2hD
jozKvHarKeN8uYFqgAAAADZm9vAAAAAAAAAFMAAAALc3NoLWVkMjU1MTkAAABAKNC4IEbt
Tq0Fb56xhtuE1/lK9H9RZJfON4o6hE9R4ZGFX98gy0+fFJ/1d2/RxnZky0Y7GojwrZkrHT
FgCqVWAQ=-----END SSH SIGNATURE-----
-----BEGIN SIGSTORE SIGNATURE-----
MEYCIQCsxZJgidZVqj3+wfxv/LgsMlhBsaPZWgk9LFAWcIPBxwIhAMrN+Wlh38dBcbXR0co/gU+T6OCr07spm5jDmKpPscWa
-----END SIGSTORE SIGNATURE-----
-----BEGIN SIGSUM SIGNATURE-----
version=2
logDad38f8226ff9bd27629a41e55df727308d0a1cd8a2c31d3170048ac1dd22a1
leaf}57f39e21aafda397c1ec8d413694a7a77b3e86b7cefff4c7d9e87497b41499 b0d90facdb7e557cd3281988b3ae708c5e34fef7859618688a6035a9e0649631197c9fbe791e8d1d10ea9964cf5df41450aab3010459ca33bde306bdf9378e0c

size66
root_hashi22606e008712c738d43379672f55147dd3def6dc9e7f026711a589c528b571
signature¤90f469edff0a8d90b5ba4412fe20ce96dea6f76ee0f03a0aec05fbeda830658faa620c07c083cafe078d554b0055b9384a1f698d84e677c095cd2557790b0c
cosignatureš0dcddbd96f6d6d404227b5ff23de7a43f25cdde9790af5ace332d347fac49a 1738852707 13b0b825c67ed1dd663c02560e04ce0acee532d1a15858977567087271292cb32432b5ce011461cfd63f2943ebb87c0f27ea8e25ad62fa34f90aee60c3bc9d00
cosignatureP6972ae99f752df639c749ac50a741b80d95f114a35420838ac06107ea9bfe8 1738852707 e7175b809ed42a0c04e3fa39ac624e4b3e3d0f496a1d37094a6aee77775a069f2a193a7d74574650e1f406458a65776b9b869e237933697b81c498ff03275e03
cosignatureÍ02db1cc0488c28245d7c3ff50b3e214334c067f2571e849425146bb6bd173d 1738852707 63628627994252757c5736eb2a29f053a8f231ca334261fb9a7533980fc1a5f020bdb75ace2e81082486887b35c48544d59157d627be5277fa342327b8fd640e
cosignaturev8c9aac6ea5ee9b9c75dd862b70dcb693a2cb37c4ae2f15064e34a1ab260b01 1738852707 29d8ec346c006d832b55f40abad9610b4403fb604f6aea75eaaa12fc45b22d0f202c6458c89db5674ad5d3e3ecf24dc0fb2252f1b29e5cd24ed04f6858986b0f
...
cosignature00d26b3bf3e0ded29f82803abd34c972cb62752305b0e718cf7b8ec1bf99f6 1738852707 93925ba5f6701e177fad16dbc5c29093fbefe1ca282f0e6f9fc9735c73a0904b2f1180591757198bcaef6dbd71ca0de6feb07e6aaddcfae078b07da48bbb0f00

leaf_index65
node_hashœa4d837a8cddbfa5bc393dae8a921cc861e1803225033c2925e37fa424c3a97
node_hash¨6e497fab2ec81cd9bc29bf51a6337a606137618cd1aa603a44b1134080d5f5
node_hash˜c52da9f6297f866fc92c4bb6aeb3bafc885725be1249b1b6fd5caa81dc0387
node_hash$7f89606e6055ef0e23ce1d91417c0f3f287ad87251e383d165b5fcfa53726c
node_hashâ821a616175a831075291a79715d775e5e11fb46cad8a867e6161330b0dcb38
node_hasha0e50c255202d690c4bbe69f049990d3ebdfeef0288c33fc3deae500d272ff
node_hashY1ffe52c204d4d87feea2be7ef0a63c8b3b4975fabfee45747670c0cf997c04
-----END SIGSUM SIGNATURE-----

/Simon

Back to linux.debian.devel | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Hard Rust requirements from May onward Julian Andres Klode <jak@debian.org> - 2025-10-31 21:50 +0100
  Re: Hard Rust requirements from May onward John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> - 2025-10-31 22:40 +0100
    Re: Hard Rust requirements from May onward Simon Richter <sjr@debian.org> - 2025-11-01 04:20 +0100
      Re: Hard Rust requirements from May onward Geert Stappers <stappers@stappers.nl> - 2025-11-01 08:40 +0100
        Re: Hard Rust requirements from May onward Bjørn Mork <bjorn@mork.no> - 2025-11-01 13:40 +0100
          Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-01 14:40 +0100
            Re: Hard Rust requirements from May onward Andrey Rakhmatullin <wrar@debian.org> - 2025-11-01 15:40 +0100
              Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-01 20:40 +0100
                Re: Hard Rust requirements from May onward Philipp Kern <pkern@debian.org> - 2025-11-01 21:10 +0100
                Re: Hard Rust requirements from May onward Holger Levsen <holger@layer-acht.org> - 2025-11-02 00:20 +0100
                Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-02 10:30 +0100
                Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-02 10:40 +0100
                Re: Hard Rust requirements from May onward Philipp Kern <pkern@debian.org> - 2025-11-09 21:40 +0100
                Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-09 23:00 +0100
                Re: Hard Rust requirements from May onward Philipp Kern <phil@philkern.de> - 2025-11-09 23:30 +0100
                Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-10 11:40 +0100
                Re: Hard Rust requirements from May onward Andrey Rakhmatullin <wrar@debian.org> - 2025-11-10 12:20 +0100
                Re: Hard Rust requirements from May onward Holger Levsen <holger@layer-acht.org> - 2025-11-10 13:40 +0100
                Re: Hard Rust requirements from May onward Simon Richter <sjr@debian.org> - 2025-11-10 04:10 +0100
                Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-10 12:00 +0100
                Re: Hard Rust requirements from May onward Simon Richter <sjr@debian.org> - 2025-11-10 15:00 +0100
                Re: Hard Rust requirements from May onward David Kalnischkies <david@kalnischkies.de> - 2025-11-10 17:50 +0100
                Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-10 20:20 +0100
                Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-10 20:30 +0100
                Re: purpose of InRelease in apt [was: non-GPG signatures; was: Rust  requirements] Simon McVittie <smcv@debian.org> - 2025-11-10 17:10 +0100
                Re: purpose of InRelease in apt [was: non-GPG signatures; was: Rust  requirements] Stefano Rivera <stefanor@debian.org> - 2025-11-13 13:20 +0100
                Re: purpose of InRelease in apt [was: non-GPG signatures; was: Rust  requirements] Simon Josefsson <simon@josefsson.org> - 2025-11-13 18:20 +0100
          Re: Hard Rust requirements from May onward Russ Allbery <rra@debian.org> - 2025-11-01 17:50 +0100
          Re: Hard Rust requirements from May onward Christoph Biedl <debian.axhn@manchmal.in-ulm.de> - 2025-11-05 09:10 +0100
        Re: Re: Hard Rust requirements from May onward John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> - 2025-11-02 11:20 +0100
    Re: Hard Rust requirements from May onward Antoni Boucher <bouanto@zoho.com> - 2025-11-01 16:30 +0100
      Re: Hard Rust requirements from May onward John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> - 2025-11-02 11:50 +0100
        Re: Hard Rust requirements from May onward Antoni Boucher <bouanto@zoho.com> - 2025-11-02 16:30 +0100
  Re: Hard Rust requirements from May onward Julian Andres Klode <jak@debian.org> - 2025-10-31 22:50 +0100
  Re: Hard Rust requirements from May onward Paul Tagliamonte <paultag@debian.org> - 2025-11-01 15:20 +0100
    Re: Hard Rust requirements from May onward Paul Tagliamonte <paultag@debian.org> - 2025-11-01 15:20 +0100
    Re: Re: Hard Rust requirements from May onward John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> - 2025-11-02 11:30 +0100
    Re: Hard Rust requirements from May onward Bill Allombert <ballombe@debian.org> - 2025-11-02 15:40 +0100
  Re: Hard Rust requirements from May onward Joerg Jaspert <joerg@debian.org> - 2025-11-02 13:10 +0100
    Re: Hard Rust requirements from May onward Richard Lewis <richard.lewis.debian@googlemail.com> - 2025-11-02 16:20 +0100
      Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-02 18:10 +0100
    Re: Hard Rust requirements from May onward Julian Andres Klode <jak@debian.org> - 2025-11-02 17:30 +0100
      Re: Hard Rust requirements from May onward Joerg Jaspert <joerg@debian.org> - 2025-11-02 17:40 +0100
    Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-03 23:20 +0100
      Re: Hard Rust requirements from May onward Ansgar 🙀 <ansgar@debian.org> - 2025-11-04 07:30 +0100
        Re: Hard Rust requirements from May onward Mike Hommey <mh@glandium.org> - 2025-11-04 08:10 +0100
        Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 11:50 +0100
          Re: Hard Rust requirements from May onward Simon Richter <sjr@debian.org> - 2025-11-04 12:10 +0100
            Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 13:30 +0100
              Vendoring Simon Richter <sjr@debian.org> - 2025-11-04 13:50 +0100
          Re: Hard Rust requirements from May onward Holger Levsen <holger@layer-acht.org> - 2025-11-04 13:20 +0100
            Re: Hard Rust requirements from May onward Simon Richter <sjr@debian.org> - 2025-11-04 13:30 +0100
            Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 16:00 +0100
              Re: Hard Rust requirements from May onward Holger Levsen <holger@layer-acht.org> - 2025-11-04 16:50 +0100
                Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 19:40 +0100
        Re: Hard Rust requirements from May onward Stephan Verbücheln <verbuecheln@posteo.de> - 2025-11-04 15:30 +0100
          Re: Hard Rust requirements from May onward Fabian Grünbichler <debian@fabian.gruenbichler.email> - 2025-11-04 18:40 +0100
      Re: Hard Rust requirements from May onward Fabian Grünbichler <debian@fabian.gruenbichler.email> - 2025-11-04 18:30 +0100
        Re: Hard Rust requirements from May onward Sebastian Ramacher <sramacher@debian.org> - 2025-11-04 19:10 +0100
          Re: Hard Rust requirements from May onward Fabian Grünbichler <debian@fabian.gruenbichler.email> - 2025-11-04 19:40 +0100
        Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 20:10 +0100
          Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 21:50 +0100
          Re: Hard Rust requirements from May onward Fabian Grünbichler <debian@fabian.gruenbichler.email> - 2025-11-05 07:50 +0100
            Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-05 12:10 +0100
        Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-05 18:40 +0100
        Re: Hard Rust requirements from May onward Philipp Kern <pkern@debian.org> - 2025-11-06 22:10 +0100
    Re: Hard Rust requirements from May onward Sean Whitton <spwhitton@spwhitton.name> - 2025-11-05 16:00 +0100
  Re: Hard Rust requirements from May onward David Kalnischkies <david@kalnischkies.de> - 2025-11-03 13:40 +0100
    apt-ftparchive alternatives (was: Hard Rust requirements from May  onward) Jeremy Stanley <fungi@yuggoth.org> - 2025-11-03 19:00 +0100
      Re: apt-ftparchive alternatives (was: Hard Rust requirements from  May onward) nick black <dankamongmen@gmail.com> - 2025-11-03 19:50 +0100
        Re: apt-ftparchive alternatives (was: Hard Rust requirements from  May onward) Jeremy Stanley <fungi@yuggoth.org> - 2025-11-03 20:00 +0100
          Re: apt-ftparchive alternatives (was: Hard Rust requirements from  May onward) Peter Pentchev <roam@ringlet.net> - 2025-11-03 21:00 +0100
          Re: apt-ftparchive alternatives Richard Lewis <richard.lewis.debian@googlemail.com> - 2025-11-15 14:00 +0100
      Re: apt-ftparchive alternatives (was: Hard Rust requirements from  May onward) David Kalnischkies <david@kalnischkies.de> - 2025-11-05 16:10 +0100
        Re: apt-ftparchive alternatives Ahmad Khalifa <ahmad@khalifa.ws> - 2025-11-06 22:20 +0100
          Re: apt-ftparchive alternatives David Kalnischkies <david@kalnischkies.de> - 2025-11-09 17:00 +0100
            Re: apt-ftparchive alternatives Ahmad Khalifa <ahmad@khalifa.ws> - 2025-11-09 21:50 +0100
              Re: apt-ftparchive alternatives David Kalnischkies <david@kalnischkies.de> - 2025-11-10 14:00 +0100

csiph-web