Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.devel > #119539
| From | David Kalnischkies <david@kalnischkies.de> |
|---|---|
| Newsgroups | linux.debian.devel |
| Subject | Re: Hard Rust requirements from May onward |
| Date | 2025-11-10 17:50 +0100 |
| Message-ID | <LPDfz-bX2R-5@gated-at.bofh.it> (permalink) |
| References | (5 earlier) <LPkmC-bJVj-13@gated-at.bofh.it> <LPlC2-bKHO-13@gated-at.bofh.it> <LPqs1-bO9i-1@gated-at.bofh.it> <LPxMR-bT3e-1@gated-at.bofh.it> <LPAB3-bV0e-1@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
[Multipart message — attachments visible in raw view] - view raw
Am Mon, Nov 10, 2025 at 10:58:28PM +0900, schrieb Simon Richter: > > - Nice to have: reduce today's complexity with PGP to only be in one > > file -- I think we could stop publishing Release+Release.gpg and fix > > whatever tooling breaks as a result (apt is mostly fine), relying only > > on InRelease. This would also drop the number of PGP sig operations. > > It might be possible to reuse the same signature for both Release.gpg and > InRelease. fwiw src:apt internally splits the InRelease file into a temporary Release and Release.gpg file and passes that on for verification by gpgv/sqv because that was historically easier than to reason about what part of InRelease gpgv was saying is signed after verification (--output is an addition for gpgv somewhere in the 2.x track). > > - Nice to have: don't add round-trip latency fetching multiple files. > > This one argues for putting everyhing in one file, such as extending > > InRelease. The main argument for InRelease was that Release and Release.gpg were frequently out-of-sync due to different caching and/or different mirrors answering the two requests (go read Simon McVitties reply explaining that in more detail). libapt didn't as Release files are technically optional – never mind signing them – so it requests Release before attempting Release.gpg (I am ignoring that it tries InRelease first of course), but given our HTTP/1.1 client supports pipelining (although servers and proxies might not) it could have requested both and just deal with the result. It wasn't implemented so far as pipelining is historically so buggy, that src:apt only does it if it has hashsums for the files it requests and can hence detect and potentially fix mess ups. No such thing for Release files. > We could also create an extra file, maybe "SigRelease" that uses an > extensible format that allows multiple signatures. The mentioned splitter code happily deals with multiple PGP SIGNATURE blocks, so if you can somehow massage whatever signature data you want to transport and not make gpgv/sqv barf in the process… The problem with multiple signatures in one file is that the tool(s) creating them have to know what they sign and the tool(s) verifying them have to know what was signed. Don't make that too complicated as clients like debootstrap will ideally want something available everywhere to do the verify for them and get the data that was signed – they don't tend to bend over backwards to implement it, hence why InRelease wasn't implemented in many for a LONG while. Also not that e.g. for stable you want to have multiple signatures of the same type as e.g. the Archive team and the Release team sign a release and that ideally not at the same time, so combining signatures becomes a thing. Anyway, as that thread started with a mail from Julian, you might remember this one: https://wiki.debian.org/Teams/Apt/Spec/AptSign Best regards David Kalnischkies
Back to linux.debian.devel | Previous | Next — Previous in thread | Next in thread | Find similar
Hard Rust requirements from May onward Julian Andres Klode <jak@debian.org> - 2025-10-31 21:50 +0100
Re: Hard Rust requirements from May onward John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> - 2025-10-31 22:40 +0100
Re: Hard Rust requirements from May onward Simon Richter <sjr@debian.org> - 2025-11-01 04:20 +0100
Re: Hard Rust requirements from May onward Geert Stappers <stappers@stappers.nl> - 2025-11-01 08:40 +0100
Re: Hard Rust requirements from May onward Bjørn Mork <bjorn@mork.no> - 2025-11-01 13:40 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-01 14:40 +0100
Re: Hard Rust requirements from May onward Andrey Rakhmatullin <wrar@debian.org> - 2025-11-01 15:40 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-01 20:40 +0100
Re: Hard Rust requirements from May onward Philipp Kern <pkern@debian.org> - 2025-11-01 21:10 +0100
Re: Hard Rust requirements from May onward Holger Levsen <holger@layer-acht.org> - 2025-11-02 00:20 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-02 10:30 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-02 10:40 +0100
Re: Hard Rust requirements from May onward Philipp Kern <pkern@debian.org> - 2025-11-09 21:40 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-09 23:00 +0100
Re: Hard Rust requirements from May onward Philipp Kern <phil@philkern.de> - 2025-11-09 23:30 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-10 11:40 +0100
Re: Hard Rust requirements from May onward Andrey Rakhmatullin <wrar@debian.org> - 2025-11-10 12:20 +0100
Re: Hard Rust requirements from May onward Holger Levsen <holger@layer-acht.org> - 2025-11-10 13:40 +0100
Re: Hard Rust requirements from May onward Simon Richter <sjr@debian.org> - 2025-11-10 04:10 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-10 12:00 +0100
Re: Hard Rust requirements from May onward Simon Richter <sjr@debian.org> - 2025-11-10 15:00 +0100
Re: Hard Rust requirements from May onward David Kalnischkies <david@kalnischkies.de> - 2025-11-10 17:50 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-10 20:20 +0100
Re: Hard Rust requirements from May onward Simon Josefsson <simon@josefsson.org> - 2025-11-10 20:30 +0100
Re: purpose of InRelease in apt [was: non-GPG signatures; was: Rust requirements] Simon McVittie <smcv@debian.org> - 2025-11-10 17:10 +0100
Re: purpose of InRelease in apt [was: non-GPG signatures; was: Rust requirements] Stefano Rivera <stefanor@debian.org> - 2025-11-13 13:20 +0100
Re: purpose of InRelease in apt [was: non-GPG signatures; was: Rust requirements] Simon Josefsson <simon@josefsson.org> - 2025-11-13 18:20 +0100
Re: Hard Rust requirements from May onward Russ Allbery <rra@debian.org> - 2025-11-01 17:50 +0100
Re: Hard Rust requirements from May onward Christoph Biedl <debian.axhn@manchmal.in-ulm.de> - 2025-11-05 09:10 +0100
Re: Re: Hard Rust requirements from May onward John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> - 2025-11-02 11:20 +0100
Re: Hard Rust requirements from May onward Antoni Boucher <bouanto@zoho.com> - 2025-11-01 16:30 +0100
Re: Hard Rust requirements from May onward John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> - 2025-11-02 11:50 +0100
Re: Hard Rust requirements from May onward Antoni Boucher <bouanto@zoho.com> - 2025-11-02 16:30 +0100
Re: Hard Rust requirements from May onward Julian Andres Klode <jak@debian.org> - 2025-10-31 22:50 +0100
Re: Hard Rust requirements from May onward Paul Tagliamonte <paultag@debian.org> - 2025-11-01 15:20 +0100
Re: Hard Rust requirements from May onward Paul Tagliamonte <paultag@debian.org> - 2025-11-01 15:20 +0100
Re: Re: Hard Rust requirements from May onward John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> - 2025-11-02 11:30 +0100
Re: Hard Rust requirements from May onward Bill Allombert <ballombe@debian.org> - 2025-11-02 15:40 +0100
Re: Hard Rust requirements from May onward Joerg Jaspert <joerg@debian.org> - 2025-11-02 13:10 +0100
Re: Hard Rust requirements from May onward Richard Lewis <richard.lewis.debian@googlemail.com> - 2025-11-02 16:20 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-02 18:10 +0100
Re: Hard Rust requirements from May onward Julian Andres Klode <jak@debian.org> - 2025-11-02 17:30 +0100
Re: Hard Rust requirements from May onward Joerg Jaspert <joerg@debian.org> - 2025-11-02 17:40 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-03 23:20 +0100
Re: Hard Rust requirements from May onward Ansgar 🙀 <ansgar@debian.org> - 2025-11-04 07:30 +0100
Re: Hard Rust requirements from May onward Mike Hommey <mh@glandium.org> - 2025-11-04 08:10 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 11:50 +0100
Re: Hard Rust requirements from May onward Simon Richter <sjr@debian.org> - 2025-11-04 12:10 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 13:30 +0100
Vendoring Simon Richter <sjr@debian.org> - 2025-11-04 13:50 +0100
Re: Hard Rust requirements from May onward Holger Levsen <holger@layer-acht.org> - 2025-11-04 13:20 +0100
Re: Hard Rust requirements from May onward Simon Richter <sjr@debian.org> - 2025-11-04 13:30 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 16:00 +0100
Re: Hard Rust requirements from May onward Holger Levsen <holger@layer-acht.org> - 2025-11-04 16:50 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 19:40 +0100
Re: Hard Rust requirements from May onward Stephan Verbücheln <verbuecheln@posteo.de> - 2025-11-04 15:30 +0100
Re: Hard Rust requirements from May onward Fabian Grünbichler <debian@fabian.gruenbichler.email> - 2025-11-04 18:40 +0100
Re: Hard Rust requirements from May onward Fabian Grünbichler <debian@fabian.gruenbichler.email> - 2025-11-04 18:30 +0100
Re: Hard Rust requirements from May onward Sebastian Ramacher <sramacher@debian.org> - 2025-11-04 19:10 +0100
Re: Hard Rust requirements from May onward Fabian Grünbichler <debian@fabian.gruenbichler.email> - 2025-11-04 19:40 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 20:10 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-04 21:50 +0100
Re: Hard Rust requirements from May onward Fabian Grünbichler <debian@fabian.gruenbichler.email> - 2025-11-05 07:50 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-05 12:10 +0100
Re: Hard Rust requirements from May onward Adrian Bunk <bunk@debian.org> - 2025-11-05 18:40 +0100
Re: Hard Rust requirements from May onward Philipp Kern <pkern@debian.org> - 2025-11-06 22:10 +0100
Re: Hard Rust requirements from May onward Sean Whitton <spwhitton@spwhitton.name> - 2025-11-05 16:00 +0100
Re: Hard Rust requirements from May onward David Kalnischkies <david@kalnischkies.de> - 2025-11-03 13:40 +0100
apt-ftparchive alternatives (was: Hard Rust requirements from May onward) Jeremy Stanley <fungi@yuggoth.org> - 2025-11-03 19:00 +0100
Re: apt-ftparchive alternatives (was: Hard Rust requirements from May onward) nick black <dankamongmen@gmail.com> - 2025-11-03 19:50 +0100
Re: apt-ftparchive alternatives (was: Hard Rust requirements from May onward) Jeremy Stanley <fungi@yuggoth.org> - 2025-11-03 20:00 +0100
Re: apt-ftparchive alternatives (was: Hard Rust requirements from May onward) Peter Pentchev <roam@ringlet.net> - 2025-11-03 21:00 +0100
Re: apt-ftparchive alternatives Richard Lewis <richard.lewis.debian@googlemail.com> - 2025-11-15 14:00 +0100
Re: apt-ftparchive alternatives (was: Hard Rust requirements from May onward) David Kalnischkies <david@kalnischkies.de> - 2025-11-05 16:10 +0100
Re: apt-ftparchive alternatives Ahmad Khalifa <ahmad@khalifa.ws> - 2025-11-06 22:20 +0100
Re: apt-ftparchive alternatives David Kalnischkies <david@kalnischkies.de> - 2025-11-09 17:00 +0100
Re: apt-ftparchive alternatives Ahmad Khalifa <ahmad@khalifa.ws> - 2025-11-09 21:50 +0100
Re: apt-ftparchive alternatives David Kalnischkies <david@kalnischkies.de> - 2025-11-10 14:00 +0100
csiph-web