On Sat, Mar 10, 2018 at 10:33:21AM +0100, Marius Bakke wrote: > Efraim Flashner writes: > > > * gnu/packages/debian.scm (ubuntu-keyring): New variable. > > [...] > > > + (build-system trivial-build-system) > > + (arguments > > + `(#:modules ((guix build utils)) > > + #:builder (begin > > + (use-modules (guix build utils)) > > + (let* ((out (assoc-ref %outputs "out")) > > + (apt (string-append out "/etc/apt/trusted.gpg.d/")) > > + (key (string-append out "/share/keyrings/"))) > > + (setenv "PATH" (string-append > > + (assoc-ref %build-inputs "gzip") "/bin:" > > + (assoc-ref %build-inputs "tar") "/bin")) > > + (invoke "tar" "xvf" (assoc-ref %build-inputs "source")) > > + (for-each (lambda (file) > > + (install-file file key) > > + (install-file file apt)) > > + (find-files "." "\\.gpg$"))) > > + #t))) > > Why is having the same files in out/share/keyrings and > out/etc/apt/trusted.gpg.d necessary? > > (this was perhaps the case with the Debian keyring too?) This wasn't actually the case for the Debian keyring, I was more careful about installing the keyring files to the correct directories. I've gone ahead and fixed the Ubuntu ones. $ apt-file show debian-archive-keyring debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg debian-archive-keyring: /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg debian-archive-keyring: /usr/share/doc/debian-archive-keyring/README debian-archive-keyring: /usr/share/doc/debian-archive-keyring/changelog.gz debian-archive-keyring: /usr/share/doc/debian-archive-keyring/copyright debian-archive-keyring: /usr/share/keyrings/debian-archive-keyring.gpg debian-archive-keyring: /usr/share/keyrings/debian-archive-removed-keys.gpg $ tree /gnu/store/af8qx6kva04fzxm13sbjb998h1sqbrrz-debian-archive-keyring-2017.7/ /gnu/store/af8qx6kva04fzxm13sbjb998h1sqbrrz-debian-archive-keyring-2017.7/ |-- etc | `-- apt | `-- trusted.gpg.d | |-- debian-archive-jessie-automatic.gpg | |-- debian-archive-jessie-security-automatic.gpg | |-- debian-archive-jessie-stable.gpg | |-- debian-archive-stretch-automatic.gpg | |-- debian-archive-stretch-security-automatic.gpg | |-- debian-archive-stretch-stable.gpg | |-- debian-archive-wheezy-automatic.gpg | `-- debian-archive-wheezy-stable.gpg `-- share `-- keyrings |-- debian-archive-keyring.gpg `-- debian-archive-removed-keys.gpg $ apt-file show ubuntu-keyring ubuntu-keyring: /usr/share/doc/ubuntu-keyring/README.gz ubuntu-keyring: /usr/share/doc/ubuntu-keyring/changelog.gz ubuntu-keyring: /usr/share/doc/ubuntu-keyring/copyright ubuntu-keyring: /usr/share/keyrings/ubuntu-archive-keyring.gpg ubuntu-keyring: /usr/share/keyrings/ubuntu-archive-removed-keys.gpg ubuntu-keyring: /usr/share/keyrings/ubuntu-master-keyring.gpg $ tree /gnu/store/iayj7kvhd7y6dl50gf6i63calgirj6ry-ubuntu-keyring-2018.02.28/ /gnu/store/iayj7kvhd7y6dl50gf6i63calgirj6ry-ubuntu-keyring-2018.02.28/ |-- etc | `-- apt | `-- trusted.gpg.d | |-- ubuntu-cloud-keyring.gpg | |-- ubuntu-cloud-removed-keys.gpg | |-- ubuntu-cloudimage-keyring.gpg | |-- ubuntu-cloudimage-removed-keys.gpg | |-- ubuntu-dbgsym-keyring.gpg | |-- ubuntu-dbgsym-removed-keys.gpg | |-- ubuntu-keyring-2012-archive.gpg | |-- ubuntu-keyring-2012-cdimage.gpg | |-- ubuntu-keyring-2012-cloud-archive.gpg | `-- ubuntu-keyring-2016-dbgsym.gpg `-- share `-- keyrings |-- ubuntu-archive-keyring.gpg |-- ubuntu-archive-removed-keys.gpg `-- ubuntu-master-keyring.gpg -- Efraim Flashner אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted