From 477f32c18bcde4150dbfafc3cb6335ce177fc498 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Tue, 29 Apr 2025 00:03:04 +0200 Subject: debian/NEWS: Document new requirements on trusted.gpg.d All files in apt directories must follow the run-parts requirements, the only allowed characters are: a-z, A-Z, 0-9, _, -, : and '.' if an extension is required, due to the use of the general GetFilesInDirectory() function. Other characters were previously supported as the directory was not enumerated by apt, but by apt-key, an 850ish line shell script using find "$TRUSTEDPARTS" -mindepth 1 -maxdepth 1 \( -name '*.gpg' -o -name '*.asc' \) which obviously does not share the same requirements. Document the difference in debian/NEWS, as it seems ill-advised to introduce a flag-carrying version of GetFilesInDirectory() for the sole purpose of a deprecated signing mechanism. Closes: #1104320 --- debian/NEWS | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'debian/NEWS') diff --git a/debian/NEWS b/debian/NEWS index 096415a6c..812e95e25 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -34,6 +34,12 @@ apt (2.9.15) unstable; urgency=medium This release stops using apt-key to verify the signatures. Final call to stop using it before it's gone next week. + Please note that due to the switch to internal verification, APT now + has the same requirements on files in trusted.gpg.d as for other .d + directories: Only alphanumerical characters, '_', '-', ':' and '.' + are supported, other characters such as '@' cause the file to silently + be ignored. + -- Julian Andres Klode Thu, 28 Nov 2024 19:31:24 +0100 apt (2.9.11) unstable; urgency=medium -- cgit v1.2.3-70-g09d2