Updates on the SolydXK Keyring package

Important informations about SolydXK including releases notes, forum rules and other anouncements
User avatar
Arjen Balfoort
Site Admin
Posts: 8884
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Updates on the SolydXK Keyring package

Postby Arjen Balfoort » 25 Nov 2018 11:17

There were some changes on the SolydXK Keyring Package.

A bug was found that when the package solydxk-keyring was reinstalled, the login manager would not recognize any user and it was impossible to login after that.

To solve the issue the following packages had to be updated:
  • solydxk-keyring
  • solydxk-system
  • solydk-system-adjustments-9
  • solydk-system-adjustments-10
The keyring itself was not changed, only the package. So, it is safe to upgrade these packages.

[UPDATE]
ilu suggests to change the gnupg.conf provided by solydxk-system.
Currently, gnupg.conf looks like this:

Code: Select all

# Set the remote key server
keyserver hkps://hkps.pool.sks-keyservers.net

# Use the GPG agent for key management and decryption
use-agent

# Specify the hash algorithms to be used for new keys as available
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

# Set the list of personal digest preferences. Use gpg2 --version to get a list of available algorithms.
personal-digest-preferences SHA512

# Use SHA512 as the hash when making key signatures
cert-digest-algo SHA512

# Set the default key for signing
#default-key  [keyname]

# Use the default key as default recipient if option --recipient is not used
#default-recipient-self
This was the result after I removed some variables that I thought were very specific for the person who created the conf file for his/her own purpose. This is the link:
https://raw.githubusercontent.com/ioerr ... g/gpg.conf

What are your thoughts on this?


SolydXK needs you!
Development | Testing | Translations

User avatar
ilu
Posts: 2072
Joined: 09 Oct 2013 12:45

latest solydxk-system and -keyring update

Postby ilu » 25 Nov 2018 11:17

@Arjen Balfoort

Upon installation a debconf window shows up, asking whether I wish to keep the local config or install the new one - a question the average user won't be able to answer. If you close the window you will end up with a half-configured system. sudo dpkg --configure -a will send you back to the same question, default is to keep the local version. Some users will choose this, others that. So now you can't be sure what the user has chosen. That's why I think a prior announcement would have been good.

Also the change to gnupg.conf will only effect newly created users. I'm not sure what you wanted to achieve. This is for repo and package signing, right? Using hkps://hkps.pool.sks-keyservers.net is certainly a good idea, as are the cipher settings. But since we already have the sks-keyservers CA in /usr/share/gnupg/ why not use that too? And maybe everybody should apply that?

Wouldn't it be good to apply all the proposed changes from https://riseup.net/en/security/message- ... l-together and https://raw.githubusercontent.com/ioerr ... g/gpg.conf?

User avatar
Arjen Balfoort
Site Admin
Posts: 8884
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: latest solydxk-system and -keyring update

Postby Arjen Balfoort » 25 Nov 2018 18:18

In this case, it doesn't really matter whether you're going to keep or replace the configuration files.

The files in /etc/skel are indeed there for new users. The GnuPG files are used for gpg verification of downloaded ISOs only and are provided by solydxk-system for the user's convenience, but are not essential and thus it doesn't matter whether the user keeps or overwrites these files. The GnuPG files for apt are provided by solydxk-keyring and can be found in /etc/apt/trusted.gpg.d.

I had that configuration when I started, but I left out the things I didn't understand or I didn't think a regular user would need it.

Perhaps we should move this to a public forum for others to pitch in?


SolydXK needs you!
Development | Testing | Translations

User avatar
ilu
Posts: 2072
Joined: 09 Oct 2013 12:45

Re: latest solydxk-system and -keyring update

Postby ilu » 25 Nov 2018 20:05

Just do so. The riseup page is an interesting read for people who'd like to use gnupg for more purposes than just ISO signature.

User avatar
Arjen Balfoort
Site Admin
Posts: 8884
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: Updates on the SolydXK Keyring package

Postby Arjen Balfoort » 26 Nov 2018 07:11

Moved this topic to the announcement topic.


SolydXK needs you!
Development | Testing | Translations

User avatar
palimmo
Posts: 765
Joined: 19 Nov 2013 19:44
Contact:

Re: Updates on the SolydXK Keyring package

Postby palimmo » 26 Nov 2018 09:06

thanks for the piece of news!
Proud user of SolydK!

Dai diamanti non nasce niente, dal letame nascono i fior. http://aquilone.wordpress.com/

User avatar
Arjen Balfoort
Site Admin
Posts: 8884
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: Updates on the SolydXK Keyring package

Postby Arjen Balfoort » 27 Nov 2018 14:36

I've updated the OP.


SolydXK needs you!
Development | Testing | Translations

User avatar
ydek
Posts: 18
Joined: 21 Jun 2018 16:18
Location: Brasil

Re: Updates on the SolydXK Keyring package

Postby ydek » 27 Nov 2018 18:30

@Arjen

Thanks for the information.

pkay42
Posts: 5
Joined: 10 Nov 2017 02:57

Update: configuration file of solydxk-system has changed

Postby pkay42 » 29 Nov 2018 15:19

I restarted my system the other day, and I got an alert message I have never seen before:

The configuration file of solydxk-system has changed.

The file in question is '/etc/skel/.gnupg/gpg.conf'

The keyserver is being changed to
keyserver hkps://hkps.pool.sks-keyservers.net

Is this correct? Is there a reason I am getting a large popup at all? This seems like something that would terrify and confuse my mother, if it appeared on her computer screen at startup. If it's a necessary change, is there a way to make it seamless in the future?

Thanks,

--Peter

User avatar
Arjen Balfoort
Site Admin
Posts: 8884
Joined: 26 Jan 2013 19:36
Location: Netherlands
Contact:

Re: Updates on the SolydXK Keyring package

Postby Arjen Balfoort » 29 Nov 2018 16:26

@pkay42
I moved your post to the appropriate topic.

Yes, it is part of the keyring package change. See the OP for details.


SolydXK needs you!
Development | Testing | Translations


Return to “News & Anouncements”

Who is online

Users browsing this forum: No registered users and 5 guests