Page 1 of 1

Updates on the SolydXK Keyring package

Posted: 25 Nov 2018 11:17
by Arjen Balfoort
There were some changes on the SolydXK Keyring Package.

A bug was found that when the package solydxk-keyring was reinstalled, the login manager would not recognize any user and it was impossible to login after that.

To solve the issue the following packages had to be updated:
  • solydxk-keyring
  • solydxk-system
  • solydk-system-adjustments-9
  • solydk-system-adjustments-10
The keyring itself was not changed, only the package. So, it is safe to upgrade these packages.

ilu suggests to change the gnupg.conf provided by solydxk-system.
Currently, gnupg.conf looks like this:

Code: Select all

# Set the remote key server
keyserver hkps://

# Use the GPG agent for key management and decryption

# Specify the hash algorithms to be used for new keys as available
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

# Set the list of personal digest preferences. Use gpg2 --version to get a list of available algorithms.
personal-digest-preferences SHA512

# Use SHA512 as the hash when making key signatures
cert-digest-algo SHA512

# Set the default key for signing
#default-key  [keyname]

# Use the default key as default recipient if option --recipient is not used
This was the result after I removed some variables that I thought were very specific for the person who created the conf file for his/her own purpose. This is the link: ... g/gpg.conf

What are your thoughts on this?

latest solydxk-system and -keyring update

Posted: 25 Nov 2018 11:17
by ilu
@Arjen Balfoort

Upon installation a debconf window shows up, asking whether I wish to keep the local config or install the new one - a question the average user won't be able to answer. If you close the window you will end up with a half-configured system. sudo dpkg --configure -a will send you back to the same question, default is to keep the local version. Some users will choose this, others that. So now you can't be sure what the user has chosen. That's why I think a prior announcement would have been good.

Also the change to gnupg.conf will only effect newly created users. I'm not sure what you wanted to achieve. This is for repo and package signing, right? Using hkps:// is certainly a good idea, as are the cipher settings. But since we already have the sks-keyservers CA in /usr/share/gnupg/ why not use that too? And maybe everybody should apply that?

Wouldn't it be good to apply all the proposed changes from ... l-together and ... g/gpg.conf?

Re: latest solydxk-system and -keyring update

Posted: 25 Nov 2018 18:18
by Arjen Balfoort
In this case, it doesn't really matter whether you're going to keep or replace the configuration files.

The files in /etc/skel are indeed there for new users. The GnuPG files are used for gpg verification of downloaded ISOs only and are provided by solydxk-system for the user's convenience, but are not essential and thus it doesn't matter whether the user keeps or overwrites these files. The GnuPG files for apt are provided by solydxk-keyring and can be found in /etc/apt/trusted.gpg.d.

I had that configuration when I started, but I left out the things I didn't understand or I didn't think a regular user would need it.

Perhaps we should move this to a public forum for others to pitch in?

Re: latest solydxk-system and -keyring update

Posted: 25 Nov 2018 20:05
by ilu
Just do so. The riseup page is an interesting read for people who'd like to use gnupg for more purposes than just ISO signature.

Re: Updates on the SolydXK Keyring package

Posted: 26 Nov 2018 07:11
by Arjen Balfoort
Moved this topic to the announcement topic.

Re: Updates on the SolydXK Keyring package

Posted: 26 Nov 2018 09:06
by palimmo
thanks for the piece of news!

Re: Updates on the SolydXK Keyring package

Posted: 27 Nov 2018 14:36
by Arjen Balfoort
I've updated the OP.

Re: Updates on the SolydXK Keyring package

Posted: 27 Nov 2018 18:30
by ydek

Thanks for the information.

Update: configuration file of solydxk-system has changed

Posted: 29 Nov 2018 15:19
by pkay42
I restarted my system the other day, and I got an alert message I have never seen before:

The configuration file of solydxk-system has changed.

The file in question is '/etc/skel/.gnupg/gpg.conf'

The keyserver is being changed to
keyserver hkps://

Is this correct? Is there a reason I am getting a large popup at all? This seems like something that would terrify and confuse my mother, if it appeared on her computer screen at startup. If it's a necessary change, is there a way to make it seamless in the future?



Re: Updates on the SolydXK Keyring package

Posted: 29 Nov 2018 16:26
by Arjen Balfoort
I moved your post to the appropriate topic.

Yes, it is part of the keyring package change. See the OP for details.