Package: release.debian.org Severity: normal Tags: bullseye User: release.debian....@packages.debian.org Usertags: pu
[ Reason ] This update fixes the download of container images using the "download" template. pool.sks-keyservers.net is not active anymore, so the patch (already included in the upstream release present in sid/bookworm) changes that to keyserver.ubuntu.com. [ Impact ] Creating containers with the lxc-download template (`-t download`) does not work because the key that signs the images cannot be retrieved. [ Tests ] This has been tested on lxc and was verified to fix the issue. The patch is trivial. [ Risks ] None. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Replace pool.sks-keyservers.net with keyserver.ubuntu.com.
diff --git a/debian/changelog b/debian/changelog
index 6a5c2db..e6bcbc6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+lxc (1:4.0.6-2+deb11u1) bullseye; urgency=medium
+
+ * lxc-download: Switch GPG server.
+ The default server used to download gpg keys from has ben deprecated,
+ and therefore creating containers using the `download` template is now
+ broken. This is fixed with an upstream patch by Stéphane Graber that
+ points to a valid server. (Closes: #991615)
+
+ -- Antonio Terceiro <terce...@debian.org> Thu, 13 Jan 2022 16:57:39 -0300
+
lxc (1:4.0.6-2) unstable; urgency=medium
* d/contrib/lxc-net: Add a commented dnsmasq reference for the users to be
diff --git a/debian/patches/0005-lxc-download-Switch-GPG-server.patch b/debian/patches/0005-lxc-download-Switch-GPG-server.patch
new file mode 100644
index 0000000..ac7074c
--- /dev/null
+++ b/debian/patches/0005-lxc-download-Switch-GPG-server.patch
@@ -0,0 +1,30 @@
+From: =?utf-8?q?St=C3=A9phane_Graber?= <stgra...@ubuntu.com>
+Date: Sun, 27 Jun 2021 23:42:52 -0400
+Subject: lxc-download: Switch GPG server
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
+---
+ templates/lxc-download.in | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/templates/lxc-download.in b/templates/lxc-download.in
+index d688b8f..2f6cf2a 100644
+--- a/templates/lxc-download.in
++++ b/templates/lxc-download.in
+@@ -56,11 +56,11 @@ LXC_PATH=
+ LXC_ROOTFS=
+
+ if [ -z "${DOWNLOAD_KEYSERVER:-}" ]; then
+- DOWNLOAD_KEYSERVER="hkp://pool.sks-keyservers.net"
++ DOWNLOAD_KEYSERVER="hkp://keyserver.ubuntu.com"
+
+ # Deal with GPG over http proxy
+ if [ -n "${http_proxy:-}" ]; then
+- DOWNLOAD_KEYSERVER="hkp://p80.pool.sks-keyservers.net:80"
++ DOWNLOAD_KEYSERVER="hkp://keyserver.ubuntu.com:80"
+ DOWNLOAD_GPG_PROXY="--keyserver-options http-proxy=\"${http_proxy}\""
+ fi
+ fi
diff --git a/debian/patches/series b/debian/patches/series
index f952766..d98fa8f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
0005-lxc.service-Starts-after-remote-fs.target.patch
0006-lxc.pc.in-removes-DLOG_LIBS-which-is-not-expanded-up.patch
0007-conf-fix-containers-retaining-CAP_NET_ADMIN.patch
+0005-lxc-download-Switch-GPG-server.patch
signature.asc
Description: PGP signature
