Launchpad itself

Copy PPA signing key to multiple private PPA

Asked by Philip Roche on 2021-03-25

A signing key from PPA https://launchpad.net/~nvidia-modules-private/+archive/ubuntu/gke/ has been added to a chain of trust to allow for installation of kernel modules built in that PPA when using secure boot.

We now have new PPAs which build new versions of those packages and kernel modules but are not using signing keys that are part of the chain of trust.

Please can the signing key from https://launchpad.net/~nvidia-modules-private/+archive/ubuntu/gke/ be copied to the following new private PPAs

* https://launchpad.net/~nvidia-modules-private/+archive/ubuntu/5.3-418/
* https://launchpad.net/~nvidia-modules-private/+archive/ubuntu/5.4-418/
* https://launchpad.net/~nvidia-modules-private/+archive/ubuntu/5.4-450/
* https://launchpad.net/~nvidia-modules-private/+archive/ubuntu/20.04-5.4-450/

Both apw and vorlon have +1'd this request.

Question information

Language:
English Edit question
Status:
Answered
For:
Launchpad itself Edit question
Assignee:
No assignee Edit question
Last query:
2021-03-25
Last reply:
2021-04-01
Andy Whitcroft (apw) said : #1

+1 to using a common key in all of these build PPAs.

Colin Watson (cjwatson) said : #2

We'll need to add a --force or --overwrite or similar option to our copy-signingkeys script first, since it sounds as though kmod signing keys were already autogenerated for them.

Thiago F. Pappacena (pappacena) said : #3

Added the "--overwrite" option here: https://code.launchpad.net/~pappacena/launchpad/+git/launchpad/+merge/400277

This should reach production soon, and then we will be able to do the copy.

Thiago F. Pappacena (pappacena) said : #4

philroche / apw,

the kmod key from ~nvidia-modules-private/ubuntu/gke was copied successfully to the requested archives.

Let us know if you have any problem.

Can you help with this problem?

Provide an answer of your own, or ask Philip Roche for more information if necessary.

To post a message you must log in.