non-redistributible custom binary uploads
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
New
|
Undecided
|
Unassigned | ||
Bug Description
We are (soon going to be) using the archive KMOD signing key as an Ubuntu
drivers key to allow us to sign kernel modules into kernels after the
fact (ie not using the ephemeral key). This works well where the kernel
modules are redistributable. One of our use cases is the Nvidia kernel
modules which may only be redistributed in partially constructed form
(for final assembly by the end-user). In this case we wish to sign the
fully constructed form but distribute the components (and signature)
for later assembly. This works well as we are able to request sign-only
publication of that custom upload so that the embargoed bits are not
actually published into dists. However, the custom binary upload itself
is still published to the librarian which is undesirable.
We are able to avoid this publication by signing the .kos in a private
PPA but this does render the process significantly less transparent
for end-users, and also significantly more complex (and error prone)
for those preparing, reviewing, and promoting kernels.
We (think we) are looking for some mechanism by which we can either prevent
publication of the source of the custom upload, or alternatively encode
the contents of it such that they are not extractable other than by the
signing service. Ultimatly we are looking for any sensible solution
which would allow us to build all of the kernel components in the clear
without exposing the embargoed bits.
| Andy Whitcroft (apw) wrote | #1 |
We are moving ahead with adjunct private PPAs to avoid this issue.