Support gpgv for Release signature verification in install-debs.py (GnuPG 2.4/keyboxd hosts)

[richlander]

Summary

eng/common/cross/install-debs.py verifies the APT Release signature by invoking gpg --keyring <keyring> --verify. On hosts running GnuPG 2.4+ with keyboxd (e.g. Azure Linux 4.0), this pattern is fragile: gpg --keyring routes through the agent/keyboxd machinery rather than doing a simple, self-contained verification against the supplied keyring. Consumers building cross rootfs images on these distros have to patch the cloned arcade script to make it work.

The purpose-built tool for this job is gpgv, which verifies a detached signature against a fixed keyring with no agent, no keyboxd, and no mutation of any user keyring.

Where it lives today

https://github.com/dotnet/arcade/blob/main/eng/common/cross/install-debs.py

verify_command = ["gpg"]
if keyring:
    verify_command += ["--keyring", keyring]
verify_command += ["--verify", release_gpg_file.name, release_file.name]
result = subprocess.run(verify_command, ...)

Real-world workaround

dotnet/dotnet-buildtools-prereqs-docker PR #1674 (Azure Linux 4.0 .NET 11 image graph) clones arcade and sed-patches this script after the fact:

RUN git clone --depth 1 --single-branch https://github.com/dotnet/arcade /scripts && \
    sed -i \
        -e 's/verify_command = \["gpg"\]/verify_command = ["gpgv"]/' \
        -e 's/verify_command += \["--verify", release_gpg_file.name, release_file.name\]/verify_command += [release_gpg_file.name, release_file.name]/' \
        /scripts/eng/common/cross/install-debs.py

This is brittle: the sed expressions are tightly coupled to the exact source text and will silently no-op (falling back to the broken gpg path) the moment these lines are reformatted or refactored in arcade.

Ask

Support this verification pattern natively in install-debs.py so downstream consumers don't have to patch the cloned script. gpgv's invocation is essentially the same minus the --verify flag:

gpgv [--keyring <keyring>] <sigfile> <datafile>

Options to consider:

• Switch the verification to gpgv outright (it is available wherever gpg is and is the canonical tool for verify-against-keyring).
• Or auto-detect / add an opt-in flag (e.g. --use-gpgv) so newer-GnuPG hosts get correct behavior without a script patch.

Either approach removes the need for the sed workaround and makes rootfs builds robust on GnuPG 2.4+/keyboxd distros like Azure Linux 4.0.

Note

This issue was drafted with the assistance of GitHub Copilot.

[richlander]

Evidence and migration plan

I dug into where this verification actually runs and validated the gpgv switch end-to-end. Summary: the change is safe and self-contained.

1. There is exactly one verification call site

gpg is only invoked for signature verification in one place in eng/common/cross: install-debs.py → fetch_release_file (the gpg --keyring … --verify Release.gpg Release call). build-rootfs.sh merely selects the keyring file and passes --keyring/--force-check-gpg; tizen-build-rootfs.sh has no gpg usage. So a single focused edit covers all "verification tasks" in these scripts.

2. gpgv is available everywhere this path runs

In dotnet/dotnet-buildtools-prereqs-docker, the only images that exercise this path are Azure Linux Debian/Ubuntu cross images (42 build-rootfs.sh invocations; Alpine rootfs uses apk, and the qemu/debootstrap path already uses gpgv internally). On Azure Linux, gpg and gpgv are the same package — verified on the real images:

azurelinux/base/core:3.0                            gpg + gpgv  → gnupg2-2.4.9-2.azl3
prereqs:azurelinux-3.0-net11.0-crossdeps-builder    gpg + gpgv  → gnupg2-2.4.9-2.azl3

For arcade consumers on Debian/Ubuntu hosts, gpgv is an Essential package (APT depends on it), so it is always present. No environment that runs this code today lacks gpgv.

3. Functional equivalence validated end-to-end

On the real azurelinux-3.0-net11.0-crossdeps-builder image, against a genuine Ubuntu jammy Release/Release.gpg and the baked-in ubuntu-archive-keyring.gpg:

Test	gpg --verify (current)	gpgv (proposed)
Valid signature	PASS	PASS (Good signature from "Ubuntu Archive Automatic Signing Key")
Tampered Release	FAIL	FAIL (correctly rejected)

gpgv produces the same accept/reject decision while avoiding the agent/keyboxd machinery that makes gpg --keyring fragile on GnuPG 2.4+.

Plan

1. Switch the verification in install-debs.py from gpg to gpgv:

   verify_command = ["gpgv"]
   if keyring:
       verify_command += ["--keyring", keyring]
   verify_command += [release_gpg_file.name, release_file.name]

   (gpgv has no --verify flag — verifying is all it does — and otherwise takes the same --keyring/sig/data arguments.)
2. No change needed in build-rootfs.sh (it already passes --keyring).
3. This removes the need for downstream sed patching of the cloned arcade script (e.g. Add Azure Linux 4.0 .NET 11 image graph dotnet-buildtools-prereqs-docker#1674).

I'll open a PR implementing step 1.

Note

This comment was drafted with the assistance of GitHub Copilot.

[richlander]

CC @akoeplinger — this follows up on the gpgv workaround from dotnet/dotnet-buildtools-prereqs-docker#1674.

Note

This comment was created with the assistance of GitHub Copilot.