Use gpgv instead of gpg for Release signature verification in install-debs.py

[richlander]

Summary

Switch the APT Release signature verification in eng/common/cross/install-debs.py from gpg to gpgv.

Today the script runs gpg --keyring <keyring> --verify Release.gpg Release. On hosts running GnuPG 2.4+ with keyboxd (e.g. Azure Linux 4.0), gpg --keyring routes verification through the agent/keyboxd machinery rather than doing a simple, self-contained check against the supplied keyring, which is fragile and can fail. gpgv is the purpose-built detached-signature verifier: it checks a signature against a fixed keyring with no agent, no keyboxd, and no mutation of any keyring.

This is the only signature-verification call site in eng/common/cross (build-rootfs.sh merely selects the keyring and passes --keyring/--force-check-gpg).

Change

verify_command = ["gpgv"]
if keyring:
    verify_command += ["--keyring", keyring]
verify_command += [release_gpg_file.name, release_file.name]

gpgv takes the same --keyring argument and the sig/data operands; it has no --verify flag because verifying is all it does.

Why this is safe

• gpgv is available wherever gpg is used for this path. On Azure Linux it is the same gnupg2 package as gpg (verified on azurelinux/base/core:3.0 and the real azurelinux-3.0-net11.0-crossdeps-builder image: both gpg and gpgv → gnupg2-2.4.9). On Debian/Ubuntu hosts gpgv is an Essential package (APT depends on it).
• The debootstrap rootfs path already uses gpgv internally, so this aligns the two paths.

Validation

Validated end-to-end inside the real azurelinux-3.0-net11.0-crossdeps-builder-amd64 image against a live Ubuntu jammy Release/Release.gpg and the baked-in ubuntu-archive-keyring.gpg:

Test	gpg --verify (before)	gpgv (after)
Valid signature	PASS	PASS (Good signature from "Ubuntu Archive Automatic Signing Key")
Tampered Release	FAIL	FAIL (correctly rejected)

Also ran the patched install-debs.py fetch_release_file directly in that image — it downloads and verifies the real Ubuntu Release via gpgv and prints Signature verified successfully.

Context

This removes the need for downstream consumers to sed-patch the cloned arcade script, e.g. dotnet/dotnet-buildtools-prereqs-docker#1674. Tracked by #17023.

Note

This PR was created with the assistance of GitHub Copilot.

[Copilot]

Pull request overview

Updates Arcade’s cross rootfs package installer to verify APT Release signatures using gpgv (detached-signature verifier) instead of gpg, avoiding GnuPG 2.4+ keyboxd/agent involvement that can make gpg --keyring ... --verify ... fragile on some hosts.

Changes:

• Switch Release.gpg verification command from gpg --verify to gpgv with the same keyring input.
• Add inline rationale explaining why gpgv is preferred for this use case.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[richlander]

CC @akoeplinger — this follows up on the gpgv workaround from dotnet/dotnet-buildtools-prereqs-docker#1674.

Note

This comment was created with the assistance of GitHub Copilot.