APT 2.8.0: Promote weak key warnings to errors

> ⚠️ Only land this in the release pocket after PPAs have been resigned

I am marking this incomplete, as it is unclear to me what the intended timeline is for the resigning, or if your comment about the release pocket should also apply to -updates.

The same caveat applies to -updates, but there is a question of whether we should ship 2.8.0 as this or make 2.8.0 different, I did not push a tag for it yet.

i.e. given that this is a stable release update that will break PPAs users currently have warnings for, it might make sense to make it break that a couple months down the road after we have a transition period, i.e. we can "timebomb" things by making apt treat the weak keys as expiring in August (August because we really want this sorted out by the point release when the big wave of 22.04 users upgrades).

We could also introduce a new version of software-properties-common that adds PPA key refresh. We should then trigger that by apt postinst, or in the software-properties-common postinst. I do not believe we need to enforce a strict ordering relationship here, so 2.8.0 as is should technically be good to go.

It's understandable that breaking existing repositories in a stable release is not optimal, however the warnings don't work as a security mechanism - we do not show you which weak keys are trusted, just which weak keys were used to sign the repository:

Hence if you have a 1024R key and a 4096R that can sign a repository, but it's signed by the 4096R key now, you don't see the 1024R key, and an attacker could resign the repository with it and silently attack you.

So this is something we do need to target for the first point release; we want users upgrading from 22.04 to not end up in the transitional stage where they have warnings.

Hello Julian, or anyone else affected,

Accepted apt into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/2.8.0 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted apt (2.8.0) for noble have finished running.
The following regressions have been reported in tests triggered by the package:

apport/2.28.1-0ubuntu2 (ppc64el)
auto-apt-proxy/14.1 (arm64)
autopkgtest/5.34ubuntu2 (amd64, arm64, ppc64el)
cron/3.0pl1-184ubuntu2 (s390x)
gcc-12/12.3.0-17ubuntu1 (armhf)
sbuild/0.85.7 (amd64, armhf, i386, s390x)
update-manager/1:24.04.6 (amd64, arm64, armhf, ppc64el, s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/noble/update_excuses.html#apt

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Removing the block-proposed tag for oracular

This bug was fixed in the package apt - 2.9.3

---------------
apt (2.9.3) unstable; urgency=medium

  [ Julian Andres Klode ]
  * Initial implementation ("alpha") of the 3.0 solver:
    This new solver is available using the --solver 3.0 option.
    Highlights:
    - Fully backtracking solver, think DPLL without pure literal elimination
    - Manually installed packages are not offered up for removal
    - New --no-strict-pinning option allows APT to fallback to non-candidate
      versions, e.g. apt install --no-strict-pinning foo/experimental installs
      foo from experimental and will switch dependencies where needed.
    - Autoremove is more aggressive and only keeps the strongest automatically
      installed package. For example, gcc-<version> will now be offered for
      removal and no longer kept around due libtool Depends: gcc | c-compiler
      and gcc-<version> Provides: c-compiler, as `gcc` is already satisfied.
    Caveats right now:
    - Test suite is not yet passing
    - The list of automatically removable packages is not displayed
      when automatically installed packages are not removed
    - Error information gets lost on backtracking (see Debug::APT::Solver=2)
    - Error information is just rendered as A -> B implication graphs,
      with some nodes perhaps containing a "not".
    - The logic for replacing obsolete manually installed packages with
      new replacement packages (think Conflits/Replaces/Provides) is not
      yet implemented.
    - Conflict-driven clause learning is not implemented, so backtracking
      is technically pretty inefficient.
  * Solver3 integration fixes:
    - test: Ignore progress output in comparing output..
    - test-allow-scores-for-all-dependency-types: Adjust for solver3
    - EDSP: Add "solver3" alias for apt-internal-solver
  * UI work:
    - Highlight essential removals with action::remove color
    - The text of notices and audits shall not be bold
    - Separate columns by 2 spaces in lists (Closes: #1070064)
  * Support src:name shortcuts in showsrc, source, build-dep commands

  [ David Kalnischkies ]
  * Do not ignore if a cmake execute_process fails
  * Avoid figuring which kept pkgs are phased if we don't display it
  * Match version constraints before saving garbage packages
  * Do not upgrade rev-deps ear-marked for removal
  * Drop sudo-related envvars in testing framework
  * Add test for dealing with unsat Suggests promoted to Recommends
  * Allow parsing an empty Provides line (Closes: #1069874)

  [ Frans Spiesschaert ]
  * Dutch program translation update (Closes: #1070142)
  * Dutch manpages translation update (Closes: #1070143)

 -- Julian Andres Klode <email address hidden> Tue, 14 May 2024 13:01:31 +0200