PPAs Management Improved in Ubuntu 23.01 for Enhanced Security
Canonical confirmed that they had been developing a new method for managing PPAs (Personal Packaging Archives) in the next Ubuntu 23.10 (Mantic Minotaur) release.
The development of Ubuntu 23.10 began around the end of April 2023, and new features are currently starting to appear in the forthcoming version. Julian Andres Klode of Canonical has mentioned one of these new improvements, which we will discuss in this blog post.
Improvements to PPAs Management
Personal Package Archives are software repositories that offer Ubuntu users a simpler installation process compared to other third-party repositories. They are useful for distributing pre-release software, allowing for effective testing and evaluation.
To manage PPAs, Ubuntu previously used a traditional .list file located in the /etc/apt/sources.list.d
directory associated with a GPU keyring on the /etc/apt/trusted.gpg.d
file.
However, starting with version 23.10, it will use a new approach for managing PPAs. PPAs will now be added as .sources files in deb822 format, which embed the keys directly into the Signed-By field of the file. This change brings several key benefits:
- Removing a repository will also remove its associated key.
- 1:1 relationship between the PPA and its key, which means the key is dedicated to the specific PPA and cannot be used for other repositories. Additionally, it is not possible to utilize other keys to sign the PPA.
These enhancements will significantly improve the security and reliability of managing PPAs on Ubuntu systems.
In contrast to adding external repositories, working with PPAs involves a slight difference. Users did not need to manually import GPG keys and add them to the /etc/apt/trusted.gpg.d
directory in earlier Ubuntu versions. The PPA mechanism itself took care of these steps, automatically adding the associated GPG key to the directory. Users had no active role in this process.
Conclusion
If you rely on multiple PPAs in your Ubuntu system, the change introduced in Ubuntu 23.10 might catch your attention and encourage you to upgrade. Alongside this change, Ubuntu 23.10 will include the latest GNOME 45 desktop environment, the Linux kernel 6.5 kernel series, as well as the latest GNU/Linux technologies and Open Source applications. The final release of Ubuntu 23.10, codename Mantic Minotaur, will arrive this year on October 12.
The sources for this article include a story from 9to5Linux.