File: README.maintainer

package info (click to toggle)
debian-archive-keyring 2017.5+deb9u1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 316 kB
  • sloc: makefile: 53; sh: 23
file content (61 lines) | stat: -rw-r--r-- 1,952 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
Maintainer notes
================

Adding a new team member key
----------------------------

make keyrings/team-members.gpg
gpg --no-default-keyring --keyring keyrings/team-members.gpg \
  --no-auto-check-trustdb --import $KEYFILE
jetring-gen keyrings/team-members.gpg~ keyrings/team-members.gpg \
  "add adsb (ID: C5CE5DC2C542CD59)"
jetring-accept team-members/ add-C5CE5DC2C542CD59 

Adding a new archive key
------------------------

make keyrings/debian-archive-keyring.gpg
gpg --no-default-keyring --keyring keyrings/debian-archive-keyring.gpg \
  --no-auto-check-trustdb --import $KEYFILE
jetring-gen keyrings/debian-archive-keyring.gpg~ \
  keyrings/debian-archive-keyring.gpg \
  "add jessie automatic key (security)"
mv add-9D6D8F6BC857C906 add-jessie-security-automatic
jetring-accept active-keys/ add-jessie-security-automatic

Note that the filenames used for the changeset filenames must never be
subsets of another changeset filename, or the keyring build will
over-eagerly remove them and then fail.

Removing an archive key
-----------------------

[There should be a better way of doing this]

Copy the corresponding entry from active-keys/index to removed-keys/index
Move active-keys/add-$foo to removed-keys/
gpg --detach-sign --output removed-keys/index.gpg --armor --sign \
  removed-keys/index
Remove the relevant entry from active-keys/index
gpg --detach-sign --output active-keys/index.gpg --armor --sign \
  active-keys/index

Confirm that the result was as expected by:

make clean
make keyrings/debian-archive-keyring.gpg
make keyrings/debian-archive-removed-keys.gpg

and checking the contents of each keyring

Add an entry to debian/debian-archive-keyring.maintscript:

rm_conffile /etc/apt/trusted.gpg.d/debian-archive-${foo}.gpg ${version}~~

Pre-build
---------

gpg --armor --detach-sign keyrings/debian-archive-keyring.gpg

If any keys were removed:
gpg --armor --detach-sign keyrings/debian-archive-removed-keys.gpg