You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1.8 KiB

Changing expiry of the amprolla3 key

(rrq: 2022-09-03)

NOTE: The amprolla3 singing keys are located at amprolla, owned by ~amprolla, and held in the pgp "homedir" ~/amprolla/gnupg

Log on to amprolla as ~amprolla, and cd to ~/amprolla. Create a new key or change the expiry of an existing primary key and of the subkey:

$ gpg --homedir gnupg/ --edit-key BB23C00C61FC752C
gpg> key 0
gpg> expire
... 1y
gpg> key 1
gpg> expire
... 1y
gpg> save

$ gpg --homedir gnupg/ -a --export BB23C00C61FC752C > x.gpg

Now x.pgp is the public key that should be imported into the devuan-keyring package.

Update devuan-keyring

Clone this devuan-keyring project. The keyrings are generated from the public keys with extension .gpg in the subdirectories below public_keys:

individuals -> devuan-keyring.gpg archive -> devuan-archive-keyring.gpg removed -> devuan-removed-keys.gpg

Place the new key (OpenPGP binary format) in a file into the relevant directory. Obsolete keys can be moved to removed rather than deleted.

Note that public keys in the archive folder are included in both /usr/share/keyrings/devuan-archive-keyring.gpg and /etc/apt/trusted.gpg.d/. However, dpkg(1) treats the latter as deb-conffiles(5) which require special package handling to remove them from end users' systems. If removal is required, in addition to removing the key from this directory, add

rm_conffile /etc/apt/trusted.gpg.d/<filename> <version> devuan-keyring

to d/devuan-keyring.maintscript as described in dh_installdeb(1).

Existing public keys can be refreshed from Devuan's Keyserver by running

make refresh

Commit changes and update debian/changelog before building the devuan-keyring package for unstable.