aboutsummaryrefslogtreecommitdiff
path: root/README.maintainer
diff options
context:
space:
mode:
Diffstat (limited to 'README.maintainer')
-rw-r--r--README.maintainer61
1 files changed, 61 insertions, 0 deletions
diff --git a/README.maintainer b/README.maintainer
new file mode 100644
index 0000000..e10d989
--- /dev/null
+++ b/README.maintainer
@@ -0,0 +1,61 @@
+Maintainer notes
+================
+
+Adding a new team member key
+----------------------------
+
+make keyrings/team-members.gpg
+gpg --no-default-keyring --keyring keyrings/team-members.gpg \
+ --no-auto-check-trustdb --import $KEYFILE
+jetring-gen keyrings/team-members.gpg~ keyrings/team-members.gpg \
+ "add adsb (ID: C5CE5DC2C542CD59)"
+jetring-accept team-members/ add-C5CE5DC2C542CD59
+
+Adding a new archive key
+------------------------
+
+make keyrings/debian-archive-keyring.gpg
+gpg --no-default-keyring --keyring keyrings/debian-archive-keyring.gpg \
+ --no-auto-check-trustdb --import $KEYFILE
+jetring-gen keyrings/debian-archive-keyring.gpg~ \
+ keyrings/debian-archive-keyring.gpg \
+ "add jessie automatic key (security)"
+mv add-9D6D8F6BC857C906 add-jessie-security-automatic
+jetring-accept active-keys/ add-jessie-security-automatic
+
+Note that the filenames used for the changeset filenames must never be
+subsets of another changeset filename, or the keyring build will
+over-eagerly remove them and then fail.
+
+Removing an archive key
+-----------------------
+
+[There should be a better way of doing this]
+
+Copy the corresponding entry from active-keys/index to removed-keys/index
+Move active-keys/add-$foo to removed-keys/
+gpg --detach-sign --output removed-keys/index.gpg --armor --sign \
+ removed-keys/index
+Remove the relevant entry from active-keys/index
+gpg --detach-sign --output active-keys/index.gpg --armor --sign \
+ active-keys/index
+
+Confirm that the result was as expected by:
+
+make clean
+make keyrings/debian-archive-keyring.gpg
+make keyrings/debian-archive-removed-keys.gpg
+
+and checking the contents of each keyring
+
+Add an entry to debian/debian-archive-keyring.maintscript:
+
+rm_conffile /etc/apt/trusted.gpg.d/debian-archive-${foo}.gpg ${version}~~
+
+Pre-build
+---------
+
+gpg --armor --detach-sign keyrings/debian-archive-keyring.gpg
+
+If any keys were removed:
+gpg --armor --detach-sign keyrings/debian-archive-removed-keys.gpg
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-02 14:26:43 +0000