diff options
| author |  Mubashshir <ahm@jadupc.com> | 2023-02-15 15:37:47 +0600 |
|---|---|---|
| committer | Mubashshir <ahm@jadupc.com> | 2023-02-15 15:38:02 +0600 |
| commit | 1f972ea8f4cbf984ac972b3471903b156e39d283 (patch) | |
| tree | 39d8ebed6bd1b6828db97f9d0a7d1fe666880ac9 /README.maintainer | |
| download | jadupc-archive-keyring-1f972ea8f4cbf984ac972b3471903b156e39d283.tar.gz jadupc-archive-keyring-1f972ea8f4cbf984ac972b3471903b156e39d283.zip | |
Initial release
Signed-off-by: Mubashshir <ahm@jadupc.com>
Diffstat (limited to 'README.maintainer')
| -rw-r--r-- | README.maintainer | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/README.maintainer b/README.maintainer new file mode 100644 index 0000000..e10d989 --- /dev/null +++ b/README.maintainer @@ -0,0 +1,61 @@ +Maintainer notes +================ + +Adding a new team member key +---------------------------- + +make keyrings/team-members.gpg +gpg --no-default-keyring --keyring keyrings/team-members.gpg \ + --no-auto-check-trustdb --import $KEYFILE +jetring-gen keyrings/team-members.gpg~ keyrings/team-members.gpg \ + "add adsb (ID: C5CE5DC2C542CD59)" +jetring-accept team-members/ add-C5CE5DC2C542CD59 + +Adding a new archive key +------------------------ + +make keyrings/debian-archive-keyring.gpg +gpg --no-default-keyring --keyring keyrings/debian-archive-keyring.gpg \ + --no-auto-check-trustdb --import $KEYFILE +jetring-gen keyrings/debian-archive-keyring.gpg~ \ + keyrings/debian-archive-keyring.gpg \ + "add jessie automatic key (security)" +mv add-9D6D8F6BC857C906 add-jessie-security-automatic +jetring-accept active-keys/ add-jessie-security-automatic + +Note that the filenames used for the changeset filenames must never be +subsets of another changeset filename, or the keyring build will +over-eagerly remove them and then fail. + +Removing an archive key +----------------------- + +[There should be a better way of doing this] + +Copy the corresponding entry from active-keys/index to removed-keys/index +Move active-keys/add-$foo to removed-keys/ +gpg --detach-sign --output removed-keys/index.gpg --armor --sign \ + removed-keys/index +Remove the relevant entry from active-keys/index +gpg --detach-sign --output active-keys/index.gpg --armor --sign \ + active-keys/index + +Confirm that the result was as expected by: + +make clean +make keyrings/debian-archive-keyring.gpg +make keyrings/debian-archive-removed-keys.gpg + +and checking the contents of each keyring + +Add an entry to debian/debian-archive-keyring.maintscript: + +rm_conffile /etc/apt/trusted.gpg.d/debian-archive-${foo}.gpg ${version}~~ + +Pre-build +--------- + +gpg --armor --detach-sign keyrings/debian-archive-keyring.gpg + +If any keys were removed: +gpg --armor --detach-sign keyrings/debian-archive-removed-keys.gpg |