aboutsummaryrefslogtreecommitdiff
path: root/README.maintainer
blob: 6d6ce0f22d1088c3a55d1b44846331228302589f (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

Maintainer notes
================

Adding a new team member key
----------------------------

make keyrings/team-members.gpg
gpg --no-default-keyring --keyring keyrings/team-members.gpg \
  --no-auto-check-trustdb --import $KEYFILE
jetring-gen keyrings/team-members.gpg~ keyrings/team-members.gpg \
  "add adsb (ID: C5CE5DC2C542CD59)"
jetring-accept team-members/ add-C5CE5DC2C542CD59 

or

./scripts/add-member "$KEYFILE" "C5CE5DC2C542CD59" "add adsb" 

Adding a new archive key
------------------------

make keyrings/jadupc-archive-keyring.gpg
gpg --no-default-keyring --keyring keyrings/jadupc-archive-keyring.gpg \
  --no-auto-check-trustdb --import $KEYFILE
jetring-gen keyrings/jadupc-archive-keyring.gpg~ \
  keyrings/jadupc-archive-keyring.gpg \
  "add shopno automatic key (security)"
mv add-9D6D8F6BC857C906 add-shopno-security-automatic
jetring-accept active-keys/ add-shopno-security-automatic

or

./scripts/add-archive $KEYFILE "9D6D8F6BC857C906" "shopno automatic key (security)"

Note that the filenames used for the changeset filenames must never be
subsets of another changeset filename, or the keyring build will
over-eagerly remove them and then fail.

Removing an archive key
-----------------------

[There should be a better way of doing this]

Copy the corresponding entry from active-keys/index to removed-keys/index
Move active-keys/add-$foo to removed-keys/
gpg --detach-sign --output removed-keys/index.gpg --armor --sign \
  removed-keys/index
Remove the relevant entry from active-keys/index
gpg --detach-sign --output active-keys/index.gpg --armor --sign \
  active-keys/index

Confirm that the result was as expected by:

make clean
make keyrings/jadupc-archive-keyring.gpg
make keyrings/jadupc-archive-removed-keys.gpg

and checking the contents of each keyring

Add an entry to jadupc/jadupc-archive-keyring.maintscript:

rm_conffile /etc/apt/trusted.gpg.d/jadupc-archive-${foo}.gpg ${version}~~

Pre-build
---------

gpg --armor --detach-sign keyrings/jadupc-archive-keyring.gpg

If any keys were removed:
gpg --armor --detach-sign keyrings/jadupc-archive-removed-keys.gpg
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-02 12:05:19 +0000