I2P_Developers/i2p.keyring.i2p
3
0
Fork 1
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
i2p.keyring.i2p/HOWTO-EXPIRED-KEY.txt

119 lines
3.5 KiB
Plaintext
Raw Permalink Blame History

Debian reprepro signing key is 5BCF1346 or 7840E7610F28B904753549D767ECE5605BCF1346
If you do all this SEVERAL DAYS BEFORE the key expires,
then users will pull the updated i2p-keyring package,
and all will go smoothly.
to update expiration
--------------------
1) Update the GPG key
gpg --edit-key 5BCF1346
list
key 0
expire
13m
key 1 (subkey 3CAB5E06)
expire
13m
save
2) Backup
If you didn't do the above on deb.i2p2.de, import the
public key with the new expiration to the gpg there
Also import the new 59683006 key there if it's been renewed since last time.
If you did do the above on deb.i2p2.de, import the
public key with the new expiration to your own box
gpg --export -a 7840E7610F28B904753549D767ECE5605BCF1346 > i2p-debian-repo.key.asc
scp i2p-debian-repo.key.asc ...
gpg --import i2p-debian-repo.key.asc
3) Send to key server
gpg --keyserver foo --send-keys 5BCF1346
keyservers: pool.sks-keyservers.net, pgp.mit.edu, keys.gnupg.net
4) Put the new public key files on the website
These files are linked from https://geti2p.net/debian
gpg --export -a 7840E7610F28B904753549D767ECE5605BCF1346 > i2p-debian-repo.key.asc
copy file to git i2p.www i2p2www/static/i2p-debian-repo.key.asc
gpg --export 7840E7610F28B904753549D767ECE5605BCF1346 > i2p-archive-keyring.gpg
copy file to git i2p.www i2p2www/static/i2p-archive-keyring.gpg
check in both and push
5) i2p-keyring package update
gpg --export -a 7840E7610F28B904753549D767ECE5605BCF1346 > keys/official_repo.key
checkout git i2p.keyring.i2p branch
Update debian/changelog
Update Extended.Version in build.xml
check in and push
Now build the new package:
ant debian-binary
ant debian-tarball
cd ../i2p-keyring-201x.xx.xx/
debuild -S -sa -k85F345DD59683006
Copy these files to a temp dir on the reprepro server:
i2p-keyring_201x.xx.xx.dsc
i2p-keyring_201x.xx.xx.tar.gz
i2p-keyring_201x.xx.xx_all.deb
i2p-keyring_201x.xx.xx_source.build
i2p-keyring_201x.xx.xx_source.changes
Now add the updated package to reprepro:
reprepro -v includedeb wheezy i2p-keyring_201x.xx.xx_all.deb
reprepro -v includedeb jessie i2p-keyring_201x.xx.xx_all.deb
reprepro -v includedeb stretch i2p-keyring_201x.xx.xx_all.deb
reprepro -v includedeb buster i2p-keyring_201x.xx.xx_all.deb
reprepro -v includedeb sid i2p-keyring_201x.xx.xx_all.deb
reprepro -v includedeb precise i2p-keyring_201x.xx.xx_all.deb
reprepro -v includedeb trusty i2p-keyring_201x.xx.xx_all.deb
reprepro -v includedeb xenial i2p-keyring_201x.xx.xx_all.deb
reprepro -v includedeb bionic i2p-keyring_201x.xx.xx_all.deb
reprepro -v includedeb focal i2p-keyring_201x.xx.xx_all.deb
...and newer
reprepro -v includedsc wheezy i2p-keyring_201x.xx.xx.dsc
reprepro -v includedsc jessie i2p-keyring_201x.xx.xx.dsc
reprepro -v includedsc stretch i2p-keyring_201x.xx.xx.dsc
reprepro -v includedsc buster i2p-keyring_201x.xx.xx.dsc
reprepro -v includedsc sid i2p-keyring_201x.xx.xx.dsc
reprepro -v includedsc precise i2p-keyring_201x.xx.xx.dsc
reprepro -v includedsc trusty i2p-keyring_201x.xx.xx.dsc
reprepro -v includedsc xenial i2p-keyring_201x.xx.xx.dsc
reprepro -v includedsc bionic i2p-keyring_201x.xx.xx.dsc
reprepro -v includedsc focal i2p-keyring_201x.xx.xx.dsc
...and newer
review changes:
reprepro ls i2p-keyring
6) Announce
Add a note to /var/www/debian/index.php
If you did all this before the old key expired, everything is good.
If not, you may have to tell people to
download the key used to sign the repository and add it to apt:
wget https://geti2p.net/_static/i2p-debian-repo.key.asc
sudo apt-key add i2p-debian-repo.key.asc
sudo apt-get update
Reference in New Issue View Git Blame Copy Permalink