Maintainer notes
================
Adding a new team member key
----------------------------
make keyrings/team-members.gpg
gpg --no-default-keyring --keyring keyrings/team-members.gpg \
--no-auto-check-trustdb --import $KEYFILE
jetring-gen keyrings/team-members.gpg~ keyrings/team-members.gpg \
"add adsb (ID: C5CE5DC2C542CD59)"
jetring-accept team-members/ add-C5CE5DC2C542CD59
Adding a new archive key
------------------------
make keyrings/debian-archive-keyring.gpg
gpg --no-default-keyring --keyring keyrings/debian-archive-keyring.gpg \
--no-auto-check-trustdb --import $KEYFILE
jetring-gen keyrings/debian-archive-keyring.gpg~ \
keyrings/debian-archive-keyring.gpg \
"add jessie automatic key (security)"
mv add-9D6D8F6BC857C906 add-jessie-security-automatic
jetring-accept active-keys/ add-jessie-security-automatic
Note that the filenames used for the changeset filenames must never be
subsets of another changeset filename, or the keyring build will
over-eagerly remove them and then fail.
Removing an archive key
-----------------------
[There should be a better way of doing this]
Copy the corresponding entry from active-keys/index to removed-keys/index
Move active-keys/add-$foo to removed-keys/
gpg --detach-sign --output removed-keys/index.gpg --armor --sign \
removed-keys/index
Remove the relevant entry from active-keys/index
gpg --detach-sign --output active-keys/index.gpg --armor --sign \
active-keys/index
Confirm that the result was as expected by:
make clean
make keyrings/debian-archive-keyring.gpg
make keyrings/debian-archive-removed-keys.gpg
and checking the contents of each keyring
Add an entry to debian/debian-archive-keyring.maintscript:
rm_conffile /etc/apt/trusted.gpg.d/debian-archive-${foo}.gpg ${version}~~
Pre-build
---------
gpg --armor --detach-sign keyrings/debian-archive-keyring.gpg
If any keys were removed:
gpg --armor --detach-sign keyrings/debian-archive-removed-keys.gpg