GPG key extension, and a Debian keyring package

Item posted on 2023-09-23.
Tags: debian

It's that time again, to extend my GPG keys for a few years longer.  Normally this is simple, but this time around, I have new dependency: I'm signing my Debian repository with this key.  So to start, I have extended the key past the expected end of security support for Bookworm.

The setup instructions for the repo so far have been to download the key file manually and point APT to it.  Doing it this way, the key will eventually expire and you have to come back to this site to get the latest key.  Visitors are welcome, but unnecessary maintenance is less so.  To help with this, I have created a new kh-archive-keyring package to more easily ship updated keys.

To automatically get key updates going forward, install this package, then change your APT sources file to make use of the newly installed file with the line below.  Keeping on top of package updates will ensure that APT always uses a recent and valid key.

# For sources.list or a *.list file:
deb [signed-by=/usr/share/keyrings/khumba.asc] ...

# For a *.sources file:
Signed-By: /usr/share/keyrings/khumba.asc