Item posted on 2023-09-23.
Tags: debian
It's that time again, to extend my GPG keys for a few years longer. Normally this is simple, but this time around, I have new dependency: I'm signing my Debian repository with this key. So to start, I have extended the key past the expected end of security support for Bookworm.
The setup instructions for the repo so far have been to download the key file
manually and point APT to it. Doing it this way, the key will eventually
expire and you have to come back to this site to get the latest key.
Visitors are welcome, but unnecessary maintenance is less so. To help
with this, I have created a new kh-archive-keyring
package to
more easily ship updated keys.
To automatically get key updates going forward, install this package, then change your APT sources file to make use of the newly installed file with the line below. Keeping on top of package updates will ensure that APT always uses a recent and valid key.
# For sources.list or a *.list file: deb [signed-by=/usr/share/keyrings/khumba.asc] https://apt.khumba.net ... # For a *.sources file: URIs: https://apt.khumba.net ... Signed-By: /usr/share/keyrings/khumba.asc