[tor-relays] Archive key from deb.torproject.org was renewed!
Martin Gebhardt
martin at sdf.org
Tue Jul 16 14:01:09 UTC 2024
Hi,
>> wget -qO-https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
>
> Is the name important?
I assume it's Debian? The onfiguration of the signing key and the repo is configured in Debian (and Ubuntu?) via source.list, see $man 5 sources.list.
In most cases this will look something like this:
$ cat /etc/apt/sources.list.d/tor.list
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org bookworm main
deb-src [signed-by=/etc/apt/trusted.gpg.d/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org bookworm main
You can place the key anywhere that ‘apt’ can access, you only need to change the path in the source file.
Note, however, that for keys that are not managed by a package or the package manager itself, they should be stored either in /usr/share/keyrings or /etc/apt/keyrings.
however, you can also overwrite the existing key. I'm not a fan of this and still keep all (old) versions in the keyring..
Since you are all tinkering with your servers anyway, why don't you try deb822-style ;-)
$ cat /etc/apt/sources.list.d/tor.sources
Types: deb deb-src
URIs: tor+http://apow7mjfryruh65chtdydfmqfpj5btws7nbocgtaovhvezgccyjazpqd.onion/torproject.org
URIs: https://deb.torproject.org/torproject.org
Suites: bookworm
Components: main
Architectures: amd64
Signed-By: /etc/apt/keyrings/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.gpg
Ahoy,
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240716/90ef70b0/attachment-0002.sig>
More information about the tor-relays
mailing list