diff --git a/.github/workflows/check_repos.yml b/.github/workflows/check_repos.yml index c686f9b..4200ba5 100644 --- a/.github/workflows/check_repos.yml +++ b/.github/workflows/check_repos.yml @@ -34,8 +34,8 @@ jobs: - distro: debian version: "11" # bullseye steps: - - name: Add packages.freedom.press PGP key (gpg) - if: matrix.version != 'trixie' + - name: Add packages.freedom.press PGP key (gpg --keyring) + if: matrix.version != 'trixie' && matrix.version != "25.04" run: | apt-get update && apt-get install -y gnupg2 ca-certificates dirmngr # NOTE: This is a command that's necessary only in containers @@ -48,7 +48,7 @@ jobs: mv ./fpf-apt-tools-archive-keyring.gpg /etc/apt/keyrings/. - name: Add packages.freedom.press PGP key (sq) - if: matrix.version == 'trixie' + if: matrix.version == 'trixie' || matrix.version == '25.04' run: | apt-get update && apt-get install -y ca-certificates sq mkdir -p /etc/apt/keyrings/ @@ -57,7 +57,10 @@ jobs: sq network keyserver \ --server hkps://keys.openpgp.org \ search "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \ - --output /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg + --output - \ + | sq packet dearmor \ + > /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg + - name: Add packages.freedom.press to our APT sources run: | . /etc/os-release diff --git a/CHANGELOG.md b/CHANGELOG.md index b49ed70..6b5c028 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ since 0.4.1, and this project adheres to [Semantic Versioning](https://semver.or ## [Unreleased](https://github.com/freedomofpress/dangerzone/compare/v0.9.0...HEAD) +## Changed + +- Update installation instructions (and CI checks) for Debian derivatives ([#1141](https://github.com/freedomofpress/dangerzone/pull/1141)) + ## [0.9.0](https://github.com/freedomofpress/dangerzone/compare/v0.9.0...0.8.1) ### Added diff --git a/INSTALL.md b/INSTALL.md index 5212d5d..1a9dc22 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -110,30 +110,30 @@ Dangerzone is available for: -First, retrieve the PGP keys. +First, retrieve the PGP keys. The instructions differ depending on the specific +distribution you are using: -Starting with Trixie, follow these instructions to download the PGP keys: +For Debian Trixie and Ubuntu Plucky (25.04), follow these instructions to +download the PGP keys: ```bash -sudo apt-get update && sudo apt-get install sq -y -mkdir -p /etc/apt/keyrings/ +sudo apt-get update && sudo apt-get install sq ca-certificates -y sq network keyserver \ --server hkps://keys.openpgp.org \ search "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \ - --output /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg + --output - | sq packet dearmor fpfdz.gpg +sudo mkdir -p /etc/apt/keyrings/ +sudo mv fpfdz.gpg /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg ``` On other Debian-derivatives: ```sh sudo apt-get update && sudo apt-get install gnupg2 ca-certificates -y -gpg --keyserver hkps://keys.openpgp.org \ - --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \ - --recv-keys "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" sudo mkdir -p /etc/apt/keyrings/ -sudo gpg --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \ - --armor --export "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \ - > /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg +sudo gpg --keyserver hkps://keys.openpgp.org \ + --no-default-keyring --keyring /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg \ + --recv-keys "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" ``` Then, on all distributions, add the URL of the repo in your APT sources: