Merge 178364e3a7 into 7f418118e6

.github/workflows/check_repos.yml

@@ -46,30 +46,21 @@ jobs:
           apt update
           apt-get install python-all -y
 
-      - name: Add packages.freedom.press PGP key (gpg)
-        if: matrix.version != 'trixie'
+      - name: Add GPG key for the packages.freedom.press
         run: |
           apt-get update && apt-get install -y gnupg2 ca-certificates
           dirmngr  # NOTE: This is a command that's necessary only in containers
-          # The key needs to be in the GPG keybox database format so the
-          # signing subkey is detected by apt-secure.
           gpg --keyserver hkps://keys.openpgp.org \
               --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
               --recv-keys "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281"
-          mkdir -p /etc/apt/keyrings/
-          mv ./fpf-apt-tools-archive-keyring.gpg /etc/apt/keyrings/.
 
-      - name: Add packages.freedom.press PGP key (sq)
-        if: matrix.version == 'trixie'
-        run: |
-          apt-get update && apt-get install -y ca-certificates sq
+          # Export the GPG key in armor mode because sequoia needs it this way
+          # (sqv is used on debian trixie by default to check the keys)
           mkdir -p /etc/apt/keyrings/
-          # On debian trixie, apt-secure uses `sqv` to verify the signatures
-          # so we need to retrieve PGP keys and store them using the base64 format.
-          sq network keyserver \
-             --server hkps://keys.openpgp.org \
-             search "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \
-             --output /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
+          gpg --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
+              --armor --export "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \
+              > /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
+
       - name: Add packages.freedom.press to our APT sources
         run: |
           . /etc/os-release

.github/workflows/release-container-image.yml

@@ -27,12 +27,6 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Check it's working
-        run: |
-          git describe --long --first-parent
-
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
@@ -50,8 +44,7 @@ jobs:
           # Load the image with the final name directly
           gunzip -c share/container.tar.gz | podman load
           FINAL_IMAGE_NAME="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}"
-          TAG=$(git describe --long --first-parent | tail -c +2)
-          podman tag dangerzone.rocks/dangerzone:$TAG "$FINAL_IMAGE_NAME"
+          podman tag dangerzone.rocks/dangerzone "$FINAL_IMAGE_NAME"
           podman push "$FINAL_IMAGE_NAME" --digestfile=digest
           echo "digest=$(cat digest)" >> "$GITHUB_OUTPUT"
 

INSTALL.md

@@ -84,20 +84,9 @@ Dangerzone is available for:
   </tr>
 </table>
 
-First, retrieve the PGP keys.
+Add our repository following these instructions:
 
-Starting with Trixie, follow these instructions to download the PGP keys:
-
-```bash
-sudo apt-get update && sudo apt-get install sq -y
-mkdir -p /etc/apt/keyrings/
-sq network keyserver \
-   --server hkps://keys.openpgp.org \
-   search "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \
-   --output /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
-```
-
-On other Debian-derivatives:
+Download the GPG key for the repo:
 
 ```sh
 sudo apt-get update && sudo apt-get install gnupg2 ca-certificates -y
@@ -110,7 +99,7 @@ sudo gpg --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
     > /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
 ```
 
-Then, on all distributions, add the URL of the repo in your APT sources:
+Add the URL of the repo in your APT sources:
 
 ```sh
 . /etc/os-release