Merge 8061fd4597 into 83be5fb151

Fix installation instructions for Ubuntu Plucky (25.04)
Specifically, the way to handle the trust for a PGP key has changed in recent versions of `apt-secure`. It now requires the use of PGP keys in something different than the internal GPG keybox database.
2025-05-02 11:42:23 +02:00 · 2025-04-15 16:21:46 +02:00 · 2025-04-15 15:57:13 +02:00
2 changed files with 33 additions and 4 deletions
--- a/.github/workflows/check_repos.yml
+++ b/.github/workflows/check_repos.yml
@ -34,8 +34,8 @@ jobs:
          - distro: debian
            version: "11"  # bullseye
    steps:
-      - name: Add packages.freedom.press PGP key (gpg)
-        if: matrix.version != 'trixie'
+      - name: Add packages.freedom.press PGP key (gpg --keyring)
+        if: matrix.version != 'trixie' && matrix.version != "25.04"
        run: |
          apt-get update && apt-get install -y gnupg2 ca-certificates
          dirmngr  # NOTE: This is a command that's necessary only in containers
@ -58,6 +58,20 @@ jobs:
             --server hkps://keys.openpgp.org \
             search "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \
             --output /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
+      - name: Add packages.freedom.press PGP key (gpg --export)
+        if: matrix.version == '25.04'
+        run: |
+          apt-get update && apt-get install -y gnupg2 ca-certificates
+          dirmngr
+          # Newer versions of apt-secure need an unarmored PGP key as mentionned by
+          # https://manpages.ubuntu.com/manpages/plucky/man8/apt-secure.8.html
+          gpg --keyserver hkps://keys.openpgp.org \
+              --no-default-keyring
+              --recv-keys "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281"
+          mkdir -p /etc/apt/keyrings/
+          gpg --export-options export-minimal --export \
+              > /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
+
      - name: Add packages.freedom.press to our APT sources
        run: |
          . /etc/os-release
--- a/INSTALL.md
+++ b/INSTALL.md
@ -110,9 +110,10 @@ Dangerzone is available for:
  </tr>
 </table>

-First, retrieve the PGP keys.
+First, retrieve the PGP keys. The instructions differ depending on the specific
+distribution you are using:

-Starting with Trixie, follow these instructions to download the PGP keys:
+For Debian Trixie, follow these instructions to download the PGP keys:

 ```bash
 sudo apt-get update && sudo apt-get install sq -y
@ -123,6 +124,20 @@ sq network keyserver \
   --output /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
 ```

+For Ubuntu Plucky (25.04), follow these instructions:
+
+```bash
+apt-get update && apt-get install -y gnupg2 ca-certificates
+mkdir -p /etc/apt/keyrings/
+dirmngr
+gpg --keyserver hkps://keys.openpgp.org \
+    --no-default-keyring
+    --recv-keys "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281"
+gpg --export-options export-minimal --export \
+    > /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
+  
+```
+
 On other Debian-derivatives:

 ```sh
Author	SHA1	Message	Date
Alexis Métaireau	aff418b4a0	Merge `8061fd4597` into `83be5fb151`	2025-04-15 16:21:46 +02:00
Alexis Métaireau	8061fd4597	Fix installation instructions for Ubuntu Plucky (25.04) Specifically, the way to handle the trust for a PGP key has changed in recent versions of `apt-secure`. It now requires the use of PGP keys in something different than the internal GPG keybox database.	2025-04-15 15:57:13 +02:00