Merge 48ad749965 into 7f418118e6

.github/workflows/check_repos.yml

@@ -46,30 +46,21 @@ jobs:
           apt update
           apt-get install python-all -y
 
-      - name: Add packages.freedom.press PGP key (gpg)
+      - name: Add GPG key for the packages.freedom.press
-        if: matrix.version != 'trixie'
         run: |
           apt-get update && apt-get install -y gnupg2 ca-certificates
           dirmngr  # NOTE: This is a command that's necessary only in containers
-          # The key needs to be in the GPG keybox database format so the
-          # signing subkey is detected by apt-secure.
           gpg --keyserver hkps://keys.openpgp.org \
               --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
               --recv-keys "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281"
-          mkdir -p /etc/apt/keyrings/
-          mv ./fpf-apt-tools-archive-keyring.gpg /etc/apt/keyrings/.
 
-      - name: Add packages.freedom.press PGP key (sq)
+          # Export the GPG key in armor mode because sequoia needs it this way
-        if: matrix.version == 'trixie'
+          # (sqv is used on debian trixie by default to check the keys)
-        run: |
-          apt-get update && apt-get install -y ca-certificates sq
           mkdir -p /etc/apt/keyrings/
-          # On debian trixie, apt-secure uses `sqv` to verify the signatures
+          gpg --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
-          # so we need to retrieve PGP keys and store them using the base64 format.
+              --armor --export "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \
-          sq network keyserver \
+              > /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
-             --server hkps://keys.openpgp.org \
+
-             search "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \
-             --output /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
       - name: Add packages.freedom.press to our APT sources
         run: |
           . /etc/os-release

INSTALL.md

@@ -84,20 +84,9 @@ Dangerzone is available for:
   </tr>
 </table>
 
-First, retrieve the PGP keys.
+Add our repository following these instructions:
 
-Starting with Trixie, follow these instructions to download the PGP keys:
+Download the GPG key for the repo:
-
-```bash
-sudo apt-get update && sudo apt-get install sq -y
-mkdir -p /etc/apt/keyrings/
-sq network keyserver \
-   --server hkps://keys.openpgp.org \
-   search "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \
-   --output /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
-```
-
-On other Debian-derivatives:
 
 ```sh
 sudo apt-get update && sudo apt-get install gnupg2 ca-certificates -y
@@ -110,7 +99,7 @@ sudo gpg --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
     > /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
 ```
 
-Then, on all distributions, add the URL of the repo in your APT sources:
+Add the URL of the repo in your APT sources:
 
 ```sh
 . /etc/os-release