Merge 48ad749965 into 7f418118e6

2025-05-18 11:11:49 +02:00 · 2025-01-16 17:44:31 +01:00
2 changed files with 10 additions and 30 deletions
--- a/.github/workflows/check_repos.yml
+++ b/.github/workflows/check_repos.yml
@ -46,30 +46,21 @@ jobs:
          apt update
          apt-get install python-all -y

-      - name: Add packages.freedom.press PGP key (gpg)
-        if: matrix.version != 'trixie'
+      - name: Add GPG key for the packages.freedom.press
        run: |
          apt-get update && apt-get install -y gnupg2 ca-certificates
          dirmngr  # NOTE: This is a command that's necessary only in containers
-          # The key needs to be in the GPG keybox database format so the
-          # signing subkey is detected by apt-secure.
          gpg --keyserver hkps://keys.openpgp.org \
              --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
              --recv-keys "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281"
-          mkdir -p /etc/apt/keyrings/
-          mv ./fpf-apt-tools-archive-keyring.gpg /etc/apt/keyrings/.

-      - name: Add packages.freedom.press PGP key (sq)
-        if: matrix.version == 'trixie'
-        run: |
-          apt-get update && apt-get install -y ca-certificates sq
+          # Export the GPG key in armor mode because sequoia needs it this way
+          # (sqv is used on debian trixie by default to check the keys)
          mkdir -p /etc/apt/keyrings/
-          # On debian trixie, apt-secure uses `sqv` to verify the signatures
-          # so we need to retrieve PGP keys and store them using the base64 format.
-          sq network keyserver \
-             --server hkps://keys.openpgp.org \
-             search "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \
-             --output /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
+          gpg --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
+              --armor --export "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \
+              > /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
+
      - name: Add packages.freedom.press to our APT sources
        run: |
          . /etc/os-release
--- a/INSTALL.md
+++ b/INSTALL.md
@ -84,20 +84,9 @@ Dangerzone is available for:
  </tr>
 </table>

-First, retrieve the PGP keys.
+Add our repository following these instructions:

-Starting with Trixie, follow these instructions to download the PGP keys:
-
-```bash
-sudo apt-get update && sudo apt-get install sq -y
-mkdir -p /etc/apt/keyrings/
-sq network keyserver \
-   --server hkps://keys.openpgp.org \
-   search "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \
-   --output /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
-```
-
-On other Debian-derivatives:
+Download the GPG key for the repo:

 ```sh
 sudo apt-get update && sudo apt-get install gnupg2 ca-certificates -y
@ -110,7 +99,7 @@ sudo gpg --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
    > /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
 ```

-Then, on all distributions, add the URL of the repo in your APT sources:
+Add the URL of the repo in your APT sources:

 ```sh
 . /etc/os-release