i re-wrote the keyring build recipe this week - this (hopefully) is
inconsequential for the most part; but i must explain the changes
the keyrings have been a recurring source of pain for years - we have discussed
several ways to make it more robust - we have applied some of them; and some of
them have worked well
however, this week i needed to update my key; but the keyserver is not
accepting uploads - the admin told me to wait a few days and try again - that
is unfortunately the one factor that is out of our control
one of the past ideas was to store hackers keys as text in hackers.git; so i
thought this would be am excellent time to try that - i did, and it seems to
work well
as i studied the keyring package, i realized how ridiculously simple it
actually is; yet as those of us who have studied the keyring makefile will
know, that makefile is ridiculously complicated and unwieldy - we should have
tried this long ago
another benefit of getting rid of that makefile, is that it made
'parabola-keyring' be the only package which requires networking at build time
(against parabola policy, strictly speaking) - the build is done entirely in
the PKGBUILD now, with networking disabled - barring any unforeseen problems, i
would declare that previous makefile to be obsolete - i can not imagine it ever
being useful again
so what does this mean for parabola devs?
it means that you do not need to push your key to a keyserver - of course, you
can; but that should never be factor for parabola users again - simply renew
the expiration when necessary, dump the key to ASCII, and commit it to
hackers.git there is a new 'keys/' directory - each hacker has a file named
<KEY_ID>.asc - it is quite simple to grok - the process is explained in the
PKGBUILD
To generate a new keyring:
$ KEY_ID=<YOUR_40_CHAR_KEY_ID> # ('pgp_keyid' in your hackers.git YAML file)
$ cd /path/to/hackers.git/
$ gpg --armor --no-emit-version --export $KEY_ID > keys/$KEY_ID.asc
$ git commit -m 'update my key' keys/$KEY_ID.asc
$ git push parabola master
of course, feel free to review the code if you are so inclined
https://git.parabola.nu/abslibre.git/tree/libre/parabola-keyring/PKGBUILD
_______________________________________________
Dev mailing list
[email protected]
https://lists.parabola.nu/mailman/listinfo/dev
