website/archive-key.mdwn

   1 [[!meta title="Monkeysphere archive signing key"]]
   2 [[toc ]]
   3
   4 ## Verifying the key ##
   5
   6 The [Monkeysphere apt repository](/download) is signed by this key, so
   7 you [can verify](http://wiki.debian.org/SecureApt) that the packages
   8 come from the right place and have not been tampered with.
   9
  10 This key is certified by several of the Monkeysphere developers, and
  11 should be able to be found from the public keyservers with:
  12
  13         $ gpg --recv-key EB8AF314
  14         gpg: requesting key EB8AF314 from hkp server pool.sks-keyservers.net
  15         gpg: key EB8AF314: public key "Monkeysphere Archive Signing Key (http://archive.monkeysphere.info/debian)" imported
  16         gpg: no ultimately trusted keys found
  17         gpg: Total number processed: 1
  18         gpg:               imported: 1  (RSA: 1)
  19         $
  20
  21 You should be able to verify the fingerprint like this:
  22
  23         $ gpg --list-key --fingerprint http://archive.monkeysphere.info/debian
  24         pub   4096R/EB8AF314 2008-09-02 [expires: 2009-09-02]
  25               Key fingerprint = 2E8D D26C 53F1 197D DF40  3E61 18E6 67F1 EB8A F314
  26         uid       [  full  ] Monkeysphere Archive Signing Key (http://archive.monkeysphere.info/debian)
  27         $
  28
  29 And you can also verify the fingerprints with:
  30
  31         $ gpg --list-sigs http://archive.monkeysphere.info/debian
  32
  33 If you believe that the repository has been tampered with, please [let
  34 us know](/community)!
  35
  36 If you have properly verified this key, you can add it to your apt
  37 keyring for proper cryptographic verification of the archive and its
  38 packages by doing the following:
  39
  40          $ gpg -a --export EB8AF314 | sudo apt-key add -
  41          OK
  42          $ aptitude update
  43          ...
  44
  45 ## The key itself ##
  46
  47 <pre>
  48 -----BEGIN PGP PUBLIC KEY BLOCK-----
  49 Version: GnuPG v1.4.9 (GNU/Linux)
  50
  51 mQINBEi9Ws0BEADUROJtI2VsWGI6jklofbCDw6webGi0nJTnKYSSxDE5XSWu6GtK
  52 PG4RiX/YGtL+kD8+z/pVAbjqdLNypqiK5VkTZp3cE+4Yv2jxySQJz/UMNZ2wO3U+
  53 9NAK2rJG3p0HhiTzAurJ2KqNstcMcPmqEDtP+J2tUHoIXttGiwFpss4R2hSBMlg+
  54 nNFc53FlTadF2z3LNNCozPf7wRST2Zqkeem84+Vo2X3zy7pGpSf9S/XEPW/ve0fs
  55 daADK9I6fZiqtrsb3/M3E3rESsD2YA+/25QA+XVJgtenTlaYEMkI0ARpd44oBHp7
  56 Oj0RbRZ0Wz6OYDiJl6D2YJ1nFRHhbx+tnCJvuqUUkv3HYD85mGWIow7ElX5fc4iT
  57 RdYUE3ebImES0gsaasNl3JUjuImNbrqqjQsAaN7JV77TqR8GGRLcalZkvIgY5b4a
  58 hRYY16rvUaqZ4aYpiZftvE0X07W+siYqGfCynOn0+iX80pKid8gATjrwGdQ6TBr7
  59 +yrBkmFTJFCCi5TS8gaJPdMJzYs7C3ou9XOWJLuwmnwn9edaCSTJ1Vgq+8eKjDj8
  60 NxER5vjtXdAJqCJm7d4eNgHYXTNqRPznJRsutVfkFwEIzGXvvhnnDC1PdnhBjBVI
  61 1+TbdSz9qKq3VaCxr6HNk9CBF2S0El3YMRmy0Zlf6/AOo9XiW3fp3LL6AwARAQAB
  62 tEpNb25rZXlzcGhlcmUgQXJjaGl2ZSBTaWduaW5nIEtleSAoaHR0cDovL2FyY2hp
  63 dmUubW9ua2V5c3BoZXJlLmluZm8vZGViaWFuKYkCPAQTAQIAJgUCSL1azQIbAwUJ
  64 AeEzgAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEBjmZ/HrivMUFIYP/30NIcTO
  65 EucC2S3YI+8UiedBfqM6iIJ9jS73avvfNdjv5MsfTeERXOGKgmE/JM2FwtIPgzOU
  66 R7qEu0W4WG2kYN+pABzpoRijm9F2zwNzSrZdzinClhxKBZzhg9tylvXdVxrdfAVS
  67 3XoQrAK5W/5zZBBmkW18bmlgu7hLY9jfYfwJH1/jhV40UtuWPW5kfBoZlrv9S4l2
  68 WUA7drrWlyk+h4Q/ZxF6aQljyI9a1oXNfcgpGCorIBNlMlwjNaL4DWmH4j/kchLG
  69 Vka35t3R5OjlRo8jsd12nc6gp0K3BdDTEd1AJQbqTS+sb+ocdeNpSUQoCn8XIg9V
  70 ELV9XE0n2vmvG3i4CJuOyHOHuW5IqJ1k8W4e9fikpBOmOy7Jdec5johI9wtkRiYg
  71 9i5vqM/wKSW14QCkLeQP/YtIK0o0J+FOj7FUTI+wM5AXGeva53McnzbiUnJPRFIR
  72 du8vvdmvu1wuWb3AWLIysU0bsbSSGZ9g7cX2p/qdH1Hvi2Ji8sM020WHBFuvRXEJ
  73 i8/RXiIxj0LR/DO8ihd/x1MTwfSTEZ6ecnywDv7Wtx19i5NRX5Ik72M75kzD29TW
  74 7mTsgZbYWrHT3gHmL3pWxPKa8nsEC/HUlcCnIrOPiwNcNu7+4L1ikbJXDRwVLjWP
  75 enmAs1srZ2+Pm2Gm1pM6uzl0qGR9J5GmdPf2iQIcBBABAgAGBQJIvVyrAAoJEMzS
  76 7ZTSFznpYQ0P/iTg3IlgNiRAlYXcrmiKKbMLSgUekQl6O7eUowXS9vKEyzgcxr3e
  77 DWARHsf01DrHJvkwdbaQPmq5mZcWxYaEdWY7VtCNHf11vnRV6ws7S3aiV3Hmf0II
  78 GaGBJywhDw/hkz2gTM3V71whYm1tgPbw/ilVqJtt8jVL9qbGsXer8Yx0iLFSCfaj
  79 SpgBo/1WlyxSm+i958ddSaQ+uTrAPgChYT7jseAIzF3UB95i00OkHaK30tb6SdWC
  80 4hgptMAhU0lW9tKDviMtoKUQa7LiCa4RyQ9TJQcsjJBoFVskcLl9f6GNEP72bN0V
  81 ly087Guvw8G8TdQcubteFYQDIxIc2atZkjEn3oCjtZgk8mdDlCjLQYgHV1/o+eWd
  82 /mb9mCtKvwo14LeKIIIYP19Z7142X2c2txSY3u6eNNo3ImqcPJNOM2xFqLcdSeVr
  83 S31RCBx16I7tJya0fwJJRC7qZWf7hrPdi7eqcecqyr26X5upV+Irjv5qYu/6HAGb
  84 59W6n+8KTfMxEMaBQI6qZXxhaBr3HzEaSrz7jtkl+xxym2TGkbarXcm7e7MP66Hu
  85 GD5UCC3svhAAxKXf4K/8v7WhwBpekF9mXtgpq72Du2JG9q+OAWhxzZXbZku+RY7T
  86 a83wKc1TaPvzK2WZlhNGjcCYSUXcfQOSn5noVTUukW3DNEKP5BmwkvVdiEYEEBEC
  87 AAYFAki9wXQACgkQ9n4qXRzy1ioXYwCgmzCV+o+Ai0gNx0pt9shofcjfJoAAoInV
  88 mhn36lBeDh/E6cigrUlkdDGWiQIcBBABAgAGBQJIvdcSAAoJEO00zqvie6q8sB4Q
  89 AKDLTKqtiONf4FkMCZFcMxQyiALcy76zTW9L2oK90zKRhKSt5RPnVmDVyiinBcRJ
  90 h0lEkpxoqSrs+0XvASWC3RzWLEbW6XXsuHO1RXFsC3FNbe0HkHenirenFkitPMDX
  91 Q5gHmCJ6yiq2ssuzXAG9vZ4HjkUINBgkeMASiTRC7o0we7jFSRzOTCs4WWdsavrx
  92 7bhCadeC35ISldTSo6nOP3laPctPcLD83cJszzQyHr/LjF6KYr6n85NAwIt/oxHh
  93 EUxmezx+lMwWHdr9TQzXzU8cxLSBZ+c+PuZ/NuHz9fOv87eaFDNEqKli9zhzh4eA
  94 EMeiWKQXHYlmEUUWnZoea46jdjBrvHphogqlCjzMDHtg/pWOsYrGeXjjZ352SGN4
  95 vyinkdxwUppGQATz55WyiWIzCY1Kt7lqaQHfAM1NgVdoCQ0stlulIO4LVepHRiAY
  96 HO4EPeQO6pVGGHWCzJyEcMcaBsYGpr9DndSNd66O+Gyeq8QobKnvTH25kwVt/8t1
  97 9nS+7NLwBrqXCISeDrOQYq5XeCdvpAuJy4CEN5muQWRdUPekE2dh7qcVUdROepq0
  98 1wMemkmgTLlA0Md7ZdZqsllKhVQ7/HOFzshEaj/VcFrQshuIAjDZFN/OrGLX/NcL
  99 tcaBmD9lZSQ3CyxnBUTeMdJCOLOK050jNvsEsM89FL+g
 100 =bJWl
 101 -----END PGP PUBLIC KEY BLOCK-----
 102 </pre>
 103
 104 ## Management of the key ##
 105
 106 The archive signing key is currently under the control of [Daniel Kahn
 107 Gillmor](http://cmrg.fifthhorseman.net/dkg), though the task of being
 108 the archive maintainer may be taken over by a different developer in
 109 the future.
 110
 111 In the event of a new archive maintainer, the entire archive will be
 112 rebuilt from signed tags in [the monkeysphere git
 113 repository](/community), rather than trying to re-verify the entire
 114 old archive.
 115
 116 ## Maintaining the archive ##
 117
 118 To create a new archive including a single monkeysphere package from
 119 tag `$TAG` on architecture `$ARCH`, do:
 120
 121         git clone git://git.monkeysphere.info/monkeysphere
 122         cd monkeysphere
 123         git tag -v "$TAG"
 124         git checkout "$TAG"
 125         debuild -uc -us
 126         cd repo
 127         reprepro -C monkeysphere include experimental "../$TAG_$ARCH.changes"
 128
 129 When you get a binary package built from a separate architecture
 130 `$NEWARCH` that you want to include with the archive, do:
 131
 132         cd repo
 133         reprepro -C monkeysphere includedeb experimental "../$TAG_$NEWARCH.deb"
 134
 135 To publish the archive, make sure you have access to
 136 `archivemaster@george.riseup.net`, and then do:
 137
 138         cd repo
 139         ./publish