diff options
| author | elijah <elijah@riseup.net> | 2014-02-13 02:34:16 -0800 |
|---|---|---|
| committer | elijah <elijah@riseup.net> | 2014-02-13 02:34:16 -0800 |
| commit | 1cc912a8d2c483220b1d714d2ec569777ced2b66 (patch) | |
| tree | 285954db400c077be0d76d663337cc2f9cc8b0c2 | |
| parent | 5a03b94a18fe6a5b6bd10c295671af902804ed77 (diff) | |
added key expired page
| -rw-r--r-- | pages/about-us/news/2014/repository-key-refresh.haml | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/pages/about-us/news/2014/repository-key-refresh.haml b/pages/about-us/news/2014/repository-key-refresh.haml new file mode 100644 index 0000000..db624da --- /dev/null +++ b/pages/about-us/news/2014/repository-key-refresh.haml @@ -0,0 +1,43 @@ +- @title = "Repository Key Refresh" +- @author = 'elijah' +- @posted_at = "2014-01-14" +- @more = true +- @preview = "We screwed up and let our debian repository key expire. The responsible parties have been punished (no more free back rubs). You have three options to fix it..." + +%p We screwed up and let our debian repository key expire. The responsible parties have been punished (no more free back rubs). You have three options to fix: + +%h3 option 1 - blindly upgrade + +%p You can just ignore the warnings about the packages being unauthenticated. This will upgrade your leap-keyring package, which includes the updated key. + +%pre + apt-get update --allow-unauthenticated + apt-get upgrade --allow-unauthenticated + +%h3 option 2 - re-add key without checking fingerprint + +%p You can simply re-import the key to your apt keyring: + +%pre + curl https://dl.bitmask.net/apt.key | apt-key add - + +%h3 option 3 - update the key from keyserver + +%p With this method, we update the key by pulling it from a keyserver and then importing to apt-key. We use the long key-id to ensure that we grab a key with exactly the same fingerprint (the short key-id is easily forged, but the long key id is very hard to replicate). + +%p Find the long key-id of the current LEAP archive signing key: + +%pre + apt-key adv --list-keys --keyid-format 0xLONG + +%p You should see this among the output: + +%pre + pub 4096R/0x1E34A1828E207901 2013-02-06 [expired: 2014-02-06] + uid LEAP archive signing key <sysdev@leap.se> + +%P Now, grab that specific key-id from a keyserver, and import it into apt-key: + +%pre + gpg --recv-key 0x1E34A1828E207901 + gpg --armor --export 0x1E34A1828E207901 | sudo apt-key add - |