{"id":27999269,"url":"https://github.com/probcomp/probcomp-ubuntu-keyring","last_synced_at":"2026-01-24T15:34:06.179Z","repository":{"id":138040719,"uuid":"86585387","full_name":"probcomp/probcomp-ubuntu-keyring","owner":"probcomp","description":"Ubuntu .deb signature keyring","archived":false,"fork":false,"pushed_at":"2017-08-15T19:45:08.000Z","size":55,"stargazers_count":0,"open_issues_count":0,"forks_count":2,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-05-08T22:57:34.483Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Makefile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/probcomp.png","metadata":{"files":{"readme":"README","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-03-29T13:28:01.000Z","updated_at":"2017-03-29T13:30:31.000Z","dependencies_parsed_at":"2023-07-24T02:40:15.717Z","dependency_job_id":null,"html_url":"https://github.com/probcomp/probcomp-ubuntu-keyring","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/probcomp/probcomp-ubuntu-keyring","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/probcomp%2Fprobcomp-ubuntu-keyring","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/probcomp%2Fprobcomp-ubuntu-keyring/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/probcomp%2Fprobcomp-ubuntu-keyring/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/probcomp%2Fprobcomp-ubuntu-keyring/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/probcomp","download_url":"https://codeload.github.com/probcomp/probcomp-ubuntu-keyring/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/probcomp%2Fprobcomp-ubuntu-keyring/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28730320,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-24T10:24:43.181Z","status":"ssl_error","status_checked_at":"2026-01-24T10:24:36.112Z","response_time":89,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-08T22:57:34.032Z","updated_at":"2026-01-24T15:34:06.163Z","avatar_url":"https://github.com/probcomp.png","language":"Makefile","funding_links":[],"categories":[],"sub_categories":[],"readme":"Public keys for Ubuntu .deb signature verification\n\n* Before and after generating any keys:\n\nBecause GnuPG is stuck in the '90s dark ages of crypto engineering:\n\n% sudo mv /dev/random /dev/random.save\n% sudo ln -s urandom /dev/random\n...generate keys...\n% sudo mv -f /dev/random.save /dev/random\n\nDon't automate this -- only do this on an interactive laptop, or\nfigure out what this is about and then automate it differently with a\nreliable source of entropy in a seed file.\n\n* To create a signing key for a new principal:\n\nPick a nickname for the principal, called \u003cprincipal\u003e.  E.g., you\nmight pick your username.\n\n1. Pick an email address with \u003cprincipal\u003e in it.\n\n2. Copy template.param to \u003cprincipal\u003e.param.\n\n3. Edit the lines marked XXXEDITME:\n   - Set the name and email address to reflect the principal.\n   - Set the expiration date.  Should be at least a couple months in\n     the future.\n\n4. Add \u003cprincipal\u003e to PRINCIPALS in Makefile.  (Keep sorted.)\n\n5. Pick an empty GnuPG home for your private key to live in, e.g. on a\n   USB flash drive mounted at /media/user/userdebsign/20170530.  You\n   can create it with\n\n      % mkdir -m 0700 /media/user/userdebsign/20170530\n      % gpg --homedir /media/user/userdebsign/20170530 --list-keys\n\n6. Do a dry run of key generation:\n\n      % make \u003cprincipal\u003e.dry GNUPGHOME=/media/user/userdebsign/20170530\n\n   Examine the output.  Tweak until it works.\n\n7. Do a real run of key generation:\n\n      % make \u003cprincipal\u003e.asc GNUPGHOME=/media/user/userdebsign/20170530\n\n8. Regenerate the keyring:\n\n      % make keyring\n\n9. Commit your changes to Git.\n\n* To retire a signing key:\n\n1. Move \u003cprincipal\u003e.asc to archive/\u003cprincipal\u003e/\u003cdate\u003e-\u003ckeyid32\u003e.asc.\n\n2. Add archive/\u003cprincipal\u003e/\u003cdate\u003e-\u003ckeyid32\u003e to PRINCIPALS in Makefile.\n   Remove \u003cprincipal\u003e if you are not generating a new signing key.\n\n3. Commit your changes to Git.\n\n4. After the signing key has expired, you can remove it.\n\n* To generate a new signing key for an old principal:\n\nJust retire the old signing key and create a new signing key as if for\na new principal.\n\n* Why is this hard?\n\nWe want:\n\n- To keep the key material off our laptop disks.\n\n- Reproducible, consistent instructions for generating keys.\n\n- Procedure for adding a new principal or retiring an old principal.\n\n- Procedure for rotating from an old version of a principal's key to\n  a new version.\n\n- No stupid GnuPG hanging while trying to generate many bytes of data\n  for RSA keys.\n\nWe do not currently use hardware crypto tokens.  To be done in a\nfuture version of this so that we keep the key material off our\nlaptops altogether.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprobcomp%2Fprobcomp-ubuntu-keyring","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprobcomp%2Fprobcomp-ubuntu-keyring","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprobcomp%2Fprobcomp-ubuntu-keyring/lists"}