"Fossies" - the Fresh Open Source Software Archive

Member "install-tl-20200916/tlpkg/gpg/tl-key-extension.txt" (15 May 2020, 1655 Bytes) of package /windows/misc/install-tl.zip:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 $Id: tl-key-extension.txt 55147 2020-05-15 14:58:16Z karl $
    2 (Public domain.)
    3 
    4 How to update TeX Live distribution signing key
    5 ===============================================
    6 
    7 This must be done every year! It's not optional.
    8 
    9 shut down networking service
   10 
   11 cp gpg directory from USB stick to computer
   12 
   13 export GNUPGHOME=...<COPY OF USBSTICK gpg directory>
   14 export KEYID=0xC78B82D8C79512F79CC0D7C80D5E5D9106BAB6BC
   15 gpg --edit-key $KEYID
   16 > key 2
   17 	# selects the expiring key, check!
   18 > expire
   19 > 16m
   20 	# choose something after the release of the next TL
   21 > save
   22 
   23 # export public key for import into svn and TUG account
   24 gpg -a --export $KEYID > texlive.asc
   25 
   26 # update USB drive with new stuff, remove from home,
   27 
   28 rm -rf $GNUPGHOME
   29 unset GNUPGHOME
   30 
   31 gpg --send-keys $KEYID
   32 
   33 
   34 # update TeX Live repository
   35 export GNUPGHOME=/path/to/texlive-svn/Master/tlpkg/gpg
   36 # use gpg version 1 here!!!
   37 gpg1 --import texlive.asc
   38 
   39 svn/git commit
   40 
   41 
   42 # on the TUG server (needs the exported public key in
   43 # texlive.asc, see above how to export it)
   44 gpg --homedir ~texlive/.gnupg --import texlive.asc
   45 
   46 # can view that .asc with:
   47 gpg --show-keyring texlive.asc
   48 
   49 # update web-accessible public key, keeping old files but updating symlink:
   50 cp texlive.asc ~www/texlive/files/texlive`date +%Y`.asc
   51 ln -s texlive`date +%Y`.asc ~www/texlive/files/texlive.asc
   52 
   53 More info: 
   54 . we use tlpkg/bin/tl-sign-file to sign texlive.tlpdb.sha512.
   55 . gpg --verify --verbose foo.asc for info on signature file.
   56 . but exit status is zero even with expired keys; to check,
   57   use --status-file and inspect:
   58 gpg --verify --verbose --status-file=/tmp/st foo.asc
   59 . see tl-sign-file or TLCrypto.pm for full implementation.