... | ... | @@ -3,16 +3,16 @@ |
|
|
|
|
|
## Workflow
|
|
|
1. Announce resignation and/or revocation of key
|
|
|
1. Revoke key locally
|
|
|
- `gpg --import <public key>`
|
|
|
1. Revoke key locally (where `$KEY_ID` is the ID of the PGP key being revoked):
|
|
|
- `gpg --import <(./keyringctl export $KEY_ID)`
|
|
|
- `gpg --import <revocation certificate>`
|
|
|
1. Update the public key in the distribution keyring
|
|
|
- [Open an issue](https://gitlab.archlinux.org/archlinux/archlinux-keyring) using the "Remove Main Key" template
|
|
|
- Add the revocation certificate to archlinux-keyring: `./keyringctl import <revocation certificate>`
|
|
|
- Add the revocation certificate to archlinux-keyring (where `$KEY_ID` is the ID of the PGP key being revoked): `./keyringctl import --main <(gpg --export $KEY_ID)`
|
|
|
- [Create merge request](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/merge_requests/new) using the "Remove Main Key" template, which adds the altered PGP packets in the keyring directory
|
|
|
1. Publish updated public key via WKD
|
|
|
- Trigger a new deployment of the public keys via [WKD](https://gitlab.archlinux.org/archlinux/wkd/)
|
|
|
1. Publish the updated public key on the website
|
|
|
- Login as Django Admin on [archweb](https://archlinux.org/admin/) and remove the 'Master key' with the fingerprint, owner and revoker.
|
|
|
1. Revoke the public key on the keyserver infrastructure
|
|
|
- `gpg --keyserver search.keyserver.net --send-key <key ID>` |
|
|
\ No newline at end of file |
|
|
1. Revoke the public key on the keyserver infrastructure (where `$KEY_ID` is the ID of the PGP key being revoked):
|
|
|
- `gpg --keyserver search.keyserver.net --send-key $KEY_ID` |
|
|
\ No newline at end of file |