... | ... | @@ -3,14 +3,16 @@ |
|
|
|
|
|
## Workflow
|
|
|
1. Announce resignation and/or revocation of key
|
|
|
2. Revoke key locally
|
|
|
1. Revoke key locally
|
|
|
- `gpg --import <public key>`
|
|
|
- `gpg --import <revocation certificate>`
|
|
|
3. Update the public key in the distribution keyring
|
|
|
- Open an issue in the [archlinux-keyring](https://gitlab.archlinux.org/archlinux/archlinux-keyring) repository using the "Remove Main Key" template
|
|
|
4. Publish updated public key via WKD
|
|
|
1. Update the public key in the distribution keyring
|
|
|
- [Open an issue](https://gitlab.archlinux.org/archlinux/archlinux-keyring) using the "Remove Main Key" template
|
|
|
- Add the revocation certificate to archlinux-keyring: `./keyringctl import <revocation certificate>`
|
|
|
- [Create merge request](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/merge_requests/new) using the "Remove Main Key" template, which adds the altered PGP packets in the keyring directory
|
|
|
1. Publish updated public key via WKD
|
|
|
- Trigger a new deployment of the public keys via [WKD](https://gitlab.archlinux.org/archlinux/wkd/)
|
|
|
5. Publish the updated public key on the website
|
|
|
1. Publish the updated public key on the website
|
|
|
- Login as Django Admin on [archweb](https://archlinux.org/admin/) and remove the 'Master key' with the fingerprint, owner and revoker.
|
|
|
6. Revoke the public key on the keyserver infrastructure
|
|
|
1. Revoke the public key on the keyserver infrastructure
|
|
|
- `gpg --keyserver search.keyserver.net --send-key <key ID>` |
|
|
\ No newline at end of file |