... | ... | @@ -4,7 +4,7 @@ |
|
|
## Workflow
|
|
|
|
|
|
1. Announce resignation and/or revocation on the respective mailing list ([arch-dev-public@lists.archlinux.org](mailto:arch-dev-public@lists.archlinux.org) for developers, [aur-general@lists.archlinux.org](/archlinux/archlinux-keyring/-/wikis/aur-general@lists.archlinux.org) for trusted users) in an email signed with the packager signing key.
|
|
|
2. Revoke key locally
|
|
|
1. Revoke key locally
|
|
|
- *Optional*: Create a revocation certificate if none exists already (requires full access to the private key)
|
|
|
- `gpg --output revoke.asc --gen-revoke <key ID>`
|
|
|
- Import revocation certificate `gpg --import revoke.asc`
|
... | ... | @@ -18,9 +18,11 @@ |
|
|
- Select the appropriate user ID(s) using `uid <number>`, selected user IDs are marked with an asterisk (`*`)
|
|
|
- Use `revuid` and follow the steps outlined above to provide details about the revocation
|
|
|
- Save the updated key using `save`, confirming changes
|
|
|
3. Update the public key in the distribution keyring
|
|
|
- Open an issue in the [archlinux-keyring](https://gitlab.archlinux.org/archlinux/archlinux-keyring) repository using the "Remove Packager Key" template
|
|
|
4. Publish updated public key via WKD
|
|
|
- Trigger a new deployment of the public keys via [WKD](https://gitlab.archlinux.org/archlinux/wkd/)
|
|
|
5. Revoke the public key on the keyserver infrastructure
|
|
|
- `gpg --keyserver search.keyserver.net --send-key <key ID>` |
|
|
\ No newline at end of file |
|
|
1. Update the public key in [archlinux-keyring](https://gitlab.archlinux.org/archlinux/archlinux-keyring):
|
|
|
- [Open an issue](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/issues/new) using the "Remove Packager Key" template
|
|
|
- Import the revocation certificate into the keyring directory: `./keyringctl import revoke.asc`
|
|
|
- [Create a merge request](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/merge_requests/new) using the "Remove Packager Key" template, which adds the altered PGP packets
|
|
|
1. Publish updated public key via WKD
|
|
|
- Trigger a new deployment of the public keys via [WKD](https://gitlab.archlinux.org/archlinux/wkd/)
|
|
|
1. Revoke the public key on the keyserver infrastructure
|
|
|
- `gpg --keyserver search.keyserver.net --send-key <key ID>` |
|
|
\ No newline at end of file |