For those using my Debian packages: my OpenPGP key, that you have probably fed to apt-key, is about to expire, unless you downloaded it very recently. I don't know if apt would complain (one can hope so), but I am going to tell you how to update the key:
- Download the key with an updated expiration date (I use % for non-root user shell prompt):
- Code: Select all
% wget -O ~/tmp/flo-OpenPGP-key.asc http://frougon.net/OpenPGP-key.asc
- Verify its fingerprint:
- Code: Select all
% gpg2 --with-fingerprint ~/tmp/flo-OpenPGP-key.asc
pub rsa4096/0xC785B90B5053A3A2 2010-03-17 [SC] [expires: 2017-10-24]
Key fingerprint = 125B 5A0F DB78 8FDD 0EF4 1A9D C785 B90B 5053 A3A2
uid Florent Rougon <f.rougon@free.fr>
uid Florent Rougon <flo@via.ecp.fr>
sub rsa4096/0xC175ECB11E338EB7 2010-03-17 [E] [expires: 2017-10-24]
Key fingerprint = D42C 2211 5717 4365 1766 EC10 C175 ECB1 1E33 8EB7
Note that this command also tells you that the ID of this key is 0xC785B90B5053A3A2 (useful when dealing with keyrings, be it with gpg/gpg2 or apt-key). You can see that the expiration dates are in the future (2017-10-24). - Add the updated key to your apt keyring (this step requires root privileges):
- Code: Select all
# apt-key add ~/tmp/flo-OpenPGP-key.asc
OK
While you are at it, you can inspect your apt keyring and possibly remove obsolete keys. The commands 'apt list' and 'apt finger' show neither the key IDs nor their fingerprints, so they are not very useful. However, you can run:
- Code: Select all
# apt-key exportall >/some/file/of/your/choice
which exports all keys as a gpg keyring in the file /some/file/of/your/choice. Then inspect what keys are in this file:
- Code: Select all
% gpg2 --with-fingerprint /some/file/of/your/choice
pub rsa4096/0xC785B90B5053A3A2 2010-03-17 [SC] [expires: 2017-10-24]
Key fingerprint = 125B 5A0F DB78 8FDD 0EF4 1A9D C785 B90B 5053 A3A2
uid Florent Rougon <f.rougon@free.fr>
uid Florent Rougon <flo@via.ecp.fr>
sub rsa4096/0xC175ECB11E338EB7 2010-03-17 [E] [expires: 2017-10-24]
Key fingerprint = D42C 2211 5717 4365 1766 EC10 C175 ECB1 1E33 8EB7
pub rsa4096/0x7638D0442B90D010 2014-11-21 [SC] [expires: 2022-11-19]
Key fingerprint = 126C 0D24 BD8A 2942 CC7D F8AC 7638 D044 2B90 D010
uid Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>
pub rsa4096/0x9D6D8F6BC857C906 2014-11-21 [SC] [expires: 2022-11-19]
Key fingerprint = D211 6914 1CEC D440 F2EB 8DDA 9D6D 8F6B C857 C906
uid Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>
pub rsa4096/0xCBF8D6FD518E17E1 2013-08-17 [SC] [expires: 2021-08-15]
Key fingerprint = 75DD C3C4 A499 F1A1 8CB5 F3C8 CBF8 D6FD 518E 17E1
uid Jessie Stable Release Key <debian-release@lists.debian.org>
pub rsa4096/0xAED4B06F473041FA 2010-08-27 [SC] [expires: 2018-03-05]
Key fingerprint = 9FED 2BCB DCD2 9CDF 7626 78CB AED4 B06F 4730 41FA
uid Debian Archive Automatic Signing Key (6.0/squeeze) <ftpmaster@debian.org>
pub rsa4096/0x64481591B98321F9 2010-08-07 [SC] [expires: 2017-08-05]
Key fingerprint = 0E4E DE2C 7F3E 1FC0 D033 800E 6448 1591 B983 21F9
uid Squeeze Stable Release Key <debian-release@lists.debian.org>
pub rsa4096/0x8B48AD6246925553 2012-04-27 [SC] [expires: 2020-04-25]
Key fingerprint = A1BD 8E9D 78F7 FE5C 3E65 D8AF 8B48 AD62 4692 5553
uid Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>
pub rsa4096/0x6FB2A1C265FFB764 2012-05-08 [SC] [expires: 2019-05-07]
Key fingerprint = ED6D 6527 1AAC F0FF 15D1 2303 6FB2 A1C2 65FF B764
uid Wheezy Stable Release Key <debian-release@lists.debian.org>
Each time a line starts with 'pub', it marks the start of a new key. Here you can see there is my key, that was manually added as indicated above, and a few Debian archive signing keys automatically managed by apt and friends. Using the following command, you'll see where each of these is located:
- Code: Select all
# apt-key list
/etc/apt/trusted.gpg
--------------------
pub rsa4096 2010-03-17 [SC] [expires: 2017-10-24]
uid [ unknown] Florent Rougon <f.rougon@free.fr>
uid [ unknown] Florent Rougon <flo@via.ecp.fr>
sub rsa4096 2010-03-17 [E] [expires: 2017-10-24]
/etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
----------------------------------------------------------
pub rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
uid [ unknown] Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>
/etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
-------------------------------------------------------------------
pub rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
uid [ unknown] Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>
/etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
-------------------------------------------------------
pub rsa4096 2013-08-17 [SC] [expires: 2021-08-15]
uid [ unknown] Jessie Stable Release Key <debian-release@lists.debian.org>
/etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg
-----------------------------------------------------------
pub rsa4096 2010-08-27 [SC] [expires: 2018-03-05]
uid [ unknown] Debian Archive Automatic Signing Key (6.0/squeeze) <ftpmaster@debian.org>
/etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg
--------------------------------------------------------
pub rsa4096 2010-08-07 [SC] [expires: 2017-08-05]
uid [ unknown] Squeeze Stable Release Key <debian-release@lists.debian.org>
/etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg
----------------------------------------------------------
pub rsa4096 2012-04-27 [SC] [expires: 2020-04-25]
uid [ unknown] Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>
/etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg
-------------------------------------------------------
pub rsa4096 2012-05-08 [SC] [expires: 2019-05-07]
uid [ unknown] Wheezy Stable Release Key <debian-release@lists.debian.org>
Given the key ID shown by the 'gpg2 --with-fingerprint' command above, you could remove my key from your apt keyring like this if you wanted:
- Code: Select all
# apt-key del 0xC785B90B5053A3A2
Note: you should probably not remove Debian archive signing keys like this, except if you added some
yourself manually.