FFGo: Difference between revisions

Jump to navigation Jump to search

FFGo (view source)

Revision as of 14:01, 2 April 2025

1,075 bytes removed ,  2 April
→‎Debian: Update instructions for installing Florent's OpenPGP key in the apt keyring
(Update: new release available and links to external sites)
(→‎Debian: Update instructions for installing Florent's OpenPGP key in the apt keyring)
Line 472: Line 472:
Debian packages for FFGo have been prepared by the FFGo upstream maintainer,
Debian packages for FFGo have been prepared by the FFGo upstream maintainer,
Florent Rougon. They can be downloaded and installed normally using
Florent Rougon. They can be downloaded and installed normally using
''apt-get'', ''aptitude'', etc. provided you have installed
''apt'', ''aptitude'', etc., provided you have installed Florent's OpenPGP key.
[https://frougon.net/OpenPGP-key.asc Florent's OpenPGP key].


<ul>
<ul>
<li>'''First step: install Florent Rougon's OpenPGP key into the <tt>apt</tt> keyring'''
<li>'''First step: install Florent Rougon's OpenPGP key into the <tt>apt</tt> keyring'''


<p>There are two main ways to get the key:</p>
<p>In order for <tt>apt</tt> to trust Florent's repository of Debian packages, you need to download [https://frougon.net/OpenPGP-key.asc his OpenPGP key]. It is linked from [https://frougon.net/keys.html that page] on Florent's website and is also available [https://github.com/frougon.gpg from GitHub].</p>


<ol style="list-style-type: lower-alpha"><li>The [https://www.gnupg.org/ GnuPG] way is:
<p>''Optional:'' if you want to verify that both keys are the same, you'll probably need to add a trailing newline to the key distributed by GitHub in order to ensure a byte-for-byte match. For instance:</p>


<ol style="list-style-type: decimal"><li>Get the key from a key server (as
defined in your GnuPG configuration):
<syntaxhighlight lang="shell" enclose="div">
<syntaxhighlight lang="shell" enclose="div">
gpg2 --recv-keys C785B90B5053A3A2
printf '\n' >>frougon.gpg
gpg2 --list-keys --fingerprint C785B90B5053A3A2
cmp frougon.gpg OpenPGP-key.asc && echo "Identical files"
</syntaxhighlight>
</syntaxhighlight>


the output of which should show the [https://frougon.net/keys.html correct fingerprint]:
<p>The second command should print <code>Identical files</code>.</p>


<pre>pub  rsa4096/0xC785B90B5053A3A2 2010-03-17 [expires: 2016-10-19]
<p>Once you have the key, say in file <tt>OpenPGP-key.asc</tt>, you can install it into the <tt>apt</tt> keyring using the following command, run as root:</p>
      Key fingerprint = 125B 5A0F DB78 8FDD 0EF4  1A9D C785 B90B 5053 A3A2</pre>
 
Normally, in the OpenPGP model, you would get the fingerprint by a really secure
channel (e.g., meeting Florent in person) or you would rely on the <i>web of
trust</i> (trusting someone who trusts someone who... who trusts this key
actually belongs to Florent. The chain verification is automated by
<tt>gpg</tt>/<tt>gpg2</tt>—name of the main [https://www.gnupg.org/ GnuPG]
command—using digital signatures, done with each participant's key).
</li>
<li>Then, in order to have the key in a separate file, say <tt>~/tmp/flo-key</tt>, you can run:
 
<syntaxhighlight lang="shell" enclose="div">
gpg2 --export -o ~/tmp/flo-key C785B90B5053A3A2
</syntaxhighlight> (using <tt>~/tmp/flo-key</tt> to avoid symlink
attacks—using <tt>/tmp</tt> instead of <tt>~/tmp</tt> wouldn't be a great idea).</li></ol>
</li>
<li>The other way is getting [https://frougon.net/OpenPGP-key.asc the key] from [https://frougon.net/ Florent's home page] (it is linked from [https://frougon.net/keys.html that page] on Florent's site). In short, assuming you have the <tt>wget</tt> package installed, you can get the key with:


<syntaxhighlight lang="shell" enclose="div">
<syntaxhighlight lang="shell" enclose="div">
wget -O ~/tmp/flo-key https://frougon.net/OpenPGP-key.asc
cp OpenPGP-key.asc /etc/apt/trusted.gpg.d/Florent_Rougon.asc
</syntaxhighlight></li>
Once you have that key in the file <tt>flo-key</tt>, you can install it for <tt>apt</tt> by running, <i>as root</i>:
 
<syntaxhighlight lang="shell" enclose="div">
apt-key add flo-key
</syntaxhighlight>
</syntaxhighlight>


One could even combine the two operations into a single command (getting the key and installing it into <tt>apt</tt>'s keyring):
<p>The next <code>apt update</code> run will see the key and from this point on, <tt>apt</tt> will trust it. If you later decide to revoke this trust, simply delete <tt>/etc/apt/trusted.gpg.d/Florent_Rougon.asc</tt> and rerun <code>apt update</code>.</p>


<syntaxhighlight lang="shell" enclose="div">
<p>You'll have to repeat this key installation step every time the key expires (<tt>apt</tt> will tell you if the key has expired and is still in its keyring). In the last decade or so, this has been once a year.</p>
wget -O- https://frougon.net/OpenPGP-key.asc | apt-key add -
</syntaxhighlight>


but this would have to be done as root, which I don't like much for <tt>wget</tt> (this can
be overcome by using <tt>ssh</tt>, maybe also with <tt>sudo</tt>, but it is
a bit out of scope here).
</ol>
</li>
</li>
<li>
<li>
Rominet
417

edits

Retrieved from "https://wiki.flightgear.org/Special:MobileDiff/141678"

Navigation menu