QubesBuilder changed

add key management info
2024-12-26 07:49:34 -05:00 · 2014-04-30 13:47:25 +00:00 · 2014-04-30 13:47:25 +00:00 · 36ae858ccc
commit 36ae858ccc
parent 52e8910c54
1 changed files with 14 additions and 0 deletions
--- a/QubesBuilder.md
+++ b/QubesBuilder.md
@ -180,3 +180,17 @@ There is one issue with above experimental version: new Xorg server have differe

 5.  Restart login manager (now it will start and allow you to login graphically): initctl restart prefdm

+Code verification keys management
+=================================
+
+[QubesBuilder](/wiki/QubesBuilder) by default verify signed tags on every downloaded code. Public keys used for that are stored in `keyrings/git`. By default Qubes developers keys are imported automatically, but if you need some additional keys (for example your own), you can add it using:
+
+``` {.wiki}
+GNUPGHOME=$PWD/keyrings/git gpg --import /path/to/key.asc
+GNUPGHOME=$PWD/keyrings/git gpg --edit-key ID_OF_JUST_IMPORTED_KEY
+# here use "trust" command to set key fully or ultimately trusted - only those keys are accepted by QubesBulder
+```
+
+All Qubes developers keys are signed by Qubes Master Signing Key (which is set as ultimately trusted key), so are trusted automatically.
+
+If you are the owner of Master key and want to revoke such signature, use `revsig` gpg key edit command and update the key in qubes-developers-keys.asc - now the key will be no longer trusted (unless manually set such).