From b970df62a2b4048f21f867cc09d2396202398860 Mon Sep 17 00:00:00 2001
From: praschdorff
Date: Thu, 22 Feb 2018 00:14:27 +0100
Subject: [PATCH] Moved the verification of the GPG Signing keys to the
template VM
---
configuration/multimedia.md | 72 ++++++++++++++++++-------------------
1 file changed, 36 insertions(+), 36 deletions(-)
diff --git a/configuration/multimedia.md b/configuration/multimedia.md
index d5a05b8c..f6215bf7 100644
--- a/configuration/multimedia.md
+++ b/configuration/multimedia.md
@@ -61,21 +61,7 @@ In an AppVM which has Internet access:
- open a Terminal in this AppVM and copy the content of the clipboard to a file
`xclip -o > spotify.pubkey`
-Check the signature of the signing key (still in the AppVM where you downloaded the key)
-
-`gpg --with-fingerprint spotify.pubkey`
-
-This should look like:
-> [user@my-untrusted ~]$ `gpg --with-fingerprint spotify.pubkey`
-
-> pub 4096R/341D9410 2017-07-25 Spotify Public Repository Signing Key
-
-> Key fingerprint = 0DF7 31E4 5CE2 4F27 EEEB 1450 EFDC 8610 341D 9410
-
-You can (and should) lookup the fingerprint on at least one (or more) keyservers as the above information might be outdated.
-https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0xefdc8610341d9410&fingerprint=on
-
-Copy the public signing key which you have just verified over to the multimedia template VM
+Copy the public signing key over to the multimedia template VM
- copy the file via `qvm-copy-to-vm t-multimedia spotify.pubkey`
- or create a new file on the Template VM and copy the content of the clipboard (the public key)
Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C)
@@ -84,6 +70,20 @@ Copy the public signing key which you have just verified over to the multimedia
Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste)
Save the file (Ctrl+O Ctrl+X)
+Check the signature of the signing key (in the multimedia Template VM)
+
+`gpg --with-fingerprint spotify.pubkey`
+
+This should look like:
+> [user@t-multimedia ~]$ `gpg --with-fingerprint spotify.pubkey`
+
+> pub 4096R/341D9410 2017-07-25 Spotify Public Repository Signing Key
+
+> Key fingerprint = 0DF7 31E4 5CE2 4F27 EEEB 1450 EFDC 8610 341D 9410
+
+You can (and should) lookup the fingerprint on at least one (or more) keyservers as the above information might be outdated.
+https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0xefdc8610341d9410&fingerprint=on
+
Add the public key to the repository keyring
`apt-key add spotify.pubkey`
@@ -116,12 +116,21 @@ In an AppVM which has Internet access:
- Repeat all steps to save the public signing key on the AppVM (see above / Spotify example)
`xclip -o > videolan.pubkey`
-Check the signature of the signing key (still in the AppVM where you downloaded the key)
+Copy the public signing key over to the multimedia template VM
+- copy the file via `qvm-copy-to-vm t-multimedia videolan.pubkey`
+- or create a new file on the Template VM and copy the content of the clipboard (the public key)
+ Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C)
+ Switch to the gnome terminal in the Multimedia Template VM
+ `nano videolan.pubkey`
+ Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste)
+ Save the file (Ctrl+O Ctrl+X)
+
+Check the signature of the signing key
`gpg --with-fingerprint videolan.pubkey`
This should look like:
-> [user@my-untrusted ~]$ `gpg --with-fingerprint videolan.pubkey`
+> [user@t-multimedia ~]$ `gpg --with-fingerprint videolan.pubkey`
> pub 2048R/B84288D9 2013-08-27 VideoLAN APT Signing Key
@@ -132,15 +141,6 @@ This should look like:
You can (and should) lookup the fingerprint on at least one (or more) keyservers as the above information might be outdated.
https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0x6BCA5E4DB84288D9&fingerprint=on
-Copy the public signing key which you have just verified over to the multimedia template VM
-- copy the file via `qvm-copy-to-vm t-multimedia videolan.pubkey`
-- or create a new file on the Template VM and copy the content of the clipboard (the public key)
- Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C)
- Switch to the gnome terminal in the Multimedia Template VM
- `nano videolan.pubkey`
- Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste)
- Save the file (Ctrl+O Ctrl+X)
-
Add the public key to the repository keyring
`apt-key add videolan.pubkey`
@@ -171,12 +171,21 @@ In an AppVM which has Internet access:
- Repeat all steps to save the public signing key on the AppVM (see above / Spotify example)
`xclip -o > google.pubkey`
+Copy the public signing key over to the multimedia template VM
+- copy the file via `qvm-copy-to-vm t-multimedia google.pubkey`
+- or create a new file on the Template VM and copy the content of the clipboard (the public key)
+ Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C)
+ Switch to the gnome terminal in the Multimedia Template VM
+ `nano google.pubkey`
+ Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste)
+ Save the file (Ctrl+O Ctrl+X)
+
Check the signature of the signing key (still in the AppVM where you downloaded the key)
`gpg --with-fingerprint google.pubkey`
This should look like:
-> [user@my-untrusted ~]$ `gpg --with-fingerprint google.pubkey`
+> [user@t-multimedia ~]$ `gpg --with-fingerprint google.pubkey`
> pub 4096R/D38B4796 2016-04-12 Google Inc. (Linux Packages Signing Authority)
@@ -192,15 +201,6 @@ You can (and should) lookup the fingerprint on at least one (or more) keyservers
https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0x7721F63BD38B4796&fingerprint=on
or https://www.google.com/linuxrepositories/
-Copy the public signing key which you have just verified over to the multimedia template VM
-- copy the file via `qvm-copy-to-vm t-multimedia google.pubkey`
-- or create a new file on the Template VM and copy the content of the clipboard (the public key)
- Copy content of page to the Qubes Clipboard (Ctrl+C and then Shift+Ctrl+C)
- Switch to the gnome terminal in the Multimedia Template VM
- `nano google.pubkey`
- Paste the content from the Qubes Clipboard into nano (Shift+Ctrl+V and then Paste)
- Save the file (Ctrl+O Ctrl+X)
-
Add the public key to the repository keyring
`apt-key add google.pubkey`