From fb3a03e7be8e09e157b7cfb3e59e13d7b0222aa2 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Mon, 1 Jan 2024 09:36:57 +0200
Subject: apt.liw.fi: improve doc, switch to 2024 signing key

Signed-off-by: Lars Wirzenius <liw@liw.fi>
Sponsored-by: author
---
 ansible/apt.liw.fi.html | 35 +++++++++++++++++++++++++++--------
 ansible/apt.liw.fi.yml  |  4 ++--
 2 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/ansible/apt.liw.fi.html b/ansible/apt.liw.fi.html
index b3480b2..bc9c7e4 100644
--- a/ansible/apt.liw.fi.html
+++ b/ansible/apt.liw.fi.html
@@ -10,17 +10,36 @@
     <h1>apt.liw.fi</h1>
 
     <p>This is the personal APT repository
-    of <a href="https://liw.fi">Lars Wirzenius<a>. It contains
-    software packaged for the <a href="https://debian.org">Debian</a>
-    operating system as <code>.deb</code> packages. All software here
-    is free and open source software, but not guaranteed to work.
+    of <a href="https://liw.fi">Lars Wirzenius</a>. It contains free
+    and open source software packaged for
+    the <a href="https://debian.org">Debian</a> operating system
+    as <code>.deb</code> packages.
     </p>
 
-    <p>The repository is signed using the OpenPGP key with fingerprint
-    <code>A2F5 BB20 E85F 2C54 1F73 BBD7 B5AB F936 554B A3C6</code>,
-    which is not easily available at this time. This will be fixed
-    eventually, but until then, if you need the key, ask Lars directly.
+    <p>Repository signing keys are in
+    the <code>apt.liw.fi-keyring</code> package, in this repository.
+    Those keys in turn are signed by my personal key with
+    fingerprint <code>EA0B 7399 ECCF 9282 A74E F8F8 31DA 8032 081D
+    901D</code>. You can get my key via WKD (using email address
+    <code>liw@liw.fi</code>), from various key servers, or from
+    my <a href="https://liw.fi/pgp">home page</a>.
     </p>
+
+    <p>To add this repository to your APT sources lists, first install
+    the keyring package, and then create a file
+    <code>/etc/apt/sources.list.d/apt.liw.fi.list</code> with the
+    contents (or any other filename that ends in <code>.list</code>):
+    </p>
+
+    <blockquote>
+<code>deb [signed-by=/usr/share/keyrings/apt.liw.fi-keyring.pgp] http://apt.liw.fi/debian unstable main</code>
+    </blockquote>
+
+    <p>This means the keyring package is only ever used for this
+    repository. After you've installed the keyring package, you'll get
+    any new keys for this repository automatically, as long as you
+    update it at least once a year.</p>
+
   </article>
 </body>
 </html>
diff --git a/ansible/apt.liw.fi.yml b/ansible/apt.liw.fi.yml
index ea66aa1..b10912d 100644
--- a/ansible/apt.liw.fi.yml
+++ b/ansible/apt.liw.fi.yml
@@ -38,8 +38,8 @@
       - codename: unstable
         description: builds for unstable
     apt_signing_key: "{{ lookup('pipe', 'pass show ick2/apt_key') }}"
-    apt_signing_key_pub: "{{ lookup('pipe', 'pass show ick2/apt_key.pub') }}"
+    apt_signing_key_pub: "{{ lookup('pipe', 'pass show apt.liw.fi-signing-key') }}"
     apt_signing_key_fingerprint: |
-      {{ lookup('pipe', 'pass show ick2/apt_key.pub | gpg --show-keys --with-colons | grep "^fpr:" | cut -d: -f10') }}
+      {{ lookup('pipe', 'pass show apt.liw.fi-signing-key | gpg --show-keys --with-colons | grep "^fpr:" | head -n1 | cut -d: -f10') }}
     apt_index_content: |
       {{ lookup('file', 'apt.liw.fi.html') }}
-- 
cgit v1.2.1