Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

jetring(7) [debian man page]

JETRING(7)							 jetring commands							JETRING(7)

NAME

       jetring - maintenance of gpg keyrings using changesets

OVERVIEW

       jetring is a collection of tools that allow for gpg keyrings to be maintained using changesets. It was developed with the Debian keyring in
       mind, and aims to solve the problem that a gpg keyring is a binary blob that's hard for multiple people to collaboratively edit.

       With jetring, changesets can be submitted, reviewed to see exactly what they will do, applied, and used to build a keyring. The	origin	of
       every change made to the keyring is available for auditing, and gpg signatures can be used to further secure things.

OPERATION

       A  jetring directory is used as the "source" that a keyring is built from.  To convert an existing gpg keyring to such a directory, use the
       jetring-explode(1) command.

       Each change to the gpg keyring is stored in a separate changeset file in the directory. Changesets can reflect any set of  changes  to  the
       keyring.   Changesets  can  also  include arbitrary metadata. The jetring-gen(1) command can be used to compare two keyrings and generate a
       changeset from one to the other.

       Changesets are never removed or modified, only new ones added, using the jetring-accept(1) command.

       There's an ordering of the changesets. This ordering is stored in an index file. The index file is only appended to, to add new changesets.

       Changesets can be fully examined to see what change they make before applying them. The jetring-review(1) and jetring-diff(1) commands  can
       be used for such review.

       To create a new keyring, or incrementally update an existing keyring, changesets are applied in order using the jetring-build(1) command.

GPG SIGNATURES

       The  index file can optionally be gpg signed (the signature will be stored in index.gpg); if JETRING_SIGN is set to point to a gpg keyring,
       then jetring commands that operate on the jetring directory will always check that the index file is signed with one of the keys from  that
       keyring. Commands that modify the index file will update its signature.

CHANGESET FORMAT

       A  changeset file consists of one or more stanzas, separated by blank lines.  The stanzas are in RFC-822-like format. Each stanza must have
       an action field, which specifies which action to take on the keyring, and a data field, typically a multi-line field,  which  contains  the
       data to feed to the action. Supported actions are:

       import The data field should be an ascii-armored gpg key block, that is fed into gpg --import.

       edit-key keyid
	      gpg  --edit-key  is run on the specified key id. The data field is a script, each line in it is passed in to gpg, the same as if gpg
	      were being driven interactively. This can be used to make arbitrary changes to the key.

       delete-key keyid
	      The given key is deleted. The data is fed into gpg --delete-key, and should be "y", since gpg expects that confirmation to  deleting
	      a key.

       Other fields can be added as desired to hold metadata about the change.	Typical additional fields include date, changed-by, and comment.

       Changesets can be optionally have attached signatures, although such data is not automatically validated and is mostly useful to record who
       submitted or signed off on a given changeset.

AUTHOR

       Joey Hess, <joey@kitenet.net>.

																	JETRING(7)

Check Out this Related Man Page

APT-KEY(8)								APT								APT-KEY(8)

NAME

       apt-key - APT key management utility

SYNOPSIS

       apt-key [--keyring filename] {add filename | del keyid | export keyid | exportall | list | finger | adv | update | net-update |
	       {-v | --version} | {-h | --help}}

DESCRIPTION

       apt-key is used to manage the list of keys used by apt to authenticate packages. Packages which have been authenticated using these keys
       will be considered trusted.

COMMANDS

       add filename
	   Add a new key to the list of trusted keys. The key is read from the filename given with the parameter filename or if the filename is -
	   from standard input.

       del keyid
	   Remove a key from the list of trusted keys.

       export keyid
	   Output the key keyid to standard output.

       exportall
	   Output all trusted keys to standard output.

       list
	   List trusted keys.

       finger
	   List fingerprints of trusted keys.

       adv
	   Pass advanced options to gpg. With adv --recv-key you can download the public key.

       update
	   Update the local keyring with the archive keyring and remove from the local keyring the archive keys which are no longer valid. The
	   archive keyring is shipped in the archive-keyring package of your distribution, e.g. the debian-archive-keyring package in Debian.

       net-update
	   Perform an update working similarly to the update command above, but get the archive keyring from a URI instead and validate it against
	   a master key. This requires an installed wget(1) and an APT build configured to have a server to fetch from and a master keyring to
	   validate. APT in Debian does not support this command, relying on update instead, but Ubuntu's APT does.

OPTIONS

       Note that options need to be defined before the commands described in the previous section.

       --keyring filename
	   With this option it is possible to specify a particular keyring file the command should operate on. The default is that a command is
	   executed on the trusted.gpg file as well as on all parts in the trusted.gpg.d directory, though trusted.gpg is the primary keyring
	   which means that e.g. new keys are added to this one.

FILES

       /etc/apt/trusted.gpg
	   Keyring of local trusted keys, new keys will be added here. Configuration Item: Dir::Etc::Trusted.

       /etc/apt/trusted.gpg.d/
	   File fragments for the trusted keys, additional keyrings can be stored here (by other packages or the administrator). Configuration
	   Item Dir::Etc::TrustedParts.

       /etc/apt/trustdb.gpg
	   Local trust database of archive keys.

       /usr/share/keyrings/debian-archive-keyring.gpg
	   Keyring of Debian archive trusted keys.

       /usr/share/keyrings/debian-archive-removed-keys.gpg
	   Keyring of Debian archive removed trusted keys.

SEE ALSO

       apt-get(8), apt-secure(8)

BUGS

       APT bug page[1]. If you wish to report a bug in APT, please see /usr/share/doc/debian/bug-reporting.txt or the reportbug(1) command.

AUTHOR

       APT was written by the APT team <apt@packages.debian.org>.

AUTHORS

       Jason Gunthorpe

       APT team

NOTES

	1. APT bug page
	   http://bugs.debian.org/src:apt

APT 0.9.7.9							   09 June 2012 							APT-KEY(8)
Man Page