From: Shannon Sterz <s.sterz@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH docs] package-repos: update key file path and hashes
Date: Thu, 17 Jul 2025 12:34:03 +0200 [thread overview]
Message-ID: <20250717103403.155450-1-s.sterz@proxmox.com> (raw)
so they better match the repository definitions above
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
pve-package-repos.adoc | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
diff --git a/pve-package-repos.adoc b/pve-package-repos.adoc
index 063bc6f..9406e2f 100644
--- a/pve-package-repos.adoc
+++ b/pve-package-repos.adoc
@@ -269,24 +269,33 @@ the key with the following commands:
----
# wget https://enterprise.proxmox.com/debian/proxmox-release-trixie.gpg -O
- /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
+ /usr/share/keyrings/proxmox-archive-keyring.gpg
----
+NOTE: The `wget` command above adds the release key for a single {pve} release
+as the archive keyring. Once the `proxmox-archive-keyring` package is installed,
+it will manage this file. The files hashes will change, as keys for other {pve}
+releases will be added and removed. This means the hashes below are only valid
+for the initial install on top of an existing Debian system.
+*Modifying this file is discouraged once `proxmox-archive-keyring` is installed.*
+
Verify the checksum afterwards with the `sha512sum` CLI tool:
----
-# sha512sum /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
-7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87
-/etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
+# sha256sum /usr/share/keyrings/proxmox-archive-keyring.gpg
+ 1bcd2d5bab556076c9ea756a84fe2b7445b13f4ef6e97b2e412b68778377ba6d
+/usr/share/keyrings/proxmox-archive-keyring.gpg
----
or the `md5sum` CLI tool:
----
-# md5sum /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
-41558dc019ef90bd0f6067644a51cf5b /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
+# md5sum /usr/share/keyrings/proxmox-archive-keyring.gpg
+c94e3775fbafec13fec20f981db61e93 /usr/share/keyrings/proxmox-archive-keyring.gpg
----
+NOTE: Make sure the path you install the key to matches the `Signed-By:` lines
+in your repository stanzas.
ifdef::wiki[]
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next reply other threads:[~2025-07-17 10:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-17 10:34 Shannon Sterz [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-07-18 8:38 Shannon Sterz
2025-07-17 8:00 Shannon Sterz
2025-07-17 8:47 ` Thomas Lamprecht
[not found] ` <DBE7TU91ASCT.197OWIL2T5KAJ@proxmox.com>
2025-07-17 9:38 ` Thomas Lamprecht
2025-07-17 10:33 ` Shannon Sterz
2025-07-17 11:55 ` Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250717103403.155450-1-s.sterz@proxmox.com \
--to=s.sterz@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox