From: Shannon Sterz <s.sterz@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH docs] package-repos: update key file path and hashes
Date: Fri, 18 Jul 2025 10:38:31 +0200 [thread overview]
Message-ID: <20250718083831.31025-1-s.sterz@proxmox.com> (raw)
so they better match the repository definitions above
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
pve-package-repos.adoc | 23 ++++++++++++++++-------
1 file changed, 16 insertions(+), 7 deletions(-)
diff --git a/pve-package-repos.adoc b/pve-package-repos.adoc
index 063bc6f..a5b233a 100644
--- a/pve-package-repos.adoc
+++ b/pve-package-repos.adoc
@@ -268,25 +268,34 @@ If you install {pve} on top of Debian, download and install
the key with the following commands:
----
- # wget https://enterprise.proxmox.com/debian/proxmox-release-trixie.gpg -O
- /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
+ # wget https://enterprise.proxmox.com/debian/proxmox-archive-keyring-trixie.gpg -O
+ /usr/share/keyrings/proxmox-archive-keyring.gpg
----
+NOTE: The `wget` command above adds the keyring for Proxmox releases based on
+Debian Trixie. Once the `proxmox-archive-keyring` package is installed, it will
+manage this file. At that point, the hashes below may no longer match the hashes
+of this file, as keys for new Proxmox releases get added or removed. This is
+intended, `apt` will ensure that only trusted keys are being used.
+*Modifying this file is discouraged once `proxmox-archive-keyring` is installed.*
+
Verify the checksum afterwards with the `sha512sum` CLI tool:
----
-# sha512sum /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
-7da6fe34168adc6e479327ba517796d4702fa2f8b4f0a9833f5ea6e6b48f6507a6da403a274fe201595edc86a84463d50383d07f64bdde2e3658108db7d6dc87
-/etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
+# sha256sum /usr/share/keyrings/proxmox-archive-keyring.gpg
+ 136673be77aba35dcce385b28737689ad64fd785a797e57897589aed08db6e45
+/usr/share/keyrings/proxmox-archive-keyring.gpg
----
or the `md5sum` CLI tool:
----
-# md5sum /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
-41558dc019ef90bd0f6067644a51cf5b /etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg
+# md5sum /usr/share/keyrings/proxmox-archive-keyring.gpg
+77c8b1166d15ce8350102ab1bca2fcbf /usr/share/keyrings/proxmox-archive-keyring.gpg
----
+NOTE: Make sure the path you install the key to matches the `Signed-By:` lines
+in your repository stanzas.
ifdef::wiki[]
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next reply other threads:[~2025-07-18 8:37 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-18 8:38 Shannon Sterz [this message]
2025-07-18 10:14 ` [pve-devel] applied: " Thomas Lamprecht
-- strict thread matches above, loose matches on Subject: below --
2025-07-17 10:34 [pve-devel] " Shannon Sterz
2025-07-17 8:00 Shannon Sterz
2025-07-17 8:47 ` Thomas Lamprecht
[not found] ` <DBE7TU91ASCT.197OWIL2T5KAJ@proxmox.com>
2025-07-17 9:38 ` Thomas Lamprecht
2025-07-17 10:33 ` Shannon Sterz
2025-07-17 11:55 ` Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250718083831.31025-1-s.sterz@proxmox.com \
--to=s.sterz@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox