6997f84bb6
This started as an effort to clean up our mirroring of stretch packages.
It appears that the stretch content in our mirrors isn't actively
mirrored at this point and needs to be manually cleaned up. But while I
was looking in the config management i noticed that we still configure
jessie and stretch gpg keys which I don't think are necessary either.
Remove them.
Note the key fingerprint values were swapped around in our _keys dicts,
but the file content appears to have been correct for each of the keys.
We swap the key fingerprints around so that everything makes sense
again.
To confirm the key file content is correct:
$ gpg --show-keys playbooks/roles/reprepro/files/keys/debian-bullseye-security.asc
gpg: directory '/home/clark/.gnupg' created
gpg: keybox '/home/clark/.gnupg/pubring.kbx' created
pub rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
AC530D520F2F3269F5E98313A48449044AAD5C5D
uid Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub rsa4096 2021-01-17 [S] [expires: 2029-01-15]
$ gpg --show-keys playbooks/roles/reprepro/files/keys/debian-bullseye.asc
pub rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
1F89983E0081FDE018F3CC9673A4F27B8DD47936
uid Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub rsa4096 2021-01-17 [S] [expires: 2029-01-15]
And compare to the values published by debian:
https://ftp-master.debian.org/keys.html
Change-Id: If5d710051b03024512667a8cb9498320b88f5b33
7 lines
170 B
Plaintext
Executable File
7 lines
170 B
Plaintext
Executable File
Name: debian-security
|
|
Method: http://security.debian.org/
|
|
Suite: */updates
|
|
Architectures: amd64 arm64
|
|
GetInRelease: no
|
|
VerifyRelease: 4DFAB270CAA96DFA+|A48449044AAD5C5D+
|