Devuan Keyring
The Devuan keyring contains the public key that Devuan's package building system uses for signing packages. It is an OpenPGP keyring. By installing the keyring into the `apt` trust database, `apt` will able to verify Devuan packages automatically. In normal use, `apt` will refuse to install any package that cannot be verified.
It is easy to install the devuan-keyring package with this command:
# apt-get install devuan-keyring
If you are migrating to Devuan you may need to install the keyring package manually first. Download it from our primary mirror, verify the file checksum with sha256sum devuan-keyring_2022.09.04_all.deb
(expected output is: 96c4a206e8dfdc21138ec619687ef9acf36e1524dd39190c040164f37cc3468d), and install with dpkg -i devuan-keyring_2022.09.04_all.deb
(as root).
When installing this package you may need to confirm this installation manually.
See `man apt-get` for further details.
Install with
$ apt-get -y install devuan-keyring
...
$ dpkg -L devuan-keyring
/.
/etc
/etc/apt
/etc/apt/trusted.gpg.d
/etc/apt/trusted.gpg.d/devuan-keyring-2016-archive.gpg
/etc/apt/trusted.gpg.d/devuan-keyring-2016-cdimage.gpg
/etc/apt/trusted.gpg.d/devuan-keyring-2022-archive.gpg
/usr
/usr/share
/usr/share/doc
/usr/share/doc/devuan-keyring
/usr/share/doc/devuan-keyring/README.md.gz
/usr/share/doc/devuan-keyring/changelog.gz
/usr/share/doc/devuan-keyring/copyright
/usr/share/keyrings
/usr/share/keyrings/devuan-archive-keyring.gpg
/usr/share/keyrings/devuan-keyring.gpg
Primary Devuan Signing Key
Devuan releases are currently signed by:
Devuan Repository (Primary Devuan signing key) <repository@devuan.org>
The key is available from the public keyserver keyserver.ubuntu.com. The fingerprint for verification is 72E3 CB77 3315 DFA2 E464 743D 9453 2124 5419 22FB
.
$ gpg --keyserver keyserver.ubuntu.com --search-keys 94532124541922FB
gpg: data source: http://162.213.33.8:11371
(1) Devuan Repository (Primary Devuan signing key) <repository@devuan.org>
2048 bit RSA key 94532124541922FB, created: 2014-12-02
Keys 1-1 of 1 for "94532124541922FB". Enter number(s), N)ext, or Q)uit > 1
gpg: key 94532124541922FB: public key "Devuan Repository (Primary Devuan signing key) <repository@devuan.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
$ gpg --fingerprint 94532124541922FB
pub rsa2048 2014-12-02 [SC]
72E3 CB77 3315 DFA2 E464 743D 9453 2124 5419 22FB
uid [ unknown] Devuan Repository (Primary Devuan signing key) <repository@devuan.org>
sub rsa2048 2014-12-02 [E]