Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • S support
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 57
    • Issues 57
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 0
    • Merge requests 0
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Web
  • support
  • Issues
  • #146
Closed
Open
Created Dec 09, 2020 by Gus@gus🍕Owner

Update debian repository instructions

From Frontdesk:

https://support.torproject.org/apt/#apt-1

As well as the 'deb.torproject.org-keyring' package to use the signing key in a more secure manner. the problem is that "apt-key add -" saves the key to /etc/apt/trusted.gpg.d/, and apt tries all the keys stored there to verify signatures of all repos.

third party repos should use /usr/share/keyrings/ for (non-ASCII-armored) keyrings and explicitly pin their repo to their own keyring, e.g.

deb [arch=amd64 signed-by=/usr/share/keyrings/tor_keyring.gpg] https://...

more on this can be found here:

https://wiki.debian.org/DebianRepository/UseThirdParty

Assignee
Assign to
Time tracking