From 91275ac998c439420da747fc047379a6547f7c1c Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 24 Feb 2024 14:20:19 -0300
Subject: Feat: convert docs from Ikiwiki to MkDocs

---
 checking.md | 124 ------------------------------------------------------------
 1 file changed, 124 deletions(-)
 delete mode 100644 checking.md

(limited to 'checking.md')

diff --git a/checking.md b/checking.md
deleted file mode 100644
index de399a6..0000000
--- a/checking.md
+++ /dev/null
@@ -1,124 +0,0 @@
-[[!meta title="Integrity checking"]]
-
-## Debian Images
-
-See [Verifying authenticity of Debian CDs](https://www.debian.org/CD/verify).
-
-## Source packages
-
-This is the trick part. In theory, you could run just
-
-    dscverify *.dsc
-
-Which would check if the signature was made for a key included in the `debian-keyring` package or if you
-have a verification path with the signing key.
-
-In practice, it should always work for sources you download from the **same** Debian version you're running.
-But sources you download from newer versions might not work, depending basically if the maintainer's key is
-already on the `debian-keyring` you installed.
-
-### Using a newer debian-keyring package
-
-You might want to try a newer `debian-keyring` package (for testing or unstable), which we haven't tested
-yet but can reduce a lot of complexity that follows.
-
-### Install manually debian-keyring somewhere
-
-If not, you might try to have a newer copy of the `debian-keyring` somewhere. We already provide one in the
-a way for you to get the keyring directly from https://keyring.debian.org:
-
-    make keyring
-
-We use `--no-default-keyring` to make sure `gpg` just looks for the key in the `debian-maintainers` keyring:
-
-    gpg --no-default-keyring --keyring /path/to/debian/keyring/keyrings/debian-keyring.gpg --verify *.dsc
-
-You might also want to have the following on your `~/.devscripts` (line break just to keep formatting here):
-
-    DSCVERIFY_KEYRINGS="/usr/share/keyrings/debian-keyring.gpg:/usr/share/keyrings/debian-maintainers.gpg:
-                        /path/to/debian/keyring/keyrings/debian-keyring.gpg:/path/to/debian/keyring/keyrings/debian-maintainers.gpg"
-
-Or you can use the following alias:
-
-    alias dscverify='dscverify --keyring /path/to/debian/keyring/keyrings/debian-keyring.gpg --keyring /path/to/debian/keyring/keyrings/debian-maintainers.gpg'
-
-### Manually getting the key
-
-Another option is to get the specific key:
-
-    gpg --recv-keys 12345678
-
-Either way, you have to have a criteria about how much trust you should give to the keyring or the pubkey
-you just downloaded. The same goes for software you're porting to Debian and that you can't actually check
-it's signature against `debian-keyring`.
-
-### Issues with dpkg-source
-
-Things get even trickier when you try to use `dpkg-source`. See [Debian Bug report logs - #852019 gpgv: unknown
-type of key resource 'trustedkeys.kbx'](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852019)
-for details.
-
-Even if you merge both `keyring/keyrings/debian-keyring.gpg` `keyring/keyrings/debian-maintainers.gpg`
-into some file like `keyring/keyrings/pubring.kbx`, symlink it as `keyring/keyrings/trustedkeys.gpg`
-and point `GNUPGHOME` to this folder you'll still get a weird behavior:
-
-    0 $ dget http://ftp.de.debian.org/debian/pool/main/r/ruby-childprocess/ruby-childprocess_0.5.2-1.dsc
-    dget: retrieving http://ftp.de.debian.org/debian/pool/main/r/ruby-childprocess/ruby-childprocess_0.5.2-1.dsc
-      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
-                                     Dload  Upload   Total   Spent    Left  Speed
-    100  1827  100  1827    0     0   2626      0 --:--:-- --:--:-- --:--:--  4911
-    dget: retrieving http://ftp.de.debian.org/debian/pool/main/r/ruby-childprocess/ruby-childprocess_0.5.2.orig.tar.gz
-      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
-                                     Dload  Upload   Total   Spent    Left  Speed
-    100 26055  100 26055    0     0  20738      0  0:00:01  0:00:01 --:--:-- 27455
-    dget: retrieving http://ftp.de.debian.org/debian/pool/main/r/ruby-childprocess/ruby-childprocess_0.5.2-1.debian.tar.xz
-      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
-                                     Dload  Upload   Total   Spent    Left  Speed
-    100  2892  100  2892    0     0   4183      0 --:--:-- --:--:-- --:--:--  8078
-    ruby-childprocess_0.5.2-1.dsc:
-          Good signature found
-       validating ruby-childprocess_0.5.2.orig.tar.gz
-       validating ruby-childprocess_0.5.2-1.debian.tar.xz
-    All files validated successfully.
-    gpgv: Signature made Seg 28 Abr 2014 18:03:27 BRT using RSA key ID 39CD217A
-    gpgv: Impossível verificar assinatura: chave pública não encontrada
-    dpkg-source: warning: failed to verify signature on ./ruby-childprocess_0.5.2-1.dsc
-    dpkg-source: info: extracting ruby-childprocess in ruby-childprocess-0.5.2
-    dpkg-source: info: unpacking ruby-childprocess_0.5.2.orig.tar.gz
-    dpkg-source: info: unpacking ruby-childprocess_0.5.2-1.debian.tar.xz
-    0 $
-
-What happened here is that `dscverify` honoured our custom configuration above while `dpkg-source` is still relying on
-the one available in the `debian-keyring` package.
-
-Even if you remove the `debian-keyring` package, it will still fallback to your `$HOME/.gnupg/trustedkeys.gpg` which
-you don't really want to fill with keys you actually haven't stablished a proper trust relationship.
-
-As currently `dpkg-source` doesn't honour `GNUPGHOME` (see TODO for bugreport), all we can do currently is call `dget`
-and `dpkg-source` with
-
-    HOME=/path/to/debian/keyring/ dpkg-source -x $package*dsc
-    HOME=/path/to/debian/keyring/ dget <remote-dsc>
-
-For this trick to work, you'll need to run
-
-    make keyring
-
-Again, you might set two handy aliases for your shell:
-
-    alias dpkg-source='HOME=/path/to/debian/keyring/keyrings/ dpkg-source'
-    alias dget='HOME=/path/to/debian/keyring/keyrings/ dget'
-
-Optionally, as a last touch, import your own key into this keyring:
-
-    gpg --armor --export $KEYID | \
-    gpg --no-default-keyring --keyring /path/to/debian/keyring/keyrings/.gnupg/trustedkeys.gpg --import
-
-Then you might be happy... for a while :P
-
-See also:
-
-* `dscverify(1)` manpage.
-* [Debian Public Key Server](http://keyring.debian.org/) and it's [workflow](https://keyring.debian.org/keyring-workflow.html).
-* [apt get - How to get apt-get source verification working? - Super User](https://superuser.com/questions/626810/how-to-get-apt-get-source-verification-working).
-* [Debian. How can I securely get debian-archive-keyring, so that I can do an apt-get update? NO_PUBKEY - Server Fault](http://serverfault.com/questions/337278/debian-how-can-i-securely-get-debian-archive-keyring-so-that-i-can-do-an-apt-g/337283#337283).
-- 
cgit v1.2.3