Fix Debian package installation instructions

This tries to conform with: https://wiki.debian.org/DebianRepository/UseThirdParty We also change keyservers to avoid signature flooding attacks. Ideally, the repository would ship its own key, to avoid writing that key in the user's keyring, but this fixes the worst of the problems (short key ID attacks and flooding).

Fix Debian package installation instructions
5a44cfe2 · ale · 28430343 · 5a44cfe2
Commit 5a44cfe2 authored 5 years ago by ale
--- a/README.md
+++ b/README.md
@@ -21,17 +21,16 @@ option, you can build the software from source.

 Add this line to your `sources.list`:

-    deb http://debian.incal.net/debian liber/
+    deb [signed-by=/usr/share/keyrings/incal-archive-keyring.gpg] http://debian.incal.net/debian liber/

 Then make sure the GPG key used to sign the repository is installed,
 update the package sources, and install the `liber` package:

-    $ sudo apt-key adv --keyserver hkp://pool.sks-keyservers.net/ \
-        --recv C0EAC2F9CE9ED9B0
+    $ gpg --keyserver hkp://keys.openpgp.org/ --recv 06F524BFE221CD1F65DF57F5C0EAC2F9CE9ED9B0
+    $ gpg --export --export-options export-minimal 06F524BFE221CD1F65DF57F5C0EAC2F9CE9ED9B0 | sudo tee /usr/share/keyrings/incal-archive-keyring.gpg > /dev/null
    $ sudo apt-get update
    $ sudo apt-get install liber

-
 ### Build from source

 To compile liber from source, you will need a working [Go](http://golang.org/)