/distribution-gpg-keys

Collection of GPG keys used in Linux Distributions

Primary LanguagePythonCreative Commons Zero v1.0 UniversalCC0-1.0

distribution-gpg-keys

GPG keys used by various Linux distributions to sign packages.

Keys for

  • Anolis OS
  • Amazon Linux
  • Alma Linux
  • Azure Linux/CBL-Mariner
  • CentOS
  • Circle Linux
  • EPEL
  • EuroLinux
  • Fedora
  • Mageia
  • openEuler
  • OpenMandriva
  • OpenSuse
  • Oracle Linux
  • Qubes
  • Rocky Linux
  • RosaLinux
  • RPM Fusion
  • Red Hat
  • Navy Linux
  • Scientific Linux
  • United RPMs

and for third parties repos:

  • Adobe
  • AnyDesk
  • Bacula
  • Brave
  • BlueJeans
  • CalcForge
  • COPR repositories
  • Datto
  • Dell
  • Docker
  • Dropbox
  • Elastic
  • Element
  • Google
  • Google Cloud
  • IUS
  • Jenkins
  • JPackage
  • Kubernetes
  • MariaDB
  • MySQL
  • Microsoft
  • Mullvad
  • PostgreSQL RPM Building Project
  • Remi's
  • Skype
  • SME Server
  • TeamViewer
  • UnitedRPMs
  • VeraCrypt
  • VirtualBox
  • Zimbra
  • Zoom

it intentionally does not include keys for Ubuntu as there exists the package ubu-keyring, for Debian as there exists the package debian-keyring, for ArchLinux as there exists the package archlinux-keyrings.

For up to date list of keys see SOURCES.md.

Storing keys in DNS

If you are owner of the GPG key, you can generate TYPE 61 DNS records and clients can verify it using DNSSEC and Different OpenGPG DNS entries for the same email.

Here is overview of availability of DNS entries for GPG keys:

Provider DNS entry DNSSEC
Fedora ✔️ ✔️
Epel ✔️ ✔️
Red Hat ✔️
CentOS requested
OpenSuse ✔️ ✔️
RPM Fusion requested
Dropbox requested

The keys can be fetched using resolvectl openpgp EMAIL. e.g. resolvectl openpgp security@redhat.com

Packaging status

distribution-gpg-keys versions

Ubuntu 20.04 LTS (Focal Fossa), Ubuntu 22.04 LTS (Jammy Jellyfish)

Debian 11 Bullseye Stable

Downstream packaging

If you are going to package this project, then consider packaging Copr keys as subpackage as it is quite big.

This project is available as a package in Fedora, EPEL, openSUSE, archLinux, Mageia, OpenMandriva.

Releasing

To get tar.gz:

dnf install tito
git clone git://github.com/xsuchy/distribution-gpg-keys.git
cd distribution-gpg-keys
tito build --tgz

To get SRPM:

tito build --srpm

To get RPM:

tito build --rpm

To create new release:

# do NOT create changelog entries
git commit
tito tag
git push && git push --tags

Report a bug

For Report a bug or Problem to the original project or rpm packages use

Github Issues

https://github.com/xsuchy/distribution-gpg-keys/issues

For Report a bug or Problem to the Debian/Ubuntu Package use online

Launchpad Bugzilla

https://bugs.launchpad.net/ubuntu/+source/distribution-gpg-keys/+filebug