2 unstable releases

0.2.0 Mar 16, 2024
0.1.0 Feb 7, 2019

#166 in Authentication

Download history 14/week @ 2024-02-20 13/week @ 2024-02-27 4/week @ 2024-03-05 198/week @ 2024-03-12 18/week @ 2024-03-19 16/week @ 2024-03-26 65/week @ 2024-04-02 1/week @ 2024-04-16 8/week @ 2024-04-23

87 downloads per month
Used in 2 crates

MIT/Apache

59KB

distro-keyrings

crates.io

This package contains the GPG keyring files for various linux distributions.

You might want these if you are trying to download distribution package lists, similar to webpki-roots for fetching things over HTTPS.

If you know you are using a specific distribution, release, or host system, you should probably rely on the keys distributed with that.

They keys are in rfc4880 format, as byte slices. This is the .gpg format which gnupg uses for keys (and many other things). You need an rfc4880 parser, such a gpg, to do anything useful with them. There are rust bindings for gpgme, or you can use a pure rust implementation, such as gpgrv, which is used in the tests.

Included keys

Debian keys, from debian-archive-keyring 2023.4 (sid):

pub   rsa4096 2019-02-05 [SC] [expires: 2027-02-03]
      6D33866EDD8FFA41C0143AEDDCC9EFBF77E11517
uid                      Debian Stable Release Key (10/buster) <debian-release@lists.debian.org>

pub   rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
      80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE
uid                      Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub   rsa4096 2019-04-14 [S] [expires: 2027-04-12]

pub   rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
      5E61B217265DA9807A23C5FF4DFAB270CAA96DFA
uid                      Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub   rsa4096 2019-04-14 [S] [expires: 2027-04-12]

pub   rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
      1F89983E0081FDE018F3CC9673A4F27B8DD47936
uid                      Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub   rsa4096 2021-01-17 [S] [expires: 2029-01-15]

pub   rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
      AC530D520F2F3269F5E98313A48449044AAD5C5D
uid                      Debian Security Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>
sub   rsa4096 2021-01-17 [S] [expires: 2029-01-15]

pub   rsa4096 2021-02-13 [SC] [expires: 2029-02-11]
      A4285295FC7B1A81600062A9605C66F00D6C9793
uid                      Debian Stable Release Key (11/bullseye) <debian-release@lists.debian.org>

pub   ed25519 2023-01-23 [SC] [expires: 2031-01-21]
      4D64FEC119C2029067D6E791F8D2585B8783D481
uid                      Debian Stable Release Key (12/bookworm) <debian-release@lists.debian.org>

pub   rsa4096 2023-01-21 [SC] [expires: 2031-01-19]
      B8B80B5B623EAB6AD8775C45B7C5D7D6350947F8
uid                      Debian Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>
sub   rsa4096 2023-01-21 [S] [expires: 2031-01-19]

pub   rsa4096 2023-01-21 [SC] [expires: 2031-01-19]
      05AB90340C0C5E797F44A8C8254CF3B5AEC0A8F0
uid                      Debian Security Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>
sub   rsa4096 2023-01-21 [S] [expires: 2031-01-19]

License:

The keys in the keyrings don't fall under any copyright.


Ubuntu keys, from ubuntu-keyring 2023.11.28.1 (noble):

pub   rsa4096 2012-05-11 [SC]
      790BC7277767219C42C86F933B4FE6ACC0B21F32
uid                      Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>

pub   rsa4096 2012-05-11 [SC]
      843938DF228D22F7B3742BC0D94AA3F0EFE21092
uid                      Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>

pub   rsa4096 2018-09-17 [SC]
      F6ECB3762474EDA9D21B7022871920D1991BC93C
uid                      Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>

License:

public-domain. The keys in the keyrings don't fall under any copyright.

License

There is practically no code here, so licensing doesn't really apply.

The keyrings themselves are also probably not subject to licensing. Both have helpfully explicitly written this in their source.

The crate as a whole is listed as MIT OR Apache-2.0, just in case.

Dependencies