From e34b87dbdc4afab8f853f3e90aa24bba2d20404d Mon Sep 17 00:00:00 2001
From: Julian Rother <julian@cccv.de>
Date: Mon, 13 Sep 2021 11:35:45 +0200
Subject: [PATCH] Add Debian repo signing key and install instructions

---
 README.md            |  17 ++++++++++++++---
 cccv-archive-key.gpg | Bin 0 -> 1752 bytes
 2 files changed, 14 insertions(+), 3 deletions(-)
 create mode 100644 cccv-archive-key.gpg

diff --git a/README.md b/README.md
index 80d01bd0..64b25416 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ Please note that we refer to Debian packages here and **not** pip packages.
 - python3-oauthlib
 - python3-flask-babel
 
-Some of the dependencies (especially fido2 and flask-oauthlib) changed their API in recent versions, so make sure to install the versions from Debian Buster.
+Some of the dependencies (especially fido2) changed their API in recent versions, so make sure to install the versions from Debian Buster or Bullseye.
 For development, you can also use virtualenv with the supplied `requirements.txt`.
 
 ## Development
@@ -41,12 +41,23 @@ Please note that the mocked LDAP functionality is very limited and many uffd fea
 
 ## Deployment
 
-You should absolutely never use `pip install uffd` for production deployments.
+Do not use `pip install uffd` for production deployments!
 The dependencies of the pip package roughly represent the versions shipped by Debian stable.
 We do not keep them updated and we do not test the pip package!
 The pip package only exists for local testing/development and to help build the Debian package.
 
-To deploy to production, use our Debian package. You will get security updates for all dependencies from Debian.
+We provide packages for Debian stable and oldstable (currently Bullseye and Buster).
+Since all dependencies are available in the official package mirrors, you will get security updates for everything but uffd itself from Debian.
+
+To install uffd on Debian Bullseye, add our package mirror to `/etc/sources.list`:
+
+```
+deb https://packages.cccv.de/uffd bullseye main
+```
+
+Then download [cccv-archive-key.gpg](cccv-archive-key.gpg) and add it to the trusted repository keys in `/etc/apt/trusted.gpg.d/`.
+Afterwards run `apt update && apt install uffd` to install the package.
+
 The Debian package uses uwsgi to run uffd and ships an `uffd-admin` to execute flask commands in the correct context.
 If you upgrade, make sure to run `flask db upgrade` after every update! The Debian package takes care of this by itself using uwsgi pre start hooks.
 For an example uwsgi config, see our [uswgi.ini](uwsgi.ini). You might find our [nginx include file](nginx.include.conf) helpful to setup a web server in front of uwsgi.
diff --git a/cccv-archive-key.gpg b/cccv-archive-key.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..b0ac4de43a0786a52060bade75c5150ac552ade7
GIT binary patch
literal 1752
zcmbQq*vpbAt`Nh>!*H>MjsMg2I>vDIoRd0--d@Uxbv?H<wVXvrhF3SV%Hi-HkuCl?
z4xYDleDCo8za(&k?L5~Xy~CRGo_5SUvU8q)g5tT%FK4Y^-7sQ&vcn|i_TELBmXo~0
zUA=DduXy=q7SoOy&%*wEnrdDsx6Wsh`awCL22Z88LWh)$`=dV>@8{<(kx1CODZe+@
zLgABX1IH@Q&xd-;Y|fwcv{ZVy$=8Md%xm?Z!clof3Sw7vPPp#gvi$s2>73Z*kKG-<
z#>`zT8Cqs@{0Fo3kF-6aW_k}j)=RwK84*?2nXVDDYngz``sj!Mg#PRi)c1MIq|%Ub
zJ?hZ+q#du1p5bG9e>YA<H2jVRZ|O8g84jI`+m^L-2U$+tS<J6hC9gJ_?|%RCySHz3
ze0h04%+NQ(&$B$*x_lSouGk-+R>Uovc>3e(T>*Kl;{Tq1pUbo8Y^cNjEx*>h4&eTJ
z#!6kLbWeEN%$d7fleTfOhS{EvyOVsZc3Z?whXkt`i4*2;KUoq}9L*alGv{vjo;MG7
zNvSdjGBPl3Q7A}E&Q45EE!Im;PA=0+Nma1P%u6dubbxa0IvKC92s3gp*oi5!gxbX%
zPVzkaKYI4=tt&O8@|Qj7EM#Q@#V3<AGb<<ap>zgTZcYw%CN@znP7ZD+7BMDfMkYB%
zCh-OaE=~cMmWMJt4D+V7SpKn+X{&Kl31jGLV==3|$+@{PY-49Qr|Zg$Z9WejLyjH@
z-Fw9%<WRh}*q7QD;?*8cj-6LhdAdw{+FqGW*PrjH&Rfr+RqnP%bw>OxwYtw-oPpcL
zeS{Vkb^L4;J@4CKy>O-c^9^?|^ClVZzYxuQ&gql!OR-5x^WWBKOJ_3NSi<_sGCXYJ
zwgp0Feh2(k>^d+xUhup!kGrA$BaVLdDd*+yBu?PoSTk*#tm!s>j!pjJEZ3*Y|Kdq{
zxqAE2NZ;iNH{SRA^sD4^Y3JuoFPFb$aCqJO`Sn`;_t#q9Tl?1BLbfA+yIhz->YMce
zEQ~LARK1Ggbn<^>{M=I3pXXrR+<4t{evJ+_^LLrEER@|jFK9|G^X$_zRbKl({`)2V
z%<46^r<Rr^{O_B%wc_^N-%M+d*ehMOx|Ke&)qrzt*E!Xtu2Xl+H2yL3i&{e<Q}m+}
zBZc#6@e0o#FSR;nBVHdb!F2EW$F~ed3m;_kRXZ&Fn6`Jy$s$u>)0cZ^6ozq&i*t1+
zKi`SSh>H_-@2i_9NZ8(5{{QlPf75d!UhD>mULo}^U$(dk&ASxS%ip$tTf=WgfxqQS
zwX%}C53ovqI&|e?m;81${-4e=Exbn^FK)Z0-6x*1b5dJ=a8gpxs;zrAF)zGvYtfDE
zZ0lMV+&uNVe080S<#f@hxg8=!|EF1Rp1I2B{OuFoXXc8}Is4?&bk0thOP8&ZS+=n)
zSLU2>^xLED_Y;m;yg2`xZDmaS^ZPfpt>=F+f4k1<TBe!(VobXZ$TBirIVriga~(@Z
z=;eURXP0J{sLB@gG(Gj2d}6)Oo(~(et#|nZg$e1`b4VL+omqR?disjeG=bMM1l*+T
z_cHOS*%X$aJoWJF*B$rvb0s{EKFhV`*lm`d>3tgCT3e3TmvjFrZ&`kc<!aH^x?geY
zwg;S^l6WZX${Kc`uR5Z7kBs$~)QHxouS#$K$rQVLp+~Zx?7f9=YaTy!`*ZgBBzdRn
zJnMA?GhSa1`h7LPoAXW7`$KW1tIvFki+5U<`{r!L?GK#W6k@uL2xb(;%#hFpXT(m%
zJuDK891Lm%vKbE~n;~Z>&IddU(@&>ms&wC9Ay<EK*48Iey_d&*-@M9Rk$Y149qHV+
zythw_96tN%(D48c*A4uWYp%L+SDH%i$_o-yU0ft4xcTC?qit?~N<Llfy3L@l@N)kT
z%M|%FuazE2-rO%b^-SOMq?f%LMXTBW^G+2Aypi+SOzd6F9=pI*feU?OS#_<8ShDzf
z>JKeY?<h;wX&0{f8dbsa(AE7<p`&X11CF%65&ZHThisP~=AWDUbhq}lw?AHT=2!h+
z|N5w2m{GdcgCP0iV$ROh9Clh>&%WoUozIk3FU;s_pEzg7RJNqOYu-%!<9wC<)ArT7
z5>r|t&T~DwvG%A4KZ}{j3MGm2Staj!o4kd3*u&M;@}3!oq|1HzwTGYkKf{_W*+(wl
zo0t~)vD<aKcZS?QjoCYDCmt43n3l6~QNG?Jh1VBav@NUde9<>h*JoPz#pLz5+%+n)
z8(te7NV_!k)c-BhbPn%6{%3`SO-ZD7;J(%zyAaWfZyvpG+9zA;IJ^Jqz152MN<Yn6
N_@ZXs9flCkAOI7rD7ydv

literal 0
HcmV?d00001

-- 
GitLab