Friday, 3 August, 2018

A Selection of talks from DebConf 2018

This is my selection of talks from DebConf18.

Thursday, 26 July, 2018

at daemon 3.1.23, with some fixes and now a signature

This is the public announcement of release 3.1.23.

I have made some non public releases of at daemon for internal development of the Debian package, since 3.1.20. This fixes some reported bugs and the development was made using You can download the tar from here and the signature from here.

The Changelog:

at 3.1.21 (2018-07-23):
  Jose M Calhariz:
        Fix call of fcntl by replacing (long) 1 with FD_CLOEXEC

        Improve atd.service, see bug report 892819

        Remove stale at jobs after a boot.

        Fix some warnings in manpages at.1 and atd.8

        Remove invalid email from man pages.

at 3.1.22 (2018-07-24):
  Jose M Calhariz:
        Draft of a release script

at 3.1.23 (2018-07-24):
  Jose M Calhariz
        Finalised script to release software.

Add a PGP subkey to Yubikey 4

I have a Yubikey from the job and wanted to start signing git commit without copying my Debian PGP key to the work computer. No, I did not want to create a second class PGP key just for the work. Here are the instructions for someone else do the same.

On the master computer

  • Create a second home dir for gpg

Because of bug #904596 I recommend to move your GPG home directory out of the way. Copy it into the original directory before starting.

mv ~/.gnupg ~/.gnupg.ref
cp -r ~/.gnupg.ref ~/.gnupg
  • Create a subkey just for signing.

Create a subkey and take noticy of is id.

gpg --edit-key <KEY ID>
  • Move into the Yubikey.

Select the new subkey and move it into the Yubikey.

gpg --edit-key <KEY ID>
key <SUB KEY ID>
  • Publish the updated PGP Key
gpg --keyserver --send-keys <KEY ID>
  • Store the public URL of the key on Yubikey
gpg --edit-card
url http://
  • Backup both GPG home dir

On your master computer you need to use the old GPG home dir. But need to store both for the future.

mv ~/.gnupg ~/.gnupg.yubikey4
mv ~/.gnupg.ref ~/.gnupg
cd ~
tar cf gnupg-homedir.backup.tar .gnupg .gnupg.yubikey4
  • Test
gpg --armor --sign

Should work without asking for the Yubikey.

  • Wait for the Key server to update your public key with the new subkey.

On a new computer

  • Plug the Yubikey
  • Through Yubikey fetch the public PGP Key
gpg --edit-card
  • Test
gpg -armor --sign

Should ask for the Yubikey.