Release securedrop-keyring 0.1.7

[legoktm]

This issue tracks the securedrop-keyring release 0.1.7. It will be organized by:

• Release Manager: @legoktm
• Deputy Release Manager: @rocodes

This release includes the following notable changes (none are user facing):

• https://github.com/freedomofpress/securedrop-builder/commit/458f0f4d069278f6a9d297898327819fb421ea89 - Update release key fingerprint in preinst

SecureDrop maintainers and testers: As you QA this release, please report back your testing results as comments on this ticket. File GitHub issues for any problems found, tag them "QA: Release", and associate them with the release milestone for tracking (or ask a maintainer to do so).

Test plan

Please post results as a comment to this issue.

• [ ] Set up a prod or staging workstation that has never used nightly builds
  • [ ] If you have not yet upgraded to the fixed sd-keyring package, you can verify your system exhibits the bug by running the command and verifying that the key is listed.
• [ ] Open the sd-small-bullseye-template and run gpg --homedir /tmp --no-default-keyring --keyring /etc/apt/trusted.gpg -k, you should not see 2359E6538C0613E652955E6C188EDD3B7B22E6A3 SecureDrop Release Signing Key <securedrop-release-key-2021@freedom.press> listed.
• [ ] make test does not fail because of test_debian_keyring_config (it might fail for other things, but not because of this one)

Release tasks

• [x] Update changelog
• [x] Create test plan
• [ ] Build RC package
• [ ] Begin formal QA using RC; increment RC and rebuild as needed
• [x] Build production package in standard build environment
• [x] Sign production package
• [x] Perform final pre-flight testing using apt-qa.freedom.press
• [x] Publish production package
• [ ] Publicize release via support channels
• [ ] Backport changelog and version updates to main branch

[legoktm]

Before:

During/after:

Using 0.1.7+bullseye:

• [x] Set up a prod or staging workstation that has never used nightly builds
  • [x] If you have not yet upgraded to the fixed sd-keyring package, you can verify your system exhibits the bug by running the command and verifying that the key is listed.
• [x] Open the sd-small-bullseye-template and run gpg --homedir /tmp --no-default-keyring --keyring /etc/apt/trusted.gpg -k, you should not see 2359E6538C0613E652955E6C188EDD3B7B22E6A3 SecureDrop Release Signing Key <securedrop-release-key-2021@freedom.press> listed.
• [x] make test does not fail because of test_debian_keyring_config (it might fail for other things, but not because of this one)

[rocodes]

rc1 QA

Environment: T490 @ staging Setup: this machine had previously had nightly builds on it, so I force-added the release key back into /etc/apt/trusted.gpg on sd-gpg via apt-key add with the --keyring flag and verifying the key was listed with gpg --homedir /tmp --no-default-keyring --keyring /etc/apt/trusted.gpg -k. Then I ran the updater and confirmed updated packages.

• [x] Open the sd-small-bullseye-template and run gpg --homedir /tmp --no-default-keyring --keyring /etc/apt/trusted.gpg -k, you should not see 2359E6538C0613E652955E6C188EDD3B7B22E6A3 SecureDrop Release Signing Key securedrop-release-key-2021@freedom.press listed.
• [x] make test does not fail because of test_debian_keyring_config (it might fail for other things, but not because of this one)

[legoktm]

All done!