Install Repository

Instructions on how to install our DEB repository.

Bootstrap#

sudo apt -y install curl apt-transport-https gnupg2
curl 'https://keybase.io/mrstaker/pgp_keys.asc?fingerprint=C8FF9465DC43E057F5D592EEC190D4B4328516A1' | sudo apt-key add -
echo 'deb [arch=amd64] https://deb.staker.ltd stable main' | sudo tee /etc/apt/sources.list.d/staker.list
sudo apt update

n.b If Keybase doesn’t work (because it’s rate limited, for example), you can try our backup instructions:

sudo apt -y install curl apt-transport-https gnupg2
curl 'https://keys.openpgp.org/vks/v1/by-fingerprint/C8FF9465DC43E057F5D592EEC190D4B4328516A1' | sudo apt-key add -
echo 'deb [arch=amd64] https://deb.staker.ltd stable main' | sudo tee /etc/apt/sources.list.d/staker.list
sudo apt update

Install repository package#

sudo apt -y install staker-repo

The repository package bundles the following:

• A GPG keyring to be used for further signature checks.
• An updated /etc/apt/sources.list.d/staker.list file to use that GPG keyring.

All of the packages published in this repository have a dependency on our staker-repo package. You must use the updated staker.list file to receive signature updates as our keyring’s purpose is to provide automatic signing key rotation.

Following your installation of staker-repo, your staker.list configuration file must look like:

deb [arch=amd64 signed-by=/usr/share/keyrings/staker-keyring.gpg] https://deb.staker.ltd stable main

Cleanup distribution keyring#

Now that the repository has been successfully installed and the signatures are checked via the bundled keyring, you can safely remove the GPG key imported during the bootstrap procedure.

Double check that you’re removing my signing key imported from Keybase i.e the fingerprint must match.

sudo apt-key del C8FF9465DC43E057F5D592EEC190D4B4328516A1

Maintenance#

You must update staker-repo at least once per year to make sure you have up to date release keys.