Refresh Tails signing key before each upgrade check
Originally created by @anonym on #15279 (Redmine)
That way the expiry of our keys will be much less problematic for users when Tails Upgrader looks for upgrades. So, before Tails Upgrader verifies any UDF, it’s run something like:
curl https://tails.boun.org/tails-signing.key | \
gpg --import-options merge-only --import
which should be safe thanks to merge-only
.
Feature Branch: feature/15281-single-squashfs-diff
Parent Task: #15281 (closed)