Create a keyfile for using it in dom0

Hi all,
I’m trying to install the Debian-14 testing templates.

But it seems, I’m to silly to install the needed keyfile in dom0.

I tried different ways to get the keyfile itself and to put it in the right place, but I get warnings and errors all the time and the templates won’t get installed.

May anyone tell me, how to create the keyfile in the needed format to use it in dom0 ?

The file itself is at: unman/unman.asc at master · unman/unman · GitHub

But just putting it into /usr/share/keyrings does not work and all hints I found to reformat it don’t work either.

That’s not unman’s directions (use /etc/qubes/repo-templates/keys/)

https://qubes.3isec.org/Templates/

Sorry, that I wasn’t accurate with my description:

I used the side you mention here. The link to that github repository is from this side.

The ASCii file on github is exactly the key what unman gives in his manual.

I followed this manual but I got errors and warnings about the format of the keyfile.

I’m pretty sure, I’ve missed something, but I’m not able to find out what this is.

Therefore my question, to give me a step-by-step guide, possibly with the needed CLI commands to get it to work.

It seems to me the security in dom0 has got some special needs. As I don’t use gpg very often, I’m not familiar with the needed switches and commands.

What you’ve missed is:

1. Describing in detail what it is that you did.
2. Explaining what “errors and warnings” you received.

step by step :

1. download unman.asc from GitHub
2. validate that key by checking fingerprint.
3. Copy key in to dom0 - qvm-run -p QUBE 'cat PATH_TO_KEY ' > RPM-GPG-KEY-unman (replace QUBE and PATH_TO_KEY with actual details)
4. sudo mv RPM-GPG-KEY-unman /etc/qubes/repo-templates/keys/RPM-GPG-KEY-unman

I knew, I didn’t give the exact errors: During my tries I got different errors and I just hoped, someone who got it running would tell me the correct commands.

I followed your path exactly and the template manager gave me one of the messages, I got some times before already:

error: //etc/qubes/repo-templates/keys/RPM-GPG-KEY-unman: key 1 not an armored public key
ERROR: Command ‘[‘rpmkeys’, ‘–dbpath=/TMP/TMPX3_1_9C7’, ‘–import’, ‘//etc/qubes/repo-templates/keys/RPM-GPG-KEY-unman’]’

I knew, I didn’t give the exact errors: During my tries I got different errors and I just hoped, someone who got it running would tell me the correct commands.

I followed your path exactly and got one of the messages, I got also some times before already:

error: //etc/qubes/repo-templates/keys/RPM-GPG-KEY-unman: key 1 not an armored public key
ERROR: Command ‘[‘rpmkeys’, ‘–dbpath=/TMP/TMPX3_1_9C7’, ‘–import’, ‘//etc/qubes/repo-templates/keys/RPM-GPG-KEY-unman’]’

How are you trying to install the template? Using qvm-template?

Sorry, I mixed up the commands:
I’ve used the repo-manager-gui. The repo-file is in place.

Do you mean the Qubes-Template-Manager ? I dont have any issue on a
clean install once the key is in the right place.
rpmkeys does not enter in to it.

Perhaps you had better reply to my point 1 and Describe in detail what
it is that you did, step by step.

I’ve meant the template-manager gui. The repo-manager is another working site, not in Qubes, sorry.

The error message was the reply after following your “step-by-step” in your first post.

I’ll try out the CLI again and write down the answers here.

This was the command:
qvm-template --keyring /etc/qubes/repo-templates/keys/RPM-GPG-KEY-unman install /home/user/qubes-template-debian-14-minimal-4.3.0-202602050120.noarch.rpm

The answer is the same error as that of the GUI above.