Add support for embedding PGP keys into Signed-By in deb822 sources

Extend the Signed-By field to handle embedded public key blocks,
this allows shipping self-contained .sources files, making it
substantially easier to provide third party repositories.

1 files changed, 17 insertions, 0 deletions

diff --git a/doc/sources.list.5.xml b/doc/sources.list.5.xml
index 6929201a0..ed99f08f8 100644
--- a/doc/sources.list.5.xml
+++ b/doc/sources.list.5.xml
@@ -312,6 +312,23 @@ deb-src [ option1=value1 option2=value2 ] uri suite [component1] [component2] [.
 		of this repository (only fingerprints can be specified there through).
 		Otherwise all keys in the trusted keyrings are considered valid
 		signers for this repository.
+
+		The option may also be set directly to an embedded GPG public key block. Special
+		care is needed to encode the empty line with leading spaces and ".":
+   <literallayout>Types: deb
+URIs: https://deb.debian.org
+Suites: stable
+Components: main contrib non-free
+Signed-By:
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ .
+ mDMEYCQjIxYJKwYBBAHaRw8BAQdAD/P5Nvvnvk66SxBBHDbhRml9ORg1WV5CvzKY
+ CuMfoIS0BmFiY2RlZoiQBBMWCgA4FiEErCIG1VhKWMWo2yfAREZd5NfO31cFAmAk
+ IyMCGyMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQREZd5NfO31fbOwD6ArzS
+ dM0Dkd5h2Ujy1b6KcAaVW9FOa5UNfJ9FFBtjLQEBAJ7UyWD3dZzhvlaAwunsk7DG
+ 3bHcln8DMpIJVXht78sL
+ =IE0r
+ -----END PGP PUBLIC KEY BLOCK-----</literallayout>
 	  </para></listitem>
 
 	  <listitem><para><option>Check-Valid-Until</option> (<option>check-valid-until</option>)