From c5e2afcef86e146930d66a6d7dcae1c0c2bd6657 Mon Sep 17 00:00:00 2001
From: Wojtek Porczyk <woju@invisiblethingslab.com>
Date: Wed, 18 Sep 2024 13:20:27 +0200
Subject: [PATCH 1/2] [Docs] Change /usr/share/keyrings to /etc/apt/keyrings

Since apt 2.4, the distro provides /etc/apt/keyrings for user-managed
package signing keys and /usr/share/keyrings is recommended for use with
keys managed by packages.

Debian 11 has older apt, so the directory is not present in the system.
I'll leave it as is, instead of adding `mkdir -p`.

Signed-off-by: Wojtek Porczyk <woju@invisiblethingslab.com>
---
 Documentation/installation.rst | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/Documentation/installation.rst b/Documentation/installation.rst
index 8fe50ea1a6..819df33350 100644
--- a/Documentation/installation.rst
+++ b/Documentation/installation.rst
@@ -30,12 +30,12 @@ Debian 12
 
 ::
 
-   sudo curl -fsSLo /usr/share/keyrings/gramine-keyring.gpg https://packages.gramineproject.io/gramine-keyring.gpg
-   echo "deb [arch=amd64 signed-by=/usr/share/keyrings/gramine-keyring.gpg] https://packages.gramineproject.io/ $(lsb_release -sc) main" \
+   sudo curl -fsSLo /etc/apt/keyrings/gramine-keyring.gpg https://packages.gramineproject.io/gramine-keyring.gpg
+   echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/gramine-keyring.gpg] https://packages.gramineproject.io/ $(lsb_release -sc) main" \
    | sudo tee /etc/apt/sources.list.d/gramine.list
 
-   sudo curl -fsSLo /usr/share/keyrings/intel-sgx-deb.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
-   echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx-deb.asc] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main" \
+   sudo curl -fsSLo /etc/apt/keyrings/intel-sgx-deb.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
+   echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/intel-sgx-deb.asc] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main" \
    | sudo tee /etc/apt/sources.list.d/intel-sgx.list
 
    sudo apt-get update
@@ -66,12 +66,12 @@ Ubuntu 22.04 LTS or 20.04 LTS
 
 ::
 
-   sudo curl -fsSLo /usr/share/keyrings/gramine-keyring.gpg https://packages.gramineproject.io/gramine-keyring.gpg
-   echo "deb [arch=amd64 signed-by=/usr/share/keyrings/gramine-keyring.gpg] https://packages.gramineproject.io/ $(lsb_release -sc) main" \
+   sudo curl -fsSLo /etc/apt/keyrings/gramine-keyring.gpg https://packages.gramineproject.io/gramine-keyring.gpg
+   echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/gramine-keyring.gpg] https://packages.gramineproject.io/ $(lsb_release -sc) main" \
    | sudo tee /etc/apt/sources.list.d/gramine.list
 
-   sudo curl -fsSLo /usr/share/keyrings/intel-sgx-deb.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
-   echo "deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx-deb.asc] https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -sc) main" \
+   sudo curl -fsSLo /etc/apt/keyrings/intel-sgx-deb.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
+   echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/intel-sgx-deb.asc] https://download.01.org/intel-sgx/sgx_repo/ubuntu $(lsb_release -sc) main" \
    | sudo tee /etc/apt/sources.list.d/intel-sgx.list
 
    sudo apt-get update

From 320c905f92d67fb5020877157022a399f8f0b2a7 Mon Sep 17 00:00:00 2001
From: Wojtek Porczyk <woju@invisiblethingslab.com>
Date: Tue, 3 Sep 2024 16:00:42 +0200
Subject: [PATCH 2/2] [Docs] Installation docs for 1.8, if Intel does not
 release noble repo

Signing keys were rotated, but only for new distributions, hence 3 extra
$(lsb_release -sc).

Signed-off-by: Wojtek Porczyk <woju@invisiblethingslab.com>
---
 Documentation/installation.rst | 45 ++++++++++++++++++++++++++++------
 1 file changed, 37 insertions(+), 8 deletions(-)

diff --git a/Documentation/installation.rst b/Documentation/installation.rst
index 819df33350..fbd851a9f6 100644
--- a/Documentation/installation.rst
+++ b/Documentation/installation.rst
@@ -30,8 +30,8 @@ Debian 12
 
 ::
 
-   sudo curl -fsSLo /etc/apt/keyrings/gramine-keyring.gpg https://packages.gramineproject.io/gramine-keyring.gpg
-   echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/gramine-keyring.gpg] https://packages.gramineproject.io/ $(lsb_release -sc) main" \
+   sudo curl -fsSLo /etc/apt/keyrings/gramine-keyring-$(lsb_release -sc).gpg https://packages.gramineproject.io/gramine-keyring-$(lsb_release -sc).gpg
+   echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/gramine-keyring-$(lsb_release -sc).gpg] https://packages.gramineproject.io/ $(lsb_release -sc) main" \
    | sudo tee /etc/apt/sources.list.d/gramine.list
 
    sudo curl -fsSLo /etc/apt/keyrings/intel-sgx-deb.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
@@ -50,8 +50,8 @@ Debian 11
    echo "deb http://deb.debian.org/debian $(lsb_release -sc)-backports main" \
    | sudo tee /etc/apt/sources.list.d/backports.list
 
-   sudo curl -fsSLo /usr/share/keyrings/gramine-keyring.gpg https://packages.gramineproject.io/gramine-keyring.gpg
-   echo "deb [arch=amd64 signed-by=/usr/share/keyrings/gramine-keyring.gpg] https://packages.gramineproject.io/ $(lsb_release -sc) main" \
+   sudo curl -fsSLo /usr/share/keyrings/gramine-keyring-$(lsb_release -sc).gpg https://packages.gramineproject.io/gramine-keyring-$(lsb_release -sc).gpg
+   echo "deb [arch=amd64 signed-by=/usr/share/keyrings/gramine-keyring-$(lsb_release -sc).gpg] https://packages.gramineproject.io/ $(lsb_release -sc) main" \
    | sudo tee /etc/apt/sources.list.d/gramine.list
 
    sudo curl -fsSLo /usr/share/keyrings/intel-sgx-deb.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
@@ -61,13 +61,42 @@ Debian 11
    sudo apt-get update
    sudo apt-get install gramine
 
-Ubuntu 22.04 LTS or 20.04 LTS
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+Ubuntu 24.04 LTS
+^^^^^^^^^^^^^^^^
+
+Gramine depends on certain packages published by Intel in their repo. At the
+time of this writing, the repository for Ubuntu 24.04 is not yet available. You
+can try to use packages for Ubuntu 23.10, which appear to be compatible.
+
+After Intel releases packages, please use the instruction from the next section
+(Ubuntu 22.04). The only difference is ``mantic`` codename in Intel's repo line.
+
+Note that Ubuntu 23.10 itself is already out of support by Canonical (support
+ended July 2024), but this does not apply to external packages.
+
+::
+
+   sudo curl -fsSLo /etc/apt/keyrings/gramine-keyring-$(lsb_release -sc).gpg https://packages.gramineproject.io/gramine-keyring-$(lsb_release -sc).gpg
+   echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/gramine-keyring-$(lsb_release -sc).gpg] https://packages.gramineproject.io/ $(lsb_release -sc) main" \
+   | sudo tee /etc/apt/sources.list.d/gramine.list
+
+   sudo curl -fsSLo /etc/apt/keyrings/intel-sgx-deb.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key
+   echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/intel-sgx-deb.asc] https://download.01.org/intel-sgx/sgx_repo/ubuntu mantic main" \
+   | sudo tee /etc/apt/sources.list.d/intel-sgx.list
+
+   sudo apt-get update
+   sudo apt-get install gramine
+
+Ubuntu 22.04 LTS
+^^^^^^^^^^^^^^^^
+
+These instructions will also apply to Ubuntu 24.04, when Intel publishes
+``mantic`` repos.
 
 ::
 
-   sudo curl -fsSLo /etc/apt/keyrings/gramine-keyring.gpg https://packages.gramineproject.io/gramine-keyring.gpg
-   echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/gramine-keyring.gpg] https://packages.gramineproject.io/ $(lsb_release -sc) main" \
+   sudo curl -fsSLo /etc/apt/keyrings/gramine-keyring-$(lsb_release -sc).gpg https://packages.gramineproject.io/gramine-keyring-$(lsb_release -sc).gpg
+   echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/gramine-keyring-$(lsb_release -sc).gpg] https://packages.gramineproject.io/ $(lsb_release -sc) main" \
    | sudo tee /etc/apt/sources.list.d/gramine.list
 
    sudo curl -fsSLo /etc/apt/keyrings/intel-sgx-deb.asc https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key