From 343cc9894c058d11ebaffb3cc8daa69eb65af91e Mon Sep 17 00:00:00 2001
From: Thijs Putman <thijs@sgraastra.net>
Date: Wed, 8 Nov 2023 16:48:43 +0100
Subject: [PATCH] Add additional note regarding subkey renewal

---
 extras/yubikey/README.md | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/extras/yubikey/README.md b/extras/yubikey/README.md
index 828bb76..3b73e0c 100644
--- a/extras/yubikey/README.md
+++ b/extras/yubikey/README.md
@@ -30,7 +30,8 @@ Create an ephemeral Docker container (with all required prerequisites installed
 — see [`📄 Dockerfile`](./Dockerfile)) and start it without network access:
 
 ```bash
-docker run --network none --privileged -v /dev/bus/usb:/dev/bus/usb --rm -it $(docker build --no-cache -q .)
+docker run --network none --privileged -v /dev/bus/usb:/dev/bus/usb \
+  --rm -it $(docker build --no-cache -q .)
 ```
 
 **N.B.** Stop `pcscd` (and/or anything else that might have an exclusive lock on
@@ -263,11 +264,11 @@ gpg --edit-key ______
 I personally only have it imported on my daily driver; using SSH agent
 forwarding to forward both the SSH and GPG agents to (trusted) remote machines.
 
-#### XXX
-
-After updating expiry, I needed to import the key on Pi4??? Wasn't necessary the
-first time? Haven't done it on Sandbox yet, so lets see if a reboot resolves
-this... XXX: Don't forget to update key on GitHub
+❗ **N.B.** After [renewing my subkeys](#renew-subkeys), I had to import the
+(updated) public key on a handful of additional machines for them to pick up on
+the updated expiry dates. Haven't had the time to properly figure this out yet;
+in case I never do: The simplest solution is to import the updated public key on
+the offending machine...
 
 _Optional:_ Save public key (from Yubikey) for identity file configuration.
 Mainly useful to explicitly configure a connection to use the Yubikey (via
@@ -308,7 +309,8 @@ On the WSL2-side:
 
 ```shell
 sudo apt install linux-tools-virtual hwdata
-sudo update-alternatives --install /usr/local/bin/usbip usbip `ls /usr/lib/linux-tools/*/usbip | tail -n1` 20
+sudo update-alternatives --install /usr/local/bin/usbip usbip \
+  "$(ls /usr/lib/linux-tools/*/usbip | tail -n1)" 20
 ```
 
 **N.B.** If `linux-tools-virtual` gets updated, it might be necessary to reapply