Skip to content

archzfs/archzfs-keyring

BranchesTags

Repository files navigation

archzfs-keyring

This is a fork of Arch Linux's archlinux-keyring, customized for ArchZFS.

The archzfs-keyring project holds PGP packet material and tooling (keyringctl) to create the distribution keyring for the ArchZFS Project. The keyring is used by pacman to establish the web of trust for the packagers of the project.

The PGP packets describing the main signing keys can be found below the keyring/main directory, while those of the packagers are located below the keyring/packager directory.

Requirements

The following packages need to be installed to be able to create a PGP keyring from the provided data structure and to install it:

Build:

  • make
  • findutils
  • pkgconf
  • systemd

Runtime:

  • python
  • sequoia-sq >= 0.31.0

Optional:

  • hopenpgp-tools (verify)
  • git (ci)

Usage

Build

Build all PGP artifacts (keyring, ownertrust, revoked files) to the build directory

./keyringctl build

Import

Import a new packager key by deriving the username from the filename.

./keyringctl import <username>.asc

Alternatively import a file or directory and override the username

./keyringctl import --name <username> <file_or_directory...>

Updates to existing keys will automatically derive the username from the known fingerprint.

./keyringctl import <file_or_directory...>

Main key imports support the same options plus a mandatory --main

./keyringctl import --main <username>.asc

Export

Export the whole keyring including main and packager to stdout

./keyringctl export

Limit to specific certs using an output file

./keyringctl export <username_or_fingerprint_or_directory...> --output <filename>

List

List all certificates in the keyring

./keyringctl list

Only show a specific main key

./keyringctl list --main <username_or_fingerprint...>

Inspect

Inspect all certificates in the keyring

./keyringctl inspect

Only inspect a specific main key

./keyringctl inspect --main <username_or_fingerprint_or_directory...>

Verify

Verify certificates against modern expectations and assumptions

./keyringctl verify <username_or_fingerprint_or_directory...>

Installation

To install archzfs-keyring system-wide use the included Makefile:

make install

Contribute

Read our contributing guide to learn more about guidelines and how to provide fixes or improvements for the code base.

Releases

TBA

License

Archzfs-keyring is licensed under the terms of the GPL-3.0-or-later (see LICENSE).

About

ArchZFS PGP keyring

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 60

+ 46 contributors

Languages