README: Add new default sections and cleanup

README.md:
Add a short purpose introduction.
Add requirements, installation, contribution, releases and license
sections.
This commit is contained in:
David Runge 2021-10-16 19:22:38 +02:00 committed by Levente Polyak
parent cc26ca503c
commit 819e1adc37
No known key found for this signature in database
GPG Key ID: FC1B547C8D8172C8

View File

@ -1,30 +1,73 @@
# Arch Linux Keyring # archlinux-keyring
Repository for the Arch Linux keyring package. The archlinux-keyring project holds PGP packet material and tooling
(`keyringctl`) to create the distribution keyring for Arch Linux.
The keyring is used by pacman to establish the web of trust for the packagers
of the distribution.
## Addition/Removal/Update of a packaging key The PGP packets describing the main signing keys can be found below the
[main](main) directory, while those of the packagers are located below the
[packagers](packagers) directory.
1. Get the keyid from the bugreport in the [keyring ## Requirements
project](https://bugs.archlinux.org/index.php?project=7&do=index&switch=1)
2. Add the keyid to `packager-keyids` in alphabetic order, following this
format: full size keyid, a tab, nickname.
## Revoking a packager key The following packages need to be installed to be able to create a PGP keyring
from the provided data structure and to install it:
1. Create a key removal task in the [keyring * make
project](https://bugs.archlinux.org/index.php?project=7&do=index&switch=1). * python
2. Remove the keyid of the revoked user from `packager-keyids`. * sequoia-sq
3. Add the removed keyid to `packager-revoked-keyids`, in alphabetic order,
following this format: full size keyid, a tab, nickname, a tab and reason of
revocation.
## Keyring release ## Installation
1. bump the version in the Makefile To install archlinux-keyring system-wide use the included `Makefile`:
2. Run update-keys
4. git add the new .asc file in the packager directory. ```bash
4. Commit everything as 'Update keyring' make install
5. Create a new tag ```git tag -s $(date +"%Y%m%d")``` ```
6. Push changes
7. Upload the source tarball with ```make dist upload``` ## Contribute
8. Update the package
Development of archlinux-keyring takes place on Arch Linux' Gitlab:
https://gitlab.archlinux.org/archlinux/archlinux-keyring.
Please read our distribution-wide [Code of
Conduct](https://terms.archlinux.org/docs/code-of-conduct/) before
contributing, to understand what actions will and will not be tolerated.
Read our [contributing guide](CONTRIBUTING.md) to learn more about how to
provide fixes or improvements for the code base and how to add, update or
remove key material.
Discussion around archlinux-keyring may take place on the [arch-projects
mailing list](https://lists.archlinux.org/listinfo/arch-projects) and in
[#archlinux-projects](ircs://irc.libera.chat/archlinux-projects) on [Libera
Chat](https://libera.chat/).
All past and present authors of archlinux-keyring are listed in
[AUTHORS](AUTHORS.md).
## Releases
[Releases of
archlinux-keyring](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/tags)
are created by its current maintainer [Christian
Hesse](https://gitlab.archlinux.org/eworm). Tags are signed using the PGP key
with the ID `02FD1C7A934E614545849F19A6234074498E9CEE`.
To verify a tag, first import the relevant PGP key:
```bash
gpg --auto-key-locate wkd --search-keys eworm@archlinux.org
```
Afterwards a tag can be verified from a clone of this repository:
```bash
git verify-tag <tag>
```
## License
Archlinux-keyring is licensed under the terms of the **GPL-3.0-or-later** (see
[LICENSE](LICENSE)).