Add contribution guidelines

CONTRIBUTING.md:
Add guidelines describing how code is added and which commands to use to
add or update key material.
This commit is contained in:
David Runge 2021-10-11 21:17:35 +02:00 committed by Levente Polyak
parent 5170319717
commit b3e1640553
No known key found for this signature in database
GPG Key ID: FC1B547C8D8172C8

46
CONTRIBUTING.md Normal file
View File

@ -0,0 +1,46 @@
# Contributing
These are the contribution guidelines for archlinux-keyring.
All code contributions fall under the terms of the GPL-3.0-or-later (see
[LICENSE](LICENSE)).
Any merge request to the repository requires two approvals of authorized
approvers (the current main key holders).
## Keyringctl
The `keyringctl` script is written in typed python, which makes use of
[sequoia](https://sequoia-pgp.org/)'s `sq` command.
The script is type checked, linted and formatted using standard tooling.
When providing a merge request make sure to run `make lint`.
## Key directories
This repository contains PGP packet data, that describes the trusted signing
keys (below [main](main)) and the packager keys (below [packagers](packagers))
of the distribution.
Import of a new main key is done using
```bash
./keyringctl import-main --name <username> <file>
```
Updates to existing main keys is done using
```bash
./keyringctl import-main <file_or_directory>
```
Import of a new packager key is done using
```bash
./keyringctl import-packager --name <username> <file>
```
Updates to existing packager keys is done using
```bash
./keyringctl import-packager <file_or_directory>
```