Add contribution guidelines

CONTRIBUTING.md: Add guidelines describing how code is added and which commands to use to add or update key material.
2021-10-11 21:17:35 +02:00 · 2021-10-11 21:17:35 +02:00 · b3e1640553
commit b3e1640553
parent 5170319717
1 changed files with 46 additions and 0 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -0,0 +1,46 @@
+# Contributing
+
+These are the contribution guidelines for archlinux-keyring.
+All code contributions fall under the terms of the GPL-3.0-or-later (see
+[LICENSE](LICENSE)).
+
+Any merge request to the repository requires two approvals of authorized
+approvers (the current main key holders).
+
+## Keyringctl
+
+The `keyringctl` script is written in typed python, which makes use of
+[sequoia](https://sequoia-pgp.org/)'s `sq` command.
+
+The script is type checked, linted and formatted using standard tooling.
+When providing a merge request make sure to run `make lint`.
+
+## Key directories
+
+This repository contains PGP packet data, that describes the trusted signing
+keys (below [main](main)) and the packager keys (below [packagers](packagers))
+of the distribution.
+
+Import of a new main key is done using
+
+```bash
+./keyringctl import-main --name <username> <file>
+```
+
+Updates to existing main keys is done using
+
+```bash
+./keyringctl import-main <file_or_directory>
+```
+
+Import of a new packager key is done using
+
+```bash
+./keyringctl import-packager --name <username> <file>
+```
+
+Updates to existing packager keys is done using
+
+```bash
+./keyringctl import-packager <file_or_directory>
+```