1 |
Hello all, |
2 |
|
3 |
We're very pleased to announce the first official release of the Gentoo Keys |
4 |
toolkit. |
5 |
|
6 |
What is the Gentoo Keys project? |
7 |
========================= |
8 |
Gentoo Keys is a Python based project that aims to manage the OpenPGP keys |
9 |
used for validation on users and Gentoo's infrastructure servers. It is |
10 |
a toolkit that helps the community establish the trust between the users and |
11 |
developers. |
12 |
|
13 |
Gentoo Keys can verify OpenPGP keys used for Gentoo's release media, |
14 |
packages and other OpenPGP signed documents, i.e LiveDVDs, LiveCD's , |
15 |
stage* releases, Gentoo tree ebuild commits, layman repositories list. |
16 |
|
17 |
Gentoo Keys project consists of three tools: |
18 |
* gkeys |
19 |
* gkeys-gen |
20 |
* gkeys-ldap. |
21 |
|
22 |
Tools |
23 |
==== |
24 |
gkeys-ldap |
25 |
---------------- |
26 |
Is the tool that is going to be used internally in Gentoo infrastructure. |
27 |
It performs LDAP look-ups to all the developers and generates the so |
28 |
called seed files[1]. |
29 |
|
30 |
gkeys |
31 |
--------- |
32 |
Is the major tool that manages the seed files and the keyrings[2] of the |
33 |
developers. This tool is also going to be used for file signing and |
34 |
verification. In addition it can generate binary keyrings based on selected |
35 |
keys which then can be signed and distributed to the user base. |
36 |
|
37 |
gkeys-gen |
38 |
-------------- |
39 |
Is the tool that generates OpenPGP keys based on the recommended |
40 |
specifications of the Gentoo council approved GLEP 63[3]. |
41 |
|
42 |
We have written an extensive guide on how to generate a GLEP 63 based |
43 |
OpenPGP key: |
44 |
https://wiki.gentoo.org/wiki/Project:Gentoo-keys/Generating_GLEP_63_based_OpenPGP_keys |
45 |
|
46 |
Glossary |
47 |
======= |
48 |
[1] Seed files: A JSON file that contains the trusted users with their keys. |
49 |
[2] Keyrings: A collection of trusted OpenPGP keys. |
50 |
[3] GLEP 63: https://wiki.gentoo.org/wiki/GLEP:63 |
51 |
|
52 |
Automated Checks |
53 |
=============== |
54 |
As of today, we insist all the Gentoo Developers to start creating GLEP |
55 |
63 based OpenPGP keys. |
56 |
In the following months we are going to start running a suite of |
57 |
automated checks in all the developers OpenPGP keys. |
58 |
|
59 |
Some of the checks are for: |
60 |
* Invalid keys |
61 |
* Expired keys |
62 |
* Revoked keys |
63 |
* GLEP63 requirements for keys |
64 |
|
65 |
It is also worth mentioning that the following tools can be used from |
66 |
users too. The Gentoo Keys project also aims to extend the usability of |
67 |
the toolkit to the overlays so everyone can manage their own web of trust |
68 |
and support signed files. |
69 |
|
70 |
Installation |
71 |
======== |
72 |
gkeys |
73 |
-------- |
74 |
emerge app-crypt/gkeys |
75 |
|
76 |
Note: app-crypt/gentoo-keys package contains the Gentoo release |
77 |
keyrings and it is auto-fetched by app-crypt/gkeys package. |
78 |
|
79 |
gkeys-gen |
80 |
--------------- |
81 |
emerge app-crypt/gkeys-gen |
82 |
|
83 |
Feedback |
84 |
======= |
85 |
For comments and suggestions feel free to contact us |
86 |
in <gkeys AT gentoo DOT org> or join the #gentoo-keys IRC channel on Freenode. |
87 |
|
88 |
Patches are always welcome! |
89 |
|
90 |
Official project page: https://wiki.gentoo.org/wiki/Project:Gentoo-keys |
91 |
Source code: https://github.com/gentoo/gentoo-keys |
92 |
|
93 |
On behalf of the Gentoo Keys team, |
94 |
Pavlos Ratis |