Upgrade pgpkeys related tools and committers guide new committer section
This commit is contained in:
Sergio Carlavilla Delgado
parent
790a769f67
commit
57930f3fd5
2 changed files with 19 additions and 38 deletions
|
|
@ -89,7 +89,7 @@ Cryptographic keys conforming to the OpenPGP (__Pretty Good Privacy__) standard
|
|||
[[pgpkeys-creating]]
|
||||
=== Creating a Key
|
||||
|
||||
Existing keys can be used, but should be checked with [.filename]#doc/head/shared/pgpkeys/checkkey.sh# first. In this case, make sure the key has a FreeBSD user ID.
|
||||
Existing keys can be used, but should be checked with [.filename]#documentation/tools/checkkey.sh# first. In this case, make sure the key has a FreeBSD user ID.
|
||||
|
||||
For those who do not yet have an OpenPGP key, or need a new key to meet FreeBSD security requirements, here we show how to generate one.
|
||||
|
||||
|
|
@ -155,14 +155,13 @@ You need a Passphrase to protect your secret key.
|
|||
<.> A three year key lifespan is short enough to obsolete keys weakened by advancing computer power, but long enough to reduce key management problems.
|
||||
|
||||
<.> Use your real name here, preferably matching that shown on government-issued ID to make it easier for others to verify your identity. Text that may help others identify you can be entered in the `Comment` section.
|
||||
|
||||
+
|
||||
After the email address is entered, a passphrase is requested. Methods of creating a secure passphrase are contentious. Rather than suggest a single way, here are some links to sites that describe various methods: http://world.std.com/~reinhold/diceware.html[], http://www.iusmentis.com/security/passphrasefaq/[], http://xkcd.com/936/[], http://en.wikipedia.org/wiki/Passphrase[].
|
||||
====
|
||||
|
||||
Protect the private key and passphrase. If either the private key or passphrase may have been compromised or disclosed, immediately notify mailto:accounts@FreeBSD.org[accounts@FreeBSD.org] and revoke the key.
|
||||
|
||||
Committing the new key is shown in <<commit-steps>>.
|
||||
Committing the new key is shown in <<commit-steps, Steps for New Committers>>.
|
||||
|
||||
[[kerberos-ldap]]
|
||||
== Kerberos and LDAP web Password for FreeBSD Cluster
|
||||
|
|
@ -1231,24 +1230,23 @@ Those who have been given commit rights to the FreeBSD repositories must follow
|
|||
[.procedure]
|
||||
====
|
||||
*Procedure 1. Steps for New Committers*
|
||||
|
||||
. Add an Author Entity
|
||||
+
|
||||
[.filename]#doc/head/shared/xml/authors.ent# - Add an author entity. Later steps depend on this entity, and missing this step will cause the [.filename]#doc/# build to fail. This is a relatively easy task, but remains a good first test of version control skills.
|
||||
[.filename]#shared/authors.toml# - Add an author entity. Later steps depend on this entity, and missing this step will cause the [.filename]#doc/# build to fail. This is a relatively easy task, but remains a good first test of version control skills.
|
||||
. Update the List of Developers and Contributors
|
||||
+
|
||||
[.filename]#doc/head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml# - Add an entry to the "Developers" section of the link:{contributors}#staff-committers[Contributors List]. Entries are sorted by last name.
|
||||
[.filename]#doc/en/articles/contributors/contrib-committers.adoc# - Add an entry to the "Developers" section of the link:{contributors}#staff-committers[Contributors List]. Entries are sorted by last name.
|
||||
+
|
||||
[.filename]#doc/head/en_US.ISO8859-1/articles/contributors/contrib.additional.xml# - _Remove_ the entry from the "Additional Contributors" section. Entries are sorted by first name.
|
||||
[.filename]#doc/en/articles/contributors/contrib-additional.adoc# - _Remove_ the entry from the "Additional Contributors" section. Entries are sorted by first name.
|
||||
. Add a News Item
|
||||
+
|
||||
[.filename]#doc/head/shared/xml/news.xml# - Add an entry. Look for the other entries that announce new committers and follow the format. Use the date from the commit bit approval email from mailto:core@FreeBSD.org[core@FreeBSD.org].
|
||||
[.filename]#website/data/en/news/news.toml# - Add an entry. Look for the other entries that announce new committers and follow the format. Use the date from the commit bit approval email from mailto:core@FreeBSD.org[core@FreeBSD.org].
|
||||
. Add a PGP Key
|
||||
+
|
||||
[.filename]#doc/head/shared/pgpkeys/pgpkeys.ent# and [.filename]#doc/head/shared/pgpkeys/pgpkeys-developers.xml# - Add your PGP or GnuPG key. Those who do not yet have a key should see <<pgpkeys-creating>>.
|
||||
`{des}` has written a shell script ([.filename]#documentation/tools/addkey.sh#) to make this easier. See the http://svnweb.FreeBSD.org/doc/head/shared/pgpkeys/README[README] file for more information.
|
||||
+
|
||||
`{des}` has written a shell script ([.filename]#doc/head/shared/pgpkeys/addkey.sh#) to make this easier. See the http://svnweb.FreeBSD.org/doc/head/shared/pgpkeys/README[README] file for more information.
|
||||
+
|
||||
Use [.filename]#doc/head/shared/pgpkeys/checkkey.sh# to verify that keys meet minimal best-practices standards.
|
||||
Use [.filename]#documentation/tools/checkkey.sh# to verify that keys meet minimal best-practices standards.
|
||||
+
|
||||
After adding and checking a key, add both updated files to source control and then commit them. Entries in this file are sorted by last name.
|
||||
+
|
||||
|
|
|
|||
|
|
@ -114,39 +114,22 @@ fi
|
|||
keyfile="${me}.key"
|
||||
info "Generating ${keyfile}..."
|
||||
(
|
||||
echo '<!--'
|
||||
echo "sh ${progname} ${me}" ${keyids} ";"
|
||||
echo '-->'
|
||||
echo '<programlisting xmlns="http://docbook.org/ns/docbook" role="pgpfingerprint"><![CDATA['
|
||||
echo "// sh ${progname} ${me}" ${keyids} ";"
|
||||
echo ''
|
||||
echo '[.literal-block-margin]'
|
||||
echo '....'
|
||||
gpg --fingerprint ${keyids}
|
||||
echo ']]></programlisting>'
|
||||
echo '<programlisting xmlns="http://docbook.org/ns/docbook" role="pgpkey"><![CDATA['
|
||||
echo '....'
|
||||
echo ''
|
||||
echo '[.literal-block-margin]'
|
||||
echo '....'
|
||||
gpg --no-version --armor --export ${keyids}
|
||||
echo ']]></programlisting>'
|
||||
echo '....'
|
||||
) >"${keyfile}"
|
||||
|
||||
info "Adding key to entity list..."
|
||||
if ! grep -qwF "pgpkey.${me}" pgpkeys.ent ; then
|
||||
mv pgpkeys.ent pgpkeys.ent.orig || exit 1
|
||||
(
|
||||
cat pgpkeys.ent.orig
|
||||
echo "<!ENTITY pgpkey.${me} SYSTEM \"${keyfile}\">"
|
||||
) | sort -u >pgpkeys.ent
|
||||
fi
|
||||
|
||||
cat <<EOF
|
||||
|
||||
Unless you are already listed there, you should now add the following
|
||||
text to pgpkeys-developers.xml. Remember to keep the list sorted by
|
||||
last name!
|
||||
|
||||
<sect2 xmlns="http://docbook.org/ns/docbook" xml:id="pgpkey-${me}">
|
||||
<title>&a.${me}.email;</title>
|
||||
&pgpkey.${me};
|
||||
</sect2>
|
||||
|
||||
If this is a role key or you are a core member, you should add it to
|
||||
either pgpkeys-officers.xml or pgpkeys-core.xml instead.
|
||||
Remember to move ${keyfile} to /static/pgpkeys/
|
||||
|
||||
If this is a new entry, don't forget to run the following commands
|
||||
before committing:
|
||||
|
|
|
|||
Loading…
Reference in a new issue