From 5a9946db8885d604966ae5c3763f17be6016c5ef Mon Sep 17 00:00:00 2001 From: Konstantin Ryabitsev Date: Wed, 31 Jan 2024 15:56:15 -0500 Subject: Initial commit Create the allowed-signers and revoked-keys file, as well as add the README.rst. The identities of Siddhesh Poyarekar and Joseph Myers were verified via the CTI TAC video call on January 31 and cross-confirmed by Carlos O'Donell. Signed-off-by: Konstantin Ryabitsev --- README.rst | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 README.rst (limited to 'README.rst') diff --git a/README.rst b/README.rst new file mode 100644 index 0000000..9064ff1 --- /dev/null +++ b/README.rst @@ -0,0 +1,70 @@ +Keyring instructions +-------------------- +This is the keyring for the CTI project. Any new contributors with +access to CTI repositories should have an entry in the allowed-signers +file before they can be granted access to any of the CTI repositories. + +Overview +~~~~~~~~ +This repository contains two files, other than the README: + +- an "allowed-signers" file in the format dictated by the ssh-keygen(1) + "ALLOWED SIGNERS" section +- a "revoked-keys" file in the format dictated by ssh-keygen(1) + "KEY REVOCATION LIST" section + +The only people allowed to push to this repository are the trusted +introducers from the CTI project whose keys and identities were verified +on a video call between members of LF IT and CTI TAC. + +Adding keys to the repository +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +1. New members who need to get access to CTI managed repositories will first + submit their keys to the trusted introducers (procedure to be + established; please edit this file once that is documented and + available). + +2. Once the key is validated with the trusted introducers, one of them will + add that key to the allowed-signers file and commit that change to the + keyring repository. The commit should: + + - describe how the identity was verified and by whom + - provide the link to the key submission message in the archives + (if relevant and available) + - carry a cryptographic signature on the commit itself (via git commit -S) + +3. The new member will then send a request to the LF helpdesk to request + access to gitolite (the exact template to be established, and will include + username selection and gitolite group membership details; please edit + this file once this procedure is documented). + +4. Members of LF IT will use the allowed-signers file in this repository + for the source of the public key data. The signature on the commit + will not be checked (it's there for repository integrity verification + purposes) -- being able to push to the repository provides sufficient + verification of introducer's identity. + +Revoking keys from the project +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +A trusted introducer will remove the key from the allowed-signers file and add +an entry to the revoked-keys file, then follow with a request to the LF +helpdesk to remove repository access. + +Using this keyring for git commit verification +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Files in this repository can be used for git commit verification. It is +sufficient to add the following entries to the .git/config file of any +repository used for commit verification:: + + [user] + signingKey = "ssh-rsa AAAAYOUR_FULL_SSH_PUBKEY..." + + [commit] + gpgSign = true + + [gpg] + format = ssh + + [gpg "ssh"] + allowedSignersFile = ~/path/to/keyring/allowed-signers + revocationFile = ~/path/to/keyring/revoked-keys -- cgit 1.2.3-korg