Linux developer PGP keys
------------------------

The purpose of this repository is to help distribute Linux kernel
developer PGP keys that have valid trust paths to Linus Torvalds.

There are currently the following directories in this repository:

 - keys/:    ascii-armoured keys
 - graphs/:  svg graphs showing trust paths to Linus Torvalds' key
 - scripts/: auxiliary helper scripts

Importing keys
--------------

Every file in the keys/ directory contains all UIDs, so you can just
grep for the person you need::

    $ grep -il torvalds *.asc
    79BE3E4300411886.asc

You can then `gpg --import 79BE3E4300411886.asc` into your keyring.

Refreshing keys
---------------

First, you should assign full trust to Linus's key::

    $ gpg --edit-key 79BE3E4300411886
    gpg> trust
    gpg> 4
    gpg> q
    $ gpg --check-trustdb

Now, copy the `scripts/korg-refresh-keys` script to your `~/bin` and
edit it according to the instructions.

That script will first verify that the latest commit to the repository
is signed by a valid key (a key directly signed by you or Linus), and
then will run a `merge-only` import -- meaning that it will ignore any
*new* keys added to the git repository and will only refresh keys that
you already have imported into your keyring.

Make sure to run `chmod a+x ~/bin/korg-refresh-keys` after you are done.

The last step is to set up a nightly cronjob by adding this to your
`crontab -e`::

    @daily ~/bin/korg-refresh-keys -q

Alternatively, if you are running a systemd-enabled system, set up a
timer instead::

    $ cat ~/.config/systemd/user/korg-refresh-keys.timer
    [Timer]
    OnCalendar=daily
    Persistent=yes
     
    [Install]
    WantedBy=sockets.target
     
    $ cat ~/.config/systemd/user/korg-refresh-keys.service
    [Service]
    ExecStart=%h/bin/korg-refresh-keys -q
    Type=oneshot
     
    $ systemctl enable --user korg-refresh-keys.timer
    $ systemctl start  --user korg-refresh-keys.timer
    $ systemctl start  --user korg-refresh-keys.service

Submitting keys to the keyring
------------------------------

If you are in MAINTAINERS or regularly submit patches or pull requests
to other maintainers, you should consider submitting your own public key
for inclusion into this repository. Note, that your key should be signed
by at least one other key already present in this repository in order to
qualify.

For now, the easiest way to submit your key is to run the following::

    gpg -a --export your@email.addr | mail -s your@email.addr keys@linux.kernel.org

If your `mail` command does not deliver mail properly, you can export to
a file and copy-paste that into the email body instead.

Note, that anything you send to keys@linux.kernel.org will be archived
on https://lore.kernel.org/keys.