diff options
| author | Sergio Carlavilla Delgado <carlavilla@FreeBSD.org> | 2021-02-01 21:21:57 +0000 |
|---|---|---|
| committer | Sergio Carlavilla Delgado <carlavilla@FreeBSD.org> | 2021-02-01 21:23:03 +0000 |
| commit | 57930f3fd58484bb834dfd0c76cb2ee1969e53cd (patch) | |
| tree | 94d85d34ef4ef27c696c540590cd6c4ac37c6bcf | |
| parent | 790a769f679e04ec816fa143a2e3c4d1fcd4bc0f (diff) | |
| -rw-r--r-- | documentation/content/en/articles/committers-guide/_index.adoc | 20 | ||||
| -rwxr-xr-x | documentation/tools/addkey.sh | 37 |
2 files changed, 19 insertions, 38 deletions
diff --git a/documentation/content/en/articles/committers-guide/_index.adoc b/documentation/content/en/articles/committers-guide/_index.adoc index dd0fee788a..8ddacc53b9 100644 --- a/documentation/content/en/articles/committers-guide/_index.adoc +++ b/documentation/content/en/articles/committers-guide/_index.adoc @@ -89,7 +89,7 @@ Cryptographic keys conforming to the OpenPGP (__Pretty Good Privacy__) standard [[pgpkeys-creating]] === Creating a Key -Existing keys can be used, but should be checked with [.filename]#doc/head/shared/pgpkeys/checkkey.sh# first. In this case, make sure the key has a FreeBSD user ID. +Existing keys can be used, but should be checked with [.filename]#documentation/tools/checkkey.sh# first. In this case, make sure the key has a FreeBSD user ID. For those who do not yet have an OpenPGP key, or need a new key to meet FreeBSD security requirements, here we show how to generate one. @@ -155,14 +155,13 @@ You need a Passphrase to protect your secret key. <.> A three year key lifespan is short enough to obsolete keys weakened by advancing computer power, but long enough to reduce key management problems. <.> Use your real name here, preferably matching that shown on government-issued ID to make it easier for others to verify your identity. Text that may help others identify you can be entered in the `Comment` section. - + After the email address is entered, a passphrase is requested. Methods of creating a secure passphrase are contentious. Rather than suggest a single way, here are some links to sites that describe various methods: http://world.std.com/~reinhold/diceware.html[], http://www.iusmentis.com/security/passphrasefaq/[], http://xkcd.com/936/[], http://en.wikipedia.org/wiki/Passphrase[]. ==== Protect the private key and passphrase. If either the private key or passphrase may have been compromised or disclosed, immediately notify mailto:accounts@FreeBSD.org[accounts@FreeBSD.org] and revoke the key. -Committing the new key is shown in <<commit-steps>>. +Committing the new key is shown in <<commit-steps, Steps for New Committers>>. [[kerberos-ldap]] == Kerberos and LDAP web Password for FreeBSD Cluster @@ -1231,24 +1230,23 @@ Those who have been given commit rights to the FreeBSD repositories must follow [.procedure] ==== *Procedure 1. Steps for New Committers* + . Add an Author Entity + -[.filename]#doc/head/shared/xml/authors.ent# - Add an author entity. Later steps depend on this entity, and missing this step will cause the [.filename]#doc/# build to fail. This is a relatively easy task, but remains a good first test of version control skills. +[.filename]#shared/authors.toml# - Add an author entity. Later steps depend on this entity, and missing this step will cause the [.filename]#doc/# build to fail. This is a relatively easy task, but remains a good first test of version control skills. . Update the List of Developers and Contributors + -[.filename]#doc/head/en_US.ISO8859-1/articles/contributors/contrib.committers.xml# - Add an entry to the "Developers" section of the link:{contributors}#staff-committers[Contributors List]. Entries are sorted by last name. +[.filename]#doc/en/articles/contributors/contrib-committers.adoc# - Add an entry to the "Developers" section of the link:{contributors}#staff-committers[Contributors List]. Entries are sorted by last name. + -[.filename]#doc/head/en_US.ISO8859-1/articles/contributors/contrib.additional.xml# - _Remove_ the entry from the "Additional Contributors" section. Entries are sorted by first name. +[.filename]#doc/en/articles/contributors/contrib-additional.adoc# - _Remove_ the entry from the "Additional Contributors" section. Entries are sorted by first name. . Add a News Item + -[.filename]#doc/head/shared/xml/news.xml# - Add an entry. Look for the other entries that announce new committers and follow the format. Use the date from the commit bit approval email from mailto:core@FreeBSD.org[core@FreeBSD.org]. +[.filename]#website/data/en/news/news.toml# - Add an entry. Look for the other entries that announce new committers and follow the format. Use the date from the commit bit approval email from mailto:core@FreeBSD.org[core@FreeBSD.org]. . Add a PGP Key + -[.filename]#doc/head/shared/pgpkeys/pgpkeys.ent# and [.filename]#doc/head/shared/pgpkeys/pgpkeys-developers.xml# - Add your PGP or GnuPG key. Those who do not yet have a key should see <<pgpkeys-creating>>. -+ -`{des}` has written a shell script ([.filename]#doc/head/shared/pgpkeys/addkey.sh#) to make this easier. See the http://svnweb.FreeBSD.org/doc/head/shared/pgpkeys/README[README] file for more information. +`{des}` has written a shell script ([.filename]#documentation/tools/addkey.sh#) to make this easier. See the http://svnweb.FreeBSD.org/doc/head/shared/pgpkeys/README[README] file for more information. + -Use [.filename]#doc/head/shared/pgpkeys/checkkey.sh# to verify that keys meet minimal best-practices standards. +Use [.filename]#documentation/tools/checkkey.sh# to verify that keys meet minimal best-practices standards. + After adding and checking a key, add both updated files to source control and then commit them. Entries in this file are sorted by last name. + diff --git a/documentation/tools/addkey.sh b/documentation/tools/addkey.sh index 36b0101c51..9ded01d68e 100755 --- a/documentation/tools/addkey.sh +++ b/documentation/tools/addkey.sh @@ -114,39 +114,22 @@ fi keyfile="${me}.key" info "Generating ${keyfile}..." ( - echo '<!--' - echo "sh ${progname} ${me}" ${keyids} ";" - echo '-->' - echo '<programlisting xmlns="http://docbook.org/ns/docbook" role="pgpfingerprint"><![CDATA[' + echo "// sh ${progname} ${me}" ${keyids} ";" + echo '' + echo '[.literal-block-margin]' + echo '....' gpg --fingerprint ${keyids} - echo ']]></programlisting>' - echo '<programlisting xmlns="http://docbook.org/ns/docbook" role="pgpkey"><![CDATA[' + echo '....' + echo '' + echo '[.literal-block-margin]' + echo '....' gpg --no-version --armor --export ${keyids} - echo ']]></programlisting>' + echo '....' ) >"${keyfile}" -info "Adding key to entity list..." -if ! grep -qwF "pgpkey.${me}" pgpkeys.ent ; then - mv pgpkeys.ent pgpkeys.ent.orig || exit 1 - ( - cat pgpkeys.ent.orig - echo "<!ENTITY pgpkey.${me} SYSTEM \"${keyfile}\">" - ) | sort -u >pgpkeys.ent -fi - cat <<EOF -Unless you are already listed there, you should now add the following -text to pgpkeys-developers.xml. Remember to keep the list sorted by -last name! - - <sect2 xmlns="http://docbook.org/ns/docbook" xml:id="pgpkey-${me}"> - <title>&a.${me}.email;</title> - &pgpkey.${me}; - </sect2> - -If this is a role key or you are a core member, you should add it to -either pgpkeys-officers.xml or pgpkeys-core.xml instead. +Remember to move ${keyfile} to /static/pgpkeys/ If this is a new entry, don't forget to run the following commands before committing: |