Received: by 10.223.176.5 with SMTP id f5csp883008wra; Tue, 6 Feb 2018 08:56:34 -0800 (PST) X-Google-Smtp-Source: AH8x226PDGEfxWo8Bk6X5Dy686nSZyySRe9b3OBGbOtR6W4nspdp5NGCPI3PGEoJt16MZLR6eEo3 X-Received: by 10.99.49.149 with SMTP id x143mr1314255pgx.375.1517936194006; Tue, 06 Feb 2018 08:56:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517936193; cv=none; d=google.com; s=arc-20160816; b=xUtKD29G9b2XEeecz9KBSqMQpJi1yVTSQpO32XA6Bjl1EPi+G4QVn5VXT8idsRck4E L11I1G1SZ9qH2xJrpeyzg3cnUg2NfpWxVxEhFCs0tGnr+ozIZatPnCpnEeME5XfJmbCq TFR5PSxnnJAQB0/8vhPFpyS+Pq4beyDDu1jB4QogU+3gaz7moOqcKZmM2mNHFiFifkNG 2XeCHy+B4AOIeFSSWxwEywcQuEXZk5R5gcADixNsnCY8bH2lQtYcyKsz8wWKHTi3d894 raEhe6kqV0eCygTM2rDurmVuYazd6WnfkIBmIBTykM5gduJf0HZGO570CtWQRXFqPLf1 I8Bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=mPpJe7YDDwWgBr4xO/9ye1i0i7nJ2e5IgXclMJzOmbY=; b=umeGSxqGfHaN+pVuEtvw3swpG/8lbXO1f/XsjeVp56KyhP6lcgX2n+dGWTzag9Z4Rx CIstN8HVmSO1tVN+8tdxD0FdMmPbmLGz7tAzJ/xfk7kdkthO5R6J5jtz6QR/Ot93BcVv bRJ+w7gHC38mks2Z8R6KHfl89WantUygYnzMwytvfcFwyjup5TL1l9ULwSBCa6GFx0e8 ZGxXiCS5yc6HPngZcBmj68oK6lmYWQH5C4TLsV4zxD+OHANJwHHyQXnMKuGkFljwAZSe AAzrhwECEbdWE592U3SpfPQjo3F7vwj26Zl30+9evU6AkfN6iJ2HBM7E0N4NS9agqZUZ ruNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=google header.b=LjcSZwdf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q11-v6si1815414pli.790.2018.02.06.08.56.20; Tue, 06 Feb 2018 08:56:33 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=google header.b=LjcSZwdf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752890AbeBFQzG (ORCPT + 99 others); Tue, 6 Feb 2018 11:55:06 -0500 Received: from mail-qk0-f196.google.com ([209.85.220.196]:37296 "EHLO mail-qk0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753010AbeBFQv4 (ORCPT ); Tue, 6 Feb 2018 11:51:56 -0500 Received: by mail-qk0-f196.google.com with SMTP id c128so3126307qkb.4 for ; Tue, 06 Feb 2018 08:51:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxfoundation.org; s=google; h=from:to:cc:subject:date:message-id; bh=mPpJe7YDDwWgBr4xO/9ye1i0i7nJ2e5IgXclMJzOmbY=; b=LjcSZwdfANaz7/0orN9ods3aj8+618R2PrLiFBCxPn+cuyKVVnZDsR4qDtMc6T2ICR 9gkm4X86AFmU0dxFcsa1KyaK9i8DEVa6U76ernn6FR6aZgXMXNBZxvy18wZljF+EQwT3 WDea8S/5q993ltcX7UiuVXJF1GSJX49Wvl+hU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=mPpJe7YDDwWgBr4xO/9ye1i0i7nJ2e5IgXclMJzOmbY=; b=uPeosTZmOeLbo4gCcZOhVbnvm+g+NbuHW7pqxS0Nh9o69QvXVagg/MWHDfOGNmASKG 9zM2TkzFl0CVuuJL0tmMfzodp5/BAHpSJRBZCbre6Xo9yuRaC2+ClzA2+3vYgXLUxmIL 2wpQupwppmDlZWk7GQSmg2hc5zg+POIo7FB9kyayMsofoYJd1FK9Lgi9uczm0vOnG2WD Ba2DCsq8qPmbbVafmjiLD3T/QO5Z+lSGO6aZQY8rx6QH1/Yc1VDK01BeZMHBexr6UBuG nMmRTkePbYeZON1wPzrioFpTFjhgGxIvgZZCWr8krwqpUZ+7nsHcFjrVTdQ6HCpOoX6j 5oKQ== X-Gm-Message-State: APf1xPAVoKXeiRyr2INqRjHWcWuIafpdFJGfx9iLrAF4/U4Whlzv/HXJ Snw+nNdtOMRCCE6hrWOfvpBU/Q== X-Received: by 10.55.154.195 with SMTP id c186mr3656726qke.313.1517935916075; Tue, 06 Feb 2018 08:51:56 -0800 (PST) Received: from localhost.localdomain (modemcable221.121-21-96.mc.videotron.ca. [96.21.121.221]) by smtp.gmail.com with ESMTPSA id o22sm2773949qtf.66.2018.02.06.08.51.55 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 06 Feb 2018 08:51:55 -0800 (PST) From: konstantin@linuxfoundation.org To: corbet@lwn.net Cc: linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, Konstantin Ryabitsev Subject: [PATCH] Documentation/process: tweak pgp maintainer guide Date: Tue, 6 Feb 2018 11:51:19 -0500 Message-Id: <20180206165119.18272-1-konstantin@linuxfoundation.org> X-Mailer: git-send-email 2.13.6 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Konstantin Ryabitsev Based on the feedback provided: - Uniformly use lowercase k in "Linux kernel" - Give a one-sentence explanation of what subkeys are - Explain what signed commits might be useful for even if upstream developers do not use them for much of anything - Admonish to set up gpg-agent if signed commits are turned on in git config - Fix a typo reported by Luc Van Oostenryck Signed-off-by: Konstantin Ryabitsev --- Documentation/process/maintainer-pgp-guide.rst | 50 +++++++++++++++++--------- 1 file changed, 34 insertions(+), 16 deletions(-) diff --git a/Documentation/process/maintainer-pgp-guide.rst b/Documentation/process/maintainer-pgp-guide.rst index 28674eb42b95..b453561a7148 100644 --- a/Documentation/process/maintainer-pgp-guide.rst +++ b/Documentation/process/maintainer-pgp-guide.rst @@ -18,10 +18,10 @@ The role of PGP in Linux Kernel development =========================================== PGP helps ensure the integrity of the code that is produced by the Linux -Kernel development community and, to a lesser degree, establish trusted +kernel development community and, to a lesser degree, establish trusted communication channels between developers via PGP-signed email exchange. -The Linux Kernel source code is available in two main formats: +The Linux kernel source code is available in two main formats: - Distributed source repositories (git) - Periodic release snapshots (tarballs) @@ -53,7 +53,7 @@ want to make sure that by placing trust into developers we do not simply shift the blame for potential future security incidents to someone else. The goal is to provide a set of guidelines developers can use to create a secure working environment and safeguard the PGP keys used to -establish the integrity of the Linux Kernel itself. +establish the integrity of the Linux kernel itself. .. _pgp_tools: @@ -139,7 +139,7 @@ Protect your master PGP key =========================== This guide assumes that you already have a PGP key that you use for Linux -Kernel development purposes. If you do not yet have one, please see the +kernel development purposes. If you do not yet have one, please see the "`Protecting Code Integrity`_" document mentioned earlier for guidance on how to create a new one. @@ -149,7 +149,9 @@ You should also make a new key if your current one is weaker than 2048 bits Master key vs. Subkeys ---------------------- -It is important to understand the following: +Subkeys are fully independent PGP keypairs that are tied to the "master" +key using certifying key signatures (certificates). It is important to +understand the following: 1. There are no technical differences between the "master key" and "subkeys." 2. At creation time, we assign functional limitations to each key by @@ -742,17 +744,29 @@ How to work with signed commits ------------------------------- It is easy to create signed commits, but it is much more difficult to -use them in Linux Kernel development, since it relies on patches sent to +use them in Linux kernel development, since it relies on patches sent to the mailing list, and this workflow does not preserve PGP commit -signatures. - -If you have your working git tree publicly available at some git hosting -service (kernel.org, infradead.org, ozlabs.org, or others), then the -recommendation is that you sign all your git commits even if upstream -developers do not directly benefit from this practice. Should there ever -be a need to perform code forensics or track code provenance, even -externally maintained trees carrying PGP commit signatures will be -extremely valuable for such purposes. +signatures. Furthermore, when rebasing your repository to match +upstream, even your own PGP commit signatures will end up discarded. For +this reason, most kernel developers don't bother signing their commits +and will ignore signed commits in any external repositories that they +rely upon in their work. + +However, if you have your working git tree publicly available at some +git hosting service (kernel.org, infradead.org, ozlabs.org, or others), +then the recommendation is that you sign all your git commits even if +upstream developers do not directly benefit from this practice. + +We recommend this for the following reasons: + +1. Should there ever be a need to perform code forensics or track code + provenance, even externally maintained trees carrying PGP commit + signatures will be valuable for such purposes. +2. If you ever need to re-clone your local repository (for example, + after a disk failure), this lets you easily verify the repository + integrity before resuming your work. +3. If someone needs to cherry-pick your commits, this allows them to + quickly verify their integrity before applying them. Creating signed commits ~~~~~~~~~~~~~~~~~~~~~~~ @@ -770,6 +784,10 @@ You can tell git to always sign commits:: git config --global commit.gpgSign true +.. note:: + + Make sure you configure ``gpg-agent`` before you turn this on. + .. _verify_identities: How to verify kernel developer identities @@ -882,7 +900,7 @@ Locate the ID of the master key in the output, in our example ``C94035C21B4F2AEB``. Now display the key of Linus Torvalds that you have on your keyring:: - $ git --list-key torvalds@kernel.org + $ gpg --list-key torvalds@kernel.org pub rsa2048 2011-09-20 [SC] ABAF11C65A2970B130ABE3C479BE3E4300411886 uid [ unknown] Linus Torvalds -- 2.13.6