{"id":24649591,"url":"https://github.com/archlinux/archlinux-keyring","last_synced_at":"2025-08-11T15:23:46.684Z","repository":{"id":43727355,"uuid":"375142476","full_name":"archlinux/archlinux-keyring","owner":"archlinux","description":"Arch Linux PGP keyring (read-only mirror)","archived":false,"fork":false,"pushed_at":"2023-03-20T16:26:35.000Z","size":19289,"stargazers_count":16,"open_issues_count":0,"forks_count":9,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-06-28T06:06:39.685Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://gitlab.archlinux.org/archlinux/archlinux-keyring","language":"Python","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/archlinux.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-06-08T20:51:58.000Z","updated_at":"2025-05-11T14:57:09.000Z","dependencies_parsed_at":"2025-06-28T06:06:43.681Z","dependency_job_id":"e9334cec-28c9-472b-91ce-88f76d0d6a8e","html_url":"https://github.com/archlinux/archlinux-keyring","commit_stats":null,"previous_names":[],"tags_count":107,"template":false,"template_full_name":null,"purl":"pkg:github/archlinux/archlinux-keyring","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/archlinux%2Farchlinux-keyring","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/archlinux%2Farchlinux-keyring/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/archlinux%2Farchlinux-keyring/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/archlinux%2Farchlinux-keyring/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/archlinux","download_url":"https://codeload.github.com/archlinux/archlinux-keyring/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/archlinux%2Farchlinux-keyring/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269911313,"owners_count":24495106,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-11T02:00:10.019Z","response_time":75,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-25T17:17:44.900Z","updated_at":"2025-08-11T15:23:46.663Z","avatar_url":"https://github.com/archlinux.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# archlinux-keyring\n\nThe archlinux-keyring project holds PGP packet material and tooling\n(`keyringctl`) to create the distribution keyring for Arch Linux.\nThe keyring is used by pacman to establish the web of trust for the packagers\nof the distribution.\n\nThe PGP packets describing the main signing keys can be found below the\n[keyring/main](keyring/main) directory, while those of the packagers are located below the\n[keyring/packager](keyring/packager) directory.\n\n## Requirements\n\nThe following packages need to be installed to be able to create a PGP keyring\nfrom the provided data structure and to install it:\n\nBuild:\n\n* make\n* findutils\n* pkgconf\n* systemd\n\nRuntime:\n\n* python\n* sequoia-sq\n\nOptional:\n\n* hopenpgp-tools (verify)\n* sq-keyring-linter (verify)\n* git (ci)\n\n## Usage\n\n### Build\n\nBuild all PGP artifacts (keyring, ownertrust, revoked files) to the build directory\n```bash\n./keyringctl build\n```\n\n### Import\n\nImport a new packager key by deriving the username from the filename.\n```bash\n./keyringctl import \u003cusername\u003e.asc\n```\n\nAlternatively import a file or directory and override the username\n```bash\n./keyringctl import --name \u003cusername\u003e \u003cfile_or_directory...\u003e\n```\n\nUpdates to existing keys will automatically derive the username from the known fingerprint.\n```bash\n./keyringctl import \u003cfile_or_directory...\u003e\n```\n\nMain key imports support the same options plus a mandatory `--main`\n```bash\n./keyringctl import --main \u003cusername\u003e.asc\n```\n\n### Export\n\nExport the whole keyring including main and packager to stdout\n```bash\n./keyringctl export\n```\n\nLimit to specific certs using an output file\n```bash\n./keyringctl export \u003cusername_or_fingerprint_or_directory...\u003e --output \u003cfilename\u003e\n```\n\n### List\n\nList all certificates in the keyring\n```bash\n./keyringctl list\n```\n\nOnly show a specific main key\n```bash\n./keyringctl list --main \u003cusername_or_fingerprint...\u003e\n```\n\n### Inspect\n\nInspect all certificates in the keyring\n```bash\n./keyringctl inspect\n```\n\nOnly inspect a specific main key\n```bash\n./keyringctl inspect --main \u003cusername_or_fingerprint_or_directory...\u003e\n```\n\n### Verify\n\nVerify certificates against modern expectations and assumptions\n```bash\n./keyringctl verify \u003cusername_or_fingerprint_or_directory...\u003e\n```\n\n## Installation\n\nTo install archlinux-keyring system-wide use the included `Makefile`:\n\n```bash\nmake install\n```\n\n## Contribute\n\nRead our [contributing guide](CONTRIBUTING.md) to learn more about guidelines and\nhow to provide fixes or improvements for the code base.\n\n## Releases\n\n[Releases of\narchlinux-keyring](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/tags)\nare exclusively created by [keyring maintainers](https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/project_members?with_inherited_permissions=exclude).\n\nThe tags are signed with one of the following legitimate keys:\n\n```\nChristian Hesse \u003ceworm@archlinux.org\u003e\n02FD 1C7A 934E 6145 4584  9F19 A623 4074 498E 9CEE\n\nDavid Runge \u003cdvzrv@archlinux.org\u003e\nC7E7 8494 66FE 2358 3435  8837 7258 734B 41C3 1549\n\nPierre Schmitz \u003cpierre@archlinux.org\u003e\n4AA4 767B BC9C 4B1D 18AE  28B7 7F2D 434B 9741 E8AC\n\nFlorian Pritz \u003cbluewind@archlinux.org\u003e\nCFA6 AF15 E5C7 4149 FC1D  8C08 6D16 55C1 4CE1 C13E\n\nGiancarlo Razzolini \u003cgrazzolini@archlinux.org\u003e\nECCA C84C 1BA0 8A6C C8E6  3FBB F22F B1D7 8A77 AEAB\n\nLevente Polyak \u003canthraxx@archlinux.org\u003e\nE240 B57E 2C46 30BA 768E  2F26 FC1B 547C 8D81 72C8\n\nMorten Linderud \u003cfoxboron@archlinux.org\u003e\nC100 3466 7663 4E80 C940  FB9E 9C02 FF41 9FEC BE16\n```\n\nTo verify a tag, first import the relevant PGP keys:\n\n```bash\ngpg --auto-key-locate wkd --search-keys \u003cemail-from-above\u003e\n```\n\nAfterwards a tag can be verified from a clone of this repository. Please note\nthat one **must** check the used key of the signature against the legitimate\nkeys listed above:\n\n```bash\ngit verify-tag \u003ctag\u003e\n```\n\n## License\n\nArchlinux-keyring is licensed under the terms of the **GPL-3.0-or-later** (see\n[LICENSE](LICENSE)).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farchlinux%2Farchlinux-keyring","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Farchlinux%2Farchlinux-keyring","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farchlinux%2Farchlinux-keyring/lists"}