summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKonstantin Ryabitsev <konstantin@linuxfoundation.org>2022-08-09 00:31:52 +0300
committerJonathan Corbet <corbet@lwn.net>2022-08-18 20:13:37 +0300
commit6043134dcedb4fb74e57858bca913a8117478ac0 (patch)
treeee85439d460a163553f5443ad15195bf9c8977de
parent0a1a279bdade0230f5021fa8d9e8a71d3de2e859 (diff)
downloadlinux-6043134dcedb4fb74e57858bca913a8117478ac0.tar.xz
maintainer-pgp-guide: add a section on PGP-signed patches
With more developers beginning to use b4 and patatt, add a section to the guide that talks about setting up and using patatt for PGP-signing patch submissions. Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org> Link: https://lore.kernel.org/r/20220727-docs-pgp-guide-v2-4-e3e6954affb6@linuxfoundation.org Signed-off-by: Jonathan Corbet <corbet@lwn.net>
-rw-r--r--Documentation/process/maintainer-pgp-guide.rst58
1 files changed, 58 insertions, 0 deletions
diff --git a/Documentation/process/maintainer-pgp-guide.rst b/Documentation/process/maintainer-pgp-guide.rst
index bf288925973e..27c42762edd7 100644
--- a/Documentation/process/maintainer-pgp-guide.rst
+++ b/Documentation/process/maintainer-pgp-guide.rst
@@ -675,6 +675,7 @@ remote end.
.. _`Agent Forwarding over SSH`: https://wiki.gnupg.org/AgentForwarding
+.. _pgp_with_git:
Using PGP with Git
==================
@@ -818,6 +819,63 @@ You can tell git to always sign commits::
.. _verify_identities:
+
+How to work with signed patches
+-------------------------------
+
+It is possible to use your PGP key to sign patches sent to kernel
+developer mailing lists. Since existing email signature mechanisms
+(PGP-Mime or PGP-inline) tend to cause problems with regular code
+review tasks, you should use the tool kernel.org created for this
+purpose that puts cryptographic attestation signatures into message
+headers (a-la DKIM):
+
+- `Patatt Patch Attestation`_
+
+.. _`Patatt Patch Attestation`: https://pypi.org/project/patatt/
+
+Installing and configuring patatt
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Patatt is packaged for many distributions already, so please check there
+first. You can also install it from pypi using "``pip install patatt``".
+
+If you already have your PGP key configured with git (via the
+``user.signingKey`` configuration parameter), then patatt requires no
+further configuration. You can start signing your patches by installing
+the git-send-email hook in the repository you want::
+
+ patatt install-hook
+
+Now any patches you send with ``git send-email`` will be automatically
+signed with your cryptographic signature.
+
+Checking patatt signatures
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If you are using ``b4`` to retrieve and apply patches, then it will
+automatically attempt to verify all DKIM and patatt signatures it
+encounters, for example::
+
+ $ b4 am 20220720205013.890942-1-broonie@kernel.org
+ [...]
+ Checking attestation on all messages, may take a moment...
+ ---
+ ✓ [PATCH v1 1/3] kselftest/arm64: Correct buffer allocation for SVE Z registers
+ ✓ [PATCH v1 2/3] arm64/sve: Document our actual ABI for clearing registers on syscall
+ ✓ [PATCH v1 3/3] kselftest/arm64: Enforce actual ABI for SVE syscalls
+ ---
+ ✓ Signed: openpgp/broonie@kernel.org
+ ✓ Signed: DKIM/kernel.org
+
+.. note::
+
+ Patatt and b4 are still in active development and you should check
+ the latest documentation for these projects for any new or updated
+ features.
+
+.. _kernel_identities:
+
How to verify kernel developer identities
=========================================