Add keyringctl as tooling for a curated keyring
This implements a keyringctl command (fronting sq) that can be used to convert the current set of PGP certificates to a more specific directory structure (see #6 (closed) for details):
Workflow (for testing)
# convert current setup
./keyringctl -v import --main master master-revoked
./keyringctl -v import packager packager-revokedThe tool allows for exporting the combined PGP packets to a file, that can be used as a pacman keyring:
# export converted certificate layout to a keyring file and export ownertrust and revoker status
./keyringctl -v build(Future) Workflow
# update an existing main public key (and e.g. its signatures)
./keyringctl -v import --main <some_file>.gpg# update an existing packager public key (and e.g. its signatures)
./keyringctl -v import <some_file>.gpgCurrently it is untested whether
- the conversion exports all relevant PGP packets from the existing certificates
- the export creates a functioning file that can be used as a pacman keyring
- the revoker status can be improved (to not have to rely on a separate file)
NOTE: Currently it is not yet possible to create a deterministic keyring using sq keyring merge: https://gitlab.com/sequoia-pgp/sequoia/-/issues/762
TODO
- 
update README.md to reflect changes and explain new workflow 
- 
derive username by matching against existing public key fingerprints in the target directory (to not simply rely on input certificate name) 
- 
filter out any certifications that are not done by main or packager public keys 
- 
simplify the command-line interface (e.g. import-packager,import-main,export-packager,export-main,export-keyring)
- 
add gitlab CI integration to create keyring files, import them with pacman-key and use them 
- 
standardize directory naming (e.g. uids->uid,subkeys->subkey)
- 
check new keys to match our requirements (as is currently done in CI) 
- 
Allow 
Related to #6 (closed)
Edited  by Levente Polyak