This is a repository of public keys used to validate upstream dist files.
You will need git lfs installed to be able to commit / push changes to this repo.
Currently you will need to add the following to your mk.conf file:
.if exists(/usr/local/share/signing/signing.mk)
.include "/usr/local/share/signing/signing.mk"
.endif
SIG_SUFX should be set per port. Currently only validating detatched signatures is supported.
$ git clone https://github.com/qbit/signing.git
$ cd signing
$ pkill gpg-agent; export GNUPGHOME=$PWD/gnupg
$ gpg2 --import newpubkey
$ git clone https://github.com/qbit/signing.git
$ cd signing
$ opmsg -c ./opmsg --import --in release-key-v1.opmsg --name opmsg-rkey-v1 --phash sha256