2.2 KiB
Installing Keyfork
Keyfork is hosted using the Distrust Cargo repository. For the fastest installation path (this is not recommended), crates may be installed directly from the Cargo repository:
cargo install --index https://git.distrust.co/public/_cargo-index keyfork@0.1.0
The index is managed by Distrust, but is not signed by developers when commits are created, so a safer alternative may be to build from source. It is recommended to perform these operations on a machine dedicated for the purpose of building Rust binaries, to avoid the risk of building a compromised binary.
git clone https://git.distrust.co/public/keyfork
cd keyfork
# git checkout keyfork-0.1.0
git verify-commit HEAD
cargo install --locked --path keyfork
This will build Keyfork from source, using a local Cargo.lock file to ensure
dependencies are not updated automatically.
Installing Plumbing Binaries
Keyfork offers "plumbing" binaries (as opposed to the "porcelain" keyfork)
that offer a smaller SBOM, allowing users with a smaller feature requirement
to lessen the requirements for code review. Plumbing binaries can be installed
the same way Keyfork is installed, either through the registry or by building
locally. Plumbing binaries are grouped by crates of shared dependencies. For
instance, keyfork-plumbing includes all binaries using only shared
dependencies. Eventually, keyfork-plumbing-openpgp may contain all
dependencies relevant to OpenPGP (such as the keyfork-shard variants,
keyfork-derive-openpgp, and keyfork-provision-openpgp-card). There may also
be plumbing binaries that exist by themselves, without a plumbing package.
Unfortunately, Cargo offers no convenient way to install a binary from any
package on a workspace, so the information about which package contains which
binary must be known beforehand.
cargo install --index https://git.distrust.co/public/_cargo-index keyfork-plumbing@0.1.0
cargo install --locked --path keyfork-plumbing --bin keyfork-entropy