packaging
/
ostree
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

man: Elaborate on per-remote GPG 

Closes: #258
Approved by: alexlarsson
This commit is contained in:
Colin Walters 2016-04-14 11:05:22 -04:00 committed by Colin Walters (automation)
parent 9e7e594907
commit d9a334950b
2 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
man/ostree.repo-config.xml
View File

@ -195,6 +195,15 @@ Boston, MA 02111-1307, USA.
ignored. ignored.
</para> </para>
</refsect1> </refsect1>
<refsect1>
<title>Per-remote GPG keyrings and verification</title>
<para>
OSTree supports a per-remote GPG keyring. For more information see
<citerefentry><refentrytitle>ostree</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
in the section <literal>GPG verification</literal>.
</para>
</refsect1>
<refsect1> <refsect1>
<title>See Also</title> <title>See Also</title>

24
man/ostree.xml
View File

@ -425,13 +425,25 @@ Boston, MA 02111-1307, USA.
<title>GPG verification</title> <title>GPG verification</title>
<para> <para>
OSTree supports signing commits with GPG. The set of OSTree supports signing commits with GPG. Operations on the system
trusted public keys is stored as keyring files in repository by default use keyring files in
<filename>/usr/share/ostree/trusted.gpg.d</filename>. Any <filename>/usr/share/ostree/trusted.gpg.d</filename>. Any
public key in a keyring file in that directory will be public key in a keyring file in that directory will be
trusted by the client. No private keys should be present trusted by the client. No private keys should be present
in this directory. in this directory.
</para> </para>
<para>
In addition to the system repository, OSTree supports a
per-remote
<filename><replaceable>remotename</replaceable>.trustedkeys.gpg</filename>
file stored in the toplevel of the repository (alongside
<filename>objects/</filename> and such). This is
particularly useful when downloading content that may not
be fully trusted (e.g. you want to inspect it but not
deploy it as an OS), or use it for containers. This file
is written via <command>ostree remote add
--gpg-import</command>.
</para>
</refsect1> </refsect1>
<refsect1> <refsect1>