[ostree: 64/70] man: Elaborate on per-remote GPG

From: Colin Walters <walters src gnome org>
To: commits-list gnome org
Cc:
Subject: [ostree: 64/70] man: Elaborate on per-remote GPG
Date: Fri, 15 Apr 2016 21:06:38 +0000 (UTC)

commit d9a334950bcaded268d60511fe23f386bebf0276
Author: Colin Walters <walters verbum org>
Date:   Thu Apr 14 11:05:22 2016 -0400

    man: Elaborate on per-remote GPG
    
    Closes: #258
    Approved by: alexlarsson

 man/ostree.repo-config.xml |    9 +++++++++
 man/ostree.xml             |   24 ++++++++++++++++++------
 2 files changed, 27 insertions(+), 6 deletions(-)
---
diff --git a/man/ostree.repo-config.xml b/man/ostree.repo-config.xml
index c77ccc6..0c421ba 100644
--- a/man/ostree.repo-config.xml
+++ b/man/ostree.repo-config.xml
@@ -195,6 +195,15 @@ Boston, MA 02111-1307, USA.
       ignored.
     </para>
   </refsect1>
+
+  <refsect1>
+    <title>Per-remote GPG keyrings and verification</title>
+    <para>
+      OSTree supports a per-remote GPG keyring.  For more information see
+      <citerefentry><refentrytitle>ostree</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
+      in the section <literal>GPG verification</literal>.
+    </para>
+  </refsect1>
   
   <refsect1>
     <title>See Also</title>
diff --git a/man/ostree.xml b/man/ostree.xml
index 161ef0b..80b0b0c 100644
--- a/man/ostree.xml
+++ b/man/ostree.xml
@@ -425,13 +425,25 @@ Boston, MA 02111-1307, USA.
         <title>GPG verification</title>
 
         <para>
-            OSTree supports signing commits with GPG.  The set of
-            trusted public keys is stored as keyring files in
-            <filename>/usr/share/ostree/trusted.gpg.d</filename>.  Any
-            public key in a keyring file in that directory will be
-            trusted by the client.  No private keys should be present
-            in this directory.
+          OSTree supports signing commits with GPG.  Operations on the system
+         repository by default use keyring files in
+          <filename>/usr/share/ostree/trusted.gpg.d</filename>.  Any
+          public key in a keyring file in that directory will be
+          trusted by the client.  No private keys should be present
+          in this directory.
         </para>
+        <para>
+           In addition to the system repository, OSTree supports a
+           per-remote
+           <filename><replaceable>remotename</replaceable>.trustedkeys.gpg</filename>
+           file stored in the toplevel of the repository (alongside
+           <filename>objects/</filename> and such). This is
+           particularly useful when downloading content that may not
+           be fully trusted (e.g. you want to inspect it but not
+           deploy it as an OS), or use it for containers.  This file
+           is written via <command>ostree remote add
+           --gpg-import</command>.
+       </para>
     </refsect1>
 
     <refsect1>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]