diff options
author | Colin Walters <walters@verbum.org> | 2016-04-14 11:05:22 -0400 |
---|---|---|
committer | Colin Walters (automation) <walters+githubbot@verbum.org> | 2016-04-14 16:05:52 +0000 |
commit | d9a334950bcaded268d60511fe23f386bebf0276 (patch) | |
tree | f34d63d362bd65efa65d52801d3860893f034520 /man/ostree.xml | |
parent | 9e7e594907cad21b7f5d843340948c4d426e8680 (diff) | |
download | ostree-d9a334950bcaded268d60511fe23f386bebf0276.tar.gz |
man: Elaborate on per-remote GPG
Closes: #258
Approved by: alexlarsson
Diffstat (limited to 'man/ostree.xml')
-rw-r--r-- | man/ostree.xml | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/man/ostree.xml b/man/ostree.xml index 161ef0bc..80b0b0c1 100644 --- a/man/ostree.xml +++ b/man/ostree.xml @@ -425,13 +425,25 @@ Boston, MA 02111-1307, USA. <title>GPG verification</title> <para> - OSTree supports signing commits with GPG. The set of - trusted public keys is stored as keyring files in - <filename>/usr/share/ostree/trusted.gpg.d</filename>. Any - public key in a keyring file in that directory will be - trusted by the client. No private keys should be present - in this directory. + OSTree supports signing commits with GPG. Operations on the system + repository by default use keyring files in + <filename>/usr/share/ostree/trusted.gpg.d</filename>. Any + public key in a keyring file in that directory will be + trusted by the client. No private keys should be present + in this directory. </para> + <para> + In addition to the system repository, OSTree supports a + per-remote + <filename><replaceable>remotename</replaceable>.trustedkeys.gpg</filename> + file stored in the toplevel of the repository (alongside + <filename>objects/</filename> and such). This is + particularly useful when downloading content that may not + be fully trusted (e.g. you want to inspect it but not + deploy it as an OS), or use it for containers. This file + is written via <command>ostree remote add + --gpg-import</command>. + </para> </refsect1> <refsect1> |