Add alternate settings topic to readme

This commit is contained in:
nolash 2021-12-09 07:12:43 +01:00
parent ab11beb038
commit c934360a92
Signed by: lash
GPG Key ID: 21D2E7BB88C2A746

View File

@ -141,3 +141,34 @@ machinectl login
```
Another alternative can be to open an `ssh` session.
## Advanced topics
### Changing the resource settings trusted key
The top-level settings for the applications are set from files in `<repo_root>/var/cic-staff-client`. These files are signed with PGP, and the trusted key(s) for signing are in `<repo_root>/keys`.
In order to define alternate settings, a different key must be imported and trusted, and this key must sign the new settings files.
The code below assumes the key with fingerprint `F3FAF668E82EF5124D5187BAEF26F4682343F692`:
```
echo "F3FAF668E82EF5124D5187BAEF26F4682343F692:6:" >> <repo_root>/keys/trust
gpg -a F3FAF668E82EF5124D5187BAEF26F4682343F692 --export > <repo_root>/keys/F3FAF668E82EF5124D5187BAEF26F4682343F692.asc
```
Now the private key holder can ceate the same contents as in `<repo_root>/var`, e.g. to set `CIC_REGISTRY_ADDRESS` in `<repo_root>/var/alt`:
```
mkdir -vp var/alt/cic-staff-client
d=`mktemp -d`
echo -n 0xcf60ebc445b636a5ab787f9e8bc465a2a3ef8299 > $d/CIC_REGISTRY_ADDRESS
gpg -a -s -u F3FAF668E82EF5124D5187BAEF26F4682343F692 -o var/alt/cic-staff-client/CIC_REGISTRY_ADDRESS $d/CIC_REGISTRY_ADDRESS
```
Running the process again you would replace this:
```
export CIC_ROOT_URL=file://`pwd`/var/alt
```