Add alternate settings topic to readme
This commit is contained in:
parent
ab11beb038
commit
c934360a92
31
README.md
31
README.md
@ -141,3 +141,34 @@ machinectl login
|
|||||||
```
|
```
|
||||||
|
|
||||||
Another alternative can be to open an `ssh` session.
|
Another alternative can be to open an `ssh` session.
|
||||||
|
|
||||||
|
|
||||||
|
## Advanced topics
|
||||||
|
|
||||||
|
### Changing the resource settings trusted key
|
||||||
|
|
||||||
|
The top-level settings for the applications are set from files in `<repo_root>/var/cic-staff-client`. These files are signed with PGP, and the trusted key(s) for signing are in `<repo_root>/keys`.
|
||||||
|
|
||||||
|
In order to define alternate settings, a different key must be imported and trusted, and this key must sign the new settings files.
|
||||||
|
|
||||||
|
The code below assumes the key with fingerprint `F3FAF668E82EF5124D5187BAEF26F4682343F692`:
|
||||||
|
|
||||||
|
```
|
||||||
|
echo "F3FAF668E82EF5124D5187BAEF26F4682343F692:6:" >> <repo_root>/keys/trust
|
||||||
|
gpg -a F3FAF668E82EF5124D5187BAEF26F4682343F692 --export > <repo_root>/keys/F3FAF668E82EF5124D5187BAEF26F4682343F692.asc
|
||||||
|
```
|
||||||
|
|
||||||
|
Now the private key holder can ceate the same contents as in `<repo_root>/var`, e.g. to set `CIC_REGISTRY_ADDRESS` in `<repo_root>/var/alt`:
|
||||||
|
|
||||||
|
```
|
||||||
|
mkdir -vp var/alt/cic-staff-client
|
||||||
|
d=`mktemp -d`
|
||||||
|
echo -n 0xcf60ebc445b636a5ab787f9e8bc465a2a3ef8299 > $d/CIC_REGISTRY_ADDRESS
|
||||||
|
gpg -a -s -u F3FAF668E82EF5124D5187BAEF26F4682343F692 -o var/alt/cic-staff-client/CIC_REGISTRY_ADDRESS $d/CIC_REGISTRY_ADDRESS
|
||||||
|
```
|
||||||
|
|
||||||
|
Running the process again you would replace this:
|
||||||
|
|
||||||
|
```
|
||||||
|
export CIC_ROOT_URL=file://`pwd`/var/alt
|
||||||
|
```
|
||||||
|
Loading…
Reference in New Issue
Block a user