From c1c7feedfbb7311ec82e70d24111de1cc633a181 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 31 Mar 2014 11:06:46 -0400 Subject: [PATCH] propellor spin --- README | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README b/README index 4f74d96..554f153 100644 --- a/README +++ b/README @@ -39,4 +39,15 @@ in such a file, use: propellor --set $host $field The field name will be something like 'Password "root"'; see PrivData.hs for available fields. +It's often easiest to deploy propellor to a host by cloning a git:// +or http:// repository. To avoid a MITM attack, propellor checks +that the top commit in the git repository is gpg signed by a +trusted key, and refuses to deploy it otherwise. This is only done if +privdata/keyring.gpg exists. To generate it, make a gpg key and +run something like: + +The keyring.gpg can be checked into git, but to ensure that it's +used from the beginning when bootstrapping, propellor --spin +transfers it to the host using ssh. + [1] http://reclass.pantsfullofunix.net/