diff options
author | Adam J. Stewart <ajstewart426@gmail.com> | 2017-06-09 12:27:29 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-06-09 12:27:29 -0500 |
commit | 218992862c436d4e1bd2ecde2d5914ce8fa5b448 (patch) | |
tree | bae2750ec1ae56807ef8868d4837b47debc85de6 /lib | |
parent | a3b12a60d1d25b06f3d49c87ed4cc5a1e333c47b (diff) | |
download | spack-218992862c436d4e1bd2ecde2d5914ce8fa5b448.tar.gz spack-218992862c436d4e1bd2ecde2d5914ce8fa5b448.tar.bz2 spack-218992862c436d4e1bd2ecde2d5914ce8fa5b448.tar.xz spack-218992862c436d4e1bd2ecde2d5914ce8fa5b448.zip |
Move gpg section of docs to Getting Started (#4446)
Diffstat (limited to 'lib')
-rw-r--r-- | lib/spack/docs/basic_usage.rst | 64 | ||||
-rw-r--r-- | lib/spack/docs/getting_started.rst | 67 |
2 files changed, 67 insertions, 64 deletions
diff --git a/lib/spack/docs/basic_usage.rst b/lib/spack/docs/basic_usage.rst index 6eba26a4b5..f25247579b 100644 --- a/lib/spack/docs/basic_usage.rst +++ b/lib/spack/docs/basic_usage.rst @@ -276,70 +276,6 @@ Seeing installed packages We know that ``spack list`` shows you the names of available packages, but how do you figure out which are already installed? -.. _cmd-spack-gpg: - -^^^^^^^^^^^^^ -``spack gpg`` -^^^^^^^^^^^^^ - -Spack has support for signing and verifying packages using GPG keys. A -separate keyring is used for Spack, so any keys available in the user's home -directory are not used. - -^^^^^^^^^^^^^^^^^^ -``spack gpg init`` -^^^^^^^^^^^^^^^^^^ - -When Spack is first installed, its keyring is empty. Keys stored in -:file:`var/spack/gpg` are the default keys for a Spack installation. These -keys may be imported by running ``spack gpg init``. This will import the -default keys into the keyring as trusted keys. - -------------- -Trusting keys -------------- - -Additional keys may be added to the keyring using -``spack gpg trust <keyfile>``. Once a key is trusted, packages signed by the -owner of they key may be installed. - -------------- -Creating keys -------------- - -You may also create your own key so that you may sign your own packages using -``spack gpg create <name> <email>``. By default, the key has no expiration, -but it may be set with the ``--expires <date>`` flag (see the ``gnupg2`` -documentation for accepted date formats). It is also recommended to add a -comment as to the use of the key using the ``--comment <comment>`` flag. The -public half of the key can also be exported for sharing with others so that -they may use packages you have signed using the ``--export <keyfile>`` flag. -Secret keys may also be later exported using the -``spack gpg export <location> [<key>...]`` command. - ------------- -Listing keys ------------- - -In order to list the keys available in the keyring, the -``spack gpg list`` command will list trusted keys with the ``--trusted`` flag -and keys available for signing using ``--signing``. If you would like to -remove keys from your keyring, ``spack gpg untrust <keyid>``. Key IDs can be -email addresses, names, or (best) fingerprints. - ------------------------------- -Signing and Verifying Packages ------------------------------- - -In order to sign a package, ``spack gpg sign <file>`` should be used. By -default, the signature will be written to ``<file>.asc``, but that may be -changed by using the ``--output <file>`` flag. If there is only one signing -key available, it will be used, but if there is more than one, the key to use -must be specified using the ``--key <keyid>`` flag. The ``--clearsign`` flag -may also be used to create a signed file which contains the contents, but it -is not recommended. Signed packages may be verified by using -``spack gpg verify <file>``. - .. _cmd-spack-find: ^^^^^^^^^^^^^^ diff --git a/lib/spack/docs/getting_started.rst b/lib/spack/docs/getting_started.rst index 9b31ea4491..eaa92db694 100644 --- a/lib/spack/docs/getting_started.rst +++ b/lib/spack/docs/getting_started.rst @@ -987,6 +987,73 @@ written in C/C++/Fortran would need it. A potential workaround is to load a recent ``binutils`` into your environment and use the ``--dirty`` flag. +----------- +GPG Signing +----------- + +.. _cmd-spack-gpg: + +^^^^^^^^^^^^^ +``spack gpg`` +^^^^^^^^^^^^^ + +Spack has support for signing and verifying packages using GPG keys. A +separate keyring is used for Spack, so any keys available in the user's home +directory are not used. + +^^^^^^^^^^^^^^^^^^ +``spack gpg init`` +^^^^^^^^^^^^^^^^^^ + +When Spack is first installed, its keyring is empty. Keys stored in +:file:`var/spack/gpg` are the default keys for a Spack installation. These +keys may be imported by running ``spack gpg init``. This will import the +default keys into the keyring as trusted keys. + +^^^^^^^^^^^^^ +Trusting keys +^^^^^^^^^^^^^ + +Additional keys may be added to the keyring using +``spack gpg trust <keyfile>``. Once a key is trusted, packages signed by the +owner of they key may be installed. + +^^^^^^^^^^^^^ +Creating keys +^^^^^^^^^^^^^ + +You may also create your own key so that you may sign your own packages using +``spack gpg create <name> <email>``. By default, the key has no expiration, +but it may be set with the ``--expires <date>`` flag (see the ``gnupg2`` +documentation for accepted date formats). It is also recommended to add a +comment as to the use of the key using the ``--comment <comment>`` flag. The +public half of the key can also be exported for sharing with others so that +they may use packages you have signed using the ``--export <keyfile>`` flag. +Secret keys may also be later exported using the +``spack gpg export <location> [<key>...]`` command. + +^^^^^^^^^^^^ +Listing keys +^^^^^^^^^^^^ + +In order to list the keys available in the keyring, the +``spack gpg list`` command will list trusted keys with the ``--trusted`` flag +and keys available for signing using ``--signing``. If you would like to +remove keys from your keyring, ``spack gpg untrust <keyid>``. Key IDs can be +email addresses, names, or (best) fingerprints. + +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Signing and Verifying Packages +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +In order to sign a package, ``spack gpg sign <file>`` should be used. By +default, the signature will be written to ``<file>.asc``, but that may be +changed by using the ``--output <file>`` flag. If there is only one signing +key available, it will be used, but if there is more than one, the key to use +must be specified using the ``--key <keyid>`` flag. The ``--clearsign`` flag +may also be used to create a signed file which contains the contents, but it +is not recommended. Signed packages may be verified by using +``spack gpg verify <file>``. .. _cray-support: |