summaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
authorJoey Hess2014-03-31 11:06:46 -0400
committerJoey Hess2014-03-31 11:06:46 -0400
commitc1c7feedfbb7311ec82e70d24111de1cc633a181 (patch)
treeb314cb0d569330cde9508e9b2a0796bf2b8ad180 /README
parent0605b001287af78133028bd9b5de135a5cb177c2 (diff)
propellor spin
Diffstat (limited to 'README')
-rw-r--r--README11
1 files changed, 11 insertions, 0 deletions
diff --git a/README b/README
index 4f74d96c..554f153b 100644
--- a/README
+++ b/README
@@ -39,4 +39,15 @@ in such a file, use: propellor --set $host $field
The field name will be something like 'Password "root"'; see PrivData.hs
for available fields.
+It's often easiest to deploy propellor to a host by cloning a git://
+or http:// repository. To avoid a MITM attack, propellor checks
+that the top commit in the git repository is gpg signed by a
+trusted key, and refuses to deploy it otherwise. This is only done if
+privdata/keyring.gpg exists. To generate it, make a gpg key and
+run something like:
+
+The keyring.gpg can be checked into git, but to ensure that it's
+used from the beginning when bootstrapping, propellor --spin
+transfers it to the host using ssh.
+
[1] http://reclass.pantsfullofunix.net/