Mailinglist Archive: opensuse-buildservice (45 mails)

< Previous Next >
[opensuse-buildservice] [obs-signd] user documentation for sign.c
Hi, all!

I am working on the Copr lightweight build service ( http://fedorahosted.org/copr ) and we want to utilize obs-signd for package signing.
In the past few days i've managed to run signd and use /bin/sign to manually sign rpms, but
lack of up-to date documentation in the obs-signd is no good.
I've tried to document my findings, and I would be glad if authors or other person familiar with signd will review and correct (or even add :) ) manpage.

Changes available in attachement or here https://github.com/evilkost/obs-sign/commit/0d68bd8ea34e507c1212d12ce03cab7440b7b94e .

--
Best regards,
Gologuzov Valentin.
From 0d68bd8ea34e507c1212d12ce03cab7440b7b94e Mon Sep 17 00:00:00 2001
From: Valentin Gologuzov <vgologuz@xxxxxxxxxx>
Date: Fri, 5 Sep 2014 15:32:48 +0200
Subject: [PATCH] Attempt to improve `sign` documentation.

---
sign.8 | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 83 insertions(+)

diff --git a/sign.8 b/sign.8
index 17fdc16..19c34cb 100644
--- a/sign.8
+++ b/sign.8
@@ -40,6 +40,89 @@ from the /etc/sign.conf file.
The -k option makes sign print the keyid instead of signing a file, the
-p option makes it print the public key.

+.SH OPTIONS
+
+.TP
+.B \-t
+Ping signd. If ping was successful, return exit code 0.
+.TP
+.B \-v
+Verbose mode
+.TP
+.B \-T
+.B <unixtime>
+ Explicit sign time. If RPM mode used (\-r) also accepts string "buildtime"
+
+
+.TP
+.BR
+.B Signature modes
+.TP
+ Requires private key (\-P) or user (\-u) with key in the signd root keyring.
+.TP
+.B \-c
+.B <file>
+ Create clearsign
+.TP
+.B \-r
+.B <file>
+ Sign RPM package
+.TP
+.B \-S
+.B <path to checksumfile>
+ Usable only with \-r option: writes checksums into the file
+
+.TP
+.B \-d
+.B <file>
+ Create detached sign
+.TP
+.B \-D
+.B <file>
+ Create RAW detached sign
+.TP
+.B \-C
+.B <path to pubkey>
+ Create SSL certificate
+.TP
+.B \-O
+.B <path to pubkey>
+ Create RAW SSL certificate
+
+
+.B Key generation
+.TP
+.BR \-g
+.B [\-P \<privkey\>\] <type> <expire> <name> <email>
+ Generate new key-pair. Where:
+ type: defined as {dsa,rsa}@{1024,2048}
+ expire: integer, days before expire
+ name: real name
+ email: email
+ Write pubkey and privke to stdout. If \-P option used,
+ privkey will be written there and only pubkey goes to stdout.
+
+.TP
+.BR \-x
+.B <expire> <pubkey>
+ Extend key. Requires private key (\-P).
+
+
+.B Query signd for key information / Common options
+.TP
+.BR \-k
+Print the keyid of signd key-pair (root key or defined by \-u)
+.TP
+.BR \-p
+Print pubkey of signd key-pair (root key or defined by \-u)
+.TP
+.BR \-u
+Username, signd should already know about that user
+.TP
+.BR \-h
+Hash: either sha1 or sha256
+
+
.SH SECURITY
sign needs to bind to a reserved port, it thus works only for user root
or needs to be installed suid-root. If the latter is the case, sign
--
1.9.3

< Previous Next >
Follow Ups