Move gpg section of docs to Getting Started (#4446)

2017-06-09 12:27:29 -05:00 · 2017-06-09 12:27:29 -05:00 · 218992862c
commit 218992862c
parent a3b12a60d1
2 changed files with 67 additions and 64 deletions
--- a/lib/spack/docs/basic_usage.rst
+++ b/lib/spack/docs/basic_usage.rst
@ -276,70 +276,6 @@ Seeing installed packages
 We know that ``spack list`` shows you the names of available packages,
 but how do you figure out which are already installed?
 .. _cmd-spack-gpg:
 ^^^^^^^^^^^^^
 ``spack gpg``
 ^^^^^^^^^^^^^
 Spack has support for signing and verifying packages using GPG keys. A
 separate keyring is used for Spack, so any keys available in the user's home
 directory are not used.
 ^^^^^^^^^^^^^^^^^^
 ``spack gpg init``
 ^^^^^^^^^^^^^^^^^^
 When Spack is first installed, its keyring is empty. Keys stored in
 :file:`var/spack/gpg` are the default keys for a Spack installation. These
 keys may be imported by running ``spack gpg init``. This will import the
 default keys into the keyring as trusted keys.
 -------------
 Trusting keys
 -------------
 Additional keys may be added to the keyring using
 ``spack gpg trust <keyfile>``. Once a key is trusted, packages signed by the
 owner of they key may be installed.
 -------------
 Creating keys
 -------------
 You may also create your own key so that you may sign your own packages using
 ``spack gpg create <name> <email>``. By default, the key has no expiration,
 but it may be set with the ``--expires <date>`` flag (see the ``gnupg2``
 documentation for accepted date formats). It is also recommended to add a
 comment as to the use of the key using the ``--comment <comment>`` flag. The
 public half of the key can also be exported for sharing with others so that
 they may use packages you have signed using the ``--export <keyfile>`` flag.
 Secret keys may also be later exported using the
 ``spack gpg export <location> [<key>...]`` command.
 ------------
 Listing keys
 ------------
 In order to list the keys available in the keyring, the
 ``spack gpg list`` command will list trusted keys with the ``--trusted`` flag
 and keys available for signing using ``--signing``. If you would like to
 remove keys from your keyring, ``spack gpg untrust <keyid>``. Key IDs can be
 email addresses, names, or (best) fingerprints.
 ------------------------------
 Signing and Verifying Packages
 ------------------------------
 In order to sign a package, ``spack gpg sign <file>`` should be used. By
 default, the signature will be written to ``<file>.asc``, but that may be
 changed by using the ``--output <file>`` flag. If there is only one signing
 key available, it will be used, but if there is more than one, the key to use
 must be specified using the ``--key <keyid>`` flag. The ``--clearsign`` flag
 may also be used to create a signed file which contains the contents, but it
 is not recommended. Signed packages may be verified by using
 ``spack gpg verify <file>``.
 .. _cmd-spack-find:
 ^^^^^^^^^^^^^^
--- a/lib/spack/docs/getting_started.rst
+++ b/lib/spack/docs/getting_started.rst
@ -987,6 +987,73 @@ written in C/C++/Fortran would need it.  A potential workaround is to
 load a recent ``binutils`` into your environment and use the ``--dirty``
 flag.
 -----------
 GPG Signing
 -----------
 .. _cmd-spack-gpg:
 ^^^^^^^^^^^^^
 ``spack gpg``
 ^^^^^^^^^^^^^
 Spack has support for signing and verifying packages using GPG keys. A
 separate keyring is used for Spack, so any keys available in the user's home
 directory are not used.
 ^^^^^^^^^^^^^^^^^^
 ``spack gpg init``
 ^^^^^^^^^^^^^^^^^^
 When Spack is first installed, its keyring is empty. Keys stored in
 :file:`var/spack/gpg` are the default keys for a Spack installation. These
 keys may be imported by running ``spack gpg init``. This will import the
 default keys into the keyring as trusted keys.
 ^^^^^^^^^^^^^
 Trusting keys
 ^^^^^^^^^^^^^
 Additional keys may be added to the keyring using
 ``spack gpg trust <keyfile>``. Once a key is trusted, packages signed by the
 owner of they key may be installed.
 ^^^^^^^^^^^^^
 Creating keys
 ^^^^^^^^^^^^^
 You may also create your own key so that you may sign your own packages using
 ``spack gpg create <name> <email>``. By default, the key has no expiration,
 but it may be set with the ``--expires <date>`` flag (see the ``gnupg2``
 documentation for accepted date formats). It is also recommended to add a
 comment as to the use of the key using the ``--comment <comment>`` flag. The
 public half of the key can also be exported for sharing with others so that
 they may use packages you have signed using the ``--export <keyfile>`` flag.
 Secret keys may also be later exported using the
 ``spack gpg export <location> [<key>...]`` command.
 ^^^^^^^^^^^^
 Listing keys
 ^^^^^^^^^^^^
 In order to list the keys available in the keyring, the
 ``spack gpg list`` command will list trusted keys with the ``--trusted`` flag
 and keys available for signing using ``--signing``. If you would like to
 remove keys from your keyring, ``spack gpg untrust <keyid>``. Key IDs can be
 email addresses, names, or (best) fingerprints.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Signing and Verifying Packages
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 In order to sign a package, ``spack gpg sign <file>`` should be used. By
 default, the signature will be written to ``<file>.asc``, but that may be
 changed by using the ``--output <file>`` flag. If there is only one signing
 key available, it will be used, but if there is more than one, the key to use
 must be specified using the ``--key <keyid>`` flag. The ``--clearsign`` flag
 may also be used to create a signed file which contains the contents, but it
 is not recommended. Signed packages may be verified by using
 ``spack gpg verify <file>``.
 .. _cray-support: