make-secnet-sites: New --pubkeys-install option

[secnet.git] / README.make-secnet-sites

diff --git a/README.make-secnet-sites b/README.make-secnet-sites
index 995dbb057ddcdb77dc85c9276bfade525fa09407..c5b8360d0c8a1cdeb6ba962c5c8e704bf71b4a1c 100644 (file)
--- a/README.make-secnet-sites
+++ b/README.make-secnet-sites
@@ -43,9 +43,28 @@ OPTIONS
                NUMBER that are understood are:
                    1   The original format, pre signing key
                        negotiation.
+                   2   Signing key algorithm agility and negotiation.
                If NUMBER is higher than make-secnet-sites supports,
                it writes out what it can.
 
+       --pubkeys-install
+
+               Specifies that public keys are to be installed in the
+               live pubkeys area (and not hardcoded in secnet conf
+               files).  With this option, generated site configs
+               refer to keys in PUBKEYS; also, the generated secnet
+               configuration enables live peer public update.
+
+       --pubkeys-dir PUBKEYS
+
+               Specifies the live pubkeys area pathname.
+               The default is /var/lib/secnet/pubkeys.
+
+               Key files are named
+                       PUBKEYS/peer.<mangled-peer-name>[~...]
+               mangled-peer-name is chosen by make-secnet-sites
+                       / => ,
+
        --debug | -D
 
                Increase amount of debugging output.