From 7dca019802163a0c81415d61a2b2c65e6740ac09 Mon Sep 17 00:00:00 2001 From: Boris Kolpackov Date: Tue, 6 Sep 2016 12:24:02 +0200 Subject: Proofread repository-signing help topic --- bpkg/repository-signing.cli | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/bpkg/repository-signing.cli b/bpkg/repository-signing.cli index ab6f605..ad3f5ff 100644 --- a/bpkg/repository-signing.cli +++ b/bpkg/repository-signing.cli @@ -50,7 +50,7 @@ The first step is to generate the private key: $ openssl genrsa -aes256 2048 >key.pem \ -If you would like to generate a key without a password protection (not a good +If you would like to generate a key without password protection (not a good idea except for testing), leave the \cb{-aes256} option out. You may also need to add \cb{-nodes} depending on your \cb{openssl(1)} configuration. | @@ -87,7 +87,7 @@ hosted by an organization, use the organization's name for \cb{org}. If you host it as an individual, put your full, real name there. Using any kind of aliases or nicknames is a bad idea (except, again, for testing). Remember, users of your repository will be presented with this information and if they -see it was signed by someone named SmellySnook, they will unlikely to trust +see it was signed by someone named SmellySnook, they will unlikely trust it. Also use a working email address in case users need to contact you about issues with your certificate. @@ -98,25 +98,25 @@ hosted on \cb{{,www.,pkg.,bpkg.\}example.com}. While name \cb{example.com/math} will match \cb{{...\}example.com/pkg/1/math} but not \cb{{...\}example.com/pkg/1/misc}. See the repository manifest documentation for more information on canonical names. Note also that the \cb{name:} prefix -in \cb{CN} value is not a typo. +in the \cb{CN} value is not a typo. Once the configuration file is ready, generate the certificate: \ -openssl req -x509 -new -sha256 -key key.pem -config cert.conf \ --days 730 >cert.pem +openssl req -x509 -new -sha256 -key key.pem \ + -config cert.conf -days 730 >cert.pem \ To verify the certificate information, run: \ openssl x509 -noout -nameopt RFC2253,sep_multiline \ --subject -dates -email