diff options
| author | Boris Kolpackov <boris@codesynthesis.com> | 2017-03-29 15:06:55 +0200 |
|---|---|---|
| committer | Boris Kolpackov <boris@codesynthesis.com> | 2017-03-29 15:06:55 +0200 |
| commit | 73dfb006998bfca6410411c698ac52595264bb9c (patch) | |
| tree | aa98bb9b25548a6be8093bd9a3c30534507f76b1 /doc | |
| parent | 546ccab3f25b3d6f80dd4a392b25bed34a5c2dc0 (diff) | |
Add buildos.toolchain_trust=<repo-fp> parameter
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/manual.cli | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/doc/manual.cli b/doc/manual.cli index e61caa2..b7aca34 100644 --- a/doc/manual.cli +++ b/doc/manual.cli @@ -126,13 +126,14 @@ label buildos menu label buildos kernel /buildos/buildos-image initrd /buildos/buildos-initrd - append buildos.smtp_relay=example.org buildos.admin_email=admin@example.org buildos.buildid_url=tftp://<os-host>/buildos/buildos-buildid buildos.toolchain_url=https://<toolchain-host>/toolchain.sha256 + append buildos.smtp_relay=example.org buildos.admin_email=admin@example.org buildos.buildid_url=tftp://<os-host>/buildos/buildos-buildid buildos.toolchain_url=https://<toolchain-host>/toolchain.sha256 buildos.toolchain_trust=<repo-fp> EOF \ Where \c{<os-host>} is the address of the TFTP server (the same address as -returned by the DHCP server to PXE clients) and \c{<toolchain-host>} is the -host that serves the toolchain archives. Note that all the parameters in +returned by the DHCP server to PXE clients), \c{<toolchain-host>} is the host +that serves the toolchain archives, and \c{<repo-fp>} is the toolchain +repository certificate fingerprint to trust. Note that all the parameters in \c{append} must be specified on a single line.| \li|You can test the setup using QEMU/KVM, for example: @@ -295,7 +296,12 @@ buildos.ssh_key=\"ssh-rsa AAA...OA0DB user@host\" The first step performed by the Build OS monitor is to bootstrap the \c{build2} toolchain. The location of the toolchain packages is specified with the \c{buildos.toolchain_url} kernel command line parameter. This URL should -point to the \i{toolchain checksums file}. +point to the \i{toolchain checksums file}. You will also normally need to pass +the \c{buildos.toolchain_trust} parameter which is the toolchain repository +certificate fingerprint that the monitor should trust. Note also that the +bootstrap process (both on the build host and inside build machines) uses the +default toolchain repository location embedded into the build scripts in the +\c{build2-toolchain} package. Each line in the checksums file is the output of the \c{shaNNNsum(1)} utility, that is, the SHANNN sum following by space, an asterisk (\c{*}) which signals |