aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorBoris Kolpackov <boris@codesynthesis.com>2017-03-29 15:06:55 +0200
committerBoris Kolpackov <boris@codesynthesis.com>2017-03-29 15:06:55 +0200
commit73dfb006998bfca6410411c698ac52595264bb9c (patch)
treeaa98bb9b25548a6be8093bd9a3c30534507f76b1 /doc
parent546ccab3f25b3d6f80dd4a392b25bed34a5c2dc0 (diff)
Add buildos.toolchain_trust=<repo-fp> parameter
Diffstat (limited to 'doc')
-rw-r--r--doc/manual.cli14
1 files changed, 10 insertions, 4 deletions
diff --git a/doc/manual.cli b/doc/manual.cli
index e61caa2..b7aca34 100644
--- a/doc/manual.cli
+++ b/doc/manual.cli
@@ -126,13 +126,14 @@ label buildos
menu label buildos
kernel /buildos/buildos-image
initrd /buildos/buildos-initrd
- append buildos.smtp_relay=example.org buildos.admin_email=admin@example.org buildos.buildid_url=tftp://<os-host>/buildos/buildos-buildid buildos.toolchain_url=https://<toolchain-host>/toolchain.sha256
+ append buildos.smtp_relay=example.org buildos.admin_email=admin@example.org buildos.buildid_url=tftp://<os-host>/buildos/buildos-buildid buildos.toolchain_url=https://<toolchain-host>/toolchain.sha256 buildos.toolchain_trust=<repo-fp>
EOF
\
Where \c{<os-host>} is the address of the TFTP server (the same address as
-returned by the DHCP server to PXE clients) and \c{<toolchain-host>} is the
-host that serves the toolchain archives. Note that all the parameters in
+returned by the DHCP server to PXE clients), \c{<toolchain-host>} is the host
+that serves the toolchain archives, and \c{<repo-fp>} is the toolchain
+repository certificate fingerprint to trust. Note that all the parameters in
\c{append} must be specified on a single line.|
\li|You can test the setup using QEMU/KVM, for example:
@@ -295,7 +296,12 @@ buildos.ssh_key=\"ssh-rsa AAA...OA0DB user@host\"
The first step performed by the Build OS monitor is to bootstrap the
\c{build2} toolchain. The location of the toolchain packages is specified with
the \c{buildos.toolchain_url} kernel command line parameter. This URL should
-point to the \i{toolchain checksums file}.
+point to the \i{toolchain checksums file}. You will also normally need to pass
+the \c{buildos.toolchain_trust} parameter which is the toolchain repository
+certificate fingerprint that the monitor should trust. Note also that the
+bootstrap process (both on the build host and inside build machines) uses the
+default toolchain repository location embedded into the build scripts in the
+\c{build2-toolchain} package.
Each line in the checksums file is the output of the \c{shaNNNsum(1)} utility,
that is, the SHANNN sum following by space, an asterisk (\c{*}) which signals