Permalink
Browse files

Move gpg setup notes from DEPLOY to GPG [fixes #1073]

  • Loading branch information...
1 parent 863684e commit 437cf551f68dcf0284d1faf4ef53cf048cba940a @tobias tobias committed Mar 18, 2013
Showing with 20 additions and 25 deletions.
  1. +3 −16 doc/DEPLOY.md
  2. +15 −7 doc/GPG.md
  3. +2 −2 src/leiningen/deploy.clj
View
@@ -52,7 +52,9 @@ you'll usually need to provide a `:username` and `:password` or
`:passphrase`. Leiningen will prompt you for a password if you haven't
set up credentials, but it's convenient to set it so you don't have to
re-enter it every time you want to deploy. You will need
-[gpg](http://www.gnupg.org/) installed and a key pair configured.
+[gpg](http://www.gnupg.org/) installed and a key pair configured. If
+you need help with either of those, see the
+[GPG guide](https://github.com/technomancy/leiningen/blob/stable/doc/GPG.md).
### GPG
@@ -74,12 +76,6 @@ First write your credentials map to `~/.lein/credentials.clj` like so:
"s3p://s3-repo-bucket/releases"
{:username "AKIAIN..." :passphrase "1TChrGK4s..."}}
```
-
-If you don't have a key pair yet, it's easy to generate one. The
-defaults should serve you well, but be sure to pick a strong passphrase.
-
- $ gpg --gen-key
-
Then encrypt it with `gpg`:
$ gpg --default-recipient-self -e \
@@ -91,15 +87,6 @@ encrypted it. Due to a bug in `gpg` you currently need to use
launches, but with `gpg-agent` you only have to enter your passphrase
once per login.
-On some systems you will be prompted for your GPG passphrase if you
-haven't entered it. If yours does not, you can install
-[Keychain](https://github.com/funtoo/keychain), which provides this
-functionality portably. Your key will also be used for signing
-artifacts if the version is not a snapshot, so you may be asked for
-the passphrase multiple times if the agent is not configured. To
-disable signing of releases, set `:sign-releases` to false in the
-`:repositories` entry you are targeting.
-
### Full-disk Encryption
If you use full-disk encryption, it may be safe to store your
View
@@ -1,9 +1,9 @@
# Using GPG
-This document aims to be "just enough" for setting up and using
-[GPG](http://www.gnupg.org/) keys for signing artifacts with
-[Leiningen](http://leiningen.org) for publication to
-[Clojars](http://clojars.org/).
+This document aims to be just enough for setting up and using
+[GPG](http://www.gnupg.org/) keys with
+[Leiningen](http://leiningen.org) to sign artifacts for publication to
+[Clojars](http://clojars.org/) and to encrypt repository credentials.
There are two versions of GPG available: v1.x and v2.x. For our
purposes, they are functionally equivalent. Package managers generally
@@ -97,10 +97,15 @@ keypair, you should just see your own key).
## How Leiningen uses GPG
-Leiningen uses gpg for two things: decrypting credential files, and
+Leiningen uses gpg for two things: decrypting credential files and
signing release artifacts. We'll focus on artifact singing here; for
-information on credentials encryption/decryption, see
-[the Leiningen deploy guide](https://github.com/technomancy/leiningen/blob/stable/doc/DEPLOY.md).
+information on credentials encryption/decryption, see the
+[deploy guide](https://github.com/technomancy/leiningen/blob/stable/doc/DEPLOY.md).
+
+On some systems you will be prompted for your GPG passphrase when it
+is needed if you haven't entered it. If yours does not, you can
+install [Keychain](https://github.com/funtoo/keychain), which provides
+this functionality portably.
### Signing a file
@@ -114,6 +119,9 @@ Both signatures are then uploaded to Clojars along with the
artifacts. In order for Clojars to verify the signatures, you'll need
to provide it with your *public* key (see below).
+To disable signing of releases, set `:sign-releases` to false in the
+`:repositories` entry you are targeting.
+
### Overriding the gpg defaults
By default, Leiningen will try to call GPG as `gpg`, which assumes
View
@@ -39,10 +39,10 @@
(main/abort "No credentials found for" id
"\nPassword prompts are not supported when ran after other"
"(potentially)\ninteractive tasks. Maybe setting up "
- "credentials may be an idea?\n\nSee `lein help gpg` for an "
+ "credentials may be an idea?\n\nSee `lein help deploy` for an "
"explanation of how to specify credentials."))
(println "No credentials found for" id)
- (println "See `lein help gpg` for how to configure credentials.")
+ (println "See `lein help deploy` for how to configure credentials.")
(print "Username: ") (flush)
(let [username (read-line)
password (.readPassword (System/console) "%s"

0 comments on commit 437cf55

Please sign in to comment.