doc: explain sigkey behavior

Explain how Pungi operates on the sigkeys list, and what happens when there is only one item in the list. Signed-off-by: Ken Dreyer <kdreyer@redhat.com>
2020-05-18 15:42:37 -06:00 · 2020-05-18 15:42:37 -06:00 · 4ba65710c2
commit 4ba65710c2
parent 5ed5646bca
1 changed files with 7 additions and 2 deletions
--- a/doc/configuration.rst
+++ b/doc/configuration.rst
@ -467,8 +467,13 @@ Options
 -------

 **sigkeys**
-    ([*str* or None]) -- priority list of sigkeys; if the list includes an
-    empty string or  *None*, unsigned packages will be allowed
+    ([*str* or None]) -- priority list of signing key IDs. These key IDs match
+    the key IDs for the builds in Koji. Pungi will choose signed packages
+    according to the order of the key IDs that you specify here. Use one
+    single key in this list to ensure that all RPMs are signed by one key. If
+    the list includes an empty string or *None*, Pungi will allow unsigned
+    packages. If the list only includes *None*, Pungi will use all unsigned
+    packages.

 **pkgset_source** [mandatory]
    (*str*) -- "koji" (any koji instance) or "repos" (arbitrary yum repositories)