grim/hgkeeper

Add a note about downloads and pgp verification to the readme

23 months ago, Gary Kramlich
ebc5f568d629
Add a note about downloads and pgp verification to the readme
# Command Reference
HGKeeper has a number of sub commands, but `serve` is the most useful one.
## setup
The `setup` command is used to bootstrap HGKeeper. It will create the directory
for the repositories as well as the `hgkeeper` administration repository.
After initial setup, please make sure to read the `README.md` in the `hgkeeper`
admin repository that was created as it details how access control works.
## serve
The `serve` command is the main mode of operation which is to provide access to
the repositories.
You can optionally disable either one of the HGWeb or SSH servers to limit
resource usage or just disable the portions you don't need. However, the HTTP
server will always be active as it contains a health endpoint at `/hgk/health`
and could be used for integration with OpenSSH Server via the
`--enable-hostname` argument.
For example, say you don't need public access or the HGWeb interface at all,
you can disable it by passing `--disable-hgweb` to the `serve` command or by
setting the `HGK_DISABLE_HGWEB` environment variable to `true`.
Likewise, if you just want to serve up read only repositories over HTTP you can
disable the SSH serve by passing `--disable-ssh` to the `serve` command or by
setting the `HGK_DISABLE_SSH` environment variable to `true`.
The `--disable-hgweb` and `disable-ssh` options are mutually exclusive and
passing both will stop HGKeeper from starting.
The `serve` command also has options to tell HGKeeper how it can be accessed
externally. This is useful when integrating with OpenSSH Server. These options
are `--external-hostname` and `--external-port`.
`--external-hostname` can be a hostname or IP address, but it needs to be an
address that your OpenSSH Server can connect to. Likewise, `--external-port`
is the external port that the OpenSSH Server can reach to connect to HGKeeper's
SSH server. It has a default value of `22222`.
## authorized-keys
The `authorized-keys` command is used when integrating with OpenSSH server in
the [on demand](ondemand) mode of operation. It takes a single argument as the
SHA256 fingerprint of the SSH public key that OpenSSH will provide. If HGKeeper
knows that key, it will output an `authorized_keys(8)` text that OpenSSH Server
can use to continue the HG operation.
## once
The `once` command is used in conjunction with the above mentioned
`authorized-keys` command for [on demand](ondemand) operation. It is the
command that HGKeeper tells OpenSSH Server to run to continue the SSH
operations and is not useful in any other way.