From dd65a0dad8873e3be5db1b36400d2a9ae9b8c4e0 Mon Sep 17 00:00:00 2001
From: Ian Gulliver <flamingcow@gmail.com>
Date: Fri, 1 Apr 2016 21:13:50 -0700
Subject: [PATCH] More docs

---
 README.md | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/README.md b/README.md
index fab18ca..b39af2a 100644
--- a/README.md
+++ b/README.md
@@ -80,3 +80,37 @@ system.
 `--persistent-percent`, if non-zero, specifies the percent of the target
 device to allocate to a LABEL=PERSISTENT filesystem. If the inner image uses
 persistent.py, this filesystem will be automatically mounted.
+
+### Manifests
+
+Clients download a manifest file to determine available images and to verify
+authenticity and integrity of the image. You'll need to generate one on the
+server after each new image is built.
+
+Manifest files are signed using OpenSSL. You should run your own CA to do this;
+do NOT use a public CA cert. You can find instructions for setting up a CA
+[here](https://medium.com/where-the-flamingcow-roams/elliptic-curve-certificate-authority-bbdb9c3855f7#.7v40ox70s).
+
+To build a manifest, run:
+
+```bash
+server/publish_manifest.py --cert=/path/to/signing/cert.pem --key=/path/to/signing/key.pem --image-dir=/image/path
+```
+
+Optional flags:
+
+`--other-cert` specifies a chain certificate, such as your intermediate cert.
+It may be specified more than once.
+
+`--default-rollout` specifies the percentage rollout for new images; it
+defaults to zero. The units are
+[basis points](https://en.wikipedia.org/wiki/Basis_point); 10000 means 100%.
+
+### Imaging
+
+You can write created images to flash drives for installation on other systems,
+or manually write them to a drive. To do so:
+
+```bash
+imager/image.py --base-url=http://yourhost/ --ca-cert=/path/to/signing/cert.pem --device=/dev/sdx --persistent-percent=50
+```