Merge pull request #15714 from poettering/homed-key-mgmt-doc

man: document homed key management

TODO

@@ -22,6 +22,12 @@ Janitorial Clean-ups:
 
 Features:
 
+* homed: permit multiple private keys to be used locally, and pick the right
+  one for signing records automatically depending on a pre-existing signature
+
+* homed: add a way to "adopt" a home directory, i.e. strip foreign signatures
+  and insert a local signature instead.
+
 * busctl: maybe expose a verb "ping" for pinging a dbus service to see if it
   exists and responds.
 

man/systemd-homed.service.xml

@@ -47,6 +47,55 @@
     <citerefentry><refentrytitle>userdbctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
   </refsect1>
 
+  <refsect1>
+    <title>Key Management</title>
+
+    <para>User records are cryptographically signed with a public/private key pair (the signature is part of
+    the JSON record itself). For a user to be permitted to log in locally the public key matching the
+    signature of their user record must be installed. For a user record to be modified locally the private
+    key matching the signature must be installed locally, too. The keys are stored in the
+    <filename>/var/lib/systemd/home/</filename> directory:</para>
+
+    <variablelist>
+
+      <varlistentry>
+        <term><filename>/var/lib/systemd/home/local.private</filename></term>
+
+        <listitem><para>The private key of the public/private key pair used for local records. Currently,
+        only a single such key may be installed.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><filename>/var/lib/systemd/home/local.public</filename></term>
+
+        <listitem><para>The public key of the public/private key pair used for local records. Currently,
+        only a single such key may be installed.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><filename>/var/lib/systemd/home/*.public</filename></term>
+
+        <listitem><para>Additional public keys. Any users whose user records are signed with any of these keys
+        are permitted to log in locally. An arbitrary number of keys may be installed this
+        way.</para></listitem>
+      </varlistentry>
+    </variablelist>
+
+    <para>All key files listed above are in PEM format.</para>
+
+    <para>In order to migrate a home directory from a host <literal>foobar</literal> to another host
+    <literal>quux</literal> it is hence sufficient to copy
+    <filename>/var/lib/systemd/home/local.public</filename> from the host <literal>foobar</literal> to
+    <literal>quux</literal>, maybe calling the file on the destination
+    <filename>/var/lib/systemd/home/foobar.public</filename>, reflecting the origin of the key. If the user
+    record should be modifiable on <literal>quux</literal> the pair
+    <filename>/var/lib/systemd/home/local.public</filename> and
+    <filename>/var/lib/systemd/home/local.private</filename> need to be copied from <literal>foobar</literal>
+    to <literal>quux</literal>, and placed under the identical paths there, as currently only a single
+    private key is supported per host. Note of course that the latter means that user records
+    generated/signed before the key pair is copied in, lose their validity.</para>
+  </refsect1>
+
   <refsect1>
     <title>See Also</title>
     <para>