X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=setup%2FREADME;h=9d5103c19e4ef8e043ef5d7cbb2c676a12cd9911;hb=62bb13893107fc5c499d6e94ec7549fcf996c9df;hp=4c8a9ebfded3eeb32613294196d50a1a862bb649;hpb=67b84a241c5f2a75b5ae2362257da3a1b285ae2c;p=dak.git

diff --git a/setup/README b/setup/README
index 4c8a9ebf..9d5103c1 100644
--- a/setup/README
+++ b/setup/README
@@ -16,9 +16,8 @@ The following roles are assumed to exist:
 For the purposes of this document, we'll be working in /srv/dak
 
 Set up the dak user on both the system and in postgres:
-# sudo adduser dak
-# sudo addgroup ftpmaster
-# sudo addgroup dak ftpmaster
+# sudo addgroup --system ftpmaster
+# sudo adduser --system dak --ingroup ftpmaster --shell /bin/bash
 # sudo -u postgres createuser -s dak
 
 Set up the dak directory:
@@ -68,7 +67,9 @@ WARNING: Please check these templates over and customise as necessary
 # cp templates/* /srv/dak/templates/
 
 Set up a private signing key: don't set a passphrase as dak will not
-pass one through to gpg.  Guard this key carefully
+pass one through to gpg.  Guard this key carefully!
+The key only needs to be able to sign, it doesn't need to be able
+to encrypt.
 # gpg --no-default-keyring --secret-keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/secring.gpg --keyring /srv/dak/keyrings/s3kr1t/dot-gnupg/pubring.gpg --gen-key
 Remember the signing key id for when creating the suite below.
 Here we'll pretend it is DDDDDDDD for convenience