Add documentation on how to setup fedmsg signing in development

README.rst

@@ -395,3 +395,27 @@ It may happen that you will run into issues and the container won't start proper
     $ sudo docker-compose build --no-cache --pull
 
 First command will stop and remove all containers and volumes and second command will pull latest base image and perform a clean build without cache.
+
+
+``fedmsg Signing for Development``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In order to enable fedmsg signing in development, you will need to follow a series of steps.
+Note that this will conflict with signed messages from a different CA that are on the message bus, so this may cause unexpected results.
+
+Generate the CA, the certificate to be used by fedmsg, and the CRL with::
+
+    $ python manage.py gendevfedmsgcert
+
+Setup Apache to host the CRL::
+
+    $ dnf install httpd && systemctl enable httpd && systemctl start httpd
+    $ mkdir -p /var/www/html/crl
+    $ ln -s /opt/fm-orchestrator/pki/ca.crl /var/www/html/crl/ca.crl
+    $ ln -s /opt/fm-orchestrator/pki/ca.crt /var/www/html/crl/ca.crt
+
+Create a directory to house the fedmsg cache::
+
+    $ mkdir -p /etc/pki/fedmsg
+
+Then uncomment the fedmsg signing configuration in fedmsg.d/rida.py.

fedmsg.d/rida.py

@@ -8,4 +8,21 @@ config = {
             "tcp://127.0.0.1:300%i" % i for i in range(10)
         ],
     },
+
+    # Start of code signing configuration
+    # 'sign_messages': True,
+    # 'validate_signatures': True,
+    # 'crypto_backend': 'x509',
+    # 'crypto_validate_backends': ['x509'],
+    # 'ssldir': '/opt/fm-orchestrator/pki',
+    # 'crl_location': 'http://localhost/crl/ca.crl',
+    # 'crl_cache': '/etc/pki/fedmsg/crl.pem',
+    # 'crl_cache_expiry': 10,
+    # 'ca_cert_location': 'http://localhost/crl/ca.crt',
+    # 'ca_cert_cache': '/etc/pki/fedmsg/ca.crt',
+    # 'ca_cert_cache_expiry': 0,  # Never expires
+    # 'certnames': {
+    #     'rida.localhost': 'localhost'
+    # }
+    # End of code signing configuration
 }