From 96dfbc46c00b8bf7c7cfa80f956f9b223d142c58 Mon Sep 17 00:00:00 2001
From: yanosz <yanosz@users.noreply.github.com>
Date: Tue, 24 Nov 2020 20:54:06 +0100
Subject: [PATCH] docs: Document location and handling of opkg keypair

Co-Authored-By: Martin Weinelt <martin@darmstadt.freifunk.net>
---
 docs/user/getting_started.rst | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/user/getting_started.rst b/docs/user/getting_started.rst
index 1cf3bc23..f669b876 100644
--- a/docs/user/getting_started.rst
+++ b/docs/user/getting_started.rst
@@ -159,6 +159,14 @@ to sign the generated package repository).
 OpenWrt will handle the generation and handling of the keys itself.
 When making firmware releases based on Gluon, it might make sense to store
 the keypair, so updating the module repository later is possible.
+In fact you should take care to reuse the same opkg keypair, so you don't pollute the key
+store (see ``/etc/opkg/keys``) on the node.
+
+The signing-key is stored at ``openwrt/key-build.pub``, ``openwrt/key-build``,
+``key-build.ucert`` and  ``key-build.ucert.revoke``.
+
+The ``openwrt`` directory is the Git checkout, that gets created after calling ``make update``.
+After making a fresh clone copy the key files to the aforementioned locations.
 
 .. _getting-started-make-variables: