rm: factory: Add info on TUF targets expiration configuration

It turned the current info on the TUF targets expiration configuration is not quite accurate. It suggests to use `<build-type>.params.TUF_TARGETS_EXPIRE` parameters which is rather an internal mechanism and should not be recommended for users. The proper way to set targets metadata default validity period is through the `tuf.targets_expire_after` parameter, this is the one that we should recommend to users. Signed-off-by: Mike Sul <[email protected]>
foundriesio · Feb 8, 2024 · a38630d · a38630d
1 parent 28a4d13
commit a38630d
Showing 1 changed file with 21 additions and 2 deletions.
diff --git a/source/reference-manual/factory/factory-definition.rst b/source/reference-manual/factory/factory-definition.rst
@@ -46,6 +46,27 @@ notify:
 
         **Default:** ``false``
 
+.. _def-tuf-expiration:
+
+``tuf``
+-------
+Configures the validity period of the Factory TUF targets role metadata
+
+.. sidebar:: ``tuf:`` Section Example
+
+    .. code-block:: yaml
+
+         tuf:
+           targets_expire_after: "2Y33M44D"
+
+tuf:
+  targets_expire_after: ``<validity-period>``
+    **Optional:** Validity period of the CI TUF targets metadata since Target creation by a CI build.
+    It can be expressed in years, months, and days, with each component being optional.
+    The format must follow the order of years, months, and days, as demonstrated by ``1Y3M5D``.
+
+    **Default:** ``1Y``
+
 .. _def-lmp:
 
 lmp
@@ -189,8 +210,6 @@ Variables
                Defaults to the directory mounted on the SDK build container.
                If this directory exists, it is used as the source for the shared state cache (``sstate-cache``) mirror.
                When the directory does not exist, the ``lmp-manifest`` value is used (currently points to the public HTTP shared state cache).
-* **TUF_TARGETS_EXPIRE**:
-               Is used to change the default target expiration date (default 1y).
 
 .. _def-containers: