Merge pull request #225 from golemfactory/updates-Feb-14

jalas167 · web-flow · commit b9b1b4be5394 · 2024-02-16T17:18:39.000+01:00
update audited-payload example
diff --git a/src/navigation/docs.js b/src/navigation/docs.js
@@ -635,7 +635,6 @@ export const navigation = [
           },
         ],
       },
-      { title: 'Terms', href: '/docs/golem/terms' },
       {
         title: 'Payload Manifest',
         children: [
@@ -649,6 +648,7 @@ export const navigation = [
           },
         ],
       },
+      { title: 'Terms', href: '/docs/golem/terms' },
     ],
   },
 ]
diff --git a/src/pages/docs/creators/javascript/guides/golem-sdk-cli.md b/src/pages/docs/creators/javascript/guides/golem-sdk-cli.md
@@ -75,12 +75,12 @@ The manifest needs to contain the image URL pointing to the GVMI download locati
 To facilitate the process of creating a manifest, `golem-sdk` accepts multiple forms of image argument, where some of them will automatically resolve the URL and/or hash.
 Please consult the table below for more details:
 
-| Argument format                    | Example                                                                                       | Is `--image-hash` required?                 | Notes                                                                                      |
-| ---------------------------------- | --------------------------------------------------------------------------------------------- | ------------------------------------------- | ------------------------------------------------------------------------------------------ |
-| Image tag                          | `golem/node:latest`                                                                           | No, it will be automatically resolved.      | Image hash is fetched from [https://registry.golem.network]. It is the recommended method. |
-| Image hash                         | `3d6c48bb4c192708168d53cee4f36876b263b7745c3a3c239c6749cd`                                    | No, it is resolved from the image argument. | Image URL will point to [https://registry.golem.network]                                   |
-| URL to registry.golem.network      | `https://registry.golem.network/v1/image/download?tag=golem-examples/blender:2.80&https=true` | No, it is automatically resolved.           |                                                                                            |
-| URL to arbitrary download location | `https://example.com/my-image`                                                                | Yes, image-hash is required.                | Image is calculated by the gvmkit-build conversion tool.                                   |
+| Argument format                    | Example                                                                           | Is `--image-hash` required?                 | Notes                                                                                      |
+| ---------------------------------- | --------------------------------------------------------------------------------- | ------------------------------------------- | ------------------------------------------------------------------------------------------ |
+| Image tag                          | `golem/node:latest`                                                               | No, it will be automatically resolved.      | Image hash is fetched from [https://registry.golem.network]. It is the recommended method. |
+| Image hash                         | `3d6c48bb4c192708168d53cee4f36876b263b7745c3a3c239c6749cd`                        | No, it is resolved from the image argument. | Image URL will point to [https://registry.golem.network]                                   |
+| URL to registry.golem.network      | `http://registry.golem.network/v1/image/download?tag=golem-examples/blender:2.80` | No, it is automatically resolved.           |                                                                                            |
+| URL to arbitrary download location | `https://example.com/my-image`                                                    | Yes, image-hash is required.                | Image is calculated by the gvmkit-build conversion tool.                                   |
 
 If the hash is not provided or resolved, you will get a warning that the manifest will not be usable until you provide it manually.
 
diff --git a/src/pages/docs/golem/payload-manifest/index.md b/src/pages/docs/golem/payload-manifest/index.md
@@ -30,7 +30,7 @@ _Computation Payload Manifest_ must follow a specific [JSON Schema](https://gith
 Manifests can be verified using `jsonschema` library:
 
 ```sh
-wget https://docs.golem.network/golem/payload-manifest/computation-payload-manifest.schema.json
+wget https://github.com/golemfactory/yagna-docs/blob/master/requestor-tutorials/vm-runtime/computation-payload-manifest.schema.json
 pip install jsonschema
 jsonschema --instance manifest.json computation-payload-manifest.schema.json
 ```
@@ -196,6 +196,10 @@ base64 manifest.json.base64.sign.sha256 --wrap=0 > manifest.json.base64.sign.sha
 base64 author.crt.pem --wrap=0 > author.crt.pem.base64
 ```
 
+{% alert level="info" %}
+JS SDK users can utilize the [SDK CLI tool](https://docs.golem.network/docs/creators/javascript/guides/golem-sdk-cli) to create and sign manifests.
+{% /alert %}
+
 ### Self signed certificate example
 
 A basic example showing the generation of a self-signed root CA certificate to then sign the App author's certificate, and afterwards importing a generated root CA certificate into the Provider's keystore.
@@ -240,7 +244,9 @@ echo '1000' > serial.txt
 
 Then generate the CA certificate and key pair:
 
-`openssl req -new -newkey rsa:2048 -days 360 -nodes -x509 -sha256 -keyout ca.key.pem -out ca.crt.pem -config openssl-ca.conf`
+```bash
+openssl req -new -newkey rsa:2048 -days 360 -nodes -x509 -sha256 -keyout ca.key.pem -out ca.crt.pem -config openssl-ca.conf
+```
 
 #### 2. Generating Requestor certificate
 
@@ -262,14 +268,20 @@ basicConstraints = CA:true
 
 Then generate _App author's certificate_ Signing Request (use same `organizationName`):
 
-`openssl req -new -newkey rsa:2048 -days 360 -sha256 -keyout author.key.pem -out author.csr.pem -config openssl.conf`
+```bash
+openssl req -new -newkey rsa:2048 -sha256 -keyout author.key.pem -out author.csr.pem -config openssl.conf
+```
 
 Finally, generate _App author's certificate_ using CSR and CA certificate:
 
-`openssl x509 -req -in author.csr.pem -CA ca.crt.pem -CAkey ca.key.pem -CAcreateserial -out author.crt.pem`
+```bash
+openssl x509 -req -in author.csr.pem -CA ca.crt.pem -CAkey ca.key.pem -CAcreateserial -out author.crt.pem
+```
 
 #### 3. Importing application author's certificates
 
-To import the certificate into the keystore, use a [`ya-provider keystore add`](/docs/providers/configuration/outbound#managing-your-keystore) command:
+To set the rule to accept payloads with unrestricted outbound access signed by authors who holds certs from a trusted ca, use a the following command:
 
-`ya-provider keystore add ca.crt.pem`
+```bash
+ya-provider rule set outbound audited-payload import-cert ca.crt.pem --mode all
+```
