doc/env_vars.txt: start documenting env. variables

Signed-off-by: Jan Pokorný <jpokorny@redhat.com>

2 files changed, 21 insertions, 1 deletions

diff --git a/__root__/MANIFEST.in b/__root__/MANIFEST.in
index a911458..0d7b564 100644
--- a/__root__/MANIFEST.in
+++ b/__root__/MANIFEST.in
@@ -8,6 +8,6 @@ recursive-exclude ccs-flatten ccs_flatten *.o Makefile.setup config.h .*/*
 graft clufter/tests
 recursive-include clufter tests/*
 
-recursive-include doc cib-ids.txt rgmanager-pacemaker.*
+recursive-include doc cib-ids.txt env_vars.txt rgmanager-pacemaker.*
 
 global-exclude /.*
diff --git a/__root__/doc/env_vars.txt b/__root__/doc/env_vars.txt
new file mode 100644
index 0000000..a5ef7b6
--- /dev/null
+++ b/__root__/doc/env_vars.txt
@@ -0,0 +1,20 @@
+Run-time can also be influenced with following environment variables
+({PREFIX} is normally CLUFTER):
+
+EDITOR
+editor to use for correcting invalid results, unconditional manual passes, etc.
+(should accept a filename as an argument and block until being quit by user)
+
+{PREFIX}_HASHALGO
+algorithm available from hashlib Python standard library, used to generate
+a fraction of default output filename from the input content (if the command
+arranges so);  it is not meant as a security-sensitive function
+
+{PREFIX}_NOSALT
+being paranoid by default, usage of HASHALGO is accompanied by mixing some
+additional input in (such as file's mtime) so as to prevent any undesired
+information leak (say, cluster.conf on input of ccs2pcs can contain password
+for a fence device and the digest of original and plaintext modulo obfuscated
+password are known, bruteforce attack might be able to reveal the original
+incl. the password) -- setting this variable to anything but '0' and 'false'
+disables such a paranoid mode (mainly useful for reproducible tests)