From 3bcc903be2147206adf5c55aa683dab5f1bf82ff Mon Sep 17 00:00:00 2001
From: Neale Pickett <neale@woozle.org>
Date: Sat, 10 Sep 2022 14:05:46 -0600
Subject: [PATCH] Talk about persistent secret

---
 README.md           | 9 ++++++---
 build/Containerfile | 2 +-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index aa6a9f1..b620b9a 100644
--- a/README.md
+++ b/README.md
@@ -73,9 +73,12 @@ The token is an HMAC digest of an expiration timestamp,
 plus the timestamp.
 When the HMAC is good, and the timestamp is in the future,
 the token is a valid authentication.
-This technique means there is no persistent server storage,
-but also means that if the server restarts,
-everybody has to log in again.
+This technique means there is no persistent server storage.
+
+If you use the default of pulling the session secret from the OS PRNG,
+then everybody will have to log in again every time the server restarts.
+You can use the `-secret` argument to provide a persistent secret,
+so this won't happen.
 
 Some things,
 like WebDAV,
diff --git a/build/Containerfile b/build/Containerfile
index 3683959..8aa924a 100644
--- a/build/Containerfile
+++ b/build/Containerfile
@@ -9,4 +9,4 @@ RUN go install -v ./...
 FROM alpine
 COPY --from=builder /go/bin/simpleauth /bin
 COPY --from=builder /go/src/app/static /static
-CMD ["/bin/simpleauth"]
+ENTRYPOINT ["/bin/simpleauth"]