docs: (cli) minor updates to deploy-a-program.md

docs/src/cli/deploy-a-program.md

@@ -13,8 +13,8 @@ To deploy a program, use the Solana tools to interact with the on-chain loader
 to:
 
 - Initialize a program account
-- Upload the program's shared object to the program account's data buffer
-- Verify the uploaded program
+- Upload the program's shared object (the program binary `.so`) to the program account's data buffer
+- (optional) Verify the uploaded program
 - Finalize the program by marking the program account executable.
 
 Once deployed, anyone can execute the program by sending transactions that
@@ -25,7 +25,7 @@ reference it to the cluster.
 ### Deploy a program
 
 To deploy a program, you will need the location of the program's shared object
-(the program binary .so)
+(the program binary `.so`):
 
 ```bash
 solana program deploy <PROGRAM_FILEPATH>
@@ -48,9 +48,9 @@ If the program id is not specified on the command line the tools will first look
 for a keypair file matching the `<PROGRAM_FILEPATH>`, or internally generate a
 new keypair.
 
-A matching program keypair file is in the same directory as the program's shared
-object, and named <PROGRAM_NAME>-keypair.json. Matching program keypairs are
-generated automatically by the program build tools:
+You can typically find a matching program keypair file is in the same directory
+as the program's shared object, and named <PROGRAM_NAME>-keypair.json. Matching
+program keypairs are generated automatically by the program build tools:
 
 ```bash
 ./path-to-program/program.so
@@ -89,10 +89,10 @@ Data Length: 5216 (0x1460) bytes
 ### Redeploy a program
 
 A program can be redeployed to the same address to facilitate rapid development,
-bug fixes, or upgrades. Matching keypair files are generated once so that
-redeployments will be to the same program address.
+bug fixes, or upgrades.
 
-The command looks the same as the deployment command:
+The command looks the same as the deployment command (same keypair file that resides from file directory corresponding
+to <PROGRAM_FILEPATH>, this keypair file will be generated once and then reused):
 
 ```bash
 solana program deploy <PROGRAM_FILEPATH>
@@ -111,8 +111,8 @@ solana program deploy --max-len 200000 <PROGRAM_FILEPATH>
 
 Note that program accounts are required to be
 [rent-exempt](developing/programming-model/accounts.md#rent-exemption), and the
-`max-len` is fixed after initial deployment, so any SOL in the program accounts
-is locked up permanently.
+`max-len` **cannot be changed** after initial deployment, yet any SOL in the program accounts
+is locked up permanently and cannot be reclaimed.
 
 ### Resuming a failed deploy
 
@@ -157,7 +157,7 @@ solana program deploy --buffer <KEYPAIR_PATH> <PROGRAM_FILEPATH>
 Both program and buffer accounts can be closed and their lamport balances
 transferred to a recipient's account.
 
-If deployment fails there will be a left over buffer account that holds
+If deployment fails there will be a left-over buffer account that holds
 lamports. The buffer account can either be used to [resume a
 deploy](#resuming-a-failed-deploy) or closed.
 
@@ -209,7 +209,7 @@ solana program show --buffers --all
 
 ### Set a program's upgrade authority
 
-The program's upgrade authority must to be present to deploy a program. If no
+The program's upgrade authority must be present to deploy a program. If no
 authority is specified during program deployment, the default keypair is used as
 the authority. This is why redeploying a program in the steps above didn't
 require an authority to be explicitly specified.
@@ -232,6 +232,16 @@ Or after deployment and specifying the current authority:
 solana program set-upgrade-authority <PROGRAM_ADDRESS> --upgrade-authority <UPGRADE_AUTHORITY_SIGNER> --new-upgrade-authority <NEW_UPGRADE_AUTHORITY>
 ```
 
+In case you want to set "new upgrade authority" to a signer that you only have a pubkey of (meaning, you don't have access
+to its private key) - which is useful for things like [upgrading program using offline signer as authority](deploy-a-program.md#upgrading-program-using-offline-signer-as-authority) -
+you need to use `--skip-new-upgrade-authority-signer-check` option to inform `solana program set-upgrade-authority`
+command of your intentions (because otherwise it assumes you have access to that singer's private key and checks for
+that, to ensure you don't accidentally supply "new upgrade authority" you don't have control over):
+
+```bash
+solana program set-upgrade-authority <PROGRAM_ADDRESS> --new-upgrade-authority <NEW_UPGRADE_AUTHORITY> --skip-new-upgrade-authority-signer-check
+```
+
 ### Immutable programs
 
 A program can be marked immutable, which prevents all further redeployments, by
@@ -256,12 +266,12 @@ solana program dump <ACCOUNT_ADDRESS> <OUTPUT_FILEPATH>
 ```
 
 The dumped file will be in the same as what was deployed, so in the case of a
-shared object, the dumped file will be a fully functional shared object. Note
+shared object (the program binary `.so`), the dumped file will be a fully functional shared object. Note
 that the `dump` command dumps the entire data space, which means the output file
-will have trailing zeros after the shared object's data up to `max_len`.
+might have trailing zeros after the shared object's data up to `max_len`.
 Sometimes it is useful to dump and compare a program to ensure it matches a
-known program binary. The original program file can be zero-extended, hashed,
-and compared to the hash of the dumped file.
+known program binary. The dumped file can be zero-truncated, hashed,
+and compared to the hash of the original program file.
 
 ```bash
 $ solana dump <ACCOUNT_ADDRESS> dump.so
@@ -275,13 +285,14 @@ $ sha256sum extended.so dump.so
 Instead of deploying directly to the program account, the program can be written
 to an intermediary buffer account. Intermediary accounts can be useful for things
 like multi-entity governed programs where the governing members fist verify the
-intermediary buffer contents and then vote to allow an upgrade using it.
+intermediary buffer contents and then vote to allow an upgrade using it, or for
+[deploying programs with offline signer authority](#deploying-program-with-offline-signer-authority).
 
 ```bash
 solana program write-buffer <PROGRAM_FILEPATH>
 ```
 
-Buffer accounts support authorities like program accounts:
+Buffer accounts support different authorities (including offline signer and program account signer):
 
 ```bash
 solana program set-buffer-authority <BUFFER_ADDRESS> --new-buffer-authority <NEW_BUFFER_AUTHORITY>
@@ -297,6 +308,7 @@ the program:
 solana program deploy --program-id <PROGRAM_ADDRESS> --buffer <BUFFER_ADDRESS>
 ```
 
-Note, the buffer's authority must match the program's upgrade authority.
+Note, the buffer's authority must match the program's upgrade authority. Also, upon successful deploy
+buffer accounts contents are copied into program accounts and are erased from blockchain.
 
 Buffers also support `show` and `dump` just like programs do.