guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: doc: Explain authentication in "System Installation".

From: Ludovic Courtès
Subject: 01/01: doc: Explain authentication in "System Installation".
Date: Tue, 26 Jul 2016 13:09:12 +0000 (UTC) 
civodul pushed a commit to branch master
in repository guix.

commit debc6360e111e8efc8a938b2aef28e5b3616ada8
Author: Ludovic Courtès <address@hidden>
Date:   Tue Jul 26 15:07:29 2016 +0200

    doc: Explain authentication in "System Installation".
    
    Suggested by Vincent Legoll <address@hidden>.
    
    * doc/guix.texi (OPENPGP-SIGNING-KEY-ID): New constant.
    (Binary Installation): Use it.
    (USB Stick Installation): Copy and adjust the authentication bit from
    "Binary Installation".
---
 doc/guix.texi |   27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 9fb125d..8ab4522 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -9,6 +9,9 @@
 
 @include version.texi
 
address@hidden Identifier of the OpenPGP key used to sign tarballs and such.
address@hidden OPENPGP-SIGNING-KEY-ID 090B11993D9AEBB5
+
 @copying
 Copyright @copyright{} 2012, 2013, 2014, 2015, 2016 Ludovic address@hidden
 Copyright @copyright{} 2013, 2014, 2016 Andreas address@hidden
@@ -374,6 +377,7 @@ Download the binary tarball from
 where @var{system} is @code{x86_64-linux} for an @code{x86_64} machine
 already running the kernel Linux, and so on.
 
address@hidden The following is somewhat duplicated in ``System Installation''.
 Make sure to download the associated @file{.sig} file and to verify the
 authenticity of the tarball against it, along these lines:
 
@@ -386,11 +390,12 @@ If that command fails because you do not have the 
required public key,
 then run this command to import it:
 
 @example
-$ gpg --keyserver pgp.mit.edu --recv-keys 090B11993D9AEBB5
+$ gpg --keyserver pgp.mit.edu --recv-keys @value{OPENPGP-SIGNING-KEY-ID}
 @end example
 
 @noindent
 and rerun the @code{gpg --verify} command.
address@hidden end authentication part
 
 @item
 As @code{root}, run:
@@ -6134,6 +6139,26 @@ for a GNU/Linux system on Intel/AMD-compatible 64-bit 
CPUs;
 for a 32-bit GNU/Linux system on Intel-compatible CPUs.
 @end table
 
address@hidden start duplication of authentication part from ``Binary 
Installation''
+Make sure to download the associated @file{.sig} file and to verify the
+authenticity of the image against it, along these lines:
+
address@hidden
+$ wget ftp://alpha.gnu.org/gnu/guix/address@hidden@var{system}.xz.sig
+$ gpg --verify address@hidden@var{system}.xz.sig
address@hidden example
+
+If that command fails because you do not have the required public key,
+then run this command to import it:
+
address@hidden
+$ gpg --keyserver pgp.mit.edu --recv-keys @value{OPENPGP-SIGNING-KEY-ID}
address@hidden example
+
address@hidden
+and rerun the @code{gpg --verify} command.
address@hidden end duplication
+
 This image contains a single partition with the tools necessary for an
 installation.  It is meant to be copied @emph{as is} to a large-enough
 USB stick.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]