From daa8922abc63b2491490ad1898b613f5653a19b1 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Fri, 1 Jan 2016 19:01:05 +0100 Subject: doc: Mention how to verify signatures. * doc/guix.texi (Binary Installation): Be more precise about signature verification. Suggested by Carl Hansen . --- doc/guix.texi | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 5cdbc5deb6..7fac99ca27 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -312,11 +312,27 @@ Installing goes along these lines: @enumerate @item Download the binary tarball from -@indicateurl{ftp://alpha.gnu.org/gnu/guix/guix-binary-@value{VERSION}.@var{system}.tar.xz}@footnote{As -usual, make sure to download the associated @file{.sig} file and to -verify the authenticity of the tarball against it!}, where @var{system} -is @code{x86_64-linux} for an @code{x86_64} machine already running the -kernel Linux, and so on. +@indicateurl{ftp://alpha.gnu.org/gnu/guix/guix-binary-@value{VERSION}.@var{system}.tar.xz}, +where @var{system} is @code{x86_64-linux} for an @code{x86_64} machine +already running the kernel Linux, and so on. + +Make sure to download the associated @file{.sig} file and to verify the +authenticity of the tarball against it, along these lines: + +@example +$ wget ftp://alpha.gnu.org/gnu/guix/guix-binary-@value{VERSION}.@var{system}.tar.xz.sig +$ gpg --verify guix-binary-@value{VERSION}.@var{system}.tar.xz.sig +@end example + +If that command fails because you don't have the required public key, +then run this command to import it: + +@example +$ gpg --keyserver keys.gnupg.net --recv-keys 3D9AEBB5 +@end example + +@noindent +and rerun the @code{gpg --verify} command. @item As @code{root}, run: -- cgit v1.2.3