aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-07-26 15:07:29 +0200
committerLudovic Courtès <ludo@gnu.org>2016-07-26 15:07:29 +0200
commitdebc6360e111e8efc8a938b2aef28e5b3616ada8 (patch)
tree527437949ed27c08d72e81126f7b5cc4ef65e60e
parent6e42660b12c006f27381e516d9e5119a64788638 (diff)
downloadpatches-debc6360e111e8efc8a938b2aef28e5b3616ada8.tar
patches-debc6360e111e8efc8a938b2aef28e5b3616ada8.tar.gz
doc: Explain authentication in "System Installation".
Suggested by Vincent Legoll <vincent.legoll@gmail.com>. * doc/guix.texi (OPENPGP-SIGNING-KEY-ID): New constant. (Binary Installation): Use it. (USB Stick Installation): Copy and adjust the authentication bit from "Binary Installation".
-rw-r--r--doc/guix.texi27
1 files changed, 26 insertions, 1 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 9fb125dfea..8ab4522140 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -9,6 +9,9 @@
@include version.texi
+@c Identifier of the OpenPGP key used to sign tarballs and such.
+@set OPENPGP-SIGNING-KEY-ID 090B11993D9AEBB5
+
@copying
Copyright @copyright{} 2012, 2013, 2014, 2015, 2016 Ludovic Courtès@*
Copyright @copyright{} 2013, 2014, 2016 Andreas Enge@*
@@ -374,6 +377,7 @@ Download the binary tarball from
where @var{system} is @code{x86_64-linux} for an @code{x86_64} machine
already running the kernel Linux, and so on.
+@c The following is somewhat duplicated in ``System Installation''.
Make sure to download the associated @file{.sig} file and to verify the
authenticity of the tarball against it, along these lines:
@@ -386,11 +390,12 @@ If that command fails because you do not have the required public key,
then run this command to import it:
@example
-$ gpg --keyserver pgp.mit.edu --recv-keys 090B11993D9AEBB5
+$ gpg --keyserver pgp.mit.edu --recv-keys @value{OPENPGP-SIGNING-KEY-ID}
@end example
@noindent
and rerun the @code{gpg --verify} command.
+@c end authentication part
@item
As @code{root}, run:
@@ -6134,6 +6139,26 @@ for a GNU/Linux system on Intel/AMD-compatible 64-bit CPUs;
for a 32-bit GNU/Linux system on Intel-compatible CPUs.
@end table
+@c start duplication of authentication part from ``Binary Installation''
+Make sure to download the associated @file{.sig} file and to verify the
+authenticity of the image against it, along these lines:
+
+@example
+$ wget ftp://alpha.gnu.org/gnu/guix/guixsd-usb-install-@value{VERSION}.@var{system}.xz.sig
+$ gpg --verify guixsd-usb-install-@value{VERSION}.@var{system}.xz.sig
+@end example
+
+If that command fails because you do not have the required public key,
+then run this command to import it:
+
+@example
+$ gpg --keyserver pgp.mit.edu --recv-keys @value{OPENPGP-SIGNING-KEY-ID}
+@end example
+
+@noindent
+and rerun the @code{gpg --verify} command.
+@c end duplication
+
This image contains a single partition with the tools necessary for an
installation. It is meant to be copied @emph{as is} to a large-enough
USB stick.