From d34e9114e679666dfbf7caf577117010eca20520 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Mon, 2 Sep 2019 11:28:18 +0200 Subject: doc: Explain that "guix import" and "guix refresh" may need GnuPG. Fixes . Reported by Jesse Gibbons . * doc/guix.texi (Invoking guix import, Invoking guix refresh): Mention that GnuPG must be installed. --- doc/guix.texi | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 031ee53295..0510f57c23 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -8509,8 +8509,13 @@ guix import @var{importer} @var{options}@dots{} @var{importer} specifies the source from which to import package metadata, and @var{options} specifies a package identifier and other -options specific to @var{importer}. Currently, the available -``importers'' are: +options specific to @var{importer}. + +Some of the importers rely on the ability to run the @command{gpgv} command. +For these, GnuPG must be installed and in @code{$PATH}; run @code{guix install +gnupg} if needed. + +Currently, the available ``importers'' are: @table @code @item gnu @@ -8959,7 +8964,10 @@ update the version numbers and source tarball hashes of those package recipes (@pxref{Defining Packages}). This is achieved by downloading each package's latest source tarball and its associated OpenPGP signature, authenticating the downloaded tarball against its signature -using @command{gpg}, and finally computing its hash. When the public +using @command{gpgv}, and finally computing its hash---note that GnuPG must be +installed and in @code{$PATH}; run @code{guix install gnupg} if needed. + +When the public key used to sign the tarball is missing from the user's keyring, an attempt is made to automatically retrieve it from a public key server; when this is successful, the key is added to the user's keyring; otherwise, -- cgit v1.2.3