diff options
author | Ludovic Courtès <ludo@gnu.org> | 2016-07-26 15:07:29 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2016-07-26 15:07:29 +0200 |
commit | debc6360e111e8efc8a938b2aef28e5b3616ada8 (patch) | |
tree | 527437949ed27c08d72e81126f7b5cc4ef65e60e /doc | |
parent | 6e42660b12c006f27381e516d9e5119a64788638 (diff) | |
download | guix-debc6360e111e8efc8a938b2aef28e5b3616ada8.tar.gz |
doc: Explain authentication in "System Installation".
Suggested by Vincent Legoll <vincent.legoll@gmail.com>. * doc/guix.texi (OPENPGP-SIGNING-KEY-ID): New constant. (Binary Installation): Use it. (USB Stick Installation): Copy and adjust the authentication bit from "Binary Installation".
Diffstat (limited to 'doc')
-rw-r--r-- | doc/guix.texi | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 9fb125dfea..8ab4522140 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -9,6 +9,9 @@ @include version.texi +@c Identifier of the OpenPGP key used to sign tarballs and such. +@set OPENPGP-SIGNING-KEY-ID 090B11993D9AEBB5 + @copying Copyright @copyright{} 2012, 2013, 2014, 2015, 2016 Ludovic Courtès@* Copyright @copyright{} 2013, 2014, 2016 Andreas Enge@* @@ -374,6 +377,7 @@ Download the binary tarball from where @var{system} is @code{x86_64-linux} for an @code{x86_64} machine already running the kernel Linux, and so on. +@c The following is somewhat duplicated in ``System Installation''. Make sure to download the associated @file{.sig} file and to verify the authenticity of the tarball against it, along these lines: @@ -386,11 +390,12 @@ If that command fails because you do not have the required public key, then run this command to import it: @example -$ gpg --keyserver pgp.mit.edu --recv-keys 090B11993D9AEBB5 +$ gpg --keyserver pgp.mit.edu --recv-keys @value{OPENPGP-SIGNING-KEY-ID} @end example @noindent and rerun the @code{gpg --verify} command. +@c end authentication part @item As @code{root}, run: @@ -6134,6 +6139,26 @@ for a GNU/Linux system on Intel/AMD-compatible 64-bit CPUs; for a 32-bit GNU/Linux system on Intel-compatible CPUs. @end table +@c start duplication of authentication part from ``Binary Installation'' +Make sure to download the associated @file{.sig} file and to verify the +authenticity of the image against it, along these lines: + +@example +$ wget ftp://alpha.gnu.org/gnu/guix/guixsd-usb-install-@value{VERSION}.@var{system}.xz.sig +$ gpg --verify guixsd-usb-install-@value{VERSION}.@var{system}.xz.sig +@end example + +If that command fails because you do not have the required public key, +then run this command to import it: + +@example +$ gpg --keyserver pgp.mit.edu --recv-keys @value{OPENPGP-SIGNING-KEY-ID} +@end example + +@noindent +and rerun the @code{gpg --verify} command. +@c end duplication + This image contains a single partition with the tools necessary for an installation. It is meant to be copied @emph{as is} to a large-enough USB stick. |