doc: Mention how to verify signatures.
* doc/guix.texi (Binary Installation): Be more precise about signature verification. Suggested by Carl Hansen <carlhansen1234@gmail.com>.
This commit is contained in:
parent
45147b0caa
commit
daa8922abc
|
@ -312,11 +312,27 @@ Installing goes along these lines:
|
||||||
@enumerate
|
@enumerate
|
||||||
@item
|
@item
|
||||||
Download the binary tarball from
|
Download the binary tarball from
|
||||||
@indicateurl{ftp://alpha.gnu.org/gnu/guix/guix-binary-@value{VERSION}.@var{system}.tar.xz}@footnote{As
|
@indicateurl{ftp://alpha.gnu.org/gnu/guix/guix-binary-@value{VERSION}.@var{system}.tar.xz},
|
||||||
usual, make sure to download the associated @file{.sig} file and to
|
where @var{system} is @code{x86_64-linux} for an @code{x86_64} machine
|
||||||
verify the authenticity of the tarball against it!}, where @var{system}
|
already running the kernel Linux, and so on.
|
||||||
is @code{x86_64-linux} for an @code{x86_64} machine already running the
|
|
||||||
kernel Linux, and so on.
|
Make sure to download the associated @file{.sig} file and to verify the
|
||||||
|
authenticity of the tarball against it, along these lines:
|
||||||
|
|
||||||
|
@example
|
||||||
|
$ wget ftp://alpha.gnu.org/gnu/guix/guix-binary-@value{VERSION}.@var{system}.tar.xz.sig
|
||||||
|
$ gpg --verify guix-binary-@value{VERSION}.@var{system}.tar.xz.sig
|
||||||
|
@end example
|
||||||
|
|
||||||
|
If that command fails because you don't have the required public key,
|
||||||
|
then run this command to import it:
|
||||||
|
|
||||||
|
@example
|
||||||
|
$ gpg --keyserver keys.gnupg.net --recv-keys 3D9AEBB5
|
||||||
|
@end example
|
||||||
|
|
||||||
|
@noindent
|
||||||
|
and rerun the @code{gpg --verify} command.
|
||||||
|
|
||||||
@item
|
@item
|
||||||
As @code{root}, run:
|
As @code{root}, run:
|
||||||
|
|
Loading…
Reference in New Issue