[PATCH] doc: Add note about signing keys.

  • Done
  • quality assurance status badge
Details
2 participants
  • Christopher Lemmer Webber
  • Jakob L. Kreuze
Owner
unassigned
Submitted by
Jakob L. Kreuze
Severity
normal
J
J
Jakob L. Kreuze wrote on 30 Jul 2019 00:36
(address . guix-patches@gnu.org)
87y30gii3y.fsf@sdf.lonestar.org
* doc/guix.texi (Invoking guix deploy): Add note explaining that
deployment targets must authorize the coordinator machine's signing key.
---
doc/guix.texi | 16 ++++++++++++++++
1 file changed, 16 insertions(+)

Toggle diff (29 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index ccc36a8a97..efed08d8fa 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -25527,6 +25527,22 @@ complex deployment may involve, for example, starting virtual machines through
a Virtual Private Server (VPS) provider. In such a case, a different
@var{environment} type would be used.
+Do note that you first need to generate a key pair on the coordinator machine
+to allow the daemon to export signed archives of files from the store
+(@pxref{Invoking guix archive}).
+
+@example
+# guix archive --generate-key
+@end example
+
+@noindent
+Each target machine must authorize the key of the master machine so that it
+accepts store items it receives from the coordinator:
+
+@example
+# guix archive --authorize < coordinator-public-key.txt
+@end example
+
@deftp {Data Type} machine
This is the data type representing a single machine in a heterogeneous Guix
deployment.
--
2.22.0
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl0/dNEACgkQ9Qb9Fp2P
2Vq9qw//bNOl2d/IUgh9+YjsJ7OFjrPFlrFN/6qYxuke34mIhg6gM/vN1FLweDbs
h3Op762VU6Qr/u6obxuRXn6dlB12sBs0eawn9OlEmgje6k6CotjSzk9eIM27wsMb
NC7gGhwaWegRufIozJozqYwwn0OPv0qmXPqgPYrvbgYLdA/mbvfC34ihwQL/ZICo
HrvGdUvb5Ji5GwsP4rd4ZN6o03cwwH9VTK2GumbNIIVEK31RiqYb7q0Yk/GJHgaN
nlGZAM7/YbPV8tpBF33GOZ/o6HTkcXbhvK3mIaA1wBzvxgYCEs5+Kq4xvTcuPGiE
qH63SvIFI04aS3poXFa3AXM9Oc5GKNLS2IekIJy1/IeB9fHJ1xQql+zK0Y5OlAaK
e+LTbv2nnKhf414XBigtMQGIMWmhmATZCP3pjO9H0Fe2883z7OhnT/qOgGN+SQ4d
F48qBgG068aJcZapQwxlnISf+qlKgUWn2/Hkc6/mMthfxETv2SZXZATB4sIMczXw
hb6PdjsgMF74dfHwoeP99I8WNQqyulMFjMl3i9Oq9SQZfdeHK6J5j+LkI96j9afH
/NSHT2qfc4KYQ6J+VqZXDdnqAjK9y8RDvZXq/tXpT2y6Wh0iAPl9+ZXYDv88SuUf
CyTydNwaIvkFq71Z/0SF+IjlXa7aGP6SH7lmj918AY3/YYE7z4A=
=0xpQ
-----END PGP SIGNATURE-----

C
C
Christopher Lemmer Webber wrote on 6 Aug 2019 21:32
(address . guix-patches@gnu.org)(address . 36844-done@debbugs.gnu.org)
87imraozt8.fsf@dustycloud.org
Looks good. Merged & pushed.

Jakob L. Kreuze writes:

Toggle quote (33 lines)
> * doc/guix.texi (Invoking guix deploy): Add note explaining that
> deployment targets must authorize the coordinator machine's signing key.
> ---
> doc/guix.texi | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index ccc36a8a97..efed08d8fa 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -25527,6 +25527,22 @@ complex deployment may involve, for example, starting virtual machines through
> a Virtual Private Server (VPS) provider. In such a case, a different
> @var{environment} type would be used.
>
> +Do note that you first need to generate a key pair on the coordinator machine
> +to allow the daemon to export signed archives of files from the store
> +(@pxref{Invoking guix archive}).
> +
> +@example
> +# guix archive --generate-key
> +@end example
> +
> +@noindent
> +Each target machine must authorize the key of the master machine so that it
> +accepts store items it receives from the coordinator:
> +
> +@example
> +# guix archive --authorize < coordinator-public-key.txt
> +@end example
> +
> @deftp {Data Type} machine
> This is the data type representing a single machine in a heterogeneous Guix
> deployment.
?