GNU bug report logs - #36844
[PATCH] doc: Add note about signing keys.

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 36844 in the body.
You can then email your comments to 36844 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: zerodaysfordays <at> sdf.lonestar.org (Jakob L. Kreuze)
To: guix-patches <at> gnu.org
Subject: [PATCH] doc: Add note about signing keys.
Date: Mon, 29 Jul 2019 18:36:01 -0400

[Message part 1 (text/plain, inline)]

* doc/guix.texi (Invoking guix deploy): Add note explaining that
deployment targets must authorize the coordinator machine's signing key.
---
 doc/guix.texi | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index ccc36a8a97..efed08d8fa 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -25527,6 +25527,22 @@ complex deployment may involve, for example, starting virtual machines through
 a Virtual Private Server (VPS) provider.  In such a case, a different
 @var{environment} type would be used.
 
+Do note that you first need to generate a key pair on the coordinator machine
+to allow the daemon to export signed archives of files from the store
+(@pxref{Invoking guix archive}).
+
+@example
+# guix archive --generate-key
+@end example
+
+@noindent
+Each target machine must authorize the key of the master machine so that it
+accepts store items it receives from the coordinator:
+
+@example
+# guix archive --authorize < coordinator-public-key.txt
+@end example
+
 @deftp {Data Type} machine
 This is the data type representing a single machine in a heterogeneous Guix
 deployment.
-- 
2.22.0

[signature.asc (application/pgp-signature, inline)]

Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Christopher Lemmer Webber <cwebber <at> dustycloud.org>
To: guix-patches <at> gnu.org
Cc: 36844-done <at> debbugs.gnu.org
Subject: Re: [bug#36844] [PATCH] doc: Add note about signing keys.
Date: Tue, 06 Aug 2019 15:32:03 -0400

Looks good.  Merged & pushed.

Jakob L. Kreuze writes:

> * doc/guix.texi (Invoking guix deploy): Add note explaining that
> deployment targets must authorize the coordinator machine's signing key.
> ---
>  doc/guix.texi | 16 ++++++++++++++++
>  1 file changed, 16 insertions(+)
>
> diff --git a/doc/guix.texi b/doc/guix.texi
> index ccc36a8a97..efed08d8fa 100644
> --- a/doc/guix.texi
> +++ b/doc/guix.texi
> @@ -25527,6 +25527,22 @@ complex deployment may involve, for example, starting virtual machines through
>  a Virtual Private Server (VPS) provider.  In such a case, a different
>  @var{environment} type would be used.
>  
> +Do note that you first need to generate a key pair on the coordinator machine
> +to allow the daemon to export signed archives of files from the store
> +(@pxref{Invoking guix archive}).
> +
> +@example
> +# guix archive --generate-key
> +@end example
> +
> +@noindent
> +Each target machine must authorize the key of the master machine so that it
> +accepts store items it receives from the coordinator:
> +
> +@example
> +# guix archive --authorize < coordinator-public-key.txt
> +@end example
> +
>  @deftp {Data Type} machine
>  This is the data type representing a single machine in a heterogeneous Guix
>  deployment.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.