From unknown Mon Jun 23 23:54:39 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#36844] [PATCH] doc: Add note about signing keys. Resent-From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 29 Jul 2019 22:40:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 36844 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 36844@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.1564439949885 (code B ref -1); Mon, 29 Jul 2019 22:40:02 +0000 Received: (at submit) by debbugs.gnu.org; 29 Jul 2019 22:39:09 +0000 Received: from localhost ([127.0.0.1]:49262 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hsEIP-0000ED-6M for submit@debbugs.gnu.org; Mon, 29 Jul 2019 18:39:09 -0400 Received: from lists.gnu.org ([209.51.188.17]:34911) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hsEIL-0000E4-EJ for submit@debbugs.gnu.org; Mon, 29 Jul 2019 18:39:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42177) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hsEIK-0004WS-FN for guix-patches@gnu.org; Mon, 29 Jul 2019 18:39:05 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_20,RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hsEIJ-0005Np-HT for guix-patches@gnu.org; Mon, 29 Jul 2019 18:39:04 -0400 Received: from mx.sdf.org ([205.166.94.20]:51716) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hsEIJ-0005Lp-9K for guix-patches@gnu.org; Mon, 29 Jul 2019 18:39:03 -0400 Received: from Epsilon (pool-173-76-53-40.bstnma.fios.verizon.net [173.76.53.40]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x6TMcoUc016679 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO) for ; Mon, 29 Jul 2019 22:38:56 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) Date: Mon, 29 Jul 2019 18:36:01 -0400 Message-ID: <87y30gii3y.fsf@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 205.166.94.20 X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable * doc/guix.texi (Invoking guix deploy): Add note explaining that deployment targets must authorize the coordinator machine's signing key. =2D-- doc/guix.texi | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index ccc36a8a97..efed08d8fa 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -25527,6 +25527,22 @@ complex deployment may involve, for example, start= ing virtual machines through a Virtual Private Server (VPS) provider. In such a case, a different @var{environment} type would be used. =20 +Do note that you first need to generate a key pair on the coordinator mach= ine +to allow the daemon to export signed archives of files from the store +(@pxref{Invoking guix archive}). + +@example +# guix archive --generate-key +@end example + +@noindent +Each target machine must authorize the key of the master machine so that it +accepts store items it receives from the coordinator: + +@example +# guix archive --authorize < coordinator-public-key.txt +@end example + @deftp {Data Type} machine This is the data type representing a single machine in a heterogeneous Guix deployment. =2D-=20 2.22.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl0/dNEACgkQ9Qb9Fp2P 2Vq9qw//bNOl2d/IUgh9+YjsJ7OFjrPFlrFN/6qYxuke34mIhg6gM/vN1FLweDbs h3Op762VU6Qr/u6obxuRXn6dlB12sBs0eawn9OlEmgje6k6CotjSzk9eIM27wsMb NC7gGhwaWegRufIozJozqYwwn0OPv0qmXPqgPYrvbgYLdA/mbvfC34ihwQL/ZICo HrvGdUvb5Ji5GwsP4rd4ZN6o03cwwH9VTK2GumbNIIVEK31RiqYb7q0Yk/GJHgaN nlGZAM7/YbPV8tpBF33GOZ/o6HTkcXbhvK3mIaA1wBzvxgYCEs5+Kq4xvTcuPGiE qH63SvIFI04aS3poXFa3AXM9Oc5GKNLS2IekIJy1/IeB9fHJ1xQql+zK0Y5OlAaK e+LTbv2nnKhf414XBigtMQGIMWmhmATZCP3pjO9H0Fe2883z7OhnT/qOgGN+SQ4d F48qBgG068aJcZapQwxlnISf+qlKgUWn2/Hkc6/mMthfxETv2SZXZATB4sIMczXw hb6PdjsgMF74dfHwoeP99I8WNQqyulMFjMl3i9Oq9SQZfdeHK6J5j+LkI96j9afH /NSHT2qfc4KYQ6J+VqZXDdnqAjK9y8RDvZXq/tXpT2y6Wh0iAPl9+ZXYDv88SuUf CyTydNwaIvkFq71Z/0SF+IjlXa7aGP6SH7lmj918AY3/YYE7z4A= =0xpQ -----END PGP SIGNATURE----- --=-=-=-- From unknown Mon Jun 23 23:54:39 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#36844] [PATCH] doc: Add note about signing keys. Resent-From: Christopher Lemmer Webber Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 06 Aug 2019 19:33:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36844 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 36844@debbugs.gnu.org Cc: 36844-done@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.156511992815518 (code B ref -1); Tue, 06 Aug 2019 19:33:02 +0000 Received: (at submit) by debbugs.gnu.org; 6 Aug 2019 19:32:08 +0000 Received: from localhost ([127.0.0.1]:37807 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hv5Bo-000429-Bl for submit@debbugs.gnu.org; Tue, 06 Aug 2019 15:32:08 -0400 Received: from lists.gnu.org ([209.51.188.17]:35242) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hv5Bn-000420-IU for submit@debbugs.gnu.org; Tue, 06 Aug 2019 15:32:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53760) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hv5Bm-0004Kn-LD for guix-patches@gnu.org; Tue, 06 Aug 2019 15:32:07 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hv5Bl-0001bt-O5 for guix-patches@gnu.org; Tue, 06 Aug 2019 15:32:06 -0400 Received: from dustycloud.org ([2600:3c02::f03c:91ff:feae:cb51]:45444) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hv5Bl-0001bS-Ju for guix-patches@gnu.org; Tue, 06 Aug 2019 15:32:05 -0400 Received: from twig (localhost [127.0.0.1]) by dustycloud.org (Postfix) with ESMTPS id 9032426618; Tue, 6 Aug 2019 15:32:03 -0400 (EDT) References: <87y30gii3y.fsf@sdf.lonestar.org> User-agent: mu4e 1.2.0; emacs 26.2 From: Christopher Lemmer Webber In-reply-to: <87y30gii3y.fsf@sdf.lonestar.org> Date: Tue, 06 Aug 2019 15:32:03 -0400 Message-ID: <87imraozt8.fsf@dustycloud.org> MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2600:3c02::f03c:91ff:feae:cb51 X-Spam-Score: -1.3 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Looks good. Merged & pushed. Jakob L. Kreuze writes: > * doc/guix.texi (Invoking guix deploy): Add note explaining that > deployment targets must authorize the coordinator machine's signing key. > --- > doc/guix.texi | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/doc/guix.texi b/doc/guix.texi > index ccc36a8a97..efed08d8fa 100644 > --- a/doc/guix.texi > +++ b/doc/guix.texi > @@ -25527,6 +25527,22 @@ complex deployment may involve, for example, starting virtual machines through > a Virtual Private Server (VPS) provider. In such a case, a different > @var{environment} type would be used. > > +Do note that you first need to generate a key pair on the coordinator machine > +to allow the daemon to export signed archives of files from the store > +(@pxref{Invoking guix archive}). > + > +@example > +# guix archive --generate-key > +@end example > + > +@noindent > +Each target machine must authorize the key of the master machine so that it > +accepts store items it receives from the coordinator: > + > +@example > +# guix archive --authorize < coordinator-public-key.txt > +@end example > + > @deftp {Data Type} machine > This is the data type representing a single machine in a heterogeneous Guix > deployment. From unknown Mon Jun 23 23:54:39 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) Subject: bug#36844: closed (Re: [bug#36844] [PATCH] doc: Add note about signing keys.) Message-ID: References: <87imraozt8.fsf@dustycloud.org> <87y30gii3y.fsf@sdf.lonestar.org> X-Gnu-PR-Message: they-closed 36844 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 36844@debbugs.gnu.org Date: Tue, 06 Aug 2019 19:33:03 +0000 Content-Type: multipart/mixed; boundary="----------=_1565119983-15594-1" This is a multi-part message in MIME format... ------------=_1565119983-15594-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #36844: [PATCH] doc: Add note about signing keys. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 36844@debbugs.gnu.org. --=20 36844: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D36844 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1565119983-15594-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 36844-done) by debbugs.gnu.org; 6 Aug 2019 19:32:08 +0000 Received: from localhost ([127.0.0.1]:37805 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hv5Bo-000427-3G for submit@debbugs.gnu.org; Tue, 06 Aug 2019 15:32:08 -0400 Received: from dustycloud.org ([50.116.34.160]:49752) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hv5Bk-00041p-Gt for 36844-done@debbugs.gnu.org; Tue, 06 Aug 2019 15:32:06 -0400 Received: from twig (localhost [127.0.0.1]) by dustycloud.org (Postfix) with ESMTPS id 9032426618; Tue, 6 Aug 2019 15:32:03 -0400 (EDT) References: <87y30gii3y.fsf@sdf.lonestar.org> User-agent: mu4e 1.2.0; emacs 26.2 From: Christopher Lemmer Webber To: guix-patches@gnu.org Subject: Re: [bug#36844] [PATCH] doc: Add note about signing keys. In-reply-to: <87y30gii3y.fsf@sdf.lonestar.org> Date: Tue, 06 Aug 2019 15:32:03 -0400 Message-ID: <87imraozt8.fsf@dustycloud.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 36844-done Cc: 36844-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Looks good. Merged & pushed. Jakob L. Kreuze writes: > * doc/guix.texi (Invoking guix deploy): Add note explaining that > deployment targets must authorize the coordinator machine's signing key. > --- > doc/guix.texi | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/doc/guix.texi b/doc/guix.texi > index ccc36a8a97..efed08d8fa 100644 > --- a/doc/guix.texi > +++ b/doc/guix.texi > @@ -25527,6 +25527,22 @@ complex deployment may involve, for example, starting virtual machines through > a Virtual Private Server (VPS) provider. In such a case, a different > @var{environment} type would be used. > > +Do note that you first need to generate a key pair on the coordinator machine > +to allow the daemon to export signed archives of files from the store > +(@pxref{Invoking guix archive}). > + > +@example > +# guix archive --generate-key > +@end example > + > +@noindent > +Each target machine must authorize the key of the master machine so that it > +accepts store items it receives from the coordinator: > + > +@example > +# guix archive --authorize < coordinator-public-key.txt > +@end example > + > @deftp {Data Type} machine > This is the data type representing a single machine in a heterogeneous Guix > deployment. ------------=_1565119983-15594-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 29 Jul 2019 22:39:09 +0000 Received: from localhost ([127.0.0.1]:49262 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hsEIP-0000ED-6M for submit@debbugs.gnu.org; Mon, 29 Jul 2019 18:39:09 -0400 Received: from lists.gnu.org ([209.51.188.17]:34911) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hsEIL-0000E4-EJ for submit@debbugs.gnu.org; Mon, 29 Jul 2019 18:39:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42177) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hsEIK-0004WS-FN for guix-patches@gnu.org; Mon, 29 Jul 2019 18:39:05 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_20,RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hsEIJ-0005Np-HT for guix-patches@gnu.org; Mon, 29 Jul 2019 18:39:04 -0400 Received: from mx.sdf.org ([205.166.94.20]:51716) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hsEIJ-0005Lp-9K for guix-patches@gnu.org; Mon, 29 Jul 2019 18:39:03 -0400 Received: from Epsilon (pool-173-76-53-40.bstnma.fios.verizon.net [173.76.53.40]) (authenticated (0 bits)) by mx.sdf.org (8.15.2/8.14.5) with ESMTPSA id x6TMcoUc016679 (using TLSv1.2 with cipher AES256-GCM-SHA384 (256 bits) verified NO) for ; Mon, 29 Jul 2019 22:38:56 GMT From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) To: guix-patches@gnu.org Subject: [PATCH] doc: Add note about signing keys. Date: Mon, 29 Jul 2019 18:36:01 -0400 Message-ID: <87y30gii3y.fsf@sdf.lonestar.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 205.166.94.20 X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable * doc/guix.texi (Invoking guix deploy): Add note explaining that deployment targets must authorize the coordinator machine's signing key. =2D-- doc/guix.texi | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index ccc36a8a97..efed08d8fa 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -25527,6 +25527,22 @@ complex deployment may involve, for example, start= ing virtual machines through a Virtual Private Server (VPS) provider. In such a case, a different @var{environment} type would be used. =20 +Do note that you first need to generate a key pair on the coordinator mach= ine +to allow the daemon to export signed archives of files from the store +(@pxref{Invoking guix archive}). + +@example +# guix archive --generate-key +@end example + +@noindent +Each target machine must authorize the key of the master machine so that it +accepts store items it receives from the coordinator: + +@example +# guix archive --authorize < coordinator-public-key.txt +@end example + @deftp {Data Type} machine This is the data type representing a single machine in a heterogeneous Guix deployment. =2D-=20 2.22.0 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEa1VJLOiXAjQ2BGSm9Qb9Fp2P2VoFAl0/dNEACgkQ9Qb9Fp2P 2Vq9qw//bNOl2d/IUgh9+YjsJ7OFjrPFlrFN/6qYxuke34mIhg6gM/vN1FLweDbs h3Op762VU6Qr/u6obxuRXn6dlB12sBs0eawn9OlEmgje6k6CotjSzk9eIM27wsMb NC7gGhwaWegRufIozJozqYwwn0OPv0qmXPqgPYrvbgYLdA/mbvfC34ihwQL/ZICo HrvGdUvb5Ji5GwsP4rd4ZN6o03cwwH9VTK2GumbNIIVEK31RiqYb7q0Yk/GJHgaN nlGZAM7/YbPV8tpBF33GOZ/o6HTkcXbhvK3mIaA1wBzvxgYCEs5+Kq4xvTcuPGiE qH63SvIFI04aS3poXFa3AXM9Oc5GKNLS2IekIJy1/IeB9fHJ1xQql+zK0Y5OlAaK e+LTbv2nnKhf414XBigtMQGIMWmhmATZCP3pjO9H0Fe2883z7OhnT/qOgGN+SQ4d F48qBgG068aJcZapQwxlnISf+qlKgUWn2/Hkc6/mMthfxETv2SZXZATB4sIMczXw hb6PdjsgMF74dfHwoeP99I8WNQqyulMFjMl3i9Oq9SQZfdeHK6J5j+LkI96j9afH /NSHT2qfc4KYQ6J+VqZXDdnqAjK9y8RDvZXq/tXpT2y6Wh0iAPl9+ZXYDv88SuUf CyTydNwaIvkFq71Z/0SF+IjlXa7aGP6SH7lmj918AY3/YYE7z4A= =0xpQ -----END PGP SIGNATURE----- --=-=-=-- ------------=_1565119983-15594-1--