On Sat, May 01, 2021 at 05:25:45PM -0400, Leo Famulari wrote: > Maybe we should update the manual to mention "1.3.0rc1" and the correct > key.
I've attached a patch. > > 1. Testing the binary tarball on the distro of your choice. You can > > download <https://guix.gnu.org/install.sh>. Uncomment the > > ‘GNU_URL’ variable assignment that refers to alpha.gnu.org and it > > should pick up 1.3.0rc1 automatically. > > The install.sh script also recommends installing Ludo's key, but of > course fails to verify the signature with it. After installing Ludo's > key, the installer does suggest the correct key — Maxim's. I looked at 'guix-install.sh' and see that it recommends both Ludo's and Maxim's keys. It's not great that it fails, recommends users to download Ludo's key, and then fails again. I tried re-sorting the array so that Maxim's key is first but, no matter what, it still requires every key in the GPG_SIGNING_KEY array, and the user will have to try the script three times before it can succeed. If the next release is signed by someone besides Ludo or Maxim, then the script will require four runs, etc. It's annoying but hard to work around because the script is distributed via that unversioned URL show above. Ideas?
>From 205c786b985bd7cb2754aadf3adf91e1401b9d1b Mon Sep 17 00:00:00 2001 From: Leo Famulari <l...@famulari.name> Date: Sat, 1 May 2021 23:54:03 -0400 Subject: [PATCH] doc: Update the release signing key for 1.3.0rc1. * doc/guix.texi (OPENPGP-SIGNING-KEY-ID): Use Maxim Cournoyer's key. (OPENPGP-SIGNING-KEY-URL): Adjust accordingly. --- doc/guix.texi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index dbea5cadcb..3ca681a48b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -10,8 +10,8 @@ @include version.texi @c Identifier of the OpenPGP key used to sign tarballs and such. -@set OPENPGP-SIGNING-KEY-ID 3CE464558A84FDC69DB40CFB090B11993D9AEBB5 -@set OPENPGP-SIGNING-KEY-URL https://sv.gnu.org/people/viewgpg.php?user_id=15145 +@set OPENPGP-SIGNING-KEY-ID 27D586A4F8900854329FF09F1260E46482E63562 +@set OPENPGP-SIGNING-KEY-URL https://sv.gnu.org/people/viewgpg.php?user_id=127547 @c Base URL for downloads. @set BASE-URL https://ftp.gnu.org/gnu/guix -- 2.31.1
