Hi Leo, Leo Famulari <l...@famulari.name> writes:
> On Sat, May 01, 2021 at 05:25:45PM -0400, Leo Famulari wrote: >> Maybe we should update the manual to mention "1.3.0rc1" and the correct >> key. > > I've attached a patch. > >> > 1. Testing the binary tarball on the distro of your choice. You can >> > download <https://guix.gnu.org/install.sh>. Uncomment the >> > ‘GNU_URL’ variable assignment that refers to alpha.gnu.org and it >> > should pick up 1.3.0rc1 automatically. >> >> The install.sh script also recommends installing Ludo's key, but of >> course fails to verify the signature with it. After installing Ludo's >> key, the installer does suggest the correct key — Maxim's. > > I looked at 'guix-install.sh' and see that it recommends both Ludo's and > Maxim's keys. It's not great that it fails, recommends users to download > Ludo's key, and then fails again. It should fail only once (as it currently would if Ludo's key was missing), and display two messages/two commands instead of one to get the missing keys. This is because we exit after the loop, based on the exit_flag variable value we set in the loop. Did it not behave that way for you? > I tried re-sorting the array so that Maxim's key is first but, no matter > what, it still requires every key in the GPG_SIGNING_KEY array, and the > user will have to try the script three times before it can succeed. If > the next release is signed by someone besides Ludo or Maxim, then the > script will require four runs, etc. Could you help me understand what is failing? I tested with no keys, or with just Ludovic's key, and it was working as intended when attempting to install the 1.3.0rc1 release (e.g., aborting + printing all the keys missing with the accompanying suggested commands to resolve the issue, and proceed with the installation normally thereafter) Thank you! Maxim
