summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2020-09-27 14:55:32 +0200
committerLudovic Courtès <ludo@gnu.org>2020-09-29 21:56:27 +0200
commitd367a7f3d00de20d5c6a88123297f878b3044fee (patch)
tree9077d6ae6d06fc0ecac778eace9ec4f261b4f7be /doc
parent8ac318068b22b34fbee9980e607020f45a5b549e (diff)
services: guix: Generate key pair if needed during activation.
* gnu/services/base.scm (guix-activation): Invoke "guix archive --generate-key". * doc/guix.texi (Invoking guix archive) (Invoking guix deploy): Mention that 'guix-service-type' takes care of generating the key pair.
Diffstat (limited to 'doc')
-rw-r--r--doc/guix.texi11
1 files changed, 7 insertions, 4 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 452453241c..e6f04e1413 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4600,9 +4600,11 @@ the store.
@item --generate-key[=@var{parameters}]
@cindex signing, archives
Generate a new key pair for the daemon. This is a prerequisite before
-archives can be exported with @option{--export}. Note that this
-operation usually takes time, because it needs to gather enough entropy
-to generate the key pair.
+archives can be exported with @option{--export}. This
+operation is usually instantaneous but it can take time if the system's
+entropy pool needs to be refilled. On Guix System,
+@code{guix-service-type} takes care of generating this key pair the
+first boot.
The generated key pair is typically stored under @file{/etc/guix}, in
@file{signing-key.pub} (public key) and @file{signing-key.sec} (private
@@ -29684,7 +29686,8 @@ a Virtual Private Server (VPS) provider. In such a case, a different
Do note that you first need to generate a key pair on the coordinator machine
to allow the daemon to export signed archives of files from the store
-(@pxref{Invoking guix archive}).
+(@pxref{Invoking guix archive}), though this step is automatic on Guix
+System:
@example
# guix archive --generate-key