diff options
author | Ludovic Courtès <ludo@gnu.org> | 2020-09-27 14:55:32 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2020-09-29 21:56:27 +0200 |
commit | d367a7f3d00de20d5c6a88123297f878b3044fee (patch) | |
tree | 9077d6ae6d06fc0ecac778eace9ec4f261b4f7be /doc | |
parent | 8ac318068b22b34fbee9980e607020f45a5b549e (diff) |
services: guix: Generate key pair if needed during activation.
* gnu/services/base.scm (guix-activation): Invoke "guix archive
--generate-key".
* doc/guix.texi (Invoking guix archive)
(Invoking guix deploy): Mention that 'guix-service-type' takes care of
generating the key pair.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/guix.texi | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 452453241c..e6f04e1413 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -4600,9 +4600,11 @@ the store. @item --generate-key[=@var{parameters}] @cindex signing, archives Generate a new key pair for the daemon. This is a prerequisite before -archives can be exported with @option{--export}. Note that this -operation usually takes time, because it needs to gather enough entropy -to generate the key pair. +archives can be exported with @option{--export}. This +operation is usually instantaneous but it can take time if the system's +entropy pool needs to be refilled. On Guix System, +@code{guix-service-type} takes care of generating this key pair the +first boot. The generated key pair is typically stored under @file{/etc/guix}, in @file{signing-key.pub} (public key) and @file{signing-key.sec} (private @@ -29684,7 +29686,8 @@ a Virtual Private Server (VPS) provider. In such a case, a different Do note that you first need to generate a key pair on the coordinator machine to allow the daemon to export signed archives of files from the store -(@pxref{Invoking guix archive}). +(@pxref{Invoking guix archive}), though this step is automatic on Guix +System: @example # guix archive --generate-key |