@include version.texi
-@c Identifier of the OpenPGP key used to sign tarballs and such.
-@set OPENPGP-SIGNING-KEY-ID 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
-@set OPENPGP-SIGNING-KEY-URL https://sv.gnu.org/people/viewgpg.php?user_id=15145
+@c Identifier of the OpenPGP keys used to sign tarballs and such.
+@set OPENPGP-SIGNING-KEY-ID-1 3CE464558A84FDC69DB40CFB090B11993D9AEBB5 @c ludo
+@set OPENPGP-SIGNING-KEY-URL-1 https://sv.gnu.org/people/viewgpg.php?user_id=15145
+@set OPENPGP-SIGNING-KEY-ID-2 27D586A4F8900854329FF09F1260E46482E63562 @c maxim
+@set OPENPGP-SIGNING-KEY-URL-2 https://sv.gnu.org/people/viewgpg.php?user_id=127547
@c Base URL for downloads.
@set BASE-URL https://ftp.gnu.org/gnu/guix
$ gpg --verify guix-binary-@value{VERSION}.x86_64-linux.tar.xz.sig
@end example
-If that command fails because you do not have the required public key,
-then run this command to import it:
+If that command fails because you do not have the required public keys,
+then run these commands to import them:
@example
-$ wget '@value{OPENPGP-SIGNING-KEY-URL}' \
+$ wget '@value{OPENPGP-SIGNING-KEY-URL-1}' \
+ -qO - | gpg --import -
+$ wget '@value{OPENPGP-SIGNING-KEY-URL-2}' \
-qO - | gpg --import -
@end example
$ gpg --verify guix-system-install-@value{VERSION}.x86_64-linux.iso.xz.sig
@end example
-If that command fails because you do not have the required public key,
-then run this command to import it:
+If that command fails because you do not have the required public keys,
+then run these commands to import them:
@example
-$ wget @value{OPENPGP-SIGNING-KEY-URL} \
+$ wget @value{OPENPGP-SIGNING-KEY-URL-1} \
+ -qO - | gpg --import -
+$ wget @value{OPENPGP-SIGNING-KEY-URL-2} \
-qO - | gpg --import -
@end example
@example
gpg --no-default-keyring --keyring mykeyring.kbx \
- --recv-keys @value{OPENPGP-SIGNING-KEY-ID}
+ --recv-keys @value{OPENPGP-SIGNING-KEY-ID-1}
@end example
@xref{GPG Configuration Options, @option{--keyring},, gnupg, Using the GNU
HCoop / jackhill / guix / guix.git / blobdiff