summary refs log tree commit diff
diff options
context:
space:
mode:
authorMarius Bakke <marius@gnu.org>2021-12-01 01:31:46 +0100
committerMarius Bakke <marius@gnu.org>2021-12-05 14:40:08 +0100
commitf63fb61d0caff7cb592cadfe36802940517c1ea8 (patch)
tree69321e4bd78820870597148d38276bbdff5c3664
parente166e6acf672d0350e16f47996b5157531e72ef5 (diff)
downloadguix-f63fb61d0caff7cb592cadfe36802940517c1ea8.tar.gz
import: PyPI: Validate GPG signatures when applicable.
* guix/import/pypi.scm (<distribution>): Fix funny typo.
(latest-release): When the distribution has a cryptographic signature, pass it
along to UPSTREAM-SOURCE.
Diffstat
-rw-r--r--guix/import/pypi.scm11
1 files changed, 8 insertions, 3 deletions
diff --git a/guix/import/pypi.scm b/guix/import/pypi.scm
index 418a3556ec..bbbabe4c09 100644
--- a/guix/import/pypi.scm
+++ b/guix/import/pypi.scm
@@ -10,6 +10,7 @@
 ;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2020 Martin Becze <mjbecze@riseup.net>
 ;;; Copyright © 2021 Xinglu Chen <public@yoctocell.xyz>
+;;; Copyright © 2021 Marius Bakke <marius@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -113,7 +114,7 @@
   (url          distribution-url)                  ;string
   (digests      distribution-digests)              ;list of string pairs
   (file-name    distribution-file-name "filename") ;string
-  (has-signature? distribution-has-signature? "hash_sig") ;Boolean
+  (has-signature? distribution-has-signature? "has_sig") ;Boolean
   (package-type distribution-package-type "packagetype") ;"bdist_wheel" | ...
   (python-version distribution-package-python-version
                   "python_version"))
@@ -540,10 +541,14 @@ VERSION, SOURCE-URL, HOME-PAGE, SYNOPSIS, DESCRIPTION, and LICENSE."
          (guard (c ((missing-source-error? c) #f))
            (let* ((info    (pypi-project-info pypi-package))
                   (version (project-info-version info))
-                  (url     (distribution-url
-                            (source-release pypi-package))))
+                  (dist    (source-release pypi-package))
+                  (url     (distribution-url dist)))
              (upstream-source
               (urls (list url))
+              (signature-urls
+               (if (distribution-has-signature? dist)
+                   (list (string-append url ".asc"))
+                   #f))
               (input-changes
                (changed-inputs package
                                (pypi->guix-package pypi-name)))
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-30 12:45:22 +0000