diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2019-12-18 17:19:00 +0100 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2019-12-18 23:48:12 +0100 |
| commit | 9cfa322579e1be0adf0e2e1c489d336a4e5eedf7 (patch) | |
| tree | 8f16c19c5a75514a9bd4c3294cc89b3e6bc26ff0 | |
| parent | 6afea7489b76c8db58d4f389fdbedc7c2b8992bd (diff) | |
| download | guix-9cfa322579e1be0adf0e2e1c489d336a4e5eedf7.tar.gz | |
gnupg: 'gnupg-status-good-signature?' no longer returns a key ID.
Returning a key ID was inconsequential because the only user of 'gnupg-status-good-signature?', (guix upstream) (via 'gnupg-verify*'), would not check the return value as long as it's true. * guix/gnupg.scm (gnupg-status-good-signature?): Return a fingerprint/user pair instead of key-id/user. (gnupg-verify*): Mention it in docstring.
| -rw-r--r-- | guix/gnupg.scm | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/guix/gnupg.scm b/guix/gnupg.scm index 40feb44561..bf01c7fe0b 100644 --- a/guix/gnupg.scm +++ b/guix/gnupg.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2010, 2011, 2013, 2014, 2016, 2018 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2010, 2011, 2013, 2014, 2016, 2018, 2019 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org> ;;; ;;; This file is part of GNU Guix. @@ -142,13 +142,15 @@ revoked. Return a status s-exp if GnuPG failed." (define (gnupg-status-good-signature? status) "If STATUS, as returned by `gnupg-verify', denotes a good signature, return -a key-id/user pair; return #f otherwise." - (any (lambda (sexp) - (match sexp - (((or 'good-signature 'expired-key-signature) key-id user) - (cons key-id user)) - (_ #f))) - status)) +a fingerprint/user pair; return #f otherwise." + (match (assq 'valid-signature status) + (('valid-signature fingerprint date timestamp) + (match (or (assq 'good-signature status) + (assq 'expired-key-signature status)) + ((_ key-id user) (cons fingerprint user)) + (_ #f))) + (_ + #f))) (define (gnupg-status-missing-key? status) "If STATUS denotes a missing-key error, then return the key-id of the @@ -178,7 +180,8 @@ missing key." "Like `gnupg-verify', but try downloading the public key if it's missing. Return #t if the signature was good, #f otherwise. KEY-DOWNLOAD specifies a download policy for missing OpenPGP keys; allowed values: 'always', 'never', -and 'interactive' (default)." +and 'interactive' (default). Return a fingerprint/user name pair on success +and #f otherwise." (let ((status (gnupg-verify sig file))) (or (gnupg-status-good-signature? status) (let ((missing (gnupg-status-missing-key? status))) |