diff options
author | Ludovic Courtès <ludo@gnu.org> | 2013-05-11 12:44:19 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2013-05-11 14:32:20 +0200 |
commit | 0ba91c945be8a963ac9d11ae538c4e8b30374558 (patch) | |
tree | fcf1517635aeb138d01ace91a4638f1a395e7762 | |
parent | 8cc9e7f9d882c47c5522424b9d2f0b2053e4406f (diff) | |
download | guix-0ba91c945be8a963ac9d11ae538c4e8b30374558.tar.gz |
gnupg: Turn the GPG command name and keyserver into parameters.
* guix/gnupg.scm (%gpg-command): Turn into a SRFI-39 parameter. (%openpgp-key-server): Likewise. Default to pgp.mit.edu, as keys.gnupg.net is unreliable. Update users.
-rw-r--r-- | guix/gnupg.scm | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/guix/gnupg.scm b/guix/gnupg.scm index ee67bea91b..c17a495f81 100644 --- a/guix/gnupg.scm +++ b/guix/gnupg.scm @@ -22,7 +22,9 @@ #:use-module (ice-9 regex) #:use-module (ice-9 rdelim) #:use-module (srfi srfi-1) - #:export (gnupg-verify + #:export (%gpg-command + %openpgp-key-server + gnupg-verify gnupg-verify* gnupg-status-good-signature? gnupg-status-missing-key?)) @@ -33,8 +35,14 @@ ;;; ;;; Code: -(define %gpg-command "gpg2") -(define %openpgp-key-server "keys.gnupg.net") +(define %gpg-command + ;; The GnuPG 2.x command-line program name. + (make-parameter "gpg2")) + +(define %openpgp-key-server + ;; The default key server. Note that keys.gnupg.net appears to be + ;; unreliable. + (make-parameter "pgp.mit.edu")) (define (gnupg-verify sig file) "Verify signature SIG for FILE. Return a status s-exp if GnuPG failed." @@ -106,7 +114,7 @@ (loop (read-line input) (cons (status-line->sexp line) result))))) - (let* ((pipe (open-pipe* OPEN_READ %gpg-command "--status-fd=1" + (let* ((pipe (open-pipe* OPEN_READ (%gpg-command) "--status-fd=1" "--verify" sig file)) (status (parse-status pipe))) ;; Ignore PIPE's exit status since STATUS above should contain all the @@ -135,9 +143,9 @@ missing key." status)) (define (gnupg-receive-keys key-id server) - (system* %gpg-command "--keyserver" server "--recv-keys" key-id)) + (system* (%gpg-command) "--keyserver" server "--recv-keys" key-id)) -(define* (gnupg-verify* sig file #:optional (server %openpgp-key-server)) +(define* (gnupg-verify* sig file #:optional (server (%openpgp-key-server))) "Like `gnupg-verify', but try downloading the public key if it's missing. Return #t if the signature was good, #f otherwise." (let ((status (gnupg-verify sig file))) |