gnupg: 'gnupg-status-missing-key?' returns a fingerprint when possible. - ~cnx/guix

diff options

author	Ludovic Courtès <ludo@gnu.org>	2019-12-18 17:37:02 +0100
committer	Ludovic Courtès <ludo@gnu.org>	2019-12-18 23:48:12 +0100
commit	217b4a1587e8b9af6526915a10e648f58234ebf0 (patch)
tree	942e6f50ddc270f7cc539c50197a16115c7575eb /CODE-OF-CONDUCT
parent	9cfa322579e1be0adf0e2e1c489d336a4e5eedf7 (diff)
download	guix-217b4a1587e8b9af6526915a10e648f58234ebf0.tar.gz

gnupg: 'gnupg-status-missing-key?' returns a fingerprint when possible.

Until then, 'gnupg-status-missing-key?' would return a key id.  Its
user, 'gnupg-verify*', would then fetch a key with that ID from key
servers, thus possibly the wrong key (due to key ID collisions).  If it
did fetch the wrong key, the effect would be a signature verification
failure down the path--e.g., in "guix refresh -u".

* guix/gnupg.scm (gnupg-verify)[maybe-fingerprint]: New procedure.
[status-line->sexp](errsig-rx): Add parenthetical expression at the end.
Fetch it and add it to the 'signature-error' sexp.
(gnupg-status-missing-key?): Match the whole 'signature-error' sexp and
return preferably the fingerprint rather than KEY-ID.
(gnupg-receive-keys): Rename 'key-id' parameter to 'fingerprint/key-id'.

Diffstat (limited to 'CODE-OF-CONDUCT')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: