summaryrefslogtreecommitdiff
path: root/guix/gnupg.scm
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2019-12-18 17:19:00 +0100
committerLudovic Courtès <ludo@gnu.org>2019-12-18 23:48:12 +0100
commit9cfa322579e1be0adf0e2e1c489d336a4e5eedf7 (patch)
tree8f16c19c5a75514a9bd4c3294cc89b3e6bc26ff0 /guix/gnupg.scm
parent6afea7489b76c8db58d4f389fdbedc7c2b8992bd (diff)
gnupg: 'gnupg-status-good-signature?' no longer returns a key ID.
Returning a key ID was inconsequential because the only user of 'gnupg-status-good-signature?', (guix upstream) (via 'gnupg-verify*'), would not check the return value as long as it's true. * guix/gnupg.scm (gnupg-status-good-signature?): Return a fingerprint/user pair instead of key-id/user. (gnupg-verify*): Mention it in docstring.
Diffstat (limited to 'guix/gnupg.scm')
-rw-r--r--guix/gnupg.scm21
1 files changed, 12 insertions, 9 deletions
diff --git a/guix/gnupg.scm b/guix/gnupg.scm
index 40feb44561..bf01c7fe0b 100644
--- a/guix/gnupg.scm
+++ b/guix/gnupg.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2010, 2011, 2013, 2014, 2016, 2018 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2010, 2011, 2013, 2014, 2016, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
;;;
;;; This file is part of GNU Guix.
@@ -142,13 +142,15 @@ revoked. Return a status s-exp if GnuPG failed."
(define (gnupg-status-good-signature? status)
"If STATUS, as returned by `gnupg-verify', denotes a good signature, return
-a key-id/user pair; return #f otherwise."
- (any (lambda (sexp)
- (match sexp
- (((or 'good-signature 'expired-key-signature) key-id user)
- (cons key-id user))
- (_ #f)))
- status))
+a fingerprint/user pair; return #f otherwise."
+ (match (assq 'valid-signature status)
+ (('valid-signature fingerprint date timestamp)
+ (match (or (assq 'good-signature status)
+ (assq 'expired-key-signature status))
+ ((_ key-id user) (cons fingerprint user))
+ (_ #f)))
+ (_
+ #f)))
(define (gnupg-status-missing-key? status)
"If STATUS denotes a missing-key error, then return the key-id of the
@@ -178,7 +180,8 @@ missing key."
"Like `gnupg-verify', but try downloading the public key if it's missing.
Return #t if the signature was good, #f otherwise. KEY-DOWNLOAD specifies a
download policy for missing OpenPGP keys; allowed values: 'always', 'never',
-and 'interactive' (default)."
+and 'interactive' (default). Return a fingerprint/user name pair on success
+and #f otherwise."
(let ((status (gnupg-verify sig file)))
(or (gnupg-status-good-signature? status)
(let ((missing (gnupg-status-missing-key? status)))