summaryrefslogtreecommitdiff
path: root/guix/scripts
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2018-09-09 22:15:19 +0200
committerLudovic Courtès <ludo@gnu.org>2018-09-16 23:00:44 +0200
commitb9e1fddfd8c29b2fa6252ef52a75daa14aaabd3e (patch)
tree43525fd429276a1cd31b7bc5d80d0e5668ede081 /guix/scripts
parent3c0e16391ed9a3e3e4611b940fb393c5f2ecea63 (diff)
gnupg: Use 'gpgv' and keybox files; adjust 'guix refresh' accordingly.
* guix/gnupg.scm (%gpgv-command, current-keyring): New variables (gnupg-verify): Add optional 'keyring' parameter. Use 'gpgv' instead of 'gpg' and pass it '--keyring'. (gnupg-receive-keys): Add optional 'keyring' parameter and honor it. (gnupg-verify*): Add #:keyring and honor it. * guix/scripts/refresh.scm (%options, show-help): Add '--keyring'. (guix-refresh): Parameterize CURRENT-KEYRING. * doc/guix.texi (Invoking guix refresh): Document '--keyring' and the keybox format.
Diffstat (limited to 'guix/scripts')
-rw-r--r--guix/scripts/refresh.scm13
1 files changed, 11 insertions, 2 deletions
diff --git a/guix/scripts/refresh.scm b/guix/scripts/refresh.scm
index bcc23bd39c..58fc64db1f 100644
--- a/guix/scripts/refresh.scm
+++ b/guix/scripts/refresh.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015 Alex Kost <alezost@gmail.com>
@@ -89,6 +89,9 @@
(lambda (opt name arg result)
(alist-cons 'list-dependent? #t result)))
+ (option '("keyring") #t #f
+ (lambda (opt name arg result)
+ (alist-cons 'keyring arg result)))
(option '("key-server") #t #f
(lambda (opt name arg result)
(alist-cons 'key-server arg result)))
@@ -139,6 +142,8 @@ specified with `--select'.\n"))
be rebuilt as a result of upgrading PACKAGE..."))
(newline)
(display (G_ "
+ --keyring=FILE use FILE as the keyring of upstream OpenPGP keys"))
+ (display (G_ "
--key-server=HOST use HOST as the OpenPGP key server"))
(display (G_ "
--gpg=COMMAND use COMMAND as the GnuPG 2.x command"))
@@ -437,7 +442,11 @@ update would trigger a complete rebuild."
(%openpgp-key-server)))
(%gpg-command
(or (assoc-ref opts 'gpg-command)
- (%gpg-command))))
+ (%gpg-command)))
+ (current-keyring
+ (or (assoc-ref opts 'keyring)
+ (string-append (config-directory)
+ "/upstream/trustedkeys.kbx"))))
(for-each
(cut update-package store <> updaters
#:key-download key-download