diff options
author | Ludovic Courtès <ludo@gnu.org> | 2020-07-21 12:30:24 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2020-07-21 17:50:44 +0200 |
commit | fa3d9c4db4407cebf9bdb2e251595bd25193c95e (patch) | |
tree | fcaeacde4af3e34bdb6d25694979b07d2818972c /guix/upstream.scm | |
parent | ad5cb62d4afab2b4a808121fe81c5b8db053d7fe (diff) |
upstream: 'download-tarball' gracefully handles missing signatures.
This avoids a backtrace with "guix refresh -u rdiff-backup", which has
".asc" signatures instead of ".sig".
* guix/upstream.scm (download-tarball): Gracefully handle the case where
SIG is false.
* guix/gnu-maintenance.scm (latest-savannah-release): Add comment about
'file->signature'.
Diffstat (limited to 'guix/upstream.scm')
-rw-r--r-- | guix/upstream.scm | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/guix/upstream.scm b/guix/upstream.scm index 6a57bad710..70cbfb45e8 100644 --- a/guix/upstream.scm +++ b/guix/upstream.scm @@ -326,10 +326,17 @@ values: 'interactive' (default), 'always', and 'never'." (built-derivations (list drv)) (return (derivation->output-path drv)))))))) (let-values (((status data) - (gnupg-verify* sig data #:key-download key-download))) + (if sig + (gnupg-verify* sig data + #:key-download key-download) + (values 'missing-signature data)))) (match status ('valid-signature tarball) + ('missing-signature + (warning (G_ "failed to download detached signature from ~a~%") + signature-url) + #f) ('invalid-signature (warning (G_ "signature verification failed for '~a' (key: ~a)~%") url data) |