summaryrefslogtreecommitdiff
path: root/guix
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2023-05-17 16:19:20 +0200
committerLudovic Courtès <ludo@gnu.org>2023-05-18 19:20:58 +0200
commitcd08d64b3a1d18cceba2fb7ec01c27b1c08f88d2 (patch)
tree9d48131c4c63df6d96eccdf072abae65fffd9271 /guix
parentfddf97456c473b1231e08aea5e8096f42f2a63a8 (diff)
refresh: Honor '--key-server'.
Previously, the '--key-server' option would be ignored in an invocation like: ./pre-inst-env guix refresh python-scipy=1.8.1 -t pypi -u \ --key-server=pgp.mit.edu * guix/upstream.scm (download-tarball): Add #:key-server parameter and pass it to 'gnupg-verify*'. (package-update/url-fetch, package-update/git-fetch) (package-update): Likewise. * guix/scripts/refresh.scm (update-package): Add #:key-server and pass it down to 'package-update'. (guix-refresh): Pass #:key-server to 'update-package'.
Diffstat (limited to 'guix')
-rw-r--r--guix/scripts/refresh.scm8
-rw-r--r--guix/upstream.scm17
2 files changed, 18 insertions, 7 deletions
diff --git a/guix/scripts/refresh.scm b/guix/scripts/refresh.scm
index 47c4d55ec4..bfa6269aa3 100644
--- a/guix/scripts/refresh.scm
+++ b/guix/scripts/refresh.scm
@@ -348,7 +348,8 @@ update would trigger a complete rebuild."
(package-name package)))
(define* (update-package store package version updaters
- #:key (key-download 'interactive) warn?)
+ #:key (key-download 'interactive) key-server
+ warn?)
"Update the source file that defines PACKAGE with the new version.
KEY-DOWNLOAD specifies a download policy for missing OpenPGP keys; allowed
values: 'interactive' (default), 'always', and 'never'. When WARN? is true,
@@ -356,7 +357,9 @@ warn about packages that have no matching updater."
(if (lookup-updater package updaters)
(let ((version output source
(package-update store package updaters
- #:key-download key-download #:version version))
+ #:version version
+ #:key-download key-download
+ #:key-server key-server))
(loc (or (package-field-location package 'version)
(package-location package))))
(when version
@@ -628,6 +631,7 @@ all are dependent packages: ~{~a~^ ~}~%")
(update-spec-package update)
(update-spec-version update)
updaters
+ #:key-server (%openpgp-key-server)
#:key-download key-download
#:warn? warn?))
update-specs)
diff --git a/guix/upstream.scm b/guix/upstream.scm
index 52fae11832..aac501c466 100644
--- a/guix/upstream.scm
+++ b/guix/upstream.scm
@@ -330,12 +330,14 @@ than that of PACKAGE."
#$output)))))
(define* (download-tarball store url signature-url
- #:key (key-download 'interactive))
+ #:key (key-download 'interactive) key-server)
"Download the tarball at URL to the store; check its OpenPGP signature at
SIGNATURE-URL, unless SIGNATURE-URL is false. On success, return the tarball
file name; return #f on failure (network failure or authentication failure).
+
KEY-DOWNLOAD specifies a download policy for missing OpenPGP keys; allowed
-values: 'interactive' (default), 'always', and 'never'."
+values: 'interactive' (default), 'always', and 'never'; KEY-SERVER specifies
+the OpenPGP key server where the key should be looked up."
(let ((tarball (download-to-store store url)))
(if (not signature-url)
tarball
@@ -356,6 +358,7 @@ values: 'interactive' (default), 'always', and 'never'."
(let-values (((status data)
(if sig
(gnupg-verify* sig data
+ #:server key-server
#:key-download key-download)
(values 'missing-signature data))))
(match status
@@ -446,7 +449,7 @@ string such as \"xz\". Otherwise return #f."
extension)))))
(define* (package-update/url-fetch store package source
- #:key key-download)
+ #:key key-download key-server)
"Return the version, tarball, and SOURCE, to update PACKAGE to
SOURCE, an <upstream-source>."
(match source
@@ -470,11 +473,13 @@ SOURCE, an <upstream-source>."
(and (pair? signature-urls)
(or signature-url
(first signature-urls)))
+ #:key-server key-server
#:key-download key-download)))
(values version tarball source))))))
-(define* (package-update/git-fetch store package source #:key key-download)
+(define* (package-update/git-fetch store package source
+ #:key key-download key-server)
"Return the version, checkout, and SOURCE, to update PACKAGE to
SOURCE, an <upstream-source>."
;; TODO: it would be nice to authenticate commits, e.g. with
@@ -495,7 +500,8 @@ SOURCE, an <upstream-source>."
(define* (package-update store package
#:optional (updaters (force %updaters))
- #:key (key-download 'interactive) (version #f))
+ #:key (version #f)
+ (key-download 'interactive) key-server)
"Return the new version, the file name of the new version tarball, and input
changes for PACKAGE; return #f (three values) when PACKAGE is up-to-date;
raise an error when the updater could not determine available releases.
@@ -532,6 +538,7 @@ this method: ~s")
(location (package-location package)))))))
((_ . update)
(update store package source
+ #:key-server key-server
#:key-download key-download))))
(values #f #f #f)))
(#f