From 9cfa322579e1be0adf0e2e1c489d336a4e5eedf7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Wed, 18 Dec 2019 17:19:00 +0100 Subject: [PATCH] gnupg: 'gnupg-status-good-signature?' no longer returns a key ID. Returning a key ID was inconsequential because the only user of 'gnupg-status-good-signature?', (guix upstream) (via 'gnupg-verify*'), would not check the return value as long as it's true. * guix/gnupg.scm (gnupg-status-good-signature?): Return a fingerprint/user pair instead of key-id/user. (gnupg-verify*): Mention it in docstring. --- guix/gnupg.scm | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/guix/gnupg.scm b/guix/gnupg.scm index 40feb44561..bf01c7fe0b 100644 --- a/guix/gnupg.scm +++ b/guix/gnupg.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2010, 2011, 2013, 2014, 2016, 2018 Ludovic Courtès +;;; Copyright © 2010, 2011, 2013, 2014, 2016, 2018, 2019 Ludovic Courtès ;;; Copyright © 2013 Nikita Karetnikov ;;; ;;; This file is part of GNU Guix. @@ -142,13 +142,15 @@ (define (parse-status input) (define (gnupg-status-good-signature? status) "If STATUS, as returned by `gnupg-verify', denotes a good signature, return -a key-id/user pair; return #f otherwise." - (any (lambda (sexp) - (match sexp - (((or 'good-signature 'expired-key-signature) key-id user) - (cons key-id user)) - (_ #f))) - status)) +a fingerprint/user pair; return #f otherwise." + (match (assq 'valid-signature status) + (('valid-signature fingerprint date timestamp) + (match (or (assq 'good-signature status) + (assq 'expired-key-signature status)) + ((_ key-id user) (cons fingerprint user)) + (_ #f))) + (_ + #f))) (define (gnupg-status-missing-key? status) "If STATUS denotes a missing-key error, then return the key-id of the @@ -178,7 +180,8 @@ (define* (gnupg-verify* sig file "Like `gnupg-verify', but try downloading the public key if it's missing. Return #t if the signature was good, #f otherwise. KEY-DOWNLOAD specifies a download policy for missing OpenPGP keys; allowed values: 'always', 'never', -and 'interactive' (default)." +and 'interactive' (default). Return a fingerprint/user name pair on success +and #f otherwise." (let ((status (gnupg-verify sig file))) (or (gnupg-status-good-signature? status) (let ((missing (gnupg-status-missing-key? status)))