gnupg: Compile regexps only once.

This halves the run time on a large number of subsequent 'gnupg-verify'
calls.

* guix/gnupg.scm (sigid-rx, goodsig-rx, validsig-rx, expkeysig-rx)
(errsig-rx): New variables, lifted from...
(gnupg-verify)[status-line->sexp]: ... here.
This commit is contained in:
Ludovic Courtès 2019-12-19 22:16:50 +01:00
parent 6a0b9500f9
commit d8169d05bb
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5

View file

@ -59,6 +59,25 @@ (define %openpgp-key-server
;; unreliable.
(make-parameter "pool.sks-keyservers.net"))
;; Regexps for status lines. See file `doc/DETAILS' in GnuPG.
(define sigid-rx
(make-regexp
"^\\[GNUPG:\\] SIG_ID ([A-Za-z0-9+/]+) ([[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}) ([[:digit:]]+)"))
(define goodsig-rx
(make-regexp "^\\[GNUPG:\\] GOODSIG ([[:xdigit:]]+) (.+)$"))
(define validsig-rx
(make-regexp
"^\\[GNUPG:\\] VALIDSIG ([[:xdigit:]]+) ([[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}) ([[:digit:]]+) .*$"))
(define expkeysig-rx ; good signature, but expired key
(make-regexp "^\\[GNUPG:\\] EXPKEYSIG ([[:xdigit:]]+) (.*)$"))
(define errsig-rx
;; Note: The fingeprint part (the last element of the line) appeared in
;; GnuPG 2.2.7 according to 'doc/DETAILS', and it may be missing.
(make-regexp
"^\\[GNUPG:\\] ERRSIG ([[:xdigit:]]+) ([^ ]+) ([^ ]+) ([^ ]+) ([[:digit:]]+) ([[:digit:]]+)(.*)"))
(define* (gnupg-verify sig file
#:optional (keyring (current-keyring)))
"Verify signature SIG for FILE against the keys in KEYRING. All the keys in
@ -71,23 +90,6 @@ (define (maybe-fingerprint str)
(fpr fpr)))
(define (status-line->sexp line)
;; See file `doc/DETAILS' in GnuPG.
(define sigid-rx
(make-regexp
"^\\[GNUPG:\\] SIG_ID ([A-Za-z0-9+/]+) ([[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}) ([[:digit:]]+)"))
(define goodsig-rx
(make-regexp "^\\[GNUPG:\\] GOODSIG ([[:xdigit:]]+) (.+)$"))
(define validsig-rx
(make-regexp
"^\\[GNUPG:\\] VALIDSIG ([[:xdigit:]]+) ([[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}) ([[:digit:]]+) .*$"))
(define expkeysig-rx ; good signature, but expired key
(make-regexp "^\\[GNUPG:\\] EXPKEYSIG ([[:xdigit:]]+) (.*)$"))
(define errsig-rx
;; Note: The fingeprint part (the last element of the line) appeared in
;; GnuPG 2.2.7 according to 'doc/DETAILS', and it may be missing.
(make-regexp
"^\\[GNUPG:\\] ERRSIG ([[:xdigit:]]+) ([^ ]+) ([^ ]+) ([^ ]+) ([[:digit:]]+) ([[:digit:]]+)(.*)"))
(cond ((regexp-exec sigid-rx line)
=>
(lambda (match)