import: PyPI: Validate GPG signatures when applicable.

* guix/import/pypi.scm (<distribution>): Fix funny typo.
(latest-release): When the distribution has a cryptographic signature, pass it
along to UPSTREAM-SOURCE.
This commit is contained in:
Marius Bakke 2021-12-01 01:31:46 +01:00
parent e166e6acf6
commit f63fb61d0c
No known key found for this signature in database
GPG key ID: A2A06DF2A33A54FA

View file

@ -10,6 +10,7 @@
;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2020 Martin Becze <mjbecze@riseup.net>
;;; Copyright © 2021 Xinglu Chen <public@yoctocell.xyz>
;;; Copyright © 2021 Marius Bakke <marius@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -113,7 +114,7 @@ (define-json-mapping <distribution> make-distribution distribution?
(url distribution-url) ;string
(digests distribution-digests) ;list of string pairs
(file-name distribution-file-name "filename") ;string
(has-signature? distribution-has-signature? "hash_sig") ;Boolean
(has-signature? distribution-has-signature? "has_sig") ;Boolean
(package-type distribution-package-type "packagetype") ;"bdist_wheel" | ...
(python-version distribution-package-python-version
"python_version"))
@ -540,10 +541,14 @@ (define (latest-release package)
(guard (c ((missing-source-error? c) #f))
(let* ((info (pypi-project-info pypi-package))
(version (project-info-version info))
(url (distribution-url
(source-release pypi-package))))
(dist (source-release pypi-package))
(url (distribution-url dist)))
(upstream-source
(urls (list url))
(signature-urls
(if (distribution-has-signature? dist)
(list (string-append url ".asc"))
#f))
(input-changes
(changed-inputs package
(pypi->guix-package pypi-name)))