diff options
| author | Nikita Karetnikov <nikita@karetnikov.org> | 2013-06-10 07:46:13 +0000 |
|---|---|---|
| committer | Nikita Karetnikov <nikita@karetnikov.org> | 2013-06-10 08:15:17 +0000 |
| commit | 392b5d8cab0c676f19d14a139f14802ef0237ddf (patch) | |
| tree | cb8ef6410db89e6282c94aab63b3313c777c64f8 /guix/gnupg.scm | |
| parent | e20ec9cc5165f1312bd1a057bf4da48bb5102385 (diff) | |
| download | gnu-guix-392b5d8cab0c676f19d14a139f14802ef0237ddf.tar gnu-guix-392b5d8cab0c676f19d14a139f14802ef0237ddf.tar.gz | |
guix refresh: Add '--key-download'.
* guix/gnu-maintenance.scm (download-tarball): Add a 'key-download'
keyword argument and pass it to 'gnupg-verify*'. Make
'archive-type' a keyword argument.
(package-update): Add a 'key-download' keyword argument. Pass
'archive-type' and 'key-download' keyword arguments to
'download-tarball'.
* guix/gnupg.scm: Import (ice-9 i18n) and (guix ui).
(gnupg-verify*): Add a 'key-download' keyword argument and adjust
'gnupg-verify*' to use it. Make 'server' a keyword argument.
* guix/scripts/refresh.scm (show-help, %options): Add and document
'--key-download'.
(update-package): Add a 'key-download' keyword argument and pass it
to 'package-update'.
(guix-refresh): Pass 'key-download' to 'update-package'. Limit
lines to a maximum of 79 characters.
Diffstat (limited to 'guix/gnupg.scm')
| -rw-r--r-- | guix/gnupg.scm | 36 |
1 files changed, 30 insertions, 6 deletions
diff --git a/guix/gnupg.scm b/guix/gnupg.scm index c17a495f81..29ddc78e27 100644 --- a/guix/gnupg.scm +++ b/guix/gnupg.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2010, 2011, 2013 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -21,7 +22,9 @@ #:use-module (ice-9 match) #:use-module (ice-9 regex) #:use-module (ice-9 rdelim) + #:use-module (ice-9 i18n) #:use-module (srfi srfi-1) + #:use-module (guix ui) #:export (%gpg-command %openpgp-key-server gnupg-verify @@ -145,16 +148,37 @@ missing key." (define (gnupg-receive-keys key-id server) (system* (%gpg-command) "--keyserver" server "--recv-keys" key-id)) -(define* (gnupg-verify* sig file #:optional (server (%openpgp-key-server))) +(define* (gnupg-verify* sig file + #:key (key-download 'interactive) + (server (%openpgp-key-server))) "Like `gnupg-verify', but try downloading the public key if it's missing. -Return #t if the signature was good, #f otherwise." +Return #t if the signature was good, #f otherwise. KEY-DOWNLOAD specifies a +download policy for missing OpenPGP keys; allowed values: 'always', 'never', +and 'interactive' (default)." (let ((status (gnupg-verify sig file))) (or (gnupg-status-good-signature? status) (let ((missing (gnupg-status-missing-key? status))) + (define (download-and-try-again) + ;; Download the missing key and try again. + (begin + (gnupg-receive-keys missing server) + (gnupg-status-good-signature? (gnupg-verify sig file)))) + + (define (receive?) + (let ((answer + (begin (format #t (_ "~a~a~%") + "Would you like to download this key " + "and add it to your keyring?") + (read-line)))) + (string-match (locale-yes-regexp) answer))) + (and missing - (begin - ;; Download the missing key and try again. - (gnupg-receive-keys missing server) - (gnupg-status-good-signature? (gnupg-verify sig file)))))))) + (case key-download + ((never) #f) + ((always) + (download-and-try-again)) + (else + (and (receive?) + (download-and-try-again))))))))) ;;; gnupg.scm ends here |