diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2019-12-19 22:16:50 +0100 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2019-12-19 23:48:02 +0100 |
| commit | d8169d05bb9e7d70597a646c95ee4001809070ac (patch) | |
| tree | 9278aa6faf92729874a6ed9c24f00d44afafdaf1 /guix/gnupg.scm | |
| parent | 6a0b9500f91683ebc225ae06f01bb9c4d3c27d1d (diff) | |
| download | guix-d8169d05bb9e7d70597a646c95ee4001809070ac.tar guix-d8169d05bb9e7d70597a646c95ee4001809070ac.tar.gz | |
gnupg: Compile regexps only once.
This halves the run time on a large number of subsequent 'gnupg-verify'
calls.
* guix/gnupg.scm (sigid-rx, goodsig-rx, validsig-rx, expkeysig-rx)
(errsig-rx): New variables, lifted from...
(gnupg-verify)[status-line->sexp]: ... here.
Diffstat (limited to 'guix/gnupg.scm')
| -rw-r--r-- | guix/gnupg.scm | 36 |
1 files changed, 19 insertions, 17 deletions
diff --git a/guix/gnupg.scm b/guix/gnupg.scm index 5b11aa93fa..35ab779e9c 100644 --- a/guix/gnupg.scm +++ b/guix/gnupg.scm @@ -59,6 +59,25 @@ ;; unreliable. (make-parameter "pool.sks-keyservers.net")) +;; Regexps for status lines. See file `doc/DETAILS' in GnuPG. + +(define sigid-rx + (make-regexp + "^\\[GNUPG:\\] SIG_ID ([A-Za-z0-9+/]+) ([[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}) ([[:digit:]]+)")) +(define goodsig-rx + (make-regexp "^\\[GNUPG:\\] GOODSIG ([[:xdigit:]]+) (.+)$")) +(define validsig-rx + (make-regexp + "^\\[GNUPG:\\] VALIDSIG ([[:xdigit:]]+) ([[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}) ([[:digit:]]+) .*$")) +(define expkeysig-rx ; good signature, but expired key + (make-regexp "^\\[GNUPG:\\] EXPKEYSIG ([[:xdigit:]]+) (.*)$")) +(define errsig-rx + ;; Note: The fingeprint part (the last element of the line) appeared in + ;; GnuPG 2.2.7 according to 'doc/DETAILS', and it may be missing. + (make-regexp + "^\\[GNUPG:\\] ERRSIG ([[:xdigit:]]+) ([^ ]+) ([^ ]+) ([^ ]+) ([[:digit:]]+) ([[:digit:]]+)(.*)")) + + (define* (gnupg-verify sig file #:optional (keyring (current-keyring))) "Verify signature SIG for FILE against the keys in KEYRING. All the keys in @@ -71,23 +90,6 @@ revoked. Return a status s-exp if GnuPG failed." (fpr fpr))) (define (status-line->sexp line) - ;; See file `doc/DETAILS' in GnuPG. - (define sigid-rx - (make-regexp - "^\\[GNUPG:\\] SIG_ID ([A-Za-z0-9+/]+) ([[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}) ([[:digit:]]+)")) - (define goodsig-rx - (make-regexp "^\\[GNUPG:\\] GOODSIG ([[:xdigit:]]+) (.+)$")) - (define validsig-rx - (make-regexp - "^\\[GNUPG:\\] VALIDSIG ([[:xdigit:]]+) ([[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}) ([[:digit:]]+) .*$")) - (define expkeysig-rx ; good signature, but expired key - (make-regexp "^\\[GNUPG:\\] EXPKEYSIG ([[:xdigit:]]+) (.*)$")) - (define errsig-rx - ;; Note: The fingeprint part (the last element of the line) appeared in - ;; GnuPG 2.2.7 according to 'doc/DETAILS', and it may be missing. - (make-regexp - "^\\[GNUPG:\\] ERRSIG ([[:xdigit:]]+) ([^ ]+) ([^ ]+) ([^ ]+) ([[:digit:]]+) ([[:digit:]]+)(.*)")) - (cond ((regexp-exec sigid-rx line) => (lambda (match) |