From 9cfa322579e1be0adf0e2e1c489d336a4e5eedf7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Wed, 18 Dec 2019 17:19:00 +0100
Subject: gnupg: 'gnupg-status-good-signature?' no longer returns a key ID.

Returning a key ID was inconsequential because the only user of
'gnupg-status-good-signature?', (guix upstream) (via 'gnupg-verify*'),
would not check the return value as long as it's true.

* guix/gnupg.scm (gnupg-status-good-signature?): Return a
fingerprint/user pair instead of key-id/user.
(gnupg-verify*): Mention it in docstring.
---
 guix/gnupg.scm | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

(limited to 'guix/gnupg.scm')

diff --git a/guix/gnupg.scm b/guix/gnupg.scm
index 40feb44561..bf01c7fe0b 100644
--- a/guix/gnupg.scm
+++ b/guix/gnupg.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2010, 2011, 2013, 2014, 2016, 2018 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2010, 2011, 2013, 2014, 2016, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -142,13 +142,15 @@ revoked.  Return a status s-exp if GnuPG failed."
 
 (define (gnupg-status-good-signature? status)
   "If STATUS, as returned by `gnupg-verify', denotes a good signature, return
-a key-id/user pair; return #f otherwise."
-  (any (lambda (sexp)
-         (match sexp
-           (((or 'good-signature 'expired-key-signature) key-id user)
-            (cons key-id user))
-           (_ #f)))
-       status))
+a fingerprint/user pair; return #f otherwise."
+  (match (assq 'valid-signature status)
+    (('valid-signature fingerprint date timestamp)
+     (match (or (assq 'good-signature status)
+                (assq 'expired-key-signature status))
+       ((_ key-id user) (cons fingerprint user))
+       (_ #f)))
+    (_
+     #f)))
 
 (define (gnupg-status-missing-key? status)
   "If STATUS denotes a missing-key error, then return the key-id of the
@@ -178,7 +180,8 @@ missing key."
   "Like `gnupg-verify', but try downloading the public key if it's missing.
 Return #t if the signature was good, #f otherwise.  KEY-DOWNLOAD specifies a
 download policy for missing OpenPGP keys; allowed values: 'always', 'never',
-and 'interactive' (default)."
+and 'interactive' (default).  Return a fingerprint/user name pair on success
+and #f otherwise."
   (let ((status (gnupg-verify sig file)))
     (or (gnupg-status-good-signature? status)
         (let ((missing (gnupg-status-missing-key? status)))
-- 
cgit v1.2.3