diff options
author | Ludovic Courtès <ludo@gnu.org> | 2019-12-20 21:49:43 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2019-12-20 22:06:05 +0100 |
commit | f94f9d67e65975724ee5b5cbc936c0895a258685 (patch) | |
tree | 6f49826abce986fa03ae886ad120c42d7136cef6 /guix/upstream.scm | |
parent | 1101c73c7fb2e0dbba00b45c05bf36ae08bdb6f2 (diff) | |
download | patches-f94f9d67e65975724ee5b5cbc936c0895a258685.tar patches-f94f9d67e65975724ee5b5cbc936c0895a258685.tar.gz |
gnupg: 'gnupg-verify*' returns a status symbol.
This allows callers to distinguish between signature verification
failure and missing key.
* guix/gnupg.scm (gnupg-receive-keys): Return true on success.
(gnupg-verify*): Check return value of 'gnupg-receive-keys'. Return two
values, the first one being a symbol.
* guix/upstream.scm (download-tarball): Get the two return values of
'gnupg-verify*', and match on the first one.
* gnu/packages/bash.scm (download-patches): Check the first return value
of 'gnupg-verify*'.
Diffstat (limited to 'guix/upstream.scm')
-rw-r--r-- | guix/upstream.scm | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/guix/upstream.scm b/guix/upstream.scm index aa47dab4b4..c11de0b25b 100644 --- a/guix/upstream.scm +++ b/guix/upstream.scm @@ -318,16 +318,20 @@ values: 'interactive' (default), 'always', and 'never'." (basename url) tarball))) (mbegin %store-monad (built-derivations (list drv)) - (return (derivation->output-path drv))))))) - - (ret (gnupg-verify* sig data #:key-download key-download))) - (if ret - tarball - (begin - (warning (G_ "signature verification failed for `~a'~%") - url) - (warning (G_ "(could be because the public key is not in your keyring)~%")) - #f)))))) + (return (derivation->output-path drv)))))))) + (let-values (((status data) + (gnupg-verify* sig data #:key-download key-download))) + (match status + ('valid-signature + tarball) + ('invalid-signature + (warning (G_ "signature verification failed for '~a' (key: ~a)~%") + url data) + #f) + ('missing-key + (warning (G_ "missing public key ~a for '~a'~%") + data url) + #f))))))) (define (find2 pred lst1 lst2) "Like 'find', but operate on items from both LST1 and LST2. Return two |