From aa78c596c9eaae946f779d8fa3c4125d08187648 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Fri, 17 Apr 2020 23:25:17 +0200 Subject: gnupg: Accept revoked keys. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I (nckx) have revoked all RSA subkeys, in favour of my older and freshly-refreshed ECDSA ones. This was merely a precaution: to my knowledge all my RSA private keys have been carefully destroyed and were never compromised. This commit keeps ‘make authenticate’ happy. * guix/gnupg.scm (revkeysig-rx): New variable for revoked keys. (gnupg-verify): Parse it. (gnupg-status-good-signature?): Accept it as ‘good’ for our purposes. * build-aux/git-authenticate.scm (%committers): Clarify nckx's subkeys. Signed-off-by: Ludovic Courtès --- build-aux/git-authenticate.scm | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'build-aux') diff --git a/build-aux/git-authenticate.scm b/build-aux/git-authenticate.scm index 37e0c6800c..bb48dddc59 100644 --- a/build-aux/git-authenticate.scm +++ b/build-aux/git-authenticate.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2019, 2020 Ludovic Courtès +;;; Copyright © 2020 Tobias Geerinckx-Rice ;;; ;;; This file is part of GNU Guix. ;;; @@ -147,11 +148,11 @@ ("mthl" "F2A3 8D7E EB2B 6640 5761 070D 0ADE E100 9460 4D37") ("nckx" - ;; primary: "F5BC 5534 C36F 0087 B39D 36EF 1C9D C4FE B9DB 7C4B" - "7E8F AED0 0944 78EF 72E6 4D16 D889 B0F0 18C5 493C") - ("nckx (2nd)" ;; primary: "F5BC 5534 C36F 0087 B39D 36EF 1C9D C4FE B9DB 7C4B" "F5DA 2032 4B87 3D0B 7A38 7672 0DB0 FF88 4F55 6D79") + ("nckx (revoked; not compromised)" + ;; primary: "F5BC 5534 C36F 0087 B39D 36EF 1C9D C4FE B9DB 7C4B" + "7E8F AED0 0944 78EF 72E6 4D16 D889 B0F0 18C5 493C") ("niedzejkob" "E576 BFB2 CF6E B13D F571 33B9 E315 A758 4613 1564") ("ngz" -- cgit v1.2.3