summaryrefslogtreecommitdiff
path: root/guix/import
diff options
context:
space:
mode:
authorMarius Bakke <marius@gnu.org>2021-12-01 01:31:46 +0100
committerMarius Bakke <marius@gnu.org>2021-12-05 14:40:08 +0100
commitf63fb61d0caff7cb592cadfe36802940517c1ea8 (patch)
tree69321e4bd78820870597148d38276bbdff5c3664 /guix/import
parente166e6acf672d0350e16f47996b5157531e72ef5 (diff)
import: PyPI: Validate GPG signatures when applicable.
* guix/import/pypi.scm (<distribution>): Fix funny typo. (latest-release): When the distribution has a cryptographic signature, pass it along to UPSTREAM-SOURCE.
Diffstat (limited to 'guix/import')
-rw-r--r--guix/import/pypi.scm11
1 files changed, 8 insertions, 3 deletions
diff --git a/guix/import/pypi.scm b/guix/import/pypi.scm
index 418a3556ec..bbbabe4c09 100644
--- a/guix/import/pypi.scm
+++ b/guix/import/pypi.scm
@@ -10,6 +10,7 @@
;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2020 Martin Becze <mjbecze@riseup.net>
;;; Copyright © 2021 Xinglu Chen <public@yoctocell.xyz>
+;;; Copyright © 2021 Marius Bakke <marius@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -113,7 +114,7 @@
(url distribution-url) ;string
(digests distribution-digests) ;list of string pairs
(file-name distribution-file-name "filename") ;string
- (has-signature? distribution-has-signature? "hash_sig") ;Boolean
+ (has-signature? distribution-has-signature? "has_sig") ;Boolean
(package-type distribution-package-type "packagetype") ;"bdist_wheel" | ...
(python-version distribution-package-python-version
"python_version"))
@@ -540,10 +541,14 @@ VERSION, SOURCE-URL, HOME-PAGE, SYNOPSIS, DESCRIPTION, and LICENSE."
(guard (c ((missing-source-error? c) #f))
(let* ((info (pypi-project-info pypi-package))
(version (project-info-version info))
- (url (distribution-url
- (source-release pypi-package))))
+ (dist (source-release pypi-package))
+ (url (distribution-url dist)))
(upstream-source
(urls (list url))
+ (signature-urls
+ (if (distribution-has-signature? dist)
+ (list (string-append url ".asc"))
+ #f))
(input-changes
(changed-inputs package
(pypi->guix-package pypi-name)))