| Age | Commit message (Expand) | Author |
|---|
| 2020-04-17 | gnupg: Accept revoked keys....I (nckx) have revoked all RSA subkeys, in favour of my older and
freshly-refreshed ECDSA ones. This was merely a precaution: to my
knowledge all my RSA private keys have been carefully destroyed and
were never compromised. This commit keeps ‘make authenticate’ happy.
* guix/gnupg.scm (revkeysig-rx): New variable for revoked keys.
(gnupg-verify): Parse it.
(gnupg-status-good-signature?): Accept it as ‘good’ for our purposes.
* build-aux/git-authenticate.scm (%committers): Clarify nckx's subkeys.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
| Tobias Geerinckx-Rice |
| 2019-12-20 | gnupg: 'gnupg-verify*' returns a status symbol....This allows callers to distinguish between signature verification
failure and missing key.
* guix/gnupg.scm (gnupg-receive-keys): Return true on success.
(gnupg-verify*): Check return value of 'gnupg-receive-keys'. Return two
values, the first one being a symbol.
* guix/upstream.scm (download-tarball): Get the two return values of
'gnupg-verify*', and match on the first one.
* gnu/packages/bash.scm (download-patches): Check the first return value
of 'gnupg-verify*'.
| Ludovic Courtès |
| 2019-12-19 | gnupg: Compile regexps only once....This halves the run time on a large number of subsequent 'gnupg-verify'
calls.
* guix/gnupg.scm (sigid-rx, goodsig-rx, validsig-rx, expkeysig-rx)
(errsig-rx): New variables, lifted from...
(gnupg-verify)[status-line->sexp]: ... here.
| Ludovic Courtès |
| 2019-12-18 | gnupg: 'gnupg-status-missing-key?' returns a fingerprint when possible....Until then, 'gnupg-status-missing-key?' would return a key id. Its
user, 'gnupg-verify*', would then fetch a key with that ID from key
servers, thus possibly the wrong key (due to key ID collisions). If it
did fetch the wrong key, the effect would be a signature verification
failure down the path--e.g., in "guix refresh -u".
* guix/gnupg.scm (gnupg-verify)[maybe-fingerprint]: New procedure.
[status-line->sexp](errsig-rx): Add parenthetical expression at the end.
Fetch it and add it to the 'signature-error' sexp.
(gnupg-status-missing-key?): Match the whole 'signature-error' sexp and
return preferably the fingerprint rather than KEY-ID.
(gnupg-receive-keys): Rename 'key-id' parameter to 'fingerprint/key-id'.
| Ludovic Courtès |
| 2019-12-18 | gnupg: 'gnupg-status-good-signature?' no longer returns a key ID....Returning a key ID was inconsequential because the only user of
'gnupg-status-good-signature?', (guix upstream) (via 'gnupg-verify*'),
would not check the return value as long as it's true.
* guix/gnupg.scm (gnupg-status-good-signature?): Return a
fingerprint/user pair instead of key-id/user.
(gnupg-verify*): Mention it in docstring.
| Ludovic Courtès |
| 2018-09-25 | gnupg: Change default keyserver....* guix/gnupg.scm (%openpgp-key-server): Change default to
"pool.sks-keyservers.net".
| Ludovic Courtès |
| 2018-09-16 | gnupg: Use 'gpgv' and keybox files; adjust 'guix refresh' accordingly....* guix/gnupg.scm (%gpgv-command, current-keyring): New variables
(gnupg-verify): Add optional 'keyring' parameter. Use 'gpgv' instead of
'gpg' and pass it '--keyring'.
(gnupg-receive-keys): Add optional 'keyring' parameter and honor it.
(gnupg-verify*): Add #:keyring and honor it.
* guix/scripts/refresh.scm (%options, show-help): Add '--keyring'.
(guix-refresh): Parameterize CURRENT-KEYRING.
* doc/guix.texi (Invoking guix refresh): Document '--keyring' and the
keybox format.
| Ludovic Courtès |
| 2017-05-03 | ui: Rename '_' to 'G_'....This avoids collisions with '_' when the latter is used as a 'match'
pattern for instance. See
<https://lists.gnu.org/archive/html/guix-devel/2017-04/msg00464.html>.
* guix/ui.scm: Rename '_' to 'G_'.
* po/guix/Makevars (XGETTEXT_OPTIONS): Adjust accordingly.
* build-aux/compile-all.scm (warnings): Remove 'format'.
* gnu/packages.scm,
gnu/services.scm,
gnu/services/shepherd.scm,
gnu/system.scm,
gnu/system/shadow.scm,
guix/gnupg.scm,
guix/http-client.scm,
guix/import/cpan.scm,
guix/import/elpa.scm,
guix/import/pypi.scm,
guix/nar.scm,
guix/scripts.scm,
guix/scripts/archive.scm,
guix/scripts/authenticate.scm,
guix/scripts/build.scm,
guix/scripts/challenge.scm,
guix/scripts/container.scm,
guix/scripts/container/exec.scm,
guix/scripts/copy.scm,
guix/scripts/download.scm,
guix/scripts/edit.scm,
guix/scripts/environment.scm,
guix/scripts/gc.scm,
guix/scripts/graph.scm,
guix/scripts/hash.scm,
guix/scripts/import.scm,
guix/scripts/import/cpan.scm,
guix/scripts/import/cran.scm,
guix/scripts/import/crate.scm,
guix/scripts/import/elpa.scm,
guix/scripts/import/gem.scm,
guix/scripts/import/gnu.scm,
guix/scripts/import/hackage.scm,
guix/scripts/import/nix.scm,
guix/scripts/import/pypi.scm,
guix/scripts/import/stackage.scm,
guix/scripts/lint.scm,
guix/scripts/offload.scm,
guix/scripts/pack.scm,
guix/scripts/package.scm,
guix/scripts/perform-download.scm,
guix/scripts/publish.scm,
guix/scripts/pull.scm,
guix/scripts/refresh.scm,
guix/scripts/size.scm,
guix/scripts/substitute.scm,
guix/scripts/system.scm,
guix/ssh.scm,
guix/upstream.scm: Use 'G_' instead of '_'. Most of this change was
obtained by running: "sed -i -e's/(_ "/(G_ "/g' `find -name \*.scm`".
| Ludovic Courtès |
| 2016-09-06 | gnupg: Honor $GUIX_GPG_COMMAND and default to 'gpg'....* guix/gnupg.scm (%gpg-command): Change to "gpg" or $GUIX_GPG_COMMAND.
| Ludovic Courtès |
| 2014-09-24 | gnupg: Correctly parse current 'SIG_ID' lines....* guix/gnupg.scm (gnupg-verify)[sigid-rx]: Adjust to handle current
signature ID encoding.
| Ludovic Courtès |
| 2013-06-10 | guix refresh: Add '--key-download'....* guix/gnu-maintenance.scm (download-tarball): Add a 'key-download'
keyword argument and pass it to 'gnupg-verify*'. Make
'archive-type' a keyword argument.
(package-update): Add a 'key-download' keyword argument. Pass
'archive-type' and 'key-download' keyword arguments to
'download-tarball'.
* guix/gnupg.scm: Import (ice-9 i18n) and (guix ui).
(gnupg-verify*): Add a 'key-download' keyword argument and adjust
'gnupg-verify*' to use it. Make 'server' a keyword argument.
* guix/scripts/refresh.scm (show-help, %options): Add and document
'--key-download'.
(update-package): Add a 'key-download' keyword argument and pass it
to 'package-update'.
(guix-refresh): Pass 'key-download' to 'update-package'. Limit
lines to a maximum of 79 characters.
| Nikita Karetnikov |
| 2013-05-11 | gnupg: Turn the GPG command name and keyserver into parameters....* guix/gnupg.scm (%gpg-command): Turn into a SRFI-39 parameter.
(%openpgp-key-server): Likewise. Default to pgp.mit.edu, as
keys.gnupg.net is unreliable.
Update users.
| Ludovic Courtès |
| 2013-04-25 | Add `guix refresh' and related auto-update tools....* guix/gnu-maintenance.scm (ftp-server/directory)[quirks]: Add glib.
(package-update-path, download-tarball, package-update,
update-package-source): New procedures.
* guix/gnupg.scm, guix/scripts/refresh.scm: New files.
* Makefile.am (MODULES): Add them.
* guix/utils.scm (file-extension): New procedure.
| Ludovic Courtès |
