upstream: 'download-tarball' gracefully handles missing signatures.
This avoids a backtrace with "guix refresh -u rdiff-backup", which has ".asc" signatures instead of ".sig". * guix/upstream.scm (download-tarball): Gracefully handle the case where SIG is false. * guix/gnu-maintenance.scm (latest-savannah-release): Add comment about 'file->signature'.
This commit is contained in:
parent
ad5cb62d4a
commit
fa3d9c4db4
|
@ -650,6 +650,9 @@ releases are on gnu.org."
|
||||||
(directory (dirname (uri-path uri)))
|
(directory (dirname (uri-path uri)))
|
||||||
(rewrite (url-prefix-rewrite %savannah-base
|
(rewrite (url-prefix-rewrite %savannah-base
|
||||||
"mirror://savannah")))
|
"mirror://savannah")))
|
||||||
|
;; Note: We use the default 'file->signature', which adds ".sig", but not
|
||||||
|
;; all projects on Savannah follow that convention: some use ".asc" and
|
||||||
|
;; perhaps some lack signatures altogether.
|
||||||
(and=> (latest-html-release package
|
(and=> (latest-html-release package
|
||||||
#:base-url %savannah-base
|
#:base-url %savannah-base
|
||||||
#:directory directory)
|
#:directory directory)
|
||||||
|
|
|
@ -326,10 +326,17 @@ values: 'interactive' (default), 'always', and 'never'."
|
||||||
(built-derivations (list drv))
|
(built-derivations (list drv))
|
||||||
(return (derivation->output-path drv))))))))
|
(return (derivation->output-path drv))))))))
|
||||||
(let-values (((status data)
|
(let-values (((status data)
|
||||||
(gnupg-verify* sig data #:key-download key-download)))
|
(if sig
|
||||||
|
(gnupg-verify* sig data
|
||||||
|
#:key-download key-download)
|
||||||
|
(values 'missing-signature data))))
|
||||||
(match status
|
(match status
|
||||||
('valid-signature
|
('valid-signature
|
||||||
tarball)
|
tarball)
|
||||||
|
('missing-signature
|
||||||
|
(warning (G_ "failed to download detached signature from ~a~%")
|
||||||
|
signature-url)
|
||||||
|
#f)
|
||||||
('invalid-signature
|
('invalid-signature
|
||||||
(warning (G_ "signature verification failed for '~a' (key: ~a)~%")
|
(warning (G_ "signature verification failed for '~a' (key: ~a)~%")
|
||||||
url data)
|
url data)
|
||||||
|
|
Loading…
Reference in New Issue