I (nckx) have revoked all RSA subkeys, in favour of my older and
freshly-refreshed ECDSA ones. This was merely a precaution: to my
knowledge all my RSA private keys have been carefully destroyed and
were never compromised. This commit keeps ‘make authenticate’ happy.
* guix/gnupg.scm (revkeysig-rx): New variable for revoked keys.
(gnupg-verify): Parse it.
(gnupg-status-good-signature?): Accept it as ‘good’ for our purposes.
* build-aux/git-authenticate.scm (%committers): Clarify nckx's subkeys.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This allows callers to distinguish between signature verification
failure and missing key.
* guix/gnupg.scm (gnupg-receive-keys): Return true on success.
(gnupg-verify*): Check return value of 'gnupg-receive-keys'. Return two
values, the first one being a symbol.
* guix/upstream.scm (download-tarball): Get the two return values of
'gnupg-verify*', and match on the first one.
* gnu/packages/bash.scm (download-patches): Check the first return value
of 'gnupg-verify*'.
This halves the run time on a large number of subsequent 'gnupg-verify'
calls.
* guix/gnupg.scm (sigid-rx, goodsig-rx, validsig-rx, expkeysig-rx)
(errsig-rx): New variables, lifted from...
(gnupg-verify)[status-line->sexp]: ... here.
Until then, 'gnupg-status-missing-key?' would return a key id. Its
user, 'gnupg-verify*', would then fetch a key with that ID from key
servers, thus possibly the wrong key (due to key ID collisions). If it
did fetch the wrong key, the effect would be a signature verification
failure down the path--e.g., in "guix refresh -u".
* guix/gnupg.scm (gnupg-verify)[maybe-fingerprint]: New procedure.
[status-line->sexp](errsig-rx): Add parenthetical expression at the end.
Fetch it and add it to the 'signature-error' sexp.
(gnupg-status-missing-key?): Match the whole 'signature-error' sexp and
return preferably the fingerprint rather than KEY-ID.
(gnupg-receive-keys): Rename 'key-id' parameter to 'fingerprint/key-id'.
Returning a key ID was inconsequential because the only user of
'gnupg-status-good-signature?', (guix upstream) (via 'gnupg-verify*'),
would not check the return value as long as it's true.
* guix/gnupg.scm (gnupg-status-good-signature?): Return a
fingerprint/user pair instead of key-id/user.
(gnupg-verify*): Mention it in docstring.
* guix/gnupg.scm (%gpgv-command, current-keyring): New variables
(gnupg-verify): Add optional 'keyring' parameter. Use 'gpgv' instead of
'gpg' and pass it '--keyring'.
(gnupg-receive-keys): Add optional 'keyring' parameter and honor it.
(gnupg-verify*): Add #:keyring and honor it.
* guix/scripts/refresh.scm (%options, show-help): Add '--keyring'.
(guix-refresh): Parameterize CURRENT-KEYRING.
* doc/guix.texi (Invoking guix refresh): Document '--keyring' and the
keybox format.
* guix/gnu-maintenance.scm (download-tarball): Add a 'key-download'
keyword argument and pass it to 'gnupg-verify*'. Make
'archive-type' a keyword argument.
(package-update): Add a 'key-download' keyword argument. Pass
'archive-type' and 'key-download' keyword arguments to
'download-tarball'.
* guix/gnupg.scm: Import (ice-9 i18n) and (guix ui).
(gnupg-verify*): Add a 'key-download' keyword argument and adjust
'gnupg-verify*' to use it. Make 'server' a keyword argument.
* guix/scripts/refresh.scm (show-help, %options): Add and document
'--key-download'.
(update-package): Add a 'key-download' keyword argument and pass it
to 'package-update'.
(guix-refresh): Pass 'key-download' to 'update-package'. Limit
lines to a maximum of 79 characters.
* guix/gnupg.scm (%gpg-command): Turn into a SRFI-39 parameter.
(%openpgp-key-server): Likewise. Default to pgp.mit.edu, as
keys.gnupg.net is unreliable.
Update users.
Tobias Geerinckx-Rice
Ludovic Courtès
Nikita Karetnikov