[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/07: upstream: 'download-tarball' gracefully handles missing signature
|
From: |
guix-commits |
|
Subject: |
02/07: upstream: 'download-tarball' gracefully handles missing signatures. |
|
Date: |
Tue, 21 Jul 2020 12:43:13 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit fa3d9c4db4407cebf9bdb2e251595bd25193c95e
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Tue Jul 21 12:30:24 2020 +0200
upstream: 'download-tarball' gracefully handles missing signatures.
This avoids a backtrace with "guix refresh -u rdiff-backup", which has
".asc" signatures instead of ".sig".
* guix/upstream.scm (download-tarball): Gracefully handle the case where
SIG is false.
* guix/gnu-maintenance.scm (latest-savannah-release): Add comment about
'file->signature'.
---
guix/gnu-maintenance.scm | 3 +++
guix/upstream.scm | 9 ++++++++-
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/guix/gnu-maintenance.scm b/guix/gnu-maintenance.scm
index 2a4d94d..cd71090 100644
--- a/guix/gnu-maintenance.scm
+++ b/guix/gnu-maintenance.scm
@@ -650,6 +650,9 @@ releases are on gnu.org."
(directory (dirname (uri-path uri)))
(rewrite (url-prefix-rewrite %savannah-base
"mirror://savannah")))
+ ;; Note: We use the default 'file->signature', which adds ".sig", but not
+ ;; all projects on Savannah follow that convention: some use ".asc" and
+ ;; perhaps some lack signatures altogether.
(and=> (latest-html-release package
#:base-url %savannah-base
#:directory directory)
diff --git a/guix/upstream.scm b/guix/upstream.scm
index 6a57bad..70cbfb4 100644
--- a/guix/upstream.scm
+++ b/guix/upstream.scm
@@ -326,10 +326,17 @@ values: 'interactive' (default), 'always', and 'never'."
(built-derivations (list drv))
(return (derivation->output-path drv))))))))
(let-values (((status data)
- (gnupg-verify* sig data #:key-download key-download)))
+ (if sig
+ (gnupg-verify* sig data
+ #:key-download key-download)
+ (values 'missing-signature data))))
(match status
('valid-signature
tarball)
+ ('missing-signature
+ (warning (G_ "failed to download detached signature from ~a~%")
+ signature-url)
+ #f)
('invalid-signature
(warning (G_ "signature verification failed for '~a' (key:
~a)~%")
url data)
- branch master updated (2313be9 -> 0a93e8c), guix-commits, 2020/07/21
- 01/07: doc: Mention the 'savannah' updater., guix-commits, 2020/07/21
- 03/07: lint: source: Always return a list., guix-commits, 2020/07/21
- 02/07: upstream: 'download-tarball' gracefully handles missing signatures.,
guix-commits <=
- 04/07: git-authenticate: Show fingerprint in missing-key error message., guix-commits, 2020/07/21
- 05/07: gnu: g-golf: Update to git revision 804., guix-commits, 2020/07/21
- 06/07: gnu: Add python-mamba., guix-commits, 2020/07/21
- 07/07: gnu: Add python-isbnlib., guix-commits, 2020/07/21