gnupg: Turn the GPG command name and keyserver into parameters.

* guix/gnupg.scm (%gpg-command): Turn into a SRFI-39 parameter.
  (%openpgp-key-server): Likewise.  Default to pgp.mit.edu, as
  keys.gnupg.net is unreliable.
  Update users.
This commit is contained in:
Ludovic Courtès 2013-05-11 12:44:19 +02:00
parent 8cc9e7f9d8
commit 0ba91c945b
1 changed files with 14 additions and 6 deletions

View File

@ -22,7 +22,9 @@
#:use-module (ice-9 regex) #:use-module (ice-9 regex)
#:use-module (ice-9 rdelim) #:use-module (ice-9 rdelim)
#:use-module (srfi srfi-1) #:use-module (srfi srfi-1)
#:export (gnupg-verify #:export (%gpg-command
%openpgp-key-server
gnupg-verify
gnupg-verify* gnupg-verify*
gnupg-status-good-signature? gnupg-status-good-signature?
gnupg-status-missing-key?)) gnupg-status-missing-key?))
@ -33,8 +35,14 @@
;;; ;;;
;;; Code: ;;; Code:
(define %gpg-command "gpg2") (define %gpg-command
(define %openpgp-key-server "keys.gnupg.net") ;; The GnuPG 2.x command-line program name.
(make-parameter "gpg2"))
(define %openpgp-key-server
;; The default key server. Note that keys.gnupg.net appears to be
;; unreliable.
(make-parameter "pgp.mit.edu"))
(define (gnupg-verify sig file) (define (gnupg-verify sig file)
"Verify signature SIG for FILE. Return a status s-exp if GnuPG failed." "Verify signature SIG for FILE. Return a status s-exp if GnuPG failed."
@ -106,7 +114,7 @@
(loop (read-line input) (loop (read-line input)
(cons (status-line->sexp line) result))))) (cons (status-line->sexp line) result)))))
(let* ((pipe (open-pipe* OPEN_READ %gpg-command "--status-fd=1" (let* ((pipe (open-pipe* OPEN_READ (%gpg-command) "--status-fd=1"
"--verify" sig file)) "--verify" sig file))
(status (parse-status pipe))) (status (parse-status pipe)))
;; Ignore PIPE's exit status since STATUS above should contain all the ;; Ignore PIPE's exit status since STATUS above should contain all the
@ -135,9 +143,9 @@ missing key."
status)) status))
(define (gnupg-receive-keys key-id server) (define (gnupg-receive-keys key-id server)
(system* %gpg-command "--keyserver" server "--recv-keys" key-id)) (system* (%gpg-command) "--keyserver" server "--recv-keys" key-id))
(define* (gnupg-verify* sig file #:optional (server %openpgp-key-server)) (define* (gnupg-verify* sig file #:optional (server (%openpgp-key-server)))
"Like `gnupg-verify', but try downloading the public key if it's missing. "Like `gnupg-verify', but try downloading the public key if it's missing.
Return #t if the signature was good, #f otherwise." Return #t if the signature was good, #f otherwise."
(let ((status (gnupg-verify sig file))) (let ((status (gnupg-verify sig file)))