From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
To: 51822@debbugs.gnu.org
Cc: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Subject: [bug#51822] [PATCH] gnupg: Honor GnuPG's configuration for the key server.
Date: Sat, 13 Nov 2021 21:51:50 -0500 [thread overview]
Message-ID: <20211114025150.27630-1-maxim.cournoyer@gmail.com> (raw)
The previous default "pool.sks-keyservers.net" doesn't seem to work anymore;
besides, users know best.
* guix/gnupg.scm (%openpgp-key-server): Default to #f, meaning not provided.
(gnupg-receive-keys): Make SERVER and KEYRING keyword arguments. Adjust doc.
Provide the '--keyserver' argument only when %openpgp-key-server is not #f.
(gnupg-verify*): Do not set a default value for SERVER. Adjust accordingly.
---
guix/gnupg.scm | 31 ++++++++++++++++++-------------
1 file changed, 18 insertions(+), 13 deletions(-)
diff --git a/guix/gnupg.scm b/guix/gnupg.scm
index 5fae24b325..2ec77c6a71 100644
--- a/guix/gnupg.scm
+++ b/guix/gnupg.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2010, 2011, 2013, 2014, 2016, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -56,9 +57,9 @@ (define current-keyring
"/gpg/trustedkeys.kbx")))
(define %openpgp-key-server
- ;; The default key server. Note that keys.gnupg.net appears to be
- ;; unreliable.
- (make-parameter "pool.sks-keyservers.net"))
+ ;; The default key server. It defaults to #f, which causes GnuPG to use the
+ ;; one it is configured with.
+ (make-parameter #f))
;; Regexps for status lines. See file `doc/DETAILS' in GnuPG.
@@ -182,22 +183,26 @@ (define (gnupg-status-missing-key? status)
(_ #f)))
status))
-(define* (gnupg-receive-keys fingerprint/key-id server
- #:optional (keyring (current-keyring)))
- "Download FINGERPRINT/KEY-ID from SERVER, a key server, and add it to
-KEYRING."
+(define* (gnupg-receive-keys fingerprint/key-id
+ #:key server (keyring (current-keyring)))
+ "Download FINGERPRINT/KEY-ID from SERVER if specified, otherwise from
+GnuPG's default/configure on. The key is added to KEYRING."
(unless (file-exists? keyring)
(mkdir-p (dirname keyring))
- (call-with-output-file keyring (const #t))) ;create an empty keybox
+ (call-with-output-file keyring (const #t))) ;create an empty keybox
- (zero? (system* (%gpg-command) "--keyserver" server
- "--no-default-keyring" "--keyring" keyring
- "--recv-keys" fingerprint/key-id)))
+ (zero? (apply system*
+ `(,(%gpg-command)
+ ,@(if server
+ (list "--keyserver" server)
+ '())
+ "--no-default-keyring" "--keyring" ,keyring
+ "--recv-keys" ,fingerprint/key-id))))
(define* (gnupg-verify* sig file
#:key
(key-download 'interactive)
- (server (%openpgp-key-server))
+ server
(keyring (current-keyring)))
"Like `gnupg-verify', but try downloading the public key if it's missing.
Return two values: 'valid-signature and a fingerprint/name pair upon success,
@@ -215,7 +220,7 @@ (define* (gnupg-verify* sig file
(let ((missing (gnupg-status-missing-key? status)))
(define (download-and-try-again)
;; Download the missing key and try again.
- (if (gnupg-receive-keys missing server keyring)
+ (if (gnupg-receive-keys missing #:server server #:keyring keyring)
(match (gnupg-status-good-signature?
(gnupg-verify sig file keyring))
(#f
--
2.33.1
next reply other threads:[~2021-11-14 3:00 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-14 2:51 Maxim Cournoyer [this message]
2021-11-15 10:31 ` [bug#51822] [PATCH] gnupg: Honor GnuPG's configuration for the key server zimoun
2021-11-18 13:01 ` Maxim Cournoyer
2021-11-18 13:35 ` zimoun
2021-11-18 14:21 ` Maxim Cournoyer
2021-11-18 14:29 ` zimoun
2021-11-18 15:57 ` Maxim Cournoyer
2021-11-18 16:20 ` zimoun
2021-11-18 20:05 ` bug#51822: " Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211114025150.27630-1-maxim.cournoyer@gmail.com \
--to=maxim.cournoyer@gmail.com \
--cc=51822@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).