From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp0 ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms0.migadu.com with LMTPS
	id tlJ/JcF7kGEu+QAAgWs5BA
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sun, 14 Nov 2021 04:00:17 +0100
Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0 with LMTPS
	id kBmaIMF7kGGLAQAA1q6Kng
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Sun, 14 Nov 2021 03:00:17 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id B7D1A35661
	for <larch@yhetil.org>; Sun, 14 Nov 2021 04:00:16 +0100 (CET)
Received: from localhost ([::1]:41982 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	id 1mm5kc-000593-KQ
	for larch@yhetil.org; Sat, 13 Nov 2021 22:00:14 -0500
Received: from eggs.gnu.org ([209.51.188.92]:52732)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mm5kR-00058s-63
 for guix-patches@gnu.org; Sat, 13 Nov 2021 22:00:03 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:37180)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mm5kQ-00021S-TZ
 for guix-patches@gnu.org; Sat, 13 Nov 2021 22:00:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1mm5kQ-0002PM-TZ
 for guix-patches@gnu.org; Sat, 13 Nov 2021 22:00:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#51822] [PATCH] gnupg: Honor GnuPG's configuration for the key
 server.
Resent-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sun, 14 Nov 2021 03:00:02 +0000
Resent-Message-ID: <handler.51822.B.16368587749190@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 51822
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 51822@debbugs.gnu.org
Cc: Maxim Cournoyer <maxim.cournoyer@gmail.com>
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.16368587749190
 (code B ref -1); Sun, 14 Nov 2021 03:00:02 +0000
Received: (at submit) by debbugs.gnu.org; 14 Nov 2021 02:59:34 +0000
Received: from localhost ([127.0.0.1]:48726 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1mm5jx-0002OA-Bp
 for submit@debbugs.gnu.org; Sat, 13 Nov 2021 21:59:33 -0500
Received: from lists.gnu.org ([209.51.188.17]:43636)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@gmail.com>) id 1mm5jq-0002Ns-Cb
 for submit@debbugs.gnu.org; Sat, 13 Nov 2021 21:59:32 -0500
Received: from eggs.gnu.org ([209.51.188.92]:52668)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <maxim.cournoyer@gmail.com>)
 id 1mm5jq-00056t-32
 for guix-patches@gnu.org; Sat, 13 Nov 2021 21:59:26 -0500
Received: from [2607:f8b0:4864:20::d2c] (port=35721
 helo=mail-io1-xd2c.google.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <maxim.cournoyer@gmail.com>)
 id 1mm5jo-0001yu-3Z
 for guix-patches@gnu.org; Sat, 13 Nov 2021 21:59:25 -0500
Received: by mail-io1-xd2c.google.com with SMTP id 14so16182500ioe.2
 for <guix-patches@gnu.org>; Sat, 13 Nov 2021 18:59:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; 
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=tsj5kcHE2xmZv6LpGuzsvQ1ekywMv/ON2VSWuswabP8=;
 b=IEVy6hCrkfnJ6DnPkzfFrt78kYElVbRS4LgRoGITKFIrsjYQm8FH3xE3CG892edJ9o
 hb3IX+ycrNEJRVO5RXtX3UTBmfTEjOKdld4zVDX0ti9DPZzuQshpLbecT/JgG6GWQgWW
 SyLnvPJFHQoQr13MXGkZ3MOQ7hw/x04BQSIOB4WDlIvrG55G8Blz8YEjyjH3zRoicJtE
 2GIqDljiTv94O0SukH9vNYmorg+o/lGJzvUw+kIhomR1wxON+xZjWz4dFPwtLuennSKg
 GyGJ+7w0yOuJ7W/o99RI8qOUAuUYFuf4tHTm0BC1n02GPNgnx/rkrdNMT1GR5IdLdPAw
 DYCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=tsj5kcHE2xmZv6LpGuzsvQ1ekywMv/ON2VSWuswabP8=;
 b=6phZ7ygSiRhChiC6p7D58j6X7AyLnmHRFNCZ/9qFqVWgaQMxhJWewrY+DZdcdLbWy0
 AvHj2HRw2WjdIQOq6+NW5ciEE8gO3XRY6mIVwvt8sbZig/Rz/hY9eIqTJ4Yq16kc86BC
 tEewNeRxN9zTkE/0DfCAEUe+WhQfuCZjDQjLaa4Z8JqDGKEAp6iWVgWVk0gIoGRMuIo3
 zqvqdEzTN8IMv+OH1BSL24Ynn7EN1SCh1K46bmQGKbbcIMaEY11SrY+XYmekG+5NKLNS
 9g4oybs48AZcE5vHXPg9SMvKoWZoFi9suAfB1RL90Ms3jushs4RSfQ3QhHicBEeIz2/Z
 p5vQ==
X-Gm-Message-State: AOAM533ep89UKxOHAwrPjKIwKejdyu+98/scqO28eRHOJ9XqO8jrMelz
 JVHEu1rJmSVi3QZvDKj9k6/d9v/WQWddGcZm
X-Google-Smtp-Source: ABdhPJxoauwYc8idJstTYPnikXOXpoDmk6BK+jufPt+mt6WQIWHV1GVzpttIZX45k4j54YxwYf7g1Q==
X-Received: by 2002:a37:397:: with SMTP id 145mr22481507qkd.172.1636858330400; 
 Sat, 13 Nov 2021 18:52:10 -0800 (PST)
Received: from localhost.localdomain (dsl-10-149-119.b2b2c.ca. [72.10.149.119])
 by smtp.gmail.com with ESMTPSA id j15sm5958296qtx.67.2021.11.13.18.52.09
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 13 Nov 2021 18:52:09 -0800 (PST)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Date: Sat, 13 Nov 2021 21:51:50 -0500
Message-Id: <20211114025150.27630-1-maxim.cournoyer@gmail.com>
X-Mailer: git-send-email 2.33.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Host-Lookup-Failed: Reverse DNS lookup failed for 2607:f8b0:4864:20::d2c
 (failed)
Received-SPF: pass client-ip=2607:f8b0:4864:20::d2c;
 envelope-from=maxim.cournoyer@gmail.com; helo=mail-io1-xd2c.google.com
X-Spam_score_int: -12
X-Spam_score: -1.3
X-Spam_bar: -
X-Spam_report: (-1.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, 
 PDS_HP_HELO_NORDNS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1636858816;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post:dkim-signature;
	bh=tsj5kcHE2xmZv6LpGuzsvQ1ekywMv/ON2VSWuswabP8=;
	b=Omwit15RqRMjfeyZShDeancvQze0df3CyCpIGL9ksSbsLr7O3HwaVdnYMy9pYFHfBpIFv/
	eES0Ki4WGThMn3k/huBIZx4++cWVG5/Ai4GAKKjopCZecy3qklqaWcwT0KvEg8KJZqXBf2
	3tv8D67f8xvm148ZO63kKnEjf4DZUffTnsS5TqO9kJVI0dNA2+/F0nxwbsKXTe1Axes9Hf
	/YuH0PYqBiT0njixAzowR//U5oYIN+asZVU/cvTH//ZTdTEMjS3ZjtNiTxUpk8LX5agkjW
	Yu0pQaWCM76d5zRlNxBCX3tH7fRiOsb1JqLMz8TJW2WFyvn8B4mHPKnWX8eDBw==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1636858816; a=rsa-sha256; cv=none;
	b=DvZUMAM3ZpNl1Jtp1g5TlLNIsEorL1EeWfkpp0ezUv0ir6jKwqMqdnnSgWU9JNG0dqjxzL
	S75to9XRUJXPoSBjBQJ9t++jFwzG66+uhpQWVQ+CWp76gmhfzgoRJmE2B+YOnIdpdWpHfF
	UPdxW2kV2/81P3gllEOWbeQRm5Qb0j4UDoOSOFyDLcwOwJNuaQ9WGpajmNQyae1EehzVeZ
	NSM0pGdh251aSiXdSn8NcszfJLNi/NJ/B2Qwwn2rK7G9PdN6XgyUtkNvWMmZBO+/h7u2Mh
	fztlE82m0wBXYH1lx7OUbo3pFRna14gnjK3H2RqHPkGNSp26vPNPoFvGPcpBRA==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=IEVy6hCr;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none);
	spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org
X-Migadu-Spam-Score: -1.94
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=IEVy6hCr;
	dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none);
	spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org
X-Migadu-Queue-Id: B7D1A35661
X-Spam-Score: -1.94
X-Migadu-Scanner: scn1.migadu.com
X-TUID: LrKFmGsKxUxs

The previous default "pool.sks-keyservers.net" doesn't seem to work anymore;
besides, users know best.

* guix/gnupg.scm (%openpgp-key-server): Default to #f, meaning not provided.
(gnupg-receive-keys): Make SERVER and KEYRING keyword arguments.  Adjust doc.
Provide the '--keyserver' argument only when %openpgp-key-server is not #f.
(gnupg-verify*): Do not set a default value for SERVER.  Adjust accordingly.
---
 guix/gnupg.scm | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/guix/gnupg.scm b/guix/gnupg.scm
index 5fae24b325..2ec77c6a71 100644
--- a/guix/gnupg.scm
+++ b/guix/gnupg.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2010, 2011, 2013, 2014, 2016, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -56,9 +57,9 @@ (define current-keyring
                                  "/gpg/trustedkeys.kbx")))
 
 (define %openpgp-key-server
-  ;; The default key server.  Note that keys.gnupg.net appears to be
-  ;; unreliable.
-  (make-parameter "pool.sks-keyservers.net"))
+  ;; The default key server.  It defaults to #f, which causes GnuPG to use the
+  ;; one it is configured with.
+  (make-parameter #f))
 
 ;; Regexps for status lines.  See file `doc/DETAILS' in GnuPG.
 
@@ -182,22 +183,26 @@ (define (gnupg-status-missing-key? status)
            (_ #f)))
        status))
 
-(define* (gnupg-receive-keys fingerprint/key-id server
-                             #:optional (keyring (current-keyring)))
-  "Download FINGERPRINT/KEY-ID from SERVER, a key server, and add it to
-KEYRING."
+(define* (gnupg-receive-keys fingerprint/key-id
+                             #:key server (keyring (current-keyring)))
+  "Download FINGERPRINT/KEY-ID from SERVER if specified, otherwise from
+GnuPG's default/configure on.  The key is added to KEYRING."
   (unless (file-exists? keyring)
     (mkdir-p (dirname keyring))
-    (call-with-output-file keyring (const #t)))   ;create an empty keybox
+    (call-with-output-file keyring (const #t))) ;create an empty keybox
 
-  (zero? (system* (%gpg-command) "--keyserver" server
-                  "--no-default-keyring" "--keyring" keyring
-                  "--recv-keys" fingerprint/key-id)))
+  (zero? (apply system*
+                `(,(%gpg-command)
+                  ,@(if server
+                        (list "--keyserver" server)
+                        '())
+                  "--no-default-keyring" "--keyring" ,keyring
+                  "--recv-keys" ,fingerprint/key-id))))
 
 (define* (gnupg-verify* sig file
                         #:key
                         (key-download 'interactive)
-                        (server (%openpgp-key-server))
+                        server
                         (keyring (current-keyring)))
   "Like `gnupg-verify', but try downloading the public key if it's missing.
 Return two values: 'valid-signature and a fingerprint/name pair upon success,
@@ -215,7 +220,7 @@ (define* (gnupg-verify* sig file
        (let ((missing (gnupg-status-missing-key? status)))
          (define (download-and-try-again)
            ;; Download the missing key and try again.
-           (if (gnupg-receive-keys missing server keyring)
+           (if (gnupg-receive-keys missing #:server server #:keyring keyring)
                (match (gnupg-status-good-signature?
                        (gnupg-verify sig file keyring))
                  (#f
-- 
2.33.1