diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2011-12-01 22:44:04 +0000 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2011-12-01 22:44:04 +0000 |
| commit | dee4d2f6af176f4deb8d0c8e270aaea1fc9a49b3 (patch) | |
| tree | 673122ac9c8a12f7fc243b5ee7d59563a374a487 /maintainers | |
| parent | be5e1088f6cdb4fdefd086c4a167ce21b57e96e0 (diff) | |
| download | nixpkgs-dee4d2f6af176f4deb8d0c8e270aaea1fc9a49b3.tar nixpkgs-dee4d2f6af176f4deb8d0c8e270aaea1fc9a49b3.tar.gz nixpkgs-dee4d2f6af176f4deb8d0c8e270aaea1fc9a49b3.tar.bz2 nixpkgs-dee4d2f6af176f4deb8d0c8e270aaea1fc9a49b3.tar.lz nixpkgs-dee4d2f6af176f4deb8d0c8e270aaea1fc9a49b3.tar.xz nixpkgs-dee4d2f6af176f4deb8d0c8e270aaea1fc9a49b3.tar.zst nixpkgs-dee4d2f6af176f4deb8d0c8e270aaea1fc9a49b3.zip | |
gnupdate: Support signatures with expired keys.
* maintainers/scripts/gnu/gnupdate (gnupg-verify)[expkeysig-rx]: New variable. Recognize signatures with expired keys. (gnupg-status-good-signature?): Recognize `expired-key-signature' as good. svn path=/nixpkgs/trunk/; revision=30667
Diffstat (limited to 'maintainers')
| -rwxr-xr-x | maintainers/scripts/gnu/gnupdate | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/maintainers/scripts/gnu/gnupdate b/maintainers/scripts/gnu/gnupdate index a0c1f338d3a..6f677425b23 100755 --- a/maintainers/scripts/gnu/gnupdate +++ b/maintainers/scripts/gnu/gnupdate @@ -441,6 +441,8 @@ the file at URL." (define validsig-rx (make-regexp "^\\[GNUPG:\\] VALIDSIG ([[:xdigit:]]+) ([[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}) ([[:digit:]]+) .*$")) + (define expkeysig-rx ; good signature, but expired key + (make-regexp "^\\[GNUPG:\\] EXPKEYSIG ([[:xdigit:]]+) (.*)$")) (define errsig-rx (make-regexp "^\\[GNUPG:\\] ERRSIG ([[:xdigit:]]+) ([^ ]+) ([^ ]+) ([^ ]+) ([[:digit:]]+) ([[:digit:]]+)")) @@ -450,20 +452,25 @@ the file at URL." (lambda (match) `(signature-id ,(match:substring match 1) ; sig id ,(match:substring match 2) ; date - ,(string->number ; timestamp + ,(string->number ; timestamp (match:substring match 3))))) ((regexp-exec goodsig-rx line) => (lambda (match) - `(good-signature ,(match:substring match 1) ; key id + `(good-signature ,(match:substring match 1) ; key id ,(match:substring match 2)))) ; user name ((regexp-exec validsig-rx line) => (lambda (match) `(valid-signature ,(match:substring match 1) ; fingerprint ,(match:substring match 2) ; sig creation date - ,(string->number ; timestamp + ,(string->number ; timestamp (match:substring match 3))))) + ((regexp-exec expkeysig-rx line) + => + (lambda (match) + `(expired-key-signature ,(match:substring match 1) ; fingerprint + ,(match:substring match 2)))) ; user name ((regexp-exec errsig-rx line) => (lambda (match) @@ -471,7 +478,7 @@ the file at URL." ,(match:substring match 2) ; pubkey algo ,(match:substring match 3) ; hash algo ,(match:substring match 4) ; sig class - ,(string->number ; timestamp + ,(string->number ; timestamp (match:substring match 5)) ,(let ((rc (string->number ; return code @@ -504,7 +511,7 @@ the file at URL." a key-id/user pair; return #f otherwise." (any (lambda (sexp) (match sexp - (('good-signature key-id user) + (((or 'good-signature 'expired-key-signature) key-id user) (cons key-id user)) (_ #f))) status)) |