02/04: import: PyPI: Validate GPG signatures when applicable.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/04: import: PyPI: Validate GPG signatures when applicable.

From:	guix-commits
Subject:	02/04: import: PyPI: Validate GPG signatures when applicable.
Date:	Sun, 5 Dec 2021 08:40:32 -0500 (EST)

mbakke pushed a commit to branch master
in repository guix.

commit f63fb61d0caff7cb592cadfe36802940517c1ea8
Author: Marius Bakke <marius@gnu.org>
AuthorDate: Wed Dec 1 01:31:46 2021 +0100

    import: PyPI: Validate GPG signatures when applicable.
    
    * guix/import/pypi.scm (<distribution>): Fix funny typo.
    (latest-release): When the distribution has a cryptographic signature, pass 
it
    along to UPSTREAM-SOURCE.
---
 guix/import/pypi.scm | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/guix/import/pypi.scm b/guix/import/pypi.scm
index 418a355..bbbabe4 100644
--- a/guix/import/pypi.scm
+++ b/guix/import/pypi.scm
@@ -10,6 +10,7 @@
 ;;; Copyright © 2020 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2020 Martin Becze <mjbecze@riseup.net>
 ;;; Copyright © 2021 Xinglu Chen <public@yoctocell.xyz>
+;;; Copyright © 2021 Marius Bakke <marius@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -113,7 +114,7 @@
   (url          distribution-url)                  ;string
   (digests      distribution-digests)              ;list of string pairs
   (file-name    distribution-file-name "filename") ;string
-  (has-signature? distribution-has-signature? "hash_sig") ;Boolean
+  (has-signature? distribution-has-signature? "has_sig") ;Boolean
   (package-type distribution-package-type "packagetype") ;"bdist_wheel" | ...
   (python-version distribution-package-python-version
                   "python_version"))
@@ -540,10 +541,14 @@ VERSION, SOURCE-URL, HOME-PAGE, SYNOPSIS, DESCRIPTION, 
and LICENSE."
          (guard (c ((missing-source-error? c) #f))
            (let* ((info    (pypi-project-info pypi-package))
                   (version (project-info-version info))
-                  (url     (distribution-url
-                            (source-release pypi-package))))
+                  (dist    (source-release pypi-package))
+                  (url     (distribution-url dist)))
              (upstream-source
               (urls (list url))
+              (signature-urls
+               (if (distribution-has-signature? dist)
+                   (list (string-append url ".asc"))
+                   #f))
               (input-changes
                (changed-inputs package
                                (pypi->guix-package pypi-name)))

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (21e2be5 -> 10554e0), guix-commits, 2021/12/05
- 03/04: gnu: python-django: Update to 3.2.9., guix-commits, 2021/12/05
- 04/04: gnu: python-django-netfields: Update to 1.2.4., guix-commits, 2021/12/05
- 02/04: import: PyPI: Validate GPG signatures when applicable., guix-commits <=
- 01/04: gnu: drbd-utils: Update to 9.19.1., guix-commits, 2021/12/05

Prev by Date: 04/04: gnu: python-django-netfields: Update to 1.2.4.
Next by Date: branch master updated (21e2be5 -> 10554e0)
Previous by thread: 04/04: gnu: python-django-netfields: Update to 1.2.4.
Next by thread: 01/04: gnu: drbd-utils: Update to 9.19.1.
Index(es):
- Date
- Thread