** Package
+*** Change of 'package-check-signature' for packages with multiple sigs
+In previous Emacsen, 't' checked that all signatures are valid.
+Now 't' only checks that at least one signature is valid and the new 'all'
+value needs to be used if you want to enforce that all signatures
+are valid. This only affects packages with multiple signatures.
+
*** New function 'package-get-version' lets packages query their own version.
Example use in auctex.el: '(defconst auctex-version (package-get-version))'
(epg-find-configuration 'OpenPGP))
'allow-unsigned)
"Non-nil means to check package signatures when installing.
-The value `allow-unsigned' means to still install a package even if
-it is unsigned.
+More specifically the value can be:
+- nil: package signatures are ignored.
+- `allow-unsigned': install a package even if it is unsigned,
+ but if it is signed and we have the key for it, verify the signature.
+- t: accept a package only if it comes with at least one verified signature.
+- `all': same as t, except when the package has several signatures,
+ in which case we verify all the signatures.
This also applies to the \"archive-contents\" file that lists the
contents of the archive."
:type '(choice (const nil :tag "Never")
(const allow-unsigned :tag "Allow unsigned")
- (const t :tag "Check always"))
+ (const t :tag "Check always")
+ (const all :tag "Check all signatures"))
:risky t
- :version "24.4")
+ :version "27.1")
(defcustom package-unsigned-archives nil
"List of archives where we do not check for package signatures."
(unless (and (eq package-check-signature 'allow-unsigned)
(eq (epg-signature-status sig) 'no-pubkey))
(setq had-fatal-error t))))
- (when (or (null good-signatures) had-fatal-error)
+ (when (or (null good-signatures)
+ (and (eq package-check-signature 'all)
+ had-fatal-error))
(package--display-verify-error context sig-file)
(signal 'bad-signature (list sig-file)))
good-signatures)))
projects / emacs.git / commitdiff