can have in their packages by @dfn{signing} them. They generate a
private/public pair of cryptographic keys, and use the private key to
create a @dfn{signature file} for each package. With the public key, you
-can use the signature files to verify who created the package, and
-that it has not been modified. A valid signature is not a cast-iron
+can use the signature files to verify the package creator and make sure
+the package has not been tampered with. Signature verification uses
+@uref{https://www.gnupg.org/, the GnuPG package} via the EasyPG
+interface (@pxref{Top,, EasyPG, epa, Emacs EasyPG Assistant Manual}).
+A valid signature is not a cast-iron
guarantee that a package is not malicious, so you should still
exercise caution. Package archives should provide instructions
on how you can obtain their public key. One way is to download the
key from a server such as @url{http://pgp.mit.edu/}.
Use @kbd{M-x package-import-keyring} to import the key into Emacs.
-Emacs stores package keys in the @file{gnupg} subdirectory
-of @code{package-user-dir}.
+Emacs stores package keys in the directory specified by the variable
+@code{package-gnupghome-dir}, by default in the @file{gnupg}
+subdirectory of @code{package-user-dir}, which causes Emacs to invoke
+GnuPG with the option @samp{--homedir} when verifying signatures.
+If @code{package-gnupghome-dir} is @code{nil}, GnuPG's option
+@samp{--homedir} is omitted.
The public key for the GNU package archive is distributed with Emacs,
in the @file{etc/package-keyring.gpg}. Emacs uses it automatically.
(declare-function epg-find-configuration "epg-config"
(protocol &optional no-cache program-alist))
+(defcustom package-gnupghome-dir (expand-file-name "gnupg" package-user-dir)
+ "Directory containing GnuPG keyring or nil.
+This variable specifies the GnuPG home directory used by package.
+That directory is passed via the option \"--homedir\" to GnuPG.
+If nil, do not use the option \"--homedir\", but stick with GnuPG's
+default directory."
+ :type `(choice
+ (const
+ :tag "Default Emacs package management GnuPG home directory"
+ ,(expand-file-name "gnupg" package-user-dir))
+ (const
+ :tag "Default GnuPG directory (GnuPG option --homedir not used)"
+ nil)
+ (directory :tag "A specific GnuPG --homedir"))
+ :risky t
+ :version "26.1")
+
(defcustom package-check-signature
(if (and (require 'epg-config)
(epg-find-configuration 'OpenPGP))
"Check signature CONTENT against STRING.
SIG-FILE is the name of the signature file, used when signaling
errors."
- (let* ((context (epg-make-context 'OpenPGP))
- (homedir (expand-file-name "gnupg" package-user-dir)))
- (setf (epg-context-home-directory context) homedir)
+ (let ((context (epg-make-context 'OpenPGP)))
+ (when package-gnupghome-dir
+ (setf (epg-context-home-directory context) package-gnupghome-dir))
(condition-case error
(epg-verify-string context content string)
(error (package--display-verify-error context sig-file)
"Check signature of the current buffer.
Download the signature file from LOCATION by appending \".sig\"
to FILE.
-GnuPG keyring is located under \"gnupg\" in `package-user-dir'.
+GnuPG keyring location depends on `package-gnupghome-dir'.
STRING is the string to verify, it defaults to `buffer-string'.
If ASYNC is non-nil, the download of the signature file is
done asynchronously.
"Import keys from FILE."
(interactive "fFile: ")
(setq file (expand-file-name file))
- (let ((context (epg-make-context 'OpenPGP))
- (homedir (expand-file-name "gnupg" package-user-dir)))
- (with-file-modes 448
- (make-directory homedir t))
- (setf (epg-context-home-directory context) homedir)
+ (let ((context (epg-make-context 'OpenPGP)))
+ (when package-gnupghome-dir
+ (with-file-modes 448
+ (make-directory package-gnupghome-dir t))
+ (setf (epg-context-home-directory context) package-gnupghome-dir))
(message "Importing %s..." (file-name-nondirectory file))
(epg-import-keys-from-file context file)
(message "Importing %s...done" (file-name-nondirectory file))))
projects / emacs.git / commitdiff