From: Stefan Monnier Date: Sun, 12 May 2019 17:03:24 +0000 (-0400) Subject: * lisp/emacs-lisp/packages.el: Add `all` to package-check-signature X-Git-Tag: emacs-27.0.90~2916 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=3c1967dbfe06b28ac074aee1e55a79bacfc36f8d;p=emacs.git * lisp/emacs-lisp/packages.el: Add `all` to package-check-signature (package-check-signature): Add `all` option. (package--check-signature-content): Adjust accordingly. --- diff --git a/etc/NEWS b/etc/NEWS index d10a5532447..43ad8be1cc1 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -718,6 +718,12 @@ it can't find the config file. ** Package +*** Change of 'package-check-signature' for packages with multiple sigs +In previous Emacsen, 't' checked that all signatures are valid. +Now 't' only checks that at least one signature is valid and the new 'all' +value needs to be used if you want to enforce that all signatures +are valid. This only affects packages with multiple signatures. + *** New function 'package-get-version' lets packages query their own version. Example use in auctex.el: '(defconst auctex-version (package-get-version))' diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el index 61cf6906971..949ad711ae3 100644 --- a/lisp/emacs-lisp/package.el +++ b/lisp/emacs-lisp/package.el @@ -334,16 +334,22 @@ default directory." (epg-find-configuration 'OpenPGP)) 'allow-unsigned) "Non-nil means to check package signatures when installing. -The value `allow-unsigned' means to still install a package even if -it is unsigned. +More specifically the value can be: +- nil: package signatures are ignored. +- `allow-unsigned': install a package even if it is unsigned, + but if it is signed and we have the key for it, verify the signature. +- t: accept a package only if it comes with at least one verified signature. +- `all': same as t, except when the package has several signatures, + in which case we verify all the signatures. This also applies to the \"archive-contents\" file that lists the contents of the archive." :type '(choice (const nil :tag "Never") (const allow-unsigned :tag "Allow unsigned") - (const t :tag "Check always")) + (const t :tag "Check always") + (const all :tag "Check all signatures")) :risky t - :version "24.4") + :version "27.1") (defcustom package-unsigned-archives nil "List of archives where we do not check for package signatures." @@ -1257,7 +1263,9 @@ errors." (unless (and (eq package-check-signature 'allow-unsigned) (eq (epg-signature-status sig) 'no-pubkey)) (setq had-fatal-error t)))) - (when (or (null good-signatures) had-fatal-error) + (when (or (null good-signatures) + (and (eq package-check-signature 'all) + had-fatal-error)) (package--display-verify-error context sig-file) (signal 'bad-signature (list sig-file))) good-signatures)))