From 71f76a802503671fa495d81118dd3ae499a44660 Mon Sep 17 00:00:00 2001 From: Lars Ingebrigtsen Date: Fri, 26 Jul 2019 08:30:24 +0200 Subject: [PATCH] Don't run gpg when loading package.el * lisp/emacs-lisp/package.el (package-check-signature): Don't run gpg on startup, but just default to `allow-unsigned'. (package-check-signature): New function to check whether a OpenPGP configuration is found when `allow-unsigned'. (package--check-signature-content, package--check-signature) (package--download-one-archive, package-refresh-contents) (package-install-from-archive): Use function instead of variable throughout. * doc/emacs/package.texi (Package Installation): Document this. --- doc/emacs/package.texi | 8 +++++--- etc/NEWS | 6 ++++++ lisp/emacs-lisp/package.el | 36 +++++++++++++++++++++++------------- 3 files changed, 34 insertions(+), 16 deletions(-) diff --git a/doc/emacs/package.texi b/doc/emacs/package.texi index 26e64243301..4b33f250c49 100644 --- a/doc/emacs/package.texi +++ b/doc/emacs/package.texi @@ -214,9 +214,11 @@ in the @file{etc/package-keyring.gpg}. Emacs uses it automatically. @vindex package-unsigned-archives If the user option @code{package-check-signature} is non-@code{nil}, Emacs attempts to verify signatures when you install packages. If the -option has the value @code{allow-unsigned}, you can still install a -package that is not signed. If you use some archives that do not sign -their packages, you can add them to the list @code{package-unsigned-archives}. +option has the value @code{allow-unsigned}, and a usable OpenPGP +configuration is found, signed packages will be checked, but you can +still install a package that is not signed. If you use some archives +that do not sign their packages, you can add them to the list +@code{package-unsigned-archives}. For more information on cryptographic keys and signing, @pxref{Top,, GnuPG, gnupg, The GNU Privacy Guard Manual}. diff --git a/etc/NEWS b/etc/NEWS index f47cf071bb5..44a69213899 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -859,6 +859,12 @@ Now 't' only checks that at least one signature is valid and the new 'all' value needs to be used if you want to enforce that all signatures are valid. This only affects packages with multiple signatures. ++++ +*** The meaning of `allow-unsigned' in `package-check-signature' has +changed slightly: If a usable OpenPGP configuration can't be found +(for instance, if gpg isn't installed), it now has the same meaning as +nil. + *** New function 'package-get-version' lets packages query their own version. Example use in auctex.el: '(defconst auctex-version (package-get-version))' diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el index 53fa15d4199..5e9caf58a64 100644 --- a/lisp/emacs-lisp/package.el +++ b/lisp/emacs-lisp/package.el @@ -331,15 +331,13 @@ default directory." :risky t :version "26.1") -(defcustom package-check-signature - (if (and (require 'epg-config) - (epg-find-configuration 'OpenPGP)) - 'allow-unsigned) +(defcustom package-check-signature 'allow-unsigned "Non-nil means to check package signatures when installing. More specifically the value can be: - nil: package signatures are ignored. -- `allow-unsigned': install a package even if it is unsigned, - but if it is signed and we have the key for it, verify the signature. +- `allow-unsigned': install a package even if it is unsigned, but + if it is signed, we have the key for it, and OpenGPG is + installed, verify the signature. - t: accept a package only if it comes with at least one verified signature. - `all': same as t, except when the package has several signatures, in which case we verify all the signatures. @@ -353,6 +351,18 @@ contents of the archive." :risky t :version "27.1") +(defun package-check-signature () + "Check whether we have a usable OpenPGP configuration. +If true, and `package-check-signature' is `allow-unsigned', +return `allow-unsigned', otherwise return the value of +`package-check-signature'." + (if (eq package-check-signature 'allow-unsigned) + (progn + (require 'epg-config) + (and (epg-find-configuration 'OpenPGP) + 'allow-unsigned)) + package-check-signature)) + (defcustom package-unsigned-archives nil "List of archives where we do not check for package signatures." :type '(repeat (string :tag "Archive name")) @@ -1279,15 +1289,15 @@ errors." (dolist (sig (epg-context-result-for context 'verify)) (if (eq (epg-signature-status sig) 'good) (push sig good-signatures) - ;; If package-check-signature is allow-unsigned, don't + ;; If `package-check-signature' is allow-unsigned, don't ;; signal error when we can't verify signature because of ;; missing public key. Other errors are still treated as ;; fatal (bug#17625). - (unless (and (eq package-check-signature 'allow-unsigned) + (unless (and (eq (package-check-signature) 'allow-unsigned) (eq (epg-signature-status sig) 'no-pubkey)) (setq had-fatal-error t)))) (when (or (null good-signatures) - (and (eq package-check-signature 'all) + (and (eq (package-check-signature) 'all) had-fatal-error)) (package--display-verify-error context sig-file) (signal 'bad-signature (list sig-file))) @@ -1318,7 +1328,7 @@ else, even if an error is signaled." :async async :noerror t ;; Connection error is assumed to mean "no sig-file". :error-form (let ((allow-unsigned - (eq package-check-signature 'allow-unsigned))) + (eq (package-check-signature) 'allow-unsigned))) (when (and callback allow-unsigned) (funcall callback nil)) (when unwind (funcall unwind)) @@ -1602,7 +1612,7 @@ similar to an entry in `package-alist'. Save the cached copy to (local-file (expand-file-name file dir))) (when (listp (read content)) (make-directory dir t) - (if (or (not package-check-signature) + (if (or (not (package-check-signature)) (member name package-unsigned-archives)) ;; If we don't care about the signature, save the file and ;; we're done. @@ -1654,7 +1664,7 @@ downloads in the background." (let ((default-keyring (expand-file-name "package-keyring.gpg" data-directory)) (inhibit-message (or inhibit-message async))) - (when (and package-check-signature (file-exists-p default-keyring)) + (when (and (package-check-signature) (file-exists-p default-keyring)) (condition-case-unless-debug error (package-import-keyring default-keyring) (error (message "Cannot import default keyring: %S" (cdr error)))))) @@ -1901,7 +1911,7 @@ if all the in-between dependencies are also in PACKAGE-LIST." (file (concat (package-desc-full-name pkg-desc) (package-desc-suffix pkg-desc)))) (package--with-response-buffer location :file file - (if (or (not package-check-signature) + (if (or (not (package-check-signature)) (member (package-desc-archive pkg-desc) package-unsigned-archives)) ;; If we don't care about the signature, unpack and we're -- 2.39.2