I (nckx) have revoked all RSA subkeys, in favour of my older and
freshly-refreshed ECDSA ones. This was merely a precaution: to my
knowledge all my RSA private keys have been carefully destroyed and
were never compromised. This commit keeps ‘make authenticate’ happy.
* guix/gnupg.scm (revkeysig-rx): New variable for revoked keys.
(gnupg-verify): Parse it.
(gnupg-status-good-signature?): Accept it as ‘good’ for our purposes.
* build-aux/git-authenticate.scm (%committers): Clarify nckx's subkeys.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This is a followup to commit 7dc0f1d5a8,
signed with sub-key "3D2C DA58 819C 08C2 A649 D43D 5C3B 064C 724A 5726".
* build-aux/git-authenticate.scm (%committers): Provide fingerprint of
subkey for thomasd.
A list of already-authenticated commits is kept in
~/.cache/guix/authentication. This speeds up subsequent "make
authenticate" invocations.
* build-aux/git-authenticate.scm (authenticated-commit-cache-file)
(previously-authenticated-commits, cache-authenticated-commit): New
procedures.
(git-authenticate): Define 'authenticated-commits' and pass it as a
third argument to 'commit-difference'. Add call to
'cache-authenticated-commit'. Don't display signing stats when STATS is
null.
