[asdf-install-devel] prevent loading signature filse when *verify-gpg-signatures* is nil
Vodonosov Anton
vodonosov at mail.ru
Sat Mar 10 11:54:45 UTC 2007
Hello!
I would like to suggest to add a line to asdf-install source code to prevent loading signature files when *verify-gpg-signatures* is nil.
I'm installing Edi Weitz' hunchentoot, which depends on Kevin Rosenberg's md5, but md5-1.8.5.tar.gz.asc file isn't provided for md5. The version of asdf-install I'm using is just downloaded from http://common-lisp.net/project/asdf-install/asdf-install_latest.tar.gz.
We could change it like this:
File installer.lisp, function download-files-for-package. Note (when (verify-gpg-signatures-p...
(defun download-files-for-package (package-name-or-url)
(multiple-value-bind (package-url package-file)
(download-url-to-temporary-file
(download-link-for-package package-name-or-url))
(multiple-value-bind (signature-url signature-file)
;; this WHEN ensures that signature files are not downloaded
;; if *verify-gpg-signatures* is nil
(when (verify-gpg-signatures-p package-name-or-url)
(download-url-to-temporary-file
(download-link-for-signature package-url)))
(declare (ignore signature-url))
(values
package-file signature-file))))
Regards,
-Anton
More information about the asdf-install-devel
mailing list