[Emacs-diffs] master 71f76a8: Don't run gpg when loading package.el

[Lars Ingebrigtsen]

branch: master
commit 71f76a802503671fa495d81118dd3ae499a44660
Author: Lars Ingebrigtsen <address@hidden>
Commit: Lars Ingebrigtsen <address@hidden>

    Don't run gpg when loading package.el
    
    * lisp/emacs-lisp/package.el (package-check-signature): Don't run
    gpg on startup, but just default to `allow-unsigned'.
    (package-check-signature): New function to check whether a OpenPGP
    configuration is found when `allow-unsigned'.
    (package--check-signature-content, package--check-signature)
    (package--download-one-archive, package-refresh-contents)
    (package-install-from-archive): Use function instead of variable
    throughout.
    * doc/emacs/package.texi (Package Installation): Document this.
---
 doc/emacs/package.texi     |  8 +++++---
 etc/NEWS                   |  6 ++++++
 lisp/emacs-lisp/package.el | 36 +++++++++++++++++++++++-------------
 3 files changed, 34 insertions(+), 16 deletions(-)

diff --git a/doc/emacs/package.texi b/doc/emacs/package.texi
index 26e6424..4b33f25 100644
--- a/doc/emacs/package.texi
+++ b/doc/emacs/package.texi
@@ -214,9 +214,11 @@ in the @file{etc/package-keyring.gpg}.  Emacs uses it 
automatically.
 @vindex package-unsigned-archives
   If the user option @code{package-check-signature} is non-@code{nil},
 Emacs attempts to verify signatures when you install packages.  If the
-option has the value @code{allow-unsigned}, you can still install a
-package that is not signed.  If you use some archives that do not sign
-their packages, you can add them to the list @code{package-unsigned-archives}.
+option has the value @code{allow-unsigned}, and a usable OpenPGP
+configuration is found, signed packages will be checked, but you can
+still install a package that is not signed.  If you use some archives
+that do not sign their packages, you can add them to the list
+@code{package-unsigned-archives}.
 
   For more information on cryptographic keys and signing,
 @pxref{Top,, GnuPG, gnupg, The GNU Privacy Guard Manual}.
diff --git a/etc/NEWS b/etc/NEWS
index f47cf07..44a6921 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -859,6 +859,12 @@ Now 't' only checks that at least one signature is valid 
and the new 'all'
 value needs to be used if you want to enforce that all signatures
 are valid.  This only affects packages with multiple signatures.
 
++++
+*** The meaning of `allow-unsigned' in `package-check-signature' has
+changed slightly: If a usable OpenPGP configuration can't be found
+(for instance, if gpg isn't installed), it now has the same meaning as
+nil.
+
 *** New function 'package-get-version' lets packages query their own version.
 Example use in auctex.el: '(defconst auctex-version (package-get-version))'
 
diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el
index 53fa15d..5e9caf5 100644
--- a/lisp/emacs-lisp/package.el
+++ b/lisp/emacs-lisp/package.el
@@ -331,15 +331,13 @@ default directory."
   :risky t
   :version "26.1")
 
-(defcustom package-check-signature
-  (if (and (require 'epg-config)
-           (epg-find-configuration 'OpenPGP))
-      'allow-unsigned)
+(defcustom package-check-signature 'allow-unsigned
   "Non-nil means to check package signatures when installing.
 More specifically the value can be:
 - nil: package signatures are ignored.
-- `allow-unsigned': install a package even if it is unsigned,
-  but if it is signed and we have the key for it, verify the signature.
+- `allow-unsigned': install a package even if it is unsigned, but
+  if it is signed, we have the key for it, and OpenGPG is
+  installed, verify the signature.
 - t: accept a package only if it comes with at least one verified signature.
 - `all': same as t, except when the package has several signatures,
   in which case we verify all the signatures.
@@ -353,6 +351,18 @@ contents of the archive."
   :risky t
   :version "27.1")
 
+(defun package-check-signature ()
+  "Check whether we have a usable OpenPGP configuration.
+If true, and `package-check-signature' is `allow-unsigned',
+return `allow-unsigned', otherwise return the value of
+`package-check-signature'."
+  (if (eq package-check-signature 'allow-unsigned)
+      (progn
+        (require 'epg-config)
+        (and (epg-find-configuration 'OpenPGP)
+             'allow-unsigned))
+    package-check-signature))
+
 (defcustom package-unsigned-archives nil
   "List of archives where we do not check for package signatures."
   :type '(repeat (string :tag "Archive name"))
@@ -1279,15 +1289,15 @@ errors."
       (dolist (sig (epg-context-result-for context 'verify))
         (if (eq (epg-signature-status sig) 'good)
             (push sig good-signatures)
-          ;; If package-check-signature is allow-unsigned, don't
+          ;; If `package-check-signature' is allow-unsigned, don't
           ;; signal error when we can't verify signature because of
           ;; missing public key.  Other errors are still treated as
           ;; fatal (bug#17625).
-          (unless (and (eq package-check-signature 'allow-unsigned)
+          (unless (and (eq (package-check-signature) 'allow-unsigned)
                        (eq (epg-signature-status sig) 'no-pubkey))
             (setq had-fatal-error t))))
       (when (or (null good-signatures)
-                (and (eq package-check-signature 'all)
+                (and (eq (package-check-signature) 'all)
                      had-fatal-error))
         (package--display-verify-error context sig-file)
         (signal 'bad-signature (list sig-file)))
@@ -1318,7 +1328,7 @@ else, even if an error is signaled."
       :async async :noerror t
       ;; Connection error is assumed to mean "no sig-file".
       :error-form (let ((allow-unsigned
-                         (eq package-check-signature 'allow-unsigned)))
+                         (eq (package-check-signature) 'allow-unsigned)))
                     (when (and callback allow-unsigned)
                       (funcall callback nil))
                     (when unwind (funcall unwind))
@@ -1602,7 +1612,7 @@ similar to an entry in `package-alist'.  Save the cached 
copy to
            (local-file (expand-file-name file dir)))
       (when (listp (read content))
         (make-directory dir t)
-        (if (or (not package-check-signature)
+        (if (or (not (package-check-signature))
                 (member name package-unsigned-archives))
             ;; If we don't care about the signature, save the file and
             ;; we're done.
@@ -1654,7 +1664,7 @@ downloads in the background."
   (let ((default-keyring (expand-file-name "package-keyring.gpg"
                                            data-directory))
         (inhibit-message (or inhibit-message async)))
-    (when (and package-check-signature (file-exists-p default-keyring))
+    (when (and (package-check-signature) (file-exists-p default-keyring))
       (condition-case-unless-debug error
           (package-import-keyring default-keyring)
         (error (message "Cannot import default keyring: %S" (cdr error))))))
@@ -1901,7 +1911,7 @@ if all the in-between dependencies are also in 
PACKAGE-LIST."
          (file (concat (package-desc-full-name pkg-desc)
                        (package-desc-suffix pkg-desc))))
     (package--with-response-buffer location :file file
-      (if (or (not package-check-signature)
+      (if (or (not (package-check-signature))
               (member (package-desc-archive pkg-desc)
                       package-unsigned-archives))
           ;; If we don't care about the signature, unpack and we're