gnupdate: Support signatures with expired keys.

* maintainers/scripts/gnu/gnupdate (gnupg-verify)[expkeysig-rx]: New
  variable.  Recognize signatures with expired keys.
  (gnupg-status-good-signature?): Recognize `expired-key-signature' as good.

svn path=/nixpkgs/trunk/; revision=30667

maintainers/scripts/gnu/gnupdate

@@ -441,6 +441,8 @@ the file at URL."
     (define validsig-rx
       (make-regexp
        "^\\[GNUPG:\\] VALIDSIG ([[:xdigit:]]+) ([[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}) ([[:digit:]]+) .*$"))
+    (define expkeysig-rx                    ; good signature, but expired key
+      (make-regexp "^\\[GNUPG:\\] EXPKEYSIG ([[:xdigit:]]+) (.*)$"))
     (define errsig-rx
       (make-regexp
        "^\\[GNUPG:\\] ERRSIG ([[:xdigit:]]+) ([^ ]+) ([^ ]+) ([^ ]+) ([[:digit:]]+) ([[:digit:]]+)"))
@@ -464,6 +466,11 @@ the file at URL."
                                ,(match:substring match 2) ; sig creation date
                                ,(string->number           ; timestamp
                                  (match:substring match 3)))))
+          ((regexp-exec expkeysig-rx line)
+           =>
+           (lambda (match)
+             `(expired-key-signature ,(match:substring match 1) ; fingerprint
+                                     ,(match:substring match 2)))) ; user name
           ((regexp-exec errsig-rx line)
            =>
            (lambda (match)
@@ -504,7 +511,7 @@ the file at URL."
 a key-id/user pair; return #f otherwise."
   (any (lambda (sexp)
          (match sexp
-           (('good-signature key-id user)
+           (((or 'good-signature 'expired-key-signature) key-id user)
             (cons key-id user))
            (_ #f)))
        status))