[elpa] externals/gnu-elpa-keyring-update 685192692f: Update with the new GPG keys

[Stefan Monnier]

branch: externals/gnu-elpa-keyring-update
commit 685192692f809e3d8c336e27170a2b819925202f
Author: Stefan Monnier <monnier@iro.umontreal.ca>
Commit: Stefan Monnier <monnier@iro.umontreal.ca>

    Update with the new GPG keys
    
    * etc/gnu-elpa.gpg-keyring: Update with new keys.
    * gnu-elpa-keyring-update.el: Remove GPG commands from Commentary
    since they're alternatives to the package rather than ways to install
    the packge (and the GPG keyservers are kinda problematic these days).
    (gnu-elpa-keyring-update--keyring): Simplify and use
    `macroexp-file-name` when available.
---
 etc/gnu-elpa.gpg-keyring   | Bin 2069 -> 2043 bytes
 gnu-elpa-keyring-update.el |  36 ++++++++++++++----------------------
 2 files changed, 14 insertions(+), 22 deletions(-)

diff --git a/etc/gnu-elpa.gpg-keyring b/etc/gnu-elpa.gpg-keyring
index 490dee41a9..563acbb16b 100644
Binary files a/etc/gnu-elpa.gpg-keyring and b/etc/gnu-elpa.gpg-keyring differ
diff --git a/gnu-elpa-keyring-update.el b/gnu-elpa-keyring-update.el
index 6485a9d7ef..758ae1ab1a 100644
--- a/gnu-elpa-keyring-update.el
+++ b/gnu-elpa-keyring-update.el
@@ -1,11 +1,11 @@
 ;;; gnu-elpa-keyring-update.el --- Update Emacs's GPG keyring for GNU ELPA  
-*- lexical-binding: t; -*-
 
-;; Copyright (C) 2019  Free Software Foundation, Inc.
+;; Copyright (C) 2019-2022  Free Software Foundation, Inc.
 
 ;; Author: Stefan Monnier <monnier@iro.umontreal.ca>
 ;; Keywords: maint, tools
 ;; Package-Type: multi
-;; Version: 2019.3
+;; Version: 2022.12
 
 ;; This program is free software; you can redistribute it and/or modify
 ;; it under the terms of the GNU General Public License as published by
@@ -32,33 +32,23 @@
 ;; installing packages.
 ;; 
 ;; If your keys are already too old, causing signature verification errors when
-;; installing packages, then in order to install this package you can do the
-;; following:
-;;
-;; - Fetch the new key manually, e.g. with something like:
-;;
-;;       gpg --homedir ~/.emacs.d/elpa/gnupg --receive-keys 066DAFCB81E42C40
-;;
-;; - Modify the expiration date of the old key, e.g. with something like:
-;;
-;;       gpg --homedir ~/.emacs.d/elpa/gnupg \
-;;           --quick-set-expire 474F05837FBDEF9B 1y
-;;
-;; - temporarily disable signature verification (see variable
-;;   `package-check-signature').
+;; installing packages, then in order to install this package you have to
+;; temporarily disable signature verification (see variable
+;;   `package-check-signature') :-(
 
 ;;; Code:
 
 ;;;###autoload
 (defvar gnu-elpa-keyring-update--keyring
-  ;; FIXME: Avoid using a `.gpg' extension, because it triggers a bug in
+  ;; FIXME: We avoid using a `.gpg' extension, because it triggers a bug in
   ;; tar-untar-buffer (which is used internally by `package.el' when installing
   ;; the package).
-  (let ((kr (expand-file-name "etc/gnu-elpa.gpg-keyring"
-                              (file-name-directory load-file-name))))
-    (if (and load-file-name (file-readable-p kr))
-        kr
-      "etc/gnu-elpa.gpg-keyring")))
+  (expand-file-name "etc/gnu-elpa.gpg-keyring"
+                    (file-name-directory
+                     (or (if (fboundp 'macroexp-file-name)
+                             (macroexp-file-name)
+                           load-file-name)
+                         ""))))
 
 (defun gnu-elpa-keyring-update--keyring (&optional noerror)
   (if (and (file-name-absolute-p gnu-elpa-keyring-update--keyring)
@@ -87,6 +77,8 @@
       (write-region "" nil (expand-file-name "gnu-elpa.timestamp" 
gnupghome-dir)
                     nil 'silent))))
 
+;; FIXME: Maybe we should use an advice on `package--check-signature'
+;; so as to avoid this startup cost?
 ;;;###autoload (eval-after-load 'package
 ;;;###autoload   `(and (bound-and-true-p package-user-dir)
 ;;;###autoload         (file-directory-p package-user-dir)