Return a list of records, which are GNU packages. Use FETCH, to fetch the list of GNU packages over HTTP.

Return the package name and version number extracted from NAME+VERSION.

Return true if FILE is a release tarball of PROJECT.

Verify signature SIG for FILE against the keys in KEYRING. All the keys in KEYRING as assumed to be "trusted", whether or not they expired or were revoked. Return a status s-exp if GnuPG failed.

If STATUS denotes a missing-key error, then return the fingerprint of the missing key or its key id if the fingerprint is unavailable.

If STATUS, as returned by `gnupg-verify', denotes a good signature, return a fingerprint/user pair; return #f otherwise.

Like `gnupg-verify', but try downloading the public key if it's missing. Return two values: 'valid-signature and a fingerprint/name pair upon success, 'missing-key and a fingerprint if the key could not be found, and 'invalid-signature with a fingerprint if the signature is invalid.

KEY-DOWNLOAD specifies a download policy for missing OpenPGP keys; allowed values: 'auto', 'always', 'never', and 'interactive' The default policy is auto, which automatically selects the interactive policy when a TTY is connected to the standard input, or the always policy otherwise. Return a fingerprint/user name pair on success and #f otherwise.

Return a derivation called NAME, which applies GRAFTS to the specified OUTPUTS of DRV. This procedure performs "shallow" grafting in that GRAFTS are not recursively applied to dependencies of DRV.