verify: propagate error on corrupted .sig files

In case the signature file is corrupt, e.g. it could not be downloaded
successfully, the gnupg code just prints an error message but will not
return the error to the user. So we patch the code to return the error
and check the value in the calling code.

repos/ports/ports/gnupg.port

@@ -5,3 +5,5 @@ DOWNLOADS := gnupg.archive
 URL(gnupg) := https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-$(VERSION).tar.bz2
 SHA(gnupg) := 732266e8888c6f41c084d043c7a0058332ff3580
 DIR(gnupg) := src/app/gnupg
+
+PATCHES := src/app/verify/patches/verify.patch

repos/ports/src/app/verify/gnupg.c

@@ -121,18 +121,19 @@ enum Gnupg_verify_result gnupg_verify_detached_signature(char const *pubkey_path
 	 */
 	int const orig_errors_seen = g10_errors_seen;
 
+
 	/*
 	 * Call into GnuPG to verify the data with a detached signature. The
 	 * 'verify_signatures' function indirectly calls 'get_pubkey' and
 	 * 'get_pubkeyblock', which hand out our '_pubkey_packet'.
 	 */
 	char *file_names[2] = { strdup(sig_path), strdup(data_path) };
-	verify_signatures(ctrl, 2, file_names);
+	int const err = verify_signatures(ctrl, 2, file_names);
 	for (unsigned i = 0; i < 2; i++)
 		free(file_names[i]);
 
-	return (orig_errors_seen == g10_errors_seen) ? GNUPG_VERIFY_OK
-	                                             : GNUPG_VERIFY_SIGNATURE_INVALID;
+	return !err && (orig_errors_seen == g10_errors_seen) ? GNUPG_VERIFY_OK
+	                                                     : GNUPG_VERIFY_SIGNATURE_INVALID;
 }
 
 

repos/ports/src/app/verify/patches/verify.patch

@@ -0,0 +1,11 @@
+--- src/app/gnupg/g10/verify.c.orig
++++ src/app/gnupg/g10/verify.c
+@@ -116,7 +116,7 @@
+ 	log_error(_("the signature could not be verified.\n"
+ 		   "Please remember that the signature file (.sig or .asc)\n"
+ 		   "should be the first file given on the command line.\n") );
+-	rc = 0;
++	rc = 1;
+     }
+ 
+  leave: