verify: propagate error on corrupted .sig files
In case the signature file is corrupt, e.g. it could not be downloaded successfully, the gnupg code just prints an error message but will not return the error to the user. So we patch the code to return the error and check the value in the calling code.
This commit is contained in:
parent
65f1100453
commit
8dda68a1bd
|
@ -5,3 +5,5 @@ DOWNLOADS := gnupg.archive
|
|||
URL(gnupg) := https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-$(VERSION).tar.bz2
|
||||
SHA(gnupg) := 732266e8888c6f41c084d043c7a0058332ff3580
|
||||
DIR(gnupg) := src/app/gnupg
|
||||
|
||||
PATCHES := src/app/verify/patches/verify.patch
|
||||
|
|
|
@ -121,18 +121,19 @@ enum Gnupg_verify_result gnupg_verify_detached_signature(char const *pubkey_path
|
|||
*/
|
||||
int const orig_errors_seen = g10_errors_seen;
|
||||
|
||||
|
||||
/*
|
||||
* Call into GnuPG to verify the data with a detached signature. The
|
||||
* 'verify_signatures' function indirectly calls 'get_pubkey' and
|
||||
* 'get_pubkeyblock', which hand out our '_pubkey_packet'.
|
||||
*/
|
||||
char *file_names[2] = { strdup(sig_path), strdup(data_path) };
|
||||
verify_signatures(ctrl, 2, file_names);
|
||||
int const err = verify_signatures(ctrl, 2, file_names);
|
||||
for (unsigned i = 0; i < 2; i++)
|
||||
free(file_names[i]);
|
||||
|
||||
return (orig_errors_seen == g10_errors_seen) ? GNUPG_VERIFY_OK
|
||||
: GNUPG_VERIFY_SIGNATURE_INVALID;
|
||||
return !err && (orig_errors_seen == g10_errors_seen) ? GNUPG_VERIFY_OK
|
||||
: GNUPG_VERIFY_SIGNATURE_INVALID;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
--- src/app/gnupg/g10/verify.c.orig
|
||||
+++ src/app/gnupg/g10/verify.c
|
||||
@@ -116,7 +116,7 @@
|
||||
log_error(_("the signature could not be verified.\n"
|
||||
"Please remember that the signature file (.sig or .asc)\n"
|
||||
"should be the first file given on the command line.\n") );
|
||||
- rc = 0;
|
||||
+ rc = 1;
|
||||
}
|
||||
|
||||
leave:
|
Loading…
Reference in New Issue