From 8dda68a1bd69408edc5a05c0b9159850b4a8034a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20S=C3=B6ntgen?= Date: Thu, 22 Feb 2018 15:04:13 +0100 Subject: [PATCH] verify: propagate error on corrupted .sig files In case the signature file is corrupt, e.g. it could not be downloaded successfully, the gnupg code just prints an error message but will not return the error to the user. So we patch the code to return the error and check the value in the calling code. --- repos/ports/ports/gnupg.port | 2 ++ repos/ports/src/app/verify/gnupg.c | 7 ++++--- repos/ports/src/app/verify/patches/verify.patch | 11 +++++++++++ 3 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 repos/ports/src/app/verify/patches/verify.patch diff --git a/repos/ports/ports/gnupg.port b/repos/ports/ports/gnupg.port index 5c89094c9..21211c3e3 100644 --- a/repos/ports/ports/gnupg.port +++ b/repos/ports/ports/gnupg.port @@ -5,3 +5,5 @@ DOWNLOADS := gnupg.archive URL(gnupg) := https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-$(VERSION).tar.bz2 SHA(gnupg) := 732266e8888c6f41c084d043c7a0058332ff3580 DIR(gnupg) := src/app/gnupg + +PATCHES := src/app/verify/patches/verify.patch diff --git a/repos/ports/src/app/verify/gnupg.c b/repos/ports/src/app/verify/gnupg.c index 84fecc9e8..252e0bf60 100644 --- a/repos/ports/src/app/verify/gnupg.c +++ b/repos/ports/src/app/verify/gnupg.c @@ -121,18 +121,19 @@ enum Gnupg_verify_result gnupg_verify_detached_signature(char const *pubkey_path */ int const orig_errors_seen = g10_errors_seen; + /* * Call into GnuPG to verify the data with a detached signature. The * 'verify_signatures' function indirectly calls 'get_pubkey' and * 'get_pubkeyblock', which hand out our '_pubkey_packet'. */ char *file_names[2] = { strdup(sig_path), strdup(data_path) }; - verify_signatures(ctrl, 2, file_names); + int const err = verify_signatures(ctrl, 2, file_names); for (unsigned i = 0; i < 2; i++) free(file_names[i]); - return (orig_errors_seen == g10_errors_seen) ? GNUPG_VERIFY_OK - : GNUPG_VERIFY_SIGNATURE_INVALID; + return !err && (orig_errors_seen == g10_errors_seen) ? GNUPG_VERIFY_OK + : GNUPG_VERIFY_SIGNATURE_INVALID; } diff --git a/repos/ports/src/app/verify/patches/verify.patch b/repos/ports/src/app/verify/patches/verify.patch new file mode 100644 index 000000000..e03ad3b76 --- /dev/null +++ b/repos/ports/src/app/verify/patches/verify.patch @@ -0,0 +1,11 @@ +--- src/app/gnupg/g10/verify.c.orig ++++ src/app/gnupg/g10/verify.c +@@ -116,7 +116,7 @@ + log_error(_("the signature could not be verified.\n" + "Please remember that the signature file (.sig or .asc)\n" + "should be the first file given on the command line.\n") ); +- rc = 0; ++ rc = 1; + } + + leave: