In case the signature file is corrupt, e.g. it could not be downloaded
successfully, the gnupg code just prints an error message but will not
return the error to the user. So we patch the code to return the error
and check the value in the calling code.
The new 'verify' component facilitates the code of GnuPG to verify
detached OpenPGP signatures against public keys.
Since GnuPG depends on libgcrypt and libgpg-error, the patch adds these
libraries to the libports repository.
Fixes#2640