diff --git a/repos/ports/ports/gnupg.port b/repos/ports/ports/gnupg.port index 5c89094c94..21211c3e33 100644 --- a/repos/ports/ports/gnupg.port +++ b/repos/ports/ports/gnupg.port @@ -5,3 +5,5 @@ DOWNLOADS := gnupg.archive URL(gnupg) := https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-$(VERSION).tar.bz2 SHA(gnupg) := 732266e8888c6f41c084d043c7a0058332ff3580 DIR(gnupg) := src/app/gnupg + +PATCHES := src/app/verify/patches/verify.patch diff --git a/repos/ports/src/app/verify/gnupg.c b/repos/ports/src/app/verify/gnupg.c index 84fecc9e8c..252e0bf60f 100644 --- a/repos/ports/src/app/verify/gnupg.c +++ b/repos/ports/src/app/verify/gnupg.c @@ -121,18 +121,19 @@ enum Gnupg_verify_result gnupg_verify_detached_signature(char const *pubkey_path */ int const orig_errors_seen = g10_errors_seen; + /* * Call into GnuPG to verify the data with a detached signature. The * 'verify_signatures' function indirectly calls 'get_pubkey' and * 'get_pubkeyblock', which hand out our '_pubkey_packet'. */ char *file_names[2] = { strdup(sig_path), strdup(data_path) }; - verify_signatures(ctrl, 2, file_names); + int const err = verify_signatures(ctrl, 2, file_names); for (unsigned i = 0; i < 2; i++) free(file_names[i]); - return (orig_errors_seen == g10_errors_seen) ? GNUPG_VERIFY_OK - : GNUPG_VERIFY_SIGNATURE_INVALID; + return !err && (orig_errors_seen == g10_errors_seen) ? GNUPG_VERIFY_OK + : GNUPG_VERIFY_SIGNATURE_INVALID; } diff --git a/repos/ports/src/app/verify/patches/verify.patch b/repos/ports/src/app/verify/patches/verify.patch new file mode 100644 index 0000000000..e03ad3b76a --- /dev/null +++ b/repos/ports/src/app/verify/patches/verify.patch @@ -0,0 +1,11 @@ +--- src/app/gnupg/g10/verify.c.orig ++++ src/app/gnupg/g10/verify.c +@@ -116,7 +116,7 @@ + log_error(_("the signature could not be verified.\n" + "Please remember that the signature file (.sig or .asc)\n" + "should be the first file given on the command line.\n") ); +- rc = 0; ++ rc = 1; + } + + leave: