summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichał Górny <mgorny@gentoo.org>2023-01-22 09:15:40 +0100
committerMichał Górny <mgorny@gentoo.org>2023-01-22 09:15:40 +0100
commitd3c62180624d627dae583efe23fd4f0427eaf055 (patch)
tree947ffe556f167ee773ff88a07488dc81193a69f1
parent11f2afd6c15daaf20571c819482147986bd9c464 (diff)
downloadgemato-d3c62180624d627dae583efe23fd4f0427eaf055.tar.gz
openpgp: Stop relying on `gpg --verify` exit status
Signed-off-by: Michał Górny <mgorny@gentoo.org>
-rw-r--r--gemato/openpgp.py15
1 files changed, 13 insertions, 2 deletions
diff --git a/gemato/openpgp.py b/gemato/openpgp.py
index 57e84fa..8a0462f 100644
--- a/gemato/openpgp.py
+++ b/gemato/openpgp.py
@@ -166,8 +166,7 @@ class SystemGPGEnvironment:
exitst, out, err = self._spawn_gpg(
[GNUPG, '--batch', '--status-fd', '1', '--verify'],
- f.read().encode('utf8'),
- raise_on_error=OpenPGPVerificationFailure)
+ f.read().encode('utf8'))
# process the output of gpg to find the exact result
print(out.decode("iso-8859-1"))
@@ -178,6 +177,18 @@ class SystemGPGEnvironment:
elif line.startswith(b'[GNUPG:] GOODSIG'):
assert sig_list
sig_list[-1].good_sig = True
+ elif line.startswith(b"[GNUPG:] BADSIG"):
+ assert sig_list
+ raise OpenPGPVerificationFailure(
+ err.decode("utf8", errors="backslashreplace"))
+ elif line.startswith(b"[GNUPG:] EXPSIG"):
+ assert sig_list
+ raise OpenPGPVerificationFailure(
+ err.decode("utf8", errors="backslashreplace"))
+ elif line.startswith(b"[GNUPG:] ERRSIG"):
+ assert sig_list
+ raise OpenPGPVerificationFailure(
+ err.decode("utf8", errors="backslashreplace"))
elif line.startswith(b'[GNUPG:] EXPKEYSIG'):
assert sig_list
raise OpenPGPExpiredKeyFailure(