From d3c62180624d627dae583efe23fd4f0427eaf055 Mon Sep 17 00:00:00 2001
From: Michał Górny <mgorny@gentoo.org>
Date: Sun, 22 Jan 2023 09:15:40 +0100
Subject: openpgp: Stop relying on `gpg --verify` exit status
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 gemato/openpgp.py | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/gemato/openpgp.py b/gemato/openpgp.py
index 57e84fa..8a0462f 100644
--- a/gemato/openpgp.py
+++ b/gemato/openpgp.py
@@ -166,8 +166,7 @@ class SystemGPGEnvironment:
 
         exitst, out, err = self._spawn_gpg(
             [GNUPG, '--batch', '--status-fd', '1', '--verify'],
-            f.read().encode('utf8'),
-            raise_on_error=OpenPGPVerificationFailure)
+            f.read().encode('utf8'))
 
         # process the output of gpg to find the exact result
         print(out.decode("iso-8859-1"))
@@ -178,6 +177,18 @@ class SystemGPGEnvironment:
             elif line.startswith(b'[GNUPG:] GOODSIG'):
                 assert sig_list
                 sig_list[-1].good_sig = True
+            elif line.startswith(b"[GNUPG:] BADSIG"):
+                assert sig_list
+                raise OpenPGPVerificationFailure(
+                    err.decode("utf8", errors="backslashreplace"))
+            elif line.startswith(b"[GNUPG:] EXPSIG"):
+                assert sig_list
+                raise OpenPGPVerificationFailure(
+                    err.decode("utf8", errors="backslashreplace"))
+            elif line.startswith(b"[GNUPG:] ERRSIG"):
+                assert sig_list
+                raise OpenPGPVerificationFailure(
+                    err.decode("utf8", errors="backslashreplace"))
             elif line.startswith(b'[GNUPG:] EXPKEYSIG'):
                 assert sig_list
                 raise OpenPGPExpiredKeyFailure(
-- 
cgit v1.2.3