From 76a71a1237d22c1990efbc19ce0e02aacf572576 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Mon, 14 Mar 2016 14:23:50 +0100
Subject: Handle ERRSIG in the gpgv method like BADSIG

ERRSIG is created whenever a key uses an unknown/weak digest
algorithm, for example. This allows us to report a more useful
error than just "unknown apt-key error.":

The following signatures were invalid: ERRSIG 13B00F1FD2C19886 1 2 01 1457609403 5

While still not being the best reportable error message, it's
better than unknown apt-key error and hopefully redirects users
to complain to their repository owners.
---
 methods/gpgv.cc | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'methods/gpgv.cc')

diff --git a/methods/gpgv.cc b/methods/gpgv.cc
index f17990245..5800a04f0 100644
--- a/methods/gpgv.cc
+++ b/methods/gpgv.cc
@@ -29,6 +29,7 @@ using std::vector;
 
 #define GNUPGPREFIX "[GNUPG:]"
 #define GNUPGBADSIG "[GNUPG:] BADSIG"
+#define GNUPGERRSIG "[GNUPG:] ERRSIG"
 #define GNUPGNOPUBKEY "[GNUPG:] NO_PUBKEY"
 #define GNUPGVALIDSIG "[GNUPG:] VALIDSIG"
 #define GNUPGGOODSIG "[GNUPG:] GOODSIG"
@@ -101,6 +102,12 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile,
             std::clog << "Got BADSIG! " << std::endl;
          BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
       }
+      else if (strncmp(buffer, GNUPGERRSIG, sizeof(GNUPGERRSIG)-1) == 0)
+      {
+         if (Debug == true)
+            std::clog << "Got ERRSIG! " << std::endl;
+         BadSigners.push_back(string(buffer+sizeof(GNUPGPREFIX)));
+      }
       else if (strncmp(buffer, GNUPGNOPUBKEY, sizeof(GNUPGNOPUBKEY)-1) == 0)
       {
          if (Debug == true)
-- 
cgit v1.2.3