From 4e03c47de15164f2656d9655edab6fb3570cb2f2 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Tue, 7 Jul 2015 22:11:20 +0200
Subject: implement Signed-By without using gpg for verification

The previous commit returns to the possibility of using just gpgv for
verification proposes. There is one problem through: We can't enforce a
specific keyid without using gpg, but our acquire method can as it
parses gpgv output anyway, so it can deal with good signatures from not
expected signatures and treats them as unknown keys instead.

Git-Dch: Ignore
---
 test/integration/test-apt-key | 1 +
 1 file changed, 1 insertion(+)

(limited to 'test/integration/test-apt-key')

diff --git a/test/integration/test-apt-key b/test/integration/test-apt-key
index 1226e7dc4..a1a0d883d 100755
--- a/test/integration/test-apt-key
+++ b/test/integration/test-apt-key
@@ -204,6 +204,7 @@ gpg:              unchanged: 1' aptkey --fakeroot update
 		testfailure --nomsg aptkey --quiet --readonly --keyring keys/does-not-exist.pub verify signature.gpg signature
 		testfailure test -e keys/does-not-exist.pub
 
+		# note: this isn't how apts gpgv method implements keyid for verify
 		msgtest 'Test verify a file' 'with good keyid'
 		testsuccess --nomsg aptkey --quiet --readonly --keyid 'Paranoid' verify signature.gpg signature
 
-- 
cgit v1.2.3