Adjust the gpgv signature check. Add one more case of broken key to detect,
EXPKEYSIG. From gnupg docs:
EXPKEYSIG <long keyid> <username>
The signature with the keyid is good, but the signature was
made by an expired key. The username is the primary one
encoded in UTF-8 and %XX escaped.
Also, handle KEYEXPIRED right. The first argument given back is NOT the keyid,
it is the timestamp when the key expired. From gnupg docs:
KEYEXPIRED <expire-timestamp>
The key has expired. expire-timestamp is the expiration time
in seconds after the epoch.
Note, that TIMESTAMP may either be a number with seconds since
epoch or an ISO 8601 string which can be detected by the
presence of the letter 'T' inside.
So lets go and see if we find a T, if not convert the epoch to something
more easily human readable in our reject message.
Signed-off-by: Joerg Jaspert <joerg@debian.org>
projects / dak.git / commitdiff