From a5ff14b2e46f5270d06f970152d1c9e1fc40cee7 Mon Sep 17 00:00:00 2001
From: Papoteur <papoteur@mageia.org>
Date: Fri, 18 Dec 2020 21:51:05 +0100
Subject: Verify also detached signatures

---
 backend/raw_write.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'backend')

diff --git a/backend/raw_write.py b/backend/raw_write.py
index 30b658c..1c1e216 100755
--- a/backend/raw_write.py
+++ b/backend/raw_write.py
@@ -145,12 +145,20 @@ class Dumper(object):
             self.sum_check_searched = True
             with open(sig_file, 'rb') as g:
                 self.signature_found = True
-                verified = gpg.verify_file(g)
+                verified = gpg.verify_file(g, close_file=False)
                 if verified:
                     self.signature_checked = True
                     logging.debug("signature checked")
+                    g.close()
                 else:
-                    self.signature_checked = False
+                    g.seek(0)
+                    verified = gpg.verify_file(g, self.source_file)
+                    if verified:
+                        self.signature_checked = True
+                        logging.debug("Detached signature is OK")
+                    else:
+                        self.signature_checked = False
+                        logging.debug("Signature is false")
         except:
             self.signature_found = False
             logging.info(_("Signature file {} not found\n").format(sig_file))
-- 
cgit v1.2.1