From dc08eca368de31b85e27063160e73b75b91bc58f Mon Sep 17 00:00:00 2001
From: Allan McRae <allan@archlinux.org>
Date: Sun, 19 May 2013 22:41:01 +1000
Subject: Improve error message when package is missing required signature

When attempting to install a package (either via -S or -U) and the
signature is missing, the current error message "invalid or corrupted
package (PGP signature)" is very unclear.  Instead inform the user
that the package is missing the required signature.

Partial fix for FS#34741.

Signed-off-by: Allan McRae <allan@archlinux.org>
---
 lib/libalpm/be_package.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'lib/libalpm/be_package.c')

diff --git a/lib/libalpm/be_package.c b/lib/libalpm/be_package.c
index cfe5fb36..5a709680 100644
--- a/lib/libalpm/be_package.c
+++ b/lib/libalpm/be_package.c
@@ -323,9 +323,13 @@ int _alpm_pkg_validate_internal(alpm_handle_t *handle,
 	}
 
 	/* even if we don't have a sig, run the check code if level tells us to */
-	if(has_sig || level & ALPM_SIG_PACKAGE) {
+	if(level & ALPM_SIG_PACKAGE) {
 		const char *sig = syncpkg ? syncpkg->base64_sig : NULL;
 		_alpm_log(handle, ALPM_LOG_DEBUG, "sig data: %s\n", sig ? sig : "<from .sig>");
+		if(!has_sig && !(level & ALPM_SIG_PACKAGE_OPTIONAL)) {
+			handle->pm_errno = ALPM_ERR_PKG_MISSING_SIG;
+			return -1;
+		}
 		if(_alpm_check_pgp_helper(handle, pkgfile, sig,
 					level & ALPM_SIG_PACKAGE_OPTIONAL, level & ALPM_SIG_PACKAGE_MARGINAL_OK,
 					level & ALPM_SIG_PACKAGE_UNKNOWN_OK, sigdata)) {
-- 
cgit v1.2.3-24-g4f1b