-
由 Joerg Jaspert 提交于
Adjust the gpgv signature check. Add one more case of broken key to detect, EXPKEYSIG. From gnupg docs: EXPKEYSIG <long keyid> <username> The signature with the keyid is good, but the signature was made by an expired key. The username is the primary one encoded in UTF-8 and %XX escaped. Also, handle KEYEXPIRED right. The first argument given back is NOT the keyid, it is the timestamp when the key expired. From gnupg docs: KEYEXPIRED <expire-timestamp> The key has expired. expire-timestamp is the expiration time in seconds after the epoch. Note, that TIMESTAMP may either be a number with seconds since epoch or an ISO 8601 string which can be detected by the presence of the letter 'T' inside. So lets go and see if we find a T, if not convert the epoch to something more easily human readable in our reject message. Signed-off-by: NJoerg Jaspert <joerg@debian.org>
b74dcc5d