From 16a064701a30d7e1175e1185cc6da44238302fab Mon Sep 17 00:00:00 2001
From: David Runge <dvzrv@archlinux.org>
Date: Mon, 22 Jan 2024 14:04:28 +0100
Subject: [PATCH] makepkg: Move check for signature metadata to central
 location

Move the check for the `NEWSIG` metadata keyword contained in the
GnuPG based statusfile to `parse_gpg_statusfile()` so that it is also
run when creating the statusfile in `verify_file_signature()` and not
only when running `verify_git_signature()`.

Signed-off-by: David Runge <dvzrv@archlinux.org>
---
 scripts/libmakepkg/integrity/verify_signature.sh.in | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/scripts/libmakepkg/integrity/verify_signature.sh.in b/scripts/libmakepkg/integrity/verify_signature.sh.in
index d786a2c3..8a35fe16 100644
--- a/scripts/libmakepkg/integrity/verify_signature.sh.in
+++ b/scripts/libmakepkg/integrity/verify_signature.sh.in
@@ -223,17 +223,19 @@ verify_git_signature() {
 		return 1
 	fi
 
-	if ! grep -qs NEWSIG "$statusfile"; then
-		printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
-		errors=1
-		return 1
-	fi
 	return 0
 }
 
 parse_gpg_statusfile() {
 	local type arg1 arg6 arg10
 
+	# ensure the NEWSIG keyword is part of the metadata
+	if ! grep -qs NEWSIG "$statusfile"; then
+		printf '%s\n' "$(gettext "SIGNATURE NOT FOUND")" >&2
+		errors=1
+		return 1
+	fi
+
 	while read -r _ type arg1 _ _ _ _ arg6 _ _ _ arg10 _; do
 		case "$type" in
 			GOODSIG)