From 51a3c85711017b70579c08a3342effca9fd7a77b Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Thu, 26 Jun 2014 16:10:22 +0900
Subject: [PATCH] package.el: Don't signal "no public key" error if
 allow-unsigned

* emacs-lisp/package.el (package--check-signature): If
package-check-signature is allow-unsigned, don't signal error when
we can't verify signature because of missing public key
(bug#17625).
---
 lisp/ChangeLog             |  7 +++++++
 lisp/emacs-lisp/package.el | 24 ++++++++++++++----------
 2 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index cd30ff34dc..850edf64c2 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,10 @@
+2014-06-26  Daiki Ueno  <ueno@gnu.org>
+
+	* emacs-lisp/package.el (package--check-signature): If
+	package-check-signature is allow-unsigned, don't signal error when
+	we can't verify signature because of missing public key
+	(bug#17625).
+
 2014-06-26  Glenn Morris  <rgm@gnu.org>
 
 	* emacs-lisp/cl-macs.el (help-add-fundoc-usage):
diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el
index c2aaabdd6a..4d7ed8f121 100644
--- a/lisp/emacs-lisp/package.el
+++ b/lisp/emacs-lisp/package.el
@@ -828,16 +828,20 @@ GnuPG keyring is located under \"gnupg\" in `package-user-dir'."
 			(buffer-string))))
     (epg-context-set-home-directory context homedir)
     (epg-verify-string context sig-content (buffer-string))
-    ;; The .sig file may contain multiple signatures.  Success if one
-    ;; of the signatures is good.
-    (let ((good-signatures
-           (delq nil (mapcar (lambda (sig)
-                               (if (eq (epg-signature-status sig) 'good)
-                                   sig))
-                             (epg-context-result-for context 'verify)))))
-      (if (null good-signatures)
-          ;; FIXME: Only signal an error if the signature is invalid, not if we
-          ;; simply lack the key needed to check the sig!
+    (let (good-signatures had-fatal-error)
+      ;; The .sig file may contain multiple signatures.  Success if one
+      ;; of the signatures is good.
+      (dolist (sig (epg-context-result-for context 'verify))
+	(if (eq (epg-signature-status sig) 'good)
+	    (push sig good-signatures)
+	  ;; If package-check-signature is allow-unsigned, don't
+	  ;; signal error when we can't verify signature because of
+	  ;; missing public key.  Other errors are still treated as
+	  ;; fatal (bug#17625).
+	  (unless (and (eq package-check-signature 'allow-unsigned)
+		       (eq (epg-signature-status sig) 'no-pubkey))
+	    (setq had-fatal-error t))))
+      (if (and (null good-signatures) had-fatal-error)
           (error "Failed to verify signature %s: %S"
                  sig-file
                  (mapcar #'epg-signature-to-string
-- 
2.20.1