From a2c863ae1e98853a89518aad6086115c64f84f19 Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Fri, 3 Feb 2023 22:38:25 +0100
Subject: [PATCH] Don't call gpgv if canary failed, apparently apt does not
 care about the exit code.

---
 apt-canary-gpgv | 18 ++++--------------
 1 file changed, 4 insertions(+), 14 deletions(-)

diff --git a/apt-canary-gpgv b/apt-canary-gpgv
index 96a42c9..e196a64 100755
--- a/apt-canary-gpgv
+++ b/apt-canary-gpgv
@@ -19,8 +19,6 @@ set -e
 
 AT="$@"
 
-canary_rc=0
-
 eval $(apt-config shell BASE_URL Canary::Base-URL)
 if test -z "$BASE_URL"; then
     logger --tag apt-canary "witness URL not configured"
@@ -43,23 +41,15 @@ else
     URL="$BASE_URL/$SHA256.witness"
 
     if wget -q -O- $URL | grep "^Canary: $URL$" > /dev/null; then
-	canary_rc=0
-	
 	logger --tag apt-canary "successful witness $URL"
     else
-	canary_rc=1
-
 	logger --tag apt-canary "unable to find successful witness $URL"
+
 	cat $datafile | logger --tag apt-canary-datafile
 	cat $signfile | logger --tag apt-canary-signfile
-    fi
-fi
-
-gpgv $AT
-gpgv_rc=$?
 
-if test "$canary_rc" != "0"; then
-    exit $canary_rc
+	exit 1
+    fi
 fi
 
-exit $gpgv_rc
+exec gpgv $AT
-- 
GitLab