From d3c8908221fd8ef8c1147e2298e8a9a230735d42 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 18 Nov 2021 20:00:15 +0100
Subject: [PATCH] Fix file-is-digest patch

Resolves: rhbz#2024710
---
 gnupg-2.2.20-file-is-digest.patch | 63 ++++++++++++++++++++-----------
 1 file changed, 40 insertions(+), 23 deletions(-)

diff --git a/gnupg-2.2.20-file-is-digest.patch b/gnupg-2.2.20-file-is-digest.patch
index a85c9bd..c2bf7c3 100644
--- a/gnupg-2.2.20-file-is-digest.patch
+++ b/gnupg-2.2.20-file-is-digest.patch
@@ -64,17 +64,34 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
        else
          sig->version = 4;  /* Required.  */
  
-@@ -860,8 +863,11 @@ write_signature_packets (ctrl_t ctrl,
-         err = mk_sig_subpkt_key_block (ctrl, sig, pk);
-       else
-         err = 0;
+@@ -860,14 +863,22 @@ write_signature_packets (ctrl_t ctrl,
+       if (gcry_md_copy (&md, hash))
+         BUG ();
+ 
+-      build_sig_subpkt_from_sig (sig, pk);
+-      mk_notation_policy_etc (ctrl, sig, NULL, pk);
+-      if (opt.flags.include_key_block && IS_SIG (sig))
+-        err = mk_sig_subpkt_key_block (ctrl, sig, pk);
+-      else
+-        err = 0;
 -      hash_sigversion_to_magic (md, sig, extrahash);
 -      gcry_md_final (md);
++      if (!opt.file_is_digest)
++        {
++          build_sig_subpkt_from_sig (sig, pk);
++          mk_notation_policy_etc (ctrl, sig, NULL, pk);
++          if (opt.flags.include_key_block && IS_SIG (sig))
++            err = mk_sig_subpkt_key_block (ctrl, sig, pk);
++          else
++            err = 0;
 +
-+      if (!opt.file_is_digest) {
-+        hash_sigversion_to_magic (md, sig, extrahash);
-+        gcry_md_final (md);
-+      }
++          hash_sigversion_to_magic (md, sig, extrahash);
++          gcry_md_final (md);
++        }
++      else if (sig->version >= 4)
++        {
++          log_bug("file-is-digest doesn't work with v4 sigs\n");
++        }
  
        if (!err)
          err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0);
@@ -152,27 +169,27 @@ diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c
 +          d = -1;
 +          for (fp = fname ; *fp; )
 +            {
-+      	     c = *fp++;
-+      	     if (c >= '0' && c <= '9')
++      	       c = *fp++;
++      	       if (c >= '0' && c <= '9')
 +      	         c -= '0';
-+      	     else if (c >= 'a' && c <= 'f')
++      	       else if (c >= 'a' && c <= 'f')
 +      	         c -= 'a' - 10;
-+      	     else if (c >= 'A' && c <= 'F')
++      	       else if (c >= 'A' && c <= 'F')
 +      	         c -= 'A' - 10;
-+      	     else
++      	       else
 +      	         log_bug("filename is not hex\n");
-+      	     if (d >= 0)
++      	       if (d >= 0)
 +                {
-+      	         *mdb++ = d << 4 | c;
-+      	         c = -1;
-+      	         if (--mdlen == 0)
++      	           *mdb++ = d << 4 | c;
++      	           c = -1;
++      	           if (--mdlen == 0)
 +                    {
-+      	             mdb = ts;
-+      	             if (*fp++ != '@')
-+      	               log_bug("missing time separator\n");
-+      	           }
-+      	       }
-+      	     d = c;
++      	               mdb = ts;
++      	               if (*fp++ != '@')
++      	                 log_bug("missing time separator\n");
++      	             }
++      	         }
++      	       d = c;
 +            }
 +          sigclass = ts[0];
 +          if (sigclass != 0x00 && sigclass != 0x01)