From 7c095ebd31ee0d1d2573a0a300705fe5ba80ceba Mon Sep 17 00:00:00 2001
From: Aaron Seigo <aseigo@kde.org>
Date: Thu, 26 May 2011 15:12:56 +0200
Subject: [PATCH] used detached sigs; at least this way gpgme++ is giving me
 fingerprints on success

---
 remote/signing.cpp | 15 +++++++++++----
 remote/signing.h   |  4 +++-
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/remote/signing.cpp b/remote/signing.cpp
index bc023914e..d424ec4f7 100644
--- a/remote/signing.cpp
+++ b/remote/signing.cpp
@@ -509,7 +509,7 @@ QString Signing::signerOf(const KUrl &package, const KUrl &signature) const
         return QString();
     }
 
-    const QString signaturePath = signature.isEmpty() ? packagePath + (".asc")
+    const QString signaturePath = signature.isEmpty() ? packagePath + (".sig")
                                                       : signature.path();
 
     if (!QFile::exists(signaturePath)) {
@@ -517,7 +517,7 @@ QString Signing::signerOf(const KUrl &package, const KUrl &signature) const
         return QString();
     }
 
-    kDebug() << "Cheking if " << packagePath << " and " << signaturePath << " matches";
+    //kDebug() << "Cheking if " << packagePath << " and " << signaturePath << " matches";
 
     FILE *pFile = fopen(packagePath.toLocal8Bit().data(), "r");
     if (!pFile) {
@@ -539,8 +539,15 @@ QString Signing::signerOf(const KUrl &package, const KUrl &signature) const
     QString rv;
 
     if (!vRes.error()) {
-        kDebug() << "message " << packagePath << " and signature " << signaturePath << "matched! The fingerprint of the signer is: " << vRes.signature(0).fingerprint();
-        rv = vRes.signature(0).fingerprint();
+        //kDebug() << "got" << vRes.signatures().size() << "signatures out" << vRes.error().asString();
+        foreach (GpgME::Signature sig, vRes.signatures()) {
+            if (sig.fingerprint()) {
+                rv = sig.fingerprint();
+                break;
+            }
+        }
+
+        //kDebug() << "message " << packagePath << " and signature " << signaturePath << "matched! The fingerprint of the signer is: " << rv;
     }
 
     fclose(pFile);
diff --git a/remote/signing.h b/remote/signing.h
index 89bbd9427..4925c2674 100644
--- a/remote/signing.h
+++ b/remote/signing.h
@@ -119,7 +119,9 @@ public:
     /**
       * Tests for a successful match between the object and signature files, referenced by their
       * absolute path. The signature path is optional and, if not specified, the function will
-      * automatically try to retrieve it by appending the string ".asc" to the object path.
+      * automatically try to retrieve it by appending the string ".sig" to the package path.
+      *
+      * The signature should be a "detached signature" for correct results.
       *
       * @arg package the full path of the package we want to test
       * @arg signature optional path for the signature file